Breaking crypto: Not like the movies!

Web encryption is at the top of the discussion list these days in geek circles and with good cause. The revelations over the past few months that many countries are collecting wide swaths of Internet data on their own and foreign citizens has made us all stop and re-think things. We used to think it was fairly near impossible to collect every email and every web session that passes through the Internet but that assumption is now being challenged. Even the security of our encrypted web sessions using the tried and true Secure Sockets Layer (SSL) technology has now been revealed to be orders of magnitude less secure from government prying than we thought. As we work our way through this maelstrom of blows to the head it’s becoming clear that the only answer to true privacy on the Internet is Trust No One (TNO) encryption.

Who uses encryption, anyhow?

Continue reading “Breaking crypto: Not like the movies!”

Why loosing Lavabit and Silent Mail doesn’t change anything.

Here’s a non-concept for you: secure email. There’s a lot of media frenzy surrounding the recent shuttering of Lavabit and Silent Mail and most of it is unwarranted (see what I did, there? Warranted?) While any security is certainly better than no security, the media is presenting the loss of these services as something that matters and honestly, it really doesn’t. Email is so inherently insecure and the laws of most countries allow law enforcement to warrant emails anyhow, so there’s almost no advantage to using a secure email service if your intention is to be bad. In short, there is no such thing as secure email.

I had never heard of Silent Mail before a few days ago but I have both a Lavabit (had) and a Hush Mail account; both provide encryption bundled into their email service and from the press surrounding Silent Mail, I assume it offered a similar service. Continue reading “Why loosing Lavabit and Silent Mail doesn’t change anything.”