• 0 Posts
  • 5 Comments
Joined 1 month ago
cake
Cake day: October 12th, 2024

help-circle
  • Https is encrypted but it uses TLS which is a method thats pretty crackable with quantum computers as far as im aware

    No. Current TLS ciphers and key exchanges, are EXTREMELY FAR from “pretty crackable” with anything, quantum or otherwise, especially when considering the lifetime of the keys are so short. The only entities we can reasonably foresee as capable of performing any kind of quantum cracking in the future are going to be global superpowers (arguably only the US and China).

    But the keys to all TLS transactions are based in root CAs, and nearly all of those are subject to US/western intelligence jurisdiction. There’s no need for the state to crack RSA to compromise TLS. Look into how chain of trust works.

    Because the traffics encrypted it cant be injected with malicious or otherwise stuff

    MITM has been commercialized, it’s basically what Cloudflare does. If a host is behind CF your connection is only encrypted to CF, which then decrypts and re-encrypts the connection from itself to the host. Cloudflare is busy swallowing up the internet, so it’s not just state-level attacks that can openly compromise TLS with zero cracking required. VPNs can’t protect you from this, either.

    The encryption is nice too but like i said it wont be secure for much longer so theyll have to update it soon to another protocol.

    I’m sure you have good intentions, but you shouldn’t be making statements like this.




  • Honestly? It really doesn’t matter that much considering the western empire basically owns the root-level chain of trust for nearly the entire internet. This is only for superpower state-level attacks, so why bother building a quantum supercomputers to crack RSA or break D-H, when you already have access to the private keys from nearly all CAs on earth? Not to mention almost no one uses anything resembling a secure OS or web browser, which is the only thing keeping your private keys secure.

    Even if you’re shelling into a supersecret chinese personally-compiled openbsd VPS full of classified USDoD leaks, with your own personally managed 4096bit RSA keys with no other chain-of-trust to worry about, kicking down you door is going to be a hell of a lot cheaper and less complicated than building multi-trillion dollar gigantic secret underground quantum computers, that can, at best, break RSA in weeks instead of millennia. If that’s the case, then you better have strong disk encryption and nerves of steel. Ultimately breaking at-rest schemes and aes/(x)fish/serpent ciphers is more important.

    If 4096bit RSA is somehow broken in our lifetimes, we can probably replace it with ed25519 or something more complicated and the arms race continues.

    A large state breaking RSA is more-or-less a vanity project with regard to the implications.


  • No, sorry, that’s just marketing bullshit for honeypots. There are no cosmic deep magic herbs and spices here. Just open encryption standards. But… Mullvad is based in Sweden, which is a member of the EU, NATO and 14-Eyes, however, which automatically makes the country (and every capitalist enterprise in it) part of the largest US-controlled mass surveillance programs on earth. It’s capitalism renting you the illusion of privacy while also purposefully destroying it.