I swear this stuff seems to be coming in pairs

Post Reply New Topic

First we have the Supreme court rule that the Feds need a Warrant to throw a GPS tracker on your car.
keep in mind that the language wasn't good enough for any true rights activist to jump up and down.. but still.

and the same (next?) day, another court says Yes You Can! ...be forced to reveal your PGP password!..
-----
It is common knowledge that even 5 years ago the Vast Majority of common criminals had not yet discovered that encryption works, and if you search google you can find an FBI report that indicated to the effect that only 1% of criminals used encryption, and it "wasn't a problem" for them to break the more or less untested methods they used. (this was also mentioned at a 2010 hackers convention, where a speaker rhetorically asked the audience, "who here doesn't use reasonably secure channels?!")
-----
More than one source has informed me this is no longer the case, and encryption is becoming mainstream.
Just off the top of my head, between PGP, OTR and elliptical curve cryptography for smartphones...
Its far easier to keep secrets unbreakable than it is to say "I don't know what that white noise was."
or, "No Mr FBI, that white noise you see was really a Trojan uploading data to its command and control servers...honest."
"oh, and can you prove that?!"
-no.
"we're going to need you to decrypt that data
-I can't remember the password.
"you see this rubber hose here.."
-ok

Commencement on the General War on Computing Begun?
or is this just white noise and that war will never happen...

I hope I don't sound too idiotic, but what is a PGP password?

Meh, use AES 256-bit to encrypt data before sending it anywhere. That's probably the best encryption out there. It's what the U.S Government uses to protect highly classified stuff.

But I thought they could demand passwords for ALL encrypted files regardless of cipher used.

to answer that requires that you understand the basic methods of cryptography.

shared secret.
one time pad
public key cryptography (as made possible by the inventor of PGP in 1991)

this link might help: http://www.cypherpunks.ca/otr/help/3.2. ... hp?lang=en
as well as : http://en.wikipedia.org/wiki/Cryptography

NO, what the us government requires is that AES 256 be used in addition to at least three more levels.

Physical security/human trustworthness of anyone who knows such secrets
Physical security of all electronic systems that handle the AES-256 keys.
An additional human level of security (one more level of compartmentalisation) for those who manage the keys.

The academic theoretical vulnerabilities have always existed.
hence the first rule of Cryptography :never invent your own

Or it comes in three's:

1. PIPA
2. SOPA
3. ACTA