• Anyone using PGP/GPG in here?

    From Lizard King@21:4/141 to All on Friday, November 02, 2018 21:15:12
    Apologies if this is dumb or an FAQ or both, but is anyone in here using PGP/GPG in conjunction with Mystic somehow? If so, how are you doing it?

    I used PGP on FidoNet back in the day, when that was still an edgy thing to
    do. Especially for some of the people I talked to in places where crypto was still illegal!

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From NuSkooler@21:1/121 to Lizard King on Saturday, November 03, 2018 09:38:51

    On Friday, November 2nd Lizard King was heard saying...
    Apologies if this is dumb or an FAQ or both, but is anyone in here using PGP/GPG in conjunction with Mystic somehow? If so, how are you doing it? I used PGP on FidoNet back in the day, when that was still an edgy thing to do. Especially for some of the people I talked to in places where crypto was still illegal!

    Yep! You can find public keys posted here from time to time. I (and some others
    here as well) use Keybase.io as a convience layer as well.

    https://keybase.io/nuskooler



    --- ENiGMA 1/2 v0.0.9-alpha (linux; x64; 8.9.4)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From nristen@21:1/161 to Lizard King on Saturday, November 03, 2018 16:02:17
    Apologies if this is dumb or an FAQ or both, but is anyone in here using PGP/GPG in conjunction with Mystic somehow? If so, how are you doing it?

    I used PGP on FidoNet back in the day, when that was still an edgy thing to do. Especially for some of the people I talked to in places where crypto was still illegal!

    https://keybase.io/nristen

    --- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
    * Origin: The Search BBS (21:1/161)
  • From pixelheresy@21:1/112 to Lizard King on Monday, November 05, 2018 03:26:42
    Use cypto? Yes.

    In the context of Mystic/BBSing? Not yet, but that would be cool.

    I am inclined to think that reason why it is not more ubiquitous is because people don't know how it works and don't bother. I think as well with the
    hard soloing of "the internet" to merely being Google/Youtube/Facebook for most, those parties are not interested.

    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQINBFvcO0EBEACaRajmilzoUKcwA06c2tbF6WiYDt8jPiuwP4/+KhFT2xyOx5c4 9XCKJYXKkGFl2t/+7tmJux7R+Es9hYlDDvsvo7JLudWsWXCxxrlb2I2aE5he+Im4 GcEGP69GEtXXL87fTIyVmf7nOMOslGFMeVt5l8FLiiY/IeVpzJF4kTmeKdUxI7qg EzIL+hyc/VWS+Dt1zax++Eh5c6C+n3pR3V9aVQLklnph+xA2eGWqGslNCwgXY0w4 lYPHHGKUeTmXuLmHT7ksqweCGLhiz02Mtv40bjT0CYshHVVgKD4Tmik3dyQbv26x jG3SawQC2gq4uBEaxx0NeTeYgeK4dfxpArJIN0IxDQ7wqKvHayWH4Zre97hM6hls cyy0DD2xSs17Cjr1qIZwhMRpzLxWgcxhcVfv6lv7k9oktI8KFgXN7WdAsgw/PZFp Lzew+0D5Qu13XBeaLIwV19O7qcbJ0eAHwro/eLvu6IcM8CyLQPAipaJM7Otu9nLd l/BBOmnd30yBZbW0mXFWtIIp7glfA0ByJUtei/f+/ZFynFBUocIvhBUJysO4UfJm bqMsNGBPYbPF8S47fElfRG4WKD3r9oJ/fqNB7DI28i4WJkMBsGc3551y7qei217L XkpUtIpcpzbexfkKNn6B8OYWlHwvnQY/7qFKN/aHlP418RmYdzCUwFB4iwARAQAB tCVwaXhlbGhlcmVzeUBwbS5tZSA8cGl4ZWxoZXJlc3lAcG0ubWU+iQJUBBMBCAA+ FiEEpu4r+MrIe9GdJT0RGjo6fvpCeuoFAlvcO0ECGwMFCQeGH4AFCwkIBwIGFQoJ CAsCBBYCAwECHgECF4AACgkQGjo6fvpCeuptZQ//VXOSUf9S2kohC5sgttikQoUC yCF6E36fEC/ZbEfyVjHfdegIFJr+jrd6Q9yk5vmYpXFmEttsFKnAMximmlN77iSm QLcgH+4fBhLFOYnlOB3zfCIF+TvhhMG+n89OrlvDFcQ0PNMuMyWFwNtaI/1TS5dc 9dcFcrFUAX/7JeRvbjBorzZv+K3ccK1Yhl/42RKf/+WqSwFkFsI23Xloxvb0L6Wy jDtIh/PVWA4lo6F/mJLJbfP9rA60EKMWO3VyjYk+PWaggB+fHxO7DxGVZZvKQ5Pr TqrRG8RqlhAfH61F188dnLvcF7Fk/JGy9rsi0VmP6QcJ7jrQ/7P7hFdCw6tcquxM onPpWEgN1y+4qVdjvCBIe8FN9c8133QiWpI7K5ob7RgznPnBLRikXy+lRuF0MvMX gfBp6iZOR8WXFbuEWahlhxw9eOPU3JmtoIzIw+IlFwTdyNmjW+GEapVCAHs/LUOA 0qBr8MLBNjcnZSElBRFlnEXbTvFzNUqAw9uCgMwrTlRx3/LU2Hc3QYZcQAqBz7Jt nLALcyIbOawAElmsvzkz+/NJWQ2UuLmOUDK5Rt2rE/mHs0zzwJcD+vjWhjNmTRFD UasS1YRX+cA+WH1TawwDlsryMnGf6lpduIOr4ZpF5/JMS0/0G1u9UbfvMZlG0bzT ixiIGfTyu1T6xjADBAS5Ag0EW9w7QQEQAKtXvcBpQmX1M3WEQEdWeCjIFihZAXv5 GMQf1P6E8frFGQstKdzvB3waBzYQtn3nrE+PyvNnzjT5Wsr1+pF57wAwYJaMOpbi Cef+B1+TGJlWC4jxvh37E1eIdL7O/fnVXPo9wfaX2DwaKfkfuvonZZ2v+io9deFG 36vCAJsKCYMA8JsVoF5mRAzcimwSX5RdxUPgkB6x6PCjPgrGcCfbo1kHG4iM8apE LnNZ7WMXC9xLvyCYX50CdCdmr9qmy1RlyX6Ln/hXuyubl7s4XPZoyFfZ0sw4wQwd Lmb9wwuJrr6EZZ994WrQcaD7Q/iDJ4gcLC9/HHb0K3ROoLZQUCKd3kxHJ7YYKady Rmn1KG20dVVxk2DE8ITkxWCm2G2bnm4UCy1VzBdUL9v93WVyB4oGn9F3pU3zcQvc lqgG+Iq3BVloqCZFYPMW+SPYzn/dfn/kHhDPzxVRv82sBVDTChwDaTzvrtKeoXzH bcaQIq5S/ApcJECaQL+/U1G1Rzm1JqOr8wg3BpZBMUpq465Og20z8dekeY0YABQ7 Av5T70qA1nKcjDt1RHUhSOivrYm0vyFk8nu+c+lb2fCWWLcKnrtb6veCjPE4f/Qk G7wwr/ff+ViDstNbzW6ZmbP1f30lv1OHt7SatpxsJtlTKVq6SahvzgR0kfLkmb88 cHCB0n1z9+7FABEBAAGJAjwEGAEIACYWIQSm7iv4ysh70Z0lPREaOjp++kJ66gUC W9w7QQIbDAUJB4YfgAAKCRAaOjp++kJ66mk/EACT5moHRuxS/C65Xzhapf+nxKV9 RDsB0SoXtWTBDA3aCkoGC7kg11+wVF2s6V1jGWQC0IWXc3uj6QvjHLQiTXsj1fVp kt0BkLYrw+B3iJI0cvC5tQDS5aMjeTodAjiE2lWstCl9RmygM5GZdCu5TAiWv2DK XR5ZNPCLEJOC4NbMQikGPDcU757R55nVP+iq4GT9daaLtC+S79Lg6SysTvDAmews Xq+2L0+TY4DJpcNYRyIkdLwrFIN4teKa/6bwrzR3hyI8NAfooaij11lWptYo7rRd B4Zbd+/tqmlvuIxG3zfdt2haTeBS9qCjD54imhxhzzArQMpvHRYSeymsNdtXyFJ4 N4fWSa/8ilndTkANH2F2+N9ziA9WxgtG2cUXqEnQcdMsRg4VrYHJnp8eaY5f2DXq WlAQdwJINk8MqhbHbNOQqGc9Dp6FcXBJaJr2QB0RunabTFwsKpvGw5rvGUxMJ8Vp essRa2a6xA4RPAgNxUikFTVvrhvqbI4YP0N+Hhp/xZeRWZ+CeAtgG6WAn5GHHQ1u ZUjyfslFMFZ7FyMWF02UGMOn6EbghCndMnpYERbC2/5roqthiJVMaYhSzS2yS+F0 DiZlP8cN34o9K08df3+3VmftLXiTT5BZCiK/tkCQphuHn1lAkusc1eGl9XdTlDyR PuB1udbXF7GLmRjR9w==
    =b3fu
    -----END PGP PUBLIC KEY BLOCK-----

    pixelheresy (pixelheresy at pm dot me)
    ╘═══════════╛

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (21:1/112)
  • From Avon@21:1/101 to Lizard King on Monday, November 05, 2018 22:19:51
    On 11/02/18, Lizard King pondered and said...

    Apologies if this is dumb or an FAQ or both, but is anyone in here using PGP/GPG in conjunction with Mystic somehow? If so, how are you doing it?

    I used PGP on FidoNet back in the day, when that was still an edgy thing to do. Especially for some of the people I talked to in places where crypto was still illegal!


    Hi there

    I'm hoping to test some ideas out soon in this space... the appeal is there
    for me too :)

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Vk3jed@21:1/109 to Avon on Monday, November 05, 2018 21:10:00
    On 11-05-18 22:19, Avon wrote to Lizard King <=-

    I'm hoping to test some ideas out soon in this space... the appeal is there for me too :)

    One of my requirements is transparency of use. Back in the 90s, I used to have an add-on that worked with Bluewave, which allowed me to encrypt and decrypt PGP encrypted messages. Worked really well. Today, I have Enigmail on Thunderbird, which is similar (but more modern). Now, I'd like to see something similar for Multimail. I'd need native (Win64 and Linux) versions.
    )


    ... Dawn crept across the lawn, searching for her car keys.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From pixelheresy@21:1/112 to Vk3jed on Monday, November 05, 2018 07:19:27
    Now a days (beyond what may be available in Mystic... I admittedly never made the jump to actually running a board), PGP/GPG encryption in readily
    available in most computing if you look.

    PGP or GPG tools are available on the OS level for everything and frankly the standard GPG for Mac/Linux on the command-line is quite easy to use once you get the hang of it. As such, any arbitrary text, binary, whatever, can be signed either in armored text or binary (or detached armored sigs, or using multiple public keys so it can be opened by any number or recipients, etc.). Thunderbird has some good stuff, but GPG Suite (although it has a "support
    fee" e.g. a major version registration/license cost for the non-GNU tooling) for Mac works well if you like the default "Mail.app" client.

    Beyond that, there are plenty of online mail services that have free-to-cheap mail services with PGP/GPG enabled. I am in the process of migrating to Protonmail and had no problem setting up better keys in it than "factory default" (4k hashes rather than 2k hashes). This comes with the security of having two-factor for webmail and a secure mobile client (also, being able to send expiring elliptical cypher messages to any email, even if you don't have or *they* don't have a public key is kind of fun). Also on iOS I recently got PGP Encrypt, which is a keyboard extension, key manager, and arbitrary encryption tool (text <--> GPG). Haven't played with it much, but could be a nice way to do something quick and dirty in cases where you want to "on-off"
    a sensitive text message or encrypt the content on a web form...

    I remember back in the day, I used to see a lot of people putting keys or
    links to them in sigs, etc. but now it seems like either email is seen irreverent or people seem secure with Google handling everything... No idea.

    pixelheresy (pixelheresy at pm dot me)
    ╘═══════════╛

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (21:1/112)
  • From Lizard King@21:4/141 to pixelheresy on Monday, November 05, 2018 08:43:30
    I am inclined to think that reason why it is not more ubiquitous is because people don't know how it works and don't bother. I think as well with the hard soloing of "the internet" to merely being Google/Youtube/Facebook for most, those parties are not interested.

    Most people simply cannot be bothered, and that is me most of the time also.

    But I remember it being integrated in something (FrontDoor?) early on and I made frequent use of it.

    I do use GPG a fair amount here for encrypting backups before uploading them into Amazon S3 for offsite storage, and for other random things.

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From Lizard King@21:4/141 to Vk3jed on Monday, November 05, 2018 08:47:21
    One of my requirements is transparency of use. Back in the 90s, I used
    to have an add-on that worked with Bluewave, which allowed me to encrypt and decrypt PGP encrypted messages. Worked really well. Today, I have

    Yes. This. :)

    Having a way to communicate via strong crypto can only be a good thing. I've heard rumblings about it being controlled/outlawed again in some places, and
    I hope that is alarmist nonsense, but the one thing that's guaranteed to get
    me using it is to tell me I shouldn't.

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From Vk3jed@21:1/109 to pixelheresy on Tuesday, November 06, 2018 06:41:00
    On 11-05-18 07:19, pixelheresy wrote to Vk3jed <=-

    @TZ: 412c
    Now a days (beyond what may be available in Mystic... I admittedly
    never made the jump to actually running a board), PGP/GPG encryption in readily available in most computing if you look.

    Well, in places, but it's around. But that's beyond the scope of this discussion (GPG on BBSs).

    PGP or GPG tools are available on the OS level for everything and
    frankly the standard GPG for Mac/Linux on the command-line is quite
    easy to use once you get the hang of it. As such, any arbitrary text,

    That's not an option. I have a low tolerance to fiddly operations, even if they are easy. Any solution must be fairly well streamlined. On Thunderbird, Enigmail works well, and fits into the workflow nicely.

    Beyond that, there are plenty of online mail services that have free-to-cheap mail services with PGP/GPG enabled. I am in the process

    If you're talking about webmail, forget it. Another non starter for me. Poor performance and navigation plagues a lot of web based services, and as mail is a fairly high volume one for me, that's a big issue.

    of migrating to Protonmail and had no problem setting up better keys in
    it than "factory default" (4k hashes rather than 2k hashes). This comes with the security of having two-factor for webmail and a secure mobile client (also, being able to send expiring elliptical cypher messages to any email, even if you don't have or *they* don't have a public key is kind of fun). Also on iOS I recently got PGP Encrypt, which is a
    keyboard extension, key manager, and arbitrary encryption tool (text
    <--> GPG). Haven't played with it much, but could be a nice way to do
    omething
    quick and dirty in cases where you want to "on-off"
    a sensitive text message or encrypt the content on a web form...

    Some interesting stuff there, though sgsin, how useful is it in a BBS context?


    I remember back in the day, I used to see a lot of people putting keys
    or links to them in sigs, etc. but now it seems like either email is
    seen irreverent or people seem secure with Google handling
    everything... No idea.

    Yes, it was popular for a while. Dunno.


    ... Does fuzzy logic tickle?
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to Lizard King on Tuesday, November 06, 2018 06:43:00
    On 11-05-18 08:47, Lizard King wrote to Vk3jed <=-

    Having a way to communicate via strong crypto can only be a good thing.
    I've heard rumblings about it being controlled/outlawed again in some places, and I hope that is alarmist nonsense, but the one thing that's guaranteed to get me using it is to tell me I shouldn't.

    Given the dependency of commerce and banking on strong cryptography these days, I think that particular genie is out of the bottle. The more cryptography can be embedded into everyday life, the harder it will be to outlaw.


    ... I like stuffed animals; oven baked with bread crumbs.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Lizard King@21:4/141 to Vk3jed on Monday, November 05, 2018 15:45:02
    Beyond that, there are plenty of online mail services that have free-to-cheap mail services with PGP/GPG enabled. I am in the process

    If you're talking about webmail, forget it. Another non starter for me. Poor performance and navigation plagues a lot of web based services, and as mail is a fairly high volume one for me, that's a big issue.

    The other thing is that unless I'm missing something, you are trusting the remote party to keep your private key secured, and the emails are being decrypted on their server so you can view them (right?) So basically you
    don't know if your email is secure or not, you're taking their word for it.

    That said, I would probably trust the people who run Protonmail more than I trust Google with my data... but that ain't saying much.

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From Lizard King@21:4/141 to Vk3jed on Monday, November 05, 2018 15:50:24
    Given the dependency of commerce and banking on strong cryptography
    these days, I think that particular genie is out of the bottle. The
    more cryptography can be embedded into everyday life, the harder it will be to outlaw.

    I very much hope you are right, but I am still hearing various government agencies griping about the fact that terrorists can encrypt their email and there's no way for anyone to read it. That is true, as far as it goes, but
    to my knowledge terrorists aren't using strong crypto. Last I heard they
    were logging into gmail, writing emails, quitting out before sending, and
    then a second person would go in and view the saved draft. No email sent.

    But when the government can take away our rights and claim to be doing it for our own protection, the temptation always seems to be too much for them to stand. I have a feeling that somewhere down the line we'll hear people
    arguing that crypto is fine for banking and stuff like that, but only terrorists would want to encrypt their personal correspondence.

    Let me put it another way: 20 years ago, would you have believed that you'd have to risk being groped by a government employee to get on an airplane? Somehow we accept this as normal.

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From StackFault@21:1/172 to Lizard King on Monday, November 05, 2018 20:04:32
    Hi!



    The other thing is that unless I'm missing something, you are trusting
    the remote party to keep your private key secured, and the emails are being decrypted on their server so you can view them (right?) So basically you don't know if your email is secure or not, you're taking their word for it.

    I use GnuPG quite extensively and it works pretty well, you can arrange your workflow quite easily. The biggest challenge is to find someone who also understand how to use it.

    I have a hard time trusting any online service to do the
    encryption/decryption on my behalf, being protonmail or another. However, I tend to think that Hushmail or Protonmail are good choices for moderate
    privacy stuff. They had their codebase reviewed and are mostly considered secure...

    Regards,

    ···──────────────────────────────────────────────────────────────────────···
    ┌ Dave aka Stackfault ┐ ┌ bbs.bottomlessabyss.net [telnet·ssh≈2222] ┐
    └ The Bottomless Abyss BBS ┘ └ fsxNet @ 21:1/172 ┘
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From pixelheresy@21:1/112 to Lizard King on Tuesday, November 06, 2018 10:22:11
    The other thing is that unless I'm missing something, you are trusting
    the remote party to keep your private key secured, and the emails are being decrypted on their server so you can view them (right?) So

    Yes. It does require or at least is streamlined by having keys in your
    account. That being said you can attach to POP and handle yourself or
    whatever it is Open Source and hosted outside the 9 Eyes (in Switzerland) so there's that. Also you can require 2 factor or extra passwords for reading or admin functions. It is reasonably secure. If anything, their servers may be more resilient to attack than a personal pc.

    It is more than a few steps up from Gmail being encrypted and not read by a shady corporation.

    Then again, for someone who has multiple systems, having access to this
    without having to have private keys all over the place is convenient.

    Likewise 99.9% of those I contact do not use any encryption, so yeah.

    pixelheresy (pixelheresy at pm dot me)
    ╘═══════════╛

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (21:1/112)
  • From Vk3jed@21:1/109 to Lizard King on Wednesday, November 07, 2018 13:47:00
    On 11-05-18 15:45, Lizard King wrote to Vk3jed <=-

    The other thing is that unless I'm missing something, you are trusting
    the remote party to keep your private key secured, and the emails are being decrypted on their server so you can view them (right?) So basically you don't know if your email is secure or not, you're taking their word for it.

    That depends where the decryption is happening - is it on the web server, or is the ciphertext downloaded then decrypted by client side code? In the latter case, the private key stays on your machine.

    That said, I would probably trust the people who run Protonmail more
    than I trust Google with my data... but that ain't saying much.

    Haha true. :)


    ... One accurate measurement is worth a thousand expert opinions.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to Lizard King on Wednesday, November 07, 2018 13:52:00
    On 11-05-18 15:50, Lizard King wrote to Vk3jed <=-

    I very much hope you are right, but I am still hearing various
    government agencies griping about the fact that terrorists can encrypt their email and there's no way for anyone to read it. That is true, as

    Yeah, they make noises about that occasionally here, but there's no political support for it.

    far as it goes, but to my knowledge terrorists aren't using strong
    crypto. Last I heard they were logging into gmail, writing emails, quitting out before sending, and then a second person would go in and
    view the saved draft. No email sent.

    That is a clever approach, and the only crypto used is the same TLS that we use for Internet banking.

    But when the government can take away our rights and claim to be doing
    it for our own protection, the temptation always seems to be too much
    for them to stand. I have a feeling that somewhere down the line we'll hear people arguing that crypto is fine for banking and stuff like
    that, but only terrorists would want to encrypt their personal correspondence.

    They will try, but given there's a lot of commerce done in email, and email is used for so many forms of validation, there's a bigger case for the _increased_ use of cryptography by private citizens in email.

    Let me put it another way: 20 years ago, would you have believed that you'd have to risk being groped by a government employee to get on an airplane? Somehow we accept this as normal.

    Depends if they're cute. :D

    It's not quite as bad here yet. Yes, security is tight, but no groping that I've found (and I took a couple of flights last week).


    ... All's well that ends.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to StackFault on Wednesday, November 07, 2018 18:53:00
    On 11-05-18 20:04, StackFault wrote to Lizard King <=-

    I use GnuPG quite extensively and it works pretty well, you can arrange your workflow quite easily. The biggest challenge is to find someone
    who also understand how to use it.

    I'm very sensitive to workflow disruptions, especially anything that is tedious/fiddly (regardless of how simple).


    ... "Do you, Sysop, take this BBS, to be your wedded spouse?"
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Avon@21:1/101 to Vk3jed on Wednesday, November 07, 2018 21:19:47
    On 11/05/18, Vk3jed pondered and said...

    One of my requirements is transparency of use. Back in the 90s, I used
    to have an add-on that worked with Bluewave, which allowed me to encrypt and decrypt PGP encrypted messages. Worked really well. Today, I have

    So you're talking about ease of use? I'm lost by transparency.

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Lizard King on Wednesday, November 07, 2018 21:21:04
    On 11/05/18, Lizard King pondered and said...

    Having a way to communicate via strong crypto can only be a good thing.

    I agree.

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Lizard King on Wednesday, November 07, 2018 21:25:51
    On 11/05/18, Lizard King pondered and said...

    I very much hope you are right, but I am still hearing various government agencies griping about the fact that terrorists can encrypt their email and there's no way for anyone to read it. That is true, as far as it goes, but to my knowledge terrorists aren't using strong crypto. Last I

    I hope that backdoors and other ways to circumvent crypto is not developed by those that make the crypto tools for government agencies. I think broken
    crypto is worse. Crypto is used in a wide variety of ways by people whose
    only hope at getting free speech out of a repressive country is to encrypt it.

    heard they were logging into gmail, writing emails, quitting out before sending, and then a second person would go in and view the saved draft. No email sent.

    yeah but I'd suggest not that secure as there's still the session with gmail that could be intercepted I guess?

    for them to stand. I have a feeling that somewhere down the line we'll hear people arguing that crypto is fine for banking and stuff like that, but only terrorists would want to encrypt their personal correspondence.

    I think that's already well underway ;(

    Let me put it another way: 20 years ago, would you have believed that you'd have to risk being groped by a government employee to get on an airplane? Somehow we accept this as normal.

    I know. Nutty huh. It comes down to what is seen as 'normal'

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Lizard King@21:4/141 to Vk3jed on Wednesday, November 07, 2018 00:27:35
    I'm very sensitive to workflow disruptions, especially anything that is tedious/fiddly (regardless of how simple).

    Very much the same here. I deal with tedious and fiddly all day long, for money. I don't want to do it in my spare time. I want things that just magically work. I'm willing to put up with a certain amount of
    head-scratching to set it up the first time, though. (Or I wouldn't be here typing this.) :)

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From Avon@21:1/101 to StackFault on Wednesday, November 07, 2018 21:27:02
    On 11/05/18, StackFault pondered and said...

    I use GnuPG quite extensively and it works pretty well, you can arrange your workflow quite easily. The biggest challenge is to find someone who also understand how to use it.

    I should use it more and need to remind myself how to etc... but agree it's a battle to keep on top of how to use etc. if you're not interacting with others regularly by using the tools etc..

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Lizard King on Wednesday, November 07, 2018 21:31:46
    On 11/07/18, Lizard King pondered and said...

    Very much the same here. I deal with tedious and fiddly all day long,
    for money. I don't want to do it in my spare time. I want things that just magically work. I'm willing to put up with a certain amount of

    Heh... BBSing can be fiddly but then some find that the 'fun' bit :) But yeah
    I hear you it can be nice for stuff just to auto-magically just happen :)

    --- Mystic BBS v1.12 A39 2018/04/21 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Vk3jed@21:1/109 to Avon on Wednesday, November 07, 2018 19:45:00
    On 11-07-18 21:19, Avon wrote to Vk3jed <=-

    @TZ: 030c
    On 11/05/18, Vk3jed pondered and said...

    One of my requirements is transparency of use. Back in the 90s, I used
    to have an add-on that worked with Bluewave, which allowed me to encrypt and decrypt PGP encrypted messages. Worked really well. Today, I have

    So you're talking about ease of use? I'm lost by transparency.

    Well, if I have to save a file, run GPG to decrypt, then load the result into an editor all manually, it's a non starter for me, even if the steps are
    imple.


    ... The trouble with facts is that there are so many of them.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to Lizard King on Wednesday, November 07, 2018 19:46:00
    On 11-07-18 00:27, Lizard King wrote to Vk3jed <=-

    @TZ: 41e0
    I'm very sensitive to workflow disruptions, especially anything that is tedious/fiddly (regardless of how simple).

    Very much the same here. I deal with tedious and fiddly all day long,
    for money. I don't want to do it in my spare time. I want things that just magically work. I'm willing to put up with a certain amount of head-scratching to set it up the first time, though. (Or I wouldn't be here typing this.) :)

    I appear to have some level of ADHD traits, exactly how much is not yet known.


    ... AACCHHOOO!!! Darn! I see the idiots are in bloom again!
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to Avon on Wednesday, November 07, 2018 19:50:00
    On 11-07-18 21:25, Avon wrote to Lizard King <=-

    heard they were logging into gmail, writing emails, quitting out before sending, and then a second person would go in and view the saved draft.
    No email sent.

    That's encrypted via TLS, the weak link is Google itself, of course.


    ... The first rule of air combat is to see the other guy first.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to Avon on Wednesday, November 07, 2018 20:27:00
    On 11-07-18 21:31, Avon wrote to Lizard King <=-

    @TZ: 030c
    On 11/07/18, Lizard King pondered and said...

    Very much the same here. I deal with tedious and fiddly all day long,
    for money. I don't want to do it in my spare time. I want things that just magically work. I'm willing to put up with a certain amount of

    Heh... BBSing can be fiddly but then some find that the 'fun' bit :)
    But yeah I hear you it can be nice for stuff just to auto-magically
    just happen :)

    Yeah I don't mind fiddly to setup, but not for general everyday use.


    ... "If anybody sets fire to this city, it's going to be _ME_."
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Vk3jed on Wednesday, November 07, 2018 07:07:48
    I use GnuPG quite extensively and it works pretty well, you can arran your workflow quite easily. The biggest challenge is to find someone who also understand how to use it.

    I'm very sensitive to workflow disruptions, especially anything that is tedious/fiddly (regardless of how simple).

    I agree with you, I see myself rearranging my workflow on a frequent basis in the sake of optimization. Whenever I feel things are getting automatic, I change a little something just to keep my edge.

    I have a good interest in crypto in general but the lack of seemless integration (for messaging at least) always makes it harder to use for non tech-savvy, thus limiting it's wide adoption.


    ──────────────────── ▌ ▀ ───────────────────────────────────────────────────
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ fsxNet»21:1/172
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From StackFault@21:1/172 to Vk3jed on Wednesday, November 07, 2018 07:14:34
    One of my requirements is transparency of use. Back in the 90s, I us to have an add-on that worked with Bluewave, which allowed me to encr and decrypt PGP encrypted messages. Worked really well. Today, I ha

    So you're talking about ease of use? I'm lost by transparency.

    Well, if I have to save a file, run GPG to decrypt, then load the result into an editor all manually, it's a non starter for me, even if the
    steps are imple.

    This looks like a tedious process indeed. Clipboard decryption is easier
    but still not seamlessly integrated.

    If we take the context to BBS for example, using PGP seemlessly would require you to use an offline reader so you keep the keys locally at all times. But that can be the least intrusive way of using it on a larger scale.


    ──────────────────── ▌ ▀ ───────────────────────────────────────────────────
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ fsxNet»21:1/172
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From StackFault@21:1/172 to Vk3jed on Wednesday, November 07, 2018 07:19:25
    heard they were logging into gmail, writing emails, quitting out befo sending, and then a second person would go in and view the saved draf No email sent.

    That's encrypted via TLS, the weak link is Google itself, of course.

    Encryption is a beast by itself. Many focus only on the data-in-transit
    aka network stream encryption (the TLS part) and often forget about the data-at-rest aka storage.

    I've seen numerous times people spending countless hours securing traffic, disabling weak ciphers and setting up strong keys, but keeping the data in clear on the database backend once received.


    ──────────────────── ▌ ▀ ───────────────────────────────────────────────────
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ fsxNet»21:1/172
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From Vk3jed@21:1/109 to StackFault on Thursday, November 08, 2018 11:19:00
    On 11-07-18 07:07, StackFault wrote to Vk3jed <=-

    I agree with you, I see myself rearranging my workflow on a frequent
    basis in the sake of optimization. Whenever I feel things are getting automatic, I change a little something just to keep my edge.

    With me, it depends. Simple, routine things need to be also streamlined. I have to keep those steps away from my conscious attention, because (1) that would be more error prone, and (2) over time, my aversion to fiddly work will caue me to use it less. Most crypto products have fallen into that. Two notable exceptions have been Enigmail on Tnnderbird, because I can activate that at the click of a button, and the old PGP wrapper that I used as my "editor" in the DOS/Bluewave days, which inserted itself into the workflow
    ell.

    I'm not bothered by passphrases, those are to be expected for crypto, though I'm not so keen on long passphrases on mobile devices (perfectly fine on a PC/Mac).

    I have a good interest in crypto in general but the lack of seemless integration (for messaging at least) always makes it harder to use for
    non tech-savvy, thus limiting it's wide adoption.

    Agree totally.

    I did look at Keybase, but when it upgraded, it then behaved as though I had to re-register my PC, once I logged in after the upgrade. That led to confusion. :(


    ... Why do we say something is out of whack? What is a whack?
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to StackFault on Thursday, November 08, 2018 11:24:00
    On 11-07-18 07:14, StackFault wrote to Vk3jed <=-

    This looks like a tedious process indeed. Clipboard decryption is
    easier but still not seamlessly integrated.

    Yep.

    If we take the context to BBS for example, using PGP seemlessly would require you to use an offline reader so you keep the keys locally at
    all times. But that can be the least intrusive way of using it on a
    larger scale.

    And there was a nice wrapper for PGP that could be fairly deamlessly inserted into the "editor" hook of an offline reader. I used to use it with Bluewave. Was a nice system, about as seamless as you could get for the tech of the day, and I used it a fair bit. It might still exist on my old backups. Given that it simply called PGP with the right parameters, I suspect that it could be used with a DOS version of GPG as well. From memory, the PGP command lines for the various functions (encryption, decryption, signing, key management, etc) were configurable.


    ... Scepticism is the beginning of faith.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to StackFault on Thursday, November 08, 2018 11:28:00
    On 11-07-18 07:19, StackFault wrote to Vk3jed <=-

    Encryption is a beast by itself. Many focus only on the data-in-transit aka network stream encryption (the TLS part) and often forget about the data-at-rest aka storage.

    I've seen numerous times people spending countless hours securing
    traffic, disabling weak ciphers and setting up strong keys, but keeping the data in clear on the database backend once received.

    Yep, encryption is only as secure as the weakest link, and unencrypted databases can be a particularly soft target. The offline mail system was good in that regard, in that the plaintext message only ever existed as a temporary file. On the BBS the message was still ciphertext. Sure, one could forensically trawl the local HDD for the plaintext, but how many BBS messages are going to attract that level of scrutiny? (and if the spooks have your HDD, they have your private key as well anyway). :)


    ... All right who's been cooking hot dogs in the Warp Drive?
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Vk3jed on Thursday, November 08, 2018 07:09:11
    I agree with you, I see myself rearranging my workflow on a frequent basis in the sake of optimization. Whenever I feel things are getting automatic, I change a little something just to keep my edge.

    With me, it depends. Simple, routine things need to be also
    streamlined. I have to keep those steps away from my conscious
    attention, because (1) that would be more error prone, and (2) over
    time, my aversion to fiddly work will caue me to use it less. Most
    crypto products have fallen into that. Two notable exceptions have been Enigmail on Tnnderbird, because I can activate that at the click of a button, and the old PGP wrapper that I used as my "editor" in the DOS/Bluewave days, which inserted itself into the workflow ell.

    I have a huge automation side, whatever can be automated is or will be at
    some point. The encryption however have always been a darker area, you don't want to automate it too much for a client based application. Passphrase is a good example, I like long passphrases just because it is faster to type as opposed to shorter passwords with symbols. Even if you automate it, you still need to type it, thus breaking the automation workflow. It can make things simpler to use however...

    These days, my GPG integration with Mutt is working very well, this is
    running smoothly but this is not for everyone... Setting it up can be a pain, luckily all my setups are scripted so it's a breeze now... It probably took
    me a full day to get it to a level I am happy with...

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxNet ■ 1:249/317@FidoNet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From StackFault@21:1/172 to Vk3jed on Thursday, November 08, 2018 07:15:45
    Encryption is a beast by itself. Many focus only on the data-in-trans aka network stream encryption (the TLS part) and often forget about t data-at-rest aka storage.

    I've seen numerous times people spending countless hours securing traffic, disabling weak ciphers and setting up strong keys, but keepi the data in clear on the database backend once received.

    Yep, encryption is only as secure as the weakest link, and unencrypted databases can be a particularly soft target. The offline mail system
    was good in that regard, in that the plaintext message only ever existed as a temporary file. On the BBS the message was still ciphertext.
    Sure, one could forensically trawl the local HDD for the plaintext, but how many BBS messages are going to attract that level of scrutiny? (and
    if the spooks have your HDD, they have your private key as well anyway). :)

    Protecting the keys is the biggest challenge, using a good passphrase can surely help but it's more like a second stage.

    I didn't know the offline mail files were encrypted, I tought it was just a database of some sort (which is not plaintext) but could be accessed pretty easily if you have the specifications.

    You are touching another very point, which is temp files. On most systems
    these are writtent in publicly available folders and most developpers don't
    use the right permissions, allowing anyone to read from them...

    Sometimes, we focus our attention at the wrong place...

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxNet ■ 1:249/317@FidoNet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From Vk3jed@21:1/109 to StackFault on Friday, November 09, 2018 09:38:00
    On 11-08-18 07:09, StackFault wrote to Vk3jed <=-

    I have a huge automation side, whatever can be automated is or will be
    at some point. The encryption however have always been a darker area,
    you don't want to automate it too much for a client based application. Passphrase is a good example, I like long passphrases just because it
    is faster to type as opposed to shorter passwords with symbols. Even if you automate it, you still need to type it, thus breaking the
    automation workflow. It can make things simpler to use however...

    Yes, passphrases should be manually entered for security reasons. That one makes sense. The Bluewave add-on did all of the PGP command line work in the background, according to what options were selected. Passphrases were always entered manually, when required.

    These days, my GPG integration with Mutt is working very well, this is running smoothly but this is not for everyone... Setting it up can be a pain, luckily all my setups are scripted so it's a breeze now... It probably took me a full day to get it to a level I am happy with...

    Well, I'm happy with Enigmail on Thunderbird, and I'd like to get something working in an offline reader again. Could probably script something that uses GPG and Multimail under Linux, but Windows would be more of a challenge.


    ... The advantage of exercising every day is that you die healthier.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Vk3jed@21:1/109 to StackFault on Friday, November 09, 2018 09:44:00
    On 11-08-18 07:15, StackFault wrote to Vk3jed <=-

    Protecting the keys is the biggest challenge, using a good passphrase
    can surely help but it's more like a second stage.

    Yep. :)

    I didn't know the offline mail files were encrypted, I tought it was
    just a database of some sort (which is not plaintext) but could be accessed pretty easily if you have the specifications.

    Well, if you're processing GPG encrypted messages, then they will be encrypted until you decrypt them. If your decryption setup is built into an offline reader, then the decryption takes place when you read the message locally, so it's still encrypted at all point in transit.

    You are touching another very point, which is temp files. On most
    systems these are writtent in publicly available folders and most developpers don't use the right permissions, allowing anyone to read
    from them...

    Sometimes, we focus our attention at the wrong place...

    Yes, that is a real issue. Setting diurectory permissions properly will help a lot, and that can be easily done on both Windows and Linux (and Mac as well). Ideally, the file's permissions should be set accordingly too, but that depends on the developer.


    ... Why does pizza get to your house faster than the police?
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Vk3jed on Saturday, November 10, 2018 10:26:51
    I didn't know the offline mail files were encrypted, I tought it was just a database of some sort (which is not plaintext) but could be accessed pretty easily if you have the specifications.

    Well, if you're processing GPG encrypted messages, then they will be encrypted until you decrypt them. If your decryption setup is built
    into an offline reader, then the decryption takes place when you read
    the message locally, so it's still encrypted at all point in transit.

    Yes, this is perfectly logic, I tought you were referring the QWK files could be encrypted as well. Being out of the business for so long, things might
    have changed quite a bit. I have put myself into "forget everything you know" so I don't make any assumptions.

    With the ciphers and hashing algos being busted one after the other, I wonder what would happen if aes256 managed to be broken, we don't have much choices available already.

    Cipher-Bloc-Chaining being deprecated now, when you setup a new system and want to pass with flying colors, your list of available ciphers is greatly reduced.

    Cheers,

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxNet ■ 1:249/317@FidoNet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From Vk3jed@21:1/109 to StackFault on Sunday, November 11, 2018 07:21:00
    On 11-10-18 10:26, StackFault wrote to Vk3jed <=-

    Yes, this is perfectly logic, I tought you were referring the QWK files could be encrypted as well. Being out of the business for so long,

    No, encryption of the QWK is something I haven't yet seen. Theoretically possible, but probably pointless.

    things might have changed quite a bit. I have put myself into "forget everything you know" so I don't make any assumptions.

    Good way to be. :)

    With the ciphers and hashing algos being busted one after the other, I wonder what would happen if aes256 managed to be broken, we don't have much choices available already.

    Cipher-Bloc-Chaining being deprecated now, when you setup a new system
    and want to pass with flying colors, your list of available ciphers is greatly reduced.

    And one wonders what the rise of quantum computing will mean too...


    ... Warranty (n.): See Disclaimer.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Vk3jed on Saturday, November 10, 2018 16:13:55
    Yes, this is perfectly logic, I tought you were referring the QWK fil could be encrypted as well. Being out of the business for so long,

    No, encryption of the QWK is something I haven't yet seen. Theoretically possible, but probably pointless.

    I have not dug this one very far but depending on the algo used to password protect the archive, it might not be too bad in transit. The issue is at
    rest. But again, if privacy is a real issue, use another layer.

    With the ciphers and hashing algos being busted one after the other, wonder what would happen if aes256 managed to be broken, we don't hav much choices available already.

    Cipher-Bloc-Chaining being deprecated now, when you setup a new syste and want to pass with flying colors, your list of available ciphers i greatly reduced.

    And one wonders what the rise of quantum computing will mean too...

    Well, I don't know enough about QC, but we will certainly see some issues with the value of all crypto-currencies...

    Time will tell I guess...

    I always found interesting the fact they used old VIC-20 in John Wick 2,
    pretty hard to hack into and since most don't even know how to load a
    software on it and finding a drive that can read these floppies nowadays...

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxnet ■ 1:249/317@fidonet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From Vk3jed@21:1/109 to StackFault on Sunday, November 11, 2018 08:34:00
    On 11-10-18 16:13, StackFault wrote to Vk3jed <=-

    I have not dug this one very far but depending on the algo used to password protect the archive, it might not be too bad in transit. The issue is at rest. But again, if privacy is a real issue, use another layer.

    Yes, you could slip password protection into the archiver command, though not sure how that can be done on a per link basis.

    Well, I don't know enough about QC, but we will certainly see some
    issues with the value of all crypto-currencies...

    Time will tell I guess...

    The big issue with quantum computing is the ability to solve many equations in parallel, which would render all current ciphers vulnerable to brute force attacks. But quantum computing is likely to give us new and vastly more powerful encryption. Quantum key distribution, which is immune to key interception has also been demonstrated in test environments, I believe. Attempting to intercept a key in transit on a quantum channel will resunt in 2 things. Firstly, the intercepter will NOT get a copy of the key, and secondly, the legitimate recipient will immediately know someone's tampered with the channel.

    I always found interesting the fact they used old VIC-20 in John Wick
    2, pretty hard to hack into and since most don't even know how to load
    a software on it and finding a drive that can read these floppies nowadays...

    Yeah that seems a bit far fetched, and how well can it run modern crypto algorithms anyway?


    ... Send in competition answers with your name, age and how old you are.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Vk3jed on Saturday, November 10, 2018 21:53:47
    I have not dug this one very far but depending on the algo used to password protect the archive, it might not be too bad in transit. The issue is at rest. But again, if privacy is a real issue, use another layer.

    Yes, you could slip password protection into the archiver command,
    though not sure how that can be done on a per link basis.

    Well, the issue with password is the symmetric scheme. Assymmetric would be much better and you could spread your public key around... That could make a good POC actually... food for tought I guess, like I didn't had enough
    projects already lol.

    The big issue with quantum computing is the ability to solve many equations in parallel, which would render all current ciphers vulnerable to brute force attacks. But quantum computing is likely to give us new and vastly more powerful encryption. Quantum key distribution, which is immune to key interception has also been demonstrated in test environments, I believe. Attempting to intercept a key in transit on a quantum channel will resunt in 2 things. Firstly, the intercepter will NOT get a copy of the key, and secondly, the legitimate recipient will immediately know someone's tampered with the channel.

    Well, this will trigger a revolution that's for sure. The side abou
    addressing the confidentiality and non-repudiation is intersting too. I will read a little bit about that, this is something I am not familiar enough.

    I always found interesting the fact they used old VIC-20 in John Wick 2, pretty hard to hack into and since most don't even know how to loa a software on it and finding a drive that can read these floppies nowadays...

    Yeah that seems a bit far fetched, and how well can it run modern crypto algorithms anyway?

    Not very well that's for sure. The lack of compatibility with modern
    computing equipment makes it a challenge in itself. I have some good stories about old technology seen by younger folks. But this is drifting from the original topic, it's more obfuscation than encryption at that point...

    Regards,

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxnet ■ 1:249/317@fidonet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)
  • From Vk3jed@21:1/109 to StackFault on Sunday, November 11, 2018 16:23:00
    On 11-10-18 21:53, StackFault wrote to Vk3jed <=-


    Well, this will trigger a revolution that's for sure. The side abou addressing the confidentiality and non-repudiation is intersting too. I will read a little bit about that, this is something I am not familiar enough.

    It's to do with the nature of quantum physics and the observer effect, if I recall. :)

    Not very well that's for sure. The lack of compatibility with modern computing equipment makes it a challenge in itself. I have some good stories about old technology seen by younger folks. But this is
    drifting from the original topic, it's more obfuscation than encryption
    at that point...

    Yeah, well thread drift happens. I remember when it came to real time audio applications, 486s couldn't keep up with speech grade audio on some of the algorithms, if I recall. So the poor old Vic 20 would fall in a heap. :D


    ... New Mail not found. Start whine-pout sequence? (Y/N)
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From Lizard King@21:4/141 to Vk3jed on Sunday, November 11, 2018 00:55:55
    On 11/11/18, Vk3jed said the following...

    Yeah that seems a bit far fetched, and how well can it run modern crypto algorithms anyway?

    How much time you got? :)

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: Retro Underground BBS | Seattle (21:4/141)
  • From Vk3jed@21:1/109 to Lizard King on Sunday, November 11, 2018 21:23:00
    On 11-11-18 00:55, Lizard King wrote to Vk3jed <=-

    @TZ: 41e0
    On 11/11/18, Vk3jed said the following...

    Yeah that seems a bit far fetched, and how well can it run modern crypto algorithms anyway?

    How much time you got? :)

    My point exactly. :D


    ... Tag line thievery's fun ...On to the next Geraldo!
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From StackFault@21:1/172 to Lizard King on Sunday, November 11, 2018 08:53:59
    Yeah that seems a bit far fetched, and how well can it run modern cry algorithms anyway?

    How much time you got? :)

    Implementing AES or Blowfish in BASIC might be feasible... I'd be surprised to see that.

    ▀ ▐
    ···─────·──··────·─· ▌ ▀·─·───·──────··─────·────·──────··─────────·────···
    Dave aka Stackfault ▀ ▌▀ bbs.bottomlessabyss.net (telnet/2023·ssh/2222)
    Bottomless Abyss BBS ▄▀▐ 21:1/172@fsxnet ■ 1:249/317@fidonet
    -··· --- - - --- -- ·-·· · ··· ··· ·- -··· -·-- ··· ··· -··· -··· ···

    --- Mystic BBS v1.12 A39 2018/04/21 (Linux/64)
    * Origin: The Bottomless Abyss BBS (21:1/172)