Author Topic: Encrypted file and unencrypted copy together, can password be calculated?  (Read 4589 times)

0 Members and 1 Guest are viewing this topic.

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 7212
  • Country: fi
    • My home page and email address
Sometimes steganography –– hiding data –– is more valuable than plain encryption...
Yes. Well, strictly speaking, any "good" encryption scheme should not enable anyone to distringuish it from "random" data.
I habitually use LVM2 whole-disk encryption.  Simply the fact that when you boot up it asks for the passphrase, reveals its presence.

Thus, "indistinguishable from noise" applies to the ciphertext only, not to encrypted data in general, and not to the associated metadata in particular.

Using say a custom FUSE driver (userspace application) to convert some innocuous-looking files into a standard encrypted filesystem is steganography: you hide the metadata, while the ciphertext itself is in plain view.

I suspect all cipher approved by NSA is already compromised just out of the box, otherwise they will not approve it  ;D
They did that with NIST SP800-90 / Dual_EC_DRBG, yes.  (Which is a good reason why you shouldn't trust HW-RNGs, and only use them to add entropy to your cryptographically secure pseudo-random number generators.)

However, most of the algorithms NSA approves are used by communication between the US government and contractors.  Using anything backdoored for those would compromise security if the backdoor was revealed to antagonists.  Because humans are involved, such secrets do get revealed, sooner or later.
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1481
  • Country: pl
Even if humans wouldn’t fail, that’s a very poor choice. It’s like putting your own door on weak hinges and telling only a few trusted friends they can, in emergency, remove the door through that vulnerability. Makes sense until you realize one thing. Each day the door is hit with sledgehammers by thousands of very experienced and dedicated sledgehammer users, with a dozen states providing a never-ending supply of very best sledgehammers.

You thought about putting a backdoor in encryption. And you aren’t particularly qualified in the field. Those much more experienced also thought about that. And they have all the knowledge needed to invent a thousand potential methods to weaken the algorithm. One of them is going the very same you used.

Of course even such an obvious thing is not enough to stop people from trying! Contrary to what some imagine, governmential agencies aren’t filled with exceptionally bright people. Where they do happen, they aren’t the decisionmakers. So, over and over again, absurd decisions are made. But it shouldn’t be assumed this is the expected course of action.
« Last Edit: June 28, 2024, 09:24:20 pm by golden_labels »
People imagine AI as T1000. What we got so far is glorified T9.
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15828
  • Country: fr
Sometimes steganography –– hiding data –– is more valuable than plain encryption...

Yes. Well, strictly speaking, any "good" encryption scheme should not enable anyone to distringuish it from "random" data. At which point, no one can claim that you own encrypted data. You may as well just have a bunch of random or corrupted files, or some binary format that is proprietary and that no one has a clue what it is.

That's true of the ciphertext itself, but rarely in context.  Encrypted communication and storage almost always has metadata around it, either explicit or implicit to let the receiver know how to handle it.

Yes, but that's entirely possible to avoid it by not using standard containers with metadata in clear.
Just saying.
If you don't want to give away that some data is encrypted, it's relatively easy, but not by using standard formats.
And if there is no evidence there is usable data, that it is encrypted, and what kind of encryption it could be, then it becomes nearly impossible to make any use of it in any kind of reasonable time.
Again, just saying.
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
There are also situations (like with HTTP and HTTPS) where the same data can be sent encrypted or unencrypted.

Old https uses crypto suites which can be easily hacked with 'man in the middle' attack. And they was used everywhere for a long time. Now many known web servers removed them from supported list (and this is the reason why you can't connect to it with old applications/OS which don't supports new crypto suites).
So, I wouldn't look at https as an example of proper encryption :)

And even with a new strong crypto suites, I would not expect good security from https, because it's not so hard to detect application which is used to connect through TLS channel  and do some activity analysis even without decryption. This is how smart firewall can detect and block some protocols even if you use HTTPS connection.
« Last Edit: June 29, 2024, 02:02:39 am by radiolistener »
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1481
  • Country: pl
This isn’t how things work. One can’t say something is broken, because a thing in the past was named the same way and it used a component — no longer in use — which was faulty.

First of all, HTTPS is not encryption or any kind of a security scheme. Helius used HTTPS and HTTP (a pair!) to explain, how an adversary may know the encrypted plaintext without ever accessing it. Actual security of either plays no role there. They could use Caesar’s cipher and the example would work equally well.(1) Helius never touched the subject of HTTPS security, so I’m not sure, what you are referring to.

Authentication and encryption is done with TLS. Where “TLS” stands for three separate families of protocols,(2) each of them with multiple versions. Weaknesses in one don’t transfer to the other. MitM-ing SSL 2.0 in the 90s isn’t telling much about security of TLS in 2024.

In the second part you make a strawman: you choose some properties and then show how they are not provided. Sure they aren’t, because they were never the goals and aren’t among desired properties of this kind of a protocol. You know what else TLS can’t do? Be used as a lock in my door. Such a security failure! /s
What’s next on the plate? Expecting absolutes?


(1) Though Caesar’s cipher is so weak, such a big cannon would be a waste of time.
(2) Yes, three. SSL3 is separate from SSL2.


« Last Edit: June 29, 2024, 03:42:29 pm by golden_labels »
People imagine AI as T1000. What we got so far is glorified T9.
 
The following users thanked this post: helius

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 7212
  • Country: fi
    • My home page and email address
Sometimes steganography –– hiding data –– is more valuable than plain encryption...

Yes. Well, strictly speaking, any "good" encryption scheme should not enable anyone to distringuish it from "random" data. At which point, no one can claim that you own encrypted data. You may as well just have a bunch of random or corrupted files, or some binary format that is proprietary and that no one has a clue what it is.

That's true of the ciphertext itself, but rarely in context.  Encrypted communication and storage almost always has metadata around it, either explicit or implicit to let the receiver know how to handle it.

Yes, but that's entirely possible to avoid it by not using standard containers with metadata in clear.
Just saying.
If you don't want to give away that some data is encrypted, it's relatively easy, but not by using standard formats.
And if there is no evidence there is usable data, that it is encrypted, and what kind of encryption it could be, then it becomes nearly impossible to make any use of it in any kind of reasonable time.
Again, just saying.
Isn't that exactly steganography for the metadata, though?  It is to me.
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15828
  • Country: fr
Sometimes steganography –– hiding data –– is more valuable than plain encryption...

Yes. Well, strictly speaking, any "good" encryption scheme should not enable anyone to distringuish it from "random" data. At which point, no one can claim that you own encrypted data. You may as well just have a bunch of random or corrupted files, or some binary format that is proprietary and that no one has a clue what it is.

That's true of the ciphertext itself, but rarely in context.  Encrypted communication and storage almost always has metadata around it, either explicit or implicit to let the receiver know how to handle it.

Yes, but that's entirely possible to avoid it by not using standard containers with metadata in clear.
Just saying.
If you don't want to give away that some data is encrypted, it's relatively easy, but not by using standard formats.
And if there is no evidence there is usable data, that it is encrypted, and what kind of encryption it could be, then it becomes nearly impossible to make any use of it in any kind of reasonable time.
Again, just saying.
Isn't that exactly steganography for the metadata, though?  It is to me.

Yes, I think you can call it that.

 
The following users thanked this post: Nominal Animal

Offline InfravioletTopic starter

  • Super Contributor
  • ***
  • Posts: 1185
  • Country: gb
"weak encryption in PKZIP archives is an example"
I'm guesing that doesn't apply to the more modern 7z archive format though? That is a weakness in the algorithm pkzip used? Not a natural weakness in all and any form of compressed file format which would still apply at the implementation level even where a stronger (like the default aes256 in 7zip) algorithm was used?
 

Offline InfravioletTopic starter

  • Super Contributor
  • ***
  • Posts: 1185
  • Country: gb
"Using anything backdoored for those would compromise security if the backdoor was revealed to antagonists"
We have to remember, politicians, governments, civil servants... have an absolute belief in their own infallibility. They genuinely believe that if they demand the creation of a backdoor that only they can access, then nobody else will ever be able to access it, despite the many examples to the contrary. "we'll do it right this time" they think "all those who tried before just weren't doing it properly". Governments afterall have shown that they think they can defeat an extremely contagious virus by destroying democracy and the economy, despite no virus ever having been stopped before except when natural herd immunity was eventually reached (vaccines being something that helped eradicate the worst nasties after they'd already become stable and endemic). They are now insisting that we can abandon fossil fuels in under a decade, and can do it without nuclear power. They believe if they mandate that nobody may ever say anything offensive, then nobody ever will. They believe increasing tax rates always leads to more tax being collected... Governments, and the type of people attracted to jobs near the top of them, really cannot imagine that they could ever make mistakes. I wouldn't put it past them to do something as stupid as place backdoors in their own systems.
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
There are law enforcement agencies and national security agencies already storing as much encrypted content from criminals and opposing countries as possible in the hope they can soon decipher them with these new computers.

I think this is just rumors. 3 letters services have access to a special acceleration hardware which allows to do brute force at incredible speed and they have exploits for popular cipher algorithms which allows to significantly reduce computation cost. So, in most cases they can crack popular cipher in a pretty short time. If they certified some cipher, then they have exploit for it or computation power to crack it within short time period. If it don't works there is no sense to store a lot of garbage data.

Authentication and encryption is done with TLS. Where “TLS” stands for three separate families of protocols,(2) each of them with multiple versions. Weaknesses in one don’t transfer to the other. MitM-ing SSL 2.0 in the 90s isn’t telling much about security of TLS in 2024.

TLS is abbreviation for Transport Layer Security. This is just protocol envelope which provide standard approach to use encrypted channel. It can use different cipher suites with different cipher altorithms and different key exchange algorithm.

TLS itself doesn't guarantee that it will use good cipher suite, it depends on client and server implementation and configuration. And it may confuse user, because he may think that he using channel with strong cipher, but actually it may use weak and vulnerable cipher suite.

Also TLS has serious security issue, because it allows to see a lot of data about connection which is sent unencrypted at handshake. For example, it sends host name. Also it allows to detect client and server applications which by their handshake fingerprint. All this is major security issue, even if you use custom made cipher suite with a strong cipher and key exchange algorithms.

I suspect these TLS vulnerabilities were implemented deliberately to make traffic analysis more easier for 3-letter agencies. I understand that weak TLS security also has some pros, for example it allows to detect and trace malicious traffic from internet worms despite the fact that its encrypted. But at the same time it makes secure channels vulnerable and this is a major con.

So, saying that TLS is secure and its vulnerabilities is good because allows to analyze malicious traffic is the same as saying that HTTP is secure, because it allows to read private conversations and passwords in a plain form  :)
« Last Edit: August 25, 2024, 03:08:34 pm by radiolistener »
 

Offline dietert1

  • Super Contributor
  • ***
  • Posts: 2473
  • Country: br
    • CADT Homepage
Yes, not an expert here but i already suspected the standards inside TLS could only become standards after the three letter agencies knew how to deal with them efficiently. When implementing security for internet things one may have to use something different.
Other news of today: Telegram CEO Pavel Durov detained at airport in France. Don't know what ciphers Telegram is using.
« Last Edit: August 25, 2024, 05:27:28 pm by dietert1 »
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1481
  • Country: pl
3 letters services have access to a special acceleration hardware which allows to do brute force at incredible speed and they have exploits for popular cipher algorithms which allows to significantly reduce computation cost.
Do you also happen to “know” about extraterrestrial civilizations helping them? Or maybe gained access to “state secrets” indicating replacing all the scientific world with radio-controlled clones to hide “real knowledge”? This can’t be rejected, if I read that somebody can break known physics and maths, and even plausible hypothetical future physics.

TLS is abbreviation for Transport Layer Security. This is just protocol envelope which provide standard approach to use encrypted channel. It can use different cipher suites with different cipher altorithms and different key exchange algorithm.

TLS itself doesn't guarantee that it will use good cipher suite, it depends on client and server implementation and configuration.
TLS allows the use of different (meaning: multiple) cipher suites, but it doesn’t allow the use of any cipher suites. And the primary changes between TLS versions are in the set of permitted cryptographic features, including ciphers.

And it may confuse user, because he may think that he using channel with strong cipher, but actually it may use weak and vulnerable cipher suite.
TLS prohibits such cipher suites.

Also TLS has serious security issue, because it allows to see a lot of data about connection which is sent unencrypted at handshake. For example, it sends host name. Also it allows to detect client and server applications which by their handshake fingerprint. All this is major security issue, even if you use custom made cipher suite with a strong cipher and key exchange algorithms.
This is RFC 3546 (§3.1), not core TLS. TLS itself doesn’t even have provisions for doing so, much less requires it, and one can use TLS without this “terrifying vulnerability.”

The “horrible privacy leak” is of minor relevance, because this is routing information. The same kind of information that is held in IP headers. This is why it isn’t encrypted: one can’t hide name and apartment number on an envelope, if a postman is expected to deliver a letter.

The need for using SNI arises from a single IP address hosting more than a single domain name. The alternative is having one IP address per domain name. Which would reveal exacty the same information in the IP header, making SNI no worse than the alternative without it.

The entire issue is mostly of interest to historians too, given that now TLS supports encrypted hello and it’s deployed in all major browsers.

Yes, not an expert here but i already suspected the standards inside TLS could only become standards after the three letter agencies knew how to deal with them efficiently.
So, do you find your way of thinking reasonable? It seems to boil down to: “I’m not an expert, but I’ll ignore what experts say, because they must be on government payroll, since what they say disagrees with what I think”.

Other news of today: Telegram CEO Pavel Durov detained at airport in France.
Which is only tangentially related to encryption.

Don't know what ciphers Telegram is using.
Usually none. Most of Telegram communication is unencrypted and, despite advertising itself for “private chats”, the company designed UI in a manner that makes enabling chat encryption inconvenient. That’s the point of criticism for almost a decade now and Telegram continuously refuses to fix that issue or make encryption default. If you enable encryption, they still roll out their own crypto and they retain full control over the endpoint. The solution is properly named “MProto”, but it’s not recognized or known elsewhere, so it may as well be called “the Telegram thing”.


« Last Edit: August 26, 2024, 08:26:12 am by golden_labels »
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
Do you also happen to “know” about extraterrestrial civilizations helping them?

I don't know if there is some "extraterrestrial civilizations helping them". But I don't see the reason to involve "extraterrestrial civilizations" to explain it.

This is not a secret information that almost any cipher algorithm has some vulnerabilities which allows to make exploits to significantly reduce cipher crack computation cost. You can find examples of software which uses these exploits in practice.

The most impressive example is COMP128. When it was invented, it gave the impression of being practically unhackable due to billion years for brute force. But in 1990 hackers released software which was able to hack it with just 30-40k attempts and later it was reduced to about 8k or even less.

And this is not a secret information that you can use special hardware to significantly increase brute force speed. The simplest publicly available example is John the Ripper jumbo which can utilize power of specialized hardware like GPU or FPGA. And this is not a secret that such specialized hardware is designed and used by these services.

Therefore, I don't see any reason to introduce some entities like aliens to implement these tasks.

I can advise you to use Occam's razor principle in order to avoid involving useless entities to explain the essence of things.

TLS allows the use of different (meaning: multiple) cipher suites, but it doesn’t allow the use of any cipher suites. And the primary changes between TLS versions are in the set of permitted cryptographic features, including ciphers.

I don't see the reason why you cannot implement your own cipher suite with any cipher and use it for your own need with TLS. TLS doesn't limit you. The only issue here is that third party client/server which don't implement your cipher suite will be unable to communicate with your client/server. But your client and your server can successfully use your custom cipher suite. And you can use existing TLS channel infrastructure to establish communication using your custom cipher suite.

I implemented custom TLS stack for existing cipher suites like TLS_CHACHA20_POLY1305_SHA256, and I don't see the reason why I can't do the same for my own cipher.

And by the way I suspect that high popularity of TLS_CHACHA20_POLY1305_SHA256 is because someone trying to reduce cost for message scanning. Because CHACHA20 don't looks like good replacement for AES256. So it's very suspicious that it become so popular...


TLS prohibits such cipher suites.

TLS don't prohibits it. Your client/server configuration may be configured to prohibit it, but it doesn't means that any client/server is configured to prohibit it.

The “horrible privacy leak” is of minor relevance, because this is routing information. The same kind of information that is held in IP headers. This is why it isn’t encrypted: one can’t hide name and apartment number on an envelope, if a postman is expected to deliver a letter.

I well understand why it is implemented in that way and how you can explain the requirement to send part of information unencrypted. But this is a big security hole from my opinion. I think the only reason to keep it unencrypted is to allow 3-letter agencies to use cheap devices to scan it, but this is definitely not about security. And I think it will be fixed soon, because now we can see that it become obvious how dangerous this way for security.
« Last Edit: August 26, 2024, 12:57:59 pm by radiolistener »
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15828
  • Country: fr
That's a bit of a tangent from the original topic, but surely full, almost-impossible-to-crack encryption and surveillance do not mix very well. This is a major concern actually, because as long as we, as a society, claim that surveillance is necessary to ensure the security of people/countries, then the security of data cannot be guaranteed. If we consider that for some authorities not being able to access some data is a threat for national security, then allowed encryption can only be a toy that will be "good enough" as long as "most people" don't have access to the tools and equipment necessary to access encrypted data. But that's also why "quantum computing" is currently seen as the next big thing.

 

Offline helius

  • Super Contributor
  • ***
  • Posts: 3688
  • Country: us
The threat from quantum computers is basically to RSA, DSA, and Elgamal, because there are quantum algorithms for factorization and discrete logarithms (Shor 1994).
Quantum computers can't help to solve symmetric algorithms like AES; at best, they might gain a constant factor, but that is squared against the advantages classical computers have in speed and cost.
Even the application of quantum computing to RSA is speculative. To recover a 512-bit RSA private key, it would take a 2564-qubit machine around a billion operations without decohering. You can look at papers from the field to see how close they can get to that in the public research. These days, a 512-bit RSA key is considered very weak, and 2048-bit keys are common.
What nation-state actors have is a budget. With a budget, you can build or buy a lot of computing power for brute-force cryptanalysis: many hands make small work. A 256-bit AES key seems formidable if you're trying to crack it with a single CPU, but this is one of those "embarassingly parallel" problems. What if you instead put a million CPUs on the problem? A billion? A trillion?
 

Offline dietert1

  • Super Contributor
  • ***
  • Posts: 2473
  • Country: br
    • CADT Homepage
If modern hardware (like huge NVIDIA chips) relates to Turings machine like modern ciphers relate to Enigma, then you can estimate how safe modern ciphers are. Though it may require another Turing to actually do it. Don't know how well AI performs on these riddles. There you may have your "extraterrestrial".
« Last Edit: August 27, 2024, 10:24:38 am by dietert1 »
 

Offline iMo

  • Super Contributor
  • ***
  • Posts: 5576
  • Country: va
Most of Telegram communication is unencrypted and, despite advertising itself for “private chats”, the company designed UI in a manner that makes enabling chat encryption inconvenient. That’s the point of criticism for almost a decade now and Telegram continuously refuses to fix that issue or make encryption default. If you enable encryption, they still roll out their own crypto and they retain full control over the endpoint. The solution is properly named “MProto”, but it’s not recognized or known elsewhere, so it may as well be called “the Telegram thing”.

Interestingly all the "well informed" bloggers on all sides of the barricades shout today the Telegram is the main communication channel of the Kremlins gov, military, TLA services and their spies abroad. How such an inconvenient tool could be used by all those folk then?
Readers discretion is advised..
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
A 256-bit AES key seems formidable if you're trying to crack it with a single CPU, but this is one of those "embarassingly parallel" problems. What if you instead put a million CPUs on the problem? A billion? A trillion?

Using CPU is not a good choice for that task. Professional equipment for such tasks is based on a specialized machines which contains a lot of very powerful FPGA. You can imagine it as a large array of very powerful GPU which is highly customizable for specific algorithms optimizations. It's a kind of very powerful and flexible cryptographic accelerator. Such machines are very expensive and its price can exceed a million dollars, but just one such machine can replace a huge datacenter with usual computing servers. For a personal use it's too expensive, but special agencies can spend a lot of money to buy a bunch of such machines and its power allows to get impressive speed to brute-force cipher algorithm...
« Last Edit: August 27, 2024, 12:16:02 pm by radiolistener »
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1481
  • Country: pl
What nation-state actors have is a budget. With a budget, you can build or buy a lot of computing power for brute-force cryptanalysis: many hands make small work. A 256-bit AES key seems formidable if you're trying to crack it with a single CPU, but this is one of those "embarassingly parallel" problems. What if you instead put a million CPUs on the problem? A billion? A trillion?
Nothing happens. At this scale there is no difference between one and a trillion.

The number is gargantuan. It’s so enormous, that not only the number is incomprehensible, but its incomprehensibility is almost impossible to comprehend. :)

It’s not possible to brute-force a 256-bit key in symmetric crypto. Period. The limit is set by the lower bound of energy requirements for merely iterating over the keys. This is a physical limit, not technological or organizational one, and it doesn’t cover energy needed for actual calculations. For 128-bit keys the limit is low enough to make it hypothetically not impossible, but not even sci-fi offers realms where this may be done.

Interestingly all the "well informed" bloggers on all sides of the barricades shout today the Telegram is the main communication channel of the Kremlins gov, military, TLA services and their spies abroad. How such an inconvenient tool could be used by all those folk then?
How does inconvenience prevent usage? Or how does it relate to anything I said, other than incorporating a few words I also used?
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
At this scale there is no difference between one and a trillion.

The number is gargantuan. It’s so enormous, that not only the number is incomprehensible, but its incomprehensibility is almost impossible to comprehend. :)

This is true if you use stupid straight in the forehead attack (for example stupid straight brute-force on a usual PC).

But if you use exploits and optimizations for specific cipher algorithm, which utilize it's vulnerabilities, it allows to significantly decrease computation cost. And then 1000000000x acceleration with specialized hardware starts to play significant role, because allows to do attack almost in realtime...

Just smart approach and gargantuan turns into several seconds... :)
« Last Edit: August 27, 2024, 06:39:05 pm by radiolistener »
 

Offline Stray Electron

  • Super Contributor
  • ***
  • Posts: 2254
There are law enforcement agencies and national security agencies already storing as much encrypted content from criminals and opposing countries as possible in the hope they can soon decipher them with these new computers.
I'd like to see this proved but i am sure you wont be able to prove it, as this is just a conspiracy speculation. The economics of that is very much questionable.

  No, it's not speculation. You can go on the NSA's website and read copies of the Vernona intercepts that were only decrypted much later and the real names and the code names of Soviet agents in the US and Britain that were identified by those decrypted messages.  And by Soviet agents I don't just mean just Russians but the names of US, British (and other nationalities) citizens who willingly supplied them with information.

   Start reading and then follow some of the links  https://en.wikipedia.org/wiki/Venona_project

   The NSA's webpage on the subject  https://www.nsa.gov/Helpful-Links/NSA-FOIA/Declassification-Transparency-Initiatives/Historical-Releases/Venona/
 

Offline InfravioletTopic starter

  • Super Contributor
  • ***
  • Posts: 1185
  • Country: gb
"Don't know what ciphers Telegram is using."
He fell in to the "roll your own crypto" trap, or rather he had his brother write the crypto algorithms. There's been a lot of cryptographers warning his encryption has vulnerabilities which the protocols underlying Signal are not vulnerable to. That said, while his crypto might not be up to scratch, his philosophy is really quite excellent. There's an interview clip of him here: https://x.com/TuckerCarlson/status/1827460234887008277 (rather long) in which he discusses his attitude, I really like the way he opposes censorship and surveillance and criticises bureaucratic overload and HR departments, just a pity the practicalities of his crypto don't quite live up to his noble goals. He's been making a point that he's as happy for any opposition group (in any country) to use his services as he is for any pro-government (any country again) groups, strict neutrality, that's a rare and honourable thing. I saw some reports saying the opposition in Belarus (where the dictator is a mate of Putin's) are very happy with Telegram, as are the opposition in Russia, unless something very major has changed suddenly then Durov is more a foe to Putin than a friend, if Putin's goons are making use of Telegram then the only reason Durov lets them is his strong neutral stance. Durov's right where the French regime are wrong, lets hope he can get out, by legal or any other means, from the sticky situation those censorious creeps have put him in. I say all this as someone impressed by his interview, not as a fan of Telegram, I don't use a smartphone so both Telegram, and Signal, are pretty useless to me.

"What if you instead put a million CPUs on the problem? A billion? A trillion?"
The largest supercomputer documented as existing is called Frontier and has half a million CPU cores, others on that scale could exist in three letter agencies' basements, but I don't see any way they could plausibly be in possession of things 1000 times the "size" of that without very major distortions being visible in CPU production, supply and demand. So one is probably looking at a worst case, in the abscence of quantum computers, of cracking at a rate several million, or even tens of millions, times faster than high performance ordinary computers? The real risk is surely quantum computing, an advance in anticipation of which it makes sense for totalitarians to seek to store all the data they can posibly get (storage is cheap, especially if they're willing to take a risk of losing some random fraction of that data, as they know only a small fraction of it is stuff they desperately want to know, and decide not to have highly redundant backup copies) now, so they can decrypt later if a powerful enough quantum computer can be built. If I remember rightly, Snowden's leaks included some notes of the scale of storage facilities the NSA was building at the time?
 

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4137
  • Country: 00
The largest supercomputer documented as existing is called Frontier and has half a million CPU cores, others on that scale could exist in three letter agencies' basements, but I don't see any way they could plausibly be in possession of things 1000 times the "size" of that without very major distortions being visible in CPU production, supply and demand.

using CPU is very-very inefficient way for such task. Much more cheap and faster way is to use large array of high performance FPGA.

Less efficient, but also high performance way is to use a farm with many top-end GPU accelerators. The same as used for crypto-mining.

Usual CPU is very bad choice for this task, due to low performance, low scalable parallelism, and high power consumption. Usual CPU is more suitable for a regular software than for cryptography acceleration.


As for telegarm, I think this is just yet another project for mass consumption and Durov is probably just a talking head representing a project that is actually run by a hidden organization that lay in the shadows. The same as Tesla, SpaceX, Instagram, Facebook and many other projects...

At least if I were creating a similar project, I would not become a public leader, but would hire some actor for these purposes and would organize similar performances to attract new users. This is obvious way to control such kind of business...  :)

So it would be naive to believe that such projects can provide any kind of confidentiality. All these scandals resemble a theatrical performance for the public with the aim of making the public believe in the ideas of the project.

But credit should be given to the Telegram. It has become a major modern mass media platform. However, this is more due to the fact that traditional mass media have turned into breeding grounds of trash-propaganda for idiots, which somewhat reminiscent the pictures from the movie 'Idiocracy'. I sometimes get the impression that the scenarios unfolding now are based on the ideas from that movie.
« Last Edit: August 30, 2024, 10:08:01 pm by radiolistener »
 
The following users thanked this post: helius

Offline dietert1

  • Super Contributor
  • ***
  • Posts: 2473
  • Country: br
    • CADT Homepage
As far as i remember from the movie, they did not crack Enigma by brute force, but because they had some encrypted files and partially unencypted copy together (a constant header). That certainly weakens a given cipher. Certainly when using TLS ciphers for https something similar could be used.
« Last Edit: August 30, 2024, 11:14:41 pm by dietert1 »
 

Offline iMo

  • Super Contributor
  • ***
  • Posts: 5576
  • Country: va
Re: Encrypted file and unencrypted copy together, can password be calculated?
« Reply #49 on: September 02, 2024, 12:08:58 pm »
In this FT article they talk about the Durov team (incl. the indication of the salaries of his 30 core people), etc.. Interesting when true..

https://www.ft.com/content/429f9092-5447-4e4c-b3b6-ffa2bc357ca4


..As for telegarm, I think this is just yet another project for mass consumption and Durov is probably just a talking head representing a project that is actually run by a hidden organization that lay in the shadows..
« Last Edit: September 02, 2024, 12:13:06 pm by iMo »
Readers discretion is advised..
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf