Difference between revisions of "Security"

Security

This article is intended to answer the questions of security experts that like to have a deeper look at the regify-service. If you are an expert having additional questions, please feel free to send us an e-mail at info (at) regify.com (subject "security questions").

security questions and answers

Q: You use SHA256 hashcodes to find the message-keys in the clearing database. Isn't there a high risk in collisions that may leak security?

A: If we have a "perfect" hash function with output size n, and we have p messages to hash (individual message length is not important), then the probability of a collision is about p²/2ⁿ⁺¹ (this is an approximation which is valid for "small" p, i.e. substantially smaller than 2^n/2). For instance, with SHA-256 (n=256) and one billion messages (p=10⁹) then the probability is about 4.3*10^-60 (0.0000000000000000000000000000000000000000000000000000000000043%). Additionally, the message is not only compared against the message-hashcode. The recipients hashcode needs to match perfectly to this transaction, too. Upon this, the risk of a collision is very very low...

Reference: http://en.wikipedia.org/wiki/Birthday_Paradox

Q: You use 1024 bit RSA keys for identity-file and securing clearing-communication. Isn't the length of 1024 bit too less?

A: You need to keep in mind, that the regify-system does not encrypt the messages itself using these RSA keys. The messages are getting encrypted using AES256 and the message-key is stored directly in the clearing-service. The RSA encryption is used for two purposes:

1. Securing the communication between regify-client and clearing. In this case, the encryption needs to "hold" only for the duration of of the communication process. Additionally it needs to "hold" for the time a attacker is willing to spend to break it.
2. Used as Private/Public key pair in the regify identity-file. This one is used to ensure the authentication of the user against his regify-provider. Additionally, the communication between the regify-client and the regify-provider is secured by this keys. As the messages itself are not associated in any way with this identity-file, the identity-file can get renewed as often as the customer likes to. Upon this, the same answer as on 1. is adequate here. Furthermore, the used algorithms and bitlength can get changed at any time in the future - without having any effect on the message accessibility.

Upon these facts, and contrary to PKI solutions, using 1024 bit for RSA enryption is an ideal compromise between security and speed. Anyhow, each provider is able to raise the bitlength up to 2048, 3072 or 4096 bits for his individual preference.

Q: Why don't you use PKI techniques and standards like S/MIME or PGP?

A: regify does not work as PGP or other PKI methods. The benefits of the regify-system would not have been possible, if we would use these standards. The benefits, that are resulting directly on the abstinence of standard PKI techniques, are:

• regify is much easier to understand, to administrate and to handle.
• regify generates a confirmation of receipt.
• regify transactions are traceable and auditable at any time (history).
• you only have to know a persons email address to be able to send her a regify e-mail.
• you don't need to actualize certificate revocation lists, manage trust-center certificates or any other certificate servers.
• in the regify portal, you can manage representatives. Thus, a user can have his important e-mails processed in a controlled manner during his absence.
• and many others...