[cryptome] Re: TrueCrypt compromised

  • From: tpb-crypto@xxxxxxxxxxx
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Tue, 03 Jun 2014 18:50:53 +0200

> Message du 03/06/14 10:51
> De : "Shaun O'Connor" 
> I take your point about the encryption dilemma(did I spell that
> correctly). I think the Jury is out on that particular issue though...
> Personally I think we are in a perpetual game of cat and mouse with
> those who make it their business to know everything about everyone..

The rewards for the spies are too great for this game to end one day.

The game will continue, but because of these disclosures by half-2015, the 
spies will have to start all over again, at least against people who are aware 
and actively protect their systems. Because those that got legacy systems will 
be forever under the treat.

Considering our increasing life expectancy and the fact that we are using Cobol 
and Fortran codes made 40 years ago in many financial and scientific 
institutions, we can count many exploits discovered in the last decade to be 
still exploitable in 100 years. Because those systems won't go away.

An example of why this is possible, is how many webservers (not merely firmware 
routers hard to re-flash) you will find that are still vulnerable to 
heartbleed. The rate of correction seems to be asymptotic, thus always leaving 
some uncorrected systems till the end of their usable lives.

Put that in an automated system like spy agencies have, and you have 
interesting data streams forever to exploit. The only solution to stop them is 
to uncover their taps and block them, those are much smaller in number and 
easier to tackle than millions of machines.

Other related posts: