9 votes

Host your own email server. I did.

I loosely followed this tutorial. It's actually easy.
http://www.youtube.com/watch?v=7SZcogPRXNk




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Yes - I agree - hosting yourself limits the exposure

to the actual time on the wire. But again - unless the person you are mailing is on a private server -well - there you go again - you can only control half of it.

And while I would like to believe the same about all the traffic - I start to wonder everyday. It is only a matter of time if they cannot now.

Even if - they dont need all of it. Even parsing bits and pieces of this post is enough. Hell, just posting on this site is probably enough.

I know

I know it does just limit exposure, but I feel better knowing I at least can control some part of it. For what it's worth.

Regarding encryption, how can

Regarding encryption, how can people claim that it's safe? Do both ends not have to have the same key? Logically this would mean the key has to be transmitted unencrypted, or encrypted with a public key, and can be intercepted anyway to decrypt the data. I don't know what's worse, our country targeting people for their political and religious beliefs, or people fearing government to cower their data away. The second certainly enables the first to try harder. I would be proud to be targeted by a drone for something I said.

Please come join my forum if you're not a trendy and agree with my points of view.

Check out Wikipedia for

Check out Wikipedia for public key cryptography.

The point is that the public

The point is that the public keys exist unencrypted and does nothing more than just using a single secret key. The public key must be the same to get the same result after applying it and the secret key. If the public keys were different it would take some serious computing power to just encrypt stuff because you would have to solve what two unique private key would give the same results from two different public keys. It could take thousands of years to encrypt something on the average desktop.

Please come join my forum if you're not a trendy and agree with my points of view.

I mean no offense, but you

I mean no offense, but you don't understand the technology or the attacks. Your statement is flat out wrong.

If you understand it so well,

If you understand it so well, brainiac, explain it instead of being offensive. Otherwise, you look just as foolish as the person who is supposedly wrong.

There is no way to transfer a private key that can't be broken. If it's by applying a public key to it, it takes a while to test all public keys against it, but it's millions of times quicker than brute force. If a private key is sent unencrypted, that's a gift to whoever is snooping. The only way I see of any encryption being safe is if you physically transport the key somewhere and no one intercepts it in between through theft. Even then you can't quote a 100% figure.

Please come join my forum if you're not a trendy and agree with my points of view.

I told you to read the

I told you to read the Wikipedia page on the subject because you have obvious misconceptions. The private key is never transmitted for starters. I can't do a better job of explaining it than Wikipedia... especially from my cell phone. I'm not smarter than you. Just read a few detailed articles and you will also see what I'm pointing out here.

A public key doesn't have to

A public key doesn't have to be transmitted to be known. It's public. I really don't get how both private keys cannot be the same, therefore, in my mind they are the same and they had to have been transmitted somehow. It even says in that article what I said. The data can be brute force attacked with public keys, then you can get the private key and decrypt. If you manage to get the packets that contained the encrypted private key, then you can do anything. It just takes computational power. The public key is generated long before the exchange, so someone who is sniffing all traffic ever, like the NSA, can easily decrypt things instead of needing to brute force stuff.

Please come join my forum if you're not a trendy and agree with my points of view.

A public key is used to

A public key is used to encrypt data and the corresponding private key is used to decrypt that data. Knowing a public key doesn't help you discover its corresponding private key. Private keys are never exchanged. This type of crypto is also known as "asymmetric" because there are two keys where one encrypts data and another decrypts it. The type of crypto you are familiar with is "symmetric" where the same key is used for both encryption and decryption. Asymmetric algorithms are used to exchange a secret which is then used for symmetric encryption. Symmetric encryption is much faster than asymmetric, so generally asymmetric is used for exchanging secret keys and for signing purposes.

Private keys can be used to sign messages and the public key can be used to verify those signatures, thus providing message authentication.
http://en.wikipedia.org/wiki/Public_key

Other systems to exchange secret keys over insecure channels are possible.
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exch...

Video explaining how it works with paint:
https://www.youtube.com/watch?v=6NcDVERzMGw

The problem is NOT sending crypto keys over insecure channels. Do you really think all computer scientists, cryptographers, engineers, etc who have spent their entire careers studying this stuff are so stupid that they wouldn't realize transmitting secret keys over insecure channels is insecure?

The key distribution problem is knowing the public key you receive is really from who it claims to be from, and there are workable solutions to these problems but there just hasn't been enough demand for them to become widespread.

It doesn't make sense, and an

It doesn't make sense, and an example with paint is just stupid. Both people apply the same public key. Each person is sending different data. So why in the end should the colors, or data, be the same if they both sent different data? You can't decrypt something with an unknown key.

Please come join my forum if you're not a trendy and agree with my points of view.

I assure you DH key exhange

I assure you DH key exhange really does work. Both parties don't apply the same public key, they apply the other's public key.

If that doesn't make sense to you, I have another example: RSA. It's the original public key algorithm. It exploits the inherent difficulty of factoring products of prime numbers. You can try it on paper with relatively small numbers to prove it works.

Listen, you cannot get the

Listen, you cannot get the same data by encoding with one key and decoding with another and different key. These keys you talk about have to be transferred somehow, and in an unencrypted manner.

Please come join my forum if you're not a trendy and agree with my points of view.

TwelveOhOne's picture

Please go way back and read the wiki subject thoroughly

If there is something you do not understand about it, use wiki's features to research it.

Your presentation is snobbish and the words you use are abusive. This does not endear people to want to spend their precious time explaining this to you who seem to be willfully misunderstanding.

The way it works without sending secret information is that two keys are chosen by computer A, and two by computer B. The two keys have a mathematical property. When A wants to send B information securely, they exchange the "public" key but never exchange the "private" key. (In this sense, "public" and "private" can be read as "X" and "Y", you said "public means it's in the public and doesn't need to be exchanged" which is a mischaracterization of how this works; the "X" key is never shared, the "Y" key is given to all).

The next step is A encrypts the message using A's private key ("X" key which is never shared with anyone, including B) and B's public key (or "Y" key which can be shared with everyone). When B receives the encrypted message, it is able to decrypt it using a combination of A's public key ("Y" key) and B's private key ("X" key), because of the mathematical relationship of the keys, mentioned earlier.

You need to investigate further than what you think you see on the surface. And like the other commenter pointed out, if you think you see an "obvious" flaw in some software that people have been thinking logically about for years, you might want to verify what you think you perceive before communicating about it.

Or as my dad told me years ago, "it's better to keep quiet and be thought a fool, than to open one's mouth and remove all doubt."

I love you. I'm sorry. Please forgive me. Thank you.
http://fija.org - Fully Informed Jury Association
http://jsjinc.net - Jin Shin Jyutsu (energy healing)

My main point was that

My main point was that someone like the NSA has back doors and raw computing power to break apart these schemes. They store it regardless of encryption, and they have all the time in the world to decrypt it.

Please come join my forum if you're not a trendy and agree with my points of view.

Encryption is great - if you are protecting against

the average person(like those working at your isp). However - it wont do much against the NSA - they will just break the encryption - because they have those kind of resources. It like locking your doors - it certainly is a good idea - but dont think it is going to stop someone truly motivated.
Think of encryption as locking the door.
Weak encryption is like locking a door that has glass panes - not very hard to just break the pane and unlock the door.
Better encryption is a solid door with no glass
Best encryption is a reinforced door with anti-pry features.

All good.
But the NSA in the end will just drive a truck through if they need to. Eventually the door comes down if they REALLY want the door open.

Not necessarily

It's far from certain NSA retains any significant crypto advantage over open research. Their historical advantage was from a time when only governments and large companies owned computers at all. I suspect the advantage they do have is the ability to effectively attack endpoints. The attack surface of any endpoint is huge if you can be MITM. The room 641A style operations are most likely read only but I bet they can target endpoints for MITM attacks for the purpose of providing bad keys or executing code injection attacks without having to cause the target to visit an attack server with his vulnerable client. The prices of exploits for client side bugs leads me to believe this sort of thing goes on. And we haven't even discussed trojan updates. If Microsoft will give up any stored content, why not use Windows Update to trojan my PC? Just like Hushmail did to its email client.

That's my point, and you put

That's my point, and you put it in a more expanded and clearer way. Yeah, it can help prevent your common hacker from getting info, but the NSA has all of the computing power in the world and they can likely break encryption within seconds. I think people who are serious about fomenting insurrection are going to be using stuff like mirrors and Morse code, regardless of the status of internet security.

Please come join my forum if you're not a trendy and agree with my points of view.

Is there a way to have email

Is there a way to have email server on linux?

regarding the startmail... Yes, better than Gmail. However keep in mind that Prism (and other programs) are connected to the backbone.

Smartmail will protect you against the voluntary data requests, but it will not protect email coming to/leaving from startmail servers.

Engage in Secure Exchange

yes, unix servers come with

yes, unix servers come with smtp (simple mail transfer protocol) service.

Linux is probably the best

Linux is probably the best and easiest way to host anything.

Please come join my forum if you're not a trendy and agree with my points of view.

Linux email server? Yes

A few years ago I had an Ubuntu email server in my house. Sorry I cannot remember the name of the server. As far as the backbone question, I am planning on buying an SSL cert to encrypt the data.

I'm waiting for Startmail to

I'm waiting for Startmail to release the beta version of their new private email service later this summer.

“Let it not be said that no one cared, that no one objected once it’s realized that our liberties and wealth are in jeopardy.”
― Ron Paul