Is It Really Encrypted When the Key Is Public and Automatic?

DustinB3403

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Obsolesce

@DustinB3403 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Is that what he did?

DustinB3403

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@DustinB3403 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Is that what he did?

I think he mentioned it in or near the OP, yes.

scottalanmiller

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

Yes, that's how we found it. Someone sent us their data asking us to decrypt it. Which we did so, without getting a key from them.

scottalanmiller

@DustinB3403 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Yes, you can trivially get two demos and show that the data from one can be read from the other, for example.

scottalanmiller

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@DustinB3403 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Is that what he did?

We have access to a lot of customer data because figuring out why it is corrupt, what has gone wrong with it, backing it up, or moving it to another platform is all stuff that we do with this specific data. So customers are requesting that we work with their data regularly, since the vendor who encrypts it doesn't know how.

travisdh1

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

Yes, that's how we found it. Someone sent us their data asking us to decrypt it. Which we did so, without getting a key from them.

#facepalm

scottalanmiller

@travisdh1 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

Yes, that's how we found it. Someone sent us their data asking us to decrypt it. Which we did so, without getting a key from them.

#facepalm

Yeah, pretty funny.

Obsolesce

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@DustinB3403 said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

@scottalanmiller said in Is It Really Encrypted When the Key Is Public and Automatic?:

@Dashrender said in Is It Really Encrypted When the Key Is Public and Automatic?:

so run it from there - what are the legal liabilities?

Can't. Key is required to be with the data for the app to run. It's inside the app, can't he separated.

Have you successfully been able to use it to decrypt other people's data?

I don't know if that would be ethical to do specifically. But since there is apparently a demo environment if you could use your key to decrypt the demo data the proof is already sufficient while not exposing someone else's environment and data.

Yes, you can trivially get two demos and show that the data from one can be read from the other, for example.

So basically the software itself is the key. Yeah, that can't be legal. That's like saying your data is encrypted with BitLocker or FileVault, but anyone with BitLocker or FileVault respectively can decrypt your data.

scottalanmiller

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

So basically the software itself is the key.

That's exactly correct. The software is the key, the key is always the same.

scottalanmiller

@Obsolesce said in Is It Really Encrypted When the Key Is Public and Automatic?:

That's like saying your data is encrypted with BitLocker or FileVault, but anyone with BitLocker or FileVault respectively can will automatically decrypt your data without even trying.

FTFY