Viewing a single comment thread. View all comments

throwaway_lmkg t1_je69nv0 wrote

Standard messaging platforms resemble an old-school telegraph. End-to-end encryption more closely resembles physical mail.

To send a telegraph, you beep out your message. This gets sent to a telegraph station, where a person listening writes down your message, and then beeps it on to the next station down the line, where there's another person waiting. Eventually, someone writes down the message and hands it over to the recipient.

The important thing to note is that the telegraph operator reads the message at every hop. So if your telegraph operator knows your cousin, they'll gossip. And if the Government thinks you're up to Crimes, they'll watch over the shoulder of the telegraph operator to see if anything Looks Like Evidence.

Mail, on the other hand, is sealed in an envelope. And that envelope gets handed to a postman, tossed around by baggage handlers when it's put on a plane, carried around by another postman, and then delivered unopened to the recipient. No one else has seen the content of the envelope until the recipient opens it. It is a crime for anyone else to open this mail, even the Government if they're not going through proper channels (warrantee void where it's voided).

The encryption is, more-or-less, the envelope that stops non-recipients from reading. The "end-to-end" part is the fact that it stays unopened from the beginning of the journey to the conclusion.

This, of course, relies on trusting the postal system actually does what they say they do. The post office has actual laws that guarantee it works this way, whereas some service that claims end-to-end encryption does not.

244

sethguy12 t1_je6fkoa wrote

Any idea how the Patriot Act plays into that in the US? Does the NSA have some sort of backdoor into the encryption?

15

Pokinator t1_je6qy6l wrote

The answer is extremely dependent on the platform.

Generally, once a message has been encrypted with a doesn't-suck-ass encryption algorithm, the only way to read the message is by having the key or breaking the encryption algorithm to get the key. (most in-use algorithms are pretty break-proof at the moment). Without the key, the message in transit is just gibberish.

When it comes to back doors, it's pretty hard to implement them without severely weakening security. Any point where you say "okay but at this part you can use our magical master key to read it" becomes a gaping hole in the integrity of your encryption.

More commonly, if the platform wants a back-door they'll do it on the client ends instead of in the middle. Create a way to hack into a user account and get their keys. Even that is a major security hole though.

If you want reliable security, there can't be a back door at all.

46

Blueroflmao t1_je8u99j wrote

For what its worth, AES (Advanced Encryption Standard) which is currently applied by default for nearly everything on the internet is the standard for a reason. A brute force attack (trying all combinations to find the right one) is... Impossible, with todays technology. The selection for AES was started in 2001 by the NSA, and in 2003, the Rjindael cipher was selected and it still remains the AES to this day.

As far as I know, several different attacks and methods have been found through cryptanalysis, the best of which was found in 2011. Named the "Biclique"-attack, it was further optimized in 2013.

Now heres the real kicker: there are generally three kinds of AES in use, all with slightly different designs depending on the size of the key used to encrypt (secret key/initial state, the key an attack is trying to find) These are AES-128, 192 and 256.

So using the most efficient attack that is publicly known, how long would it theoretically take to break one single instance of 128 (the simplest one)? Optimally, about 9007 Terabytes of storage is needed (down from the original version of the attack needing 38 TRILLION Terabytes) The time complexity remains the same, despite this improvement, at 2^126. (Simplified, theres some technicality involved here)

What this all means, TL; DR: The simplest form of AES in use (AES-128) would take billions of years to crack, taking ~ 2^126 operations to do so, requiring OVER 9000 terabytes of storage while executing.

As far as we can tell, AES is set to remain the standard until quantum computing comes far enough to actually be useful in Cryptanalysis (meaning we can actually extract the result of our computations, something we are unable to do today)

8

famous_cat_slicer t1_je94s49 wrote

> (most in-use algorithms are pretty break-proof at the moment).

Your use of "most" in this context is slightly worrying. What are the exceptions?

3

frzx1 t1_je99odh wrote

The exceptions fall in the experimental area of encryption. What I mean by that is that the most applications you use today, WhatsApp, Signal, Banking apps, are all encrypted with a military grade encryption, but if you go try out experimental encrypting algorithms then you are at risk. Note that the latter does not happen in your regular day to day life, encryption standards are extremely uniform.

Edit: also, be aware that the applications that have implemented an unbreakable encryption algorithm can still decrypt your files as they have the keys to decrypt them. They're bound to not do it going by the privacy agreement but they potentially can. There are exceptions to it, like Apple's advanced E2E standard where not even Apple has your keys.

3

Dovaldo83 t1_jea3yqt wrote

Quantum computers are capable of taking encryptions that would normally take super computers 500 years to crack and crack them in minutes.

That said quantum computers are still so expensive and rare that you and I shouldn't be concerned about someone using them against us. They've already started development on encryption methods that use quantum phenomena to encrypt messages that even quantum computers have a hard time cracking.

2

Pokinator t1_jea9qwz wrote

I used "Most" instead of "All" mainly for technicality.

TL;DR Rock-Solid encryptions exist, but that doesn't guarantee everyone is using them or using them correctly.

Firstly, just because there's options for solid encryption algorithms doesn't mean they're universally used. For example, the chat app that Bob down the street wrote could be using a very weak Caesar Shift encryption rather than something strong like AES or RSA.

Secondly, some encryptions are only as strong as their choice of key. For example, RSA uses prime numbers to generate keys in a way that's very not ELI5. Basically, 3 primes get used to generate an "encrypt" number, and a "decrypt" number.

If you follow guidelines, the secret "Decrypt" number is practically impossible to guess or calculate. However, if you choose irresponsibly bad starting numbers then a hacker can look at your public Encrypt number and go "hey, that looks like they might have..." and workshop the secret from there.

2

nighthawk_something t1_jea15a5 wrote

Yup that's why there's no "make a back door just this one time so we can stop the terrorist".

It's all or nothing. The backdoor is wide open for everyone, or for no one.

2

throwaway_lmkg t1_je6hszf wrote

I'm only aware of this in generalities. My understanding is that platform providers can be lawfully compelled to read telegraphs or open envelopes, if it is technically possible for them to do so.

A "true" end-to-end encryption scheme would mean that the post office physically cannot open the envelope. In practice, most of the time they could but choose not to, and this is the type of system which can be overcome by a warrant. This happens because a) e2e encryption is bolted on-top of a non-e2e system b) a "true" e2e system like that requires the sender and recipient to manage keys, which is a hassle so usually the platform does it for you c) platforms get political brownie points for being friendly with law enforcement.

28

pseudopad t1_je72wwo wrote

If you want a free and true e2e messaging app, Signal is pretty alright. It's also open source, so it can be audited by anyone with the time and skill to do so.

14

E_Snap t1_je7k3de wrote

You’d have to audit whatever specific instance of compiler or interpreter they use to run it, too. Remember, Ken Thompson was able to hide an undetectable back door in UNIX by modifying a compiler to add the back door to the kernel whenever it was compiling it, and then modifying the compiler to add the back-door-adding code to the compiler code whenever it found it was compiling itself. Bam, no trace of malware in the source, all the checksums work out, and the only way you’d ever find out is by compiling a clean version of the compiler source with a clean version of the compiler and then starting your audit.

3

pk10534 t1_je6qbwu wrote

You’re thinking more of the Foreign Intelligence Surveillance Act (FISA); Patriot Act applies more to domestic agencies such as the FBI. But yes, Title 1 FISA gives the government authority to intercept US-based intelligence from foreign agents/powers operating in the US and the FISA amendments act section 702 gives the government authority to issue warrants to US companies to intercept foreign intelligence. It doesn’t require a back door so to speak, but google can’t just say “no, we’re not giving our records over” if they have them. But if the NSA wants a way in for whatever reason, it probably won’t matter if the company has implemented end-to-end encryption or not.

6

Nickjet45 t1_je6peze wrote

Presumably no,

A back door for one person, is a back door for everyone. Companies who are serious about security, understand this and don’t have back doors.

NSA does have tools to brute force encryptions, but they take time and can be patched out (assuming it’s a software, not hardware, solution.)

5

pseudopad t1_je73a1k wrote

They may also have been hoarding exploits to circumvent encryption, using "side channel" attacks.

You don't need to brute force an encrypted message if you can install an exploit on the user's phone that makes a copy of the message after the user has voluntarily decrypted the message to view it.

Such attacks may also be able to extract the encryption key from the phone (or pc), which may allow them to monitor the messages to and from that particular user while they are in transit.

6

vettrock t1_je6tu9z wrote

If it is true end to end encryption, NSA or anyone listening on the wire cannot read it unless they resort to brute force or some sort of vulnerability in the system. If they can get access to either endpoint they can read it there, or harvest the keys from there.

There were some recent congressional hearings where the FBI, etc wanted to make companies provide a back door into the system. Law enforcement may like it, but anyone who works in security will tell you it is a bad idea. In theory the backdoor key would be provided with a warrant, but there is not a good way of preventing bad guys from exploiting it. Additionally these companies operate globally. Do we want Facebook to provide a backdoor on the legally binding order of a Chinese or Russian court?

3

JohnnyWadd23 t1_je7aodu wrote

The NSA can crack almost anything, especially with help from the Mosad Pegasus technology. The US govt has weaseled it's way into these companies producing the end to end encrypted apps.

For example, we recently discovered FBI agents working at Facebook and Twitter. Facebook bought WhatsApp so the FBI working there got its hands on the decryption keys for WhatsApp messages. So they started reading everyone's messages. For example, Chase employees were using it to coordinate efforts to get around regulations. Once the messages were read the SEC stepped in and fined Chase. The SEC had no case without facebooks help decrypting the supposed private messages.

1

geh4cktes t1_je81s3t wrote

None that we know of. However there are some standardised cryptographic algorithms that have weird, unclear design aspects and we are wondering if these could be back doors we just don't understand yet. In same cases these aspects have also been shown to be insecure but we have no proof that this was intentional.

1

sephirothFFVII t1_je8cvu6 wrote

It is speculated the US govt has the ability to break eliptic curve based cryptography algos by knowing the "magic number"

Additionally, many sessions are logged and stored in a data center in Utah. No one really knows the extent of the logging but it's reasonable to assume noteworthy traffic is stored and if an insecure protocol is used it is decrypted and read.

Then there's always the equation group, those guys are scary good and who knows what sorts of ins they have to systems bypassing the need to sniff sessions to begin with!

https://youtu.be/NF1pwjL9-DE https://en.m.wikipedia.org/wiki/Utah_Data_Center https://en.m.wikipedia.org/wiki/Equation_Group

1

ChaoticAaronStout- t1_je83ptt wrote

Be sure to read the fine print. For a while, Zoom offered end to end Encryption for their meetings with dial in numbers. There are many old school analog phone systems that don't support encrypted.

2

clocks212 t1_je77yr5 wrote

Keep in mind all major governments are sucking up that encrypted communication with the knowledge that one day the encryption keys will leak or the encryption can be broken or brute forced. If you’re a political dissident in China for example I wouldn’t count on that encrypted data to be encrypted forever.

1

Kodekima t1_je8k6vo wrote

Quantum computing can break current encryption standards, but that isn't feasible for anyone except the most technologically superior APT. Also, quantum encryption methods exist specifically to mitigate the effects of encryption cracking.

1

frzx1 t1_je99soi wrote

They're pretty cool, if you read about them. Most of them are lattice based and working in thousands of dimensions.

2