this post was submitted on 28 Nov 2023
740 points (99.3% liked)

196

16597 readers
3423 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS
740
encrulepted (retr0.id)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks "all the data is encrypted?" In the second, the goose chases a person, asking "encrypted how and with whose keys, motherfucker?"

@196

all 38 comments
sorted by: hot top controversial new old
[–] [email protected] 94 points 1 year ago (3 children)

I once had to work with a government agency that insisted they generate and provide my private key.

[–] peopleproblems 42 points 1 year ago

At least they told you about the wire tap?

[–] [email protected] 27 points 1 year ago (2 children)

I'm migrating millons of encrypted credit cards from one platform to another (it's all in the same company, but different teams, different infra, etc).

I'm the one responsible for decrypting each card, preparing the data in a CSV, and encrypting that CSV for transit. Other guy is responsible for decrypting it, and loading it into the importer tool. The guy's technical lead wanted me to generate the pair of keys and send him the private key, since that way I didn't have to wait for the guy and "besides, it's all in the same company, we're like a family here".

Of course I didn't generate the key pair and told them that I didn't want to ever have access to the private key, but wow. That made me lose a lot of respect for that tech lead.

[–] [email protected] 14 points 1 year ago

So you wanna be key buddies? Respectfully.

[–] uis 2 points 1 year ago

I know one municipal agency that does the same...

[–] [email protected] 65 points 1 year ago (2 children)
[–] [email protected] 18 points 1 year ago (1 children)

Probably also whatsapp chat, imessage, and other proprietary encrypted messaging apps out there.

[–] [email protected] 23 points 1 year ago (2 children)

Many chat apps actually use the Signal protocol for end to end encryption. This includes WhatsApp, Google Messages (RCS), Facebook Messenger, and Skype. iMessage doesn't seem to use it.

[–] [email protected] 15 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 3 points 1 year ago (1 children)

Why is end to end encryption a red flag???

[–] [email protected] 15 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 7 points 1 year ago (1 children)

oh, red flag for facebook, that makes sense.

but then if you care about privacy why touch anything Facebook has made at all?

[–] [email protected] 6 points 1 year ago* (last edited 11 months ago)
[–] [email protected] 9 points 1 year ago

But we also can't check their process since they are closed source. Also, if they can decrypt in the browser or proprietary app, then they can still read your messages. Browser is vulnerable to other attacks.

[–] [email protected] 14 points 1 year ago

That's not even Nothing Chats' biggest problem: it's that it gets completely MITM'd by going onto some mac mini in some server farm somewhere.

[–] [email protected] 45 points 1 year ago (4 children)

I suggest we rename base64 to ’Military encryption’.

[–] [email protected] 24 points 1 year ago

ITS NOT ENCRYPTION ITS ENCODING D':

[–] AlecSadler 13 points 1 year ago

I love seeing ads touting "military grade" things, it basically means...it probably isn't worth buying.

[–] AnUnusualRelic 7 points 1 year ago

Isn't that rot13?

[–] FrankTheHealer 7 points 1 year ago

'Military GRADE encryption' *

[–] gmtom 36 points 1 year ago

It's encrypted by changing the font to windings and making the text colour white before sending.

[–] [email protected] 34 points 1 year ago (1 children)

Looking directly at you, Telegram!!

[–] uis 3 points 1 year ago

At least it has one-to-one E2EE and straight upgrade from vk.

[–] [email protected] 29 points 1 year ago

Our website is using ssl, to keep you protected.™

[–] beebarfbadger 17 points 1 year ago
[–] JackLSauce 16 points 1 year ago (2 children)

Wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow.... The data are encrypted

[–] [email protected] 13 points 1 year ago (1 children)

Ugh. This is one of the correct usages that actually bothers me.

[–] CoggyMcFee 6 points 1 year ago (2 children)

Correct according to whom? The word has a long history of being used with a singular verb. The dictionary indicates it is usually used with a singular verb. Only a small number of people insist on trying to override this.

Who cares if it is plural in Latin? Once something moves into a new language, it’s not beholden to the old language. We don’t use a plural verb with “spaghetti”. Germans borrowed the word “party” from English and they pluralize it as “partys” — they don’t need to follow our rules for what is now also their word.

Don’t give in to these people who claim that “data” is supposed to be plural. They are treating a personal preference as a fact.

[–] [email protected] 2 points 1 year ago

To be fair, German (and other languages) borrowing from Italian is a whole can of worms, but you're right: Borrowed words don't need to follow all the declination or conjugation roles from their original language.

See also: Two espressos. One zucchini.

[–] [email protected] 1 points 1 year ago

God I think I love you

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

So there's like a talking goose and your first thought is to criticize it on grammar?

[–] JackLSauce 2 points 1 year ago
[–] [email protected] 14 points 1 year ago

just a vigenere cipher because budget cuts

[–] [email protected] 13 points 1 year ago

it's ok i'm always losing my keys anyway

but my couch cushions are pretty secure

[–] dipshit 12 points 1 year ago

openssl and I created my own keys! suck it, verisign!

[–] [email protected] 9 points 1 year ago

Now tell me all the {en,de}cryption points in your event sourcing.

[–] uis 3 points 1 year ago

I'm a goose and I'm coming for yous!