Big Frustration for Big Brother
Hi everyone, and welcome to the 21st
Don't ya just LOVE (not!)
the way our governments are stripping away our freedoms?
Well I for one am voluntarily choosing not to buy in to the new reality
of a terrorist under every bed and a child pornographer behind every
Nor am I buying in to this new mind-set that everyone's a terrorist
unless proven otherwise.
And I'm also not buying this trip from Dubbya and crew who think that
unless every aspect of everyone's life gets logged to central US Govt
databases and scrutinised by every government official right down to the
janitor, then we'll wake up to Sep 11-style attacks every Tuesday around
Gee, I guess that makes me a subversive!
An individual who wilfully refuses to accept, as self-evident truth, the
tenet that the USA (led by Republican-controlled
executive/legislature/judiciary) possesses the divine right to monitor
and control all governments, commerce, media, activity, communication,
expression and beliefs throughout the entire human species, and to
assert this control by military force as it so desires.
What is PSST?
PSST started out as a small instant
messaging program for Windows and Linux.
What, yet another chat program?
Well, very few of the chat programs have built-in encryption. Which
means that anyone with a bit of goverment pull who doesn't like your
opinions can get a court order for your ISP to log your internet
traffic, and ban this ISP from notifying you. And then get access to all
your internet activity - all your text chat, your web surfing, your
email - everything.
I looked at a few encryption programs, but on the whole they proved to
be very complicated, as if their authors had no concept of the average
user's skill set. Some of these programs were so fiddly that one almost
needs to be a programmer to set them up and use them.
So there was a huge gap, and a crying need for software which provides
strong encryption but supports ease and convenience of use.
Hence came PSST. A simple 1-to-1 chat program, written in Forth, which
took care of all the key generation and session establishment/management.
PSST went down well with users, but development stalled - mainly
because of my choice of language. Forth is great for creating small
standalone programs, but as a language it totally sucks for any decent
application. It's just a couple of steps above assembler. So I've since
switched to Python
which in comparison to Forth, C/C++, Java, Pascal etc is sheer
programming heaven. And, it allows for portable code that will run on
virtually all known platforms, and can be packaged into standalone
binaries on Windoze
What's New in PSST II?
Here's just a few of the new features
you'll find in PSST II:
- Vastly more secure encryption (1024- to 4096-bit RSA, plus
256-bit Blowfish encryption)
- Resistance to Man In The Middle attacks - PSST II will only allow
communication where users have already swapped their public key files
(in person, by email, via post etc)
- You can now have several conversations running at once
- Better rendering of text chat display, now on a par with AIM,
ICQ, MSN Messenger etc
- Extensible architecture - python programmers are welcome and
encouraged to implement extra features and submit patches
- A few major surprise new features that will
And the catch?
A price of switching to Python is that PSST has lost its anorexic (64k)
PSST II now weighs in at around 12MB all up.
It can no longer be run from a floppy disk, but it can
be burned onto a mini pocket-size CD along with your contacts' key
files, and used from any computer.
All versions released as fully open source, under the GNU
General Public License.
- Possession or use of PSST may be illegal in your country of
residence, and may incur stiff fines or time in jail.
- Other countries such as Australia and UK with paranoid statutes
don't ban use of such software, but may jail anyone who refuses to
surrender their encryption keys to any government officer upon demand.
- New Zealand's approach is thankfully more moderate. While it also
has forced key escrow provisions, the legislation stops short of any law
which can force any individual to disclose their keys.
- Citizens of other countries - please contact me and advise me of the
situation in your country
Notes Regarding Government Attack
If you are concerned that officials in
your country may demand encryption keys, you can protect yourself very
simply as follows:
- Generate and exchange new keys regularly, and make sure to
securely delete any old keys.
- Attackers may have access to your ISP or the internet backbone,
and may be gathering archives of all raw data flow to and from your PC.
- Session keys (which encrypt the actual content of your
communication) are generated randomly with each session and then then
discarded. They are only stored in memory, so advanced disk recovery
techniques will fail.
- Session keys are asymmetric, meaning that for each session,
there's one session key for sending, and another for receiving.
Therefore, if your key is compromised, the attacker will only be able to
decrypt the data you've received, not the data you've sent. To get the
data you've sent, they'll have to get the key from the person you've
been talking to.
- If you get that knock on the door, and your PC is confiscated,
the government will only be able to decrypt any communication you received with your latest private key. Any archives of
communication prior to your last key will be useless, and even with
future technology could take decades to decrypt.
- Other government attack options include, but are not limited to:
- key loggers (secretly installed physically inside your keyboard
or PC), or
- remote uplifting of files and implanting of monitoring software
(make sure your firewall is secure, be wary of email attachments,
preferably don't use insecure operating systems like Windows)
- TEMPEST techniques, whereby your keystrokes and screen images
are reconstructed by remotely sniffing the electromagnetic emanations
from your PC
I hope soon to add a feature to PSST to
make the change of private keys as automatic and painless as possible.
Currently Pre-Alpha - first round of
Alpha testing commencing soon
Hoping to release first beta version
before end of April
To be announced