Stronger certificate encryption strength

Jay
2012-05-02
2012-10-30
  • Jay
    Jay
    2012-05-02

    Is there such a way, or plugins, or methods to increase the supported type of
    certificates and their strength?

     
  • fwaggle
    fwaggle
    2012-05-02

    What types or strengths of certificates are you wanting to use that aren't
    supported?

     
  • Jay
    Jay
    2012-05-02

    OpenPGP + RSA/DSA w/ Elgamal + X.509's supporting 2048 and up

     
  • Mumble is using standard TLS connections and everything that's not supported
    there can't be used.

     
  • Jay
    Jay
    2012-05-02

    Just PGP certificate compatibility

     
  • Why? We're doing connection encryption, not message encryption. These are two
    entirely different systems with a different purpose and they're not compatible
    in any way.

     
  • Jay
    Jay
    2012-05-02

    There is text-based chat inside Mumble. OpenPGP could be integrated for
    further security...

     
  • It's a voice chat program, not a secure IM ... It would add tons of extra
    complexity for non-core functionality and is probably not worth it.

     
  • Jay
    Jay
    2012-05-02

    That's the point, secure voice/text communication. OpenPGP is widely supported
    for email and other communication channels as is very popular. And chat is as
    core functionality as is voice. Is faster to share a long detailed piece of
    information via copy/paste than trying to pronounce it out. IM functions allow
    sharing strings like "269374384688945634647" a 2 second procedure instead of a
    2 minute nightmare by hoping the speaking individual pronounces everything
    correctly or our short term memories remember it. Also more information can be
    pasted or typed faster than the human vocal cords can produce. Text based
    scripture has forever been a reliable mankind asset for communication. Voice
    is just wireless text limited by our muscular anatomies. Every voice software
    should support chart with equal importance.

     
  • Use a server run by someone you trust to share sensitive information. The
    server owner would also be able to record all voice data (and there is no easy
    way to prevent that) and read the text messages etc. so adding extra
    protection for just the text messages is really not useful.

     
  • Jay
    Jay
    2012-05-02

    I'm planning to be the admin ofcourse to protect my users/friends. Also if you
    understand PGP it can be implemented in such way that there is safe exchange
    between recipient and sender...even the public host/admin/ISP/provider is
    malicious etc there would not be an opportunity to Man-in-the-middle and sniff
    the traffic/conversation. Yes it will be effort to implement OpenPGP but it'll
    be very exciting times if it does take place. I feel is just lazy to turn down
    the idea because is a lot of work. If I had the programming knowledge I would
    have released a fork or patches already to the dev team. Instead what I can
    provide is intellectual assets in the form of comments and constructive ideas.
    Overall, I feel OpenPGP or stronger forms of custom encryption should be
    supported on Mumble to keep up that open-source and private environment Mumble
    aims to provide.

     
  • Jay
    Jay
    2012-05-02

    Also, for X.509 if supported...it would be nice if it allowed 2048 and higher.
    I have yet to test this

     
  • Nicos Gollan
    Nicos Gollan
    2012-05-02

    You can use pretty much any key size that is allowed by TLSv1, and that
    doesn't impose a limit AFAICT, so you're welcome to use 4096-bit keys. I also
    successfully used EC-based certificates, which by the way are the polite way
    of increasing security since they put much less strain on the server.

    Having end-to-end encryption support is really out of scope for a realtime
    point-to-multipoint system. If you need secure text chat, use XMPP which
    already specifies support in XEP-0027.

     
  • Jay
    Jay
    2012-05-02

    @ngollan: Thank you very much for the insight

     
  • joe
    joe
    2012-05-12

    which public/private key scheme is used to authenticate the user currently on
    mumble? is it PGP?

     
  • Nicos Gollan
    Nicos Gollan
    2012-05-12

    SSL certificates

     
  • James Chen
    James Chen
    2012-05-13

    Would a 4096 bit key decrease performance/bandwidth or just login delay when
    connecting?

    Also, isn't RSA/DSA stronger then EC?

     
  • Nicos Gollan
    Nicos Gollan
    2012-05-13

    The key size would just slow down the initial connection attempt, after
    authorisation is through the whole thing runs on symmetric AES anyway.

    Elliptic curve crypto needs smaller keys to provide the same "strength" as
    natural prime based algorithms, so it's effectively (a lot) faster than those.