PSST - Frequently Asked Questions
- What does it cost to use PSST?
- How secure is PSST?
- What kind of encryption does PSST use?
- I'm a kind person and I want to support you.
What can I do?
- Hi, I'm a developer, and I want to add some features
to your program
- What can I do if a government agent demands my encryption
keys?
- Aren't you just protecting Terrorists, Child-Molesters,
Drug Dealers and other Criminals? OR, Why does anyone need encryption
if they have nothing to hide?
What does it cost to use PSST?
PSST is absolutely free, as in beer and in speech.
However, if you haven't bought PSST from a shop, you're strongly encouraged
to make a donation.
How Secure is PSST?
If you are generally responsible with your system security (eg you run a decent
firewall, don't open up any untrusted email attachments, don't run insecure software etc),
you'll find that PSST offers you extremely high security. Even the best-resourced
attackers (such as large corporations and governments) will hit a brick wall when
trying to invade your privacy.
Given the encryption used, and the key sizes employed, it would take the world's most
powerful computers thousands of years of calculations to decipher your communications.
However, brute force decryption is not the only possible attack. You should read
and study the PSST Security Page and carefully assess your
risks, and take precautions commensurate with these risks.
What kind of encryption does PSST use
I've provided detailed information on the key generation, session
establishment, authentication and encryption processes in
a separate page.
I want to support your work with PSST. How can I help?
Thanks for your kindness.
I retired from the computer industry some years ago, so do not receive an income
from programming.
It's only from people's voluntary supportive donations that I am able to continue
writing software which protects human rights.
So, click here and choose a donation method which works
for you.
Hi, I'm a developer, and I want to add some features to PSST
Good on you!
You'll need to be skilled in Python, with a smattering of C, and be comfortable in *nix
and Windoze environments.
You've got three options:
- Send me your code, and I'll merge it into the codebase
- Join the PSST Project, and we can all work through a common CVS
- Fork your own project
I have no right to stop you from Option 3, but I really hope you choose
one of the first two options. Because then we can all benefit from shared efforts.
Please visit the Contributing Code page for more info.
What can I do if a government agent demands my encryption keys?
First and foremost, consult a lawyer, preferably one who supports the rights of the
individual, and one who either possesses or has access to good technical knowledge.
It all depends on your country of residence.
In some countries, you can be arrested for possessing or using PSST, perhaps even for
visiting the PSST website.
In other countries, such as New Zealand, the law (thankfully) stops short of forcing
individuals to surrender their own personal encryption keys on demand.
Sadly, there are countries in the so-called "free world" where the lawmakers
have tilted the balance in favour of the State's power against that of the
individual. Such countries, which include Australia
and the UK, can jail you for refusing to provide decryption keys/passwords, or for
refusing to render an encrypted file into plain data.
In the UK, you can be forced to steal someone else's encryption key. If you
tell that person you've done this, you are looking at two years' jail.
Fuck you, Big Brother!!
If you receive that dreaded knock on the door, there is one comfort. The attacking
authority will only be able to decrypt communication you have received, but
not any communication you have sent. To get access to what you've sent, they'll
have to track down and uplift encryption keys from each person you've communicated
with, which could be a major headache if these people reside overseas.
The key to being safe against corporate/government attack is to take advance
precautions.
Visit the Securing PSST page for more information on
advance defence against such attacks.
Aren't you just protecting Terrorists, Child-Molesters and other
Criminals? or
If you've got nothing to hide, why do you need encryption?
Rather than having to answer this question n times, I've written
a page on PSST Ethical Considerations. Hopefully it'll
answer all your questions.