Amber Rudd fails to understand the internet

dowie said:
the problem is that you can't brute force it, you get a limited number of attempts
Click to expand...

the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....
 
adolf hamster said:
the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....
Click to expand...

no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time
 
adolf hamster said:
the login only gave 3 attempts, but the actual encryption itself is surely open to brute forcing?

its difficult, and you need a pretty massive computer, but then i'm sure the cia probably have access to that sort of thing and if the information is that valuable....
Click to expand...

Organisations like the NSA will always be working on 0-Day exploits to unlock devices. Look at the recent Wiki-leaks files for instance, they show that security organisations had exploits for a hell of a lot of devices (which have since been patched).
 
That hashtag comment suggests that all of this is being implemented because May and Rudd are disappointed that they don't have as many Instagram followers as they'd like. "When I implement my new online comms bill I will be the most powerful woman on the interwebs, that's right, I'll have all the hashtags! *maniacal laughing*".
 
dowie said:
no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time
Click to expand...

I didnt say it wouldnt take ages for a supercomputer, just that it was possible if the info was deemed valuable enough.

Time sensitive information aside, the point is encryption isnt infallible either.
 
adolf hamster said:
I didnt say it wouldnt take ages for a supercomputer, just that it was possible if the info was deemed valuable enough.

Time sensitive information aside, the point is encryption isnt infallible either.
Click to expand...

it is quite possible the people who want the information would be dead before the encryption was broken

yes it isn't infallible - but as pointed out it would take a very very long time, it isn't realistic
 
The metadata should be available to the government and law enforcement agencies. The content of messages should not. The government can then go to the person at the other end of the communication and 'speak' to them about the contents of the communication. If there was communication outside the country where this is not possible, the contacted number should be put on a watched list and metadata to/from this device monitored as best as possible.
 
nox_uk said:
The metadata should be available to the government and law enforcement agencies. The content of messages should not. The government can then go to the person at the other end of the communication and 'speak' to them about the contents of the communication. If there was communication outside the country where this is not possible, the contacted number should be put on a watched list and metadata to/from this device monitored as best as possible.
Click to expand...

And what use would this metadata be in this Stasi-esque paradise of yours?
 
I guess if push comes to shove the WhatsApps/Facebooks could essentially forward (encrypted) all messages a user sends/receives to their servers where it's 'securely' stored.

Could be sold to the punters as a backup/iCloud type thing where when you move the app to a new phone you can restore your messages.
Access to said data should only be made available by court order and from countries where the judiciary is recognised as capable and independent - ie you dont want a human rights lawyer getting his messages read.

It's the sort of thing you really need UN type resolutions on. Problem is could you really trust the Russians, Chinese and to a lesser extent the Americans to play nice and not abuse it?
 
platypus said:
And what use would this metadata be in this Stasi-esque paradise of yours?
Click to expand...

ask Google or Facebook...

The contents of the messages would be secure, but the government would know who you are communicating with. This is no different to the data that is already being freely handed over to companies like Facebook via progams like Whatsapp anyway.

Point being if people are communicating with known extremists cells they can be monitored more closely using more traditional methods. The actual contents of the messages are almost irrelevant anyway as they could and probably are using steganography.

it's a compromise, and it's only the equivalent of what WhatsApp has in place at the moment - which RETAINS end to end encryption. The metadata is already harvested by these companies anyway, so why not let the government have access to it. I'd rather it was used for counter terrorism than advertising.
 
Last edited:
Pretty sure they don't understand that you can't break encrypted messages like they did in the war.

but they are going about it all wrong. If they want to snoop, they need to first setup the infrastructure for companies to plug into it - nobody is going to invest in building a feed for the government that would just work for that software, likewise any feed that would connect to a government network would have to be made with some sort of benefit / assurance that it either won't get abused / they have control over.
 
dowie said:
no, I'm pretty sure the CIA doesn't have some magical computational powers unknown to the rest of mankind, you're not going to just brute force encryption... unless you want to wait a very very long time
Click to expand...


I'm surprised people even on this forum as evidenced in this thread, fail to grasp basic concepts like end to end encryption.

Let's put it into perspective, to brute force WhatsApp's encryption (AES-256 for messages, ignoring the additional encryption for the initial install, then authentication parts themselves), it would take approximately the age of our universe if all the supercomputers on the planet were sat there crunching away. And that's just to check the keys of a message...

On the flipside, this does pose a risk to the system. What if both end to end devices are destroyed once messages have been sent? All efforts are completely wasted in trying to get to those messages.

I see where both sides of this debate are coming from, but it's a pointless exercise. Intelligence monitoring and information gathering is the key to catching terrorism. SIS and the like have already stopped many potential attacks from happening over the years, so they are doing their part, but you simply can't stop them all.
 
Last edited:
platypus said:
And when thats not enough?
Click to expand...

less traditional methods?

I am fully 100% on the side of keeping encryption, and I am just pointing out the metadata is already being harvested so why not let the government have more ready access to it. People seem happy for this data to be freely used anyway. would have been no different than if the UK government had bought whatsapp for 22 billion under a shell company. Bet they wish they had...

Nox
 
So this all stems from the media speculating that the guy sent a whatsapp message during the event. Now let's assume he did - why do they need to break the encryption on it? Do they not have access to his phone? Whatsapp doesn't automatically delete messages.

Or is this nothing to do with the incident they are trying to profit from and just another way of trying to circumvent privacy concerns, after being the cause of the encryption being put in place in the first place because they couldn't be trusted not to read messages illegally prior to the encryption?
 
They don't need to break the encryption, which is my point. If they had the metadata there would be nothing stopping them going and talking to the person he messaged, and asking for the message. Chances are it's irrelevant content (in the way the attack has already happened) but it might identify an associate. But this can be done from the metadata anyway without any need for breaking encryption.

I feel like the Government really need to employ people that know what they are doing - and more importantly know how to use what info they already have rather than keep wanting more because they are a bit clueless. i'm talking about the people that stand up in front of the press rather that the various MIx departments - i have no doubt they know what they are doing (but probably still want an easy life!)
 
Washout said:
I guess if push comes to shove the WhatsApps/Facebooks could essentially forward (encrypted) all messages a user sends/receives to their servers where it's 'securely' stored.
Click to expand...

And the omgterrorists spend a week or 2 writing their own system and the whole thing is moot...
 
You must log in or register to reply here.
Back
Top Bottom