Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Mon, Aug 5, 2013 at 12:39 PM, Kent Borg <kentborg at borg.org> wrote: > On 08/05/2013 11:30 AM, Richard Pieri wrote: >> >> S/MIME is that it depends on a certificate authority to issue X.509 >> certificates. >....... > Good cryptography is great. Flawed cryptography--even just using obscure > non-standard compression and binary data formats--makes your foes work for > it. And active MitM attacks completely changed the economics. Don't give > them plaintext for the price of a tap and a data path back to their servers. > Make them work for it. Make them wonder whether the work will even be worth > it (because maybe you are using good cryptography with a good key). Send > pure high-quality random data if you are so inclined, just to worry them. Or you could slap a header on the front that makes it look like it is encrypted with a decent (but brute forceable) cypher. Some news reports have suggested that "they" are permanently storing everything that is encrypted for possible future decryption. Get all your friends to do this and then buy stock in companies that sell archival storage systems. Fill up the silos with plenty of hay and they may never have the resources use wholesale decryption to find the actual needles in those hay stacks of S/MIME or PGP "encrypted" messages. Bill Bogstad
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |