Is Hushmail Still Safe? 264
Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication:
"For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"
this has been the case all along (Score:5, Insightful)
Simple Answer (Score:4, Insightful)
...one can't trust encryptinon if it is done off site. Point.
If you want your communication secure encrypt it on your computer which you trust. This is the only way to keep it secure...
faggot (Score:0, Insightful)
of course it is.
no encryption that YOU didn't write is safe (Score:4, Insightful)
its just that simple.
unless you can review (and understand) what's going on, line by line, you can't REALLY trust it.
what is at stake, here? the gov's are at an all-time power-grabbing frenzy for violating your personal privacy. corporate, too, for that matter.
it was once said that no one would be allowed to sell or market encryption tech that 'the big guys' would not be able to break; meaning our government. I once worked at a picture phone company (mid 80's) that was starting to go down the 'encrypt your video phone call' path (using old switched56 tech) and we were told we could NOT do our own encryption unless it was 'breakable' by, well, certain agencies.
believe what you want, but no commercial (or even freeware) encryption that is avaiable to YOU AND I will be worth anything other than 'for show'.
I fully believe that. you would do well to mistrust your government, too, given how greedy they have become on the rights-grab thing.
locks only keep honest people out. there is NO WAY to keep the gov out, anymore. and that means that others, too, have backdoors (you think the gov is the only entity that can 'get to' this kind of stuff?)
anyone who trusts encryption for their life, in this day and age, is deluded.
Never was and never will be... (Score:5, Insightful)
Depending on how you define secure then no, Hushmail is not.
Personally if I want to send encrypted mail I will do so on a PC I have direct control over, I will carry out the encryption before the email goes anywhere. And depending on the type of encryption used, I might even carry out the encryption on a terminal which has no network connections etc and after encrypting the mail will shutdown the PC and leave it shutdown for a while - this setup would have no swap partition etc, or if it did it would be a minimum of baseline encrypted.
As for Hushmail - its secure if you trust them to use suitable encryption algorithm, key material, psuedo random number generator, secure processes (not the program kind, the how to do the job kind), secure network, no shady or otherwise agreements with third parties (inc. governments) to provide decrypted data, not to store your orginal plain-text mail for any longer than the time it takes to encrypt it, securely erase the plain-text version etc etc etc. Probably enough holes to drive a bus through...
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
Anyone who thinks the government is a magical entity that can automatically undo the work of independent researchers and mathematicians is deluded.
I'm sure any major government's capabilities to obtain information are beyond what they are commonly percieved to be, but that does not mean that every encryption scheme is instantly rendered null and void. No one government has control over everyone, so if you think the US government is stifling innovation in America do you also think they're doing the same in Japan, Europe, China, and anywhere else? Or do you think that those governments are all collaborating on this - now that really would be deluded.
If all available encryption mechanisms were crackable then why would governments have gone to to such lengths to try and hinder their development in years gone by - and why would many governments now be trying to attack encryption methods via other means, eg. the recent British law that makes refusal to give up keys to encrypted material punishable by up to 5 years in prison. Why be the bad guy and make those laws if they're unnecessary anyway? I suppose you could claim it's to try and mask their true abilities, or to play up to the anti-terror idiots, but I don't see that as likely.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
And unless you're Bruce Scheiner, encryption that you do write probably isn't safe either.
Necessary but not sufficient- You'd also need to be a black-belt in Silicon whittling.
Jars embed date of creation - More Info Needed (Score:5, Insightful)
Any developer that has worked closely with jar (zip) files should have immediately notice a possible issue with this announcement. If you use the jar tool to create a jar archive with its default options, it embeds a new MANIFEST.MF file which has a new creation time; therefore, you will get a different jar checksum even if you are archiving the same exact contents. It would have been simply possible that the Hushmail build process created a new jar file (with identical files) for each type of software distribution that they use. The only way we can be sure is to compare the file list and checksum for each file inside of the jar archives.
Re:do not use the internet (Score:2, Insightful)
rely on face to face contact if you want your communications to be secure.
Are you smoking?
Meeting face to face is the worst possible way for secure communications. It allows for easy snooping by anyone on you and the person you're meeting, and even the fact that you are meeting with a person can taint you if they are on the terrorist list or "watch list".
Public email such as thepiratebay's slopsbox is way better. Be sure to post and read from a public library or similar, with no cameras.
Re:this has been the case all along (Score:5, Insightful)
Think our Government doesn't have the capability of decrypting them all,
No.
or more to the point the capability of demanding unencrypted data be handed over?
Well, if you mean by actually torturing you? Well, depends on whether you believe your government does that to americans or not.
If you refuse, you refuse. They then can't get to your data.
Unless you use debian, of course. :-P
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
We got past this in the 90s; initially they said that all encryption would have to be weak (e.g. 40 bit) or go through their chips (Clipper, etc.). But they found that this didn't stand up to the reality of WWW era. What worked in the 80s for the few users of encryption at that time simply couldn't scale up for web commerce. Strong encryption was a commercial necessity, so the attempts to control the industry had to be dropped. The export restrictions disappeared, and because DES was now too weak to be useful, the new AES standard was introduced.
Is AES full of back doors for the NSA? Almost certainly not, since these could also be used by any resourceful group of cryptographers, including the Chinese version of the NSA.
Is quantum computing already being used to crack AES? No. Quantum computing is the cold fusion of our industry.
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
Truecrypt is freeware (open source) and is secure. In fact, it's more secure than any commercial offering I know of, due to its plausible deniability features. The source is there, it has been examined by experts and you can take a look yourself. Encryption options include both AES and Twofish, both known to be secure.
Encryption is well understood and researched by academics working in public. Sure, governments have their own secret research, but a lot of very clever people all around the world have been testing AES and Twofish for weaknesses for years and so far have found none. Governments don't have any magical ability to find flaws in encryption that ordinary academics don't.
Having said that, perhaps if you are Osama Bin Laden you might want to be a little bit paranoid. In theory, with a few billion dollars you could build a machine capable of cracking AES in months. So far there is no evidence such a machine exists, but... Most people don't have to worry about that though, even if they are doing something that could get them in serious trouble - certainly the national police, Interpol or even secret services (MI6/CIA) don't have any chance of breaking AES by brute force. Of course they could torture you now but even that isn't much of a threat to anyone not labelled a terrorist by the US.
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
Re:this has been the case all along (Score:3, Insightful)
If only popular email clients would ship with encryption built in, set up by the account creation wizard and turned on by default...
Once everyone had the ability to check signatures and decrypt encrypted mail, and the client defaulted to encrypted if a key was available we would be half way there. Unfortunately there is no good system at the moment for hiding the address of who the mail is being sent to, and at least in the UK ISPs are required to log that data.
I'm somewhat surprised that Thunderbird hasn't done it. GPG is free, plugins already exist and it would finally be something that can separate it from the crowd of other email clients with similar or better features. Even better would be if MS integrated it into Outlook or Mail. Maybe Apple could market it as a feature?
Re:no encryption that YOU didn't write is safe (Score:5, Insightful)
Rules for dealing with government are simple. Do not get involved in their business, do not play their games, do not volunteer anything, do not agree to anything, do not play with them, or for them. Once you do, your ass is theirs. They own you, with your consent at that.
By the same principle, don't fuck around, don't trespass, don't steal, and don't be a crook. Learn the law VERY carefully, keep a copy of Black's Law Dictionary (I think 6th edition is out now) in several different versions. Look up innocent looking terms and verbs in forms. DO NOT consent to anything period. Sign nothing. Be sure you know what is "your name" and what is what someone may call you. Practice your rights. Yes... all of them. A right practiced doesn't need to be infringed, because you already don't have it.
Be very suspicious not of your neighbors but of men in "special" uniforms or funny hats that supposedly give them power over you. Don't let strangers into the house. Homeschool your kids and do a god job, history, law and the local mythology are especially important subjects. Several languages and a good grasp of self defense, tactics and strategy are also quite important. Those with kids who choose to be politically active are extra vulnerable, since kids are the ultimate Achilles Heel.
Never ever trust strangers. Trust people in uniforms even less. Never ever get into a stranger's car, despite what you see in the movies. If they want to talk to you, they can get into yours. If you are confronted by a "friend from high school" and like most average people you can't remember who you met yesterday, nevermind back then, look behind you, you're probably about to get cattle prodded in the back and shoved into a van.
These were simple coping strategies for those who were not average plebeians and who survived the cullings of communism. I lost relatives who were educated, men I could've learned much from. I never met them because they were taught that self defense was for cops and soldiers. And when the king's men were gone, and the cops were coopted to communism... there was nobody to protect the smart, educated, "civilized" (i.e. willingly helpless) men from the cleansings. The ones who weren't "lifted" and sent off to Siberia, were enrolled into a front line regiment and given crap gear and no real training. Very few returned, most scarred for life. All I saw of them while growing up were pictures over mantelpieces. Grandmothers mourning long lost brothers or maimed cousins. That is the fate of the helpless of those who depend on others for their protection...
And what governments are preparing today, the police states being built now, they are so much more insidious, in that they're so much better concealed behind "feel good" intentions and bullshit propaganda about "the good of man". Oh well, fools get what they deserve. There's no stopping it at this point, fools gave up that chance a long time ago. All one can do now is get out of the way and let the Leviathan leap off the cliff with all the fools aboard. Watch the splatter and feel not sorry... they laid their own beds. Trying to save the stupid from their stupidity is what got the world into its sorry state in the first place. The stupid should have been permitted to perish, and Darwin should've been allowed to have his laugh. Instead the stupid were forced to live against their best attempts, so they outbred those who merited survival and to thrive.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
It doesn't have to be anywhere near that elaborate: just assume lawmakers have about the same level of information as us, so they think (rightfully I believe) that encryption is sound, and therefore they need that law.
Re:no encryption that YOU didn't write is safe (Score:4, Insightful)
...and those who think they're the top in their field, are regularly and quickly shown up by those who are smarter than themselves. Just remember that for every person you're beating in any field (math, basketball, chess, whatever), there are people out there MUCH smarter, faster, better than you are.
Just because one brilliant researcher publicly puts his stamp of approval on an algorithm, does not mean that any government doesn't have a team of similarly-brilliant researchers poking holes in that algorithm that are never made public.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
If this is the fruit we see and share what type of fruit do they eat?
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
Yes, but that goes both ways. For every brilliant person who chooses to work for the government there is another that chooses to work commercially or academically. Which is why I believe it's highly unlikely that the government could be so far ahead of the curve as the GP suggests. That is unless they were actively hindering those who work outside of the government, in which case I'd find it very difficult to believe that such efforts would be unknown.
Re:Simple Answer (Score:5, Insightful)
The problem here is that the program doing the encrypting on your computer, which comes from Hushmail, is not the same program that they provide the (trustable) source code for.
The other problem is that it's not GPG. Honestly, there is no way I'd trust any other file crypto software today. Why should I? GPG is there and works and people use it. Anything else is just rolling dice.
This is maybe the one area where I don't think there's a lot of room for options. Crypto is almost unbelievably hard to get right, and the odds of more than a tiny handful of programs pulling it off is slim. Putting all of your eggs in one basket is risky, but I'd rather trust one titanium roll cage of a basket than 100 made out of tin foil and rusty nails.
All Encryption Can be Cracked (Score:2, Insightful)
It's just a matter of time. This almost always happens faster than the designer imagined it would take.
Re:Never was and never will be... (Score:4, Insightful)
Isn't that the point? Shouldn't we be portraying that EXACT image to the respective governments who are trying to overthrow us? Seriously, isn't that EXACTLY what they're trying to do with the false security theater that is being thrust upon us with each new day of news reports from the Middle East and domestic?
You might find the article "Fascist America, in 10 easy steps [guardian.co.uk]" interesting in this context.
In short, the government SHOULD be afraid of the power of the people, because it is exactly those people, who gives the government their power, not the reverse. We all COULD be harboring plans to overthrow the government, and we should anyway, if they cease to support our rights and needs as a populace. In other words, do what we're expecting of you, or expect to get overthrown. Period.
Re:Never was and never will be... (Score:3, Insightful)
" What are you all doing on your computers?"
What's this? Another turn of the old argument "but if you have nothing to hide...?" or what?
I don't need to give *any* explanation to protect my intimacy.
Re:this has been the case all along (Score:5, Insightful)
Well, if you mean by actually torturing you? Well, depends on whether you believe your government does that to americans or not.
Torture isn't the only way of getting data out of people, which is fortunate because as Bush said, "We don't torture." What we do is called using "Enhanced Interrogation Techniques", which aren't torture because they don't cause organ failure, except when they do and the organ was in a guy who wasn't going to live forever anyway.
Re:this has been the case all along (Score:3, Insightful)
If you refuse, you refuse. They then can't get to your data.
This really cuts to the core of why encrypting yourself is better than trusting someone to do it for you (or worse, trusting someone to store plaintext data for you) -- someone may be able to get the data (by using fascist tools like the UK's RIP act, or the US' torture methods) but they will never be able to do so without your knowledge and once it's broken you will no longer trust that key.
well, unless your PC is insecure...
Re:this has been the case all along (Score:3, Insightful)
Generally yes, but Hushmail offered two methods of encrypting emails: on their servers and in a Java applet that did it locally.
The problem is that the applet can't be verified. And, honestly, this should never have been the first indication of that.
Or rather, the applet could be verified -- you'd just have to verify it every time. The only way I know of to make this easy would be with a Firefox extension -- but at that point, to borrow the other poster's idea, why use Hushmail in the first place? [getfiregpg.org]
Hushmail is really a way of making GPG easy for people who don't understand how it works. The flaw in this is that to use GPG at all securely, you need to have a fair understanding of how it works.
My guess (Score:3, Insightful)
Was either Thomas Jefferson or Lazarus Long. Both of them were well worth listening to.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
Brilliant minds hear so much praise that they forget they fuck up just like anyone else.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
They're not"known to be secure". They're simply not known to be insecure.
One of the basic problems in cryptography is that security is essentially impossible to prove -- about the best you can hope for is to prove that if X is true, then Y is also true, and Y implies that this algorithm is difficult to attack in some specific way.
To give a concrete example, RSA encryption is based (as most people already know) on publishing a key that's (basically) the product of a couple of large prime numbers (which are not published separately). It's pretty easy to say that RSA is secure against an attack based on factoring if and only if factoring is sufficiently difficult. It's possible, however, that a much easier/faster algorithm for factoring could exist -- nobody knows for sure.
There's also the possibility of attacking RSA encryption in other ways. Even though factoring the public key is an obvious route, there may be entirely unrelated attacks. For example, Seifert invented an attack on RSA-based digital signatures that does not involve factoring the public key at all (though the attack does have some requirements that aren't necessarily easy to meet).
The same general idea is true with most symmetric encryption algorithms, but the proofs involved are much more difficult to reduce to something easy to explain in a short post -- they mostly involve group theory that even people who major in things like math or CS never study (at least in any detail).
In the case of AES, there is a type of algebraic attack (XSL) that's never been proved to work, but shows reasonable promise. In particular, it has been shown to work against what are basically reduced versions of AES, which is usually a strong clue that an attack against the full cipher may work as well (though making it work isn't necessarily easy, of course).
I'm not at all sure that's true. For it to be true, there would have to be an attack that was substantially faster than simply exhausting the key space. If somebody can make something like XSL work, breakage might even be a lot easier than that. An attack based on trying every possible key, however, is completely out of the question. There's not enough silicon in the solar system to build enough cipher engines to do the job before the sun has become a red dwarf. In fact, it's open to question whether there's enough matter/energy in the universe to do the job before the universe is in heat death.
Re:no encryption that YOU didn't write is safe (Score:1, Insightful)
Bingo. So long as you make sure never to invent something the NSA might have interest in, like you know, solving the world hunger or fuel problems. Should you be unfortunate to do so, you will be silenced... otherwise you would shift the paradigm and it would cause a lot of thugs and intelligence people to go unemployed, without purpose in life. Professional voyeurs and killers don't like that, you know.
So if you come up with nothing inventive, you don't have to worry. If you do, tough shit for you. The scarcity paradigm is wonderful, so I personally hope that nobody stumbles onto a new idea in my lifetime. The stupid don't deserve free goodies.
People deserve the government they vote for, and they deserve to get it good and hard. (Ye gods I love that quote.) I seem to recall that international espionage was used mostly to acquire business secrets, and steal pending patent work... it was done by Americans, Brits, Russians and Chinese. From Echelon to whatever the hell they're using now. The excuse is "terrorism" the truth is theft... pure outright idea theft. The only reason Piracy concerns them is because some clever geek might steal from them what they've already stolen from others.
Why am I not worried? Because I gave up on any dreams of changing the world. See once you get out of school, you can go directly into the workforce, or go into a family business or start your own... That gives you some time to observe people, and society, and learn what you don't learn in the 9 to 5 life. I've no reason to risk my ass even if I COULD change the world... the people of the world don't deserve the sacrifice of even a single sane man.
Re:no encryption that YOU didn't write is safe (Score:4, Insightful)
I assume you are implying that Quantum Computing does not have any sound physical validity, will never work, and is only backed by scientists with questionable track records.
I disagree. Quantum Computing is the hot Fusion Energy of your industry: It is much more complex than most people understand, it takes much longer to pull off than most people think, and it will take much longer to arrive than most people expect. But it has a sound theoretical foundation and is, at this point, purely a (very hard) engineering challenge, rather than pure conjecture, mixed with a few highly questionable experimental results.
Re:Mixmaster (Score:4, Insightful)
Oh, please. You've done a good job of using impressive terms to sound like you know what you're talking about. If you want to talk about the real-world risks of having your crypto broken, then you need to consider all the real-world methods by which your crypto could be broken. It doesn't matter that a one-time pad can be theoretically proved to be invulnerable to certain kinds of attacks, to which various symmetric and asymmetric ciphers are theoretically vulnerable. What matters is the actual types of attacks that are practical and likely, and the actual problems you'll have in the practical implementation of a particular method. If you're using a one-time pad, then there are several obvious, well-known things that can go wrong: (1) you have to physically exchange the one-time pads, which may be difficult to do (and do securely) if the NSA is really following you everywhere, opening your mail, etc.; (2) both parties have to maintain the security of their own copies of the one-time pads, which may be difficult to do if the NSA is really determined to get them; (3) there is a tendency for users to get lazy and reuse a one-time pad, which then makes you vulnerable to certain kinds of attacks. Standard symmetric and asymmetric ciphers are more or less immune to these problems (#1: swapping passwords securely is a lot easier than swapping large amounts of binary data securely; #2: you can keep the password in your head instead of stuffing a keychain drive under your mattress; #3: no such issue). Yes, there are also certain kinds of attacks to which standard ciphers are vulnerable and one-time pads invulnerable (e.g., dictionary attacks on your password, shoulder-surfing,...) One-time pads are not magic pixie dust for cryptography. There is no magic pixie dust for cryptography. The good news is that we're living in a golden age of privacy, in the sense that you can legally, publicly get software to do encryption so good that essentially your main worry is no longer the encryption, it's the social/personal/legal issues surrounding its implementation.
Encryption + web-based don't mix well (Score:5, Insightful)
Anytime your private encryption key is "over there" you are at risk. If your private key is stored on *their* servers in such a manner that *they* can get to it, your privacy is at risk.
As a software developer, I'm in a pilot program to use encryption for digital signatures. Despite the relative simplicity of using openSSL functionality, it's been surprisingly painstaking and laborious to put everything together.
See, real security requires outright paranoia. How do you prevent your CA key from being compromised, in such a way that you can all-but guarantee that it hasn't been? To do this, you have to make it not only unlikely, but impossible to be compromised in every conceivable way. How do you prevent your client's private key from being compromised, in such a way that you can all but guarantee it? How do you prevent a malicious client from obtaining a signed certificate? How do you prevent 3rd parties from MITM attacks? How do you provide high-level security for all the above, while still providing redundancy for disaster recovery? How do you prevent compromises stemming from a social engineering attack?
Not including implementation and ongoing maintenance of these procedures, the cost of just proving that you have all these measures in place runs to many thousands of dollars!
A solution that answers all these and every conceivable related question is surprisingly difficult, and many, if not most, of the problems are not technical, but social.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
that incident with Debian recently [...] most brilliant minds tend to miss things.
Sorry, but the person who did that was *not* brilliant, by any stretch of the imagination.
Unless you're trying to tell us that Whitfield Diffie, Adi Shamir, or Leonard Adelman personally signed-off on the Debian packages, in which case I'd challenge you to provide a link.
Attempting to draw parallels between actual crypotgraphers who have created state-of-the-art cryptography, and some numbnuts who doesn't actually understand what he's doing is really, really poor logic.
If the Debian fiasco is the best example you have to prove your point, I'd say that you've pretty much admitted you're wrong.
Re:no encryption that YOU didn't write is safe (Score:4, Insightful)
Well, a rising ocean drowns all seacoasts.
You may not care what happens to the world, but what happens to the world WILL affect YOU.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
Holy freaking tinfoil hat! Or maybe the poster above me has an entire tinfoil raydome surrounding the immediate 10 feet around him?
There are plenty of countries in Eastern Europe and Western Asia full of people who haven't forgotten a repressive government and what it can do when it's sufficiently organised.
For all we know, DaedalusHKX may come from one such country - and history tends to repeat itself partly because humans as a race are very bad at learning from it.
Re:Simple Answer (Score:3, Insightful)
Cryptographic algorithms are difficult to design, but they are documented, implemented, and made publicly available. GPG is not the only secure encryption program out there, it is simply a common and well designed one. RSA and AES encryption libraries are widely available. They are even embedded in the Linux kernel for use by programs that call the openssl library so that the kernel can use its bultin algorithms or offload to a piece of hardware, if it is available. This is, in fact, what GPG does. It calls the openssl library where available and embeds (links) openssl's algorithms where it is not.
I will, however, grant you the point that in designing a system to properly use the algorithms there are places where developers can go wrong. That is where peer review and open source shine. Anyone can review the program, and in popular projects they often do.
For a good primer on encryption pick up Bruce Scheiner's Applied Cryptography. You can also find a lot of resources online, like wikipeida, though those articles can get a bit technical. I hope that you can learn that encryption can be utilized by almost any competent programmer, and that it is not the program you should distrust, but rather third parties. That is, after all, the heart of encryption, knowing who and what to trust and giving everyone else hell.
Re:no encryption that YOU didn't write is safe (Score:3, Insightful)
I keep enjoying the fact that some quote the bible to me on this issue... you didn't, and that's good... but they often quote "and the weak shall inherit the earth"... anyone notice it says "the meek" and not "the weak" in the actual texts (English ones)? There is a difference. Meek means more to the tune of, you can be strong as hell, you just don't go and kick the neighbor's door in for no reason at all except that you can. The weak inheriting the earth makes sense... because that's where the weak majority always get buried in mass graves when the strong minority and their willing enforcers get done with them. However the meek inheriting the earth is a simple logic. The not so meek will fight each other and kill each other off while they also massacre the weak as they always do. The strong and wise who are meek will step back and let the fools kill each other and only retaliate against those who draw close and start a fight... otherwise they stay clear. in the end, after all the idiots have slaughtered each other, the meek are left to enjoy the remains... if a smouldering ruin is "enjoyable" of course.
Re:this has been the case all along (Score:2, Insightful)
You're trusting FireGPG at that point. As well as Firefox, GPG, and (the majority of the time) Windows XP or Vista. Those last two worry me the most.
The main FireGPG download page (http://getfiregpg.org/install.html) as well as the xpi are both served over plain http, not https, and the package is not signed. Author not verified, huh. Here's my unencrypted text and password for my key anyway.
I'll give the benefit of the doubt to Firefox and GPG due to being a bit more high-profile, and last I checked the Firefox installer is always signed.
Weakest link and all. Scary stuff with recent laws to combat terr'ists like us.
Re:Rubber-hose cryptanalysis (Score:5, Insightful)
Re:this has been the case all along (Score:3, Insightful)
The problem always arises when another human is involved.
Don't humans write the software?
Re:this has been the case all along (Score:3, Insightful)
People's perceptions of the NSA tend to be somewhat behind the times.
Used to be that this idea that they could crack all of your crypto was based somewhat in fact. Back when DES was being developed, the NSA had design input on it but people didn't really understand what their changes did. Decades later, a whole new field of cryptanalysis was discovered (differential cryptanalysis) and, lo and behold, turns out the changes that the NSA made to DES made it resistant to this technique, decades before anybody in academia knew it even existed.
Much later, SHA-0 was published by the NSA and then quickly withdrawn. SHA-1 was then published a bit later, with one minor change. No real explanation was given. Years later, an attack on SHA-0 was discovered which SHA-1 is resistant to.
Notice it went from decades to years. Although it's very tough to tell, indications are that the NSA is now just a few years ahead of the state of the art in academia. Back in the 70s they had a radical cryptanalysis technique that nobody else even knew existed, and which no doubt allowed them to crack all kinds of stuff. Today, it's extremely unlikely that they know about any fancy techniques that would work against modern ciphers well enough to actually come up with a practical break.
Those acres of supercomputers at the NSA aren't doing codebreaking against modern ciphers. They're breaking old ciphers, ones which largely have breaks known to the public, weak implementations of modern ciphers (Debian, I'm talking to you) and they're doing non-codebreaking tasks like traffic analysis, data mining, keyword scanning, etc.
If you use a good AES implementation to encrypt your communications to Mohammed in Afghanistan, it's a very safe bet that the NSA has no idea what you're saying. But it's also a good bet that they know you're talking to him, unless you've taken extreme care. But "they know" really means that it exists in their big database somewhere, to be called up if anyone ever ends up caring about you, not that your name goes in a personalized report to the director.
If it's a company based in the US, forget it (Score:4, Insightful)
Seriously if it's a commercial company based in the US, forget about security. They can easily be pressured to do everything the government wants.
If you want security you have to do it yourself. Install Gnu Privacy Guard and encrypt all your e-mails. Then use TOR hidden services to set up your own e-mail servers to be sure your traffic information will stay private.