What Encryption Do People In The Know Use?

A reader writes "What do cypherpunks in the know recommend for the paranoid types. I'm wondering because of the rising amount of protests. I look and most of these people seem clueless when using the net. Paranoia runs rampant (try taping a protest), yet they use stuff like real, which has been known to violate privacy. So my question is, what would slashdot readers recommend for people who have privacy they actually wish to protect? Are there any good laymen level papers on this?"

Re:Applied Cryptography is old.

[Zeinfeld]

Bruce is one of the best known experts, however he is not regarded in the field as being of the very front rank. One of the reasons for this being his habit of issuing 'Schneier-grams' which tend to make half-assed critiques of other peoples work in scathing tones only to be dropped quietly sometime later when his argument is shot down. His IPSEC critique was not exactly his best move.

It is always easier to state algorithms to steer clear of than ones to rely on. At this point IDEA is somewhat suspect, but when Applied Crypto 1 came out it was actually the best 128 bit cipher then available.

At this point most people are recommending AES (nee RIJNDAEL). The only reason to use 3DES is if you are forced to, there are still many banking applications that mandate DES. But 3DES is not a good cipher, it is slow and is subject to a meet in the middle attack that means that you do 3 times 56 bits of work to get 112 bits of security.

As far as software goes, practically all mail agents have S/MIME support built in. As far as security goes there are no serious attacks known against either S/MIME or PGP, beyond the fact that the chuckleheads in both IETF working groups flubbed the encryption of the subject line in both cases.

One problem with PGP is that it only really works well for confidentiality. It does not handle non-repudiation too well. Alice may know the message comes from Bob but proving it in court would be rather hard. Trusted Third Parties do have their uses.

The other technical problem with PGP is that it depends on the users being technically competent which most people are not.

The non-technical problem with PGP is the somewhat combustible nature of Phil Zimmerman. He is somewhat high maintenance. There is no reason why S/MIME and PGP use entirely different packaging formats except Phil's NIH policy, somewhat sad. The result being that Microsoft, Netscape, Lotus etc. implemented S/MIME and not PGP.

More recently the stale PKI/PGP debate has been rendered obsolete by technology such as XKMS which allows a client to use any PKI back end at all and not have to worry about how it works or how to configure it.