

Ask HN - I have an idea but no means of creation; where should I present it? - luckyno13

I am no programmer, nor do I know everything about transmitting protocols or encryption. But I am quite passionate about my privacy, and the privacy of those activists and journalists that need the secure communication provided by such protocols.&lt;p&gt;This being said all of the recent happenings with the gov on both sides of the oceans has had my ticker in overtime on a solution, or the start of one. Where would be a good place to present this sort of idea for creative and constructive criticism? (Note that I am not looking to make money from my idea, Id rather everyone just be able to communicate safely, if my solution has any validity at all that is.)&lt;p&gt;Thanks.
======
luckyno13
The way I see it, we have two core issues at hand with email and privacy. 1)
The NSA is intercepting email in transit and/or 2) They are obtaining access
to where ever the email records are stored via legal or non legal means.

My solution is a local application installed on the computer itself used for
email functions, similar to that of Outlook or Thunderbird. Except with no
centralized server for transmitting or storage. Instead store all
communication logs and copies locally on the clients computer. Along with
encryption certs unique to each persons computer. When generating your certs,
you would generate with a specific person in mind, so that when you put in
parameters for generating a new, unique key, the other person that you are
wanting to communicate with can create a corresponding cert that will decrypt
the message upon arrival.

One problem I have already is to have keys that reflect the ability for each
persons client to read each persons emails. How do you share something you
want to keep secret, to keep things secret, without exposing the keys to
flaws.

Anyway, moving on, the actual trick I have come up with though is splitting. I
want to send an email to person B, so I type it up, I hit a button that says
"prepare to send" which sets into action a few steps. One, it fills the email
with random crap that doesnt matter to make it larger. Two, it splits this
new, larger email, into say, 20 smaller files, but in random splits that will
have to be remerged once it has been received. Because it has been split into
pieces, we will also want to send each piece through a different transit
server before it hits its destination. In this way, even if the emails get
caught in a dragnet, or are even targeted, they would have to be lucky enough
to get all 20 pieces, know how to decrypt them, put them back together, and
get rid of the BS that was filled into them. With them split and going in
different ways before going to the same place, and the gov entity not knowing
how many pieces there were, they wont even know how many they are looking for.

So

Message - process - FILL with random (Im thinking this is more like salting if
im not mistaken). Split into x number of emails Send through multiple servers
so not as easily obtained, tracked, or pieced together. Received by the
recipient software that can reassemble, take out the BS, and decypher the
encryption locally. None of it ever stored anywhere but the 2 persons
computers.

When I say fill with bs, I mean like you typed-

Dear John,

Marry had a little lamb. Daddy killed it dead. Marry took it to school next
day between two pieces of bread.

Love Bob

You take this and add characters all throughout the email, jumbling the
sentences before the messages themselves are even encrypted by some other
standard means. And before that standard method is used, the email has been
shattered into many many emails of random number before you even wrap it up to
be used for transit.

Sorry for the wall of text and probably repeating myself, but I am trying to
be thorough in my explanation so as to prevent misunderstandings. I am also
typing in a hurry because I have to leave the lab and wont be on for a little
while.

Anyway, Im just throwing it out there. Thanks.

------
beat
I would start by reading Bruce Schneier's superb book _Applied Cryptography_ ,
to see if you're already on a well-trodden path. Computer security and
encryption as a technical matter is a very deeply analyzed problem with lots
of real world experience.

So basically, don't assume your solution is novel. If it seems novel and
you're not an expert, then odds are a: it's not actually novel, or b: it won't
work.

 _Applied Cryptography_ is a pretty accessible book. It helps to have a lot of
CS and math, but it's not absolutely necessary to get the gist of most of it.

~~~
luckyno13
Well I have a very basic understanding of the methods I would think to employ,
but I appreciate the info. I will look into it. Truth be told, I just happen
to try to approach all problems with a fresh mind. Poke around and see if it
has been done. I am under no illusion that its the grand fix all, but I always
hope when I sit down with someone that they can help me flesh it out, or it at
least puts their gears in motion. My limitation is actually going and doing it
myself with my shallow knowledge pool. The pitfalls of tryin to dabble in
everything and gaining expertise in nothing ;)

Thanks again though!

------
vissi
So if it's not commercial, why don't you discuss your idea here, in public?
You may also ask a question on Quora.

~~~
luckyno13
The problem with my ideas usually isnt that they are bad, its that they wont
work or they have been done in some way without my knowledge. But Im fine with
presenting it here, but I will do so in a non responded thread above.

