PSST - Frequently Asked Questions

  1. What does it cost to use PSST?
  2. How secure is PSST?
  3. What kind of encryption does PSST use?
  4. I'm a kind person and I want to support you. What can I do?
  5. Hi, I'm a developer, and I want to add some features to your program
  6. What can I do if a government agent demands my encryption keys?
  7. Aren't you just protecting Terrorists, Child-Molesters, Drug Dealers and other Criminals? OR, Why does anyone need encryption if they have nothing to hide?

What does it cost to use PSST?

PSST is absolutely free, as in beer and in speech.

However, if you haven't bought PSST from a shop, you're strongly encouraged to make a donation.
How Secure is PSST?

If you are generally responsible with your system security (eg you run a decent firewall, don't open up any untrusted email attachments, don't run insecure software etc), you'll find that PSST offers you extremely high security. Even the best-resourced attackers (such as large corporations and governments) will hit a brick wall when trying to invade your privacy.

Given the encryption used, and the key sizes employed, it would take the world's most powerful computers thousands of years of calculations to decipher your communications.

However, brute force decryption is not the only possible attack. You should read and study the PSST Security Page and carefully assess your risks, and take precautions commensurate with these risks.
What kind of encryption does PSST use

I've provided detailed information on the key generation, session establishment, authentication and encryption processes in a separate page.

I want to support your work with PSST. How can I help?

Thanks for your kindness.

I retired from the computer industry some years ago, so do not receive an income from programming.

It's only from people's voluntary supportive donations that I am able to continue writing software which protects human rights.

So, click here and choose a donation method which works for you.
Hi, I'm a developer, and I want to add some features to PSST

Good on you!

You'll need to be skilled in Python, with a smattering of C, and be comfortable in *nix and Windoze environments.

You've got three options:
  1. Send me your code, and I'll merge it into the codebase
  2. Join the PSST Project, and we can all work through a common CVS
  3. Fork your own project
I have no right to stop you from Option 3, but I really hope you choose one of the first two options. Because then we can all benefit from shared efforts.

Please visit the Contributing Code page for more info.
What can I do if a government agent demands my encryption keys?

First and foremost, consult a lawyer, preferably one who supports the rights of the individual, and one who either possesses or has access to good technical knowledge.

It all depends on your country of residence.

In some countries, you can be arrested for possessing or using PSST, perhaps even for visiting the PSST website.

In other countries, such as New Zealand, the law (thankfully) stops short of forcing individuals to surrender their own personal encryption keys on demand.

Sadly, there are countries in the so-called "free world" where the lawmakers have tilted the balance in favour of the State's power against that of the individual. Such countries, which include Australia and the UK, can jail you for refusing to provide decryption keys/passwords, or for refusing to render an encrypted file into plain data.
In the UK, you can be forced to steal someone else's encryption key. If you tell that person you've done this, you are looking at two years' jail. Fuck you, Big Brother!!

If you receive that dreaded knock on the door, there is one comfort. The attacking authority will only be able to decrypt communication you have received, but not any communication you have sent. To get access to what you've sent, they'll have to track down and uplift encryption keys from each person you've communicated with, which could be a major headache if these people reside overseas.

The key to being safe against corporate/government attack is to take advance precautions.

Visit the Securing PSST page for more information on advance defence against such attacks.
Aren't you just protecting Terrorists, Child-Molesters and other Criminals? or
If you've got nothing to hide, why do you need encryption?


Rather than having to answer this question n times, I've written a page on PSST Ethical Considerations. Hopefully it'll answer all your questions.