The Titanic was supposed to be unsinkable too. IMHO there is no level of encryption that can't be cracked given enough time and desire. Right now I would say this type of communication would be very secure, but to think it will always stay secure would be foolish.
God is always good! "It was an interesting day." - President Bush, recalling 9/11 [White House, 1/5/02]
True, but... the more people who routinely encrypt their communications, the more likely they won't bother trying to decrypt any particular one.
There's always the possibility that the gov procured some mega power computer that they would be willing to have run for days/weeks/months just to crack one particular encryption. It's also possible they got hold of some mathematician was able to invent/discover a way of cracking codes with a simple algorythm, which would be an "I found the holy grail" achievement. If you can easily find the only 2 very, very large prime numbers, which when multiplied together get a much bigger number, without doing lots of trial and error divisions, then that would be you.
Probably the biggest potential vunerability though is a computer or phone that's been hacked with some kind of spyware. Encryption wouldn't mean squat then.
#6. To: robin, Neil McIver, Tauzero, Jethro Tull, lodwick, christine, Esso, angle, bluegrass, Eoghan, Mekons4, BTP Holdings, SKYDRIFTER, Dakmar, Horse, Max, ladybug, mirage, randge, bluedogtxn, Red Jones, RickyJ, loner (#2)
You've got to get over the encryption seduction of computer communications. Computer communication is the LEAST secure method of communicating with other people covertly. Encryption cannot protect ANYTHING on the internet. There are at least two major vulnerabilities to internet communications. First,mechanically, email communications can be recorded, and are recorded, in your computer. Even if you delete them, they're still in there, and the FBI (being the least technically capable of the agencies) can often pull them back out and reconstruct them. Secondly, systemically, it is impossible to know ho much of your electronic communication is recorded by the ISP, by agencies monitoring the web, etc. Even if you encrypt what you send, it is basically out there forever for someone to decrypt; which means that you are relying on today's encryption to protect you from tomorrows decryption programs. Additionally, you don't know that the programmers putting together encryption software haven't given the gummint the keys and backdoors to decrypt your stuff when the DHS agent comes and says it's a "matter of national security"...
The best way to communicate covertly is old school. Face to face in the middle of nowhere, or using a private code that only you know, etc. The very best means is to stay under the radar and to not be suspected in the first place. While that may be impossible for people who are psyops or propagandists, due to the nature of the work, it is relatively easy for their friends.
the law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, beg in the streets and steal bread.
The temporal encryption schemes are the best. That's what we used in a video conferencing project. The infrequent 'I' frames are a total refresh, but the intermediate frames are not. As the video progresses, the encryption key changes over time; what you may lose in efficiency you gain in security. Always tradeoffs.
Even if you delete them, they're still in there, and the FBI (being the least technically capable of the agencies) can often pull them back out and reconstruct them.
If you write over them at least 7 times, they will indeed be deleted and even the CIA won't be able to get that data.
God is always good! "It was an interesting day." - President Bush, recalling 9/11 [White House, 1/5/02]
Encryption cannot protect ANYTHING on the internet.
I beg to differ, but hey, you can believe what you want to.
If you don't trust any of the encryption software providers you can just write your own up and encrypt it yourself. Encryption can give you good to very good protection now. I wouldn't say it is 100% totally secure today, but it would be very close to that today. It's about as secure as it will ever get IMO right now. In the future I can see it being much less secure.
God is always good! "It was an interesting day." - President Bush, recalling 9/11 [White House, 1/5/02]
Basically, the govt does not release any encryption scheme it cannot decrypt.
Fine, are they really going to go to all the trouble of decrypting every frame of every video conferencing call?
No, but if they want to put someone away, they might.
As the links I posted above mention, the endpoints are still vulnerable.
But measures can be taken. Most people won't do much more than a firewall.
If you are really paranoid perhaps a separate cheap computer for communication that can be reformatted and reinstalled quickly, or a ghosted image copied over quickly.
You lose everything you don't backup, but the system is clean.
I use a creditcard with a small amount on it for my online purchases for similar reasons. Not quite the same, but the point is we can take measures.
You've got to get over the encryption seduction of computer communications. Computer communication is the LEAST secure method of communicating with other people covertly.
I'm not sure that's literally true, as postal letters are arguably less secure, but what you suggest is far, far from practicable. You might as well say to avoid phone tapping you should stop using phones, and to avoid car accidents you should sell your car and ride a bike everywhere. Janis Joplin sang about freedom being another word for "nothing left to lose", which unfortunately describes the result of many patriots who preemptively ensure that the government can't take anything from them. Making yourself immune from government activity by bankrupting yourself of phone use, cars, or what have you is no solution.
We need something that works. Sure, there are no guarantees. But IF you are going to use phones to communicate, THEN this kind of encryption is better than nothing. Granted we should not be lulled into a false sense of security. All things in moderation.
Yes you do point out that sound encryption requires assurances that the gov doesn't already have a decryption key for everything, and Microshaft was accused of creating one for the NSA. Another good reason to go with open source linux. The phone service described in the article is linux based. (Which I downloaded).
I don't think this is so much an explanation of VoIP as it is VoIP *networks*. The "asterisk" software that's described can be used to replace an office phone system. Except that the "office" with this network doesn't have to be confined to one building. The office can be virtual with each cubicle located anywhere in the world.
The author makes the point that as long as he is only communicating with people tied into his virtual phone network, the communications never enter the standard telephone grid, and therefore doesn't pass the fed's wire tappers. In fact I don't think he can call into the phone grid from his network phone unless I missed that.
What's interesting to me is the likelihood that two of these virtual networks (i.e. two "businesses" each with their own internet based phone servers or phone "centers"), might be free to interact with one another without going through the telephone grid. If so, then the stage is set for the complete demise of the telephone grid itself, as all phone communications would/could just be made from one internet phone server to another internet phone server just like email today never enters the phone grid. All transpires solely over the internet.
What's interesting to me is the likelihood that two of these virtual networks (i.e. two "businesses" each with their own internet based phone servers or phone "centers", might be free to interact with one another without going through the telephone grid.
Intriguing, but I don't see landlines going away anytime soon.
I would like to try out what he's doing with his own phone server, or network.
Intriguing, but I don't see landlines going away anytime soon.
No, not anytime soon. Replacement would require everyone that has a phone to instead have broadband internet access, and beyond that, access that is reliable. The standard phone grid has 100 years of infrastructure and engineering development that has made it 100% reliable, excepting major disaster events.
I would like to try out what he's doing with his own phone server, or network.
Just doing what we all want. Talking on the phone with some assurances of privacy.
IMHO there is no level of encryption that can't be cracked given enough time and desire.
256-bit AES is virtually unbreakable. A 256-bit cypher offers 2^256 of possible keys. If you had the computer horsepower to test 1 trillion keys every second (using a typical brute force attack) then it would take 3.67^52 years to exhaust 1% of the total keyspace.
There have been contests to break encryption. Check out distributed.net
The results from their 64-bit challenge are as follows:
It took 1,757 days for 331,252 people to test 15,769,938,165,961,326,592 keys. The peak rate was 270,147,024 kkeys/sec. The equivalent computer horsepower to check that many keys was 45,998 2GHz AMD Athlon XP machines.
They started another contest in 2002 to break a 72-bit key. It's still going.
Encryption cannot protect ANYTHING on the internet.
That isn't true.
...mechanically, email communications can be recorded, and are recorded, in your computer.
If your mailstore (the files in which your email is stored), such as a PST or MBX file, is located inside of an encrypted file container then nobody will be able to access it.
...you don't know that the programmers putting together encryption software haven't given the gummint the keys and backdoors to decrypt your stuff...
TrueCrypt is open source. You can see if there are any backdoors (and there aren't any).