Most secure form of communication over the net
- Thread starter feredim-924
- Start date
could it be SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
The "Off" switch. It tells others you don't want to hear from them, and you can't get any viruses or other malware. Use it. :whiste:
Last edited:
That is a rather silly question. It depends on who you are trying to be secure from, what kind of security you're talking about and what kind of protocol you want to put into this security.
The most secure form of communication is not on the Internet.
But if you're talking about... say.... end-to-end chat like email or instant messages, you have to consider a few factors.
Let me borrow from the Cypherpunks website:
1) Encryption
No one else can read your instant messages.
2) Authentication
You are assured the correspondent is who you think it is.
3) Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
4?) Forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
Which of those is most important to you? It's nearly impossible to have all of them and a system that gets close is very cumbersome to use as it requires various trust relationships, as well as complex systems for key management and message generation.
So, can you clarify?
OK.
I talked about theoretical concepts surrounding end-to-end security.
I have never heard of SILC specifically and their website is apparently down. I can find very little information on it other than that and what I did find was from commentary on fairly obscure internet forums.
As far as the protocol (per Wikipedia), it is basically a standard public/private encryption setup. There are a lot of tools that use a similar rig, so.. sure "SILC" is maybe one of them. Have you seen a code audit to ensure it's implemented properly? Do you know if the algorithms are set up correctly? Are your correspondents doing a manual key exchange to avoid man-in-the-middle attacks against the automated key exchange?
Your questions are too simple. They don't reflect an understanding of how things work.
"What is the best car?"
"uhm... since i like to drive up mountains, the best car is a Hummer"
"well I value fuel economy, so I think the best car is a Prius"
"I like fast cars, so I want a supercar like a Veyron"
"The best car is one I can afford, so I favor a used Kia"
Do you see how dumb simplistic questions can be answered a hundred ways and still be correct?
Umm no, not really.
Most people have an idea of what is the best based on things like popularity, experience, hearsay, etc.. etc...
Please stop being the jackass nerd who thinks he knows everything.
As for the 'most secure form of communication over the internet', you should really just have thought in regards to whether it has been hacked before, the possibility of it being hacked in the future, encryption strength, etc... Most people don't have the time to read your long ass explanation even if you had one.
Most people have an idea of what is the best based on things like popularity, experience, hearsay, etc.. etc...
Please stop being the jackass nerd who thinks he knows everything.
As for the 'most secure form of communication over the internet', you should really just have thought in regards to whether it has been hacked before, the possibility of it being hacked in the future, encryption strength, etc... Most people don't have the time to read your long ass explanation even if you had one.
lxskllr
No Lifer
- Nov 30, 2004
- 59,391
- 9,920
- 126
Sounds like you want your hand held, and that's not how the world works. STs answer was perfectly reasonable. If you don't have the time to read lengthy explanations of a highly technical topic like encryption and security, then you should forget the whole thing, and don't worry about it. Even the easiest solutions are hard to do correctly.
Wow...
As a IT person of over 10 years, and one who has recently been going for CASP and CISSP, I can second lxskllr's statement that ST's post was reasonable. Security is not a cut and dry, black and white topic. Discussions on this topic tend to lengthy. If you "do what you want", and what you "want" is to get what you asked for: "the most secure form of communication over the internet", then you better also "want" to read long explanations. If you do not then you must also not want to get the most secure form of communications over the internet.
There is a reason why the average person with a CISSP makes around $100,000 a year. This field is no joke, and is not even close to SIMPLE. One of the reasons I am pursuing it, it is very engaging, challenging, and fulfilling... in addition to paying well.
As a IT person of over 10 years, and one who has recently been going for CASP and CISSP, I can second lxskllr's statement that ST's post was reasonable. Security is not a cut and dry, black and white topic. Discussions on this topic tend to lengthy. If you "do what you want", and what you "want" is to get what you asked for: "the most secure form of communication over the internet", then you better also "want" to read long explanations. If you do not then you must also not want to get the most secure form of communications over the internet.
There is a reason why the average person with a CISSP makes around $100,000 a year. This field is no joke, and is not even close to SIMPLE. One of the reasons I am pursuing it, it is very engaging, challenging, and fulfilling... in addition to paying well.
Wow...this thread had some potential. But I guess the OP doesn't really want to know the answer.
Modelworks
Lifer
- Feb 22, 2007
- 16,240
- 7
- 76
Really anything you send over the internet is safe if you encrypt it first. Internet is just a pipe and if the content is encrypted it doesn't matter what pipe it uses to get to the destination. If you want a secure connection dedicated to non encrypted content you are dreaming because the only way to achieve that is running a cable between two computers with nothing else connected.
Some companies use a dedicated hardware encoder that encrypts traffic and sends it over standard HTTP, where on the other end it is decoded by a matching hardware decoder. Anyone receiving the data in between the two boxes gets junk and it doesn't require using special ports or protocols.
Some companies use a dedicated hardware encoder that encrypts traffic and sends it over standard HTTP, where on the other end it is decoded by a matching hardware decoder. Anyone receiving the data in between the two boxes gets junk and it doesn't require using special ports or protocols.
But the encryption that you're talking about is only addressing the Confidentiality of the data during transit, and that's only 1 part of "security". Depending on what problem is trying to be solved, then that might be the most important and relevant part of securing the data, but that depends on what the system is trying to accomplish. That's what the earlier responses were saying, and their responses were 100% on point.
This is a VERY simplistic view of Internet security.
Like another post said, it addresses only one part of the issue.
The "ideal" form of security is theoretically a "one time pad". It is a type of encryption that uses a shared key to encrypt data. The issue is that for it to be perfect encryption, the cypher has to be exactly as long as the message and must be shared in advance through another (off-line) channel that itself is perfectly secure and impossible to guess.
Obviously, this isn't practical on the Internet, so we have trade-offs between simplicity, usability, speed and security. In the past, some people have made very poor decisions. Encryption such as "WEP" encryption in the old 802.11b (Wifi) standard is a legitimate stream cypher encryption, but it was handled very poorly making it vulnerable to attack. Today, with modern CPUs and algorithms it is a trivial task to decrypt this encryption using statistical attacks against the initialization vectors that construct the stream.
So simply saying "anything you send over the internet is safe if you encrypt it " is patently not true. The same goes for a number of other "encrypted" streams such as various old forms included in things like ZIP files and Word Documents. There are other examples, like DES-48, which are considered breakable today through sheer brute-force keyspace attacks.
Of course, the "hardware encoder" he's talking about is probably some misunderstanding of either a VPN (which has nothing to do with HTTP) and SSL/TLS via HTTPS, (which does have to do with HTTP, but frequently nothing to do with a dedicated "hardware encoder"). Regardless, sure VPNs are good, but it depends greatly on how it is configured.
There is the encryption layer, which can rely on something like AES via IPSEC or 3DES via PPTP. There is also the session initialization protocol (something like IKE), which allows the initial key sharing and usually requires some sort of credentials. I have seen many companies who's VPN uses the password "cisco" on their Cisco IPSEC VPN. While the VPN itself may appear secure, it's not because an attacker can easily guess the session initialization key.
So, like I said before, this topic MOST CERTAINLY is not simple. It's not even close to as simple as "feredim" implied in his first question and it's not really nearly as simple as "seepy" implied either.
But it sure is an interesting topic!
Last edited:
LOL, I usually don't chime in but when peps whine like a baby I can't help myself.
Word of friendly advice, either you supply some basic answers to the people who are trying to help you or your thread will die.
Worse, start pissing people off and the flames will start, then the Mods will step in, lock the thread and issue warnings and or time outs!
Good luck
I don't care bitch
---
Your attitude is uncalled for and not appreciated, noob. Take this as your one and only infraction-free warning.
Harvey
Senior AnandTech Moderator/Administrator
---
Your attitude is uncalled for and not appreciated, noob. Take this as your one and only infraction-free warning.
Harvey
Senior AnandTech Moderator/Administrator
Last edited by a moderator:
Modelworks
Lifer
- Feb 22, 2007
- 16,240
- 7
- 76
Sure it is true. Data using strong encryption is safe because you cannot decode it, it might as well be binary junk.
No. The hardware encoders I am talking about use DSP chips to encode and decode data, there is no pre-shared key because one isn't needed. Instead the algorithm is stored inside the physical chip , it isn't an externally accessible program, and the algorithm itself is generated on a pair of chips at creation so no other pair shares the same algorithm. The chips have to be used in matched pairs. As the data passes through it is encoded with a key that changes every 200ms . The protocol doesn't matter and it is transparent to the user.
http://www.safenet-inc.com/products/data-protection/network-wan-encryption/ethernet-encryption/
These are all software methods of encryption and build on the older protocol based methods of security. The newer hardware forms don't care about protocols, ports, or have the need for passwords or keys.
Last edited:
Interesting topic.
I know such devices exist (ASICS with embedded keys and dedicated links), but I've been doing security consulting with a few hundred multinational corporations for the last half a decade and I've never even heard it discussed as a practical means of security. It's a theory that might be used for custom military hardware or spy-agencies, etc, but it's definitely not in the business realm, at least not to any significance and wouldn't be able to tunnel over the Internet.
Regardless, it's an interesting topic.
I do have to point out that the link you provided is a hardware device using all of the technologies you said it doesn't use. In fact, it uses almost every technology we have discussed in this article. It's basically just a layer 2 VPN device, encrypting at the transport layer.
According to the sales documentation here: http://www.safenet-inc.com/uploaded...ef_EthernetEncryptor_Branch_ Office_FINAL.pdf
It uses a digital certificate (probably X.509 like HTTPS) to to validate a 2048-bit RSA public key, which initiates an AES-256 tunnel and supports HMAC/SHA-512 hashing for nonrepudiation. The cypher keys in the AES-256 algorithm are configurable and each device can hold multiple keys so that you can configure multiple endpoints for your communication channels.
I'm sorry but what is "the protocol model of security?" and what is implied in it being outdated?
Internet communication (and all electronic communication) relies on protocols. It's why we have the 7 layer OSI model to describe them. The Internet relies on the TCP/IP protocol (in layer 3, or "network layer"). To communicate over the Internet, you need to encapsulate your communication into TCP/IP. This is what IPSEC and PPTP do.
If you are talking about layer 2, which is the "link layer" where Ethernet's 802.3 and "Wifi" 802.11 operate. This can be encrypted by different protocols, but there isn't a standard one for wired connections (which is why that encrypted ethernet device you pointed at is considered a bit novel). For wireless, 802.11i defines the protocol sometimes known as "WPA2". There are ways to try to encrypt layer 2 traffic, but most use some encapsulation technology such as IPSEC, so they require a separate channel through the OSI model.
Anyway, if you have any specific information about a hardware encryption device with an embedded secret key algorithm that is commercially available, I'd be happy to take a look at it. It sounds like an interesting enough concept to be viable for certain dedicated secure links or something...
Lithium381
Lifer
- May 12, 2001
- 12,452
- 2
- 0
OP - I would read and understand RFC 1149 and implement those suggestions into your network.
http://www.ietf.org/rfc/rfc1149.txt
that is a draft of the specifications, I think you'll find it a little long-winded but It may just be the perfect solution for your secure communications.
http://www.ietf.org/rfc/rfc1149.txt
that is a draft of the specifications, I think you'll find it a little long-winded but It may just be the perfect solution for your secure communications.
I config these at work: http://www.gdc4s.com/content/detail.cfm?item=04f6b069-99d7-4642-a75f-773a0d70e16c
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter