[cryptome] Re: Encryption Experts and Snake Oilers Quacking Like Governments

  • From: Shaun O'Connor <capricorn8159@xxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sun, 30 Nov 2014 21:19:28 +0000

Nice one John and I couldn't agree more.

My premise has always been that it is never enough to download something
without knowing what it does( if at all possible) and also one should
take the time to understand the proper use of said package etc. likewise
i refuse to touch sites that offer "premade" passwords ( yes they do
exist) the danger lies in that the user becomes lazy or forgetfull and
omits to change the default password for one that is more appropriate.

additionally of course one should carefully evaluate the degree of
sensitivity of the work they are doing and plan security
operations/measures accordingly.

the moral of the story being that practical security means effort on the
part of the person wanting to secure their data. THERE ARE NO SHORT CUTS.



On 30/11/2014 21:07, John Young wrote:
> Capitalizing on the comsec frenzy, several sites, probably many,
> are offering to encrypt for those who do not want install programs
> or find them too difficult to use. All appear to promise that no
> records, private and public keys, email addresses or content
> will be kept. Trust them.
> For example, here's one used to send encrypted messages:
> https://www.igolder.com/pgp/encryption/
> This approach suggests that the renewed crypto wars have again
> bred a new round of opportunities to beguile those who yearn for
> comsec but do not know how to get it, nor how to evaluate the
> offerings, in particular those provided by US producers which they
> doubt are free of government manipulation. But they also doubt that
> any cryptosystem is free of that, thanks to the NSA revelations of
> global cooperation among nations to do what NSA does, and the
> failure of crypto experts and firms to fully disclose their aid to
> governments, before and after Snowden's revelations.
> So the downside of Snowden's revelations is that there is considerable
> suspicion that all crypto is compromised, and, worse, that snake oil
> is not really different from the good stuff for the ordinary user who
> lacks
> the technical skills to distinguish them. And that comsec experts are
> in league with authorities to dupe the public by excessive warning
> of snake oil to peddle their own offerings, that is, experts and
> snake oilers are doing what governments do.
> Trust Snowden, trust experts, trust governments, but distrust
> snake oil. Wait, users say, how can we tell the difference when
> they all quack like ducks.


Other related posts: