mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2020-06-25, 13:25   #232
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

2×5×7×79 Posts
Default

Quote:
Originally Posted by xilman View Post
What I am saying is that those who need strong encryption will continue to receive it ...
Yes, of course, you can't possibly make all secure* encryption disappear. But when the country they are in has laws deeming it illegal to possess, or to use, or to deploy, or whatever, then those people get shafted either way.

The asymmetry is very apparent. Someone not in the political elite will have little to no privacy, but those in high ranking positions will be free to keep their corrupt and dirty secrets as they please, because "national security".

* I use the word secure instead of strong. It is most likely IMO that the backdoored versions will still be strongly encrypted, just that they won't be secure since someone else also has the keys.
retina is offline   Reply With Quote
Old 2020-06-25, 13:35   #233
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

1007310 Posts
Default

Quote:
Originally Posted by retina View Post
Yes, of course, you can't possibly make all secure* encryption disappear. But when the country they are in has laws deeming it illegal to possess, or to use, or to deploy, or whatever, then those people get shafted either way.
The UK at present, for example.

It is a criminal offence not to reveal access to encrypted material if a valid court order is made. In that situation a Brit will make a value judgement.
xilman is online now   Reply With Quote
Old 2020-06-25, 13:52   #234
Uncwilly
6809 > 6502
 
Uncwilly's Avatar
 
"""""""""""""""""""
Aug 2003
101×103 Posts

7·1,171 Posts
Default

Instead of offering end to end via a service, why not a device? Plug in a Black-Box 432 display/camera/microphone into the USB of your machine. Connect via your service of choice. The recipient also uses their device and the one time code you provided separately.
Uncwilly is online now   Reply With Quote
Old 2020-06-25, 14:10   #235
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

1007310 Posts
Default

Quote:
Originally Posted by Uncwilly View Post
Instead of offering end to end via a service, why not a device? Plug in a Black-Box 432 display/camera/microphone into the USB of your machine. Connect via your service of choice. The recipient also uses their device and the one time code you provided separately.
How do you propose to acquire such a device in a legal way?
xilman is online now   Reply With Quote
Old 2020-06-25, 15:09   #236
S485122
 
S485122's Avatar
 
Sep 2006
Brussels, Belgium

1,531 Posts
Default

Quote:
Originally Posted by xilman View Post
...
It is a criminal offence not to reveal access to encrypted material if a valid court order is made.
...
The proposed law, like its siblings, in France for instance, bypasses the need of of a court order. Just as the current trend that the invocation of the code word "terrorism" means the law enforcement forces are not bound by law any more. The BRD already did this at the time of Baader Meinhof, vindicating, by bypassing its constitution, by making it a punishable offence to assure the legal defence of those accused, the claim of that group that the West German state had no legitimacy.

Jacob
S485122 is offline   Reply With Quote
Old 2020-06-25, 15:17   #237
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

7×1,439 Posts
Default

Quote:
Originally Posted by S485122 View Post
The proposed law, like its siblings, in France for instance, bypasses the need of of a court order. Just as the current trend that the invocation of the code word "terrorism" means the law enforcement forces are not bound by law any more. The BRD already did this at the time of Baader Meinhof, vindicating, by bypassing its constitution, by making it a punishable offence to assure the legal defence of those accused, the claim of that group that the West German state had no legitimacy.

Jacob
I think we may be misunderstanding.

Let us assume that you have some sensitive material which you have encrypted yourself and uploaded to a cloud service. As I understand the proposed law, which understanding may be completely wrong, your encrypted data will be fully readable, even if it is re-encrypted while in transit from you to your service provider. Assuming that you did your job properly, that encrypted data will be largely meaningless to law enforcement. How then do they get to read the sensitive plaintext? Is a court order necessary or do they just send the boys round for a session of rubber hose cryptanalysis?

Here is an example of what I mean. You get to play law enforcement and I the evil hacker. I am using https for an end-to-end encrypted channel to send text to the Forum. Once it arrives which you can read that text without any problem whatsoever.

pcl@thoth:~/nums$ cat ../jacob.asc
-----BEGIN PGP MESSAGE-----

jA0EBwMCzB+cY1vjUST/0m8BJwuOu9eSWKl7OW9YtEu58mQ3jz7k8Elgj99anVVQ
5axpVl2qMd1hN7dAIwtmOJN/auZh/gfcynJTfJI6vIhyRP07RdDGLo5MrmcbJLaw
rQAPpFxO0aNfxhyoeaQPtIa/VJirAaSzYEdKkfM20eo=
=Xyq1
-----END PGP MESSAGE-----


How do you read the sensitive contents?

Last fiddled with by xilman on 2020-06-25 at 15:25
xilman is online now   Reply With Quote
Old 2020-06-25, 15:20   #238
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

22×19×43 Posts
Default

Similar question to Uncwilly's about the black box: What if you have a JavaScript program that user downloads as part of a page browse and encrypts end-to-end with another person who has also the same browsed code, over any IM channel of choice. Nothing is logged on the server except the page requests.
paulunderwood is online now   Reply With Quote
Old 2020-06-25, 15:29   #239
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

7×1,439 Posts
Default

Quote:
Originally Posted by paulunderwood View Post
Similar question to Uncwilly's about the black box: What if you have a JavaScript program that user downloads as part of a page browse and encrypts end-to-end with another person who has also the same browsed code, over any IM channel of choice. Nothing is logged on the server except the page requests.
These workarounds work, but at the cost of increased effort and difficulty of key exchange.

LE is well aware of this. They know they will not be able to read everything, even if they had the bandwidth and storage necessary. They want to catch the lazy and incompetent, something which is becoming ever harder.

Think of it as evolution in action.
xilman is online now   Reply With Quote
Old 2020-06-26, 01:50   #240
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

2×5×7×79 Posts
Default

Quote:
Originally Posted by paulunderwood View Post
Similar question to Uncwilly's about the black box: What if you have a JavaScript program that user downloads as part of a page browse and encrypts end-to-end with another person who has also the same browsed code, over any IM channel of choice. Nothing is logged on the server except the page requests.
Only if you can't trust the provider of the JS not to backdoor it and send a copy of the key to themselves, or to LE.

The real WTF here is trusting JS code to do what someone claims it does without verifying it every time you download it to make sure it hasn't changed and still performs as claimed without any unwanted "bonus" functionality.

Last fiddled with by retina on 2020-06-26 at 01:57
retina is offline   Reply With Quote
Old 2020-06-26, 22:53   #241
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

52×11×41 Posts
Default

Quote:
Originally Posted by xilman View Post
These workarounds work, but at the cost of increased effort and difficulty of key exchange.
And people who use extra workarounds - whether legal or not - to guard their privacy face being flagged by the LE and NatSec data-hooverers for extra-special scrutiny, possibly even of the old-fashioned physical-surveillance kind, on "must have something to hide" grounds. As I've said before, any time you are using digital tools in an attempt to evade the data-sucking, you are playing on their turf. You may be 100% certain that the crypto scheme you, Alice and Bob are using is uncrackable even for state-level actors, and have reasonable assurance that the software implementation of it which you are using is sound, but what about the next e-device you order online? Get flagged for the above kind of special surveillance, and it is not out of the realm of possibility that your new gizmo which arrived factory-fresh today was briefly diverted during transit, and gifted a keystroke-logging firmware implant.

--------------------------

Google’s Promise to Delete Your Data Has a Major Loophole | Gizmodo
Quote:
The thing is—at least in the context of digital ads—your data is, by design, impossible to retroactively delete. Here’s an example: A while back, I downloaded an app that I later found to be sharing my prescription data with a few third parties, including Google. That data came packaged with so-called “anonymous identifiers” like my phone’s unique ad ID—a chunk of software that Apple and Google bake into their respective hardware.

If I try to wipe any activity—say, my prescriptions—from the app using the tools Google provides here, that doesn’t wipe that same intel from those third parties: They still have the data they’ve already collected on any relevant past activity. In my case, my prescription information is out there—not connected to me by name, sure, but it’s close enough. Because an activity or history-wipe doesn’t also wipe those anonymous identifiers I mentioned before, the minute I log back into that app to order a refill on some medication, a third party can see that, even though my Google account might be “wiped clean,” I’m still the same consumer that I was before.

Put another way, this kind of third-party jig directly ties my old, sullied Google account to my new, clean one—not just in this particular app, but in every app I might open on my phone, or every site that I browse on my laptop. And when those two accounts are tied across more of my apps that I’m using, or more sites that I’m surfing, I’ll quickly end up back in the same targeted hell I was trying to escape by taking Google’s offer of a shiny new account.
ewmayer is offline   Reply With Quote
Old 2020-06-27, 16:36   #242
chris2be8
 
chris2be8's Avatar
 
Sep 2009

183910 Posts
Default

The only effective way is to minimise use of the internet, without being too obvious about it. A good start is to stop using it an hour or so before going to bed and tell your friends you are doing it because blue light suppresses melatonin production so using screens shortly before bedtime makes it harder to get to sleep. That is true so it's not obvious if you do it to get to sleep or to avoid being watched.

Chris
chris2be8 is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cause this don't belong in the milestone thread bcp19 Data 30 2012-09-08 15:09
GPU TF vs DC/LL data bcp19 GPU to 72 0 2011-12-02 16:41
Opinions/Suggestions for Data Collection thread kar_bon No Prime Left Behind 19 2008-11-27 09:27
Data available? Prime95 LMH > 100M 10 2007-06-22 23:55
Deutscher Thread (german thread) TauCeti NFSNET Discussion 0 2003-12-11 22:12

All times are UTC. The time now is 18:23.

Sat Jul 4 18:23:41 UTC 2020 up 101 days, 15:56, 2 users, load averages: 2.74, 2.55, 2.45

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.