Encryption should not be thought of as a way to "prevent
Governments." They have unlimited resources, unlimited secrecy(?), and privileged access to the Internet.
Instead, encryption is there because, as Phil Zimmerman (the author of PGP®) put it:
"It's personal, it's private, and it's nobody's business but yours."
(But also, today: because you expect to be able to type-in a
credit card number
to a web site, without fear of that number being "effortlessly stolen.")
Modern encryption methods give you
three distinct assurances, if used properly:
- Confidentiality: If you wish, your message will be enciphered so that only its intended recipient(s) can read it. (But, if you actually don't care about confidentiality, you can still have the other two assurances!)
- Provenance: You can be confident that the message did come from its stated sender.
- Message Integrity: The message that you received is, "bit for bit," exactly the message that was sent.
Like all other operating systems, Linux implements several industry-standard encryption
suites, including: TLS/SSL
(the security behind "https:" web pages), OpenSSL, OpenSSH, OpenVPN, S/MIME e-mail security, and GPG
(which is compatible with the proprietary PGP®). Furthermore, it does it using
exactly the same open-source, peer-reviewed software stacks that everyone else does. This is important.
Each of these
suites does much
more than to simply provide access to "a modern cipher." Instead, they undertake to provide
"Soup to Nuts!" Key-management ... cryptographically secure random-number algorithms ... defenses against attacks concocted by
"white-hat peer reviewers ...
all of these considerations have been addressed
for you, by qualified experts.
... and, "are they
different, from any one operating-system to another?" Absolutely
not!
- - -
A fundamental and critical aspect of
any security arrangement that is worth trusting is that there is no "security through obscurity," Every aspect of the pipeline, including any and all ciphers that may be used, is publicly known, open source, and peer-reviewed. It is
known that the security of the message lies in exactly one thing: "the
key."
All of the systems previously mentioned are built this way.
But, you must use them "in the
right way." For instance, do
not use "passwords" or "pre-shared keys (PSKs)." Use one-of-a-kind digital certificates, uniquely issued to each and every recipient. Used properly, an encryption system will provide "bulletproof security" that is
convenient(!) for its authorized users and (fairly)
easy to manage.
- - -
If our tax dollars are being used wisely
, then "government agencies with three-letter acronyms" will
still possess the ability to decrypt things that you-or-I can't.
(While you are rotting in jail for refusing to obey a Search Warrant issued by the Court.) But they
also are tasked with contributing their expertise to the development and analysis and peer-review of "civilian-grade" cryptosystems ... because
that, too, is part of their Mission to the public.