Why bother?
So I'd say encryption is still hugely helpful just because it raises the bar.
It's really a matter of how hard is it to get into your data, compared to somebody else's data. It's why "the club" works on a car. It's not that you can't remove it - it's just there's another one right next to it that's easier so the attacker skips over yours.
But certainly, believing that encrypted data can never be broken into is not wise. That's why things like credit card numbers should never be stored in e-commerce sites - they should be passed along to the banks without being stored, so then there's nothing to hack and get.
Doug
Anyone... in possession of the tech keywords you mention... likely can easily access your money + personal data without having to use the tech you mention...
Locks only keep honest people honest.
Bullrun goes back many years to the aborted introduction of the clipper chip. The Five Eyes put constant pressure on technology companies to put in back doors which most companies have resisted.
SSL has proven to be crackable, SHA1 TLS has shortcomings that make it crackable. SHA256 with 2048 keys is currently not crackable. The current versions of the iPhone's internal securityis uncrackable (the federal government is trying to force Apple to relax its phone security claiming national interest) Encryption security is either effective for all or not effective for all. The biggest SSL problem is the initial entropy that is used to set the initial random number that is used to generate one of the prime numbers
ASKER
Are locks on doors a "myth"? They can be picked, doors can be kicked down, windows can be broken, etc
Yeah, that really wasn't so much the destination of my question, because I know that my property faces all those risks and potential compromises. That is not the case in the same way with encryption, as, for one thing, neither side of the argument would ever concede that encryption is entirely secure or ultimately fallible. It is precisely because we don't know to what level these algorithms are safe, that we can never establish an ultimate truth about them, and that makes the situation multi-way unassured and unassurable.
You can, on the other hand, get insurance for your house and its contents, even if they are lost through theft and the insurer aware that the premium covers that sort of risk. I've never heard of anyone being able to take out insurance against their encryption being broken.
@David Johnson, CD
Thanks, useful comment.
But if I were running one of these security services, if we were able to crack 2048 encryption for example, my service's public statement would be that we couldn't. This was already part of the philosophical dilemma faced by the codebreakers at Bletchley Park, because mitigating the effects of every single attack that they identified would have given away the fact that Enigma had been broken, and so sigint would have been effectively compromised and so less effective.
Faced with this, we can never really know whether anything is crackable or not, I don't care whether two kids in a bedroom know I voted one way or another in an election; but I would mind a great deal if that sort of information was unpicked by my government from what was meant to be a confidential and encrypted communication.
but I would mind a great deal if that sort of information was unpicked by my government from what was meant to be a confidential and encrypted communication.
That concern is definitely valid and unfortunately almost certainly impossible to prevent in the long haul. Because encrypted data can be captured today and decrypted much later once cracking improves. NSA anyone?
E g. A fully functional quantum computer may make cracking almost all known encryption approaches feasible, because they all rely on the fact that brute force searching for the key isn't practical. But if you can search an exponentially large space in linear time (which a quantum computer in theory could allow) then those searches become tractible.
So the most secure rule is - if you're worried that somebody might see it, don't write it down.
Doug
ASKER
So the most secure rule is - if you're worried that somebody might see it, don't write it down.
Which amounts to the end of democracy.
Which amounts to the end of democracy.
I think that's a little strong, but each to their own :)
(Most of my political views, I don't mind sharing publicly)
One of the ways that Enigma was cracked was messages using a common salutation i..e. Heil Hitler. There were communication errors also i..e. messages sent in cleartext and in cypher. The reuse of cypher keys. The initial settings were supposed to be random but humans are (a) lazy and (b) not very good at picking random numbers/letters. Certain operators had favorite settings and the operator could be identified by their 'fist' (the way they sent morse code)
SHA-1 lasted about 20 years https://eprint.iacr.org/2020/014.pdf https://sha-mbles.github.io/ https://www.grc.com/sn/SN-751-Notes.pdf
Every session uses different keys so if I break 1 session in 24 hours it will take another 24 hours to break another session. Due to the volume of traffic it will take a long time. The hardest part is to identify the traffic you want to analyze and decrypt. If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target.
ASKER
If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target.
One of the apparent successes of govt crypto, has been with VPNs.
ASKER
And as far as protecting information from a government agency, forget it.
Course, if a really bad-news govt ever came to power "over here" - (which could never happen of course) - (wherever over here is), I'm confident they'd be honourable enough to delete the previous government's suspects' databases, before embarking on their own digital persecution programs.
I recall years ago hearing a story about a fellow who came up with a new and improved system for generating encryption keys. Someone heavily involved in security was asked how important the new scheme was. He answered that he didn't know much about the new scheme, but it really didn't matter to him. His view was that once you reach a certain level of security, people who want to get past it will find ways around it. One that he mentioned (seriously) was a threat to someone's life!