Skip to content

Cryptophilia

Given the state of the medium—and also the state of the nation—anyone who exchanges information via email that he would like to keep private ought to use some sort of encryption. Being an open source advocate, I am inclined to recommend GnuPG for this purpose. GnuPG, which is free and freely available at their website, is based on PGP, or Pretty Good Privacy, and can be used fairly easily to encrypt email; its level of protection is described as ‘pretty good’, and is most definitely better than trusting the static of other messages to bury one’s information. To understand how encryption works nowadays one ought to know how it’s worked historically.

In the past, the encryption and decryption of a message relied upon both parties being privy to the manner, the algorithm, in which the ciphertext was encoded. This type of encryption is referred to as symmetric key encryption ((I am using the idea of ‘algorithm’ fairly loosely here; anal-retentive cryptologists are invited to be annoyed)). Symmetrical key encryption is not exactly an ideal method, for any number of the following reasons: any desired recipient of the encrypted message must know beforehand how exactly to decrypt it. So, he must be informed in an unencrypted manner how to decode the encrypted texts before he has recieved them. There is always the potential that this method will be discovered by those meant to be outside the loop, so communicators using this type of encryption must change their algrithm often. Some interesting (quaint?) historical instances of symmetric key encryption are the Caesar cipher, which shifts the letters of a message a prearranged number of letterunits (e.g., A shiftciphered 1 would be B), and which was the preferred cipher of Julius Caesar; and the scytale, said to have been used by the Spartans, a mechanical cipher that functioned by both the sender and the recipient having rods of the same diameter, around which a band of paper would be spiralwrapped and then written on. To read the message, one would have to rewrap the paper onto the properly diametered scytale. ((As an object, the scytale exudes a sort of kitch-cool))

Modern, that is to say, contemporary, methods of encryption tend to use asymmetric key algorithms to cipher messages. Precisely, they use a pair of keys to cipher and decipher a message. Wikipedia offers a fine analogy exploring the differences between how symmetric keys and asymmetric keys work. Basically, because in asymmetric key systems one key encrypts and a completely different key decrypts, there is less likelihood that a third party will crack the cipher, especially since it is quite difficult to ascertain the decrypt-key from the encrypt-key. A prudent user of asymmetric key encryption would have no reason to spread his decrypt-key around, as its not necessary to send him an encrypted message. He simply must make public the encrypt-key of his asymmetric key pair, and then anyone who wishes to send him an encrypted message may do so. For this reason, the encrypt-key is called the public-key; the decrypt-key, the private-key.

GnuPG works on an asymmetric key system. The program generates a pair of keys, the public of which can be uploaded onto a key server for the world to access. Many projects have worked into integrate GnuPG protocol into email clients. I personally use Enigmail, an extension for Mozilla Thunderbird, that integrates GnuPG encryption and decryption seamlessly into Thunderbird’s GUI. Also, there is HushMail, a webmail service that integrates PGP encryption into its web portal. Either option is quite easily set up, so one really has no reason not to encrypt his messages. Unless, of course, he finds the possibility of his messages being read by 17 year-old well-acned wall-flowers and NSA sniffing programs exciting.

Categories: Uncategorized.

Tags: ,

Comment Feed

No Responses (yet)



Some HTML is OK

or, reply to this post via trackback.