Rick,
Another more difficult solution, establish (out of band) a series of one time pads (Vernam cipher) with the person you want to communicate with. It's not easy to establish perfectly random pads, most I've seen were pseudo-random at best. It is secure if you can get the implementation done correctly.
The pads don't have to be random at all, as long as they never fall into the wrong hands, just as the CD's full of pads (kind of like a CD collection full of Kerberos tickets) embassies and submarines use. On my previous post, I used hashes, XORS, or really any computations on pics of naked ladies to make a point. As long as the pads are shared out-of-band and the implementation is a DECENT one (scrambles the source material before any commercial Ciphers), it's secure. The commercial ciphers are just there to burn cycles, they are NOT there to protect the data, they are there to add randomness, just as compression would.
Maybe you could bounce a couple ideas around for me.
1) Oracle counted its first (and only) customer for years as NSA. What's to stop all those Cray T3's from just cataloguing every PKE prime pair in a database? Sure it would be HUGE (number of entries anyway, if not actual data size) but since almost all key generation is done using SKIP constants to speed that up anyway, and Eulers theorem (IIRC) to produce "sufficient primes", why not pre-generate all the possible results. Do a query on public key, out pops private key. Once you have the shared secret, there is nothing to crack. Tell me these folks don't have the brute power to compute these (over a few years, they would have started long ago) and store them. Scary thought eh? Disk space is awful cheap, and getting cheaper all the time.
2) I am wondering if all this FBI hoopla, the "Able Danger" stuff (supposedly shut down for years), etc. isn't all still the same brainchild and project of the lunatic Admiral Poindexter (sp?) of Iran-Contra fame. He supposedly was neck-deep in this sort of work on behalf of DIA and NSA, (domestic information mining and collection, as well as codebreaking) and a nutcase like that could leave just such a deplorable legacy.
Then the mere detection of encryption in your email is grounds for arrest under the patriot act (because only a terrorist would want/need to encrypt a letter to Grandma). And you get to be treated to the Fed.Gov's hospitality indefinitely without being charged.
We are so screwed
Seriously, don't you think steganography is already giving these people indigestion? Suppose you wanted to email somebody a "real" email, asking how the family is, how the dog is, etc. Inside the email are a few numbers strewn about. Maybe the first is somebody's age (40), the second some measurements from your new power-lounger-deluxe (34x23x96) lazyboy or whatever. The recipient then, receives this, and opens their (pre-agreed to) October 1996 copy of Shotgun news to page 40, and then puts together the 34th, 23rd, and 96th words, etc. to make the real message.
Do you really think that anybody is going to find THAT needle in a haystack? Compared to the criminal mind, everybody working against such a problem are pikers. In fact, FBI are hoping that criminals/terrorists are lazy and trust software to do what would take a few minutes by hand. Substitute a matched set of handwritten Korans for "Shotgun News" and you can see my point.
First you have to identify that there IS a message. That is joe publics best defense. No fancy shmancy software is required. The same could be done via snail-mail.
99% of your communications can wait until facetime. For those that can't, with like-minded people, the "message" isn't going to be anywhere in plain sight. Hell, it might be embedded in an MP3 or
a picture on a THR post.
Lots to think about, lots of simple solutions, aren't there?
THEY are so screwed. Which is why they want backdoors and keyloggers ON YOUR PC.