Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't have any secrets. But if I were a business man with say a brilliant new idea, which I would want to keep secret until I was ready, how could I stop the Americans just stealing it from my email? The NSA dragnet is ideal for industrial espionage. Or if I were president of a country, how could I protect my email or computer from the Americans?
Lavabit and Silent Circle are down, if not out.
Does Linux have an encryption method that the NSA cannot fathom??
If you were "a business man with a brilliant idea," or, simply,anyone who falls under various government regulations concerning the disclosure of information to which you might be privy and/or that is legally protected, then you're required by law to safeguard that information "by reasonable business means." And that means, in short, "e-mail encryption." The messages must be safeguarded, not only "in transit," but also anywhere and everywhere that they are stored. You must be able to demonstrate to the Honorable Court that you "exercised due diligence" and "proper care."
There are, basically, two well-accepted ways to do this:
Privacy-Enhanced Mail (PEM), which is built-in to most email programs, and ...
GPG (or PGP), which probably requires a plugin.
Both of these systems use Public-Key (PKI) techniques, and peer-reviewed source code, to provide three important .. and separate .. capabilities:
Provenance: The message probably did come from the party who claims to have sent it.
Message Integrity: The message probably did arrive "as tendered," without modification in-transit.
Concealment: (which is optional!) The message is unintelligible to "anyone else," and will remain so.
Now... are they going to keep-out the goons who work for mysterious government agencies (in any country ...) with three-letter-acronym (TLA) names? Uhhh... no. (And, for the #CLASSIFIED# of my Dollars that they are spending every day, I for one would be royally pissed-off if the answer were "yes.") But they will do what they were designed to do: allow you to use "the convenience of e-mail" to do what "ordinary e-mail" won't by itself do. And to give you something plausible to say to His/Her Honor in whatever country you live in.
Thanks for that. I like the article about Hushmail handing over the CDs to the DEA. But why didn't the DEA just go to the CIA? They run most of the smuggling. Maybe they're not talking to each other.
No, a "one-time pad" is a theoretical goal, never a practical one. The only way to achieve security with such a system is to already possess a secure means to convey an identical, purely-random key to both parties at once ... and to somehow ensure that no one else also possesses a copy of the same key. (Well, if you could actually do that, why not just use that already-secure method to send the message itself?)
In actual practice, there are lots of disadvantages to a one-time pad, not the least of which is a severe limitation as to the amount of data you can ever transmit. There's an utter and complete lack of error-correction and no prescribed way to resynchronize the two parties. The list goes on and on.
Pragmatically speaking, the purpose of encryption isn't to keep the Mysterious Government Agencies With Three-Letter Acronyms from reading your messages. Instead, it is "to keep the honest people out." To prevent crimes of opportunity, by removing that opportunity for "easily" forging, tampering with, or intercepting the intended communication ... while at the same time, making the whole process as easy-to-use for its intended users as possible (so that they'll actually use it).
Quite often, you actually don't want to "conceal" the message: you simply want to know that the message came from the party that you think sent it, and that it has arrived in your hands "exactly as sent." This by itself is a tremendous improvement to email. Many companies implement this directly on their inbound and outbound mail-servers, using it to automatically detect and quarantine fake or altered messages that proclaim to come from, say, a supplier or a customer or a salesman. If a message makes it through the gauntlet, it's trustworthy. If it's not trustworthy, it doesn't make it.
Last edited by sundialsvcs; 08-12-2013 at 11:53 PM.
I would like to know what politicians do to keep their email private? Not just the Americans may try to intercept them, anyone looking for political advantage. It has been documented that the Americans have accessed European computers prior to negotiations. It would be naive to think they are the only criminals to behave in this way.
The one-time pad should be implemented using pen and paper, not on a computer. The message, however can be sent by any means.
Quote:
Originally Posted by sundialsvcs
No, a "one-time pad" is a theoretical goal, never a practical one. The only way to achieve security with such a system is to already possess a secure means to convey an identical, purely-random key to both parties at once ... and to somehow ensure that no one else also possesses a copy of the same key. (Well, if you could actually do that, why not just use that already-secure method to send the message itself?)
You distribute a large pad securely, once. Then, you can use the pad for a long time afterwards with no breach in security. Having a secure channel for that same amount of time is not gonna happen.
I know the weaknesses of the one-time pad, and there are many. However, if you do it right, there are no weaknesses.
I personally don't trust AES or any NSA-developed encryption. All other encryption rely on the mathematical / computational difficulty of a certain problem. These problems are not proven to be mathematically or computationally difficult, and even if they are, they may quickly not be: http://it.slashdot.org/story/13/08/0...within-5-years
You kinda have to trust the designer of the algorithm to not have put a backdoor, and the cryptographers analyzing it to do a good job.
It's your choice. For sure computer-based systems cannot use the one-time pad, and must use other encryption algorithms.
Interesting, so there is no secure message system, because if you get caught with the pad, the 'bad guys' can thenceforth read your messages. Bit slow with pencil and paper, too.
But Obama said recently, he has directed the Security Services to be more tranparent. Their reply was not alluded to.
An equally-effective way to break most encryption schemes is called "a baseball bat."
Modern encryption algorithms are peer-reviewed, intensely and constantly. Information about vulnerabilities (most of them quite theoretical) are widely and openly shared. Furthermore, as much or more scrutiny is paid to how the systems are used ... the total context of key-management, authentication, human factors, everything.
The NSA is of course a very active player ... your tax dollars at work ... and they have been known to provide security improvements from the Classified world from time to time. For example, the "S-box" transformation in the original DES was provided without explanation ... except for the statement that the reasoning behind it was classified. Many folks were suspicious then, but then the technique of "differential cryptanalysis" became public, and this was revealed to be the reason behind that transformation-table being exactly as it was. (When "the secret was out," NSA confirmed this.)
It's extremely easy to produce a message that is "so 'secure' that no one can read it .. including you." It is also quite easy, through mis-application of "one time pad" in a Faustian quest for "perfect security," to receive and decrypt a message that is a forgery (or subtly yet undetectably altered by a "man in the middle") because, unbeknownst to either Alice or Bob, Eve did manage to get a copy of the pad.
If we may presume that you are not committing a high crime (usually a reasonable assumption ...) then you have to have a practical encryption technique ... ideally, one that Just Works™, like VPN or HTTPS. Something that is secure, manageable, and otherwise just does its job and stays out of the way.
If you want to read a good book about the real-world troubles of deploying a successful cipher infrastructure (in the pre-computer days), I recommend: Between Silk and Cyanide. The title says it all.
Last edited by sundialsvcs; 08-13-2013 at 07:33 AM.
Interesting, so there is no secure message system, because if you get caught with the pad, the 'bad guys' can thenceforth read your messages. Bit slow with pencil and paper, too.
But Obama said recently, he has directed the Security Services to be more [transparent]. Their reply was not alluded to.
and you trust anything that obama has to say about being more transparent? what happened to his "no closed doors" he ran on 6 years ago bullshit? sorry everything that man has said is a lie. just look at his killing of the US ambassador, his killing of the border patrol officers, his illegal spying on Americans, and his illegal audits of conservative parties via the IRS.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.