<p dir="ltr">I am certainly no expert, but I'll toss this idea out anyway: use a physical one-time pad. The pad lists one code per page. The pages are numbered. Everyone in your secure circle gets a copy of the pad. Use a numbered code page once, then destroy the page. In your message, you give the page number. If the reply does not include the proper code, it's been compromised.</p>
<p dir="ltr">Best,<br>
Mike LaTorra</p>
<div class="gmail_quote">On Nov 25, 2014 7:00 AM, "spike" <<a href="mailto:spike66@att.net">spike66@att.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">Security hipsters, I need some advice or ideas. We have a group of family history researchers, about a dozen of us who work together, share photos, family lore, findings from DNA and so forth. Recently one of our circle went off her meds and did a lot of damage by hacking into another member’s email and writing messages to the other members with a false From line, all with carefully calculated malice. It has us really freaked, because this cousin is very unpredictable and has a lot of brains and a lot of ill will, with more internet protocol savvy than the rest of us combined (she is a computer security expert.)<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I am thinking of a way to write some kind of code word or something into our email such that it would be evidence the message is from who it says. Is there a standard way of doing this? We can exchange the code word via phone so if the party in question has access to our email, it wouldn’t be intercepted. Ideally it would be some kind of rotating code, different with each message but derived by some kind of externally-accessible information, not easily guessed. An example would be the F10.7 cm radiation average from the sun on a given day. That could be looked up each day and put in the email message somewhere. Archives exist, so we could even go one year back. Ideally we would want a code that changes by the hour. Ideas please? What do you security guys do to verify a sender?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I don’t think my email has been compromised, so posting here or privately is OK.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">spike<u></u><u></u></p></div></div><br>_______________________________________________<br>
extropy-chat mailing list<br>
<a href="mailto:extropy-chat@lists.extropy.org">extropy-chat@lists.extropy.org</a><br>
<a href="http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat" target="_blank">http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat</a><br>
<br></blockquote></div>