Conor Schaefer on 12 Mar 2014 09:21:23 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sensitive Personal Information In the Cloud? Why bother?

That is precisely Greg's point, I think: encryption is only useful in the present and near-term, since Moore's law implies that cracking present encryption standards will be trivial at a later date. At said later date, you should be using stronger encryption. See this thread:

http://security.stackexchange.com/questions/2652/encryption-and-the-security-time-decay-of-prior-encrypted-data

If you can hold onto encrypted data for long enough, you'll be able to decrypt it. How large of a problem that poses for Alice and Bob depends on how much computing power you have to throw at the problem, as well as how useful the decrypted content will be at the later date. 


On Wed, Mar 12, 2014 at 11:40 AM, Paul Walker <starsinmypockets@gmail.com> wrote:
This does seem like a quandry for long-term storage of encrypted data - if an adversary obtains the encrypted data, it is not secure against future compromises of the encryption scheme, which obviates the benefits of encryption over time. Thoughts?


On Wed, Mar 12, 2014 at 10:53 AM, Greg Helledy <gregsonh@gra-inc.com> wrote:
This is a biggie, IMO.  The encryption considered very safe today could be trivial to crack 20 years from now.  If you wouldn't want the things you encrypt today being public 20 years from now, maybe cloud storage isn't the best choice.

--
Greg Helledy



On 3/11/2014 3:53 PM, Art Clemons wrote:
On 03/10/2014 01:54 PM, Casey Bralla wrote:

That being said, right now, we have no idea how long cloud
storage will last or what factors might affect the security of things
encrypted and then stored in the cloud.  The encryption method we use
today may be proved vulnerable a month, two months or years from today.

-- NOTICE - This communication may contain confidential and privileged
information that is for the sole use of the intended recipient. Any
viewing, copying of distribution of, or reliance on this message by
unintended recipients is strictly prohibited. If you have received this
message in error, please notify us immediately by replying to the
message and deleting it from your computer.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug