Encrypted messages

Discussion in 'QUESTIONS & FEEDBACK' started by Hacendado, Nov 20, 2012.

  1. Hacendado

    Hacendado Family member Mushroom Doctor Supporter

    Joined:
    Feb 27, 2012
    Messages:
    2,908
    Gender:
    Male
    Location:
    EUROPE
    I was wondering if this feature will be here in the future?
    I feel so secured when communicating via encrypted messages.
     
  2. LuckOfTheFryish

    LuckOfTheFryish Moderator Moderator Expert Identifier

    Joined:
    May 31, 2011
    Messages:
    2,796
    Location:
    Western USA
    what does that mean?
     
  3. mycborg

    mycborg Well-Known Member Supporter

    Joined:
    Mar 3, 2012
    Messages:
    1,071
    Location:
    This is not the place you'r looking for
    You can't tell because it's encrypted..

    Sorry I had to :)
     
  4. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    everything on this site is already encripted since we have the https on the beginning of the url. If i am not mistaken
     
  5. LuckOfTheFryish

    LuckOfTheFryish Moderator Moderator Expert Identifier

    Joined:
    May 31, 2011
    Messages:
    2,796
    Location:
    Western USA
    lol mycborg you are a jerk. :)

    i know what encrypted means...just not in relation to the internet...
     
  6. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    As far as i understood him, he is talking about our forum and pm's in the forum. He want's that our forum is not visible to other people listening on the connection. This is happening automatically now. We seen it unencripted but if someone who is not loged in would try to 'listen' to our text he would only see garbage.
    AT least i think that's what he's talking about. If he is talking about encrypted mail then the solution is private/public key software. It cen be downloaded for free from http://www.gnupg.org/
    I can help with explanations a bit here (regarding mail)

    Direct download from this site for windows http://www.gpg4win.org/
    or this site for Mac might help https://www.gpgtools.org/
     
    Last edited: Nov 21, 2012
  7. Hacendado

    Hacendado Family member Mushroom Doctor Supporter

    Joined:
    Feb 27, 2012
    Messages:
    2,908
    Gender:
    Male
    Location:
    EUROPE
    I think you misunderstood.
    I understand that the forum is encrypted now. This is awesome! Private server and encrypted connection!

    I was thinking about encrypted private messages via gnupg inside the encrypted forum.
    Sorry for the mix up.
     
  8. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    that would be great! Maybe there is a plugin for this. We are unfortunately using a paying forum and not open source so the chance that the plugin exists or is affordable is smaller. Let's check
     
  9. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    FROM THE FORUM:


    Question:
    Hi,

    Is it at all possible to encrypt pm's with MD5? I know most people will say that it will prevent me from reading them in cases of abuse, but I will make it clear to users to just add them to there ingnore list.


    Answer:
    No, you can't. MD5 is not for encryption, it is for getting a digital signature of any string, a hash value. Once you get it you cannot go back to the original message, and I'm guessing that you want to go back to the original message so you'd be able to read it.

    If you want to have encription you can either use Rc4, des, 3des, aes, idea or any other algorithm for encryption, md5 is not meant for that, you'd need a key for encrypting/decrypting the password and I'm thinking that key would be the user's password hash (that's the most natural thing to be). However, if the key is the user password hash the admin has access to it anyway via phpmyadmin in the user table.


    For the adminstrator not to be able to read the private message the key should be completely private, and that means the users should exchange keys in a secure way (or a user giveout his key if it is something symetric).

    I think this is far too complicated for a simple privatemessage, if a user needs that privacy and security he's better of emailing the other user instead of using the forum.
     
  10. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    I did find this on the hcking site of vbulletin. It was meant for version 3. IDK if it works on 4 too:



    PMCrypt - Private Message Encryption



    Mod Version: 1.1.0, by magnus (Coder/Designer) [​IMG]
    Developer Last Online: Feb 2012 [​IMG] [​IMG] [​IMG]

    vB Version: 3.6.4 Rating: [​IMG] (11 votes - 4.73 average) Installs: 46 Released: 21 Feb 2007 Last Update: 22 Feb 2007 Downloads: 338

    Keywords: Private, Message, PM, Encrypt, Encode, Security

    Description:
    Encrypts Private Messages within the MySQL database. Allows for on-the-fly decryption without the need for a shared key.


    Details:
    This hack will encrypt sent messages within your MySQL database. No longer will they be viewable in plaintext, thus affording your members a little more security with their private correspondance.

    Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.

    The messages are encrypted using a method developed and credited to AITOR SOLOZABAL MERIN by where text is encrypted/decrypted using a simple but powerful XOR method without a known key. Implicitly, the key is defined by the string itself in a character by character way. There are 4 items to compose the unknown key for the character in the algorithim:
    1. The ascii code of every character of the string itself
    2. The position in the string of the character to encrypt
    3. The length of the string that include the character
    4. Any special formula added by the programmer to the algorithm to calculate the key to use
    This product does not explicitly rely on any vBulletin functions, thus there should not be any problems with future upgrades, etc.

    This product was developed by request of FGENETICS and DOOGIE88.


    Installation:
    1. Download and import the product-pmcrypt1.1.0.xml file via the Product Manager.

    2. Enable the product via the AdminCP (vBulletin Options > Private Message Encryption)

    3. ???

    4. Profit


    Version History:
    v1.0.0 - Initial Release
    v1.0.1 - Fixed bug when replying to an encrypted message.
    v1.1.0 - Fixed issue with reply and preview. Encapsulated encryption within base64_encode(); for storage. Smilies no longer run risk of breaking encryption.

    * Once enabled, all PM's sent thereafter will be encrypted. This means that should you choose to disable and/or uninstall the product, said PM's will remain encrypted -- rendering them unreadable.

    * Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!
     
  11. Hacendado

    Hacendado Family member Mushroom Doctor Supporter

    Joined:
    Feb 27, 2012
    Messages:
    2,908
    Gender:
    Male
    Location:
    EUROPE
    How do shroomey encrypted msgs function?
     
  12. Professor PinHead

    Professor PinHead Lost in the Tek.... Administrator Mushroom Doctor Cannabis Doctor Supporter

    Joined:
    May 27, 2011
    Messages:
    9,164
    Location:
    A Rhizomorphic Space
    The private messages are encrypted.

    Installing a message encrypter would be kind of redundant.

    There really isn't much of a point in double encrypting messages. Those hacks are typically used by sites who don't have an ssl installed.

    This entire website is encrypted. Private pessages and all.

    I suppose in the future I could look into it but for now I think we are good. One thing at a time, lol.

    The shroomery probably installed a plug in like you suggested to add encyption to the PM's.
     
  13. Hacendado

    Hacendado Family member Mushroom Doctor Supporter

    Joined:
    Feb 27, 2012
    Messages:
    2,908
    Gender:
    Male
    Location:
    EUROPE
    I understand.
    Thank you for clarifying that :super:
     
  14. Professor PinHead

    Professor PinHead Lost in the Tek.... Administrator Mushroom Doctor Cannabis Doctor Supporter

    Joined:
    May 27, 2011
    Messages:
    9,164
    Location:
    A Rhizomorphic Space
    Well I just went in and downloaded and installed the hack for the heck of it...

    I tried sending a message and it broke the encryption, :shrug1:

    Maybe that particular hack is not compatible with an ssl? Not too sure....

    I'll look more into it later. As of now I turned the plug in off.////.....
     
  15. BurstKernel

    BurstKernel messenger Supporter

    Joined:
    Nov 6, 2012
    Messages:
    264
    Just use PGP/GPG.
     
  16. harponet

    harponet Well-Known Member

    Joined:
    Dec 8, 2011
    Messages:
    2,008
    Gender:
    Male
    Location:
    Tiphareth; Northern Europe Hardiness Zone 7; Clima
    read the whole post
     
  17. Professor PinHead

    Professor PinHead Lost in the Tek.... Administrator Mushroom Doctor Cannabis Doctor Supporter

    Joined:
    May 27, 2011
    Messages:
    9,164
    Location:
    A Rhizomorphic Space
  18. freeskierpj

    freeskierpj Mycology Nutcase Supporter

    Joined:
    Dec 20, 2012
    Messages:
    306
    Location:
    Somewhere far away
    Private message encryption would be redundant however anybody that would like to send messages that are...umm "ghetto-encrypted" I guess would be a good way to put it lol, you can go to this website: http://www.privnote.com/. This is a free service that gives you a URL with your message so that you can, quoting from the website, "send notes that will self destruct after being read". So yea this is a good way to send sensitive information like addresses if you are worried about the encryption not being enough to keep your message secure.

    Hope this helps someone :)
     
  19. Toni

    Toni Moderator Moderator

    Joined:
    Jun 3, 2011
    Messages:
    1,809
    Location:
    Minas Tirith
    ssl + Tor browser is enough reliable.
     
  20. BurstKernel

    BurstKernel messenger Supporter

    Joined:
    Nov 6, 2012
    Messages:
    264
    Here's my public key. Anyone who wants to practice encryption via GPG/PGP, feel free to send me a PM to test it out. Encrypt me a message and your public key so that I can respond.


    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.4.11 (GNU/Linux)

    mQENBFEFcvQBCADHJXh+mXM17XdPVVfTxFQYbjJFxTJ8E5Fa5sR6xQvXwqyodYDc
    GDTkhjKueO/jt0WGoJu4YfplHh+cRQ9vmYPjj2pMhr71WSoWylHlq7ABO0oWIA1D
    NWb/2GgrjXulOVsKZRypWkmCWB+/ss7xM18DS+9/e3dPVwek9fdoIYAng0R2fVJi
    EcP3Em6DJvf6/P5a2Nn8GwpB3T0/h33pRvLWEM+j4H99nuVqDdqH0Tcip/CreF9E
    B81vNaTq+MLIBv07W729aCwVHHLmhr3jEgQoIn2OhJFB/603l4cxGPKfOia4tD8Z
    Hhk+jQbAmGOIxv/Q4IB/DdLnPrW4aPXmIGZZABEBAAG0JUJ1cnN0S2VybmVsIDxi
    dXJzdGtlcm5lbEBsYXZhYml0LmNvbT6JATgEEwECACIFAlEFcvQCGwMGCwkIBwMC
    BhUIAgkKCwQWAgMBAh4BAheAAAoJEEnsuDOjVq00VlUH/31AlGsUUvyOhRqWAkS4
    0oVgPt4Q09qJaRXzv92o06Gk/s+fXuusR46raUPDfxcFuOQ5WlZCrqN6RtjNaP3V
    ZwLwByNK8jZA+GO4snFzhZQ7FBE/KAY6OABX7X48fzFw+vA2C+Qay3PCtB8z9KLe
    I+FqwnmS5fLQLQIaKDG8xXa9laP+tooB+CazpLqJyD0GKRUq17piFaGnHXcPuH3n
    jktWz8y+bsdoDb4KSc/etMacEROezB0m1KX8ffOeevI302iuk9SY8o0sD6YnFG25
    lwWjDAiuVbghw/q6IoV8nj1MZDRTusQZ9O7w6mcuwYa8CgDkqBDmKlA2XegHnSTw
    IHC5AQ0EUQVy9AEIALruiO5xbIKRofJaT3O3THDgWsbaA4P9PTsRZNTvEI2N9Q/7
    rQeCASNSiRGJpzeLcl5YXMTrvMastLth6cXpqMuwZWQQ2V7dqhawTQwgCNPUO/dD
    6MbUOq5XbSNs5Fc0X/wa1WWtxMHTBxycstAOAgoLBiNBmUjiNtbIvbeVoO9/BcUC
    ONwe3Zr7GfkJSb1WBnvRVOd+36Tez49mkC+fdLJT/iZ4XPO02XYAgQp0MdW1u256
    /HO73JWlNf6+QD3CNGWoxQtU4iPTpURWguBZzkRrr1ba6UxDOezKm1hSOJSU5rML
    jxUISjArYYZGHKt1ZIAU9XRlHkaj0L/BiCFDxZEAEQEAAYkBHwQYAQIACQUCUQVy
    9AIbDAAKCRBJ7Lgzo1atNAtqB/9QD1koax0akHWI8gQfPLZrdLMzLWS3lntYY/jq
    MHptXMODJ7NAXN6iZShsdeCG76VyNK3bvTBWUDt9pGrdFZGfitndfwqH2MHepX6F
    gnTUmSwICol21IiT9PpHGF9z8igvGcONMiDeaW+wMktSXPM1kx8pugyuUmnKtth9
    3r5LbH9IgFR0L/X2R/Dolob1DtFGiTeRcsNNrkMteq3URqMvPelO2WooITsdOJqh
    pvXxdzIToDa9V5Kd4Ypeyw41eGjthGCvdJJBYe2I5WXtqOLUk3d+PBW+lApKegW1
    tNrqprpTLtCozv3uVAyENObB65tlGRGx6TcmMhfF7RuarDte
    =R67s
    -----END PGP PUBLIC KEY BLOCK-----