Possibility of personal information security leakage. a world in which nations become villains.

-

Possibility of personal information security leakage. a world in which nations become villains.




National security technology and the world is full of villains.

The basis of war is how much I know the enemy and myself. If you know me and know your opponent well, you will win even if you fight a hundred times.

In modern warfare, how much information we have on the other side determines our fate. So we use astronomical costs to hide domestic information as much as possible and to obtain foreign information.

Recently, China banned the use of TLS1.3 for foreign https streams. This term is very unfamiliar to non-experts who are not familiar with network or security technologies, but its contents are very simple. However, knowing the terms does not help your daily life. But I can see how the world works even if it doesn't help my daily life.

For example, figuring out whether the Earth is flat or spherical will not help you live day by day. But that makes your whole worldview, your universe, your philosophy.

Your worldview is essential to form a mechanism to understand how the world works.

So listen to it. To put it simply, TLS stands for Transport Layer Security, and there was something called Netscape in Windows 3.1 before Microsoft's Explorer came out. There was this Netscape, and there was something like Yahoo, which is equivalent to Google today. But the person who understands this is a very old engineer.

Thirty years ago in the early 1990s, there was a code standard for Internet commerce and approval, which was applied by Netscape and is SSL, Secure Sockets Layer. It is the TLS that continues to compensate for and add defects and is recognized by the world as a standard.

If the basic technology of TLS is hacked, there will be a huge problem because the global information network will be breached and commercial transactions will be ruined. So all economic players are watching with keen interest. So the higher the TLS version, the safer it is. The major versions are TLS1, 1.1 and 1.2, and TLS1.3 came out about two years ago.

However, China does not allow the application of TLS1.3 to HTTPS. Now let's think about it. Why not allow safe security regulations and network commitments in China? Facebook, Twitter, and Google are not accessible in China. However, if you want to continue using it, you can access it through VPN. However, there is a technology to hack into all VPNs, and access to VPNs is blocked when China has special events.

Whatsapp and Kakao Talk also control the possibility of use during special events in China. China's WeChat is being hacked by the Chinese Communist Party.

Therefore, we should not talk bad about China by mentioning Hong Kong through WeChat. It can be a problem when entering China or the Wechat account may be suspended. The suspension of Witchett account in China is not the level of Kakao Talk suspension in Korea, but the level of banning commercial transactions. In other words, it is 100 times more powerful than whatsapp or Kakao Talk ban. You have to think that you can't ride the subway easily and can't live your daily life.

Anyway, isn't it safe because the Communist Party of China can't hack into TLS1.3?

It's possible. The Communist Party of China is thoroughly controlling and analyzing communications information between foreign countries and China through WeChat and Great Wall and the Great Firewall and network technology. But if TLS1.3 is not hacked, we should actively use TLS1.3.

However, I was surprised to see the TLS1.3 specification that this is not such a simple problem. Maybe it's using AES128 for some protocols. If I pretend to know something for you who are ignorant, the key length of the code is 128 bits, in other words, using 16Byte.

What's serious is that until recently, taking the AES256 source code from the United States to foreign countries has been banned. But it was leaked in an anomalous way. Before that, only AES128 could be exported.

Why would they ban it? Isn't that obvious? The 128-bit key length can be hacked, but if you extend it to 256, you can't hack. So what should we do? We should ban AES128 and use AES256. No matter how friendly the U.S. is, it is a bad thing if it is looking into, storing, and analyzing all of our networks. The extreme right-wing seniors carrying the Korean flag and the Stars and Stripes may actively support the U.S. finding out about Korea.

That's what I mean. China bans HTTPS and TLS1.3, while the U.S. keeps problematic algorithms alive.

In fact, from the perspective of cryptographic designers, 12 clocks are used for AES128 and 14 clocks for AES256. Note that Intel CPU computes 3.5 billion clocks per second. In other words, it computes 3.5 billion 64-bit data per second.

It's an excuse to lack hardware specs for encryption processing. It's twice the length, but it's really a small difference between 16 and 32 bytes. These days, terra uses petabytes of HDD, SSD, and that's not too long for signal processing.

There is a reason why our company proposes IoTCAS to the Internet of Things with semiconductor technology. It implements AES256, SHA256, TRNG, and ECC256 or higher as tiny semiconductors. For a safer world.

It is not necessary to mention whether TikTok provides information. It is a country ruled by the Communist Party. It's natural to collect personal information from China. What are you asking? There is no legal institutional way to withstand the government's demands. If the government requests information, the company is obliged to provide it. unconditionally ...

There are so many bad people in the world... You mean the villain could be a state.

#IoTCAS, #OpenSSL, #security, #state, #hacking, #personal, #information, #leak, #china, #hongkong, #USA, #TLS13, #AES256


https://blog.naver.com/godinus123/222064091855

https://blog.naver.com/godinus123/222064091855



Comments

Post a Comment

Popular posts from this blog

DALPU, the NEOWINE HSM for PC, Phone, Linux, Raspberry Pi

-
Image
What is NEOWINE DALPU ? Recent technology such as 5G, Big Data, IoT, Cloud, AI etc. is very important to mankind. What if your cloud server running on Giga Byte speed is hacked? If information of what you eat, buy, see, hear, touch, and feel is hacked? If surgical and injection tools are hacked? If your CCTV cameras are hacked? Your private life will be broadcasted as seen in Truman Show. Such a problem will be a matter of life and death. Information security is essential in the 4th industrial revolution. But, strong security can’t be guaranteed with SW or HW alone. Hybrid security is combined SW and HW Hybrid security solution satisfies the optimum price, power, size, speed, and availability. It’s not easy for you to understand PKI, ECDH, ECDSA, EC-ELGAMAL, AES, SHA, TRNG, PUF, KMS technology NEOWINE co. developed security, key management with HSM and operational SW We are ready to provide HSM + SW solution with ease. You can purchase the HSM (DALPU HSM through USB, MicroSD, si
Read more

Neowine developed a software copy protection device for Raspberry Pi software engineers

-
Image
Neowine developed a software copy protection device for Raspberry Pi software engineers I am seeking advice from developers and vendors regarding a software protection device. How would you rate this product? Your valuable advice will be greatly appreciated.  DORCA-3-RIM ( RIM : Raspberry pi Interface Module ) This product has the following advantages. 1. Tighter security through encryption and decryption with a hardware chip. 2. No burden to a main CPU during the execution of high-speed & performance security and system at once. This module is intended to relieve developers of technical leaks at the development stage, enhance security by using our chip in the future stage of mass production, and control a license count of developed products. You need a DORCA-3-RIM for the mass production stage on Raspberry pie project.   There are many projects that can be made with the Raspberry Pi and a lot of codes on the Internet that can be made from
Read more

Join the DIY Bitcoin hardware wallet.

-
Image
Join the DIY Bitcoin hardware wallet project DIY: Do It Yourself We are currently developing a DIY hardware Bitcoin wallet.  In terms of financial problems, it is quite useless because this module is more costly than other modules available in the market. However, it is my belief that useless and unnecessary activities can open doors to new culture and interesting stories in this world. Because I have created the hardware wallet myself, it is more difficult to hack than other hardware wallets in stock. In the security industry, it is foolish to say that a certain  module is impossible to hack, therefore I will not use the word impossible because I am not stupid. Security devices available today have defense mechanism only defined within a threat model. The definition of threat model can be found at: https://en.wikipedia.org/wiki/Threat_model . In an external environment, threat model doesn't provide complete security due to its vulnerability. Pe
Read more