Thread replies: 75
Thread images: 10
Thread images: 10
Anonymous
>American Encryption 2017-06-15 03:41:04 Post No. 60913197
[Report] Image search: [Google]
>American Encryption 2017-06-15 03:41:04 Post No. 60913197
[Report] Image search: [Google]
File: 1473772058043.png (75KB, 876x636px) Image search:
[Google]
75KB, 876x636px
Every piece of crypto that is based in the US has a backdoor in it.
Prove me wrong.
>>
>>60913197
Prove that they are, there are no proves that they are backdoored.
Also do I need to spoonfeed you? Most encryption standards, if not all are audited you little russian shill.
>>
>>60913239
say your company has 100 employees. odds that one of them will accept NSA/FBI's offer are pretty high. they might even entrap one of them and blackmail them into adding a backdoor.
don't be naive... everything's backdoored.
>>
>>60913197
>Every piece of crypto that is based in the US has a backdoor in it.
But is doent mean that Durov is not an FSB bitch.
>>
>>60913304
I say nothing, but that there are no proves and I simply cannot believe audits mean nothing, that everyone is buyable.
>>
>>60913197
Telegram bribing by US is nonsense.
Its like the FSB trying to bribe NSA...
>>
>>60913197
>Every piece of crypto that is based in the US has a backdoor in it.
OP doesn't even know the difference between crypto based upon mathematical theory which is extremely hard to 'backdoor' and proprietary implementations like Telegram which can indeed be assumed to be backdoored.
>>
>>60913381
>Telegram bribing by US is nonsense.
how so?
>>
>>60913197
AES is develop by the NSA that's is why I don't use it.
>>
>>60913455
Source?
>>
>>60913610
>The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
>>
>>60913432
Which US end-to-end encrypted services (with a users certificate) are open source?
>>
>>60913455
So is SE Linux
>>
>>60913197
I run a crypto storage company. All of the employees are very close to me.
We have only been approached by an agency once and it was for an unrelated matter to this.
Just say no, they can't force you to do shit.
>>
>>60913455
AES was made by Belgian cryptographers who submitted it to a NIST competition to decide what "AES" would be.
The NSA reviewed it as NIST standards are used by literally ever US agency.
>>
>>60913771
>Just say no, they can't force you to do shit.
They'll do it behind your back.
>>
>>60913197
>Open source
>Backdooring
/v/ you really need to go home. :/
>>
>>60913876
What do you mean by "do it behind your back?"
I assume you think US agencies will just break into our systems...but I doubt it, US agencies only care about you if MUH terrorism comes into the picture.
>>
>>60913906
If they asked you, they have an interest.
If they have a legit interest in a current user they will for sure try to gain access.
If they think they may in the future they have nothing to lose by assigning your site as a target for a summer intern.
>>
>>60913935
Good thing they can't legally prove who is who on our platform.
I do see what you mean though. But we do have inside knowledge I have a buddy who is ex-cia (he left because of the illegal shit that was going on) and hes helped us quite a bit.
I find OP's story very hard to believe because US agents are dumb as fuck, but they would never straight up bribe a company, way to much blow back.
>>
>>60913439
Well, you can't bribe the owner of something already controlled by your enemies secret services.
>>
>>60914012
No such thing as ex-CIA.
You're rotting from the inside out!
>>
>>60914033
>>60914034
Jesus I am paranoid but you guys thing this shit is house of cards or some shit.
>>
>>60913900
>he really believes this does not happen
>>
>>60914057
>I am paranoid
Not paranoid enough boyo
>>
>>60914080
Guess I gotta get a bigger tinfoil hat.
>>
>>60914034
Scary thing is once my company gained some steam, I came back to apartment and the electrical panel was wide open and some stuff seemed to be moved around (i could tell because the dust showed it was moved). I had my place checked for bugs and have webcams installed every where now.
>>
>>60913718
TLS/Https is a completely open protocol. Several implementations are open, too.
>>60914180
You need to go back.
>>
>Telegram
lol.
>>
>>60914012
>I have a buddy who is ex-cia
>I find OP's story very hard to believe
fuck i love the internet
>>
>>60913197
You mean like that san bernardino iphone the fbi was too afraid to crack? That had to be sent to israel.
>>
>>60913197
>>60913239
>>60913304
>>60913311
>>60913344
>>60913381
>>60913432
>>60913439
>>60913455
>>60913610
>>60913674
>>60913718
>>60913752
>>60913771
>>60913790
>>60913848
>>60913900
>>60913906
>>60913935
>>60913935
>>60914012
>>60914033
>>60914034
>>60914057
>>60914061
>>60914080
>>60914091
>>60914180
>>60914286
>>60914407
>>60914432
>>60914473
I have nothing to hide, so who cares?
>>
>>60914512
Obviously you have nothing to say either, so the free speach should be shutdown too so retards like you had no way how to spread bullshit on internet.
>>
>>60914473
>You mean like that san bernardino iphone the fbi was too afraid to crack? That had to be sent to israel.
huh? it was not sent. and that phone was cracked by trying thousands upon thousands of pincodes. That attack doesn't even work anymore. It stopped working with iPhone5s and secure enclave.
>>
>>60913197
FBI director was fired because he talked how using back-doors discovered Trump-Russian connections.
>>
File: 1472572928963.jpg (105KB, 1280x720px) Image search:
[Google]
105KB, 1280x720px
>>60914850
>discovered Trump-Russian connections
LMAO... what connections? Even COmey said there were none.
Stay retarded, libshit scum.
>>
This whole pointless discussion can be summed and closed with three words. Argumentum ad Ignorantiam.
>>
>>60914512
Unironically muh freedoms you commie fuck.
>>
>>60913197
True. AES was backdoored from day one.
>>
>>60915586
Do you have anything to support that, anon?
>>
>>60913197
>crypto that is based in the US
Literally none. 99% of the crypto algorithms are made outside the US.
Only Chacha20, Poly1305 and Curve25519 are useful crypto algos that are made in the US.
>>
>>60915755
Just feelings.
>>
>>60913455
Lmao lad https://crypto.stackexchange.com/a/18887
>>
>>60914286
TLS is a bad joke.
>CA
>X.509 certs
no thanks
>>
File: 1466588713233.jpg (710KB, 1075x1517px) Image search:
[Google]
710KB, 1075x1517px
What hash function should I use to encrypt my data with?
>>
>>60916385
Thanks, that's very helpful.
>>
>>60916444
>hash function
>encrypt
>>
>>60916426
TLS doesn't necessarily shackle you to third party CAs, if that's what you mean. And what's wrong with X.509 certificates?
>>
File: 1475320334743.png (1MB, 1600x1200px) Image search:
[Google]
1MB, 1600x1200px
>>60916465
Yes anon, I am looking for a nice hash function to use to encrypt my data, what would you suggest? :3
>>
>>60916514
He means to say that you don't encrypt your files with a hash function, anon.
>>
>>60916507
>TLS doesn't necessarily shackle you to third party CAs
True, you can use DANE/DNSSEC but that's even worse.
>And what's wrong with X.509 certificates?
They allow for a single signature (this is a giant problem as you can't sign your certs with a commonly accepted CA like LE and your own, forcing you to blindly trust LE for a site)
They are bloated with useless features (like EV).
They use ASN.1, leading to trillions of vulnerabilities due to its complexity concerning parsing.
OpenPGP certificates are superior (GNUTLS supported them but since nobody else did everyone dropped support)
>>
>>60916514
MD5 with no salt.
>>
File: 1473184770757.jpg (160KB, 1000x562px) Image search:
[Google]
160KB, 1000x562px
>>60916529
But this does not make any sense anon, how can't I?
>>60916565
In a HMAC construction? I would prefer a hash function with at least 256 bits of output to be honest ;_;
>>
>>60916383
We all got to thank Bernstein et al for that. But even these algorithms won't be safe in the long run. We desperately need post-quantum cryptographic algorithms as elliptic curve cryptography is more vulnerable than traditional RSA to quantum computations.
>>
File: cuckward-.jpg (233KB, 578x578px) Image search:
[Google]
233KB, 578x578px
>>60915755
I don't need to support $h!t.
ENJOY THE BOTNET SCRUB!
>>
>>60916587
Chacha20, Keccak, BLAKE, etc are all Post-quantum safe already. Poly1305 and other universal hashes are not only safe in a post-quantum environment but also safe in the case where P=NP, same with OTP.
As for Post-quantum asymmetric crypto we have SPHINCS (signing only) which is provably safe as long as the underlying hash function is safe, while for encryption we have McEliece or some form of RLWE (which is probably safe).
There is also SIDH but I have no idea how it works.
>>
File: freeotp.one.time.pass.token.png (17KB, 200x200px) Image search:
[Google]
17KB, 200x200px
>>60916561
>what is letsencrypt?
>>
>>60916583
Just concatenate those two outputs together. It's more secure that way.
>>
>>60916642
Yet another CA. I even mentioned it in my post.
>>
>>60916583
Hashing is one-way. There is no way to reverse a hash function. Why are you pretending to be retarded, and posting retarded anime pictures?
>>
File: 1481693083920.jpg (98KB, 1280x720px) Image search:
[Google]
98KB, 1280x720px
>>60916659
"those two"?
I think I will use SHA3 to encrypt my documents!
>>
>>60916642
>FreeOTP
>HOTP and TOTP
>Truncated SHA1-HMAC
>after the first truncation we do a mod 10^d where d is the desired number of digits
Is that a joke?
>>
>>60916689
My bad. The best solution is to just hash your data twice with MD5. That makes the encryption double as strong.
>>
>>60916561
>>TLS doesn't necessarily shackle you to third party CAs
>True, you can use DANE/DNSSEC but that's even worse.
And how exactly is that worse?
>>And what's wrong with X.509 certificates?
>They allow for a single signature (this is a giant problem as you can't sign your certs with a commonly accepted CA like LE and your own, forcing you to blindly trust LE for a site)
Yes you can, you can cross-sign your certificate. Even Let's Encrypt's CA certificates are cross-signed.
>They are bloated with useless features (like EV).
Extended Validation adds extra security by validating the identity. How is that a bad thing?
>They use ASN.1, leading to trillions of vulnerabilities due to its complexity concerning parsing.
Trillions of vulnerabilities is vastly over exaggerated, but please tell us more what bothers you about it.
>OpenPGP certificates are superior (GNUTLS supported them but since nobody else did everyone dropped support)
How does OpenPGP address your specified issues?
>>
>>60916735
Even better
>between 6 and 8 digits
At 8 digits it provides ~26 bits of security. Who thought that this would be a good idea?
>>
>>60913197
You act like NSA/CIA only operate against domestic companies. You'd be naive to believe they don't have agents hired to work at foreign companies in secret.
>>
>make communication software
>shill it on /g/
>get paid by the NSA
Sounds like a business plan
>>
>>60916745
>And how exactly is that worse?
Because you give control to the even more shady registrars.
>Yes you can, you can cross-sign your certificate. Even Let's Encrypt's CA certificates are cross-signed.
You would need to somehow make LE accept you as a CA.
Good luck with that though. http://wiki.cacert.org/SubRoot
>Extended Validation adds extra security by validating the identity.
LMAO
It is actually a trick from commercial CAs to make even more money while abusing the fact that they can issue a certificate for anything without much thought.
>Trillions of vulnerabilities is vastly over exaggerated, but please tell us more what bothers you about it.
I would say only slightly exaggerated. The most common vulnerability type in TLS implementations is due to incorrect parsing of X.509 certs.
>How does OpenPGP address your specified issues?
Nicely, the OpenPGP certificate format is much simpler (-> less implementation failures) and much less bloated while at the same time it supports actually useful features (multiple parties signing your cert, leading to a web of trust).
>>
File: 1470287523901.jpg (157KB, 637x900px) Image search:
[Google]
157KB, 637x900px
>>60916740
As I said before, I want at least 256 bits of security ;_;
Why shouldn't I use SHA3 to encrypt?
>>
>>60916918
SHA3 is the new kid on the block. Untested and unproven. MD5 has seen some shit. It's the proven algorithm.
>>
>>60916961
It was made 10 years ago though!
>>
>>60916974
It wasn't an adopted standard until 2015. Most respected institutions wouldn't touch an algorithm that wasn't certified by NIST.
>>
>>60917012
It is now standardised by NIST however! Moreover MD5 is dis-encouraged by NIST.
>>
>>60917049
NIST is deep state anon. Don't trust them.
Thread posts: 75
Thread images: 10
Thread images: 10