Posted on 11/15/2017 7:04:06 AM PST by Kaslin
FBI can pinpoint Russia hacking (not really) but they can’t unlock a phone...
The horse has already left the barn.
Right here on this computer, I have the source code for BlowFish, a powerful 256-bit encryption algorithm. I could compile it into a library, and use that library to write an application that has uncrackable encryption. Hundreds of thousands of other programmers around the world could do the same thing.
How does the FBI, or anyone else, propose to stop this?
Yeah, but if you have the Blowfish source code - which had an integer signing bug in it for 10+ years that nobody had caught - it doesn’t mean that you KNOW if what you are sending is secure. All those libraries and encryption in general is “magic” to most people.
Moreso, Apple contacted the FBI immediately after the incident, offering services - and making it clear that they had 48 hours to do certain things before the device locked up tight.
Not like Apple hasn’t made it abundantly clear before to FBI that there’s a 48 hour window (including the “dead finger” trick, for those who understand the technical & medical details) for applying any conceivable ways to unlock it.
Almost like FBI is making a _point_ of delaying, leveraging the tragedy into an opportunity to compel the industry into providing back doors.
I say. "Feinstein and other corrupt politicians are not above our constitution."
For stuff I want secure I use GPG encryption with a 2048 bit key.
It's really subtle stuff.
One isolated flaw aside, the point remains: serious encryption is available to users even if government forbids it. Yes, Blowfish had a bug - but there are numerous other well-regarded thoroughly-studied strong-encryption algorithms available ... and they’re so simple I have several on t-shirts.
Encryption will always have the risk of either bad implementation, or mathematical breakthroughs, compromising security. It’s generally accepted that implementations should be open-source (not necessarily _free_) for examination, so such flaws may be publicly discovered ASAP.
Yes, it’s magic to most users. That’s why we need a sense of trust - which we DON’T have when strangers with guns compel us to compromise our security for their benefit, especially when they’re making the demands after they failed to do a bunch of other things we’ve given them authority to do.
Government tyrants should not have backdoors to this technology.
Although they might solve a few crimes here and there, the main use of these backdoors would be to collate and archive information on millions of citizens, useful for blackmailing later. Or spying on girlfriends or boyfriends, etc.
No, let the corrupt governments investigate crimes in the old-fashioned way.
This issue is similar to gun control. The tyrants say, “Turn in your guns so that crime will decrease.” In fact, crime will increase and the tyrant’s control over your life just went up.
If I were actually to do this, I’d probably download something more current. I just downloaded the Blowfish because I wanted to study the encryption techniques it uses.
For really good encryption us at least a 64 character password as well. Any favorite sentence or quotation will do.
I updated mine to 4096 several years ago. I have different keys for different purposes though. If I could ever get freerepublic mail to work correctly, I'd have a zeugma@freerepublic.com key.
RSA in 3 lines of perl? I always wanted one of those. "This t-shirt is a munition"
Yup, got that one. Had to send a notarized “I will not take this out of the country” letter to get it.
There is NO reason to encrypt anything; as long as others can’t get their paws on it.
A FR wisely suggested you cut off the dead guys thumb and use it to unlock.
Blowfish has been broken by NSA a long time ago.
So has AES which is why the NSA allows it.
Rolls eyes. Have any proof of that?
Blowfish has been shown to be susceptible to reduced round attacks IIRC. I've not seen any indication a full implementation is similarly vulnerable. Most folks (including its designer Bruce Schneier) recommend Twofish be used instead of Blowfish in any case.
As to AES I believe I've read some concerns about some internal tables, but nothing that would indicate it is "broken".
Of course, this being a public forum, you're welcome to spread FUD all you'd like. Those of us who care about the issue will use that which we consider to be prudent.
It’s hard to break a one time code.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.