Really starts getting into splitting hairs at that point though. If someone says a "one way encryption function" (which I've heard many a security professional use exactly those words in context) everyone knows they mean hash functions. You could argue the literal definition, but encryption is for all intents and purposes the applied ideas of cryptography. Then again this is slashdot, nearly everyone splits hairs about everything...
If we are getting into the technical definition, bit length, key length, etc. doesn't really pertain to something being encryption or not. By definition a Vigenère or Caesar cipher are consider encryption methods (and Caesar doesn't even use a key) but those are very primitive versions of encryption. If I remember correctly yes, you can still have collisions on something like your example depending on the method used (been a while since I did any of that, so I am a bit rusty). MD5 has lots of known
So then my question is, is a hash an irreversible encryption, or is it lossy, or must it be both?
The key is obviously not noted in there, as a PKI encryption is "encryption" by all definitions, and is done with a key, and signing is a hash done with a key. They are similar (and related) keys.
The definition for decrypting something is hazy at best as technically using a dictionary attack against a hash function both "decrypts" it and is loss-less assuming you have any related salts etc (this includes even things like SHA2 because with enough time/resources, admittedly ludicrous amounts, it can be "decrypted" or "de-hashed").
Speaking theoretically it should really be acceptable to say "one-way encryption method" although, as of course everyone was undoubtedly going to point out when I said that,
A hash function is just a mapping of data of an arbitrary length to data of a fixed length. The function could be guaranteed to map all strings below the output length to guaranteed-unique values, or there could be hash collisions. It depends on how the function is defined. Hash functions that are cryptographically useful don't have easy ways to find collisions, but there are an infinite number of not-useful functions that are still technically hashes.
Lets not start arguing semantics, its a substitution cipher. You could call it a key of sorts I guess? Not the same as the key you would use for AES or others though.
While theoretically true, rainbow tables strongly disagrees:). That is probably the main reason that definition isn't exactly right. I think general definition is actually something encoded so that only allowed persons can read it. It really isn't much of (if at all to most people in the field) a misuse of the term encryption to use it in context to hash functions as long as you qualify that it is a one way encryption method.
Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.
You say this as a joke but where I work that's exactly what we use it for. We use it to index and catalog larger records. It's much easier to check whether a md5sum is unique than to check if an entire record is unique. We obviously can't reverse it but it is easy to recompute it on a new record to see if it's already in the database. There is the small chance of collision but as a non-malicious md5sum collision has a lower priority than a life destroying asteroid collision, it's good enough for our purposes
We use (I believe) SHA-256 for a similar purpose, and with similar justifications. A few billion (or even trillion) records? No problem. It's difficult to comprehend how little of the hashspace we've covered.
isn't that basically the way everyone uses a checksum...?
The traditional use of checksum is to verify that a large file or other bits of data are not corrupt. Using it to compress,index, or deduplicate large files kindof like a "rainbox table" is not usually what checksums are used for. For one thing it partially goes against what a checksum is designed for. A checksum is designed to change even on a very minor change so unless you have very structured data it's very hard to use a checksum to verify if a record already exists.
I think LiveDrive uses(ed) hash functions in order to reduce their data storage footprint. There are stories of whole ISOs showing as uploaded in seconds because they hash check before uploading. Makes perfect sense for cloud storage.
You log into a site. The little lock icon (or whatever) says you're good, so most people won't give it a second thought. If I check in Firefox, I see "Verified by: [My Employer]". If I deploy a machine and don't put my employer's root CA cert on it, I get stopped *constantly* by the browser complaining about a man-in-the-middle attack. If I really need to do something personal while at work, I sometimes bring in my laptop and tether it to my phone. It makes me envious of Europe's employee rights laws.
The company adds itself as a "known ca" on the equipment that it provides to its employees. Compromise the list of valid certification roots, and you've got carte blanche, in terms of network (in)security.
I know they can crack my VPN connection if they want to, but it costs them time and money. No more real-time surveillance capability, big dis-incentive to casually snoop on me. Encryption doesn't always have to be perfect, adding cost is well worth doing in this case.
Email is a postcard. Anyone can read it as it passes by. Encryption is pointless. All encryption can or will be broken. By encrypting you merely flag yourself. A conspiracy of more than one person will be found out.
Encryption is not about making it impossible to decode (in some cases, hash functions actually do try to do that), it is more about making it not worth the effort or making the effort so high that once you DO decrypt it the information isn't really that useful.
It is kind of like trying to to hunt through a haystack for a few small items only you have to jump through 200 proverbial hoops before you even get to look for one single item that may require four other items in a different haystacks before it means
Nothing is 100%. However, security to keep the majority of the attacks is useful.
One can say that because some people can pick the lock on a front door, then locks are not needed. However, locks often do work and up the ante for someone getting in.
I have a habit of encrypting whenever possible. This way, should something happen like my Android tablet get stolen, a USB flash drive used for backups gets nicked, or cloud storage broken into and files snarfed, the damage done is mitigated.
That depends. Is your checking account adequately secured if I write down a random number and it happens to be your account number?
Many encryption schemes will outlast the data integrity and greatly outlast the universe. A {2,3} quorum of Rivest, Shamir, and Addleman can attest to this. Someone may guess, but not by repeatable effort; they'll guess by dartboard.
That wasn't just the woosh of you not getting the joke
Because there was no joke. He was being genuinely stupid, by unironically suggesting that "they" could have found Flight 370 with their magical cellphone detectors but have chosen not to.
The next funny bit is, you're talking to me in the third person, letting me know that my joke was not a joke, and talking about how non-tech-savvy I am, despite the fact that I've been programming computers since I was 7 years old, have worked on some incredibly significant technology in my career and have been known to build 3D printers with hand tools in my living room for fun:D
by Anonymous Coward writes:
on Tuesday April 29, 2014 @05:13PM (#46872461)
Many of the web sites I use (even youtube) are using https - and are encrypted. But slashdot.org isn't, arstechnica.com isn't (at least by default). So it came to 40% to 60% for me based on the sites I use.
God knows. I don't even care to be honest. I keep chatter about my carefully planned conspiracy to unite the world under my rule off the internet, but other than that I have nothing to hide.
Nope. Sometimes personal browser history would look bad for a job, when searching for other jobs and such, but unless someone is planning on taking my browser history out of context, it would be a reasonable reflection of "normal" browsing.
And, taken out of context, my searches for Barrett rifles, with some others, could be constructed to look like someone trying to go postal. But often at work, any discussions of military or firearms end up using me as a reference. The last time I searched for it, I was using it as an example of barrel venting, and yes, I put up those images at work.
So if I were to have witnesses to explain away any such oddities, I'd have nothing to fear. And there's no reason for anyone to target me for special interes
Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.
I delete it regularly anyway so that would not be a major concern for me. So I watch porn, visit Arrse (an unofficial British military forum), browse wikipedia, come on slashdot aaaand that covers what, 3/4 of my browsing? Nothing too concerning there.
If we consider the amount of data the torrents just dominate. I'm always over 300gb/month, the unencrypted emails and websites, all my deep personal stuff won't get to half percent.
Well, technically, it encrypts things, but without being able to DEcrypt them, it's not very useful.
1a57290facd5dcf9308d343988230b85 could be the result of "echo a | md5", "md5 ~/Desktop/War_and_Peace.txt"... or both... or something else entirely... or any number of other things. If you figure out what it is, tell these guys. [md5this.com]
even in utf-8 that should be rot0x256 or something.
The problem is that the amount of characters Unicode increases every now and then (the maximum is 1,114,112 characters, by the way), and there are also unallocated character slots in between.
I use https most of the time, but how does it count to access e-mail, when the e-mail service is provided by a third party so they have access to all my communications.
In the end, there's always a third party involved that may not care about the secrecy of my communications, so end-to-end encrypted, is probably none. I connect to my work computers using VPN but then again, my employer probably have access as of what I'm typing and doing.
Does having partially encrypted communications help? Perhaps. Perhaps, so that Comcast/Verizon/T-Mobile or other carriers cannot steal the ad business from Google, Amazon, etc.
First what do you mean by encrypted? I mean you'll find that a lot of stuff is encrypted at some point. Wifi is a good example. However so is a cable modem. Any DOCSIS connection is encrypted, 3.0 ones using AES. Of course the encryption is only to the CMTS, it is to keep your neighbours from sniffing in on your traffic, it has to get decrypted for the ISP.
Also something like a VPN is nearly end-to-end, but only if you then stay on the network it attaches to. Many people use a VPN, but then will go out to o
For stuff that matters, e.g. financial/personal data, email, etc., it's 100%, but I've noticed more and more sites are using SSL/TLS by default, even for stuff that really doesn't matter whether it is encrypted or not from a security point of view, so it's purely for user privacy. That's a good start and such efforts are to be applauded, and while I don't specifically track that kind of usage the fact that even Lolcats videos are now often encrypted while in transit the overall percentage of encryption use
Historically, the vast majority of ad networks have offered only HTTP. This means ad-supported sites have had to redirect HTTPS to HTTP in order to serve ads without mixed content blocking. This is why HTTPS on Slashdot is for subscribers only.
I used to be closer to 60% (only unencrypted things would be torrents and Steam downloads), but a few weeks ago HTTPS Everywhere broke. So now I'm probably around 30% - the HTTPS-always sites, plus SSH and VPN tunnels.
I 2N-ROT13 all of my communications, with N being a random number generated from careful measurements of uranium decay. It's a bit expensive, the neighbors don't really like how the local wildlife is growing additional appendages, and it's really slow when you're unlucky with your uranium, but at least I can feel safe in the thought that I have the ultimate entropy generator that money can buy. I really feel like the encrypted bits have a nice sheen to them, like a luxury car. It's great!
If you mean things like Email, the answer is "none" - simply because Email-encryption remains too difficult for people to setup and use, so no one does.
If you include browsing, well, since Snowdon, the websites I run are https-only. Unfortunately, most sites haven't taken this step - and anyway, it only helps if you also block the trackers and take other privacy measures.
For me, I sign my work E-mail with S/MIME by default.
At home, I don't bother because I've had people go bananas thinking the picture of a ribbon in Outlook was some type of malware. Some private E-mail gets sent via PGP, but oftentimes, it tends to be a keyfile attachment, and a TrueCrypt container with the actual TC volume stashed on a bulk download site like MediaFire.
I prefer PGP over S/MIME because once keys are exchanged and used for previous transactions, it is obvious that someone is impersonating t
Even if all my emails, chat, web sites were encrypted, non-encrypted file downloads (videos, software) count for at least 99% of my "online communications".
Percentage of online communication.. by number of bits: torrents dominate, and some HTTP downloads, and these are not encrypted. By my attention, there's more text-based communication, and I'm probably up at 50 %
That is already happening on any website (including Slashdot!) that has a facebook plugin running anywhere on the site. Even if you don't have an account.
Hmmmmmm, that is a very good point and I may actually steal this idea. I never thought about doing that to break their crap. I've seen an adobe crack for CS5.5 that does something similar for the DRM (which is downright hilarious that adobe's DRM is that bad).
That is part of the challenge of security. One of the major principles is adoption. You have to make the security protocol at least somewhat convenient so that users will actually use it. Think about this, actual good security for lots of my valuables that I use everyday (car keys, computers, electronics in general) would be to have it locked inside a safe when not used that requires probably 2 factor authentication. It would definitely make it very difficult to steal or tamper with it, but why do I and
And if you are not using hidden partitions for the valuable items ( among some other steps i wont mention here ), you are a fool and deserve to get the wrench.
Heavier than air flying machines are impossible.
-- Lord Kelvin, President, Royal Society, c. 1895
Really? MD5? (Score:1, Insightful)
That was cracked a long time ago.
Re: (Score:1)
I decrypted it, it was a Ubuntu disc iso ...
Re:Really? MD5? (Score:4, Funny)
Yeah, I was waiting something like `echo "You insensitive clod" | md5sum` instead.
Re: (Score:3)
Yeah, I was waiting something like `echo "You insensitive clod" | md5sum` instead.
61A6A7F76C02BBAABE6A4D97ACCD50DB
Re: (Score:1)
Re: (Score:1)
I decrypted it, it was a Ubuntu disc iso ...
By decrypted, you mean Googled? [google.com]
Re: (Score:2, Interesting)
By decrypted, you mean Googled? [google.com]
Rainbow table searches are a valid form of brute-force decryption.
Re: (Score:3, Informative)
Plus, it isn't an encryption method.
Re: (Score:1, Troll)
Actually, yes it is an encryption method, just a one way encryption method.
http://en.wikipedia.org/wiki/C... [wikipedia.org]
Re: (Score:3, Informative)
Slight difference there: It's cryptographic, but not encryption. You cannot "decrypt" the output of a one-way hash. Hence why it's not encryption.
Re: (Score:2)
Re: (Score:2)
MD5 has never been considered encryption. As was already pointed out it's a cryptographic hash, not an encryption method.
Re: (Score:3, Funny)
Really starts getting into splitting hairs at that point though. If someone says a "one way encryption function" (which I've heard many a security professional use exactly those words in context) everyone knows they mean hash functions. You could argue the literal definition, but encryption is for all intents and purposes the applied ideas of cryptography. Then again this is slashdot, nearly everyone splits hairs about everything...
Re: (Score:3)
If we are getting into the technical definition, bit length, key length, etc. doesn't really pertain to something being encryption or not. By definition a Vigenère or Caesar cipher are consider encryption methods (and Caesar doesn't even use a key) but those are very primitive versions of encryption. If I remember correctly yes, you can still have collisions on something like your example depending on the method used (been a while since I did any of that, so I am a bit rusty). MD5 has lots of known
Re: (Score:2)
The key is obviously not noted in there, as a PKI encryption is "encryption" by all definitions, and is done with a key, and signing is a hash done with a key. They are similar (and related) keys.
Re: (Score:2)
The definition for decrypting something is hazy at best as technically using a dictionary attack against a hash function both "decrypts" it and is loss-less assuming you have any related salts etc (this includes even things like SHA2 because with enough time/resources, admittedly ludicrous amounts, it can be "decrypted" or "de-hashed").
Speaking theoretically it should really be acceptable to say "one-way encryption method" although, as of course everyone was undoubtedly going to point out when I said that,
Re: (Score:2)
Re: (Score:2)
Lets not start arguing semantics, its a substitution cipher. You could call it a key of sorts I guess? Not the same as the key you would use for AES or others though.
Re: (Score:2)
http://stackoverflow.com/quest... [stackoverflow.com]
Googling is hard. I now have proof I am masochist, I keep answering people that clearly are just trolling.
Re: (Score:3)
Shut it elitist punk. Slashdot is obviously exactly where they need to be if they have a strong opinion that is wrong.
Re: (Score:2)
Re: (Score:2)
While theoretically true, rainbow tables strongly disagrees :). That is probably the main reason that definition isn't exactly right. I think general definition is actually something encoded so that only allowed persons can read it. It really isn't much of (if at all to most people in the field) a misuse of the term encryption to use it in context to hash functions as long as you qualify that it is a one way encryption method.
Re: (Score:2)
Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.
Re: (Score:2)
Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.
You say this as a joke but where I work that's exactly what we use it for. We use it to index and catalog larger records.
It's much easier to check whether a md5sum is unique than to check if an entire record is unique. We obviously can't
reverse it but it is easy to recompute it on a new record to see if it's already in the database. There is the small chance
of collision but as a non-malicious md5sum collision has a lower priority than a life destroying asteroid collision, it's
good enough for our purposes
Re: (Score:2)
Re: (Score:2)
isn't that basically the way everyone uses a checksum...?
The traditional use of checksum is to verify that a large file or other bits of data are not corrupt.
Using it to compress,index, or deduplicate large files kindof like a "rainbox table" is not usually
what checksums are used for. For one thing it partially goes against what a checksum is
designed for. A checksum is designed to change even on a very minor change so unless you
have very structured data it's very hard to use a checksum to verify if a record already exists.
Re: (Score:2)
Re: (Score:2)
It could be cleverly disguised as a bit of MD5 but is actually something encrypted with a 33 character one time pad.
Re: (Score:2)
You should use an actually valid md5
Should amend the poll question (Score:5, Insightful)
"What percentage of your online communications do you believe are encrypted?"
Re: (Score:2)
and does it matter any more..
Re: (Score:2, Interesting)
"What percentage of your online communications do you believe are encrypted?"
This.
My company forces a SSL proxy and pushes their root CA to all browsers so nobody even knows about it.
So I don't log into anything at work. Don't need the IT monkeys logging my passwords.
Re: (Score:2)
How about using the reflections plugin? It will at least tell you the SSL cert isn't the expected one.
Your approach of simply not using the compromised computer is of course the most secure.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I know they can crack my VPN connection if they want to, but it costs them time and money. No more real-time surveillance capability, big dis-incentive to casually snoop on me. Encryption doesn't always have to be perfect, adding cost is well worth doing in this case.
Ubuntu? (Score:2)
Why?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So, you are saying that 14.04 is broken because of a bug that was not present in the final release but in the beta?
Encryption is pointless (Score:1)
Email is a postcard.
Anyone can read it as it passes by.
Encryption is pointless.
All encryption can or will be broken.
By encrypting you merely flag yourself.
A conspiracy of more than one person will be found out.
Re: (Score:2)
Encryption is about time.
So, everyone encrypt everything.
Re: (Score:2)
Encryption is not about making it impossible to decode (in some cases, hash functions actually do try to do that), it is more about making it not worth the effort or making the effort so high that once you DO decrypt it the information isn't really that useful.
It is kind of like trying to to hunt through a haystack for a few small items only you have to jump through 200 proverbial hoops before you even get to look for one single item that may require four other items in a different haystacks before it means
Re: (Score:2)
+1
Nothing is 100%. However, security to keep the majority of the attacks is useful.
One can say that because some people can pick the lock on a front door, then locks are not needed. However, locks often do work and up the ante for someone getting in.
I have a habit of encrypting whenever possible. This way, should something happen like my Android tablet get stolen, a USB flash drive used for backups gets nicked, or cloud storage broken into and files snarfed, the damage done is mitigated.
Of course, key ma
Re: (Score:2)
Nothing is 100%.
That depends. Is your checking account adequately secured if I write down a random number and it happens to be your account number?
Many encryption schemes will outlast the data integrity and greatly outlast the universe. A {2,3} quorum of Rivest, Shamir, and Addleman can attest to this. Someone may guess, but not by repeatable effort; they'll guess by dartboard.
Re: Encryption is pointless (Score:2)
They're watching us. Through our computers and cell phones.
Shame no one on that plane had a cell...
Re: (Score:2)
See what I did there? That wasn't just the woosh of you not getting the joke, but also the woosh of the plane! Clever, right?
Shouldn't that have been "splash?" Or is it too soon?
Re: (Score:2)
Because there was no joke. He was being genuinely stupid, by unironically suggesting that "they" could have found Flight 370 with their magical cellphone detectors but have chosen not to.
The next funny bit is, you're talking to me in the third person, letting me know that my joke was not a joke, and talking about how non-tech-savvy I am, despite the fact that I've been programming computers since I was 7 years old, have worked on some incredibly significant technology in my career and have been known to build 3D printers with hand tools in my living room for fun :D
Doofus.
Not slashdot.org (Score:4, Interesting)
Re: (Score:2, Interesting)
So what you are saying is the people voting for that last option are lying...
Encrypted? (Score:2)
Re: (Score:2)
other than that I have nothing to hide
Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.
Re: (Score:2)
Re: (Score:2)
I fear that the type of person who demands to see your browsing history is precisely the kind of person who would take it out of context.
Re: (Score:2)
So if I were to have witnesses to explain away any such oddities, I'd have nothing to fear. And there's no reason for anyone to target me for special interes
Re: (Score:2)
Yes, but when people are looking for a pattern, they will fit data into the pattern.
" Don't be the most attractive target. That is all. "
wrong. But hey, your mom was unsecure, so I guess that's how tit work and not just luck.
Re: (Score:2)
Re: (Score:2)
other than that I have nothing to hide
Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.
I delete it regularly anyway so that would not be a major concern for me. So I watch porn, visit Arrse (an unofficial British military forum), browse wikipedia, come on slashdot aaaand that covers what, 3/4 of my browsing? Nothing too concerning there.
I don't know... (Score:2)
Re: (Score:2)
Wow! The refund process is taking even longer now.
Torrenting (Score:2)
MD5 isn't a good encryption method. (Score:2)
Nice Ubuntu reference, but it's out date:
ubuntu-12.04.4-desktop-amd64.iso
Re:MD5 isn't a good encryption method. (Score:4, Funny)
Re: (Score:2)
MD5 isn't AN encryption method, period.
Well, technically, it encrypts things, but without being able to DEcrypt them, it's not very useful.
1a57290facd5dcf9308d343988230b85 could be the result of "echo a | md5", "md5 ~/Desktop/War_and_Peace.txt"... or both... or something else entirely... or any number of other things. If you figure out what it is, tell these guys. [md5this.com]
100% (Score:4, Funny)
I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.
Cheers,
Dave
Re: (Score:2)
I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.
49206d6967687420636f7079207468617421
Re: (Score:2)
With people like you that can't even decipher OPs comment why do we need encryption?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
even in utf-8 that should be rot0x256 or something.
The problem is that the amount of characters Unicode increases every now and then (the maximum is 1,114,112 characters, by the way), and there are also unallocated character slots in between.
What percentage of what now? (Score:1)
Is the metric here supposed to be by volume of data passed or connection count?
Does Pig Latin count? (Score:1)
Ig-pay Atin-lay or-fay e-thay in-way!
All my Wifi? (Score:3, Informative)
I think my communication is encryptet everytime it goes over a WIFI network. Aswell as when I use my phone to the comapny VPN.
Also many shopping sites uses secure HTML.
So about 50%?
If the question is how much I intentionally point-to-point encrypt then I would only count my workcomputers VPN to company servers (so about 5%?).
Re:All my Wifi? (Score:4, Insightful)
Most insightful comment I've seen.
I use https most of the time, but how does it count to access e-mail, when the e-mail service is provided by a third party so they have access to all my communications.
In the end, there's always a third party involved that may not care about the secrecy of my communications, so end-to-end encrypted, is probably none. I connect to my work computers using VPN but then again, my employer probably have access as of what I'm typing and doing.
Does having partially encrypted communications help? Perhaps. Perhaps, so that Comcast/Verizon/T-Mobile or other carriers cannot steal the ad business from Google, Amazon, etc.
Makes a good point (Score:2)
First what do you mean by encrypted? I mean you'll find that a lot of stuff is encrypted at some point. Wifi is a good example. However so is a cable modem. Any DOCSIS connection is encrypted, 3.0 ones using AES. Of course the encryption is only to the CMTS, it is to keep your neighbours from sniffing in on your traffic, it has to get decrypted for the ISP.
Also something like a VPN is nearly end-to-end, but only if you then stay on the network it attaches to. Many people use a VPN, but then will go out to o
Probably more than I expect (Score:2)
SSL all the way, baby... (Score:1)
I always use the https version of websites. Especially those that use OpenSSL. That's super secure and keeps me protected all the time.
Oh, no wait, that might not be right...
https (Score:1)
you asked the question, but how come Slashdot is not using https....?
Re: (Score:2)
If you are a subscriber, Slashdot allows use of https.
Mixed content blocking is why (Score:2)
HTTPS Everywhere broke recently (Score:2)
I used to be closer to 60% (only unencrypted things would be torrents and Steam downloads), but a few weeks ago HTTPS Everywhere broke. So now I'm probably around 30% - the HTTPS-always sites, plus SSH and VPN tunnels.
https://slashdot.org doesn't work. (Score:3)
Re: (Score:2)
It does if you subscribe, which is weird because I can't find that policy spelled out anywhere.
standard encryption (Score:2)
I double-ROT13 all of my textual communication.
Re: (Score:2)
Communications but not data (Score:2)
Probably most communications are already encrypted. But I believe my data is stored unencrypted.
Depends... (Score:2)
Depends on what "online communications" are.
If you mean things like Email, the answer is "none" - simply because Email-encryption remains too difficult for people to setup and use, so no one does.
If you include browsing, well, since Snowdon, the websites I run are https-only. Unfortunately, most sites haven't taken this step - and anyway, it only helps if you also block the trackers and take other privacy measures.
Re: (Score:2)
For me, I sign my work E-mail with S/MIME by default.
At home, I don't bother because I've had people go bananas thinking the picture of a ribbon in Outlook was some type of malware. Some private E-mail gets sent via PGP, but oftentimes, it tends to be a keyfile attachment, and a TrueCrypt container with the actual TC volume stashed on a bulk download site like MediaFire.
I prefer PGP over S/MIME because once keys are exchanged and used for previous transactions, it is obvious that someone is impersonating t
Near 0%. (Score:2)
It depends... (Score:2)
Percentage of...? (Score:2)
Percentage of online communication.. by number of bits: torrents dominate, and some HTTP downloads, and these are not encrypted. By my attention, there's more text-based communication, and I'm probably up at 50 %
By volume or ??? (Score:2)
Probably around 60% by volume thanks to encrypted torrents and Tor traffic.
That's counting HTTPS traffic, although IMO any cert from a CA is nothing but a feelgood measure when it comes to keeping your data from the NSA.
Re: (Score:2)
That is already happening on any website (including Slashdot!) that has a facebook plugin running anywhere on the site. Even if you don't have an account.
Re: (Score:2)
$ cat
127.0.0.1 www.facebook.com facebook.com
127.0.0.1 www.static.ak.fbcdn.net static.ak.fbcdn.net
127.0.0.1 www.login.facebook.com login.facebook.com
127.0.0.1 www.fbcdn.net fbcdn.net
127.0.0.1 www.fbcdn.com fbcdn.com
127.0.0.1 www.static.ak.connect.facebook.com static.ak.connect.facebook.com
127.0.0.1 www.static.ak.facebook.com static.ak.facebook.com
Re: (Score:2)
Hmmmmmm, that is a very good point and I may actually steal this idea. I never thought about doing that to break their crap. I've seen an adobe crack for CS5.5 that does something similar for the DRM (which is downright hilarious that adobe's DRM is that bad).
Re: (Score:2)
Re: (Score:2)
That is part of the challenge of security. One of the major principles is adoption. You have to make the security protocol at least somewhat convenient so that users will actually use it. Think about this, actual good security for lots of my valuables that I use everyday (car keys, computers, electronics in general) would be to have it locked inside a safe when not used that requires probably 2 factor authentication. It would definitely make it very difficult to steal or tamper with it, but why do I and
Re: (Score:1)
Sweet! I hacked your account to post this message.
Re: (Score:2)
Re: (Score:2)
And if you are not using hidden partitions for the valuable items ( among some other steps i wont mention here ), you are a fool and deserve to get the wrench.