posted June 07, 2000 08:51 PM            

PGP has been analyzed for years and no one has found any flaws or weaknesses in it yet so I'd go with that one for sure.

------------------
"The knowledge that they fear is a weapon to be used against them."

posted June 23, 2000 03:16 PM         

Given that it has been cracked does that make difference to you?

If it took a high level of effort to crack it, then it does not matter to you. Since its still being offered and used, I suspect that the effort needed to crack it is far in excess of being a practical endeavor.

Granted, a Russian general who has must moved all his nukes into launch position and is communicating with them needs a very secure encryption system. Big crackers are going to be very interested in what he is talking about. We are not in that category.

What folks like us need is a transparent encryption system that keeps all sensitive data in one place, and encrypts and decrypts it on the fly so we don't know its even there. I understand bestcrypt does this.

A modest encryption system that you will use all the time is far better than a super one that is a bit difficult to use, and you only use it for terrible stuff.

What we need to protect from is the mundane files which in themselves mean nothing, but to a rabid prosecutor out to get rid of you, can be used as a group to snow a jury into believing that "well all that stuff, he must have been up to something bad" and convict you of whatever the prosecutor charges. It matters not actually what the charge is in USA courts.

With the plea bargaining system, and the unreal fees a lawyer wants, you are going to have to use a public defender most likely, and he works for the government first, and the prosecutor second, and he will lie to you until you cave in and make a deal. If not then they will lie to the jury to convince them you are a bad guy. Won't matter whether you did what they charged you with doing.

Therefore you want your private papers to be private, and not available to a 2 bit prosecutor who can't spend a lot of time on you because there are a dozen more like you that he has to tend to also.

I think bestcrypt might be adequate if e companies are still using it for online transactions.

Don't loose sight of the fact that you do not need top of the line encryption, any more than you need to calculate your equations to 14 decimal places. A chemist that measures his powders by the spoon or cupful, needs little more than 3 digits accuracy. To use 14 is overkill, and a waste of time, unless its so easy to use that you don't notice it.

Very secure systems are also wasteful unless you plan to use a pass phrase that you could easily forget, or have a hell of a time typing in perfectly each time you want to use it. Simple pass phrases, and all single word passwords, are much easier to crack than is the encryption system.

Since you will NOT use the type pass phrase that a very secure encryption needs to match its encryption security level, why fuss over
"getting the best".

You can get Bestcrypt, for almost any machine, from www.jetico.sci.fi, along with a lot of data on how it works, and all that.

Best of all it works on older machines also.
and is free to personal users.

the bottom line is that no one is going to use a lot of effort to decrypt your stuff since its so easy to flake you with a lot of lies from agents. The files are just frosting on the cake, but the cake is a cake without it.

What they will do if they want to get rid of you, is come take all your computers and disks, and CD's (yes even music ones) to do as much damage as possible before some court makes them give it back, maybe a year or two later, IF YOU WERE VERY LUCKY AND DID NOT MAKE A DEAL, AND THE JURY DID NOT HANG YOU.

When you get your stuff back it won't work anymore, and they'll say they got it that way.
Your disks will be unreadable, and you hard drive will be corrupted. They intend to damage as much of your stuff as possible so even if you get off, you will have lost most everything.

Store backup disks away from your home. Plan on getting another computer if they take yours. You will sorely wish all on the one they took was bestcrypted or any other crypted.

posted June 23, 2000 11:23 PM            

This is by no means a complete listing because you can be sure that the police and feds have access to much more sophisticated crackers and computers.

Bestcrypts' already been cracked so that's a no go. Using PGP disk or scramdisk is easy. Just enter in your secure passphrase when you turn on the computer and you don't have to fuck with it anymore till the next time you turn it on.

For any encryption to work you have to use a passphrase. A single word or common phrase is too easy for a cracking dictionary to break.

And don't think that just because your local PD is poor that they can't have the FBI break your encryption for them. Because they can, thanks to all that interstate, interdepartmental cooperation pact treaty shit.

If you're just trying to keep nosy siblings or parents out of your files than almost anything will work. But if your worried about the cops going through your files then you better use strong encryption.

------------------
"The knowledge that they fear is a weapon to be used against them."