[PLUG] TONIGHT: September PLUG Meeting: Virtual Private Networks

Russell Senior russell at personaltelco.net
Thu Sep 5 23:53:55 UTC 2013


>>>>> "Loren" == Loren M Lang <lorenl at north-winds.org> writes:

Russell> Maybe the talk should be renamed "virtually-private networks"
Russell> or maybe "not-so-private virtual networks" ;-)

Russell> I would not be trusting any binary-blob vendor to be keeping
Russell> my bits private at this point.

Loren> While I don't doubt that the NSA has a large budget and a
Loren> supercomputer farm to match, I still think that
Loren> properly-implemented, peer-reviewed, open-source and strong
Loren> cryptography algorithms are still out of their reach. The
Loren> problem, as I've read about before is a large amount of open
Loren> source software that blindly applies AES without a good
Loren> understanding of cryptography creating weak solutions like
Loren> cryptoloop and tinc. Properly implemented solutions like
Loren> dm-crypt and OpenVPN may also use AES, but are implemented
Loren> properly and should keep away the prying eyes of the government
Loren> for another few years. Maybe what we need is a place to find
Loren> detailed information of the quality of various open source
Loren> solutions as reviewed by well-known cryptographers.

Schneier has seen the Snowden material, and this is his advice:

  http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance


-- 
Russell Senior, President
russell at personaltelco.net



More information about the PLUG mailing list