Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

If not Hotmail then what? What is the most safest free E-mail?

The commercial sector has been stagnant re: encryption for over 20 years. DES was the de facto standard for over a decade. The US government, on the other hand, has not used DES in well over 18 years. This means they have a 20 year advantage on encrypting and decrypting your data. Only recently has NIST even bothered to nominate and choose a new Advanced Encryption Standard (blowfish). DES stood for far too long and was assumed secure for that entire time.

PGP 2048 has been broken with 50 re-designed atari chips (ascs) in under 20 minutes, it is very economical from a law enforcement stand-point. Total cost of the machine was under 10 grand.

Remember, encrption isn't about keeping your data secure. It's about keeping data secure for X amount of time, X is a variable which changes radically based on the algorithm used.


Your passphrase does not do anything for key generation. That takes place when they ask you to move your mouse around the little black square. A long passphrase simply means it's harder for someone to guess, or MITM attack your account.

You cannot sniff server based encrytped mail; mail sent from one Hush user to another never leaves the server. You *can* sniff the connection of the end-user checking the mail. But SSL/TLS is secure for one primary reason, by the time the SSL connections times out (or the user disconnects) is not nearly enough time it would take to crack the keys and inject or pull out packets. And SSL and TLS sessions are session-based keys, meaning you use different key-sets for each session. So the hacker would be starting from ground-zero with each session.



pharmadan said:
Hushmail, cyber-rights, elitefitness, ziplip are all compatible. They all use PGP encryption, and as long as the public keys are available, they are compatible and secure. PGP providers are VERY secure (if you passphrase is secure). The advantage to PGP encryption is that if other eyes try to snoop into your mail, it is not "economical" to decrypt (again ... based on how secure your passphrase is). Not even the companies that host PGP based email can snoop. What I mean by "economical" is that the more secure your passphrase is (based on bits on entropy), the more expensive and time consuming it becomes for interested parties to crack the encryption. Read the diceware link below.

Keptprivate is NOT secure. Keptprivate does use SSL encryption from the email server to your desktop, which can inhibit packet sniffers, but the email can still be easily read from the server.

Assume any other email provider (yahoo, msn, hotmail) is NOT secure. BTW, operamail is NOT secure. If there is a link "Forgot your password?" anywhere, the system is NOT SECURE.

KEY THINGS TO REMEMBER
--------------------------
1. Do not accept unencrypted email (requires paid subscription with some providers).
2. Never send email unencrypted.
3. Your passphrase determines how strong the encryption REALLY is. http://world.std.com/~reinhold/diceware.html
4. Do not lose or forget your passphrase or you are screwed. It can not be recovered.

Basic PGP Information
http://www.pgpi.org/doc/pgpintro/
Click to expand...
 
PGP does not use DES. PGP is a hybrid cryptosystem. It is made up of 4 cryptographic elements: It contains a symmetric cipher (IDEA), an asymmetric cipher (RSA), a one-way hash (MD5), and a random number generator (Which is two-headed, actually: it samples entropy from the user and then uses that to seed a PRNG). Each is subject to a different form of attack.

http://axion.physics.ubc.ca/pgp-attack.html


Code said:
PGP 2048 has been broken with 50 re-designed atari chips (ascs) in under 20 minutes ...
Click to expand...
Don't believe it. I have Googled "atari pgp" and found nothing. Please post a credible reference and I will not doubt you no more.



Code said:
Your passphrase does not do anything for key generation. That takes place when they ask you to move your mouse around the little black square. A long passphrase simply means it's harder for someone to guess, or MITM attack your account.
Click to expand...
Never said it did. When referring to bits of entropy, it applies only to a brute force crack. You are correct here.



Code said:
You cannot sniff server based encrytped mail.
Click to expand...
Never said you could.



We both have done some homework and this thread is actually mentally stimulating. Maybe it should be moved to the chat board though.
 
You must log in or register to reply here.

Similar threads

Richard Brown
Napsgear What Actually Counts as a Working Set (Most Lifters Get This Wrong)
Replies
9
Views
921
ceo
ceo
UGL OZ
[UGL OZ] Back In Stock: Mast E, Mast P, Rip Blend
Replies
7
Views
621
abolone
abolone
Fella Finn
Approved Domestic Supply Product of the Week Spectrum Pharma Test E 300 !!
2
Replies
16
Views
1K
Tiger Salman Khan
Tiger Salman Khan
Richard Brown
Napsgear What Actually Counts as a Working Set (Most Lifters Get This Wrong)
Replies
9
Views
720
ceo
ceo
~Vision~
PSL Article 2 Part question - What's a most likely controversial and/or unpopular opinion you have about anything regarding the BB world? Question 2 -- click here
2
Replies
11
Views
1K
25homes
25homes
Top Bottom