Locks only keep honest people honest.
Bullrun goes back many years to the aborted introduction of the clipper chip. The Five Eyes put constant pressure on technology companies to put in back doors which most companies have resisted.
SSL has proven to be crackable, SHA1 TLS has shortcomings that make it crackable. SHA256 with 2048 keys is currently not crackable. The current versions of the iPhone's internal securityis uncrackable (the federal government is trying to force Apple to relax its phone security claiming national interest) Encryption security is either effective for all or not effective for all. The biggest SSL problem is the initial entropy that is used to set the initial random number that is used to generate one of the prime numbers
Are locks on doors a "myth"? They can be picked, doors can be kicked down, windows can be broken, etc
but I would mind a great deal if that sort of information was unpicked by my government from what was meant to be a confidential and encrypted communication.
So the most secure rule is - if you're worried that somebody might see it, don't write it down.
Which amounts to the end of democracy.
One of the ways that Enigma was cracked was messages using a common salutation i..e. Heil Hitler. There were communication errors also i..e. messages sent in cleartext and in cypher. The reuse of cypher keys. The initial settings were supposed to be random but humans are (a) lazy and (b) not very good at picking random numbers/letters. Certain operators had favorite settings and the operator could be identified by their 'fist' (the way they sent morse code)
SHA-1 lasted about 20 years https://eprint.iacr.org/2020/014.pdf https://sha-mbles.github.io/ https://www.grc.com/sn/SN-751-Notes.pdf
Every session uses different keys so if I break 1 session in 24 hours it will take another 24 hours to break another session. Due to the volume of traffic it will take a long time. The hardest part is to identify the traffic you want to analyze and decrypt. If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target.
If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target.
And as far as protecting information from a government agency, forget it.
I recall years ago hearing a story about a fellow who came up with a new and improved system for generating encryption keys. Someone heavily involved in security was asked how important the new scheme was. He answered that he didn't know much about the new scheme, but it really didn't matter to him. His view was that once you reach a certain level of security, people who want to get past it will find ways around it. One that he mentioned (seriously) was a threat to someone's life!