| ▲ | Retr0id 15 hours ago |
| > We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies. > But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it. Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all? |
|
| ▲ | nine_k 15 hours ago | parent | next [-] |
| The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby. |
| |
| ▲ | Retr0id 14 hours ago | parent | next [-] | | A secure cipher is indistinguishable from random data, you can't infer what software is on either end just by eavesdropping. | | |
| ▲ | andrewflnr 13 hours ago | parent | next [-] | | In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata. In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones. Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby". | | |
| ▲ | Retr0id 12 hours ago | parent | next [-] | | Only because TLS never tried to be metadata-resistant in that way. For example, Noise protocol + Elligator + constant bandwidth, is indistinguishable. | | |
| ▲ | andrewflnr 9 hours ago | parent [-] | | You do have to try, though, is the point. It's not automatic just because the output of the cipher itself is cryptographically random. And when you do try, the lack of metadata will itself be a clue as to the software generating it. |
| |
| ▲ | nine_k 12 hours ago | parent | prev [-] | | > transmitter still at least looks like a point source of blackbody radiation The whole trick is that on average it is a source of blackbody radiation exactly like any other piece of matter next to it, same temperature. It does not produce a light or dark spot on an IR camera image. It turns hotter ("positive light") and colder ("negative light") with a very high frequency, in a controllable way. |
| |
| ▲ | nine_k 14 hours ago | parent | prev [-] | | But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle. | | |
| ▲ | Retr0id 14 hours ago | parent [-] | | Hence, "the real advantage is surely that nobody notices you're transmitting data at all?" | | |
| ▲ | nine_k 12 hours ago | parent [-] | | Not just that you are transmitting any data, but that there's some "you", or your device. "All clear, nothing to see here". |
|
|
| |
| ▲ | g-b-r 13 hours ago | parent | prev [-] | | You really need to look up the Kirchoff principle | | |
|
|
| ▲ | beloch 13 hours ago | parent | prev [-] |
| It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public. |
| |
| ▲ | cornholio 9 hours ago | parent | next [-] | | Covert transmission is security. Think of a spy or North Korean dissident, mere detection of a transmission means compromise; Eve will extract the plain text using the trusty $10 wrench. | |
| ▲ | Retr0id 13 hours ago | parent | prev [-] | | harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse. | | |
| ▲ | beloch 13 hours ago | parent [-] | | It all depends on who the message needs to be secure from, and for how long. | | |
| ▲ | Retr0id 12 hours ago | parent [-] | | Sure, but for symmetric ciphers it's not hard to hit the "by anyone, for my lifetime" threshold. NIST does not define a sunset date for AES-256, for example. |
|
|
|
