Page 1 of 3
1
2
3
LastLast
  1. #1

    Toshiba creates cryptographic scheme even the NSA can't break.

    http://qz.com/121143/toshiba-has-inv...nsa-cant-hack/

    I look forward to the day when things like this are ubiquitous.

  2. #2
    I Don't Work Here Endus's Avatar
    10+ Year Old Account
    Join Date
    Feb 2010
    Location
    Ottawa, ON
    Posts
    78,895
    Sounds like the tech's pretty limited.

    What should be more interesting is the other side of the coin; quantum computing itself. If we crack that nut (and we're damn close), wave goodbye to standard encryption. The most complicated encryption methods we have, that would withstand brute force methods for longer than the heat-death of the universe, would fall very quickly before a quantum computer, due to the same concepts.


  3. #3
    Quote Originally Posted by Synthaxx View Post
    Quantum cryptograhy: Kerckhoffs's principle assumes it's ultimate form.

    The thing is, you still need some sort of standard on either end. QC simply ensures it can't be intercepted between source and destination, but there's some things it doesn't protect against, such as injection. You should always assume someone knows the private key (even if it's not the case). Theoretically, you could intercept the original message, decrypt it, and send out a false message using the same principles as used to construct the original message. The actual fingerprint of the message will have changed with the contents, but injection attacks in this sense are still a concern that'd need addressing. Kerckhoff's principle does state that even if everything about a system is known except the key, the system should still be secure.

    However, it's good practice to assume that someone else does know the key, and this is what encourages people to build secure systems. If the key is known, but entire details of the system are not (such as the IV/Init. Vector [used in several different cryptographic standards], or the actual encryption method [which is often easy to discovered based upon a few identifying features of the messages]), then you've still maintained some of your security, but it still relies on the system itself being secure. That does imply security through obscurity, which isn't a good standard on it's own, but is a good standard when used in conjunction with other principles (e.g. "keep it simple", "don't invent your own security", "maximize processing time of hashing and encryption functions", etc).

    Verifying someone is who they say they are is still going to be the biggest challenge even with QC. Biometric ID is probably the most secure (it's not infallible though), while passwords are the least secure. Actually, I'd say keycards are more insecure (physical object, could be stolen with relative ease), but that's another discussion entirely. As long as you can verify that someone is who they say they are without any doubt, then the details of your system are much less relevant. That's not to say you should have an insecure or badly designed system, just that you've defeated the chance that someone unauthorized will access it (again, 'without doubt' is the major clause there). Then again, if you could verify without doubt, there would be no need for cryptography.

    As I said above, even biometric isn't truly secure. I recall reading a horror story of a fingerprint scanner where the actual material covering the sensor... actually 'trapped' fingerprint marks (and so dusting it off and lifting the print meant the system was defeated at the first stage), I'll try and find a link to the story if possible. If ever there was a facepalm moment in security, that was it. However, there's still the chance (albeit a very low chance, and on the extreme end) that someone could kill you and steal your eyes or cut off your hand, or even hold you at gunpoint to 'break into' the system.

    Regardless, it's still good to see that progress is being made. I do believe QC will be a major breakthrough when it's actually extended, but I figure that even that isn't infallible.
    I encourage reading the actual article. The way this proposed network is set up, no fancy engineering, mathematics or anything can break the encryption.

  4. #4
    Bloodsail Admiral time0ut's Avatar
    10+ Year Old Account
    Join Date
    Jan 2011
    Location
    US
    Posts
    1,089
    This type of cryptography is only really useful for protecting state secrets and high value information. Most traffic you don't want spied on is already encrypted in a way that is computationally infeasible for the NSA to break. Instead, the NSA just forces the company (who owns the encryption keys) to reveal the content they are interested in. All the network level encryption in the world won't stop that.

  5. #5
    Elemental Lord Rixis's Avatar
    10+ Year Old Account
    Join Date
    Feb 2010
    Location
    Hyrule
    Posts
    8,864
    Didn't the NSA not reall hack most of the encryption so much as bypass it/make the companies give them a door?

  6. #6
    Bloodsail Admiral time0ut's Avatar
    10+ Year Old Account
    Join Date
    Jan 2011
    Location
    US
    Posts
    1,089
    Quote Originally Posted by Rixis View Post
    Didn't the NSA not reall hack most of the encryption so much as bypass it/make the companies give them a door?
    Pretty much. Though this would be useful for helping defend against state sponsored cyber snooping type stuff.

  7. #7
    Elemental Lord Rixis's Avatar
    10+ Year Old Account
    Join Date
    Feb 2010
    Location
    Hyrule
    Posts
    8,864
    I actually saw a snippet of this story on the BBCs red button about an hour ago. (page 154, science/tech news)

  8. #8
    Bloodsail Admiral time0ut's Avatar
    10+ Year Old Account
    Join Date
    Jan 2011
    Location
    US
    Posts
    1,089
    I'm not an expert of QC so I am not sure how applicable this is, but I think I read that the NSA ordered one of the first of these: http://www.dwavesys.com/en/dw_homepage.html

  9. #9
    Legendary! TZucchini's Avatar
    10+ Year Old Account
    Join Date
    Sep 2013
    Location
    Wish it was Canada
    Posts
    6,989
    Who needs to hack information when you have a court order to retrieve it?

  10. #10
    The NSA doesn't need to "hack", they can just order Toshiba to tell them how to access it (as they've done with everything else).

  11. #11
    Quote Originally Posted by time0ut View Post
    I'm not an expert of QC so I am not sure how applicable this is, but I think I read that the NSA ordered one of the first of these: http://www.dwavesys.com/en/dw_homepage.html
    That's not a "real" quantum computer, though. It can't run the quantum algorithm for factoring products of pairs of primes, for example.
    "There is a pervasive myth that making content hard will induce players to rise to the occasion. We find the opposite. " -- Ghostcrawler
    "The bit about hardcore players not always caring about the long term interests of the game is spot on." -- Ghostcrawler
    "Do you want a game with no casuals so about 500 players?"

  12. #12
    Toshiba announces their cryptographic scheme will only be available on new Toshiba Satellite laptops...geeks everywhere collectively groan.
    "You six-piece Chicken McNobody."
    Quote Originally Posted by RICH816 View Post
    You are a legend thats why.

  13. #13
    How is this better than 128 or 256 bit AES encryption already available?

    Let's all ride the Gish gallop.

  14. #14
    Deleted
    Quote Originally Posted by belfpala View Post
    How is this better than 128 or 256 bit AES encryption already available?
    Because those can be cracked with enough time, Quantum Computing can't be because of the laws of physics.

  15. #15
    Quote Originally Posted by Meteoria View Post
    Because those can be cracked with enough time...
    How long do you need your data to be secret? I'm pretty sure 256 bit AES will survive brute force for much much much much much longer than the building you're currently sitting in.

    Let's all ride the Gish gallop.

  16. #16
    I Don't Work Here Endus's Avatar
    10+ Year Old Account
    Join Date
    Feb 2010
    Location
    Ottawa, ON
    Posts
    78,895
    Quote Originally Posted by belfpala View Post
    How is this better than 128 or 256 bit AES encryption already available?
    If they crack the last couple hurdles on quantum computing, neither of those encryption protocols will be worth the time to set up.

    Quantum computers can solve algorithms that would take traditional computers an immense amount of time to brute-force. Like, longer than the heat-death of the universe longer. And they solve those problems in seconds.

    Quantum encryption is basically going to end up being the only way to defend against that. That's why it's important, since the breakthroughs we need to develop quantum computing are well-defined and we can see possible solutions; the trick is more about finding a way that works than figuring out what needs to be done.


  17. #17
    I understand that it's important.

    I also understand that methods of attack (in more than just the computer sense) almost always outpace defenses. There's always a weakness in the wall, so to speak, even if it just involves social hacking.

    Let's all ride the Gish gallop.

  18. #18
    Quote Originally Posted by Endus View Post
    If they crack the last couple hurdles on quantum computing, neither of those encryption protocols will be worth the time to set up.
    I don't think you understand quantum computing.

    There's an algorithm for factoring large composite numbers that runs on a quantum computer. The general problem of inverting polynomial time computable functions has not been shown to be capable of being accelerated by a quantum computer.

    So, the RSA algorithm could fall, but encryption itself could still be ok.
    "There is a pervasive myth that making content hard will induce players to rise to the occasion. We find the opposite. " -- Ghostcrawler
    "The bit about hardcore players not always caring about the long term interests of the game is spot on." -- Ghostcrawler
    "Do you want a game with no casuals so about 500 players?"

  19. #19
    Elemental Lord Reg's Avatar
    10+ Year Old Account
    Join Date
    Sep 2009
    Location
    Manhattan
    Posts
    8,264
    Good. I need new encryption for my porn. Apparently putting it in a folder on the desktop named "N64" wasn't a strong enough defense.

  20. #20
    Quote Originally Posted by Reg View Post
    Good. I need new encryption for my porn. Apparently putting it in a folder on the desktop named "N64" wasn't a strong enough defense.
    Crap. I have all mine in a folder in /user/documents/thingsNSAshouldntlookat/jamesbond/

    that's not good enough?

    Let's all ride the Gish gallop.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •