RE: pgp in internet cafe (webpgp)
On Sun, 23 Mar 2003, Lucky Green wrote: > > The question is - do I have to code this or has someone > > already done it ? > > http://www.lokmail.com/ It is inadvisable that anyone use Lokmail. The implications of a "trust-us" encrypted mail service are obvious, and the people behind Lokmail are of dubious integrity. If you're looking for secure web-based PGP, look at www.hushmail.com.
RE: pgp in internet cafe (webpgp)
Anon wrote: > Assumptions: > > - I have https (SSL) access to a trusted unix box > - I trust SSL > - I'll take a risk of unknown machine running http client > being subverted > > I want to use PGP while checking/sending e-mail via web > interface on someone else's machine (say, internet cafe). So [...] > The question is - do I have to code this or has someone > already done it ? http://www.lokmail.com/ --Lucky Green
Re: pgp in internet cafe (webpgp)
On Sun, 23 Mar 2003, Morlock Elloi wrote: > Ever tried to install a ssh client on a random internet cafe computer ? What's wrong with PuTTY on a floppy, USB stick, or http://leitl.org/putty.exe ? Works every time.
Re: pgp in internet cafe (webpgp)
Quoting Morlock Elloi <[EMAIL PROTECTED]>: > > why not just use ssh? you can scp the text to your host, encrypt/decrypt it > > *there* then scp it back if needs be. you also then don't need to use > > webmail - just have a mailbox on that server that you forward your webmail > > to, and that you send email in the name of the webmail account from. > > its easy enough to grab down puTTY whenever you need it. > > Ever tried to install a ssh client on a random internet cafe computer ? I normally run a java-ssh applet using one time passwords to a mostly throwaway account, loaded off an https web page, when I need remote access from untrusted machines. It works pretty well. If I were using PGP like that, I'd probably disavow read perms on the key and use an suid-another-user pgp script, to try to protect the PGP key itself from copying...sort of analogous to a smartcard. Using untrusted hardware for secure computation is living in sin, but it's not too hard to minimize the risk. ipaq running linux with 1xRTT and 802.11b is smaller than a .380, and vastly more useful in modern warfare, though. > > > = > end > (of original message) > > Y-a*h*o-o (yes, they scan for this) spam follows: > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com -- Ryan Lackey [RL960-RIPE AS24812] [EMAIL PROTECTED] +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
Re: pgp in internet cafe (webpgp)
And (dumbass) you would trust the keyboard and display of an internet cafe is safe to type in your passphrase? Never heard of keystroke capturing? You're better off trying to find a WiFi access point - i.e. Starbucks or whatever cafe and using that instead with your own trusted hardware. That said, you can use hushmail... --Kaos-Keraunos-Kybernetos--- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net On Sun, 23 Mar 2003, Anonymous wrote: > Assumptions: > > - I have https (SSL) access to a trusted unix box > - I trust SSL > - I'll take a risk of unknown machine running http client being subverted > > I want to use PGP while checking/sending e-mail via web interface on someone else's > machine (say, internet cafe). So in one window I have webmail interface, and in the > other window I have "webpgp" interface, and I paste ciphertext back and forth. > > The https-ed webpgp interface should authenticate me via some sort of passphrase and > then I can submit ciphertext for decryption (encryption also requres authenticatin, > in order to avoid browsing of my keyrings.) > > The question is - do I have to code this or has someone already done it ?
Re: pgp in internet cafe (webpgp)
Morlock Elloi wrote: > Ever tried to install a ssh client on a random internet cafe computer Yup. 1. download putty 2. run putty 3. run batchfile that changes password to next oneshot 4. do whatever is needed 5. exit putty :)
