clrs

Do you have co-workers that are just real assholes, like something out of the movie The Green Mile?

The tried-and-true cryptographic algorithms coming out of academia are beyond even the NSA to break. Here, I am thinking of e.g. RSA on the public-key side and the AES on the symmetric-key side. These are safe, for now.

The real problem arises from how cryptographic algorithms are implemented into protocols such as SSL and TLS. For example, if a scheme needs a random number, cryptographers tend to think of this coming from somewhere, and it is up to the implementers to make sure this randomness is in fact random. To some extent, this makes sense, because it is very architecture-dependent.

There are, of course, the off-cases such as RC4 which exhibits strong biases in its output, which can be used to break the systems. The thing is, the security of public-key algorithms can be proven to be secure, unless one can solve a hard mathematical problem such as factoring or elliptic curve discrete logarithm problem. On the other hand, symmetric-key schemes such as the AES gain confidence from standing the test of time and of extensive cryptanalysis. The AES has stood the test of time, and I believe we will need a new and dramatically different cryptanalytic technique than what we know at the moment, to break the AES.

Source: I'm a ph.d. student in cryptology.

If you're a non-US citizen, storing your data in the US is generally a bad idea. The 4th amendment only applies to US citizens and green card holders residing in the US.

The best response to this, I think, was given by Glenn Greenwalk in his TED talk, see www.ted.com/talks/glenn_greenwald_why_privacy_matters.

With all we've learned from the Snowden revelations, what would be your suggestion to the ordinary citizen of EU country X, whose government is likely to have been bribed/convinced to cooperate with the NSA, in terms of (i) political action (here I am especially hinting towards what we should realistically require from our government as citizens), and (ii) technical advice pertaining to data protection?