Path: csiph.com!news.mixmin.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'messages.': 0.04; 'needed,': 0.05; 'reject': 0.05; 'keys,': 0.07; 'processing.': 0.07; 'buttons': 0.09; 'cc:addr:googlegroups.com': 0.09; 'client:': 0.09; 'connect,': 0.09; 'implies': 0.09; 'message- id:@4ax.com': 0.09; 'pgp': 0.09; 'pop3': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'storage.': 0.09; 'tab': 0.09; 'package,': 0.13; 'applies': 0.15; 'feedback.': 0.15; 'headers': 0.15; 'properly': 0.15; 'server,': 0.15; 'subsequent': 0.15; 'user.': 0.15; '"always': 0.16; '(meaning': 0.16; '(now': 0.16; '(other': 0.16; '(when': 0.16; 'boasts': 0.16; 'buttons,': 0.16; 'encryption': 0.16; 'end-to-end': 0.16; 'gmail.': 0.16; 'hashes': 0.16; 'one-way': 0.16; 'prepend': 0.16; 'presume': 0.16; 'provision': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'retrieves': 0.16; 'time"': 0.16; 'later': 0.16; 'ssl': 0.18; 'url:home': 0.18; 'input': 0.18; 'people,': 0.20; '2015': 0.20; 'cc:2**0': 0.20; 'aug': 0.20; 'preferred': 0.20; 'machine': 0.21; '(on': 0.22; 'bar.': 0.22; 'browsers': 0.22; 'interpret': 0.22; 'keys': 0.22; 'sends': 0.22; "user's": 0.22; 'trying': 0.22; 'cc:no real name:2**0': 0.22; 'leave': 0.23; '(or': 0.23; 'third-party': 0.23; "haven't": 0.24; 'import': 0.24; 'downloaded': 0.24; 'sort': 0.25; "doesn't": 0.26; 'header:X-Complaints-To:1': 0.26; 'comfortable': 0.27; 'logging': 0.27; 'reaches': 0.27; 'went': 0.28; 'regular': 0.29; 'finds': 0.29; 'hash': 0.29; 'implied': 0.29; 'nntp': 0.29; 'usable': 0.29; "i'm": 0.30; 'server.': 0.30; 'system,': 0.30; 'field,': 0.30; 'mention': 0.30; 'anyone': 0.32; 'another': 0.32; "can't": 0.32; 'implement': 0.32; 'software,': 0.32; 'statement': 0.32; 'maybe': 0.33; 'common': 0.33; 'doubt': 0.33; 'passwords': 0.33; 'schemes': 0.33; 'open': 0.33; "i'll": 0.33; 'similar': 0.33; 'editor': 0.34; 'maintaining': 0.34; 'except': 0.34; 'skip:d 20': 0.34; 'running': 0.34; 'server': 0.34; 'could': 0.35; 'done': 0.35; 'draft': 0.35; 'something': 0.35; 'item': 0.35; 'but': 0.36; 'should': 0.36; 'there': 0.36; 'possible': 0.36; '(and': 0.36; 'form,': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'two': 0.37; 'our': 0.64; 'due': 0.65; 'between': 0.65; 'body.': 0.66; 'encrypted': 0.66; 'signing': 0.66; 'transparent': 0.66; 'account': 0.66; 'cut': 0.67; 'user,': 0.67; 'today.': 0.67; 'act': 0.67; 'receive': 0.71; 'mail,': 0.72; 'messaging': 0.72; 'transferred': 0.72; 'transfer': 0.73; 'saw': 0.77; 'viewed': 0.79; '$$$': 0.84; 'cryptography': 0.91; 'dennis': 0.91; 'plain- text': 0.91; '***': 0.95; 'webmail': 0.95; 'banner': 0.96; 'url:l': 0.98 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: Encrypted web mail Date: Sun, 16 Aug 2015 12:12:08 -0400 Organization: IISS Elusive Unicorn References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Gmane-NNTP-Posting-Host: adsl-108-68-178-61.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 6.00/32.1186 X-No-Archive: YES Cc: django-users@googlegroups.com X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 110 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1439741553 news.xs4all.nl 2838 [2001:888:2000:d::a6]:37701 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:95399 On Sun, 16 Aug 2015 09:09:12 +0300, Uri Even-Chen declaimed the following: >Hi Dennis, > > > >> >Thanks for the feedback. Actually the passwords on my webmail in 2000 to >2005 were not encrypted, but I agree with you that passwords should be >always encrypted. > Hashes are NOT "encryption" as commonly thought of -- to most people, encryption means the data can be decrypted/recovered. A hash is one-way only. It is possible for two or more strings to generate the same hash value (one reason common practice is to prepend a "salt" that was randomly generated at time of account creation) -- but given the hash there is no means of recovering the password itself (other than brute force hashing of guesses). >> I think ProtonMail is doing something similar to >what I want, so maybe I'll check what they are doing. I also want the >user's mail to be searchable, like Gmail. > The information on that site is rather confusing. In one spot they mention that the encryption takes place ON THE USER'S COMPUTER before it reaches their server -- that means the headers are not encrypted, as they need to be able to read the headers to know where to send the mail, UNLESS they require the recipient of the email to also be on their server meaning the message never leaves via SMTP***. It also implies that the decryption has to be performed on the recipient's computer -- which again implies the recipient must also be a user of their software (being a web-based access system, that means the encryption/decryption stuff is being done via Javascript or other downloaded program running under the browser control -- implied by the statement "ProtonMail employs SSL to ensure our encryption codes are properly delivered to user’s browsers and not tampered with en-route." -- where I interpret "codes" to mean the encryption/decryption software, not the keys). In one spot they claim they do not have the decryption keys, so could only provide encrypted copies to law enforcement. However, this requires some sort of key to be transferred from sender to receiver... Or are they maintaining the public key for all users (again, this implies the system only works if sender/recipient are using their system -- it won't work if the message has to leave their server) and they send the public key to the client: ie; you enter a user-name in the "to:" field, their server finds the public key for that user, and sends it to your client for subsequent use in encrypting the message before transfer to the server. Is there provision for signing the keys with a trust level? I presume the decryption key is generated on the client side when first signing up to the service. Otherwise there is nothing in the service that can't be done with PGP (or, since PGP went to a $$$ package, GPG) using public key servers -- except that they are trying to make the act of running the encryption/decryption transparent to the user. Back in the old days, PGP (when it was free or very low-cost) used to have a plug-in for Eudora (version 4, maybe usable in v5 and v6 -- but I haven't seen it in decades) which added encrypt/decrypt buttons to the control bar. Without the buttons, it was just a need to cut from message, paste into the cryptography package, transform, cut, paste back into the message body. (Looking at the GPG4Win documents, I can see why I fell out of PGP... I can't even find a way to import my ancient keyrings) *** Found on another page: "ProtonMail's segregated authentication and decryption system means logging into a ProtonMail account " So that would indicate -- this system only works between users of their system... You can not send or receive mail from outside their system. Though later down they do mention sending encrypted to outside uses -- which implies (and the big banner for OpenPGP reinforces) that the system is using regular PGP-style public key cryptography which anyone can implement today. The only thing they are providing is: 1) a web client that automatically applies the encryption (meaning it has to have access to some public key server to retrieve the recipient public key), 2) decrypts messages when viewed (requiring the user to provide the proper password to access the private key file), 3) doesn't provide local mail storage. Item 1 has the corollary that you can't send mail to someone that does not have a known public key -- since that would have to be sent in plain-text and their system does not allow for plain-text messages. Items 1 and 3 are enough for me to reject usage of the system. (I abhor web based messaging schemes due to their "always one, one at a time" processing. Give me a POP3/SMTP (or NNTP for forums) system where I can connect, download messages, work on them as I get time (I can have multiple messages open for editing in parallel), save them in draft form, use whatever editor I'm most comfortable with (when was the last time you saw a web-based input form that allowed for tab characters for formatting?), etc. Heck, the $$$ PGP (now owned by Symantec) boasts "Symantec Desktop Email Encryption provides an end-to-end email encryption solution that automatically encrypts and decrypts email directly between clients without the need to log into a third-party website." No doubt by running as an email server on the client machine so one's preferred client sends mail to the PGP-server (on the same machine), that server applies encryption and relays to the user's regular ISP server; and conversely, retrieves mail from the ISP POP3 server, decrypts any messages as needed, and provides them to the mail client when it does a POP3 fetch. For a web-based system, there is also Hushmail https://www.hushmail.com/?l=19 -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/