This is the Enigma machine that enabled secret Nazi communications. Efforts to break that encoding system ultimately helped make D-Day possible.
[...] In terms of global politics, encryption was pretty straightforward during World War II. One nation tapped its linguists and mathematicians -- and relied on the heroism of men who boarded sinking U-boats -- to crack the encryption tech of an enemy force.
The world's gotten a lot more complicated since then.
Just as in World War II, law enforcement and spy agencies today try to read the communications of criminals, terrorists and spies. But now that almost everyone uses encryption, a government's ability to break it doesn't just worry our country's enemies -- it concerns us, too.
And despite the advances in computing and encryption since Bletchley Park, we haven't come close to agreeing on when it's okay to break encryption.
[...] Burr, who saw the inside of public controversies over the government breaking encryption during his time at the National Institute of Standards and Technology, says there's no clear path forward.
"There's just a big dilemma there," he says. Creating ways to break encryption "will weaken the actual strength of your security against bad guys of ability. And you have to count among those the state actors and pretty sophisticated and organized criminals."
In their laser-focused effort to crack Nazi encryption, codebreakers like Turing and soldiers like Fasson and Grazier were unlikely to have imagined a world like this. But here it is: the catch-22 of computerized encryption. And it's not going away anytime soon.
-- submitted from IRC
(Score: 3, Informative) by Whoever on Thursday June 08 2017, @05:34AM
I urge anyone who has a chance to visit this place to go. It's easily accessible by train from London (that's one of the reasons it was chosen during the war). Make sure you pay the extra to see the Colossus.
If you are interested in that kind of thing, also on the site is the National Radio Centre [nationalradiocentre.com], run by the RSGB (Radio Society of Great Britain). Entrance is free to this.
(Score: 5, Insightful) by Anonymous Coward on Thursday June 08 2017, @05:35AM (7 children)
This seems to be a propaganda article to try to influence public opinion to make more people willing to accept the weakening of their crypto and similar.
I think most would agree it's perfectly fine for your Gov to try to crack an enemy Gov's crypto. BUT do NOT try to muddle this with your Gov treating you like the enemy and trying to crack your crypto and spy on you.
(Score: 0, Insightful) by Anonymous Coward on Thursday June 08 2017, @05:52AM (4 children)
In a world of mass produced computers and OSS, the enemy government's crypto is the same as the public's crypto. Except the real enemy government is the government currently controlling you.
(Score: 3, Insightful) by Mykl on Thursday June 08 2017, @07:56AM (3 children)
You're assuming here that the strongest form of encryption created by humankind happens to be OSS - I don't think that's a reasonable assumption. There are state actors paying lots of very talented people lots of money to come up with something better than a volunteer-led community project.
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @08:46AM (1 child)
That might be the case but the relevant bit is the "volunteer-led community projects"* produce cyphertext that the government can't read. Hence this whole backdoor discussion. Most governments besides certainly don't have the resources to outdo the best available free software encryption options so grand parent is right in most cases.
* I don't know enough about the relevant free software encryption efforts to say whether your characterization is accurate.
(Score: 3, Insightful) by anubi on Thursday June 08 2017, @09:32AM
One thing I have seen over and over is never underestimate the power of passion.
I have seen extremely well paid "technical" people whose main asset was a business suit, firm handshake, and captivating demeanor.
They were really good at getting people to think they were worth a king-sized paycheck. Usually from the government, as it took someone with the ability to coerce many to pay to support this kind of thing.
And I have seen people do amazing technical things.... for FUN!!!
While lacking the social skills to even be considered for the work that needs them the most.
That's why millions of dollars get spent on DRM schemes, which seem hacked within a few weeks.
Never assume useful technology necessarily comes from extremely impressive buildings staffed with highly credentialed individuals. Many of those places reek of execubusiness-grade bullshit centered on giving the answer someone else wants to hear. Their main reason for existence seems to be providing "a good job" in the military-industrial-complex for political team players.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Informative) by c0lo on Thursday June 08 2017, @11:28AM
I think that, on the contrary, the strongest form of encryption created by humankind needs to be open (software or not).
Only if the algorithm is public there's the guarantee that other experts in crypto can analyze and find weaknesses in it.
As for all the others, the mighty Bruce called them better: snakeoil cryptography [schneier.com] as far back as 18 years ago. And its still valid. Here's an excerpt:
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 1, Insightful) by Anonymous Coward on Thursday June 08 2017, @08:12AM (1 child)
Actually I'm also fine with the government trying to crack my crypto. I'm not fine with the government forbidding to use crypto they can't break, or intentionally introducing backdoors/weaknesses in crypto software/algorithms.
(Score: 1) by anubi on Thursday June 08 2017, @09:40AM
Very healthy attitude. You know they are gonna try. And there ain't a thing anyone can do about it. So just plan on it.
To take any other approach would be like standing outside your freshly painted house and ordering the rain not to fall.
The government should count their blessings. At least many encrypted files are still sent out in the open.
I can guarantee you that should the government meddle in people's encryption, they will drive an interest in steganographic techniques. Now the least of their problems will be decryption. Once things are driven to steganographic covers, they will have fits trying to find the packages that something may or may not be hidden in.
Talking about a problem jumping out of the frying pan into the fire.
They now have metadata on a lot of this stuff.
Once people are driven to use steganographic techniques, they won't even have that.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Insightful) by Lester on Thursday June 08 2017, @07:53AM
Intelligence agencies have no dilemma. They want to be able to break any encryption and keep secret the way as long as they can, so people use encryption trustingly.
Governments want the same that Intelligence agencies. They have no dilemma, they have a challenge: How to pretend they have a dilemma.
We, people, have the dilemma. Do we want government be able to read all bad guys' communications but being able to read also our communications? or do we want to keep our communications secret making impossible to government to read bad guy's communications?
The dilemma exists because we don't think the government is always the good guy that looks after our interests. They earned it by themselves using the asymmetric information they have of us against us: Using information to control activists and other government dissidents, threatening people for corporations interests and data mining to manipulate public opinion.
(Score: 3, Insightful) by Anonymous Coward on Thursday June 08 2017, @08:54AM (5 children)
My understanding is real crypto is rarely broken. Why? Because it would take a looong time and cost a loooot of money. Instead attackers opt for easiers methods and go for the weakest link which never is the real crypto. It's the hardware, the software and the wetware (that's you).
That's why your hardware comes with backdoors when shipped from the factory (INTEL AMT &c), that's why you must allow JavaScript in your browser (vulnerability cornucopia) and that's why you get all those lovely spearfishing emails. (I'm $trustworthy_party, give me your credentials)
(Score: 2) by SomeGuy on Thursday June 08 2017, @10:49AM
And that is just it, proper crypto should be impossible to just "crack". Otherwise, what is the point of using it? Go ahead and guess at a decryption key, but if it doesn't take billions of years, then again, what is the point of using it?
But the masses are trained to expect crypto to be easily crackable. Turn on the TV, and "Oh, no! The bad guy's laptop is encrypted! I'll need a few hours to crack the encryption, and I'll deliver the data on the hard drive just in time to advance the plot!". Duuuuuh.
(Score: 2) by Lester on Thursday June 08 2017, @12:17PM (3 children)
Security is achieved by following strong security policies, where strong encryption is just a link of a chain (no matter what encryption system you use if your password is written in a post-it stick on the side of your monitor). Probably the weaker link of security chain is not encryption, so you better try other point to attack. That's what NSA does, tries to set backdoors and weaken encryption algorithms in software and hardware suppliers level.
Not long ago I watched an interview, a member of a intelligence agency said: "Strong encryption has brought back to life the real spy games, the three-B: Bribery, blackmailing and burglary"
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @02:51PM
I think that is good. Spying should be expensive, that is what protects normal people from it.
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @05:19PM (1 child)
If it is a room only you have access to (including peeping-through-the-window access, of course), the post-it on the monitor may be a safer place for the password than your head which is routinely carried out of the building and may be susceptible to hacking methods involving a $5 wrench.
(Score: 2) by Lester on Friday June 09 2017, @11:23AM
Just wanted to tell that if you don't follow the most elemental security basics, strong encryption won't help you much.
With the same effort, you can keep it a draw of your desk hidden in a bunch of papers that none but you can find.
And, well, a place that invest in a safe room to secure a workstation, I expect them to follow better security policies that a post-it.
A little more than $5, to begin with, you must know who knows the password, where he live and know his habits to find meet him in a solitary place.
(Score: 2) by butthurt on Thursday June 08 2017, @04:47PM (1 child)
The Polish Cipher Bureau was reading messages sent in the military Enigma code, up until Poland was overrun. Its work was instrumental to what was done at Bletchley Park.
https://en.wikipedia.org/wiki/Bomba_%28cryptography%29 [wikipedia.org]
https://en.wikipedia.org/wiki/Polish_Cipher_Bureau#Stalking_Enigma [wikipedia.org]
http://www.bbc.co.uk/news/magazine-28167071 [bbc.co.uk]
http://www.telegraph.co.uk/history/world-war-two/11231608/Breaking-the-Enigma-code-was-the-easiest-part-of-the-Nazi-puzzle.html [telegraph.co.uk]
(Score: 0) by Anonymous Coward on Thursday June 08 2017, @07:15PM
Ernst Stavro Blofeld had his fingers into everything.