Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

SECURE email..

  • Thread starter Thread starter musclebones
  • Start date Start date
M

musclebones

Guest
Someone explain to me how i can communicate with my .. friend .. via secure email. this hushmail stuff is CRAP. it never encrypts shit. I think the person on the other end has to be involved with it for it to work ? What else are my options ??
 
Generally speaking you have to use compatable mail servers for the encryptions to work, so if he is using EF mail and you use EF mail then its encrypted end to end.
 
hushmail is based on PGP security... EF mail is as well....

when you register you public keys get stored on a public key directory server. Hushmail does encrypt.. only issue is Hushmail has access to your private keys so they can read your mail.

If you want real protection get the PGP suite for your own computer... then the only weak link is the recipient and how they handle their mail.

PGP desktop can send to Hushmail / EF ... on and on encrypted.


BTW - The encryption on all of these are the same and it is great encryption - but implementaiton/handling is always the weakest link in the chain...
 
jh1 said:
BTW - The encryption on all of these are the same and it is great encryption - but implementaiton/handling is always the weakest link in the chain...
Click to expand...

Actually, the government back door into PGP (and other encryption schemes) is the weakest link unless you take it out and compile the source code yourself.
 
AustinTX said:


Actually, the government back door into PGP (and other encryption schemes) is the weakest link unless you take it out and compile the source code yourself.
Click to expand...

Does the tin foil hat get itchy?
 
AustinTX said:


Actually, the government back door into PGP (and other encryption schemes) is the weakest link unless you take it out and compile the source code yourself.
Click to expand...

Uh... Yeah. I have read your theories on this before.... in a different thread. You have a friend that works there or some crap...
 
jh1 said:
Uh... Yeah. I have read your theories on this before.... in a different thread. You have a friend that works there or some crap...
Click to expand...

Uh no, I don't have "theories" on this. I haven't mentioned it before and I don't have any "friends" that work there. I do know that everything the government does (or corporations agree to) is certainly not public, and security experts always recommend compiling your own binaries vs using ANY commercial version. This is notwithstanding the hoax 10 years ago.

from PGP.net:

For the PGP 5.x and higher versions based on the PGPsdk so its sourcecode can be verified, but the use of "home-compiled" binaries seems to be forbidden by the license, even when you bought a commercial license for the same product. Only comparison between a "home-compiled" binary and the binaries as provided in the commercial package seems to be allowed, but this very hard and has not been succesfully done as far as I know (even if exactly the same compiler with exactly the same options would be used, the resulting binary would differ in non-trivial ways). Bottom line: if you do not trust NAI to have sold you the untampered version, you should be using one of the open source versions whose license does allow compilation from source and use of the subsequent binary.
 
Last edited:
Oh, and if you're not old enough to remember...

Remember when it was proven that Microsoft had a back door into the OS and encryption algorithms for the NSA, hint: it's still there. It was accidentally discovered when MSFT released a version with debugging info left on. Those sorts of "agreements" are never published, subject to security clearances, etc.

http://www.techweb.com/wire/story/TWB19990903S0014

two quotes from the aritcle:
The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward.

"For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers.

According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said.
 
Austin -

No offense was intended - it was a late night.

I am a computer security industry insider and I share paranoia about these things beyond what is even reasonable at times. That is what makes a good computer security expert. However, the article you linked only shows these companies cannot get away with this stuff. No one, and I mean no one trusts microsoft - period. We rely on companies like - Checkpoint, PGP, Counterpane, and others and in them we only trust because we know.

There is significantly less trust in PGP since it was bought out - I'll grant you that. But these Desktop Security package is what it is - and there are no back doors - at least in the US product.

I read the whole thread awhile back about what to do with about your hard drive - and it was a little hard to swallow. I wanted to respond to so many spewing about thing they had no idea about (including Macro - no offense but you were). I never did reply. Lets just say it was hard to watch so much mis-information being thrown around....

Besides - even if I had replied I would have probably been believed to have been wrong by the majority - even though I would have been right. I may even be viewed to be wrong here... but I am not...

A good book to read for anyone about this subject: Secrets and Lies by Bruce Schneier. He is considered the one of the worlds formost experts on computer security, and even mort prominently held in the encryption arena...
 
AustinTX said:
Oh, and if you're not old enough to remember...

Remember when it was proven that Microsoft had a back door into the OS and encryption algorithms for the NSA, hint: it's still there. It was accidentally discovered when MSFT released a version with debugging info left on. Those sorts of "agreements" are never published, subject to security clearances, etc.

http://www.techweb.com/wire/story/TWB19990903S0014

two quotes from the aritcle:
The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward.

"For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers.

According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said.
Click to expand...

I agree with what you saying. I just think your a little paranoid.

The Microsoft NSA dll thingy was a bit suspicious but I tend to do believe it was just a coincidence.

Here's a good page for you: http://www.aci.net/kalliste/privacy_crypto.htm . The cryptoAG story would probably be especially interesting.
 
jh1 said:

Besides - even if I had replied I would have probably been believed to have been wrong by the majority - even though I would have been right. I may even be viewed to be wrong here... but I am not...
Click to expand...

Amen to that. I've given up trying to explain why others on this board are wrong. If your not one of the first few posters on a computer security thread, there will be so much disinformation that no one will believe you when you post helpful, correct information.
 
Hey you guys haven't seen paranoid until you meet some of the security nerds where I used to work :)

I believe the implementation of the NSA thingy, even though MSFT later said that it was there, but they never actually gave the key to the NSA, was best represented by the backpeddling and multiple changing stories, I think the most reliable non-PR responses were by the original developers when confronted. I don't believe you can find the replace nsa key zip on any US servers anymore either...

I'm personally not worried about it, but since I'm a geek, I compile my own instead of using commercial. Stuff like this:

"They were also keen to point out the NSA's history of rigging software in order to gain access to confidential data. According to an article in the UK's Observer newspaper, in the 1970's, the agency had de-encryption software inserted into systems sold to Swiss software manufacturer Crypto AG, to enable it to read coded diplomatic and military traffic from 130 countries. And in Lotus Corp's products imported to Sweden, the NSA's so-called "help information" trapdoor was found to have compromised confidential mail of Swedish MPs and tax office staff. "

whether true, false, intentional, or just bad programming, make me stay away from commercial/pre-compiled encryption.

FYI, I don't hang out at conspirarcy theory sites, this stuff just makes it sound like I do :)
 
With this whole patriot act thing I am just a little concerned. I realize the government has alot on it's plate, and shouldn't really be worried about 1000 tabs of dbol being shipped, or something like that. But theres always that thought. Local authorities can monitor email to, right ? I just wonder what amount of juice is reason enough for THEM to be concerned.
 
musclebones said:
With this whole patriot act thing I am just a little concerned. I realize the government has alot on it's plate, and shouldn't really be worried about 1000 tabs of dbol being shipped, or something like that. But theres always that thought. Local authorities can monitor email to, right ? I just wonder what amount of juice is reason enough for THEM to be concerned.
Click to expand...

I think it's quite simple actually. If you use some common sense, you'll most likely be fine. Bad luck (broken, leaking amps), or a shitty source (shitty packaging) will bring you down. Other than that, the gov't has better things to do then chase down personal users. The intelligence community has unbelievable capabilities but I highly doubt they'd use them for even the largest steroid dealers.
 
You must log in or register to reply here.

Similar threads

D
best dosage of bpc157 for newbie
Replies
8
Views
467
s.gentz
s.gentz
dylangemelli
Approved Umbrella Labs Processing and Email Contact Help
Replies
14
Views
2K
RoySimpson
RoySimpson
N
tb500 for shoulder help
Replies
9
Views
492
Knarfster
K
Z
best carb options ?
Replies
11
Views
1K
MUSTANG_18
MUSTANG_18
W
s4 and ostarine as a lean bulker
Replies
15
Views
1K
Noah Wixx
Noah Wixx
Top Bottom