canonknipser wrote: ↑
Wed Jun 26, 2019 6:18 pm
Just share mail addy or some messenger contact data and communicate outside the board instead of only sharing krypto information outside
Again I must advocate for a use case for this extension or such things.
forums out there right now that rely on PGP/GPG communication on site, despite users having to decrypt it themselves. Saying that it is easier to do X is a little moot.
And I was going to respond saying that GPG is a better alternative than relying on a password/master password (master password really kind of defeats the purpose of this, doesn't it?). Your public key could be stored on your profile and you could "auto encrypt" messages send to others who have their GPG keys on their respective profiles. That's about the best you could get for encrypting messages, unless there's some new development I'm unaware of.
I do appreciate the extension. I'm not sure why there are a few here who ignore the potential of it. That said, Senky, having them encrypted via a password or what not only makes it slightly harder for admins to read PMs not impossible. There are established ways of encrypted communication which avoid MITM attacks entirely, assuming no super computer tries to crack it, and you're using at least 2048 bit. Again I'm assuming there's no replacement for PGP/GPG that I know of anyways, but that is the only end-all for this that I can see.
Senky wrote: ↑
Wed Jun 26, 2019 7:14 am
But it looks like everyone is missing the point here. You as admin can offer your users a real secured channel. Heck, even CIA can't break that one. It is not about users, it is about admins to behave responsible and value user privacy.
As it's built now its kind of trying to recreate the conditions for pgp and is not secure, as others have pointed out. Anyone with malicious intent and admin level access, you can assume, can also change the files to echo out the user password before it's put into the db and hashed itself, must not forget. You can't rely on user passwords.
EDIT: I realized I talked myself into a little bit of a hole on this one. I realized that, if someone did indeed have file level access, nothing would prevent them from altering this extension to output messages before they are encrypted with the public key, no? Same methodology as echoing the password.
Hmm... feels like I'm forgetting something.