redacted.

Not that product. However I did setup Cellcrypt Blackberry for one of my DoD clients. It only works with users that have the same product which is good and bad.

I am a big fan of encryption, however encrypted communication is typically too difficult for most users so it often gets installed and rarely gets used. I have people with PGP, Zix-Mail, etc. for their users and it takes too much effort for the user and the clients complain that they cannot read what is sent.

Not that product. However I did setup Cellcrypt Blackberry for one of my DoD clients. It only works with users that have the same product which is good and bad.

I am a big fan of encryption, however encrypted communication is typically too difficult for most users so it often gets installed and rarely gets used. I have people with PGP, Zix-Mail, etc. for their users and it takes too much effort for the user and the clients complain that they cannot read what is sent.

If it were easy to use, and highest level security you can get (to the best of my knowledge), would that be of interest?

redacted.

If it were easy to use, and highest level security you can get (to the best of my knowledge), would that be of interest?

Would interest the **** out of me.

Anybody using this ? ;)

http://www.securstar.com/products_phonecrypt.php

or

https://www.gold-lock.com/app/en/Home


http://www.metacafe.com/watch/3008171/military_encryption_software_for_mobile_phones/

You'd have to have a screw loose to use the Israeli one. Why bother, at that point.

redacted.

I'll just add a wink and a nod on how to break most of this stuff, and realize that the limitation is usually computational power, and things like affordable Blade servers, and even PS3's and GPU clusters on modified CUDA architectures are fantastic at breaking these sorts of things. The cost of all these are coming down, the biggest real breaking point is that the higher order, highly channelized CDMA based using more than a few MHz of spectrum is technically a much larger challenge over the air than would be trying other routes. That's as far as unclass articles will take you - as it is the info contained just in this post probably identifies exactly who I am to the right people anyway.

Application layer is a really great way to run stuff, even simple 128b AES added after the fact is worth it if you need the security, but outside of a few industries, it isn't worth the hassle of educating all parties. That, however, didn't stop us back in the day at college campus from passing meaningless notes encrypted 256b with encoded messages.

redacted.

Would interest the **** out of me.

PM is inbound.

What is the best one for computer security, anonymity?

Cell phone EnCrYpT_iOn divulged

http://www.nytimes.com/2009/12/29/technology/29hack.html?pagewanted=all




(Response is not meant to diminish HOP's message, as the message is a good one and you need to be aware)

The thing that was "cracked" was the 2G GSM protocol encryption. In 2009, it was what most calls used in the US. Now, most calls use 3G technology, with a fallback to 2G in areas without 3G coverage, so most calls today (2012) will be using an enhanced 128 bit scheme, which pushes the bar out a little. Still something to keep on the radar as that will eventually be cracked as well.

-

I just have one question.

Are you typing the word "encryption" like a teenage girl (enCrypTion) and adding the underscores (_) because you're worried that "they" will lock onto a keyword and track you or something?

Or are you just doing a bit of wordplay / onomableva (an unofficial term for words that look like what they mean)?

I hope and assume it's the second one but I'm curious.


ETA: I'm not saying encryption isn't a good idea, especially with recent judicial precedents regarding warrentless inspection and surveillance. I'm just curious how deep your suspicion runs.

(Response is not meant to diminish HOP's message, as the message is a good one and you need to be aware)

The thing that was "cracked" was the 2G GSM protocol encryption. In 2009, it was what most calls used in the US. Now, most calls use 3G technology, with a fallback to 2G in areas without 3G coverage, so most calls today (2012) will be using an enhanced 128 bit scheme, which pushes the bar out a little. Still something to keep on the radar as that will eventually be cracked as well.

-

How about something with specs of:

•AES 256 bit
•Elliptic Curve Diffie-Hellman 571 bit key generation protocol
•256 bit keys generated by the user or through KMS
•Algorithm AES256, SHA2, RDNG, DH compliant to FIPS specifications
•Smartcard certified CC EAL5+
•Tamper-proof module for secure storage of keys, algorithms and contacts

"The security encryption is performed with AES 256 algorithm executed on the hardware by SlingSecure® SecurCard and the keys are generated with Elliptic Curve Diffie-Hellman 571 bit protocol. Keys are created at the beginning of each call and destroyed at the end of it each call.

User-defined shared keys can also be used, either in place of the dynamic keys or in combination with them.

The algorithms of the SlingSecure® SecurCard are certified for the highest security standards.

SMS text messages are encrypted using the AES256 algorithm with keys generated by the Diffie-Hellman protocol during the first encrypted call to the contact. These keys are associated to the contact and remain in use until the next encrypted call generates a new pair of keys.

Sling Secure SecurCard can be used worldwide provided that GSM/UMTS/Wi-Fi/Sat network is available."


I won't pretend I know the significance of all the above, but I can put people in touch with someone who can confirm and answer Qs on the above, etc. if interested. See:

http://absolutesecrecy.com/

They make products for phone and comps.

For details, contact Dave at:

Dave@absolutesecrecy.com for additional details, tell him I sent you.

Interesting stuff if you have a Droid:

http://www.whispersys.com/

Moxie Marlinspike is the geek behind this company. If you are also a geek, that should interest you.

You'd have to have a screw loose to use the Israeli one. Why bother, at that point.

To true

I just have one question.

Are you typing the word "encryption" like a teenage girl (enCrypTion) and adding the underscores (_) because you're worried that "they" will lock onto a keyword and track you or something?

Or are you just doing a bit of wordplay / onomableva (an unofficial term for words that look like what they mean)?

I hope and assume it's the second one but I'm curious.


ETA: I'm not saying encryption isn't a good idea, especially with recent judicial precedents regarding warrentless inspection and surveillance. I'm just curious how deep your suspicion runs.

So s1ll_Y!!!

I use things like this because **** you, that's why, not because I have anything to hide - except for business, where the money is there for the threat to be very real.

The real problem now is that now that EVERYTHING going across the net can and is being saved, something that is unbreakable now probably will be readable at some point in the future, so all they have to do is store it until whatever system you used to encrypt it is crackable. That's a game changer. And it pisses me off that anyone thinks they have the right to read my private correspondence just in case I might be planning something. **** you, Department of Pre-crime.

And just wait - all these "I lost all my guns in a tragic boating accident" guys are going to be really surprised when the hammer finally falls and the PTB produce audio of their phone calls from 10 years prior where they are talking about where they hid their shit.

The real problem now is that now that EVERYTHING going across the net can and is being saved, something that is unbreakable now probably will be readable at some point in the future, so all they have to do is store it until whatever system you used to encrypt it is crackable. That's a game changer.

This right here has really been my question since I read this thread yesterday.

What does it really matter whether you use encryption or not? If they want to read something that you wrote, they will at some point break the encryption/code and you'll be an open book anyway. Why go through the trouble?

This right here has really been my question since I read this thread yesterday.

What does it really matter whether you use encryption or not? If they want to read something that you wrote, they will at some point break the encryption/code and you'll be an open book anyway. Why go through the trouble?

Because **** you, that's why. That's all.

Lol...yeah stick it to "the man" :p

redacted.

redacted.

I use things like this because **** you, that's why, not because I have anything to hide

Sounds like your guilty as hell of something to me. Excessive paranoia at the very least.



And just wait - all these "I lost all my guns in a tragic boating accident" guys are going to be really surprised when the hammer finally falls and the PTB produce audio of their phone calls from 10 years prior where they are talking about where they hid their shit.


Wow, I was just thinking the exact same thing.

......

Sounds like your guilty as hell of something to me. Excessive paranoia at the very least.


Which is it, I wonder? Am I paranoid or are you naive?

If I'm wrong, I've wasted a little money. If you're wrong, you're in deep shit eventually.

If you're happy with your worldview, good on you. I'm glad that there are still some people in the world who don't know just how bad things really are. You'll probably live most or all of your life in your protected little environment and it'll never be a problem for you. Good for you.

Your throwing accusations of paranoia, though, is as usual very Eastern and reminiscent of the gun-grabbers' "Why do you carry a gun?? Are you paranoid?" Bad things happen. Ignoring that fact doesn't change it. And just because they've never happened to YOU doesn't change reality either.

Enjoy the sunny weather in your little world.

At most it would be an inconvenience to the group trying to intercept your data. Depending on the party in question they will either make a single phone call to the company who wrote the software or find away to decrypt it in time. I suppose there is ultra high tech methods but for most of us, low tech rules the day.

If I'm wrong, I've wasted a little money. If you're wrong, you're in deep shit eventually.

Why would I be in deep shit? Your assumption is that I/we must be guilty of something. Why is that?


If you're happy with your worldview, good on you. I'm glad that there are still some people in the world who don't know just how bad things really are. You'll probably live most or all of your life in your protected little environment and it'll never be a problem for you. Good for you.

Yes, it's true. I have led a care free life void of any troubles or hardships. I am also fully insulated to all of life's harsh realities. Got me there.


Bad things happen. Ignoring that fact doesn't change it. And just because they've never happened to YOU doesn't change reality either.

Really man, what are you talking about? Bad things like what, having a plan to smuggle weapons exposed or the typical struggles in life we all endure? My computer has been infected with viruses, I have had a bank account hack by Russians, etc, so it's not like I'm not wary of cyber threats. But you are speaking of this on a whole different level, one in which you elude to the fact that you have things to hide. This doesn't worry me because I haven't done anything questionable in that particular regard.

There are millions of gun owners out there with a substantial number of them having a small arsenal at their disposals. When someone screws up their firearms can unfairly become an issue in rare instances, but this certainly isn't the norm. Assuming this is what you are worried about, that is. If you believe it will become the norm one day soon I wouldn't say it's impossible, just extremely unlikely.

The "problem" with these super high encryption products, is that both sides have to be using the same one. So for most people, they are not that practical. Not that they aren't worthwhile as a product, but the practicality goes down way low due to this.

I'd like to see some of this become part of the new standards. There would still be a need for third party products due to the standard implementations being open to demands by LE for trapdoors for wiretaps, etc, but it would protect, to some degree, the average run of the mill guy from the criminal elements.

--

Everything you do should be encrypted. Even your emails to the wife about stopping at the store on the way home from work and picking up some steaks.

When everything is encrypted, as a matter of course, the protection to everyone goes way up. Since the ability to decrypt everything, by everyone, in a reasonable amount of time, does not exist. Even a simple high bit key PGP type public key encryption would be a good idea. Even schemes that can be broken in time.

I wish that the default for email and stuff was encrypted. And higher quality for cell/voice. And text messages.


--

Everything you do should be encrypted. Even your emails to the wife about stopping at the store on the way home from work and picking up some steaks.


Why do you believe this type of commonplace communication should be encrypted? Maybe I don't know what I don't know, so please enlighten me if you will.

Everything you do should be encrypted. Even your emails to the wife about stopping at the store on the way home from work and picking up some steaks.

When everything is encrypted, as a matter of course, the protection to everyone goes way up. Since the ability to decrypt everything, by everyone, in a reasonable amount of time, does not exist. Even a simple high bit key PGP type public key encryption would be a good idea. Even schemes that can be broken in time.

I wish that the default for email and stuff was encrypted. And higher quality for cell/voice. And text messages.


--

THIS guy gets it.

Why do you believe this type of commonplace communication should be encrypted? Maybe I don't know what I don't know, so please enlighten me if you will.

Two reasons. One, you (you personally, or the .gov, whatever) do not have the right to eavesdrop on my private conversations just because you think it's safer for everyone if you do, regardless of the content or relative importance of the conversation in question.

And two, why do you think that ships and AWACS and Kneecap send out continuous streams of encrypted data even when they don't have anything important going across it other than some sailor having a skype-sex chat with his wife? It's because sending everything in plaintext then suddenly sending something encrypted is a red flag that the nosy would key in on. In the military sense it would be an indication that something is about to happen. In the private sense, it would be an indication that I am saying something I don't want you to hear.

So, if I'm saying something I don't want you to hear, it would be stupid of me to call attention to it by only sending IT encrypted, so I encrypt everything - because as far as I'm concerned, nothing I do is your or anyone else's business. Why do you think crypto products are treated as munitions?

Encryption is the digital Second Amendment.

So, if I'm saying something I don't want you to hear, it would be stupid of me to call attention to it by only sending IT encrypted, so I encrypt everything - because as far as I'm concerned, nothing I do is your or anyone else's business.


So somehow Joe Shmo the gun owner only encrypting here and there raises suspicions because there is an agency out there who cares that he is doing so, therefore you encrypt everything. Got it.

Just glad you didn't raise any red flags when you started encrypting. And surely "they" know you have nothing to hide, this specifically because you always encrypt. 10-4.


Look, I'm not against sensible cyber security by any means. Just think that some of you fellows are taking it a bit farther than necessary.

So somehow Joe Shmo the gun owner only encrypting here and there raises suspicions because there is an agency out there who cares that he is doing so, therefore you encrypt everything. Got it.

Just glad you didn't raise any red flags when you started encrypting. And surely "they" know you have nothing to hide, this specifically because you always encrypt. 10-4.


Look, I'm not against sensible cyber security by any means. Just think that some of you fellows are taking it a bit farther than necessary.

You know what? I found it necessary to not live in New Jersey, specifically so I could have Class III items and CCW. You do not care about those things enough to do anything about it. Therefore, you have a different standard of what you think is necessary.

Clearly, what I think is necessary is, to you, unreasonable and paranoid. Equally, what you think is necessary appears to me to be solidly rooted in denial, is quite careless, and naive. Part of being an adult is realizing that people have different comfort zones.

You seem to be awfully angry about the idea that someone might want more security than you do. Could that be because deep down you know we're right?

What I notice a strange consistency toward in these threads, are you and your city-boy buddies coming in and telling people who live in a different place, in a different lifestyle, and under different circumstances, what you think they should or should not be doing.

Does that sound familiar, Mayor Bloomberg?

How about a little good-old-fashioned MYOB, and do what makes you comfortable, and I'll do the same, and when the chips fall whoever was right was right, and your fate won't matter to anyone but you.

You do not care about those things enough to do anything about it...You seem to be awfully angry about the idea that someone might want more security than you do...are you and your city-boy buddies...Does that sound familiar, Mayor Bloomberg?


How about you stop with the fact warping bullshit in response to my and other's comments with with you disagree? You're the ****ing "Bloomberg" with your bullshit spin jobs to suit your ****ed up viewpoints.

You're a paranoid man and you know you can't fully justify it, so you go at my knees in desperation. Cheap and worthy of no respect.

And do your hated NJ a favor...stay the **** out.

How about you stop with the fact warping bullshit in response to my and other's comments with with you disagree? You're the ****ing "Bloomberg" with your bullshit spin jobs to suit your ****ed up viewpoints.

You're a paranoid man and you know you can't fully justify it, so you go at my knees in desperation. Cheap and worthy of no respect.

And do your hated NJ a favor...stay the **** out.

Angry fellow indeed. You wouldn't be Italian, would you?

redacted.

Encryption or no encryption, you are not secure. All you've done is make it harder from most regular hacker losers, but don't kid yourself thinking you're secure from someone who really wants your information who's good and has the resources to back them up.

It's nobody's business whom anybody allows into their inner circle for whatever reasons their beliefs are.

Assuming that may have been directed at me, who said I was making anything that anyone does my business? I am commenting on viewpoints that I disagree with in their specific contexts, not trying to dig up info or persuade anyone.


Anybody who thinks or tells you different, calls you names, uses epithets, condescending diatribes, vituperative remarks, belittles, disrespects, bullies etc. has & is the problem.


Does this also apply to an individual constructively trying to tell another that they have taken their personal security concerns to the far-reaching extent that they have possibly become paranoid in general? All people should be open to rational discussion, as you yourself have displayed repeatedly.

Angry fellow indeed. You wouldn't be Italian, would you?


Well golly, my real-life name happens to be Ottavio Cinelli, so maybe I am just a little Italian. However due to the fact that you berate others with whom you disagree often and simply went a bit too far with me today, what the hell that has to do with anything I have no idea.

Actually this only fits into your spin profile, as now you deflect rather than present constructive arguments. But whatever, as I'd bet 10 to 1 that if we met face to face we'd likely get along rather well due to overall common interests. Is what it is I suppose.

You know what? I found it necessary to not live in New Jersey, specifically so I could have Class III items and CCW. You do not care about those things enough to do anything about it. Therefore, you have a different standard of what you think is necessary.

Clearly, what I think is necessary is, to you, unreasonable and paranoid. Equally, what you think is necessary appears to me to be solidly rooted in denial, is quite careless, and naive. Part of being an adult is realizing that people have different comfort zones.

You seem to be awfully angry about the idea that someone might want more security than you do. Could that be because deep down you know we're right?

What I notice a strange consistency toward in these threads, are you and your city-boy buddies coming in and telling people who live in a different place, in a different lifestyle, and under different circumstances, what you think they should or should not be doing.

Does that sound familiar, Mayor Bloomberg?

How about a little good-old-fashioned MYOB, and do what makes you comfortable, and I'll do the same, and when the chips fall whoever was right was right, and your fate won't matter to anyone but you.

Bull's Eye!

You've stated your facts and points most eloquently.

Why do you believe this type of commonplace communication should be encrypted? Maybe I don't know what I don't know, so please enlighten me if you will.


When everything is encrypted, as a matter of course, the protection to everyone goes way up. Since the ability to decrypt everything, by everyone, in a reasonable amount of time, does not exist. Even a simple high bit key PGP type public key encryption would be a good idea. Even schemes that can be broken in time.


I actually tried to explain it. Obviously not very well. When everything, all the time, is encrypted, it makes it prohibitive to try and decrypt all of it. If I only send my important, say, financial messages, with encryption, but the mail to my mom, my wife, my business partners [normal types of mail, not top secret], etc unencrypted, the "bad guys" know which messages to attack. If everything is encrypted, by everyone (becomes the new normal), then they have to try and attack everything, without knowing if it will be worthwhile in the end. Their cost to attack goes up immensely.

There are other similar reasons but it all revolves around that sort of idea. Making all communications by default secure raises the security for everyone immensely, even if most messages are not "secret" enough to really need it.


-

Encryption or no encryption, you are not secure. All you've done is make it harder from most regular hacker losers, but don't kid yourself thinking you're secure from someone who really wants your information who's good and has the resources to back them up.

Correct. You're not likely to run into a private citizen with the resources, skills and whatnot to decrypt your info from some of the better software. Gov't agencies? I don't think they do anything but slow them a bit - but not much at all, really. If "they" REALLY want you they just come a get you. There are laws on the books that allow them to do just that.

So somehow Joe Shmo the gun owner only encrypting here and there raises suspicions because there is an agency out there who cares that he is doing so, therefore you encrypt everything. Got it.

Just glad you didn't raise any red flags when you started encrypting. And surely "they" know you have nothing to hide, this specifically because you always encrypt. 10-4.


Look, I'm not against sensible cyber security by any means. Just think that some of you fellows are taking it a bit farther than necessary.


Who says it has to be "they"? It could just as easily by some cyber crime group scanning internet traffic.

And. Maybe right now it does not make that big of a difference. But in the future it just might. "They" might really be out to get you. If everyone is encrypting everything already, and has been for a while, when some hypothetical point in the future comes that you might start to want to bother with this, it is already in place, part of your (and everyone else's) infrastructure, and the change to encrypting won't raise any flags, since it is already there.

Look at it this way: why not have the best defense against future problem? Already in place! I buy insurance, even though I hope I never need it. I carry even though I hope I never need it. I'd rather have the protection and not ever need it than need it and not have it.

Having said all that, I rarely encrypt stuff because the hassle factor is too high and most people I correspond with are not are not set up to do it. That is a shame, and should change. Every one should really apply pressure to all the vendors to include such capability in their email clients, chat and SMS programs, etc, by default. And everyone should be encouraged to upload their public keys to public key servers, by default, as part of getting a new device and setting it up.

It can't hurt and it could definitely help. Whether with cybercrime, or some hypothetical future draconian 1984-type state.


---

redacted.

You know what? I found it necessary to not live in New Jersey, specifically so I could have Class III items and CCW. You do not care about those things enough to do anything about it. Therefore, you have a different standard of what you think is necessary.

Clearly, what I think is necessary is, to you, unreasonable and paranoid. Equally, what you think is necessary appears to me to be solidly rooted in denial, is quite careless, and naive. Part of being an adult is realizing that people have different comfort zones.

You seem to be awfully angry about the idea that someone might want more security than you do. Could that be because deep down you know we're right?

What I notice a strange consistency toward in these threads, are you and your city-boy buddies coming in and telling people who live in a different place, in a different lifestyle, and under different circumstances, what you think they should or should not be doing.

Does that sound familiar, Mayor Bloomberg?

How about a little good-old-fashioned MYOB, and do what makes you comfortable, and I'll do the same, and when the chips fall whoever was right was right, and your fate won't matter to anyone but you. Well put, on all of your posts thus far in this thread.

The "problem" with these super high encryption products, is that both sides have to be using the same one. So for most people, they are not that practical. Not that they aren't worthwhile as a product, but the practicality goes down way low due to this.

--

Lots of things we do for improved security, both physically and electronically, reduces practicality, which is why houses with alarms get robbed due to the person not actually arming the alarm. You have a company, you have data that needs to be as secure as possible, you make sure they all have the same phone with the tech, tech once in place, easy to use at least.

How about those people who don't lock their safe door because it's too impractical to open it using combination. I know such a guy. :rolleyes:

Your teams life depends on secure com, less practical to make sure you're all communicating using same secure tech, but the pay off is obviously there in terms of loss of practicality.

So, basic formula of cost, how practical it is to use/ to what you may lose by not having it.

Friend of mine owns 100 mil + per year company, and I told him he was f-ing nuts talking about sensitive topics over his cell phone with his lawyers (and he's often in court fighting with the gubment) and business related topics (of which a single intercepted email or phone call could cost him everything) was a very bad idea.

The fix was having the essential people he talks with add the tech to their phones (which he purchased for them) he's GTG.

Just adding two cents to your comments, not disagreeing with what you post per se.

Lots of things we do for improved security, both physically and electronically, reduces practicality, which is why houses with alarms get robbed due to the person not actually arming the alarm. You have a company, you have data that needs to be as secure as possible, you make sure they all have the same phone with the tech, tech once in place, easy to use at least.

How about those people who don't lock their safe door because it's too impractical to open it using combination. I know such a guy. :rolleyes:

Your teams life depends on secure com, less practical to make sure you're all communicating using same secure tech, but the pay off is obviously there in terms of loss of practicality.

So, basic formula of cost, how practical it is to use/ to what you may lose by not having it.

Friend of mine owns 100 mil + per year company, and I told him he was f-ing nuts talking about sensitive topics over his cell phone with his lawyers (and he's often in court fighting with the gubment) and business related topics (of which a single intercepted email or phone call could cost him everything) was a very bad idea.

The fix was having the essential people he talks with add the tech to their phones (which he purchased for them) he's GTG.

Just adding two cents to your comments, not disagreeing with what you post per se.

I think you kind of missed my point. I am not in any of the situations you describe. There are times when I do use encryption for email. However, because of the hassle factor, I do not do it for all my email correspondence. If I was the owner of a multi million dollar company and had need for secret communications, the hassle factor, *for those communications*, would be worth it.

I have an alarm system, and I arm it when I leave, pretty religiously. While it is a hassle, the effort needed to overcome the hassle is minimal.

That is unfortunately not the case for communications on an every day basis. The hassle factor to set that up is too great. Unfortunately. Somehow, the manufacturers need to be made to see the light that people would like support for these things built-in to their products. (Of course they will get negative feedback/blowback from the government).

If you have real need today for these things, then no hassle factor is worth the consequences of not doing it. But for the mundane communications we all do every day, which should be encrypted just out of principle, the hassle factor plays a real role.

----