11 reasons encryption is (almost) dead

Discussion in 'privacy technology' started by ronjor, May 5, 2014.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    A bit OT, but I´ve never been a fan of encryption. Like 10 years ago I checked out Pretty Good Privacy (just for fun), and it ruined all my files. :thumbd:
     
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    If commerce would have embraced records encryption long ago, they/we would not be in the position we are in now. :mad:
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    IMO, this article is 100% FUD.
     
  5. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    I agree, it's pretty obvious that if someone have an implementation error in their encryption program/protocol, they will have problems. Nothing new.
    Good encryption will stop any government/hacker. In these cases the encryption is not the weakest link. The author seem to think that RSA could be weak, I recommend reading the last 30 years of attacks against RSA, nothing indicates that it's weak. Even if NSA are good at encryption, they are not stupid, instead of trying to crack the encryption, which could take very long time, they will try other easier things first. The author seems to confuse things, about "encryption issues" and "hardware/user issues".
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    The article is pretty spot-on - Security is a process and you have to know what you are doing - Even then, you will still have to decide to trust somebody or something .
    That brings me to :
    'A bit OT, but I´ve never been a fan of encryption. Like 10 years ago I checked out Pretty Good Privacy (just for fun), and it ruined all my files. :thumbd:'
    Yeah, and you didn't RTFM, did you ?
    PGP didn't ruin all your files, YOU did !
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Umm, no. You are spot-on when you say that security is a process that requires knowledge, but the article is wrong because it talks about the encryption being (almost) useless and gives pretty bad arguments for it too.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Encryption is dead, Antivirus is dead... and still there is multi billion industry (and growing) in those technologies. ;)
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    It's very clear, Edward Snowden was correct about encryption - it is your friend - when you know how to properly use it, whether it is PGP or learning how to setup your cell phone/computer properly to secure your privacy. I agree with everything Nebulus, Countermail and Enigm have said.

    Just ask yourself, if encryption were dead, then why does NSA seek to subvert it in the Standards? Because, even they will not be able to do their job unless and until they have the ONLY quantum computer in existence - and, that is unlikely to happen in the very near future, and perhaps beyond that for quite some time. If encryption were dead, then TOR wouldn't be using it!

    Anyone who claims encryption or anti-virus is dead is clearly overwhelmed by the FUD!

    -- Tom
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Agreed. My take on this for ME is that my biggest concern is for HARDWARE/OS "designed access" that I know nothing about. Encryption is huge and the smart implementation of it is critical to your outcome. Since they can't beat well crafted encryption, the "designed access" is where the weak spot is. This is a battle make no mistake about it. My configuration is based upon the knowledge/assumption that my modem and router have numerous holes. My laptop has been stripped and only Linux is used for my sensitive moving around in the digital world. We just have to try and use the occasional "Snowden" types to give us a steer. My tunnel is 100% encrypted from my laptop to the exit node, with never less than 4 hops. I just hope that the encryption is doing what I think it is. If that is the case than the holes in the modem, router, ISP trust, and/or internet backbone monitors; don't even matter at all.

    So in essence I am completely relying upon encryption to defend my privacy.
     
  11. Morthawt

    Morthawt Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    79
    Location:
    UK
    It should have not ruined all your files. I was messing with PGP also a long time ago when it came on the CD of computer magazines. I never had any problems with it. The only real way it could mess your files up is if you forget the password/passphrase you used, or your hard drive/memory had errors and caused even one bit of the file to change, then in that case it could screw your files up. But in that situation your files would be corrupted with encryption or no encryption. Just means that since encryption relies on every bit being the same as when it was encrypted, instead of your files being a little bit altered, they would be completely useless. But even so, that kind of thing is highly unlikely and you would have noticed other problems even after not using it any more.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I've never had any problems with corrupted or lost files using Scramdisk or PGP Disk, save for forgetting or losing passphrases. For e-mail and web use, PGP-CKT has been flawless.

    "Designed access" at the hardware or OS level is one of the primary reasons that I won't update my system. While I can't prove or disprove the existence of either, I believe that they're both likely to exist. I also feel that the newer the OS and hardware are, the more likely they are to include "designed access" features. It's a calculated risk either way. One could argue that the older operating systems are insecure. One could also argue that the newer operating systems have designed access built in. Myself, I consider the 2nd to be the greater threat. I'd rather use an OS that they'd have to hack into than one that's designed to be accessed. IMO, any OS on which you can't close all of the ports is designed to be accessed, especially if they can hack the modem or routers in front of it.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yeah, not sure what went wrong, but you know how it works, after such an experience you just stay away from it. I don´t need it anyway. The only thing that´s encrypted is my KeePass database file. Encryption can of course also come in handy for anti-keylogging purposes. :)

    LOL, I´m pretty sure it was PGP´s fault. :D
     
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Yep, its CALCULATED RISK from start to finish!!!!
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Backup a lot. I have my files and decryption files backed up on so many places, I do not even remember all of them. :rolleyes:
    Some people make mistakes and they back up files on the same HDD. Multiple places, like USB, cloud and so on are required.
     
  16. Splosh

    Splosh Registered Member

    Joined:
    Nov 19, 2012
    Posts:
    18
    1. True. Shor's quantum algorithm has already factored small primes. But! There also exists an unbreakable algorithm, OTP, lattice based post-quantum crypto, and quantum resistant AES256.
    2. Anyone's allowed to find the crack, everyone, not only intelligence community is racing to find the holes. Just because NSA, world's largest employer of mathematicians, is trying to build a quantum computer, is a credible proof no easier algorithm has yet been found ("maybe").
    3. Not every geek with a commodore 64 should write their own encryption programs. Using trusted libraries reduces risk although there might still be some heartbeats here and there.
    4. Numbers might be big, but with passwords that match algorithm bit size, they are not big enough by a long shot.
    5. No need to repeat yourself, even with parallelism, it's not enough.
    6. In theory, open source is the alternative all the way to VHDL. Trusted compilers. But trust is problematic when money steers.
    7. Keep encrypted files on a separate, always offline computer.
    8. No there was no new patches available, I checked. Also, with trilateral waterfall security, you can create a 0-day exploit immune communication environment to keep keys and messages safe.
    9. That's why you can build your own TRNG.
    10. How is this any different than 8?
    11. if browser has a pinned certificate of petemail.com, receiving a different certificate signed with Beta CA will raise an alarm. This however is not that big an issue since if you're using GPG it doesn't matter if there's an MITM attack against TLS.

    IMHO this is a populist FUD article that tries to make a grand point by observing problems found in cross-sectional study of information security. There are theoretical and actual solutions to most of these problems already. Also, P=NP is assumed to be false although there is not proof of either, yet. There's a million dollar reward for it so there are lots of people pursuing the fame (nobody cares about money?).

    EDIT:
    In a way, I understand the author, it's too narrow just to look at crypto math to understand problems with encryption security but there is very little long term about his claims.
     
    Last edited: May 11, 2014
Loading...
Thread Status:
Not open for further replies.