AV>> OpenSSL is unsafe (and even worse: it is artificially weakened). AV>> However, secure binkp is real - as well as secure communications AV>> over the Fidonet in general. KK> I also thought about that recently (one two years ago). To my KK> understanding, there are 3 flows: netmail, echomail and fileecho.
Incorrect. There are only files sent to links and received from them.
The first level of protection is transport: the connection _must_ (as in FTA-1006) be encrypted and the peer _must_ be authentificated prior to any bundles (or other files) are sent or received.
The second level is the message routing (for netmail) and distribution (for echomail). Here we already have some basic protection at the tosser|tracker level, but introducing the GPG-based "packer" with encryption and signature checking would be quite trivial.
The third (and final) level is the message content. All we need here is the end-to-end encryption (E2EE), and at least golded supports GPG out-of-box.
KK> With my uplink we established also Packer password for echomail KK> data and Netmail is packed within it.
Passwords may serve as a basic authentification, but should not be trusted really much.
KK> Fileecho, ok, this is specific and not usualy covering any sensitive KK> information.
Until the .torrent files are distributed there.
KK> Another aspect is that in fidonet (most of conferences) we have to KK> use real names (where I know my uplink for very long time [ok, not KK> in person, but very long time]).
Not a problem at all...
KK> So I stayed calm. MD5, whatever then.
MD5 is dead, as well as most of other cryptographic algorithms. Now we still have RSA (with a minimal key length of 4096 bits and recommended of 8192 bits) and ED25519 for the public-key (asymmetric) encryption and signatures. Skein, Streebog and (quite old, but still alive) SHA2 may be used as a hash functions. Twofish, Threefish and Grasshopper are good for symmetric encryption (all three should be used in either "counter" or "ciphertext feedback" mode).
But...
For GPG, the bundle of RSA-4096 + Twofish + SHA2 is the best you can get.
For SSH, personally I use (RSA-8192 | ED25519) + (Blowfish256 (CFB|CTR) | Rijndael256 (CFB|CTR)) + SHA2. And I don't like having no better option.
Pure SSL/TLS (like HTTPS) is totally unsafe.
-- Alexey V. Vissarionov aka Gremlin from Kremlin gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii