Hacker News new | past | comments | ask | show | jobs | submit login

If only there had been a backdoor in the system, or no encryption, law enforcement could have prevented this. /s



The US government has some of the best CNA/E defense anywhere in the world - certainly better than almost all of industry - even departments that you would otherwise think are puny.

The backdooring and lack of encryption in software is because the US is still a primary exporter of technology and we want to be able to continue to hack, surveil, message and control those who get US technology. US FedRAMP and other compliance minimums insist on the use of properly configured encryption in private industry to protect government information and cyber sharing programs enable both the sharing of data between private and public sectors for surveillance and for the detection and analysis of foreign cyber attacks. The US government has state of the art encryption (for the most part) and some of the most heavily monitored perimeters.

None of this is enough to stop cyberattacks, which have all of the advantages in their favor.

So while I'm inclined to agree with you that the US should stop mandating backdoors and weak encryption I don't think its a fair characterization to suggest this anything to do with why the US was breached.

China and the US are battling each other in several arenas of influence, as are Russia and the US. In this case the US is trying to stop Russia and China's global and regional power projection and these countries do not accept the US world order and their current place in it.

Conflict is inevitable. It will be interesting to read the history books to see what gets written about the role of the information warfare space and what role it plays in whatever outcome we get.


> state of the art encryption Encryption Is not rocket science. It's trivial to make encryption arbitrarily harder to crack by using larger keys. There is no practical limit to key sizes.


Encryption is extremely hard to get right. Increasing key sizes does not matter if your scheme, protocol, padding, chaining mode, implementation, nonce values, randomness, key management, user interface, key agreement, key generation, IV generation, constants and settings, etc are done poorly - and it is difficult to get essentially every one of these right.

There is state of the art encryption. Encryption is not about key size.


> user interface Yeah, if you are implementing it for other users, you can be forced to put backdoors. All bets are off. I mean encryption for your own use. All you need is a hashing algorithm like sha256 and your key.

> randomness Why would you trust a computer with randomness. Take a picture, and hash it... Not so hard.

> 3rd party encryption is probably backdoored even in "state of the art" nsa employees hands. I doubt they trust their own employees. They know they probably have double agents around.


Here you very clearly illustrate that you do not understand cryptography at even a minimal level.


What is CNA/E? Google wasn't helpful.


Computer Network Attack/Exploitation, also see CNO - Computer Network Operations.


> The backdooring and lack of encryption in software is because the US is still a primary exporter of technology and we want to be able to continue to hack, surveil, message and control those who get US technology.

Booh.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: