Reply to post: Re: Not encrypted whatsapp backups

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal

Aodhhan

Re: Not encrypted whatsapp backups

This isn't shocking to most IT professionals. Most of the government's in the west didn't start getting serious about systems security until a few years ago. While the defense/intel departments started locking things down in 2007 and then even tighter after Snowden leaks, the rest of the govt's spent money on everything but. This includes personnel with talent and understanding on encryption.

When it comes to communication applications, the underlying routines are all similar. Most of the code is out on the Internet for anyone to use. When it comes to encryption, none of them create their own protocols or cipher suites. They use what's available. This comes down to someone who understands which cipher suites are secure, and which are not-so-secure.

...and for those out there who think FIPS 140 cipher suites are unbreakable, you need to think again. FIPS 140 only approves cipher suites up to and including the "SECRET" classification level (by US DOD definition). So they may or may not be good for TS/SCI classification level. There is a different publication for the cipher suites usable for higher classifications.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020