lavabit encrypted email service forced to shut down

[rb336]

here's a note from the owner:

http://lavabit.com/

[Zacha341]

Interesting article...

Give Me Complicity or Give Me Death: Lavabit Chooses Death

http://cyberlaw.stanford.edu/blog/20...-chooses-death

[Jimaz]

If individuals are truly concerned about protecting their communications from eavesdropping, they should simply use strong encryption.

I believe there should be laws against warrantless eavesdropping but people should not depend on any legal protection against eavesdropping. Such dependence is unnecessary.

Check out Gnu Privacy Guard.

From Wikipedia's Pretty Good Privacy » Security quality

To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption."...

The remainder of that section is interesting too.

[Papasito]

The days of a warrant being required are over thanks to our post Constitutional Government. I am kind of hoping a Republican wins the next Presidency so that the Liberals will fight all these Government intrusions tooth and nail when the opposing party is at the helm. Obviously giving up freedom doesn't matter when it's the preferred corrupt party [[of the 2 corrupt parties) at the helm.

[Honky Tonk]

Maybe we can talk the enemy into attacking with spears and arrows instead of car bombs and pressure cookers with detonators? Then we wouldn't have to rely on eavesdropping, we could just build stonewall fortesses. It would be worth a shot.

[Jimaz]

Maybe we can talk the enemy into attacking with spears and arrows....

LOL! Or better, underwear bombs.

[Honky Tonk]

LOL! Or better, underwear bombs.

I don't know if anyone else caught the story on NPR a day or two ago, about the Al Qaeda bomb maker. He's very educated, very effective, and extremely dedicated to out smarting any current bomb detecting mechanisms in place. They know who he is because he was detained, arrested, imprisoned, released, and eventually snuck into Yemen. Yes, as funny as an "underwear bomb" sounds, they think we've only seen the tip of the iceberg of this guy's capabilities.

[oladub]

If individuals are truly concerned about protecting their communications from eavesdropping, they should simply use strong encryption.

Given that many of our elected leaders have such contempt for the Fourth Amendment, encryption is a good idea but I thought lavabit encrypted communication, that the NSA records almost everything, and that the NSA is alerted when something is encrypted. A better solution might be to not vote for politicians who ignore the Fourth Amendment.

I don't think that US opposition to NSA has to do with the interception of foreign intelligence; a normal spy function. The opposition has to do with the government snooping through our personal effects, movements, and transaction.

There are also reports that Obama campaign and administration seem to be censoring and managing news. I don't want this to be directed just against the criminal actions of Obama. After all, the majority of Republicans have also supported Obama and Bush's assaults on the Constitution.

honkeytonk wrote: "Maybe we can talk the enemy into attacking with spears and arrows instead of car bombs and pressure cookers with detonators? Then we wouldn't have to rely on eavesdropping, we could just build stonewall fortesses. It would be worth a shot."

Eavesdropping is already legal in the US but it requires a warrant and probable cause.

Snowden's comments on the closure of lavabit:
http://www.theguardian.com/commentis...silicon-valley

[Jimaz]

EXCLUSIVE: Owner of Snowden's Email Service on Why He Closed Lavabit Rather Than Comply With Gov't

http://www.democracynow.org - Lavabit, an encrypted email service believed to have been used by National Security Agency leaker Edward Snowden, has abruptly shut down. The move came amidst a legal fight that appeared to involve U.S. government attempts to win access to customer information. In a Democracy Now! broadcast exclusive, we are joined by Lavabit owner Ladar Levison and his lawyer, Jesse Binnall. "Unfortunately, I can't talk about it. I would like to, believe me," Levison says. "I think if the American public knew what our government was doing, they wouldn't be allowed to do it anymore." In a message to his customers last week, Levison said: "I have been forced to make a difficult decision: to become complicit in crimes against the American people, or walk away from nearly 10 years of hard work by shutting down Lavabit." Levison said he was barred from discussing the events over the past six weeks that led to his decision. Soon after, another secure email provider called Silent Circle also announced it was shutting down.

See all Democracy Now! reports about Edward Snowden and the NSA leaks: http://www.democracynow.org/topics/nsa

[Jimaz]

... encryption is a good idea but I thought lavabit encrypted communication, that the NSA records almost everything, and that the NSA is alerted when something is encrypted. A better solution might be to not vote for politicians who ignore the Fourth Amendment....

Politics aside, there are many related technical issues that have been conspicuously ignored by the press.

One of the hypothesized reasons that the NSA records almost everything is that they can't currently crack PKC, and so, should they ever become able to crack PKC, it would be to their advantage to have secured that massive cyphertext archive to be retroactively mined.

For the NSA to be able crack PKC, it would essentialy require their ability to quickly factor the product of two large primes, a problem that has not yet been solved in the entire history of mathematics. If [[when?) such a problem were solved, it would loudly, proudly, echo globally.

We haven't heard a peep of such a solution in the entire history of mathematics.

[JBMcB]

Maybe we can talk the enemy into attacking with spears and arrows instead of car bombs and pressure cookers with detonators?

Good point. We've been attacked with car bombs and pressure cookers and the eavesdropping program did jack squat to prevent it. So, time to ditch it!

[rb336]

what are the two prime factors of 10,366,613?

Imagine if they did it with THREE primes

what are the three prime factors of 91,381,289,297,093?

These aren't even done with large primes, just 5-digit primes

the size of what are considered "large primes" go beyond the 7-digit primes. tools online can break down sums of primes made from 5-digit numbers within seconds. Calculating very large primes requires supercomputers. the largest prime yet found has 17,425,170 digits

12345678910111213141516171819202122232425262728293 031 has 50 digits. imagine 350,000 of that

[Jimaz]

what are the two prime factors of 10,366,613?

Imagine if they did it with THREE primes ...

I think three would be easier to factor than two, and four easier than three, etc.

...what are the three prime factors of 91,381,289,297,093?

These aren't even done with large primes, just 4-digit primes....

91,381,289,297,093 has two too many digits to be a product of three 4-digit numbers. 9,999³=999,700,029,999.

---

Another point people are missing is that the NSA knows its sharpest adversaries have access to strong encryption. Throwing a wider net over everyone else isn't going to help in those battles.

[JBMcB]

There are non-orthogonal attacks on PKE that don't require factoring out the private key. Weaknesses in the private password hash are the most significant. It requires recovering the private key, which isn't out the the realm of possibility.

Another attack involves predicting random numbers. PKE is dependent on random numbers, which computer's can't generate. They can generate *nearly* random numbers, they appear random but are following a very chaotic pattern. Most computers base the random numbers off of a seed based on the time. If an attacker knew what time the keys were created [[probably not long before the first encrypted message appears) had access to the random number algorithm [[which the NSA undoubtedly has) a whole bunch of computer horsepower [[ditto) and some idea of what's in the message [[like an email address or name) you could re-create the secret key by "reverse-engineering" the random number stream used to generate the keys.

This seems like a far-fetched attack on encryption, but the NSA employs a *WHOLE* lot of math and com-sci PhDs. I'm guessing they can do it.

[rb336]

I think three would be easier to factor than two, and four easier than three, etc.

91,381,289,297,093 has two too many digits to be a product of three 4-digit numbers.

oops - 5-digit. why would three be easier?

[Jimaz]

oops - 5-digit. why would three be easier?

Maybe I made a false assumption: Assuming a product of two primes has the same number of digits as a product of three primes, the three primes would be [[on average) smaller numbers than the two primes. Brute force testing for divisibility by small primes would be faster than large primes.

I hope that made sense. I'm fatigued today.

[rb336]

Maybe I made a false assumption: Assuming a product of two primes has the same number of digits as a product of three primes, the three primes would be [[on average) smaller numbers than the two primes. Brute force testing for divisibility by small primes would be faster than large primes.

I hope that made sense. I'm fatigued today.

does 10x10x10 have the same number of digits as 10x10?

[Jimaz]

does 10x10x10 have the same number of digits as 10x10?

Of course not. So I was assuming something that you weren't. Oh, well.

I don't understand what real service this Lavabit website was providing. Cryptography is like personal hygiene. It's better to do it yourself. Why would their customers want to complicate things by using them as a third party? Sincerely.

[Jimaz]

This is the way I was approaching it: Integer factorization » Current state of the art

The most difficult integers to factor in practice using existing algorithms are those that are products of two large primes of similar size, and for this reason these are the integers used in cryptographic applications.

[Honky Tonk]

Good point. We've been attacked with car bombs and pressure cookers and the eavesdropping program did jack squat to prevent it. So, time to ditch it!

Yes, it missed these two, but if you really follow the news, others HAVE been caught, and plans thwarted. The Times Square Bomber is just one that comes to mind, half asleep trying to ingest caffeine. How many lives do you figure were saved there? Maybe they weren't worth it?

[oladub]

Politics aside, there are many related technical issues that have been conspicuously ignored...

Jimaz, I appreciate your insight into encryption. You are even making a good case for personal responsibility in that one has some responsibility to lock doors and take other security precautions in other matters of life. Such precautions help keep intruders out. Lavabit was one such precaution but it was the politics of the Bush and Obama administrations that created much of the need for encryption and eventually forced lavabit out of operation.

[JBMcB]

The Times Square Bomber is just one that comes to mind, half asleep trying to ingest caffeine. How many lives do you figure were saved there?

Another terrific example proving my point, Nobody was saved, they didn't catch him until *after* his bomb failed to go off. They caught him using old fashioned police techniques - running VINs, looking at phone records the phone company keeps, etc...

I also notice that the vast majority of "terrorists" the FBI catches are stupid kids that paid informants dupe into buying bomb making materials.

I've also noticed that the majority of the 47 "terrorists" the DOJ held up as examples of successes of the surveillance program are regular people duped into giving money to charities that are front groups for terrorist groups, at least according to our government. Lives saved: 0

I've also noticed that there have been thousands of violations of the NSA's own guidelines for using the program, the chief judge of the courts overseeing the program says he doesn't have enough power to properly regulate it, and the guy who wrote the patriot act itself said the spying program is an overreach.

But hey, if you don't have a problem with it, you can just CC the FBI on all your email. I mean, what do you have to hide?

[Jimaz]

DetroitYES Home » Non Detroit Issues » Thom Hartmann » Are Shoplifting and Parking Violations "Minuscule?"

[Jimaz]

There's a lot of stuff here that I hadn't heard elsewhere. From July 9th: NSA Blackmailing Obama? | Interview with Whistleblower Russ Tice

They are in a excellent position to pull off a J. Edgar Hoover-type spying operation.

[Meddle]

Lots of buzz in the news sites today about the G encrypting all traffic.