Kryptos Nuttso
For further reading, I found this paper to be really valuable:
Post-quantum cryptography - dealing with the fallout of physics success (Bernstein and Lange)

From table 1 on page 3:

Name: AES-256
Function: block cipher
Pre-quantum security level: 256
Post-quantum security level: 128 (Grover)

Name: RSA-3072
Function: encryption
Pre-quantum security level: 128
Post-quantum security level: broken (Shor)

Name: RSA-3072
Function: signature
Pre-quantum security level: 128
Post-quantum security level: broken (Shor)

Keep in mind that the definition of "post-quantum" is fuzzy and uncertain. There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

As far as I am aware, there are no reputable expert quantum physicists in the field that expect this to happen sooner than 10 years from now, but most of them expect it to happen within the 21st century.

    Nuttso

    Not sure if I should answer this but,

    Sweden.

    The iPhone 12 Pro was in lockdown mode, latest OS at the time.

    But I noticed that some apps I opened after starting it up, asked for new permissons about notifcations after booting it up. Weird.

    Both phones had long passcodes.

    I assume they couldnt extract anything from any phone since I would 100℅ be in jail by now if they gained acess to neither of them.

    I Think Pixel was in lockdown mode only.

    thetraveller1

    They are now allowed to use violence here for FaceId and fingerprint unlock. Which is why I always make sure I use lookdown mode before putting my phone away.

    . They never asked for my passcode because they probably knew my answer would be "I dont remember my password".

      Nuttso Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

      Thought I sent a reply about last replies, guess it didn't.. I don't think AES with a good enough key size is weak by any means, I just think:

      • Science can be very unpredictable sometimes
      • Most people wont go out of their way to target the encryption, but the systems that make the encryption possible. While I think this is completely miniscule of a risk for a securely designed system like Pixels, all about time, budget and interest.

      I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon. I'm not much into the quantum/science stuff though so I can't comment.

      zzz There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

      As someone in there this is true. Too much obsession with commercial trends, and creating useless solutions from a lot of junk put together (eg. Blockchain technologies + something like Childcare).

      V1king They are now allowed to use violence here for FaceId and fingerprint unlock.

      Personally if I was at risk of violence I'd only use GrapheneOS + everything on a profile so I can delete that profile during a tough time, although I'm not at risk of either so maybe I can't think of any better plan.

        V1king I reinstalled the OS and verified that nothing was tampered with and all is good.

        For the Pixel the auditor app and the remote attestation service are supposed to warn you when the phone get tampered. You don't use them ?

        You verified that nothing was tampered after new OS install ? In case of hardware tampered, fresh GOS and attestation install not sure if the auditor and attestation service will detect this.

        It's unfortunate that people that are educated on privacy and value their privacy from "big tech", that software like GrapheneOS is known outside of the privacy community as used by "criminals" or "hackers", etc..

          The ignorant are ruled by their perceptions.

          Everything is used by criminals, and laws only stop those honest enough to obey them.

          spiral Honestly, I don't know what GOS stands for, so I am not sure how to take that response. My response was very neutral and my true feelings on the subject. My apologies if I have offended you.

            zeroNULLvoid it's unfortunate that people have to break the law so we could gain equal rights for everyone on this planet. The war on drugs is a joke. The only solution is legalization of every substance. Nothing else will change what is happening now. As long as this doesn't change. Criminals will use gos or similar.

            And having high ranking criminals use grapheneos is the best that can happen to grapheneos. Free forensic and penetrating testing against the OS.

            6 months later

            Nuttso

            Europol sent packages to their partner countries of skyecc hacks and evidence.
            In one of the packages it could be seen how the hack was done because they sent more than just raw transcripts. I emailed the evidence to the owner of crimesit- he was astonished, said he would publish, but never did. Which i find weird. It was a pretty sophisticated method with cooperation by the network provider and the server hosting company. Def was not like sky owner claimed that they sold already rigged phones to customers and that users who have original phones are safe.
            Also it was not a virus like in the encro case.
            I will give you a hint that Location was extracted by simply reading the apn of the cellular provider. So stupid and simple.
            Only mystery was if they could read all the messages or only the ones on those particular servers that they seized. Sky was said to have 5 servers and 2 of those were seized.
            Somebody more tech savy maybe can answer the q since i am not aware how servers and users are dispersed.
            The same hack can be replicated on all centralized servers, so the question is just if its different scenario with signal because of US legislation, because its broadly used or its just a matter of time…
            Until then i stay away from apps with centralized servers.

              Dangor Mail me the stuff. Afaik they compromised the signing key. End to end encryption isn't breakable if you compromise the server. You make it sound like they only needed access to the servers. They can hack all the signal/Amazon servers. They won't decrypt any messages. Implementing end to end is easy now days. Law enforcement has encrypted messages of sky. And they have way more messages than encrochat. So there must be more than the telcos assistance and the server providers.

              Mail me the documents. We will publish them.

                Nuttso They have used a emulator attack.
                First scanned the server of sky. Step 2 Cloned the server of sky, set up in a nearby location a server with the same configuration practically a clone server. With the assistance of the providers just redirected(duplicated) the traffic, so just mimicked the original server and its functions. Here only unknown to me is if they were getting the messages unencrypted or encrypted. I would say somehow before encryption because its hard to break 512 eclyptical encryption.
                Seizing the sky server was just a charade.
                Sky was surely operating on multiple servers due to the fact that even after seizing they continued operating for few days, so mystery 2 is if they seized all users messages or only users connected to the server in france.
                I never heard nobody arrested in Uk, south america or any other region besides europe.
                Send on what email?
                P.s: btw who says sky had encryption? The owner? It was not open sourced so we have no idea maybe was just a stupid app with a lot of marketing pump.

                  Nuttso You should give him your email because if he uploads it to privnote and shares the link here someone will already click on it and destroy the note.

                    • [deleted]

                    • Edited

                    final I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon.

                    There seems to be a lot of opposition to Kyber by D. J. Bernstein, Who's the Designer of Chacha20. He even wrote a article named "Debunking NIST's calculation of the Kyber-512 security level". Also, I think we're being too much off-topic, so maybe we should create another thread for this?

                    GrapheneLover I don't have a disposable email right now @Dangor upload the link to another host. If you want to make it public. If you want me to censor it prior to making it public give me some time or email it my lawyer.

                    info@andremiegel.de

                    He will share it with me and my other lawyer who is the chairman of all crime lawyers. But can't share his personal mail here