-----BEGIN PGP SIGNED MESSAGE-----
> I downloaded the full GPG manual last
> night, and started reading, although
> I have been using, and mostly understanding
> it, for some time.
> In the media there are always interesting
> (at least, I find them interesting) stories
> about people and organizations with
> bad intentions, communicating through
> email, or keeping data of a sensitive
> nature on a non-secure media.
"...What if everyone believed that law-abiding citizens should use postcards
for their mail? If some brave soul tried to assert his privacy by using an
envelope for his mail, it would draw suspicion. Perhaps the authorities
would open his mail to see what he's hiding. Fortunately, we don?t live in
that kind of world, because everyone protects most of their mail with
envelopes. So no one draws suspicion by asserting their privacy with an
envelope. There's safety in numbers. Analogously, it would be nice if
everyone routinely used encryption for all their E-mail, innocent or not, so
that no one drew suspicion by asserting their E-mail privacy with
encryption. Think of it as a form of solidarity."
> Since the time of free software that
> provided very strong encryption, such
> as block ciphers, (blowfish, Twofish,
> Etc.) it has always seemed curious,
> no, downright puzzling to me, that
> terrorist cells, and criminals apparently
> weren't taking advantage of such obviously
> good tools for their operations. That isn't
> to say that there aren't bad guys out there
> that are using them. But from time to time
> there are stories in print and T.V. that
> are almost without credibiliy, of
> say, Al Quida (sp?) communicating via plain
> text email which is intercepted by U.S.
> intelligence. Unless they intended to plant
> disinformation, (which I assume an intelligence
> agency could sniff out), Why would they be
> so stupid as to send this kind of information
> in email that was unencrypted?
I think your answer is contained in the question, which makes it rhetorical.
> Then you have your perverts collecting kiddie
> porn. Not exactly international jewel thiefs,
> but not neccesarily morons. Why don't they
> keep their collections safe this way? I read
> about a fireman arrested a while back. The
> computer forensics guys weren't even called.
> it was all there in plain sight on his hard
> drive. Not that I want to give these guys
> any ideas, but it seems strange to me.
- From what I have read in the paper and heard on the radio, some of them are
becoming wiser and now encrypt their data and communication channels. More
amazing is that fact that encryption is illegal in certain countries. I
suppose it has its pros and cons. How about this one particular pervert?
,----[ Snippet ]
| "In November 1997, Glitter was arrested after child pornography
| images were discovered on the hard drive of a personal computer
| he had taken to a Bristol branch of PC World for repair."
> My use of GPG started me thinking about this
> again (it's not a new thought thread for me),
> and I wondered if it had anything to do with
> a distrust of the ability of the ciphers
> available, and/or doubts about the OS's the
> encryption implementation was being run on.
> To be honest, Linux is about the only OS
> I would feel comfortable trusting encryption
> tasks with. Open source makes it impossible
> to hide whether or not the ciphers are weak, have
> back doors, or the OS (read vendor) is leaving
> itself a way to access your data. It also
> gaurantees that the cipher dosen't rely on
> code obfuscation for it's strength, since that
> is no strength at all. This is why the guru of
> encryption, Bruce Schneier, released blowfish
> (and I think, twofish) in source code form.
> They have never been cracked, and some
> pretty brilliant people have been trying
> for a very long time. I think that says
> something for open source, (and Mr. Schneier)
> and not seeking to hide your code from others
> (like that's possible). This is why Linux is
> perfect for this particular application.
What worries me is that such observations might also slow down adoption by
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
-----END PGP SIGNATURE-----