[GTALUG] Bill That Would Ban End-to-End Encryption Savaged by Critics

Stephen stephen-d at rogers.com
Sat Apr 9 18:05:15 UTC 2016


On 16-04-09 05:59 PM, James Knott wrote:
> On 04/09/2016 05:51 PM, Stephen wrote:
>> On 16-04-09 05:39 PM, Stewart C. Russell wrote:
>>> On 2016-04-09 05:05 PM, James Knott wrote:
>>>>
>>>> GPG forever!
>>>
>>> Except that:
>>>
>>> 1) you can still see all the regular e-mail header metadata, so with a
>>> lot of data correlation, you can work out who is doing what and who is
>>> part of which network without decrypting the messages;
>>>
>>> 2) it sets the NSA's "Has Something To Hide" bit:
>>>
>>> <http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>;
>>> and
>>>
>>> 3) you have to assume that the code and the system you're running it on
>>> haven't been compromised.
>>
>> The best form of encryption that I ever read about is to use a book.
>>
>> You need to be able to agree on the book in a secure manner.
>>
>> Then each word in the message is replaced with a pair of numbers,
>> corresponding to the page and word offset of the word.
>>
>> The number data can be appended to a jpg file that is distributed on
>> social media.
>>
>
> Actually, the best method is a "one time pad" where there is a series of
> random numbers to use for encrypting.  It's claimed to be truly
> unbreakable.  However, there is the minor problem of securely exchanging
> pads.  Each end needs identical ones.  The current encryption methods
> generate a random number to encrypt the data and then use a
> public/private key pair to exchange the random number.  The random
> number may also be generated at intverval, so that the same one is not
> used too much.

The problem with this method, is that it is obvious that data encryption 
is being used.


-- 
Stephen


More information about the talk mailing list