SoylentNews is people
SoylentNews
from the put-all-your-secrets-in-one-basket dept.
'The intelligence coup of the century'
In case of paywall...
CIA Secretly Owned Crypto, the Swiss Company That Ruled Global Spy Comms for Decades, Says Report
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.
For the most goodest security, use only one commercial crypto system. Trust it with all your secrets.
(Score: 2) by darkfeline on Thursday February 13 2020, @12:56AM (2 children)
It's only a terrible idea if an attacker can control part of the input, and the rest of the input should be hidden from the attack, which is a very specific case that mostly applies only to modern websites.
Compression and encryption are very similar: you're trying to maximize entropy, that is, minimize redundant information. The only distinction is how easy the process is to reverse.
If you compress a file with e.g. Huffman coding, then delete the tree, then what you're left with is effectively your ciphertext and the prefix tree is your encryption key. Vice versa, if you encrypt something and distribute the key along with the ciphertext, then you've effectively compressed it.
Now of course compression and encryption algorithms are different, they prioritize very different things when trading off properties in the algorithm design. But from an information theory perspective they are very similar.
There's no use arguing this with me, like I said, try the plain text example. Encryption DOES compress. You can of course pad the ciphertext, and that does in fact happen in various cryptosystems.
for i in {1..1000000}; do echo $i >> /tmp/tmp; done
gpg --output /tmp/tmp.gpg --symmetric /tmp/tmp
stat /tmp/tmp; stat /tmp/tmp.gpg
Join the SDF Public Access UNIX System today!
(Score: 2) by FatPhil on Thursday February 13 2020, @08:11AM
False, you're trying to maximise entropy density.
> Encryption DOES compress.
False. The GPG example you use is using an optional "also compress" feature of that GPG implementation, which is an *optional* part of the standard. It will create output that other implementations which do not support compression, cannot read. Your statement is as correct as saying "tarballs ARE compressed". That is to say, it's false.
> There's no use arguing this with me
That explains why you persist in holding incorrect views.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Saturday February 15 2020, @11:13PM
Well, something with high entropy tends to be difficult to compress but something difficult to (further) compress doesn't necessarily tend to be high in entropy.