HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Encrypted Email Communica...

Wed Jun 26, 2013, 10:07 PM

Encrypted Email Communications

Last edited Wed Jun 26, 2013, 10:39 PM - Edit history (2)

There was discussion a while back about Greenwald taking some time to set up encryption for their communications, at Snowden's request.

To many, this sounded like something electronic and sophisticated, like a scrambler on a phone or something. Though I am ranked about 5,000th in terms of DUers knowledgeable about encryption (There are probably folks here are serious on the topic) I think I am able, as a lay person, to offer a description accessible to lay persons.

You and I could have a pretty good code in emails if we agreed (in person) on a book we both have copies of to use as the "key." Say we agreed on a certain edition of War and Peace and agreed to use the tenth letter on a page. So I say 238 and that means P because P is the tenth letter on page 238. And perhaps if I said 1282 and you turned to that page the 10th letter would also be P. You can see why this would be tougher to break than a simple "A=23, B=4, C=15..." type of code. A-P-P-L-E could have "-238-1282-" in it for the "PP"... hard to even know it's a double letter.

And since we arranged this in person, nobody reading our email has any way to know which book we are using.

Historically, the Bible was a good source of code keys because it's a commonplace book that attracts no attention. In RED DRAGON the "tooth fairy" sets up a book code with imprisoned Hannibal Lecter, possible because he was able to see, in a newspaper photo, that Lecter had a certain edition of a particular cookbook in his cell.

Anyway, two people with a common "key" can communicate in code.

Modern encryption takes that to another level because computers can process stuff fast, making codes practical that would be impractical for a person to decipher by hand, with keys of thousands of random characters and such. Internet merchants have a file with a few thousand charcaters of of gibberish that they get from their credit card processor that is one side of an encryption scheme. (When internet credit card security breaks down it isn't typically from the encryption scheme itself, which is quite good, but some error in handling information or employing the encryption wrong or storing numbers insecurely, etc..)

A very common privacy program is PGP (stands for Pretty Good Privacy) which offers just what it says. It is a level of encryption that is pretty damn good—probably on par with what is used for credit cards, I'd guess, and is not something anyone is going to break unless they are a very serious operation. Like the NSA, for instance.

You can download PGP, PGP varriants and other newer encryption programs pretty much anywhere, for free. Just google 'encrypt email' and you'll be there. Total privacy from normal eyes and even the NSA will not understand your emails unless they make a project of it.

But, as with a book code, there has to be some agreed upon key. And you have to be sure that the key is from the person you are communicating with and not from somebody else. And you have to be sure that there is nothing in ANY of your emails that gives it away.

So, particularly when dealing with a stranger, you have to "set up" your encryption.

But all that means is setting up keys for your communcations... a small text file of of random gibberish. With PGP there is a public key and a private key... but that is more detail than nessecary here.)

You will have a seperate encryption set-up for each person, so if you "meet" a new anonymous contact it will take some time to get to where the two of you are sure you have a good secure set-up.

But the nuts and bolts of it is merely an exchange of something like this:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0

mQENBFHLnWABCACOrCGJsWRbiAWEQ8cnSbZKtClZqn18fLt9P9VqksTdY7RxfGDe
aVNcVcAWOt0WcwooMMT3gmIfYTvHcXcegkiHi1mf1sg/hIRzaiy6wZCf40akg0bs
ay8ke2Q2azwZNoZJRf4SQ6wJ0OySQXsZB4arfbgM+92k8LGxU9ycz4oeovkEc21K
buQcdQ7yU1aGZfHOFTQgW+owTpkiwLdAJy2ZD2S1ltUTlU+40Dr6cFK5imT+m32N
J4Id7EqsiNKWXtw6KEeKNeKyxCQjMt6aO/ath0PlqR+YubNwT9R1LLZGB09L1E29
OSZtdr8ZNM6yBYfaSXJl0IDcT6aMEnzIDTe5ABEBAAG0AIkBHAQQAQIABgUCUcud
YAAKCRBU6hh9t1Jc5SJcB/4j2gts9KRrcW7gzZauotP3YVBcHCUZ/J8pMwz5dvQG
Y4CMnLPEZRaUkx4OcFv7EfM0x6XaDOuFmDznyNAXPWcMULW6Ij608O9DPBQ0emiX
NS6BMSeGOg2LLSbbndyYIgXB+3+hS39DZX6hlXavwFV3d9tKttjmiGS6y23RpIKH
kK30tTRdc0k13tU7uGeAmArzPlNTRtkIK3Nvhp5vfRl7NvwMyiIK1pRh8GHgZg4T
qPiLrNAVpo6214JwnhcF3qKHMjoVtjgkbBgENx6uGH9rkgitTOat0yUqnCrYVmkK
C2urL6XyesCWgHa7byKNPGwJwAXwNt9QyzWw2fsl/uzR
=4dg6
-----END PGP PUBLIC KEY BLOCK-----


And that's all it is. No wires or equipment... just a bunch of characters. (That key doesn't go to anything. I googled sample pgp key and copied the first key I saw.)

But once set-up, the emails back and forth will just be gibberish to everyone who isn't part of the set-up.

6 replies, 725 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread

Response to cthulu2016 (Original post)

Wed Jun 26, 2013, 10:12 PM

1. Most Americans could give a shit about encrypting anything they do online

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cthulu2016 (Original post)

Wed Jun 26, 2013, 10:14 PM

2. Spies and their agencies still use numbers stations.

Encryption is not difficult if the pattern is known only to the dispatcher and listener.

The issue is with people who send a lot of emails. It might be difficult to constantly alter the pattern.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cthulu2016 (Original post)

Wed Jun 26, 2013, 10:14 PM

3. Right. Key management can be problematic, but if you are sure the other guy...

... is who he says he is, then PGP works really well for keeping prying eyes out.

Note, however, that PGP does not hide routing info or "metadata" as it's infamously called now. It is still obvious to anyone snooping that Bob sent a message to Alice, it's just that

1. Nobody but Alice can read it (not even Bob after he's encrypted it), and
2. Alice can be certain that nobody has tampered with the message in transit.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Recursion (Reply #3)

Wed Jun 26, 2013, 10:19 PM

4. Yes, and thus "setting up" encryption well can be complex.

Particularly when you never have a secure line of communication to begin with.

I just wanted to make the point that Greenwald "setting up encryption" with Snowden did not involve buying a truckload of computer equipment, but rather merely an exchange of some text generated by free software available anywhere.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cthulu2016 (Reply #4)

Wed Jun 26, 2013, 10:20 PM

5. Oh, right, yes. And installing a PGP plug-in for his mail client

I have a side business of setting that up for friends.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cthulu2016 (Original post)

Wed Jun 26, 2013, 10:26 PM

6. Indeed. Encryption like this is standard practice for many businesses and organizations

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread