Another pointless diatribe.
Governments are much less worried about criminals and terrorists than they are of their own people.
The European Agency for Network and Information Security (ENISA) has weighed into the cryptography debate, warning that crimping cryptography will “create vulnerabilities that can in turn be used by criminals and terrorists”. Its January-dated but just-released paper states boldly that “unprotected communication becomes a …
Too right. When all the evidence given supports the premise that there has been very little (if any) actionable intelligence gathered from mass surveillance. In most cases the people who have been behind attacks were already on the watch lists, just nothing was been done about them.
The only real tangible thing that comes out of all this is the ability to spy on your own citizens for goodness knows what reason. What are they ever going to get that is useful? It is pretty much comparable to phishing attacks, the only ones that are caught by it are the ones with don't know any better. Any organised criminal entities will already be using proper encryption, one-time use phones and other techniques to avoid eavesdropping. So were just going to have massive databases for which the only benefit to the government is to sell off their patented 'reversible anonymised' data packages to whichever company can cough up enough cash.
Most of the populace is being deceived as we waltz unknowingly along into a police state.
I'm for banning encryption. Stenography will get a real boost, whereas currently there's not much impetus to work on it.
End-to-end Encryption is no longer sufficient because the spooks are sucking up all your social connections, to see if you're within 6 degrees of separation from a terrorist / politically active citizen.
> Stenography will get a real boost
Excellent, those mini typewriter things are awesome! ..... Doctor_Wibble
Ok, Doctor_Wibble, we get it real fine, but you could have at least mentioned to everyone, just in case it wasn't obvious, that steganography is the encryption that hides in plain sight text.
Or is the absolutely fabulous really hard to imagine can be realised …… via AI and IT Memes and Means ….. Virtual Ways?
The posit here is that is the future way of the internetworking of things, and of this internetworking thing too?
Deny and/or resist it if you will, and guarantee yourself a place in some space as a lowly paid spectator following news and views rather than highly paid player creating and leading them primely, or sub-primely as the case may also be.
AMFM: "...steganography is the encryption that hides in plain sight text."
No, steganography is by definition not encryption, though they can be used for similar purposes. Encryption is the process whereby a meaningful set of data is rendered into a seemingly meaningless jumble, but which can be retrieved by reversing the process. Steganography is the process by which information is hidden within a larger set. I can understand your apparent confusion on the subject as I am not sure which process you applied to your post.
Hi, Robert Helpmann??
I would plead guilty to obfuscation rather than confusion regarding the unconventional role of encryption in steganography, but would agree it is much more effective the bigger the issues at stake and the fewer the folk able and/or enabled to use it securely for security.
> steganography is the encryption that hides in plain sight text.
My handwriting is by definition a form of steganography. It is a cunning ploy where the information in the text is disguised as itself, with people attempting to read it giving up after deciding that those things on the page only *look* like they might be words.
Most bugs in security libraries are downgrade attacks, or otherwise in crusty old code for legacy protocols.
If you were only implementing the latest and greatest, with zero backwards compatibility, and no bells and whistles, I'd bet an average programmer would have a fighting chance.
Availability of keys to investigators taints and devalues all evidence, even if no tampering or forgery happens. A horrible choice between courts having to trust law enforcement too much or let criminals escape by raising doubt over the evidence.
If escrow ever happens it could easily hamper investigations more than it helps by creating a need for strong safeguards to prevent and detect abuse. Let's just not go there.
And to top it off, we'd only be one classic government "oops I left my briefcase on the train" (or similar security blunder) away from losing the entire key escrow database and rendering every single reliant service open to attack. Now obviously in such a case the government could just retire all the affected keys and forcibly issue new ones, but how quickly do we think they'll admit to a loss like that?
Biting the hand that feeds IT © 1998–2021