[Cialug] dual passphrase encryption

Jeffrey Ollie jeff at ocjtech.us
Fri Dec 7 22:05:44 CST 2007


On 12/7/07, Colin Burnett <cmlburnett at gmail.com> wrote:
> On Dec 7, 2007 9:32 PM, Matthew Nuzum <newz at bearfruit.org> wrote:
> >
> > Ideally, the passphrase that encrypts something is unable to decrypt it.
>
> The web site would be responsible for generating the key pair, storing
> the keys, and setting passphrases on each key "on disk".

Well, if the webserver has a copy of all of the private keys there
wasn't much point to the exercise other than wasting CPU cycles.

Hmm... I just thought of S/MIME.  Outlook and many other email
programs support encrypting messages using S/MIME and you can get free
S/MIME certificates from a number of places. Personally, if I was
wanting to exchange messages securely with people I wouldn't want to
go through some remote webserver.  If the webserver is doing the
encryption of the data there's the chance that the webserver could be
compromised and the attacker could reprogram the scripts to save a
plaintext copy for later perusal.  I'd just get everyone set up with
S/MIME or GPG and have everyone encrypt the messages before they left
their computer.

Jeff


More information about the Cialug mailing list