My guess is that if I understood the link, it would demonstrate that Glen Greenwald is bad at using PGP or something like that.
I'm tired, but the implication is that he loses or leaks his private keys frequently, no?
Look, whatever, he's sticking it to W. and that's what -- wait, who? No! Seriously?
-----THIS IS NOT A PGP SIGNED MESSAGE-----
Hash: none
Some people on mailing lists seem to be consistent users of PGP
-----NO PGP SIGNATURE TO BEGIN-----
8d8a989b2f8399c556a3f0c8b82f423b
That was supposed to read "mailing lists I'm on."
Is someone going to write a FAQ for this post? I'm happy to assume 2 and 3 have it right in the meantime.
I think we'll have to wait for at least a few more comments before any of these questions qualify as "frequently asked."
You can add one to the number of people asking all those questions from me, if it helps.
I'm presuming that the result of clicking on the link when it was originally posted was different than it is now.
Is it not good operational security to change your key from time to time? Especially for as big an NSA target as Greenwald is?
So you're not all fighting the government in your spare time? You don't just chat onl---nevermind. At the risk of making a fool of myself when someone more knowledgeable shows up, the linked page shows GG's public cryptography keys. They're what anyone would use when they want to send him an encrypted message, which he would then decrypt with his private keys. The relevant info for the post are the bits, date, and email addresses. Bits is the length of the key, and, as I and stereotypical African-American males like to say, longer is stronger (laydeez). Given that, GG's keys look like a complete hash (heh).
For example, he generates two 2048 bit keys for riseup.net on 10/28/13, then makes a much more secure key for riseup.net on 11/1/13, and five days later, makes a less secure one for the same address.
He finally seems to have things sorted on 1/19/14 when he makes a long key for all this addresses, but a few months later, he makes a shorter key for theintercept.com.
Add to all this the fact that you're supposed to revoke keys you're no longer using, which he only did once, and you're definitely left with the impression that 2 and 3 are right, and he's either careless or clueless about using encryption, which is a little worrying.
All good points. 2048 is still pretty long given what we think is feasible to bruteforce, right?
2048 isn't that hard. I've only gotten to 4096 twice.
I just can't make it to 8192. I've been within a few moves of it multiple times. Frustrating.
Oh, I thought this was about how he shouldn't make his email addresses public. Didn't even notice the other stuff in the link.
Compared to sending the bf through Heathrow, this is fairly high security. But, laughing about this piece, I have discovered my employer employs at least one other purveyor of bespoke opinions who knows what PGP is. Unless she's bluffing. What happened to the tyranny of the arts graduates?
502 Proxy Error.
Now that's security.
Compare his colleague Laura Poitras. Neat and clean!
Maybe Greenwald just means for people to use the key on his site. But who can tell?
Add to all this the fact that you're supposed to revoke keys you're no longer using, which he only did once, and you're definitely left with the impression that 2 and 3 are right, and he's either careless or clueless about using encryption, which is a little worrying.
I realize that Glenn Greenwald has more reason to care about security than average, but you're definitely not convincing me that PGP is a good solution for an everyday, non-technical user.
As far as I know, it's not, mostly because the everyday non-technical user has no need to encrypt their stuff.
Before I left my last job, I saved all my documents on a thumb drive and encrypted it. Now I can't remember the damn password and I have a useless 64GB thumb drive kicking around my desk.
Yeah, the NSA could probably tell me, depending on what the real story behind TrueCrypt shutting down is.
What I'm hoping is, now that TrueCrypt is no longer considered secure, I'll eventually just be able to break into that thing with a cracking tool and some CPU cycles.
I can't say I entirely understand 13, but it doesn't make a lot of sense, given the Poitras connection, that he'd be this clueless. Perhaps these are false trails -- leaving those lying around would seem sort of smart, keep the fuckers busy and all that. Maybe if you decrypt the stuff thereby made available, it's shopping lists and laments about the weather. And now Ogged has put people on the scent, not even google-proofing the OP!
"mostly because the everyday non-technical user has no need to encrypt their stuff."
THATS JUST WHAT THEY WANT YOU TO BELIEVE. SUCKER.