Hey, My mother is a non-technical person, she’s a sole trader. She has been using Google services for many years and is probably used to them. A few months ago, I was able to convince her to set up an online password manager and calendar (up until now, she had been saving all her passwords in a handy paper calendar).
Should I convince her to withdraw from Google services? If so, how should I do it so as not to put too much pressure on her?
Thanks for all the answers.
Forcing the older generation to change from a service that works perfectly fine to another one that isn’t as polished and isn’t a houshould name is a loosing battle.
I’d just bring up privacy concerns from time to time and suggest ways to increase their privacy when they ask for advice.
this scares me because the analogy for us we get older is I don’t want to be sitting here still feeling great about my 256 bit AES when quantum computers had cracked rijndael for the nsa for years already and the rest of the world is on elliptic curve cryptography.
edit: I mean lattice crypto, not elliptic curve
AES-256 should be quantum safe and elliptic curve cryptography is not.
is it really? I was under the impression that there are are already quantum algorithms to break aes if the tech was there. also I meant to say lattice cryptography, not elliptic curve.
edit: yes apparently 128 bit keyspaces are fucked, 192 isn’t looking great either, but as for the attack algorithms out now 256 would still be safe.
Yeah. There’s an attack that roughly halves the effectiveness of AES, but symmetric encryption is thought to be safe overall. If it’s not we’re super fucked.
Fair enough! I always get the ECC and lattice stuff mixed up too. ECC isn’t really all that different from RSA. The key sizes can be smaller for the same strength and it’s more efficient, though. This mostly benefits servers that will be handling a lot of encrypted connections AFAIK.
part of the issue is that just because something is secure now doesn’t mean it will still be in 5 years. so with quantum algorithms no doubt going to improve once the tech matures, and moreso with companies hoarding everyone’s data until that time, it’s only a matter of time before all that stuff is entirely breakable. so even if we keep up with the times it feels like a losing battle.
I’m not sure I’d consider it a losing battle at all. It’s certainly possible for there to be weaknesses in modern day cryptography, but in general it has stood up remarkably well over quite a long period of time so far. The possibility of quantum computers makes things like RSA and ECC a little dicey in the long term, but we’re already working on post-quantum cryptography and are starting to deploy it. Assuming that those algorithms hold up there’s a good chance that if quantum computing is ever practical we will be ready for it. There’s a good chance that you are even using post-quantum cryptography now in certain situations (e.g., recent versions of SSH uses post-quantum cryptography for key exchange).
Most people do not decide what cryptography they are using. I’m not really worried that in 50 years I’ll be using something dated for most stuff as long as I’m using modern software. The most likely case where this could matter is for something like SSH or PGP where you are manually managing your own keys… When RSA and ECC keys are no longer considered secure that will be pretty big news, and you’ll probably hear about it, but there’s also a good chance that the software will be updated and provide warnings that you should generate new keys too?
what I mean is that, connections that are private and secure in the current day, may still be logged since everyone is so data hungry to train their AI, because even though it’s not currently readable, those past messages will be tomorrow, even if the encryption of the day changes. it only protects the things under the current standard. that’s sort of unsettling to me that nothing is truly guaranteed safe for even 5 years, despite how deep the key space goes.