132
« on: October 16, 2013, 08:44:08 am »
Just to put some perspective on how important it is to use PGP in conjunction with a TOR based email service (or email accessed via TOR) -
(taken from the old Cypherpunks mailing list)
"..if we assume that the NSA can factor any number with the speed of the special number sieve, and has 10^9 mips of computing power (doubling every 1.5 years) we can make the following estimations:_1_
Using these assumptions, the NSA could crack a 1024 bit key in ~11 days, a 1536 bit key in 10 years and a 2048 bit key in 26 years. _2_ Note that this would require the full resources of the NSA, however. Thus, even the mighty resources of the NSA could only crack 42 1024 bit keys in 1996
Now, comes 4096 bit. It would take the combined processing power of every computer in the world thousands of years to crack 4096-bit encryption."
Personally I never use anything below 4096 bit PGP encryption. This is in addition to TOR.
Here's the rub (devils advocate) - PGP encrypted data with 4096 bit encryption could still be compromised within seconds. How? Human stupidity. Easy pass-phrase, written down pass-phrase, re-used pass-phrase (lets say you use the same password to access your Gmail. If you're under such heavy scrutiny that some government is diverting resources and funds to find a way to see what you don't want them to see.. they WILL get your Gmail/Facebook/Hotmail/Twitter passwords one way or the other. And they will try those first. So don't), key-loggers, cameras, whatever. And if you're just so important.. then who knows, even thermal/heat detection technology to capture your finger movements on your keyboard from a short distance.
Not to mention decrypting and leaving the plain text lying around/saved...
(I'm by no means an expert in computer security, cryptography, RSA, password entropy etc.. but these stats are pretty basic).
Trust the technology, but never trust the weak link - the user.
tl;dr - no such thing as "secure email". use 4096 bit PGP for anything "secure" and don't fuck around with pass-phrases
edit: shitty grammar