Announcements
Planned Site Maintenance
Due to scheduled maintenance, account creation for new Community users will be unavailable 11 a.m. Eastern October 23, 2020 – October 24, 2020. We apologize for any inconvenience.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: Crypto Wars, Again (and again, and again, and again ...)

Lets get back to basics, why do Government authorities want access to your encrypted data?

 

A). They don't trust people

B). They are looking for signs of terrorism, subversives or other indicators

C). You are using a new cryptographic algorithm not within their current databases or one you created yourselves.

D).  You live in a country, which is under oppressive central control, who want to make sure you are following the party line i.e. thinking the way they do?    E.g. East Germany when it existed etc.

E).  Researchers want to track and trace malware across borders for easy identification.

 

If you are using a proprietary cryptography method, which you have not asked the authorities approval or verification you can use it, is likely to stand out like a sore thumb - remembering that cryptographic methods and encryption methods are regarded as an "Act of War or an electronic weapon".

 

There is no such thing as a free lunch anywhere in the world - we are all suspicious, and everyone wants to protect their own borders regardless of who, what, where they exist.

 

Regards

 

Caute_cautim

 

 

 

Highlighted
Community Champion

Re: Crypto Wars, Again (and again, and again, and again ...)

> Caute_cautim (Community Champion) posted a new reply in Industry News on

> Lets get back to basics, why do Government authorities want access to your
> encrypted data?   A). They don't trust people

Sounds likely.

> B). They are looking for signs of
> terrorism, subversives or other indicators

That's what they all say. Actually, one security researcher thought this was a
possibly legit concern. But, being a scientist, she asked for data to back it up:
could someone show her a case where they knew somebody was guilty, but couldn't
prove it because they used encryption.

Nobody could give her an example ...

> C). You are using a new cryptographic
> algorithm not within their current databases or one you created yourselves.

Not really a reason to want the traffic ...

> D). 
> You live in a country, which is under oppressive central control, who want to
> make sure you are following the party line i.e. thinking the way they do?   
> E.g. East Germany when it existed etc.

Or the Trump administration ...

> E).  Researchers want to track and trace
> malware across borders for easy identification.

Access to plaintext would not help. Malware either a) isn't encrypted, or b) is self-
decrypting. Anything else defeats the purpose.

>   If you are using a proprietary
> cryptography method, which you have not asked the authorities approval or
> verification you can use it, is likely to stand out like a sore thumb -

Encrypted traffic doesn't really stand out. It all looks like noise, if it's done right.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Madness takes its toll. Please have exact change ready.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: Crypto Wars, Again (and again, and again, and again ...)

HI @rslade 

 

Quote:

 

> C). You are using a new cryptographic
> algorithm not within their current databases or one you created yourselves.

Not really a reason to want the traffic ...

 

Unquote

 

You have obviously not been in a position of inventing a new cryptographic algorithm, where the Government cryptographic experts actually state you need to reduce the key length in order for them to allow you to use it.

By the way, they also stated had we not informed them, we would have been in big trouble.   This is the UK experience. 

 

As stated previously under agreed international export controls and Vienna Convention - encryption is regarded as a weapon of war.

 

Regards

 

Caute_Cautim