Crypto as in cryptography
I am using the #STEM tag on this as it relates to technology that I am interested in. You can read about that 'tribe' here.
I have been interested in #cryptography for years. The whole concept that mathematics can provide us with ways to make data secure from snooping is just cool. Back when I started playing with PGP/GPG this was something just of interest to geeks, but it is now essential to everyone who uses computers for on-line shopping, banking and just keeping your activity from being generally snooped on. And of course it is the foundation of cryptocurrency. You need encryption and digital signatures to prevent your precious coins from being stolen or people cheating the system.
Me in my Gnu Privacy Guard shirt at Steemfest 3 with @detlev and @slobberchops.
I have had my current public key for a few years, but it is rarely used. Setting up the software and encrypting emails seems to be too much for most people, so they continue using emails that can fairly easily be spied on.
Something that makes it all a little easier is Keybase. This is an implementation of the encryption algorithms in a user friendly way and they have built various services on that.
You have one-to-one chat as well as Slack-like chatrooms that use end-to-end encryption. That means that hacking their servers would not expose what you have been talking about. They also provide:
- Public or private file hosting. You can share files are you might with Dropbox or Google Drive, but people can be sure that the files are actually from you. I used this ages ago to host my images for Steem posts before Steemit provided that.
- Encrypted git. This is version control as on GitHub with added security.
- Identity verification. You can place a signed message on Facebook, Twitter, reddit or other platforms to prove that you control those accounts. You can also verify your Bitcoin and other crypto addresses so people can send you funds with confidence they are not being spoofed.
There is are desktop and mobile apps as well as browser extensions.
It was interesting to read this blog by the Keybase CEO. His Slack account was compromised and decided there was a risk it was via an attack on his computers so he took the drastic step of scrapping them. There are ways to hack firmware and boot sectors that may not be easily detectable. If you are running a security company you have to be really paranoid. It turned out the issue was actually with Slack and had happened years ago. We put a lot of trust in internet companies to keep our data safe and they keep letting us down. In this case the data loss was not significant as he was using the Keybase chat for anything confidential.
Companies like Steemit have to be equally diligent about their security. @sneak wrote a piece some time ago about the length you should go to. Imagine if the keys to their main accounts leaked! Most of us could not deal with the sort of compromises required for that level of security, but you should be careful what you click on and install.
There are those who would rather we did not use good encryption. This week the US Attorney General said technology companies should provide backdoors to intelligence agencies, but this would be very risky. BTW You should follow what Bruce Schneier writes if you have any interest in security. We know governments leak data all the time and we could not know who was looking in. Which agencies would have access? Would data be shared with other countries? Australia has implemented laws that go too far in this regard.
Governments will argue they need to be able to monitor communications of terrorists, but there are plenty of open source encryption apps out there that they can use. That horse has already bolted.
Note that cryptocurrenices could be affected by this sort of legislation. We can send encrypted memos on Steem and they may want to tap into those. A main principle of cryptocurrency is that only you control your keys. Who wants to give that up?
Some of us remember cryptography export restrictions back in the 90s. Those outside the USA were supposed to use limited keys what could be cracked by someone like the NSA. Algorithms were printed off and put on shirts to bypass this.
Good encryption is hard to implement. Be wary of anyone who claims to have a new unbreakable system, especially if they will not share the source code. Algorithms need to be tested by independent experts and public code should not compromise security as that only depends on the keys. Modern hardware means they can be long enough to be uncrackable in the lifetime of the universe.
I am far from an expert on the inner workings of cryptography, but I can still play around with it. Feel free to hook up with me via Keybase. We can chat with their secure apps. There is a Steem channel, but it is pretty quiet. I have uploaded a file to verify a link between my Keybase and Steem. Unfortunately they do not yet provide a way to do this with signed posts as for other platforms.
Stay secure!
The geeky guitarist and facilitator of the 10K Minnows Project.
- I'll buy guitar picks for Steem
- Get a Wirex Debit Card to spend your crypto.
- Get some passive income with Mannabase
- Get paid to search at Presearch
- Battle for cards on Steem Monsters
- I have Steem accounts to give away to worthy people!
Thanks for using eSteem!
Your post has been voted as a part of eSteem encouragement program. Keep up the good work! Install Android, iOS Mobile app or Windows, Mac, Linux Surfer app, if you haven't already!
Learn more: https://esteem.app
Join our discord: https://discord.gg/8eHupPq
You don't have any encryption key on keybase ... Add one so people can message you privately ;)
My key 4175DCF03F9A241A is on there as well as on the keyserver I linked to. It's also on my site. Not had anyone use it in ages.
I had to set my PC up again recently, so just looking at getting Enigmail working again. I am not really surprised few people encrypt email as it's generally not easy to set up. I did a few keysignings back in the day, but it was all dedicated geeks.
I think you need to activate the key somewhere so people can message you conveniently from keybase UI.
Not sure what was going on. My key did not expire until next year, but I extended that and updated it. Seems to work now. I do not give them my private keys even though they say they are secure depended on pass-phrase. Just does not feel right.
Hi, @steevc!
You just got a 5.24% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Good idea Steve, I will re-activate my pgp or do a new one!
Posted using Partiko iOS
Hi @steevc!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 5.953 which ranks you at #347 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 116 contributions, your post is ranked at #14.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server