1993-04-09 - Re: Real-time BBS Encryption??

Header Data

From: nowhere@bsu-cs.bsu.edu (Chael Hall)
To: greg@ideath.goldenbear.com (Greg Broiles)
Message Hash: 4d3949ad68aa1a49b409ed91b10bff86721fa5f4c21eb7dee6f307fd27ce1bae
Message ID: <9304091815.AA19210@bsu-cs.bsu.edu>
Reply To: <PXBP2B1w164w@ideath.goldenbear.com>
UTC Datetime: 1993-04-09 18:19:08 UTC
Raw Date: Fri, 9 Apr 93 11:19:08 PDT

Raw message

From: nowhere@bsu-cs.bsu.edu (Chael Hall)
Date: Fri, 9 Apr 93 11:19:08 PDT
To: greg@ideath.goldenbear.com (Greg Broiles)
Subject: Re: Real-time BBS Encryption??
In-Reply-To: <PXBP2B1w164w@ideath.goldenbear.com>
Message-ID: <9304091815.AA19210@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


[ Info on offline readers ]

>I haven't fussed around with offline readers much, but I'll bet it'd be 
>pretty simple to add a step to the collection/.ZIP process, which would 
>encrypt the whole package with some prearranged key.

     Yes, that's a definite possibility.  Most of the popular offline
readers require that you first send them a packet (usually empty) so that
they will put you in the database.  The reader could just accept a certain
file (pubkey.asc for example) that contains the key you want to be used.
Then all sessions with you will be so encrypted.  Your mail to the BBS could
also be encrypted with the BBS's public key.  Unfortunately, one problem
still exists:  I don't know of too many BBS's where the e-mail messages are
actually encrypted on the disk.  As a matter of fact, the SYSOP can usually
read all mail.

>This would allow folks to use standard BBS programs, standard terminal 
>programs, and perhaps even standard offline readers. It should be pretty 
>simple from a programming standpoint, as well; it's perhaps implementable 
>with only batch commands. Yes, the "bad guys" will get to watch the user log 
>on and log off, and can read the menus and choices - but so what? It's 
>possible (easy, really) to encrypt all of the really interesting stuff.

     Some of those programs (MegaMail, TomCat, etc) run PKUNZIP to unzip the
file(s) then take care of the files themselves.  There isn't an easy way to
throw in encryption.  I would be willing to add an encryption option to my
offline mail software, though.  I have written a UTI (Universal Text
Interface) for ChaelBoard that lets it interface with RelayNet(tm) and
offline mail readers that use UTI's.  I also write a QWK/REP interface that
allows  ChaelBoard to be a node (the hub software isn't quite done yet) on
WildNet and for offline mail reading/replying.  I could implement encryption
in the ZIP/UNZIP step (for the users who have PGP keys registered with the
BBS).

     Do you think it's worth my time?

Chael Hall

--
Chael Hall
nowhere@bsu-cs.bsu.edu, 00CCHALL@BSUVC.BSU.EDU
(317) 285-3648 after 5 pm EST





Thread