|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
26 Dec 2014, 05:27 AM | #61 | |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Quote:
Though I tend to be supercritical of new email services, I have been impressed with reading scryptmail's responses, to the many questions he has fielded, which have been responded to in a very professional manner. A very merry Christmas and happy holidays to you too Scryptmail! Cheers |
|
26 Dec 2014, 10:04 AM | #62 |
Senior Member
Join Date: Jun 2004
Posts: 143
|
Sergei seems to be highly [technically] qualified as he's working Scryptmail (beta) on his own. It is inappropriate to comment on his English communication rather encourage him.
|
29 Dec 2014, 06:02 AM | #63 | ||
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
If you read this thread you'll see that I encouraged him in my first posts. I continue to do so, and did recently on a thread he made on reddit /r/privacy (if I recall correctly). My comments on his grammar should not be seen as personal attacks but as suggestions for improvement. Quote:
I'll be testing your service further since I'm in need of another service like yours. I already have enough accounts on tutanota.de :P EDIT: One suggestion: I think you should create an "about" section, somewhere on the site. |
||
29 Dec 2014, 07:12 AM | #64 | |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Quote:
No offence taken, I also think that constructive criticism as useful as positive feedback, for those who can listen, specially when 90% of people will just close tab without explanation. As I mention, we got writer on board, so soon our writing part get much better. Thank you and Happy Holidays Next year we prepared some surprises for our users. Last edited by scryptmail : 29 Dec 2014 at 09:11 AM. |
|
31 Dec 2014, 04:41 PM | #65 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Happy New Year!
Registration officially open PS.don't forget to do hard refresh |
10 Jan 2015, 01:43 PM | #66 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Just quick update.
As per our users request, we added support for custom pin that you can provide when sending to third party servers. It will be stored in contacts and reused next time you choose to send encrypted message. Also if someone unnoticed, we added disposable emails. You can use them to hide your real email or for registration in untrusted websites. As always, we encourage you to leave comments on how to make service to better suit your needs. Last edited by scryptmail : 10 Jan 2015 at 03:28 PM. |
30 Jan 2015, 05:25 AM | #67 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Friendly reminder
Now for those who hate 2-factor authentication, you can disable it in settings page. We would love to hear your feedback on our service. Thanks |
30 Jan 2015, 04:48 PM | #68 | |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
Google authenticator I suppose? Do you plan to add support to yubikey? |
|
30 Jan 2015, 05:49 PM | #69 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Oh NO, what you guys talking is called One Time Password (OTP). Honestly I got huge list of features to implement. And need help to prioritize things. You think yubikey feature would be great addon?
|
30 Jan 2015, 08:15 PM | #70 | |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
Normally 2FA is composed by something the user knows (a password) and something the user has (a token). Two passwords doesn't improve much on one's security. |
|
30 Jan 2015, 08:56 PM | #71 |
Master of the @
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
|
But it has always seemed to me that, while the idea of 2FA being "something you know" + "something you have" may be true for all practical purposes, in a sense isn't it still technically two passwords? It's just that the second factor – the 4 to 6 digit numeric (or alpha-numeric) code/password necessary for logging in and which isn't known ahead of time by the user – is sent to "something you have."
Though improbable in the extreme, it's not beyond the realm of possibility that someone could guess the code (which in Outlook's case is just a four-digit number) and gain access to someone's 2FA-protected account without actually "having" the user's cell phone. (In Outlook/Hotmail’s case, their version of 2FA also includes the option to have the secondary login code sent to something else the user “has”: an alternate email address, which may or may not itself have 2FA.) Even so, while two passwords don't improve security much, as you say, every little bit helps, no? |
31 Jan 2015, 01:56 AM | #72 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Ok. You are right. It seems like we don't have 2-Factor authentication in the way it is publicly known.
What I see is there is no term to represent that second password not used as proof to enter system but plays a critical role in encrypting your private keys and emails (i.e. The first password is just to retrieve a user object, and the second is to decrypt/encrypt it.) I think that at the time 2 factor authentication was brought up no one even thought to have end encrypted user data. I can see the need for OTP in regular emails like for Gmail or in banking. However, in SCRYPTmail, knowing the first password doesn't give you anything except the ability to retrieve the encrypted object from the server which is encrypted with 512 bite key derived from a second password (secret phrase) (AES -> Twofish) This also means no single point of failure (if AES or Twofish is proven to be compromised or broken). I'm still don't quite understand how an OTP PIN will be more secure than an 80 character long second key even just for the sake of entering an account. What we rolled out a few days ago is that users can use a single password for retrieving an object and decrypting it like what was done in tutanota. We still put limitations on how many times you can try to enter it on the site until getting blocked for 10 minutes. So yes, we don't have 2FA in the way we used to know it, but then I have to make another term. Correct me if I'm wrong, but doesn't it seem to be more secure in the way we make it at SCRYPTmail than to have some device or app from a third party where there may be known backdoors? Last edited by scryptmail : 31 Jan 2015 at 02:07 AM. |
31 Jan 2015, 02:51 AM | #73 | |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
I've emphasided (with bold) the points I want to address. First, I say that a second-password doesn't give much security because if one has access to the first password, than has, most likely, access to the second password. Think about keyloggers. There's no point in having N passwords, the keylogger is gonna get them all. If you had a token, it would be different. A TOTP code, as the name suggests, is time-based. Even if someone gets hold of the pin you used last time you logged in, it won't do them no good, as the code is a function of time, that is, it'll change by the time they try to get in your account. There's no reason to suspect that they've known backdoors and you do not. As far as I am aware, the implementation of TOTP is open-source. The source-code for yubikey's software is also open-source. As an end-user, I do not feel comfortable, at all, with 2 passwords. I do feel comfortable with 1 password + a token. |
|
31 Jan 2015, 02:58 AM | #74 | |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Quote:
Thanks for input. |
|
6 Mar 2015, 02:54 PM | #75 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Just a quick update:
Now you can select font to use for your inbox and add tags to email to organize your communication. Also we planing to run indiegogo campaign next week to rise funds to deploy more servers and to help with developing custom domain. Thank you for keep using scryptmail and make it better with your input. Last edited by scryptmail : 7 Mar 2015 at 12:13 AM. |