[liberationtech] What would you reply to this?

Bill Woodcock woody at pch.net
Sun Jun 14 23:28:34 CEST 2020 

>> On Sun, Jun 14, 2020 at 2:38 PM Yosem Companys <yosem at techlantis.com> wrote:
>> Alex Nicholson  10:43 AM
>> Curious what others think about this... this past week @Jason Calacanis (launch.co) talked about the need for all-user end-to-end encryption on services like Zoom in China, and basically anyone operating in or through China, because of the Chinese govt’s likelihood of intercepting and/or interfering with communications as it likes. However, I would argue that the conversation is severely under-estimating the sophistication of the Chinese govt. The US’s NSA can crack any encryption in the world and listen to any communications it wants. Why would we think China’s version of the NSA is any less sophisticated? Commercial encryption prevents interception by hackers and criminals, low-level operations without the budgets or resources of state actors. The intelligence services of major world powers have the skills and tools to crack any company’s best attempt at encryption. So what does it matter if a service like Zoom or anything touching China is encrypted or not? If it touches Chinese soil, fibers, or airspace, it can be read by their govt. If it’s encrypted, it prob won’t be read by criminals and civilian hackers only. Thoughts?

> On Jun 14, 2020, at 8:46 PM, Ali-Reza Anghaie <ali at packetknife.com> wrote:
> I think people still don't understand what risk surfaces are actually worth attacking - and they latch onto encryption without any of the other OPSEC considerations, side-channel attacks on the information and groups being protected, etc.
> This XKCD still applies:  https://xkcd.com/538/
> The problem is the companies and politics still should _strive_ for the best in each applicable area but people are deluding themselves when they consider a Nation State threat model as their baseline.

Yeah, I mostly agree with that.

On the one hand, there is no uncrackable encryption… the passage of time, Moore’s law, quantum computing, it’ll all get decrypted, it’s just a question of when.  Symmetric encryption works as long as the keys are used 1:1, get destroyed after use, and are communicated securely in the first place. Quantum communication of symmetric keys seems promising.

But there are so many other, easier attacks, in the short run, that getting idiots to focus on key-length and ignore all the real attacks just makes governments’ work easier.

                               -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200614/9b7951b9/attachment.sig>

More information about the LT mailing list