[tor-dev] A new idea for email encryption on tor

Santiago Torres-Arias santiago at archlinux.org
Thu Nov 12 21:26:57 UTC 2020

On Thu, Nov 12, 2020 at 11:19:44AM -0800, Keifer Bly wrote:
> Hi there,


> So I have a new email encryption system which requires that the user has
> the specific key file generated for a message rather than the password,
> specifically this software generates a unique key file for a specific
> message every time a message is created. The user then enters the date and
> time the message was created. Without the original key file the message
> can't be opened;
> https://www.youtube.com/watch?v=R0W7OVdNrOA
> Here is a video showing the software. I've built it for Windows and Mac OS.
> I was wondering if this could be implemented in tor. I think it would be an
> interesting idea for a tor based email system to make the messages
> unrecoverable after use.

I'm not a tor-dev, so I can't comment on the interest, but it appears to
me that the value added of this idea (basically, using time to seed a
PRF/KDF) is very little. All in all, using time to seed keys is not the
best idea. It also seems to be on top of PGP, so I'm pretty convinced
this doesn't provide perfect forward-secrecy unless you're layering any
sort of session key ratcheting mechanism yourself.

I think the goal is laudable, but I suggest getting a little bit more
involved in cryptography engineering communities to see learn, develop
and eventually help change the status quo.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20201112/80ddea05/attachment.sig>

More information about the tor-dev mailing list