Posted on 09/29/2015 6:17:31 AM PDT by Izzy Dunne
Exactly. So your statement "It would be impossible to “algorithmically constrain” something without decrypting it first. is not quite true, because they don't NEED to decrypt it, they can constrain it (as if) without it.
No big deal.
Which is why numbers matter. The more users of encryption, the less likely the things that really are private stand out.
That's why envelopes work. Everybody uses them (at least they used to), so you can't tell the love letters to the girlfriend from the cookie recipes from grandma.
“All the more reason everyone should bone up on at least basic encryption technologies. Learn how to secure your email communications. Learn how to encrypt your local computer(s). Learn how to encrypt data on a flash drive. Learn how to avoid detection on the Internet. “
None of which help if they have OS level access.
“I shouldn’t have to be concerned about a knock at my door at 2 AM for using cryptography to secure my network traffic.”
If the post office in 1776 had said, ‘everyone don’t seal you letters to well incase we want to read them’ the founding fathers would have tarred, feathered and then strung them up. But now the feds are saying just that.
Out-of-the-box operating systems are natively secure. It’s the user who makes an OS insecure.
Yup. I tried for many years to get people interested in actually encrypting their email, and found that very few people are willing to take the minimal effort to do so that it requires. It annoys me mightily that email clients don't make use of PGP/GPG implementations to be painless and transparent. I have the GPG plugin for Thunderbird in my email client, but too few people are prepared to deal with encrypted mail. I have a strong suspicion that the reason email clients don't implement it as a standard feature is due to government pressure.
lol you must work for Microsoft
I run a security company. Nothing is secure out of the box. And what use is a damn OS if users can’t use it.
Anything that requires a user to press a ‘send secure’ instead of ‘send’ to encrypt it won’t be secure. Users make mistakes.
But I’d agree the govt is putting pressure on software companies to limit encryption.
This is why the US Dept of Commerce requires software publishes to tell the federal government exactly the kind of ciphers used in their software and the key lengths. You have to submit your software to the https://www.bis.doc.gov/ to get an Export Registration Number (ERN).
When the FBI or NSA wants to hack you, it simply looks up the ERN for the app and applies the corresponding hack/decryption tool.
An ERN is required for any software published in the US that uses encryption and might be shipped overseas (basically anything published on the Internet).
In some cases you don't need an ERN (e.g., you use an encryption key shorter than 64 bits). The rules are rather complicated. See https://www.bis.doc.gov/index.php/policy-guidance/encryption/encryption-faqs.
Not any more. 'Encryption products' has since been redefined to cover any app that encrypts user data, except for license keys and product activation codes. So, for example, if you use ssleay in an embedded app to encrypt photos on your laptop you still need to get an ERN for the app. (It is not clear if passwords are covered under the new interpretation, but I am guessing they are.)
Don’t work for Microsoft, but I do hold certifications.
We build our MS servers from a “golden image” that is patched monthly and scanned by several vulnerability engines. We remediate vulnerabilities through group policy or at the firewall/proxy.
I suppose I should’ve said that a patched-to-current, net-new install of most modern operating systems is secure.
OK that I would mostly agree with. Although there are significant configuration assumptions.
My original comment was not a dig on MS. It was a comment on the police state we live in.
Installing anything that makes web presentations “pretty” will pretty much tear down the veil. Java and most Adobe products are cancers on most platforms. HTML5 can’t be adopted quick enough.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.