RFC: More secure emailing system

[jamespeilunli]

Overview

I want to create a program that can let two people communicate even more securely through mail. The program would involve just one truly random starter key that only the sender and reciever should know, and that's it.

This program will be completley text based on the command line; no graphics, just ASCII characters.

The Problem

Background & Motivation

The major email clients today (Gmail, Outlook, Yahoo Mail, etc.) have pretty good encryption systems to the point that it's a very rare thing to have hackers read your emails. That's why this program is not designed to prevent against these expierienced hackers. No, this program is meant protect against the idiots (normally kids) who think they are hackers. Because admit it, a lot of people (normally kids) leak their passwords to these fake hackers. Maybe they tried to send their password to their friend (for whatever reason) and they accidentally sent to a group chat, or worse, an entire discord server. Maybe they gave their password to someone who said they could give them robux for it. Whatever the reason, this program has your back. Just give someone at the other end of an embarassing email thread (it's good material for fake hackers to make fun of you on social media) this program and a truly random key, and BOOM, these fake hackers don't have anything to make fun of you with.

Solution

Goals

Can:

• Successfuly send emails between 2 people
• Encrypt every message the 2 people send
• Decrypt every message the 2 people send

Does not:

• Leak the 2 people's emails or passwords
• Require multiple keys
• Have very weak encryption

Non-goals

• There are no graphics; it's text-based on the command line; ASCII characters, although UTF-8 will probably work too
• Good encryption; not weak encryption an idiot can decipher

Dependencies

We will need a library that can send emails and view email threads. This might be good.

Alternatives/Prior Art

Of course, email clients encrypt emails so that (hopefully) hackers cannot read the emails. The difference between these clients and this program is that with the email clients, if the hackers get access to your account, they can immedietley read your emails without cracking any ciphers.

Detailed Design

I was inspired by some people using a exerpts of a book as keys for the one-time pad cipher in a world war. I thought: Wouldn't the key be even more secure if it was the plaintext of the previous message? And so this project idea was born.

First, exchange emails with the person you will start the thread with (if you haven't already) and give him the truly random key. The program will start an email thread taking that key the same length as the first message being sent (make sure the message length is approximatley the average length of a message you would send in this thread and the message is a normal message (variety of characters)). When the first message (encrypted) is sent, the plaintext of the first message, ciphered using the substitution cipher using a preset key, will become the key of the next message sent. If the next message length is longer than the now key, append the plaintext ciphered using the substitution cipher using a different preset key to the now key. Repeat.

[dealingwith]

1. I like this idea -- basic ciphers is a great CS problem to solve
2. What server would the emails go through?
3. I might have missed it, but how do the two parties exchange keys?
4. What's the UI look like? Is this all on the command line?

[dealingwith]

I also like the spy aspect of this one 🕵️

[dealingwith]

W/ one-time pad cipher, the key has to be longer than the message

[dealingwith]

MVP: don't send email, just spit out the ciphered text

[dealingwith]

All on the cmd line

[dealingwith]

Would read text from a text file

[dealingwith]

I might have missed it, but how do the two parties exchange keys?

TBD

[dealingwith]

@jamespeilunli to pursue this project in his own repo