Stories
Slash Boxes
Comments

SoylentNews is people

Crypto-guru Slams 'NSA-proof' Tech

posted by Woods on Saturday May 17 2014, @03:50AM   Printer-friendly
from the complex-cryptography-cannot-cover-corner-cutting dept.

AnonTechie writes:

In a presentation titled "Crypto Won't Save You" at the AusCERT conference on Australia's Gold Coast, respected cryptographer Peter Gutmann of the University of Auckland took security bods through a decade of breaches featuring a laundry list of the world's biggest brands. Gutmann's point was to demonstrate how the weakest point of cryptography was typically in its implementation rather than the maths itself. He demonstrated that consumer devices from the Amazon Kindle to the Sony Playstation and Microsoft Xbox consoles were hacked not because of weak cryptography, but due to poor deployment of security mechanisms, which were bypassed by attackers.

View Gutmann's 95-page slide deck here (PDF).

 
This discussion has been archived. No new comments can be posted.
Crypto-guru Slams 'NSA-proof' Tech | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday May 17 2014, @07:01PM

    by Anonymous Coward on Saturday May 17 2014, @07:01PM (#44681)

    You're saying it's is the math because broken math is susceptible to compromise no matter how good the non-algorithm implementation is.

    Gutman is saying it doesn't matter how good the math (by which he means only the encryption algorithm) is, because all the other parts of the system are easier to break. The key exchange procedure, for example. Or just the fact that, in order to be useful, the data has to exist, unencrypted at some point, and it can just be stolen then. His point is that the encryption algorithms already in use are sufficiently complex that it's already easier for Them to target other parts of the system. He's saying that, even if the math is imperfect and less complex than we think, it's still easier to use a keylogger.

    Even quantum-encrypted data exists in cleartext before being encrypted. It's much easier to get it off the encrypting computer before processing than to muck about decrypting the data in transit. Who cares if you're doing quantum encryption, if They have a video camera pointed at your monitor?