On Jun 7, 2013, at 10:14 AM, Jeroen Massar <jer...@massar.ch> wrote:
> If you can't trust the entities where your data is flowing through
> because you are unsure if and where they are tapping you, why do you
> trust any of the crypto out there that is allowed to exist? :)
>
> Think about it, the same organization(s) that you are suspecting of
> having those taps, are the ones who have the top crypto people in the
> world and who have been influencing those standards for decades...
I believe there are two answers to your question, although neither is entirely
satisfactory.
The same organization(s) you describe use cryptography themselves, and do
influence the standards. They have a strong interest in keeping their own
communication secure. It would be a huge risk to build in some weakness they
could exploit and hope that other state funded entities would not be able to
find the hidden flaw that allows decryption.
Having "unbreakable" cryptography is not necessary to affect positive change.
Reading unencrypted communications is O(1). If cryptography can make reading
the communications (by breaking the crypto) harder, ideally at least O(n^2), it
would likely prevent it from being economically feasible to do wide scale
surveillance. Basically if they want your individual communications it's still
no problem to break the crypto and get it, but simply reading everything going
by from everyone becomes economically impossible.
There's an important point to the second item; when scanning a large data set
one of the most important details algorithmically is knowing which data _not_
to scan. When the data is in plain text throwing away uninteresting data is
often trivial. If all data is encrypted, cycles must be spent to decrypt it
all just to discover it is uninteresting.
--
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
signature.asc
Description: Message signed with OpenPGP using GPGMail
