Dnia poniedziałek, 19 sierpnia 2013 13:12:35 Lodewijk andré de la porte pisze:
AES-128 is obviously not secure enough against NSA-type attacks. It works against the random raid of the servers, the exploitative sysadmin and perhaps even the remote exploit in the software. It also allows Google to run storage nodes at a lower security level, which might help them smooth operations.
Nothing there to help against the agencies.
But the algo is really completely irrelevant here. They could have used OMGWTF-8096 and it would still be irrelevant. If the keys are being held by Google -- and as far as I understand, they have to -- the whole encryption is moot. They don't have to give the government the keys. They can just hand over the cleartext... The point about running nodes at a lower security level is interesting, though. Maybe that's the whole point: - Hey Joe, if we encrypt user data (and hold the keys), we could care less about these nodes' security. - Hey, yeah, Jack, this seems to be a good idea; and we could sell it to people as a "security enhancement", esp. after PRISM. - Oooh, I like this. I'll be talking to PR dept right away! -- Pozdr rysiek