
Could this ex-NSA hotshot protect your email from hacking? - conorgil145
http://fortune.com/2015/09/24/will-ackerly-virtru-ex-nsa-anti-hacker/
======
tptacek
The security industry is full of "ex-NSA hotshots". Having worked at NSA is
hardly a powerful hook for an article. For starters: only a tiny minority of
those working in tech at NSA are experts on encryption.

~~~
linkregister
... and given that Ackerly was first in IAD working on cross-domain solutions
and then SNIP, I doubt he is an expert on encryption.

What do you think of Virtru? I was hoping you would comment on this article
since you're an actual crypto expert.

Encryption-by-plugin seems less bad than encryption-by-javascript, but their
entire business model depends on us trusting Virtru for key escrow. This
doesn't seem any better than trusting Apple for iMessage or Google for Gmail.
Am I missing anything?

Edit: I guess a malicious attacker would need to take two steps for the
information. One for the encryption key hosted at Virtru, then a second step
to actually capture the emailed message.

~~~
kodablah
I need more details that I can't find in their FAQ[1] and it's not all open
source yet[2]. My main question is about metadata which you cannot really
protect that well w/ how SMTP works. The second question would be how
different this is from PGP/Mailvelope[3] and where the keys are stored for a
user (i.e. the "trusting" you are talking about).

1 - [https://www.virtru.com/faq/](https://www.virtru.com/faq/) 2 -
[https://www.virtru.com/blog/virtrus-open-source-
strategy/](https://www.virtru.com/blog/virtrus-open-source-strategy/) 3 -
[https://www.mailvelope.com/](https://www.mailvelope.com/)

~~~
linkregister
Virtru escrows the keys, at least that's how I interpret this diagram:
[https://www.virtru.com/technology/](https://www.virtru.com/technology/)

------
nickpsecurity
It was a very interesting story to read. Glad they managed to build something
that's is potentially strong while easy to use. That's difficult to bootstrap.
Unfortunately, it's so difficult to design good cryptosystems, protocols, etc.
that I can't trust the product until it gets strong, peer review from a
diverse audience. Both the level of screw-ups in the field and massive
investments in subversion by nation-states means a tool like this needs to be
fully open-source plus local, build option. Note that they can do open-source
w/ proprietary license.

The escrow is also a problem. There's the risk of hackers, malicious insiders,
courts in regular legal system, and the court in the secret legal system. If
you do escrow, it needs to run on the most secure and tamper-resistant systems
you can throw at it w/ 3rd parties verifying this. Given above risks, it's
better if they _don 't_ do escrow and instead switch to a private/public key
model. Bernstein et al have given us some really fast and secure software for
that, too. They just auto-generate the key-pairs locally & handle the public
key management instead. Would be a nice improvement.

------
linkregister
Congratulations to the Virtru team for your success! I remember in 2012 when 2
of the guys were working on a cryptographic binding contract and left to join
this startup.

