On 11/11/2017 08:31 AM, Yuraeitha wrote:
On Saturday, November 11, 2017 at 12:44:54 PM UTC, Chris Laprise wrote:
On 11/10/2017 05:51 PM, [email protected] wrote:
In this case you should ask the luks/dmcrypt mailinglist as that is
what qubes uses for disk crypto.
Would be simpler off the bat to limit discussion to asymmetric crypto,
as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and
most other disk encryption uses symmetric crypto.
I believe qvm-backup crypto is also symmetric (although IIRC it may have
specific security issues that need to be addressed).
Finally, there is anti-evil-maid; I think it uses symmetric but not certain.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
That's an interesting twist, and seems like a very good point.
Though does that mean asymmetric is more vulnerable due to it's nature of
having two key systems (Private/Public) rather than a single private key? Lower
entropy with two keys perhaps?
or is it because asymmetry is typically used more when send over the internet
compared to symmetry which is more often used offline?
So then, asymmetric internet protocols going in and out of Qubes, or encrypted packages
or whole encrypted files send over the internet, is the bigger concern? or the more
immediate between the two one I assume. The question left to me, out of curiosity, is
just "why is it the asymmetric security a bigger concern". Are any of the two
guesses the right reason?
There are some articles/talks that explain the difference, but its not
due to entropy. Its because the public key provides too much info about
the private key to a qc search algorithm. This was already the case with
regular computer searches, at least with RSA which uses much larger keys
than a symmetric cipher like AES to compensate for the issue.
A figure I heard was that qc can cut search time for symmetric key
merely in half, whereas its can cut time for asymmetric key by orders of
magnitude.
Also about another aspect, are there by any chance any kind of encryption
between the ioslated qubes in Qubes? If true, then internet based attacks
cannot attack dom0 no matter what happens in the area of encryption cracking?
but it may be able to attack whatever is using encryption in the VM itself? But
offline physical encryption crack attacks, albeit seemingly requiring stronger
cracking capability, can reach dom0?
Specifically, if I understood this correctly, there is no immediate concern
right now to protect with encryption in an offline physical machine, unless a
copy is made of the data and stolen, or the entire drive is stolen, to be
cracked in the future. So if a drive, or copy thereof, is stolen, it may be a
future risk, but otherwise not a current risk.
Eventually all this seems to boil down to theft of data, or surveillance, which
is left to be cracked in the future, instead of now. But internet encrypted
data is significantly easier to steal.
Most Internet encryption is based on asymmetric ciphers. That's the main
issue and Qubes is not special in any sense on this topic.
As for quantum networks, they are slightly more obtainable than, say,
moon rockets.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a96c354a-19b9-2ba0-ad68-f39dffbac44a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.