Secure Messaging in Ubuntu

Gene Heskett gheskett at wdtv.com
Sun Sep 8 15:16:19 UTC 2013 

On Sunday 08 September 2013 10:26:51 Alan Holt did opine:

> I disagree,
> 
> NSA use stolen SSL certificates or they ask to get real one from
> companies like Google or Yahoo.
> To decrypt 2048 bit SSL is physically unpossible.
>
And yet, even ant powered systems do it in milliseconds every day.

It can be broken given enough time & water through Hoover Dam to power it.

Some posted a link to StartSSL.com, which if its clean, might be a way to 
proceed.  If everyone on the net with their own web pages, hosted on their 
own machines like mine is, used a different key from StartSSL or a similar 
service agency, AND there isn't any metadata to identify what key other 
than what I can see in the listing of the keys I have stored here, there 
would in time become so many keys used that finding the right one to 
decrypt what I may choose to display, could become a time consuming cause 
of global warming.  Sure, each one has an identifier thats unique, but what 
good is a database of 9 billion unique keys?  That's 
4,718,592,000,000,000,000 bytes of storage just for one listing.

2048 bit, 256 8 bit chars, is today a small key however, so I would suggest 
that a new key std be established, as much to accommodate the variety 
without duplication, by squaring it to 65536, which would then be a 524,288 
bit key.  That, FWIW, was assumed in the above total.

However, in the present environment, how are we to know that every key 
STartSSL.com passes out, is not being forwarded to the NSA 5 milliseconds 
after its created?  We don't, but the answer to that is to flood their 
database.

IMO, that is an unclimbable hill of veracity they will have to climb a 
millimeter at a time.

OTOH, flooding the network with new keys would seem to be one way of 
flooding the database of keys they have to the point of being worthless, 
re-establishing to a large extent the security which which we do our online 
banking and such.  That much I am violently in favor of.
 
> Please don't read articles from media, better to read blogs of
> encryption experts: http://www.crypto.com/blog

I read at a good clip, 250-500 per, and I read most of that site, took 
about an hour, without finding a specific article that dealt with that in 
sufficient detail to back up your assertion.

> Original sneak peak documents are here:
> http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bul
> lrun-classification-guide

And this site seems to have everything under subheadings, with very little 
detail in the text, and FF only reports it cannot find the plugin to play 
the videos.  Without defining what plugin is missing.  Thats pretty good 
security I guess, but sure doesn't encourage me to revisit the site, so is 
obviously a net loser for the site.  That is their problem.

I think the only PGP I would trust, would be one built from Phil's original 
2.6.2a, which would be prior to his jail time, and is the version that put 
him there.

That code, expanded to create a 16 kilobit key, seems like it ought to keep 
them entertained for a while.  It can IIRC make a 2048 bit key, but I've no 
clue if its readily expandable to do a 16 kilobit key.

That would seem to be the best way to entertain the iceholes as BC so aptly 
put it below.

> On Sun, Sep 8, 2013 at 11:59 AM, Basil Chupin <blchupin at iinet.net.au> 
wrote:
> > On 08/09/13 17:01, Randolph D. wrote:
> >> Hi
> >> I tried to compile the secure Instant Messenger with Multi-Encryption
> >> for Ubuntu,
> >> can anyone help how to make it a .deb?
> >> 
> >> http://goldbug.sf.net
> >> 
> >> would be cool to have it in the repo.
> >> 
> >> Thanks Regards Randolph
> > 
> > Don't bother and don't waste your time.
> > 
> > Read this:
> > 
> > NSA has secretly developed ability to crack internet communication,
> > according to new Snowden documents.
> > 
> > http://www.aljazeera.com/news/**americas/2013/09/**201395224046206442.
> > html<http://www.aljazeera.com/news/americas/2013/09/201395224046206442
> > .html>
> > 
> > On second thought, go ahead and do it. If everybody used encryption it
> > would irritate the iceholes something aweful.
> > 
> > BC

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
         law-abiding citizens.

More information about the ubuntu-users mailing list