Messages are often encrypted in transit to protect them from eavesdroppers and attackers. However, once a message has been received, there is no way to stop the recipient from saving the unencrypted message for later use.
One way to address this shortcoming is by allowing messages to self-destruct after they have been read. This ensures that even if the recipient of a message copies or saves it for later use, when it self-destructs there will be no copies left on either end of the transmission channel.
Choosing A Time Period
The first decision to make is how long the private note message should be able to survive beyond being read. This is a tradeoff between the time it takes for an attacker to understand that he has been foiled and the time during which there will be no evidence left of having been read.
For example, if you have a message that you want to encrypt and send over an insecure channel, it may take an attacker several minutes or even hours before she realizes that she has received trash. If the message is self-destructing after reading it, the attacker needs to know that immediately.
Choosing An Encryption Scheme
The encryption scheme chosen should be one that is resistant to known attacks and offers forward secrecy. Ideally it will have a self-destruct capability built in where any encrypted messages received can be destroyed after a certain period of time elapses.
Choosing A Key Length
The key length chosen should be chosen so that it is small enough not to compromise the RIPEMD-160 hash function. The smaller the key length, the shorter the period of time that any unreadable message can survive. For example, if we encrypt an unencrypted message with a 128 bit encryption key, it can survive for 4.3 billion years before being unrecoverable (assuming that there are no major technological changes in 2 billion years). If we lower the key to 64 bits, then it can survive for over a million years.
Choosing A Key Management Scheme
The time before the message becomes irrecoverable depends on when the message is encrypted and which algorithm and key length were used to achieve this encryption. On the other hand, determining where any encrypted messages are received also depends on which algorithm and key length are used as well as how this information is stored in memory.
Since key management will have to be centrally performed by the sender and receiver, using a password that is statically stored in memory is not enough. Instead the keys have to be generated centrally and then activated on both ends of the communication.
The simplest way to achieve this is for both sender and receiver to agree on a common activation time (for example, midnight at one of their local times). The sender can then use this activation time (along with the chosen encryption scheme) to activate any messages that he wants received after that activation time.
Leave a Reply
You must be logged in to post a comment.