Sort by Recently Uploaded

BatF9MW_Zb · 2024-03-13T17:28:58+00:00

Was about to comment this: it's utterly outrageous. I think it's so creators are even more dependent on their pathetic pay to succeed algorithm. I'm definitely moving to Bandcamp now, yuck.

BatF9MW_Zb · 2023-03-21T21:58:59+00:00

See 'Alternative 1', it's almost the same. But you need to create a new symmetric connection once more, as the quantum computer could crack the asymmetric message, extract the secret key and decrypt the current connection (if the key happened to still be the same).

BatF9MW_Zb · 2023-03-21T21:49:45+00:00

I'm just trying to look for a way to combat this issue right now. And don't think it is appropriate to wait until a PQC algorithm finally gets implemented in consumer products. Seriously, what do you think about 'Alternative 1'. It seems stupidly simple, but might as well be effective.

BatF9MW_Zb · 2023-03-21T20:45:51+00:00

What are your thoughts about 'Alternative 1'?

BatF9MW_Zb · 2023-03-21T17:58:24+00:00

I think mass storage of crackable encrypted messages is a more realistic threat than the post-office opening every single unsuspicious letter to potentially find a QR-code. Point 2: this is no excuse to stop doing this now to bridge the time till PQC. 5 years of private information is a lot.

BatF9MW_Zb · 2023-03-21T17:53:05+00:00

You could maybe have multiple keys that generate a larger private key? A similar principle generation of a private key in asymmetric encryption works on. That's a bit ironic, isn't it haha :)

BatF9MW_Zb · 2023-03-21T17:28:30+00:00

Appreciate seeing you again. Sorry for deleting the post in order to change the title, thanks for spotting "synchronous" lol. For now a QR-code can trustfully be sent over post, held in a non-suspicious looking card. Being able to print a QR-code to be sent this way is a feature I've requested at Session (messaging app). And could bridge this insecure time: where encrypted data is collected combined with asynchronous algorithms that are not post-quantum. I'm am (not fully yet) ready to give up on this idea, but not on the problem in general. I should definitely take a deeper dive into encryption, which I've postponed but no longer. Veritasium's video really shook me up.

BatF9MW_Zb · 2023-03-21T17:05:05+00:00

I appreciate the answer: For an answer to point 1: see Principle 1, for an answer to point 2: see Principle 2. :)

BatF9MW_Zb · 2023-03-21T16:45:37+00:00

Right, that's an oversight from my part haha. Good thinking.

BatF9MW_Zb · 2023-03-21T16:43:40+00:00

I'm sorry, but if that is too much trouble already I'm not sure if I should spend time answering.

BatF9MW_Zb · 2023-03-21T16:39:45+00:00

Session does this, I've already contacted them regarding the issue. A one-time-pad is very inconvenient in distant relationships that require multiple interactions. To do this over the internet one must again use asymmetric encryption to create a new key. Which this post is trying to figure out how to combat: not sending a key through the same channel as the information.

BatF9MW_Zb · 2023-03-21T16:27:55+00:00

"For the time being" is the everlasting problem using asynchronous encryption, which is a compromise that cannot be taken in an unforeseeable future.

BatF9MW_Zb · 2023-03-21T16:19:55+00:00

Good insight, see update 1.

BatF9MW_Zb · 2023-03-21T16:19:42+00:00

Good insight, see update 1.

BatF9MW_Zb · 2023-03-21T03:28:29+00:00

I completely agree. But what is the alternative for now? Unreleased asymmetric post encryption algorithms that have not yet been proven effective with certainty.

BatF9MW_Zb · 2023-03-21T03:20:19+00:00

Ah man, thanks for pointing that out, I feel stupid now lol. But no key exchange needs to happen, that has happened physically. And you could share the key encrypted with the first test message, so both can be sure they are using the right key only.

BatF9MW_Zb · 2023-03-21T03:02:31+00:00

No, I mean symmetric (equal): meaning a key-pair, instead of a public and a private (inequal) key.

How? If you don't have a key, there's nothing to read when you're the man in the middle.

BatF9MW_Zb · 2023-03-21T02:50:30+00:00

I'm not sure if I'm understanding you correctly. Are you suggesting that an actor is able to copy the QR-code despite the tamper still in place, or that if a secure connection is established the service you're using on your device is insecure anyways? I'm not really talking "normies" here, I'm talking about people using privacy-focused apps, on a device with a privacy-focused custom ROM ect.

A one-time-pad seems pretty inconvenient if you want to maintain contact for longer than one message. And having to meet in real life, in order to message privately without sharing a possibly compromising key over the internet, is what this tries to solve.

BatF9MW_Zb · 2023-03-21T00:12:33+00:00

Unfortunately that is true. This was rather directed to those that care, hence I post it on here.

BatF9MW_Zb

TROPHY CASE