undefined | Better HN

0 pointsp4bl011y ago0 comments

Mh, okay.

But let's make the crazy assumptions that we are effectively in a world where end-to-end crypto is massively used, virtually by everyone.

I guess it would be stupid to assume that the message are encrypted but not signed.

This means that it would be easy to have a list of identities (i.e., keys) which are sending spams, for instance using a web of trust, without users having to disclose any other informations that "I trust these identities, not these ones" (which could be as easy to do as clicking "spam" or "not spam" for the users).

Now that means that the spammers not only have to encrypt every single email for every single recipient but also to generate new key-pairs for almost each encryption.

Of course it is also very easy to mark as spam any email signed with a key that is considered too small (i.e., too quick to generate).

Now if you tell be that still won't do it without a "centralized spam system with global knowledge", I have to seriously rethink a lot of my assumptions about the cost of some computations.

0 comments

4 comments · 1 top-level

Perseids11y ago· 3 in thread

Some numbers:

- Public key encryption: 2048bit RSA can achieve up to about 200k encryptions per second on a high end cpu [1]. ElGamal-like encryption schemes using elliptic curve cryptography can get to about 100k encryptions [2].

- Public key signatures: RSA is hopelessly slow for good keys. There is no reason to use strong keys for this case, though. If you reuse primes you can use a 1000 primes to generate a million RSA modules (you need two primes per public key), effectively eliminating the costly prime search. Using elliptic key cryptography the key generation step is dirt cheap: With ed25519 you get 200k key generations per second [3]

[1] http://bench.cr.yp.to/results-encrypt.html [2] http://bench.cr.yp.to/results-dh.html [3] http://bench.cr.yp.to/results-sign.html

Formula used for each of the above numbers: 3500x10^6/[median for Intel Xeon E3]x4

p4bl0OP11y ago

Thanks for the number, it's very informative.

I guess there's still the solution to only accept message from trusted keys but that means that 1- we have to be able to detect signature-rings from spammers in the graph (that clearly should not be a big problem), and 2- that there is an easy and realistic way to have a legitimate key in the trusted network before it can be used to sends emails…

Anyway, all that is very interesting from a theoretical point of view, but we are far from being in a world where end-to-end crypto is massively used.

pyre11y ago

> trusted keys

The problem with Web-of-Trust is that once you try to roll it out mainstream, most people will just click "accept" or "I trust this key" without thinking about it. Instead of "signature-rings from spammers" you would have spammers duping less-aware real people into trusting their keys.

That said, it would seem to be a longer feedback loop to get a number of actual people to open emails and trust their keys.

1 more reply

xorcist11y ago

You could set up your MUA today so that anyone you've already emailed with gets put in a priority folder. No need to mess with end to end encryption just for that functionality.

Theoretically, any spammer could research you enough to send to mail purporting to be from your friends, but realistically no one would bother.

j / k navigate · click thread line to collapse