hello friends! new(ish)!

Talk:Encryption: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
>God
(Created page with "We should probably move all the disk encryption to its own page and use this as a overall page of encryption in general. -- ~~~~")
 
>Morpheus
No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== New Warning ==
So we have a new warning. How useful is it?
; "Remember Just because it is widely considered safe doesn't mean exploits can not be found."
: Technically true, but technically true of all software ever written. Therefore vague. Therefore not very useful. Can we write something more practical?
: Table with current state of encryption breakage? Dates a must.
: References to court cases where the encryptioin has clearly been tested by State actors?
; "Also remember that encryption mechanisms aren't a cure-all to your problems. Only when used correctly can encryption work to your advantage."
: This is very vague. What are "encryption mechanisms"? What are our "problems"? What specific technology in what situation is encryption "used correctly" and what "advantage" are we seeking?
: Let's make this warning useful. Let's split it up into specific (i.e. exact commands/situations) for each section in the article. And if there isn't an appopriate section, create one.
[[User:Mrsnooze|Mrsnooze]] ([[User talk:Mrsnooze|talk]]) 03:22, 20 February 2016 (EST)
== Page Needs Rework ==
; Much of this article refers to Full Disk Encryption
: It doesn't explicitly state so. An appropriate header of FDE should probably be added, with a warning that FDE is only useful when your computer is switched off/drive unmounted etc. A section on cold boot attacks wouldn't go astray.
; Page should be split into sections.
:FDE
:phone encryption?
:single file encryption
:web encryption
:communication encryption?
:encryption standards
:others?
[[User:Mrsnooze|Mrsnooze]] ([[User talk:Mrsnooze|talk]]) 03:22, 20 February 2016 (EST)
:If you want to make the change, just do it. I am not an expert on this topic. <small>[[User:Morpheus|<span style="border:1px solid black;color:black; padding:1px;background:#fff">&nbsp;Morpheus&nbsp;]][[User talk:Morpheus|<span style="border:1px solid black;color:white; padding:1px;background:#000">talk</span></span>]]</small> 11:18, 20 February 2016 (EST)
== FBI vs Apple ==
So this story is still developing, but the FBI vs Apple iPhone encryption is a big deal. It's going to set a precident, which if goes in the FBI's favour, will open the floodgates to backdoored devices. We need a section on this at some point.
The FBI is asking Apple to provide a signed, custom firmware patch to:
# Allow more than 10 password guesses per hour.
# Not allow the phone to wipe itself after 10 bad guesses.
# Allow guesses to be made via usb/whatever interface, rather than the touchscreen.
This is so that the can run an effective bruteforce against the phone's pincode. The phone in question is the [https://en.wikipedia.org/wiki/2015_San_Bernardino_shooting San  Bernidino shooter]'s phone.
Brute forcing with iPhones needs the pincode, iPhone TPM and iPhone cpuid (or similar - check this, risky business podcast 399 linked below explains it).
References:
Slashdot:
* [http://yro.slashdot.org/story/16/02/17/0123238/judge-tells-apple-to-help-fbi-access-san-bernardino-shooters-iphone Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone]
* [http://yro.slashdot.org/story/16/02/17/1347207/congressman-court-order-to-decrypt-iphone-has-far-reaching-implications Congressman: Court Order To Decrypt iPhone Has Far-Reaching Implications]
* [http://yro.slashdot.org/story/16/02/17/2154228/edward-snowden-calls-for-google-to-side-with-apple-on-encryption-debate Edward Snowden Calls For Google To Side With Apple On Encryption Debate]
* [http://yro.slashdot.org/story/16/02/18/0226227/google-ceo-finally-chimes-in-on-fbi-encryption-case-says-he-agrees-with-apple Google CEO Finally Chimes In On FBI Encryption Case, Says He Agrees With Apple]
* [http://yro.slashdot.org/story/16/02/18/1554218/paris-attacks-would-not-have-happened-without-crypto Paris Attacks Would Not Have Happened Without Crypto]
* [http://it.slashdot.org/story/16/02/18/2056249/john-mcafee-offers-to-decrypt-san-bernardino-iphone-for-the-fbi-and-save-america John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America]
* [http://politics.slashdot.org/story/16/02/19/0019218/where-do-the-presidential-candidates-stand-on-encryption Where Do the Presidential Candidates Stand On Encryption?]
* [http://politics.slashdot.org/story/16/02/19/1545212/n-carolina-senator-drafting-bill-to-criminalize-apples-refusal-to-aid-decryption N. Carolina Senator Drafting Bill To Criminalize Apple's Refusal To Aid Decryption]
* [http://apple.slashdot.org/story/16/02/19/2132212/doj-says-apples-posture-on-iphone-unlocking-is-just-marketing DoJ Says Apple's Posture on iPhone Unlocking Is Just Marketing ]
* [http://apple.slashdot.org/story/16/02/20/0041209/apple-terrorists-apple-id-password-changed-in-government-custody Apple: Terrorist's Apple ID Password Changed In Government Custody ]
Soylent News:
* [https://soylentnews.org/article.pl?sid=16/02/16/0610223 Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones]
* [https://soylentnews.org/article.pl?sid=16/02/17/0440235 Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone]
* [https://soylentnews.org/article.pl?sid=16/02/19/2030204 FBI vs. Apple Encryption Fight Continues]
Risky Business infosec podcast:
* [http://media.risky.biz/RB399.mp3 Risky Business #399 -- Apple vs the Government of the United States]
Ars Technica:
* [http://arstechnica.com/tech-policy/2016/02/how-apple-will-fight-the-doj-in-iphone-backdoor-crypto-case/ How Apple will fight the DOJ in iPhone backdoor crypto case]
* [http://arstechnica.com/tech-policy/2016/02/apple-we-tried-to-help-fbi-terror-probe-but-someone-changed-icloud-password/ Apple: We tried to help FBI terror probe, but someone changed iCloud password]
* [http://arstechnica.com/tech-policy/2016/02/feds-to-court-apple-must-be-forced-to-help-us-unlock-seized-iphone/ Feds to court: Apple must be forced to help us unlock seized iPhone]
* [http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/ Encryption isn’t at stake, the FBI knows Apple already has the desired key]
* [http://arstechnica.com/tech-policy/2016/02/trump-urges-supporters-to-boycott-apple-in-wake-of-encryption-brouhaha/ Trump urges supporters to boycott Apple in wake of encryption brouhaha]
* [http://arstechnica.com/tech-policy/2016/02/senator-drafting-bill-to-criminalize-apples-refusal-to-aid-decryption/ Senator drafting bill to criminalize Apple’s refusal to aid decryption]
* [http://arstechnica.com/apple/2016/02/google-ceo-forcing-apple-to-comply-with-fbi-may-set-troubling-precedent/ Google CEO: Forcing Apple to comply with FBI may set “troubling precedent”]
[[User:Mrsnooze|Mrsnooze]] ([[User talk:Mrsnooze|talk]]) 03:52, 20 February 2016 (EST)
== All closed-source software is backdoored! ==
I removed some of the FUD regarding Microsoft and Mac OSX. The reported Bitlocker attack requires EM detection of TPM chips; it cannot be generalized to Bitlocker as a software system.
To be honest, if the CIA needs to attack the TPM chip, this should be proof that there is actually no backdoor in Bitlocker... {{unsigned|Rfaelens}}
== Misc ==
We should probably move all the disk encryption to its own page and use this as a overall page of encryption in general.  -- [[User:God|God]] ([[User talk:God|talk]]) 02:20, 17 March 2015 (EDT)
We should probably move all the disk encryption to its own page and use this as a overall page of encryption in general.  -- [[User:God|God]] ([[User talk:God|talk]]) 02:20, 17 March 2015 (EDT)

Latest revision as of 16:18, 20 February 2016

New Warning

So we have a new warning. How useful is it?

"Remember Just because it is widely considered safe doesn't mean exploits can not be found."
Technically true, but technically true of all software ever written. Therefore vague. Therefore not very useful. Can we write something more practical?
Table with current state of encryption breakage? Dates a must.
References to court cases where the encryptioin has clearly been tested by State actors?
"Also remember that encryption mechanisms aren't a cure-all to your problems. Only when used correctly can encryption work to your advantage."
This is very vague. What are "encryption mechanisms"? What are our "problems"? What specific technology in what situation is encryption "used correctly" and what "advantage" are we seeking?
Let's make this warning useful. Let's split it up into specific (i.e. exact commands/situations) for each section in the article. And if there isn't an appopriate section, create one.

Mrsnooze (talk) 03:22, 20 February 2016 (EST)

Page Needs Rework

Much of this article refers to Full Disk Encryption
It doesn't explicitly state so. An appropriate header of FDE should probably be added, with a warning that FDE is only useful when your computer is switched off/drive unmounted etc. A section on cold boot attacks wouldn't go astray.
Page should be split into sections.
FDE
phone encryption?
single file encryption
web encryption
communication encryption?
encryption standards
others?

Mrsnooze (talk) 03:22, 20 February 2016 (EST)

If you want to make the change, just do it. I am not an expert on this topic.  Morpheus talk 11:18, 20 February 2016 (EST)

FBI vs Apple

So this story is still developing, but the FBI vs Apple iPhone encryption is a big deal. It's going to set a precident, which if goes in the FBI's favour, will open the floodgates to backdoored devices. We need a section on this at some point. The FBI is asking Apple to provide a signed, custom firmware patch to:

  1. Allow more than 10 password guesses per hour.
  2. Not allow the phone to wipe itself after 10 bad guesses.
  3. Allow guesses to be made via usb/whatever interface, rather than the touchscreen.

This is so that the can run an effective bruteforce against the phone's pincode. The phone in question is the San Bernidino shooter's phone. Brute forcing with iPhones needs the pincode, iPhone TPM and iPhone cpuid (or similar - check this, risky business podcast 399 linked below explains it).

References: Slashdot:

Soylent News:

Risky Business infosec podcast:

Ars Technica:

Mrsnooze (talk) 03:52, 20 February 2016 (EST)


All closed-source software is backdoored!

I removed some of the FUD regarding Microsoft and Mac OSX. The reported Bitlocker attack requires EM detection of TPM chips; it cannot be generalized to Bitlocker as a software system. To be honest, if the CIA needs to attack the TPM chip, this should be proof that there is actually no backdoor in Bitlocker... — Preceding unsigned comment added by Rfaelens (talkcontribs)


Misc

We should probably move all the disk encryption to its own page and use this as a overall page of encryption in general. -- God (talk) 02:20, 17 March 2015 (EDT)