back to article Facebook's security now sexier, with killer curves

Facebook has boosted its security chops with support for better bang-for-buck email encryption. Menlo Park now supports OpenPGP's standard elliptic curve cryptography public keys meaning security and privacy pundits can post their public keys which will then be used to encrypt email notifications. It supports NIST curves P- …

  1. Christoph

    And the relevance of the picture at the top is?

    1. Kingston Black
      Joke

      Relevance?

      The sight of a partial elliptit curve?

    2. Anonymous Coward
      WTF?

      "Hot Librarian" because errr...no idea.

    3. Pascal Monett Silver badge
      Trollface

      It's the most important part of the article ?

  2. lansalot

    What better way to get a huge sample of similar mail ("OMG!!") encrypted with a thousand different keys, to see if you can factor a brute-force?

    1. joed

      i bet fb gets clear text (they have monetize, right;). in this context i have no idea why they even pretend.

      1. Anonymous Coward
        Megaphone

        Joe, can you use your bloody shift key for a change?

  3. JeffyPoooh
    Pint

    Key and Algorithm Security .NE. security

    Some unnoticed subtle flaw tends to dominate the real world examples.

    Do these implementations avoid key reuse? Numbers used once? Assume there's a flaw.

    Given the size of flash memory, somebody should start selling little boxes to fill up pairs of storage devices, USB Flash or 4TB SSDs, with billions of One Time Pads. Hardware noise RND -> Qty 2 OTPs.

    1. Old Handle

      Re: Key and Algorithm Security .NE. security

      Of course it reuses keys. It's a public key system. It's not supposed to be One Time Pad. That would be monumentally inconvenient for most uses.

  4. Lost In Clouds of Data
    WTF?

    Ask not for whom the (security) bell tolls

    Am I the only one scratching their head trying to put the words 'Facebook' and 'Security' together in an actually meaningful way?

    Secure for whom? Sure Joe Punter can encrypt their data whilst in flight and potentially at rest, with some probably real nifty neato encryption, and kudos for Facebook et all for doing this - but - Facebook itself is an open cesspit of information that Zuck Inc has enabled itself to freely distribute in the name of 'advertising'.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ask not for whom the (security) bell tolls

      Encryption means FB can sell information others can not access.

      Those Nigerian princes will need to pay FB rather than directly slurp the info.

    2. ZSn

      Re: Ask not for whom the (security) bell tolls

      It's very easy to get a secure facebook, don't have an account. I've managed to avoid possesing one up till now and have suffered no ill effects.

  5. Anonymous Coward
    Anonymous Coward

    What better evidence do we need that the NIST curves really have been compromised than Facebook starting to use them?

  6. jake Silver badge

    ::yawns::

    Anyone who actually needs secure email already has it.

    And has since roughly 1980.

    1. sabroni Silver badge

      Re: ::yawns::

      Everyone actually needs secure email.

      1. jake Silver badge

        @sabroni (was: Re: ::yawns::)

        RSA was released in 1977. My group at SAIL was using it in 1978(ish) with "mail" on 2BSD, to keep research information away from the proletariat. RSA was widely available by 1980.

        I never said "nobody needed it". What I said was that it was readily available.

        1. Anonymous Coward
          FAIL

          Re: @sabroni (was: ::yawns::)

          No you didn't Jake, you said anyone that needed it already has it and has since 1980.

          And your method is cumbersome and awkward for 99.999% of of NORMAL people. Protonmail has made it piss easy to use, hence they are ones supporting it.

          1. jake Silver badge

            @ Lost all faith...(was: Re: @sabroni (was: ::yawns::))

            "No you didn't Jake, you said anyone that needed it already has it and has since 1980."

            Yes. I did. What part of reality do you not comprehend?

            "And your method is cumbersome and awkward for 99.999% of of NORMAL people."

            Ah. I see. "It's HARD! to understand!" Why yes, yes it is.

            How many of the idiots using the system under discussion actually understand it? More importantly, how many will continue using it after somebody cracks it?

            1. sabroni Silver badge

              Re: @ Lost all faith...(was: @sabroni (was: ::yawns::))

              "Anyone who actually needs secure email already has it." <> "it was readily available."

              "It's HARD! to understand!" why you're arguing about this. Your first post clearly said that those who needed it already had it. You twist and turn like a mouthy smartarse hoisted by his own petard....

              1. jake Silver badge

                Re: @ Lost all faith...(was: @sabroni (was: ::yawns::))

                ""It's HARD! to understand!" why you're arguing about this."

                I'm not arguing about this. I'm pointing out the obvious. If you have needed strong encryption, it has been available for decades.

                As a side-note, that's "hoise by your own petard", just because I'm archaic & petulant.

                Or just an old fart, if you prefer ;-)

  7. Anonymous Coward
    Anonymous Coward

    Awesome Win!

    So I can get, "Joe has requested to be your friend on Facebook" sent to my email PGP encrypted? I feel a whole lot more secure now. /s

  8. Your alien overlord - fear me

    Standard Facebook user - "Er, whats a public key?"

  9. Old Handle

    I do have a bit of a hard time imagining what sort of Facebook alert could require that level of security. I don't use Facebook though, maybe it would make sense if I did.

    1. Anonymous Coward
      Anonymous Coward

      Ashley-Madison.

  10. Sorry, handle already taken

    I only opened this article to see a larger image of the Blonde :) Am I alone?

    1. herman

      Err... no... I clicked the link to see more elliptic curves...

  11. gcjenkinson

    Jon's talk at Passwords15

    Jon's talk at Passwords15 on "Facebook OpenPGP Support" can be viewed here:

    https://www.youtube.com/watch?v=HNhVfUzWFu8&index=10&list=PLdIqs92nsIzQvvbTiWLLjZOVE7jPBDomw

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like