Google freaks me out sometimes

Re: Google freaks me out sometimes

XOR,
Yeah man... My medications limited to what it can do, and cant do...
I think I'll just go back to being a pot head... Life just seemed easier that way! lol

Re: Google freaks me out sometimes

just how strong crypto is in standing up to various attackers is a point of long-standing debate among many circles.

I know of one fellow (a very reputable individual) who spoke with some feds just after his talk way back at DEFCON 9 or 10... they wouldn't outright tell him what the government's capabilities were back then, but he postulated that they could handle 128-bit crypto in realtime, in order to sniff web traffic if they really wanted to, and likely could do 256-bit in a day or so. they all but told him he was spot-on.

at the time, things like 1024-bit would be the minimum to withstand "basic" scrutiny, but you'd have to almost get into 2048-bit to really be "unbreakable" in any practical sense. this was a discussion about SSL, not PGP (which in its modern incarnation supports algorithms like AES, RSA, and the fish) but it should give you a basic idea.

that was half a decade ago, at least.

nowadays, i'd be willing to guess that anything short of 4096-bit is pretty easily broken by spooky types, given enough time. further, however, i would bet that most of their processes are tied to data mining and building up a profile of their target, in order to optimize what sorts of keys, passphrases, etc. are likely to help them along. it should be noted, this sort of action is not used in investigations where the results are made public. these are national security matters we're talking about.

state and local law enforcement is likely (in my opinion) unable to easily break crypto of the type you would see with the original PGP project, if properly implemented. these agencies (perhaps with the exception of majorly wealthy urban city centers where the PD is huge force) simply don't have the funding or specialization for that sort of work.

if it's hugely instrumental to a case that they're building against someone, my bet is that police departments would enlist the help of feds... and only then if the feds think it's a priority would that happen. local police can crack your Blackberry or read your "hidden" phone contacts and break a passworded zip file, often due to built-in backdoors in the software, etc... but beyond that you're pretty secure in your privacy, i would say.

i am totally just rambling and guessing here... so i'd invite anyone who knows more than i to join in with better specifics.

Re: Google freaks me out sometimes

Here we go Knoppix, can't personally vouch for this as I've only used in a few times and haven't done the forensics to actually see if it performs as advertised.

http://kaos.to/blog/downloads/

Don't expect this to run on uber new hardware but if you system as at least 2 years old it should be fine. No cookies just relatively anonymous browsing from any computer you stick the cd into.

It's free to.

xor

Re: Google freaks me out sometimes

You're forgetting the RISS agencies. Most provide crypto (and other high tech) support for local and state law enforcement.

Re: Google freaks me out sometimes

Actually if you heard Nomad speak at Shmoocon last year the answer would not be very secure. The underlying encryption is secure but you have to make sure the person's cred's are legitimate. Especially with someone you have never met before.

For example I could meet Knoppix at some secret location for the first time to exchange cred's so we could do encrypted communications. On the way their I could be assassinated and someone with duplicate forged doc's could take my place. Knoppix having never met me before doesn't know what I look like, doesn't know what my state drivers license is suppose to look like. My id double gives Knoppix my forged public key, and receives Knoppix public key.

Knoppix has no idea that he is actually communicating with the NSA, but feels confident that his communications are secure.

xor

Re: Google freaks me out sometimes

Thank you sir, I'll check it out...
Looks like Im going to have to hit the black and white again to get myself up to speed with today's code.. I've been outta the loop for some time... Many of things have changed!

Re: Google freaks me out sometimes


A true and great deception..........

Re: Google freaks me out sometimes

Your welcome. I may poke fun at you(your welcome to poke fun back) but I at least try and couple it with some useful information as well. Remember no free lunch, I have to entertain myself. :-)

xor

Now out for some Starbucks Banana Chocolate Chip Coffee cake(yes it's better than sex).

Re: Google freaks me out sometimes

In that case maybe one should start making youtube Vids of such?
The PORN market is still the hottest thing on the net yah know... And You've just added to it... 10-4?

Re: Google freaks me out sometimes

Alternate theory. Most people utilize the default settings and the drops of "interesting" data are swallowed up in a sea of similar-looking data. If federal agents hint that they can crack the common encryption streams, then those individuals who worry about government snooping will move away from the defaults. Even if our government isn't able to crack the encryption, "interesting" people will flag themselves as worthy of more traditional investigative techniques.

Thoughts?

This is why I'm always nay-saying the PGP keysigning parties. A signed key within the context of use verified across a long history of communication is more likely to be accurate and expensive to forge.

The counter-argument is that humans are really good at picking up on biological cues concerning "false" behavior, but I haven't found that to be the case.