On Saturday, November 11, 2017 at 12:44:54 PM UTC, Chris Laprise wrote: > On 11/10/2017 05:51 PM, [email protected] wrote: > > In this case you should ask the luks/dmcrypt mailinglist as that is > > what qubes uses for disk crypto. > > > > Would be simpler off the bat to limit discussion to asymmetric crypto, > as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and > most other disk encryption uses symmetric crypto. > > I believe qvm-backup crypto is also symmetric (although IIRC it may have > specific security issues that need to be addressed). > > Finally, there is anti-evil-maid; I think it uses symmetric but not certain. > > -- > > Chris Laprise, [email protected] > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
That's an interesting twist, and seems like a very good point. Though does that mean asymmetric is more vulnerable due to it's nature of having two key systems (Private/Public) rather than a single private key? Lower entropy with two keys perhaps? or is it because asymmetry is typically used more when send over the internet compared to symmetry which is more often used offline? So then, asymmetric internet protocols going in and out of Qubes, or encrypted packages or whole encrypted files send over the internet, is the bigger concern? or the more immediate between the two one I assume. The question left to me, out of curiosity, is just "why is it the asymmetric security a bigger concern". Are any of the two guesses the right reason? Also about another aspect, are there by any chance any kind of encryption between the ioslated qubes in Qubes? If true, then internet based attacks cannot attack dom0 no matter what happens in the area of encryption cracking? but it may be able to attack whatever is using encryption in the VM itself? But offline physical encryption crack attacks, albeit seemingly requiring stronger cracking capability, can reach dom0? Specifically, if I understood this correctly, there is no immediate concern right now to protect with encryption in an offline physical machine, unless a copy is made of the data and stolen, or the entire drive is stolen, to be cracked in the future. So if a drive, or copy thereof, is stolen, it may be a future risk, but otherwise not a current risk. Eventually all this seems to boil down to theft of data, or surveillance, which is left to be cracked in the future, instead of now. But internet encrypted data is significantly easier to steal. This could be solved with the quantum network China made a big move towards recently though? One of the articles here about Quantum networks that goes into the pros and cons, as well as the feasibility and possible directions with the technology can take in the future. It seems this short brief article covers a bit of everything regarding this complex area https://www.wired.com/story/quantum-internet-is-13-years-away-wait-whats-quantum-internet/ Assuming quantum internet ever becomes a full scale replacement of our internet, perhaps this is the game changer we need to fix asymmetric encryption? After all, it wouldn't be a matter of hacking mathematics, it'd be increased to a level of hacking physics and the circumventing the laws of the universe. Anyone trying to read the signal, would apparently scramble it and make it unreadable. But in contrast, this cannot be used in symmetric encryption of i.e. local files and drives? and it requires a proper medium, like light fiber cables or similar, to carry the quantum signals, which would mean a lot of our modern infrastructure is not usable for quantum networking. It seems promising though, especially if it would arrive sooner rather than later to Linux/Qubes. For example, the implications of combining quantum networking with the Tor network? It'd be potentially unhackable network/internet private connections? Tor's weakness, one of the bigger ones, is traffic sniffting at the end nodes. A quantum based internet could fix that issue on Tor, making it impossible to both know what is send, as well as to whom it was from or to. Would there be any loose ends though? For example the joint between Qubes OS itself, and a future quantum based Tor based network? The weakness could be the joints and exploiting these with malware/surveillance? If the unit expected to receive the quantum signal itself is infected, then it could still surveillance any data/connections going through it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7fc324d-8fe2-43a8-9d56-34c9f1b29056%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
