- Aug 14, 2012
I believe the use to be able to decript DES and a few others but AES replaced that. 128-bit can be decripted but it is so far impossible to decript 256-bit. Using one the the government super computers to brute-force attack AES-256, one would need to try 2 to the power of 255 or 2,117.8 trillion keys to get the job done. In real time it would take 27 trillion trillion trillion trillion trillion years. So, encrypted email only shows headers (metadata) at the backbone, the body of the message is encrypted. They can also read the ISP, but since you are using a VPN the ISP that is read is that of the VPN service. Can the IP of the VPN be traced back to you will logs? Yes, which is why it is very important to get a VPN that does not log or a company that is not so friendly with the USA. I have also read stuff from CDT senior staff technologist Joseph Lorenzo Hall that the encryption NSA can break are PPTP and MS-Chap. These are commonly used int he middle east. Technically I believe that additions to the Patriot Act allows the NSA to get a court order to seize computers of people using VPN's especially those who use TOR, So the double edge sword is while encryption gives keeps the snoops out, it also calls attention to your activity.When I programmed (worked for DHMV as an computer operator while attending college for computer science with a concentration in programming) I was taught that no matter what the encryption level, once it's reaches the "backbone", it has to be broke down into machine language so that it can be passed on to the desired destination...Has this changed?...If not, that means encryption is shit...All u would have to do is look at the machine language and be able to tell what was typed (communicated)...Follow?...I'm not sure...It's been 30+ years since I programmed!...Also, guess who runs the "backbone"?...
The U.S. Supreme Court on quietly approved in August of 20020 a rule change to Rule No.41, that would allow a federal magistrate judge to issue a search and seizure warrant for any target using anonymity software like Tor to browse the internet. The government is very afraid of VPNs and they care being used more and more.
Here is a PDF from the NSA to government agencies on how to use VPNs. The do recommend AES-256
Now for all intent and purposes most of us are not going to be concerned with NSA and just want a measured amount of internet privacy. This will surely work. If you really want protection use a VPN and TOR. Or even better run something like Tor's TAIL which is a portable operating system you can run or a USB drive. Tails never writes anything to the hard disk and only runs from the memory of the computer. The memory is entirely deleted when you shutdown Tails, erasing all possible traces. Like TOR, TAILS encrypts and anonymizes your connection by passing it through 3 relays. These are servers operated by different people and organizations around the world.