pongo Posted November 11, 2015 Share Posted November 11, 2015 Brute forcing is wasted effort on pretty much any encryption method worth its salt. If you use weak enough encryption that it can be brute forced, it won't just be the Government who's able to read it. It's a moving target. As more computing power becomes available. That goes to the core of what we expect from privacy. Some people will be concerned if their "secure" messages today can be less trivially decrypted 10 or 20 years into the future. E2E is not going to prevent that. It's not about privacy vs !privacy. It's more layered than that. I would say with confidence that if WhatsApp start using a public key they control to sign your messages, we will know about it. There has already been plenty of equivalent discussion about whether or not WhatsApp is really secure. It's invariably the implementation and not the theory. I'm unfamiliar with decompiling iOS apps Would have to be very motivated. Is not bytecode + JIT model. Link to comment Share on other sites More sharing options...
the stinking enigma Posted November 11, 2015 Share Posted November 11, 2015 Way over my head now, I think I will just encrypt my cock instead Link to comment Share on other sites More sharing options...
HeliX Posted November 11, 2015 Author Share Posted November 11, 2015 Brute forcing is wasted effort on pretty much any encryption method worth its salt. If you use weak enough encryption that it can be brute forced, it won't just be the Government who's able to read it. It's a moving target. As more computing power becomes available. That goes to the core of what we expect from privacy. Some people will be concerned if their "secure" messages today can be less trivially decrypted 10 or 20 years into the future. E2E is not going to prevent that. It's not about privacy vs !privacy. It's more layered than that. Our current encryption methods should be safe for a considerable length of time, following Moore's Law. Unless quantum computing becomes stable. In which case we're all doooooooooooooomed, as Fraser would say. I would say with confidence that if WhatsApp start using a public key they control to sign your messages, we will know about it. There has already been plenty of equivalent discussion about whether or not WhatsApp is really secure. It's invariably the implementation and not the theory. Yeah, but it's reasonably trivial to monitor data in and out of an Android app if you control the root certificate. And decompiling Android apps is comparatively easy. As I say, if something fishy starts happening I'm confident we'll know. I'm unfamiliar with decompiling iOS apps Would have to be very motivated. Is not bytecode + JIT model. Yeah, I barely have the required effort to write the damned things. Whoever decided they should use Objective C should be sent to the gulags. Link to comment Share on other sites More sharing options...
pongo Posted November 11, 2015 Share Posted November 11, 2015 Yeah, I barely have the required effort to write the damned things. Whoever decided they should use Objective C should be sent to the gulags. It doesn't decompile to Objective C. Link to comment Share on other sites More sharing options...
HeliX Posted November 11, 2015 Author Share Posted November 11, 2015 Yeah, I barely have the required effort to write the damned things. Whoever decided they should use Objective C should be sent to the gulags. It doesn't decompile to Objective C. I didn't say it did! I said I don't have the effort required to write them either Link to comment Share on other sites More sharing options...
Slim Posted November 11, 2015 Share Posted November 11, 2015 Surely WhatsApp (company) counts as a Communication Service Provider? Dunno. Reading the draft legislation it's pretty hard to tell. Whatsapp is a peer to peer app, not a service. The Whatsapp servers don't hold the comms, so are they under the definition? Even if they are, is the server in the UK so covered by this law? Doubt it. They can't log what they don't carry. It's not clear enough to know, there'll have to be some test cases to define it, but I don't think it's as bad as the hyperbole says. Daft though, I get what they're trying to achieve, but this doesn't do it. You can't regulate open source e2e encryption and you cant enforce back doors either. Companies like facebook will carry on complying, but for actually snooping, this will be pointless. Link to comment Share on other sites More sharing options...
Bombay Bad Boy Posted November 24, 2015 Share Posted November 24, 2015 Yeah, I barely have the required effort to write the damned things. Whoever decided they should use Objective C should be sent to the gulags. It doesn't decompile to Objective C. I didn't say it did! I said I don't have the effort required to write them either You kids today and your 'I can't disassamble native ARM binary and trace through it', waaah Link to comment Share on other sites More sharing options...
HeliX Posted November 25, 2015 Author Share Posted November 25, 2015 This is pretty good. http://www.infoworld.com/article/3006877/encryption/stop-the-anti-encryption-propaganda-now.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.