Please Scroll Down to See Forums Below
internet security and why we need pgp or at least hushmail
- Thread starter chesty
- Start date
H
HappyScrappy
Guest
chesty said:
I do the same thing, except I write it in pig latin and then send it over unencrypted mail.
I mean who could ever break pig latin other than the intended receipient?
sorry. I thought it was funny.
seriously - hushmail and/or pgp are wonderful things if you use them right. the main problem are the people that don't use them right and then assume that they are protected and they aren't.
equiv to poking holes in your condoms so your dick can breathe and then having sex expecting protection.
L
Latimer
Guest
Blowfish.
other good resources are..........
www.safeweb.com which effectively spoofs your ip addy.....
www.zonealarm.com is an excellent firewall
use pgp......even if you dont encrpyt email with it and use the hush/elite system, use this prog to encrypt files on your harddrive and wipe files so no recovery prog will find them............
Unity66
www.safeweb.com which effectively spoofs your ip addy.....
www.zonealarm.com is an excellent firewall
use pgp......even if you dont encrpyt email with it and use the hush/elite system, use this prog to encrypt files on your harddrive and wipe files so no recovery prog will find them............
Unity66
H
HappyScrappy
Guest
Latimer said:
hushmail uses Blowfish
L
Latimer
Guest
I know. I was just trying to impress you Happy. I want to be down.
H
HappyScrappy
Guest
it is actually switching to openpgp at the new better looking version 2.0 (I think they are like 1.4 now or some shit).
as it goes now it is:
on your screen plaintext --> the java applet encrypts it in 1024bit blowfish (fucking HUGE keyset) --> browser sends this out over an ssl channel which is 128bit (I think it is DES) --> then that get descrypted on the server and stored in blowfish 1024 (the same as before).
then you want it is reverses that process... obviously it is a little more involved than this - but this is why it is so disgustingly secure if you go from hush to hush or ef or whatever.
if you go to an insecure partner, then it is plaintext on the screen, sent 128bit ssl (DES) to the server, and then sent plaintext from the server to the outside server - a whole lotta suck.
and part of the reason this is good is even if you could break the 128DES, which is really fucking hard, you would only get down to the 1024 (which would be hard to tell b/c it is all gibberish so it is hard to tell when you've broken it).
then 1024 would take longer than forever to brute force.
as it goes now it is:
on your screen plaintext --> the java applet encrypts it in 1024bit blowfish (fucking HUGE keyset) --> browser sends this out over an ssl channel which is 128bit (I think it is DES) --> then that get descrypted on the server and stored in blowfish 1024 (the same as before).
then you want it is reverses that process... obviously it is a little more involved than this - but this is why it is so disgustingly secure if you go from hush to hush or ef or whatever.
if you go to an insecure partner, then it is plaintext on the screen, sent 128bit ssl (DES) to the server, and then sent plaintext from the server to the outside server - a whole lotta suck.
and part of the reason this is good is even if you could break the 128DES, which is really fucking hard, you would only get down to the 1024 (which would be hard to tell b/c it is all gibberish so it is hard to tell when you've broken it).
then 1024 would take longer than forever to brute force.
L
Latimer
Guest
Gotta love Phil Zimmermann.
H
HappyScrappy
Guest
yeah, he's dreamy
L
Latimer
Guest
LOL!
Carnivore is a Joke
Carnivore is nothing but a tcp wrapper built around the snoop command (tcpdump for you linux lamers). Oh it's got some cool GUI to narrow down the snoop to specific packets and sessions, nothing you can't do from an Out-of-the-box Sun machine and the man pages.
All of the MAEs use something very similar.
You 4096b PGP keys, as cool as they feel, would last 24 hours if the govt wanted you. Rijndael would buy you a week, max.
Hushmail is kind of a joke if you think about it. It uses great encryption but relies on SSL (TLS for you opera boyz) for access...and it's not even IPSec bases SSL....just straight-forward OpenSSL.
Want real security? Only access the 'net (to do something illicit) via a public terminal, and only use that online identity for three transactions. Use PGP (cryptopak, Private Idaho, hushmail) if you want.
Carnivore is nothing but a tcp wrapper built around the snoop command (tcpdump for you linux lamers). Oh it's got some cool GUI to narrow down the snoop to specific packets and sessions, nothing you can't do from an Out-of-the-box Sun machine and the man pages.
All of the MAEs use something very similar.
You 4096b PGP keys, as cool as they feel, would last 24 hours if the govt wanted you. Rijndael would buy you a week, max.
Hushmail is kind of a joke if you think about it. It uses great encryption but relies on SSL (TLS for you opera boyz) for access...and it's not even IPSec bases SSL....just straight-forward OpenSSL.
Want real security? Only access the 'net (to do something illicit) via a public terminal, and only use that online identity for three transactions. Use PGP (cryptopak, Private Idaho, hushmail) if you want.
