Encryption and the Internet

Apr 10, 2014

Some of you may noticed that I have been bitching about security and privacy on the Internet quite a bit lately. I am still shocked that user level encryption is not the norm on more services. After harping on people about using encryption I have slowly realized a large number of people, past the “Is this a secure line?” used in movies, don't really understand what encryption is. With this lack of understanding it is hard to move to the next level reasoning of why you need to use encryption and the insecurity of Internet communications. I am going to go through why I feel the Internet is dismally insecure, what encryption is, how it can increase your privacy.

Internet Insecurity

“No, this is not a secure line!”
We need to rethink how we interact with the internet to get a better view of how it works and why it is so insecure.

Imagine that everything you do on the internet (every link you click, every email you send, every post you make...) sends off a guy (We'll name him Mercury) running to his destination with that bit of information you just sent and where the information is going. Well Mercury can't run there without crossing a few intersections. At every one of these intersections there is a Director who reads where he is headed and tells him which path he needs to run to next to get closer to his destination. If any of these Directors were at all unscrupulous the could also look at the message Mercury is carrying.

“But Greg, Facebook, Twitter and Google all have that little lock on my address bar. Doesn't that mean it's secure?”

Yes it does, and that is good, they are using a secure connection.

“So when I'm using my gmail and see the little lock my email is encrypted?”

NO. It means that your connection to google is encrypted, nothing else. Google can read your emails, in fact their machines look through them to give you targeted ads. Not really private. The situation gets even worse when that email gets sent to another server. Mercury picks up that email and goes running to the next intersection with something that look like this:


Date: Thu, 10 Apr 2014 12:00:00 -0600
From: Dick Example
MIME-Version: 1.0
To: Jane Example
Subject: Hi
Content-Type: text/plain; charset=ISO-8859-1

Jane, I think your really keen.
Dick

Now if Director wants to see what Dick wrote to Jane he can just read it when Mercury shows him where he is headed (not only can Director see but potentially malware, targeted hacking and government agencies can see what you have written. Pretty much anyone with the will to do it). This potentially happens every time Mercury gets to an intersection. Not private at all!!! This is where encryption comes in.

“What is encryption?”

According to wikipedia “In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it...”

This means if Dick wants to write a message to Jane and ensure only Jane can read he will encrypt it in a way that only Jane decrypt.

Example Of Encrypted text using (G)PGP

Original text:

Jane, I think your really keen.
Dick

And this is what it looks like when we encrypt it for Jane:

-----BEGIN PGP MESSAGE-----

Version: GnuPG v1.4.14 (GNU/Linux)

hQEMA75SkwSdkmgFAQf/YEQ2AW9ap0zDj3tO9jGLLDGZpvY7LSNLcMC2L4HB2f8T
NA6glG9h6qhPA/Lo6s0ovmDR 0KPMVS s0WddG92bV5sTJd93JydF3Pwupa06/ta
Ktk7EUmCSUQORdy UMDMgiR6Ju4QQ25eNK08vMaUNfwlHZNS7qAAJIst7fgCjDf8
kWgvFgWN41CUa9x7iT1f zH0rQ50nddvImSi/JO/yNSfzkJMUC/t4levzfniYyV2
/tLLTwrjTvF3RW/djH4CA09QnHy/byyU5b1hYh 4p0nnJSlrPtuBc5m4/x8fHXLJ
TOd8getrPnyHzZVOqs01NLmNdfclKQ4wRGoqOqODLtJkAVT/IKApC6 lv7dWM/u5
goklXDUtwXytNcGc9/rRxnL2h0z5Khdg SzH0EDUER2xHuw8ej77qGuf0UJ6Gdd0
UvJSB9w3bhVshtNHge7XbrOc2q1gpAGFAePXY7WN36BePKScvw==
=zk3a

-----END PGP MESSAGE-----

that is the same message, but only Jane can decrypt it. Talk about a private conversation!!!
Now we combine the email and the encryption we would get an email that looks like this:


Date: Thu, 10 Apr 2014 12:00:00 -0600
From: Dick Example
MIME-Version: 1.0
To: Jane Example
Subject: Hi
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP MESSAGE-----

Version: GnuPG v1.4.14 (GNU/Linux)

hQEMA75SkwSdkmgFAQf/YEQ2AW9ap0zDj3tO9jGLLDGZpvY7LSNLcMC2L4HB2f8T
NA6glG9h6qhPA/Lo6s0ovmDR 0KPMVS s0WddG92bV5sTJd93JydF3Pwupa06/ta
Ktk7EUmCSUQORdy UMDMgiR6Ju4QQ25eNK08vMaUNfwlHZNS7qAAJIst7fgCjDf8
kWgvFgWN41CUa9x7iT1f zH0rQ50nddvImSi/JO/yNSfzkJMUC/t4levzfniYyV2
/tLLTwrjTvF3RW/djH4CA09QnHy/byyU5b1hYh 4p0nnJSlrPtuBc5m4/x8fHXLJ
TOd8getrPnyHzZVOqs01NLmNdfclKQ4wRGoqOqODLtJkAVT/IKApC6 lv7dWM/u5
goklXDUtwXytNcGc9/rRxnL2h0z5Khdg SzH0EDUER2xHuw8ej77qGuf0UJ6Gdd0
UvJSB9w3bhVshtNHge7XbrOc2q1gpAGFAePXY7WN36BePKScvw==
=zk3a

-----END PGP MESSAGE-----

Now, Director only knows Dick sent Jane an email, but doesn't know what he said to her.

(G)PGP does a lot more than just that, but that's not the goal of this article. I will do another post shortly about (G)PGP and amend this post with a link to that.

Install Gpg4win

 



Category: Internet Security

Greg Schade

Brilliant and Irrevernt


Add Pingback

Please add a comment

Leave a Reply



(Your email will not be publicly displayed.)


Captcha Code

Click the image to see another captcha.