Question for you computer guys.

O

oberkommando

New member
Yeah this isnt directly rkba, but is civil liberties [privacy?] as per rules of forum.

What do you guys think of encrypted email programs like hush mail or zix mail. Zix claims that it is 1024 bit, it this true? Can it be broken easily? Just wondered if some of you knew. I ask here because I know a lot of you guys really know this techi stuff and trust you more than anyone else I could ask.
If these programs are b.s then it seems as if they are giving people a false sense of privacy. Not that a responsible person should put full faith into any system they know very little about, which is me in this case. Thanks for any reply(s) in advance.
 
-any encryption can be broken, some are very difficult though
-never say anything on the web you wouldnt repeat in front of a judge, it's not that difficult to break code
-false sense of privacy, yep, doesnt that describe our whole culture as it stands today?
 
Just my opinion, but I think you'd do better to go with something like PGP (Pretty Good Privacy). With PGP, your email is encrypted before it ever leaves your computer (using Outlook/Exchange/Eudora and others, I'm not sure about Netscape Messenger)(If you used a program that wasnt compatible with PGP, you could make your message a text file, then encrypt it and send it as an attachment). PGP can also encrypt files on your computer. The only safeguard I would take is to place your 'keyring' on a floppy disk and keep that with you, rather than storing it on your hard drive. Do a websearch for PGP, and check it out...I think you'd be happy with it.

Hope this helps...

------------------
Mike
mnealtx@yahoo.com
 
Bart I know the encrypt systems can be broken I am just looking for something that make it a pain in the ass to break stuff that is just chit chat.

As to judges I was thinking along the lines of Cummings,Scalia and Thomas :D

Mnealtx I thought that pgp was banned or made modified with backdoor for the gov?

Again I am not looking for iron clad stuff If I were I would encypher the message before hand using a one time polyalphabetic cipher system which if used correctly is unbreakable. Let them burn out their machines trying to break it :)
 
oberkommando..

I would agree, PGP is probably the best that there is. I would check this out for info: http://www.pgp.com/products/dtop-security/default-encryption.asp

If you are a little more computer-savy, you can check out the freeware versions of it.. http://www.pgp.com/products/freeware/default.asp

Remember.. any encryption can be broken. However, nobody is going to take the time/effort to do so unless they really want to know what you have encrypted. ..and even then, a brute-force decrytpion takes time. I wouldn't worry about someone doing it.

------------------
God, Guns and Guts made this country a great country!

oberkommando sez:
"We lost the first and third and now they are after the Second!(no pun intended)"
 
Thanks for links KaMaKaZe.
And remember there is a big difference between encryption and encipher system.Best to combine them both,that is if you have no life and have plenty of time to kill. :) You can make encipers unbreakable with one time keys. Of couse if you talk or loose the key and they figure them out you done for. You know the old loose lips bit. Or you are going through customs and have books with you they might just get copies of those incase you are using them as keys. Thanks again.
 
oberkommando,

To answer your question as succinctly as possible, yes Hushmail and Zixmail are encrypted with strong 1024 bit encryption, but only when sending mail to others using Hushmail and Zixmail. Encryption on the level of 1024 bits is currently unbreakable by the federal government using current brute force attacks on the existing algorithms, however the government encryption standard, which is known as DES, should not be used by you or any other serious person who wants to keep their information private. DES has been broken by not only the government but by private industry experts. The finest encryption algorithm to date is Blowfish, developed by the world's foremost encryption expert, Bruce Schneier of Counterpane in Minneapolis, Minn. This guy's website, one of my faveorites, is http://www.counterpane.com
You can sign up for his free newsletter delivered by email. PGP is good, but has recently been found to have a chink in its armor, so for now, just use Hushmail and convince your friends to use it as well. The Hushmail servers are located in Anguilla, and therefore are not in the jurisdiction of the jackbooted blighters who would love to have encryption banned, as would the NSA. So, let's all do our part and use more encryption, or like RKBA, this too will be in danger of being lost. An interesting part of encryption is the ability to use it. http://www.havenco.com is the official website for Sealand, the autonymous fat-pipe data haven and encryption-friendly server farm. Check these links out, as they are very good. If you have any questions about encryption, let me know by email or here in the forum. I am a Network Administrator for a Web hosting firm, so I will gladly help you in any way I can.
 
RSA just went open-source. so that is an option for encrypting triple DES keys. and then sending the encrypted key, or, you can just encrypt the email with RSA. althought RSA is relatively slow, its not slow enough to really matter when we are talk about emails.

just a thought.

support open-source

------------------
It ain't mah fault. did I do dat?
http://yellowman.virtualave.net/
 
LOL HavenCo got a nomination! :D

Maybe all the gun-luvers can move to Sealand to write our new Constitution! ;)

------------------
God, Guns and Guts made this country a great country!

oberkommando sez:
"We lost the first and third and now they are after the Second!(no pun intended)"
 
Internetfish
If I remember correctly, the chink in PGP's armour was only in a specific company's version, B/C they made it so that third parties (companies that won the Software, Gov't agencies) could also decrypt it. I believe that stuff like the GNU version of PGP doesn't have this problem. If I am incorrect please let me know as I am very interested in this sort of thing, although really just starting to learn about it.
Thanks

------------------
Rob
From the Committee to Use Proffesional Politicians as Lab Animals
-------------------------------------------------------------------
She doesn't have bad dreams because she's made of plastic...
-------------------------------------------------------------------
bad Kiki! No karaoke in the house!
-------------------------------------------------------------------
Larry Flynt is right. You guys stink!!!
-------------------------------------------------------------------
Peter McWilliams - Murdered by the DEA
 
What about security programs for home P.C's such as guard dog and thier like are they worth installing on a home P.C.

Do they protect any out going e-mail with those features that are bieng discussed?
 
The "backdoor" in PGP is NOT for us by the government. It allows employers to put a "master key" in the installation when installing it on company computers so, if the employee was no longer with the company, they would be able to access their e-mails in order to maintain business. There was a flaw with the coding that would allow anyone that could find the flaw to tamper with keys that were being stored on public servers. Any file/email that was encrypted with the altered key would be readable by the person who altered it. Affected versions are 5.5.x, 6.0.x and 6.5 - 6.5.3. The currant version is 6.5.8 and is not affected.

------------------
"Freedom has always existed in a very percurious balance. And when buildings stop blowing up, people’s priorities tend to change..." Enemy of the State
 
Caeca Invidia Es
(mind if I call you Es for short)
Thanks for the correction on the PGP. I've recently gotten interested in encryption and the like...really interested in stegonography (sp?). This stuff is amazing, but the math quickly gets wayyyy over my head.
Again, thanks

------------------
Rob
From the Committee to Use Proffesional Politicians as Lab Animals
-------------------------------------------------------------------
She doesn't have bad dreams because she's made of plastic...
-------------------------------------------------------------------
bad Kiki! No karaoke in the house!
-------------------------------------------------------------------
Larry Flynt is right. You guys stink!!!
-------------------------------------------------------------------
Peter McWilliams - Murdered by the DEA
 
I have PGP and use it heavily. No problems with storing my secret key
on the hard disk, they're encrypted too (that's why one has to enter a
pass phrase when decrypting or digitally signing something), and I
have revocation certificates on a floppy disk if my hard disk goes
south. Else, a shotgun fired at a hard disk will make it unrecoverable
and you just upload your revocation certificate to a keyserver and
the key has been inactivated. Works very nicely.

PGP is the only software usable across software platforms. Remember
not everybody gave in to MicroSoft and their minions - I have Amigas,
Linux and a PowerMac.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timely question, what with the recent news regarding the "chink" in
PGP.

The problem with cryptography is that it's very difficult to
design crypto systems that can withstand a real assault. Don't trust
something just because of it's advertised bit-size. The only way to
know what your crypto software is doing is to look at the code
(remember Norton's DES implementation a number of years back that did
something silly like include the key as part of the message? Made
export certification easier if I remember correctly...)

PGP's big advantage is that it uses algorithms that are known to be
as secure as anything out there, plus the fact that the source is
available (mostly -- 6.5.8 is current, but the source is only up to
6.5.1 for logistical reasons...)

Anyway, PGP or GPG (a Gnu implementation that's PGP-compatable) would
be my choice. As a (primarily) Windows user, I find the additional
features of PGP to be a plus (including PGP-disk -- encrypted
partitions can be a good thing.)

Note too that there are ways to integrate PGP into all sorts of
applications, including Eudora, Outlook, Groupwise, Notes, ICQ, etc.
In this case, I'm hitting CTRL - SHIFT - S to sign this window...

With that said, is anyone going to the effort to sign keys at TFL
get-togethers? Would be nice to keep a PGP key repository here on
the board.

Oh yeah, with regard to that "chink." The issue was that PGP allows
additional decryption keys as a feature to attract businesses (think
about business correspondence being delivered to an employee who then
gets hit by a truck.) There is a theoretical vulnerability that
would allow someone else to add an ADK to your public key and thereby
compromise security. It's been fixed, both in current versions of
PGP, and by modifying the code on the keyservers to "clean" any keys
that have been modified as they're added to the server. NAI and a
third party scanned the keys on the keyservers (1.2 million and 1.1
million keys, respectively) and didn't find a single instance where
this had been done.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOcRGII81YgLXwHOrEQJgmQCg2VBmnMv41SWlvdbKAc4AyIWMLUEAnRqa
nsNThHp8wuxTvG5NRCXBDCmO
=em9i
-----END PGP SIGNATURE-----


------------------
I stand before Almighty God and I'll say what I have said for years. I will never again soil my responsibility as a voter by voting again for a candidate who turns their back on the fundamental principle of justice by which this nation's freedom lives or dies. --Alan Keyes, 2/2/2000
 
You must log in or register to reply here.
Back
Top