>> On Sun, Jun 14, 2020 at 2:38 PM Yosem Companys <[email protected]> wrote: >> Alex Nicholson 10:43 AM >> Curious what others think about this... this past week @Jason Calacanis >> (launch.co) talked about the need for all-user end-to-end encryption on >> services like Zoom in China, and basically anyone operating in or through >> China, because of the Chinese govt’s likelihood of intercepting and/or >> interfering with communications as it likes. However, I would argue that the >> conversation is severely under-estimating the sophistication of the Chinese >> govt. The US’s NSA can crack any encryption in the world and listen to any >> communications it wants. Why would we think China’s version of the NSA is >> any less sophisticated? Commercial encryption prevents interception by >> hackers and criminals, low-level operations without the budgets or resources >> of state actors. The intelligence services of major world powers have the >> skills and tools to crack any company’s best attempt at encryption. So what >> does it matter if a service like Zoom or anything touching China is >> encrypted or not? If it touches Chinese soil, fibers, or airspace, it can be >> read by their govt. If it’s encrypted, it prob won’t be read by criminals >> and civilian hackers only. Thoughts?
> On Jun 14, 2020, at 8:46 PM, Ali-Reza Anghaie <[email protected]> wrote: > I think people still don't understand what risk surfaces are actually worth > attacking - and they latch onto encryption without any of the other OPSEC > considerations, side-channel attacks on the information and groups being > protected, etc. > This XKCD still applies: https://xkcd.com/538/ > The problem is the companies and politics still should _strive_ for the best > in each applicable area but people are deluding themselves when they consider > a Nation State threat model as their baseline. Yeah, I mostly agree with that. On the one hand, there is no uncrackable encryption… the passage of time, Moore’s law, quantum computing, it’ll all get decrypted, it’s just a question of when. Symmetric encryption works as long as the keys are used 1:1, get destroyed after use, and are communicated securely in the first place. Quantum communication of symmetric keys seems promising. But there are so many other, easier attacks, in the short run, that getting idiots to focus on key-length and ignore all the real attacks just makes governments’ work easier. -Bill
signature.asc
Description: Message signed with OpenPGP
-- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
