[Cryptography] would email encryption have saved Hillary Clinton's campaign?

Jonathan Thornburg jthorn at astro.indiana.edu
Sat Nov 12 21:10:14 EST 2016

Someone whose message I mistakenly deleted :( wrote (paraphrased) that
if Hillary Clinton's had been encrypted, she would have won the election.

Hmm.  The emails were stolen by using spear-phishing to steal the
credentials (passwords) of legitimate users.  I see no way in which
email encryption would have been even a speed-bump.

2FA as it's usually done (via an SMS to the user's cellphone) would have
helped a bit...  until the KGB (or whoever else) deployed an iOS/Android
0day or spear-phish to intercept the SMS.  2FA via a secure token would
have helped a lot... although with the endpoint pc pwned there are still
straightforward ways around this (see attacks on 2FA online banking).

Basically, good security with pwned endpoints is just about impossible. :(
There are no silver bullets.  And we've always been at war with Eastasia.

-- Jonathan Thornburg <jthorn at astro.indiana.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list