Security is Relative, not Absolute

Many security products promise the moon and stars with ridiculous statements such as “stop hackers” and “100% safe”–which are misleading at best and dirty lies at worst. No one likes to be uncomfortable about security, but the truth is very uncomfy indeed:  there is no such thing as absolute security in information security, especially on the leakiest of untight and unwieldy ships, the U.S.S. Internet.

Kleptography is the new reality, and kleptotrojans in random number generators/compilers/key generators are a lethal threat.  What is kleptography you ask?  Kleptography is using encryption to steal everything on your computer without your knowing.

Getting on the internet means being open to the delivery of kleptographic tools.  Almost as bad, we now have the internet of things (IoT), another series of threats.  What is the solution?  For the information that you want to keep private, you must go off-line.  If your life depends on it, air gapping is the only solution.  If you are using a computer, as you probably are at this moment, everything on that computer is up for grabs.  That is fine, as long as you know it and you don’t mind that what is on there can be lifted very easily.

But there is strong security and near-absolute security for all levels of information.  We can have a high expectation of privacy, anonymity, or both, with good products and best practices.

Using a product such as Protonmail for your email provider is an instance of employing strong security to ensure privacy.  Encrypting a file off-line with a symmetric cipher such as CAMELLIA256 and hashing it with SHA512, and sending that over Protonmail would be even better.  Using a one-time pad, encrypting it with an appropriate public key or a symmetric cipher, and sending that over an end-to-end encrypted provider like Protonmail is near-absolute security (NAS).  NAS is as good as it gets. Done properly, such a message will remain unter vier Augen, and will have never really existed once the key to the one-time pad is destroyed.

That said, one must be careful to be aware and to follow the laws that apply to cryptography in your area.  For example, in Thailand it is illegal to destroy keys.  In Thailand, you can use symmetric keys, but you must keep a copy because that is the law.  Find out what the laws are for cryptography in your jurisdiction.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

Up ↑

%d bloggers like this: