On 16-04-09 05:59 PM, James Knott wrote:
On 04/09/2016 05:51 PM, Stephen wrote:
On 16-04-09 05:39 PM, Stewart C. Russell wrote:
On 2016-04-09 05:05 PM, James Knott wrote:
GPG forever!
Except that:
1) you can still see all the regular e-mail header metadata, so with a
lot of data correlation, you can work out who is doing what and who is
part of which network without decrypting the messages;
2) it sets the NSA's "Has Something To Hide" bit:
<http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>;
and
3) you have to assume that the code and the system you're running it on
haven't been compromised.
The best form of encryption that I ever read about is to use a book.
You need to be able to agree on the book in a secure manner.
Then each word in the message is replaced with a pair of numbers,
corresponding to the page and word offset of the word.
The number data can be appended to a jpg file that is distributed on
social media.
Actually, the best method is a "one time pad" where there is a series of
random numbers to use for encrypting. It's claimed to be truly
unbreakable. However, there is the minor problem of securely exchanging
pads. Each end needs identical ones. The current encryption methods
generate a random number to encrypt the data and then use a
public/private key pair to exchange the random number. The random
number may also be generated at intverval, so that the same one is not
used too much.
The problem with this method, is that it is obvious that data encryption
is being used.
--
Stephen
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk
