

Ask HN: GPG. NaCl. NSA. Thoughts? - emhs

We now have a better idea what the NSA can and can&#x27;t do. It seems they have ways to compromise endpoints, and have poisoned algorithms and implementation they have a hand in. GPG is the old standby. NaCl is a popular outsider. I do not know, at this time, however, of any easy integration of NaCl into an email client. Do any of you have thoughts on how to go about encryption for emails and other communications in the modern era?
======
kjs3
Let's be clear...there is precisely nothing that has been revealed that
indicates that the NSA has some ahead of the curve ability to compromise
underlying cryptographic technology (see:
[http://www.schneier.com/blog/archives/2013/09/the_nsa_is_bre...](http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html)).
This is social engineering...they got the companies involved to backdoor their
own products. And if they own your end points...well...

All I can think of is only use open code on open hardware (including the disk
drives) done by folks whom the US or other cooperating governments don't have
leverage against (psst...no, the answer is not OpenBSD). I don't think that
exists.

~~~
lifeisstillgood
Sorry - you are saying that there is no answer? Or that there is but it is not
openBSD (and why not openBsD?)

~~~
kjs3
I don't think there's an answer in that there is no answer to backdoored
hardware. Someone recently demonstrated how to reprogram the controller on
hard disks (they're ARM based SoCs) to monitor/modify the data. No one is
going to come up with an alternative open source hard drive.

As to software, whenever the topic comes up, someone shouts out "OpenBSD!".
Unfortunately, it's by no means beyond US pressure, at least at the individual
developer level. The whole "FBI IPSec backdoor" fiasco a couple of years ago
is tacit acknowledgement by the OpenBSD core that such a thing is possible.

