On Saturday, November 11, 2017 at 12:44:54 PM UTC, Chris Laprise wrote:
> On 11/10/2017 05:51 PM, [email protected] wrote:
> > In this case you should ask the luks/dmcrypt mailinglist as that is 
> > what qubes uses for disk crypto.
> >
> 
> Would be simpler off the bat to limit discussion to asymmetric crypto, 
> as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and 
> most other disk encryption uses symmetric crypto.
> 
> I believe qvm-backup crypto is also symmetric (although IIRC it may have 
> specific security issues that need to be addressed).
> 
> Finally, there is anti-evil-maid; I think it uses symmetric but not certain.
> 
> -- 
> 
> Chris Laprise, [email protected]
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

That's an interesting twist, and seems like a very good point. 

Though does that mean asymmetric is more vulnerable due to it's nature of 
having two key systems (Private/Public) rather than a single private key? Lower 
entropy with two keys perhaps? 
or is it because asymmetry is typically used more when send over the internet 
compared to symmetry which is more often used offline?

So then, asymmetric internet protocols going in and out of Qubes, or encrypted 
packages or whole encrypted files send over the internet, is the bigger 
concern? or the more immediate between the two one I assume. The question left 
to me, out of curiosity, is just "why is it the asymmetric security a bigger 
concern". Are any of the two guesses the right reason?


Also about another aspect, are there by any chance any kind of encryption 
between the ioslated qubes in Qubes? If true, then internet based attacks 
cannot attack dom0 no matter what happens in the area of encryption cracking? 
but it may be able to attack whatever is using encryption in the VM itself? But 
offline physical encryption crack attacks, albeit seemingly requiring stronger 
cracking capability, can reach dom0?

Specifically, if I understood this correctly, there is no immediate concern 
right now to protect with encryption in an offline physical machine, unless a 
copy is made of the data and stolen, or the entire drive is stolen, to be 
cracked in the future. So if a drive, or copy thereof, is stolen, it may be a 
future risk, but otherwise not a current risk.

Eventually all this seems to boil down to theft of data, or surveillance, which 
is left to be cracked in the future, instead of now. But internet encrypted 
data is significantly easier to steal.

This could be solved with the quantum network China made a big move towards 
recently though? One of the articles here about Quantum networks that goes into 
the pros and cons, as well as the feasibility and possible directions with the 
technology can take in the future. It seems this short brief article covers a 
bit of everything regarding this complex area 
https://www.wired.com/story/quantum-internet-is-13-years-away-wait-whats-quantum-internet/

Assuming quantum internet ever becomes a full scale replacement of our 
internet, perhaps this is the game changer we need to fix asymmetric 
encryption? After all, it wouldn't be a matter of hacking mathematics, it'd be 
increased to a level of hacking physics and the circumventing the laws of the 
universe. Anyone trying to read the signal, would apparently scramble it and 
make it unreadable. 

But in contrast, this cannot be used in symmetric encryption of i.e. local 
files and drives? and it requires a proper medium, like light fiber cables or 
similar, to carry the quantum signals, which would mean a lot of our modern 
infrastructure is not usable for quantum networking. 

It seems promising though, especially if it would arrive sooner rather than 
later to Linux/Qubes.

For example, the implications of combining quantum networking with the Tor 
network? It'd be potentially unhackable network/internet private connections? 
Tor's weakness, one of the bigger ones, is traffic sniffting at the end nodes. 
A quantum based internet could fix that issue on Tor, making it impossible to 
both know what is send, as well as to whom it was from or to.

Would there be any loose ends though? For example the joint between Qubes OS 
itself, and a future quantum based Tor based network? The weakness could be the 
joints and exploiting these with malware/surveillance? 
If the unit expected to receive the quantum signal itself is infected, then it 
could still surveillance any data/connections going through it? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c7fc324d-8fe2-43a8-9d56-34c9f1b29056%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to