Snowden's email provider forced to stop, SilentCircles terminates service too

[peet]

Seems the USA is evolving into the former USSR more and more...

https://lavabit.com/

https://silentcircle.wordpress.com/2013 ... customers/

Anyway, happy Gmailing all

[peet]

Germany.

http://www.washingtonpost.com/world/europe...840d_story.html

[takingarms1]

Please, anyone can easily encrypt email communications with open-source products. The technology has been around for decades.

As I said in an earlier post - emails are sent in the clear. That's how email has always been, and anyone with a clue has known that it is not a secure means of communication.

As to Lavabit, well we don't really have any facts right now, so I think maybe you should reserve judgment before declaring the USA to be a an oppressive totalitarian regime. I can tell you that if a company receives a legal subpeona or Court order to turn over documents that are in their possession, it's not a guestapo tactic nor even a violation of someone's rights. Of course if it's a blanket, "give us everything you have" without a valid legal basis, well that's a different story.

[pkk]

The German email service providers just encrypt the connections between customer and provider (via HTTPS or SMTP/POP3/IMAP with TLS encryption) and the connection between the associated email servers (SMTP with TLS), so no one (NSA/BND/whoever) can read the plain email data transmitted via the internet. If you send an email to an none associated email server, your mail will be send unencrypted.

That implementation provides at least some security to the customer, without thinking about real email encryption (for example PGP). It's more a marketing campaign to keep customers, let them feel "secure", it's no real end to end encryption.

QUOTE (TakingArms @ Aug 9 2013, 10:21 PM) Please, anyone can easily encrypt email communications with open-source products. The technology has been around for decades.

If it's that easy, why doesn't everyone use PGP?

QUOTE (TakingArms @ Aug 9 2013, 10:21 PM) As I said in an earlier post - emails are sent in the clear. That's how email has always been, and anyone with a clue has known that it is not a secure means of communication.

The average internet user doesn't think about that and doesn't care. It just works.

QUOTE (TakingArms @ Aug 9 2013, 10:21 PM) As to Lavabit, well we don't really have any facts right now, so I think maybe you should reserve judgment before declaring the USA to be a an oppressive totalitarian regime. I can tell you that if a company receives a legal subpeona or Court order to turn over documents that are in their possession, it's not a guestapo tactic nor even a violation of someone's rights. Of course if it's a blanket, "give us everything you have" without a valid legal basis, well that's a different story.

All you need are using the right keywords, so people take a look at your communication, even as US citizen. Filter software is dump. Just look at my nickname and my email address, I'm sure someone is reading my emails.

[SgtMajor]

I use cryptocat with TOR for all my freedom fighter purposes

[lexaal]

For the record: at least one of the german provider is still not accepting support requests per email, only per (1€/min) telephone calls.

QUOTE (pkk @ Aug 9 2013, 10:50 PM) If it's that easy, why doesn't everyone use PGP?

If it was... everyone would.

If A password is entropic safe and is not spelled your name backwards, your birthday or asdfghjkl then it is impossible to remember and difficult to type.
All long passwords which are mostly names, dates, or "typical" movements on the keyboards are mostly useless. And things like the first letters of a sentence also.

[MrChaos]

QUOTE (lexaal @ Aug 9 2013, 06:00 PM) For the record: at least one of the german provider is still not accepting support requests per email, only per (1€/min) telephone calls.


If it was... everyone would.

If A password is entropic safe and is not spelled your name backwards, your birthday or asdfghjkl then it is impossible to remember and difficult to type.
All long passwords which are mostly names, dates, or "typical" movements on the keyboards are mostly useless. And things like the first letters of a sentence also.

Bah

Ne9atiV3ghOstriDEr

[takingarms1]

QUOTE (pkk @ Aug 9 2013, 04:50 PM) If it's that easy, why doesn't everyone use PGP?

For the same reason everyone doesn't bother to encrypt phone calls - most people have no reason to.

That said, in MA we have privacy regulations such that any time I have to send tax returns, social security numbers, or that type of stuff, we have an encryption procedure in place. It's an extra step so most of the time we just avoid sending sensitive stuff via email. Honestly the biggest problem with it is your recipient has to be able to decrypt it, and most people are too retarded to figure out anything their IT person hasn't set up for them.

[Compellor]

QUOTE (MrChaos @ Aug 9 2013, 06:06 PM) Bah

Ne9atiV3ghOstriDEr

Might take a few hours but that's entirely crackable. ghostrider and negative are in common password dictionaries, and password cracking programs can easily search for combinations of dictionary words and replace letters with numbers, and random capitalization doesn't help that much.

[MrChaos]

QUOTE (Compellor @ Aug 11 2013, 11:58 AM) Might take a few hours but that's entirely crackable. ghostrider and negative are in common password dictionaries, and password cracking programs can easily search for combinations of dictionary words and replace letters with numbers, and random capitalization doesn't help that much.

I disagree strictly from a math perspective without knowing much of anything about password breaking technics

edit: additional information

negative =8
ghostrider = 10

The fact the password is eighteen letters long alone makes it decently secure... although the fact they are common words screws the pooch for sure

embedding random capitalization literally exponentially increases it and several times so
adding numbers even more so and if I had randomized the numbers (I purposefully chose numbers so you could tell I was typing negative ghostrider) exponentially again

If there was a symbol in there even longer

It is all about choices:

18^26 possibilities using just letters (using strictly brute force of course)
18^52 with caps
18^62 with numbers
18^94 with symbols (I am not sure I counted right but it should be close)

Now a smart person can speed up the search for sure ( This is not a password I have ever used and do not intend to ever use it)

Caveat: MAKING someone use a certain defined minimum number of letters, caps, numbers, and symbols can make it easier to break the password. Ex: A 10 symbol long password with all possible permutations and combinations available leaves more possibilities available than one with a required minimum number of each type. (edit: It kind of depends how you write the Null statement like most probabilities related things... at least my two extra minutes of thinking about it)

As always luck plays a role and it possible that the password will be broken on the first try.
No password is uncrackable and if I had the resources of GCHQ at my finger tips vs. the common man.... well yeah

some links
Adding letters to your password a bit simple minded as the assumption is strictly brute force with no smart algorithms applied
I know I know it is Microsoft but


Someone who has those kinds of tools (I don't and am unwilling to even try to find them) could give it a whirl and see how long it would take to crack

1. The first password
2. Randomizing the numbers so they aren't the typical representation of letters
3. Adding a symbol to version two

My guess is unless you have some pretty significant computing power at your disposal it is going to take quite some time


MrChaos <--- is not a security expert, hacker, or even a minor wiki-genius on the subject just looking at it strictly from a math perspective

edit2:
Actually the numbers are much larger then I first typed after thinking about it some more.
If the minimum password is 8 symbols long then its actually
18^26 + 17^26 + ... + 8^26 etc etc for each additional layer of symbols added

You would have to add in all possibilities not just the 18 symbol long variety in a nutshell