S/> So any good tips on this subject? Are we safe from the NSA with SSH v2?   
   S/> SSL? General thoughts?   
      
       Well, here are my thoughts on the matter...  I've been watching the crypto   
   scene, particular PKI, pretty closely since about 1994, when Zimmerman released   
   PGP 2.3a.  Lately I've been in debate with a close friend, hell, he's pretty   
   much my best friend, as well as the fact that he was back in that day & age,   
   too, about the same matters.  We differ in views on the whole matter a bit, but   
   I'll detail each side of our debate-- the guy has a few IQ points on me, AND   
   he's a software dev who is doing github projects regarding implementation of   
   strong crypto and darknet solutions on ARM (7?) processors right now.    
   Basically he's trying to create small, cheap solutions that make it easy for   
   anyone to expand the tor network at the same time that he's working on finding   
   a more effective dark- & mesh-net solution.   
       (see https://www.philzimmermann.com/EN/background/index.html )   
       In 1991, Philip Zimmerman began releasing PGP onto the internet, at this   
   time I believe it was primarily distributed on usenet.  I think it was at the   
   time that he released 2.3a that the federal government (not sure which bureau,   
   almost certainly the FBI or NSA) decided to press charges on him for exporting   
   cryptographic software.  At this point the claim was made (pretty sure it still   
   stands) that certain public key encryption algorithms were a 'munition', and   
   illegal for private ownership in the USA.   
       Not long after, the NSA patented the RSAREF algorithm for public key   
   encryption and declared it legal for public usage.  As a result, my view ever   
   since has been that the NSA has a serious problem cracking the original 2.3a   
   algorithm; if the mathematical analysis of that algorithm is correct (and   
   mathematicians as well as software peeps concerned with privacy have been   
   pouring over it ever since), it is a real bitch to brute force.  Of course,   
   this always leaves open the waterboarding avenue of attack in order to get you   
   to give up your passphrase.  Due to the number of operations required to crack   
   this algorithm it is still highly unlikely that even a massive amount of   
   computing power can, within the space of many months to dozens of years,   
   depending on key size, brute force that ciphertext.   
       This is where my opinion is different than my friend's.  His view of this   
   matter is that, after the protracted legal battle which was dropped in 1996   
   against Zimmerman, the NSA decided that sending up a flag about which   
   algorithms they can't crack was a bad idea, so they've been silent ever since.    
   He makes a good point that the amount of crypto, mathematics, and software   
   geeks that have been pouring over this software for over 20 years have never   
   turned up anything, including the 'back door' that I suggested might exist   
   within the patented RSAREF algorithm.  For those who are seriously paranoid   
   like myself, there is an option that hides the fact that you're using the   
   old PGP 2.3a algorithm called pgp26ui, found as pgp26uis and pgp26uix as the   
   archive base names online.  This version will allow you to use any algorithm up   
   to the ones that PGP 2.6 implemented, including the 2.3a one; you can specify   
   how you want the ascii armor file or binary ciphertext file specified as a   
   bogus version to fool anybody who takes a superficial look at the ciphertext.    
   Of course this probably doesn't stand up to detailed analysis.   
       For what it's worth, I'd feel [hypothetically] comfortable using this   
   algorithm to encrypt data for myself or someone else to decrypt later probably   
   for at least the next 10 years, barring implementation of any sort of quantum   
   computing device to crack public key cryptography.  Also, for information on   
   how hard it is to break some other algorithms, take a look at distributed.net's   
   results on using distributed computing power to crack RC5 encryption, even at a   
   remarkably small relative keyspace ( http://tinyurl.com/mpn7ur2 ).   
       As far as SSL, I've read some articles lately that talk about what it truly   
   protects and what it does not.  While it provides relative security compared to   
   plaintext, I wouldn't rely on it for much of anything.   
       SSH I'm a little bit more confident about, but not nearly as much as I used   
   to be.  I'm pretty sure that with the smaller keyspaces that are so common in   
   these algorithms that they wouldn't handle any real amount of brute force   
   attempt, at least if implemented against a small subset of the streamed data,   
   as opposed to everything sent in a massive session.  These last two opinions   
   are not really justified by a large amount of armchair research, not compared   
   to the opinions I have on PGP's algorithm.   
       I do believe that Blowfish and Twofish, when implemented in the streams of   
   some of these other protocols, may be used to increase probable security.  I've   
   heard very good things about them from people that know a hell of a lot more   
   about compsci than I do.   
       Um...  Trying to think about what else I might be able to offer in the way   
   of opinions...  I guess I haven't researched many transparent disk image file   
   encryption protocols like LUKS or the one that OpenBSD uses very much, although   
   I rely on them.  :P  I'll have to make a point to be doing that soon here, I   
   guess.  I did study up a bit on OS/X's Tiger and Jaguar versions about their   
   disk & sparseimage encryption when I realized that I'd forgotten a passphrase   
   for a whole trove of data that I'd had to keep encrypted from the military.    
   Still haven't found a decent way into that, and I haven't stumbled across   
   anybody else that's gotten into that kind of stuff very easily, either.  :|    
   Pretty sure the idea I had to try it was going to rely on brute forcing the   
   password, which, with the insane passphrases that I use, would've taken years   
   at least.   
       So anyway, that's what I've got for now.  :)  Hope it's helpful.   
      
   -The opinions expressed are not necessarily an advocation of any of the   
   aforementioned ideologies, concepts, or actions.  We still have the freedom of   
   speech, for now, and I enjoy using it in a satirical or ficticious manner to   
   amuse myself-   
      
   "In times of universal deceit, telling the truth will be a   
   revolutionary act." --  George Orwell   
      
      
   ---   
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 :   
   http:8080   
    * Origin: Time Warp of the Future BBS - Home of League 10 (1:340/400)