ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Kiss Encryption Goodbye... :*

<< < (5/8) > >>

oblivion:
apparently GCHQ have a similar project (though given the UK don't seem to be able to set up any government IT systems that aren't obsolete before they get them working I am not losing any sleep). -Carol Haynes (September 06, 2013, 11:15 AM)
--- End quote ---

That's mostly because most of the operational requirements are written by people who (a) are basically naive about what computer systems are capable of, and (b) are desperate to believe any line of BS that a salesman trots out. We'd write them ourselves, I suspect, if it weren't for the fact that real terms investment in the public sector keeps getting p*ssed up the wall by the same people responsible for (a) and (b) above.

Consider: the (UK) NHS National Programme for IT pumped several billion into a series of projects that were defined in terms of what was on the relevant wish lists at the time, not in terms of what was technically achievable. At least one of the systems procured under it went live before agreement about the dataset it was intended to manage and distribute was even agreed. It still works like it's broken and its data -- which should be the freshest, most up-to-date available -- is often inaccurate and sometimes dangerously so.

The UK paid a small fortune for systems that were not fit for purpose, in many cases never went live but somehow the suppliers got paid anyway. That's what we get for putting bloody old Etonians and Arts graduates in charge of Complicated Things. [/rant]

Still, the upside of the money wasted on NPfIT is probably that it couldn't be given to GCHQ instead. ;)

xtabber:
Today's Dilbert captures the other side of this, namely what makes anyone think that the NSA is going to be particularly adept at keeping the data they have collected away from others who might want access and be clever (or powerful) enough to get it.

If Snowden had been a mole, he would have spent his time quietly building backdoors into the NSA's systems rather than blowing the whistle. If he could get away with what he did, how many others could have, and how much more could they have gotten if they had greater resources?

I'd say the most positive aspect of this whole affair is that it should lead to big improvements in encryption in the future.

Carol Haynes:
I'd say the most positive aspect of this whole affair is that it should lead to big improvements in encryption in the future.
-xtabber (September 06, 2013, 06:22 PM)
--- End quote ---

Trouble is things will get tougher but no system is unbreakable - just look at all the unbreakable codes in history!

OK you will need machines to do the breaking, and if quantum encryption ever happens it is going to be exponentially harder to crack - but what's the bet that long before it gets too hard to crack in a reasonable time scale laws will be passed to prevent 'too difficult' encryption being used or forced to include a 'security' backdoor.

The trouble is the US wields too much power and the powers that be just aren't that bright and so are easily manipulated. The rest of the world is just scared of what the US might do next. The 'special relationship' enjoyed (until recently) by the UK is truly Etonian in nature (if you take my meaning - if not someone else can post a graphic image).

xtabber:
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.

Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.


Renegade:
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.

Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.
-xtabber (September 11, 2013, 07:51 AM)
--- End quote ---

That was a good article. And not too long either! :)

I've been wondering about this:

Which means there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge.
--- End quote ---

A very worthwhile read.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version