|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
30 Nov 2014, 08:53 AM | #31 |
Senior Member
Join Date: Aug 2013
Location: Seattle
Posts: 115
|
Is the PIN is a random number assigned to the outgoing email encryption for non-scrytpmail recipients? And, is this PIN only used in client-side scripting to encrypt/decrypt the message? Is it ever send across the wire during encryption/decryption?
|
30 Nov 2014, 10:46 AM | #32 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Yeah, there are a lot to explain.
Question and answer would be out some day next week, if you can ask me questions, it would be great. Meantime, I just released source code of scryptmail at https://github.com/SCRYPTmail/scryptmail I believe this is essential step for software made to protect your privacy, and I'm glad I did it. Last edited by scryptmail : 30 Nov 2014 at 10:53 AM. |
30 Nov 2014, 06:50 PM | #33 | |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
It's also how StartMail is using their encryption, as far as I know. Basically: User A: - Writes e-mail - Ticks the box "encrypt mail to "the outside"" - Instead of having a PIN, user A writes a Question and an Answer, for example: Q: What is the name of your third car? A: Ford Mustang This question and answer is the encryption key. User B: - Receives the e-mail, clicks on the link that redirects to scryptmail in order to read the encrypted message. - User B is asked for the answer to the following question: "Q: What is the name of your third car?" - If user B writes "Ford Mustang" as the answer, he is able to read the e-mail. If he writes anything else, the e-mail does not decrypt. |
|
1 Dec 2014, 02:50 AM | #35 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Hm, very interesting approach. I can see the utility.
But let me explain why PIN. Let's assume doctor use scryptmail or lawyer. The patient called into his office, and secretary tell him, that for a question about your car, the correct answer is Ford Mustang. After a short 10 minutes of dialog, when client argue with her, that his car is actually Lexus ) The PIN is more universal and well known. - So it's good for professionals. For people concerned with security, the whole idea of sending private information to gmail or yahoo should not be an option. First of all, Hushmail and Startmail is a server side based encryption; the answer sent to server, and server tries to decrypt it, if it successful, plain text email sent back to client. It's out of scope to discuss if this approach is secure at all. With end-to-end encryption, server has to send encrypted message to the client, and thus leaving a wide open door for brute force attack. Making pin or question looking hard, is just giving a false sense of security. When most answers will be short, using only English alphabet and may be digits, but still disclosing sender and recipient. In such prospective, PIN is good to send something insecure, more like just for invitation to use scryptmail. And exchange secured and private information only between two scryptmail accounts But there may be something I miss, and would like to hear it. Last edited by scryptmail : 1 Dec 2014 at 03:30 AM. |
3 Dec 2014, 02:23 AM | #36 |
Junior Member
Join Date: Oct 2014
Posts: 23
|
Not a bad service, I like it, but I have some questions:
1.- How can we be sure that you donīt keep the password and the passphrase if you want?. I donīt see the opposite but maybe I am missing something. 2.- Is that your real name?. It seems to be a russian name, the same as a well known football player or thatīs what wikipedia says if I remember well. How can we know this is not a russiam scam to get money and dissapear later? 3.- Do you offer pop/imap in some way? Thanks |
3 Dec 2014, 03:59 AM | #37 | |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Quote:
2. Sergei, yes it's my real name. I'm not sure about football, but Google co founder would be my guess Before I can try to dissapear with money, I need to collect them. And if you noticed, service is free for now In fact, right now, my money dissapearing each month with bill from Linode ;-\ Hard to say for all Russians, but very little of us actually running scams, yes we can be hackers, which I think beneficial for encryption and privacy, but most running legitimate business, name of few: Google, nginx, clustrix, Kaspersky, percona. Now scryptmail 3. Pop/imap not an option, at least now, as would not offer you end-to-end encryption Thanks for interest |
|
3 Dec 2014, 04:26 PM | #38 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Just a quick updates for my users:
we grow every day. But Dec 4, will be the day when, we will stop accepting new sign ups. So I can spent some time on performance optimization and polishing existing features for existing users. Invitation will be available. Almost ready with custom folders, hopefully will push tomorrow evening Last edited by scryptmail : 3 Dec 2014 at 04:36 PM. |
4 Dec 2014, 12:54 PM | #39 |
Senior Member
Join Date: Aug 2013
Location: Seattle
Posts: 115
|
|
4 Dec 2014, 01:43 PM | #40 |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
I finally downloaded windows7 virtualbox, and will test this issue.
I'm very appreciate your input. @rockman Would you please check, if it's working for you now? @all now scryptmail has custom folders. As far as I know, there are no end-to-end encrypted email having it yet Last edited by scryptmail : 4 Dec 2014 at 06:25 PM. |
5 Dec 2014, 04:34 AM | #41 |
Essential Contributor
Join Date: Aug 2012
Posts: 236
|
|
5 Dec 2014, 08:07 AM | #42 | |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Quote:
Keep me updated if there is anything else to fix. Last edited by scryptmail : 5 Dec 2014 at 08:24 AM. |
|
5 Dec 2014, 09:40 AM | #43 |
Senior Member
Join Date: Aug 2013
Location: Seattle
Posts: 115
|
Encrypted Folders +1!
|
9 Dec 2014, 05:58 AM | #44 |
Essential Contributor
Join Date: Aug 2012
Posts: 236
|
what is the general opinion about something like spideroak? they seem to bill themselves as more private/secure. would there be a way to get some kind of integration with it, or something similar, and have it act like how a person can have direct access to google drive in gmail?
|
9 Dec 2014, 06:30 AM | #45 | |
Senior Member
Join Date: Nov 2014
Posts: 127
Representative of:
Scryptmail.com |
Quote:
Talking about google drive, I believe Google offers public API to work with google apps and Google drive in particular. So if there demand to it, I don't see a reason why not to make scryptmail use google to store your encrypted files. But again, demand will drive this sort of features. My number 1 challenge now is to find a writer to help me build a scryptmail knowledge base |
|