From e9c949b60a0664978ff5ad1f6f8baf061f60ec55e8e1c09014c91a55cccd3ebc Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Thu, 16 Feb 2023 00:00:00 +0000 Subject: Convert refs: encryption-is-a-timer-not-a-lock --- content/entry/encryption-is-a-timer-not-a-lock.md | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/content/entry/encryption-is-a-timer-not-a-lock.md b/content/entry/encryption-is-a-timer-not-a-lock.md index 32a142e..da10d51 100644 --- a/content/entry/encryption-is-a-timer-not-a-lock.md +++ b/content/entry/encryption-is-a-timer-not-a-lock.md @@ -2,12 +2,11 @@ title: "Encryption is a Timer, Not a Lock" date: 2022-03-23T00:00:00 draft: false -makerefs: false --- # Encryption is Not a Lock Encryption is often explained as a lock. When you lock a safe with your valuables inside it, only yourself and the others who are granted access can unlock it. It's not a perfect analogy. A determined thief can crack a safe. By contrast, as far as we know, it's impossible to decrypt securely encrypted data without the key. -The lock analogy also breaks down in another way. When I think of an abstract lock, I imagine something that's secure now and will be secure in the future. But encryption won't necessarily be secure in the future. We could have Shor-capable quantum computers[1] soon or maybe mathematicians will figure out how to break cryptographic primitives[2]. +The lock analogy also breaks down in another way. When I think of an abstract lock, I imagine something that's secure now and will be secure in the future. But encryption won't necessarily be secure in the future. We could have [Shor-capable](https://www.wikipedia.org/wiki/Shor%27s_algorithm) quantum computers soon or maybe mathematicians will figure out how to break [cryptographic primitives](https://www.wikipedia.org/wiki/Cryptographic_primitive). Historically, cryptography has had an expiration date. There are reasons to think that trend won't continue, but nobody knows the future for certain. @@ -26,23 +25,14 @@ It would be naive to think NSA isn't capturing encrypted internet traffic right # What To Do About It Security experts are quick to point out that the NSA doesn't really need to decrypt our data. Metadata alone is sufficient for mass surveillance. They're right, but if the actual contents of the data didn't matter at all, they wouldn't have spent money trying to build a quantum computer. -We all have a reason to resist mass surveillance[3], but how can we do that when NSA might be able to retroactively decrypt our internet activity in an unspecified length of time? Here's my take: +We all have a reason to [resist mass surveillance](/2020/11/14/raising-the-bar-on-privacy), but how can we do that when NSA might be able to retroactively decrypt our internet activity in an unspecified length of time? Here's my take: Avoiding using the internet entirely isn't practical nor desirable, but it can be practical to avoid the internet for things that really need to stay private. For instance, maybe you partake in certain activities/meetings that your current or possible future government wouldn't approve of. You know the kind. If that's you, you'd be wise to avoid using the internet for that. -I don't care if you use Signal. How do you know for certain those messages won't be decrypted in the future? Have your meetings in person, not online. Intelligence agencies aren't made of magic. They cannot break secure protocols. But they will bug your hardware. They will use zero-day[4] exploits. And if you're really interesting, they'll use a brute force attack straight to your knees. +I don't care if you use Signal. How do you know for certain those messages won't be decrypted in the future? Have your meetings in person, not online. Intelligence agencies aren't made of magic. They cannot break secure protocols. But they will bug your hardware. They will use [zero-day](https://www.wikipedia.org/wiki/Zero-day_%28computing%29) exploits. And if you're really interesting, they'll use a brute force attack straight to your knees. -Have your private meetings in the middle of a field without any cell phones. Prefer in-person communication over PGP[5] or Signal. Prefer conducting private transactions with cash, not Monero[6]. Despite all of today's fancy encryption, real life is still the most secure option. +Have your private meetings in the middle of a field without any cell phones. Prefer in-person communication over [PGP](/2022/01/03/goodbye-pgp) or Signal. Prefer conducting private transactions with cash, not [Monero](/2021/12/13/warning-to-monero-users). Despite all of today's fancy encryption, real life is still the most secure option. And lastly, if you've spent so much time online that you're unsure where to find Real Life, here's a Wikipedia article to help you out: [What is Real Life?](https://www.wikipedia.org/wiki/Real_life#As_distinct_from_the_Internet) - - -Link(s): -[1: Shor's Algorithm](https://www.wikipedia.org/wiki/Shor%27s_algorithm) -[2: Cryptographic Primitive](https://www.wikipedia.org/wiki/Cryptographic_primitive) -[3: Raising The Bar On Privacy](/2020/11/14/raising-the-bar-on-privacy) -[4: Zero-Day](https://www.wikipedia.org/wiki/Zero-day_(computing)) -[5: Goodbye PGP](/2022/01/03/goodbye-pgp) -[6: Warning to Monero Users](/2021/12/13/warning-to-monero-users) -- cgit v1.2.3