End-to-end encryption

Last updated
Simplified illustration of end-to-end encrypted communication between two users End-to-End Encryption.png
Simplified illustration of end-to-end encrypted communication between two users

End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages. [1]

Contents

End-to-end encryption prevents data from being read or secretly modified, except by the true sender and intended recipients. Frequently, the messages are relayed from the sender to the recipients by a service provider. However, messages are encrypted by the sender and no third party, including the service provider, has the means to decrypt them. The recipients retrieve the encrypted messages and decrypt them independently. Since third parties cannot decrypt the data being communicated or stored, services that provide end-to-end encryption are better at protecting user data when they are affected by data breaches. [2] Such services are also unable to share user data with government authorities, domestic or international. [3] [4]

In 2022, the UK's Information Commissioner's Office, the government body responsible for enforcing online data standards, stated that opposition to E2EE was misinformed and the debate too unbalanced, with too little focus on benefits, since E2EE helped keep children safe online and law enforcement access to stored data on servers was "not the only way" to find abusers. [5]

E2EE and privacy

In many non-E2EE messaging systems, including email and many chat networks, messages pass through intermediaries and are stored by a third party service provider, [6] from which they are retrieved by the recipient. Even if the messages are encrypted, they are only encrypted 'in transit', and are thus accessible by the service provider. [7] Server-side disk encryption is also distinct from E2EE because it does not prevent the service provider from viewing the information, as they have the encryption keys and can simply decrypt it.

The lack of end-to-end encryption can allow service providers to easily provide search and other features, or to scan for illegal and unacceptable content.[ citation needed ] However, it also means that content can be read by anyone who has access to the data stored by the service provider, by design or via a backdoor. This can be a concern in many cases where privacy is important, such as in governmental and military communications, financial transactions, and when sensitive information such as health and biometric data are sent. If this content were shared without E2EE, a malicious actor or adversarial government could obtain it through unauthorized access or subpoenas targeted at the service provider. [4]

E2EE alone does not guarantee privacy or security. [8] For example, data may be held unencrypted on the user's own device, or be accessible via their own app, if their login is compromised.

Etymology

The term "end-to-end encryption" originally only meant that the communication is never decrypted during its transport from the sender to the receiver. [9] For example, around 2003, E2EE has been proposed as an additional layer of encryption for GSM [10] or TETRA, [11] in addition to the existing radio encryption protecting the communication between the mobile device and the network infrastructure. This has been standardized by SFPG for TETRA. [12] Note that in TETRA E2EE, the keys are generated by a Key Management Centre (KMC) or a Key Management Facility (KMF), not by the communicating users. [13]

Later, around 2014, the meaning of "end-to-end encryption" started to evolve when WhatsApp encrypted a portion of its network, [14] requiring that not only the communication stays encrypted during transport, [15] but also that the provider of the communication service is not able to decrypt the communications either by having access to the private key, or by having the capability to undetectably inject an adversarial public key as part of a man-in-the-middle attack.[ citation needed ] This new meaning is now the widely accepted one. [16]

Modern usage

As of 2016, [17] typical server-based communications systems do not include end-to-end encryption. [18] These systems can only guarantee the protection of communications between clients and servers, [19] meaning that users have to trust the third parties who are running the servers with the sensitive content. End-to-end encryption is regarded as safer [20] because it reduces the number of parties who might be able to interfere or break the encryption. [21] In the case of instant messaging, users may use a third-party client or plugin to implement an end-to-end encryption scheme over an otherwise non-E2EE protocol. [22]

Some non-E2EE systems, such as Lavabit and Hushmail, have described themselves as offering "end-to-end" encryption when they did not. [23] Other systems, such as Telegram and Google Allo, have been criticized for not enabling end-to-end encryption by default. Telegram did not enable end-to-end encryption by default on VoIP calls while users were using desktop software version, but that problem was fixed quickly. [24] [25] However, as of 2020, Telegram still features no end-to-end encryption by default, no end-to-end encryption for group chats, and no end-to-end encryption for its desktop clients. In 2022, Facebook Messenger came under scrutiny because the messages between a mother and daughter in Nebraska were used to seek criminal charges in an abortion-related case against both of them. The daughter told the police that she had a miscarriage and tried to search for the date of her miscarriage in her Messenger app. Police suspected there could be more information within the messages and obtained and served a warrant against Facebook to gain access. The messages allegedly mentioned the mother obtaining abortion pills for her daughter and then burning the evidence. Facebook expanded default end-to-end encryption in the Messenger app just days later. [26] [27] Writing for Wired, Albert Fox Cahn criticized Messenger's approach to end-to-end encryption, which was not enabled by default, required opt-in for each conversation, and split the message thread into two chats which were easy for the user to confuse. [28]

Some encrypted backup and file sharing services provide client-side encryption. This type of encryption is not referred to as end-to-end encryption because only one end has the ability to decrypt the data. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption. [29]

Challenges

Man-in-the-middle attacks

End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting their public key for the recipient's), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that they share with the actual recipient, or their public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack (MITM). [1] [30]

Authentication

Most end-to-end encryption protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or a web of trust. [31] An alternative technique is to generate cryptographic hashes (fingerprints) based on the communicating users’ public keys or shared secret keys. The parties compare their fingerprints using an outside (out-of-band) communication channel that guarantees integrity and authenticity of communication (but not necessarily secrecy[ citation needed ]), before starting their conversation. If the fingerprints match, there is, in theory, no man in the middle. [1]

When displayed for human inspection, fingerprints usually use some form of binary-to-text encoding [ citation needed ]. [32] These strings are then formatted into groups of characters for readability. Some clients instead display a natural language representation of the fingerprint. [33] As the approach consists of a one-to-one mapping between fingerprint blocks and words, there is no loss in entropy. The protocol may choose to display words in the user's native (system) language. [33] This can, however, make cross-language comparisons prone to errors. [34]

In order to improve localization, some protocols have chosen to display fingerprints as base 10 strings instead of more error prone hexadecimal or natural language strings. [35] [34] An example of the base 10 fingerprint (called safety number in Signal and security code in WhatsApp) would be:

 37345  35585  86758  07668  05805  48714  98975  19432  47272  72741  60915  64451

Other applications such as Telegram, instead, encode fingerprints using emojis.

Modern messaging applications can also display fingerprints as QR codes that users can scan off each other's devices. [35]

Endpoint security

The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves. Each user's computer can still be hacked to steal their cryptographic key (to create a MITM attack) or simply read the recipients’ decrypted messages both in real time and from log files. Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end. [1] Major attempts to increase endpoint security have been to isolate key generation, storage and cryptographic operations to a smart card such as Google's Project Vault. [36] However, since plaintext input and output are still visible to the host system, malware can monitor conversations in real time. A more robust approach is to isolate all sensitive data to a fully air gapped computer. [37] PGP has been recommended by experts for this purpose. [38] However, as Bruce Schneier points out, Stuxnet developed by US and Israel successfully jumped air gap and reached Natanz nuclear plant's network in Iran. [39] To deal with key exfiltration with malware, one approach is to split the Trusted Computing Base behind two unidirectionally connected computers that prevent either insertion of malware, or exfiltration of sensitive data with inserted malware. [40]

Backdoors

A backdoor is usually a secret method of bypassing normal authentication or encryption in a computer system, a product, an embedded device, etc. [41] Companies may also willingly or unwillingly introduce backdoors to their software that help subvert key negotiation or bypass encryption altogether. In 2013, information leaked by Edward Snowden showed that Skype had a backdoor which allowed Microsoft to hand over their users' messages to the NSA despite the fact that those messages were officially end-to-end encrypted. [42] [43]

Following terrorist attacks in San Bernardino in 2015 and Pensacola in 2019, the FBI requested backdoors to Apple's iPhone software. The company, however, refused to create a backdoor for the government, citing concern that such a tool could pose risk for its consumers’ privacy. [44]

Compliance and regulatory requirements for content inspection

While E2EE can offer privacy benefits that make it desirable in consumer-grade services, many businesses have to balance these benefits with their regulatory requirements. For example, many organizations are subject to mandates that require them to be able to decrypt any communication between their employees or between their employees and third parties. [45] This might be needed for archival purposes, for inspection by Data Loss Prevention (DLP) systems, for litigation-related eDiscovery or for detection of malware and other threats in the data streams. For this reason, some enterprise-focused communications and information protection systems might implement encryption in a way that ensures all transmissions are encrypted with the encryption being terminated at their internal systems (on-premises or cloud-based) so they can have access to the information for inspection and processing.

See also

Related Research Articles

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. There are many kinds of public-key cryptosystems, with different security goals, including digital signature, Diffie-Hellman key exchange, public-key key encapsulation, and public-key encryption.

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, where in actuality the attacker has inserted themselves between the two user parties.

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

<span class="mw-page-title-main">Forward secrecy</span> Practice in cryptography

In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised, limiting damage. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys.

Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Wickr is an American software company based in New York City. It is known for its instant messaging application of the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. Wickr was acquired by Amazon Web Services (AWS) in mid-2021. The free version of the app was discontinued in December 2023.

<span class="mw-page-title-main">Threema</span> Instant messaging smartphone service

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email addresses for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

<span class="mw-page-title-main">Tuta (email)</span> Free and open-source end-to-end encrypted email software and host

Tuta, formerly Tutanota, is an end-to-end encrypted email app and a freemium secure email service. The service is advertisement-free; it relies on donations and premium subscriptions. As of June 2023, Tutanota's owners claimed to have over 10 million users of the product. The company announced a transition to 100% renewable electricity in March 2019. This decision coincided with employee participation in Fridays for Future protests. On 1st October 2024, Tuta launched its standalone encrypted calendar app. Tuta Mail has recently integrated post-quantum cryptography features through its new protocol - TutaCrypt replacing standard encryption methods like RSA-2048 and AES-256 for its newly created accounts after March 2024.

<span class="mw-page-title-main">Signal Protocol</span> Non-federated cryptographic protocol

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

<span class="mw-page-title-main">Reception and criticism of WhatsApp security and privacy features</span> Reception and criticism of security and privacy features in the WhatsApp messaging service

This article provides a detailed chronological account of the historical reception and criticism of security and privacy features in the WhatsApp messaging service.

Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

References

  1. 1 2 3 4 Greenberg, Andy (2014-11-25). "Hacker Lexicon: What Is End-to-End Encryption?". WIRED. Archived from the original on 23 December 2015. Retrieved 22 December 2015.
  2. Nellis, Stephen (2023-12-07). "Apple-backed study finds rise in data breaches as iPhone maker defends encryption stance". Reuters.
  3. McLaughlin, Jenna (21 December 2015). "Democratic Debate Spawns Fantasy Talk on Encryption". The Intercept. Archived from the original on 23 December 2015.
  4. 1 2 Weinstein, Gary. "Encryption: The Necessary Tool For U.S. National Security And The Intelligence Community". Forbes. Retrieved 2024-07-26.
  5. "Encryption: UK data watchdog criticises government campaign". BBC News. 21 January 2022.
  6. "Cryptography Concepts – Fundamentals – E3Kit | Virgil Security". developer.virgilsecurity.com. Retrieved 2020-10-30.
  7. Mundhenk, Ben Rothke and David (2009-09-10). "End-to-End Encryption: The PCI Security Holy Grail". CSO Online. Retrieved 2020-11-04.
  8. Meehan, Tom (2021-11-29). "End-to-End Encryption Doesn't Guarantee Internet Privacy". Loss Prevention Media. Retrieved 2022-11-05.
  9. Baran, Paul (1964). "IX. Security, Secrecy, and Tamper-Free Considerations. III. Some Fundamentals of Cryptography". On Distributed Communications. RAND corporation. Archived from the original on 2020-04-07. Retrieved 2020-04-07.
  10. Moldal, L.; Jorgensen, T. (11 February 2003). "End to end encryption in GSM, DECT and satellite networks using NSK200". IEE Seminar Secure GSM and Beyond: End to End Security for Mobile Communications. Vol. 2003. IET. p. 5. doi:10.1049/ic:20030013.
  11. Murgatroyd, Brian (11 February 2003). "End to end encryption in public safety TETRA networks". IEE Seminar Secure GSM and Beyond: End to End Security for Mobile Communications. Vol. 2003. IET. p. 7. doi:10.1049/ic:20030015.
  12. "New chair for the SFPG". 2007.
  13. Morquecho Martinez, Raul Alejandro (31 March 2016). Delivery of encryption keys in TETRA networks (PDF) (Master's Thesis). Aalto University.
  14. "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. ISSN   1059-1028 . Retrieved 2021-03-02.
  15. Mtega, Wulystan Pius (Jan 2021). "Using WhatsApp Messenger for improving learners' engagement in teaching and learning: a case of undergraduate students at the Sokoine University of Agriculture, Tanzania". Library Philosophy and Practice: 1–18. ProQuest   2492709488 via ProQuest.
  16. Lewis, James A., Denise E. Zheng, and William A. Carter. "The effect of encryption on lawful access to communications and data". Rowman & Littlefield.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  17. "A history of end-to-end encryption and the death of PGP". www.cryptologie.net. Retrieved 2020-10-30.
  18. Nabeel, Mohamed (2017-06-23). "The Many Faces of End-to-End Encryption and Their Security Analysis". 2017 IEEE International Conference on Edge Computing (EDGE). IEEE. pp. 252–259. doi:10.1109/ieee.edge.2017.47. ISBN   978-1-5386-2017-5. S2CID   3419988.
  19. "What is End-to-end encryption (E2EE) ?". Geneva Business News | Actualités: Emploi, RH, économie, entreprises, Genève, Suisse. (in French). 2016-02-19. Retrieved 2020-11-05.
  20. Bai, Wei; Pearson, Michael; Kelley, Patrick Gage; Mazurek, Michelle L. (September 2020). "Improving Non-Experts' Understanding of End-to-End Encryption: An Exploratory Study". 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Genoa, Italy: IEEE. pp. 210–219. doi:10.1109/EuroSPW51379.2020.00036. ISBN   978-1-7281-8597-2. S2CID   220524858.
  21. "End-to-End Encryption". EFF Surveillance Self-Defense Guide. Electronic Frontier Foundation. Archived from the original on 5 March 2016. Retrieved 2 February 2016.
  22. "How to: Use OTR for Windows". EEF Surveillance Self-Defence Guide. Electronic Frontier Foundation. Archived from the original on 20 January 2016. Retrieved 2 February 2016.
  23. Grauer, Yael. "Mr. Robot Uses ProtonMail, But It Still Isn't Fully Secure". WIRED. Archived from the original on 2017-03-09.
  24. "Why Telegram's security flaws may put Iran's journalists at risk". Committee to Protect Journalists. 31 May 2016. Archived from the original on 19 August 2016. Retrieved 23 September 2016.
  25. Hackett, Robert (21 May 2016). "Here's Why Privacy Savants Are Blasting Google Allo". Fortune. Time Inc. Archived from the original on 10 September 2016. Retrieved 23 September 2016.
  26. Duffy, Sara O'Brien,Clare (2022-08-10). "Nebraska teen and mother facing charges in abortion-related case that involved obtaining their Facebook messages | CNN Business". CNN. Retrieved 2024-07-26.{{cite web}}: CS1 maint: multiple names: authors list (link)
  27. Duffy, Clare (2022-08-11). "Meta testing expanded encryption features amid renewed scrutiny of messaging data | CNN Business". CNN. Retrieved 2024-07-26.
  28. Cahn, Albert Fox. "Facebook's Message Encryption Was Built to Fail". Wired. ISSN   1059-1028 . Retrieved 2024-07-27.
  29. "Improving Non-Experts' Understanding of End-to-End Encryption: An Exploratory Study". ResearchGate. Retrieved 2020-11-05.
  30. Schneier, Bruce; Ferguson, Niels; Kohno, Tadayoshi (2010). Cryptography engineering : design principles and practical applications . Indianapolis, IN: Wiley Pub., inc. p.  183. ISBN   978-0470474242.
  31. "What is man-in-the-middle attack (MitM)? – Definition from WhatIs.com". IoT Agenda. Archived from the original on 5 January 2016. Retrieved 7 January 2016.
  32. Dechand, Sergej (10–12 August 2016). "An Empirical Study of Textual Key-Fingerprint Representations" (PDF). The Advanced Computing System Association: 1–17.
  33. 1 2 "pEp White Paper" (PDF). pEp Foundation Council. 18 July 2016. Archived (PDF) from the original on 1 October 2016. Retrieved 11 October 2016.
  34. 1 2 Marlinspike, Moxie (5 April 2016). "WhatsApp's Signal Protocol integration is now complete". Open Whisper Systems. Archived from the original on 10 October 2016. Retrieved 11 October 2016.
  35. 1 2 Budington, Bill (7 April 2016). "WhatsApp Rolls Out End-To-End Encryption to its Over One Billion Users". Deeplinks Blog. Electronic Frontier Foundation. Archived from the original on 12 September 2016. Retrieved 11 October 2016.
  36. Julie Bort, Matt Weinberger "Google's Project Vault is a tiny computer for sending secret messages" Archived 2017-08-08 at the Wayback Machine , Business Insider , NYC May 29, 2015
  37. Whonix Wiki "Air Gapped OpenPGP Key" Archived 2017-08-08 at the Wayback Machine
  38. Matthew D. Green (9 Mar 2013). "A Few Thoughts on Cryptographic Engineering". If I really had to trust my life to a piece of software, I would probably use something much less flashy — GnuPG, maybe, running on an isolated computer locked in a basement.
  39. Bruce Schneier "Air Gaps" Archived 2017-06-09 at the Wayback Machine , Schneier on Security , October 11, 2013
  40. "maqp/tfc". GitHub. Archived from the original on 31 March 2017. Retrieved 26 April 2018.
  41. Eckersley, Peter; Portnoy, Erica (8 May 2017). "Intel's Management Engine is a security hazard, and users need a way to disable it". www.eff.org. Archived from the original on 6 March 2018. Retrieved 7 March 2018.
  42. Goodin, Dan (20 May 2013). "Think your Skype messages get end-to-end encryption? Think again". Ars Technica. Archived from the original on 22 December 2015.
  43. Greenwald, Glenn; MacAskill, Ewen; Poitras, Laura; Ackerman, Spencer; Rushe, Dominic (12 July 2013). "Microsoft handed the NSA access to encrypted messages". the Guardian. Archived from the original on 19 November 2015.
  44. Leswing, Kif (2020-01-16). "Apple's fight with Trump and the Justice Department is about more than two iPhones". CNBC. Retrieved 2021-04-16.
  45. "Why GDPR Makes it Urgent to Scan Encrypted Traffic for Data Loss". SonicWall. 28 November 2017.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.