In order to pull the birthers’ chain and to contribute to a sense of community, Obots use the word “sekrit” instead of “secret.” I was reminded of secrecy when I read the article over at the Oh, For Goodness Sakes! blog that mentioned a birther project called “White Rose.” Like something in a chain email, it’s probably fantasy rather than real. The birthers had a lot of fun passing the story around, though. Squeeky Fromm did a hilarious look at the thing on the Birther Think Tank blog.
The part that I want to focus on is this:
Working over the last several months, using information already gleaned by other investigators and communicating via encrypted email and private social networks, the group has pieced together a web of conspirators including members of the legal profession, the IT community, journalists, web bloggers, Obama operatives and government officials.
I’ve never bothered much with encryption except for the KeePass program I have on my flash drive where I store passwords. Encryption seems more trouble than it’s worth for most things. When I was working, I transported protected health information (including medical records of AIDS patients) and vital records, and when doing that one must be responsible in handling other people’s information, and so of course I encrypted these files heavily.
There is strong encryption and weak encryption. Tools on the Internet will crack (read without the password) many PDF files that use PDF encryption. Some protection that office productivity programs provide when saving a file are easily cracked too. If you rely on any encryption scheme, read up on it first to see how strong it is.
I wanted to mention a few strong encryption options, should you need that type of security. I’m a Microsoft Windows user, so those are what I’m talking about, although some of these are available on other platforms.
Update: TrueCrypt is no longer maintained and may have vulnerabilities. For Windows disk encryption, use Bitlocker. Other alternatives here.
TrueCrypt is a really excellent program that creates an encrypted partition on your computer or external flash drive. It comes with some educational material. You do have to have administrator authority on the computer where you run the program, a problem if you were to try to run it on a public computer (but doing anything secret on a public computer is a bad idea anyway).
KeePass is a simple password manager. It can run without installation, making it eminently suitable for running from a flash drive. You can arrange your passwords and notes in folders with a search capability. I’ve used it for years. There’s an iPhone version.
7-Zip, like WinZip, PKZip and other similar programs, is basically a compression utility. It can take files or folders and combine them into a single smaller (often much smaller) file. Optionally it can encrypt the files at the same time. The 7-zip encryption is strong (choose the AES option) and the program runs fast. I’ve used it commercially on multi-gigabyte databases.
Up until now, all of the solutions I’ve mentioned use what are called symmetric keys. That just means that you use the same key to write the encrypted data that you use to read it. Such solutions are useful when you have something that you want only yourself to be able to see, or a trusted partner that you can send the key to. The tricky part, of course, is sending that key securely over long distances.
An elegant solution is an asymmetric algorithm. In these “public key cryptosystems” one key encrypts the file and the other one decrypts it. One key is called a “public key” and the other a “private key.” With this approach, I can publish my public key to the world, and then anyone can use it to encrypt something directed to me that only I, with my private key, can read. It’s a very elegant solution. Public key cryptosystems can also be used to verify the sender of a communication. If I encrypt something with my private key, anyone can read it with my public key, meaning anyone can be sure it’s authentic from me, and not altered in transmission. Several email clients can use GnuPG, an implementation of a public key system. I use Thunderbird as my mail client and have for over a decade. It has an add-in called Enigmail for sending and receiving encrypted emails. There is a nice tutorial on how all this fits together. Note that the encryption of emails conforms to standards, so one can use a variety of programs to exchange encrypted correspondence. Here’s what an authentic digitally signed message looks like in the Thunderbird email client:
One of the cool things Enigmail does for you is to allow you to publish your public key to an Internet server. The public correct key is identified by your email address. For example, if you send an email to this web site to the “admin” user, Enigmail can find the public key automatically. You can also send the keys in a file. My public key is pasted at the bottom of this article.
Encryption can be a hassle, and encrypted emails require some effort to set up. Most folks really don’t need it, but if you do, there are freely available tools at no cost. If you find one of these tools useful, seriously consider contributing to the author.
How strong are these algorithms? You can probably find something on the Internet. Also check out Bruce Schneier’s excellent security blog (just be aware that today is Friday and on Fridays he blogs about squid).
Final note: if it’s worth encrypting, it’s worth a nice long random password. I use a 24-character random string for my KeePass password file.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.17 (MingW32)
mQENBFB4qf0BCACqpQlqmVnSG4KpSRzTSXsuWLdKRxqYj5MTW2IfxWlmT9tmbfha km3oNzidofKV7qc/fA0/SYYjC+wHezxmLlohpfhcjFYJ9U+oIpigg1/THC5zUtmp QYhq0bw8t17nOydVqgC9f+ag+QiyF4zpd957ad9c9R+ayA67p1DC88V3wHsixSI7 3tc1Knk/hG0baQdMr/clZkNZF9s5erXZ26bFfh8/JOCSv98qdc2ng4A4yEzcyZte bgCpmeDDiFHwI3AXIJjW9ecTgFf4pkY66dwVyTbLDf6s0egSr9r6qgF9ZsECsJip y8RFrUWed8oIxOY1aNkk5M7dauTZB7Eo8UHzABEBAAG0KkRyLiBDb25zcGlyYWN5 IDxhZG1pbkBvYmFtYWNvbnNwaXJhY3kub3JnPokBPgQTAQIAKAUCUHip/QIbIwUJ CWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQqJ0lqoTYEikoaAf+KYkL Z8MyrugMghCar7/+nfKavxQAoTrGt0feNsE+L2lZTT4fFtPWFYCB0G97u7OBaPpi gG/teqKADFptrFwGmCQePRPTsNUZh6a9sgKQgNKbbC002o/xfcNPXnBgaqm1vUAd +qA+1ZJttBvs3UyTAsG8iQ32ceNIXQRdAbubJCFCwSYL3l2gcXn40KRYE6s/L108 Wi2Rh3yQZsLyO78FYmNzIqfrvbrWeIVHEq3yb/tCPEQlz2fcywrlUcRDyYsSKVLs MYyeAn+9rUlrd3t+RFuCH/tAjf0xWXyFgeDnUNRiAXXr7Q5GVKNAUESs1eknwVTu CMGPjUsvs0Bki2KPB7kBDQRQeKn9AQgA6TPgBGQ8QYoPVNK7DIKu757pcP1xQyI9 50kFt8sqNwmePG25N/HZKKJLCe3FlU4jj0s32/3yWF9pWPTtVqtCYnD4CuJpFjMK ty8CBIrY2Q1/dwOqQ2iI0q6wP4m0rGV0fKhhVsQAu5/NheFTMFO1dd5ZRF/4D0Js J1BB5lYJkjLU9zvY4W/QJOM7ImbWyaLs6FlFj+rWK78P8sltq5UCP6FKBgxeKIKw cSOIU38PaSYWGI1gvXpxokQb6Rtl/iBB5DWR3Avv8ZL0yheLtMQIoLdbNAVPfQnl 5hu33K/wlW72cpP1lmbKvpNr/JHhhCoT6hEiXCT1Y9/6PZeO1fxFiQARAQABiQEl BBgBAgAPBQJQeKn9AhsMBQkJZgGAAAoJEKidJaqE2BIpbhEH/3u2xM9RjQSBF67c QSuV+7vGV0oU3xmrELB3cxoqgYveU6d1XjHWDyRf6evzkUS26HEKkhratowLaPTv 1V44l3NKIGiCJKv+K+LDQcCIVh/Fq7rxoc47JyFYO6MPQVyN9nh1sDslzTfswbCJ hRTsRl6TS6xlmBEL0/HMGPDQEs2lTF4uCnHeOg46pcIr7UcLr5OKMKsNnK3hdOCL tYm3MxZY/76K1SkcLTnz0A9eZm4PxvdTZftGQGeaTw1UzMEAhEHD3hab1lACI34F 9VBfweBE77sdJinW9JAfJj8MrtGma0smeXju760xwb2MIR9WjX57NPH+K77/1Qkc ui1P2/8= =r4Vx -----END PGP PUBLIC KEY BLOCK-----