the NSA doesn't know anything decryption.

So child like!

are only needed for access thru the "Front Door".
geeez. I am continuely amazed by the lack of IT knowledge.......

PGP and the like is open source. Where's the backdoor?

You really think cause it is open source it is more secure from being decrypted? Seems I am not the one who is clueless? Especially as far as it come encryption and decryption !

German companies can be pressured by Americans, sure, just like UK poodles. Any country that has to allow American military bases on their soil are biotch-slapped by the shrinking "superpower". See "Japan".

But you won't get squat from the Chinese.
Let's see the NSA brute force decrypt a trillion Chinese emails.

what operating systems are performing most of these encrpytions? nuff said!

that makes decrypting an intractable mathematical problem without the key. Unless the NSA has overturned complexity theory, how do you see them doing what you claim they can do?

Out of reach of US secret surveillance laws, any hacking would have to involve a man-in-the-middle attack on multiple foreign servers.

naive and shows how little you understand about how the keys are attained.

Last edited Sun Aug 11, 2013, 11:42 AM - Edit history (3)

with statements about the naivity or ignorance of the poster, why not elaborate on the mechanisms you think could easily be exploited to get around it? I'm a programmer and have written encryption code myself. Granted, I'm not a security expert but I have a fairly good understanding of the technology. Don't assume you're talking to people with no technical knowledge. Enlighten me

Bearing in mind, too, that the issue here is mass surveillance involving automatic detection of keywords in large volumes of mail. Arduous processes involving social engineering, et al, are not viable to achieve this even for an organisation with the resources of the NSA.

I'm well aware, for instance, that hackers can target individual computers with keyloggers, et al, or use malware to propagate same, but its relatively easy to guard against simple malware propagation. I can't see that being turned into some kind of reliable, production-line process. I'm not sure how these companies are encrypting mail but since its the provider that's doing it, not end users, I assume the security basics are in place.

Single and detectable hacking instances are not evidence that the process can be industrialized the way the NSA has done in the USA using a combination of technology and privileged access. I know its common cause in the hacking community that anything can be hacked (despite some notable examples of systems that have never been hacked in the face of considerable effort), but having friends who's jobs involved actively responding to breaches at ISPs, I also know that its only a temporary condition for companies that employ skilled staff to actively detect and respond to such breaches. Many former hackers and very good ones at that are employed in the industry.

Being able to breach a system once is not the same as being able to easily sustain an undetected breach for long or even moderate periods of time.

that any OS can be designed that can reproduce any encryption key use by the OS?

Last edited Sun Aug 11, 2013, 06:16 PM - Edit history (2)

I mean, if the implication is that the hacks can somehow be built into the operating system, then obviously a custom built, hardened installation of Linux circumvents that, and those were SOP at a previous company I worked at which was full of security gurus.

ssh-keygen is a utility, not part of the kernel. So if you're using that, it's not the "operating system" that is generating the key - or using it. The only other thing I imagine you might be referring to is a backdoor built into the OS by an OS vendor like Microsoft - a backdoor that sniffs application messaging, key presses and so on and transmits that to some outside party.

But this is precisely why the "open-source" aspect of Linux makes it more, not less secure. Anyone who knows what they're doing can pull down the source code and compile a custom build of the OS kernel themselves. This means they can find back doors in the code and close them before compiling.

.
.
.

mine are words that do not exist, and numbers that have nothing to do with my age or birthdate.

My computer cannot be accessed (I hope), without typing in a password, again,a word that does not exist except to me.

However, my passwords are fairly short, as is my memory.

Does the length of the password make a difference?

I'm thinking it does.

CC

On edit: damn, better change it now.

Along the same lines is this:

http://www.cnn.com/2013/08/03/world/europe/germany-uk-privacy/index.html

teabaggers ranted and raved today at the German government about them using "big brother" techniques to control people's emails.

one teabagger was quoted as saying, "I want my email free and 'uncrypted' and away from prying eyes!!!"

the reporter on the scene shook his head in bewilderment.

The emails themselves will remain unencrypted on the servers. TLS is something but if poorly implemented does little for a man in the middle attack.

This is the first step of ridding the county of American domination. Not only have the Americans been snooping on Germans but also the their puppet regime in Berlin has been snooping on Germans to punish them if they have anti-occupation ideas. Encrypting emails is a first step in liberating Germany.

I believe we are heading to a place were everything will be encrypted by default.

That will keep the totalitarians busy for a few million years

That's already started.

On the brightside for the time being at least the trans Atlantic trade agreement will likely be a non starter. Europe needs partners it can trust.

of the privacy laws of affected countries and will directly affect American cloud service providers.

http://www.privacysurgeon.org/blog/incision/why-norways-rigorous-stance-on-cloud-computing-highlights-the-crucial-importance-of-strong-privacy-policies/

Just think of all the pedophiles and other deviants that no longer have to worry about their email.

Damn those totalitarians! Despite the fact you cant point to a single persecuted person.

Warrants don't go away.

if theres a warrant its ok?

Backed up with probable cause, of course.

Check out the 4th amendment, all details are there.

Then let's talk.

So then I fail to see what all the hubub is about. Was data collected without a warrant?

As it doesn't meet the standard.

Of course it does for the totalitarian privacy PIRATES.

But not to most reasonable people.

Doesn't affect metadata collection.

Content metadata.

Network metadata is like reading the envelope, not as serious as the content.

Huge difference, my friend.