Stronger certificate encryption strength

Jay
2012-05-02
2012-10-30
  • Jay

    Jay - 2012-05-02

    Is there such a way, or plugins, or methods to increase the supported type of
    certificates and their strength?

     
  • fwaggle

    fwaggle - 2012-05-02

    What types or strengths of certificates are you wanting to use that aren't
    supported?

     
  • Jay

    Jay - 2012-05-02

    OpenPGP + RSA/DSA w/ Elgamal + X.509's supporting 2048 and up

     
  • Benjamin Jemlich

    Mumble is using standard TLS connections and everything that's not supported
    there can't be used.

     
  • Jay

    Jay - 2012-05-02

    Just PGP certificate compatibility

     
  • Benjamin Jemlich

    Why? We're doing connection encryption, not message encryption. These are two
    entirely different systems with a different purpose and they're not compatible
    in any way.

     
  • Jay

    Jay - 2012-05-02

    There is text-based chat inside Mumble. OpenPGP could be integrated for
    further security...

     
  • Benjamin Jemlich

    It's a voice chat program, not a secure IM ... It would add tons of extra
    complexity for non-core functionality and is probably not worth it.

     
  • Jay

    Jay - 2012-05-02

    That's the point, secure voice/text communication. OpenPGP is widely supported
    for email and other communication channels as is very popular. And chat is as
    core functionality as is voice. Is faster to share a long detailed piece of
    information via copy/paste than trying to pronounce it out. IM functions allow
    sharing strings like "269374384688945634647" a 2 second procedure instead of a
    2 minute nightmare by hoping the speaking individual pronounces everything
    correctly or our short term memories remember it. Also more information can be
    pasted or typed faster than the human vocal cords can produce. Text based
    scripture has forever been a reliable mankind asset for communication. Voice
    is just wireless text limited by our muscular anatomies. Every voice software
    should support chart with equal importance.

     
  • Benjamin Jemlich

    Use a server run by someone you trust to share sensitive information. The
    server owner would also be able to record all voice data (and there is no easy
    way to prevent that) and read the text messages etc. so adding extra
    protection for just the text messages is really not useful.

     
  • Jay

    Jay - 2012-05-02

    I'm planning to be the admin ofcourse to protect my users/friends. Also if you
    understand PGP it can be implemented in such way that there is safe exchange
    between recipient and sender...even the public host/admin/ISP/provider is
    malicious etc there would not be an opportunity to Man-in-the-middle and sniff
    the traffic/conversation. Yes it will be effort to implement OpenPGP but it'll
    be very exciting times if it does take place. I feel is just lazy to turn down
    the idea because is a lot of work. If I had the programming knowledge I would
    have released a fork or patches already to the dev team. Instead what I can
    provide is intellectual assets in the form of comments and constructive ideas.
    Overall, I feel OpenPGP or stronger forms of custom encryption should be
    supported on Mumble to keep up that open-source and private environment Mumble
    aims to provide.

     
  • Jay

    Jay - 2012-05-02

    Also, for X.509 if supported...it would be nice if it allowed 2048 and higher.
    I have yet to test this

     
  • Nicos Gollan

    Nicos Gollan - 2012-05-02

    You can use pretty much any key size that is allowed by TLSv1, and that
    doesn't impose a limit AFAICT, so you're welcome to use 4096-bit keys. I also
    successfully used EC-based certificates, which by the way are the polite way
    of increasing security since they put much less strain on the server.

    Having end-to-end encryption support is really out of scope for a realtime
    point-to-multipoint system. If you need secure text chat, use XMPP which
    already specifies support in XEP-0027.

     
  • Jay

    Jay - 2012-05-02

    @ngollan: Thank you very much for the insight

     
  • joe

    joe - 2012-05-12

    which public/private key scheme is used to authenticate the user currently on
    mumble? is it PGP?

     
  • Nicos Gollan

    Nicos Gollan - 2012-05-12

    SSL certificates

     
  • James Chen

    James Chen - 2012-05-13

    Would a 4096 bit key decrease performance/bandwidth or just login delay when
    connecting?

    Also, isn't RSA/DSA stronger then EC?

     
  • Nicos Gollan

    Nicos Gollan - 2012-05-13

    The key size would just slow down the initial connection attempt, after
    authorisation is through the whole thing runs on symmetric AES anyway.

    Elliptic curve crypto needs smaller keys to provide the same "strength" as
    natural prime based algorithms, so it's effectively (a lot) faster than those.