Kurt Roeckx's journal: State of encryption
mercredi 18 septembre 2013 à 16:44 CAFAI, le 18/09/2013 à 16:44
With all the articles about the NSA going around it seems to be hard to follow what is still safe. After reading various things it boils down to:
Properly done encryption is still safe.
They go after the weak things like passwords, bugs in software, ...
Some software might contain backdoors.
I don't think this should really surprise anybody.
There is also speculation that maybe the NSA has better algorithms for reducing the complexity of public key cryptography or that maybe RC4 might be broken. Those things clearly are possible, but it's not clear. Nobody has suggested that AES has any problems, and I think that's still safe to use.
One of the question becomes what does properly done encryption mean. There are various factors to this and many applications using various protocols. SSL/TLS is the most used, so I'm going to concentrate on the parts in that.
(Permalink)
With all the articles about the NSA going around it seems to be hard to follow what is still safe. After reading various things it boils down to:
Properly done encryption is still safe.
They go after the weak things like passwords, bugs in software, ...
Some software might contain backdoors.
I don't think this should really surprise anybody.
There is also speculation that maybe the NSA has better algorithms for reducing the complexity of public key cryptography or that maybe RC4 might be broken. Those things clearly are possible, but it's not clear. Nobody has suggested that AES has any problems, and I think that's still safe to use.
One of the question becomes what does properly done encryption mean. There are various factors to this and many applications using various protocols. SSL/TLS is the most used, so I'm going to concentrate on the parts in that.
(Permalink)