It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
I think that cipher weakness and key size have to be taken into consideration during the cryptographic system implementation. As we've seen over the years 64bit DES encryption, and MD5 and SHA-1 hash algorithms have been successfully attacked and have been discontinued. For typical temporally-limited communications, like real-time web browsing, the cipher and keylen du jour are probably okay. However, for communications security that requires Perfect Forward Secrecy and the like, using ciphers and key lengths that might appear to be overkill today may be necessary to keep those data secret in the future.
The first and most obvious is cipher weakness,key size and complexity of the passwords associated with them if used.
As Phatdamage has shown, much of the software and hardware that we are using on a regular basis have hidden back doors or other intentional cryptographic weaknesses. And the NSA is not the only culprit in creating these access points. A recent example of this is Lenova's use of a CA certificate surreptitiously inserted into the Windows OS cert store to enable them to create a Man-in-the-Middle attack in SSL sessions, ostensibly to introduce advertising in the user's browser. Since Lenova is owned by the Chinese, I'm not buying that.
Second comes the use or implementation of the technology in your setup. Meaning proper storage of private keys (asymmetric) and correct configuration of software that uses encryption.
It will be very interesting to see what you have to say about this. I haven't been active in COMMSEC for several years and it will be interesting for me to see how these options have matured.
Third is the most aggressive, the usage of CNE or “Computer Network Exploration” and hacking the target system. If you are in need of protection from this level of adversary it is advised to use multiple layers of security in your OS (grsecurity/PaX), and even the more complicated Xen (Hypervisor) micro kernels.
Those were quite informative articles. I especially liked the one from Bruce Schneier. I remember reading this right after the first Snowden revelations. It is still sage advice. And it is still scary as ever to know what the NSA and GCHQ were capable of then and are capable of now.
Below are two good articles about how online security is compromised and how to work to defend against it.
Yep. We use to call this the problem that occurs between the chair and the keyboard.
if your password isn't strong, this is a major issue.
That's another good example of the cost of doing security right. Not only is there a financial cost to purchasing and maintaining additional equipment, but there is a potential system performance hit as well. The performance hit might not be too bad where the network is connecting to the Internet because the Internet connection generally has less bandwidth than the Intranet. But where these active devices are deployed between Intranet segments the performance hit may become more of a factor.
you will have multiple manufacturer devices doing the same job, stacked, with rules filtering through all,
I have to admit that I hadn't looked at IPv6 very much. Like the rest of the world I've been putting it off because it's not been critical for everyday use. While IANA has purportedly now given out the entire set of IPv4 addresses, I believe it will still be a while before its use become commonplace.
Another good point, how much of the world is using IP6?