← Back to context

Comment by t-3

9 days ago

From the perspective of securing your data, what's the practical difference between a second country and an enemy country? None. Even if it's encrypted data, all encryption can be broken, and so we must assume it will be broken. Sensitive data shouldn't touch outside systems, period, no matter what encryption.

10 comments

t-3

Reply
VirusNewbie  9 days ago

A statement like "all encryption can be broken" is about as useful as "all systems can be hacked" in which case, not putting data in the cloud isn't really a useful argument.

Avamander  9 days ago

Any even remotely proper symmetric encryption scheme "can be broken" but only if you have a theoretical adversary with nearly infinite power and time, which is in practice absolutely utterly impossible.

I'm sure cryptographers would love to know what makes it possible for you to assume that say AES-256 or AES-512 can be broken in practice for you to include it in your risk assessment.

  • XorNot  9 days ago

    The risk that the key leaks through an implementation bug or a human intelligence source.

    Exfiltrating terabytes of data is difficult, exfiltrating 32 bytes is much less so.

    • Avamander  9 days ago

      That's very far from the encryption itself being broken though. If that were the claim, I would have had no complaints.

  • 9dev  9 days ago

    You’re assuming we don’t get better at building faster computers and decryption techniques. If an adversary gets hold of your encrypted data now, they can just shelf it until cracking becomes eventually possible in a few decades. And as we’re talking about literal state secrets here, they may very well still be valuable by then.

    • stavros  9 days ago

      Barring any theoretical breakthroughs, AES can't be broken any time soon even if you turned every atom in the universe into a computer and had them all cracking all the time. There was a paper that does the math.

    • Avamander  9 days ago

      You make an incorrect assumption about my assumptions. Faster computers or decryption techniques will never fundamentally "break" symmetric encryption. There's no discrete logarithm or factorization problem to speed up. Someone might find ways to make for example AES key recovery somewhat faster, but the margin of safety in those cases is still incredibly vast. In the end there's such an unfathomably vast key space to search through.

      2 replies →

crazygringo  9 days ago

> From the perspective of securing your data, what's the practical difference between a second country and an enemy country? None.

Huh? An enemy country will shut off your access. Friendly countries don't.

> Even if it's encrypted data, all encryption can be broken, and so we must assume it will be broken.

This is a very, very hot take.