General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsAnyone know of a good, simple email encryption scheme?
One that doesn't cause an undue burden, and that can be easily shared with friends and family?
I guess the only way to keep it simple would be to have a single bit of software that everyone uses. Most of us do not want to deal with things like "Oh, Dad used MyPGP so I'll have to crank that up to decipher his email to me" or "Drat, Mom used YourRSA to encrypt her email, now I'll have to download and configure it in order to read her email".
It's hard to make it easy and transparent for the average user if there is not a single standard. But if I were an investing sort, I'd be looking at firms that do encryption programs for email communications, also for phone messages. Not just for business (they already do extensive encryption and vpn), but for individuals. Because my guess is that there will be a groundswell of interest in such things, in the USA and elsewhere.
Even the NSA has limitations on what it can decrypt.
Sheepshank
(12,504 posts)ljm2002
(10,751 posts)...but thanks anyway.
Sheepshank
(12,504 posts)sorry to have wasted your time.
riqster
(13,986 posts)RC
(25,592 posts)riqster
(13,986 posts)Ustray eemay.
MineralMan
(146,317 posts)at-they ill-way ork-way eal-ray ood-gay.
FSogol
(45,488 posts)And head and window sills and cat and TV and gas meter and ......
ljm2002
(10,751 posts)When I send a letter, I expect it to remain sealed until it reaches its recipient.
Quaint notion, I know.
When I send an email I would like the same thing to happen.
Of course, the privacy issue with email has been there all along. Every server the email gets routed through retains a copy of the message, sometimes only briefly and sometimes for longer periods of time. Since backups happen all the time, these messages can end up being retained for long periods of time. So what you have is, messages that are supposedly private, that any random sysadmin can read should they wish to. And we have all remained pretty nonchalant about that, figuring that our emails to our friends reminding them what time we're meeting for dinner are probably of little interest to random sysadmins.
Not the same thing as government surveillance though. The government's interest is not directly commercial, unlike the companies that track our purchases and the like (and which we must actively consent to, whether by accepting cookies, or giving our information in return for a discount card at the store). The government's interest is specifically directed to enemies of the state. Unfortunately, that phrase can have a very broad interpretation. Now it's true that my messages about dinner will still be of little interest to the government. But what if I post the time and place of the latest OWS demonstration, and say "Let's meet at 5th and Vine at 7pm tonight for an OWS action". Well if I post it on FB, everyone can read it: encryption would sort of defeat the purpose of FB! But if I use email or a phone, encrypting it could be helpful.
Some of the social media users during the Arab Spring demonstrations used simple codes. I think in Egypt they used "lilac" or something like that. But of course those would be figured out fairly quickly by the NSA, one presumes.
Savannahmann
(3,891 posts)The NSA cracked those codes long ago. They're just about done bringing a $2 Billion facility in Utah that will be fully online in a few more months.
The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handlefinancial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communicationswill be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US.
Any questions on how to communicate privately in our current system? The only way would be to reign in the Government, and get them out of the average citizens business. Since too many here and in Congress are unwilling to do that then apparently it is hopeless. Like the Soviet Citizens, our only hope of keeping a secret, is speaking to no one.
ljm2002
(10,751 posts)...there are theoretical limits involved.
These organizations play it close to the vest, so if they did make a big breakthrough as you claim, they certainly won't be publicizing it. So it is possible, in the sense that anything is possible. Maybe it would be done by massively parallel processing -- most of the theoretical arguments against the ability to decrypt strongly encrypted messages, have to do with how long they would take to decrypt, not whether it can ultimately be done.
What's fun about all this, and why I posted, is that ultimately this revelation will change behavior. I think people will finally become more aware of how bare their messages are, and will start to demand more encryption. I also think we will find ways to subvert the surveillance state. Wikileaks has been one example, using encryption technology to enable leaks and protect the identity of the leakers. Now that we all know the extent of the surveillance done by our government, I suspect we will find other ways to get around it.
Savannahmann
(3,891 posts)That would be a heck of an encryption breakthrough wouldn't it? If they could type in a password for anyone using that program, and decrypt it?
ljm2002
(10,751 posts)...don't know if you remember the Clipper debacle from 20+ years ago, where the government tried to make sure that every device using encryption in the US would use the Clipper chip, with an algorithm that the government provided but would not divulge. But the big feature was so-called "key escrow", where every device had a key that could be given to law enforcement when required, allowing LE to decrypt all communications on the device going forward. However there was a huge backlash and also, people pointed out that while you could force such a scheme onto US manufacturers and users, you could not enforce it worldwide.
Anyway, yes, a back door would make more sense than a claim they can decrypt strongly-encrypted messages. But how many back doors, and into what?
longship
(40,416 posts)The RSA trapdoor algorithm equations slipped into the public domain years ago. (I may still have the T-shirt around here.)
PGP has been using these and other algorithms for many years.
The Gnu project has their version which is released in source code which one can compile on your own computer and install. It's called Gnu Privacy Guard, GPG.
These algorithms have been known by those who work in discrete mathematics for and number theory for decades.
Back doors cannot exist when the code and the equations behind it are public domain, or open source.
PGP and GPG and the algorithms they utilize are robust enough that it is not reasonable to expect that even NSA has the ability to crack them in any reasonable amount of time, no matter what the current technology can throw at them.
That's why public key cryptography is based on what are called trap door algorithms, mathematical functions which are straight forward going one way, but their inverse function is not solvable analytically, but only by way of exhaustive search, the search space of which is too large for even the largest computers imaginable even considering into the future.
And there aren't any back doors in the open source and public domain versions of this software.
So I have to call BS on your post.
Sorry.
Savannahmann
(3,891 posts)longship
(40,416 posts)And if NSA had an inverse function for a trap door equation, some mathematician could have discovered it. And those people are very, very competitive. Only a few of them work for NSA.
Plus the trap door is specifically designed so that the inverse function is impossible. That makes the "solution space" of decrypting a message absolutely huge, beyond any computer capabilities if one chooses the correct algorithm. Most deal with very large prime numbers, which when multiplied together give an enormous number.
To solve the cypher one has to factor this gigantic integer. There is no analytic way to do that known by anybody. It is one of those impossible problems in number theory other than exhaustive searching.
That's why it's called a trap door. Once you fall through, getting back up is too high to reach without huge effort.
And here's the thing that's important. By making the prime factors longer, the effort goes up dramatically. Crypto keys are very long and very secure, even from the NSA.
And one can know that there aren't any back doors. Open source software rules. You won't find NSAKEY in Linux, nor in Gnu Privacy Guard, but it's in Microsoft Windows and has been since Win95 release 2.
hunter
(38,317 posts)... that's where the spy vs. spy action is these days.
longship
(40,416 posts)I don't know why people get these ideas. If there were hardware back doors, somebody would detect them, like a network admin using the hardware.
The PC design is open and always has been. There are a multitude of manufacturers all over the world. Any claim of hardware back doors is just not credible.
hunter
(38,317 posts)http://news.techworld.com/security/3360617/cambridge-researchers-uncover-backdoor-in-military-chip
That's just one. It doesn't matter if such incidents are malicious, accidental, or just poor design oversight. These sorts of hardware back doors can be, and will be exploited.
FarCenter
(19,429 posts)Nuclear Unicorn
(19,497 posts)Then they actually need a warrant citing probable cause and what they're looking for specifically.
Katashi_itto
(10,175 posts)ljm2002
(10,751 posts)Egalitarian Thug
(12,448 posts)It lets you encrypt anything on the fly and it's free.
http://www.truecrypt.org/
ljm2002
(10,751 posts)napoleon_in_rags
(3,991 posts)hushmail for instance. $35 a year with a gig of storage.
http://www.hushmail.com/services/hushmail/
ljm2002
(10,751 posts)...although I am thinking more along the lines that we should all just start using encryption by default and was hoping for some free / very cheap way to do that. Also one that does not involve storing my email externally.
I'm not saying that any of my own personal emails would be of any interest to anyone except (hopefully) the recipients. On the other hand, I am a frequenter of DU and that in itself may be enough to get my records scrutinized. My feeling is, yes we know they're doing it, but why make it easy for them?
FarCenter
(19,429 posts)ljm2002
(10,751 posts)...using encryption is complicated and most of us don't want to deal with it. I'm not the world's most organized person and the idea of managing different encryption programs and keys in order to read emails from friends and family is, to put it mildly, not an enticing prospect.
On the other hand I wish we had already built in standard encryption as the default, much like envelopes for snail mail letters.
Of course if there was a single standard, it probably would have a back door or two. It's hard for us Little People to get a break.
MjolnirTime
(1,800 posts)How childish!
ljm2002
(10,751 posts)Really.
What we have now is very asymmetric. The government can get access to all of our communications, while at the same time its own operations become more and more opaque.
This is a recipe for disaster.
If we as citizens object, then we need to find effective means of doing so. It seems to me that widespread use of encryption is one step that can be used.
The norm needs to be that our interactions are not monitored and our emails are not read.
Email encryption should also be the norm.
MjolnirTime
(1,800 posts)ljm2002
(10,751 posts)CeeGeeTrunks
(1 post)I've used them in a past life and it was extremely easy to use. I get emails from them still from my insurance company and you get to keep the same account basically forever. I checked their site and it's only $99 for the year, which isn't bad for top of the line encryption. They say they have "military-grade" encryption so I doubt anyone would be able to decrypt it. I think you can send some files with it too, dunno. Check it out: http://www.datamotion.com/products/securemail/securemail-purchase/
zeeland
(247 posts)must be getting a chuckle at this entire situation.
Next time I need to send a super duper private message
think I'll use snail mail.
ljm2002
(10,751 posts)...it's tragic what is happening to our wonderful postal service.