Yosem Companys writes: > Alex Nicholson 10:43 AM [...] > However, I would argue that the conversation is severely > under-estimating the sophistication of the Chinese govt. The > US’s NSA can crack any encryption in the world and listen to any > communications it wants. Why would we think China’s version of > the NSA is any less sophisticated? Commercial encryption prevents > interception by hackers and criminals, low-level operations without > the budgets or resources of state actors. The intelligence services of > major world powers have the skills and tools to crack any company’s > best attempt at encryption.
I would reply (1) What's the evidence that either NSA or another agency "can crack any encryption in the world"? (2) When governments have special-purpose hardware to take advantage of some insight into cracking crypto, for example as described in section 4.2 of the "Imperfect Forward Secrecy" paper, that hardware is not free to build or operate and doesn't necessarily scale up to attacking all communications. So that capability would end up getting used against a subset of communications and not, for example, for keyword searches or archives of all plaintext. (3) Adi Shamir famously said that "cryptography is typically bypassed, not penetrated"; I have personally not seen any indications that this is wrong, as a general rule. Forcing spies to actively attack your devices or to come into physical proximity to you in order to bypass your cryptography, instead of performing a passive attack, increases their costs and risks, including creating possibilities of detecting the attack, designing new countermeasures, and attributing the attack. An attack that requires proximity or software or hardware tampering with your device has the huge benefit to you (and everyone else who may be targeted by the same methods or organizations) that there is something you can potentially notice. Yes, hardware and software implants can be extremely stealthy, but the attacker is still conceptually taking a huge risk by delivering them into your possession. (4) If the Chinese government had a class break against a primitive like AES, the U.S. government would probably not keep allowing, or requiring, its own agencies to use it to protect their own communications. https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
