MSGID: 2:221/1.58@fidonet f8e44f3a   
   REPLY: 2:280/464 61f41203   
   PID: OpenXP/5.0.51 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0500   
   Hello Wilfred van Velzen!   
      
   ** On Friday 28.01.22 - 16:51, Wilfred van Velzen wrote to August Abolins:   
      
    WvV> No Linux DT version?   
      
   Yes.. there is.   
   See https://safester.net/install_linux/   
   [Debian 7+, RHEL 5.5+, Ubuntu 12.04+]   
      
      
    AA>> They do however store the passphrase using a SHA-1   
    AA>> hashcode.  I thought SHA-1 was depricated.   
      
    WvV> It is considered no longer safe, afaik...   
      
   But does it matter so much if the keymanagement is local on the     
   client?   
      
   However, it is somewhat astonishing that SHA-1 was/is even used     
   in the design.   
      
      
    WvV> An attacker with enough resources could in theory find   
    WvV> some or all passwords. And of course that becomes   
    WvV> progressively easier in the future...   
      
   I am not impressed with the reports that people can process     
   millions of hashes per second using dedicated GPUs.  So what if     
   the hashes are decoded. They can't do anything with them to     
   target millions of people enmasse anyway. I think they would     
   have to target SPECIFIC accounts and run the passwords one by     
   one.   
      
   In Safester, the decoded hash would reveal the passphrase, but     
   the decrypting of the messages would be useless without the     
   user's key which would reside in the local Safester prog or     
   app.   
      
    AA>> Safester *is* different operationally.  It doesn't use   
    AA>> the internet email system. Messages are only between   
    AA>> client/server/ client.   
      
    WvV> So you can only exchange messages with other Safester   
    WvV> users.   
      
   Yeah.  :(  But it's not as bad as it sounds!  ;)   I think that     
   may be better than forcing people to try DeltaChat as a 1st-    
   time venture into secure communications.   
      
    WvV> You're not a good sales person for Safester! Because all   
    WvV> the things you mention make me not want to use it! ;-)   
      
   As you, I was convinced that it is not a good system (compared     
   to operating an OpenGPG-based system like gpg manually,     
   Kleopatra, WinGPG, etc.) and having total control.  But now,     
   giving it a bit of a go, it seems to be a fine "environment" to     
   introduce people to the value of secure/private comms.  It     
   looks like regular email (subject, full dates, address book     
   management, wordprocessing tools like bold/italic, bullets,     
   printing, creating subfolders, blocking "forwarding", ..and my     
   favourite: S)earch by subject or body.   
      
   --   
     ../|ug   
   --- OpenXP 5.0.51   
    * Origin: Key ID = 0x5789589B (2:221/1.58)   
   SEEN-BY: 1/123 15/0 30/0 90/1 105/81 106/201 120/340 123/131 129/330   
   SEEN-BY: 153/7715 203/0 221/1 6 360 226/30 227/114 229/110 206 317   
   SEEN-BY: 229/400 424 426 664 700 240/5832 266/512 280/464 5003 282/1038   
   SEEN-BY: 292/854 301/0 1 101 317/3 320/219 322/757 342/200 396/45   
   SEEN-BY: 423/81 460/58 712/848   
   PATH: 221/1 301/1 229/426