Quantum computing.

[David Martin]

The man in the middle attack requires that you don't encode your message with your private key which is linked to the public key transferred through a separate mechanism. Ideally you would be able to check messages delivered by multiple transmission routes to see if the key is the same.

[mrcharly-YHT]

What Quantum Computing suggests it will be able to do (with sufficiently powerful quantum computers) is allow the derivation of the private key from a public key, which truly renders the encryption "broken" as it allows them to not just read all messages but modify too.

I've not seen any claims of computers being able to do that and I'm sceptical. Very sceptical. Please link to information on this.

[Greenbank]

What Quantum Computing suggests it will be able to do (with sufficiently powerful quantum computers) is allow the derivation of the private key from a public key, which truly renders the encryption "broken" as it allows them to not just read all messages but modify too.

I've not seen any claims of computers being able to do that and I'm sceptical. Very sceptical. Please link to information on this.

https://simple.wikipedia.org/wiki/RSA_(algorithm)

One the components of a public (or private) key is the modulus n which is the product of the two secret prime numbers p and q.

If you can take n and factor it into p and q then you can derive both the public and private keys if you have the other info from one of the keys.

Shor's algorithm (https://en.wikipedia.org/wiki/Shor%27s_algorithm) is one of the classic examples of the theoretical power of a quantum computer to specifically do integer factorisation.

Here's a specific (number theoretic maths heavy) blog about using it to break RSA: http://blogs.ams.org/mathgradblog/2014/04/30/shors-algorithm-breaking-rsa-encryption/

There are similar types of QC algorithms for solving the discrete log problem which is the basis for other asymmetric encryption systems (DHE, etc).

[Greenbank]

The man in the middle attack requires that you don't encode your message with your private key which is linked to the public key transferred through a separate mechanism. Ideally you would be able to check messages delivered by multiple transmission routes to see if the key is the same.

No, the MITM attack requires that you blindly trust the public key you have listed for someone else because you haven't validated this through a separate mechanism. You have received the public key over a "secure" channel, but there's no guarantee it was from the person who said it was.

It is why I said:-

This is why you, of course, verify the keys you use when you meet people in real life. Don't you?

How many people verify the keys of friends when they see them in person? I don't (but then I don't really care about the crap I put on WhatsApp being read).
How many people have the option enabled in WhatsApp/Circle/etc to tell you whether the other party's encryption key changes? It's not the default setting, but I have made that change.
And how many of them that do will check with someone over another communications channel to see if that was ok?

[Greenbank]

They'll just put a backdoor in the devices, instead.

True. And the choice of places to hide it is amazing.

In the software (e.g. WhatsApp), in the middleware (the encryption APIs that devices provide), in the hardware itself (a CPU which detects it is performing encryption).

Provably secure computing is an almost impossible dream.

They can provide the source but how can you prove that what is running on your device is what was built from the source. (progress is being made on repeatable/verifiable builds)
But Apple (for example) isn't going to give you the source for all of their middleware, so something may be hiding in there.
Then you've got the hardware, which is beyond verifiability for most humans.

Ugh.

[mrcharly-YHT]

RSA is almost defunct, btw. Does anyone actually still use that?

Although shor's algorithm could be used, nobody has yet built a quantum computer to actually do this - so it is theoretical.

The weakness in protecting hardware and verifying IOT devices, secure boot etc remains security of hardware manufacture keys. Not verification of the keys or verification of firmware keys, but protecting the master keys.

A true secure boot system will verify the main boot image; the main boot image will verify the image of important software. Software update sources will have their security key certificates verified before permitting updates to proceed.

That's low-level hardware systems, but you won't see that level of protection built into PCs or even smartphones for a while yet.

[Greenbank]

RSA is almost defunct, btw. Does anyone actually still use that?

Hence why I mentioned the discrete log problem as that is the basis for more recent asymmetric encryption (DHE, etc).

Although shor's algorithm could be used, nobody has yet built a quantum computer to actually do this - so it is theoretical.

https://en.wikipedia.org/wiki/Shor's_algorithm

"
In 2001, Shor's algorithm was demonstrated by a group at IBM, who factored 15 into 3 × 5, using an NMR implementation of a quantum computer with 7 qubits.[4] After IBM's implementation, two independent groups implemented Shor's algorithm using photonic qubits, emphasizing that multi-qubit entanglement was observed when running the Shor's algorithm circuits.[5][6] In 2012, the factorization of 15 was performed with solid-state qubits.[7] Also in 2012, the factorization of 21 was achieved, setting the record for the largest number factored with Shor's algorithm.[8] In April 2012, the factorization of 143 was achieved, although this used adiabatic quantum computation rather than Shor's algorithm.[9] In November 2014, it was discovered that this 2012 adiabatic quantum computation had also factored larger numbers, the largest being 56153.
"

Progress is slow, and newer ideas have been developed than Shor's original algorithm, but then progress was slow on the original conventional integer factorisation algorithms.

The weakness in protecting hardware and verifying IOT devices, secure boot etc remains security of hardware manufacture keys. Not verification of the keys or verification of firmware keys, but protecting the master keys.

A true secure boot system will verify the main boot image; the main boot image will verify the image of important software. Software update sources will have their security key certificates verified before permitting updates to proceed.

That's low-level hardware systems, but you won't see that level of protection built into PCs or even smartphones for a while yet.

Secure boot is a completely separate subject. That just stops users fiddling with the systems they rightfully own, or malware from embedding itself where traditional scanners cannot find them, etc.

The question here is how do you trust/verify that a system (as a collection of distinct parts) is trustworthy and isn't sending all of your keystrokes/messages/anything to a state sponsored entity.

(Answer: You can't.)

[vorsprung]

RSA is almost defunct, btw. Does anyone actually still use that?

yes, ssh uses large RSA keys

..
The weakness in protecting hardware and verifying IOT devices, secure boot etc remains security of hardware manufacture keys. Not verification of the keys or verification of firmware keys, but protecting the master keys.

A true secure boot system will verify the main boot image; the main boot image will verify the image of important software. Software update sources will have their security key certificates verified before permitting updates to proceed.

That's low-level hardware systems, but you won't see that level of protection built into PCs or even smartphones for a while yet.

There are various schemes for secure boot already.

If you want to be informed about current security issues you should start reading https://www.schneier.com/crypto-gram.html

[mrcharly-YHT]

The low level stuff, from hardware up I know about. This is what will be used in cars and control systems in the future.