GnuPG.. have you ever wondered

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I downloaded the full GPG manual last night, and started reading, although I have been using, and mostly understanding it, for some time.

In the media there are always interesting (at least, I find them interesting) stories about people and organizations with bad intentions, communicating through email, or keeping data of a sensitive nature on a non-secure media.

Since the time of free software that provided very strong encryption, such as block ciphers, (blowfish, Twofish, Etc.) it has always seemed curious, no, downright puzzling to me, that person cells, and criminals apparently weren't taking advantage of such obviously good tools for their operations. That isn't to say that there aren't bad guys out there that are using them. But from time to time there are stories in print and T.V. that are almost without credibiliy, of say, Al Quida (sp?) communicating via plain text email which is intercepted by U.S. intelligence. Unless they intended to plant disinformation, (which I buttume an intelligence agency could sniff out), Why would they be so stupid as to send this kind of information in email that was unencrypted?

Then you have your perverts collecting kiddie love. Not exactly international jewel thiefs, but not neccesarily morons. Why don't they keep their collections safe this way? I read about a fireman arrested a while back. The computer forensics guys weren't even called. it was all there in plain sight on his hard drive. Not that I want to give these guys any ideas, but it seems strange to me.

My use of GPG started me thinking about this again (it's not a new thought thread for me), and I wondered if it had anything to do with a distrust of the ability of the ciphers available, and-or doubts about the OS's the encryption implementation was being run on.

To be honest, Linux is about the only OS I would feel comfortable trusting encryption tasks with. Open source makes it impossible to hide whether or not the ciphers are weak, have back doors, or the OS (read vendor) is leaving itself a way to access your data. It also gaurantees that the cipher dosen't rely on code obfuscation for it's strength, since that is no strength at all. This is why the guru of encryption, Bruce Schneier, released blowfish (and I think, twofish) in source code form. They have never been cracked, and some pretty brilliant people have been trying for a very long time. I think that says something for open source, (and Mr. Schneier) and not seeking to hide your code from others (like that's possible). This is why Linux is perfect for this particular application.

regards,

Mathew

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU-Linux)

iD8DBQFEDuUGlkJ5K-IU2ToRAhE1AJ9gbpkCYG66ueCYvZb+LNLA2Uj5JACfZFqA LZhbMNyzbj+9IeUxZ5wrDFE= =MbAM -----END PGP SIGNATURE-----