Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] to encrypt or not to encrypt?

The Doctor drwho at virtadpt.net
Fri Jun 21 09:58:55 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/21/2013 11:41 AM, dan mcquillan wrote:

> how would list members answer the question 'to encrypt or not to
> encrypt'?

Assumption: Your traffic is being recorded.
Assumption: You can't transmit anything without leaking at least one
bit ("You're transmitting something.")

Case: Don't encrypt.
- - Your traffic is being captured.
- - This means all of your plaintext traffic has been captured and is
being data mined.
Outcome: You're branched.

Case: Encrypt.
- - Your traffic is being captured.
- - Whatever cleartext traffic you send has been captured and is being
data mined.
- - Cleartext metadata is being data mined.  This means packet headers
(IP address, TCP or UDP port, nature of connection (TCP session setup,
TCP session teardown)) and whatever message metadata or routing
information (SMTP headers) is being datamined.
- - Whatever cyphertext traffic you send has been captured.
- - The cyphertext remains cyphertext - packet payloads, e-mail
contents, what have you remain unknown.
Outcome: The attacker knows that you encypt some volume X of your
traffic, of which some subvolume Y can be characterized as traffic of
type Z and the rest may or may not be recognizable as being related to
Z or some other protocol Q  that can't be characterized yet.

Most favorable outcome: Encrypt.

In comparison...

Perfect outcome: Don't transmit anything.  Just give up.  But then,
why are you on this mailing list?

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

The future belongs to the brave.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHEhk8ACgkQO9j/K4B7F8G/OACgkEiUWH0ZVdnrfxfGcTO7FLRZ
KJgAoNG+VkPCFGr4sbOTX13fu1SCOzc9
=8zTD
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list