Cryptography is not dead. Just because some motivated governments can theoretically attack your machine does not mean that cryptography is not useful, because for 99.9999999% of us, that outcome will never happen--and if it does happen, the information will not leak to those you want to keep it from (unless that's the government, of course). Cryptography still keeps us safe from all but three or four entities.<p>Put another way--the FBI can sneak into my apartment any time they want by picking my lock, but I still lock my door.
I absolutely detest FUD about quantum computing and how it's going to "destroy all cryptography; there's no use anymore", completely ignoring the fact that only asymmetric systems based on DLP and IFP will be compromised due to the efficiency of Shor's algorithm.<p>I always get particularly pissed because it makes the average person think it's no longer useful to encrypt their data, thus making them a vulnerable target. I wonder if it's a deliberately orchestrated disinformation campaign.
Cryptography is not on life support any more than Schlage door locks are "dead" because they can be picked by anyone with the tools and training to do so, and kicked in by anyone able to bring more than 50 lbs to bear on the lock.<p>When I've given security talks I've always tried to compare things like air travel, which isn't 100% safe (planes do fall out of the sky) but is 100% "worth it" for most of us. And most of us won't be the focus of a government investigation.<p>So the reasoning that we can't make systems 100% secure, therefore security is dead, doesn't persuade me.<p>What will be interesting though is the use of cryptography to protect things like our pin numbers at the checkout line. That is an area that needs improvement right away.
"<i>They had a system that looked for phones moving towards each other, turned off and then turned on when they are turning away from each other. Looking for secret meetings.</i>"<p>And that probably wouldn't require a lot of computation either, since very few people would turn their phones off while going somewhere and then turn them on again. So the people who are doing this are smart enough to know that they can be tracked by their cell phones, but not smart enough to know that turning them off and on again calls a lot of attention to themselves.<p>So if you're going to a secret meeting that you don't want the NSA to know about, leave your phone at home.
A few of my thoughts. Bruce did make an important point during his presentation, which I didn't write about in the piece. Whenever possible the NSA goes around crypto and other security. The agency has immense power--through, for example, QUANTUM Insert and redirecting to Foxacid servers--to target individuals. The real-issue is <i>BULK</i> collection, and that's where strong crypto will help when placed on endpoint devices and of course at the backend. In this sense: if we make it more expensive and more difficult to get at the data, the NSA will go after easier targets--this is kind of implied in some of the Snowden documents according to Bruce. So crypto is "less important" because if they really, really want to governments and next-gen cyber thieves will get at some of the data. But there are a lot of conventional techniques--better authorization controls, and constant monitoring of activity-- along with encryption that can limit the amount of data that's exposed.
Disclaimer: I went to the conference (well it's actually my school). The followings are supposed to be addressed during the QA but I could only ask one question... sorry for the long baffling.<p>This is the golden age for cryptography, thanks to education and hardworking people.<p>People are actively attacking our cryptographic knowledge and our implementations. As controversial as it may sound, if it weren't all the active attacks on our cryptographic infrastructure, we probably will be okay with RC4 and MD5. Of course we know they are weak and they are not reliable.<p>So let's thanks everyone, including the state-sponsored attackers.<p>This is golden age because we long know that relying on mathematical hardness assumptions is not safe. Maybe a decade later someone discover a theorem to factor large number very efficiently and then boom all the encrypted communications using RSA will be broken. We are slowly moving from that kind of dependencies. We think there are better ways to solve our encryption. Much like in 20th century the arm race gave rise to active advancement in all disciplines of engineering and science, cryptography is also growing.<p>Thanks to all the attackers out there we now know it is important to teach everyone about computer and web literacy. We know this should be part of education. In addition, we must make tools more accessible to users. At #realworldcrypto 2014 someone said PGP has been around what two decades? Why hasn't everyone in the tech community using it? Why are my non-geek friends not using it? Why am I not using it? Servers that retain user data or transfer user data should all be over HTTPS now. Implement 301 redirect on http end points and on HTTPS endpint add HSTS header. Implement Content-Security-Policy to harden what resources can be loaded on your website. Add X-Frame-Options to control whether you want your site to be frame/iframed or not. I can go on and on but you get the point. This is a long battle and not easy to fix.<p>Cryptography is not dead. What is dead is our assumption that we can rely on assumptions and that kind of dependency is going to harm us some time in the future. For how many more years? We don't know. It is possible no one can ever come up with an efficient algorithm to break factoring.<p>Yes. One problem in cryptography has to do with the key storage. I see that in the future HSM will be cheaper and people can enjoy that as opposed to a plaintext file in your $USER/.ssh/ directory. Look, cryptography is not silver bullet. You can't eliminate people from making mistake, but we can look at what things can be improved to make mistake fail quick and safely. Idea? Maybe instead of one key, we have multiple partial keys stored on multiple servers? But key management and key synchronization is going to be a headache. And look, if someone inject a malware in the network and has some insight knowledge of the network, there is very little you can do.<p>Never confuse NSA revelation means we must implement things so secure that we can't even tell Bob is Bob. We can't have 100% anonymity and we can't enforce that. The world needs interaction. The ability to choose is the right direction and I hope companies will start to realize that we don't live in the 80s anymore.<p>The hardest problem to solve is to tell whether the server is doing what it is said. People are working on verifiable search but what about whether site is actually hashing your password? Client-side encryption is important and mufti-identity remain to be solved. Personally, I'd like to see Persona widely used so I can just set up my own federated authentication server to authenticate my own email.<p>Again, as controversial as it may sound, knowledge exists because we can think and because we can think we have desire and goals. Knowledge doesn't grow out of the trees. The are always accidental and incidental. We don't start inventing things out of the thin air. I like the idea of knowledge as Yin-Yang. We don't start having cryptography because there is such a thing called cryptography. Because we want secret to be hidden and safe from evedropper, we invented substitution cipher schemes. Because we now have digital communication and we need to prevent MitM we need a better cryptography and this is why RSA and DHE are useful. We know SHA is never meant for hashing password because it's fast so we invent other kinds of cryptographically hard hashing algorithms like bcrypt and scrypt. If it weren't Miller's paper on fuzzing, we probably would neglect fuzzing testing and our unix command line tools will probably continue to fail hard. If it weren't NSA, how many of us would ever pay attention to the problem in OpenSSL and RNG? There is always a constant Yin-Yang interaction in the pursuit of knowledge. One nice property of security proof is that we always have to model the evil in our proof construction...
Nothing is absolute, you might be hit by a meteor in the next moment. So what that there is a non-zero chance that if you're targeted by the right parties you may not be able to keep secrets?<p>Moreover, cryptography is more than just secret keys being kept secret.<p>For an example of cryptography which doesn't depend on secrecy, consider SNARKs (succinct non-interactive arguments of knoweldge): E.g. I can run a program and give you its output along with a compact proof that the output was the faithful output of the program. The size and complexity of verifying the proof is only a product of the cryptographic security level. Given cryptographic assumptions it is computationally infeasible for me to generate a fake proof.<p>The ability to prove the validity of execution in basically no more time than it takes the read the program being verified is a very powerful result of cryptography which doesn't depend on secrecy.<p>(The most efficient constructions of this currently need some secret data, but it's not a fundamental requirement)
Security is on Time Period Zero (Day Zero, and Year Zero didn't really seem to be the right terms). What we need in Crpyto is awareness and ubiquitous use. Additionally, it is not a fast moving concept. It will be long periods of sweat and churning before the internet is reasonably safe to use (I use the word reasonably, because anyone familiar with security understands that Perfect Security is not feasible. Rather we strive for security with negligible chance of failure).<p>If nothing else, Bitcoin as a protocol is a ray of hope for cryptography. If a digital crypto-currency ever becomes widely used, then crypto will become embedded in everyone's daily life (whether they're on Facebook and Gmail or not).<p>Public-Private Key Crypto is a concept that has only been in practice for less than 50 years. It has yet to be fully understood and implemented.
"Cryptography is dead" is a weird hypey framing. The problem isn't with crypto but with the underlying system... crypto is only as secure as the place it's performed.
Cryptography is very dead. Cryptography relies on the keys being kept private. The keys must be on computers to be usable. Computers can be compromised, therefore the keys can be compromised, therefore they encrypted payloads can be decrypted. Any question?<p>And by "Computers can be compromised", this means computers also cannot be trusted to hold any sensitive data.