(2016-09-23, 09:51 AM)alfred702 Wrote: [ -> ] (2016-09-21, 09:57 AM)Tom K. Wrote: [ -> ]But PGP is basically one of the only ways you can ensure a user can communicate without you being able to access the information. Even with mcrypt, you're going to have the key, so you're going to be able to decrypt their messages.
PGP is easier than ever with things like keybase.io. If you were super serious about security of PMs and your users were too maybe you'd write a wrapper for you PM interface as a desktop app? Or, more likely, they would probably already use PGP.
So what do we do about private messages for the unwilling zombies who use our sites?
I'm thinking what if we had a JavaScript api that would allow people who are too lazy to easily create a PGP key in just one click. I wonder if something like this already exists
There are a number of implementations (Google's End-to-End, OpenPGP, and kbpgp to name but a few) but JavaScript isn't the greatest language to do this kind of thing in. Encrypting is simple, you just need to store public keys on the server and send them to the browser to encrypt data. Decrypting is more of an issue - where are you getting the private key from? You can't store it on the server, you could ostensibly store is in an encrypted cookie but reading PMs would only be possible from a single machine. Otherwise you're looking to make users carry their private key on a thumb drive - something most users won't appreciate. And finally, generating key pairs requires finding an incredibly large prime number - a computationally expensive task. JavaScript is single threaded (mostly) so you'd have to do this in a single thread. This could take literal seconds where your entire site would appear unresponsive.
In reality, encrypting PMs is great but is largely unnecessary for 99.99999% of forums. It presents a nightmare for ensuring the system works, when it doesn't work it's essentially useless. If users lose their private keys their messages can no longer be read. If users were serious about secure communication they'd use PGP on their own PC or some end to end encrypted messaging service. Putting this kind of functionality on a forum is like adding a 5th wheel to a car. Maybe there's an argument that it would make things better, but the technical challenges (and social complications of persuading every member that this mountain of extra effort is really worth it) outweigh the realistic gains.
This is not really necessary, as for security use secure passwords or go to ACP > Configuration > Login and Registration Options > Require Complex Passwords. Also run the latest version of your plugins and MyBB.
What would be said in PMs that is so confidential? You're not responsible for any data breaches anyway (default registration terms of use).
You can do a lighter softer form of encryption too not just PGP.
If you require members to use a cookie stored key you can gain some of your benefits that you're asking.
Quote:1) Encryption against account intruders.
2) Encryption against outside attackers.
3) Encryption against the administrator.
4) Encryption against the hosting provider.
1. Yes
2. Yes.
3. Yes.
4. Yes.
You would need to HTTPS your site so that MiTM can't be possible from your hosting provider or their ISP.
You may also want to require at least a 12-16 complex key.
And yes, if an individual member has a RAT or is compromised then their security is blown but that can happen with PGP too. And keeping a small key 12-16 characters is not ideal. But it takes into account that PGP is often too complex for general member base.
You also avoid storing the key especially a PGP key and you can of course create your own algo.
If your database is by chance stolen the PMs will be encrypted. You can also hard code a salt into your php function which will mean an attacker would need to get both SQL and your files. Often with sql injection they just can grab database information.
Quote:Decrypting is more of an issue - where are you getting the private key from? You can't store it on the server, you could ostensibly store is in an encrypted cookie but reading PMs would only be possible from a single machine.
You can ask them to input their key on your forum which will then store the cookie. Or you can give instructions how to do it manually for the paranoid. Yes, less secure but still a reasonable option in most circumstances.
Quote:And finally, generating key pairs requires finding an incredibly large prime number - a computationally expensive task.
These are forums. We're not protecting NSA secrets or banking data. I think OP would be happy just with basic encryption so that PMs aren't readable by intruders, attackers, admins, or the host. Which this does. If the database was grabbed by the NSA or FBI then I imagine they'd decrypt it. But some of you want overkill for something that can be fairly simple. And I am aware that simple means less secure but that doesn't mean it's not secure.