Secure enough unless we were specifically suspected of something (as opposed to just being caught in some kind of wholesale surveillance program). I imagine the best way to compromise such a system would be to compromise whatever computer we use to compose email.
Compromising Windows or Mac OS is well within the technical abilities of the NSA. So, if they wanted to read our email, I bet they could do it. If everyone did this and they wanted to read everyone’s email, that would probably not be feasible right now. Of course, we can’t even get people to stop using their cat’s name as their password, so mailing key pairs around isn’t likely to catch on very soon.
I’ll defer to your expertise on the legality of it. Would it being illegal stop them? I wish I had any kind of confidence that it would.
CIA and others have equipment that can capture a whisper.
Bricker’s point is correct but contrived, in my opinion.
You are correct that using a courier to physically transmit an encoded message is safe unless the courier is intercepted.
But we aren’t talking about governments and diplomatic pouches. We are talking about ordinary people going about their ordinary lives.
If you send an email, or otherwise communicate across an electronic network, your communication is not secure.
No keylength or encryption technique is ‘unbreakable’ once the breaker has the message, though some theoretically require long times to break.
I am not talking about constant use of couriers. I am talking about a one-time use of a courier to exchange an encryption key.
Now you say subsequent messages are not “unbreakable.” I say that they are essentially unbreakable, because the sun will become a red giant and eliminate mankind before the encryption can be broken.
Is that what you meant by “theoretically long times?” In my view, if the sender, his children, grandchildren, great-grandchildren, great-great-grandchildren, and great-great-great-grandchildren are all dead of old age before the messages can be decrypted, then the purpose of encrypting them has been met.
And of course we’re talking about much longer times. Right?
Agreed, using methods publicly known at this time, on computers with the standard Von Neumann architecture (which is to say, computers as we know them today)
However, there are other ways to go about breaking codes.
Quantum computing has been mentioned as a possibility. Maybe, maybe not.
But NSA is going to have it long before anyone knows, if it’s possible. Likewise with other methods.
Even current machines can be teamed together to work on big codes.
Imagine putting the Google server farm to work cracking a particular message- it might not last long at all.
I am confident in saying that the NSA cannot break large-key RSA. No, it’s not 100% certain: It’s conceivable that mathematicians in the NSA’s employ have come up with some new algorithm which can quickly factor numbers, or calculate the Euler function, or otherwise compromise the encryption. It’s also conceivable that physicists in the NSA’s employ have managed to build a quantum computer large enough to deal with keys of practical size. But the first case probably isn’t even possible, and in either case it’s highly unlikely that both a group on the inside would manage to solve it before any group on the outside, and that they would manage to keep secret that they’ve done it.
On the question in the OP, no, I would not voluntarily give my passwords to the NSA. It’s not that I object to them having them, but that there are a lot of other folks I do object to having them, and if someone says to me “This is the NSA. Give us your passwords.”, I don’t know if they’re lying or not. If they really are the NSA, then they can go ahead and find my passwords themselves, so anyone asking is likely to be an imposter.
I do freelance work that deals with proprietary non-stock market related information that, used the right way, could earn someone a profit. How do I know that some NSA agent wouldn’t take that info and use it? This is assuming, of course, that the company I work with would let me turn in the passwords in the first place.
In your opinion, how long would it take to break a conventional RSA encryption that used an 8192-bit key using “the Google server farm?” You say that it might not last long at all – what do you mean, specifically?
