The World of Stuff .com

Security!

You wouldn’t write sensitive personal information on a postcard, so why would you do it in an e-mail? When you send an e-mail, it travels through various servers before reaching its destination. Anyone who has access to the e-mail servers can read the e-mail that you send. It could be an employee of the company operating the server, someone who has broken into the server, or a law enforcement agency. You probably don’t want people reading your e-mail in the same way that you wouldn’t want them listening to your phone calls, opening your letters, or watching you go about your business in your home.

So, if you value your right to privacy, what can you do about your e-mail? The safest thing to do (short of not e-mailing at all) is encrypting your e-mail. This makes it virtually impossible for anyone but the intended recipient to read it. In the same way that you wouldn’t submit your credit card information to a web site without a secure HTTP connection, you shouldn’t be content to send private e-mails through the open air, so to speak. Now, if you’re like me, maybe you’ve considered using e-mail encryption but have written it off as too much of a hassle for a security method that no one uses. But plenty of people do use it, and it’s pretty simple. So I’m going to explain it for you.

First, some terms. By far, the most common encryption standard for e-mail is OpenPGP, which I’ll just refer to as PGP since I’m lazy. The PGP standard utilizes public-key cryptography. With public-key cryptography, you have two sequences of alphanumeric characters that are called “keys”: a private key and a public key. As the names imply, the public key should be made public so that anyone can encrypt a message to you. The private key should always be kept a secret because it allows you to decrypt messages that are sent to you.

So, when I want to send an encrypted e-mail to my friend Luke, I look for his public key. I might find it on an Internet key server that has a searchable database of people’s public keys, or he might have it posted on his own web site, or I might receive it from him in person. Maybe he’ll just e-mail it to me. Once I have his key, I use it to encrypt a message to him. If some baddies intercept it along the way, it’ll be unintelligible; they’ll just see garbled mess of characters where the body of the message should be. When Luke gets it, he’ll be able to decrypt the message with his private key. Then, when he sends me a message, he’ll encrypt it with my public key, and I’ll decrypt it with my private key. Now that we have each other’s public keys saved, so we can send each other encrypted e-mails in a flash. (In each case, our e-mail programs handle the actual mathematics of encryption and decryption. We don’t literally have to do it ourselves!)

PGP can also be used to sign e-mails. In real life, when you write your signature on something, it implies your authorship or approval of whatever you’re signing. But that’s not always true. Someone could ask you to sign a blank sheet of paper and then type an angry letter on it and mail it to your grandmother. When you sign an e-mail with your secret PGP key, it ensures that you wrote the message. And unlike an ink signature, your digital PGP signature reflects what you actually wrote. If you sign an e-mail saying “Hello, Luke!”, the signature will indicate that you (and not anyone else) wrote the words “Hello, Luke!” (and nothing else). But if a bad guy intercepts the e-mail and changes it to say “Hello, Puke!” before passing it on, he won’t be able to update the signature because only you have the secret key that can be used to properly sign the message. So, when Luke gets an e-mail from you calling him Puke, his e-mail program will show that the signature is bad and that your message was probably tampered with. (Caveat: the bad guy could just remove the signature entirely if the message isn’t encrypted. But if you make a habit of at least signing your e-mails, this should come across to your recipient as unusual.)

Incidentally, although PGP is mainly used for e-mail, it can be used to encrypt or sign any file. This could be handy, for example, if you have to store private files on a remote server or an external hard drive. You can encrypt files the with your own public key and decrypt them with your private key later.

The encryption methods that PGP uses are considered secure. Basically, all encryption is breakable, but “secure” encryption requires infeasible amounts of time or computing power to crack. There is no known way to crack PGP’s encryption methods other than to use “brute force,” which means trying every possible key, a process which could take massive amounts of computing power. For example, my encryption key is 4,096 bits long, which means it’s one of 2⁴⁰⁹⁶ possible keys. How many is that? Let’s just say I am surprised that my computer’s calculator could handle it. It’s more than 10¹²³³, or 1 with 1,233 zeroes, a number that defies comprehension. There probably isn’t that many of any physical thing in the universe. If a computer could try 1,000,000 keys per second, it could take as long as 3.31 × 10¹²¹⁹ years to find the right key. If you had 500,000 such computers and you found the right key after trying only 0.00001% of all possible keys, it would still take them 6.62 × 10¹²⁰⁶ years. The universe, by comparison, is 13.7 × 10⁹ years old. I’m not even sure if my math is right, but the point is that your key would have to be guessed, and that’s an extremely difficult operation.

Still, though, I have my PGP key set to expire; that means that people should not use it to encrypt e-mails to me after a certain date. (I’ve chosen for my key to be valid for five years.) I believe this is important because the encryption algorithms that my key uses may eventually be cracked so that the right key can be found relatively quickly without resorting to brute force. I certainly wouldn’t want the security of all of my e-mail to be compromised if that happens. And while I’ve chosen the greatest key length that my PGP software currently supports, it may allow for larger keys in the future.

That’s all I have to say about PGP itself. Now it’s time to make some recommendations. The best PGP software is probably GNU Privacy Guard (GnuPG or GPG) because it’s free as in price and free as in freedom. It’s available for Mac OS X and Windows. If you’re using Linux, you probably already have it. You’ll also need a tool to integrate GnuPG with your e-mail client or web browser. If you use Mozilla Thunderbird for your e-mail, I recommend the Enigmail extension, which is what I use. If you use web-based e-mail with the Mozilla Firefox browser, try FireGPG; it integrates especially well with Gmail, but you can use it to encrypt or decrypt the contents of any text box.

Whether I’ve converted you just now or you’re a longtime PGP user, I encourage you to send me a signed and encrypted e-mail. I have a copy of my public key on this site and on keyservers such as this one. The version on this site is what I got when I exported the key from Enigmail, and the version on the keyservers is what Enigmail sent to them. For reasons I can’t understand, they appear to be slightly different, but they are actually the same key. I think that’s normal. You can verify that both copies of the key work, and that the key applies to both my personal and school e-mail addresses. You can also verify that the key’s ID is 0xD90D8E6A, that its fingerprint is 1639 9F9E 404D 26D3 EC1C 5768 A3DC A43B D90D 8E6A, and that it expires on June 1, 2013. So shoot me an e-mail (or two) and let’s get encryptin’!

And now, the word of the day: bioluminescence.

In Russia, cashiers rip your receipt before they give it to you. Why? It’s just an old habit.

Here’s a clever way to present a poem: One Day Poem Pavilion (Flash video).