Encrypted Email Communications

Last edited Wed Jun 26, 2013, 10:39 PM - Edit history (2)

There was discussion a while back about Greenwald taking some time to set up encryption for their communications, at Snowden's request.

To many, this sounded like something electronic and sophisticated, like a scrambler on a phone or something. Though I am ranked about 5,000th in terms of DUers knowledgeable about encryption (There are probably folks here are serious on the topic) I think I am able, as a lay person, to offer a description accessible to lay persons.

You and I could have a pretty good code in emails if we agreed (in person) on a book we both have copies of to use as the "key." Say we agreed on a certain edition of War and Peace and agreed to use the tenth letter on a page. So I say 238 and that means P because P is the tenth letter on page 238. And perhaps if I said 1282 and you turned to that page the 10th letter would also be P. You can see why this would be tougher to break than a simple "A=23, B=4, C=15..." type of code. A-P-P-L-E could have "-238-1282-" in it for the "PP"... hard to even know it's a double letter.

And since we arranged this in person, nobody reading our email has any way to know which book we are using.

Historically, the Bible was a good source of code keys because it's a commonplace book that attracts no attention. In RED DRAGON the "tooth fairy" sets up a book code with imprisoned Hannibal Lecter, possible because he was able to see, in a newspaper photo, that Lecter had a certain edition of a particular cookbook in his cell.

Anyway, two people with a common "key" can communicate in code.

Modern encryption takes that to another level because computers can process stuff fast, making codes practical that would be impractical for a person to decipher by hand, with keys of thousands of random characters and such. Internet merchants have a file with a few thousand charcaters of of gibberish that they get from their credit card processor that is one side of an encryption scheme. (When internet credit card security breaks down it isn't typically from the encryption scheme itself, which is quite good, but some error in handling information or employing the encryption wrong or storing numbers insecurely, etc..)

A very common privacy program is PGP (stands for Pretty Good Privacy) which offers just what it says. It is a level of encryption that is pretty damn good—probably on par with what is used for credit cards, I'd guess, and is not something anyone is going to break unless they are a very serious operation. Like the NSA, for instance.

You can download PGP, PGP varriants and other newer encryption programs pretty much anywhere, for free. Just google 'encrypt email' and you'll be there. Total privacy from normal eyes and even the NSA will not understand your emails unless they make a project of it.

But, as with a book code, there has to be some agreed upon key. And you have to be sure that the key is from the person you are communicating with and not from somebody else. And you have to be sure that there is nothing in ANY of your emails that gives it away.

So, particularly when dealing with a stranger, you have to "set up" your encryption.

But all that means is setting up keys for your communcations... a small text file of of random gibberish. With PGP there is a public key and a private key... but that is more detail than nessecary here.)

You will have a seperate encryption set-up for each person, so if you "meet" a new anonymous contact it will take some time to get to where the two of you are sure you have a good secure set-up.

But the nuts and bolts of it is merely an exchange of something like this: