FAQ: Technical Questions & Answers

What is GoodCrypto's cryptography design?

Cryptography design is sometimes called security design. This leads to the mistake that once you have checked the cryptography, you have checked the security. Other security issues are covered in our Technical FAQ, especially in the threat model and design.

Simplicity

GoodCrypto's cryptography is as simple as we could safely make it. If anything distinguishes our crypto it is what we leave out.

We try to avoid writing crypto. Instead we use GPG and TLS.

We try to avoid state sponsored standards. NSA alone spends at least US$250 (two hundred fifty million dollars) every year sabotaging crypto, including crippling standards. They influence much more in government grants and contracts. From Inside the NSA's War on Internet Security:

This process of weakening encryption standards has been going on for some time. A classification guide, a document that explains how to classify certain types of secret information, labels "the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret.

We don't use Elliptic curve and generally avoid DSA. They are state sponsored standards.

We also try to avoid highly centralized servers. They are obvious targets. Each customer has their own GoodCrypto server running on their hardware and managed by them.

We reduce the attack surface on the GoodCrypto server in many ways, such as omitting an ssh server.

Mail

We use GPG to encrypt and decrypt mail. GoodCrypto follows Jacob Appelbaum's GPG configuration from his duraconf project, modified to avoid key servers. Keys are RSA 4096 bits. We currently don't use public key servers because they are obvious targets and, in our experience, unreliable. If customers want them as a convenience we may add an option to use them.

GoodCrypto distributes PGP public keys P2P in email headers. The protocol is described in the whitepaper under "Step by Step". The customer's GoodCrypto server stores PGP keys. Users can verify fingerprints for stored public keys on the server's local web site.

Net

We use TLS to protect network connections. Again the keys are RSA 4096. Currently we allow fallback to TLS and DSA using SHA1. This is a vulnerability that is necessary for compatibility with other systems. It is an excellent example of why we use layered encryption, such as PGP for email. We will eliminate this fallback as soon as enough other systems are brought up to date.