EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 30 Nov 2014, 08:53 AM   #31
rockman
Senior Member
 
Join Date: Aug 2013
Location: Seattle
Posts: 115
Is the PIN is a random number assigned to the outgoing email encryption for non-scrytpmail recipients? And, is this PIN only used in client-side scripting to encrypt/decrypt the message? Is it ever send across the wire during encryption/decryption?
rockman is offline   Reply With Quote
Old 30 Nov 2014, 10:46 AM   #32
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Yeah, there are a lot to explain.
Question and answer would be out some day next week, if you can ask me questions, it would be great.

Meantime, I just released source code of scryptmail at https://github.com/SCRYPTmail/scryptmail
I believe this is essential step for software made to protect your privacy, and I'm glad I did it.

Last edited by scryptmail : 30 Nov 2014 at 10:53 AM.
scryptmail is offline   Reply With Quote
Old 30 Nov 2014, 06:50 PM   #33
17pm
Cornerstone of the Community
 
Join Date: Sep 2013
Posts: 504
Quote:
Originally Posted by scryptmail View Post
Thanks, i will change wording on read email.

1) I didn't quite understand what did you mean? you are talking about pin when you send email to outside? And it's missing some explanation? or I get it totally wrong?
Yes, I mean when someone encrypts an e-mail to "the outside". Have you ever used the "OTR" plugin? It allows a user to set up a Question and an Answer and in order for the connection be encrypted, the receiver needs to answer the Question correctly.

It's also how StartMail is using their encryption, as far as I know.

Basically:

User A:

- Writes e-mail
- Ticks the box "encrypt mail to "the outside""
- Instead of having a PIN, user A writes a Question and an Answer, for example:
Q: What is the name of your third car?
A: Ford Mustang

This question and answer is the encryption key.

User B:

- Receives the e-mail, clicks on the link that redirects to scryptmail in order to read the encrypted message.
- User B is asked for the answer to the following question:
"Q: What is the name of your third car?"
- If user B writes "Ford Mustang" as the answer, he is able to read the e-mail. If he writes anything else, the e-mail does not decrypt.
17pm is offline   Reply With Quote
Old 30 Nov 2014, 07:12 PM   #34
Berenburger
The "e" in e-mail
 
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,207
Quote:
Originally Posted by 17pm View Post
[...] It's also how StartMail is using their encryption, as far as I know [...]
That's also how Hushmail works.
Berenburger is offline   Reply With Quote
Old 1 Dec 2014, 02:50 AM   #35
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Hm, very interesting approach. I can see the utility.
But let me explain why PIN. Let's assume doctor use scryptmail or lawyer. The patient called into his office, and secretary tell him, that for a question about your car, the correct answer is Ford Mustang. After a short 10 minutes of dialog, when client argue with her, that his car is actually Lexus )
The PIN is more universal and well known. - So it's good for professionals.

For people concerned with security, the whole idea of sending private information to gmail or yahoo should not be an option. First of all, Hushmail and Startmail is a server side based encryption; the answer sent to server, and server tries to decrypt it, if it successful, plain text email sent back to client. It's out of scope to discuss if this approach is secure at all.

With end-to-end encryption, server has to send encrypted message to the client, and thus leaving a wide open door for brute force attack. Making pin or question looking hard, is just giving a false sense of security. When most answers will be short, using only English alphabet and may be digits, but still disclosing sender and recipient.

In such prospective, PIN is good to send something insecure, more like just for invitation to use scryptmail. And exchange secured and private information only between two scryptmail accounts

But there may be something I miss, and would like to hear it.

Last edited by scryptmail : 1 Dec 2014 at 03:30 AM.
scryptmail is offline   Reply With Quote
Old 3 Dec 2014, 02:23 AM   #36
hal9000
Junior Member
 
Join Date: Oct 2014
Posts: 23
Not a bad service, I like it, but I have some questions:

1.- How can we be sure that you donīt keep the password and the passphrase if you want?. I donīt see the opposite but maybe I am missing something.

2.- Is that your real name?. It seems to be a russian name, the same as a well known football player or thatīs what wikipedia says if I remember well. How can we know this is not a russiam scam to get money and dissapear later?

3.- Do you offer pop/imap in some way?

Thanks
hal9000 is offline   Reply With Quote
Old 3 Dec 2014, 03:59 AM   #37
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Quote:
Originally Posted by hal9000 View Post
Not a bad service, I like it, but I have some questions:

1.- How can we be sure that you donīt keep the password and the passphrase if you want?. I donīt see the opposite but maybe I am missing something.

2.- Is that your real name?. It seems to be a russian name, the same as a well known football player or thatīs what wikipedia says if I remember well. How can we know this is not a russiam scam to get money and dissapear later?

3.- Do you offer pop/imap in some way?

Thanks
1. First of all, my code is 100% public available: https://github.com/SCRYPTmail/scryptmail. You more than welcome to inspect it, pay close attention to login part of it. Not just password get hashed, but I'm even unaware of your email address, because it hashed as well.

2. Sergei, yes it's my real name. I'm not sure about football, but Google co founder would be my guess Before I can try to dissapear with money, I need to collect them. And if you noticed, service is free for now In fact, right now, my money dissapearing each month with bill from Linode ;-\

Hard to say for all Russians, but very little of us actually running scams, yes we can be hackers, which I think beneficial for encryption and privacy, but most running legitimate business, name of few: Google, nginx, clustrix, Kaspersky, percona. Now scryptmail

3. Pop/imap not an option, at least now, as would not offer you end-to-end encryption

Thanks for interest
scryptmail is offline   Reply With Quote
Old 3 Dec 2014, 04:26 PM   #38
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Just a quick updates for my users:
we grow every day. But Dec 4, will be the day when, we will stop accepting new sign ups. So I can spent some time on performance optimization and polishing existing features for existing users. Invitation will be available.

Almost ready with custom folders, hopefully will push tomorrow evening

Last edited by scryptmail : 3 Dec 2014 at 04:36 PM.
scryptmail is offline   Reply With Quote
Old 4 Dec 2014, 12:54 PM   #39
rockman
Senior Member
 
Join Date: Aug 2013
Location: Seattle
Posts: 115
Quote:
Originally Posted by ccl1 View Post
gui looks nice, but seems like I can't do anything. For example I press compose and It just says "LOADING.." and thats all it does. I'm using firefox 33.1
This bug persists.
rockman is offline   Reply With Quote
Old 4 Dec 2014, 01:43 PM   #40
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Quote:
Originally Posted by rockman View Post
This bug persists.
I finally downloaded windows7 virtualbox, and will test this issue.

I'm very appreciate your input.
@rockman Would you please check, if it's working for you now?

@all now scryptmail has custom folders. As far as I know, there are no end-to-end encrypted email having it yet

Last edited by scryptmail : 4 Dec 2014 at 06:25 PM.
scryptmail is offline   Reply With Quote
Old 5 Dec 2014, 04:34 AM   #41
ccl1
Essential Contributor
 
Join Date: Aug 2012
Posts: 228
Quote:
Originally Posted by rockman View Post
This bug persists.
the thing with firefox is kind of strange. For example the first time I go to log into scryptmail, it just loads and nothing happens. But then if i close the tab, re-open the webpage and log in again, the account loads almost instantly.
ccl1 is offline   Reply With Quote
Old 5 Dec 2014, 08:07 AM   #42
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Quote:
Originally Posted by ccl1 View Post
the thing with firefox is kind of strange. For example the first time I go to log into scryptmail, it just loads and nothing happens. But then if i close the tab, re-open the webpage and log in again, the account loads almost instantly.
It may be because you haven't used it for a while, and cache need to catch up. In general, I agree Firefox behavior is strange, as on Linux it hasn't give me any warning or errors, but on Windows there were some.
Keep me updated if there is anything else to fix.

Last edited by scryptmail : 5 Dec 2014 at 08:24 AM.
scryptmail is offline   Reply With Quote
Old 5 Dec 2014, 09:40 AM   #43
rockman
Senior Member
 
Join Date: Aug 2013
Location: Seattle
Posts: 115
Encrypted Folders +1!
rockman is offline   Reply With Quote
Old 9 Dec 2014, 05:58 AM   #44
ccl1
Essential Contributor
 
Join Date: Aug 2012
Posts: 228
what is the general opinion about something like spideroak? they seem to bill themselves as more private/secure. would there be a way to get some kind of integration with it, or something similar, and have it act like how a person can have direct access to google drive in gmail?
ccl1 is offline   Reply With Quote
Old 9 Dec 2014, 06:30 AM   #45
scryptmail
Senior Member
 
Join Date: Nov 2014
Posts: 126

Representative of:
Scryptmail.com
Quote:
Originally Posted by ccl1 View Post
what is the general opinion about something like spideroak? they seem to bill themselves as more private/secure. would there be a way to get some kind of integration with it, or something similar, and have it act like how a person can have direct access to google drive in gmail?
spideroak seems to be ok, device dependent is minus, as you can't easily switch from device to device.

Talking about google drive, I believe Google offers public API to work with google apps and Google drive in particular. So if there demand to it, I don't see a reason why not to make scryptmail use google to store your encrypted files. But again, demand will drive this sort of features. My number 1 challenge now is to find a writer to help me build a scryptmail knowledge base
scryptmail is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 04:39 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy