Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday June 08 2017, @05:14AM   Printer-friendly
from the learning-from-history dept.

This is the Enigma machine that enabled secret Nazi communications. Efforts to break that encoding system ultimately helped make D-Day possible.

[...] In terms of global politics, encryption was pretty straightforward during World War II. One nation tapped its linguists and mathematicians -- and relied on the heroism of men who boarded sinking U-boats -- to crack the encryption tech of an enemy force.

The world's gotten a lot more complicated since then.

Just as in World War II, law enforcement and spy agencies today try to read the communications of criminals, terrorists and spies. But now that almost everyone uses encryption, a government's ability to break it doesn't just worry our country's enemies -- it concerns us, too.

And despite the advances in computing and encryption since Bletchley Park, we haven't come close to agreeing on when it's okay to break encryption.

[...] Burr, who saw the inside of public controversies over the government breaking encryption during his time at the National Institute of Standards and Technology, says there's no clear path forward.

"There's just a big dilemma there," he says. Creating ways to break encryption "will weaken the actual strength of your security against bad guys of ability. And you have to count among those the state actors and pretty sophisticated and organized criminals."

In their laser-focused effort to crack Nazi encryption, codebreakers like Turing and soldiers like Fasson and Grazier were unlikely to have imagined a world like this. But here it is: the catch-22 of computerized encryption. And it's not going away anytime soon.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Mykl on Thursday June 08 2017, @07:56AM (3 children)

    by Mykl (1112) on Thursday June 08 2017, @07:56AM (#522475)

    In a world of mass produced computers and OSS, the enemy government's crypto is the same as the public's crypto

    You're assuming here that the strongest form of encryption created by humankind happens to be OSS - I don't think that's a reasonable assumption. There are state actors paying lots of very talented people lots of money to come up with something better than a volunteer-led community project.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Thursday June 08 2017, @08:46AM (1 child)

    by Anonymous Coward on Thursday June 08 2017, @08:46AM (#522484)

    That might be the case but the relevant bit is the "volunteer-led community projects"* produce cyphertext that the government can't read. Hence this whole backdoor discussion. Most governments besides certainly don't have the resources to outdo the best available free software encryption options so grand parent is right in most cases.

    * I don't know enough about the relevant free software encryption efforts to say whether your characterization is accurate.

    • (Score: 3, Insightful) by anubi on Thursday June 08 2017, @09:32AM

      by anubi (2828) on Thursday June 08 2017, @09:32AM (#522490) Journal

      One thing I have seen over and over is never underestimate the power of passion.

      I have seen extremely well paid "technical" people whose main asset was a business suit, firm handshake, and captivating demeanor.

      They were really good at getting people to think they were worth a king-sized paycheck. Usually from the government, as it took someone with the ability to coerce many to pay to support this kind of thing.

      And I have seen people do amazing technical things.... for FUN!!!

      While lacking the social skills to even be considered for the work that needs them the most.

      That's why millions of dollars get spent on DRM schemes, which seem hacked within a few weeks.

      Never assume useful technology necessarily comes from extremely impressive buildings staffed with highly credentialed individuals. Many of those places reek of execubusiness-grade bullshit centered on giving the answer someone else wants to hear. Their main reason for existence seems to be providing "a good job" in the military-industrial-complex for political team players.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 4, Informative) by c0lo on Thursday June 08 2017, @11:28AM

    by c0lo (156) Subscriber Badge on Thursday June 08 2017, @11:28AM (#522538) Journal

    You're assuming here that the strongest form of encryption created by humankind happens to be OSS - I don't think that's a reasonable assumption. There are state actors paying lots of very talented people lots of money to come up with something better than a volunteer-led community project.

    I think that, on the contrary, the strongest form of encryption created by humankind needs to be open (software or not).
    Only if the algorithm is public there's the guarantee that other experts in crypto can analyze and find weaknesses in it.
    As for all the others, the mighty Bruce called them better: snakeoil cryptography [schneier.com] as far back as 18 years ago. And its still valid. Here's an excerpt:

    I promise not to start another tirade about the problems of proprietary cryptography. I just include it here as a warning sign. So when a company like GenioUSA refuses to divulge what algorithm they're using (they claim it's "world class secret key encryption," whatever that means), you should think twice before using their product (it's completely broken, by the way).

    Another company, Crypt-o-Text , promises a "complex proprietary encryption algorithm" and that "there is absolutely no way to determine what password was used by examining the encrypted text." It was completely broken in an InfoWorld review.

    This kind of thing isn't exclusive to small companies. Axent once tried to pass XOR off as a real encryption algorithm. It wasn't until someone peeked inside the compiled code that we discovered it.

    Any company that won't discuss its algorithms or protocols has something to hide. There's no other possible reason. (And don't let them tell you that it is patent-pending; as soon as they file the patent, they can discuss the technology. If they're still working on the patent, tell them to come back after they can make their technology public.)

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford