a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by nil_zirilrash
nil_zirilrash  ·  3431 days ago  ·  link  ·    ·  parent  ·  post: UK to actively counter strong encryption

I've been thinking a lot about the issue of cryptography/strong encryption. I place great value on privacy of communication, which is something that cryptographic methods can provide. I like the guarantee (more or less) that someone isn't eavesdropping on anything from conversations with family to online banking sessions. However, I've started to worry a bit as I come across stories of it being used for direct antagonism, for example, as in ransomware. If your files are affected, there is literally nothing that you can do to recover the originals short of paying the ransom. Sure, there is a slew of preventative measures that can be taken to prevent infection, and you can probably restore from a backup that you made (you did make one recently, yes?), but ultimately, there is nothing that you can do to reverse the damage to the files themselves. You are helpless. Brute-forcing the key will take forever and a day, and tracking down whoever is responsible through, say, the Tor network is just as infeasible. In short, someone has gone through (comparatively) minimal effort to make some quick cash by thoroughly ruining your day. Perhaps it is not so different in the end from other forms of property damage, wherein the only form of compensation that you will receive will be from an insurance company (roughly equatable to restoring files from backup), but the lack of any way out is absolutely awful. Forbidding strong encryption is stupid, though, I think; as said by just about every cryptographer ever, if there's a weakness in the algorithm meant for one party, it will inevitably be exploited by others.