[Cryptography] Future GPG/PGP
Rællic Systems
director at raellic.com
Tue Oct 6 09:45:51 EDT 2015
I was looking through list archives and saw the thread about future GPG/PGP (http://www.metzdowd.com/pipermail/cryptography/2015-September/026602.html).
In particular, the SC4 project (https://github.com/Spark-Innovations/SC4) looks interesting because I've been working on similar concepts for an encrypted messaging system: https://r.raellic.com/raellic/
The latest encryptor is a custom implementation of Serpent, OCB, and Skein with live script file validation handled through a SHA-256 library. RSA-style key exchange or manually shared passphrases. Please forgive all the hacks in the scripts, as well as the fact that it isn't open source at this time; I've simply spent too much. But I may have to open source it in the future due to the cost I would otherwise incur for a commercial OCB license.
One question I've asked on IRC but have no answer to is whether I should spend the money to implement a Ring Learning With Errors key exchange. RLWE seems like a great idea, but I think it's pointless to put in the effort for RLWE if the attacker manages to capture the private key by pausing a HTTP request and altering the script files before they reach the user. Although live SHA-256 script file validation against published hashes mitigates that issue, it isn't a perfect solution.
Anyway, would a RLWE implementation in Javascript be of interest to anyone here? I would appreciate any comments.
Thanks,
Andrew Watters
-
Director
Rællic Systems
director at raellic.com
https://r.raellic.com
More information about the cryptography
mailing list