Secure/Encrypted Email

[ancapagency]

Are any Porcupines out there planning (or willing) to establish a secure email system--something like Hushmail but without the gooferment access? 

What encryption system do y'all like--as I'm hearing PGP is compromised?

[error]

You can use GPG

[ancapagency]

no back door problems with GPG?

[penguins4me]

Read the code, or pay someone you trust to read through the code, to answer that question definitively.

Unlike some software today, the author gives the source code away freely for anyone to look at.

[error]

no back door problems with GPG?

Why you think it exists?

[yonder]

I'm hearing PGP is compromised?

You heard wrong.

But I'm also a GnuPG user.  I've tried getting my friends and family to use it for years, though, to no avail.

I guess people like sending all of their sordid secrets on the electronic equivalent of post cards.

[ancapagency]

I'm hearing PGP is compromised?

You heard wrong.

So are you saying PGP has not been allowing the gooferment critters a back door?  I have no evidence either way--just what I've heard--and of course, the perception of security is pretty important--if second only to ACTUAL security, in this case.

[yonder]

I cannot attest to what is going on with the commercial version, but there is a source code release of PGP from back when Phil Zimmerman was still in charge and it's been gone over top to bottom front to back.

Most users are now on GnuPG (GPG) which is fully OpenPGP compliant, always has full source code available, and still doesn't have any back doors in it.  This is the implementation of the OpenPGP standard that I use and recommend above all others.

There is a commercial version that you can buy, which can be called "PGP" because of the ownership of the trademark, but it doesn't come with any source code.  Caveat emptor.

There have been entirely unsubstantiated allegations of backdoors in PGP for as long as it has been around.

[John Edward Mercier]

Use BooK Code embedded within an advertisement... NSA hates it.

[J’raxis 270145]

Note that "PGP" can refer to three separate things: a standard, a corporation, and a piece of commercial software sold by that corporation. The standard is probably fine—but I wouldn't trust the commercial, closed-source piece of software, or the corporation that sells it, at all. GnuPG (a.k.a. GPG) is the software I use.

[Dan]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Establish a gpg key and PUBLISH your key on the keyservers.  (most PKI software for Windows just does this)

Get this extension for firefox:   http://firegpg.tuxfamily.org/

Poof:  each and every text input field on everywebsite you visit now supports PKI encryption!

Just for example:  I will cryptographically sign this post. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHuwGwubmxQRV0+TMRAhknAKCT0twWoF1Ze/aruNWaXI30x9OE7gCfWb71
iudTCCakNFZNhLq8IOo5rvQ=
=1lJt
-----END PGP SIGNATURE-----

[error]

What you want is Enigmail for Thunderbird. This makes encrypting your email a point and click affair.

[41mag]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Establish a gpg key and PUBLISH your key on the keyservers.  (most PKI software for Windows just does this)

Get this extension for firefox:   http://firegpg.tuxfamily.org/

Poof:  each and every text input field on everywebsite you visit now supports PKI encryption!

Just for example:  I will cryptographically sign this post. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHuwGwubmxQRV0+TMRAhknAKCT0twWoF1Ze/aruNWaXI30x9OE7gCfWb71
iudTCCakNFZNhLq8IOo5rvQ=
=1lJt
-----END PGP SIGNATURE-----

Of course it doesn't work so well when you have smilies enabled.

[picaro]

Seahorse is a nice graphical front-end for Linux/Gnome.     

Also, I second Dan's recommendation for FireGPG... it integrates nicely with Gmail.

[picaro]

Oh, is there a porc key server?   GPG isn't much use without disseminating public keys.