reply on: Do You Think Banning End-to-End Encryption is Plausible ? \ stacker news ~security

pull down to refresh

64 sats \ 1 reply \ @ek 23 Apr 2024 freebie \ on: Do You Think Banning End-to-End Encryption is Plausible ? security

Isn't this too complex for end users to use? It requires using a command line and stuff.

The unfortunate (or fortunate?) reality is that the big fish will do whatever it takes to not spend their life in prison while everyone else will be under constant surveillance without E2EE but with all implications of that.

What happens if someone intercepts the key-exchange messages?

I think the answer in the link is about intercepting encrypted messages but not about the key exchange. If you're able to intercept the key exchange (man-in-the-middle attack), the scheme is fucked. You need to be absolutely sure you're using the correct public key. That's why the phone call is mentioned: use a second channel for multi-factor authentication (MFA).

What happens if an attacker uses the attack from XKCD 538?

You're fucked but this attack doesn't work on scale so hopefully you're not among the biggest big fishes.

0 sats \ 0 replies \ @jgbtc 23 Apr 2024

I never thought about it before but that XKCD comic is pretty stupid. it pokes fun at an extremely specific and unlikely scenario where good encryption is useless. Yes sure, but the other 99% of the time it's very good to have.