Through the rabbit hole. Strong…

Through the rabbit hole. Strong crypto

So, you don’t want people to read what you’re emailing, eh? Then try PGP – it stands for “Pretty Good Privacy” – and it’s more than pretty good. It offers unbreakable encryption for email and data files.

You can get either the free version or the more powerful commercial version which is available directly from the original author, Phil Zimmermann. Both versions are, in the jargon, strong crypto, meaning they can’t be cracked. Plus it’s open source and available for multiple operating systems. And oh yes, the code has been gone over carefully by crypto experts looking for holes or weaknesses and none have been found.

Let Zimmermann explain why he wrote PGP.

Years before developing PGP, I was active in geopolitical issues. In the 1980s in Boulder, Colorado, I worked nearly full-time as a military policy analyst with the Nuclear Weapons Freeze Campaign, while still keeping my day job as a software engineer.

The world was a different place then. Reagan was in the White House, Brezhnev was in the Kremlin, FEMA was telling cities to prepare evacuation plans, and millions of people feared the world was drifting inexorably toward Nuclear War. A million Americans marched for peace in Central Park.

It was in that political climate, in 1984, that I saw the need to develop what would become PGP, both for protecting human rights overseas, and for protecting grassroots political organizations at home.

If you have the commercial version, sending and receiving encrypted messages is easy and simple. the free versions take a little more doing.

For the curious, PGP and other public key crypto works because, in the words of a math PhD, “it’s easier to multiply than divide”. To create the crypto keys, PGP multiplies two huge prime numbers to create a humunguous composite number. To crack PGP you’d have to factor this composite number into the two prime numbers. Did I mention the composite number can be 600 digits long? Factoring this is beyond the range of any known algorithm or computer.

But the user doesn’t have to bother with any of this, PGP works effortlessly and the commercial version plugs into many mail readers.

But let’s take it one step further. Rather than send a PGP message that any mail sniffer can tell is a PGP message (even if it can’t decrypt it), how about sending your message hidden so it’s not apparent it even is a message.

This is called steganography. It allows you to hide a message in a graphics file. The graphics image will look exactly the same too. Except there’s now a message hidden in it.

And for the deeply careful, you can encrypt the message first, then hide it using steganography…

Download the free S-Tools from StegoArchive and run it on the image file in this posting, and you’ll see what I mean, as there is a message hidden in it. (The message is not encrypted. To find it, click ST-BMP, Open GIF file, Reveal file, No encryption.)

Remember, “no matter how paranoid you are, the bastards are always doing more than you think they are.” <grin>