As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption

Discussion in 'privacy technology' started by lotuseclat79, Jul 25, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Additionally, what a security risk. In essence the "private key" is like a backdoor in an encryption software. Are we really going to assume that a Gov agency can safely hold on to these keys? Not. I mean if they get out in the public than anyone with that key can access it all!!

    PFS is a major step in combating this. Many major VPN services already use PFS (I can confirm AirVpn does). In effect this is a dual certificate with one changing every single hour. Plus taking the time to actually verify the cert fingerprint eliminates MITM.

    For major sites in the USA the future is looking "rocky" unless the owners start to standup to the ridiculous pressure. Even if you are tunneled in perfectly to such a site the actual postings/emails/etc.... would not be end to end encrypted. You would lose your encryption past the tunnel exit node in this scenario. Too bad for those that actually need encryption. Nice for the bad guys with a compromised key thanks to sloppy Gov handling of it.
     
    Last edited: Jul 25, 2013
  3. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    Feds tell Web firms to turn over user account passwords

    .......................
     
    Last edited: Jul 29, 2013
  4. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Re: Feds tell Web firms to turn over user account passwords

    There's a lot of ambiguity here. In plain English, if your password is "divulged" to anyone, then they have your password. Not a hash, not an archive of your duckface photos, but your password. No cracking or forensics needed.

    If your hashed pw is given out, that's a different story but still not a good one. Many companies don't encrypt "stored passwords," vague wording interpreted several ways by the author and those he quotes.

    Funny also are those who choose not to say whether they have received such requests. The Yahoo quote is the best example of invalidating one's previous statement by poor choice of grammar.

    LOL
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: Feds tell Web firms to turn over user account passwords

    The lack of clear and straight answers from those companies is enough for me to assume the worst, that they can and will hand it over on request. One has to assume that they've all been handed NSLs regarding this matter. It isn't hard to see the intent behind this escalation of demands. It's to preempt the coming backlash and "nip it in the bud".
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Re: Feds tell Web firms to turn over user account passwords

    It's obviously official for better or worse. Mighty gov is all the way in and you better hope their personnel aren't secretly criminals themselves.

    I already resigned myself to their 24/7 monitoring from ISP's, Mobile carriers, and world wide web, in much the same manner all our spammers and ad bullies have done since windows 95 only they are betterr discreet at it. lol

    Coolwebsearch don't have nothing on these guys methods. lol
     
  7. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Feds tell Web firms to turn over user account passwords

    Let's stay within reality for a moment and not get distracted by rights and "the good of the customer"..because frankly these companies are having their rights stomped into the ground by the governments too. If you're a company like Microsoft or Facebook..are you really going to come out and say "Yes, we're handing everything over to them and, yes, they're hooked into our servers like a parasite on a critter"? If you really would, good for you. Now enjoy, at best, your company being utterly destroyed and at worst you and maybe some of your workers lives destroyed after the government sues you into oblivion or possibly jails you for breaking the myriad of gag orders and other legal chains.

    Foreign contracts are already being denied to U.S companies because of suspicion of this stuff. Come out and publicly admit to any of it and see how many contracts you ever get again. In the end, this government spying around the globe isn't going to be stopped or slowed down by any of us little people. We have no power/ It will however come through the business world too suspicious of their data being siphoned and sick of having to sit on the hot seat by their customers. You know that old saying "money makes the world go 'round"? It also makes problems go away, even problems as big as this.

    We've got to keep in mind that we know absolutely jack about the reality of PRISM and other programs in relation to business. All we've got to go on is documents leaked, documents which quite often leave out this and that and documents which are also very often doctored even while they're still in the "right hands". What's strange about all this stuff is that Google of all people is the one company attempting to be open as they can and going to court to try and get the government to open up.
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Feds tell Web firms to turn over user account passwords

    what I need is a rapid random password change function for these services so that I change it every 3 -5 seconds. But only MY pc knows the code!:D

    Then the government or hacker has nothing valuable ever since he grabs at a point in time. By the time he has it my psw has already changed.:cool:

    The www would grind to a halt if every body had that then we would all be safe.:rolleyes:
     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Feds tell Web firms to turn over user account passwords

    Even without the NSA circus act, you were already living in a world where you had lost control of your data and tracking you was an every day normal thing. Even your local stores are in on it. This NSA stuff could stop tomorrow and it would change things very, very little.

    Coolwebsearch, lol, there's a trip down memory lane.
     
  10. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Feds tell Web firms to turn over user account passwords

    The world would grind to a halt because it relies too heavily on the www.
     
  11. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Re: Feds tell Web firms to turn over user account passwords

    Easy if they have servers in the U.S., bullying or using alliances if not.
     
  13. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Re: Feds tell Web firms to turn over user account passwords

    c'mon, you think obama or any other serious politician wants their legacy to be the utter destruction of Microsoft or Facebook, and the accompanying hit that US jobs and economy would suffer?

    big business has leverage to not cooperate. some would even argue that they control the government, not the other way around...
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Re: Feds tell Web firms to turn over user account passwords

    Not anymore. In case it's been missed or even ignored, government now fully trumps big business regardless and it has the force, muscle, threats of law and the best motivation of all, MONEY to move mountains, and in this case in the name of national security the wherewithall to make it in the big corporation's best interest to cooperate fully with them, and name just one big tech corporation who would pass up such.a golden opportunity to further swell their sweet bottom line.
     
  15. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Re: Feds tell Web firms to turn over user account passwords

    There is certainly a reciprocal relationship between different areas of government and certain companies & industries. But the ones we're discussing here, they aren't powerful enough to sit at the perceived big boy table.

    (And provided that Yahoo really does deny customer info requests which didn't come through the proper channels, good on them. However, the integrity of those pipelines is another matter entirely.)
     
  16. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Re: Feds tell Web firms to turn over user account passwords

    I tend to discredit articles with (bold is mine):
     
  17. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Re: Feds tell Web firms to turn over user account passwords

    two unnamed sources from a reputable publication is pretty standard imo. (although, i'm not familiar with Declan Mccullagh or how reputable he is.) if journalists limited themselves to only sources willing to go on the record, we'd miss half the important stories.
     
  18. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Re: Feds tell Web firms to turn over user account passwords

    Not many of those on the record these days is there. :)
     
  19. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Re: Feds tell Web firms to turn over user account passwords

    Maybe its because of my experiance, but this seems like a non-issue. Many countries have the same style of surveillance that the U.S. has you just do not hear about it. Thats why many privacy enthusists try to obtain services to encrypt their communications outside their country of origin. Contracts fall within that same prism (no pun intened) where if company X is going to perform sensitive work for country Y, but stores and is legally bound to country Z they will be denied. That is more so common sense than fallout from prism.

    I myself have never been an advocate for cloud solutions, though have built, established, and secured some in my career for clients. While pushing your risk to a 3rd party to hold your information is cheaper and offers convience, many in the privacy/security sector including myself have always raised concerns over who actually owns that data. What happens when servers are issued globally (see Google, Amazon). Who is the ultimate authority? Where do legallities impact? What happens when poltical climates change, etc. While its nice to see people finally realizing some of these concerns its a shame it took so long.
     
Loading...
Thread Status:
Not open for further replies.