Why crypts are popular?

in #life7 years ago


Since 2005, there has been an increasing development of all possible messengers, which offer different options for encrypted communication between users, and such an explosion is not accidental. You can go deep into the reasons or not, but, really, now you can find several dozen developing projects that in one direction or another are developing the topic of cryptographically protected messengers. Why is this so?


Cryptography originated in military affairs and usually defended all sorts of secret state things. But from a certain point on, people who work through the Internet are concerned that the Internet, generally speaking, is all unprotected. That protocol stack, which was laid in the very beginning, does not contain any encryption at all. And the data transferred between any services that interact there, or people, go unencrypted. And the feeling that the network was built not by ourselves, but by the state or large companies, creates the prerequisites to take care of all the same by encrypting their data. Few whether there is a provider. And maybe such listening systems as the domestic SORM are constantly present on the Internet, accumulate traffic and analyze it by methods of analyzing large data, in order to monitor the connections between people - there are very few that are necessary. In general, people reacted very vividly to this, and one by one variants began to appear, including commercially available systems.


But so far no cryptographic tool offers what people really want, namely, to recreate on the Internet situations that are available in real life. In real life, we always have the opportunity to have private communication. In a pinch, a few people can choose a place by some preliminary arrangement, something to discuss. And it will remain in such a state that the content is known to many people, that is, everyone who collected, but the value of the leakage is very personal. In such a situation, there is almost never the presence of some third incomprehensible interested party with great opportunities.


On the Internet this is not so: there may always be someone outside. The computer manufacturer could install any software on its product. These programs can listen to something, send somewhere your data, and you just can not control it. With phones, smartphones, social networks - all the same. Technically, nothing forbids doing this, and then all companies at the mission level, some public image can control the expectations for their service, but what they really do is we do not know.


The level of development of cryptography has reached a point where many people are familiar with technology, with the current state of algorithms. And when they got a critical mass, they began to try to solve this problem, how to make sure that on the Internet we received the same interaction conditions as we have in real life, how this user experience is transferred to the digital communication environment.


And what is happening now in this direction? After the Second World War, an explosion occurred in the area of ​​state encryption programs. There are symmetric ciphers, algorithms with public keys, that is, cryptosystems, which are now the building blocks of almost any system that can be found, including numerous crypts. But in order to correctly combine these building blocks and get the experience you need, the required configuration, you need a very high concentration of attention to avoid errors, because the decrease in cipher resistance is possible due to a large number of different reasons. If you selected incorrect prime numbers when generating the key, too small, then all - all the keys that are generated in this field can already be compromised, with the backdating. If someone once accumulated a large amount of data on this key in reserve, having learned that the keys are weak, he can pick up and decrypt the data in ten years and in five years.


The main property that is now heard and tried by developers from systems is the so-called end-to-end encryption, that is, encryption, which reliably protects the channel between two subscribers, even if there is a server between them. Another property, which is also important for many, is non-repudiation. In cryptography, there is an electronic digital signature that ensures that the author of the encrypted data is the one who owns the private key. As it turned out in a number of situations, this is a bad property for users. For example, just lose a phone. Anyone who finds this phone can prove that the authorship of the data belongs to this particular person. This can have unpleasant consequences for the real author.



Now all major social networks have switched to cryptographic protocol Signal. This is one of the examples of protocols, which was developed by a team of enthusiasts initially to solve a civil problem. Then they organized the company, made their Signal messenger. Then they bought and licensed Facebook. The Signal protocol is integrated into WhatsApp and Facebook Messenger. In addition, recently there was another update of the protocol part of Skype. By indirect data, after analysis by the gray box method, it is clear that Signal has somehow been there.


Technological changes that occur during the life of the system are completely invisible to the user. The user does not have any possibility now even to learn that this happens only if he is interested in cryptography, is interested in the fate of a particular system and is ready to go deep into it. And this is a common problem for all cryptosystems that are being developed, including Signal, which now, it turns out, is spreading over large networks and already covers a large number of people. He can expect the same fate. We do not know if even the same people will stay among the protocol developers. Maybe they will not stay. Someone will buy, someone will change the technology platform, and everything will be different again, all the properties that attracted us will go somewhere, but we will not see it.


Richard Stallman, an evangelist of the open software movement, believes that any software should be open in the source code so that any person can be sure that there are no bookmarks, errors, and so on. Richard Stallman himself is really an example of a user who, probably, can check the software he uses.


But for the most part, people who install the application simply because it is popular and have been used by relatives will never do it. Even if in theory the possibility exists for him, out of the millions, maybe five people will take advantage of this. And probably, the complexity of cryptosystems itself is a big obstacle for this. Not only the complexity of programming and development, but also the complexity of crypto algorithms. Not every programmer and developer of the same messengers will understand the cryptographic part of this messenger. There is a backend developer who deals with the server of some Facebook Messenger, he may not know anything about cryptography at all. He deals with the API, the way the data goes back and forth, that's all.


This is a problem, which I would probably call the most important, the most important challenge in the field of cryptographically protected messaging systems. That is, it looks like a small part of life. But it turns out that it penetrates, imperceptibly becomes the background part of everyone's everyday life. Everyone is sitting in the messenger morning and evening, in breaks, when he goes to work. And since it penetrates so deeply and becomes a natural background, the vulnerability of people through such systems becomes underestimated.

Sort: