« UTF8 with Perl CGI.pm and Ajax | Main | Some fun with SMS from Twilio »
août 12, 2010
Thoughts about the Personally Encrypted IMAP Storage proposal
When reading the Personally Encrypted IMAP Storage proposal, a couple of things came to my mind.
1) Why use public key crypto when you're going to going to store the private keys on the servers? It'd be much simpler (safer) to encrypt the messages with symmetric crypto (like AES or Twofish) using the user password. Or maybe using something a bit fancier than the user password:
use Digest::SHA;
# user provides $password, $salt is a random number for each user stored in the DB
my $hash = $salt;
for (my $i=0; $i<256; $i++) {
$hash = hmac_sha1($password, $hash);
}
# encrypt using $hash
2) Since most MUA have PGP/GPG support, wouldn't it be nice to just encrypt the messages with the user's public key before they're stored in the maildir, and let the MUA decrypt them? That's more in line with the traditional way of designing public key crypto systems. One caveat would be that the headers would not be encrypted, but nothing stops you from implementing symmetric crypto on top of that (like discussed in 1).
3) All this would prevent snooping of mail already received, it wouldn't stop someone from putting a wiretap at the MTA level (or with your ISP) and read every new message received in the clear...
Posted by gfk at août 12, 2010 12:28 PM
Trackback Pings
TrackBack URL for this entry:
http://guillaume.filion.org/blog/mt-tb.cgi/36
Comments
Posted by: Gamambel ![[TypeKey Profile Page]](http://guillaume.filion.org/blog/nav-commenters.gif)
at août 12, 2010 1:51 PM
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)