* * * * *

                The near futility of encryption key management

Contrary to popular belief, encryption [1] per se isn't all that difficult.
The algorithms are well known and hardened, and typically, the actual
encryption APIs (the bits of the program that do the actual munging of the
bits) are pretty easy to use.

It's the encryption key management that's near impossible to handle
correctly. Key [2] authorities [3] are [4] a [5] joke [6]. And even if the
authorities in charge of encryption keys weren't a joke, it's still hard to
exchange keys with random people [7] and know your communications aren't
being monitored, never mind obtaining your encryption keys via literal
eavesdropping [8] or through power consumption of your laptop [9] (previous
two links via tedu [10]).

[1] https://en.wikipedia.org/wiki/Encryption
[2] http://www.csoonline.com/article/2857659/disaster-recovery/destover-variant-signed-with-stolen-sony-certificate-was-part-of-a-joke.html
[3] http://jurinnov.com/the-threat-of-rogue-certificate-authorities/
[4] http://darkmatters.norsecorp.com/2014/12/10/destover-malware-signed-by-sony-digital-certificates-just-a-joke/
[5] http://googleonlinesecurity.blogspot.com/2015/09/improved-digital-certificate-security.html?m=1
[6] http://www.kimmoa.se/The_CA_system_is_a_joke/
[7] http://www.veracode.com/security/man-middle-attack
[8] http://www.cs.tau.ac.il/~tromer/acoustic/
[9] http://www.tau.ac.il/~tromer/handsoff/
[10] http://www.tedunangst.com/flak/post/dont-encrypt-all-the-things

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.