Reply to post: Re: If everything's encrypted, what's the problem?

You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you

bombastic bob Silver badge
Meh

Re: If everything's encrypted, what's the problem?

even when you encrypt with SSL, if you can sniff the opening sequence (DH key exchange specifically) you can decrypt the traffic. It would still take a little bit of work, but you can see examples of this happening in Wireshark, when you view an https stream [for example].

So yeah, a router that can capture the entire stream could render encryption useless. The only way around this would be to have a secure tunnel using known certificates on both ends, along with some kind of randomly generated salt, and no decryptable key exchange up front [PGP actually does something like this already, as a good example]. But that would be subject to a form of crypto analysis where you study a large amount of traffic to crack the certs. So nothing is perfect if you don't rotate the keys every time, and so on.

that being said, a possibly 'more secure' PGP for long distance traffic would be a good way to ensure good encryption, across 'teh intarwebs' and various network backbones and so forth, but once it gets on the LAN at its destination, it's probably gonna get hoovered up if spyware [soft, firm, or hard] exists in the routers and PCs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019