Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Multiple encryption
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==The Rule of Two== The '''Rule of Two''' is a data security principle from the [[National Security Agency|NSA's]] Commercial Solutions for Classified Program (CSfC).<ref>{{cite web |url=http://www.nsa.gov/ia/programs/csfc_program/ |title=Commercial Solutions for Classified Program |publisher=US National Security Agency |access-date=24 December 2015 |quote= |archive-url=https://web.archive.org/web/20151225183650/https://www.nsa.gov/ia/programs/csfc_program/ |archive-date=25 December 2015 |url-status=dead }}</ref> It specifies two completely independent layers of cryptography to protect data. For example, data could be protected by both hardware encryption at its lowest level and software encryption at the application layer. It could mean using two [[Federal Information Processing Standards|FIPS]]-validated software cryptomodules from different vendors to en/decrypt data. The importance of vendor and/or model diversity between the layers of components centers around removing the possibility that the manufacturers or models will share a vulnerability. This way if one components is compromised there is still an entire layer of encryption protecting the information at rest or in transit. The CSfC Program offers solutions to achieve diversity in two ways. "The first is to implement each layer using components produced by different manufacturers. The second is to use components from the same manufacturer, where that manufacturer has provided NSA with sufficient evidence that the implementations of the two components are independent of one another."<ref>{{cite web |url=https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/capability-packages/MACPv2_1.pdf/ |title=Mobile Access Capability Package |publisher=US National Security Agency |access-date=28 February 2020 |quote=}}</ref> The principle is practiced in the NSA's secure mobile phone called Fishbowl.<ref name=":0">Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared β or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables, URL: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf β English / German Language, Version 1.1, 305 pages, June 2016 (ISBN: 110368003X β DNB: 2016B14779)</ref> The phones use two layers of encryption protocols, [[IPsec]] and [[Secure Real-time Transport Protocol]] (SRTP), to protect voice communications. The Samsung [[Galaxy S9]] Tactical Edition is also an approved CSfC Component.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)