Insecurity agencies always wins the crypto war

Everywhere, positive thinking is touted as something that is good, healthy and beneficial. However, under certain circumstances, positive thinking can be detrimental, dangerous or even lethal.

One such area may be cryptography. Cryptography, or ”crypto” for short, is used in countless places today, up to and including mass life-or-death defining information.

Once upon a time, someone – probably a Roman emperor, as it is called a Caesar cipher – came up with the idea to write messages in such a way that only people who knew how to decode them could read them. He simply chose a number of steps by which to shift the alphabet, say that number is three, and if we use the English alphabet, then A becomes D, B becomes E and so on. The last letters are circulated back to the beginning, so X becomes A, Y becomes B and Z becomes C. When decoding, the recipient just did the opposite.

Gr brx xqghuvwdqg? Jrrg.

Of course, sooner or later, people who shouldn’t know the secret found out, and if they didn’t know by what number it was shifted, they could simply try different numbers until the text resembled the language it was expected to be written in.

Many different kinds of cryptography followed, (kryptós=hidden, secret. graphein=writing), someone came up with the idea of rotating the Caesar cipher by a few different numbers, or even use an entire book and its letters to indicate how much to shift the alphabet for every letter in the hidden message. Of course, the recipient had to have the list, or the same book. (A similar system is used for special purposes today, but it has to use perfectly random numbers that are only used once, or pattern analysis can break it, and its drawback is obvious – both the sender and the recipient has to have the same list of random numbers, and those mustn’t be transferred in such a way that an adversary can read it, or they too can decode the message. That makes this so called one time pad system impractical for most uses.)

We jump forward in time. During World War II, the Germans had the so called Enigma cipher machine, an advanced electromechanical device that encrypted messages, and they thought it was uncrackable. Today that cipher is most famous for having been cracked, I’m sure you’re already familiar with this.

In the seventies, DES came, in 1999 it was publicly shown to be crackable.

So forth and so on, now it comes out, thanks to Edward Snowden, that something today widely used is also crackable. It is the 1024 bit Diffie-Hellmann key exchange. It uses large prime numbers to exchange cryptographic keys, and many implementations of it uses the same primes everywhere everytime (as if nobody could have guessed that was a bad idea). Long story short, the NSA built an expensive computer to crack every crypto made with these particular primes, about one prime a year. That’s a lot of secrets, when one prime is used in bunches of different applications.

There are three solutions, either use different primes, go up to 2048 bit, or use a different system. I’ll leave that to the experts, which brings us to the next fact.

Making a secure cryptographic protocol is extremely difficult. No, not like planning cities or designing aeroplanes, much, MUCH harder. The math required is completely incomprehensible for the vast majority, myself included, and there is no way of knowing if you succeeded to make it secure, except by more math. And even then, you could of course miss something, if not else by the human factor. And if it passes through all reviews and tests, nobody would know until it’s too late.

There are only some tens of people worldwide who understands and can develop good cryptography. And can review it.

This of course means that the number of available secure, widely used types are few, which means that the NSA et al. only need to target a few, and find their weaknesses. Which has now happened with the 1024 bit Diffie-Hellmann with standard primes.

Even worse is the advent of quantum computers, which will render most kinds of cryptography obsolete. The NSA already has a quantum computer, with unknown capability. But its sibling, owned by amongst others Google, is getting an upgrade from 512 qubits to ”over 1000” according to a Swedish tech magazine (my guess 1024). If Google gets it now, it is likely that the NSA already has it, or at least will get it very soon, and with qubits, the power doesn’t ”just” increase from 2^512 to 2^1024 times something, but far, far more.

People keep saying ”then we need better crypto”. There are quantum-safe types of cryptography, but since the NSA is catching some 70 percent of Internet traffic, most likely targeting encrypted traffic for indefinite storage, we don’t need that in months or years, we needed it many years ago, when computers probably would have needed days to encrypt and decrypt the shortest of messages to such a standard. And if the trend continues, they will crack that too in another 5-20 years.

There doesn’t seem to exist a usable, future-secure crypto.

The conclusion is as follows: As long as the NSA and similar agencies exist, storing everything, everything you send over the Internet, even when it is encrypted, will sooner or later be read by them. And if they have it, it risks leaking.

You can not send data that can remain sensitive for a long time, over the Internet.

Read that again, it is important. You can not send anything that will remain sensitive, over the Internet. Nothing. Ever. Unless the insecurity agencies are shut down.

It’s extremely bad ”news”, but nonetheless I can’t find any reason to why it wouldn’t be true.


Taggar:, , , , , , , , , ,

Kommentera gärna här

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in: Logo

Du kommenterar med ditt Logga ut / Ändra )


Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )


Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )


Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s

%d bloggare gillar detta: