Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> multiple layers of crypto

Unless you are just encrypting stored information ('storing secrets'), I don't see what this gets you in the long run as an approach for 'communicating secrets'.

- at least one comment in this thread points out the fact that the very machines you use are likely compromised at multiple levels.

- you are communicating over a custom stack, e.g. your own chat system. Either this stack is a secret or published. If former, see above. If latter, the custom mix algo is also public.

I think the approach you advocate could work against non-state actors (Surveillance Inc., PIs, etc.), but if your local state actor with legal ability to stick a bag over your head is interested, it is useless.

In context of OP and RT decryption by NSA, your signal would raise flags given that known methods fail to decrypt it. So you'll get flagged, and "your" machine will likely gets to chat with its government peers via factory installed backdoor to spill the beans.

Given all this, the consensus advice of "don't roll your own" possibly boils down to practical advice: the standard is vetted and is effective against non-state actors, and your innovations may simply reduce the standard protection, but they will not gain you anything (since the non-state actor is already frustrated by standard crypto anyway.)

If your game is NSA level actors, you really shouldn't be storing and communicating with computers.



> your innovations may simply reduce the standard protection

I've spent a ton of time debunking this myth. Read my other comments; this can only happen if you don't use independent keys or if you somehow break the encryption. I'm not going to waste more time explaining it.

> but they will not gain you anything

Same as above.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: