|
Arden
לנשום

Registered: 09/01/08
Posts: 7,666
Loc: Α & Ω
|
Stealth Message
#10562739 - 06/24/09 01:01 AM (14 years, 10 months ago) |
|
|
www.stealthmessage.com
This seems like a good concept when individuals may need to correspond about sensitive information.
What security flaws potentially exist in this form of communication?
|
Alan Rockefeller
Mycologist


Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 21 hours
|
Re: Stealth Message [Re: Arden]
#10562749 - 06/24/09 01:04 AM (14 years, 10 months ago) |
|
|
Doesn't appear to be a whole lot different than encrypted PM's.
Any implementation can have flaws. I wonder how many people have reviewed theirs. I would trust something more that more people have reviewed, like gpg.
|
Arden
לנשום

Registered: 09/01/08
Posts: 7,666
Loc: Α & Ω
|
|
There are a few features that make it more than encryption (mainly the shared code and option to self-destruct):
------------------------------------------------
* prevents forwarding of messages * helps to prevent unwanted copying of messages * sends message notifications to your existing e-mail accounts
Stealth Message requires only that you and the receiver have access to e-mail and a browser.
All you need to do is make sure that you have agreed on a shared code to access messages sent through this system. Contact your friend or colleague prior to sending the message and agree on a secret code that only the two of you will share. You may always change it later. It is recommended you do this by telephone, in person, or through an alias e-mail address. The system does not issue you a new email address and allows you to use your existing e-mail accounts to receive messages.
The system works in a 3-step process.
1. You create your message, encrypt and store it.
2. Recipients are notified by e-mail that there is a confidential message for them stored on our servers.
3. Recipients click a link back to the Stealth Message site, enter a private code, and access the message.
Messages are untraceable, and there are multiple back-up security systems in place to ensure that the content of your messages can not be accessed except by legitimate recipients.
|
Alan Rockefeller
Mycologist


Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 21 hours
|
Re: Stealth Message [Re: Arden]
#10564787 - 06/24/09 01:11 PM (14 years, 10 months ago) |
|
|
They claim to prevent unauthorized copying and forwarding, but they can't do anything to stop you from taking a screen shot of the message.
How much do you trust these people?
What is their reputation in the cryptography community?
Who are they, anyway?
Who has reviewed the code?
I did a quick web search and couldn't answer those questions. You are better off going with a system that has a good reputation in the crypto community. Why not GPG?
At least with GPG you are using a trusted algorithm which has had its implementation reviewed by many eyes.
Whatever you go with, make sure you take care of the plaintext, you don't want it sitting around on your HD. Full disk encryption really helps with this.
|
Arden
לנשום

Registered: 09/01/08
Posts: 7,666
Loc: Α & Ω
|
|
Thanks for the help!
|
|