Jump to content
V.T. Eric Layton

Encrypted/Signed Emails and Attachments

Recommended Posts

securitybreach

Hello,

 

The underlying algorithms might be secure (or at least highly-resistant), but that does not mean every implementation of them is.

 

If I were trying to keep information from law enforcement, I would not rely on encryption alone.

 

Regards,

 

Aryeh Goretsky

 

Agreed but I imagine GnuPG is a good implementation due to it being open source.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Three can keep a secret, if two of them are dead. ~Benjamin Franklin

  • Like 2

Share this post


Link to post
Share on other sites
Temmu

friends,

anyone developing secure encryption is contacted by their government and the work is confiscated in the name of national security.

failure to surrender the work always results in confiscation anyway, and jail time for the creator.

 

just as there are brilliant en-cryptologists, there are those who devote their life to de-crypting.

their methods possibly enable the cracking of algorithms in the public domain in short order

anything not easily cracked is confiscated as a threat

no doubt, no one publishes their decrypt methods, it's classified, and they'd be jailed.

 

sorry, folks, we don't legally have rights to secure communication.

 

ps

remember, enigma was cracked with paper punch tape.

Edited by Temmu

Share this post


Link to post
Share on other sites
securitybreach

Well luckily PGP was developed 20 years ago so they can't just seize the work now.

 

That said, they did try to prosecute him:

Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

 

Zimmermann challenged these regulations in an imaginative way. He published the entire source code of PGP in a hardback book,[13] via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case)

http://en.wikipedia....l_investigation

  • Like 3

Share this post


Link to post
Share on other sites
V.T. Eric Layton

That's pretty cool. I never knew that. :yes:

Share this post


Link to post
Share on other sites
goretsky

[Edit for grammar. AG]

 

Hello,

 

Interestingly enough, if you look at the section above that in the Wikipedia article on PGP, it mentions how it was distributed on the Internet by an individual named Kelly Goen, who drove around from location to location, uploading the source code to sites on the then-nascent Internet before going to the next one.

 

Even more interestingly enough, one of the places Kelly visited was McAfee Associates. I remember when he stopped by to use our Internet connection to do so.

 

Regards,

 

Aryeh Goretsky

Edited by goretsky
  • Like 4

Share this post


Link to post
Share on other sites
goretsky

Hello,

 

The Washington Post article precedes the New York Times one by a few months. Given the lack of specifics about what might or might not be accessible to the NSA, it is probably not a good idea to solely rely on products like PGP. One thing to keep in mind is that intelligence agencies have a vested interest in people continuing to believe that the cryptosystems they are use are secure....

 

Regards,

 

Aryeh Goretsky

  • Like 2

Share this post


Link to post
Share on other sites
V.T. Eric Layton

You're probably right, Aryeh. There's no hope. Privacy in this world is dead... DEAD, I tells ya'. There's only one way to have privacy nowadays... move waaaaay far away to some remote part of the world with no modern amenities, no phones, no electricity, no mail service, no prying government eyes. Live in a plywood shack with a good supply of books...

 

sp_offgrid.jpg

 

sp-missing.jpg

 

0b0510147388623.jpg

 

pirate.gif

Share this post


Link to post
Share on other sites
V.T. Eric Layton

The NSA offering how-tos on encrypting emails and documents using OpenPGP... this can't be good. :(

 

https://www.nsa.gov/ia/_files/factsheets/I73-FS-035-09.pdf (Note: this opens a .pdf document stored on the NSA's servers)

 

EDWARD SNOWDEN: How To Make Sure The NSA Can't Read Your Email

 

 

There still seems to be NO DEFINITIVE answer as to whether or not the NSA can crack PGP. I tend to lean toward Aryeh's attitude, though... don't put it past them. They have capabilities that the unwashed masses will never know of... EVER. And, as Aryeh suggests, it's in the NSA's bests interests to have the world think they're struggling to decypher our silly little encrypted emails.

  • Like 1

Share this post


Link to post
Share on other sites
securitybreach

Well that pdf was created in 2009 but yeah dunno how I feel about that.

  • Like 1

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Yup... know what you mean, bro. :(

  • Like 1

Share this post


Link to post
Share on other sites
LilBambi

Did you happen to see my personal blog these days and the new addition to the pages listed at the top?

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Signing off? :(

 

I don't agree with that method of protest, if that's what you're intending. I understand why a service provider like Lavabit would shut down, but we NEED MORE folks like you, Fran, raising H3LL, not less.

 

our-lives-begin-to-end_zpseeaca6ea.jpg

 

b82dabd2df5c4d467be5c6ed60c078e8_zps29027d87.jpg

 

SILENCE2BIS2BACCEPTANCE_zps72238f06.png

 

Pictures worth many words. :)

  • Like 3

Share this post


Link to post
Share on other sites
securitybreach

I agree with Eric, silence would almost be like giving in to the threat.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Feds Asked Yahoo For Data 12,444 Times In First Half Of Year

 

 

In its "transparency report," Yahoo adds that it:

 

"Has joined no program to volunteer user data to governments. Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act, and recently won a motion requiring the U.S. Government to consider further declassifying court documents from that case."

Share this post


Link to post
Share on other sites
LilBambi

I may restore my old blog database, but right now I am worried. This is what I call 'chilling effects' of our government making Citizens feel like they can't have Freedom of Speech without danger to themselves.

 

I may change my mind but right now, I feel stifled by our own government's attitude problem.

 

I do still say some things here and there, but have made a statement with my blog.

  • Like 1

Share this post


Link to post
Share on other sites
V.T. Eric Layton

RAISE H E L L !

 

I doubt Big Bro will be knocking on your door anytime soon. They have other things to keep them busy.

Share this post


Link to post
Share on other sites
Temmu

many folks are starting to wake up and rub the sleep from their stupefied eyes.

of the flood of folks calling their congressman, 9 in 10 are saying, stay out of syria.

 

yes, that has zero to do with security or privacy or encryption -

the point is, the country is waking up to the mess that we have allowed ourselves to be put in over the last decades.

 

chilling effect? we still (for now) have a constitution, and as aryeh pointed out, even encryption fell under freedom of speech.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

many folks are starting to wake up and rub the sleep from their stupefied eyes

 

Maybe, but not enough yet, I don't think. In your everyday real life, take an informal poll from the folks you interact with on a daily basis. I did. I found that about 1 in 100 even is aware of these recent NSA and privacy related news stories. It's disheartening to talk to these ignorant sheeple. It really is. :(

  • Like 1

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Am I just being paranoid?

 

I had a disturbing thought a little while ago...

 

I know that the big push by businesses and others to get us to dump all our data and apps into the cloud is mostly about the almighty $, as usual. However, here's the bad thought... wouldn't Big Bro just love to have all your stuff in the cloud where it's so easily accessible for them. They wouldn't have to worry a bit about trying to hack into your personal system that way. It would all be on that big cloud just sitting there waiting to be crawled by NSA bots and analysts.

 

Hmm... interesting thought, huh? :ermm:

  • Like 2

Share this post


Link to post
Share on other sites
Temmu

lol, not far-fetched at all. :)

  • Like 2

Share this post


Link to post
Share on other sites
RichardKR

More than an interesting thought, nearly a certainty in my paranoid mind.

 

Many of you on this forum remember how excited we were when personal computers were finally becoming a reality. Most computer users today weren't around during this time and can't even imagine how exciting it was to have your own PERSONAL computer that you were in charge of and you customized to do what you wanted. When the Altair kit came out we realized that personal computing was on it's way. We read everything we could find about these miracle devices. I remember typing in pages of tiny print of computer code published in Byte or PC Magazine. We endured what would seem today as incredible obstacles without a complaint. Cassette storage! Vic 20, TRS80, and finally the IBM PC with open architecture and enormous floppy disk storage. What excitement. Anybody here ever go to a User Group? Bring a ton of equipment and take hours setting it up just to demo a new program or device.

 

We were finally off the mainframe/workstation treadmill. What freedom! It was a time in the computer industry that will never be duplicated, ever. And now the call of the industry is to go to the "Cloud". Which is putting you back on the mainframe and making your PC a workstation that depends on a connection to the big computer in order to do anything. This depending on the faceless people in the white lab coats for our computing experience is unacceptable. It is LESS freedom, not more. Give up your freedom for a little convenience? Not for me thank you. Trust a corporation with your data? Insane.

  • Like 5

Share this post


Link to post
Share on other sites
V.T. Eric Layton

It is LESS freedom, not more. Give up your freedom for a little convenience? Not for me thank you. Trust a corporation with your data? Insane.

 

Sadly, those of us who realize this are definitely in the minority. :(

  • Like 3

Share this post


Link to post
Share on other sites
crp

Am I just being paranoid?

 

I had a disturbing thought a little while ago...

 

I know that the big push by businesses and others to get us to dump all our data and apps into the cloud is mostly about the almighty $, as usual. However, here's the bad thought... wouldn't Big Bro just love to have all your stuff in the cloud where it's so easily accessible for them. They wouldn't have to worry a bit about trying to hack into your personal system that way. It would all be on that big cloud just sitting there waiting to be crawled by NSA bots and analysts.

 

Hmm... interesting thought, huh? :ermm:

I think about with the online backup services. On the one hand, offsite backup that is supported by redundancies is terrific. on the other hand, they have all the data unless encrypted prior to backing up. Most services for businesses allow for AES encryption on the fly, but that leaves an opening. CrashPlanPro offers an option on the AES encryption - appending a passphrase to the initial encryption phase.

Similar to TrueCrypt there is a downside - forget the passphrase and forget seeing your data again.

  • Like 1

Share this post


Link to post
Share on other sites
LilBambi

Sadly, cloud storage of any kind certainly makes things so much easier for them; corporations and governments.

  • Like 2

Share this post


Link to post
Share on other sites
LilBambi

I think about with the online backup services. On the one hand, offsite backup that is supported by redundancies is terrific. on the other hand, they have all the data unless encrypted prior to backing up. Most services for businesses allow for AES encryption on the fly, but that leaves an opening. CrashPlanPro offers an option on the AES encryption - appending a passphrase to the initial encryption phase.

Similar to TrueCrypt there is a downside - forget the passphrase and forget seeing your data again.

 

SpiderOak also is encrypted before it leaves your computer; it is encrypted end to end and stays encrypted with your key (that you hold ... again, you must remember it or lose your data) on their servers.

 

Personally I would prefer that to any other ways available out there despite the remote possibility of losing the key.

  • Like 1

Share this post


Link to post
Share on other sites
abarbarian

Hmm. I'm still reading up on this subject. Third time I have had a good read over the years and it is starting to make sense at last.Rather like watching a glass of beer clear slowly. I'll be posting soon and replying to em's.

Tail end of a busy summer, be back to normal soon. :breakfast:

 

http://blog.sanctum.geek.nz/series/linux-crypto/

 

I found this which has helped.

Edited by abarbarian
  • Like 2

Share this post


Link to post
Share on other sites
securitybreach

Speaking of...

 

From Hak5's ThreatWire:

 

The Black Budget leaked. Has the NSA broken your crypto?, Google and Microsoft want to make everything clear to the masses, and the SEA isn't spreading malware... most likely... . All that and more this time on Threat Wire!

http://hak5.org/threatwire/0042

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...