Encrypted blog entries
Tue Oct 3 21:48:44 EST 2006
Most social networking sites have a mechanism whereby only the friends of a person can see their blog entries. The standard way to do this is to have a back end database that keeps track of the users logged in to the system and allows them access to the entries only if they are in the list of friends of a given user. This is a server side approach that has a couple of disadvantages:
- increased server load to keep track of the state of the system
- lack of security against eavesdroppers as it can be seen when access to a restricted page is attempted
The second point deserves further discussion. Consider a high traffic website that contains some entries that are restricted to those people meeting a certain criteria eg a news site that restricts access to full articles to subscribers, a blog with personal entries restricted to close friends, www.al-queda.ter restricting details of plans to the true believers, etc. In the server side approach the restricted entries are reached through links that check if the user is allowed access to the entry. Traffic analysis can tell who these users are (although onion routing aleviates this to some extent).
Here is the idea: encrypt the entry and ascii armour it (base64
encode or escape non-printable characters for example).
- binary encoding/decoding function eg base64 (but something that encodes alphanumerics to alphanumerics is better - maybe just escape non-printable characters). The idea here is that an encoded entry can still be displayed on the webpage.
- rc4, DES, whatever
- function to read in password and decrypt the entry based on that password. Print the result with the binary encoding function so that an unsuccessful decryption is still printable.