Login

Blog Entry For 8/9/2013

Encryption & Deception

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
- Benjamin Franklin 1775.

depiction of decryption! Right and wrong, legal an illegal are often temporally incongruent, with the latter several steps behind the former. One article I would recommend on this viewpoint is a thought provoking angle by Moxie Marlinspike. There are a multitude of news reports covering the recent revelations of Edward Snowden, and surely many more opinions of his actions. For those of us in the software field, the revelations are a severe blow to the industry. The principal rule of online security is to rely on the textbook mathematical formulae, and to never be tempted to 'roll your own'. The Snowden release provides strong evidence that the majority of textbook security measures may have been infiltrated in a most repulsive manner. According to reports, the NSA in conjunction with GCHQ have achieved an unprecedented, multi-faceted attack of online privacy. According to a report by Sky News, they have achieved success through brute force attack attempts. Other measures include forcing companies to build back doors into their systems and to provide master keys to access their data. To top it off, the very encryption standards themselves are believed to have intentional vulnerabilities in-built to aid in decryption measures.

NSA logo It is this latter point that resonates in the software industry in particular. The industry has relied on the trust of NIST (National Institute of Standards and Technology) in their advice regarding the security of particular encryption methods. However, NIST has always had a complicated relationship with the NSA. Indeed, recent advices from NIST on the new Dual_EC_DRBG standard raised eyebrows, with what appeared to be clear evidence of detectable bias.

GCHQ logo So, from what the news has been talking about, it seems that every email, Skype call and online transaction is laid bare for GCHQ and NSA to trawl through at their leisure. No secure algorithm is without suspicion of tampering. The cryptography industry may well have to re-evaluate their relationship with NIST and, perhaps, new methodologies and algorithms may need developing that circumvent the influence of government. Thankfully, key players in cryptography have already started the ball rolling in this respect.

The general public will no doubt have other issues, and are debating pros and cons of sacrificing privacy if it helps to intercept communications pertinent to national security. Personally, I'm with Franklin in this regard. The government keep pulling the security card out at every opportunity, biasing public opinion through fear, manipulation and misinformation. If this has the desired effect, then we have no right to complain when there is no means to establish trust on the internet. After all, as our elected representatives, they're only doing this for our benefit, aren't they? The question being, whilst they're watching us, who's watching them?

9/8/2013 Tags: edward snowden nsa gchq encryption

Post Comment


Captcha

Comments: 21

Posted by KennethDrino
Posted: 7/21/2024 6:43 AM
Posted by Robertsmilk ????? ?????????? ?????????????
Posted: 7/14/2024 3:16 PM
Posted by Marcusbrect
Posted: 7/14/2024 12:26 PM
Posted by Marcusbrect
Posted: 7/10/2024 2:17 PM
Posted by KennethDrino
Posted: 7/3/2024 4:07 PM
Posted by Marcusbrect
Posted: 6/16/2024 6:30 PM
Posted by Marcusbrect
Posted: 6/9/2024 6:03 PM
Posted by Shawnadasy
Posted: 5/13/2024 2:48 PM
Posted by Marcusbrect
Posted: 5/12/2024 4:57 PM
Posted by Marcusbrect
Posted: 5/7/2024 4:38 PM
Posted by Marcusbrect
Posted: 5/5/2024 5:09 PM
Posted by Robertsmilk
Posted: 4/23/2024 6:27 PM
Posted by Marcusbrect
Posted: 4/22/2024 12:00 AM
Posted by Robertsmilk ???????? ????????:
Posted: 4/18/2024 7:59 AM
Posted by Marcusbrect
Posted: 3/22/2024 2:01 AM
Posted by Marcusbrect
Posted: 3/7/2024 11:43 PM
Posted by Shawnadasy ??????? ??????????? ???????? ???????? ??????????????? ?? ????????? ???? ? ??? 9001:2011 ? ????? ?????????????? ? ???????????? ??????????????????? ? ??????? ?????????????
Posted: 2/22/2024 6:02 PM
Posted by BrandonVep
Posted: 2/16/2024 5:19 PM
Posted by Charlesmuh ????? ???? ?????????? ????? ????: ??? ??????? ???????????? ??????
Posted: 2/9/2024 11:33 AM
Posted by Marcusbrect
Posted: 2/7/2024 10:02 AM
Posted by BrandonVep
Posted: 2/4/2024 1:37 PM
If you found any of my software useful, please consider a small donation to help me keep my software free.
PayPal button image
tag heuer florida mall high quality rolex replicas replica watches buy hublot replica watches online india audemars piguet royal oak chronograph blue dial price swiss replica watches tag heuer aquaracer replica tag heuer caz1014 ba0842 review uk replica watches rolex daytona platinum replica breitling chronospace night mission replica watches