But the practical proof of the fact that some devices (in this case all, regardless of the model), some manufacturers, can never be used, under any circumstances, or for any purpose.

The main thing is not to forget, buying another fashionable smartphone, that with its help you can not use your passwords and keys, to access the service associated with your cryptographic assets. This is a spy.

Here is the recent news.
Celebrities in South Korea were subjected to a large-scale extortion campaign, during which criminals hacked into Samsung smartphones belonging to popular film artists, musicians, artists, etc. and demanded a ransom of $43,000 to $860,000, threatening to make their personal data public.

Only recently, in my post of January 15, this company was mentioned, and confirmation of this danger did not wait.

Really, who's responsible for this?
People who have trusted products that are not suitable for anything, in terms of security, or a manufacturer that adheres to its own, not for the purposes it has declared?

In my opinion, we will always be deceived if we trust anyone.  And the most dangerous thing is exactly the delusion that most people have.
Who's listening to the minority?

I don't know who will support me, but practice shows that apart from cheaters, other players are also playing against us, made up as our allies.

So then talking about cryptography...

--------------
The idea of working without a password or encryption without a key requires no getting used to, no fingerprints, no biometric identifiers.
So there is no need to get used to this technology.
You need to get used to complex passwords, new passwords for each new service.
Here everything is simplified for the user, but complicated for a cheater.

Moreover, the user gets 100% rid of phishing, stealing passwords and keys.
Only your device can be stolen.
But loss of the device is always visible, and loss of keys, passwords, personal information is not visible at all.

Access to you or your data happens regardless of your desire or your importance.
This is fully automatic data collection. It is a program that collects everything and everyone.
It's done by both the government and the crooks.
But the government doesn't want scammers to know more than the government. That's the reason why news like this happens:
On January 14th, the FBI seized the domain WeLeakInfo.com for providing users with paid access to data leaked to the network by hacking. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.

"The Web site gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," the U.S. Department of Justice reported.

The subscription price ranged from $2 to $75, giving users unlimited access to search engines and data for a limited period of time.

Here's the price of your logins and passwords and more today: from $2 to $75. And this is not the highest price, there is cheaper.

This is reality, open your eyes, 12 billion records, this is all humanity!

This is the true state of affairs when using key and password based technologies. This is not the end.
It's just beginning...

---

-----------------------
It is not recommended to use any system by fingerprint.
Numerous studies have shown that this is the easiest barrier for a burglar.
The laziest ones make a "master fingerprint". This is the equivalent of a "master key" to door locks.
Statistics have shown that the "master fingerprint" opens 65% of all devices on which there is a lock by fingerprint.
Similarly, but not always exactly so, any system whose security is based on other biometric identifiers is very easy to crack.
All this was invented by marketing, use it for your health...

As for backup, it's protection against breaking your device, not against a cheater who went out hunting. And it's not just scammers who hunt your data, but governments and corporations as well. It's automatic.

On the contrary, in terms of security, the more copies, the easier it is to steal.

It's all a cat-and-mouse game. You need radical, global, new solutions.

What we've built for us and offered to use is, in most cases, a cleverly disguised trap.

And yes, I know that I'm in the absolute minority, with these views.

---

As for our keyless encryption technology and at the same time, in fact, it performs the task of passwordless authentication, your usual passwords, keys, biometric identifiers - can successfully complement this encryption system, or even better - to fill with its content information part of the channel. There are no contradictions or prohibitions here.
Instead of filling the encrypted data packets with false information, the system will fill those data packets with information about your identifiers, any, in any combination.

But, unlike normal, password authentication, your identifiers will play a secondary role.  The primary role will be the data packet itself, the order in which it is formed, encrypted and transmitted. If it is properly formed, identified by the host in the current Logical Time Tunnel, then the transmitting party is already 100% identified. This confidence is given by the encryption itself, without compromise, without analysis, without vulnerability because there is no key.

What to do with the mismatch of secondary identification features, if this has happened, are passwords, biometric identifiers, decides the algorithm of system operation. There are many options, request a repeat, do not accept this data, send data for verification (the user has mixed up his password), refuse authentication - we do not care.
The keyless encryption system has successfully encrypted and decrypted any information that was given to it. Without a key, without compromises, over a closed communication channel.
The fact of identification of its data packet, combined with the fact that it was correctly decrypted, provided 100% primary and basic identification of its interlocutor.

Thus, fears that the password or keys were stolen have no basis in this concept of encryption and information transfer.

Similarly, fears of weak interference immunity of the system have the opposite sign, the system is so interference-resistant that leaves neither misinformation nor any modifications - no chance.
 
Conclusion. The very fact of successful operation, a closed communication channel organized by 2 (or more) users, would not have been possible in principle if the function of infiltration of interference into this communication channel had been possible.

Such communication channel either works and works only absolutely reliably, no modification is able to break it, or does not work at all, the middle between these modes is not possible on the principal level of keyless coding technology.
These are logical, quantum, black and white system states.
There is no gap between them.

---

Let us explain again what we mean when we talk about repeating a previously transmitted data packet.

This is a keyless system, so note that this and all other repetitions are never transmitted to the channel by the same cipher code to which the previously modified data packet, the one that is now being repeated, was transmitted.
Moreover, this is also not possible because of the relationship between the cipher code and the data packet counters.
The reason why repeated data packets differ from the original data packets is their processing in the new Logical Time Tunnel. All Logical Time Tunnels have strong feedback to the hash code of all past system events, i.e. it is some kind of derivative.
There is also a bitwise addition of the new code's XOR with a new disposable binary ribbon (a full analog of the "disposable notepad" to obtain the Vernam cipher) of the same length as the data packet.
Therefore, regardless of whether a new data packet is formed or the old one is repeated, the keyless encryption system is forced to do its job, always doing the same thing, always the same as with a completely new data packet, so it is of high quality.

---

So, we have described that no package of information, or in any of the modes of operation, is equally encoded. For this purpose, a temporary virtual space has been created, which is always changing, always unpredictable in advance as it is, the variants of building this space infinite set.
This gives an important factor for encryption - unpredictability, multivariance, dependence on the processed information in its unit of time, in its moment of time, the so-called Logical Tunnel of Time.

The proposed technology of verification and passwordless authentication is possible only with its original paired system, only with the one which processed the same information and at the same time, and as we remember, in which even all the pauses, their time and their exact duration coincided - the same for both systems. It is an absolutely reliable system of infinite information ratchet, clinging to both information and time indicators of its existence.
In contrast to the double ratchet - the "mechanism" for creating new keys, based on the old ones, our technology creates a whole environment for understanding everything that happens, not just key information, the independent definition of all the rules transforming and configuring the entire system.
Our technique is therefore similar to the ratchet idea, but differs in that it works continuously, literally for every bit of information, infinitely long. It is probably the only possible variant of symmetric functioning of two encryption systems and the possibility of implementing the most keyless encryption technology in principle.   
It becomes clear why such a system is not afraid of interference, targeted attacks, or errors of randomly unknown origin. All these phenomena - direct the settings of both systems in different directions by definition, all that remains is to draw conclusions and take measures, to return the system to the moment when both systems had a symmetric setting, or in other words, the same Logical Tunnel of Time.   

---

An interesting question, what modes is the geometric model of keyless encryption capable of supporting without violating the declared principles of encryption?
The normal encryption mode without the key function is possible.
But...
The key information encryption mode is possible.
I specifically use the word "key information" instead of "key".
Well, here's the thing.
Let's say that users decided to use the key for their next encryption session.
Okay, no problem.
Unlike key encryption systems where there are clear requirements for the key (for example, clear length of the key), in a keyless encryption system, such requirements are completely absent.
In the literal sense of these words.
Except one: both users should have the same key. That's all.

Let me give you an example of what can be a key:
1. One character, one digit.
This is completely enough for the system to go into a completely new, unpredictable state (because of the time of the event, remember, we have a full space-time continuum, a discrete structure), and the quality of encryption does not degrade or change, absolutely not how. Is it interesting?
Think about it, the location of the elements has changed, the initial coordinate point has changed, the temporal correspondence of the elementary part of the encrypted information (e.g. byte of information) is its own, new, and all the other rounds of encryption are also completely new. This is the new Logical Time Tunnel. It's a new encryption scheme.
What's the danger of such short key information, such a key? Guessing to the attackers.
Really, it's not enough for him to guess the key, he needs it:
1) Know when to log it in;
2) Don't miss the first and all subsequent communication sessions between the parties he attacks;
3) Moreover, do not skip any packet of information from each communication session;
4) Moreover, do not miss a single byte of any data packet.
Whoa!
How and why is that?
Because if one bit of one data packet is accidentally modified by the communication noise, and that modified bit (in the data packet) is received by the user, but not by the attacker (Eva), then the symmetry between the user's system and Eva's system is lost!
Why?
Because the user will request a repeat of the wrong data packet, but Eva will not.
So the natural noise in the channel - improves the security of the closed channel Alice-Bob and removes the third party from the channel (Eva) in case she could not find out about one modified bit in one single data packet.
Eva's challenge is enormous, even with Alice-Bob's shared key compromised.

Next, let's continue with the examples of "key information".
 2. Any text, any length, in any language.
3. Photo, image, drawing.
4. Symbols, hieroglyphs, special characters in any quantity and any sequence.
5. Any digital code, any binary code.
6. Audio file.
7. Other, which is information.

For these reasons, the term "key" here is not very accurate, the term "key information" is more appropriate.

The key mode has at least two more encryption modes, and then this.

There is also an encryption mode and a mode for transmitting (or receiving) large amounts of information.
Data verification mode.
Mode of two-way primary verification at the beginning of the next communication session.
And others.

 Functioning in any mode, defines the special configuration of system, the certain adjustment of its algorithms, with deep feedback between the accepted "conditionally true" information and the transferred (new and precisely true) information. Such logic, after some time, allows to be completely assured that all transferred and accepted information not only is not modified, but also has been correctly deciphered by both participants of an information exchange.

Disinformation of the user about which would not become known, in this system of encryption - it is not possible.
This unique feature of keyless technology, can be used for instant control of absolute integrity of any volume of traffic in the network, in a point-to-point section.

---

--------------
The problem with biometric identifiers is that they become a common computer numerical code.
To some extent it's unique, plus it doesn't need to be remembered, but it's just a code that, like passwords, is stolen by a cheater and successfully used.
Another, the main problem with all biometric identifiers is that it's easy to forge:
- your fingerprint is easy to find and scan;
- your face is even easier to find;
- even your DNA is not a big problem, we leave our biological traces everywhere and everywhere.

So, biometric IDs are not a solution to password authentication problems, but a marketing move by device sellers.

The real solution to all password and biometric authentication problems is passwordless authentication, which is based on variable digital identifiers.
Simple, reliable and elegant.

---

In a world where hackers exist, only authentication without a password is possible because they have nothing to steal.
Passwordless authentication is not free access to an open door. It is a technology that changes the lock on the door all the time, quickly, no matter what you want or do. At the same time, you change the key, it is the password.
In modern technology, you have the same lock and key to your door. Always the same, you have to keep the key (password) secret. Because anyone who has your key can go through your door, open your lock.
 Hackers always, exclusively and unambiguously hunt and steal your keys (passwords), they do not hit your head at your door. Their target is the key to your door. In other words, they need your digital identifier (biometric identifiers are converted into your digital permanent identifiers) because it is permanent.
Our idea is that you would have a variable identifier instead of a constant identifier. It would be produced as a chain of linked blocks in a blockchain, in a scheme:
1. Your usual digital identifier (password).
2. If you use it only once, it will be converted to a new numeric identifier, just as if you had changed your first password to a new one. But it's not you doing it, it's the program. It does it unpredictably randomly to an outside observer.
3. As soon as you use a second numeric identifier only once, it automatically changes to the new one.
4. And so on.

In this authentication scheme, the hacker has nothing to steal, no password, but he does.

Moreover, there is no place for phishing in such scheme (if you expand it in more detail), because verification takes place in two directions at once: the client identifies the server, and the server identifies the client.
And phishing is the most common attack vector for stealing your password and other things.

---

That's the confirmation of my words.
Today I have read the statistics on password attacks, it is alleged that almost 2 million users were attacked by password thieves in 2019.
And there is an increase in this type of crime.
Last year, the number of users in the world who were attacked by password theft programs increased by 72%.

Such programs are able to extract information directly from browsers, including account credentials, stored payment card data and content of forms for autofill.

These facts stubbornly lead us to conclude that password technologies are outdated.
We need a new foundation for 21st century security systems.
Password, this technology of the last century, as well as biometric identifiers, does not provide us with security.
The future only lies in passwordless technologies based on keyless encryption methods.

---------------
Access to you or your data happens regardless of your desire or your importance.
This is fully automatic data collection. It is a program that collects everything and everyone.
It's done by both the government and the crooks.
But the government doesn't want scammers to know more than the government. That's the reason why news like this happens:
On January 14th, the FBI seized the domain WeLeakInfo.com for providing users with paid access to data leaked to the network by hacking. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.

"The Web site gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," the U.S. Department of Justice reported.

The subscription price ranged from $2 to $75, giving users unlimited access to search engines and data for a limited period of time.

Here's the price of your logins and passwords and more today: from $2 to $75. And this is not the highest price, there is cheaper.

This is reality, open your eyes, 12 billion records, this is all humanity!

-------------------
This theme, whether there's a quantum hazard or not, is wiped down to the holes.

That's the picture I'm looking at:
- most people in the scientific community understand and explain that the danger is more than real;
- most ordinary people who don't want to get into it, project managers, advertisers, "air salesmen" who aren't used to dealing with complex issues, don't see it as a threat.

We know that there are a lot of encryption systems, totally new systems that can withstand quantum computers even from another galaxy. And in 2022, we will know the winner.

All modern systems except AES will go to the junkyard of history and the debate will stop, just like the threat of quantum computers.

And what will remain?
There will remain the eternal threat of cryptanalysis, theft of keys and passwords, phishing, and other nasty things that no cryptographic system fights against.

These threats, as well as quantum threats, can be counteracted by a new technology of keyless encryption and passwordless authentication based on logic and geometry rather than mathematics.   

-----------------
I thought you were in a hurry to jump to conclusions. If you don't just study the scheme, but read the description of this method, let's call it OTP, it clearly says that it's not quantum cryptography at all (as I call it - "photonic bond"), on the contrary, it's the opposite of quantum cryptography.

This method excludes all the disadvantages of quantum cryptography, which in practice will have a function of key distribution for symmetric encryption systems.

For true cryptography, it is not suitable. It can be used as cryptography, but it's like going to rent a huge truck and carry a desktop computer on it. It's stupid. It looks ridiculous.

Quantum cryptography is very slow, very capricious, very resource-intensive.

And OTP completely eliminates these drawbacks, it's super fast, it works near light speed, it's super reliable, the only proven method in the history of cryptography, many orders of magnitude more reliable than AES with any key length.
In order to agree on a common key, the parties do not need to meet or transfer it over communication channels, or store it.

It is fantastic, it is real, it is the present future of modern cryptography, it is super-reliable, it has no drawbacks.

This isn't your "quantum key transmission", it's snail-speed. It's an old 1980s method. There were already successful experiments back then. But people thought back then, they could still think, not point their finger at the smartphone screen.

And vice versa, the OTP method is a modern method.
It's a technological way of developing cryptography.

But do not forget about the logical path of cryptography, because it is a program that everyone can put on your smartphone, with almost the same level of encryption reliability, but still get a plus:
- two-way, continuous, 100% accurate authentication;
- full match of the decrypted and encrypted message, up to 1 bit accuracy;
- alternative non-scalable blockchain;
- hiding the transmission or reception of information from an unauthorized observer;
- instant verification of any amount of information;
- many other things that no technological cryptographic method can do. 

No technological way of developing cryptography provides uninterrupted authentication. Only trust, or again, keys, passwords.

Our method has no keys and no passwords, no shortcomings.
 

The owners of Bitcoin are the most advanced, progressive and brave people.
Not knowing anything for sure, only "maybe" we buy something we do not fully understand.
You have illusions that we create for ourselves. If you do it for fun, it's exciting, it can be like a game for adults.
If you invest a lot of money in Bitcoin, your money, use this technology to store your capital - that's not clear.
Money loves a solid foundation.
Bitcoin has, so far, a very raw, unambiguously undefined foundation for anyone. Although it is a modern tool for financial freedom, it is not complete...

I think that phishing will never die as long as there is a password authentication system.

The point is that when you are shown a phishing site, a non-original site, or a phishing email arrives, all your protection is to compare the address, the name of the site, the information you see to the information in your memory.
It works, but very, very badly.
If you haven't noticed the modifications, it's all your fault.

Well, is it fair to rely on your own memory when you're digital?

I think it's a flaw.
We need password-free authentication methods. And these technologies are only two-way. What are we going to get:
1. No possibility of phishing attacks, regardless of our memory.
2. Impossible to compromise you by stealing your password or other identifier.

The point is that passwordless authentication has only a variable identifier. Nobody uses it 2 times, even you yourself.

Here's the news on the subject from January 17.

Experts have warned about a new type of phishing attack.

Perpetrators study the victims' email messages to trick them into going to malicious sites.


Cybercriminals have begun using new phishing techniques to trick employees into installing malware, transferring money or transferring their credentials.

The cybercriminals infiltrate business email channels using previously compromised credentials (acquired in clandestine forums, stolen or obtained through a bloatform) and join a conversation under the guise of one of the groups.
This is an expert opinion from Barracuda Networks.

The idea is that the attacker is exploiting a real identity by conducting phishing attacks on its behalf, which the victim will consider as messages coming from a trusted source.

In an analysis of 500,000 emails, experts found that the interception of correspondence increased by more than 400% between July and November last year.

 The experts reported on cases when intruders spent weeks communicating with their alleged victims to ensure a high level of trust.

Details of password-free and keyless methods, here:
https://bitcointalk.org/index.php?topic=5204368.0.

This is the confirmation of my conclusions that the software, as well as the devices, are dangerous.

Dangerous, especially for keys and passwords.

January 16th, the freshest:
The first PoC attack with Windows vulnerability in crypt32.dll for spoofing Github and NSA sites is presented. 


The day after the patch was released for one of the most dangerous vulnerabilities in Windows history, security researcher Saleem Rashid demonstrated how it can pass off a malicious site as any site on the Internet in terms of cryptography.

We're talking about the CVE-2020-0601 vulnerability in the crypt32.dll cryptographic library in Windows, which allows you to sign malicious files so that the system will accept them as legitimate, as well as forge digital certificates. The problem was detected by specialists from the U.S. National Security Agency who reported it to Microsoft.

On Wednesday, January 15, Rashid posted a screenshot on Twitter that shows the music video Never Gonna Give You Up by popular 1980s singer Rick Estley playing at Github.com and NSA.gov. Using the vulnerability, the researcher was able to spoof Github and NSA websites in Edge and Chrome browsers.

Rashid's exploit consists of 100 lines of code, but it can be easily compressed to 10 lines if you cut "a few useful chips," the researcher told Ars Technica.

Other experts agree with colleagues at the NSA.
"With the help of the script, you can create a certificate for any site, and it will be trusted in IE and Edge with the standard Windows settings.

This is awful!

Don't forget that trusted certificate system, PKI system is the basis of the world security system.
Without the proper operation of this system - everything falls apart, no one will know if the public keys belong to their owners.
All you have to do is show your public key instead of the original one, and all our secrets are in their pocket - we will encrypt them ourselves and give them to them.

Can you imagine the consequences? 

The problem affects VPN gateways, VoIP, almost everything that uses network communications," said MongoDB Security Manager Kenn White.

Key security systems - are no longer secure for us!

No matter how much we talk about key cryptography, we always fear for the keys.
It's hard for me to compete with major cryptography and security experts.
But to listen to authoritative opinions, to analyze the information I've received, I've decided what is necessary.

So, the researchers of Blockchain technology have repeatedly noted this idea:
- even though all asymmetric cryptography, on which the Bitcoin defense is based, is based on the mathematical apparatus of elliptical curves, it is not a reason to calm down.
The matter is that, as the research showed, elliptic cryptography is not a panacea for such vulnerabilities as low entropy and software implementation errors.
Moreover, experts have revealed many examples of repeating SSH- and TLS-keys belonging to different certificate holders.
Digital signatures were detected in Bitcoin system, allowing to know a temporary key, which, in its turn, will give an intruder a corresponding private key and an opportunity to steal the cryptographic currency.

I will not assess the level of real danger of the software products that we have to use, but it is worth thinking about.

What are our keys and passwords to if the programs and devices are not reliable? The seldom you use the same key, the same password - the more secure you are.
Or am I wrong?

-
In order for someone to hack, steal, no matter who, you need to be able to interest a reputable hacker.

People who can do it are worth more than gold. These are unique specialists who don't deny themselves anything, attack who they want and when they want.
This is how our security in the digital world works. It's not how it's set up, it's just a fake. There's nothing in this world that doesn't break, it's a matter of price.

Even the fact that you talk to specialists like that will cost you more than all your money. They probably aren't interested in you, because you aren't seen or hacked yet. This is not a situation where you are able to resist it, because you use digital devices that someone has made for you.

 Your keys and passwords can only be stolen because you have used them at least once.

Doubts?

Read the post from today, 12:45, here, then we'll talk:
https://bitcointalk.org/index.php?topic=5209297.60.

---

The main enemy of all these creative experiments, in the proposed model of encryption - is the effect of loop system.
By cycling of the system, we mean repetition of the state of the system, in any part of it.
Researches have shown that when the number of consecutive repetitions of the same algorithm is limited, this phenomenon becomes impossible in principle.
You should agree that a large number of elements in a large room is more difficult to put in order than to scatter around the room without order.
High entropy of chaotic movement, no matter what, is easier to achieve than low than the logical arrangement of all the elements.
It's harder to build than to break.
This is roughly the case in the proposed model of virtual space-world, the technology of keyless geometric encryption.
Fears that a very long silence of the user, which is replaced by the transfer of false information generated by the system itself - sooner or later the system will loop, also has no reason.
Let's remind that in this model there is no identical information, neither false nor user information, because the system is always "new".
In this regard, note that any information, and that which is produced by the system during the "silence", and that which is entered by the user for encryption, and that information which is repeated many times successively by the user - for the virtual space-time continuum will always be absolutely new information, because there are always new moments of time for the system and new numbers of sequence of events.
Thus, any data, even if it is constantly repeated, always differs from one another, always as new, so it always leads to new values of algorithms of system transformation.

---

How do I link absolute sensitivity to any code modifications with interference immunity of a closed communication channel?

Will there be an effect of interruption of work because of insignificant hindrances, technical, natural origin?

On the one hand, the above mentioned features of keyless encoding technology do not tolerate any modifications.
On the other hand, all modifications are visible, observable, and therefore it is possible to develop algorithms of system behavior.
The principle of these algorithms' operation is aimed at correcting any error in code. If an error is detected in the information part of the data packet - the method of correction is a repeat of this data packet.

Thus, a keyless encryption system, any of its models, any version, should have a protocol governing the formation, sending and receiving of data packets.

It turns out that errors are always visible, all consequences are controlled, therefore from the point of view of noise resistance of such model of encryption, this system is steady against any quantity of errors, with possibility of recognition and correction.

What kind of encryption system can handle such a wide range of tasks?
All a key encryption system can afford is a hash sum verification of a message.
A keyless encryption system can afford to identify, verify, analyze and correct every received packet of data.   

It's farther away.

---

From open sources, we know that fundamentally new encryption systems, absolutely new, able to withstand quantum computers obtained even from another galaxy - already now a large number.
And in 2022, we will know the winner.

All modern systems except AES will go to the dump of history, and the threat of quantum computers will remain in the past.

And what will be left for us?
There will be an eternal threat of cryptoanalysis, mathematical hacking into new encryption systems.
Why is that?
Because there's speculation, and there's evidence.
And to date, the only cryptography that's proven reliable is Vernam's cipher.
This cryptography was invented back in the 19th century (not even in the 20th)!

And we will also have the eternal problems of all key systems:
- stealing keys and passwords;
- phishing attacks;
- spyware that steals information until it's encrypted;
- and other nasty things in the modern world.

No cryptographic system struggles with these problems, or even has the capability to do so.

These threats, as well as quantum threats, can be counteracted by a new technology of keyless encryption and passwordless authentication, based on the logic and geometry of virtual spaces rather than on mathematics.

And the variants of virtual spaces are infinite a priori.   

We use modern key encryption.
Even assuming that all systems that work for our benefit are absolutely secure, even so, our security system is not secure.

No crook would hack into a cryptographic system. He doesn't even care how it works or what it's called.

Fraudsters always hunt for keys.
They take advantage of the fact that encryption stands in our user programs as a component that we don't choose, we don't discuss it with the manufacturer.

It's the same with keys. We don't choose them, we don't invent them, all this work is done programmatically.

That's what crooks use.
There are two groups:
One. Real criminals, villains;
2. Governments and special organizations, big corporations that have to protect us, they're robbing us.

The facts and statistics of cybercrime show that it is dangerous to use the keys (they are impracticable to remember to a person) and passwords on modern devices.

It turns out that for a reliable operation of a cryptographic system, of any key system, it is necessary to restrict access of the device to the keys. This is an unsolvable problem in key systems.

But in today's trend - you cannot use keys or enter passwords from our devices, because all devices - work not only for you, but for someone else, we do not know who.

Judge for yourself:

1. Confirming news:
U.S. authorities are distributing a subsidized smartphone with an embedded virus.

Millions of poor Americans have received a subsidized smartphone under the FCC Lifeline Assistance Program. But the device came as a surprise - it has a built-in virus in its firmware. This software cannot be removed because it does not have root access rights.

The Unimax UMX U686CL smartphone was provided under the Mobile Accessibility Program.


2. And those we trust:
- Microsoft has been listening to and processing the voices of Skype and Cortana users for years without any security measures. This was told by Guardian, a former contractor who spent two years processing user voices using a personal laptop at his home in Beijing. He received his login and password from Microsoft via email in unencrypted form, with a very simple login and one password for everyone.

3) Similar spyware was found on all Samsung smartphones and tablets.

This problem was pointed out by one of the users of social news site Reddit. These are Device Care features that are actually present on mobile devices from the Korean manufacturer.

Samsung itself does not deny that Qihoo 360 uses a Device Care module designed to store data on the device. However, the manufacturer does not explain why the software interacts with Chinese servers on a regular basis. Qihoo 360 has previously been involved in several privacy scandals, including hidden data collection.

The source has warned that giving such a dubious company access to all data on the device is at least risky. He explained:

"The smartphone memory scanner has full access to all your personal data because it is part of the system. However, according to Chinese law, it must send this information to the government upon request". ”

So why should we discuss the reliability of the encryption system, any encryption system, even post quantum, even if the keys are stolen from the device itself!

Unbelievable, but the facts speak for themselves.
Make a conclusion.

I agree with all your comments.
Except for one, one.

There is reliable, absolutely reliable cryptography, in the absolute sense. It's Vernam's cipher.
It's the only cipher for which there's evidence of its 100% reliability, C.Shannon, 1945.

It has been used for over 120 years and (attention) is still used today.  The most secret diplomatic and other messages are still sent only by the Vernam code!

No AES with any length of key, about asymmetric systems I am silent at all, categorically forbidden.

The thing is that modern cryptography has appeared as an alternative to Vernam's cipher.

No modern cryptographic system has any proof of its crypto stability, and that proof cannot be, because the principles of encoding them - so to speak, are more cunning than reliable.

The 2 versions of cryptographic systems that I mentioned at the end of last post use Vernam's cipher. But they're not used anywhere yet. It's not time.

The first cryptosystem I did not give a link to, here it is, I really like it:
https://www.nature.com/articles/s41467-019-13740-y

Fraudsters will always be where there's a herd of relaxed sheep. Fraudsters as a global phenomenon do not care if you catch someone or not. They're not afraid of prison because we think about it.
The criminal world has long understood that cyber-fraud is the fastest and safest way to make money. If they catch one cheater, the other learns from his mistakes.
They can't be frightened by the lack of anonymity.
They already, in fact, do not believe anyone, and above all, those who offer security.
They were born with the knowledge that any door with a lock on it can be opened.

Keep your keys and passwords safe.
And in today's trend - never use keys or passwords, because all devices - work not only for you, but also for someone else.

Now it is not clear who are crooks, those who are criminals by profession, or those who should be on our side?

I think the power and the criminals are on the same side now, against us.

1. Confirming news:
US authorities have been distributing a subsidized smartphone with a built-in virus

Millions of poor Americans under the US FCC Lifeline Assistance Program have received a subsidized smartphone. But the device was a surprise - its firmware has a built-in virus. This software cannot be removed because it does not have root access.

The Unimax UMX U686CL smartphone was provided as part of the Mobile Accessibility Program.


2. And the crimes are also from those we trust:
- Microsoft has been listening to and processing Skype and Cortana users' voices for years without any security measures. The Guardian was told about this by a former contractor who spent two years processing user voices using a personal laptop at his home in Beijing. He received his login and password from Microsoft via email in unencrypted form, with a very simple login and one password for everyone.

Earlier, I wrote that spyware was found on all Samsung smartphones and tablets.

One of the users of the social news site Reddit pointed to the problem. These are the Device Care features that are indeed present on the Korean manufacturer's mobile devices.

Samsung itself does not deny that the Device Care module dedicated to the device storage is used on Qihoo 360. However, the manufacturer does not explain why the software regularly communicates with Chinese servers. Qihoo 360 has previously been involved in several privacy and privacy scandals, including hidden data collection.

The source warned that giving such a questionable company access to all the data on the device is at least risky. He explained:

“The smartphone storage scanner has full access to all your personal data as it is part of the system. In doing so, under Chinese law, it must send this information to the government upon request. ”

When I talk about cryptography, I don’t apply it to myself, but I am interested in the question in principle. And no matter how many years later, who will die.

It is interesting to discuss the matter in principle. Is all modern cryptography a temporary phenomenon or for many, many years ?.
Reputable organizations, for reasons that have not been disclosed to us, intensively, for many years, are looking for a replacement for RSA and ECC.
Well, why not increase the key length and forget about quantum computers for the next 100 years.

Moreover, it is so obvious and simple, if everything is reliable, that I can not find an explanation for this.

Moreover, cryptosystems based on the principles on which RSA and ECC are based are not considered at all.

I want to understand why? What is the mystery?

And most importantly, these are the keys. They are always stolen. This is an axiom.

Signal is nothing new and better from the point of encryption than in all major messengers.
Protocol only. Good protocol.
It gives normal anonymity, but nothing safe from the point of view of cryptography. The same keys, the same dangers. Mekley Marlinspike (he is the author of this protocol) is a decent person and did everything as well as possible. But the keys - where do you escape from this vulnerability? It doesn’t matter that they are constantly changing, there are a lot of them even for one session, but they steal as easily from the device as from the server. But the worst thing is that the same asymmetric cryptography is used to coordinate them. And it doesn’t matter that the encryption of information is a symmetrical system, they hunt for keys, and so far successfully.
Speaking of good protocols, since cryptography is the same everywhere, Treema's anonymity is much better than Signal. This messenger is even harder to crack.

But everywhere there is a weak point - only one, modern asymmetric cryptography. This is not what I came up with.

As for the new cryptographic systems, of interest are those in which the keys, if any, are not consistent with asymmetric cryptography and are used only once, literally - one bit - one key.
And such systems exist, are developing, and much better than “quantum cryptography”.

These systems generate a Vernam class cipher. And this is the only code, the absolute durability of which is proved in the absolute sense of the word.

Examples:
1. Technological path of development, one-time binary tape, Vernam cipher:
https://www.nature.com/articles/s41467-019-13740-y

2. Software development path, one-time binary tape, Vernam cipher, geometric keyless methods:
https://bitcointalk.org/index.php?topic=5204368.0

How long do modern asymmetric systems last?

--------------------
Anonymity on a network means information about your IP, MAC address, IMEI of the device.
That's all or part of it needs to know in order to track you.
You go online, you do bitcoin transactions, it's actually all your device does. And that's what they're tracking.

Next, if your identity needs to be tied to the device, it's very easy to do - watching remotely the activity of the device itself, what you do on it, where you go online, what phone numbers, messengers are yours, what you write on social networks and what they write about you and so on.
All this is done not by hand, but programmatically, providing the attacker your full social profile, photos, your voice, biometric data, which you willingly give to your device, all correspondence, contacts, SMS, passwords and logins, encryption keys.
And if you need to make sure that you are behind the device, then there is hidden activity of the camera and microphone of the device.
The information is checked in the database of your registration documents, driver's license, passport.

Step by step, through your device (IP, MAC, IMEI) automatic surveillance, those who need it, will know you more than you know about yourself.

Where's the anonymity?

And crooks aren't fools. They never use the same device for all their needs.

Are you ready to change your devices, say, every week?

---------------
I don't know who's joining forces with whom, but I do know that the overall statistics on cybercrime are growing from year to year. There's also an increase in the theft of cryptology in dollar terms.
Success in the fight against cybercriminals, the current security system shows mainly when a robbery has already happened and you need to release updates to close the holes.
And how much data has flowed through these holes, they don't want to talk.

I know that crooks improve their skills day and night.
Also, I know there's a lot of holes that aren't told to us, that are never told.
I also know the facts that the software and the devices that we use are increasingly stealing our data, these capabilities are being built right into the factory.
So it was recently discovered (and we were told!) that all Samsung smartphones and tablets are sending our information somewhere in China.
And now the question to people who tremble with their wallets, and to hardware wallets:
- do you have complete confidence in the devices you plug your hardware wallets into?
- do you use Samsung products?

Does one Samsung work for the Chinese government?
Is the Chinese government the only one who does it?
Who knows, is silent.

And I know that we are all in great danger, year after year - more and more can not trust any manufacturer.

--------------------
I'm not a cryptographer or a mathematician.
I read and analyze what cryptographers and mathematicians say.

I read about these people to understand how authoritative they are in their questions.

As a result, all I do is talk like a parrot what big people say.

But I analyze facts, for example:
- why NIST doesn't even see RSA as a possible post-quantum encryption system;
- why the terms of the competition prohibit any system based on the same principles as RSA or ECC;
- why other systems, such as McEliece, have been rejected (vulnerabilities found), then upgraded, and are again among the candidates, and RSA or ECC do not want to accept upgraded?

Why are all attacks on RSA classified, except for some that we know:

- Richard Shreppel's "linear sieve" algorithm, which factor in any RSA module {\displaystyle n} n length {\displaystyle [\log _{2}n]+1}. {\displaystyle [\log _{2}n]+1} bit;

- John Pollard[en] proposed a factorization algorithm called the General Method for a numeric field lattice. This algorithm factorized the RSA module {\displaystyle n} n dimension {\displaystyle \log _{2}n}. \log _{2}n bit using {\displaystyle 2^{(1,9\dotso +o(1))(\log _{2}n)^{1/3}(\log _{2}\log _{2}n)^{2/3}}. {\displaystyle 2^{(1,9\dotso +o(1))(\log _{2}n)^{1/3}(\log _{2}\log _{2}n)^{2/3}}} simple operations;

- Peter Shore suggested an algorithm that factors any RSA module {\displaystyle n} n dimension {\displaystyle b=\log _{2}n}. {\displaystyle b=\log _{2}n} bit using {\displaystyle b^{2+o(1)}} b^{{2+o(1)}} (more precisely {\displaystyle b^{2}\cdot \log(b)\cdot \log(\log(b))}.  {\displaystyle b^{2}\cdot \log(b)\log(b))}) qubit operations on a quantum computer of the order {\displaystyle 2\cdot b^{1+o(1)}}.  {\displaystyle 2\cdot b^{1+o(1)}} cube (and a small number of auxiliary computations on a classic computer).

I think it is possible not to be a mathematician, and not to be an idiot, so as not to soberly look at the state of modern asymmetric cryptography, even having that little information, which is allowed for public viewing.

-------------------------
What you're describing is a real state of affairs. These concerns arise because, in my opinion, all of the modern technologies without a password that you are describing are not really that state of affairs.
If you change your password with your biometric data, then for the server, all you did was change your numeric identifier. No more and no less.
This is not at all what is offered in the technology described here.
It is not a variable key, it is not a session key which is somehow generated, distributed, used and transformed into a new key.

These are unique rules for the formation of each data packet, and completely independent of your desire, skill, amount of encrypted information, your biometric data, your passwords, keys and any actions.

For the server, it looks like a change of numeric identifier for literally each data packet.
The trick is that if the same symmetric system stands on the server, this change is equally deterministic for the server and for you, but not for the outside observer. Since this method does not use keys, there is nothing to steal except your entire device.

If you don't notice the key theft (it's a software key), you will immediately notice that your smartphone or desktop computer is being stolen from your home.

Since there is no key or password, all control is based only on derivatives of the event. Events combine the time factor (external time is always linear, and these marks are taken not every 30 minutes, as at Google, they are taken on each package and without the rules set by the programmer) external and internal time event counter. Just as you can't live the last second, so this system can't be the same as the second before. And the main role in this concept is your information, which is not encoded or transmitted, but indirectly by a one-way function influences the course of changes in the entire system.

In this concept of encryption, you can stretch to say that you are using some kind of key for each packet of data (not a message), and as I wrote earlier, the data packets are generated independently of your activity. This is a security feature of your closed link, it should always be closed if you have established a P2P connection.

But look deep into the technology, you will not be able to call it a key, it will not match the processes that are going on.

In this concept, your identifier is floating. It only applies to one data packet (not a message), it cannot be used for any other data packet.

What and why steal?

---

A distinctive feature of the keyless encryption system, as mentioned above, is the mandatory detection of any modifications.

A normal encryption system does not guarantee anything like this.

If, in any conventional key system of encryption, today you encrypt the word "Hello" with key "A", get the code "B", then tomorrow, with key "A" the word "Hello" again will show code "B".

That's not possible in a keyless system.
If you encrypt the "Hello" word at this second, you will get the "C" code. If you encrypt the "Hello" word again without interruption, you will get any cipher, but not the "C" code. Not only that, you can't do that, even if you want to.

That's the difference between keyless ciphers and key ciphers.

How does a transmitting and receiving system know the encryption and decryption rules, in this case the word "Hello"?

Note that any encryption does not happen by itself, but at least:
1) at this point in time;
2) in a certain numerical order of account of events in the system itself

Important note: taking into account only the time factor is not enough. To be more precise, physical time plays a crucial role only at the start of a communication session and in the first verification processes of your "partner".  There is no need to think that the system just counts seconds, this model is not viable and has little use in practice.

The system doesn't care what word will be encrypted, the important thing is that the system knows exactly what the Logical Time Tunnel (LTT) is working, it is now formed.
This is the LTT that has been formed, no other. It was made not by the programmers, not by the developers of the technology, but by the system itself, and one moment before encryption of the word "Hello". It's very precise and as definite as possible, no probability, but it's absolutely unpredictable for "Eva".

Therefore, the same Logical Time Tunnel is formed for both systems, so the word "Hello" is first encrypted in it, and then decrypted in it too.

Important note: in fact, the word "Hello" is not ciphered, the vector is ciphered, the link pointing to the temporary analogues of the elements, the letters of the word "Hello". It is very important to understand!!! This is the main principle.

And most importantly, the next LTT can only be correctly generated when the transmitted information up to 1 bit coincides with the decrypted information. There are no modifications.
 
This is beautiful and very useful. It is so unexpected that without a key it is possible to exchange information more accurately than with a key, which seems an inexplicable turn.

This is a first look. It's the opposite of what happens inside.

Gradually, we'll take it apart, all in detail.
It'll be even more interesting from here, I think, of course. 

---

Perhaps the attentive reader will have a question about how quickly the system will react to the modification?

If the modification is local, it will respond instantly in the command part of the data package.
If the modification is in the information part of the data package, then..:
- for data packet, in which false information is transmitted - instantly;
- for data packet, in which user information is transmitted - with delay.

Therefore, any decrypted user information is first assigned a status: "conditionally correct".
Then, if the following package is successfully received: "most likely correct".
And finally, when receiving the third data packet: "absolutely correct".

The data packet is only 304 - 516 bits, not the whole message.
So the user won't notice anything, he is doomed to always use only the information "absolutely correct".

The technical explanation of this checking scheme is about this:
1. The minimum value of time it takes to detect an information modification is the moment the cipher code hits the last and penultimate decryption round (7th and 8th rounds of encryption).
2. The maximum time it takes to detect a change even at the 1-bit level in the information portion of a data packet is equal to the time it takes to send the next 2 packets and receive the next 2 packets.

At this maximum time point, by default, a ban will be programmed to deny the decrypted information to the user.

--------------------
What you call "quantum cryptography", and that's what everyone calls it, is only needed to agree on common encryption keys for common symmetric cryptography, such as AES-256. They use AES-256 because it cannot be cracked by any quantum computer.
It will be a post quantum symmetric system, so NIST, USA, decided.

It's a wordplay - it's not cryptography, it's a way to generate the same keys for 2 people.
China has developed this topic so well that it is already used in practice for banks, nowadays.
Why did this technology start developing?
Because the asymmetric encryption system (RSA, ECC) was performing this function, namely the function of matching the common key over a public channel for a symmetric encryption system.
But all asymmetric modern systems are unreliable.
This was a very controversial and very closed question until the threat of quantum computing appeared.
Today, for specialists, it is no longer a controversial issue, but a fact.
All modern asymmetric systems will collapse at any key length.
In fact, they have long been considered "conditionally reliable", but this is not what we are talking about.
The whole world, for many years now, has been looking for a reliable post-quantum asymmetric system.
For what?
Only for the main purpose of agreeing on a shared encryption key for symmetric systems.
As such model, approved by NIST, is not yet offered, began to develop technologies of the last century (the first such successful experiments Americans made in 1980), on a new element base.
It's a photon transmission of the polarization direction of the photon.
It is expensive, not convenient and it is not for those who have a smartphone, computer, tablet and ordinary Internet wi-fi. It's for VIPs. In addition, the option of fiber optic is a very slow Internet. But it's not cryptography in its normal sense.

You're wrong about the "quantum internet" being afraid of the "man in the middle" attack. This attack is only dangerous when it can be conducted invisibly.
You can't do it inconspicuously on the quantum internet.
This is a huge advantage of this method.

But there are other solutions.

1.
Here is the technological direction, and fast and reliable, and in no comparison with "quantum transmission":

"Science...
The new, non-hackable security system created by researchers at the King Abdullah University of Science and Technology (KAUST), the University of St Andrews and the Center for Unconventional Science Processes (CUP Sciences) aims to revolutionize communications privacy.

The essence of it is that the optical chip communicates over the fiber Internet with another optical chip, both chips have their own chaos, based on the second law of thermodynamics, the law of entropy, exchange through an open channel photons, different photons with different physical characteristics, the common encryption key is output as a digitization of the superposition of photon states at the output with the photon at the input. Simple, elegant. But the reliability of this method is that this key is calculated at both ends of the communication channel - and the channel is never transmitted.
Not only is it long enough to make a module 2 addition with the message itself. And this gives the Vernam class cipher, the only cipher for which absolute reliability in the absolute sense has been proven.

This was invented in the century before last (!), proved in the middle of the last century (!), all old reliable technologies - return in a new quality.

This is the technological way of cryptography development. It requires new chips and fiber optic cable between subscribers. But it will bury "quantum internet."

 2.
Two, not technological, but software. It's not worth anything.
It's not known, it doesn't claim to be laurels, but it works well for individuals, quietly and smoothly.
Here it is:
https://bitcointalk.org/index.php?topic=5204368.0.

Fraudsters are always more advanced and more inventive than their victims.
When discussing the issue of tracking, I would not worry about scammers, they will get out in 10 cases of 11, but I would really worry about tracking large or interesting Bitcoin owners, decent people.
 Yesterday, VPN and TOR were in the arsenal of our anonymity tools. But at the end of last year, it became known (this does not mean “appeared” as a phenomenon) that there are technologies not only for tracking users of these technologies, it’s half the trouble, but there is the possibility of “listening” and phishing attacks on these users.
The truth is that a fraudster almost always provides for such an option, and we do not always. We always hope for technology, and what happens inside these technologies - we don’t know or we don’t know everything.