[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Safemail
Adam Shostack writes:
> Not to defend the safemail folks, but this does remind me of
> something that NeXT did with Eliptic curve based systems;
> there was no storage of the private key, it was generated from
> the passphrase at run time.
Yup, NeXT did this with their "For Your Eyes Only" demo and the crypto
extensions for their Mail application. Although NeXT used an algorithm
called "FEE" (Fast Elpitic Encryption), you can do it with RSA by hashing the
passphrase, seeding a random number generator, generating a random prime,
etc... It works but it adds a lot of processing time to encryption and
decryption.
There are other, more serious, drawbacks to such a scheme though. You can't
change your passphrase without changing your public key. People can try to
guess your passphrase with only your public key. Crack can guess peoples
account passwords something like 24% of the time. I doubt the average joe
would use much better passphrases for their secret key. That's a scary
thought!! At least with PGP someone has to get a copy of the encrypted
secret key first.
One interesting thing about NeXT's software is that the Mail application has
crypto hooks. The crypto code is in a drop-in bundle that extends the app
at runtime. This isn't just a generic interface, but the internationally
shipped Mail software calls methods in the external bundle that are
definitely crypto related. Also, much of the crypto and key management user
interface ships with the main Mail package. It is hidden without the crypto
bundle, but if you peek around with InterfaceBuilder you can see that it is
there.
andrew