|
Homir Munn wrote: Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. Believing, hoping, praying.
History has already proven otherwise. You go ahead and keep hoping
Homir Munn wrote: What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. Here, let me kick in that door; it costs money to do so, and no profit to be made there. Who cares if a few customers walk away? That's why we have a marketing-departement
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Believing, hoping, praying.
I'm sure that's true for some but mine really are that boring.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Homir Munn wrote: I'm sure that's true for some but mine really are that boring. Roughly 70 years ago someone decided that everyone that follows a certain religion should be killed. There were a lot of boring people that were no more after that. ..and we're at the Godwin again
And no, it's not enough to have encryption in place. What's needed is a decentralized internet, one without IP's.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: What's needed is a decentralized internet, one without IP's Seems like an oxymoron. The whole concept of the internet revolves around using IPs to drive and address where messages get sent. Remove IPs, and you lose the protocol to communicate. So, what is the replacement protocol you recommend for it? How would targeted messages work? I'm assuming targeted because IP is an open book and you are talking about throwing out everything developed so far for communications.
|
|
|
|
|
The problem isn't encryption, its decryption.
You can encrypt all the data in the world, but if you ever need to share that with somebody (credit card companies when processing transactions for example) then the data is susceptible to theft. One way algorithms don't work that well when you need to look up customer information. For example lets say that a company stored CC numbers using one-way encryption. In order for the credit card company to match that encrypted value with a value it stores in its database, it would have to know the encryption method and key, then encrypt every number in its database looking for it. In order to do that, it would have to store the credit card numbers in the original format...
Somebody has to have the key to unlock the data. As long as the encryption is reversible then data can be stolen. Even just decrypting into a memory location for use means it can be stolen by memory scrapers.
I don't see this problem going away anytime soon, the best a company can do is to store data internally encrypted and keep up on network security.
|
|
|
|
|
Good points.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Today it's mundane. Tomorrow it's thought crime.
Big data, means "they" can research you in the future if your worth it.
There are so many competing interests, moralities, religions, politics, each with their sanction for transgression, if you can encrypt easily why wouldn't you? Mark...
2 cents
modified 10-Jan-14 20:08pm.
|
|
|
|
|
Encryption is useless when people use "12345" or "password" as their password for everything.
I'd rather be phishing!
|
|
|
|
|
Tow sides to this coin.
1. If you encrypt you draw attention to yourself.
2. If you are complacent you are attracting trouble..
I don't know how to balance this.
I may not last forever but the mess I leave behind certainly will.
|
|
|
|
|
I see no conflict. If you encrypt, you do turn on a red flag for the spooks, and you will be investigated. But if you are regular guy they will discard you almost immediately. Plus you only call attention to yourself because few people encrypt these days, as soon as MOST people start doing it, it will no longer be a red flag.
So start encrypting and problem 1 will be gone by itself.
|
|
|
|
|
OT: What's with the name change?
Getting information off the Internet is like taking a drink from a fire hydrant.
- Mitchell Kapor
|
|
|
|
|
I'd guess it's this one[^]
Veni, vidi, caecus | Everything summarizes to Assembly code
|
|
|
|
|
Was in a thread about sci-fi and authors and it reminded of how much I enjoyed Asimov's Foundation series so I thought I'd change my name for a week or so in tribute to Asimov. IMO, the greatest writer of all time and it was his writing (non-fiction) that got me interested in science.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Some businesses do encrypt their laptop hard drives - when I worked in the medical insurance industry all of our laptop hard drives were encrypted and on top of this the data was all pseudonymised(meaning you could not deduce the individual any one single record related to).
The only issue with encryption is that there is a slight hit on performance in that you have to decrypt the data/drive in order to do something useful with it(i.e. work with it).
There is one problem with encryption which is that - some users will forget their passwords - hence the 00000(etc) codes for the nucular launch keys- which defeats the whole purpose of encryption.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
modified 11-Jan-14 2:37am.
|
|
|
|
|
Homir Munn wrote: Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. I agree. It highly depends on the kind of content, whether private or business doesn't matter, if it's worth to encrypt it. Nonetheless, I don't like them to read my mail in the first place, even if it's just dross. Not because I have something to hide, but simply for the right of privacy.
|
|
|
|
|
sevenacids wrote: the right of privacy
I think the notion of privacy has long gone. We really don't live in the kind of world where that is possible, more's the pity. It might be desirable to live off the grid but I think it would be very difficult to do.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Homir Munn wrote: I think the notion of privacy has long gone. True, but privacy should still be our ideal and we shouldn't stop calling for it.
Homir Munn wrote: It might be desirable to live off the grid but I think it would be very difficult to do. Sure it is, but not impossible. It comes at the cost of great privations, and it all depends on how much one is ready to dispense with. For most of us it's hard to imagine how to survive in this world without e-mail, phone, bank account, etc. Everything that leaves marks of your activities somewhere, and you cannot really escape.
|
|
|
|
|
Indeed.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Homir Munn wrote: What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets.
Far as I know no specific information has been released about how the problem occurred. And the vast majority of problems occur from the inside. In a case like that encryption wouldn't matter. But other than that most places do not take security seriously at the corporate level even when they have actual security processes in place. It is often a secondary task of which only specific individuals can make a difference.
Homir Munn wrote: I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud:
Actually it is different and banks do take it seriously at least in the US. The reason is simple because for Visa/Mastercard the bank is libel for the entire amount except $50. Banks for years have been running data analysis for reducing fraud. That is why you might encounter a stop on your card if you travel infrequently or you might be required to give your zip code or even security code at a retail purchase.
|
|
|
|
|
Fair point.
jschell wrote: Actually it is different and banks do take it seriously at least in the US.
They do in the UK as well. However, those are software fixes and do not cure the problem. Again, until it costs less to fix than the losses, I suspect nothing much will change.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
Those who seek perfection will only find imperfection
nils illegitimus carborundum
me, me, me
me, in pictures
|
|
|
|
|
Last night I submitted a project to CP.
It is an encryption pad which encrypts text using Triple DES into 64bit string garbage and back again.
You can use it all the time or occasionally, encrypt your entire mail or just a couple of words.
Unfortunately, for some reason I couldn't upload the screen shots, which include the sample key string.
Still, it's fun.
05yO8J1m9HphMAAM4bpJPdJM48St6PYOtnPPAHc9euNLU0Sof43hDiP95uJDxrzo
(as the alien said to the actress).
|
|
|
|
|
Homir Munn wrote: Why wouldn't you encrypt everything?
Because it's too much trouble and is not the default option... that's what anyone who is not tech savvy would say, in my case, until recently, I had encrypted my drive with Bitlocker and EFS (Yes, I use Windows), I found it adequate, but it was really too much trouble, specially, if you wanted to share something with anyone else.
|
|
|
|
|
I also use Bitlocker, it's as seamless as it gets. It takes a very small hit on my measly Core i3 but any Core i5 upwards has dedicated hardware for this task and as such, has precisely zero hit on performance.
|
|
|
|
|
Why encrypt everything? To prevent the digital equivalent to the Brandon Mayfield fiasco from happening.
We haven't seen any detailed walkthrough of the attack at Target, so we shouldn't automatically assume that poor encryption was the problem.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
|
|
|
|
|
I left the company over a decade ago, but I had a sensitive position, so they set up encryption capabilities for me. Over the 5 years I had it, I got maybe 6 encrypted E-mails and with 4 of them, I wondered what was in it that justified encryption.
If I told you what was in them, I never had the capability to shoot you. Of course, now I won't tell you because I have no idea what they said.
|
|
|
|