Psst, hey. It's the NSA. You want some AI security advice?
You can trust us, we're the good guys
AI + ML
17 Apr 2024 | 2
Don't forget one-time-pads are secure
If you really want something secure, generate your own one-time-pad (OTP) by sampling signal noise, and install it at either end in person, and use that for encryption. You then don't need to run multiple rounds, simply Xor the garbage-like key onto the data to make random garbage.
The important thing is to make the key bigger than all the data for the next few years, and to never use the same part of the key twice, so that it never repeats.
[If that is not possible, then you can make an initial key, validate decrypted messages and then send updates to the OTP over the, now, secure link.]
This is an engineering not a crypto solution, it does no rely on the strength of a crypto algorithim and does not become more breakable as the power of computers increase. It is insanely fast, and easy to implement.
So, regardless of what other crypto solutions are used on the network, if you are dealing with trusted-end to trusted-end communications, add the extra OTP layer onto it.
So for example, if there is an internal Parliament communication system between Parliament and UK Cabinet, then that data can be seen by GCHQ and in turn the NSA/CIA/Obama etc. If you were the tech in charge of that link, you could easily add the extra layer of OTP security to that to protect it. Then if it turns out the 'crypto' algo has been backdoored, the link is still secure.
Biting the hand that feeds IT
