John McAfee is one of the more bombastic and eccentric personalities in the crypto space. Besides making a wager to eat his own member based on a Bitcoin price prediction, he has also gained a lot of what the kids call "clout" for this video regarding the AntiVirus software he created. (Among other things)
He can be entertaining. I'll grant him that.
He has recently been pushing a peculiar notion. This idea that data encryption is ultimately futile.
The below tweet isn't the "meat and potatoes" of this discussion. Thought it fit the form of tweets that one may find on the /r/ihadastroke subreddit which I find amusing.
𝐂𝐮𝐫𝐬𝐞 𝐭𝐡𝐨𝐬𝐞 𝐩𝐞𝐬𝐤𝐲 𝐨𝐫𝐢𝐠𝐫𝐚𝐦𝐬!
It's not difficult to ascertain what he's trying to say here but looks like he may have had a mini stroke trying to type it. The tweet that had started it all is linked in the below image.
Decided a bit of clarification was in order
Being an industry certified information security professional with over a decade of experience in my field, I decided to engage him on this topic. The results were not what I had anticipated.
What I found disturbing is the overarching idea that he is trying to push that MITM (Man-in-the-Middle) cyber attacks are not a thing.
The implicit premise of the claim is ALL conceivable devices we could own are already compromised. From single board computer, smartphones, IoT devices, tablets to beefy gaming desktops, that is BOLD claim to make.
The conclusion that he makes is that encryption is now useless is quite frankly ludicrous!
Cocaine is a helluva drug.
This is a potentially dangerous mindset for him to be promulgating yet his naive followers lap it up.
My first reply pointed out that cryptography, the science of encrypting our data is far beyond our ability to crack it aka cryptoanalysis. I did concede that with the advent of new technology such as quantum computing this may well change.
His reply was hysterical like something you would expect from /r/oldpeoplefacebook in ALL CAPS no less with way too much CAPSLOCK.
Not to mention the exclamation mark spam!!!!!!!!!
Neither does he, Brick. Neither does he.
As it stands presently, there are some algorithms that are technically unfeasable to brute force (sequentially enumerating all possible key combinations).
For perspective, let's take the algorithm employed by the government, Advanced Encryption Standard (AES). I quote from the following from How secure is AES against brute force attacks?
Faster supercomputer (as per Wikipedia): 10.51 Pentaflops = 10.51 x 1015 Flops [Flops = Floating point operations per second]
No. of Flops required per combination check: 1000 (very optimistic but just assume for now)
No. of combination checks per second = (10.51 x 1015 ) / 1000 = 10.51 x 1012
No. of seconds in one Year = 365 x 24 x 60 x 60 = 31536000
No. of Years to crack AES with 128-bit Key = (3.4 x 1038 ) / [(10.51 x 1012 ) x 31536000]
= (0.323 x 1026 )/31536000
= 1.02 x 1018
= 1 billion billion years
This article was written in 2012 and current supercomputers have become much more capable.
Per this article from 2018, the fastest supercomputer at the time was capable of 200 petaflops dwarfing the one referenced in the 2012 article.
Let's do the math!
(((10^15)200) /1000) / 31536000*
Can I get a drumroll please? The results are in!
Based on 2018 supercomputing technology, it would take approximately 6341958.39675 years to crack an AES 128 bit key using a brute force attack. That's over 6 MILLION YEARS.
Ain't nobody got time for that!
Quite literally.. unless you're a vampire or otherwise immortal.
Bonus Challenge!
Your mission if you choose to accept it
Obtain more recent figure for floating point operations per second, cite the article, perform the same math, and state the results in a comment. If you do this, I will use my SFR (@steemflagrewards) credits to boost that comment with a full upvote from our bot. Also, I will curate one of your recent posts as well. First one wins!
We have established the basis for cryptographic technology exceeding cryptoanalytical. That, in and of itself, doesn't debunk what McAfee is trying to assert. Specifically, that all systems are compromised BEFORE the secure channel is established thus making them all insecure by default. I have an answer for that which will be stated later.
Yes, at this point I was beginning to get a little ticked.
After about the first 7 retweets, I had to mute the conversation otherwise I may have blown a blood vessel out of frustration from the utter mindlessness of it all.
I was done or so I thought..
Here we go again
I was checking out a profile of another Steemian and noticed he was at it again.
Our fellow Steemian and IT professional @joshman even got his 0.02 SBD in!
I imagine McAfee is the type of guy that would be living in a Faraday cage
So, are you drinking the McAfee Koolaid. Do you honestly believe every information system (IS) is compromised from the git go thus making the task of encrypting your data a fool's errand? Well, I got something for you.
Enter the Hardware Security Module (HSM)
If you had been following me, you may have recalled my mentioning going to Florida to obtain another certification. It was a weeklong training and I had to pass a final exam. It wasn't cheap either.
$3000 that was thankfully reimbursed but the airfare was on my dime. Felt it a necessary expenditure considering the nature of my work. However, reimbursement was contingent on my passing which led to a few tense days afterward while the exams were graded.
But I managed to pull it off which I suspect was by the sweat of my chinny chin chin. 😅
Anyways, I tweeted the details of a theoretical implementation that would lay this silly notion to rest.
You're probably wondering.. What the hell is an HSM? I could go about explaining it myself but I'll let the following training slides do the talking.
Also, I may caveat that, unlike McAfee, I AM NOT A SHILL. I don't promote things because someone is paying me to do so.
Rather, I do it because I know and believe in the technology
Let's get into the slide deck, shall we?
Seems like a pretty nifty appliance... because they are! I'm also very much interested in the applicability of this tech to cryptocurrency.
Think about it.
How many times have you heard about a user forgetting their private key and losing their funds?
Sure a few of yall had heard about economist Peter Schiff recent ordeal. Yes, I had to poke a little fun at it.
Perhaps, a DERPCOIN whitepaper will be forthcoming.
Let me know if you would like to see that to push it up in my work queue.
It is somewhat speculative on my part that HSMs can be used to secure crypto wallets but I am definately interested in pursuing that idea further. I just need to get my hands on a personal HSM and begin tinkering with their developer API.
If any potential benefactor is interested in assisting me monetarily in getting that project started, feel free to contact me on any of my social media accounts.
I will need the funds to purchase the device, card sets, and required licenses which are currently outside of my means as I work off a revolving credit card debt. I'll be there soon enough. If you would like to support me in spearheading this thing before someone beats us to it, we can work out a deal.
At this point, I think I've said enough. (Probably too much)
I believe the reader will now at least see things from a more informed perspective than McAfee is providing his followers. Our sensitive data is important, folks! We should not be lax in safeguarding it.
Not just for us individually but also our families. I wouldn't want any of my followers or readers to get burned due to his misinformation. If you consider yourself to be in the personality cult of McAfee, it is my sincere hope that you at the very least approach his claims with due diligence and a measure of skepticism. As I have had today...
Put it to the test!
I just gotta point out the irony of the famous Antivirus pioneer making misleading claims about information security. Just goes to show that we shouldn't blindly follow any Internet persona.
Would you like to delegate to the Steem Flag Rewards project and promote decentralized moderation?
It's much more fashionable than self-voting.
Here are some handy delegation links!
Also, here is my SteemAuto fanbase link if you would like to be one of my consistent supporters.
A special thanks to @futuremind for encouraging me to create content like this.
P.S. This was created using the eSteem Surfer Desktop App and really digging it. I highly recommend it if you are on a Desktop.
There are real risks of compromised hardware. The chips are so complex that it is possible to sneak in some spyware. So we either need better trust in suppliers or algorithms that are resistant to being spied on. Neither is a simple matter. We've seen recent news on whether Huawei can be trusted to supply 5G equipment for the UK.
I am no encryption expert, but I understand there are quantum-resistant algorithms. You can make them memory intensive.
For opinions on security I tend to rely on less sensational people like Bruce Schneier and Steve Gibson, but some of the stuff they talk about is scary enough. We have billions of non-technical people relying on their gadgets with little idea of what is possible.
Absolutely! I just read today that Apple ditched an plan for encrypted cloud backups due to pressure from the FBI which just goes to show that user privacy / data confidentiality isn't paramount with these Big Tech companies.
Yes, nCipher is a decent sized company but, due to the design of the HSM, this is not so much as issue w an appropriate security world configuration.
For example, you can configure it to require a hardware token(s) to initialize the key via the HSM. In this setup, there is no amount of reverse engineering of the HSM that could produce the key.
No token, no joy.
This, of course, can be a double edged sword if one manages to lose required the card set for quorum. This is how 2 person integrity is established.
Let's say you have 2/4 cards quorum for the admin cardset. Well if your org happens to lose 3 or those cards for whatever reason. You're basically hosed and all that is left to do is pray the operator cards hold ip until whatever service / app can be transitioned to a new security world.
In such a situation, even the vendor will not be able to help recover the key and that's by design.
TL;DR: HSM requiring multifactor to access private key minimizes risk of backdoors.
I'm a little surprised that anyone expected him to really eat his member, but the response to not eating it wasn't very surprising. This seems to be just part of his tactics to hype things and get public reaction for a desired outcome. To go on and say it was a ruse for adoption, knowing full well that it is the "model T" of blockchain tech, is a full on admission to dishonest tactics.
I guess the question is, what is the associated ruse to this "MITM isn't a thing", thing..? If there is a ruse at all, it's a bit hard to come to any solid conclusions here in my mind.
I learned a great deal about AES reading your analysis here regarding brute force attacks, and how it would take 6 million years to crack. It would have only been a guess for me, and if asked to guess, it wouldn't have been 6 million years. This is a pretty impressive number.
If Moore's law is still applicable today, (which I'm not so sure it is) and this current analysis is from 2012, then maybe it's about 1.5 million years with current tech? I'm not a professional in this field and I'm not even sure if Moore's law is applicable to this, but I'm guessing you probably know. Just something that came to mind while reading.
The Quantum computer topic regarding encryption is pretty interesting too. I watched some laborious videos on Quantum computers during a brief time when I was super tin foil hatting and thought maybe we were going to bring some crazy entities out of another dimension (who knows!) , and I'm just going off memory here, but I think these guys were saying an efficient Quantum computer could crack our best encryption inside of an hour, even minutes potentially.
If this is the case, (and It's hard to doubt Quantum physicists in their field..) it seems logical to assume that this tech will remain black-boxed until Quantum level solution for encryption becomes available. Negligence would mean severe economic issues, likely collapse, and we have enough issues in that area as it is.
The HSM's sound awesome. I've never heard of them before this post, and that is a truly remarkable idea you have. Hopefully you'll get some qualified people interested to assist in a project with you.
There are plenty of good practices that even non security professionals can employ to protect their sensitive information, and the less one spends time considering the implications not doing a little research and learning what they can do, the less surprised they should be in the event that something happens. DERPCOIN, definitely.. One example is Steem password. I always tell people, there is no need to store this on an internet connected device, you shouldn't be logging in with it, get it off your computer, put it somewhere, and forget about it unless you need it later.
Ok, this is getting a bit long. Congrats on your certification, and thanks for the shout out!
On the Moore's law, I think it most assuredly would pertain to this. Considering we have figures for both 2012 and 2018, I suppose we could use those data points to make a crude estimate as to where we would be years from now.
The implications of quantum computers is not something terribly savvy to but I do recollect that instead of circuits existing in the on/off state that there are something 4 distinct states. Does that mean 4x processing power? I'm not sure but it would be a fascinating topic to explore further.
I don't happen to have a calculator and it's been a terribly long time since I operated one but I'm trying to find an online tools so maybe we can get a visualization. I may be able to pull it off with Python MatPlotLib but gonna shelf that for now.
Thanks for the thought provoking comment!
I'm not sure the math can be calculated in the same manner. Here is an interesting read. Qubits being 1's, 0's, or both at the same time, and superpostioned particles defying binary constraints, will make for some interesting calculations. Have fun ;)
that gif is good :D
Funny right? 😂 I thought it kind of fits in with the conversation.
That's probably what Peter Schiff was thinking when it came time to save his seed words! 😂
bad um tsss
Interesting read @anthonyadavisii. Never been a big fan of his. Even less of one now. People that can't communicate any better than f... this and f... that don't deserve much respect, IMHO ...
Yes, indeed. He's not the most eloquent to put it lightly. This course kind of changed my perspective as well. I was following him before and, in my mind, thought his response was going to be more intelligible.
Instead, he went for theatrics with his followers by throwing me under the bus so to speak. It kind of reminds me of The Joker and what happened between Arthur Fleck and Murray Franklin. Not saying I idolized McAfee but thought he was kind of cool or so I thought.
Warning May Be Considered Spoilers!
(If you haven't watched.)
In case you didn't watch, not saying what happens but rest assured that I'm not gonna go become a super villain. :P
"Back in" this morning 🌄 briefly @anthonyadavisii, thank you for investing your time to share this additional perspective with me.
Indeed ...
... given his reputation, one might reasonably expect that. But ... From what you show here in this post, anything but ...
Combined with a bit of what I have read elsewhere, as well as some of the images you show in your post, it appears this man's time is past. Descending down into the "dark hole" of some combination of narcissism / hedonism. Which, apart from divine intervention, he will not escape ...
Thanks again for sharing! 👍
May need to plug in the first video link into your browser to view. Doesn't seem to load in the comment.
Test reply
Thanks for using eSteem!
Your post has been voted as a part of eSteem encouragement program. Keep up the good work!
Dear reader, Install Android, iOS Mobile app or Windows, Mac, Linux Surfer app, if you haven't already!
Learn more: https://esteem.app
Join our discord: https://discord.me/esteem
Good post friends
Thanks! What did you like about it?
Yes friends
Much insight
Hi @anthonyadavisii!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 5.411 which ranks you at #676 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 106 contributions, your post is ranked at #25.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
it is really strange
Yes, he is.
Your post has been manually curated by FreeVoter Team.You can earn liquid steem by delegating SP to @freevoter !! We are now paying 100% daily earnings and 90% Curation reward and ESTM & Dlike token to our delegators !! Join Discord for more information. Thank you !!
Hi, @anthonyadavisii!
You just got a 13.5% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
McAfee =
||
Too many drugs. It's funny as hell seeing him go on a rant about btc being a shitcoin after making his wanger wager. Dude is out of his gourd. Tbh he prob understands being controversial gets him attention.
Sorry it took me a minute to see this. Going check yo blog and show some ♥️. Thanks for the resteems buddy
Nice
Don't do this.