i like to read Bruce Schneier, generally, when browsing thru the Computer News each morning. and today, not surprisingly, he does not disappoint.
i'm still digesting this stuff so all i'm going to do here is post a couple pointers
1. Bruce Schneier columnhttp://www.schneier.com/index.html
links from his lead essayhttp://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryptionhttp://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spyinghttp://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
2. Article of particular interesthttp://www.schneier.com/essay-446.html
from the essay published on propubica there was this:
The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.
“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
if you are really interested in crypto, google for "vernam cipher" . ( one time pad ) .
or, for a simpler approach, go 1920's bootleg style and use drop-boxes disguised as bird-houses. probably drop an encrypted .zip file off on a DVD though. as long as you have to agree where the drop box is you can agree the password as well.
in essay 446 Schneier discusses the affect of keylength on cipher strength. it seems that for now simply increasing the keylength defeats advances in cpu and cpu-cluster speed advances. I'd be inclined to alter GnuPG to use an alternate cipher e.g. TWOFISH rather that one of the more "official ones, e.g. AES or 3DES . there's a way to get into GPG and alter the order of selection making TWOFISH first choice. i almost had it researched out at one time...
gpg (GnuPG) 1.4.12
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
the interesting thing about TWOFISH is,..... Schneier offers the source code... making hiding a 'back door' rather more difficult.
again from the propublica article:
And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
1. ASUS M5A88-M motherboard and x64 AMD Phenom II X4 3.4GHz cpu; 4x4MB DDR3 RAM LMDE2/MINT Betsy Vers. 2.4.8 Kernel 3.16-0-4-AMD64;
2. EXPERIMENTAL SYSTEM: Parts on Order; More info-later;