I can't think of a cryptography engineer who, given the option of betting on the academic/tech-industry cryptography savvy of RWC attendees, or the government market product engineers at Motorola, wouldn't put all their money on RWC, and then take out a loan to find more money to put down the same way. "If law enforcement can't get cryptography right there's no way independent software teams can" is completely backwards.

And if there's one thing the cryptocurrency brand of cryptographers can do, it's come up with new ways to take out loans!

I'm not sure what your point with the Motorola radio is. It's well known b2b solutions are often totally broken crap. Even more so then consumer solutions.

Can you prove it? That's a big claim (not the radio, the fact that you can read any e2e message instantly)

I think my messages sent over e2e encrypted chat with expiring session keys (like Signal) is more secure than broadcasting on radios with known weaknesses. Can you explain briefly why I'm wrong/"delusional"?

Sure, Signal encryption is better implemented than Motorola's. That means nothing when your device can be cracked with something like Pegasus without any interaction form you.

Protection against 0-click commercial exploit chains like Pegasus, that cost thousands to maintain, can not be done with just switching to another messenger app.

If that is part of your threat model IMO better to have good OpSec understanding and continuous training in compartmentalization. Ideally travel guidelines and dedicated devices.

Most journalists/activists don't even have that (sadly). So the argument to just use better Technology is a dud because no amount of tech can solve them from themselves.

(poorly) Paraphrasing Grugq:

> Good OpSec will get you through a time of compromised encryption better than good encryption gets you through a time of poor OpSec.

Software based encryption (not using HW backed) appeals if the threat-model needs to protect against the case where you think (or know) the hw might be broken e.g. in your given example AES. That claim might be true especially when you're trying to build a solid solution without control of the hardware or the underlying OS (like e2e mobile messengers trying). That would be a good reason to ditch HW based encryption.

But unless you fully trust the OS or the hardware, or your own ability to compartmentalize (which IMHO you should not), why put trust in an app running on top of all this compromised garbage :D

PGP has been available for a long time.

Of course the common easy to use solutions are all backdoored or worse.

Could you elaborate on your claim that there's flaws in Motorola's AES encryption?

I'd assuming they're talking about TETRA, presumably one of the export versions (I don't think TEA2 (only available to European public safety orgs) is known to be broken at this point, though its age and obscure nature wouldn't give you much confidence).

There's a good talk on it here: https://media.ccc.de/v/37c3-11761-all_cops_are_broadcasting

Their implementation added one more round of encryption for unknown reasons, which turns out weakened AES enough to break it with a GPU cluster. Google looks to be well scrubbed of the story but it featured on HN a while back.

... I mean virtually any modern encryption is going to be more secure than TETRA. TETRA is from 1995, and the non-European export version wasn't even supposed to be secure _in 1995_.

It's delusional to think a modern technology is more secure than an old Motorola radio used by local law enforcement?