LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 06-12-2011, 10:43 AM   #1
gnuweenie
Member
 
Registered: Oct 2010
Posts: 35

Rep: Reputation: Disabled
The ciphered message *is* the private key -- how is that possible?


Lavabit uses Elliptical Curve Cryptography, and http://lavabit.com/secure.html says that the ciphered message is the private key. In a few words, can someone explain that?

I'm accustomed to RSA public key crypto, where the private key is a prime number that's used to decrypt the ciphered message.

Last edited by unSpawn; 06-12-2011 at 01:16 PM. Reason: //Replace bad slash unnecessary short URI
 
Old 06-12-2011, 04:53 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
It's a straight-forward combination of asymmetric and symmetric encryption (you're just reading it out of context):
Quote:
AES is a synchronous encryption scheme that uses a secret passphrase to encrypt/decrypt a ciphered message. In the case of Lavabitís secure e-mail system, the ciphered message is a userís private key and the secret passphrase is a hashed version of the userís password.
As you can see above, the sentence was making reference to the previous sentence (the quick summary of what AES is). So by "message" they are referring to the plaintext (the private key of the asymmetric setup in this case), which has nothing to do with the email message. You're encrypting an asymmetric private key using symmetric encryption, so that the private key is protected if it falls into the wrong hands.

Last edited by win32sux; 06-12-2011 at 05:10 PM.
 
Old 06-12-2011, 09:10 PM   #3
Peufelon
Member
 
Registered: Jul 2005
Posts: 164
Blog Entries: 1

Rep: Reputation: Disabled
[OT CONTENT REMOVED BY MODERATOR]

Quote:
Originally Posted by Lavabit
How does asymmetric encryption protect your privacy? The short description is that for users of this feature, incoming e-mail messages are encrypted before theyíre saved onto our servers. Once a message has been encrypted, only someone who has the account password can decrypt the message. Like all safety measures, encryption is only effective if itís used. To ensure privacy, Lavabit has developed a complex system that makes the entire encryption and decryption process transparent to the end user.

This process works by combining three different encryption schemes with Elliptical Curve Cryptography (ECC) as the cornerstone. When a user activates the asymmetric encryption feature, two ECC keys are generated with 521 bits of strength. The first key, or the "public" key, is stored in plain text on the server. This public key is used to encrypt incoming messages. Because of how ECC works, only someone with the second ďprivateĒ key can decipher messages encrypted with the public key. To protect the private key from attackers, it is encrypted using the Advanced Encryption Standard (AES) (hover:AES Hover) with a 256 bit key. AES is a synchronous encryption scheme that uses a secret passphrase to encrypt/decrypt a ciphered message. In the case of Lavabitís secure e-mail system, the ciphered message is a userís private key and the secret passphrase is a hashed version of the userís password.

To ensure maximum security, passwords are hashed using the Secure Hash Algorithm (SHA). SHA takes the plaintext password as its input and produces a random 512 bit string as the output. With only the SHA output, it is cryptographically impossible to determine the original input. Effectively, hashing is a repeatable one-way process.
@gnuweenie:

I agree, that seems badly confused.

@win32sux:

I understand that Lavabit appears to trying to contrast their scheme with the design of PGP and GPG.

GPG uses public-key cryptography to encrypt a session key for each message. The sender and recipient each have a secret/public keypair; the sender "randomly chooses" a session key and CAST-encrypts the message plaintext with it, and also uses his private key and the recipient's public key to EG-encrypt the session key. He transmits the EG-encrypted session key and the CAST-encrypted message to the recipient, who decrypts the EG-encrypted session key using his private key and the recipient's public key, and then decrypts the CAST-encrypted message using the session key. (Someone please correct me if I am wrong!)

(EG stands for the El Gamal algorithm, while CAST stands for the default block cipher used by GPG.)

But I don't understand your explanation of what Lavabit does.

I guess that an ECC scheme might be used somewhat analogously to the way that the El Gamal algorithm is used by GPG. ECC would use "trapdoor pseudo-one-way" operator based upon the properties of elliptic curves, while El Gamal uses a "trapdoor pseudo-one-way" operator based upon the properties of discrete logarithms. (Someone please correct me if I am wrong!)

However their ECC encryption scheme works, how can they encrypt an incoming email "before it is saved" on their mailserver? Wouldn't it have to exist as a plaintext temp file before they encrypt it? Or is it possible to use a stream cipher to encrypt it as it is being received?

Last edited by win32sux; 06-12-2011 at 10:13 PM. Reason: Removed OT content.
 
Old 06-12-2011, 10:25 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Peufelon, I've removed the NSL-focused part of your post, as it would lead to off-topic non-technical discussion. If you wish to discuss NSLs, please start your own thread in General. As for my post, I was only addressing the specific issue at hand (the confusion created by Lavabit's sentence construction). I'm not familiarized with Lavabit's processes, so I can't comment on them. Surely someone else can, however. I just ask that a decent effort be made to keep the discussion from straying too far off topic.
 
Old 06-12-2011, 10:41 PM   #5
Peufelon
Member
 
Registered: Jul 2005
Posts: 164
Blog Entries: 1

Rep: Reputation: Disabled
Like this?

If you meant I should do this, then please move this thread to General from Linux/General. Am I catching on? If not, please explain.

Last edited by Peufelon; 06-12-2011 at 10:44 PM.
 
Old 06-13-2011, 12:10 AM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Peufelon View Post
If you meant I should do this, then please move this thread to General from Linux/General. Am I catching on? If not, please explain.
Yes, your post in General looks great to me. Thanks for complying with my request. Regarding the other thread you linked, however: I'm not a mod at that forum so there's nothing I can do. The proper procedure in such cases is for you to use the Report button on the relevant post, and then submit a request so that the forum-specific mods may consider it. If you have any further questions/comments regarding moderation issues, please contact me directly via email as this is not the proper venue.
 
Old 06-13-2011, 01:30 AM   #7
Peufelon
Member
 
Registered: Jul 2005
Posts: 164
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by win32sux
your post in General looks great to me.
Great! I'm learning.

So... does anyone know what the Lavabit blurb means? (The part quoted above, I mean, the "technical explanation" of how it works.)

Last edited by Peufelon; 06-13-2011 at 01:32 AM.
 
Old 06-13-2011, 03:15 AM   #8
gnuweenie
Member
 
Registered: Oct 2010
Posts: 35

Original Poster
Rep: Reputation: Disabled
I appreciate the explanations. That answers my question.

I have to say it's a bit disturbing that unSpawn modified my link. I posted a link that highlighted and navigated to the specific phrase I was referring to, and he replaced it with a link that has no highlights, and just goes to the top of the page.
 
Old 06-13-2011, 05:14 AM   #9
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
I have to say it's a bit disturbing that unSpawn modified my link. I posted a link that highlighted and navigated to the specific phrase I was referring to, and he replaced it with a link that has no highlights, and just goes to the top of the page.
I didn't see the original thread, so I can't say for certain, but did you 'reply' to an older thread perchance? This is considered necroposting Even when the posts are on topic, it is discouraged here. Knowing unSpawn, I am sure that if the content were modified without a moderation explanation that it was unintentional.
 
Old 06-13-2011, 07:02 AM   #10
gnuweenie
Member
 
Registered: Oct 2010
Posts: 35

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
I didn't see the original thread, so I can't say for certain, but did you 'reply' to an older thread perchance? This is considered necroposting Even when the posts are on topic, it is discouraged here. Knowing unSpawn, I am sure that if the content were modified without a moderation explanation that it was unintentional.
I'm talking about this thread, the first post. The reason was "//Replace bad slash unnecessary short URI". The change trashed my highlights.
 
Old 06-13-2011, 07:19 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,279
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
The URI didn't work at the source, hence, besides using short URIs really is not done in the Security forum. Back to the topic please.
 
Old 06-13-2011, 12:33 PM   #12
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by Peufelon
However their ECC encryption scheme works, how can they encrypt an incoming email "before it is saved" on their mailserver? Wouldn't it have to exist as a plaintext temp file before they encrypt it? Or is it possible to use a stream cipher to encrypt it as it is being received?
I really don't know what Lavabit does behind the scenes, but my guess is their SMTP server has a built-in mechanism to encrypt the mail DATA before it's ever written to disk. It's certainly possible that they are temporarily writing the inbound mail to disk, reading it, encrypting it, writing that to disk, and then shredding the original - but that seems inefficient.

Interesting aside from Lavabit's Q&A page:
Quote:
Weíve chosen to offer this feature only to our paid users. We made this decision for two reasons. The first is a belief that with paying customers, there is a money trail. If the account is used for illegal purposes that money trail can be used to track down the account owner. The second reason is that the broader encryption process requires a significant amount of computing power. We can only justify the added expense for premium accounts.
How 'bout that. I have been using Lavabit for some time, and didn't realize this. I should have RTFFP (fine print).
 
Old 06-15-2011, 08:10 AM   #13
Peufelon
Member
 
Registered: Jul 2005
Posts: 164
Blog Entries: 1

Rep: Reputation: Disabled
@unSpawn:

Thanks for fixing that. Short URIs are one of my pet peeves. In fact I'd go further and demand (as a "consumer") that bb software should roboeliminate them, and should even replace "active" (clickable) links to external sites with "inactive" URLs. (Paste and click if you really want to go there.)

@anomie:

I thought someone might say that!

Lavabit's technical description still doesn't scan at my end: does anyone know what they were trying to say?

Last edited by Peufelon; 06-15-2011 at 08:12 AM.
 
Old 06-17-2011, 11:45 AM   #14
gnuweenie
Member
 
Registered: Oct 2010
Posts: 35

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Peufelon View Post
@unSpawn:

Thanks for fixing that. Short URIs are one of my pet peeves. In fact I'd go further and demand (as a "consumer") that bb software should roboeliminate them, and should even replace "active" (clickable) links to external sites with "inactive" URLs. (Paste and click if you really want to go there.)
Replacing them makes sense when it's simply a redirection service like tinyurl. When it actually destroys content and sabotages someones message, it's pure incompetence. Your suggestion only makes sense if the bb software can find the highlights, and reproduce them.

When a overpowering pro-censorship-happy admin blocks legitimate content, it actually damages the forum. Unspawn trashed highlights, taking context away from my words. How dare you encourage him for doing so.

Last edited by gnuweenie; 06-17-2011 at 11:55 AM.
 
Old 06-17-2011, 02:02 PM   #15
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Sorry to take things slightly OT, but I'm grateful this thread started -- it forced me to really read carefully about Lavabit's services. As a free account holder, all I was getting was encryption on the wire. Major assumption (and major goof) about on-disk encryption on my part.

As of yesterday, I've moved to using Thunderbird + Enigmail (openpgp) over IMAPS / SMTPS with my regular gmail account. Might as well let the encryption and key management responsibility fall to myself.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Importing private key from key server ManiDhillon Linux - General 2 07-09-2010 06:56 PM
Public key, private key explained calande Linux - Security 3 06-12-2008 05:23 AM
private key for putty melvinong Linux - Server 2 11-13-2007 05:33 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM
private key compromised sourian Linux - Security 4 04-17-2002 06:59 PM


All times are GMT -5. The time now is 02:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration