Thursday, May 11, 2017

More Shenanigans from the No Such Agency folks



"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst.

“As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”

Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy."

***

Read the full article here Intercept Article and make sure you grok the implications.


- You are using strong passwords/passphrases, right?

- You are using minimum RSA-4096 (and getting comfortable with ECC non-NIST curves), yes?

- And of course you are dating/replacing your passwords and PGP keys on a regular basis?



Privacy/Encryption is a dynamic sport.....don't ever forget that fact.




No comments:

Post a Comment