Why wouldn't you encrypt everything?
-
OT: What's with the name change?
Getting information off the Internet is like taking a drink from a fire hydrant. - Mitchell Kapor
Was in a thread about sci-fi and authors and it reminded of how much I enjoyed Asimov's Foundation series so I thought I'd change my name for a week or so in tribute to Asimov. IMO, the greatest writer of all time and it was his writing (non-fiction) that got me interested in science.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
-
2014: The year of encryption[^]. Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud: whilst they are losing less than it would cost to implement suitable security, there is no real incentive for them to do anything.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Homir Munn wrote:
Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross.
I agree. It highly depends on the kind of content, whether private or business doesn't matter, if it's worth to encrypt it. Nonetheless, I don't like them to read my mail in the first place, even if it's just dross. Not because I have something to hide, but simply for the right of privacy.
-
Homir Munn wrote:
Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross.
I agree. It highly depends on the kind of content, whether private or business doesn't matter, if it's worth to encrypt it. Nonetheless, I don't like them to read my mail in the first place, even if it's just dross. Not because I have something to hide, but simply for the right of privacy.
sevenacids wrote:
the right of privacy
I think the notion of privacy has long gone. We really don't live in the kind of world where that is possible, more's the pity. It might be desirable to live off the grid but I think it would be very difficult to do.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
-
sevenacids wrote:
the right of privacy
I think the notion of privacy has long gone. We really don't live in the kind of world where that is possible, more's the pity. It might be desirable to live off the grid but I think it would be very difficult to do.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Homir Munn wrote:
I think the notion of privacy has long gone.
True, but privacy should still be our ideal and we shouldn't stop calling for it.
Homir Munn wrote:
It might be desirable to live off the grid but I think it would be very difficult to do.
Sure it is, but not impossible. It comes at the cost of great privations, and it all depends on how much one is ready to dispense with. For most of us it's hard to imagine how to survive in this world without e-mail, phone, bank account, etc. Everything that leaves marks of your activities somewhere, and you cannot really escape.
-
Homir Munn wrote:
I think the notion of privacy has long gone.
True, but privacy should still be our ideal and we shouldn't stop calling for it.
Homir Munn wrote:
It might be desirable to live off the grid but I think it would be very difficult to do.
Sure it is, but not impossible. It comes at the cost of great privations, and it all depends on how much one is ready to dispense with. For most of us it's hard to imagine how to survive in this world without e-mail, phone, bank account, etc. Everything that leaves marks of your activities somewhere, and you cannot really escape.
Indeed.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
-
2014: The year of encryption[^]. Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud: whilst they are losing less than it would cost to implement suitable security, there is no real incentive for them to do anything.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Homir Munn wrote:
What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets.
Far as I know no specific information has been released about how the problem occurred. And the vast majority of problems occur from the inside. In a case like that encryption wouldn't matter. But other than that most places do not take security seriously at the corporate level even when they have actual security processes in place. It is often a secondary task of which only specific individuals can make a difference.
Homir Munn wrote:
I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud:
Actually it is different and banks do take it seriously at least in the US. The reason is simple because for Visa/Mastercard the bank is libel for the entire amount except $50. Banks for years have been running data analysis for reducing fraud. That is why you might encounter a stop on your card if you travel infrequently or you might be required to give your zip code or even security code at a retail purchase.
-
Homir Munn wrote:
What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets.
Far as I know no specific information has been released about how the problem occurred. And the vast majority of problems occur from the inside. In a case like that encryption wouldn't matter. But other than that most places do not take security seriously at the corporate level even when they have actual security processes in place. It is often a secondary task of which only specific individuals can make a difference.
Homir Munn wrote:
I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud:
Actually it is different and banks do take it seriously at least in the US. The reason is simple because for Visa/Mastercard the bank is libel for the entire amount except $50. Banks for years have been running data analysis for reducing fraud. That is why you might encounter a stop on your card if you travel infrequently or you might be required to give your zip code or even security code at a retail purchase.
Fair point.
jschell wrote:
Actually it is different and banks do take it seriously at least in the US.
They do in the UK as well. However, those are software fixes and do not cure the problem. Again, until it costs less to fix than the losses, I suspect nothing much will change.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
-
Fair point.
jschell wrote:
Actually it is different and banks do take it seriously at least in the US.
They do in the UK as well. However, those are software fixes and do not cure the problem. Again, until it costs less to fix than the losses, I suspect nothing much will change.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Last night I submitted a project to CP. It is an encryption pad which encrypts text using Triple DES into 64bit string garbage and back again. You can use it all the time or occasionally, encrypt your entire mail or just a couple of words. Unfortunately, for some reason I couldn't upload the screen shots, which include the sample key string. Still, it's fun. 05yO8J1m9HphMAAM4bpJPdJM48St6PYOtnPPAHc9euNLU0Sof43hDiP95uJDxrzo (as the alien said to the actress).
-
Encryption is useless when people use "12345" or "password" as their password for everything.
I'd rather be phishing!
Tow sides to this coin. 1. If you encrypt you draw attention to yourself. 2. If you are complacent you are attracting trouble.. I don't know how to balance this.
I may not last forever but the mess I leave behind certainly will.
-
Tow sides to this coin. 1. If you encrypt you draw attention to yourself. 2. If you are complacent you are attracting trouble.. I don't know how to balance this.
I may not last forever but the mess I leave behind certainly will.
I see no conflict. If you encrypt, you do turn on a red flag for the spooks, and you will be investigated. But if you are regular guy they will discard you almost immediately. Plus you only call attention to yourself because few people encrypt these days, as soon as MOST people start doing it, it will no longer be a red flag. So start encrypting and problem 1 will be gone by itself.:thumbsup:
-
2014: The year of encryption[^]. Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud: whilst they are losing less than it would cost to implement suitable security, there is no real incentive for them to do anything.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Homir Munn wrote:
Why wouldn't you encrypt everything?
Because it's too much trouble and is not the default option... that's what anyone who is not tech savvy would say, in my case, until recently, I had encrypted my drive with Bitlocker and EFS (Yes, I use Windows), I found it adequate, but it was really too much trouble, specially, if you wanted to share something with anyone else.
CEO at: - Rafaga Systems - Para Facturas - Modern Components for the moment...
-
2014: The year of encryption[^]. Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud: whilst they are losing less than it would cost to implement suitable security, there is no real incentive for them to do anything.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
Why encrypt everything? To prevent the digital equivalent to the Brandon Mayfield fiasco from happening. We haven't seen any detailed walkthrough of the attack at Target, so we shouldn't automatically assume that poor encryption was the problem.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
Homir Munn wrote:
I'm sure that's true for some but mine really are that boring. :)
Roughly 70 years ago someone decided that everyone that follows a certain religion should be killed. There were a lot of boring people that were no more after that. ..and we're at the Godwin again :) And no, it's not enough to have encryption in place. What's needed is a decentralized internet, one without IP's.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
Eddy Vluggen wrote:
What's needed is a decentralized internet, one without IP's
Seems like an oxymoron. The whole concept of the internet revolves around using IPs to drive and address where messages get sent. Remove IPs, and you lose the protocol to communicate. So, what is the replacement protocol you recommend for it? How would targeted messages work? I'm assuming targeted because IP is an open book and you are talking about throwing out everything developed so far for communications.
-
2014: The year of encryption[^]. Because I would imagine that, for the vast majority of us, the content of our emails is beyond mundane and boring and simply not worth the effort of encrypting. If some nameless, pfy at the NSA has been unfortunately tasked with reading my emails and those of pretty much everyone I know. I would suggest resigning immediately in protest at heaving to read through such dross. What I don't get (like with Target) is why business (who should know better and should have known it years ago) are not already employing (strong) encryption to protect their secrets. I suspect the reason is the same as the banks give for not beefing up security to stop credit card fraud: whilst they are losing less than it would cost to implement suitable security, there is no real incentive for them to do anything.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. Those who seek perfection will only find imperfection nils illegitimus carborundum me, me, me me, in pictures
I left the company over a decade ago, but I had a sensitive position, so they set up encryption capabilities for me. Over the 5 years I had it, I got maybe 6 encrypted E-mails and with 4 of them, I wondered what was in it that justified encryption. If I told you what was in them, I never had the capability to shoot you. Of course, now I won't tell you because I have no idea what they said.
-
Homir Munn wrote:
Why wouldn't you encrypt everything?
Because it's too much trouble and is not the default option... that's what anyone who is not tech savvy would say, in my case, until recently, I had encrypted my drive with Bitlocker and EFS (Yes, I use Windows), I found it adequate, but it was really too much trouble, specially, if you wanted to share something with anyone else.
CEO at: - Rafaga Systems - Para Facturas - Modern Components for the moment...
I also use Bitlocker, it's as seamless as it gets. It takes a very small hit on my measly Core i3 but any Core i5 upwards has dedicated hardware for this task and as such, has precisely zero hit on performance.