[GTALUG] Bill That Would Ban End-to-End Encryption Savaged by Critics

James Knott james.knott at rogers.com
Sat Apr 9 17:59:49 UTC 2016


On 04/09/2016 05:51 PM, Stephen wrote:
> On 16-04-09 05:39 PM, Stewart C. Russell wrote:
>> On 2016-04-09 05:05 PM, James Knott wrote:
>>>
>>> GPG forever!
>>
>> Except that:
>>
>> 1) you can still see all the regular e-mail header metadata, so with a
>> lot of data correlation, you can work out who is doing what and who is
>> part of which network without decrypting the messages;
>>
>> 2) it sets the NSA's "Has Something To Hide" bit:
>>
>> <http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>;
>> and
>>
>> 3) you have to assume that the code and the system you're running it on
>> haven't been compromised.
>
> The best form of encryption that I ever read about is to use a book.
>
> You need to be able to agree on the book in a secure manner.
>
> Then each word in the message is replaced with a pair of numbers,
> corresponding to the page and word offset of the word.
>
> The number data can be appended to a jpg file that is distributed on
> social media.
>

Actually, the best method is a "one time pad" where there is a series of
random numbers to use for encrypting.  It's claimed to be truly
unbreakable.  However, there is the minor problem of securely exchanging
pads.  Each end needs identical ones.  The current encryption methods
generate a random number to encrypt the data and then use a
public/private key pair to exchange the random number.  The random
number may also be generated at intverval, so that the same one is not
used too much.



More information about the talk mailing list