tag:blogger.com,1999:blog-2469109905542911409.post6150855673588591682..comments2023-12-23T16:59:19.185+00:00Comments on Western Rifle Shooters Association: Robb on EncryptionUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-2469109905542911409.post-44951363800449286392010-01-20T05:08:54.962+00:002010-01-20T05:08:54.962+00:00When your OS is a sieve -
this is but the latest...When your OS is a sieve - <br /><br />this is but the latest in an interminable parade of publicized vulnerabilities: http://blogs.computerworld.com/15416/ditch_ie_over_google_china_hack_bug?source=rss_blogs <br /><br />- crypto is of limited use. What good is strong encryption if they have 20 ways of walking right in and grabbing the (asymmetric encryption) private key and the password that protects it?<br /><br />Furthermore, think twice if you should ever receive an email from a friend saying, "They've parked a SWAT van on my lawn; this is it; get the guys and come give me a hand". If the other computer is compromised, this can all be forged and orchestrated, down to the GPG encryption and signature.<br /><br />Concerned parties should work out special phrases, one-time passwords, or whatever, ahead of time in private.<br /><br />Don't fully trust your computer, period. But do use GPG, Tor, etc.<br /><br />Incidentally, I looked up the guy who runs scroogle.org and, while the site looks handy, I got the impression that the guy is ideologically aligned with the likes of SPLC to a significant extent.<br /><br />I wouldn't use his anonymizer for anything militia-related.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2469109905542911409.post-91880162245698298602010-01-20T01:12:33.145+00:002010-01-20T01:12:33.145+00:00You can also get "Incognito" which is a ...You can also get "Incognito" which is a Linux distro on a live CD that is already set up for anonymity, usable on any computer. It will also make a bootable USB stick.<br /><br />Link here: http://www.anonymityanywhere.com/<br /><br />Crusty<br />IIICrustyrustyhttps://www.blogger.com/profile/09478587825608882510noreply@blogger.comtag:blogger.com,1999:blog-2469109905542911409.post-4429272505434760612010-01-19T23:54:39.166+00:002010-01-19T23:54:39.166+00:00Google mail account? Thanks, but no thanks.Google mail account? Thanks, but no thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2469109905542911409.post-83645123671175368972010-01-19T06:23:13.121+00:002010-01-19T06:23:13.121+00:00Having some relevant background in these matters, ...Having some relevant background in these matters, I'd just like to offer a few words of caution:<br /><br />1. PGP-/GPG-style tools are very nice, provided:<br /><br /> - you can reasonably trust they haven't been tampered with prior to your installing them<br /> - you can reasonably trust the security of the systems used to run the crypto packages<br /><br />with the qualification that trust due to technical naivete is not reasonable trust.<br /><br />The unfortunate reality is that building and maintaining a reasonably trusted system requires considerable knowledge and discipline. Using anything Windows-related to that end is a categorical non-starter, as the probability of the NSA *not* having back doors into Windows is less than that of Dear Reader *not* being a traitor to his office and oath.<br /><br />2. Even beefy public-key encryption is vulnerable to truncheon cryptanalysis:<br /><br />http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis<br /><br />3. If, like a lot of people, you're a casual critic of our blessed "fascism with a smile", go ahead and use GPG as needed since that'll protect you from general Echelon-style surveillance and no one would care to read your righteous indignation anyway.<br /><br />If, like fewer people, you're a "person of interest" or on your way there, don't trust your computers/comms without obtaining *expert* assurance. Otherwise, if you're on NSA's radar, the safe assumption is that they're "all up in your sh*t" or can achieve that status at their convenience. <br /><br />Baiting them with disinformation on a compromised channel is an interesting strategy, yes?<br /><br />4. In sum, it would be great if everyone used crypto such as GPG as much as possible. This would make the bastards work all that much harder for their intercepts, and dilute important messages in a sea of scrambled bits. Please use it!<br /><br />But continue to assume that the systems and channels are or can be broken, unless you have a *very* compelling reason to the contrary.<br /><br />-S<br />IIIAnonymousnoreply@blogger.com