Forgot your password?
typodupeerror
Encryption Communications Privacy Security IT

Ciphire, A Transparent, Easy PGP Alternative 345

Posted by timothy
from the not-just-translucent dept.
mixter writes "Hi. I'd like to point your attention to Ciphire, a fully free and soon-to-be-audited-OpenSource 'Global PKI' project I've been working on for the last three years. As the first three or four thousand geeks started using Ciphire and seem happy, with some tech articles written, I guess the /. community might find this interesting, too. Ciphire hopes to have solved the problems that prevented PGP from a broader deployment, with even higher security standards - as already confirmed by crypto experts Housley & Ferguson. More useful information, e.g. in Wired or in the Nerd^H^H^H^Hexperts FAQ."
This discussion has been archived. No new comments can be posted.

Ciphire, A Transparent, Easy PGP Alternative

Comments Filter:
  • by art6217 (757847) on Sunday January 23, 2005 @11:55AM (#11447871)
    From their pages: "Ciphire Mail will always be free for private users, non-profit organizations, educational institutions, and the press".
  • Does it have? (Score:2, Informative)

    by Anonymous Coward on Sunday January 23, 2005 @11:56AM (#11447875)
    Whole disk SECTOR encryption? Virtual Volumes that we can mount as an NTFS folder?

    PGP Whole Disk and PGP Disk functionality is a MUST. Without it, your alternative is not an alternative at all. NEXT PLEASE.
  • Re:yeah right... (Score:5, Informative)

    by WebCrapper (667046) on Sunday January 23, 2005 @12:15PM (#11447980)
    Its actually pretty simple. I figured it out just reading the "automatically" but I'll break it down for you. Directly from their website:

    "The Ciphire Mail client resides on the user's computer between the email client and the email server, intercepting, encrypting, decrypting, signing, and authenticating email communication. During normal operation, all operations are performed in the background, making it very easy to use even for non-technical users."

    I shouldn't have to explain it any further than that here on Slashdot. Thats in the first paragraph of the Technical Explanation of how it works. Later on it lists:

    "The Ciphire Mail client consists of three parts: the core client, a graphical configuration interface, and mail connector modules (redirector). Supported email protocols include SMTP, POP3, and IMAP4. The STARTTLS and direct SSL/TLS variants of these protocols are supported as well."

    For anyone that didn't get the gist - it basically redirects your mail to its own "server process" sitting on your computer then sends it out to the normal SMTP server. This is using the same technology that the current Mail virus scanners use (Think Symantec), not new technology, just used in a different way.

    On the reverse end, the "server" checks the mail and hands it to the email client making everything secure in between.

    Pretty simple way of getting Jane and Jon Doe with OE to use it if you ask me. Granted, it needs to be installed by Admin on proper machines, but that shouldn't be too much of an issue for any company that would like to secure their email - especially if you explain and show your network admins that email is USUALLY a plain text security nightmare.
  • Re:Useless... (Score:4, Informative)

    by justins (80659) on Sunday January 23, 2005 @12:25PM (#11448035) Homepage Journal
    First off, tell me. Which standards does PGP [or SSH and SSL for that matter] follow?

    http://www.ietf.org/rfc/rfc2440.txt
  • by g2ek (852570) on Sunday January 23, 2005 @12:39PM (#11448116)
    2. LICENSE GRANT

    (a) Subject to all of the terms and conditions set forth in this Agreement, Licensor grants to Licensee a non-exclusive, personal, non-transferable, non-sublicensable right, during the term of this Agreement, to use the Software, and the Services solely for Licensee's own Personal Use and in accordance with the applicable documentation and instructions made available by Licensor.

    (b) In no event shall Licensee distribute, display, or otherwise make available to any third party, the Software (including any copy, portion, extract, or derivative thereof).

    (c) Licensee shall not, and shall not assist, enable or otherwise permit or allow any third party to, (i) alter, adapt, modify, translate, create derivative works of, (ii) except to the extent expressly permitted by mandatory applicable law notwithstanding an agreement to the contrary, decompile, disassemble or otherwise reverse engineer or attempt to derive the source code of, or any technical data, know-how, trade secrets, processes, techniques, specifications, protocols, Key and data-formats, methods, algorithms, interfaces, ideas, solutions, structures or other information embedded or used in, (iii) rent, lend, loan, lease, sell, distribute or sublicense, or (iv) remove, alter or obscure any proprietary or restrictive notices affixed to or contained in, the Software or any copy, portion, extract or derivative thereof. In addition, Licensee shall not provide, disclose or otherwise make available the Software or any copy, portion, extract or derivative thereof, or permit use of any of the foregoing by or for the benefit of any third party (including, without limitation, on a hosting, service-bureau, time-sharing or subscription service basis).

    (d) The Software is licensed as a single product package and Licensee shall not, and shall not assist, enable or otherwise permit or allow any third party to, separate the Software, or use any component parts thereof other than as part of the Software as and in the form provided by Licensor.

    (e) Licensee shall not use the Software other than in connection with the Key-Data and the Services provided by Licensor under this Agreement.

    https://www.ciphirebeta.com/about/eula.html
  • by Noksagt (69097) on Sunday January 23, 2005 @12:54PM (#11448210) Homepage
    For the windows impaired, there is WinPT [sourceforge.net], which is both easy to install & has a GUI for key management.
  • by Beryllium Sphere(tm) (193358) on Sunday January 23, 2005 @01:16PM (#11448335) Homepage Journal
    >you can already buy "idiot proof" versions to plug into Outlook (I believe)

    I've been on the pgp-users mailing list for a long time and the Outlook plugin has been a chronic source of problems for users and developers. Apparently email client plugin interfaces are nonstandard, change with each release, and all too often buggy. The default advice to people running PGP with their mail client evolved into "use the Encrypt Current Window function", which sacrificed integration between key selection and email addressing.

    If I understood what the developers said, they wanted to do PGP Universal because they couldn't stand the plugin hassles. PGP Universal and Ciphire may signal a trend toward putting the crypto downstream of the email program.

    Don't underestimate usability problems as a barrier to adoption. CMU did a usability study on PGP 5.0 and the results were alarming.
  • Re:GPG? (Score:4, Informative)

    by Jsprat23 (148634) on Sunday January 23, 2005 @01:37PM (#11448451)
    "Getting GPG to work on windows requires Cygwin, which is a pain in the ass. If it doesn't work *transparently* on Windows, there'll never be a critical mass of people using it."

    This is patently untrue. I downloaded the windows binaries from gnupg.org and followed the directions on enigmail.mozdev.org and had my dad encrypting email in about 15 mins. No cygwin required.

    The biggest problem we encountered was his windows clock wasn't sync'd to a time server, and I had to wait to import his key because it had been created in "the future".
  • by davids-world.com (551216) on Sunday January 23, 2005 @01:51PM (#11448530) Homepage
    I've posted a high-level overview and commentary [davids-world.com] a couple of days ago.

    The verdict: Ciphire is a good idea in general and a fine solution for internal security in companies (across different sites), but difficult to justify as a standard due to its closed nature.

  • Re:Web Mail (Score:2, Informative)

    by rivercityrandom (626724) on Sunday January 23, 2005 @02:19PM (#11448691) Homepage Journal
    Yeah, maybe someone should come up with a webmail client that seamlessly incorporates SSL and PGP crypto--oh, wait, it's been done [hushmail.com].
  • by A Naughty Moose (672032) on Sunday January 23, 2005 @03:26PM (#11449091)
    I hope its not homegrown hash;

    Well, according to their cryptographic functions [ciphirebeta.com] page, they are using SHA-256 and Whirlpool-512 hashing.

Never say you know a man until you have divided an inheritance with him.

Working...