Mathematician warns NSA may be weakening next-gen encryption::Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process
And who is surprised by this? This is basically the NSA doing their job, nothing else.
If this is true, NSA might be shooting themselves in the foot when they inevitably have to deal with Russia and China.
Just a guess, but I think they’re less concerned about the giant country’s surveillance of us, and more concerned about not being able to surveil the little terrorist cells.
or you know conversations with your healthcare providers
They probably consider that they overall lose more with strong cryptography, than the risk of other countries intercepting US communications. They must have other solutions in place to protect confident information. But they likely struggle with encryption being so widely used by anyone. Even granmas can now cover their communications without much effort
From what it sounds like, he’s not saying the algorithm is compromised itself, but rather that NIST is recommending a weaker version of it as sufficiently safe at (possibly) the request of the NSA. If that is the case we would know for sure pretty quickly once DISA updates their STIGs for internal use to include quantum resistant encryption. If the STIGs say to use a stronger version than NIST recommends then he was right.
Hopefully we work around this, encryption is more important now than ever.
Doesn’t the existence of key collision help? If you throw a quantum brute force algorithm at a ciphertext, wouldn’t you get a long list of keys, all of which authenticate and appear to work, but for all but one of those keys, what it decrypts to is garbage?
Authentication itself is fucked, but encryption is only heavily weakened rather than completely destroyed.
Removed by mod
There is no such thing as unbreakable encryption. If you want to hide a message, hide it at the source with the way you phrase things. I still have to buy weed illegally, and I use Signal, but I don’t tell the person I buy it from, “hey, I want a half-ounce of weed and I’ll pick it up on Friday at 2 pm,” I say something like, “hey, are you free this weekend?” And then they’ll say something like, “yeah, do you want to get your usual thing?” and then we’ll arrange a time.
And yes, I see the irony about talking about buying weed illegally when someone could potentially find out who I am on Lemmy.
…there very much is practically unbreakable encryption. We use those every day (it’s part of the s in https).
And your example is just a very rudimentary form of encryption that is far far weaker than the typical encryption methods used on the internet today.
It’s unbreakable until it isn’t.
I think you vastly underestimate modern encryption. I would recommend looking up concepts and math from encryption, it makes more sense for why thinking that practically unbreakable encryption is very much possible once you do.
It’s why governments want to implement back-doors, because they are not actually capable of breaking it more directly.
Did you not read the article? It has nothing to do with backdoors.
…it’s literally about accusing NSA of trying to implement back-doors for quantum resistant encryption.
I have no idea what you’re trying to get at.
NIST is giving incorrect information. That will not enable back doors. And it is only a matter of time before that doesn’t matter. I have no idea why you think there is such a thing as an unbreakable code that is not a one-time use code.
Edit: ACCUSED of giving incorrect information.
I have no idea why you think there is such a thing as an unbreakable code that is not a one-time use code.
I have no idea why you think there isn’t. Maybe you’re going off a strange definition of “unbreakable”. When it’s used in cryptography, it means “unbreakable in reasonable time limits” (e.g. millions of years).
The thing about good encryption is that it’s not just hard to break, it’s mathematically too hard to break even if your available computing power keeps rising exponentially. Unless there is a mistake in the algorithm, it is for all intents and purposes, unbreakable.
True encryption does exist, it’s just that the encryption key is equally as long as the message itself which shows how impractical it is: if you have a method secure enough to send an encryption key of length X, why not just send the actual message of length X?
That’s interesting. I’ve never heard that before. Do you have more information I can read about somewhere?
Is that what they’re talking about?
