Encryption

[spot]

"If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents - whether it's at a game in a stadium, in a small restaurant in Paris, take down an airline - that is a big problem," Dianne Feinstein, who chairs the Senate Intelligence Committee, told MSNBC.

Paris attacks: Silicon Valley in crosshairs over encryption - BBC News



Yay, tell it, Dianne, lay it on. Someone in authority has finally realized the danger inherent in the telephone. Dig up Edison's bones and have a symbolic burning session.

Why on earth is encryption being blamed for any of this? How would the ability of those within the purview of the Senate Intelligence Committee to decrypt everything on the planet make any difference to the problem of small disconnected cells of terrorists creating sporadic mayhem? The reason terrorists organize themselves in small disconnected cells is because they don't communicate over distances. If they did then the association from A to B, who messages C, would reveal their structure, and it makes no difference whether they exchange these messages on facebook, twitter, gmail, ancient landlines or stand-out iphones.

What these people do is they meet, travel and discuss in private. Securely encrypting communications between a tight group would make it stand out like a sore thumb. Ringing or messaging each other, or having secure drops on dark Internet sites, would subsequently roll up the whole network after any single operation displayed their existence.

[FourPart]

We should blame it all on the Ancient Egyptians. Apparently they were the first ones to come up with the technology to craft locks & keys. Ever since then people have been striving for better & more secure ways to keep their property & information away from prying eyes.

[Bryn Mawr]

Given that it's so easy to come up with a homebrew coding system that the NSA and their ilk could not break what would be the benefit of banning encryption or providing backdoors into all of the encrypted systems?

[spot]

There are two issues regarding the content of traffic, as opposed to its connectivity.

One is that traffic can be captured so that agencies can trawl back once suspicion has been raised, and if the traffic encryption is compromised then it can be easily decrypted to provide intelligence. If the encryption is compromised it can even be included in the text-match searches which for years applied to unencrypted email, with matched material being flagged immediately for human analysis.

If that sort of compromise is introduced into encrypted internet traffic then surely it's clear to everyone that rogues, and non-allied governments, will locate the compromise and also scan the content of everything they can intercept. There is no compromise on earth that can be restricted to just the people it was intended for.

The second issue is that, once a device has been identified as of interest, it is trivially easy for a government agency (or all the rogues who run bot-nets!) to actively introduce a compromise onto that device which will provide the compromiser, and nobody else, with all the content moving through the device. It's called exploiting and has nothing to do with compromising encryption, but it can't be back-dated like the first technique can.

Nothing prevents government agencies from watching the content of messages on compromised devices in real-time, that's an ability they currently have.

What they can't do, increasingly, is trawl back through the history of messages from devices they haven't compromised. If they forced the Internet's technicians to allow them to then every other Tom Kim and Vladimir will have exactly the same ability handed to them on a plate, the techniques are discoverable.

[spot]

It really is hard to know what they're barking on about. If I have a wireless control system in my aircraft I don't want the chap in seat 54D injecting validly-encrypted rev-the-engines instructions to impress his girlfriend. If I'm driving behind some hog in the centre lane I would not want to be able to press a button and veer him to the slow lane where he belongs. Reliable encryption is essential in households for this sort of requirement. Or are we looking for a world where law enforcement can hijack the controls of every device whenever they feel the need - did nobody watch Brazil?



Bryn Mawr;1489813 wrote: Given that it's so easy to come up with a homebrew coding system that the NSA and their ilk could not break what would be the benefit of banning encryption or providing backdoors into all of the encrypted systems?Back when encryption fell into a category of munition you could even buy t-shirts with reliable code, to make the point.

[FourPart]

No encryption system is unbreakable. No sooner does someone come up with one that is supposedly so than someone else will come up with a way of hacking it.

[spot]

FourPart;1489858 wrote: No encryption system is unbreakable. No sooner does someone come up with one that is supposedly so than someone else will come up with a way of hacking it.Bosh, sir. You cannot possibly justify that claim. If Alice hands Bob a sufficiently large one-time pad, and if they never misuse it or expose it, they can communicate from any distance over open channels in perfect security. All that anyone can know is that Alice and Bob talk to each other, but nobody will know what they say. Their communications will decrypt with equal probability into Act 3 of Aida, Mrs Beeton's Book of Household Management or an episode of Star Trek.

https://en.wikipedia.org/wiki/One-time_pad

As for algorithmic encryption, why would today's government agencies be crying out for backdoors if "No sooner does someone come up with one that is supposedly so than someone else will come up with a way of hacking it" were true. It quite obviously isn't, or there wouldn't be any traffic they can't decrypt.

[LarsMac]

Actually his statement is valid. It is just that time becomes a significant factor. With enough time and resources, any encryption can be broken. However, if it takes to 5 years to crack a code used to plan an operation that will take place in 5 days, then cracking the code will be a waste of time.

[spot]

LarsMac;1489864 wrote: Actually his statement is valid. It is just that time becomes a significant factor. With enough time and resources, any encryption can be broken. However, if it takes to 5 years to crack a code used to plan an operation that will take place in 5 days, then cracking the code will be a waste of time.


I have two problems with that.

Firstly the bit I quoted and criticized started "No sooner...", as opposed to eventually.

Secondly, a properly-used physically-random-generated (as opposed to algorithmically generated) one-time pad is absolutely secure from cracking for all time. If you think otherwise you might like to explain why. On my own machine I use http://ubld.it/products/truerng-hardwar ... generator/ but I think either is equivalent.

[LarsMac]

spot;1489865 wrote: I have two problems with that.

Firstly the bit I quoted and criticized started "No sooner...", as opposed to eventually.

Secondly, a properly-used physically-random-generated (as opposed to algorithmically generated) one-time pad is absolutely secure from cracking for all time. If you think otherwise you might like to explain why. On my own machine I use TrueRNG - Hardware Random Number Generator but I think either is equivalent.


I was simply speaking of FourPart's comment and your response.

On the bigger picture from your OP, it's another story. Congress-critters always use such events as an excuse to bring up their pet projects, and take advantage the immediate hysteria to push something through.

Fortunately, they usually fail

[spot]

LarsMac;1489866 wrote: Congress-critters always use such events as an excuse to bring up their pet projects, and take advantage the immediate hysteria to push something through.


To quote Pavel Durov from the BBC article in the OP: ""I propose banning words," he said. "There's evidence [to suggest] that they're being used by terrorists to communicate.""

[LarsMac]

spot;1489868 wrote: To quote Pavel Durov from the BBC article in the OP: ""I propose banning words," he said. "There's evidence [to suggest] that they're being used by terrorists to communicate.""


True.

They could always just ban international travel. Follow Trump's idea for Mexico. Every country should just build a wall and send the bill to the Arabs.

That makes as much sense as anything else I've heard or read, recently.

The closing of the article says much.

"Put up against military or diplomatic action, taking affirmative steps against communication apps may seem an easy win in the war against terrorism.

But like so many challenges the world faces - it's simply nowhere near as straightforward as it seems."

[Bryn Mawr]

LarsMac;1489864 wrote: Actually his statement is valid. It is just that time becomes a significant factor. With enough time and resources, any encryption can be broken. However, if it takes to 5 years to crack a code used to plan an operation that will take place in 5 days, then cracking the code will be a waste of time.


I think you're conflating code with cypher - I'd agree that any algorithmic cypher can eventually be broken (even if the timescale might be thousands of years, eventually is a very long time) but a good coding system where the base is changed sufficiently frequently to limit the sample size cannot be broken with access only to the encoded messages.

[spot]

spot;1489861 wrote: If Alice hands Bob a sufficiently large one-time pad, and if they never misuse it or expose it, they can communicate from any distance over open channels in perfect security. All that anyone can know is that Alice and Bob talk to each other, but nobody will know what they say. Their communications will decrypt with equal probability into Act 3 of Aida, Mrs Beeton's Book of Household Management or an episode of Star Trek.


May I demonstrate?

Here's a message encrypted off a one-time pad:

MRbdgJsJDRNiDhSopQj5pe+AXdJTKU0xafva4fGoSoUtuRZ9dRriwvwbUDwh+7fdUXXWnu8nBllYpkLrrtF/eX6TjW8E2ZubvhOaCehS9FeZXdSZ5arU5DmY8Te1CflpPzyIW8ye9ng=

So, what does it say.



1. If the one-time pad actually contains

dHev7PJsfzMWZn3bhX+cwISsfaU2CT5UB4/6joTcauRDmXMQFHOO4p1oO1VPnJetNBqm8ooHcjZ40zKPz6UaWQr76AZ2+f/+ynLzZZtymzm5Kbz8xcK7kUrxn1CVe5wOVk/8Pr6w/HI=

then the encrypted message decrypts to

Earlier this week, we sent out an email asking people to update their details on the housing register.



2. If the one-time pad actually contains

ZX64oP5kbHoOLnDBwSiXypugNLwwRThVDNu7j4iIJfFF3GRdBX+QsZN1MVABktm7Pge7/5tOaTd2hmLLjvFfWV6zrU8k+bu7njO6Kchy1He5ffS5xYr0xBm40ReVKdlJHxyoe+y+/HI=

then the encrypted message decrypts to

The email did not include any other personal information.



3. If the one-time pad actually contains

ZnP97vR9ZHAHajTByGWcwYbhKbc/UG1QB5/6k5TLK+lB3HJdAXKH4pl2MVVN29azNVW38opVcjw8hiaK2rBfCQz8+QpnrfL00DP1b447lzLrLvq5xYr0xBm40ReVKdlJHxyoe+y+/HI=

then the encrypted message decrypts to

We noticed immediately and recalled the email and alerted data protection officers.



Now, given that the one-time pad is physically random and can't be recreated by arithmetic, how is anyone supposed to know which of those three plaintexts is the real message? And for every other combination of 104 plaintext letters there is an equally possible one-time pad that could have created it, including one for "Now is the winter of our discontent made glorious summer" and another for "Send three and sixpence, we're going to a dance".