What percentage of your online communications are encrypted?
Displaying poll results.16328 total votes.
Heavier than air flying machines are impossible. -- Lord Kelvin, President, Royal Society, c. 1895
Heavier than air flying machines are impossible. -- Lord Kelvin, President, Royal Society, c. 1895
Really? MD5? (Score:1, Insightful)
That was cracked a long time ago.
Re: (Score:1)
I decrypted it, it was a Ubuntu disc iso ...
Re:Really? MD5? (Score:4, Funny)
Yeah, I was waiting something like `echo "You insensitive clod" | md5sum` instead.
Re: (Score:3)
Yeah, I was waiting something like `echo "You insensitive clod" | md5sum` instead.
61A6A7F76C02BBAABE6A4D97ACCD50DB
Re: (Score:1)
Re: (Score:1)
I decrypted it, it was a Ubuntu disc iso ...
By decrypted, you mean Googled? [google.com]
Re: (Score:2, Interesting)
By decrypted, you mean Googled? [google.com]
Rainbow table searches are a valid form of brute-force decryption.
Re: (Score:3, Informative)
Plus, it isn't an encryption method.
Re: (Score:1, Troll)
Actually, yes it is an encryption method, just a one way encryption method.
http://en.wikipedia.org/wiki/C... [wikipedia.org]
Re: (Score:3, Informative)
Slight difference there: It's cryptographic, but not encryption. You cannot "decrypt" the output of a one-way hash. Hence why it's not encryption.
Re: (Score:2)
Re: (Score:2)
MD5 has never been considered encryption. As was already pointed out it's a cryptographic hash, not an encryption method.
Re: (Score:3, Funny)
Really starts getting into splitting hairs at that point though. If someone says a "one way encryption function" (which I've heard many a security professional use exactly those words in context) everyone knows they mean hash functions. You could argue the literal definition, but encryption is for all intents and purposes the applied ideas of cryptography. Then again this is slashdot, nearly everyone splits hairs about everything...
Re: (Score:3)
If we are getting into the technical definition, bit length, key length, etc. doesn't really pertain to something being encryption or not. By definition a Vigenère or Caesar cipher are consider encryption methods (and Caesar doesn't even use a key) but those are very primitive versions of encryption. If I remember correctly yes, you can still have collisions on something like your example depending on the method used (been a while since I did any of that, so I am a bit rusty). MD5 has lots of known
Re: (Score:2)
The key is obviously not noted in there, as a PKI encryption is "encryption" by all definitions, and is done with a key, and signing is a hash done with a key. They are similar (and related) keys.
Re: (Score:2)
The definition for decrypting something is hazy at best as technically using a dictionary attack against a hash function both "decrypts" it and is loss-less assuming you have any related salts etc (this includes even things like SHA2 because with enough time/resources, admittedly ludicrous amounts, it can be "decrypted" or "de-hashed").
Speaking theoretically it should really be acceptable to say "one-way encryption method" although, as of course everyone was undoubtedly going to point out when I said that,
Re: (Score:2)
Re: (Score:2)
Lets not start arguing semantics, its a substitution cipher. You could call it a key of sorts I guess? Not the same as the key you would use for AES or others though.
Re: (Score:2)
http://stackoverflow.com/quest... [stackoverflow.com]
Googling is hard. I now have proof I am masochist, I keep answering people that clearly are just trolling.
Re: (Score:3)
Shut it elitist punk. Slashdot is obviously exactly where they need to be if they have a strong opinion that is wrong.
Re: (Score:2)
Re: (Score:2)
While theoretically true, rainbow tables strongly disagrees :). That is probably the main reason that definition isn't exactly right. I think general definition is actually something encoded so that only allowed persons can read it. It really isn't much of (if at all to most people in the field) a misuse of the term encryption to use it in context to hash functions as long as you qualify that it is a one way encryption method.
Re: (Score:2)
Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.
Re: (Score:2)
Bruce Schneier [schneierfacts.com] uses MD5 as a compression algorithm.
You say this as a joke but where I work that's exactly what we use it for. We use it to index and catalog larger records.
It's much easier to check whether a md5sum is unique than to check if an entire record is unique. We obviously can't
reverse it but it is easy to recompute it on a new record to see if it's already in the database. There is the small chance
of collision but as a non-malicious md5sum collision has a lower priority than a life destroying asteroid collision, it's
good enough for our purposes
Re: (Score:2)
Re: (Score:2)
isn't that basically the way everyone uses a checksum...?
The traditional use of checksum is to verify that a large file or other bits of data are not corrupt.
Using it to compress,index, or deduplicate large files kindof like a "rainbox table" is not usually
what checksums are used for. For one thing it partially goes against what a checksum is
designed for. A checksum is designed to change even on a very minor change so unless you
have very structured data it's very hard to use a checksum to verify if a record already exists.
Re: (Score:2)
Re: (Score:2)
It could be cleverly disguised as a bit of MD5 but is actually something encrypted with a 33 character one time pad.
Re: (Score:2)
You should use an actually valid md5
Should amend the poll question (Score:5, Insightful)
"What percentage of your online communications do you believe are encrypted?"
Re: (Score:2)
and does it matter any more..
Re: (Score:2, Interesting)
"What percentage of your online communications do you believe are encrypted?"
This.
My company forces a SSL proxy and pushes their root CA to all browsers so nobody even knows about it.
So I don't log into anything at work. Don't need the IT monkeys logging my passwords.
Re: (Score:2)
How about using the reflections plugin? It will at least tell you the SSL cert isn't the expected one.
Your approach of simply not using the compromised computer is of course the most secure.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I know they can crack my VPN connection if they want to, but it costs them time and money. No more real-time surveillance capability, big dis-incentive to casually snoop on me. Encryption doesn't always have to be perfect, adding cost is well worth doing in this case.
Ubuntu? (Score:2)
Why?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So, you are saying that 14.04 is broken because of a bug that was not present in the final release but in the beta?
Encryption is pointless (Score:1)
Email is a postcard.
Anyone can read it as it passes by.
Encryption is pointless.
All encryption can or will be broken.
By encrypting you merely flag yourself.
A conspiracy of more than one person will be found out.
Re: (Score:2)
Encryption is about time.
So, everyone encrypt everything.
Re: (Score:2)
Encryption is not about making it impossible to decode (in some cases, hash functions actually do try to do that), it is more about making it not worth the effort or making the effort so high that once you DO decrypt it the information isn't really that useful.
It is kind of like trying to to hunt through a haystack for a few small items only you have to jump through 200 proverbial hoops before you even get to look for one single item that may require four other items in a different haystacks before it means
Re: (Score:2)
+1
Nothing is 100%. However, security to keep the majority of the attacks is useful.
One can say that because some people can pick the lock on a front door, then locks are not needed. However, locks often do work and up the ante for someone getting in.
I have a habit of encrypting whenever possible. This way, should something happen like my Android tablet get stolen, a USB flash drive used for backups gets nicked, or cloud storage broken into and files snarfed, the damage done is mitigated.
Of course, key ma
Re: (Score:2)
Nothing is 100%.
That depends. Is your checking account adequately secured if I write down a random number and it happens to be your account number?
Many encryption schemes will outlast the data integrity and greatly outlast the universe. A {2,3} quorum of Rivest, Shamir, and Addleman can attest to this. Someone may guess, but not by repeatable effort; they'll guess by dartboard.
Re: Encryption is pointless (Score:2)
They're watching us. Through our computers and cell phones.
Shame no one on that plane had a cell...
Re: (Score:2)
See what I did there? That wasn't just the woosh of you not getting the joke, but also the woosh of the plane! Clever, right?
Shouldn't that have been "splash?" Or is it too soon?
Re: (Score:2)
Because there was no joke. He was being genuinely stupid, by unironically suggesting that "they" could have found Flight 370 with their magical cellphone detectors but have chosen not to.
The next funny bit is, you're talking to me in the third person, letting me know that my joke was not a joke, and talking about how non-tech-savvy I am, despite the fact that I've been programming computers since I was 7 years old, have worked on some incredibly significant technology in my career and have been known to build 3D printers with hand tools in my living room for fun :D
Doofus.
Not slashdot.org (Score:4, Interesting)
Re: (Score:2, Interesting)
So what you are saying is the people voting for that last option are lying...
Encrypted? (Score:2)
Re: (Score:2)
other than that I have nothing to hide
Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.
Re: (Score:2)
Re: (Score:2)
I fear that the type of person who demands to see your browsing history is precisely the kind of person who would take it out of context.
Re: (Score:2)
So if I were to have witnesses to explain away any such oddities, I'd have nothing to fear. And there's no reason for anyone to target me for special interes
Re: (Score:2)
Yes, but when people are looking for a pattern, they will fit data into the pattern.
" Don't be the most attractive target. That is all. "
wrong. But hey, your mom was unsecure, so I guess that's how tit work and not just luck.
Re: (Score:2)
Re: (Score:2)
other than that I have nothing to hide
Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.
I delete it regularly anyway so that would not be a major concern for me. So I watch porn, visit Arrse (an unofficial British military forum), browse wikipedia, come on slashdot aaaand that covers what, 3/4 of my browsing? Nothing too concerning there.
I don't know... (Score:2)
Re: (Score:2)
Wow! The refund process is taking even longer now.
Torrenting (Score:2)
MD5 isn't a good encryption method. (Score:2)
Nice Ubuntu reference, but it's out date:
ubuntu-12.04.4-desktop-amd64.iso
Re:MD5 isn't a good encryption method. (Score:4, Funny)
Re: (Score:2)
MD5 isn't AN encryption method, period.
Well, technically, it encrypts things, but without being able to DEcrypt them, it's not very useful.
1a57290facd5dcf9308d343988230b85 could be the result of "echo a | md5", "md5 ~/Desktop/War_and_Peace.txt"... or both... or something else entirely... or any number of other things. If you figure out what it is, tell these guys. [md5this.com]
100% (Score:4, Funny)
I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.
Cheers,
Dave
Re: (Score:2)
I encrypt 100% of my on-line communications using the fiendishly difficult to crack ROT26 cypher.
49206d6967687420636f7079207468617421
Re: (Score:2)
With people like you that can't even decipher OPs comment why do we need encryption?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
even in utf-8 that should be rot0x256 or something.
The problem is that the amount of characters Unicode increases every now and then (the maximum is 1,114,112 characters, by the way), and there are also unallocated character slots in between.
What percentage of what now? (Score:1)
Is the metric here supposed to be by volume of data passed or connection count?
Does Pig Latin count? (Score:1)
Ig-pay Atin-lay or-fay e-thay in-way!
All my Wifi? (Score:3, Informative)
I think my communication is encryptet everytime it goes over a WIFI network. Aswell as when I use my phone to the comapny VPN.
Also many shopping sites uses secure HTML.
So about 50%?
If the question is how much I intentionally point-to-point encrypt then I would only count my workcomputers VPN to company servers (so about 5%?).
Re:All my Wifi? (Score:4, Insightful)
Most insightful comment I've seen.
I use https most of the time, but how does it count to access e-mail, when the e-mail service is provided by a third party so they have access to all my communications.
In the end, there's always a third party involved that may not care about the secrecy of my communications, so end-to-end encrypted, is probably none. I connect to my work computers using VPN but then again, my employer probably have access as of what I'm typing and doing.
Does having partially encrypted communications help? Perhaps. Perhaps, so that Comcast/Verizon/T-Mobile or other carriers cannot steal the ad business from Google, Amazon, etc.
Makes a good point (Score:2)
First what do you mean by encrypted? I mean you'll find that a lot of stuff is encrypted at some point. Wifi is a good example. However so is a cable modem. Any DOCSIS connection is encrypted, 3.0 ones using AES. Of course the encryption is only to the CMTS, it is to keep your neighbours from sniffing in on your traffic, it has to get decrypted for the ISP.
Also something like a VPN is nearly end-to-end, but only if you then stay on the network it attaches to. Many people use a VPN, but then will go out to o
Probably more than I expect (Score:2)
SSL all the way, baby... (Score:1)
I always use the https version of websites. Especially those that use OpenSSL. That's super secure and keeps me protected all the time.
Oh, no wait, that might not be right...
https (Score:1)
you asked the question, but how come Slashdot is not using https....?
Re: (Score:2)
If you are a subscriber, Slashdot allows use of https.
Mixed content blocking is why (Score:2)
HTTPS Everywhere broke recently (Score:2)
I used to be closer to 60% (only unencrypted things would be torrents and Steam downloads), but a few weeks ago HTTPS Everywhere broke. So now I'm probably around 30% - the HTTPS-always sites, plus SSH and VPN tunnels.
https://slashdot.org doesn't work. (Score:3)
Re: (Score:2)
It does if you subscribe, which is weird because I can't find that policy spelled out anywhere.
standard encryption (Score:2)
I double-ROT13 all of my textual communication.
Re: (Score:2)
Communications but not data (Score:2)
Probably most communications are already encrypted. But I believe my data is stored unencrypted.
Depends... (Score:2)
Depends on what "online communications" are.
If you mean things like Email, the answer is "none" - simply because Email-encryption remains too difficult for people to setup and use, so no one does.
If you include browsing, well, since Snowdon, the websites I run are https-only. Unfortunately, most sites haven't taken this step - and anyway, it only helps if you also block the trackers and take other privacy measures.
Re: (Score:2)
For me, I sign my work E-mail with S/MIME by default.
At home, I don't bother because I've had people go bananas thinking the picture of a ribbon in Outlook was some type of malware. Some private E-mail gets sent via PGP, but oftentimes, it tends to be a keyfile attachment, and a TrueCrypt container with the actual TC volume stashed on a bulk download site like MediaFire.
I prefer PGP over S/MIME because once keys are exchanged and used for previous transactions, it is obvious that someone is impersonating t
Near 0%. (Score:2)
It depends... (Score:2)
Percentage of...? (Score:2)
Percentage of online communication.. by number of bits: torrents dominate, and some HTTP downloads, and these are not encrypted. By my attention, there's more text-based communication, and I'm probably up at 50 %
By volume or ??? (Score:2)
Probably around 60% by volume thanks to encrypted torrents and Tor traffic.
That's counting HTTPS traffic, although IMO any cert from a CA is nothing but a feelgood measure when it comes to keeping your data from the NSA.
Re: (Score:2)
That is already happening on any website (including Slashdot!) that has a facebook plugin running anywhere on the site. Even if you don't have an account.
Re: (Score:2)
$ cat
127.0.0.1 www.facebook.com facebook.com
127.0.0.1 www.static.ak.fbcdn.net static.ak.fbcdn.net
127.0.0.1 www.login.facebook.com login.facebook.com
127.0.0.1 www.fbcdn.net fbcdn.net
127.0.0.1 www.fbcdn.com fbcdn.com
127.0.0.1 www.static.ak.connect.facebook.com static.ak.connect.facebook.com
127.0.0.1 www.static.ak.facebook.com static.ak.facebook.com
Re: (Score:2)
Hmmmmmm, that is a very good point and I may actually steal this idea. I never thought about doing that to break their crap. I've seen an adobe crack for CS5.5 that does something similar for the DRM (which is downright hilarious that adobe's DRM is that bad).
Re: (Score:2)
Re: (Score:2)
That is part of the challenge of security. One of the major principles is adoption. You have to make the security protocol at least somewhat convenient so that users will actually use it. Think about this, actual good security for lots of my valuables that I use everyday (car keys, computers, electronics in general) would be to have it locked inside a safe when not used that requires probably 2 factor authentication. It would definitely make it very difficult to steal or tamper with it, but why do I and
Re: (Score:1)
Sweet! I hacked your account to post this message.
Re: (Score:2)
Re: (Score:2)
And if you are not using hidden partitions for the valuable items ( among some other steps i wont mention here ), you are a fool and deserve to get the wrench.