Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security

On Mon, Aug 5, 2013 at 12:39 PM, Kent Borg <kentborg at> wrote:
> On 08/05/2013 11:30 AM, Richard Pieri wrote:
>> S/MIME is that it depends on a certificate authority to issue X.509
>> certificates.
> Good cryptography is great. Flawed cryptography--even just using obscure
> non-standard compression and binary data formats--makes your foes work for
> it.  And active MitM attacks completely changed the economics.  Don't give
> them plaintext for the price of a tap and a data path back to their servers.
> Make them work for it.  Make them wonder whether the work will even be worth
> it (because maybe you are using good cryptography with a good key).  Send
> pure high-quality random data if you are so inclined, just to worry them.

Or you could slap a header on the front that makes it look like it is
encrypted with a decent (but brute forceable) cypher.   Some news
reports have suggested that "they" are permanently storing everything
that is encrypted for possible future decryption.   Get all your
friends to do this and then buy stock in companies that sell archival
storage systems.   Fill up the silos with plenty of hay and they may
never have the resources use wholesale decryption to find the actual
needles in those hay stacks of S/MIME or PGP "encrypted" messages.

Bill Bogstad

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /