Submitted by ActivePersona t3_11b6wx9 in technology
hodor137 t1_j9xcga4 wrote
Reply to comment by 1wiseguy in Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption by ActivePersona
I didn't say it was secure, or good. My point was that just because "encryption" is used doesn't mean there can't be a back door that prevents a 3rd party from reading your messages.
1wiseguy t1_j9xiysd wrote
A back door literally means a third party can read your message.
In theory, it's a good third party, but there's no way to be sure of that.
Heijoshinn t1_j9xom8a wrote
I replied to another comment of yours regarding encryption. But this statement you made gives much more clarity on your issue of "trust" in [insert company here].
Encryption works depending on it's implementation. Take AES for example. It's a standard that's wisely recognized and widely used by virtually everyone on the encryption scene. As a result, it's been tested, used in multitude of ways and is regularly attempted to be broken. That's because AES is the standard. Since this is the case, it's less likely to have side channel attack weakness due to it's wide spread application and audit.
Compare that to something like TwoFish. It's strong like AES and is built differently. You could use this method of encryption and likely be safe. However, it's not widely used. This means it's likely not audited or scrutinized as much as AES and since it's not used as much, it's implementation is also at higher risk of side channel attacks. Without players routinely executing TwoFish encryption, it's level of progress is much lower than AES by comparison. This doesn't mean TwoFish is necessarily inferior but that it doesn't have the "run time" that AES has.
Viewing a single comment thread. View all comments