If it’s fairly secure mail you want in Thunderbird, you could install the Enigmail plugin which uses PGP encryption. I’ve been using for some while now, and it works great.
Also, if you run GAIM (linux) or Pidgin with encryption module (Windows), you can also chat securely.
Then for surfing the net fairly secure, you could use the TOR network (For Linux only I think).

@everybody
I think this small sister project is great! Security and privacy isn’t for a select few anymore, it’s becoming a global issue.
So yeah, I’m willing to try it on my Linux laptop (Ubuntu) or my Windows desktop (XP).

I really don’t think that spammer will try to send spam at this time. As you could read on the site, the spammer would need your smallsister address to start with.

Second is that the TOR network is actually pretty slow and the spam messages need to be encrypted. This takes time, a lot me more time that it’s been done now. So more time means less people to get spam.

Why do you think using the TOR network isn’t a good idea? Is there an alternative? There are still a lot of people that setup a onion router.

Regards, Jeroen.

Second, recently people went to jail because their onion router transfered illegal material and judges dont understand anything technical, as a result lots of people stopped running tor. Same thing happened to freenet. Suppose you cant keep the bad guys out either? So, using the tor network might not be such a good idea.

morgan :Sounds good – will be testing this soon on my linux desktops.
p.s – no point in releasing a Windows version – windows can never truly be secure …..

It is not about Secure systems. It is about secure traffic.
Thats the point. so no mather what OS you use…your traffic will be safe.

I must agree that augmenting words using special characters is a great way to isolate yourself from a dictionary attack, but the emphasis these days is too much on password complexity rather than length.

You only need to make PART OF YOUR PASSWORD complex, and macbookair no matter how it is spelled is simply too short.

The latest GFX GPU’s have 128 shaders, or more, which can be used independently as threads. Using this technology, each computer is now 100 times (or more) powerful. Not to mention any prop hardware the CIA/NSA/FBI/Tax Department/Neighbor/Dog/Whatever has that is not in public domain (and they do have this hardware).

And in the future – computers will get more and more powerful, and decryption technology will improve.

Having current technology 128 threads/ processor reduces your password strength by the power of 7 (7^2=128) so, macbookair is now really only as strong as a three byte password. Put one hundred GFX/CPU’s together, this password can be hacked in seconds.

My recommendation:
(a) + (b)
“nACb))K02″+ “TheQuickBrownFoxJumpedOverTheLazyDog”

nACb))K02TheQuickBrownFoxJumpedOverTheLazyDog
123456789012345678901234567890123456789012345

This is 45 bytes long = unhackable.

Why is this unhackable?
(http://www.lastbit.com/pswcalc.asp)

Because of exponentiality. Each bit is a doubling up of the computing power required.
See:
http://en.wikipedia.org/wiki/Brute_force_attack

The Von Neumann-Landauer Limit states that 30 gigawatts is reqd for one year to brute force a 128 bit key.
A 256 bit key is probably more energy than in the Sun!

The first part of the password is the complex bit that can never be hacked via a dictionary attack.

The second part of the password is easily remembered and hackable via a dictionary attack, but is “safe” because the hacker must guess the whole string, not just the dictionary part.

Because (a) and (b) must be hacked together and cannot be hacked in isolation, you now have a very long, very memorable, password that is uncrackable. One too that can be stored in the safest place in the world – your mind!

So, when having a password, let me re-iterate… By all means do your fancy special characters, spaces, numbers, upper/lower case, non-dictionary/random bit, but also make it long. Having a simple long password with a small random component, is a billion times or more better than a short one – no matter how complex yours is!

Also don’t forgt the usual safeguards:
- Don’t use these long passwords online or on the cloud, or anywhere that people can “see” it.
- Turn your computer off when you’re not using it.
- Turn your network off when you’re not using it.
- Use full disk encryption on everything – hibernation/pagefiles are just as dangerous as having passwords written on paper sitting on your desk!
- Make your wireless network invisible with WPA2, or better yet go wired
- Don’t use complex passwords on easily hackable devices (ie on your $50 10mbit DLINK network hub from 2001)
- Have a hardware firewall
- Don’t tell anyone your password under any circumstances (not even your wife), as good as her intentions are, she may write it down!
- Make passwords very unique between usage (ie cloud passwords are 100% different from the most important disk-encryption passwords). Don’t even share the same Windows Logon password / disk encryption passwords.

Anything I’ve missed?

Many thanks to this guy…
http://www.infoworld.com/d/security-central/password-size-does-matter-531