Community to discuss topics related and concerning cryptography and data security in the digital age.
Welcome to the Cryptography Community on Imzy!
Hello everyone!
I have been interested in cryptography as a practical pursuit for years and years. I was surprised when I didn't see a community for cryptography on Imzy, so I figured I would set one up.
I've dabbled in one-time pads, AES-256 tools, BitMessage and throughout all of it, PKI with PGP at the start and then migrated to GPG. I'm very interested in how people have implemented PKI in their lives, for both the why and the how. If you were able to convince many people who were initially suspicious or unwilling to change I would dearly like to hear what strategies might work that helped with those situations.
For this community I'm happy to help people test GPG, talk about security from my non-expert point of view, or help people explore cryptography on their own. I think we can all accept that the field of cryptography is already skeptical, doubtful, and at points maybe even paranoid, which is why I encourage everyone here to respect the Golden Rule when it comes to the ground rules in this community. Write comments in the manner that you would appreciate reading them. There is always room to learn something new and I will be the first to admit that some of the heavier mathematical parts of cryptography elude me, so there is room for everyone to share and learn.
If anyone has any advice or suggestions, I'm all ears! I hope you all enjoy!




definitely interested, I'm not an expert and willing to learn. What are your personal uses for secure messaging in personal emails?
The biggest irk with GPG is that it takes two to tango. At first, I thought it was useful, that I would be able to exchange emails and I would know they were totally safe in transit and only usable by the person I sent the message to. Alas, getting friends and family to take you seriously and get them to use PKI turned out to be a unique lesson all on its own. Most people skip using it; they spend a lot of time with the usability concerns of GPG. The core complaint I've heard is "Why should I do this extra thing? I have nothing to hide." and so the technology languishes.
I pivoted in my use of GPG and would sign my emails using my keys. Did it have any impact? Unfortunately not. Another one of the issues is one of protocol, a lot of email programs just don't know what to do with a GPG signature block, or how to properly transmit a GPG encrypted email. Some applications like Thunderbird do a great job, some like Outlook not so much.
So my work with cryptography took a step back, instead of trying to find people to communicate with using the technology I started thinking about what the technology means and to make sure I had as good a grasp on it as I could - just in case I needed it. Need it for what? Well, if ever I needed to tell someone something easily over email, but make sure it didn't fall into the wrong hands. So far, that use case hasn't materialized.
At work, I was given slightly more hope because our interface with our primary bank is secured using GPG. That was such a delight, and a shocker for the bank because they expected me to take two weeks to make a GPG keypair, and honestly it took me less than two minutes. But then that hope was dashed when I, later on, discovered that the bank happens to use a website called "Voltage" for secure email needs, completely skipping out on GPG. There is nothing saying that the bank employees we were communicating with couldn't have their professional keypairs, but they didn't. They used this custom website arrangement instead. It seems like a waste of money considering that GPG is GNU licensed and "free." But then again, everyone wants to make money, and I don't begrudge the Voltage company for selling the bank a solution.
A few years ago Edward Snowden exploded on the scene, and I caught a screening of the documentary that Greenwald and company put together. How paranoid Mr. Snowden was and how sure that Americans privacy was a sham and that the Fourth Amendment was pretty much just a puppet at this point drained of much of its protective power by mass-scale metadata collection and data mining by the governments of the world. I revisited a lot of my old cryptography notes and went to look to see if anyone else felt as I did and maybe wanted to communicate securely. So far, beyond certain functional parts of banking interfaces at work, a little dabbling on Reddit and now on Imzy, this is what it's pretty much all come down to.
Privacy itself was a concern, but from what I've seen, most people either don't care or assume it doesn't touch them. But I like to think about it still and keep myself sharp just in case it does become a thing and I can help people explore it.
Until people take their privacy more seriously, it's mostly just a neat little thing that touches on the crypto-geek inside me. I love the idea of encryption - that I'm using complicated math to do something amazing and it's accessible to everyone if they wanted, for free.
And then there was all the email flood from Wikileaks which we are currently embroiled in. If only everyone would have used PKI, then there would have been nothing to leak. If all the emails were properly encrypted, then any hacking or breach would have unearthed gigabytes of noise. Instead of that, now we have political hay. So yeah, it is important, even when you don't think it is. It is.
great info. I've had the same issues in speaking with friends, family, and co-workers. We would all try it at first but some would deviate from it and use text, or another method. It truly is amazing, I like how secure it is, but usability with a wider audience is rough. Using it to send private docs such as financials, word, and other files that should be password protected are great but from my experience, getting the end user to install the extensions and explaining it was sometimes very difficult.
I saw the Snowden doc and movie, very interesting character, but it definitely does show that privacy should be a big concern for everyone. I have the mentality that anything online can be hacked and that the only way to truly protect something is to air-gap it.
I'd be interested in receiving an invite if you're offering :). i think this will definitely take off once someone finds a way to make it easier to apply to the masses. Thanks for sharing
I've got a link for your invite to keybase.io. How would you like me to get it to you? I can send it in email or use GPG here. LOL. Don't want to broadcast it to the world. :)
haha understood, can you email it to me? jh@rhigg.com