this post was submitted on 13 Oct 2024
21 points (81.8% liked)

Cybersecurity

5846 readers
87 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
top 7 comments
sorted by: hot top controversial new old
[–] AmbiguousProps@lemmy.today 22 points 2 months ago* (last edited 2 months ago) (1 children)

Define "military grade", because that usually means that it's actually the lowest grade.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms – all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES)

Ah, so they didn't actually get close to cracking AES, they just want to scare people into thinking that they did. I'm not exactly sure what the headline means by "hack" here.

[–] asmoranomar@lemmy.world 10 points 2 months ago* (last edited 2 months ago)

There's also no such thing as "Military Grade" Encryption. The government as a whole, as directed by NSA, uses the same encryption technology. If anything, one of the defining techniques is how said technology is implemented as a process. That means less about the algorithm and more about the hardware and handling. For example, when dealing with classified networking, one of the key differences is using dedicated hardware. These aren't PC's that can be hacked, they are devices whose specific role is to handle encryption, key loading, or key acquisition. They are hardened to prevent emissions from leaking and will dump keys, firmware, memory if tampered with. End devices can only accept keys with no way to retrieve them for reuse.

Advertisers that claim they are offering you "Military Grade" encryption just do regular NSA encryption methods in software, with no hardware component, and no handling process. Which would never be used in the military to secure classified data.

Also, most encryption used in these devices don't use one key, they use key generators. Each device talking to another generates a unique, temporary session key. These session keys do not last long, so if any one key is compromised it limits any potential unauthorized disclosures. Capturing encrypted data for later cracking would prove to be a time and resource exhausted process that would provide too little information, too late. At this point it would be easier to actually try to steal the keys and hardware, rather than crack them.

[–] drspod@lemmy.ml 4 points 2 months ago

This could also mean that they have found a (classical) vulnerability in one of the most used Post Quantum Encryption algorithms (such as Kyber) and they want everyone to switch to using it ASAP.

[–] jesterchen@social.tchncs.de 1 points 2 months ago

@floofloof I can't find the paper. Am I too tired or is there nothing (anymore) behind this link?

I'd love some details... to judge, if it's a threat or scaremongering....

[–] 11111one11111@lemmy.world -1 points 2 months ago (1 children)

How in the fuck can a person run a scam accumulating billions in revenue and not find a way to make it legitimate

[–] MissJinx@lemmy.world 0 points 2 months ago (1 children)

they do ot's called money loudry

[–] 11111one11111@lemmy.world 0 points 2 months ago* (last edited 2 months ago)

BUT THE SCAM WAS A FRAIDUELENT INVESTMENT?!?! 🤣🤣🤣 they had fuckin billions. Throw a couple hundred million any major comercial realestate property and callit a day. It would make for a legit amendment investment.

Edit: the whole story has me cracking up but it also just reminded me of my favorite Key and Peele skit where they are planning to rob a bank and Peele is pitching this plan where they just start showing up to the bank, right, and they just dress like they belong there, right,? ok ok. Then we just keep doing it every day. Show up when they show up, dress like they dress, do all the shit these normal drones do day in and day out, you still with me? Yeah ok I think I follow. Right so here's the kicker we keep doing this for like 20 years and every week we pick a day without anyone noticing.... we just walk out the front door with some of the money week after week after week. Tell me that ist a full proof plan! NO! Mother fucker you just described having a fucking job🤣🤣🤣