Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Your Rights Online

EnigmaMail version 1.0 11

Posted by michael from the neat-hack dept.
myc18 writes "Last month at Tufts University, I created EnigmaMail. After being exposed to e-mail and communication security in the media, and my interest in the Engima Machine, I decided to develop a "secure communications module" for my class (semester) project in "Cryptography and Security." So could EnigmaMail be used as a secure e-mail module, despite the fact that it uses a dated cryptographic algorithm?" I don't see why not. It has the usual problems of symmetric-key cryptography (must get the key to the recipient) and of course, the system has been broken, but it would certainly be secure against most people. As long as you're aware of the limitations...
This discussion has been archived. No new comments can be posted.

EnigmaMail version 1.0 More

EnigmaMail version 1.0

Comments Filter:
  • He is not claiming that it is 100% secure. Nothing is 100% secure, well, maybe that 4th part of cryptography outside the CIA. What he is asking, is "Would it be worth it to encrypt mail?" For a simple class example/problem, its a good solution, you dont have to develop a new algorithm, and should you lose the key, you can still retrieve the message, given some time. I would advocate PGP if you HAVE to have encrypted email.
  • I think the best thing to do would be to advertise your program as a novelty ... sure it'll keep you kid sister out of your e-mail, but not much more ...

    However, this is leaps and bounds ahead of some, http://www.koan.com/~mwiht/software.htm ... check out this guys e-mail encryption program "E-ncrypt" ...

    Problems with message security? This utility from MWIHT can encrypt your personal messages up to 254 different ways insuring that no one can read your messages, other than who the message was intended for. E-ncrypt saves your encrypted message in a standard text file which can easily be attached to any E-Mail message, ensuring all private E-mail messages stay private.

    It uses the ceaser cypher ... your "key" is n in the encryption equation: C(cyphertext) = C(plaintext) + n :) Atleast he's not trying to sell it...

  • #include IANAC (C=cryptographer)

    As stated in posts above, the practical uses of this are limited to that which you want kept out of the hands of kid sisters etc.

    That is, until someone develops a program as an exercise to cryptanalyse the (well-known) cipher. Which sounds like cool fun to me, so I'd be willing to give it a try :-)

    Of course, there is the symmetric key aspect, so for e-mail you still need an alternate secure channel.

    Despite this, I think it's a good idea, as a starting point in crypto. A good book to get is to read Applied Cryptography by Bruce Schneier(any good book site), and the fishtank libraries by Mr R.J. Hansen [slashdot.org]are good learning tools.

  • Not every type of data warrants a military-strength encryption algorithm to protect it.

    But unlike most other instances of things being of "military-strength", choosing a stronger encryption does not increase any costs (financial and otherwise) of the software development, or of the software use. So why not use a better alorithm?

  • Comment removed based on user account deletion
  • Comment removed based on user account deletion
  • Consider the steps to breaking a cipher: 1. know that there is an enciphered message. 2. know the encryption method 3. attack the cipher While attacks on enigma are well know, if you can avoid 1 or 2 no will get to 3. Even week encryption methods are good if you can hide the fact that there is a secret message or if the method is not familiar. For older encryption methods, keeping the messages short and changing the keys frequently will prevent attackers from decrypting your message. This requires exchanging keys securely L A historical point about the enigma cracking is that British intelligence knew there were enciphered messages, got a hold of an enigma machine to find out what the method was, accumulated vast amounts of messages. Only then did Turing develop the computer to quickly find the key. A tough problem was when the Nazis upgraded the machine and the British did not have an example to figure out what was different
  • Look, the guy admits that it's poor - would you criticise the quthor of a ROT13 program for hawking dodgy encryption? The damn thing's called EnigmaMail, so it should be obvious that it's based on cracked WWII technology!
  • The best thing to do would be to add in AES (or triple-DES) support so the program could be used as a legitimate security product.
  • The Enigma algorithim is widely known, as are the techniques to break polysyllabic ciphers.

    In short there is no real security here (especially if you don't hide non-alpha characters, and don't break the ciphertext into some kind of block format).

    Try hanging out on sci.crypt for a bit to get a better feel for the issues and problems.

    http://www.landfield.com/faqs/cryptography-faq/ is a great start for basic cryptography research online.

  • This is a bad idea (Score:3)

    by Sanity ( 1431 ) on Tuesday January 09, 2001 @05:14PM (#518554) Homepage Journal
    It is much better to spend your time doing nothing, than to spend your time creating a "security" application which doesn't actually protect people's security. In the world of cryptography people make extremely conservative claims about software based on secure algorithms (ie. those which have undergone much peer-review without breaking) - yet here is someone using a known-insecure algorithm and claiming that his software protects people.

    --

Slashdot Top Deals

"Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension!" -- Buckaroo Banzai

Close