E-mail with deniable authentication
Mario Castelán Castro
marioxcc.MT at yandex.com
Thu Aug 31 04:46:23 CEST 2017
On 30/08/17 00:57, Stefan Claas wrote:
> If your communication partners would use the same software, like opmsg.
> Or if you would use Bitmessage instead of classic email, then
> you have authenticated/encrypted messages too and can later
> nuke your keys, if needed.
According to <https://bitmessage.org/wiki/Encryption> Bitmessage does
writer-receiver authentication (I do not know what is the standard term
for this public key operation; clearly it is not “signing”) with HMAC
using a Diffie-Hellman key derived from the shared secret between writer
and recipient. Thus the recipient can not prove to any third party that
the writer wrote the message (because he also knows the shared secret
and thus he can also compute the authentication code).
But Bitmessage gives me the impression of an highly amateurish job. I
cite the absurd use of AES-256 along with a elliptic curve providing
roughly 128 bits of security (secp256k1). Moreover, anybody who cares to
do so can build an FPGA miner for Bitmessage proofs of work and perform
a denial of service given that many users have only a CPU to compute the
I would not trust my sensitive data to it.
“opmsg” gives me an even worse impression. It seems to be the work of a
single man, and I do not even see a specification of the format. Also,
from the readme.md
“The private part of the keys which are stored inside ~/.opmsg are NOT
encrypted. It is believed that once someone gained access to your
account, its all lost anyway”
I would not trust a person with this way of thinking to write my
Do not eat animals; respect them as you respect people.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users