So I started composing an email to knowhow@twit tv and a few moments in I realized I need your Pu...

[G+_andrej stefanovski]

So I started composing an email to knowhow@twit.tv and a few moments in I realized I need your Public PGP Key. hoped over and did a few public key searches... no keys found!

 

#KnowHow   #PGP   #emailencryption  

[G+_Max Heep]

Actually email encryption is a joke.  Its too complicated for the click-here crowd, and one major flaw.

If you are one of a vast minority using email encryption, that will draw Big Brother to you like a lightblub calls moths.

And do really think Big Bro can't can't crack PGP? Or can't in the future? (Make that near future-computing grows fast!)

Google is begging to scream we are not evil. Let them put a "encrypt now" button in GMail. That is the only company I would even consider slightly trusting.

If everyone is encryped, Big Bro would be overwhelmed.

Not dead. Just delayed.

[G+_Max Heep]

They don't. Its a sad future. Look at any study. People act like sheep. I'm not being glib, I'm not being political. Study after study...

People act like sheep.

Now combine that with everyone not caring about their privacy.

The consolidation of power is scary.

[G+_andrej stefanovski]

Max Heep I think as a matter of principle if you have an issue with the government storing all your communication, it is worth it to you to take the 5 minutes necessary to setup your sec/pub keys and post them to key servers. 

 

In relation to +Google, they could implement S/MIME encryption for free since they are a sub-Certificate Authority but they would either have to use your Secret Key to decrypt and scan your emails for their advertising purposes or else they've just cut out a major source of data they mine for advertising profits.

 

My emails are incredibly boring and have no information of interest to any government or individual outside of the conversation. Yet, I know the raw power that would be associated with breaking a 4096bit key with a >200 character passphrase (thanks LastPass) with current technology. So if my email manages to tie up a few NSA clusters for a few days so they can get a first class recipe for hamburger patties, I'll take some pride in that.

 

As a last note, I made a set of keys for each of family members and downloaded a Chrome Plugin called WebPG - this allows them all encrypt & sign all their emails inside of gmail, running in google chrome. Its about as 1-click convenient as anyone can ask for, in my opinion.

[G+_Mark Dymek]

Max Heep it would take government or any other person who tried a very long time(1000s of years) to break modern encryption. even so the government does not need a way to do it as Leo says most crooks give the password. the binary installers for PGP on mac, windows and linux are pretty good and user friendly. 

[G+_Mark Dymek]

Max Heep there was a case a few years ago of a Pedophile ring that the police were getting close to arresting but their investigation was stopped because they were using secure means of communicating and sending files. However they are now in jail not because the FBI broke their encryption but because one of them gave them the password. 

[G+_andrej stefanovski]

Agreed Mark Dymek , GPG Keychain Access on Mac and Gpg4win are both ridiculously easy to setup and use.

 

The only points I'd make that I feel isn't highlighted enough is to immediately generate a Revoke Certificates and store it with your secret/public key backups. So many people have created dozens of key pairs over the years and uploaded them to public servers but don't have the ability to revoke their previous public keys. The key search is rather littered with abandoned keys at this point :-\

[G+_Cole Brodine]

For you guys using the chrome plug-ins, you may want to reconsider.  A recent episode of Hak5 showed a new metasploit plugin to steal your secret key.  They demonstrated that the chrome plug-ins are storing the secret key in plain text!

[G+_andrej stefanovski]

Cole Brodine thanks for the heads up. I use Thunderbird + enigmail but I do have my family all setup using WebPG plugin.

[G+_iyaz akhtar]

PGP is our next ep. We'll get on this! 

[G+_andrej stefanovski]

lol just realized I'm watching you live on #TechNewsToday! :p way to multitask iyaz akhtar

[G+_Max Heep]

iyaz akhtar Should we use PGP? I been thinking about this. No I don't want a creepy Uncle Sam snooping into my personal (albeit boring) life, but there is a trade off.

If we encrpt everything, and as Andrej said:

"So if my email manages to tie up a few NSA clusters for a few days so they can get a first class recipe for hamburger patties, I'll take some pride in that."

I'm not happy with this either.

We live in a world where bombing a  busload of schoolchildren is a good thing. Gets you warm and snugly with God.

I'm not happy with Uncle Sam and his Creepy Mission, but we need security. That's what they do. For us.

What we really need is to look at the Constitution. No, not amendments and pork barrel spending. The basic principle of the Constitution. A balance of power.

When Uncle Sam is prosecuting someone,the judicial branch should ask how did you get this information? If it was obtained before there was a reasonable right to get it, then fuck you creepy Uncle Sam.

Case dismissed.

[G+_andrej stefanovski]

Max Heep lol if you're implying that I hope the NSA is to busy decrypting my worthless traffic to stop suicide bombers from blowing up schoolchildren that's absurd.