-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-06-20 18:05, Franz wrote: > On Mon, Jun 20, 2016 at 1:51 PM, Andrew David Wong > <a...@qubes-os.org> wrote: > > On 2016-06-19 08:40, Franz wrote: >>>> On Sun, Jun 19, 2016 at 11:40 AM, Andrew David Wong >>>> <a...@qubes-os.org> wrote: >>>> >>>> On 2016-06-19 04:38, Alistair Hutten wrote: >>>>>>> Good evening, Alistair here from Australia, >>>>>>> >>>>>>> I'm after some help / recommendation to follow best >>>>>>> practices (isolation between my different domains) >>>>>>> >>>>>>> My Current practice; >>>>>>> >>>>>>> - have encrypted vaults (cryptomator >>>>>>> <https://cryptomator.org/>) one for personal, and one >>>>>>> for work/business, - underlying encrypted files stored >>>>>>> within Dropbox >>>>>>> >>>>>>> I do it this was because data is encrypted at rest, and >>>>>>> more importantly before dropbox sees them, >>>> >>>> Careful: >>>> >>>> * Certain kinds of encryption are easier to break if the >>>> attacker has repeated access to a changing ciphertext. >>>> >>>> >>>>> Also, who knows what the future bring and when. Quantic >>>>> computing promises to be able to crack current encryption >>>>> systems. When this happens and if you are aware of it, you >>>>> would need to change all your passwords. >>>> > > That mainly applies to asymmetric, not symmetric, encryption: > > http://pqcrypto.org/ > > >> Thanks Andrew, I had a look only at the first paper of you link >> and it tells that the quantum computer problem is limited to >> public key encryption. While there is no problem for secret key >> encryption which would be the case for vault encryption. >
Well, it's not that quantum computing presents no problem *at all* for secret key/symmetric encryption. Symmetric ciphers are still thought to be vulnerable to Grover's algorithm, which basically means that key length would effectively be halved (e.g., the strength of AES-256 would be effectively halved to that of AES-128), but this is obviously much less of a problem than the crypto being completely broken (as would be the case for RSA, for example). > >>>>> I would not send my encrypted vault over the internet and >>>>> would not open it with anything different from my vaultVM. >>>> > > Data confidentiality is encryption's raison d'ĂȘtre. If you can't > send the ciphertext over the internet, then what's the point of > encrypting it? > > >> Well my idea was that there is no 100% security guarantee and it >> is only a matter of relative security. So I considered that >> keeping my backups in a NAS over a personal LAN was safer that >> sending them over the internet. > That's fair. I think that might qualify as security through obscurity (or maybe "security through non-availibility"), but that's not to say it doesn't still provide some real degree of security. >> But you link explains that I am wrong and that for any reasonable >> future secret key encryption is 100% safe. So thanks Andrew. >> This confidence certainly gives more peace of mind. Well... I didn't mean to give that impression. IANAC (I am not a cryptographer), but when it comes to encryption, I don't think we should say that anything is "100% safe." It's not that the algorithms are apodictically unbreakable. Rather, we derive our confidence in them from the fact that lots of smart people have spent lots of time trying to break them, and no one has been successful yet (that we know of!). That's why there are competitions to select algorithms. Also, even if the algorithm is secure, any given implementation you use might not be. So, even though it's true (as people often say) that the crypto itself is usually not the weak point in a digital system, I also don't think (and didn't mean to give you the impression) that it's "100% safe." - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXaJkvAAoJENtN07w5UDAwODsP/i6pR+e8I/tVaPoQYRonG9X/ KTxVWzbUcpooIjNYacmc8tDmVTEB3wm/RlZYiFUqKWlLgs4uXvt/5G0rgVtu/ErY gMud0OPZwg8wtR4ow7nMBy19oW2U8IsFIyWoidw/Z8UzLJ0NuwpHHy5d8hMf1QbV CNJ2ZDQLCidiKMnNWjB3ujWEHEcvNUhALBvCC71UU3CZ5L82SSuSSnE6H3nj4qCF X8RyKOAbz8EPAs0RlrrkNigQ4Nw57NYl3GOyk1uzZChlbpPXFsCo7lJGkP44s6nN CImgvKpVDj6UKk4u1TZFHR8BjVQ3TOiDfgmCC5WYckzZvFbbfbFv1sQoT5RbYyG4 t3T1wz1wjvJ/4BhS9NeBKcToQTFT4Jk8jyZffqWhV9KNz0nZMUnehM0n+c8vRS4h i1Vs2jmPAJgJBhySu4TxL52Vy6XfBTScw43yS+sxG41I+KpA+wpD/Ci8X1tJ+zys uWr2o8TsmaUIx8EMP45CnqDYo0iCni1/LnrOHUb0WZ135vz4ZhNlsgi6w5Ybvgpv w/GO1q0MmHAvJ82v1Y3PkQvKFFLKqZbfy7xvWP6xFM8DFS1D1T1hKTubNwVYFzku cwxESsFm4Cql49pRHCTkEP4qJX2aoThK+SRPRzel6xGhJ9Ds5bycxQpty59SemEA fe1tcSKdOyRi74eRUA7K =ifcM -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8c3ae6d-ef23-878a-e48d-099e9ff459df%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
