4. Do not use an Internet access point if at least one other (your) device, home IOT devices, is connected to this access point).
good point as anything with access to other machines on the network can sniff packets and otherwise wreak damage to machines on it. i have several access points for the various stuff.. one for ip cams systems, one for stuff like TVs, one for google/alexa stuff, one for other IoT (washer/dryer etc), one for guests, and one for my wireless computers and such. none of the items on those access points can see the others. but stuff on the same AP can (usually) see each other as they usually need to. EDIT: forgot to mention the obvious takeaway.. plus a separate AP for the rig you use the wallet on. ------------------------------------------- Are you writing this seriously, or is this a joke on the subject? It's good from a security point of view, but it's too deliberate. For example, why make a separate point "one for things like google/alexa" when this service already transmits everything it hears to servers, even when you don't use it? All that this service hears is the same thing that anyone who attacks you will catch on the network. If you're not kidding, you are very concerned about your security. I mean, if you have 10 access points, you probably have 10 routers. For security reasons, all of these routers must be connected to different wired networks on the Internet that are not associated with you or your residential address. Is that possible? The fact is that all routers are visible to the attacker. And if he notices 10 routers on one wire, he will immediately know where to look for you. Then it's a matter of technology, because all routers are good targets for a new attack vector. The situation is even worse in the sense that in 2019 there were a lot of messages (I can even find them if you are seriously interested) about the vulnerability of the hardware of these devices, which has been exploited for 10 years or more! And, oddly enough, it was the encryption of the data packets themselves - transmitted over the network. There was something there with encryption keys sewn into the router. In general, in your case, this is also something that you should consider very carefully when choosing a router model. There is no point in putting washing machines and TVs on different access points or guests. This only increases the risk of an attack on you, not decreases it. But I think you were joking... |
|
|
|
Current encryption innovation goes to be less steady than we recently anticipated.Bitcoin encryption and personal keys are going to be unprotected by 30. In any case, just significant activities chipping away at it'll accomplish this accomplishment and expectation that none of them will ever assault Bitcoin.  -------------------------------------- Nobody really knows when it's time for the Bitcoins to be completely vulnerable. Everyone here has different opinions. I agree with those who are in a hurry, who want to speed up the transition of block-chain technology to more robust encryption algorithms. But the key problem will never be solved in the future and will be just as dangerous as it is today - because of the possibility of compromising it. As long as the encryption used by the user has the same key for all the information that the user encrypts, there will be a danger that not only the key will be stolen, but also cryptanalysis. For these reasons, I don't think it makes much sense to implement more robust cryptography and leave the keys as a necessary encryption component. Scammers don't break cryptography, they steal keys. And a normal person, always wonders how to do that? But statistics on cybercrime clearly show what can and isn't as difficult as we might think. Yes, and most importantly, the keys cannot be stored in human memory, we have to trust the devices, and this is a vulnerability. The only radical solution to the key problem is their absence. There is keyless encryption technology. Essentially, it is a technology that encrypts every little piece of information - with different encryption schemes, as if it were similar - encrypting every little piece of information - with new keys that are not passed from user to user, are not stored anywhere, and any new encryption rule (as if a new key) cannot be calculated from the old encryption rule (as if the old key) knowing only the encryption and the old encryption rule (old key). This is the new technological solution to the key problem. |
|
|
|
I still want to feel that I control something and know the password.
--------------------------- Do you really think you control when you have a password? And how can you be sure that you're in control and not someone else? Maybe your password isn't just yours anymore. Who knows if your information is here: - The FBI recently seized the domain WeLeakInfo.com for giving users access to data that's gone online. The operation was carried out jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland. The website provided users with access to data from over 12 billion entries (!) containing email addresses, logins, telephone numbers and passwords. And that's the amount of user data available on just one domain! The collapse of the password security system has already occurred, but we do not notice it persistently. |
|
|
|
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets
It's still a shared secret though, right? It's still a key? Keyless cryptography
Maybe I'm being stupid, but I don't see how this can exist. Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it. So in the first instance, the secret is the key - whether we call it a key or not, that's what it is. And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained. ------------------------------------- It's the exact opposite. If you have a key, you decrypt any information. If your key is stolen - having a previously written cipher - they will decrypt the information again. This function is the key. What does a key do? It changes the general encryption scheme to an individual one. That's it. That's it. If you encrypt the word "hello" today and tomorrow with the same key, you always get an Absolutely SINGLE SHIFT. It's the other way around. Even the first data pack will be different from the second data pack with the same information and the same "key" - like day and night. So how can this common secret be called a key? Think about it. And as for all other packages, after the second one, for example, if the package has 256 bits, then how do you guess the rule code, it means no key? Even a quantum computer in 100 years can't guess. And if it can guess, then how without a key, without knowledge of the rule, will it understand what it has guessed? Because it's a rule on no other data packet - it won't check. So where's the public access here? It's top secret. And the most unusual question is how do you know that this data packet contains information at all? And if there is, how many bits of 256 contain it? Do you feel the failure of such hacking attempts? |
|
|
|
Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.
So what will quantum cryptography solve if it is key?
Are we just talking about the distinction between symmetric and asymmetric cryptography? I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method. Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2 128 operations to derive the bitcoin private key, a QC running Shor takes a mere 128 3. ---------------------------------- Keyless cryptography doesn't exist anywhere but 1) on this blog: https://bitcointalk.org/index.php?topic=5204368.40 (from which the administrator deleted about 100 posts of the author); 2) in the theory that is written, can be sent on demand, which justifies the fundamental possibility of such a model; 3) and in one project, which most likely will not be filled with money, because investors do not want to understand the subject at the level that is necessary: https://toxic.chat/. Each packet of data is encrypted with only its own, brand new encryption scheme, which looks similar to its own key, which has never been negotiated between the parties, never transmitted, stored or generated. So is it a key? This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets of the response data packet, and which is better called a channel identifier than a key. It creates a channel, and is never used again. Moreover, the first data packet sent by this kind of "key" and the second data packet received in response, created with this "key" - have completely different encryption schemes. Moreover, the presence of this "key" in Eva's hands does not allow her to open the communication channel. To do this, she needs many other things that can be read in the theory of this technology. But as I see it, the biggest bonus to this technology is not that you can't even find and steal your encryption key, but that it provides two-way continuous password-free authentication. An example of how this works is described in the blog above from today. Yes, and now phishing, in any form, is just a scary story from the past... |
|
|
|
Authentication without a password does not mean that you do not have a password.
I take it it it's not clear, what's the difference and what's new with this technology?
What's new here is that you only use a password once when you register on a site (like a site).
Password, of any complexity - for a site always looks different for you, it looks like a digital code. And the numerical code - by appearance of which it is impossible to find out your password.
I still don't see how is this better than 2FA. The secret password/seed is needed and one more "derivation" component based on time is necessary. The problem of 2FA is the way it's usually implemented and used, favoring the secret password/seed being stored on vulnerable devices. But nowadays there are hardware devices handling that too. -------------------------------- About 2FA - I described in detail in the post of March 09 = 13 ways to bypass this technology. The more factors, 2FA is more than 1FA, the harder it is to bypass 2 levels of protection when the technology first appears. But with time, when cheaters start to study it, they find ways to hack, and their methods of hacking concern each of the factors. It's all described above. If it's 3FA, 4FA... it's going to be the top at first! And at the end, as soon as you get used to it, you get even more hacking than with a 1-PhA than with a normal password. If I were to suggest one more factor, time: 1. I would not offer anything new, this idea is many years old and it was useless; 2. I'd introduce a third factor that would only weaken, in the end, not strengthen the defense. For now, I'm stopping myself from being so stupid... The basis for passwordless authentication is that as a client and server, you need to identify every packet of data. A data packet is a bit sequence of a predetermined length. You need to recognize your bitmap sequence from an outsider. In addition, this identification only works simultaneously in 2 directions. And only continuously, for each data packet - the same check. But how can we do this if we do not know in advance what information is transmitted in the next data packet? No way. With this data packet you will do nothing, accept, decipher. And put it on hold for inspection... the user won't get it yet, even though it's decrypted. But then you need to form your data packet and send it. And how do you form it if you don't have the key? That means, you need to use all events in the system - as arguments for irreversible functions (hash functions) to get a result - which will set up a new encryption scheme for a new data packet. Recall that we are talking about a geometric encryption model (who has not read above - read). And what new encryption scheme will I get? If I decrypted every bit of it correctly (and in all rounds, not just in the end) - it will be exactly the same as it was prepared to receive my data packet - my companion. In other words, me and my conversation partner, the new encryption and decryption scheme will match! It's a symmetrical encryption system. And in the end what? I "correctly", understandably for my interlocutor, encrypt my data, and he will take it and decipher it correctly. And if I decrypted the received data packet incorrectly, at least by 1 bit - my encryption scheme will be cardinally, thoroughly, very much different from the scheme prepared by my conversation partner. And what will happen? He will decrypt my data incorrectly and prepare another encryption scheme for his new data packet. The situation will become avalanche-like - we will no longer understand each other, which means that the data packet that I decrypted, postponed, and did not give to the user - will be found to be erroneous: 1. or erroneously decrypted due to interference in the communication channel or no matter what else; 2. or it's not our data packet at all, it's an attack, modification, misinformation - no matter what, it's fictitious. So what do we do? Let's not cry. Let's ask for a repeat of exactly this data packet and start building a new encryption scheme - exactly the same scheme as the wrong data packet came in and failed to check. Let's do it again. Until we get and correctly decrypt the new, repeated data packet, until the data packet is unambiguously authenticated as "its" by the new data packet - we do not use the information encrypted in it, it is recognized by the system as misinformation. It is clear that the data packet, apart from the information, has a sufficient set of service bits to make a preliminary check of the package - in advance, until its full decryption. It is clear that the geometrical space has not only elements filled with information, but also a lot of empty cells, and if the information is not true, then the decryption will be built a vector on an empty cell and the system will understand in advance - that somewhere there is an error (see the following). Vector-geometric encryption scheme from December 7, 2019 in this topic), but it's all the nuances of the technology, they are not needed to understand the principle of identification and 100% authentication of the sender of ALL ONE DATA PACKAGE and the same EVERYTHING DATA PACKAGE! With normal authentication - the server recognized you (you server usually only recognize by the appearance of the site - and this is in our 21st century!!!!), and then works with you without checking each data packet, your he or Eve (attack man in the middle and other nasty things). That's what all phishing is based on - you've had your passwords, every security factor taken away once, and everyone is using it without fear that the server will notice a spoof. One theft is a bunch of problems. It's now. We have nothing to steal because the encryption scheme (like key) for each data packet is different (like key). If this non-existent key, this encryption scheme - the cheater steals it, he will not be able to use it for the following data packet - he can not until he steals your entire device. This is real security and real authentication, not a password template. |
|
|
|
I still want to feel that I control something and know the password.
--------------------------------------- - Recently, unknown persons attacked UN units, "as a result, components of key infrastructure in Geneva and Vienna were compromised ..." - quotes Dujaric Reuters (stealing keys); And that's what it leads to, password, key, the essence of one you break through them even if you have post quantum cryptography or quantum key distribution. By the way, nobody limits you from a password - in passwordless authentication or from a key - in keyless encryption. This is your own business. But if this "your personal business" is stolen, then this technology will NOT be able to use it against you. If you only use a password or just a key, then even if you live in this future with new cryptography, there is phishing and other nasty modern things against you. No cheater breaks the cryptographic system or password authentication, their mind is not so configured. That's what they do against us: - The CIA, together with the German Federal Intelligence Service (Bundesnachrichtendienst, BND), has been reading secret messages from officials in more than 120 countries for the past fifty years (!) through Crypto AG, a company that produces special encryption equipment (via encryption keys); - security researchers from ESET discovered the dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips from Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) that use the WPA2-Personal or WPA2-Enterprise protocol with the AES-CCMP encryption algorithm. Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack. The Kr00k vulnerability is related to Key Reinstallation Attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by the WPA2 protocol (keys again); - huge problems with device shells that contain embedded vulnerabilities such as embedded passwords and embedded SSH/SSL keys. The appearance of one such device in your home, including an IOT device, connecting it to your home wi-fi, allows you to attack all your other devices connected to the same access point (keys, passwords); - experts found a database with unencrypted e-mail addresses and passwords of more than 1 billion users on the Web, put up for sale by a cybercriminal under the pseudonym DoubleFlag (passwords); - of the 175 million RSA certificates analyzed, over 435,000 are vulnerable to attack. At the international conference IEEE TPS (Trust, Privacy and Security) in Los Angeles, California, a group of researchers from Keyfactor presented these results (vulnerability of key infrastructures in general). So what does the password give? Protection? It's more like the opposite. |
|
|
|
The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.
-------------------------------------- Hacking technology using quantum computers and transmission technology using linked photons are different things. The name is one thing, and everything is different. |
|
|
|
what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.
Hi again I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that. QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all. But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem, some sort of unhackable communication process may be possible. QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important. QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC. ---------------------------- Yes, dear interlocutor, there are no objections, I am ready to defend every word you have written. Post quantum cryptography is really classical, because it is built on complex mathematics and large numbers. But that's not all - it has a key. Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough. They do it in a simple and elegant way - steal keys. And successful, too. Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out. And that's why it is needed, that's briefly, what happens with key (and passwords, it's the same) methods: - Recently, unknown persons attacked UN units, "as a result, components of key infrastructure in Geneva and Vienna were compromised ..." - quotes Dujaric Reuters (stealing keys); - The CIA, together with the German Federal Intelligence Service (Bundesnachrichtendienst, BND), has been reading secret messages from officials in more than 120 countries for the past fifty years (!) through Crypto AG, a company that produces special encryption equipment (via encryption keys); - security researchers from ESET discovered the dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips from Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) that use the WPA2-Personal or WPA2-Enterprise protocol with the AES-CCMP encryption algorithm. Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack. The Kr00k vulnerability is related to Key Reinstallation Attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by the WPA2 protocol (keys again); - huge problems with device shells that contain embedded vulnerabilities such as embedded passwords and embedded SSH/SSL keys. The appearance of one such device in your home, including an IOT device, connecting it to your home wi-fi, allows you to attack all your other devices connected to the same access point (keys, passwords); - experts found a database with unencrypted e-mail addresses and passwords of more than 1 billion users on the Web, put up for sale by a cybercriminal under the pseudonym DoubleFlag (passwords); - of the 175 million RSA certificates analyzed, over 435,000 are vulnerable to attack. At the international conference IEEE TPS (Trust, Privacy and Security) in Los Angeles, California, a group of researchers from Keyfactor presented these results (vulnerability of key infrastructures in general). So what will quantum cryptography solve if it is key? It's nothing. It's also expensive. And not for everyone, only those who sit on fiber optic cable. And also for those who can't visit any website on this device, otherwise they'll get a spy program and steal the keys. Nothing but a commercial result to the creators, this method does not give. These keys will be stolen the moment they are used for encryption. And then you will be listened to and read everything that you encrypt, and you will know nothing. End of game. And in keyless technology, there's nothing to steal, no keys. |
|
|
|
Sorry guys but it got me lost out there after reading through. So keyless encryption is basically what we are all doing on a daily basis when our devices encrypt stuff right? For example I'm sending Telegram messages and it's all getting encrypted, but I'm not using any key.
But passwordless authentication, I still don't get it. My voice or fingerprint is still my password right?
------------------------ No, that's not right. When you send messages through a messenger, or by mail if encryption is enabled, this is normal key encryption. Which one is a question for the program you are using. If it's E2E encryption, then 2 cryptographic systems and Meclie Marlinspik's double ratchet (first used in Signal) are used at once. Yes, you don't make up the keys, you don't even know them, if you're particularly gifted, you don't even know that the channel is encrypted. But it is encrypted with the keys, the keys are stolen remotely from you, and then you are listened to, and you say, write without understanding that your ears are already sitting. The general type of protocol is very sketchy and very unspecified: 1) An asymmetric cryptographic system (usually RCA or ECC) negotiates the shared session secret key of the communication channel, the given encryption session. 2. This key is then used by some symmetric cryptographic system to encrypt your traffic. 3 If there is an E2E, then each message has its own additional modified key, derived from the shared encryption key and a number of other factors. That's it. This is a protocol built on key encryption systems. What does it take to read your channel? A key or keys. How do crooks get them? Easily, in a variety of ways, read online. What are the consequences of using key systems? Global. Fraudsters do not break a cryptographic system, except for someone who is waiting to run a quantum computer for public use over a network (there is such a service). They collect your encrypted messages. Then they get the key. Then, all your secrets stop being secrets. Or they do it quickly through a 'man in the middle' attack, phishing and other nasty things. And you don't know anything about that. What does a keyless encryption system give - no matter how many of the above problems, no matter how many of your encrypted messages a cheater (or special services, which are the same) would accumulate, no matter how many "keys" he steals or searches for with a quantum computer - he will not find them for a simple reason, they simply do not exist. Let him try, and we'll see. What a bonus to such an encryption system is passwordless authentication. You don't need to enter a password, this password doesn't remember your or a third-party application and doesn't enter it for you, you don't need to put your finger on the sensor, your eyes, blood, heartbeat, DNA, your saliva and your other biological waste. You need to access the channel from the program you came in from earlier. This program (encryption program, keyless cipher generator - KCG) has a unique, original state of its internal spatial virtual continuum. So, encrypting your information (or false information if you are silent) always, for every packet of your data that you send, happens by a new rule that only a second program that has all the same up to one bit history of communicating with you, all the up to one bit correctly decrypted previously information that does not accumulate, but is an argument for a derivative that changes the geometry of your internal space. The analogue. You're welcome. How many chess games, how many options are there for arranging pieces on the chessboard? Many, I couldn't calculate. Now add here a variable number of pieces from 1 to 64 (instead of 2 to 32, as is). Also add here a game without rules, which means that any piece can turn into any one and have new variants at all. After that add one more condition - there are no 2 or more identical pieces on the board (for example, in chess there are 16 identical pawns). And now there is an indefinitely huge number of variants - you do not apply to all possible variants of information, but only six (six) bits, and 6 (six) bits have only 64 variants of encryption, more and more do not. And you have 1000 chessboards, one for every 6 bits of open information. Is there even one contradiction and limitation, as safe to encrypt without a key (in your logical tunnel of time) and as safe to identify the correct cipher from the false, if each chessboard will have its own chess sketch for its 6 bits, a chess position, which can not be guessed by an outside observer. These are the basics of vector-geometric encryption, the principles of which are shown in the diagram in this post dated December 7, 2019, in which the key mode can only be an option, not a mandatory rule for encryption and most importantly - for decryption. A lot of my posts have been removed by the administration and there have been numerous explanations for this technology. I don't see the point in repeating everything - they'll delete it again. What's not clear is I'm ready to answer. |
|
|
|
If we were to use your proposed way of authentication there will be problems, though I agree the problem with that is how much user can it handle because based on what you said there will be a lot of variable to make an identifier, for example if they were to use 500k variable to make an identifier wouldn't it make it difficult for normal computers to process, imagine that 500 and the combination is unique, and there are 500 thousand users then wouldn't that overload a computer. The best solution right now would be to create an insurance in case there is a stolen fund or marking the funds stolen so they can't be used, that is much better because they discourage people to steal.
--------------------------------- Passwordless authentication is a continuous process of verifying each data packet, without exception or compromise, in both directions, over a cryptographically closed communication channel. If the data packet you are sending is 256 bits (the minimum possible), then Keyless Encryption must identify that data packet by its level "its" - "someone else's". If the data packet is "its own" then it is sent by the user who installed this communication channel, which in turn means that the authentication of the sender of the packet took place. How many options are there in the 256-bit code? I think more than 500. The data packet itself, which will be authenticated, is a variable numeric identifier. Variable - because every next data packet, no matter what information in it is encrypted, the same or no encrypted information (in keyless encryption technology there is an important point - encrypting silence) - must have a completely different, unique code, one of 256, in order to be identified as "your" - "someone else's". In addition, this way of transmitting information does not require a digital signature, all information will be verified through a verification of the subsequent packets of data - by default. The trick is that if the information decrypted in the previous packet was decrypted incorrectly even by 1 bit - all the next packets will be formed incorrectly, which means - will not be recognized, which means - will not be decrypted, everything, or the end of the communication session, if the channel is noisy, or resumption of transmission from the last successfully received, decrypted and identified data packet, this already solves the transmission protocol. Thus, we get, together with passwordless authentication, an immediate complete verification of all sent information, without a digital signature. This is the main advantage of keyless encryption technology. The key is every single event, and the encrypted information, and erroneous packets, and repeated packets and much more that allows: 1. or instantly identify the packet (approximately 25% probability); 2. No matter how a packet is identified instantly or not, unambiguously identify it by taking the following data packets, with accuracy, with verification, to one bit. So there is no problem with a large number of clients. |
|
|
|
whether TOXIC token is planning to do a token sale in exchange (IEO) I think it's a good idea to maintain investor confidence
--------------------------------- I know these guys, they think rightly that the time of keys and passwords is a rudiment from the past and whoever cuts it off first will win the total fraud associated with stealing passwords and keys. I can only help them with the technology itself, I have developed a theoretical basis for keyless encryption and passwordless authentication (not by your biometric waste...), who is interested in sending out publicly understandable material. But I myself, not involved in this project, cannot answer the question of what and how to do it. I am sure that if the future is not in this project, there will be others like this, which will spare us the fear of stealing our identification data. That just doesn't make any sense. |
|
|
|
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.
Thanks, glad I was of some help Please bear in mind I'm not an expert, though - it's just my understanding here. I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?
Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin. -------------------------------- Besides the above mentioned about post quantum cryptography, I would like to say that quantum cryptography does not solve 2 problems in any way: - it doesn't protect mobile Internet users and wireless Internet access points; - it doesn't solve the problem of key theft, that's the way crooks go, nobody breaks cryptography, everybody steals4. - does not solve the problem of password and biometric authentication methods, because stealing any digital identifier - breaks the security, so do fraudsters; - it doesn't solve the most important issue, the phishing issue. This solution is more important to society than all the others put together. Quantum key distribution solves only one unimportant issue: key negotiation. It solves the problem of personal meeting. Although there are so many open channels today that if I need to agree on a shared encryption key, it is safer (because it is invisible) to agree on a "grandmother's mail" in a paper envelope than looking for fiber optic lines and quantum key negotiation technologies. And in general, the world forgets about good old wit, because of the fact that a man was stuffed with technology. And what's the result? 12 billion accounts on one domain alone in the darknet - free access and for a little money. So what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand. |
|
|
|
|
Cloud vaults break like nuts.
Who needs this protection if the cryptography on the keys is only opened with the key, no matter who brought the key?
Here are the consequences, according to court documents published by the NSO Group, Facebook intended to purchase Pegasus, a spyware product capable of extracting user data from Apple, Google, Facebook, Amazon and Microsoft cloud storage. The data is being exported, giving software operators access to confidential user data. The data collected includes... that's where three dots are best, because there's not much to steal, there's enough keys and passwords. The rest is that you've already put everything in the box that's already got the key.
The danger of modern cryptography on keys is that it gives an imaginary security, you feel free, and then the vase is cracked, all your secrets and private data.
Key cryptography as well as password authentication are the rudiments of the 20th century, temporarily living in the 21st century.
|
|
|
|
I dont think that we should change all auth to biological. Sometimes just password is enough
---------------- This does not suggest changing the password authentication to biological. As practice has shown, biological is even more vulnerable than password authentication. Most fingerprint sensors can be tricked with a textile adhesive impression. Cisco Talos has conducted a study on how to circumvent biometric fingerprint-based authentication systems. The researchers achieved success in almost 80% of cases. In the course of the study, the researchers took the victim's fingerprints from the surface she touched, printed the mold for casting with a 3D printer, filled it with inexpensive fabric adhesive (the researchers specifically took inexpensive materials for the experiment to see what "success" the attacker can achieve even with minimal resources) and cast a cast of the print. Specialists applied the cast prints to various sensors of fingerprints, including optical, capacitive and ultrasonic, in order to identify the most reliable of them. As it turned out, there was no particular difference between these sensors in terms of security. However, more researchers have managed to hack gadgets with ultrasonic sensors. They are the latest type of transducers and are usually built into the device display. With the help of casting specialists were able to unlock almost all the smartphones taken for the experiment. As for laptops, they were able to unlock 95% of MacBook Pro. As for password authentication, this method also proved to be completely untenable. Passwords are being stolen and sold on a massive scale. In one minute the world spends almost $3 million to maintain these outdated security systems. I am offering passwordless authentication based on keyless encryption, not an old compote on new ideas. And another feature is silence encryption. It completely closes the communication channel from surveillance and analysis. |
|
|
|
|
In addition, we can say that the interfaces of programs that attack two-factor authentication are very much simplified. They are getting bigger and bigger and more accessible.
Be vigilant, especially if you are using this obsolete mechanism.
|
|
|
|
Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?
I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not! The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal. The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key. That's the process, anyway. For information about security, probably first have a look at the BB84 protocol, and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread. --------------------------- Thank you very much. You answered exactly the question that I asked. You explained the principle clearly, that's the main thing. Protocol is secondary, there can be a lot of them, and the principle of linked photons is always the basis of quantum key distribution. I must have been inattentive earlier. I have one more question. You write: "The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party." This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons? Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place? |
|
|
|
I'm really sorry. I can not understand what you're trying to say. This is a completely new way of thinking about encryption.
I had implied that the initial chess board is fixed in it's starting position, and any updates to the pieces could be followed by an eavesdropper using the same keyless encryption scheme you proposed.
I'm not even talking about a man-in-the-middle attack.
----------------------- A listening device is a 100% effect, no matter how it is encrypted, it is important to always remember that you will be overheard until the encryption is complete, the keys you press on your computer are scanned, the screen and the on-screen keyboard are scanned. This is all understandable. And this is not a cryptographic task. Cryptography is about making your own, closed channel between clients. What is the main vulnerability of modern cryptography, regardless of the complexity of the encryption system? It's in the keys. Nobody works to break into the encryption system itself, always stealing keys. Always exploiting this particular vulnerability. What do the crime stats show? The theft is growing. And the worst part about stealing your key is you don't know it. What's the danger? Because you keep encrypting your secrets, which are now available to the cheater. Perhaps all your secrets of the past are now available. There are bad consequences for you. What does keyless encryption technology offer? It prevents a cheater from stealing and exploiting your keys... due to their complete absence. Or in other words, there's a huge number of them, one unique key for just one data packet. The next packet of data is a new one. What would it take to know a new one, like Eve, a third party? Nothing special, the whole history of information exchange between clients (between Alice and Bob) with an accuracy of one bit. Think, and read carefully - not from the beginning of this communication session or from the beginning of this calendar year, or any other "beginning", but from the first bit in the channel and to the last one that was sent to the channel, its exact (miles, miles second) time, its exact decryption, everything, absolutely all the settings of the encryption system for each bit of information (!!!), but it's not enough - every single error in the history of information exchange between Alice and Bob! It is necessary to know not only all the errors (even errors of noise origin), but also their exact time and their exact sequence in the flow of information - in the history of information exchange! But this is not all. Imagine that Alice and Bob are communicating by voice in their closed communication channel. It happens, people say "on the phone". A scammer needs to know every single pause between the words of the speakers, their exact duration, the exact time of arrival and end! I can tell you right away that there are no pauses in the communication channel - there are no pauses completely, on the physical level. Attack by a person in the middle of no information about the pauses in the conversation between Alice and Eve - will not give. Also, the observer Eva will not receive information about who is passing the information to whom. She won't get any information about who's transmitting the information or how much. She won't receive information about whether or not the information was transmitted at all. Wait. And here we get interesting methods of protection against "man in the middle" attack - we just are silent, Bob and Alice are silent, and in the channel of communication the information exchange continues evenly, the flow of information from Alice to Bob is exactly the same as from Bob to Alice, and absolutely does not change when they stop talking and start talking. Ironically, it's a fact. It's a real closed channel, without the possibility of any analysis of the volume, fact, and direction of information transfer in it. Why is it so complicated? Because otherwise such an encryption system won't work. It's a new encryption built on an ever-changing continuum of virtual space and time. The space isn't complex, but it's dynamic, without static states. That's why downtime isn't possible. What's the attack in the middle? In this concept, it is meaningless and useless. |
|
|
|
|
Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?
|
|
|
|
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.
------------------ It is possible not to believe, it is possible to close eyes and to bury all head deep in sand - it is a way of an ostrich. On the contrary, you can open your eyes and explore the world around you. Then there is a chance, if you have enough intelligence, to come to the conclusion that quantum computing is a reality to accept. That's why post quantum encryption methods and new Blockchain technology have already been developed. |
|
|
|
|
Show Posts
