lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040307213853.GB31514@retemail.es>
From: jorge at naranet.biz (Jorge Daza)
Subject: Re: E-Mail viruses

Hello,

why not solve the problem the way it is handled in other environments ?

We have two people that do not necessarily trust each other, and they
want to share a file. We can create trusted third parties to verify
origin, store and maybe even analyze the file.

A the receiver
B the sender
C the trusted third party

A trusts C, C trusts A
B trusts C, C trusts B

B sends an email to C with the file digitally signed. C stores, and
analyzes (not really helpful, as I don't think we can trust analyzers)
the file and sends a new digitally signed message to A, with
either the file or a pointer to the file stored in a trusted location.

A decides whether she wants to follow the pointer or leave the file in
storage. Whenever we stop trusting either A or B the third party can
stop trusting them leaving the trusting chain still secure.

The trusted third party can be inside or outside the company, but we
decide who is the people we really want to accept attachments from.

This solves some problems that could arise with other solutions. For
example, if we have a secret extension, it is shared by all employees...
that means, any time an employee leaves the company we have to change
the secret for everybody. Not good.

Other problem that comes to my mind, weak shared secrets might solve the
problem in some way for spreading massive viruses but not for directed
attacks. In those cases probably the attacker is already reading the
email of some or all of the employees, thus she surely knows the secret
extension. Even if the attacker can't read the email, lets consider the
strength of a secret that is sent plaintext on every message. Not good.

Of course this solution can be too complex for home users, that can
still rely on crypto, but not to receive attachments from people they
don't even know.

But I guess it could be implemented in bussiness environments.

My two cents.

Best wishes,

Jorge

-- 
Jorge Daza - jorge@...anet.biz - GPG key available
----------   -----------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ