GCHQ director blasts free market, says UK must be 'sovereign cryptographic nation' Speaking this morning to CESG's Information Assurance conference, Robert Hannigan, director of GCHQ, declared that Britain was a "sovereign cryptographic nation" and reproached the free market's ability to provide adequate cybersecurity. The claim was delivered to a cybersecurity shindig attended by government employees and …
Actually I think the recent advice to encrypt voice calls with ID-based encryption is a perfect example of what they're talking about. It doesn't have a back door, true, but by design it requires a third party to have a copy of all the private keys.
If a third party has all of my keys, that is essentially a 'back-door'. It's a way for someone to have exceptional access, circumventing the protection provided by the encryption. I call that a back-door. Besides, you can't stop people from using systems/cipher-suites that have perfect forward secrecy.
So how does that work then?
Surprisingly simply.
A UK user is asked to produce their encryption keys and they can be sent to prison for up to 2 years if they don't.
Oh, you mean without any evidence of wrong doing or a Judge issuing a warrant.
"People and business in the UK should use encryption to protect themselves."
"information needed for national security and serious crime purposes should not be beyond the lawful, warranted reach of the state"
These two statements are mutually contradictory. We could call it the doublespeak paradox.
>>People and business in the UK should use encryption to protect themselves."
>>"information needed for national security and serious crime purposes should not be beyond the >>lawful, warranted reach of the state"
> These two statements are mutually contradictory. We could call it the doublespeak paradox.
I don't think that they are. I would have no issue with lawful, warranted access. All we need to agree on now is who is going to issue the warrant, (Hint: It's not politicians)
"I don't think that they are. I would have no issue with lawful, warranted access. All we need to agree on now is who is going to issue the warrant, (Hint: It's not politicians)"
Right, but then how do you get the information? If you have end-to-end encryption there's only two places to get the data: the person you are investigating and the person they are communicating with. The second person might well be out of UK jurisdiction, so you get the heavy mob to go round to the target's place to seize computers. Now it's tell us your passwords or else time, and we run into another law that people round these parts don't like, the requirement to give up passwords.
There are serious contradictory statements around here: you cannot have all of the following:
1) strong encryption that governments cannot break;
2) warrants, signed off by anyone you want, politicians, judges, the Queen, whoever, that are enforcable;
3) the ability to refuse to hand over passwords.
So what if you encrypt in such a way that password A gives access to some innocuous data (maybe embarrassing enough, or personal enough to want to encrypt, but nothing illegal), and password B (possibly in combination with A) gives access to the real deal. If you hand over password A, could law enforcement know about the extra payload, especially if the payload has a limited number of bits compared to the other content?
The above scheme is hardly rocket science (or even computer science for that matter, more like a simple form of steganography). If I can think of a way of circumventing a law requiring me to hand over passwords in 60 seconds, so can many others. This does make me feel that laws like that are either simply ill though through, or just a matter of lots of sound and fury to show people the government is taking ACTION!!!!! whilst signifying nothing in real terms. Could be both, of course.
"I don't think that they are [contradictory]. I would have no issue with lawful, warranted access."
How do you provide warranted access to truely secure encryption if the parties involved don't want to give up the key? Your opinion on whether it is reasonable is irrelevant, without a backdoor, it is impossible. That is the contradiction. Either it is secure from everybody including gov or its not. Backdoors are there for everyone, if gov insists on some type of masterkey hackers and foreign powers will have that in no time because how will it be possible for gov bureaucracy to use that key(s) without passing them around (and losing them)?
What you think is irrelevant. Encryption is either compromised, or not compromised. If law enforcement can access my data with a warrant. Then someone can also access it without a warrant. Hackers, disgruntled employees, unscrupulous individuals.
If they have the keys, they have the keys. It doesn't matter if they're supposed to have a warrant, hackers/criminals don't care, by the very definition, these are people who are breaking the rules.
Besides, it's not technologically feasible. It's extremely commonplace to use ephemeral session keys, and systems with perfect forward secrecy.
The two statements are not contradictory. What we need to do (somehow) is return to the status quo as it was in the good old days of landlines. The police/secret services could get a warrant to run a line tap and listen in to what the bad guys were saying. Most people would except this was reasonable. The problem now is we have on the one hand agencies like NSA/GCHQ wanting to hoover up all information (unreasonable and undemocratic), and on the other hand strong encryption can make it hard to listen to the guys they do want to listen to.
Ideally, we want eavesdropping possible with a warrant, while being too difficult and expensive to do otherwise. I don't think this is impossible; you need to be able to subvert the bad guys' hardware when you have a warrant. Or possibly you can break strong crypto given large enough computing resources (like the NSA/GCHQ) have, but it isn't feasible computationally to do it on the wide scale needed to monitor all of us.
I read most of this as :
"For gods sake shut that twat Cameron up, of course we're not complete morons but he is, and yes encryption is fine and not having back doors is fine, but the stuff that is protected, we'll find a way to get into that like always if need be, we are supposed to be spys you know"
"For gods sake shut that twat Cameron up, of course we're not complete morons but he is, and yes encryption is fine and not having back doors is fine, but the stuff that is protected, we'll find a way to get into that like always if need be, we are supposed to be spys you know"
Yes, this.
We need GCHQ, MI5/6 etc. I've known many military types over the years and many, especially career officers really do believe in serving Queen and country and doing the best they can to protect the country from threat. The powers they have and the powers they need in this Brave New World are great powers and they do need them. But there MUST be checks and balances in place because great power comes with great responsibility and not every one can handle that, let alone the "rogues" who might get through. Then there's the politicians trying to use those powers to gain more power.
I know at least one military type who told an MP to fuck off when he tried to wield power he didn't actually have but believed that he had the right to.
The problem as I see it is letting the Police have almost unfettered access to the proposed data collection required the Draft Bill and the potential for fishing expeditions. The security services really are not interested in that stuff. But plod and local council officials are drooling over the the chance to see what they can find.
"and doing the best they can to protect the country from threat"
It would have been better if that read "protect the country from people they perceive as a threat"
Over time that has included Jews in post-war Palestine, all Irishmen, then a lot of Afro-Caribbean people, and now Muslims. Yesterday's arrest stemming from Bloody Sunday shows that this stuff doesn't go away.
I am wary of assuming that the Military and Police establishments act in my interest.
"I am wary of assuming that the Military and Police establishments act in my interest."
Me too, but I was referring only to certain individuals who I have known over the years. The problem isn't the individuals on the whole, but the people at the top, the old school tie brigade and their political masters/friends etc.
"First is the myth that the government wants to ban encryption," said the head of GCHQ. "We don’t. We advocate encryption."
If that is really, truly, accurately what he said, then he needs to reminded sharpish that he is a civil servant, and is NOT the government.
To save time, he could be done alongside that eejit general who was shooting his mouth off at the weekend.
Parse the sentence carefully. There's a change of subject from "the government" to "we". He never addresses the idea that "the government" wants to ban encryption, he only says that GCHQ doesn't want to ban it, presumably because suitably holed encryption is far better for GCHQ than no encryption. No encryption means subjects of interest make use of other, more secure means of communication. Encryption riddled with secret access tunnels means you get enough misplaced trust trust in the existing communication methods to give GCHQ a chance of nabbing someone.
"First is the myth that the government wants to ban encryption," said the head of GCHQ. "We don’t. We advocate encryption."
Of *course* they encourage encryption: what better way to encourage a sense of security while they find their way in through social programming or physical access.
'All the government is saying is information needed for national security and serious crime purposes should not be beyond the lawful, warranted reach of the state when the need arises."'
Except that councils will also have access, And other bodies too. Not just the police, SOCA or any other related part of the government. Just look at how RIPA was abused if you need any evidence how this will end up. It's a nice statement of intent but doesn't reflect what will end up happening.
Besides which, isn't that the purpose of encryption? To put information beyond reach?
As for 'lawful' that has very little meaning when what is lawful can be so easily subverted. The people in a position in authority are the very same as those responsible for those that were caught out using UNLAWFUL practices (KARMA POLICE as one example?). Those same people can push through changes to the law to make what was previously unlawful suddenly and magically lawful.
'Lawful' is a meaningless term in the context of any ethical consideration.
"Except that councils will also have access, And other bodies too" -- Vimes
Yep: the Department for Work and Pensions; the Department for Transport;the Health and Safety Executive; NHS Trusts; the Department of Health; the Gambling Commission ... etc.
Now, if it's to stop terrorism, only a small list is required: secret services; home office; etc. If it's to stop crime, only the police forces need to be added. Why the hell are all these other bodies on the list? If they have a need for the information to resolve crimes, why can't they go through the police?
Relevant public authority
--------------------------
Police force maintained under section 2 of the Police Act 1996
Metropolitan police force
City of London police force
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police Force
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of Health
Home Office
Ministry of Justice
National Crime Agency
Northern Ireland Office
Her Majesty’s Revenue and Customs
Department for Transport
Department for Work and Pensions
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department of Enterprise, Trade and Investment in Northern Ireland
Financial Conduct Authority
A fire and rescue authority under the Fire and Rescue Services Act 2004
Food Standards Agency
Gambling Commission
Gang masters Licensing Authority
Health and Safety Executive
Independent Police Complaints Commission
Information Commissioner
National Health Service Business Services Authority
A National Health Service Trust established under section 5 of the National Health Service and Community Care Act 1990 whose functions, as specified in its establishment order, include the provision of emergency ambulance services
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust
Except that if you look at section 57 of the draft bill it looks like local authorities are also counted as 'relevant public authorities'. I haven't gone into detail, but if you look at the bill...
From the bill: (emphasis added by me)
57 Local authorities as relevant public authorities
(1) A local authority is a relevant public authority for the purposes of this Part.
(2) In this Part “designated senior officer”, in relation to a local authority, means
an individual who holds with the authority—
(a) the position of director, head of service or service manager (or equivalent), or
(b) a higher position.
(3) A designated senior officer of a local authority may grant an authorisation for obtaining communications data only if section 46(1)(a) is satisfied in relation to a purpose within section 46(7)(b).
(4) The Secretary of State may by regulations amend subsection (2).
(5) Sections 58 and 59 impose further restrictions in relation to the grant of
authorisations by local authorities.
Then when you follow this through to section 46 you end up with these reasons, some of which could end up with some quite trivial justifications (prosecuting litterers or checking school applicants anyone?):
(7) It is necessary and proportionate to obtain communications data for a purpose
falling within this subsection if it is necessary and proportionate to obtain the data—
(a) in the interests of national security,
(b) for the purpose of preventing or detecting crime or of preventing disorder,
(c) in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security,
(d) in the interests of public safety,
(e) for the purpose of protecting public health,
(f) for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department,
(g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health,
(h) to assist investigations into alleged miscarriages of justice,
(i) where a person (“P”) has died or is unable to identify themselves because of a physical or mental condition—
(i) to assist in identifying P, or
(ii) to obtain information about P’s next of kin or other persons connected with P or about the reason for P’s death or condition, or
(j) for the purpose of exercising functions relating to—
(i) the regulation of financial services and markets, or
(ii) financial stability.
(g) for the purpose, in an emergency, of preventing death or injury or any damage to a person’s physical or mental health, or of mitigating any injury or damage to a person’s physical or mental health,
PIU - pleb in uniform, GM - govmt. minion
PIU: I need to obtain authorisation as the subject is in serious possibility of damage to his physical health
GM: what is the nature of this damage
PIU:have you seen my boots, they is well hard
GM:granted
but surely the statement about not wishing for back doors etc is a)because they have them and they're lying or (more realistically for me) b) they have other ways, possible exclusive methods too. Encouraging greater encryption would likely as not would put them in the driving seat too as other less developed agencies would not be able to pry like they can.
Of course I might be talking complete bollocks, what do I know?!
You forget that GCHQ, like most agencies, is not a simple creature with a single goal.
What they should be doing is protecting the UK: that means defence, business and private lives, as they are all inter-related.
On one hand that means stopping The Bad Guys(tm) from having access, and that means encouraging properly used encryption to make sure that information goes where it should and not in to the wrong hands. On the other hand it means having to break encryption to spy or assist the police for what should be the same goal, and there is an obvious conflict of interests there.
Most will realise that both goals are justified, but given the evidence of past lying and political machinations bending of the rules, there is a serious mistrust of either goal. This is made so much worse by the clueless fuckwits calibre of politician we seem to get in charge of the situation.
"On one hand that means stopping The Bad Guys(tm) from having access".
Just who are the 'BAD GUYS'?
From NOT just any potential wrongdoer,but millions of 'freedom' lovers too, it's a probable that GCHQ are,along with the 'authorities' within that draft bill,the 'real' villains of the peace.
As ALWAYS, it's the Westminster trash that are constantly subverting the freedoms that were preserved with such loss of life in WW2.
It is they who distort the facts & stand the truth on it's head by justifying the bill through making everyone a potential villain.
If there has been a quantum computing breakthrough and the people in the giant dough-nut are using it to routinely break encryption, then we are not going to know about it for at least 30 years, if ever.
The old urban myths about oil companies buying and scrapping any alternative energy inventions that threaten demand for fuel, applies for real to any research into Quantum or other advanced method that can be used against encryption. It simply will remain a secret.
GCHQ is not a funded by my taxes to be the backstop security auditor of all the products and services I use. I refuse to subsidise that, they are there for my protection as well as their more targetted activities but that should not underpin corporate security laziness.
Yes, disclose the broken, useless 0 days, use some offensively or at least proactively for a time, thats why they are there.
Encryption does not stop conversations to be tracked even if the content is obscured. I am sure there are enough poor implementations of encryption to side channel or avoid the encryption most of the time anyway.
Yes I am not happy GCHQ should have free reign to spy on everyone, but I am happy that they can target their "customers" without having to fully disclose all their methods in advance.
GCHQ is not a funded by my taxes to be the backstop security auditor of all the products and services I use. I refuse to subsidise that, they are there for my protection as well as their more targetted activities but that should not underpin corporate security laziness.
But that is the very essence of government in a capitalist society: to monitor and to regulate to ensure no one takes the piss. Should the government not ensure that the bank you use does not disappear overnight? That the food you buy is safe to eat? That the field next door is not used as a fly tip for nuclear waste?
These all control commercial activity. What makes encryption and security different other than an instinctive paranoia that fails to appreciate the very role of any government, namely the protection of the people?
@DavCrav - Very true, but we can have all of these working together:
1. Transparency (within practical and lawful reason)
2. Proportionality
3. Honesty
4. Trustworthiness
5. Access to justice (which must be SEEN to be done)
Unfortunately, when trust is lost and proportionality is a matter of bureaucratic opinion then the whole idea of 'responsible government' starts to look very suspect and shabby. What a mess, and mostly the fault of our collective complacency and the usual problem of an over weening state.
"pioneered a world leading approach to declassifying threat data and sharing it at scale with commercial partners."
How does that world in some third world country where all the bad guys are screaming, don't use that it's Kaffir technology, throwing away there mobile phone and are going back to whispering conversations over a candle. This is all dreadfully sad, a load of guys who don't appreciate technology but want to destroy large slices of it at the same time, so it suits there own end's and they can continue to spy on OPEC!
"The locals will duly take care of those motherf*ckers. We have had some episodes along those lines in Europe."
The trouble with that idea, as demonstrated in Afghanistan, is that sometimes the mofo's are too strong for the locals to deal with. To the point the mofo's become the government. What do you do then, especially if they start getting ambitious about matters outside their borders?
"People and business in the UK should use encryption to protect themselves. "
Good. I agree with that. I don't want someone pinching my credit card number or masquerading as me online.
" All the government is saying is information needed for national security and serious crime purposes should not be beyond the lawful, warranted reach of the state when the need arises."
I understand that. But what that means is that the government wants us to have weak encryption that can be broken, or some kind of other method of decrypting the content of a transmission. And they want this method in place without anything that can be described as a "backdoor".
The fact remains that if the encryption is weak, then it can be broken by anybody. If there's a second method of decrypting the content, then that method can be discovered by anybody. The end result is the same.
"[the] Director was referring to the UK being a world leader in [cryptography] in its own right, in that we do not need to depend on other countries, whether state or industry, to have this capability."
Mathematics works the same (and possibly even better) in the cindery remains of the British Empire?
Fancy that!
Greg Egan may have been up to something with "Luminous" (1998).
"We are committed to ensuring no part of the internet, including the dark web, can be used with impunity by criminals to conduct their illegal acts."
I would have thought that the best method of doing that is by locking them up. Which we do. Upon conviction.
Or did he mean suspects?
-A.
"I would have thought that the best method of doing that is by locking them up. Which we do. Upon conviction.
Or did he mean suspects?"
No, he means criminals. If you are suspected of being a criminal; you might or might not be. But criminals commit crimes, not suspects.
It's like this: a body is found with an axe poking out the chest. There is a criminal around somewhere, the murderer, and there are suspects. The criminal is a criminal whether or not they are a suspect.
"It's like this: a body is found with an axe poking out the chest. There is a criminal around somewhere, the murderer, and there are suspects. The criminal is a criminal whether or not they are a suspect."
Not necessarily. The criminal may be the same as the victim: in this case, a Darwin Award Winner trying to play with axe juggling.
"I would have thought that the best method of doing that is by locking them up. Which we do. Upon conviction."
To convict, you have to bring the criminal to trial. To do that, not only do you have to arrest him/her but you also have to bring the arrestee to your jurisdiction. Kinda tough to do when the criminal is committing crimes behind the protection of an enemy state that denies they even know the criminal.
This is the lot, or it's equivalent, that at the time of the Crimean War, used the solution Babbage had worked out to crack Vigenere's Cipher, but never told anyone, or allowed Babbage to publish his method & claim credit for it. Then at the end of the Second World War, gave the captured Enigma machines away, not revealing we had cracked them, and they expect us to trust them??
"so if gchq are in the business of protecting the nation"
You might want to read up on this part of GCHQ - https://www.cesg.gov.uk/Pages/homepage.aspx (Just ignore the .aspx bit, I'm sure they are jolly secure)
They have created a security qualification called "Cyber Essentials" (and Plus) and provided a framework for accreditation etc etc. It's not bad. Download their self assessment sheets and follow them through at home and work (if you can). It's a very good first start.
If everyone passed that in the UK then all we'd have to worry about is our own govt and assorted agencies. Divide and conquer: simples!
(No I haven't read the whole article - just got here from /. )
ummm anyone remember Crypto AG...? no? heres a refresher...
go to wikipedia and read the Crypto_AG page.
Do they mean by "helping" its a spin word for fundamentally undermining cryptography standards.
I dont care i spent 5 years on code to devolve an encrypted data stream to 2 different crytographic outputs... one being my data and the other being my mums peanut pie recipe. I think we know which crypto key I'll be handing over if they come knocking... and if they do i'll up it to somewhere popular for everyone to share. Oops so much for that much vaunted RIPA act people keep quoting...
"I dont care i spent 5 years on code to devolve an encrypted data stream to 2 different crytographic outputs... one being my data and the other being my mums peanut pie recipe."
The trouble with plausible deniability is that your adversary can become wise to it. Much like TrueCrypt/VeraCrypt hidden containers. If the adversary knows you can hide more than one key, they simply won't stop until you disclose the other key, the one everyone knows is the one to the REAL real juicy stuff. Must stink to be using a system capable of deniable encryption and yet not actually using it because you're now in a position where you can never conclusively prove you have something to hide WITHIN the something to hide.
Just one recommendation, the courts might legitimately wonder why you've spent 5 years protecting your mum's receipe and therefore conclude that you haven't given up the real key and send you to jail anyway. Better to put some really deviant (but not illegal obviously) porn in that sacrificial container.
Also, if you've been writing encryption software solo, it is probably easily broken.
This post has been deleted by its author
"For an example of such a GREAT protocol, see the Perpetual Encryption solution."
The problem with the theory is that you break the OT part of OTP. One-time pads are secure because you only use them ONCE. By doing that, you create the STRONG cryptographic strength of proving that ANY given ciphertext can be translated into ANY plaintext at any given time. POTP actually reuses pads, and that breaks the strong part of that encryption because a cryptanalyst, armed with all the pads, can run ciphertexts and detect patterns that come about through re-use.
Now, having read what I wrote and thinking about it some more, I may be mistaken, but there are other ways to employ a shared pad that may not necessarily be one time but can still be difficult to cryptanalyze because you use the pad inventively. For example, a true one-time pad assumes the simplest of use cases: XOR and iterative one-by-one traversal, but if the pad were used in a non-trivial way (say, start in the middle and step some amount or pattern of amounts, wrapping around) and care was taken to not repeat these methods, I think you could use a pad multiple times, even using individual elements more than once (giving the pad a degree of depth) while still being difficult to cryptanalyze due to the high degree of randomness involved. I will be the first to admit that such a technique would need a considerable degree of refinement and would definitely have drawbacks, but I think it could have its uses in specific circumstances.
That said, I still call out this supposed Perpetual Encryption as mostly hot air.
This post has been deleted by its author
They're not looking to get backdoors because that would be impractical and stupid - all the big US services would say no. They're also not looking to ban encryption because that would also be impractical and stupid - the rest of the world would laugh at how the UK had just done the equivalent of bombing it's digital economy back to the stone age. What they are doing is pushing for *end to end* encryption to become illegal.
The first part of achieving this is that you have to surrender your encryption keys if the authorities demand them. Like it or not, this part has already become law. Unfortunately for HM Gov, this probably won't do them any good if the user of the encryption isn't easily able to provide the keys because an app does it all for them - e.g. whatsapp. So the current push is about bullying these communications platforms to change their services so that they are no longer end to end encrypted, permitting the authorities to tap the comms channel whilst it's unencrypted within the comms provider's systems. So really they're just enforcing the weakening of encryption implementations on these services so that they can intercept with a warrant. This is all very sneaky, but it allows HM Gov spokesfolk to say they're not trying to ban encryption without being caught in a lie.
Of course, this particular manoevre still needs the comms providers to play ball with HM Gov. Presumably they'll be told they will no longer be able to provide comms to UK citizens if they don't toe the line. It will be interesting to see what these providers do next; do they withdraw from the UK (loss of revenue), disable end to end crypto for all their users (and risk really bad PR for downgrading the security of their non-UK users) or redevelop their service to degrade the security implementation for any comms involving their UK customers at either end (comms decrypted whilst at their server) whilst retaining end-to-end crypto for all other traffic (and incur extra development costs).
On most matters of cyber security the public will never know (much less care) what the real upshot of the actions of our lords and masters, but this is a rare example of where the impact of legislation really could bite HM Gov on the arse. If the IPB results in use of whatsapp being banned for use in the UK it's going to make waves, as that service isn't just used by the IT savvy folk. Alternatively if whatsapp publicise the change of all UK users subscriptions to their "UK_IPB_downgraded_security_option" and hike the renewal price up by 100% (to help pay for the additional development costs incurred, of course) it could still make things uncomfortable for Dave and his chums without whatsapp having to withdraw from the UK market.
If you want to help non-IT folk understand what all the fuss is about don't go for the easy (but technically incorrect) line that the Gov wants to ban encryption - just tell them that the Gov wants to ban services like Whatsapp. That tends to get their attention long enough for them to realise that this really does mean that big brother will be watching them.
Clearly just from reading the CESG homepage, these guys just don't get it apparently;
ECTOCRYP® Blue is the next stage in sovereign UK cryptographic development which is what there director is waffling on about..
This enterprise version with its 19” rack mounting is fully interoperable with ECTOCRYP® Yellow, providing High Grade encryption for strategic and tactical networks.
◾Sovereign High Grade SECRET and TOP SECRET
◾PRIME Suite A certified to interoperate with other certificated PRIME conformant devices, modules include:
◾Base (IKEv2)
◾Suite A
◾Pre-Shared Key
◾Pre Placed Key SA
◾Community Separation (CCOI)
◾NAT Traversal
◾Peer Topology Sharing (Node)
◾Advanced Networking (DSCP Bypass, IKEv2 Liveness)
◾Encryption of multi-cast communications using Pre-Placed Key (PPK)
◾Supports crypto discovery using Peer Topology Sharing (PTS)
◾Up to 256 cryptographic keys (PPK, PSK, CCOI)
◾> 512 simultaneous Security Associations (SA)
◾>1.6 Gb/sec bidirectional IMIX throughput
◾Support for remote management
◾Crypto Ignition Key (CIK) support; Device Not Protectively Marked (NPM) ACCSEC when CIK removed, easing handling constraints.
There is a huge difference between Pre-Shared Key and Public-Shared Key and I sure as hell don't like the sound of Pre Placed Key (SA) that implies they want to insert there signed-ness everywhere - With support for remote management, that must means a hackable Linux web-portal on it's ass end somewhere with there own private (SA) which some clever bod will replace with there own (SA) after they've broken in... Stupid is as stupid does! What is a DSCP Bypass? An IKEv2 dear god pay peanuts get monkeys there still playing with IPsec calling it secret, ah bless there little cotton socks!
The global cyber security market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear. …. Robert Hannigan, director of GCHQ
Quite another school of thought/university of life would proffer that necessary virtual protection and APT ACTive supplies and cyber security market developments are doing just fine and dandy, thank you very much, and it is because of the likes of a dodgy puppet/perverse master relationship, which can all to easily be realised in the likes of a servant GCHQ/self-serving corrupt government marriage of convenience which is denying them access to new secrets, which out and exploit all manner of systemic establishment vulnerabilities.
New gatekeepers are never going to deal equitably, if even at all, with an enemy which be a friend of an enemy and into austere terrorising executive administration, are they? Such would be a monumental folly.
Trying to maintain and sustain a failed fiat currency invention project which enriches the rich and enslaves the poor, is a recipe for disaster and revolutionary act and it generates mounting trouble and real smart conflicts, way beyond the ken of that which would try to oppose it.
* And to enrich what/whom?
This post has been deleted by its author
This post has been deleted by its author
Our solution is 10 to the power of 2158 times more secure than existing Industry standards, meaning its Quantum Compute & AI secure. …… Perpetual Encryption
Meaning it is Quantum Compute and AI ready, Perpetual Encryption, which is quite another thing and a wholly different Great Ball Game for Virtual Terrain Team Players and Remote Anonymous Rogue Entities alike?
Hmmm. And surely just as much an alien sport and exploit export adventure as astute classy assured security protocol, although both of those facilities are invariably poles apart in real world scenarios, and then much more of an APT ACTive Portal to some chosen and a Flying Few ‽ . :-} Poe's Law Rules for Reign in ITs Domains and AIDominions, where Madness meets Genius for a Rumba and Tango :-)
It's just a shameless advertising plug. Perpetual Encryption is based on breaking the most fundamental rule of the One-Time Pad: namely, that you only use it ONCE. …. Anonymous Coward
Hi, AC,
How’s it hanging?
Perpetual Encryption will be very pleased that you make that mistake and do not realise that breaking the most fundamental rule of the One-Time Pad: namely, that you only use it ONCE, is not its base protocol but leading with a better, and beta One-Time Padded message may very well be, for of course, such is probably never to confirmed or denied as fact and practice by those and/or that into utilising it effectively.
One-Time Pads are the only encryption that are mathematically proven to be robust against cryptanalysis because ANY ciphertext can be translated into ANY plaintext of equal or lesser length. The moment you try to reuse a one-time pad, you break that assurance and can no longer call it a one-time pad. Now, you can re-use a pad in inventive ways, but preventing cryptanalysis of a reused pad is a non-trivial matter and requires its own set of rules and guidelines. It will be neither simple nor all-encompassing nor revolutionary.
So far as I've read both here, on websites, and a Twitter feed, I've yet to see this technique in any great detail nor any direct endorsements from security authorities (or better, actual use of your technique). So to quote someone who isn't seeing eye to eye, "In English, Einstein!" Or is this all just a load of hot air?
This post has been deleted by its author
GCHQ - not unjustifiably - has a lot of pride and confidence in their ability to hack other peoples' security. Basically, anything that's on the market now - they can break, with a minimal amount of effort and occasional cheating.
So he's saying "Go ahead, use the best encryption you can find/be bothered with. It won't bother us, but it will make things a bit harder for everyone else, which is exactly the way we like it."
Every so often, someone comes up with a new and clever form of encryption, and then it may take GCHQ some weeks or months of effort to figure out how to break it. That would be a window of opportunity during which you could have real privacy from them, at least temporarily, and that's what the Home Secretary - being, as required for the job, someone whose intelligence compares unfavourably with a dead cane toad - wants to abolish.
This post has been deleted by its author
No form of encryption can be considered unbreakable. The vaunted one-time pad can be intercepted, and quantum encryption can be stymied by blasting light "noise" into the fiber optics. Anything else can be bypassed by simply finding a way to get the message either before it's encrypted or after it's decrypted. Since our senses can't directly work with encrypted data, it'll have to be decrypted at some point.
This post has been deleted by its author
As is absolutely reflective in British Society - Drink tea from a cup, use a knife and fork, and obey all the following (plus more) organisations (in no particular order)
Royal Navy
Royal Air Force
Royal Army
MI5
MI6
Constabulary (many many)
....
Bank Of England
And In 2015 / 2016 - added introduction of
"Royal Encryption and Cryptography"
Associating that the Crown will own the keys to the security of customer personal data stored by suppliers of broadband? Something charming [though not sure what] about this naivety.
Good luck to all participants in that government and commercial relationship. A few more champagnes on ice for that likely successful debacle.
Tin hats at the ready
all the concern for maintaining complete isolation and patency of ideas thru communications, reinforces the need for same. a circular system that fails to respond by adjusting and correcting to result in a non-cyclic, static and predictable (and improvable) state. is this a basic failing of natural human traits, to simply secure another's efforts as their own, essentially bypassing redundantly performed work? theft of concepts, or is it the very possession of concepts the root cause? did we not learn the dangers of the past 10,000 yeras of human desires, oppression, possessiveness and resultant conflicts? history may never teach a being that which it is incapable of learning.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
