Fw: you have got to read this!!! (fwd)

Dennis Putnam dap1 at MINDSPRING.COM
Sat Nov 15 08:48:25 MST 1997


At 11:14 PM 11/14/97 -0500, you wrote:
>Keep in mind that every single keystroke, every message, every file, every
>thing that you send through the internet is subject to someone grabbing
>and examining.  The only protection (and this is very ggod protection) is
>to encrypt your transmissions.  SSH and kerberos are the main methods for
>doing this.

Once again keep in mind what we are discussing. SSH and Kerberos both comply
with government encryption standards and can be cracked, the use DES. The
assure that all encryption schemes are designed so that they can be cracked
within a limited peroid of time given current computing power. PGP goes
outside this requirement and is why Phil got into such hot water with the
Feds for a while. Fortunately there was a hole in the encryption law
(thankfully to our forefathers brilliant insite in constructing the
Constitution) that did not give the Feds any authority over the encryption
algorithm since Phil did not export it. They had no choice but to drop the
charges but you can bet they are on him like hair on a gorilla.

>I really don't have any advice for folks, except what I've already stated.
>Avoid putting all of your eggs in one basket is probably the best solution.
>For example, use a private, local ISP (not a national provider such as
>AOL or mindspring), use a different mailer and web browser than your
>system (ie if you use win95, then use Netscape to browse and Eudora or Pine
>for mail).  If you are truely concerned about having security on your
>local computer in a networked environment (which the internet is), then you
>have to run an OS that handles security.  win95/Mac OS do NOT have ANY
>measure of computer security/integrity built into them.  To get that you
>need to use something like UNIX or at the very least (and I state this with
>countless reservations) NT.

Basically good advice but in fewer words the best advice is that if you
don't want anyone to see it don't type it. If you have to type it then
encrypt it. How you encrypt it depends on who you want to let crack it. The
average hacker will not crack DES, the government standard. The governmnet
and those with access to larger computers (not even necessarily
supercomputers given the speed of chips today) can crack it. The last line
of defense is PGP which cannot be cracked in a reasonable amount of time
even on today's supercomputers.

>Always remember that jsut because you see something "published" on the web,
>does not necessarily mean that it is true and/or correct.  Use whatever
>screening process you use when watching the national news, but with 1000%
>more scepticism!  Anyone can publish anything on the web and make it look
>very credible.

That could not be more true. I think a study was done not to long ago and
something like 60+% of the information on the internet is either
intentionally or unintentionally wrong and/or inaccurate.

Version: 2.6.2


Dennis Putnam                   Public Key can be obtained from:
Loganville, Ga.                 <http://www.ilinks.net/~dap>

More information about the Rushtalk mailing list