Bill That Would Ban End-to-End Encryption Savaged by Critics
On 04/09/2016 01:47 PM, Ivan Avery Frey wrote:
GPG forever! I guess whoever wrote that bill doesn't understand how encryption works and that the carriers etc. really have no access.
On 2016-04-09 05:05 PM, James Knott wrote:
GPG forever!
Except that: 1) you can still see all the regular e-mail header metadata, so with a lot of data correlation, you can work out who is doing what and who is part of which network without decrypting the messages; 2) it sets the NSA's "Has Something To Hide" bit: <http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>; and 3) you have to assume that the code and the system you're running it on haven't been compromised. cheers, Stewart
On 04/09/2016 05:39 PM, Stewart C. Russell wrote:
2) it sets the NSA's "Has Something To Hide" bit:
All the more reason *EVERYONE* should use encryption. Give those NSA guys something to fill in their day with. ;-)
On 16-04-09 05:39 PM, Stewart C. Russell wrote:
On 2016-04-09 05:05 PM, James Knott wrote:
GPG forever!
Except that:
1) you can still see all the regular e-mail header metadata, so with a lot of data correlation, you can work out who is doing what and who is part of which network without decrypting the messages;
2) it sets the NSA's "Has Something To Hide" bit:
<http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>; and
3) you have to assume that the code and the system you're running it on haven't been compromised.
The best form of encryption that I ever read about is to use a book. You need to be able to agree on the book in a secure manner. Then each word in the message is replaced with a pair of numbers, corresponding to the page and word offset of the word. The number data can be appended to a jpg file that is distributed on social media. -- Stephen
On 04/09/2016 05:51 PM, Stephen wrote:
On 16-04-09 05:39 PM, Stewart C. Russell wrote:
On 2016-04-09 05:05 PM, James Knott wrote:
GPG forever!
Except that:
1) you can still see all the regular e-mail header metadata, so with a lot of data correlation, you can work out who is doing what and who is part of which network without decrypting the messages;
2) it sets the NSA's "Has Something To Hide" bit:
<http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>; and
3) you have to assume that the code and the system you're running it on haven't been compromised.
The best form of encryption that I ever read about is to use a book.
You need to be able to agree on the book in a secure manner.
Then each word in the message is replaced with a pair of numbers, corresponding to the page and word offset of the word.
The number data can be appended to a jpg file that is distributed on social media.
Actually, the best method is a "one time pad" where there is a series of random numbers to use for encrypting. It's claimed to be truly unbreakable. However, there is the minor problem of securely exchanging pads. Each end needs identical ones. The current encryption methods generate a random number to encrypt the data and then use a public/private key pair to exchange the random number. The random number may also be generated at intverval, so that the same one is not used too much.
On 16-04-09 05:59 PM, James Knott wrote:
On 04/09/2016 05:51 PM, Stephen wrote:
On 16-04-09 05:39 PM, Stewart C. Russell wrote:
On 2016-04-09 05:05 PM, James Knott wrote:
GPG forever!
Except that:
1) you can still see all the regular e-mail header metadata, so with a lot of data correlation, you can work out who is doing what and who is part of which network without decrypting the messages;
2) it sets the NSA's "Has Something To Hide" bit:
<http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>; and
3) you have to assume that the code and the system you're running it on haven't been compromised.
The best form of encryption that I ever read about is to use a book.
You need to be able to agree on the book in a secure manner.
Then each word in the message is replaced with a pair of numbers, corresponding to the page and word offset of the word.
The number data can be appended to a jpg file that is distributed on social media.
Actually, the best method is a "one time pad" where there is a series of random numbers to use for encrypting. It's claimed to be truly unbreakable. However, there is the minor problem of securely exchanging pads. Each end needs identical ones. The current encryption methods generate a random number to encrypt the data and then use a public/private key pair to exchange the random number. The random number may also be generated at intverval, so that the same one is not used too much.
The problem with this method, is that it is obvious that data encryption is being used. -- Stephen
On 04/09/2016 06:45 PM, James Knott wrote:
On 04/09/2016 06:05 PM, Stephen wrote:
The problem with this method, is that it is obvious that data encryption is being used.
No reason why it couldn't also be applied to a jpg file.
hiding messages in other data is more of covert channel communications. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 04/09/2016 06:51 PM, Alvin Starr wrote:
On 04/09/2016 06:45 PM, James Knott wrote:
On 04/09/2016 06:05 PM, Stephen wrote:
The problem with this method, is that it is obvious that data encryption is being used.
No reason why it couldn't also be applied to a jpg file.
hiding messages in other data is more of covert channel communications.
Yep. It's called "steganography". http://www.merriam-webster.com/dictionary/steganography
participants (5)
-
Alvin Starr -
Ivan Avery Frey -
James Knott -
Stephen -
Stewart C. Russell