After seeing the video of veritasium on these topics, I wondered how standard notes was prepared for these innovations. - how is store now, decrypt later hindered (if that’s possible) - is the current encryption algorithm resilient against quantum computing etc.

Does somebody have some expertise on this? It would also be great of standard notes themself put a blog post or video out on that topic.

  • TransporterOPM
    link
    32 years ago

    The “store now, decrypt later” is an issue with public key cryptography- which is most internet traffic. Symmetric encryption isn’t really messed up by quantum computing even in theory- your 256 bit thing might become effectively a 128 bit thing, but that’s still incredibly impossible to worry about (there’s some general purpose algorithm that requires a quantum computer that would generally halve the key size I think).

    What is likely threatened by quantum computing are public key algorithms that work on the idea of one way being easy, and another way being hard. Like factoring- multiplication of huge numbers is fast, factoring them is not. Shor’s algorithm is the famous one to be able to do this fast enough given a good quantum computer. But a lot of these allegedly one-way functions would be varying degrees of screwed up in the so-called ‘post-quantum world’.

    In a normal SSL connection, you use public key cryptography to exchange a symmetric key, then you use that. So if you were to record an entire SSL connection and then in the future be given a big quantum computer, you could in theory work it all out- first by undoing the public key initial piece, and then by reading the symmetric key directly, at which point you would be able to decrypt the remainder normally.

    From my understanding, standard notes wouldn’t actually be subject to this, as it never transmits your actual key- you encrypt it with your real key locally, and then it gets sent as TLS stuff. So while the public key could be discovered, and the private key for the TLS session, the actual payload data would be encrypted with a key derived from your password that is never transmitted.

    Now, if it does actually transmit that key at some point, then all bets are off. But it couldn’t really be secure if it transmitted your key anyway right? So it probably doesn’t do that.