/secure-email

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add ghostmail #33

Closed
elijh opened this Issue Nov 2, 2015 · 3 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@elijh @taoeffect
@elijh
Collaborator

elijh commented Nov 2, 2015

https://www.ghostmail.com
@taoeffect

This comment has been minimized.

Show comment
Hide comment
@taoeffect

taoeffect Nov 2, 2015

The problem with "secure email" providers like ProtonMail (and GhostMail), is that they are "end-to-end encrypted-kinda-sorta-not-really".

Problem 1 - Your private key is not yours

  • Their server sends you the javascript that creates your private key.
  • Their javascript can send your private key back to their server.

They say it "stays in your browser", but they cannot guarantee that. There are multiple scenarios where your private key would leave your browser and get sent to their server:

  1. They decide to make their JS do that.
  2. They get ordered to do it.
  3. HTTPS is MITM'd using a rogue cert and you are sent malicious JS that sends your key.

Problem 2 - Your friend's public key is not theirs

Their server sends you the public key for your friend. How do you know it's actually your friend's and not theirs?

You don't.

Neither GhostMail nor ProtonMail belong on this list.

taoeffect commented Nov 2, 2015

The problem with "secure email" providers like ProtonMail (and GhostMail), is that they are "end-to-end encrypted-kinda-sorta-not-really".

Problem 1 - Your private key is not yours

  • Their server sends you the javascript that creates your private key.
  • Their javascript can send your private key back to their server.

They say it "stays in your browser", but they cannot guarantee that. There are multiple scenarios where your private key would leave your browser and get sent to their server:

  1. They decide to make their JS do that.
  2. They get ordered to do it.
  3. HTTPS is MITM'd using a rogue cert and you are sent malicious JS that sends your key.

Problem 2 - Your friend's public key is not theirs

Their server sends you the public key for your friend. How do you know it's actually your friend's and not theirs?

You don't.

Neither GhostMail nor ProtonMail belong on this list.
@taoeffect

This comment has been minimized.

Show comment
Hide comment
@taoeffect

taoeffect Nov 2, 2015

Also, this is nonsense (from here):

A new randomly generated 256 bit AES key is used to encrypt actual message (Forward Secrecy).
The AES Key is then encrypted with the recipient’s public RSA key.

No. That is not forward secrecy.

Stay away from all of this nonsense folks. If you want GPG, use GPGTools, Enigmail, or Mailvelope.

taoeffect commented Nov 2, 2015

Also, this is nonsense (from here):

A new randomly generated 256 bit AES key is used to encrypt actual message (Forward Secrecy).
The AES Key is then encrypted with the recipient’s public RSA key.

No. That is not forward secrecy.

Stay away from all of this nonsense folks. If you want GPG, use GPGTools, Enigmail, or Mailvelope.
@elijh

This comment has been minimized.

Show comment
Hide comment
@elijh

elijh Nov 2, 2015

Collaborator

yes, i agree that ghostmail is snakeoil, but i try to document the snakeoil projects too and highlight what is wrong with them.
Collaborator

elijh commented Nov 2, 2015

yes, i agree that ghostmail is snakeoil, but i try to document the snakeoil projects too and highlight what is wrong with them.

@elijh elijh closed this in 86db8bb Jan 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment