NSA Tips 0 Getting Started with NSA Mail


Best Practices and Plausible Deniability
Best security practices suggests that a secure email be sent first, and the keys or pass-phrase to decrypt it be sent only after the recipient has acknowledged receipt of the traffic and has indicated by a pre-agreed signal that it's safe to convey the pass-phrase via another channel.  If they never receive the 'safe to send' signal, they never send the key and you are free to deny that you possess the key (because you never received it, and you really don't have it).  

Decoy Activities
Although we recommend that you not use cipher methods that leave private and public keys littered about on your hard drive, you may be able to channel attackers into unproductive activities by setting up desktop encryption software that you never use for your actual communications.  Remember, a serious attacker may be able to gain (or subpoena) possession of your computer.  You should consider if you want encryption software on your computer at all - much less your private PGP keys, others' public keys (by which their email addresses can usually be identified), etc.

Generate PGP keys online and copy them to ~.asc files on your hard drive for peoples' emails who you would like to 'inconvenience' and allow the attackers to extend their attack to these individuals.  Most public keys can be trivially forensically examined to determine the email address of the person who owns the key - this is for convenience and essential key identification in the Public Key Infrastructure (PKI); it's not security flaw, but can be exploited to send attackers on unproductive investigative excursions.

Do you like this page?

Be the first to comment