System Security & Encryption

It sounds like something out of a spy novel: being able to encrypt a file or message so securely that not a soul on earth can possibly decrypt it in time for the information inside to be of any use.

It’s personal. It’s private. And it’s no one’s business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don’t want your private electronic mail (email) or confidential documents read by anyone else.Why I wrote PGP by Philip Zimmermann
This kind of encryption is not only available to anyone and everyone, it’s getting easier to use all the time. There are a wide range of tools available for Windows & MacOS that integrate directly with many email clients to build signing and encrypting messages right into the interface you’re used to.

It can get a bit complicated if you’re not up to date on the terminology and best practices: which algorithm do you use for your private key? How many bits? Which keyserver should you post your public key on? Should you post your key on a server? We can help. Gord’s been experimenting with email encryption since the early 90’s when strong encryption was legally classified as a “munition” and illegal to export from the US to a number of countries. At the time Philip Zimmerman was being raked over the coals by the US Customs Service for suspected breaches of the Arms Control Export Act. His “Pretty Good Privacy” software (PGP) had made it out of the US and the government wasn’t fond of anyone besides them having access to encryption that was essentially unbreakable.

It’s a pretty impressive collection of code. A user generates what’s called a “key pair”: a private key, carefully protected, that they use to cryptographically sign and encrypt messages and a public key that other users use to address the messages. A message encrypted for a particular public key can only be decrypted and read by the person who possesses the private key and it’s associated “pass phrase”. Never mind a password, now you’re using a sentence or phrase to protect things. The beauty of the system means that if someone intercepts an encrypted message and is somehow able to decrypt it, that doesn’t help them with subsequent messages. It takes the same amount of time and computing power to “brute force” every message unless you have the private key and the pass phrase to unlock it. With regular computers we’re taking many many months for each one.

There’s no such thing as “unbreakable” encryption. It just doesn’t exist, but there are tools around to make your communications (email, text messages and even voice calls) impossible to break in a reasonable amount of time. If you need help, we’re here. Heck, if you’ve already got it going and are just looking to expand your web of trust, download Gord’s GPG key here and drop him a line. If you’d rather download it yourself, check your favourite keyserver for ID 36ED0AA8.