[DEV] Encrypted PMs

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: [DEV] Encrypted PMs

Post by EA117 » Wed Jun 26, 2019 12:51 am

If our distrust of the site owner(s) runs deep enough to account for fagbutlil's earlier assertion of "easy to get the password during login" (which is true), then there isn't any extension within the web application that can counteract that lack of trust. Because if the site owner(s) are willing to capture the user's password to defeat the encryption that they themselves installed on the site, they don't even need to defeat the encryption at that point. They can simply capture the message instead.

So I think I agree, the audience here is something less than "have you ever worried about the admin reading your private messages?" What this encryption scheme protects against is someone who only has access to the database; either online or as an offline copy. That person can no longer read the private messages, using just information available from the database.

Perhaps the marketing department needs to re-brand as "Have you ever worried that someone will steal one of the offline database backups and see all your private communication?" More of a "data breach" concern, perhaps shared by both site owners and site users.

The actual site owner(s) with access to the live site, on the other hand, still have plenty of options to compromise the private messages, if they themselves are "the weak link" in the trust chain. Including but not limited to David and John's point of simply never installing the extension to begin with.

If there aren't any significant holes in that analysis, does the encryption really achieve something practical in exchange for the complexity and overhead of being "per user"? Can we just drop a single set of keys in config.php and be done, knowing someone who absconds with the database still won't have what they need to decrypt it?

User avatar
Mannix_
Registered User
Posts: 490
Joined: Sun Oct 25, 2015 2:56 pm
Contact:

Re: [DEV] Encrypted PMs

Post by Mannix_ » Wed Jun 26, 2019 7:06 am

EA117 wrote:
Tue Jun 25, 2019 6:50 pm

A new private key can be generated for future uses, but the ability to decrypt existing messages encrypted with the previous private key would be lost.
So this would mean there should be like a master-key to be able to unlock the old messages if you change the password. Mega has something like that so if you forget the password and reset it then you need to use your master key to unlock the stuff you have saved on your cloud.
-=-=-=-=-=-=-=-=-=-=-=-=-My Styles-=-=-=-=-=-=-=-=-=-=-=-=-
HexagonHexagonRebornCleanSilverProject Durango
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Want me to port a style to 3.2.x etc. contact me here or on twitter.

Senky
Extension Customisations
Extension Customisations
Posts: 2124
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub
Contact:

Re: [DEV] Encrypted PMs

Post by Senky » Wed Jun 26, 2019 7:14 am

rxu wrote:
Tue Jun 25, 2019 2:55 pm
So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
No, he doesn't own the private key. He only owns a hash of private key. It's the same thing as with passwords. Admin can see the hashes, but will never know the real password. Sure, as an admin, if you really really want, you can track user keyboard during login process, obtain his password and decrypt the private key.

But it looks like everyone is missing the point here. You as admin can offer your users a real secured channel. Heck, even CIA can't break that one. It is not about users, it is about admins to behave responsible and value user privacy.

nou nou wrote:
Tue Jun 25, 2019 4:29 pm
Would you tie this to a permission? i.e. only trusted members (perhaps those who can be ID'd) are allowed encrypted messaging?
Sure, permissions are a must. :)

dingus33 wrote:
Wed Jun 26, 2019 12:00 am
of course, it is a good idea and a worthwhile extension. i would just consider phrasing it differently since admins rather than users are your direct audience. :lol:

obviously point of this extension is that you can inspire confidence in your userbase as an admin.
Ah right, I rephrased the first post.

EA117 wrote:
Wed Jun 26, 2019 12:51 am
If there aren't any significant holes in that analysis, does the encryption really achieve something practical in exchange for the complexity and overhead of being "per user"? Can we just drop a single set of keys in config.php and be done, knowing someone who absconds with the database still won't have what they need to decrypt it?
That would be a really weaker protection. With current approach, your access to DB and filesystem won't suffice to decrypt the messages.

Mannix_ wrote:
Wed Jun 26, 2019 7:06 am
Mega has something like that so if you forget the password and reset it then you need to use your master key to unlock the stuff you have saved on your cloud.
That is actually a really good idea. I will think about incorporating it into the ext!

User avatar
david63
Registered User
Posts: 16330
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: [DEV] Encrypted PMs

Post by david63 » Wed Jun 26, 2019 7:29 am

Senky wrote:
Wed Jun 26, 2019 7:14 am
t is about admins to behave responsible and value user privacy.
That could be achieved by simply putting a message on the board to say that PMs were encrypted and nobody would be any the wiser.

I could present an argument for not having encryption AND allowing Admins to read PMs but this is not the place for that discussion.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
dmzx
Registered User
Posts: 768
Joined: Fri Sep 05, 2014 6:48 am
Location: The Netherlands
Contact:

Re: [DEV] Encrypted PMs

Post by dmzx » Wed Jun 26, 2019 9:09 am

Some board do need this read out of PM's that's why the extension was developed. I'am pretty sure there are more extensions out the that do the same.
It's up to the Admin to install it or not if those boards require it. ;)

But looking forward where this development is going and will surely check it out.
Contact me on dmzx-web.net
 Need a Host or buy me a beer Donate and try binance.com

User avatar
Mannix_
Registered User
Posts: 490
Joined: Sun Oct 25, 2015 2:56 pm
Contact:

Re: [DEV] Encrypted PMs

Post by Mannix_ » Wed Jun 26, 2019 10:57 am

I would honestly suggest for this to be added to the core of phpbb without the possibility to turn it off or making it on/off per user outside of admin's reach. Also I have a question is it possible to hash the pm's in the db just like the passwords are ?
-=-=-=-=-=-=-=-=-=-=-=-=-My Styles-=-=-=-=-=-=-=-=-=-=-=-=-
HexagonHexagonRebornCleanSilverProject Durango
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Want me to port a style to 3.2.x etc. contact me here or on twitter.

User avatar
Ger
Recognised Extension Developer
Posts: 1853
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: [DEV] Encrypted PMs

Post by Ger » Wed Jun 26, 2019 11:45 am

Mannix_ wrote:
Wed Jun 26, 2019 10:57 am
Also I have a question is it possible to hash the pm's in the db just like the passwords are ?
Sure, you can hash them. But the recipient can't "unhash" it since hasing is a one-way trip.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

dingus33
Registered User
Posts: 82
Joined: Fri Sep 29, 2017 11:11 am

Re: [DEV] Encrypted PMs

Post by dingus33 » Wed Jun 26, 2019 11:48 am

EA117 wrote:
Wed Jun 26, 2019 12:51 am
If our distrust of the site owner(s) runs deep enough to account for fagbutlil's earlier assertion of "easy to get the password during login" (which is true), then there isn't any extension within the web application that can counteract that lack of trust. Because if the site owner(s) are willing to capture the user's password to defeat the encryption that they themselves installed on the site, they don't even need to defeat the encryption at that point. They can simply capture the message instead.

So I think I agree, the audience here is something less than "have you ever worried about the admin reading your private messages?" What this encryption scheme protects against is someone who only has access to the database; either online or as an offline copy. That person can no longer read the private messages, using just information available from the database.

Perhaps the marketing department needs to re-brand as "Have you ever worried that someone will steal one of the offline database backups and see all your private communication?" More of a "data breach" concern, perhaps shared by both site owners and site users.

The actual site owner(s) with access to the live site, on the other hand, still have plenty of options to compromise the private messages, if they themselves are "the weak link" in the trust chain. Including but not limited to David and John's point of simply never installing the extension to begin with.

If there aren't any significant holes in that analysis, does the encryption really achieve something practical in exchange for the complexity and overhead of being "per user"? Can we just drop a single set of keys in config.php and be done, knowing someone who absconds with the database still won't have what they need to decrypt it?
well said.

i think for this extension to have practical value, what's important here is to define specific, real-world threat scenarios that are to be mitigated.

consider theft of the db only.
maybe i missed it, but i didn't see an explanation of how exactly your extension will work. i'm guessing you're using asymmetric crypto.
i saw you say the user's phpBB pw is used to generate the keys:
Senky wrote:
Tue Jun 25, 2019 1:24 pm
Current problems:
  • You can send encrypted PMs only to users who logged in at least once after the ext was enabled. Reason is, the ext is using user password to generate the encryption keys and there is no way to encrypt the message without the keys. But the bad side of this approach is that the keys are generated every time user logs-in, taking quite a time to generate. Log-in process is then slowed down (approx. 1s, depends on the CPU speed).

    Alternative approach could be an announcement-like notification asking user to generate the keys in the UCP. This adds few steps but doesn't slow the log-in process. Difficult to decide on which approach is better.
in the event of db theft, how secure are phpBB passwords? it's critical to look into that in detail. rainbow tables, anyone?
even without the benefit of rainbow tables, how much processing energy would it take to brute force the passwords of one or two users given pw complexity in a typical phpBB installation?

Senky
Extension Customisations
Extension Customisations
Posts: 2124
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub
Contact:

Re: [DEV] Encrypted PMs

Post by Senky » Wed Jun 26, 2019 12:13 pm

Mannix_ wrote:
Wed Jun 26, 2019 10:57 am
I would honestly suggest for this to be added to the core of phpbb without the possibility to turn it off or making it on/off per user outside of admin's reach.
That is not ideal. The "problem" with the encrypted PMs is that when you forget your password, you won't get them back. You loose them all. So personally, I would keep most of my PMs unencrypted, but in some special cases (like sending credentials) encrypt them.

User avatar
Mannix_
Registered User
Posts: 490
Joined: Sun Oct 25, 2015 2:56 pm
Contact:

Re: [DEV] Encrypted PMs

Post by Mannix_ » Wed Jun 26, 2019 12:28 pm

Senky wrote:
Wed Jun 26, 2019 12:13 pm
That is not ideal. The "problem" with the encrypted PMs is that when you forget your password, you won't get them back. You loose them all. So personally, I would keep most of my PMs unencrypted, but in some special cases (like sending credentials) encrypt them.
That's why a master-key is needed as I mentioned above :)
-=-=-=-=-=-=-=-=-=-=-=-=-My Styles-=-=-=-=-=-=-=-=-=-=-=-=-
HexagonHexagonRebornCleanSilverProject Durango
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Want me to port a style to 3.2.x etc. contact me here or on twitter.

nou nou
Registered User
Posts: 328
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV] Encrypted PMs

Post by nou nou » Wed Jun 26, 2019 1:24 pm

Senky wrote:
Wed Jun 26, 2019 12:13 pm
personally, I would keep most of my PMs unencrypted, but in some special cases (like sending credentials) encrypt them.
Oh that is interesting. So are you saying that this extension may offer PM encryption as optional per message? That would be fancy ;)

Senky
Extension Customisations
Extension Customisations
Posts: 2124
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub
Contact:

Re: [DEV] Encrypted PMs

Post by Senky » Wed Jun 26, 2019 1:36 pm

Mannix_ wrote:
Wed Jun 26, 2019 12:28 pm
That's why a master-key is needed as I mentioned above :)
Master key hold by the admin is a no-go. That actually beats the main purpose. Although I understand this might protect your messages from outside threats, the aim of this ext is to protect it even from the inside ones. So there can be a recover key per-user, but I think I will never incorporate master key into the ext.

nou nou wrote:
Wed Jun 26, 2019 1:24 pm
Oh that is interesting. So are you saying that this extension may offer PM encryption as optional per message? That would be fancy ;)
Sure, that is the idea, per-message encryption.

User avatar
Mannix_
Registered User
Posts: 490
Joined: Sun Oct 25, 2015 2:56 pm
Contact:

Re: [DEV] Encrypted PMs

Post by Mannix_ » Wed Jun 26, 2019 2:40 pm

Senky wrote:
Wed Jun 26, 2019 1:36 pm
Mannix_ wrote:
Wed Jun 26, 2019 12:28 pm
That's why a master-key is needed as I mentioned above :)
Master key hold by the admin is a no-go. That actually beats the main purpose. Although I understand this might protect your messages from outside threats, the aim of this ext is to protect it even from the inside ones. So there can be a recover key per-user, but I think I will never incorporate master key into the ext.
No a master-key that would be generated for user not admin during registration or upon button press if the account existed before installing the extension. It could be stored in the db just like passwords are (hashed). The user should save the master-key elsewhere in case of password recovery etc.
-=-=-=-=-=-=-=-=-=-=-=-=-My Styles-=-=-=-=-=-=-=-=-=-=-=-=-
HexagonHexagonRebornCleanSilverProject Durango
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Want me to port a style to 3.2.x etc. contact me here or on twitter.

rxu
Extensions Development Team
Posts: 2946
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: [DEV] Encrypted PMs

Post by rxu » Wed Jun 26, 2019 3:35 pm

if this is to make PMs guarded from outside sniffering then it's a different story. I was just misleaded by the example of reading PMs by admin, which is technically unavoidable in case admin wants to read it ;)

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: [DEV] Encrypted PMs

Post by EA117 » Wed Jun 26, 2019 3:41 pm

Senky wrote:
Wed Jun 26, 2019 7:14 am
EA117 wrote:
Wed Jun 26, 2019 12:51 am
Can we just drop a single set of keys in config.php and be done, knowing someone who absconds with the database still won't have what they need to decrypt it?
That would be a really weaker protection. With current approach, your access to DB and filesystem won't suffice to decrypt the messages.
Okay. Something about that seems "impossible", since having access to the DB and the file system gives the site owner(s) access to everything the extension has access to, and the extension is able to decrypt them. But perhaps there is still a piece that is not described or not being taken into account.

Note the reference was to "the live site", and not "just the file system". e.g. fagbutlil's assertion that the user's password is accessible during login isn't because "the password is in the file system." It's because if you have access to the file system, you could capture that information on the live site. e.g. Pulling form field data out of $request.

I'm saying the same is true of the message itself; the untrustworthy site owner(s) we're worried about could use their file system access on the live site to simply capture the message itself pre-encryption. Instead of even worrying about user password capture, and instead of attempting to invoke decryption with the same information the extension successfully invokes decryption with.

Which is how we landed on the assertion "someone viewing only the database information" is who is now locked out of viewing the stored private messages, as opposed to "the site owner(s) were prevented from seeing your message." The site owner(s) have all the same abilities the extension itself has, and is not something the extension can unilaterally protect against.


With regard to your actual original behavior feedback request, the items which had come to mind were:
  • Presuming the private key for the user needs to be decrypted and then re-encrypted during a password change (so that the key is encrypted with the new user password), adding some UI to the "password reset" actions available to both users and administrators could be important. Meaning additional warning text for admin password reset, and for user forgotten password reset, that declares what the ramifications will be for changing the user's password without knowing their existing password. Bonus points for the message to be repeated or more insistent if the user actually has sent one or more encrypted messages, and data loss would occur.
    • Although the benefit of being "entirely transparent" is clear, the users trust in the site owner & the extension might be improved by being able to see "this message is actually encrypted." Meaning, although they might eventually leave the checkbox checked to "always decrypt by default", giving the reader a checkbox to let them see what the message looks like without applying decryption could improve their confidence that "something is being protected" now.
    Last edited by EA117 on Wed Jun 26, 2019 3:44 pm, edited 1 time in total.

    Post Reply

    Return to “Extensions in Development”