SoylentNews is people
SoylentNews
This is the Enigma machine that enabled secret Nazi communications. Efforts to break that encoding system ultimately helped make D-Day possible.
[...] In terms of global politics, encryption was pretty straightforward during World War II. One nation tapped its linguists and mathematicians -- and relied on the heroism of men who boarded sinking U-boats -- to crack the encryption tech of an enemy force.
The world's gotten a lot more complicated since then.
Just as in World War II, law enforcement and spy agencies today try to read the communications of criminals, terrorists and spies. But now that almost everyone uses encryption, a government's ability to break it doesn't just worry our country's enemies -- it concerns us, too.
And despite the advances in computing and encryption since Bletchley Park, we haven't come close to agreeing on when it's okay to break encryption.
[...] Burr, who saw the inside of public controversies over the government breaking encryption during his time at the National Institute of Standards and Technology, says there's no clear path forward.
"There's just a big dilemma there," he says. Creating ways to break encryption "will weaken the actual strength of your security against bad guys of ability. And you have to count among those the state actors and pretty sophisticated and organized criminals."
In their laser-focused effort to crack Nazi encryption, codebreakers like Turing and soldiers like Fasson and Grazier were unlikely to have imagined a world like this. But here it is: the catch-22 of computerized encryption. And it's not going away anytime soon.
-- submitted from IRC
(Score: 3, Insightful) by Anonymous Coward on Thursday June 08 2017, @08:54AM (5 children)
My understanding is real crypto is rarely broken. Why? Because it would take a looong time and cost a loooot of money. Instead attackers opt for easiers methods and go for the weakest link which never is the real crypto. It's the hardware, the software and the wetware (that's you).
That's why your hardware comes with backdoors when shipped from the factory (INTEL AMT &c), that's why you must allow JavaScript in your browser (vulnerability cornucopia) and that's why you get all those lovely spearfishing emails. (I'm $trustworthy_party, give me your credentials)
(Score: 2) by SomeGuy on Thursday June 08 2017, @10:49AM
And that is just it, proper crypto should be impossible to just "crack". Otherwise, what is the point of using it? Go ahead and guess at a decryption key, but if it doesn't take billions of years, then again, what is the point of using it?
But the masses are trained to expect crypto to be easily crackable. Turn on the TV, and "Oh, no! The bad guy's laptop is encrypted! I'll need a few hours to crack the encryption, and I'll deliver the data on the hard drive just in time to advance the plot!". Duuuuuh.
(Score: 2) by Lester on Thursday June 08 2017, @12:17PM (3 children)
Security is achieved by following strong security policies, where strong encryption is just a link of a chain (no matter what encryption system you use if your password is written in a post-it stick on the side of your monitor). Probably the weaker link of security chain is not encryption, so you better try other point to attack. That's what NSA does, tries to set backdoors and weaken encryption algorithms in software and hardware suppliers level.
Not long ago I watched an interview, a member of a intelligence agency said: "Strong encryption has brought back to life the real spy games, the three-B: Bribery, blackmailing and burglary"
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @02:51PM
I think that is good. Spying should be expensive, that is what protects normal people from it.
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @05:19PM (1 child)
If it is a room only you have access to (including peeping-through-the-window access, of course), the post-it on the monitor may be a safer place for the password than your head which is routinely carried out of the building and may be susceptible to hacking methods involving a $5 wrench.
(Score: 2) by Lester on Friday June 09 2017, @11:23AM
Just wanted to tell that if you don't follow the most elemental security basics, strong encryption won't help you much.
With the same effort, you can keep it a draw of your desk hidden in a bunch of papers that none but you can find.
And, well, a place that invest in a safe room to secure a workstation, I expect them to follow better security policies that a post-it.
A little more than $5, to begin with, you must know who knows the password, where he live and know his habits to find meet him in a solitary place.