Encryption Debate heats back up

[ChineseChef]

1 minute ago, Ryan_Vickers said:

Overall I agree except for one part: I'm not sure how using encryption would protect people from ransomware... the data would just be encrypted twice - once by the virus so the user can't get it, and then that file by the user's own encryption on disk/in the filesystem/etc.

Eh, I was more of listing the high profile examples.  Encryption wouldn't help with ransomware.  But, if people had backups to protect from things like ransomware, and those were encrypted, that may be an issue.  The issue of ransomware becoming common was simply to say that the common layperson will have to start getting more technically literate or face real issues in the future.  Hacking has moved from a go after large targets, to spam method.  And now that it has gone spam, the average users that think they are safe because their password has both letters and numbers are in for a rude awakening.

 

Currently most people are only safe because they aren't worth the effort.  It is the main reason Macs got so few viruses for so long, because the payoff wasn't worth the effort.  But as the level of effort required gets lower and lower, more and more of the masses become a target.  Ransomware is the new high speed email scam.  And you don't even have to be an idiot to fall for it, just go to any of the huge reputable websites that have horrendous security and get malicious ads on their sites, and bam, you the non-idiot have gotten hit with ransomware or some other malware.  So the masses will have to start to get better security software, which will likely include encryption, especially since encryption is becoming significantly less costly in terms of CPU/memory resources.

[Misanthrope]

He should have basically a slam dunk appeal for his Constitutional right against self incrimination, this is just fucking insane that they let it go so far as to jail him. Also show that not even the constitution matters if you are not fairly well off to afford a competent lawyer.

[Lethal Seraph]

Who on their right mind would want the government have access to private information? On special circumstances, ie. terrorist or crime evidence should be able to be unlocked.

[Zodiark1593]

10 minutes ago, Lethal Seraph said:

Who on their right mind would want the government have access to private information? On special circumstances, ie. terrorist or crime evidence should be able to be unlocked.

The last part seems to be at issue as even in special cases, properly implemented encryption cannot be feasibly unlocked without the suspect's cooperation. Invoking the right to remain silent, so long as the key isn't written or physical, the suspect doesn't have to say a word.

[Guest]

Heats up? GTX 480 SLI?

[stconquest]

37 minutes ago, Lethal Seraph said:

Who on their right mind would want the government have access to private information? On special circumstances, ie. terrorist or crime evidence should be able to be unlocked.

That is not how this works.  You either have encryption or you don't.  How do you magically access an encrypted drive that has a strong password?  Are criminal hard drives somehow easier to access?

 

To protect the data of the majority of the population, we have to accept the very real fact that some criminal evidence will be lost to authorities.  Very simple.  If you think ANY other way, you are sadly narrow minded (not you particularly, Lethal Seraph ).  When government authorities try to circumvent this truth, you can rest assured that those individuals are super freakin' dumb.  They can either hope the criminal has a basic password, or wait for quantum computers to be of use.  Encryption will also change with the advent of Q-bit supported software, so that one probably won't work either.

[LAwLz]

4 hours ago, Lethal Seraph said:

Who on their right mind would want the government have access to private information? On special circumstances, ie. terrorist or crime evidence should be able to be unlocked.

The problem with encryption is that there is no such thing as "easy to decrypt terrorists' encrypted info but secure for everyone else".

Saying that we should have encryption that only works for lawful people but not criminals is like saying we should make guns that can only shoot bad guys. It would be great if we could, but it is impossible.

 

3 hours ago, stconquest said:

They can either hope the criminal has a basic password, or wait for quantum computers to be of use.  Encryption will also change with the advent of Q-bit supported software, so that one probably won't work either.

AES256 is already deemed quantum computer safe, assuming you use a good password.

[stconquest]

21 minutes ago, LAwLz said:

The problem with encryption is that there is no such thing as "easy to decrypt terrorists' encrypted info but secure for everyone else".

Saying that we should have encryption that only works for lawful people but not criminals is like saying we should make guns that can only shoot bad guys. It would be great if we could, but it is impossible.

 

AES256 is already deemed quantum computer safe, assuming you use a good password.

Still unknown, to me at least.  Instruction sets, language... might change a bunch in the next decade.  I can't really say whether or not quantum processing will do something or not (even though I kind of did).  I don't know how advanced they really are in the tech, just a general idea.

 

Why do you say current encryption standards are safe from quantum computing?  Do you know something I do not? 

 

I imagine quantum super computers running millions upon millions of distinct calculations in parallel.

 

Just curious now, you have me thinking...

 

If you were to take the obfuscated password stored and apply it as a filter, could you run the alphabet/numerals through that filter to decipher the password in reverse?

 

no, that won't work, what am I thinking... but maybe to reverse the data through the filter?  Fuck I know nothing

[LAwLz]

3 minutes ago, stconquest said:

Still unknown, to me at least.  Instruction sets, language... might change a bunch in the next decade.  I can't really say whether or not quantum processing will do something or not (even though I kind of did).  I don't know how advanced they really are in the tech, just a general idea.

 

Why do you say current encryption standards are safe from quantum computing?  Do you know something I do not? 

Quantum computers will totally wrecks our current asymmetrical encryption protocols like RSA (possibly not NTRU though), but symmetrical ones will only be weakened. Whenever you hear someone say quantum computers when talking about cryptography, they are most likely talking about Shor's algorithm. It will be extremely powerful for finding prime factors (someone encryption like RSA relies on being difficult to do).

But AES does not rely on factoring large numbers being difficult. At worst, for symmetrical encryption the time it takes to decrypt with a quantum computer will be 2^n/2 where n is the key size. So AES256 on a quantum computer will be like breaking AES128 on a normal computer. AES128 is still completely impractical to break.

 

A few years ago the fastest super computer could do 10.51 Pentaflops.

AES128 has 3.4*10³⁸ possible keys.

Optimistically (and for ease of counting), each combination check will take require 1000 flops.

 

No. of combination checks per second = (10.51 x 10¹⁵) / 1000 = 10.51 x 10¹²

No. of seconds in one Year = 365 x 24 x 60 x 60 = 31536000

No. of Years to crack AES with 128-bit Key = (3.4 x 10³⁸) / [(10.51 x 10¹²) x 31536000]
= (0.323 x 10²⁶)/31536000
= 1.02 x 1018
= 1 billion billion years

(Math taken from this website)

And that's being generous.

 

So assuming that we built a quantum computer tomorrow that was as powerful as the fastest super computer a few years ago. It would take that super computer 1 billion, billion years to crack AES 256 (all combinations).

1,020,000,000,000,000,000 years. Here is the age of the universe (in years) for comparison:

13,700,000,000

 

When talking about breaking AES128 you have to come up with ridiculous scenarios like "if we took all the atoms of planet Earth, and built computers out of it, and then powered it by the sun, then it would only take a million years to break!" kind of things.

That's why you will hear "AES is quantum computer proof".

[mach]

Imprisoning people has never been this easy.

You just have to prepare your own encrypted drive, claim it has illegal content and plant it on the guy.

Of course he won't be able to decrypt it. And until he can unlock it, which is never, he is in jail!