@ Chris Laprise On Saturday, November 11, 2017 at 11:22:37 PM UTC, Chris Laprise wrote: > On 11/11/2017 08:31 AM, Yuraeitha wrote: > > On Saturday, November 11, 2017 at 12:44:54 PM UTC, Chris Laprise wrote: > >> On 11/10/2017 05:51 PM, [email protected] wrote: > >>> In this case you should ask the luks/dmcrypt mailinglist as that is > >>> what qubes uses for disk crypto. > >>> > >> Would be simpler off the bat to limit discussion to asymmetric crypto, > >> as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and > >> most other disk encryption uses symmetric crypto. > >> > >> I believe qvm-backup crypto is also symmetric (although IIRC it may have > >> specific security issues that need to be addressed). > >> > >> Finally, there is anti-evil-maid; I think it uses symmetric but not > >> certain. > >> > >> -- > >> > >> Chris Laprise, [email protected] > >> https://github.com/tasket > >> https://twitter.com/ttaskett > >> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > That's an interesting twist, and seems like a very good point. > > > > Though does that mean asymmetric is more vulnerable due to it's nature of > > having two key systems (Private/Public) rather than a single private key? > > Lower entropy with two keys perhaps? > > or is it because asymmetry is typically used more when send over the > > internet compared to symmetry which is more often used offline? > > > > So then, asymmetric internet protocols going in and out of Qubes, or > > encrypted packages or whole encrypted files send over the internet, is the > > bigger concern? or the more immediate between the two one I assume. The > > question left to me, out of curiosity, is just "why is it the asymmetric > > security a bigger concern". Are any of the two guesses the right reason? > > There are some articles/talks that explain the difference, but its not > due to entropy. Its because the public key provides too much info about > the private key to a qc search algorithm. This was already the case with > regular computer searches, at least with RSA which uses much larger keys > than a symmetric cipher like AES to compensate for the issue. > > A figure I heard was that qc can cut search time for symmetric key > merely in half, whereas its can cut time for asymmetric key by orders of > magnitude. > > > Also about another aspect, are there by any chance any kind of encryption > > between the ioslated qubes in Qubes? If true, then internet based attacks > > cannot attack dom0 no matter what happens in the area of encryption > > cracking? but it may be able to attack whatever is using encryption in the > > VM itself? But offline physical encryption crack attacks, albeit seemingly > > requiring stronger cracking capability, can reach dom0? > > > Specifically, if I understood this correctly, there is no immediate concern > > right now to protect with encryption in an offline physical machine, unless > > a copy is made of the data and stolen, or the entire drive is stolen, to be > > cracked in the future. So if a drive, or copy thereof, is stolen, it may be > > a future risk, but otherwise not a current risk. > > > > Eventually all this seems to boil down to theft of data, or surveillance, > > which is left to be cracked in the future, instead of now. But internet > > encrypted data is significantly easier to steal. > > Most Internet encryption is based on asymmetric ciphers. That's the main > issue and Qubes is not special in any sense on this topic. > > As for quantum networks, they are slightly more obtainable than, say, > moon rockets. > > -- > > Chris Laprise, [email protected] > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
So you don't have a moon rocket in your backyard? Really? Everyone have that by now. Joke aside xD I do actually think Quantum networks are much closer than we might think at first when first hearing about it, it's probably the quantum part that makes it seem so distant and futuristic. It's not as complex as quantum computing, and much less work has gone into it, yet prototypes are already up and working around the world as we speak. It's basically a simple transfer of data through light and not something of the scale of a whole quantum computer. Given the fiber internet network might be able to carry these signals, it's not farfetched to imagine we'll start to have portions of Quantum internet in less than 10 years. It's a cheap technology too. While sure such research costs a lot to do, the technology itself should be relatively cheap, and a lot of the quantum computing research costs come from universities whom give away their research fore free mostly now a days (Open Science movement, kinda like Open Source movement). So given we already partly have a infrstructure that can carry it, and given we currently have working prototypes, and given the technology itself appears relatively cheap. I don't think we actually have to wait long. But who knows, if anything is uncertain, it'd be the attempt to predict the future. It's just that the odds seems pretty favourable that we'll see it soon. The Tor network doesn't even need to do much to transfer to this type of network, since this is technology running below the Tor layer protocols, I believe? I guess the biggest issue would be to ensure that there is light fibers all the way between A and B on the internet? Maybe Tor would have to tackle that issue. Also, the Chinese went ahead with this big time, if the rest of the world does not catch up, then the Chinese will have a much safer internet compared to the rest of the world. Given all the cyber attacks and industry spionage, and war prevention, cyber threats are the reason of, I do not think it'll just come around slowly. It'll likely turn into a race, because no one wants to be the weak kid among the superpowers in the world. Albeit USA and Russia governments are a bit slow in the uptake atm, they will likely realize this soon enough. Thanks for clearing up the asymmetric general security issue, it's been bothering me for a while. So the weakness is the key similarity, interesting. . @ Vít Šesták On Saturday, November 11, 2017 at 11:22:37 PM UTC, Chris Laprise wrote: > On 11/11/2017 08:31 AM, Yuraeitha wrote: > > On Saturday, November 11, 2017 at 12:44:54 PM UTC, Chris Laprise wrote: > >> On 11/10/2017 05:51 PM, [email protected] wrote: > >>> In this case you should ask the luks/dmcrypt mailinglist as that is > >>> what qubes uses for disk crypto. > >>> > >> Would be simpler off the bat to limit discussion to asymmetric crypto, > >> as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and > >> most other disk encryption uses symmetric crypto. > >> > >> I believe qvm-backup crypto is also symmetric (although IIRC it may have > >> specific security issues that need to be addressed). > >> > >> Finally, there is anti-evil-maid; I think it uses symmetric but not > >> certain. > >> > >> -- > >> > >> Chris Laprise, [email protected] > >> https://github.com/tasket > >> https://twitter.com/ttaskett > >> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > That's an interesting twist, and seems like a very good point. > > > > Though does that mean asymmetric is more vulnerable due to it's nature of > > having two key systems (Private/Public) rather than a single private key? > > Lower entropy with two keys perhaps? > > or is it because asymmetry is typically used more when send over the > > internet compared to symmetry which is more often used offline? > > > > So then, asymmetric internet protocols going in and out of Qubes, or > > encrypted packages or whole encrypted files send over the internet, is the > > bigger concern? or the more immediate between the two one I assume. The > > question left to me, out of curiosity, is just "why is it the asymmetric > > security a bigger concern". Are any of the two guesses the right reason? > > There are some articles/talks that explain the difference, but its not > due to entropy. Its because the public key provides too much info about > the private key to a qc search algorithm. This was already the case with > regular computer searches, at least with RSA which uses much larger keys > than a symmetric cipher like AES to compensate for the issue. > > A figure I heard was that qc can cut search time for symmetric key > merely in half, whereas its can cut time for asymmetric key by orders of > magnitude. > > > Also about another aspect, are there by any chance any kind of encryption > > between the ioslated qubes in Qubes? If true, then internet based attacks > > cannot attack dom0 no matter what happens in the area of encryption > > cracking? but it may be able to attack whatever is using encryption in the > > VM itself? But offline physical encryption crack attacks, albeit seemingly > > requiring stronger cracking capability, can reach dom0? > > > Specifically, if I understood this correctly, there is no immediate concern > > right now to protect with encryption in an offline physical machine, unless > > a copy is made of the data and stolen, or the entire drive is stolen, to be > > cracked in the future. So if a drive, or copy thereof, is stolen, it may be > > a future risk, but otherwise not a current risk. > > > > Eventually all this seems to boil down to theft of data, or surveillance, > > which is left to be cracked in the future, instead of now. But internet > > encrypted data is significantly easier to steal. > > Most Internet encryption is based on asymmetric ciphers. That's the main > issue and Qubes is not special in any sense on this topic. > > As for quantum networks, they are slightly more obtainable than, say, > moon rockets. > > -- > > Chris Laprise, [email protected] > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 urg... that's a scary point, if the updates become insecure and unreliable without proper signatures... hmm, in Qubes, the signature confirmation happens in dom0 or in the sys-net? It seems like an interesting duality, though I may be wrong regarding that. For exampple, similar to how Qubes e-mail split GPG works, or split Bitcoin VM's, the keys are kept in another offline VM. Is the same applied to Qubes dom0 and now the new Qubes 4 template updates? So the weak chain is not in Qubes, but Qubes may still be affected by man-in-the-middle-attacks over the internet or if the update server is attacked? But in another contrast, infected packages getting into dom0 to get signature verified, would pose a risk? So one have to choose between the two security risks? Doubling up the key length seems like an interesting prospect, but has the potential risk to fail in the future by quantum computing, if I understood you correctly. So as long no one steal our symmetric encrypted data or drives, and save it for a decade or more before trying to crack it with more powerful computing, we should be safe, I assume. So increasing the key as far as possible, and try avoid theft of symmetric encrypted data. Seems like a game plan? I've wondered for a good while if splitting up an symmetric encrypted file in multiple of parts, say for example minimum two parts, and send one over the internet, and carry the other on yourself in person, that if only one part is stolen (for example someone steal your laptop with sensitive competitive business trade secrets), then it's still uncrackable? However it's mostly been a fun thought experiment, I never managed to confirm it, but I imagine businesses or even government agencies would want to use such approaches if its applicable? If it isn't already. Wait, hold on, your last line, regarding that "some" asymmetric encryption is believed to be secure against future quantum computing? Is it possible to elaborate on that? Also if this turns out to indeed be quantum crack proof, whould it be feasible to use these for what we currently use symmetric encryption for? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d778785c-7c7d-46a2-990d-a6e80b3016c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
