LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-15-2006, 11:07 AM   #1
crashsystems
Member
 
Registered: May 2006
Location: Tennessee et. al
Distribution: Debian Sid, Etch
Posts: 138

Rep: Reputation: 15
Can I trust GPG?


I work for an organization that has a need to communicate with our employees around the world securely via the internet. I have been reading up on gpg encryption for linux, and was wondering how difficult it is to crack. It looks like it would probably be rather hard for an individual to crack, but what about, for example, someone with the resources of a large communist government? Is GPG secure enough, and why or why not?

crashsystems
 
Old 08-15-2006, 11:23 AM   #2
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Quote:
It looks like it would probably be rather hard for an individual to crack, but what about, for example, someone with the resources of a large communist government? Is GPG secure enough, and why or why not?
Surely, anything can be cracked with enough effort. The only point is, how difficult it is, or rather, how long it takes (which depends on the resources again -- enough resources and anything is cracked).

If you're worried about governments, GPG is not for you. This is where you create your own enigma. And how valuable information would you be transferring, if you were scared of governments? Such an information should not be transferred via cables nor on-air..use humans to transfer it. GPG is for normal people.
 
Old 08-15-2006, 12:03 PM   #3
crashsystems
Member
 
Registered: May 2006
Location: Tennessee et. al
Distribution: Debian Sid, Etch
Posts: 138

Original Poster
Rep: Reputation: 15
I understand that there is always some risk involved with any form of electronic communication, so I know better than to ask something like "how can I make my encryption un-crackable". Perhaps a better question would be what is the most secure encryption option, withought spending a lot of money?

crashsystems
 
Old 08-21-2006, 01:45 PM   #4
mrkawphy
Member
 
Registered: Jun 2006
Location: Calgary, Alberta
Distribution: Fedora Core 6
Posts: 43

Rep: Reputation: 15
I think it is safe to say that the best answer is What you spend will determine the quality of what you get. As the above have stated with enough time and resources it will be cracked. I am sure there are some high end commercial encryptions available but the higher the quality the more expensive it WILL be. You have not really been overly specific as too who you think will be interested in stealing the information you are going to be sending so it makes it hard to give a rough base of how strong you should go. But once again if it is something like a gov't you are trying to protect it from I seriously doubt any level of encryption can compete with the funding of a gov't if they really want your information. As stated human to human transfer may be the best form of sending if you are that concerned of how sensitive it is. And of course if it really comes down to being that sensitive I would assume money would be no object if it is that important.
 
Old 08-21-2006, 02:24 PM   #5
crashsystems
Member
 
Registered: May 2006
Location: Tennessee et. al
Distribution: Debian Sid, Etch
Posts: 138

Original Poster
Rep: Reputation: 15
Ok, I guess I can be a little more specific about what I need the encryption for. My orginization has a need to communicate to missionaries in various nations that are not too friendly with our line of work (such as communist/islamic countries). The kind of stuff our field workers are doing is rather low-key, so though I do not believe that cracking encrypted email is going to our people wouldn't be real high on a government's priority list in the grand scale of things, security is rather important to us. Also, in addition to giving your opinions on the security of gpg or other recommended solutions, if you could mention a good book or other related learning resources on cryptology, that would be quite helpful.


crashsystems
 
Old 08-21-2006, 08:18 PM   #6
tuubaaku
Member
 
Registered: Oct 2004
Distribution: Slackware, Scientific Linux
Posts: 103

Rep: Reputation: 15
I think gpg would be a very good option. Another option for you might be to use ssl for all in-house email (obviously doesn't help for email that goes through other servers, but I know of an organization that uses ssl on all email that goes through own their servers). You can always combine both options. At that point you might want to consider security in other parts of the process, because transferring the email may not be the weakest link anymore.
 
Old 08-21-2006, 09:22 PM   #7
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
I always felt that if I had such a need, I'd study Steganography. Understand that if a large enough organization already has reason to suspect you of something, they'll decrypt your best efforts. Sending obviously encrypted mail is a good way to attract suspicion.

Last edited by rickh; 08-21-2006 at 09:26 PM.
 
Old 08-21-2006, 09:39 PM   #8
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
Actually encryption algorithms are better than you seem to think. A friend of mine was in satellite cracking business, 8 byte DES key is practically uncrackable, add two more bytes and even future supercomputers are toothless against it. Weakest link here is "the human factor", if this information really is valuable they will find a way to leak it.
 
Old 08-22-2006, 09:31 AM   #9
crashsystems
Member
 
Registered: May 2006
Location: Tennessee et. al
Distribution: Debian Sid, Etch
Posts: 138

Original Poster
Rep: Reputation: 15
Thanks to everyone who has given input with this. As with quite a few things security related, I feel like I'm in a bit over my head when it comes to the finer details of encryption. Does anyone know of a good book I could purchase on the topic? Preferably something that is useful for beginners, but then goes on into the more detailed parts of the topic?

crashsystems
 
Old 08-22-2006, 06:36 PM   #10
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by crashsystems
Thanks to everyone who has given input with this. As with quite a few things security related, I feel like I'm in a bit over my head when it comes to the finer details of encryption. Does anyone know of a good book I could purchase on the topic? Preferably something that is useful for beginners, but then goes on into the more detailed parts of the topic?

crashsystems
Cryptography Demystified (by John Hershey) has gotten five stars at Amazon.com:

http://www.amazon.com/gp/product/007...lance&n=283155

Last edited by win32sux; 08-22-2006 at 06:38 PM.
 
Old 08-22-2006, 06:54 PM   #11
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Rep: Reputation: 31
Quote:
Originally Posted by crashsystems
Thanks to everyone who has given input with this. As with quite a few things security related, I feel like I'm in a bit over my head when it comes to the finer details of encryption. Does anyone know of a good book I could purchase on the topic? Preferably something that is useful for beginners, but then goes on into the more detailed parts of the topic?

crashsystems
Try looking at Wikipedia if you're looking for some introduction to cryptography. You could start by looking up the caesar cipher which is the simplest, and then look at more and more involved (and secure) types like the vigenere and autokey ciphers, and then stream ciphers for a good introduction. I find it's an interesting topic in itself. You will gain a much deeper understanding my implementing them yourself in code, and get a better idea of how their respective strengths and weaknesses work. I know because I did it myself! (broken link)

Last edited by ErrorBound; 02-06-2008 at 02:55 PM.
 
  


Reply

Tags
encryption, gpg, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Trust webcam ylawayjdp Suse/Novell 1 01-31-2005 02:56 AM
Trust 13650 snabgi Linux - Wireless Networking 0 01-16-2004 10:42 AM
help trust tablet fineass Linux - Hardware 0 09-03-2003 10:34 AM
M$ trust them? fatpig General 9 02-05-2002 11:39 AM
don't trust this guy! Half_Elf Linux - Distributions 5 10-28-2001 05:22 PM


All times are GMT -5. The time now is 03:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration