Hacker News new | ask | show | jobs
by acabal 4421 days ago
Not in this case, I don't think. If there's a way to break encryption, even in the smallest way, then it's not really encrypted, and calling it "good enough" does a disservice to people who actually expect it to be flawless.

Look at Lavabit, which was good but not perfect... everyone thought they were protected enough, and then the government came knocking and all of a sudden the little gotcha of "Well, Lavabit did have access to your data after all, even though they promised not to look and also be really careful about their encryption keys" is the crack they use to blow the entire thing open. (Though that was a pretty damn big crack, admittedly.)

If there's a way to break in, then it will be broken in to--and then "good enough" all of a sudden becomes "tragically and dangerously broken" for the kinds of people who trusted it the most: activists, whistleblowers, informants, political radicals, etc.
1 comments
pdx 4421 days ago
That's fair, and I do not want him to stop warning us. I recognize his expertise.

I just feel that these sorts of criticisms, that are not sandwiched with at least a little positive message, are keeping people paralyzed in gmail and yahoo and msn while they wait for perfection.

link
tptacek 4421 days ago
What positive message are you looking for here? Are you just glad people are trying to protect people, even if they're failing?
link
read 4421 days ago
tptacek, can you suggest a design for end-to-end email encryption delivered through a browser?

As theboss mentioned [1], is:

(a) browser crypto theoretically impossible, is it

(b) that something's practically from browsers today (like build-in crypto code) for a practical solution, or is it

(c) that existing attempts have not attempted to do something that is theoretically possible?

If I understood you correctly, you alluded verification might be possible [2] but it seems there isn't yet a clear description or understanding of what's possible and what's not.

[1] https://news.ycombinator.com/item?id=7757892

[2] https://news.ycombinator.com/item?id=7757678

link
tptacek 4421 days ago
Verification isn't possible in modern browsers. This is an inherently hard problem, one that has caused some people who've launched carefully-designed encrypted mail systems to abandon the effort.
link
read 4421 days ago
Am I understanding you correctly that verification IS possible in browsers, just not the existing modern ones (e.g. because of limitations in the existing modern ones) and that browser crypto is possible?

(I recognize it might inherently be a hard problem, but hard does not equal impossible. I also recognize there are benefits to a simpler solution that can outweigh the benefits of a harder solution.)

link