17 Burst results for "Phil Zimmermann"

"phil zimmermann" Discussed on The Tech Guy

The Tech Guy

04:48 min | 2 years ago

"phil zimmermann" Discussed on The Tech Guy

"Get this holiday season. Be be safe out there. I think you know, people do crazy things with their phones. Anyway, they're not really paying attention than the selfie thing. You trying to get that perfect angle. Right. You're trying to get because I took some self in New York. I try to get my wife, and I are trying to get I was trying to get 'cause she was a willing accomplice. But there I was pushing the button a selfie of us with the beautifully lit Empire State building behind us. So no, we didn't stumble into the street while doing it though, I must say, and I got a fairly good selfie out of it. I'm happy to say. All right, something more serious on Thursday. The stralia government passed a law, and it's going to begin a wave of laws like this. Essentially banning encryption or saying that if there is in Christian law enforcement has to have access to the encrypted data, the assistance and access law requires tech companies to help law enforcement agencies break into individuals encrypted data. Using secret warrants the ustralian government can even compel company to serve this said mal wear remotely to the targets device you call it. Now, where the government says, you know, we just wanna put some stuff on there. So we could see what they're up to where. The goal of the law. This is I'm reading from proton mail. We talked last week about proton, which is Swiss encrypted Email service and their post about this the goal of the laws to give police more latitude to investigate criminals will whether it's nothing wrong with that using encrypted communication software. The you know, law enforcement doesn't like that. Because they can't read the messages, unfortunately. And this is me editorializing here when you do this when you put back doors in software when you make it possible for the good guys to get into my iphone? You also make it possible. I'm sad to say for the bad guys to get on my iphone? We have ample evidence of malware spyware created by the NSA, for instance, to spy on, you know, the people we want to spy on terrorists and bad guys. And that malware leaking out. And being used. Well, if you if you've been bit by ransomware in the last couple years, you can thank the NSA for the software that allowed that to spread from computer computer on your on your network. Making possible Pecchia and its derivatives. Thank you say. So it's this is the problem. It. It it endangers the security of everyone who uses online services because it weakens. Their encryption and privacy. Russia's done this. But that's Russia now Australia. I'd had higher hopes for the democracy and Australia. Britain's got an investigatory powers law, which does something of the same. And the the real problem is as spreads. That's going to be harder and harder for companies like apple to encrypt their devices in a way that safe for us because they'll have to have back doors in it for government. So just keep we keep an eye on this stuff because you know, I think it's it's important and just pass pass in the news long. Good news. The government now is is is is added to the list of Russia, I presume it's the same China and China has other ways of doing this. For instance, they compelled apple. You know? And then this is their right every country has its sovereignty and its laws. They said if you want to sell I phones in China the data on Chinese citizens iphones must be stored on Chinese servers. Here's the stuff in parenthesis dot dot dot that that we have access to. So that we can see what's going on not. We apple not we you and me we the Chinese government and apple complied because they want to cell phones in China and apple will, no doubt comply in Australia. And you know that we can sit for all of us which is. Kind of kind of shame. It's not, you know, it's not as dangerous as taking a selfie off a cliff, but it still, you know, something to be aware of I think Christian is is so important the point made to me, and I'll repeat it by Phil Zimmermann, the guy who invented the best to this day..

ustralian government apple China Russia Australia NSA Phil Zimmermann Chinese government New York Pecchia Britain
"phil zimmermann" Discussed on KFI AM 640

KFI AM 640

12:12 min | 2 years ago

"phil zimmermann" Discussed on KFI AM 640

"Places Amazon's fine because there's plenty of plenty of geek, you're on Amazon new egg is another good one about a sponsor. But the place a lotta geeks. Go to buy buy that kind of stuff. So always always welcome. Cash would be fine. Don't buy them a computer unless you really got the specs from them or you call me, I. Foam. Maybe you you can't really go wrong with the phone unless you're geek is a young person and wants an iphone and you give them an Android phone. Although I have to say I I've been took a little time off over the last couple of days and went to New York for some shows. Broadway shows and stuff like to do that once a year and took my pixel. I didn't take a why did you take a good camera? But I didn't really use it because I had the pixel three, and especially that night mode and pixel three that is that is that thing just blows me away the quality of the images you can get with with a smartphone. These days I would say the same is true for any modern smartphone. So. You know, if if you give them a pixel phone or a Samsung galaxy phone and they said, but I want an iphone say, oh, but you'll love the camera. Get them start taking selfies forget completely what they were talking about. What no let's take some more fees, and you see a lot of people taking selfies all the time. It has not that has not gone away. Even though. The selfie death. Toll continues to climb. Did you know there's a selfie death toll? Oh, heck. Yeah. Deaths due to sell fees. There's more than two hundred fifty people worldwide, according to the Washington Post last month more than. Died while taking selfies. This is a study that came out. From the institute All India Institute of Medical Sciences, part of the reason is because selfie related deaths are more prevalent in India than anywhere else. I don't know what that means. But the police in Mumbai you remember it as Bombay perhaps have identified sixteen danger zones. In in Mumbai that you shouldn't go to take to take selfies because they're dangerous. About half of the twenty-seven selfie related deaths in two thousand fifteen occurred in India. There have been at least fifty four deaths total while taking selfies in India. The Indian ministry of tourism has asked states to identify at barricade selfie danger areas. A man drowned attended to save a selfie taker in Mumbai, and that's that was that was tragic. You know, I I would say this is called of me. But if you see somebody fall in due to that selfie. Don't don't risk your own life to save them. No, you have to don't you ethically have to but. You might be thinking of the time. Oh, man. No selfie zones are established in certain areas of the Kuma Maala because I don't know what that is because organizers feared bottlenecks caused by selfie takers, could spark stampedes. Twenty eighteen study of news reports showed the between October twenty eleven November twenty seventeen there were two hundred fifty nine selfie deaths in one hundred thirty seven incidents reported globally. That sounds like maybe there's an average of two selfie deaths per incident. I don't know what that means. You're taking a selfie with another person. And you say step back gets tobacco farther a little far. No, I don't know. Terrible. I shouldn't laugh the highest occurrence India, then Russia, United states and Pakistan. The mean age twenty two point nine years old male deaths. What a surprise outnumbering female three two one. I'm not going there that I come on county. Let's kick it not not going there. You're crazy. Apply up on that rock to take a selfie. So folks, I guess the moral is be safe out there. With your brand new camera phone when you get this holiday season. Be safe out there. I think you know, people do crazy things with their phones. Anyway, they're not really paying attention than the selfie thing. You try to get that perfect angle. Right. You're trying to get because I took some selfish in New York is trying to get my wife, and I are trying to get I was trying to get because she was a willing accomplice. But there I was pushing the button. A selfie of us with the beautifully lit Empire State building behind us. So no, we didn't stumble into the street while doing it though, I must say, and I got a fairly good selfie out of it. I'm happy to say something more serious on Thursday. The government's passed a law, and it's going to begin a wave of laws like this. Essentially banning encryption or saying that if there is encryption law enforcement has to have access to the encrypted data, the assistance and access law requires tech companies to help law enforcement agencies break into individuals encrypted data. Using secret warrants the government can even cappella company to serve this is sad malware remotely to the targets device you call. It malware. The government says, you know, we just wanna put some stuff on there. So we could see what they're up to where. The goal of the law. This is I'm reading from proton mail. We talked last week about proton male, which is a Swiss encrypted Email service, and they're a post about this the goal of the laws to give police more latitude to investigate criminals will well, there's nothing wrong with that using encrypted communications software, the law enforcement doesn't like that. Because they can't read the messages, unfortunately. And this is me editorializing here when you do this when you put back doors in software when you make it possible for the good guys to get into my iphone? You also make it possible. I'm sad to say for the bad guys to get it on my iphone. We have ample evidence of malware spyware created by the NSA, for instance, to spy on, you know, the people we want to spy on terrorists and bad guys. And that malware leaking out. And being used. Well, if you if you've been bit by ransomware in the last couple of years, you could take the NSA for the software that allowed that to spread from computer computer on your on your network. Making possible pitcher and its derivatives. Thank you NSA. So it's this is the problem. It. It it endangers the security of everyone who uses online services because it weakens. Their encryption and privacy. Russia's done this. But that's Russia now Australia. I'd had higher hopes for the democracy and Australia. Britain's got an investigatory powers law, which does something of the same. And the the real problem is as this spreads. It's going to be harder and harder for companies like apple to encrypt their devices in a way that safe for us because they'll have to have back doors in it for government. So just keep you know, we keep an eye on this stuff because you know, I think it's it's important and just passing passing the news along the good news. Yes, trillion government now is is is is added to the list of Russia, I presume it's the same in China. And China has other ways of doing this. For instance, they compelled apple. And this is their right every country has its sovereignty in its laws. They said if you want to sell iphones in China, the data on Chinese citizens iphones must be stored on Chinese servers. Here's the stuff in parenthesis dot dot dot that that we have access to. So that we can see what's going on. Not we apple not we you and me we the Chinese government and apple complied because they want to sell iphones in China. And apple will no doubt comply in Australia. And you know that we can sit for all of us which is. Kind of a kind of a shame. It's not, you know, size dangerous is taking a selfie off a cliff, but it's still something to be aware of. I think encryption is is so important the point made to me, and I I'll repeat it by Phil Zimmermann, the guy who invented the best to this day. Email encryption PGP many years ago almost two decades ago, he said, it's not as if technology hasn't given law enforcement amazing abilities to see what's going on. There's cameras on every corner. Your phone is a tracking device with GPS and a microphone and camera. There's lots of there's lots of ways law enforcement, he says today has an HD screen to what's going on in the world. It's just that. There are a few black dots on a few areas. They can't see into and they don't like it. They wanna perfect screen. The problem. I see is. Yeah. I want bad guys to be caught. I'm not a fan of international terrorism. I'm not saying that, but but if but if you if you make it possible for these. Loans to be unencrypted. It won't just be terrorists phones. It will end up getting unencrypted. It'll be all of our phones. And it won't always be by law enforcement will be just as often I think by bad guys. And that's the real that. It makes us all less secure in general. And that isn't the that's not the outcome. Anybody wants? It's funny even within. Even within the NSA. The the agency is is divided some between those who say, yeah, we've gotta have ways and means to get into that guy's devices and encryption and the other side, which which which miss you whose mission is to protect Americans. And who right long and very good papers on how to secure your devices. They understand the risk. It's a interesting conflict even within the agency. We'll see we'll we'll see what happens with that. We got. I have so many other things I wanna talk about. But we, and we will I promise, but we need to get ready to get your call. So I'm gonna I'm gonna get the phone angel. To work. She's going to start answering those calls eighty eight eighty eight ask Leo if you want to give us a jingle love to hear from me, eighty eight eight ask Leo, and I also wanna talk to you a little bit about our sponsor remote PC. The folks who make it possible for us to remote safely, by the way. I might add safely and securely remotely access our computer from anywhere on anything. So to give you an example, you can use remote PC to access a MAC from a windows machine or access windows machine from amac even access a windows or MAC machine amazingly enough. From a mobile device from your phone from your tablet. That's pretty cool remote PC is fast. It's secure it's efficient, and it's very very affordable. That's why small businesses use it. It's a great way to access devices remotely, let's say you leave a report at work. And. And you go to work go home, and you want to work on it. And you can't get you. Don't want to drive back to work remote..

India apple Mumbai NSA China Russia New York Australia Amazon Samsung All India Institute of Medical Washington Post Leo Phil Zimmermann Indian ministry of tourism
"phil zimmermann" Discussed on This Week In Google

This Week In Google

03:02 min | 3 years ago

"phil zimmermann" Discussed on This Week In Google

"So this is what we're talking about we're talking about zero rating is that at and t which is acquired time warner is now going to make a bunch of time warner stuff free on at and t wireless which is why comcast wants and a league fuck and why would that be a bad thing because said well that's great it's free will because then you are this is picking wizards this is exactly what everyone was talking about when that neutrality i became a debate this is the future where the carrier or the cable company that you choose determines what content you get because it's free yeah well the the other way to put the problem is it's fine if you have at and t but if you have verizon or t mobile maybe you can't get it maybe it'll be really expensive there and so it's a it's a fencing of content maybe that appeals to consider as i don't know it's a real hard message across yeah i mean if you're eighteen t customer you go great now i can watch hbo for free no not inch pr cnn amc cartoon network tbs tnt all the time warner stuff has been around forever though you know just remember you phone you couldn't get it unless you're using at and t is really really bad service back in the days yeah oh yeah but that like news in i i'm just i think zero rating is a slippery slope you could argue that the reason the iphone is so dominating the united states i mean it helped at and t and help the iphone didn't it it did and i think you can very much argue that if a phone doesn't get carrier support like phil zimmermann's black phone it's dead in the water and when xiaomi had a phone that they thought they had at and t and verizon all signed up for and then the federal government lay you know put pressure on carriers auto carry those chinese phones so eighteen teen verizon dropped them and it and prick practically put xiaomi at a business it certainly did business in the us so yeah these are i don't think it's good for consumers competition is good for consumers but it's hard to explain why saving you money is a bad thing it really is and but i think if you if you explain to people how you know right and social great net protects d zero rated for you but what if something comes along it's better than it's an opportunity nobody understands opportunity and talking about something imaginary the next round what is that i don't know i like net flicks i'm happy to get it for free when i need a new networks human being amazon brand buster story that's a fascinating story because it's really actually related because amazon can come in and because it has mechanism.

warner verizon hbo united states phil zimmermann xiaomi federal government amazon comcast
"phil zimmermann" Discussed on Triangulation

Triangulation

04:44 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"That takes a lot of time it's a small company you know this is not a massive engineering team so it takes time and that's when i'm waiting for was still in other words we still at right now in four jobs right now i you know i am at the technical university of delft right i also worked for kpn the phone company in the netherlands our time these are all part time things a work also part time for start page and i also worked for a swiss company so actually have four jobs don't have time to time shoes i'm just thrilled just working on this new thing and we're going to do some things on the server and something's on the client and the client in the browser and we're also going to do some things in a hardware secure on that's on the server and that hardware secure enclave is going to contain private keys that are out of reach of the rest of the server even if you have colonel privileges you still i like that so that mitigates some of the a lot of the voter abilities right and and so that's that's an interesting approach the other thing that's happening right now is at the end of this month this is june of twenty eighteen that we're having this conversation there's going to be a meeting germany organized by bsi that's a german government agency that protects german communications it's kind of like the nsa's information assurance directorate except a totally separate agency and their job is to protect german government communications german civilian communications also and they're calling a meeting to try to figure out how to bring peachy p uptodate open the impeaching standard up to date it's a you know it's a very old protocol and it needs to be brought up to you know handle current threat models so that'll be an interesting meeting and i the the guy who wrote new privacy guard burner coal he'll be there and the guys who also did that e fail of older bility attack that was actually very clever attack they're going to be there to and everybody wants to see some improvements in the protocol and i like to point out this this of owner ability that this was about a month ago i guess that just came out it's not a bowler ability in the in the open peachy b protocol it's voter bility in the email clients that use it it's html email damn you yeah yeah it's e mail an email client is very has a huge attack surface in fact email has a huge attack surface it's it's horrible it's not a leading christian than that you have to worry about it's also just like opening attach schmidt's somebody sends you a pdf file and you open it you could lose a presidential election you know really john podesta boom boom yeah so let's talk a little bit we're going to wrap it up you know this morning right before the interview the us supreme court kind of shocked me by ruling that law enforcement should not have access to cell phone location information without a warrant without probable cause eliminating a massive market itself location information selling it to law enforcement i'm sure at and t and verizon and t mobile all pissed off but doing a lot to protect our privacy we've seen law enforcement the fbi complain again and again that they're going dark that encryption tools like ours have given them less access to criminal activity but on the other hand there's there is a law called zimmerman's law that is technology increases the ability to surveilled will increase which is well yeah there is so much it's the golden age of surveillance there's surveillance everywhere there is cameras on the streets i mean you see this in london also in china where you have millions of cameras on every street corner you know looking at people walking by.

"phil zimmermann" Discussed on Triangulation

Triangulation

05:01 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"The same you upload your keith server later you can download it again to see if they're giving everyone the same key and if they give it to you you can verify that it's the same either giving everyone else you can check on them and that's but that's not really deployed that's something that is still under development and so but if they can make that work then it could reduce the cognitive burden you can be reasonably sure that you've got the right public key without having to have a grassroots trust model where everybody has to be sufficiently sophisticated to sign other people's keys and so if they do that that will probably increase the network effect a lot and with that then you can finally see the numbers really take off i think today there's probably only a few million people in the world that use peaching p compare that with say what's out which has also encrypted messages but they have like one point five billion people yeah i guess that's the good news is that good enough guess would be the phrase i would use good enough privacy is is now become very there is a lot to be said for for good enough i mean yeah messages to other example i mean they they use cryptography it's not trust no one in i mean you need to have really good really strong crypto for certain kinds of threat models if you're if you're journalists trying to operate in a war zone and your your communications are intercepted then it's crucial that you use really strong crypto your keys are managed in a very careful way you know then you need really good stuff but if you're you know if you're just comparing sending unencrypted may i with sending mail through teela tunnel then it's better to do the til tunnel you know at least you got something there right so let's the challenge of a web mail based crypto system is multi fairies try four with hush mail as i mentioned there's the swissbased protein hush mail ahead of problem at the beginning downloading java applets this was back about around two thousand one maybe something like that yeah and maybe it was two thousand anyway they they downloaded the java applet in your browser it's kind of like what they do now with java script except it was java right that was back before everybody stopped using java but it would take a long time to download this java scrip a java athletes and in two thousand you know not everybody had brought so everybody had modems and it would take a long time download through the modem this big java athlete was message of app no but you had to like log into the website and then you had to download this massive john athlete and customers complained about it and so what they wanted was something much faster so hush mail you know relented they you know they were purist they wanted to do it right on the on the browser server right so they said okay well then for customers at really insist will will make service where we'll do it all on the server and you just type in your pass phrase that's same they'll go through ssl yeah and and then you know and then people were happier with that sure that's gone up and then and then over the years they stopped supporting the java athlete because nobody cared right and so today they just do it all in the server you know and you know you sort of have to do what the customer's demand i guess but how how is start mail house star mill doing well you know start meal start mail is this product that they have right now from start page but they're replacing it with a new generation product and that's the one that i'm helping them with so that that the one that the one that they have now is all on the server but the one that they're working on is going to be on take a kind of a hybrid approach so tell me about that tell me tell me how 'cause i mean we sh you've been doing this a long time now twenty years more than twenty years twenty five yes so you presumably we've come we've we've improved interested and we've got better ways of doing this what's the current i'm waiting for them to get to a certain point in the development of new generation product and and then and then they have to do some extra things that i want them to do but that's you know.

keith twenty years mill
"phil zimmermann" Discussed on Triangulation

Triangulation

04:57 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"Problem and and the rest of their product was pretty much the same as every other product we his problem they salt it yeah that's right and so in so sometimes you have some problem that stands in the way of of that whole industry and and if somebody can just saw that one little problem one big problem that means their product takes over and that's what happened with skype long ago and that's also would happen would signal day saw a different problem this was the problem of how do you make it so that you can do this when alice and bob are not online at the same time they solve that problem and they did it very well and still has forward secrecy and you know things like that so they they did a good job in the protocol and and so they were so now they're down they're protocol is widely used right and i used it myself in i use something similar to their protocol we did our own offers of so let's talk about start mail because the there's another problem the usability problem ideally any any privacy solution should be simple for the user to implement you've got this issue you don't have to exchange symmetric keys anymore but you've got this issue of getting the other guy to use it i guess in a way the fact that open pg exists is is a good start that that's part of the you know it was hard to which networked peachy p because there was a high cognitive burden yes from the beginning from you know from the early nineties there was a high cognitive burn to using peaching p you had to understand something about trust models how do you get your keys signed by other people in white why do you care about that why is that important you that kind of a chain of trust and people would have key signing parties and i trust you trust this guy so we i can trust this guy in that kind of if you ever wanted to see a critical mass of kiki go to a pg signing party you've never seen anything as kiki is that what fun but this is not the kind of thing that your mom is likely to embrace you know in so if you wanna have something that your mom can use need something with the lower cognitive burden yes and that was pgp's achilles heel and i mean you know the competing protocol at the time was esmine but it it had a different obstacle is it also had a high cognitive burden of a different sort in that someone had to create a public he infrastructure they had to put a certificate authority who signed everybody's keys and you had to have that installed and implemented and everybody had to have their own key signed by some organizational key and and that was just too difficult for people and so even though s y was widely deployed it was in bedded in microsoft products no one used it and so pgp was able to else compete s mime even though you had to go find peachy p somewhere and install yourself right it was easier you could make it work right out of the box except for the fact that you had to his keys signed by someone and you had also sign other keys may be and so it was cognitively complex to to use peaching p s mine was just too hard to you was like a step function of difficulty and so no one used that even though it was widely deployed it was kind of statically deployed it was there but no i'm turned it on you know there is there are ways to do i use esmine manappl because it doesn't support peachy peon ios natively but there are third party mail apps canary meals one that leaves to mind that that support peachy g p but none of them have solved this cognitive burden you still have to create a key and all of that so so i mean there have been a lot of discussion about trying to find another way to have key certified for peach involving something similar to a concept called certificate transparency that it was seen come about in recent years there is there's a couple of projects that are trying to do this they it involves i don't know what kind of audience you have for this show sophisticated yes so it involves myrtle trees and it involves ways of making sure that when you download your public from a server.

"phil zimmermann" Discussed on Triangulation

Triangulation

04:48 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"Have a free version to achieve network effect because network affect is table stakes in this game you bet no you have to have network effects it's i mean you don't need network affect for other kinds of products if you were doing you know if you were doing a spreadsheet or word processor or a game you know you don't need network effect unless it was a multiple player game but a secure communications product it's communications you have to have network effect and so so the look at what became so so successful they they gave it away for free and then after they had some millions of users they up sold with selling minutes to call make phone calls on normal phone lines you know they called it skype out and was calling out to the public switched telephone network and so you but you can only make money at that if you have a large population of users to start with and if you just figure that only a small percentage of them will purchase these ps ten minutes than well if if it's a small percentage of you know one hundred million users than he'll still make a lot of money but if you don't get that network effect you can't do that you know that revenue opportunity just isn't there for you so if you wanna make money you have to give it away free to which evening effect and then you can up sell them by selling them minutes right you know scaife out or something like that or maybe business features there are some features you can put in the product that consumers don't care about that that enterprise customers do care about so you could sell those features you so that would have been a better strategy for us we didn't do that the other fatal mistake that we made was building the platform it's capital intensive to build a smartphone or any hardware product difficult business and you know you have to purchase parts or building you know hundred thousand phones and if you don't sell one hundred thousand phones you're kind of screwed but so the lesson of black phone was you need to the if the i i think you said earlier the phone is a good device for this kind of communication oh yeah i mean you know smartphones are a way of implementing sophisticated encryption software in a portable way that you can walk around make secure calls any anywhere you happen to be circle on ot are right no no okay no we we're using something pretty similar to the sigma protocol okay do you like tr is that i think the signal protocols also based on tr there no it's not on misunderstood that okay now there were other protocols that do encrypted text messages but they were designed in an era where you had desktop computers and they were always plugged in they always had power they were always online they had uninterruptible power supplies the router had uninterruptible power supplies everything was always they're always online so if you had a protocol that required a couple around trips to negotiate the cryptographic keys that was okay because alison bob or both on line at the same time and they can do that back and forth to make it happen but which smartphones you're walking around with a device that you know you're on an airplane you have it turned off because you don't want it on when you're sleeping or something and whatever it is you're just out of coverage on a train i'm going between cell towers and and and you can't maintain the steady connection that you could with a desktop computer and so these protocols like tr in other and and text messaging protocols were designed from an era before smartphones and what and what was particularly clever about the signal protocol was that it solved the problem of what happens when alison bothering online at the same time they came up with a way of solving that one that one single problem and and that's why became successful right in fact skype they saw a different problem that made them successful they solve the problem of network address translation which is this thing about right the idea dress naturally the natural.

ten minutes
"phil zimmermann" Discussed on Triangulation

Triangulation

03:39 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"Think they do but i don't want to it's it's not my place to criticize how they do things on open protocol either so yeah i always thought not correct me if i'm wrong if cryp does not open you shouldn't use it because we'll yeah i always told people that should not use crypto product if they don't publish the source code right and and so inflow anyone that i'm working with helping them write their own crypto product always urge them to publish their source code and even a step farther if you can't compile the source code and run it yourself because it's one thing for them to publish code but who's going to do that no i understand somebody with really a dire need i think that it's not likely that you're going to do that but on the other hand you could sleep at night knowing that others could exactly i'm not going to review the source code in no it's secure i can't see a back door but the fact that it's published when i first published pg p it was small enough that someone could sit down and review it over the years code bloat came along and just it's it became so huge that it becomes so difficult for someone to take the time and human resources who don't you trust phil we'll we'll stipulate that you should be open source so that you can review the coach somebody can review the code make sure there's no back doors but even if it's open source we've seen very poorly implemented crypto so it needs to be widely reviewed by real crypto experts well that's right you know there's things i mean there you know there's a t l s protocol stack called openness salve it was used for many years and and had you know there's been a couple of holes that come up some of them are spectacularly awful and that comes from the fact that you know people just don't invest the time it takes significant engineering resources to do a code review so cost a lot of money to get true crypt audited do you trust signal and and moxie marlin spike is their code clean and good well i believe that they strongly believe in the right to privacy and they do publish their source code right and so i tend to to to trust their crypto and then as you mentioned you did silent circle which had the black phone and then has a messaging protocol you're no longer with them though no i left more than a year ago silent circle when when i i was a co founder of silent circle and when we first started the company we made a decision early on that i think was a fatal decision which was to charge money for every subscriber was ten bucks a month right and and so that killed the network affect with ten dollars a month we never got more than a tiny number of users you know maybe charging business well what you could do in what i what i urge them to do was to.

ten dollars
"phil zimmermann" Discussed on Triangulation

Triangulation

02:34 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"How i feel when i'm trying to read these these academic papers describing albee's post quantum algorithms work but even if i don't if i if i can't keep up with the math i can take these algorithms and plug them into protocols effectively and you have to choose carefully to find the right combinations of things to you know to make to to update these widely used protocols that we've all been using for many years and just place the the the the classic public key algorithms with new ones that are able to stand quantum computers we're talking to phil zimmerman who teaches this stuff at delft university he's also internet hall of famer the creator pretty good privacy which is the most widely used email encryption software in the world and he's done a lot to protect our privacy we're going to have more with phil in just a bit i wanna talk to you about today about what we're doing today and how we can do this better and i'm really interested in the idea it's sort of the holy grail of incorporating privacy into our daytoday email without the hassle of installing which personally i i don't think a big hassle had a pg peaky since i think since i interviewed you in in two thousand three but it but i'm the only you know i i send out all my mail is signed and and i'm i baby once a month i get an email from somebody saying just seeing if my pgp implementations working and i'll say yes it is and i have maybe seven four five hundred keys in my chain but do we ever exchange encrypted email no because it's hard so how can we make this one of the difficulties is that you don't have a pg client that runs on you know your smartphone i carry a smartphone around and i you know and i also use ipad tablet and i use mac os i'm kind of apple guy and although i can run something similar to pgp on my mac os i can run privacy guard i cannot run it on my iphone or my ipad right it just doesn't work signing in apple mail but not these are these are really i want to spend some time with us that we need to.

albee delft university phil zimmerman apple
"phil zimmermann" Discussed on Triangulation

Triangulation

04:41 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"Important math sure problems for us he'll evil to who simulations and forecasts they can do chemistry simulations and weather and and you know find new pharmaceuticals and simulate what happens inside living cells and things like that and so there's a lot of benefits the you know cure diseases find port new drugs and stuff like that so the benefits take humanity will be manifold however there is one profession in the world that is sweating bullets over it and that's krypton prefers is there nothing on rising that i mean it was a big deal when we discovered was invented was a huge deal there there is what we have to do is see all key cryptography is based on math problems that are easy to calculate in one direction but terry difficult to calculate in the opposite direction right and i mean for example if you take two large prime numbers multiply them together you can do that really really fast but if you wanna take the composite number that's the product of the two primes and factor it back into the two primes again takes the age of the universe to do it if these teams are very big primes which we use very big primes you know to to do crypto that we want to deploy the real world and in the same as true for these other like tiffy helmand there is a different math problem but what we need to do is to find some new math problems that are not so easy to break by quantum computers in there are some and we've found you know we've found several important new math problems that are easy to calculate one direction but hard to calculate in the reverse direction even if you have a quantum computer is still can't do it fast in the opposite direction and and that's what everybody's working on now so there's some based on lattices some based on coding theory some based on something called sajjan he's and so there's a whole bunch of candidate algorithms that note missed his doubt and has a project view project running it's a competition just like we saw with the es the advanced encryption standard the shot three competition now they're having a competition about algorithms for the post quantum era you know the that that you know the aira of quantum computers the aero where your opponent has a quantum computer you know you have to develop public y'all rhythms that are strong enough to withstand an attack from an adversary that's equipped with the point of computer and that isn't here yet we don't have we do have the algorithms that we think we can make work there but the quantum computers aren't here yet there may be a decade away but that future time the you know the post quantum era that's we call these algorithms post quantum cryptography we can run the algorithms now on a normal computer it's not that you don't you don't need a quantum computer to run these algorithms the idea is to have public our them's that you can run on your on your smartphone or your laptop or your server whatever it is and that they can encrypt things in a way that quantum computers can't break and that's what everybody's working on now not everybody but you know a lot of people and so i'm kind of evaluating our them's to put them into protocols like open peachy p that's over let's other things to a little bit handicap because the math is so much harder i mean i understand the math of arce and i understand the mouth that if helmand but i do not and maybe i have to struggle bit with elliptic curves but you know i can get it if i keep plugging away at it but i've tried reading some of the papers for these post quantum algorithms and boy is it hard i i find that i just can't can't keep up with the math fill up my favorite quote from clint eastwood is he said a man's got to know his limitations yeah and so that's.

"phil zimmermann" Discussed on Triangulation

Triangulation

04:58 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"That one of the things made me is i've i found found darkly humorous about the nsa is that they really have two missions one is to spy on us and the other is to protect us from being spied upon by everybody but the nsa that's right they the nsa has the part of the nsa has the bigger budget is the part that spies on us right and you know they do the you know they intercept vast amounts of of communication and they have incredible cryptanalytic capabilities and lots of computing resources and lots of mathematicians and engineers and scientists working hard on being able to break things but there's also a part of nsa called the information assurance directorate whose job is is to protect american communications per government diplomatic military use and also the civilian sector and the ad the information assurance directorate they're more like what you might find in private industry companies that that build products to protect things and i you know i worked with the idea that they're the ones that that supervise the advanced encryption standard that they didn't really they supervise it to the extent that they sent a representative who stood by with his hands of his pockets while well all the cryptographer is from all these different countries competed with each other in demolition derby i think he probably have recording devices as well well i know who he was he was brian snows an old friend of mine entire for many years but brian told me that his job was just make sure they didn't pick anything stupid which was a risk because some of the some of these submissions were in fact stupid right but but it wasn't that much of a risk because all these very competent talkers who submitted their own smart designs work engaging in a very cutthroat demolition derby so that has a very darwinian affect in so the stupid wednesday fast good but anyway but just a few know before brian retired many years ago he said that he wished that the information assurance directorate could break off from the rest of the say so that would have a report of the different commands because he felt that they could be more independent they're somewhat conflicting missions yeah yeah and so what what happened is that just a few months ago they the was absorbed back into the amnesties the rest of the nsa so now you don't have a separate i it wasn't separate to begin with but it but it was kind of self contained inside of say but now it's been absorbed so i i don't think that was going the direction that brian was hoping for yeah so back to quantum computing so the nsa considers it a legitimate threat that means we should be aware of it why is this an issue well i it's an issue because it breaks public key cryptography especially to force the primary factoring that all the all the all the modern you know public crypto systems that we have deployed all over the internet today where you do all your online banking ecommerce and you know peachy p or or all the other crypto utilities that we that we use stay today on the internet they're all based on public yager themselves are based on a couple of different math problems that are kind of related one is discrete logarithms and the other is factoring in fact discrete logarithms and factoring are kind of related in that if you could if you could factor fast you can also compute discrete logarithms fast so dizzy hellman in elliptic curves are based on discrete logger them the discreet lawn problem and our ceos is based on the sanctuary problem right so a quantum computers can break either of those two math problems which can if you could actually build a real quantum computer then then it will be able to cut through those algorithms like a hot knife through butter it's it's not the current computers can't it's that they take a very very long time that's right so in the age of the universe computers it's kind kind of of an an issue issue but quantum computing is potentially so much faster that it could do it in a matter of human scale days or weeks or we're like ten seconds yeah a little bit safer with the with liquid there are a lot of benefits to quantum computers will be able to solve a lot of.

ten seconds
"phil zimmermann" Discussed on Triangulation

Triangulation

04:38 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"To protect your private keys and you need hardware systems to do that so that's what i'm trying to work on sandra hybrid approach involving the the server and the client in the browser also hardware secure enclave on server how about protocols us trip what triple dez blowfish and our essay in the early i never use blowfish you never know triple and and then later used to fish to pitches a good cipher eight eight yes eight yes is you know to fish was part of the ats competition and eight yes was the winner of the competition late nineties was a belgian cypher koran doll and so those are all very strong ciphers and then there's hash out rhythms hash functions ah turns out it's much harder than we thought to make good hash functions and lots of rainbow table attacks and things like that well it's it's not just rainbow table attacks were we you know back many years ago we found that you could find two messages that has to the same right hash and and so this resulted in nist creating another competition called the secure hash algorithm show three competition and they had to find a new strong hash which they did and and so has improved because of that hashes used in peach ep well we use them mostly for digital signatures but we also used them for reducing the pass phrase that type type in your pass phrase and it reduces that into a key to be used to decrypt either encrypting messages decrypted in your private key which then used to kripa such as or but but you know hash out rhythms us per signatures also right so just i'm sure anybody who is why are used for a lot of things very credibly versatile oh yeah in fact in fact if if i if you force me to design a crypto system where i wasn't even allowed to use a block cipher i could probably get the job done using just a hash office interesting yeah well yeah maybe so i mean i still use i still use shot to her shot to fifty six allot because of legacy burdens it's been deprecated not because it's been cracked but just because the presumption is computing power is going to continue to increase to the point where it will be vulnerable i don't think that anybody thinks that we're going to really the we're not going to we're not going to break sean to fifty six schaaf i twelve by some exhaustive calculation but we should be using show three and we do and some of the candidates that were part of the shot three competition and but the the big storm brewing on the horizon that everybody is worried about in the crypto world is quantum computers yes in in some years of the future on abia decade from now there will be computers that are quantum computers which are which are you know magically fast magic is a guard here because from current technology to a working that's right they are they are they are crazy crazily capable if we ever build them some years ago i didn't think we were ever going to build quantum computers i didn't really take them seriously three or four years ago but then nist in an nsa both issued warnings that we'd all better get ready for quantum computers and if nsa tells you get ready for quantum computers than you'd better take that seriously because you know it's the nsa's job is to secretly build quantum computers all of our communication right so if they tell you that hey you better batten down the hatches and get ready for quantum computers than all my god you'd better do.

four years
"phil zimmermann" Discussed on Triangulation

Triangulation

05:33 min | 3 years ago

"phil zimmermann" Discussed on Triangulation

"Proton mail i'm still old school these days i'm working with a company here in in the netherlands called start page they have a product called it was called start meal but i think they're changing it to start page mail and and they're working on a new generation of that product and i'm helping him with them can you you know i'm i'm old school i use canoe privacy guard install it i download the keys i generate keys on a local system i do share the key publicly with a open source company called key base key based i o and they use actually that's interesting how they use pgp because they use it also i mean it's it for a lot of other things including secure get secure funders they're they're using it in creative ways yeah they now do chat messaging secured by pgp and they have exploding messages which i really like with perfect forward secrecy so they're they're doing some really interesting stuff but i have to commend you because pgp was really the first publicly available easily relatively installed open version of public crypto you made it possible for everybody to use public crypto and and you've got to feel pretty good regardless of the financial you know remember muna rations you got a pretty good about the legacy that you've left yeah yeah back in nineteen ninetyone it was not really feasible for anyone to communicate securely nation states could because they can afford to hire somebody to carry keys in a reef case on an airplane to some foreign embassy or their embassy in a foreign country and distributors that way but ordinary people could not and pgp made it possible for the first time for ordinary people to indicate over long distances without without their stuff being intercepted and it's volved well i mean it's there are people now using elliptic curbed crypto with pgp are you there there have been recently to fairly significant flaws in the open pgp implementation both of which have been corrected but it is it is stood the test of time i would say i use ninetysix pick he's just to keep up with modern computing that's changed yeah but it still works that's right yeah well you know the threat model was very different pack then at that time you know you attach your computer to the internet only once in a while you would dial into pick up your email from a mail server with the modem and then after you've downloaded your bail uploaded your mail you hang up the call and now your computer is once again isolated or it spends ninety nine percent of its time i saluted the world has changed so much now we're online all the time at that time there was not so much of a threat of someone reaching in from remotely reaching into your your desktop computer and exfiltrated your peachy p keys i mean i did allow for the possibility that you're pgp keys could be stolen encrypted them with a pass phrase as the key but but that threat just didn't seem to be very likely scenario today your keys are sitting on your on your laptop for years at a time anytime during that period somebody could inject malware into your computer through maybe you're opening a pdf file or or visiting a website that attacks through your web browser and and then they they inject malware into your computer the malware escalates privileges to you know be able to access anything they want and they can exfiltrated your keys in so protecting your pgp keys today is a lot harder than it was twenty five years ago and so if you wanna more secure execution environment you're better off with a smartphone because his fan boxing that protects the protects applications from each other and protects you know let's say you had secure communications product like signal or silent phone or what's even what's up i knew i although as one might have thought who's in jail right yeah he so stick with they have to be really careful it is hard to write good yes in secure communication software you have to think of everything if you decrypt the message is in display them on the display then they're sitting in memory in plain text form and and they're also stored in the in the longer term storage of that application in if that gets backed up to a.

ninety nine percent twenty five years
"phil zimmermann" Discussed on The Personal Computer Radio Show

The Personal Computer Radio Show

03:32 min | 3 years ago

"phil zimmermann" Discussed on The Personal Computer Radio Show

"Called true quip at laka and many others while it is necessary to change the open pgp esmine standards the fix these vulnerabilities some clients had even more severe implementation flaws along straightforward exfiltration of the plane tech's phil zimmermann noted that although the issues serious has to do more with buggy clients at the host then with open pgp some email clients failed to use the encryption protocols native features to stymie the kind of attack described by researches this from checking that goes on in pg p but if the email client we accident delivered by pgp that's something has been hampered with than everything will be okay but if the client ignores that information then you get this vulnerability apache address the floor already has been made for the thunder bird email client but not yet for apple mail the patch dodging close the motor billy it just makes it impossible to spoiled it on client emails sent from client still exploit able it fixers the receiving end of the vulnerability with it doesn't fix the underlying vulnerabilities in the protocol which remains when that underlying problem is fixed it likely won't be back with compatible since only small percentage of email uses employ a pgp or esmine client the threat the floor poses or uses isn't as a severe as could be however it is extremely severe for the vulnerable users and the correspondence as this threat office away for an attacker to access clear tech content of communication meant to be secure of the more than three billion email users in the world only tens of millions us pgp mail those that use it however people like journalists system administrators at big companies so the type of information is sent via pgp is usually the most sensitive in needs to be secure adding to the severity of the tack is it's ability to access pass emails the victims mail client can be used as a tool the decrypt old emails that have been sent or receive and that's pretty pretty bad that's pretty severe for users concerned about the security of their pgp or esmine email clients while stop using the horrible email clients to decrypt emails use a standalone application disable html rendering an automatic remote content in your email client this will block the back channel communication mechanism used by the floor to infiltrate eight clear text data look for updates it is expected that vendors will issue patches to correct some of the flows exposed by the researches this was a few weeks ago what it is worth repeating this a website www dot have been pw any d dot com you enter your email address and it will determine what dog web group may have your email address you can also enter your password the entry itself is encrypted and it will check to see if the password is in the library stored in the dark web if it exists in the dark web changed the password and make sure it is unique the doc webb has this massive library passwords that is used.

"phil zimmermann" Discussed on Daily Tech News Show

Daily Tech News Show

02:02 min | 3 years ago

"phil zimmermann" Discussed on Daily Tech News Show

"Thread repor amd says it will still fit in the same motherboard socket it'll be built on a twelve nanometer process and available in q three amd also demonstrated the first seven nanometer g you that will be part of amd's instinct line of chips instinct is meant for machine learning though the new chip will make its way into radian gaming cards as well amdi did not announce any other specs but it was shown with thirty two gigabytes of high bandwidth memory samples of the seven nanometer gp or going out now and amd expected in products by the end of the year well novo announced the modular z three play phone in brazil wednesday it has a six inch twenty one sixty by ten eighty eighteen nine aspect ratio screen with the fingerprint reader on the side z three play we'll sell bundled with either a speaker module or a battery module for four hundred ninety nine dollars starting this summer apples air pods will get support for live listen when it arrives in ios twelve live listen is designed to work with made for iphone hearing aids streams microphone audio from the phone to the hearing aid to aid comprehension and it will now do so with the air pods as well amazon echo and echo dot will begin shipping to customers in france starting june eleventh the echo spot will follow in july amazon says it built the experience from the ground up just for france prices will be temporarily discounted at launch reuters sources say z t has reached an agreement to lift the us ban on buying from us suppliers which has caused z t e to cease major operations the deal supposedly includes a billion dollar fine plus four hundred million dollars in escrow to cover any future violations the us commerce department says no definitive agreement has yet been signed phil zimmermann creator of pgp encryption has joined start page dot com to work on product and crypto start page offers a privacy focused search engine and email service uber will launch its jump electric bicycle sharing service in berlin by the end of summer ceo derek does russia he announced the launch in berlin saying hooper wants quote too.

brazil russia berlin phil zimmermann us commerce department us amd novo hooper derek ceo reuters amazon france seven nanometer four hundred ninety nine dolla
"phil zimmermann" Discussed on Daily Tech Headlines

Daily Tech Headlines

02:02 min | 3 years ago

"phil zimmermann" Discussed on Daily Tech Headlines

"Thread repor amd says it will still fit in the same motherboard socket it'll be built on a twelve nanometer process and available in q three amd also demonstrated the first seven nanometer g you that will be part of amd's instinct line of chips instinct is meant for machine learning though the new chip will make its way into radian gaming cards as well amdi did not announce any other specs but it was shown with thirty two gigabytes of high bandwidth memory samples of the seven nanometer gp or going out now and amd expected in products by the end of the year well novo announced the modular z three play phone in brazil wednesday it has a six inch twenty one sixty by ten eighty eighteen nine aspect ratio screen with the fingerprint reader on the side z three play we'll sell bundled with either a speaker module or a battery module for four hundred ninety nine dollars starting this summer apples air pods will get support for live listen when it arrives in ios twelve live listen is designed to work with made for iphone hearing aids streams microphone audio from the phone to the hearing aid to aid comprehension and it will now do so with the air pods as well amazon echo and echo dot will begin shipping to customers in france starting june eleventh the echo spot will follow in july amazon says it built the experience from the ground up just for france prices will be temporarily discounted at launch reuters sources say z t has reached an agreement to lift the us ban on buying from us suppliers which has caused z t e to cease major operations the deal supposedly includes a billion dollar fine plus four hundred million dollars in escrow to cover any future violations the us commerce department says no definitive agreement has yet been signed phil zimmermann creator of pgp encryption has joined start page dot com to work on product and crypto start page offers a privacy focused search engine and email service uber will launch its jump electric bicycle sharing service in berlin by the end of summer ceo derek does russia he announced the launch in berlin saying hooper wants quote too.

brazil russia berlin phil zimmermann us commerce department us amd novo hooper derek ceo reuters amazon france seven nanometer four hundred ninety nine dolla
"phil zimmermann" Discussed on WGIR-AM

WGIR-AM

02:36 min | 3 years ago

"phil zimmermann" Discussed on WGIR-AM

"There are there are protocols now on email that makes it so that when it leaves your mail host and ends up on the other male host right in between it's secure it's encrypted but you still have the mail that went through your mail server or your upstream mail server like google or aol or whatever it might be and you now have the email unencrypted at the far side on that server because of course you have to have encrypted now you can keep your mail secure i i wanna say this i want you to get misled by using something like gp g which is based on pgp so gb g p g golf papa golf which is something that was developed years ago actually helped on just a minor bit with the development phil zimmermann did it but it uses your regular mail your regular mail account your regular mail host and you are sending encrypted mail from you to the recipient and now the recipient has to decrypted so that's probably a very good way to do it proton mail is one you might wanna look at proton piero t o n m a l this is a free open source encrypted email provider there over in switzerland it works from any computer through the website and there's also android and ios mobile apps on it you know can people get their hold hold of the message bottom line when it comes to proton male nobody can get it proton doesn't even keep it in an open format that's all encrypted the only person that can decryption cryptic mail messages with is you with your password nobody else a government the isp etc they cannot decrypt it in fact proton mail is so secure that it cannot recover your emails even if you forget your password so don't forget it here's a passer manager like last pass or or one password which is the one i use is one password so the decryption happens when you logon so they don't have access to a means to decrypt emails out the password or some sort of recovery thing out there so there's pros and cons to both of them but look it up i personally tend to use if i have something that needs to be encrypted or digitally signed i typically use gp g and i had a key years ago that was signed by fills zimmerman himself when i.

google phil zimmermann switzerland aol zimmerman