- Time
- Post link
Do you use secured (encrypted) communications? You should … for a lot of reasons. And one of the best solutions to keeping your communications and files and computer secure is originally from the PGP (Pretty Good Privacy) software by Phil Zimmerman. It started decades ago and today it has kept up.
New documents reveal which encryption tools the NSA couldn’t crack
http://www.theverge.com/2014/12/28/7458159/encryption-standards-the-nsa-cant-crack-pgp-tor-otr-snowden“The most impressive news to come out of the dump is that, as of 2012, certain emails and chats were still indecipherable by the NSA database when they had been encrypted with the right tools. Reports describe “major problems” following users across the Tor network, or deciphering messages sent through heavily encrypted email providers like Zoho. The agency reported similar problems when deciphering files that had been encrypted with TrueCrypt, an open-source disk-encryption program that was discontinued earlier this year. PGP encryption tools and OTR chat encryption also caused major problems for the agency, causing entire messages to disappear from the system, leaving only the message: ‘No decrypt available for this PGP encrypted message.’”
Now if you are using one of the PGP softwares, a “flaw” was recently discovered in the random number generator and was quickly fixed. So be sure to look for an update to your software. Here is what Security Now! reported:
Securtity Now! Our weekly audio security column & podcast by Steve Gibson and Leo Laporte
https://www.grc.com/securitynow.htm
Routers & Micro Kernels - A critical flaw is discovered in the RNG of GnuPG
https://www.grc.com/sn/sn-574.htm“So some security researcher discovered what they call a “critical vulnerability.” And we’ll back off of that a little bit here when I explain what it is because it isn’t the end of the world, and it’s been fixed, in the random number generator inside GnuPG, and also Libgcrypt. And those apps have been around since 1998. And so essentially it’s just been patched. But any version of GPG earlier than August 17th, that is, last week, is vulnerable.”
For Windows users, the Gpg4Win software just released a new version with this fix.
News 2016-08-18 - Gpg4win 2.3.3 released
https://gpg4win.org/
Version 2.3.3 released 2016-08-18
https://gpg4win.org/change-history.html“The cryptography library libgcrypt has been updated to version 1.6.6 to include a fix a problem with the random number generator.”