yeah!

Re: You Think Your Emails Are Safe?

First off PGP doesn't use 128 bits, the keys are 512, 1024, 2048, or 4096 bits in length (there are other lengths in this range too). You’re mixing up public key and private key encryption (pgp and ssl as examples). Hushmail uses 2048 bit keys with the AES algorithm, and according to Practical Cryptography 2003 on page 217 "A prime of 2048 bits can be expected to secure data until around 2022; 3072 bits is secure until 2038; and 4096 bits until 2050."

Here is another interesting quote:

"A good working assumption is that the NSA can read any message that it chooses, but that it cannot read all messages it chooses. The NSA is limited by resources, and has to pick and choose among its various targets. Another good assumption is that they prefer breaking knuckles to breaking codes; this preference is so strong that they will only resort to breaking codes when they wish to preserve the secret that they have read the message."

-Applied Cryptography 1996, page 215

Now what is far more of a concern to me is not anybody factoring a 2048bit pgp email but the FBI insisting to hushmail that they put in a backdoor. This happened to JAP (Java Anonymous Proxy).

It's funny the FBI is really pissed that they can't tap VoIP calls and they along with the Justice dept are lobbying to force VoIP providers to provide a back door for wiretaps. This isn't even encrypted either.

Re: Re: You Think Your Emails Are Safe?

Thank you

This topic reminds me of the movie: "The Enemy of the State" and its predecessor: "The Conversation".

My two cents is that the war on terror and the Patriot Act has more to due with the current climate of fear and concerning privacy than the aforementioned NSA and their omnicient abilities. The Patriot Act has essentially stripped the American Citizen of their right to privacy for the sake of national security.

We must fight fear wherever it rears its ugly head. Send your emails and don't think too much about it. I totally agree with 3Vandoo in the notion that hush and cyber are no safer than yahoo and hotmail. The trick is to realize that we are really small fish in a huge pond, as DangerousGround has mentioned.

The minute I think my life is that interesting to 'prying eyes' is the very second I should check my ego.

Now Kazaa... that's a different story.

STILES -

Bro, you try to make it sound like you know what your talking about.
You think NSA can't crack those codes???HUH

All those various algorithms, who do you think created them.
No Such Agency and contracters that way alot of them can't be linked to them. Man, alot of the time there is a back door right there without you knowing.

Example - There is a back door in any microsoft windows programs with NSA keys built right in except they are disguised as something else.

A couple of Belgian cryptographers, Joan Daemen and Vincent Rijmen created AES, which was originally known as Rijndael. It's also an official US government standard for encrypting government documents.

You actually think the NSA is so incompetent that they would name it "NSAKEY"????? Here is a decent explanation why NSAKEY is nothing more than a public relations blunder on behalf of Microsoft.


But for what it is worth the NSA doens't give a rats ass about gear, and doesn't share their toys with others.

Funniest thing is that the person you replied to, ah nevermind




The point is not to make people say "hey the ghosts are looking into your gears usage" as they might, just to make them aware that they are into a fake sense of security.

My view of security is security is not a state of being but a state of mind. The more layers of security that you can use to protect what you want to stay private the less likely it will be exposed. In that light it's hard to not see that encrypted email as better than plain text email if LE is watching you and sniffing your internet connection. But if the person you are emailing becomes a liability it doesn't matter if the message was encrypted or not (this is the reason we do our best to find reliable sources, and do source checks).

I also wouldn't assume that we are always worried about just LE, think of a network **** sniffing the company's network and you use yahoo! mail to order some gear. The network **** sees this and not only reports you to the boss but also to LE. Now if you used hushmail he wouldn't have a clue what the content was and at the worst you would get fired for using an encrypted service, but most probably nothing would happen, or maybe a tongue lashing (this all depends on company policy).

That's just my view. I just want everybody to be as safe as can be.