Encryption

Use it or lose it. This applies to other things as well but information on the Internet is very vulnerable. That is why you need encryption, secret codes to hide your data. There are tools out there. The down side is not so much the price as having to learn how to use them. Then you need good pass phrases. A password you can remember is nowhere good enough. Some good approaches come from the University of Texas. Learn about the big three, the systems that slow the NSA down even if it does not keep them out entirely. GPG, TrueCrypt & TOR are the way to go. Edward Snowden explains that the NSA Is Preparing To Destroy Our Computers & The Internet. The Guardian explains how to create a good passphrase; something that matters in How to create the perfect password. In fact Enigma was about doing it for real during the last war.
PS WhatsApp has built in security; it's about as good as it gets. You don't have to learn how to use it because it there in the background.

Passwords 
If you want privacy, you need a Password Manager. They can be easy to use, inexpensive or free. They give better security that is quicker, easier and stronger.

 

PGP
Is being replaced by Gnu Privacy Guard, GPG for short. It is open source powerful and free.

 

TrueCrypt
Encrypts data on your disc. It is FBI proof, which should be good enough for most of us.

 

EncroChat
It was pretty good but it was infiltrated by Secret Squirrel. Sad but true. It' back to basics; word of mouth & face to face.

 

Encryption Sources
Is a decent look at the relevant programmes out there in the wild.

 

NSA Makes Enormous Break Through In Decryption
QUOTE
Well, it has been the $64,000 question for a couple of decades: Can NSA break something like PGP?

While there might be other black world technologies that could be up to the task (there’s no way to know), what we do know is that a practical quantum computing capability would be, for all intents and purposes, the master key.

I’m pretty confident that NSA has this capability and here’s why: IBM Breakthrough May Make Practical Quantum Computer 15 Years Away Instead of 50. There is no hard constant that one can point to when considering how much more advanced black world technologies are than what we think of as state of the art, but if IBM is 15 years away from building a useful quantum computer, it’s not a stretch to assume NSA has that capability already, or is close to having it.

Bamford lays out a narrative below about the “enormous breakthrough,” but, at the end of the day, it’s conventional computers. There’s no mention [ of ] quantum computers, or even the far less “out there” photonic systems.

Is Bamford’s piece a limited hangout?

Maybe, but it makes for interesting reading in any event.

Note: For some reason, Bamford refers to Mark Klein as, “A whistle-blower,” without naming him. Because of Mark Klein, we know, for sure, that the mass intercepts are happening, how NSA is doing it, the equipment involved, etc. So, thanks, Mark Klein. Heroes have names on Cryptogon.

Update: Former Senior U.S. Intelligence Official and Current Booz Allen Hamilton Senior Vice President Joan A. Dempsey: ‘We’re a Few Years Away from Realizing Real Quantum Processing and Quantum Computing’

Via: CNN:

One of the first measures of tradecraft, as any good spy will tell you, is being able to tell when something just doesn’t add up. So when Joan Dempsey said she had some 49 years of experience in various roles in the military and intelligence communities, one has to wonder. She hardly looks it, but after spending some 25 years in the U.S. Navy, seven more at the CIA, and another 17 at the Pentagon in a variety of intelligence leadership positions, Dempsey swears it’s true, which means she is one of the few women in the intelligence community with nearly half a century of government experience, which has included, over the years, a number of “firsts.”

“I think that’s a huge growth area in intelligence, the big data analysis kinds of things, quantum computing which, I mean, we’re a few years away from realizing real quantum processing and quantum computing. And I mean these are areas that are going to have profound effect on every aspect of our lives, but certainly on the intelligence.

—End Update—

Via: Wired:

Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.

But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

In the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.

The data stored in Bluffdale will naturally go far beyond the world’s billions of public web pages. The NSA is more interested in the so-called invisible web, also known as the deep web or deepnet—data beyond the reach of the public. This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers. “The deep web contains government reports, databases, and other sources of information of high value to DOD and the intelligence community,” according to a 2010 Defense Science Board report. “Alternative tools are needed to find and index data in the deep web … Stealing the classified secrets of a potential adversary is where the [intelligence] community is most comfortable.” With its new Utah Data Center, the NSA will at last have the technical capability to store, and rummage through, all those stolen secrets. The question, of course, is how the agency defines who is, and who is not, “a potential adversary.”

According to Binney—who has maintained close contact with agency employees until a few years ago—the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.

The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.

The scope of surveillance expands from there, Binney says. Once a name is entered into the Narus database, all phone calls and other communications to and from that person are automatically routed to the NSA’s recorders. “Anybody you want, route to a recorder,” Binney says. “If your number’s in there? Routed and gets recorded.” He adds, “The Narus device allows you to take it all.” And when Bluffdale is completed, whatever is collected will be routed there for storage and analysis.

According to Binney, one of the deepest secrets of the Stellar Wind program—again, never confirmed until now—was that the NSA gained warrantless access to AT&T’s vast trove of domestic and international billing records, detailed information about who called whom in the US and around the world. As of 2007, AT&T had more than 2.8 trillion records housed in a database at its Florham Park, New Jersey, complex.

Verizon was also part of the program, Binney says, and that greatly expanded the volume of calls subject to the agency’s domestic eavesdropping. “That multiplies the call rate by at least a factor of five,” he says. “So you’re over a billion and a half calls a day.” (Spokespeople for Verizon and AT&T said their companies would not comment on matters of national security.)

After he left the NSA, Binney suggested a system for monitoring people’s communications according to how closely they are connected to an initial target. The further away from the target—say you’re just an acquaintance of a friend of the target—the less the surveillance. But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything. “The whole idea was, how do you manage 20 terabytes of intercept a minute?” he says. “The way we proposed was to distinguish between things you want and things you don’t want.” Instead, he adds, “they’re storing everything they gather.” And the agency is gathering as much as it can.

Once the communications are intercepted and stored, the data-mining begins. “You can watch everybody all the time with data- mining,” Binney says. Everything a person does becomes charted on a graph, “financial transactions or travel or anything,” he says. Thus, as data like bookstore receipts, bank statements, and commuter toll records flow in, the NSA is able to paint a more and more detailed picture of someone’s life.

The NSA also has the ability to eavesdrop on phone calls directly and in real time. According to Adrienne J. Kinne, who worked both before and after 9/11 as a voice interceptor at the NSA facility in Georgia, in the wake of the World Trade Center attacks “basically all rules were thrown out the window, and they would use any excuse to justify a waiver to spy on Americans.” Even journalists calling home from overseas were included. “A lot of time you could tell they were calling their families,” she says, “incredibly intimate, personal conversations.” Kinne found the act of eavesdropping on innocent fellow citizens personally distressing. “It’s almost like going through and finding somebody’s diary,” she says.

Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together. “We are, like, that far from a turnkey totalitarian state,” he says.

Meanwhile, over in Building 5300, the NSA succeeded in building an even faster supercomputer. “They made a big breakthrough,” says another former senior intelligence official, who helped oversee the program. The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES. In other words, they were moving from the research and development phase to actually attacking extremely difficult encryption systems. The code-breaking effort was up and running.

The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”
UNQUOTE
The
NSA is bound to be further forward than they are saying, which is little or nothing.

 

TOR
Is a tool for secure, online browsing. Take the time to learn how to use it.

 

Breaking Encryption Systems The Old Fashioned Way

 

Venona     
Was an major decryption project breaking Soviet war time signals after the war had ended. It was stopped to hide the truth, that most traitors in America were Jews. See Venona Project Was Stopped To Hide The Truth on the point.

 

Security Firm Denies Taking $10 Million Bribe From NSA To Break Crypto System [ 6 April 2014 ]
That is how the NSA does business; it cheats then lies. When anyone asks questions they use national security as an excuse. Edward Snowden was on the inside. Ed told us that the NSA as a criminal organisation, which lies to Congress and the People. Ed is right. Anyone who uses PGP really should move on.
PS Bruce Schneier, a genuine security expert [ and Jew ] looks at how the NSA Would Put A Secret Backdoor in New Encryption Standard.

 

Encryption Sources
From http://www.stormfront.org/forum/t930372/         

Web based email encryption services

NeoMailBox: Supports OpenPGP encryption and digital signatures, it will hide your IP on the headers and you can choose to host your email in the US or Switzerland.

4SecureMail :: Support for webmail PGP encryption and signing, all emails get scanned with a ICSA-Certified antivirus, your computer IP is hidden and not forwarded with the messages.

AnonymousSpeech
: PGP email encryption supported, IP is hidden in the headers, the servers are located outside the US and Europe, guarantee not to reply to correspondence of foreign Governments.

Countermail: Supports OpenPGP encryption and digital signatures for webmail, it also hides your IP on the headers, servers located in Sweden.

HushMail: Web based support for PGP encrypted email and digital signatures, computer IP hidden in the headers, company headquarters based in Canada. HushMail resellers: Anonmail & Cyber-Rights

Cryptoheaven: It uses its own encrypted servers instead of OpenPGP, the other user will need to have a CryptoHeaven email address too for the email messages to remain encrypted end to end.

S-Mail: PGP email encryption and digital signatures support.

SecureNym: Public/private key email encryption and digital signatures support.

Safe-Mail: It supports PGP email encryption and digital signatures as well as using of digital certificates for sending encrypted messages using the web interface. Safe-Mail DOES NOT hide your computer IP on the headers.

KeptPrivate: All of your email messages are kept encrypted in their servers using the Blowfish algorithm, no support for PGP, the person you are emailing to will need a KeptPrivate email account too in order to sent emails encrypted.

Novo Ordo: Their webmail interface supports server side GPG/PGP message encryption, their servers are located outside the US and email stored in the host resides on special partitions encrypted using Truecrypt.



E-mail clients supporting OpenPGP encryption

Claws Mail: Claws Mail supports GnuPG email encryption and decryption installing the GPG plug-in. This is a multi platform email client, it works in Windows and Linux.

The Bat!: Premium email client that allows PGP email encryption, spam filtering and scripting.

Sylpheed:
Open source multi platform email client and newsgroup reader supporting GnuPG email encryption.

Thunderbird: To use GnuPG email encryption with Thunderbird you will need to add the free Enigmail plug-in.

Pegasus Mail: Free Email client for Windows, you will need to download one of its Pegasus PGP plug-ins for email encryption.



Software to encrypt emails using GPG/PGP



PGP Desktop Email: Paid for business oriented application to encrypt all outgoing email communications with PGP.

Safester:
Proprietary mail client using OpenPGP, this tool lets you exchange encrypted messages with other users of the same software and invite non users.

ArticSoft: Premium OpenPGP encryption and digital signature software to encrypt emails and files.

GPG4Win: Windows GnuPG software for email and file encryption, you will need gnupg to make it work, this comes included in the package.

GnuPG: GnuPG, also known as GPG, is a command line tool for GPG encryption, you will need a front end GUI unless you are willing to use command line from C: to encrypt your emails.



GnuPG GUI front ends:



Note: Software below is only a graphical user interface, aka GUI, you will need to install gnupg first. Gnupg a command line only software, these front ends will provide you with way to encrypt and decrypt emails using your mouse, i.e. point and click.

GPGShell: Windows graphical interface for GnuPG, you will need to install gnupg too.

GnuPGK: GnuPG Frontend GUI compatible with PGP.

Cryptophane: Windows application that works with GnuPG, Cryptophane serves of gnupg graphical interface to avoid having to use the command line interface.

GNU Privacy Assistant GPA: A graphical user interface to use GnuPG, GPA works in various platforms.

 

 PGP Public Key Servers List
Note that you only need to upload your public key to one of the servers and it will propagate to all the others, also note that all of the PGP/GnuPG encryption software comes with some predefined key servers where to get encryption keys from.

https://keyserver.pgp.com (PGP Corporation Key Server)

MIT PGP Key Server (Massachusetts Institute of Technology Key server)

PGP KEYSERVER TOP (Japan Key Server)

 

Alternatives to email encryption

Lockbin: Web application to send private email messages and files, use of AES256 symmetric encryption to secure your messages in the server with the site sending a link to your contact who will need to know the password beforehand.

PointMX: After sharing the password with the receiver you will be able to send encrypted messages using this service. Ideal to be used in conjunction with Gmail, it includes a gadget that can easily be added to your Gmail account.

SendInc: Fast and free way to send encrypted email through a web form, the site is secured with SSL. A paid for version gives you extra features like more space and big attachments.

Note: The services above will log your computer IP when you send an email, it is not included in the messages but it can be recovered from the server logs in case of abuse.

 

Home Secretary Wants To Break Encryption [ 7 October 2017 ]
QUOTE
UK Home Secretary Amber Rudd has once again demonstrated she does not know how encryption works, this time by explicitly admitting it to delegates at a Tory party fringe conference where she also hit out at "patronising" techies that "sneered" at politicians..............

Rudd has repeatedly criticised tech companies for not doing more to work with the government to allow intelligence services to get into encrypted services such as WhatsApp.

But as many "sneering" experts have previously pointed out, if a backdoor exists then anyone can exploit it, including criminals, making it impossible to allow access to encrypted messages without compromising the entire system...........

Later today the Home Secretary is expected to announced that people who repeatedly view terrorist content online could face up to 15 years in jail.
UNQUOTE
Rudd is a fool or liar with an agenda. There is good encryption and the weak sort that can broken by criminals and by enemy governments. The allegation that this is an anti-terror measure is clearly fraudulent. Her Majesty's Government and the rest of the political class are importing thousands of terrorists as a matter of policy. Calling them refugees is an excuse. Recall that politicians were able to protect the Pakistani Perverts raping English girls wholesale for more than a decade. Their 2014 Child Sexual Abuse Inquiry is an excuse for delaying further. These are the crowd that let Jimmy Savile, Rolf Harris, Ted Heath, Stuart Hall [ For him it was just women, lots of them - Editor ], Peter Jaconelli, Cyril Smith, Greville Janner, Mark Trotter &
hundreds of Paedophile Jews, especially rabbis have their way. See Failed Messiah Paedophiles for more and better details. Theresa May is also an enemy of Free Speech.

 

Hackers Expose Russian Cyber-Attack Operations  [ 26 August 2019 ]
QUOTE
More nation-state activity in cyberspace, this time from Russia:

Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB [ ex KGB ] unit 71330 and for fellow contractor Quantum. Projects include:
Nautilus-- a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
Nautilus-S -- a project for de-anonymizing Tor traffic with the help of rogue Tor servers........

BBC Russia, who received the full trove of documents, claims there were other older projects for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer).

UNQUOTE
Russians do it, just like the NSA, GCHQ etc.

 

 

Errors & omissions, broken links, cock ups, over-emphasis, malice [ real or imaginary ] or whatever; if you find any I am open to comment.
 
Email me at Mike Emery. All financial contributions are cheerfully accepted. If you want to keep it private, use my PGP KeyHome Page

Updated on 28/06/2022 09:06