Jump to content

GCHQ rejected encryption standard because it was too good

Oshino Shinobu
 Share
Posted

So, as we all know, various nations' intelligence agencies have been spying on their populations for quite a while now. Most notably the NSA in the US and GCHQ in the UK. 

 

These agencies have been pushing for "stronger" encryption on face level, but the options they are trying to push are actually designed to have massive backdoors to make it easier to spy on those using it. For those outside of the tech community, it's easy to not know what encryption standards are actually good, especially when the agencies pushing them are flat out lying about how secure they are. For encryption standards for devices such as smartphones, which we now store huge amounts of personal and sensitive data on, it's extremely important that they are secure as possible. The government wants to watch what people are doing more easily, so they want to push encryption standards that make it easier for them to spy, which in turn, makes the encryption standard easier for non-authorised (wouldn't consider the government authorised in the first place) people to break. 

 

A document from 2010 has revealed that the GCHQ analysed a proposed encryption standard, MIKEY-IBAKE, but turned it down, quite literally because it was too good and made it harder to gain access to the public's phones without them noticing. Instead, they pushed (and still are) the MIKEY-SAKKE standard of encryption, which has built in backdoors for intelligence agencies to tap into mobiles without their users noticing. The most worrying part about this is that it's being marketed as a more secure method of encryption, despite it being full of backdoors, literally making it easier, by design, to break into. 

 

gchq.jpg

GCHQ, UK. 

 


GCHQ is currently pushing a new encryption key standard for mobiles in the UK, known as MIKEY-SAKKE, which as security researcher Steven Murdoch recently detailed, has a huge backdoor in it to allow unfiltered surveillance of anyone using it. This is important, because it’s this platform that the intelligence agency has repeatedly pushed for over other standards, like the more secure MIKEY-IBAKE.

 

As Murdoch puts it: “The properties that MIKEY-SAKKE offers are actively harmful for security. It creates a vulnerable single point of failure, which would require huge effort, skill and cost to secure – requiring resource beyond the capability of most companies.”

 

It's disturbing how much the government is blatantly lying to the public, despite constantly being called out on it. A lot of publicly viewable discussions on the matter, between MPs and industry experts make it clear just how little those in power understand the areas that they manage. It's about time that experts on the matters of encryption, online security and laws are put in positions of power within the government, rather than politicians who have to be given the watered down explanation, making it extremely easy for them to be convinced by intelligence agencies. 

 

Links:

 

Source 1

Source 2

 

Steven Murdoch's Report

 

GCHQ IBAKE Analysis

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So, as we all know, various nations' intelligence agencies have been spying on their populations for quite a while now. Most notably the NSA in the US and GCHQ in the UK. 

 

These agencies have been pushing for "stronger" encryption on face level, but the options they are trying to push are actually designed to have massive backdoors to make it easier to spy on those using it. For those outside of the tech community, it's easy to not know what encryption standards are actually good, especially when the agencies pushing them are flat out lying about how secure they are. For encryption standards for devices such as smartphones, which we now store huge amounts of personal and sensitive data on, it's extremely important that they are secure as possible. The government wants to watch what people are doing more easily, so they want to push encryption standards that make it easier for them to spy, which in turn, makes the encryption standard easier for non-authorised (wouldn't consider the government authorised in the first place) people to break. 

 

A document from 2010 has revealed that the GCHQ analysed a proposed encryption standard, MIKEY-IBAKE, but turned it down, quite literally because it was too good and made it harder to gain access to the public's phones without them noticing. Instead, they pushed (and still are) the MIKEY-SAKKE standard of encryption, which has built in backdoors for intelligence agencies to tap into mobiles without their users noticing. The most worrying part about this is that it's being marketed as a more secure method of encryption, despite it being full of backdoors, literally making it easier, by design, to break into. 

 

gchq.jpg

GCHQ, UK. 

 

 

It's disturbing how much the government is blatantly lying to the public, despite constantly being called out on it. A lot of publicly viewable discussions on the matter, between MPs and industry experts make it clear just how little those in power understand the areas that they manage. It's about time that experts on the matters of encryption, online security and laws are put in positions of power within the government, rather than politicians who have to be given the watered down explanation, making it extremely easy for them to be convinced by intelligence agencies. 

 

Links:

 

Source 1

Source 2

 

Steven Murdoch's Report

 

GCHQ IBAKE Analysis

so the government wants less security so they can spy on us? fuck that man!

 

inb4 everyone is using 2048 bit SSL on all their traffic

Dutch Talk Thread

Unofficial LMG Social Media Accounts Website

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Well if you design the building to look like a Supervillian's Headquarters, then you reap what you sow.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

You hear so many people complaining about governmental incompetency.

Yet when you say that the government shouldn't be conducting mass surveillance cause it can't handle the power responsibly, those same people don't care or actively argue with you.

Is it because they can't grasp the extent of the surveillance, can't imagine its many misuses or are just somehow conditioned to trust the three letter agencies? The issue seems to be particularly bad in English speaking countries.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

You hear so many people complaining about governmental incompetency.

Yet when you say that the government shouldn't be conducting mass surveillance cause it can't handle the power responsibly, those same people don't care or actively argue with you.

Is it because they can't grasp the extent of the surveillance, can't imagine its many misuses or are just somehow conditioned to trust the three letter agencies? The issue seems to be particularly bad in English speaking countries.

 

The problem is two fold.  First, they barely understand what encryption is and how it is used in literally everything we do digitally.  And second, they literally don't care about being monitored, because it doesn't affect their day to day lives in any way that they can tell.  They don't see themselves as the bad guys, so they don't think the government will bother with them.  And they don't understand history, where who the bad guy is can change over night.  It's that whole poem from WWII, "first them came for not me, so I didn't say anything".  People don't understand technology, how it is used every day, and how all this data being stored now is truly meaningless to the powers that be.  But in the future, when the gov't can look back at all these records, and we can have a new "Red Scare", then they will understand, but it will be too late.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

yet again, three whole posts today that deserved this:

 

"If a Lobster is a fish because it moves by jumping, then a kangaroo is a bird" - Admiral Paulo de Castro Moreira da Silva

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

What a shame, but we already knew how the government plays

Error: 451                             

I'm not copying helping, really :P

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

like the british would say;

what a pile of cunts.

May the light have your back and your ISO low.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Well if you design the building to look like a Supervillian's Headquarters, then you reap what you sow.

 

giphy.gif

 

MMMMUHEHEH

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

yet again, three whole posts today that deserved this:

 

 

That should tell us something....of course we should have already seen it coming, it's so comical just how much this seems like a dystopian novel, when they figure out how to remotely read thoughts the decent into madness will be complete, but they know the secret to control most people already.

 

RGBeJvi.png

https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×