Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [Wired] It’s Time to Encrypt the Entire Internet
New Posts  All Forums:Forum Nav:

[Wired] It’s Time to Encrypt the Entire Internet - Page 3

post #21 of 52
Even if the Lastpass servers are attacked and the data stolen, all the attackers get is hashed data.

Lastpass does not keep nor have access to mater password or encryption keys, all encryption is done locally and the encrypted data is sent to Lastpass.
Quote:
However, LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted - it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection. On the majority of the web, user data is not encrypted before being transmitted over SSL, hence the widespread concern.
http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html
post #22 of 52
The whole idea behind encryption is that it is supposed to be very trivial for those who are intending to receive or send messages to encrypt and decrypt but very hard for those who are not to decrypt it by brute force. So as people have already mentioned, it really shouldn't be that much of an issue encrypting more traffic. Of course there will be SOME overhead but not enough that it would require a restructuring of the internet in order to implement.
    
CPUMotherboardGraphicsRAM
Intel Core i7 5820K EVGA X99 Micro2 EVGA GTX 980 32GB DDR4-2400 
Hard DriveOSMonitorPower
Samsung 850 Pro Windows 10 x64 Pro Qnix 1440p EVGA 850W Gold 
Case
CaseLabs Mercury S5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 5820K EVGA X99 Micro2 EVGA GTX 980 32GB DDR4-2400 
Hard DriveOSMonitorPower
Samsung 850 Pro Windows 10 x64 Pro Qnix 1440p EVGA 850W Gold 
Case
CaseLabs Mercury S5 
  hide details  
Reply
post #23 of 52
Quote:
Originally Posted by Bitemarks and bloodstains View Post

Even if the Lastpass servers are attacked and the data stolen, all the attackers get is hashed data.

Lastpass does not keep nor have access to mater password or encryption keys, all encryption is done locally and the encrypted data is sent to Lastpass.
http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

That is very interesting, I wasn't aware of that.

So if I understand correctly, if you lose your key (ie. your computer crashes), you're boned?

EDIT:
That wouldn't make sense... there has to be certificate information stored on their servers to hand to the client, otherwise multiple clients wouldn't be able to decrypt the data without the customer passing the cert between the devices manually.
Edited by SectorNine50 - 4/17/14 at 10:29am
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
post #24 of 52
Quote:
Originally Posted by RAND0M1ZER View Post

The whole idea behind encryption is that it is supposed to be very trivial for those who are intending to receive or send messages to encrypt and decrypt but very hard for those who are not to decrypt it by brute force. So as people have already mentioned, it really shouldn't be that much of an issue encrypting more traffic. Of course there will be SOME overhead but not enough that it would require a restructuring of the internet in order to implement.

No overhead at all when compared to the extra work browsers are inflicting on CPUs these days with all the plugins, applets, and adds and such...unless all that is going to get encrypted as well, but that wouldn't make much sense.
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
post #25 of 52
Quote:
Originally Posted by Vagrant Storm View Post

Quote:
Originally Posted by RAND0M1ZER View Post

The whole idea behind encryption is that it is supposed to be very trivial for those who are intending to receive or send messages to encrypt and decrypt but very hard for those who are not to decrypt it by brute force. So as people have already mentioned, it really shouldn't be that much of an issue encrypting more traffic. Of course there will be SOME overhead but not enough that it would require a restructuring of the internet in order to implement.

No overhead at all when compared to the extra work browsers are inflicting on CPUs these days with all the plugins, applets, and adds and such...unless all that is going to get encrypted as well, but that wouldn't make much sense.

Well I wasn't even thinking about the client side since the client machine usually has tons of unused CPU power while browsing but that is true also. The bottleneck is more on the server side where it would mean more servers for sites using encryption that those that aren't.
    
CPUMotherboardGraphicsRAM
Intel Core i7 5820K EVGA X99 Micro2 EVGA GTX 980 32GB DDR4-2400 
Hard DriveOSMonitorPower
Samsung 850 Pro Windows 10 x64 Pro Qnix 1440p EVGA 850W Gold 
Case
CaseLabs Mercury S5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 5820K EVGA X99 Micro2 EVGA GTX 980 32GB DDR4-2400 
Hard DriveOSMonitorPower
Samsung 850 Pro Windows 10 x64 Pro Qnix 1440p EVGA 850W Gold 
Case
CaseLabs Mercury S5 
  hide details  
Reply
post #26 of 52
Quote:
Originally Posted by SectorNine50 View Post

Quote:
Originally Posted by Bitemarks and bloodstains View Post

Even if the Lastpass servers are attacked and the data stolen, all the attackers get is hashed data.

Lastpass does not keep nor have access to mater password or encryption keys, all encryption is done locally and the encrypted data is sent to Lastpass.
http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

That is very interesting, I wasn't aware of that.

So if I understand correctly, if you lose your key (ie. your computer crashes), you're boned?

Your master pasword is the encryption key, if you lose/forget your master password then yes you are boned.

https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/
post #27 of 52
Quote:
Originally Posted by Bitemarks and bloodstains View Post

Your master pasword is the encryption key, if you lose/forget your master password then yes you are boned.

https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/

Ah-ha, clever. So the username/password hash is passed to the server, and is presumably compared in memory without decrypting. After that's verified, encrypted data is passed back, and the client decrypts using the password.

...I like it. It makes the target way less centralized. LastPass should be the model for many secure websites.
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
post #28 of 52
Quote:
Originally Posted by SectorNine50 View Post


TCP/UDP headers are often not encrypted, but the data within them is. Otherwise routers would have to decrypt/encrypt every SSL packet to route them, which isn't practical.

It won't stop people from figuring out what IPs are connected to what services, but the contents of the data will be better protected.


F5's decrypt the payload... not sure what you are getting at here?
     
CPUMotherboardGraphicsRAM
Intel 7700k Z270M-DH3 UD 1151 MATX Zotac 1070 Amp! Edition CORSAIR 16GB 2X8 D4 3200 C16 VLPX 
Hard DriveHard DriveHard DriveCooling
Samsung 250GB 850 EVO Samsung 250GB 850 EVO Corsair 64GB M4 CORSAIR H110i 
OSMonitorKeyboardPower
Windows 10 ASUS VG248QE 24" 1920x1080 144Hz  Corsair K65 - Cherry Reds SEASONIC 80PLUS GOLD X-650 
CaseMouseMouse Pad
NZXT S340 Mid Tower Computer Case Logitech G502 SteelSeries QcK mass 
CPUMotherboardGraphicsRAM
2500k Gigabyte Z68X-ED3H-B3 EVGA GTX 680 8GB (4 x 2GB) DDR3 1600 HyperX Genesis 
Hard DriveHard DriveHard DriveCooling
256GB Samsung OEM SSD (SLOW POS) 64GB Samsung 830 64GB Crucial M4 Corsair H100 
OSMonitorKeyboardPower
Windows 7 Professional 64-bit Alienware OptX AW2310 Saitek Eclipse Seasonic X750 
CaseMouseAudio
Corsair 650D Logitech G500 Creative Titanium HD 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Intel 7700k Z270M-DH3 UD 1151 MATX Zotac 1070 Amp! Edition CORSAIR 16GB 2X8 D4 3200 C16 VLPX 
Hard DriveHard DriveHard DriveCooling
Samsung 250GB 850 EVO Samsung 250GB 850 EVO Corsair 64GB M4 CORSAIR H110i 
OSMonitorKeyboardPower
Windows 10 ASUS VG248QE 24" 1920x1080 144Hz  Corsair K65 - Cherry Reds SEASONIC 80PLUS GOLD X-650 
CaseMouseMouse Pad
NZXT S340 Mid Tower Computer Case Logitech G502 SteelSeries QcK mass 
CPUMotherboardGraphicsRAM
2500k Gigabyte Z68X-ED3H-B3 EVGA GTX 680 8GB (4 x 2GB) DDR3 1600 HyperX Genesis 
Hard DriveHard DriveHard DriveCooling
256GB Samsung OEM SSD (SLOW POS) 64GB Samsung 830 64GB Crucial M4 Corsair H100 
OSMonitorKeyboardPower
Windows 7 Professional 64-bit Alienware OptX AW2310 Saitek Eclipse Seasonic X750 
CaseMouseAudio
Corsair 650D Logitech G500 Creative Titanium HD 
  hide details  
Reply
post #29 of 52
Quote:
Originally Posted by PappaSmurfsHarem View Post

F5's decrypt the payload... not sure what you are getting at here?

Totally missed your point the first time around. You're right, Layer 7 load-balancing would definitely add some load to the balancers. I'm still not convinced that it would be significant enough to cause problems, though (again, assuming a reasonable level of encryption).
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
post #30 of 52
Quote:
Originally Posted by SectorNine50 View Post

Quote:
Originally Posted by Bitemarks and bloodstains View Post

Your master pasword is the encryption key, if you lose/forget your master password then yes you are boned.

https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/

Ah-ha, clever. So the username/password hash is passed to the server, and is presumably compared in memory without decrypting. After that's verified, encrypted data is passed back, and the client decrypts using the password.

...I like it. It makes the target way less centralized. LastPass should be the model for many secure websites.

I still have some problems with it. What's happening is you're taking your password and repeatedly hashing, which sounds good but it's still based on a static information. So interms of brute force the only added diffulty is runing SHA-256 a bunch of times. It still keeps the same order of diffulty

If I had to keep a fob with me (like yubikey) I would rather it be a RSA SecurID which uses a number (randomly generated in advance) which is changed every 30sec.
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [Wired] It’s Time to Encrypt the Entire Internet