But you could come up with a simple and unknown encryption method that would be effectively unbreakable within the time required to be useful.
One of the ransomware systems out there is not actually encrypting the data, it’s zeroing it out! Apparently a mistake on their part if they’re going after good sized fish who would no doubt look at some files to see what’s what. (E.g., some older ransomwares just did an xor with a fixed string. Trivial to find the string if you have any backups at all and semi-trivial if you don’t.)
If you’re going to be that evil just write random bits.
And if somehow magically the NSA got involved, there’s nothing they can do at the bulk scale. Recovering overwritten bits on a HD can sometimes be done with significant effort. An SD can be partially recovered at best.
At the data center level, the payment is cheaper and hopefully more reliable. Except that some ransomware folk aren’t providing the key anymore. Money down the drain.
Here’s a related thread from a couple years ago. Ransomware: What is the alternative to paying the ransom?
What I don’t understand is why some organizations are so lax with computer security they have no backups or disaster recovery plan is in place. The article said they believe it started with someone opening an e-mail with a virus. We easily have ways to filter out a virus. We have snapshot backups to be stored off-site and online.
I just don’t get it. Something has been lost along the way, that they think reasonable computer security, backups and testing are no longer needed.
I don’t think that would work. If she was paranoid about data security, I’m sure she used full disk encryption like Bitlocker, which should be effective against this type of attack.
Usually it’s a matter of management not wanting to budget for it. Slapping on some AV software is cheap and you can tell people you’ve done something security wise. Creating a comprehensive system of backups, including offsite backups, disaster recovery, centrally managed AV, and training/enforcing users not to bypass it (by doing things like saving important files to a local drive instead of the network drive that gets backed up) all need money and people. And if management isn’t familiar with IT and doesn’t have anyone pressing them to do it, they’re really not going to want to spend money on these sort of invisible background protections until after a disaster.
A lot of states are waking up and enforcing standards for state and local agencies, but it’s nowhere near universal. Until they do, lots of cities and smaller agencies will just have horrible IT practices and will be highly vulnerable to situations like this. I mean, I know of an agency that finally got rid of their last Windows 2000 web servers about a year ago, even though windows 2000 stopped getting security patches around a decade ago.
If she knew what she was doing and using cyber security measures, then they’d turn the computer on, and not be able to get in because they couldn’t get past the encryption software. If she’s ‘regular paranoid’ it would just have a password, if she’s ‘seriously paranoid’ it could require some kind of physical device to get by. Encrypting drives that have data (and routinely cleaning drives that shouldn’t) massively reduces the risk of exposure from physical access.
Except for the password taped to the side of the monitor, or the dongle sitting on the tower. 
People are bad at physical security.
Bolding mine. The two statements you made are inconsistent with each other. If you really have the background you claim, you would know that, short of non-classical computers or a breakthrough in mathematics, AES 256 is impossible to break with any computer that could be built with all the matter in the observable universe.
It’s entirely possible that AES or other well known algorithms contain a *mathematical *flaw that the NSA is keeping under wraps. Some of the leaked documents hint, actually, that they might have something like that. But this isn’t a matter of computing power - if the NSA can break such messages, it’s using a trick that allows them to do it with supercomputers that are feasible in the here and now.
And obviously, if they did have such a trick, it’s going to be classified and kept secret to the maximum possible extent, so that foreign adversaries are unaware their secret communications are being decrypted. They aren’t going to “help out” over a mere $600k.
Well of course; that was my point. She didn’t have a password or disk encryption software, but for some bizarre reason, she thought that turning the thing off every night somehow materially enhanced her security, despite having file cabinets full of sensitive stuff in the same room with the easily breakable windows. It was ignorant paranoid.
It was a case of seriously flawed risk assessment- in her thinking, the risk was from random internet hackers somehow getting access to her PC, figuring out her bank info, and stealing her blind, not someone deliberately targeting her and getting into the house somehow.
It’s like setting off on a hike through Death Valley and worrying more about whether you have enough toilet paper than if you have enough water.
Do you mean “non-classical computers” like, for example, quantum computers which I mention in the very post you quoted?
And I want to see a cite for that “all matter in the observable universe” claim.
Hubble limit and that quote is actually true for AES-128. Google it yourself, this is basic knowledge anyone with a real PhD in cybersecurity would know.
He’s not a moron. He knows more about law enforcement capabilities than either of us - and especially you since you’ve shown a misunderstanding of how the intelligence community works.
The actual problem is that Barr has terrible, dangerous, unprincipled judgment.
I googled it and I still don’t know what you’re referring to. Cybersecurity is a big field. Perhaps this is a concept I haven’t encountered. To be fair, I’m more on the business and management side than the math and computer science side. Can you point me to a resource?
You clearly have no idea what you are talking about, nor know what any other poster is talking about. Thanks for posting though.
I assume this is what he is referring to - https://www.eetimes.com/document.asp?doc_id=1279619#
Yeah, after I posted I was thinking he meant either that or that 2^256 is a number larger than the number of all atoms in the universe. Which is all fine and dandy, but he wrote, “AES 256 is impossible to break with any computer that could be built with all the matter in the observable universe”, which is just a bit different.
So, SamuelA, in an effort to discredit me for whatever reason, you appear to have mangled an actual fact beyond recognition, failed to read the part of my post where I allow for advances in non-classical computing, and gotten in a huff when I asked you to back up your assertion.
I award you no points, and may God have mercy on your soul.
Agreed, he mangled the headline and ignored the caveat in your post.
So did indifference. I said non-classical computers. The problem is these are speculative. Classical computers can clearly be scaled and made bigger, if nothing else. (and denser in 3d and so on). Quantum computers may or may not scale, if they don’t scale, then they might never let you solve a problem that is effectively impossible to solve with classical computers.