Encryption: Difference between revisions
Thomasmann (talk | contribs) |
mNo edit summary |
||
(62 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
'''Encryption''' is the process of encoding | '''Encryption''' is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files<ref>https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children</ref> you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too. | ||
== | When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years. | ||
The | |||
== How encryption works == | |||
:''For more information, see [http://en.wikipedia.org/wiki/Key_size Key size] and [https://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function] | |||
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others. | |||
The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware. | |||
This is a great simplification of a complicated area. However, it is the root of the whole system. | |||
== Degrees of security in encryption == | |||
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo. | |||
The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better. | |||
A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail. | |||
== PGP == | |||
== Boylovers and encryption == | == Boylovers and encryption == | ||
Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https:// | Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https://veracrypt.fr Veracrypt], a free open source program that has been audited<ref>https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/</ref>, a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page [https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software Comparison of disk encryption software] Whichever platform you use, a strong password is the most important thing to remember. See: [https://www.boywiki.org/en/Internet_security_tutorial#Using_secure_passwords Using secure passwords] | ||
One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.[https://en.wikipedia.org/wiki/State_v._Dalton The State v. Dalton]is a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged [[child pornography]] in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be [[child pornography]]. Altogether the man spent over 10 years in prison for simple writings.<ref>http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/</ref> This case highlights how important it is to encrypt everything related to boylove. | |||
==Key (password) disclosure laws== | |||
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, '''mandatory decryption''' laws force owners of encrypted data to supply decrypted data to law enforcement. | |||
Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required. | |||
In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that'' could'' be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with. | |||
"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." <ref>http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</ref> | |||
== Legislation by nation == | |||
For an updated list of key disclosure laws by nations visit [https://en.wikipedia.org/wiki/Key_disclosure_law WikiPedia Key disclosure law page] | |||
==See Also== | |||
* [[Steganography]] | |||
* [[Tor]] | |||
* [[Internet security tutorial]] | |||
* [[Email security]] | |||
* [[Hard drive]] | |||
==References== | ==References== | ||
[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption] | {{reflist}} | ||
[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html] | |||
[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton] | ==External links== | ||
*[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption] | |||
*[https://en.wikipedia.org/wiki/Key_disclosure_law https://en.wikipedia.org/wiki/Key_disclosure_law] | |||
*[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html] | |||
*[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton] | |||
[[Category:Technology]] | |||
[[Category:Essential reading for BoyLovers]] | |||
[[Category:Civil rights and liberties]] |
Latest revision as of 12:58, 29 March 2022
Encryption is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files[1] you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too.
When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years.
How encryption works
- For more information, see Key size and Cryptographic hash function
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others.
The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware.
This is a great simplification of a complicated area. However, it is the root of the whole system.
Degrees of security in encryption
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo.
The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better.
A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail.
PGP
Boylovers and encryption
Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like Tor. It is often recommended that boylovers use full disk encryption with a program like Veracrypt, a free open source program that has been audited[2], a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page Comparison of disk encryption software Whichever platform you use, a strong password is the most important thing to remember. See: Using secure passwords
One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.The State v. Daltonis a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged child pornography in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be child pornography. Altogether the man spent over 10 years in prison for simple writings.[3] This case highlights how important it is to encrypt everything related to boylove.
Key (password) disclosure laws
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement.
Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.
In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that could be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with.
"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." [4]
Legislation by nation
For an updated list of key disclosure laws by nations visit WikiPedia Key disclosure law page
See Also
References
- ↑ https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children
- ↑ https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/
- ↑ http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/
- ↑ http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/