OnPoint: Ich bin ein Cyberpunk
94 Responses
First ←Older Page 1 2 3 4 Newer→ Last
-
Spectacular. :-)
-
Key distribution, that's the hard part. Ensuring that you have the public keys of everyone you want to contact and that these haven't been tampered with.
It's a hard problem, partly because of the risk of the man-in-the-middle attack (where somebody intercepts your traffic, substitutes the key and encrypts/recrypts your mail). I think the community got a bit hung up on this though - it should be possible to build an infrastructure that's strong enough and tamper-evident enough to make systematic monitoring very difficult.
-
Good work.
People like us need people like you.
Sod the others - will you stand for Labour Party leader? -
Thank you! I've been looking for this.
-
Moz, in reply to
it should be possible to build an infrastructure that’s strong enough and tamper-evident enough to make systematic monitoring very difficult.
The standard way is to use an outside channel. The simple(ish) way is just to put the hash of your public key in visible places - an image on your website for example. That's hard to mechanically detect and change, but easy to verify.
-
Cypherpunk, surely?
-
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32)hQEMA4M1NX6HbamyAQf8CFd6lN4au27J1PSYjlaLnHpQFyrrrhYyPyZcceiLZKWd
sehQX8+wNzNgqkJ13cS1ouMhmL7hFqLOgZUSGqe8kWNvAUf0JlNaFtQ91VPqraU7
uP2YQKwicg/Q7BadcSwB6Cht39P+jX1uJOa5KZoprxSg3E/uM4nSuueFNNIuUCzq
vw/t1e9MCU0ohJ6Wh5vpteMAwnw5GiILZ/WU/AzCy1vPAdRcPXAV//V8qWP8kW6N
tYRERiGFtRYaemvAgu3s/90zvK3sUr84Kd47U1TGihC1NJr/i4bpkzbZ01/IIPw7
ViePKjeIB1DRp56eOv3NaJ6x80BxJGdkuniCtl8Y/tKdAcXYWF68AI909N6rswZR
xAHByw2Qu0PFyTWHQoQra0558sqpvQytVQMAKiz0AUQJmeowvaIQTtWWpUm4gqrl
XP90ZrrTv2fBjw/rOraC5N/PgQ9Hj5lHYodfuRFe+KH1GiuxzJnUWNStRspxdJpy
cvQe8IzxgFXyAYa0uwzcjKXmEV81adv0fZvyHDXOwqkyG8CY9340EYeX0ZOqSw==
=vpAb
-----END PGP MESSAGE----- -
Keith Ng, in reply to
Huzzah! It worked. I'd reply in an encrypted message, but I don't have your public key.
-
Keith Ng, in reply to
Moz & Rich: Yes, will get to that in the next part...
-
Which is the answer to the question I was now asking myself, I wrote a link to my public key in my message and then must have sent an earlier attempt which I have no copy of. In other words - to much focus on the process, not enough on the content.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32)hQEMA4M1NX6HbamyAQf/Q3rmHsXrIham2JWXaGwYT47OjXfyZ0c6wj28wyhN2Sc4
/V+R/cQjwN0bNojiaY72kTb6TFL2f+KoPn+4tLMQsvPG45AfHdPb40cGnxuGlaFT
FACw/Z3Ov+RNkuCJ1KgnSw2+RTwNtYZC1YKUidDQfP3u4Nk1OzFcitF3pthNGMB6
aO74vvRpNUKwh/hb1un2XdxhW7BJIcSxCbq+FwL6ayJGdOuUUzPiPtj2WDnFzai0
zDDv6ZqjOU/Kkiysf8mOhOIekKX+Lro1SZUjojgS9iCTdnbKz1+gcdDrbvmNzYCv
JJN+SGp3yOHLqu6HL/WILBuod9/WIQJ9XSVvh6cRHNLAhgG2Z70EXpsISXZgF0pG
rjLrsXOo2iSiCDxe48u8OAWL2MJi1aNJGykiLBsgPxy2oreOhu4Oup7RSNRPGDbU
9b1WYPhbalWTBxsDa+Bi+iR7MCOisvu0VckJWm8Eg0ttFopB6oRR9MRPKq0h8q8Y
JpyP83CA+ZnmO4KlDNWU4eACavg53vsVOfQj/TOV94yadZNpknEk3Fp4UQAd2ZkZ
/FMXZaL9m0x3xKQBrbqiui+BCjUujUluH7luqqyXcKtfFcr3pKCGUEWq9Ca2Wiv6
+YRYaAb42PDRrZx1DLpdtNOWWUzeAT0kBxiZYGRSmh3KJbmZ5KPNuAi6qnMJlfnM
D9J79CZtc7ldH0UolTWjb+aN87PV0LvhngNorz2tv9DYtgYvC3edQlPhndbRMhpx
EriyEalV/q5J7x2gn7S21UB2gYUqPgNu
=g6Fq
-----END PGP MESSAGE----- -
Sacha, in reply to
zing
-
Thanks for connecting those dots. I downloaded the docs but haven't got round to reading them yet.
-
Is this build into any email clients ? If not, why not ?
-
There was a pretty good how-to on Ars Technica a couple of months ago. See Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?.
Apart from showing the steps, it also talks about why the process is pretty annoying unless you have a group of friends or colleagues you regularly email and you are all in this together.
-
I reached the same conclusions a week ago and decided to write up a tutorial on how to make encrypting email as easy as possible.
For those that might be interested, here is a (hopefully extremely easy to follow) tutorial on how to get email encryption working on a Mac running Mountain Lion:
https://medium.com/open-source/7151e454ed93
For those that want secure instant messaging the answer is much simpler and better. Get a client that supports OTR (Off The Record), on the Mac that's Adium. So long as you've clicked the "generate key" and both people have OTR installed, messages are encrypted.
-
Ian Dalziel, in reply to
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.12 (MingW32)
hQEMA4M1NX6Hba...EriyEalV/q5J7x2gn7S21UB2gYUqPgNu
=g6Fq
—–END PGP MESSAGE—–Hello 'Not-So-Public Address'...
-
There is a certain glee in posting in broad daylight for a single individual. I am intrigued/lazy to know with a key size of 2048 and the RSA algorithm, how much time that would take to crack based on Edward Snowdens suggestion to Laura:
"Assume that your adversary is capable of a trillion guesses per second"
The program suggested a 5 year expiry date...
-
For your webmail services like Gmail and Outlook.com, there's Mailvelope: http://www.mailvelope.com/
Comes in a Chrome app only so far, although they do apparently have a Firefox plugin in development.
-
TracyMac, in reply to
There's a list of mail clients here that natively support PGP and many others you can get plugins/addons for: http://www.vanheusden.com/pgp.php
-
For more food for thought, these days I'd probably prefer to use S/MIME over PGP. Integration isn't a problem with most modern mail clients (http://email.about.com/od/smimesoftware/S_MIMEEnabled_Email_Software.htm) - it's built-in with no addons needed. It's a slight PITA having to get the cert installed and configured in the mail client, but it's a download > install rather than generating and installing. Hint to Windows users, download a cert in IE even if you normally use Firefox - Firefox has its own certificate cache and it's annoying to have to export it from there and install it into the OS cache. (ETA: if you follow the link to install the Comodo cert from their email, it looks like it installs it correctly even if you're in Firefox.)
You need a third-party-signed certificate, but there are free providers: http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html
This is a basic guide for installing in Outlook, but just google "[mail client] smime" for instructions for most products: http://www.marknoble.com/tutorial/smime/smime.aspx. I would not recommend using Thawte certs as specified in this article - they require ID to "verify" who you are.
There are Gmail S/MIME addons - one's a Firefox addon, and another is called Penango (ironically used by the US Air Force).
-
GPG4USB: advantages: mobile, can be used to encrypt webmail and throwaways. Disadvantages: will teach you bad habits about encrypting only stuff which is worth the hassle, so it basicly signals people about content.
Still, better than nothing. And given my email useage patterns, probably a good match.
-
Great post Keith.
It's worth remembering that encryption done badly can be worse than not using it all. I'd urge people who want to use encryption to read and understand as much as they can when using encryption as there are many pitfalls. Key security is a biggy - the only cases of LE breaking encryption that are known to have occurred has been by obtaining private keys and passphrases. The use of open source security software is very important too in my opinion. You just don't know what proprietry software is doing when it comes to encryption.
However, the more people that do use encryption the better - I'm reminded of a comment from Phil Zimmerman about unencrypted email being similar to sending a postcard, encrypted mail being analogous to a letter in an envelope. Both can be intercepted and read, but a lot more effort needs to be expended to read the letter. The NSA will keep encrypted communications indefinitely, and they will be able to retrospectively "steam them open" in the future. Perhaps you could include PFS and OTR in your upcoming posts on this subject.
It would also be great to see some information on anonymous browsing via Tor (this is now fairly easy to set up - I posted this via Tor) and darknets such as I2P if you have the time or inclination.
-
Thunderbird Email with the Enigmail plugin (uses GPG) and is an easy to use, cross platform key management solution.
-
TracyMac, in reply to
One thing I didn't highlight about the advantages of S/MIME (beyond not having to download and run key-generation and mail client add-ons) is that public certificate distribution is easy - just send someone a digitally signed email (you need to ensure the option to include the cert is selected).
On receiving the signed message, all the recipient needs to do (in Outlook) is click on the signature prompt and select "add to contacts".
Since the key exchange is a bit "backwards" compared to PGP, they can now send you encrypted messages. You'd need to receive a digitally-signed message from them (it can be encrypted as well) to encrypt email back.
-
Hmm. I'm not sure that trusting Outlook or Gmail with Certificates and keys is any advantage - the NSA is already likely to have them in their pocket.
Post your response…
This topic is closed.