AES is an official American encryption standard and I don't trust it. Give me options to run the encryption method of my choice and with my own keys.
Don't listen to Snowden ... Intel: We've switched on CPU crypto for Hadoop
Chip giant Intel is redoubling efforts to defend its valuable data center turf – by developing its own technologies for data management and analysis technologies, such as Hadoop. As part of its mission to make sure that Xeon chips get top-billing when data center admins mull what to run a large Hadoop cluster on, Intel …
-
-
Tuesday 17th December 2013 21:13 GMT Hit Snooze
Not again
What are you going to do if the encryption method you choose is also or becomes an "American" standard?
If I was the NSA, I would mind f*ck the world by telling everyone how much the NSA loves and encourages people to use these "secure" systems. I would also throw in a few "working with our very close friend <insert anti NSA critic> we have improved this encryption algorithm."
-
Tuesday 17th December 2013 21:30 GMT Paul Crawford
Bollocks, say I.
"AES is an official American encryption standard"
You seem to have forgotten the part where it was created by Belgian cryptographers and subject to estensive world-wide analysis before being adopted. That is how it should be (but not always Belgian, unless we are looking at a two-horse race with the Swiss for chocolate).
If you were pointing at the dodgy elliptical curve standard, or the secret Intel random number generator, then you would have a valid point...
-
-
Wednesday 18th December 2013 20:03 GMT Paul Crawford
Re: Bollocks, say I.
Of course, with a suitably fitted tin-foil hat, I could postulate that Intel CPUs keep a cache of recent AES keys that can be accessed by some secret instructions so that user code can reveal them in a way that software implementations of AES could not.
You would need native code execution to exploit this, of course, which is hard to do outside of a few US-friendly suppliers of, for example, web browsers. Oh yes, there is Adobe Flash after all on some 90% of machines...
-
Thursday 19th December 2013 02:13 GMT tom dial
Re: Bollocks, say I.
Perfectly correct, and upvoted accordingly. However there will, no doubt, be those who note that the NSA customarily advises NIST, as they did, for example, with DES many years ago. Accordingly, the reasoning will go, their advice was to accept Rijndael as the standard, with minor modifications, because that was the only candidate they had cryptanalyzed successfully.
-
-
-
Tuesday 17th December 2013 21:20 GMT Charles Manning
So who's going to trust software built by Intel?
The problem with violating trust, is that it is a hard thing to win back.
Nobody on the outside, and likely very few on the inside, really knows how deep the Intel tretchery goes, if there is some at all.
At one extreme, Intel are complete NSA/Isreali bedfellows and every thing they touch from code to compilers and SSDs should be suspect and shunned.
At the other extreme, Intel is completely innocent and Snowdon is making it all up.
The truth is likely somewhere between these two extremes.
No wonder Google is considering baking its own ARM chips. Apart from getting the architectures it wants, it then know what went into the device.
I hunch though this adds yet another hurdle to Intel when it comes to getting design wins for their mobile chipsets.
-
-
Wednesday 18th December 2013 12:53 GMT Charles 9
Re: Bah!
(JOKE RIPOSTE) I think that's the plan. If it's so transparent the hackers see THROUGH it, they can't see the cipher data meaning they don't know where to hack. Encryption where my data becomes invisible would be rather nice IMO (END)
But seriously, the easiest way to get data encrypted on a widespread basis is to make the process turnkey simple, and a transparent (automatic on-the-fly) process can be a step in the right direction if done properly.
As for the paranoia, you might wanna just wring your hands of the whole affair. Let's face it; few things have as much resources as a state, and if ONE state hasn't subverted half the programmers and coders in the world, then the Russians, Chinese, and Arabs have probably polished off the rest. Which basically makes it a case of "Don't Trust Anyone," which means nothing gets done anymore.
-
Tuesday 17th December 2013 22:05 GMT Khaptain
Cloudy cloud
If it's in the cloud, I don't see how's it possible to retain any form of garauntee.
A cracker requires time before he cracks your code.
Give a safecracker time and he will enter your safe.
The cloud is the element of "time" that is required for the <insert agency/pirate here> to be successfull in pwning your data.
-
-
Wednesday 18th December 2013 12:55 GMT Anonymous Coward
Re: Best security ever...
Maximum 64KB of memory and a processor that's extremely simple to follow. Not to mention it runs at a pokey 1MHz. Put it this way. A 33MHz 486SX had enough power to emulate the computer with some optimization of the code (speaking from firsthand experience). How much chance would it have against a multi-core multi-GHz behemoth (and if the rumors are to be believed, the ability to read data off monitors and power lines from a distance)?
-
-
Wednesday 18th December 2013 01:39 GMT ops4096
... and the rest of us ?
Leaving aside the question of NSA subversion ... let alone metadata security, I believe that market demand for hardware encryption by ordinary users for simple things like HTTPS, PGP, TOR and whatever future encrypted security measures are devised, is the next big thing. Yet Intel et al in their infinite wisdom consider these facilities are only to be provided to keep our corpratz overlords safe.
-
Wednesday 18th December 2013 08:31 GMT T. F. M. Reader
Transparent encryption
I do find it ironic that much effort is being invested in keeping people's data transparent for analysis while encrypting the actual processing/analytics, so that no outsider knows how exactly the data are analysed, I suppose.
With tongue firmly planted in the left cheek...
-
Wednesday 18th December 2013 08:50 GMT simmondp
It's all about the key location......
But where are the keys held? If you hold the keys good - if they hold the keys then the encryption is about as much good as a chocolate teapot. (Patriot Act request for Data AND Keys and you know will nothing about it).
If you hold the keys then at least a legal request needs to come to you asking for the keys, and then you can make a decision about what to do (comply or fight) - and if you comply then at least you know that the spooks have which bits of your data.