Subj : RE: Thinking of posting a code a week
To   : NuSkooler
From : apam
Date : Sun Sep 24 2017 10:20 am

 N> I (think) what he was saying is rolling your own crypto is generally 
 N> considere
 N>  a no-no unless you're a crypto expert. And rightfully so: Creating 
 N> secure crypto is very hard, so it's better to use a well used and trusted 
 N> system 99.9
 N>  of the time.

Yes, I'm aware that trying to invent your on cryptography is usually not
a good idea, I wasn't planning on doing that. I was thinking about using
an already established algorithm, (XTEA as it's fairly easy to
implement).

 N> *Any* crypto in a BBS that doesn't rely on you pasting/uploading 
 N> pre-encrypte
 N> data is going to suffer from the two problems I described previously: 
 N> Trust (you can't!) and plain-text travel

Yeah, it depends on who you trust, if you trust the System operator and
are using SSH, then it wouldn't matter so much. In the game second life,
encryption is often used in objects that communicate with other objects,
anyone at Linden Labs could easily see what you're communicating, but the
point was to hide it from the people you were selling the objects to so
they couldn't reverse engineer etc.

Now if my users trust me, and they trust the sysop the message will be
decrypted on then it would be ok, why then encrypt, you might not trust
someone on the way.

If you take users out of the equation and just want to have secure sysop
to sysop communication, that would also work.

What wouldn't work is calling a random system and expecting your
communications to be secure.

Andrew

--- MagickaBBS v0.7alpha (Linux/x86_64)
 * Origin: Exotica BBS - telnet://exoticabbs.com:2023/ (21:1/125)

.