this post was submitted on 13 Oct 2023
627 points (98.8% liked)

Technology

59454 readers
3776 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] spaxxor@lemmy.world 37 points 1 year ago* (last edited 1 year ago) (4 children)

Sadly not new. The USA considers encryption to be a weapon of war (thanks Germany), so they do whatever they can to interfere with it. If you are making a new encryption scheme it will be illegal if the government doesn't have an easy way to break it.

Edit: the guy that made pgp got in a stink with the government if memory serves they tried to bop him with something to do with itar.

[–] Touching_Grass@lemmy.world 17 points 1 year ago* (last edited 1 year ago) (1 children)

I have a pet theory that a lot of our passionate "movements" that get us all angry and upset are only those movements that benefit someone powerful.

I see stuff like this and think, "well that's another coin in that jar"

Like this should piss so many people off. Its something enough people know about. It's something that you would think would have all kinds of groups up in arms about. Like ask any self respecting 2A enthusiasts if the government should keep skeleton key to every lock in their house.

But at least there is Daniel Bernstein

[–] guacupado@lemmy.world 2 points 1 year ago (1 children)

I, too, just finished watching Rabbithole.

[–] Touching_Grass@lemmy.world 2 points 1 year ago

Confused Kiefer Sutherland noises

[–] otter@lemmy.ca 10 points 1 year ago* (last edited 1 year ago) (1 children)

it will be illegal if the government doesn’t have an easy way to break it

Aren't there a lot of existing standards already can't be broken easily (by anyone)? That's why we have all these recent attempts to force backdoors into encrypted apps

Or is it just extra scrutiny if you're trying to make a new one

[–] hoshikarakitaridia@sh.itjust.works 16 points 1 year ago (2 children)

I'm going to break things down a few levels. Disclaimer: I'm a nerd not a mathematician, so if anyone else can fix my errors that would be great.

Cryptography is a cat and mouse game. There is currently no "perfect solution" so that A and B can communicate and C has no way of cracking the communication at some point.

Cryptography is very complex for obvious reasons, but a lot of modern algorithms hinge on the time it takes to calculate prime numbers and test them against encrypted communication. Traditional PCs take an incredibly long time to calculate prime numbers.

Quantom PCs don't. The way they operate makes them incredibly helpful for calculating primes, that's why a lot of cryptographic algorithms will be in jeopardy once it is more widely implemented.

But back to your question. There are already rumors that NSA is using super fast traditional computers to calculate prime numbers and collect them in a database to make cracking traditional encryption easier.

The only thing I can think about with is is that for the NSA they are not moving quickly enough to catch up or they suspect any future quantum key encryption will thwart any attempts they made.

This would be in tandem with moves by the UK parliament to get a law going that implements backdoors in devices or apps (I assume that must be pushed by GCHQ?).

Personal opinion: encryption with a backdoor is ridiculous. The government likes to represent that they're the only one to access those, but it only takes one savant 10yo interested in penetration testing or one rogue government employee for this backdoor to be used for malicious purposes. And it's not like these ppl already exist.

[–] Socsa@sh.itjust.works 10 points 1 year ago

So there was an extremely interesting CVE recently about TLS trust issues on Qualcomm modem firmware.

Astute observers have been asking why modem firmware is implementing TLS exchanges in the first place, leading many to speculate that the NSA was using TLS to authenticate their backdoor, and the keys got leaked.

[–] Natanael 1 points 1 year ago

But back to your question. There are already rumors that NSA is using super fast traditional computers to calculate prime numbers and collect them in a database to make cracking traditional encryption easier.

The only thing I can think about with is is that for the NSA they are not moving quickly enough to catch up or they suspect any future quantum key encryption will thwart any attempts they made

RSA1024 is presumed to be breakable (was the default for decades), while RSA1280 (used by iMessage) is presumed to be near the limit of what an agency like NSA could break, and 2048 or 4096 is the medium term standard while long term it's either ECC or post quantum algorithms.

Today most of the cat and mouse game is about protocol design security and implementions. Just look at sidechannel attacks.

[–] Blackmist@feddit.uk 4 points 1 year ago (2 children)

They seem to have calmed that down in recent years, and rely on the dumb public to store all their secrets on readily accessible corporate servers.

The maths war is hard to win (bigger keys handle most of that), and I honestly doubt most current encryption can be beaten reliably even with quantum computing.

[–] Socsa@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

It's because they don't care about encryption when they can just side channel the endpoints. You can infer device state from observing EM emissions, and in theory observe keys being loaded into the registers under the right circumstances. This has been demonstrated conceptually many times over the past decade, using a wide variety of devices and methods.

[–] Restaldt@lemm.ee 3 points 1 year ago (1 children)

Ive never understood how the same crowd that spouts not your keys not your crypto would ever trust any password manager they havent personally read the source code for/compiled/self hosted.

Not your server not your safe/secure password

[–] Socsa@sh.itjust.works 4 points 1 year ago

Because the pop security YouTube crowd goes through great lengths to avoid these conversations which reveal the limits of their own knowledge and abilities. Because a YouTube channel which just says "you are vulnerable to state actors and should focus on protecting yourself from more benign threats" doesn't generate as much traffic as shilling VPNs.

[–] RangerAndTheCat@lemmy.world 1 points 1 year ago

Didn’t the same thing happen with TrueCrypt?