Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Countermail

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
ntldr
ForumHelper
Posts: 39
Joined: Sun Feb 01, 2015 4:15 pm

Countermail

Postby ntldr » Tue Mar 17, 2015 6:51 pm

Hello

So I asked from CS team opinion about Countermail and they did reply to me so I posted this reply to countermail and they didn't really explain anything they just attack me by saying. Since they seem to refuse to answer any more detailed answers can anyone of the members here explain?

Hi,

Of course the RSA is used for the key exchange, that is exactly what we describe here:
https://countermail.com/?p=mitm

Bascially a simplified SSL-protcol, without the SSL-pitfalls like algorithm-downgrading, CA-trust and so on.

If you think it's mumbo-jumbo, then it sounds more like you don't understand our description.

Best Regards,
Countermail Support


► Show Spoiler

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

"Bascially a simplified SSL-protcol" <-- sounds great, tbh... not easy, but great!

Postby Pattern_Juggled » Tue Mar 17, 2015 9:01 pm

ntldr wrote:So I asked from CS team opinion about Countermail and they did reply to me so I posted this reply to countermail and they didn't really explain anything they just attack me by saying. Since they seem to refuse to answer any more detailed answers can anyone of the members here explain?

Bascially a simplified SSL-protcol, without the SSL-pitfalls like algorithm-downgrading, CA-trust and so on.


We look forward to reviewing the published specification and codebase underlying this "simplified SSL-protcol" [sic], as it is an area in which we also have longstanding interest. It is rare for a small company to decide to rewrite something as ungainly, complex, and frankly brittle as OpenSSL (assuming they've forked their "simplified" version of SSL from OpenSSL and not from some less common offshoot or sibling - say, for example, NaCL which would be at once interesting and sort of inexplicable... or BoringSSL which seems interesting but is a bit young to be fork'd one might imagine).

In any case, this does sound like fascinating work & we're eager to get a look at the specific approach to such deep crypto questions they've chosen to implement.

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
ntldr
ForumHelper
Posts: 39
Joined: Sun Feb 01, 2015 4:15 pm

Countermail replied..

Postby ntldr » Wed Mar 18, 2015 1:29 pm

Pattern_Juggled wrote:
ntldr wrote:So I asked from CS team opinion about Countermail and they did reply to me so I posted this reply to countermail and they didn't really explain anything they just attack me by saying. Since they seem to refuse to answer any more detailed answers can anyone of the members here explain?

Bascially a simplified SSL-protcol, without the SSL-pitfalls like algorithm-downgrading, CA-trust and so on.


We look forward to reviewing the published specification and codebase underlying this "simplified SSL-protcol" [sic], as it is an area in which we also have longstanding interest. It is rare for a small company to decide to rewrite something as ungainly, complex, and frankly brittle as OpenSSL (assuming they've forked their "simplified" version of SSL from OpenSSL and not from some less common offshoot or sibling - say, for example, NaCL which would be at once interesting and sort of inexplicable... or BoringSSL which seems interesting but is a bit young to be fork'd one might imagine).

In any case, this does sound like fascinating work & we're eager to get a look at the specific approach to such deep crypto questions they've chosen to implement.

Cheers,

~ pj


I asked for my friends who are well known in security things and this is what they said about countermail

Ok well it's vulnerable to that old hushmail-style java down-push to capture private key & exfiltrate, for a start."This means that SSL is not always secure enough. So we added RSA and AES-CBC encryption underneath the standard SSL-protocol."That's just utter mumbo-jumbo.
SSL *uses* primitives such as AES-CBC (block ciphers).
RSA is used for asynchronous key exchange, or signing. So that kind of hocus-pocus is not at all confidence inspiring, tbh.



Reply from CM

► Show Spoiler

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

We have not rewritten SSL, that would be pretty stupid..."

Postby Pattern_Juggled » Sun Mar 22, 2015 12:20 am

ntldr wrote:
What we describe on that link I gave you is a simple protocol using asynchronous key exchange with RSA (PKCS1 padding). We have not rewritten SSL, that would be pretty stupid since is SSL had so many problems throughout its history. We are using the BouncyCastle library for the main crypto functions: http://bouncycastle.org/

Best Regards,
Countermail.com


I'm not sure I follow this explanation too well, so I was hoping for additional information if possible,

Countermail says they have developed from scratch, sui generis, a new secure network protocol (if I understand this correctly). that's a modification to or fork of (?) not OpenSSL but rather of "SSL."

However, SSL as a protocol doesn't even exist any more; it was supplanted by TLS years ago, although TLS is obviously version-related to SSL and in many senses is "the same thing" at a general level. But we're not supposed to talk about "SSL" any more since it's deprecated, although we all do... and despite those three letters being embedded in names like OpenSSL, PolarSSL, etc. Nobody wants to change OpenSSL to OpenTLS, do they? Right.

But now they say they "have not rewritten SSL" - which is good, since it's dead and replaced by TLS - but are "using BouncyCastle library for the main crypto functions." They provide a link to BC's site, in case folks haven't heard of it before. Thanks, that's a big help - this crypto stuff is entirely unexplored terrain for me ;-)

Right, so now they've either forked BouncyCastle, or are using primitives (that's what most folks who work with such things usually call that class of algorithmic tools, rather than "crypto functions" which in mathematics would have a different connotation and really isn't ideal for this usage) from BouncyCastle in their new, not-SSL secure network protocol that is based itself on... no idea. I'm lost.

This is relevant to us, as in the near future we're likely to do a bit of careful pruning of the secure network framework within which cryptostorm network sessions take place. It's not a fork, nor even a tweak of the source code, but rather a shift in libraries used, and an explicit down-tuning of primitives we don't use so that even the potential for version downgrade attacks is excised from the codebase in our deployed binaries.

So we're really hoping to find best practices examples of this kind of work... and by everything that countermail says, they've done exactly that: they've written... something, some new protocol. Using BouncyCastle (?) as a primitives library. And whatever it is they've written, it can apparently talk comfortably with client-side cryptographic handlers, who one might assume would not know how to talk an entirely new secure network protocol without some protocol definition with which to work. Which maybe this new protocol somehow provides during session instantiation, via a novel form of pushed parameters, or..? I have no idea.

I'm lost, so hopefully they can help!

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
ntldr
ForumHelper
Posts: 39
Joined: Sun Feb 01, 2015 4:15 pm

Re: We have not rewritten SSL, that would be pretty stupid..."

Postby ntldr » Mon Mar 23, 2015 6:23 pm

Pattern_Juggled wrote:
ntldr wrote:
What we describe on that link I gave you is a simple protocol using asynchronous key exchange with RSA (PKCS1 padding). We have not rewritten SSL, that would be pretty stupid since is SSL had so many problems throughout its history. We are using the BouncyCastle library for the main crypto functions: http://bouncycastle.org/

Best Regards,
Countermail.com


I'm not sure I follow this explanation too well, so I was hoping for additional information if possible,

Countermail says they have developed from scratch, sui generis, a new secure network protocol (if I understand this correctly). that's a modification to or fork of (?) not OpenSSL but rather of "SSL."

However, SSL as a protocol doesn't even exist any more; it was supplanted by TLS years ago, although TLS is obviously version-related to SSL and in many senses is "the same thing" at a general level. But we're not supposed to talk about "SSL" any more since it's deprecated, although we all do... and despite those three letters being embedded in names like OpenSSL, PolarSSL, etc. Nobody wants to change OpenSSL to OpenTLS, do they? Right.

But now they say they "have not rewritten SSL" - which is good, since it's dead and replaced by TLS - but are "using BouncyCastle library for the main crypto functions." They provide a link to BC's site, in case folks haven't heard of it before. Thanks, that's a big help - this crypto stuff is entirely unexplored terrain for me ;-)

Right, so now they've either forked BouncyCastle, or are using primitives (that's what most folks who work with such things usually call that class of algorithmic tools, rather than "crypto functions" which in mathematics would have a different connotation and really isn't ideal for this usage) from BouncyCastle in their new, not-SSL secure network protocol that is based itself on... no idea. I'm lost.

This is relevant to us, as in the near future we're likely to do a bit of careful pruning of the secure network framework within which cryptostorm network sessions take place. It's not a fork, nor even a tweak of the source code, but rather a shift in libraries used, and an explicit down-tuning of primitives we don't use so that even the potential for version downgrade attacks is excised from the codebase in our deployed binaries.

So we're really hoping to find best practices examples of this kind of work... and by everything that countermail says, they've done exactly that: they've written... something, some new protocol. Using BouncyCastle (?) as a primitives library. And whatever it is they've written, it can apparently talk comfortably with client-side cryptographic handlers, who one might assume would not know how to talk an entirely new secure network protocol without some protocol definition with which to work. Which maybe this new protocol somehow provides during session instantiation, via a novel form of pushed parameters, or..? I have no idea.

I'm lost, so hopefully they can help!

Cheers,

~ pj


We have a description on the link I gave you earlier: https://countermail.com/?p=mitm
It's not a Network protocol, it's an Application Layer (OSI layer 7).


........ :clap:


cantloginatm

Email Encryption Tutorials

Postby cantloginatm » Tue Aug 25, 2015 6:09 am

I will post this here, saves starting another thread...

It's time to encrypt your email
1 - It's Time to Encrypt Your Email
2 - It's Time to Encrypt Your Email: Using GPGTools for OS X
3 - It's Time to Encrypt Your Email: Using Keybase
4 - It's Time to Encrypt Your Email: Using the Browser
5 - It's Time to Encrypt Your Email: On Your Smartphone
6 - Using a VPN for Internet Privacy and Security


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 19 guests

cron

Login