SoylentNews is people
SoylentNews
Riana Pfefferkorn, a Cryptography Fellow at the Center for Internet and Society at Stanford Law School, has published a whitepaper on the risks of so-called "responsible encryption". This refers to inclusion of a mechanism for exceptional access by law enforcement to the cleartext content of encrypted messages. It also goes by the names "back door", "key escrow", and "golden key".
Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.
However, with all that said, a lot more is said than done. Some others would make the case that active participation is needed in the democratic process by people knowledgeable in use of actual ICT. As RMS has many times pointed out much to the chagrin of more than a few geeks, "geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone." Again, participation is needed rather than ceding the whole process, and thus its outcome, to the loonies.
Source : New Paper on The Risks of "Responsible Encryption"
Related:
EFF : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
Great, Now There's "Responsible Encryption"
(Score: 2, Insightful) by Anonymous Coward on Sunday February 18 2018, @11:17AM (27 children)
Money, as always, will be the determining factor.
Who has more money? Geeks or the government? And don't forget the stick that dangles the carrot. Governments can coerce businesses to accept "an offer they can't refuse".
Secure communication has become an oxymoron.
End of story.
(Score: 3, Interesting) by Anonymous Coward on Sunday February 18 2018, @01:48PM (20 children)
Retain existing encryption code (it won't magically vanish), send your own manually encrypted gunk thru unsafe network.
(Score: 4, Insightful) by Grishnakh on Sunday February 18 2018, @02:19PM (19 children)
Retain existing encryption code (it won't magically vanish), send your own manually encrypted gunk thru unsafe network.
Two problems with that idea:
1. Compatibility: everyone else will be using the "responsible" crypto protocols, so using today's existing code will be about as useful as, oh, sending a PGP-encrypted email to your grandmother. Vendors like Apple will build the FBI-approved stuff into their devices, and block unapproved stuff from their walled garden app stores. So anyone using non-conforming crypto will stick out and be easily detected, and will be very suspicious.
2. Legality: Non-conforming crypto can be simply banned, and with all the snooping on the internet, pretty easily detected. You'll have to resort to steganography, and the only reason you'd want to go down this route is because you really *are* up to something.
Realistically, #1 is the most likely scenario. They don't need to ban current crypto, they just need to render it irrelevant by getting current vendors to adopt their preferred backdoored solutions. Criminals/terrorists usually just use stuff that's commonly available. Remember, the San Bernardino shooters had iPhones which the FBI was mad about not being able to easily get into. If Apple had had a backdoor, then they wouldn't have had this problem, and if that were the case, the likelihood that those shooters would have been savvy enough to jailbreak their phone and install some other kind of crypto app and then use that for communications is pretty low.
The problem is that competent criminal organizations *will* have enough savvy to do that, and then get their members to use it (criminal organizations do have "IT departments" these days), so this stuff would only help the FBI get into the devices of lone wolves and other not-so-competent people. The other problem, of course, is that these backdoors will inevitably get out at some point, and suddenly everyone's encrypted data is now unprotected. There's just no way multiple large organizations can keep this stuff a secret indefinitely.
(Score: 4, Informative) by JNCF on Sunday February 18 2018, @02:50PM (9 children)
Or because you want privacy in an age where its illegal.
(Score: 3, Insightful) by Grishnakh on Sunday February 18 2018, @04:39PM (8 children)
No, because most of the people you want to communicate with aren't willing to jump through the hoops necessary to make that work. How many people do you know now who use GPG encryption for their emails? None? Steganography is a few orders of magnitude more of a PITA to bother with than that, and the bandwidth it provides is pathetic.
(Score: 2) by JNCF on Sunday February 18 2018, @09:35PM (2 children)
1) Those are technical and socials hurdles of the moment, and they are subject to change.
2) I sometimes encrypt things that I have no desire to communicate with anybody other than future iterations of myself, as an added security precaution. Private keys and personal notes both sometimes fall into the category. If I am paranoid enough to doubt the security of air-gapped machines (I am) then I can desire privacy through encryption sans communication.
(Score: 3, Touché) by Grishnakh on Monday February 19 2018, @02:00AM (1 child)
1) Those are technical and socials hurdles of the moment, and they are subject to change.
Yeah, I'm sure the general public will drop Facebook and Twitter and Windows 10 and free webmail and all start using Linux and GPG real soon now....
(Score: 2) by JNCF on Monday February 19 2018, @02:09PM
I'm surprised how many people I know are using Android and Signal.
(Score: 0) by Anonymous Coward on Monday February 19 2018, @01:40AM
We can't even get email users to use pgp so how will anything else take off?
(Score: 2) by JoeMerchant on Monday February 19 2018, @02:01AM (2 children)
The fun thing about pathetic bandwidth: people share cat videos all the time, and your average 15 second cat video can conceal hundreds of pages of text very effectively.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Monday February 19 2018, @01:28PM (1 child)
What if you want to share your 4K 60fps cat videos with privacy?
(Score: 0) by Anonymous Coward on Monday February 19 2018, @01:58PM
Obvious! Embed it in other cat videos!
(Score: 0) by Anonymous Coward on Monday February 19 2018, @07:23AM
I know three. Two of them stopped, though. And the other one is me.
(Score: 3, Interesting) by JoeMerchant on Sunday February 18 2018, @02:58PM (7 children)
Very true, which is why artful steganography is a valuable skill.
🌻🌻 [google.com]
(Score: 2) by Wootery on Monday February 19 2018, @10:57AM (6 children)
I'm skeptical whether it's true in the first place. There's plenty of random-looking binary data sailing through the intertubes. I would've thought it would be pretty straightforward to disguise an encrypted channel.
(Score: 2) by JoeMerchant on Monday February 19 2018, @01:09PM (5 children)
Data in-flight should be relatively easy to disguise. That non-standard encrypting communication app on your cellphone (after your phone has been confiscated and searched) not so much.
🌻🌻 [google.com]
(Score: 2) by Wootery on Monday February 19 2018, @02:39PM (4 children)
Right, but it's data-in-flight that we're talking about. I don't buy anyone using non-conforming crypto will stick out and be easily detected, and will be very suspicious.
(Score: 2) by JoeMerchant on Monday February 19 2018, @03:41PM (3 children)
Well, this is where the "responsible crypto" debate comes into play:
if 99%+ of encrypted data-in-flight is "responsible crypto" then a trawler with the backdoor key can open all of that data-in-flight easily and then the remaining stuff becomes suspicious.
It's a much better situation (for anonymity and privacy) where data-in-flight is heterogeneous and hard to break...
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Monday February 19 2018, @08:23PM (2 children)
Yup, I haven't kept up enough with the crypto scene, but from what I recall even some of the most heavy duty crypto can be brute forced with enough supercomputing resources. Might take a few days or even longer, but at least that makes it impractical to decrypt everything. Thus you get the push for backdoors, that way sifting through all encrypted data becomes easy and you can prioritize resources for decrypting the messages using "illegal" crypto.
It is an arms race that law enforcement simply can not win, and the fight to control humanity results in less freedom for the general public. Even with full access to digital communication the "bad guys" will quickly learn to use methods that make backdoored crypto pointless. Code words, book ciphers, isolated terrorist cells, etc. The only people this is likely to protect us against are the dumb fucks radicalized by the FBI who wouldn't have been a real threat without all the prodding.
(Score: 2) by JoeMerchant on Tuesday February 20 2018, @03:27AM
Nothing breaks a good one-time-pad - not quantum, not the NSA farm outside Langley, or Bumblefarm, or any of them.
Key management is the key. When used properly, Mersenne Twister is a good one-time-pad that is 2^19937 bits long. If you can secretly pass a 2.5KByte key that puts you somewhere specific in that 2^19937 sequence, and scramble up your message so it looks random before applying the pad, then we're done. (If you foolishly try to encrypt a bunch of zeroes with MT as your pad, then it can be broken.)
Moreover, if the crackers just don't know _how_ you're using MT as a OTP, that increases the complexity of an already intractable problem by many additional orders of magnitude.
🌻🌻 [google.com]
(Score: 2) by Wootery on Tuesday February 20 2018, @03:27PM
No. From Wikipedia [wikipedia.org]:
It is a practical impossibility to brute-force good crypto. Supercomputers don't help. Custom silicon doesn't help. Patience doesn't help. If you find a critical bug in OpenSSH, or outdo the world's algorithmists and find an efficient algorithm to crack AES256 (the complexity theoretic consequences would be profound), or take a wrench to the guy who knows the password, or maybe if you invent a quantum computer (but even then, maybe not) then you've got a chance, but brute-force isn't on the table.
(Score: 2) by JoeMerchant on Sunday February 18 2018, @03:01PM
So many "mob enforcement" movies fall back on the theme that most gangsters are basically idiots and confess openly to law enforcement. Law enforcement is busy enough collecting these wise-guys that they don't have much bandwidth leftover to try to crack the hard nuts.
🌻🌻 [google.com]
(Score: 3, Insightful) by NotSanguine on Sunday February 18 2018, @05:19PM (5 children)
Really? Here's an encrypted reply (see below) to your assertion, encoded to base64 to ease its display here.
Please do reply once you've been able to (trivially, if you're correct) decrypt it. Good luck with that!
hQIMA+IW3S5wXNlHAQ/9GYV1Ud7g8fz4LP9MBB0UQxOj/BE6q00nbR4xo2GLoEzCVC3oqXVO9NbT
Moi/c4hGkeScImF+eczPBkxlQfVp+WzUXsHjb87smWxScv6MNcT6nxJMZFbKSfhTP1xwFWqoU8Fp
OvSkLrvkTMj4C0pdTRXs7ZoXcsrapGRTXCN5qZz7blAu+MS4gnk28zsGPZkbzgiV7MAAgiwQzvoQ
S5ndpgCnxxO+jT63TZ+Psc6dQaK4lVDmQHzJYozzkcyzwJZl3On3MjAs6LL2ChRvtklOzKwoTRwL
Qc9dR4EYKfFmh5DWpe6pSiQk4dQanU+yUiex4qp4Hypj10IoWvU+yNxqUETbMyfTyDDSXP1yIxrV
pxQVUwA5xE/HzXAo4W5rxr1eTMMVKmbrYeIsq7y+xLSQUPUbfPoQUWimRfrTZo/KYT7S6gFfyNOG
78mlg540xpgUDFljScI9FrIAB6gLGefhJBdDy2m7Cpm4di3FS1hYCrM39tPz1iXXsAoKkvaBuySl
S2de/K1FY8zk/zVZL0FXeQVLNs7igflKobgo/bpbUnlr5O6h60g8UOv9D7l9RcSB/1ItE94f6EQP
MVBpjiVqufm1NkvY7VephT0CiP05OMFdecth85/IOYxoeyzA6h5B4nkXUYFVhU75ntppoS9Id6rs
iXhRuDliLK/+63vq0CbSwNUBC+rPQ8XrxgSHN/w6sUZN95923c52IGwd1SPRC47yRYdBzNKrPEKx
uFcxlGk7PMnP24z+8OU/KXQcS+Cw8WTbehO+I8pNxNHxI78g3FFFdqwVknChAz4V/ax0gKpF+0fb
y0rHJZ5NskEHs4Q8oc6uPv5DwnLARKr/zrK4sHua0V4A3uvHqzFP2gW6SqQtC8NuzMSwkKBi96JR
fZOdhrs9TP9kXd01gK2Jxvw1TGgQ/R2oHuqENUZnw1eHKZhxJHL6lYfPVoFCzTj/z4vNa0BqetCI
fEVzO+UMHIiANi/sKkre6YXeSjnUp953qI2zBycC3zbbuiOg1dDEv+vunRgSi2A/6037yxa3kbh5
+sioVdREiVuha0Z2ZslxxgA0ZfqT4wPWvgdcm8JtSPeFOv1O39/L1JKhDCF6X6g59UTOaKwHzW5G
2kHZ4OYqlme0MCg92D9dSd/KdzG7EJ+WcDi9dOGzmNETZMUo38XHnRsWhsc0N7kAJe5EXh0xRsTb
BvcbnJGW/UY25odQ7z6SNyD16ulbA4U=
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Sunday February 18 2018, @05:25PM
mlm
(Score: 0) by Anonymous Coward on Sunday February 18 2018, @06:04PM (3 children)
Here you go: "Be Sure To Drink Your Ovaltine."
(Score: 3, Interesting) by NotSanguine on Sunday February 18 2018, @06:24PM (2 children)
Thanks! You made my point for me.
Secure communication requires that those for whom such communications are intended have access to the means of encryption/decryption.
As long as those folks are the *only* ones with those means, communication *can* be secure.
Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.
What's more, even having the *decrypted* version of such a message doesn't necessarily compromise those means.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 4, Interesting) by frojack on Sunday February 18 2018, @09:06PM (1 child)
Sure, even SoylentNews uses TLS as a default. Technically it meets your definition of encryption. Is it secure? Chuckle.....
My email mua is set up to use opportunistic encryption when ever it can. For mMaybe 5 people I know, this works all the time, every time. For the others, they ask me to resent every once in a while because they can't figure out how to get GPG/PGP working on their iPhone or their tablet. or some new toy, and they are away from their main computer.
Every secure texting platform has been cracked. Some directly by decrypting the transmission, others by compromising the servers or device it runs on.
So, NO secure communications do NOT happen all the time. The illusion of secure communication is alive and well, at least among some.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by NotSanguine on Sunday February 18 2018, @11:08PM
Your points are certainly valid ones. I do however, disagree with your conclusion.
What is secure communication [wikipedia.org]?
So yes, the idea that communication can be compromised in most circumstances is absolutely correct. As to the practicality of compromising communication that uses tools that make confidentiality (whispering, hand signals, encryption -- both of content and communications channels, etc., etc.) and/or integrity (face-to-face meetings, recognition signals, handwriting, digital signatures, etc.), that's pretty varied, depending on the methods and mechanisms of such "secure" communication.
However, the likelihood of a compromise in inversely proportional to the quality of the security mechanisms *and* the effort used to apply them. Given the state of current knowledge and technology, I'm very comfortable saying that communications that *aren't* compromised (hence secure) happen all the time. Perhaps that's splitting hairs, but if so, that's a pretty important hair to split IMHO.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 5, Insightful) by Anonymous Coward on Sunday February 18 2018, @12:34PM (2 children)
Encryption for dummies
There are only two states:
1 - It works
2 - It does not work
p.s.:
"Responsible Encryption", "back door", "key escrow", "golden key", etc.. all fall in the second case
(Score: 3, Interesting) by JoeMerchant on Sunday February 18 2018, @02:56PM
Odd that this is modded insightful. Encryption is actually graded based on time/effort required to break it, its effectiveness scale is far from binary. To the point of OP, however, "responsible" or "backdoored" encryption basically has a zero time/effort required for it to be broken by anyone who has access to the backdoor key, so would fall pretty close to the "doesn't work" category, if you care about keeping your secrets from anyone who might have backdoor access.
On the other end of the spectrum, strong encryption takes a lot of effort / long time to break - but, as long as the message can be read by the intended recipients, there is the possibility that it will also be read by unintended persons.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Monday February 19 2018, @02:05AM
1 - Encryption in which the government already has a backdoor.
2 - Encryption in which the government wants to install a backdoor.
(Score: 4, Interesting) by JoeMerchant on Sunday February 18 2018, @02:50PM (13 children)
If you care about keeping a secret, the only real answer is to DIY the encryption - learn as much as you feel you need to about the algorithms, implement them yourself, and try to not copy something exactly that's in mainstream use and likely to be broken.
This is not saying: make up your own stuff from scratch and hope it sticks... this is saying: research the methods that have been proven, roll your own implementation from vetted published solutions, and include enough variation that when a successful attack method for the common implementations inevitably gets released it won't work on your implementation.
Or, pick one of these and pray: https://www.techrepublic.com/blog/five-apps/five-free-and-secure-messaging-tools/ [techrepublic.com]
It's always a tradeoff between convenience and security - rolling your own does come with a high inconvenience cost, and a risk that if you are sloppy you'll be insecure anyway, but if you're not a high value target then the effort required to practically secure your own communications is pretty low.
🌻🌻 [google.com]
(Score: 4, Insightful) by NotSanguine on Sunday February 18 2018, @05:52PM (4 children)
I disagree. How does the old saw go? "Three can keep a secret, if two of them are dead."
I'd add that often, not even that is enough.
Sure, you can roll your own encryption tools and share binaries (via encrypted, out-of-band channels) with trusted parties. Assuming you use sufficiently large key sizes [stackexchange.com], that will almost certainly keep prying eyes from decrypting any messages sent/received while in transit. However, the same can be said for current TLS implementations.
This, IMHO, argues for ubiquitous encryption of *all* network traffic, significantly increasing the complexity of compromising *specific* encrypted communications via wholesale network traffic captures.
That said, in order for such trusted parties to usefully interact with such messages, those parties must at least have the capability to decrypt them. That opens up a raft of potential vectors for compromising the confidentiality of those messages.
What's more, If one of those trusted parties is targeted [xkcd.com], confidentiality is almost certainly suspect.
Are things quite so dire for most of us? Probably not. But given the state of current technology, some form of coercion (warrants, violence/threat of violence, drugs, bribery/extortion, etc., etc.) is almost certainly the weakest link in the chain, not a lack of secure encryption tools.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Monday February 19 2018, @03:45AM (1 child)
The $5 pipe wrench, artfully applied to the holder of a secret key, is indeed the most efficient method of decoding many secrets.
The real art in secret communication is not letting anyone know who you are communicating with in the first place. Or, not communicating anything secret at all - if no one can tell the difference, then you're doing it right.
🌻🌻 [google.com]
(Score: 2) by NotSanguine on Monday February 19 2018, @04:22AM
An excellent point.
Given that the complexity (I discuss that a little bit below) in obfuscating the participants in a particular communication in the current environment, especially for folks who are unlikely to be targeted, I submit that a strategy of strongly encrypting *all* communications, whether they communicate sensitive information or not, is more achievable on a large scale. Sadly, that's not very likely, given the state of the software ecosystem enabling such communications.
I imagine I could undertake a survey of Craigslist ads, posts on sites like 4chan, reddit and, a raft of other sites that allow anonymous comments in an attempt to identify covert (or potentially not so covert) communications channels with a reasonable chance of success.
Even without performing such a survey, I'm certain that such communications, while perhaps not common, are used in the same way that classified ads in newspapers were used for covert communications in previous decades.
In fact, I assume that intelligence gathering agencies already scan all those sites and more in an attempt to identify such communications.
In some cases, that would be *more* secure than using encrypted emails/chat/messaging apps, given the risks associated with local system/app/server related compromises.
However, those covert channels have their own set of issues WRT cipher distribution, mis-identification of messages and timing, among other things.
Unless and until we have protocols and tools that can, relatively seamlessly, ensure confidentiality and integrity, one can either keep sensitive information to oneself, or meet trusted parties in isolated, soundproofed faraday cages to discuss such things.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Monday February 19 2018, @03:55AM (1 child)
Well, one solution for the "two can keep a secret" problem is for all parties to communicate 1:1 using each others' public keys. If one (or more) parties are sloppy with their keys, only messages addressed to the poor key keeper are compromised. This is just as unavoidable as the sloppy party re-posting the decrypted content in public - you can't stop a bad actor, but you can limit what you share with them.
🌻🌻 [google.com]
(Score: 2) by NotSanguine on Monday February 19 2018, @04:33AM
Absolutely. Unfortunately (as I pointed out in my reply [soylentnews.org] to your previous comment), the software ecosystem that would need to support widespread use of asymmetric key encryption is sorely lacking in the features that could engender widespread use.
Choosing the "wrong" (whether they be incompetent, unprincipled, stupid or otherwise "bad actors") folks with whom to communicate sensitive information goes far beyond digital communications, as is evidenced by (I'm sure there's at least one in your circle) that person(s) who can't help but tell everyone the stuff you reveal to them in confidence.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Sunday February 18 2018, @08:10PM
I disagree about the inconvenience cost. If you're capable of rolling your own this is by far the most convenient way to get just about anything done because you don't depend on arbitrary third parties to address any issues that nor do you have to wade through opaque, messy source code someone else wrote.
(Score: 4, Informative) by frojack on Sunday February 18 2018, @09:14PM (6 children)
The first thing everyone of the people who I trust in the encryto-sphere says is NEVER ROLL YOUR OWN.
Then Along comes Joe.
No, you are mistaken. I've always had this sig.
(Score: 2) by pipedwho on Sunday February 18 2018, @09:56PM (4 children)
This is absolutely true. However, Joe did qualify with:
There are various parameters and things you can do with an open source implementation of something that you otherwise trust. For example, at the lowest level lets say you're paranoid and worry about a weakness in AES (ignore that is has some proven security bounds), so you decide to add some extra rounds to your 'variant'. That change is within the design parameters of AES and will not only add security (at the detriment of performance, which may not matter to you), but also very likely 'break' any mass deployed automated cracking scripts/tools that assume that the protocol is just using standard AES.
You might also decide to add an 'obfuscation' protocol (based on otherwise secure crypto) on top of the existing 'trusted' solution. For example, you add some additional fixed encryption using AES (or Twofish, Serpent, etc) on top of the already effective protocol elements (especially the key exchange section). You might even just encode the fixed key constant in your app, creating an 'obfuscation' layer more than anything else. However, if the 'trusted' App falls to some exploit that allows a trojan or worm to 'mass harvest' messages from people communicating with the original App, your variant is still 'safe'. Yes, someone could analyse and easily crack that too. But, it's a lot of manual effort for a single payoff. And the mass deployed harvesting tools can't 'see' inside the encrypted data, so it just looks like garbage (or another 'unknown' protocol).
All you've done is taken an open source tool such as PGP and made a modification that is described by cryptographic literature as otherwise 'valid' or 'safe'. Whether or not it makes much difference (or even adds any additional 'security' in the classical sense) is irrelevant to what Joe was alluding to.
But, you are right, people with no experience with cryptographic implementation should definitely avoid rolling their own.
(Score: 3, Insightful) by JoeMerchant on Monday February 19 2018, @01:58AM
Thank you - I try not to spell things out too pedantically, it takes too long to read (and write.)
IMO, the most powerful security is a combination of the best available algorithms plus obscurity. If the crackers don't know what they're dealing with, it will take actual (expensive) human brain power to try to break it, and unless you're a top priority target that's not likely to happen.
What is likely to happen is a the cracking of a widely used tool (or app) and the subsequent mass harvesting of all traffic that passed through it - that will catch all kinds of people who weren't even on anyone's radar, until a mass harvester tripped on a few keywords in their archived communications streams from years gone by.
🌻🌻 [google.com]
(Score: 2) by Wootery on Tuesday February 20 2018, @03:34PM (2 children)
So the advice essentially boils down to become an expert cryptographer, then roll your own.
That advice is... unhelpful.
What's really wrong with just implementing an algo like Curve25519?
Or just use a proper algorithm like Curve25519 and don't pretend that amateur-hour band-aids are the solution.
(Score: 2) by pipedwho on Wednesday February 21 2018, @08:22AM (1 child)
Because you're just as likely to stuff up your implementation of Curve25519 if you're not an experience cryptography programmer anyway. So it's not particularly useful to use a single protocol element without considering the rest of the cryptographic system design.
If you want to use Curve25519 just find some trusted Open Source project that already uses it.
Or better yet, add it 'in series' with an already trusted/vetted Open Source project so you have something that is resistant to automated mass data vacuum scripts that might target the public version of your chosen tool. Even if you end up with a ham fisted effort that turns out to be insecure, at least you can fall back to the trusted secure implementation you have as the basis of your modified application.
So, the advice is don't try to roll your own. If you do, play it safe and do it in an additive way that doesn't touch or use any key material from the trusted implementation that you're modifying. If you have done a lot of research on the topic, then feel free to make some more subtle but secure changes to the parameters (if you don't understand what this means, you haven't done enough research, and are not ready to change anything).
I've seen far too many amateur hour totally insecure implementations that use otherwise secure algorithms like AES, RSA, Curve25519, SHA, etc. But they do something stupid (and usually a cascade of equally dumb things) that ends up pretty much voiding any security that the algorithms offered. It's better than back in the day where it was common for people/companies to try and roll their own low level crypto algorithms. At least these days we have some good building blocks to use from the likes of NIST, and if you don't trust NIST, then Dan Bernstein.
(Score: 2) by Wootery on Wednesday February 21 2018, @09:40AM
Ultimately I agree, of course, but we were putting on our tin-foil hats and pretending we couldn't trust any existing implementations. Perhaps the best answer to that hypothetical is simply in that case all is already lost.
The horror, the horror. A proprietary 4096-bit crypto scheme sounds great on paper, to a clueless pointy-haired boss at least, but as you say, it's like saying you've given your security guards hand-made 11mm handguns.
(Score: 2) by JoeMerchant on Monday February 19 2018, @01:52AM
See, that's where you need to learn to read, and understand, the whole first two sentences before reacting:
Take working copies of good implementations and roll them into your own layered solution, getting the good bits, but not compatible with mainstream released methods that will inevitably be hacked on until they fall.
Or, you could just run mainstream tools, patch regularly and pray that they release lockouts for the "bad guys" fast enough, and that the "good guys" who have the back door keys use them responsibly... that's the first thing everyone of the people who represent mainstream cybersecurity best practices encourages everyone to do. Watching Adobe Flash play whack-a-mole with east European BBC pirates was enough to convince me that that merry-go-round is not running for my benefit.
🌻🌻 [google.com]
(Score: 5, Touché) by Anonymous Coward on Sunday February 18 2018, @03:00PM (1 child)
Is where only *I* can decrypt it.
(Score: 2) by Wootery on Wednesday February 21 2018, @09:43AM
I don't want AC to be able to decrypt my data! You sound just like them! Tyrant!
(Score: 0) by Anonymous Coward on Sunday February 18 2018, @03:21PM
ok, this is not realistic, but just for kicks:
the encrypted communications device holds the secret (longish) pin to disarm
a dirty nuke that has been discovered in some major city?
the encrypted communications device holds the secret anti-dot/vaccine to some
army-nation-state developed super flu?
also something about foiling a time traveler, but nevermind that...
my opinion is that if law enforcement has a search warrant, they can search you house
AND YOUR MOBILE PHONE!
of course, it is NOT OKAY that law enforcement has the "unlock keys" to the device.
separation of power and all.
in the same way that law enforcement cannot give
itself the search warrant, they cannot give themselves the key to unlock the
phone, which needs to be IN THEIR PHYSICAL POSSESSION.
The "unlock key" ALSO needs to be in the form and shape of a PHYSICAL DEVICE.
Now, because the device to unlock is also a physical device, again a physical
key is required.
thus, maybe, the unlocking key/device is housed at the manufacturers location, but behind
a physical door that only law enforcement can open but the manufacturer is only
required to give access to the lock if law enforcement can show a search warrant AND THE PHYSICAL DEVICE that needs to be unlocked.
this is so that the manufacturer has to be true to their word, that they
themselves cannot unlock the phone .. for some reason or other (maybe to find carmen sandiego).
ofc someone will come up with a solution that works digital, remote-over-the-air (lol), or via a physical cable dongle (that nobody in china can mass produce for 0.02 dollars)
and nobody will find a way around it... for all!
anyways, my money is on:
loonies win! "Again, participation is needed rather than ceding the whole process, and thus its outcome, to the loonies."
(Score: 4, Touché) by turgid on Sunday February 18 2018, @08:25PM (1 child)
We should all switch to EBCDIC.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Funny) by infodragon on Tuesday February 20 2018, @07:58PM
...as if millions of voices suddenly cried out in terror...
Don't settle for shampoo, demand real poo!
(Score: 2) by arslan on Monday February 19 2018, @01:03AM
See, I just don't get it, the white elephant here is the fact that you _know_ the spooks will reserve the stronger stuff for their own usage, and by extension their ultra-elite puppet masters and cronies (read: lobbied politicians). That is a clear message to the masses that in the eyes of the govies there's 2 classes of people, the one that matter and the ones that don't. Patriotism to these folks is only about protecting the interest of the ones that matter.
The rest of you should have nothing to fear if you have nothing to hide. You have nothing to hide because you don't matter.
(Score: 0) by Anonymous Coward on Monday February 19 2018, @06:44PM
You all accept banning men from taking cute young girls as brides.
Law enforcement is the world wide enemy of males.
They enforce america's religion and are enemies of YHWH's law.