• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: August 17th, 2023

help-circle

  • There’s also no such thing as “Military Grade” Encryption. The government as a whole, as directed by NSA, uses the same encryption technology. If anything, one of the defining techniques is how said technology is implemented as a process. That means less about the algorithm and more about the hardware and handling. For example, when dealing with classified networking, one of the key differences is using dedicated hardware. These aren’t PC’s that can be hacked, they are devices whose specific role is to handle encryption, key loading, or key acquisition. They are hardened to prevent emissions from leaking and will dump keys, firmware, memory if tampered with. End devices can only accept keys with no way to retrieve them for reuse.

    Advertisers that claim they are offering you “Military Grade” encryption just do regular NSA encryption methods in software, with no hardware component, and no handling process. Which would never be used in the military to secure classified data.

    Also, most encryption used in these devices don’t use one key, they use key generators. Each device talking to another generates a unique, temporary session key. These session keys do not last long, so if any one key is compromised it limits any potential unauthorized disclosures. Capturing encrypted data for later cracking would prove to be a time and resource exhausted process that would provide too little information, too late. At this point it would be easier to actually try to steal the keys and hardware, rather than crack them.


  • In some instances of private/public key systems, this is done. It’s mainly for the purpose of ensuring the recipient knows who the sender was and also ensuring the sender knows who the recipient is.

    Quick primer: If you encrypt with your private key, everyone knows it was sent by you. If someone encrypts with your public key, they know you will receive it. Use your private key and someone’s public key together and you know only that person got it.

    In practice, lately another step is added to negotiate a third temporary/session key. This ensures keys aren’t used forever, and if compromised a new one can be generated. This is more secure than encrypting twice, because you never know what data is sensitive and picking the wrong one requires the attacker to start from scratch.