Not a bad idea anyway

Author	All Replies
vpoko Premium join:2003-07-03 Boston, MA	Not a bad idea anyway With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway.
	to forum · permalink · 2006-02-19 12:09:05 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA	said by vpoko: With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway. End to end encryption on everything. Even then, so long as data sits in an unencrypted state on servers you don't own, it's easy pickins for anyone with (or without) a warrant. And, really, all that encrypting ultimately buys you is a delay on how long from the time they intercept your data until they're reading it. -tom -- "Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
	to forum · permalink · 2006-02-19 12:34:42 ·
verolom join:2002-03-23 Reston, VA	There is such a notion of security through obscurity. If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them.
	to forum · permalink · 2006-02-19 14:59:54 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA	said by verolom: There is such a notion of security through obscurity. Technically, not really "security through obscurity". said by verolom: If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them. The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial. -tom -- "Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
	to forum · permalink · 2006-02-19 15:16:09 ·

vpoko Premium join:2003-07-03 Boston, MA	said by nixen: said by verolom: There is such a notion of security through obscurity. Technically, not really "security through obscurity". said by verolom: If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them. The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial. -tom Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure.
	to forum · permalink · 2006-02-19 16:51:43 ·
firefox Premium join:2000-12-03 San Jose, CA	reply to verolom said by verolom: There is such a notion of security through obscurity.... I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back.
	to forum · permalink · 2006-02-19 16:55:02 ·
vpoko Premium join:2003-07-03 Boston, MA	said by firefox: said by verolom: There is such a notion of security through obscurity.... I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back. I think it's the only security you can hope for against the government's ever-prying eyes.
	to forum · permalink · 2006-02-19 16:56:39 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA	reply to vpoko said by vpoko: Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure. No, what I am saying is, if you use the same set of encryption keys/algorithms to protect all of your files, once that set of keys is broken, unlocking the rest of your files is relatively trivial (relative to breaking the original key). As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason). -tom -- "Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
	to forum · permalink · 2006-02-19 16:59:21 ·
russotto join:2000-10-05 West Orange, NJ	reply to nixen Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find.
	to forum · permalink · 2006-02-19 18:06:45 ·
cbiggers join:2000-08-10 San Luis Obispo, CA	reply to nixen said by nixen: As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason). -tom However, as long as you use a security model that is not flawed to begin with, not even the government can brute force it at this time. It's just not plausible. Here is a quote about AES, which is what the US Government currently uses for the most part: Some cryptographers worry about the security of AES. They feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small for comfort. The risk is that some way to improve these attacks might be found and that, if so, the cipher could be broken. In this meaning, a cryptographic "break" is anything faster than an exhaustive search, so an attack against 128-bit key AES requiring 'only' 2120 operations would be considered a break even though it would be, now, quite infeasible. In practical application, any break of AES which is only this 'good' would be irrelevant. For the moment, such concerns can be ignored. The largest publicly-known brute-force attack has been against a 64 bit RC5 key by distributed.net (finishing in 2002; Moore's Law implies that this is roughly equivalent to an attack on a 66-bit key today). So yeah, I wouldn't worry about encryption being broken yet.
	to forum · permalink · 2006-02-19 18:15:17 ·
superht1 join:2001-02-22 Kennesaw, GA	reply to vpoko It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users.
	to forum · permalink · 2006-02-19 20:53:19 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA	reply to russotto said by russotto: Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find. Or... They run their keyword searches on the clear text transmissions, and then toss all the encrypted things into the crypto shredders because "hey, if it's encoded, there's gotta be a reason". Now, they might not do that for 100% of the data that passes over the internet, but, if an agency NSL'ed an ISP for a weeks worth of data, they could shred it fairly quickly to decide if they DID want to go after you specifically. Basically, it's a crap shoot. -tom -- "Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
	to forum · permalink · 2006-02-19 21:48:28 ·
GamerGeek Premium join:2003-07-26 Fortuna, CA	reply to superht1 said by superht1: It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users. I'm gonna preface this by explaining that I use Azureus quite often. Now then... You're going to have to explain to me where this "right" to trade files is described, 'cause I ain't never seen it. First off, packet shaping was implemented to deter users from trading copyrighted material. Users have found ways around that. Do you understand what that is? It's a violation of your ISP's terms of service, that's what. It's circumvention of safeguards put into place to limit the distribution of the aforementioned copyrighted material. It's grounds for termination of your account if they so desire, which you SHOULD be aware that they DO have the ability to find out what you're downloading at any given time. You don't HAVE any "rights" when it comes to distributing those files, because YOU aren't the license holder. And don't even go into the whole "what about the non-copyrighted files?" schtick. It isn't even a factor and everyone knows it. Example: take a look at one of the most popular bittorrent sites out there; mininova. Out of the top 20 downloaded files for today alone, 11 of those are TV episodes (copyrighted) and 5 are full feature movies (also copyrighted). The other 4 are Japanese anime. I hate to be the bearer of bad tidings, but when 80% of the top downloaded files are copyrighted stuff, don't you think the ISPs of the world are going to take steps to protect themselves? The right to trade files with other users... pfft... I want a new TV, maybe I should hop on down to Circuit City and steal me one of them, too?
	to forum · permalink · 2006-02-20 05:01:59 ·

Azureus Creators on End-to-End Encryption > Not a bad idea anyway