![\"\"](\"http:\/\/www1.ngtech.co.il\/wpe\/wp-content\/uploads\/2017\/04\/under_lock_and_key_by_fading_sunlight-d1y6wog-300x200.jpg\")
<\/p>\n<\/p>\n
Choosing the right path with encryption is a crucial manner in the modern Computers World but I want to take you far behind this era into 2 or 3 hundred years ago.<\/p>\n
Back in the 17 centaury there weren’t as many options to encrypt a message, if you wanted to implement a 512 bits based encryption you would first need to invest a lot of money on traveling and security of the first public key exchanging leaving\u00a0aside the trust you need to have for the key exchange location.
\nYes it was a complex and an expensive task that only some had the luxury to have, but today we hear “Let’s encrypt”\u00a0on a daily basis.
\nSo I took couple minutes to try and understand how would a single mind be affected if it would be required to encrypt a conversation.<\/p>\n
It’s not a normal thing to glance at, two persons sitting in a room and talking in an encrypted language. But the only thing they want to say to each other is “This is not a secure place, we need to go elsewhere”.<\/p>\n
For this single phrase they had a full 2 hours session!
\nThe first time I have seen such a thing I was stunned but then I started to delve into the depth of “The Encryption Hell”. It’s a place that is reserved for these who would like to talk\u00a0using encryption on anything.<\/p>\n
You must first understand that there is a lot of noise surrounding the plain text so you would need to have some way to handle the noise and also to handle the encryption and only then handle the actual conversation. This is the place of uncertainty! In such a world you cannot have some rest for your mind. The brain is always working and thinking about the possibilities. “Does\u00a0this word means that I need to leave the room this second?” it’s really a place that is reserved for these who live in a deception on every move they do.<\/p>\n
Here comes in handy the arguments about using open-source or closed-source based encryption systems. When you have an open-souce system you can share with others the methods the concepts and the ideas. Then you may have a chance to get into a better place then to stay in a “Stand Alone Complex”. But the closed source has to offer a lot!!<\/p>\n
It is possible to have a closed source and still have the benefits of the open-source world just by being connected to the right\u00a0sponsor. The myth that the closed source world cannot offer alternatives or advantages was proven long ago to be a false positive. There is no need to present an argument because the world works this way,\u00a0you can have both security and secrecy!<\/p>\n
An example for that is one of the projects I helped long ago to handle as a starter proxy servers admin. I was asked to give help with intercepted traffic analysis. Indeed I could write the proxy but there was some hash embedded into each message that resulted in the team trying to crack it clueless to what behind it.
\nThe target was to falsify a 128 bit transmission that is being sent over a tcp socket from the client to the passive server. The hacks were required to hack only 128 bits. The end result was that after about couple days they said that the encryption is impenetrable!<\/p>\n
What was the blocker, the lack of CPU? it was a team of more then the most talented hackers.
\nWas it the money? They got a lot of money only for the trial.
\nWas it RAM? they had a full fledged servers\u00a0flat available only for their use.
\nSo what was missing?
\nTwo keys: The main private and the Diffie Helman one.
\nThis technique has been in use in the world for hundreds of years but not many used it. Not many knew how to use it and not many where able to operate such a cipher system. This is one thing that took empires up and down: Encryption.<\/p>\n
For us this “function” was off-loaded from the human mind into assisting disposable devices such as a SmartPhone while many do not even know or understand what’s under the hood. We can walk with an encryption device in our pocket without using any of our brain “CPU” and without touching our pocket.<\/p>\n
So 128 bits aren’t that much but if you use them right they would be sufficient and you won’t be required to recalculate every second the escape route from you current position to a safe state\u00a0or place.<\/p>\n
One of the most used concepts is\u00a0blending into big crowd\u00a0to loose tracers. It’s not the most efficient way to do so but if you begin a session in a very noisy place there is a chance you would be able to exchange keys without anyone knowing. So today we have the option\u00a0to\u00a0get some level of secrecy without paying too much like in the old days.<\/p>\n
Indeed for a money transfer you would need a big and well shielded truck but with a group of assassins or a well trained ex-army experts you would need couple tiny cars , lot’s of cash\\gold\\goods and a route. It is possible to secure a transfer without using the “Heavy Gear” but with the “Right Team”!<\/p>\n
It’s a known way to run\u00a0security and\u00a0my way of things is to help others with it.<\/p>\n
I asked myself couple times in the past: Should I start an encrypted session? And then I noticed that it’s not required to invent keys, I already have them. My ancestors left me with many keys and many ways to encrypt even in the harshest conditions.<\/p>\n
I have a library which I use as a delta and reference daily to analyse and decrypt the most hardened and complex minds in the world.\u00a0I can say that I have secrets but I daily lock them and throw the key. After each time I am throwing the key I am chanting a secret spell that was passed in my family for ages and I remeber that we are all in the same boat and in the moment I will try to dig a hole in our unified boat we will all sink together.<\/p>\n
So how far will you go deep into hell to throw your keys? will you use\u00a0your Cerberus to defend this ship? will you throw your\u00a0given keys to hell ie the most secured place in the entire universe?<\/p>\n
Diffie Helman is one of the most proven method for forward secrecy of encryption and I am using it daily long before it was introduced to the public SSL world.\u00a0I took couple trips to hell because of it but eventually even the most notorious psychiatrists and therapists declared that I am a proof of a truely hardened human.<\/p>\n
In my line of work as a Linux SysAdmin you must be Hardened! and you must\u00a0know what the Linux “Talisman” is made of. You cannot blindly use it as is!!!<\/p>\n
Long ago after the Squid-Cache RPM was downloaded more then 10k times I stopped counting. This is \u00a0since there is a hidden secret inside each and every one of these downloads “I trust you Eliezer Croitoru to provide me a true\\good binary of Squid-Cache”.<\/p>\n
Squid-Cache is a production ready product but it requires a very Hardened character to use it<\/p>\n
Encryption is a challenge, if you are up to it jump into SSL-BUMP and see how and if you manage to make it work.
\nThrow your fear from a Server Crash!!! the Squid-Cache team is working hard so you would be able to test their ability to make you happy enough to see the magic that they can do. Indeed it’s not the perfect product but it’s worth just trying to see and understadnd what it might lacks.<\/p>\n
All The Bests,
\nEliezer Croitoru<\/p>\n
References:<\/p>\n
Encryption, how far will you go? SQUID 3.5.25 + 4.0.19 RELEASED Choosing the right path with encryption is a crucial manner in the modern Computers World but I want to take you far behind this era into 2 or 3 hundred years ago. Back in the 17 centaury there weren’t as many options to encrypt … Continue reading Encryption, how far will you go? \u2013 SQUID 3.5.25 + 4.0.19 RELEASED<\/span>