View Full Version : Encryption tools

14th December 2010, 12:15
Hi all

In light of recent posts about the Wikkileaks Bill, my mind started to remember the very first PGP encrytion program I used. It was DOS based for the pc and I used to encrypt all my UFO and Paranormal research files with it.

Just wondered if any of you nice folk use any such programs nowadays and if so, do you really trust that your encrypted file cannot be opened via a backdoor weakness in the encryption?



14th December 2010, 12:19
begin to wonder if it's a marketed program that the designer may have built in undocumented " back door " yes

14th December 2010, 12:28
There is openPGP implementation.. I will stuck with Opensource stuff, usually it has little surprises (and you can check for them if you have loooots of free time and nerve to read often badly-documented code).. but usually forget "ease of use" too

Officially, it takes sooome time to break 256 or 512 bit encoding ...

Unless you are not using official hardware .. or have some gpus hooked in parallel :P

14th December 2010, 13:01
The www watching system uses a 'fish ladder' system that tosses items of interest further up the ladder for a more specific check. Items that get all the way to the top of the ladder are given full 'human' attention.

Any serious encription really only attracts attention which gets your data higher up the fish ladder. It's a relatively certain bet that 'they' can crack most encrypted data quite easily. If you want to send data around the net without it getting the big guns applied to it you should think of a different way of doing it. The key is to not attract attention in the first place. If you apply a "gobbledy gook" factor to your data ( encryption) you might as well attach a flashing beacon too, and a message saying " here I am, come and crack me".

Seriously, these "clandestine" schoolboy games are not the way to do it.

14th December 2010, 18:54
I am sure the PTBs have programs that need no human input at all to crack a document encrypted with standard, widespread methods. I think the only safe way to go with encryption is to use non-standard methods (like applying in sequence a number of different encryption algorithms). This would require a team of experts analyzing the file to crack it instead of using the automated programs. It is more a matter of cost-benefit (whether they would be willing to commit the required resources) since it is not feasible to have 100% safety in a practical way.

Another way to go, as norman says, is steganography (http://en.wikipedia.org/wiki/Steganography), that is, to hide the information. It can be hidden in, for example, images. The information would appear as noise and it should not be noticeable. There is software for that, but then again, the safest way is to use a custom method.

EDIT: another scenario, of course, is that the PTBs have people trained to read minds and thus they can extract the passwords and methods used :)

14th December 2010, 22:06
Any encryption that is used legally and commercially is suspect IMHO.

Use of open source is good advice but does not counter the above suspicion. Its a good idea for other reasons.

If you can I'd go for elliptic curve crypto - there are no commercial implementations and the NSA bought the patents - this tells me all I need to know :)

That said, if I want to keep something private AES-256 is good enough. I'd only be bothered about the strength of crypto if I was going up against the Isreali's or the NSA etc.

BTW: The normal challenge is not the strength of the crypto, but the key strengths and the key storage. If you are up against people with the resources to pull the key right out of your mind - or say RV you actually typing it in the past - then I'd say it doesn't really matter what strength crypto you use.

14th December 2010, 23:31
I get the impression some of you think I want to send stuff over the net, i dont and I no longer use encryption which by the way was only for harddrive storage and protection. Was just curious if anyone used such stuff nowadays...