Slashdot Mirror

The research mentioned in the OP does not mention anything beyond capturing the RSA or ElGamal keys. However, in normal use, these keys are used to create "session keys" (also known as "message keys"). From http://www.pgpi.org/doc/pgpint... (PGP is the forerunner of GPG, which was designed to inter-operate with PGP)

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

From the same page

A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures.

Also, the page describes PGP Certificates as including

The certificate holder's public key — the public portion of your key pair, together with the algorithm of the key: RSA, DH (Diffie-Hellman), or DSA (Digital Signature Algorithm).

There is no description of a procedure for deriving any kind of intermediate key from the public key in the certificate.

So, the 4096 bit keys discussed in the OP might be the public keys contained in the certificates. In which case, these 4096 bit keys might be in use for months or years.

I hope there actually are intermediate keys being generated. If not, a disruptive redesign of the encryption tools we use will be needed. However, any existing encrypted files would still be subject to the analysis by the described attacks, so the "blinding" mentioned in the research would still be needed. Also, it does not mention anything about changes to how the keys are actually used.

Also, the OP (and headline) fails to mention that the research also discusses other methods, including a person, with a concealed device, merely resting their hand on the computer for a few seconds. I suspect this infers that blinding the analysis is even more important.

I remember the time when US Export Regulations prevented PGP to be exported legally. In order to lawfully bring PGP to other countries, the source code was printed in books which were then exported, scanned and OCRed. Interested parties could follow the progress on a website (# of pages scanned/OCRed/proofread). This went on until 1999, at which point export controls on cryptographic software were lifted.

There's actually an informative page about this which sports the same yellowish background I seem to remember from the nineties.

One thing the govt can always do, whether we like it or not, is revert to the control of encryption that was common in the 1990s and earlier. They could, by law, restrict encryption for export, etc.

No, they can't. As I just ranted about in an earlier comment... Source code is protected speech, and speech is constitutionally protected from government censorship. Without the overwhelming support needed to pass a constitutional amendment (which nobody believes the US Fed can possibly hope to manage these days), they can't legally stop the export of software, including encryption, from the US.

This is the trick PGP used many years ago to get around export restrictions, and they were eventually successful in court:

Export Regulations only covers software in electronic form (e.g. on disks, or via the Internet). PGP 5.0i, on the other hand, was compiled from source code that was printed in a book (well, actually 12 books - over 6000 pages!). The books were exported from the USA in accordance with the US Export Regulations, and the pages were then scanned and OCRed to make the source available in electronic form.

This was not an easy task. More than 70 people from all over Europe worked for over 1000 hours to make the PGP 5.0i release possible. But it was worth it. PGP 5.0i was the first PGP version that is 100% legal to use outside the USA, because no source code was exported in electronic form.
http://www.pgpi.org/pgpi/project/scanning/

Back when export control was still an issue, the not-yet-greybeards would get their PGP here, which is in Norway.

http://www.pgpi.org/pgpi/project/scanning/

Back in the late 90s when it was difficult to export strong crypto out of the USA, the PGP project came up with a program to get around this by using some loopholes in the law that allowed the source code to be exported if it was printed in book form.

So the PGP source code was printed out, made into books, shipped overseas, and scanned and OCR'd. My memory is somewhat fuzzy, but they had a suite of utilities to do this reliably. See http://www.pgpi.org/pgpi/project/scanning for a description and links to the tools.

PGP Phone.

The only thing this is going to do is catch a few minor criminals that may call Mexico/Canada for their weed.

Any real terrorist is going to encrypt what they're doing.

Hell, thinking about it right now, if I was a terrorist and I wanted to start sending coded messages, I'd start with craigslist. Put some 'orders'/messages in an image with steganography (encrypted of course), and just let it go by word of mouth that orders for the attack should be looking for a 1974 Blue Camero. They decrypt the orders and carry on.

All our anti-terrorism efforts can do is stop the truly stupid terrorists (and you don't need multi-billion-dollar equipment for that) or the ones who are sent out solely to test our defenses, with the expectation that they will be caught. The well-equipped, well-prepared serious badass that wants to slip in here and blow something up will do so, just as the 9/11 attackers did. If the drug cartels can build submarines capable of delivering their product undetected, terrorists can certainly find a way to get here, whether we want them to or not. America is too big, and has just too much activity at its borders, to ever truly secure itself. Hell, forget air travel: what about our seaports? No way in hell to inspect all that cargo: anybody who really wants in will find a way.

America is, and always has been, a goldfish bowl. We're swimming around in a transparent aquarium filled with fast-fading freedoms, and anyone who wants can take a poke at us. Nothing is going to change that, except maybe a change in foreign policy, but that will take years to have an effect. And that points out a serious flaw in our form of government: we aren't capable of making sustained efforts in many areas. Our foreign policy is too capricious, too driven by the needs of the moment and our leaders' own greed.

PGP Phone.

The only thing this is going to do is catch a few minor criminals that may call Mexico/Canada for their weed.

Any real terrorist is going to encrypt what they're doing.

Hell, thinking about it right now, if I was a terrorist and I wanted to start sending coded messages, I'd start with craigslist. Put some 'orders'/messages in an image with steganography (encrypted of course), and just let it go by word of mouth that orders for the attack should be looking for a 1974 Blue Camero. They decrypt the orders and carry on.

Ah, yes.... cehc all of your links :-) The last one is, of course, PGP Fone, silly!

The Government's Strategic Defence and Security Review, which revealed: "We will introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications within the appropriate legal framework.

Yes, it is _just_ a proposal, do you want it to come about? So... time to ramp up development of https-everywhere, ensure that you use GNU Privacy guard for all EMail, bit locker on your drives, and dust off your NT box to run https-everywhere!

A product like that came out a long time ago.

http://www.pgpi.org/products/pgpfone/

I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.

ft

A lot of older versions are available from The International PGP Home Page.

Innocuous emails are the ones best deserving of encryption. That's because it normalizes it. If everyone sends their private emails and IM conversations using GPG or OTR encryption just for chatty, MySpace stuff, it normalizes it so that when you have a good use for encryption (oh, getting the word out about human rights abuses - for instance), it passes under the radar. I am a peaceful person, and abide by mostly all the laws of this country. I don't use e-mail to send anything that may get me locked up. But I still use encryption where possible. If everybody else did so, it would normalize it and make it more difficult for governments to pass bad laws like this. Encryption, anonymity and things like Tor need to become normalized so that when people really need it, it's still available.

As Phil Zimmerman puts it:

What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.

You could, you know, encrypt your data using something like PGP. There's also an older free version of PGP here.

the filing date was "February 25, 2000". How many of those were around circa 2000? Skype only began around 2002-2003

the filing date was "February 25, 2000". How many of those were around circa 2000? Skype only began around 2002-2003

PGPfone does still run under Windows and the source is available. Zfone (also by Phil Zimmerman, is a new secure VoIP program. Gizmo and Skype also have encryption (though they're closed source).

I can remember Phil's PGPfone which was released before VoIP was "the next big thing." It used GSM speech compression and 3-DES/CAST/Blowfish cryptography "to give you the ability to have a 'real-time' secure telephone conversation" (directly over 14.4 Kbps (or faster) modem-to-modem, through the Internet, or through AppleTalk).

That died. It is good to see a new alternative that has adopted newer standards.

Another "oldy but goody" was Speak Freely.

Sorry its FONE Bleh. Still wonder why no one ever maintained it

http://www.pgpi.org/

This is exactly what PgpFone was supposed to provide. AFAIK, PgpFone was written by Phil Zimmerman, and the project was hosted at MIT. As you can see, not much happening here. However, the rights apparently went to NAI, but I don't think they currently offer the product.

I was able to find this link to pgpi.org where it looks like you can find old source and binaries for PgpFone. I don't know what the copyright status of these are.

In the face of the Patriot Act,etc, it would be great if someone started up, and modernized this project again.

There used to be PGPhone, but development on it stalled.

Pretty Good Privacy. Get it and use it.

Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve.
It's always been easy to achieve, provided you had a computer at each end. Remember PGPFone?

1) Take a look what PGP did to export their book of PGP source code.
2) Can the (US) government order you what you have to do at $DAYJOB or in your free time?

It's already been done... /joking

http://www.pgpi.org/products/pgpdisk/

http://www.tolvanen.com/eraser/

Never, ever forget these programs for Windows. They prevent anyone from snooping on your drive, even after you erase something. I run "Eraser" at 7 wipes every 2 weeks and have all my important files in PGP disks. Even the CIA can't crack PGP, they had to install a keylogger just to get his PGP key. Thats REAL security. http://www.pgpi.org/products/pgpdisk/ http://www.tolvanen.com/eraser/

Yet another reason to use Pretty Good Pricacy, and encrypt you disk partitions.

It talks about the origins of crypto a little, and leads into public key encryption, a field I have been trying to learn a little more about. Much better article than the parent!

"This article is horrible, and if I was an encryption newbie all I'd be able to do after reading this article is spout acronyms."

If you find encryption newbies, point them to the PGP user guide -- one of the best intros to encryption.

Already done m8. Check out these ones. DharmaPhone http://www.datavoice.es/DharmaPhone/en/default.htm PicoPhone http://www.vitez.it/picophone/ PGPPhone http://www.pgpi.org/products/pgpfone/

Maybe this ruling will finally convince people to use freely avaiable encryption. I PGP as many messages as I can (I don't have anything to hide, I just don't like the idea of people snooping on me), but not many of the people I email use PGP.

Google owns Orkut, Blogger.com, the largest search engine on the 'net, and is now offering free, high quality web-based email accounts with a gig of storage. Except for a few lone voices, I haven't seen any serious discussion about why this huge corporation is spending so much resources on providing these services for free.

The advertising revenue couldn't possibly amount to a significant fraction of the costs involved with these services. The value must lie in the personal information that people are donating to Google, Inc.. What are their plans for it? They obviously plan to datamine it - but how will and how can it be used? What new knowledge can be generated by correlating and cross-referencing your orkut, blogger, gmail and google search information?

It is troublesome that it seems to be popular and hip to be totally unconcerned about privacy. Attitudes like "we have none anyways" seem to prevail, and its funny to criticize those who voice some concern as tinfoil-hat-black-helicopter-seeing schitzos. It looks like people have forgotten that privacy matters. Like many other companies that try to collect personal information, Google's privacy policy is subject to change at any time. This makes it almost meaningless! It is effectively the same as saying, "We respect your privacy right at this moment, so have complete trust in us. Tomorrow we might change our minds."

What they need now is GPG integration. ( Windows, Linux )

Make it so!

You really should read this entire thread; your comments have already been covered. However, I shall recap:

...if you buy a Mac today, it will be patched for all of the recent security bugs you have mentioned...

That wasn't the point. The point was that, regardless of how quickly the issues are resolved, they are issues that NEVER EXISTED in OS 9. There were no holes to plug, ever. It doesn't matter if the problems in OS X are gone now; they WERE present, ARE present on many machines still in use, and ARE NOT guaranteed to be fixed on machines currently being sold, as many were installed, and the boxes factory-sealed before the issues were resolved. I have personally received a brand-new machine that did NOT ship with the latest OS, and I was allowed a free upgrade because of it. Don't make the mistake of thinking that just because the software is available means it is always present. Of such assumptions are catastrophes made.

Even if login is on by default, how secure is OS 9 to an intruder who has physical access to the box? The user data can't be encrypted like it can in OS X.

Also incorrect, and covered by our earlier conversations. Pretty Good Privacy is one of many utilities publicly available that are capable of such encryption, and if memory serves, they are capable of much more intensive and secure encryption than OS X is. The only difference is whether or not it's "built-in" to the OS. Regardless, regulating physical access to a machine was not the type of security issues that I meant, and I've already clarified that.

What about someone who wants to share their home directory? Is OS 9 still more secure than the same user sharing files in OS X? I am willing to bet not.

See above.

Finally, this is a really lame discussion because with even the most minor and simple user intervention (i.e. one click system prefs like turning on the firewall, enabling automatic security updates, switching file secure on, etc.) OS X is by far more secure than OS 9 by all standards. OS 9 was completely unstable besides all of this... OS 9 is secure mostly because of obscurity. It is dated and therefore will lack modern operating system exploits.

By your argument a modern blender has a more secure computer inside because it lacks any sort of network interface! Face it, OS X is better than OS 9 in every single respect including security.

Wrong, wrong, WRONG! OS 9 HAS a network interface. Several, actually. And they were, and are secure. I challenge you to show me a way that, with or without a firewall installed, you can hack into Mac OS X. Found a few? Good! Now try to find one for OS 9. Not a vulnerability in an OS 9-compatible app, but in the OPERATING SYSTEM. No luck? There's a reason for that. It's called being secure, and it has been universally recognized. You can make all the arguments you want about how OS X has more services and therefore more vulnerabilities, but again, that was not my point. My point is that, without installing updates, without changing defaults, there's one box you can hack into, and one you can't. The one that's got vulnerabilities is OS X. It's as simple as that.

I PREFER OS X. I use it daily. I am not trying to start a holy war here. You can take it personally if you want, but I've backed my statements up with links, relevant data, and verifiable facts. I use OS X, the same as you. The difference is that I am not in denial about its shortcomings, however few, and that I'm open to education, should I be presented with a legitimate argument. Are you?

You're kind of talking apples and oranges. You're right that security is not limited to the front door, but it's not necessary to put a portcullis inside the door if you know the door is secure. If you're particularly worried about your files in OS 9, download PGP. But my point is that, unless you screw something up on your own or let others access your machine, you just didn't need that kind of support.

OS 9 didn't have a built-in firewall because OS 9 didn't have a bunch of services running that needed one. Even the built-in mini web server only served files out of a specific directory that most people never touched. Regardless, the firewall in OS X isn't on by default, and therein lies the problem. OS 9 didn't have any security issues (that I know of), that were a part of the operating system. As far as the I.E. security issue goes, that's a problem with an application, not with the operating system. In addition, it's a 3rd-party app, though it ships with the system.

Sure, Appleshare is INSTALLED by default, but it is not ENABLED by default. When you first install your OS, you are asked if you wish to have a Shared Folder, and you then have to go through the steps of creating it. Think of it this way: your house has a lock on the door, and is locked as a default. When you want to get into your house, you need to unlock the door. Now, you're able to unlock it and leave it unlocked, but that's a problem with the user, not with the door.

The point that I'm trying to make is that is was damn hard to get into an OS 9 box unless the user did something really dumb, like leave their password blank. If memory serves, you'd even get a warning if you did so. OS X has had a not insignificant number of security vulnerabilities that existed BY DEFAULT. That is, the box (assuming it was on and had a network connection) was insecure just sitting unused unless the user downloaded a patch. OS 9 did not have these vulnerabilities. It's that simple.

I'm not complaining about OS X; I'll never go back to OS 9 unless I need to run a classic app. I'm just pointing out a relevant fact: that OS 9 was inherently more secure by default than OS X, given recent security issues that have been brought to light. I'm also not advocating less security over more... but in this case it wasn't necessary, and to tell users that they need to keep adding more and more levels of security to a box that's already plenty secure is a waste of your time and theirs.

Just try and see if you can find any useful data in there ;)

use PGPfone (it's open source)

Actually, it's called a Web of Trust, not a ring of trust, and it's the basis behind PGP and GnuPG

Someone mentioned that playing a mmorpg game as a long distance couple might be a detriment to communication. I strongly disagree. We played through several major mmorpgs and beta tests of other games together. During "down time" in a game we carried on "normal" conversation. During the exciting parts of the game we got caught up into solving problems together. We even developed mutual friends whom we visited in the real world.

As far as someone worrying that "girls" might not like to play games for hours at a time: I and many of my friends are evidence to the contrary.

Lastly, though I think the MMORPGs are best suited for couple gaming, don't discount the FPS games either. I enjoyed Action Quake and beta tested Planetside. I just think they aren't as good for a couple because they (I'm talking public server play, not clan gaming) tend to be all action all the time rather than a mix of action, socialization/political skill, and strategy.

Yeah, if it wasn't for the ability to have tar run the archive through b/gzip for me with the -g or -j flag, I would probably just use plain tar files. However, it is convenient enough to just stick the j in, so I bzip all my archives.

That said, when I used to use Windows, if I needed an encrypted ZIP file, I zipped it up with 7-zip, and ran the resulting zip archive through PGP to encrypt it. Archiving and encryption are separate. However, a flag for tar to run the final archive (after bzipping) through GPG would be nice. Otherwise, I would have to be un-lazy and type out a longer command, or be really un-lazy and make a wrapper script. And I am too lazy for that.

"Because speak freely does voice over IP with hard encryption. I don't know of any other VoIP product that does that".

You do now!

You can download PGPFone for free or do what I did involving cat'ing dsp through the stdin of gpg, and into netcat, and the reverse at the other end. Can't remember the exact switches - man gpg, and man nc.

"for doing a PGP extension to Mailman."

PGPi itself always had the PGPFone module, which can either encrypt a telephone line (your modem dials their modem) or handle internet calls (useful for people whose families are abroad)

Download it here, including source-code.

PGPFone or... VoIP with tunneling... Or... Smoke Signals over SSL and Bongo packets Yes $4000 saved is $4000 more worth of starbux cappucinos

"2. Encrypt your data. You can do this on your own machine or the family one, doesn't matter. GPG is available for Windows, Mac, and loads of Unices. It's also a simple, unobtrusive command-line tool that you can use to pretty well scramble anything."

When you're installing Mandrake GNU/Linux, simply specify an additional file partition when you get to the "setup the file partitions" bit of the installation, and select "encrypted" from the drop-down list of types.

When you're using the computer, you can then just type "sudo mount /mnt/secure" or whatever you called it, and it'll ask you for the password it needs to access that area of disk.

Anyone using MS-Windows, if you download PGPi version 6.5 (it's still available as free download) rather than the newer version 7.1, you'll find that it comes with a program called PGPDisk. You can use it to create a 100Mb (e.g.) file on your hard disk, which you can then double-click on that file and type your password to get a new Z:\ drive containing your secret files.

Both of these methods are much easier than encrypting file-by-file, and have the advantage of not revealing the directories and filenames you're using.

Of course, encrypted email is trivial, and supported by default in all good email programs.

If I could find the specification I could know, if it is as good as people claim or as bad as I fear.

Better than a specification, why don't you download the full source to PGPDisk and review it for us?

From the PGPi website, including the source.

Might not work on newer hardware, but it's still available.

Could a wireless mesh network such as this, then allow voice communication?

Try it