Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Encryption Do People In The Know Use?

Posted by Hemos on from the gnupg dept.

A reader writes "What do cypherpunks in the know recommend for the paranoid types. I'm wondering because of the rising amount of protests. I look and most of these people seem clueless when using the net. Paranoia runs rampant (try taping a protest), yet they use stuff like real, which has been known to violate privacy. So my question is, what would slashdot readers recommend for people who have privacy they actually wish to protect? Are there any good laymen level papers on this?"

2 of 59 comments (clear)

  1. Two suggestions: by duffbeer703 · · Score: 1, Insightful

    "What do cypherpunks in the know recommend for the paranoid types. I'm wondering because of the rising amount of protests. I look and most of these people seem clueless when using the net. Paranoia runs rampant (try taping a protest), yet they use stuff like real, which has been known to violate privacy. So my question is, what would slashdot readers recommend for people who have privacy they actually wish to protect? Are there any good laymen level papers on this?"

    What in gods green earth does this dribble mean??

    Two suggestions for you:

    1. Turn your computer off

    2. Learn to read and write. Pay particular attention to things like complete sentences and paragraphs.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  2. If your're smart by randombit · · Score: 5, Insightful

    you won't take the algorithms specified in other posts and toss them into a program, because it would almost certainly be insecure. Algorithms are fine, but strong block ciphers, public key encryption algorithms, and hash functions have been around for 10 years or more. OTOH, getting the key managemnet, random number generation, etc right is hard and takes a lot of experience and knowledge.

    My call would be to use GnuPG. It uses strong algorithms, uses a well know and fairly intensivley studied format, open source, and the people who did it seem to know what they're doing pretty well. If you're feeling paranoid, use the TripleDES or Rijndael-256 options to encrypt, though personally I feel perfectly safe encrypting even very personal things with CAST5.

    If you're actually interested in papers, etc, I would start it out with more practical-oriented things (for example, the specifications of Blowfish, MD5, SHA-1, and RSA - not what you find in Applied Crytography or whatever, but the original academic papers - with fairly minimal experience in programming you should be able to understand things like this fairly easily). From there, you can start to read the more involved papers, with complex algorithms and protocols, weird mathematical systems, etc.

    Basicaly "in the know" people know that it's not encryption that breaks a secure system. It's the fact that your OS has a remote root hole (or equivalent), or the FBI put a keylogger in your keyboard, or there is a microphone planted in your room. It's much, much simpler to do any of those things than actually break modern encryption algorithms (consider that the FBI actually carried out my keylogging point in order to grab a PGP passphrase that some mob guy was using to encrypt his books). So unless you're sure that the FBI (or anyone else) can't do something like that, there is no point in using anything that might theoretically be more secure cryptographically speaking.