Jump to content

Encrypted/Signed Emails and Attachments

V.T. Eric Layton

By V.T. Eric Layton
in Security & Networking

 Share

Recommended Posts

  • Replies 128
  • Created
  • Last Reply

Top Posters In This Topic

  • V.T. Eric Layton

    43

  • securitybreach

    40

  • Reynaldo

    6

  • goretsky

    5

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

RichardKR
RichardKR

More than an interesting thought, nearly a certainty in my paranoid mind.   Many of you on this forum remember how excited we were when personal computers were finally becoming a reality. Most comp

goretsky
goretsky

[Edit for grammar. AG]   Hello,   Interestingly enough, if you look at the section above that in the Wikipedia article on PGP, it mentions how it was distributed on the Internet by an individual

Corrine
Corrine

A timely article on Malwarebytes blog: Encryption: types of secure communication and storage | Malwarebytes Unpacked

securitybreach

securitybreach

Posted
Posted

Well luckily PGP was developed 20 years ago so they can't just seize the work now.

 

That said, they did try to prosecute him:

Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

 

Zimmermann challenged these regulations in an imaginative way. He published the entire source code of PGP in a hardback book,[13] via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case)

http://en.wikipedia....l_investigation

  • Like 2
Link to comment
Share on other sites
goretsky

goretsky

Posted
Posted (edited)

[Edit for grammar. AG]

 

Hello,

 

Interestingly enough, if you look at the section above that in the Wikipedia article on PGP, it mentions how it was distributed on the Internet by an individual named Kelly Goen, who drove around from location to location, uploading the source code to sites on the then-nascent Internet before going to the next one.

 

Even more interestingly enough, one of the places Kelly visited was McAfee Associates. I remember when he stopped by to use our Internet connection to do so.

 

Regards,

 

Aryeh Goretsky

Edited by goretsky
  • Like 3
Link to comment
Share on other sites
goretsky

goretsky

Posted
Posted

Hello,

 

The Washington Post article precedes the New York Times one by a few months. Given the lack of specifics about what might or might not be accessible to the NSA, it is probably not a good idea to solely rely on products like PGP. One thing to keep in mind is that intelligence agencies have a vested interest in people continuing to believe that the cryptosystems they are use are secure....

 

Regards,

 

Aryeh Goretsky

  • Like 2
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

You're probably right, Aryeh. There's no hope. Privacy in this world is dead... DEAD, I tells ya'. There's only one way to have privacy nowadays... move waaaaay far away to some remote part of the world with no modern amenities, no phones, no electricity, no mail service, no prying government eyes. Live in a plywood shack with a good supply of books...

 

sp_offgrid.jpg

 

sp-missing.jpg

 

0b0510147388623.jpg

 

pirate.gif

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

The NSA offering how-tos on encrypting emails and documents using OpenPGP... this can't be good. :(

 

https://www.nsa.gov/ia/_files/factsheets/I73-FS-035-09.pdf (Note: this opens a .pdf document stored on the NSA's servers)

 

EDWARD SNOWDEN: How To Make Sure The NSA Can't Read Your Email

 

 

There still seems to be NO DEFINITIVE answer as to whether or not the NSA can crack PGP. I tend to lean toward Aryeh's attitude, though... don't put it past them. They have capabilities that the unwashed masses will never know of... EVER. And, as Aryeh suggests, it's in the NSA's bests interests to have the world think they're struggling to decypher our silly little encrypted emails.

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

Signing off? :(

 

I don't agree with that method of protest, if that's what you're intending. I understand why a service provider like Lavabit would shut down, but we NEED MORE folks like you, Fran, raising H3LL, not less.

 

our-lives-begin-to-end_zpseeaca6ea.jpg

 

b82dabd2df5c4d467be5c6ed60c078e8_zps29027d87.jpg

 

SILENCE2BIS2BACCEPTANCE_zps72238f06.png

 

Pictures worth many words. :)

  • Like 2
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

Feds Asked Yahoo For Data 12,444 Times In First Half Of Year

 

 

In its "transparency report," Yahoo adds that it:

 

"Has joined no program to volunteer user data to governments. Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act, and recently won a motion requiring the U.S. Government to consider further declassifying court documents from that case."

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

I may restore my old blog database, but right now I am worried. This is what I call 'chilling effects' of our government making Citizens feel like they can't have Freedom of Speech without danger to themselves.

 

I may change my mind but right now, I feel stifled by our own government's attitude problem.

 

I do still say some things here and there, but have made a statement with my blog.

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

RAISE H E L L !

 

I doubt Big Bro will be knocking on your door anytime soon. They have other things to keep them busy.

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

many folks are starting to wake up and rub the sleep from their stupefied eyes

 

Maybe, but not enough yet, I don't think. In your everyday real life, take an informal poll from the folks you interact with on a daily basis. I did. I found that about 1 in 100 even is aware of these recent NSA and privacy related news stories. It's disheartening to talk to these ignorant sheeple. It really is. :(

  • Like 1
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

Am I just being paranoid?

 

I had a disturbing thought a little while ago...

 

I know that the big push by businesses and others to get us to dump all our data and apps into the cloud is mostly about the almighty $, as usual. However, here's the bad thought... wouldn't Big Bro just love to have all your stuff in the cloud where it's so easily accessible for them. They wouldn't have to worry a bit about trying to hack into your personal system that way. It would all be on that big cloud just sitting there waiting to be crawled by NSA bots and analysts.

 

Hmm... interesting thought, huh? :ermm:

  • Like 1
Link to comment
Share on other sites
RichardKR

RichardKR

Posted
Posted

More than an interesting thought, nearly a certainty in my paranoid mind.

 

Many of you on this forum remember how excited we were when personal computers were finally becoming a reality. Most computer users today weren't around during this time and can't even imagine how exciting it was to have your own PERSONAL computer that you were in charge of and you customized to do what you wanted. When the Altair kit came out we realized that personal computing was on it's way. We read everything we could find about these miracle devices. I remember typing in pages of tiny print of computer code published in Byte or PC Magazine. We endured what would seem today as incredible obstacles without a complaint. Cassette storage! Vic 20, TRS80, and finally the IBM PC with open architecture and enormous floppy disk storage. What excitement. Anybody here ever go to a User Group? Bring a ton of equipment and take hours setting it up just to demo a new program or device.

 

We were finally off the mainframe/workstation treadmill. What freedom! It was a time in the computer industry that will never be duplicated, ever. And now the call of the industry is to go to the "Cloud". Which is putting you back on the mainframe and making your PC a workstation that depends on a connection to the big computer in order to do anything. This depending on the faceless people in the white lab coats for our computing experience is unacceptable. It is LESS freedom, not more. Give up your freedom for a little convenience? Not for me thank you. Trust a corporation with your data? Insane.

  • Like 4
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
  • Author
Posted

It is LESS freedom, not more. Give up your freedom for a little convenience? Not for me thank you. Trust a corporation with your data? Insane.

 

Sadly, those of us who realize this are definitely in the minority. :(

  • Like 2
Link to comment
Share on other sites
crp

crp

Posted
Posted

Am I just being paranoid?

 

I had a disturbing thought a little while ago...

 

I know that the big push by businesses and others to get us to dump all our data and apps into the cloud is mostly about the almighty $, as usual. However, here's the bad thought... wouldn't Big Bro just love to have all your stuff in the cloud where it's so easily accessible for them. They wouldn't have to worry a bit about trying to hack into your personal system that way. It would all be on that big cloud just sitting there waiting to be crawled by NSA bots and analysts.

 

Hmm... interesting thought, huh? :ermm:

I think about with the online backup services. On the one hand, offsite backup that is supported by redundancies is terrific. on the other hand, they have all the data unless encrypted prior to backing up. Most services for businesses allow for AES encryption on the fly, but that leaves an opening. CrashPlanPro offers an option on the AES encryption - appending a passphrase to the initial encryption phase.

Similar to TrueCrypt there is a downside - forget the passphrase and forget seeing your data again.

  • Like 1
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

I think about with the online backup services. On the one hand, offsite backup that is supported by redundancies is terrific. on the other hand, they have all the data unless encrypted prior to backing up. Most services for businesses allow for AES encryption on the fly, but that leaves an opening. CrashPlanPro offers an option on the AES encryption - appending a passphrase to the initial encryption phase.

Similar to TrueCrypt there is a downside - forget the passphrase and forget seeing your data again.

 

SpiderOak also is encrypted before it leaves your computer; it is encrypted end to end and stays encrypted with your key (that you hold ... again, you must remember it or lose your data) on their servers.

 

Personally I would prefer that to any other ways available out there despite the remote possibility of losing the key.

Link to comment
Share on other sites
abarbarian

abarbarian

Posted
Posted (edited)

Hmm. I'm still reading up on this subject. Third time I have had a good read over the years and it is starting to make sense at last.Rather like watching a glass of beer clear slowly. I'll be posting soon and replying to em's.

Tail end of a busy summer, be back to normal soon. :breakfast:

 

http://blog.sanctum.geek.nz/series/linux-crypto/

 

I found this which has helped.

Edited by abarbarian
  • Like 2
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted

Speaking of...

 

From Hak5's ThreatWire:

 

The Black Budget leaked. Has the NSA broken your crypto?, Google and Microsoft want to make everything clear to the masses, and the SEA isn't spreading malware... most likely... . All that and more this time on Threat Wire!

http://hak5.org/threatwire/0042

  • Like 1
Link to comment
Share on other sites
abarbarian

abarbarian

Posted
Posted

Excellent! Bookmarked for extensive perusal soon. Thanks, E!

 

:)

 

I need to read through it again but I got the impression that it was a clear and easy to follow guide for what is quite a complex subject. B)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...