Constantin
Well-known member
Well said, drg.
Whether or not quantum encryption will render many encryption methods obsolete, I see other opportunities that are much more promising re: privacy and security for the majority of computer users. For example, I'd welcome the development and wide-spread deployment of end-to-end encryption methods for e-mail, v-mail, etc. that are transparent to the user, which are encrypted end-to-end, and which are unique for every connection.
PGP took a step in that direction way back in the 90's but the method never caught on for broad swathes of the population. It was simply too difficult to exchange public keys for Joe public to embrace the system - the key exchange would have to be built into the e-mail protocol. I imagine the NSA had something to do with that, just as they had RSA sell out their customer security for $10MM.
But a good system similar to PGP that is integrated into the OS (automating public key retrieval, sharing a common API for all e-mail, Skype, etc. communications with 1000+ bit keys on every communication stream) would likely go a long way towards protecting messages while in transit. Then you'd have to turn to securing the systems the stuff is running on, a much harder problem these days thanks to the sheer complexity of operating systems, the myriad of programs we run, and so on. Consider the sheer number of zero-day threats out there for any OS, and the only logical solution to slow information leaks is an air-gap.
Yes, you could attempt to create a secure system, just as some OS' authors have aspired to (i.e. OpenBSD). But you'd also need to secure the hardware. Effective end-to-end security on all hardware and software layers of the system, like HDMI and the Playstation consoles attempted, where every communication between chips is encrypted is hard to achieve, even for motivated companies / organizations. But even those attempts were broken, and by enthusiasts, not a multi-billion government agency.
Perhaps one would likely have better luck with an ancient OS (Commodore 64?) that has no bells and whistles, no connectivity to the internet, and which is housed inside a room that features a faraday cage, a tempest-terminal, etc.. because once you look at the myriad of MCUs and software packages on your average laptop being sent out today, that's a major challenge to secure. I'd argue that you can keep out the script kiddies... but when it comes to professionals... or even 3-letter government agencies... forget about it.
If some nameless, spooky agency wants to get you, they will. Whether it's compromising your computer system, the privacy methods you use, etc. the probability of them being able to intercept any password is very, very high. Then, brute force is not even needed.
Or they simply break you. All the government has to do is claim your case involves 'national security', 'terrorism', or like concerns, and Miranda rights, habeas corpus, the right to face your accuser, examine the evidence (i.e. discovery), or the right for a trial, can be simply cast aside. Never mind allegedly-legal treatment options like what Bradley Manning experienced, i.e. being kept naked, in solitary confinement, and being required to answer a prison guard every 10 minutes 24/7 that he was 'OK'.
Whether or not quantum encryption will render many encryption methods obsolete, I see other opportunities that are much more promising re: privacy and security for the majority of computer users. For example, I'd welcome the development and wide-spread deployment of end-to-end encryption methods for e-mail, v-mail, etc. that are transparent to the user, which are encrypted end-to-end, and which are unique for every connection.
PGP took a step in that direction way back in the 90's but the method never caught on for broad swathes of the population. It was simply too difficult to exchange public keys for Joe public to embrace the system - the key exchange would have to be built into the e-mail protocol. I imagine the NSA had something to do with that, just as they had RSA sell out their customer security for $10MM.
But a good system similar to PGP that is integrated into the OS (automating public key retrieval, sharing a common API for all e-mail, Skype, etc. communications with 1000+ bit keys on every communication stream) would likely go a long way towards protecting messages while in transit. Then you'd have to turn to securing the systems the stuff is running on, a much harder problem these days thanks to the sheer complexity of operating systems, the myriad of programs we run, and so on. Consider the sheer number of zero-day threats out there for any OS, and the only logical solution to slow information leaks is an air-gap.
Yes, you could attempt to create a secure system, just as some OS' authors have aspired to (i.e. OpenBSD). But you'd also need to secure the hardware. Effective end-to-end security on all hardware and software layers of the system, like HDMI and the Playstation consoles attempted, where every communication between chips is encrypted is hard to achieve, even for motivated companies / organizations. But even those attempts were broken, and by enthusiasts, not a multi-billion government agency.
Perhaps one would likely have better luck with an ancient OS (Commodore 64?) that has no bells and whistles, no connectivity to the internet, and which is housed inside a room that features a faraday cage, a tempest-terminal, etc.. because once you look at the myriad of MCUs and software packages on your average laptop being sent out today, that's a major challenge to secure. I'd argue that you can keep out the script kiddies... but when it comes to professionals... or even 3-letter government agencies... forget about it.
If some nameless, spooky agency wants to get you, they will. Whether it's compromising your computer system, the privacy methods you use, etc. the probability of them being able to intercept any password is very, very high. Then, brute force is not even needed.
Or they simply break you. All the government has to do is claim your case involves 'national security', 'terrorism', or like concerns, and Miranda rights, habeas corpus, the right to face your accuser, examine the evidence (i.e. discovery), or the right for a trial, can be simply cast aside. Never mind allegedly-legal treatment options like what Bradley Manning experienced, i.e. being kept naked, in solitary confinement, and being required to answer a prison guard every 10 minutes 24/7 that he was 'OK'.
Last edited: