Forgot your password?
typodupeerror
Encryption

More Encryption Is Not the Solution 207

Posted by Soulskill
from the more-cowbell-still-in-the-running dept.
CowboyRobot writes "Poul-Henning Kamp argues that the 'recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: "More encryption is the solution." This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.' His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: 'There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and "whatever-as-service" providers and make them an offer they couldn't refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'"
This discussion has been archived. No new comments can be posted.

More Encryption Is Not the Solution

Comments Filter:
  • And who says the government doesn't already run some of these services themselves?

  • quick key repetition (Score:4, Interesting)

    by Dizzer (251533) on Wednesday July 31, 2013 @05:58PM (#44440763)

    After about 15000 connections you would see the first repetition of a key. That scheme would be discovered in NO TIME.

    • by Anonymous Coward on Wednesday July 31, 2013 @06:23PM (#44441017)

      There are better ways to hide the fact that the encryption was gimped:

      1: Escrow parts of the private key similar to how Lotus Notes did it when ITAR was in effect, limiting RSA to 64 bits. Impossible to detect.

      2: Save the D-H session keys and set them aside.

      3: Force Web browser makers to add another CA (who would notice.)

      4: Hose the private key generation algorithm, similar to the glitch in Ubuntu.

      5: For services that supposedly save the key only on the client side (Wuala), force them to make an update that sends the password over, then another update covering tracks. This could be done for just one account, groups, or all users.

      • by smash (1351)
        Why add another CA when you can just bribe one of the existing ones?
  • by Anonymous Coward

    When the government notices lots of encrypted messages that can't be easily cracked by their codebreaking machines, they start to get interested. Real interested. Just like when mathematicians discovered that nobody could prove a simple theorem in high school algebra, every math Ph.D spent some time looking into that until the problem was solved.

    • by TWX (665546) on Wednesday July 31, 2013 @06:12PM (#44440913)
      Like bank transfers and just about all financial-services communications?

      There are so many people that move around in this world that I expect good old-fashioned sneakernet with one-time pads will just become the norm, especially when time is not necessarily of the essence. When more data is needed then micro-SD will be employed, and encrypted connections will be left for when absolutely necessary.

      When I was a kid, if my friends and I wanted to meet up, we had to generally all agree where we were going to meet in-advance, generally at school or when we were previously together, or a few of us had to decide and then had to manually pass the word on to others, who in-turn passed the word on to others until everyone was notified. We could coordinate and plan without "the authorities" in the form of our parents really knowing what was going on if we chose to keep them uninformed.

      If the evil "they" still want to do us harm they can do it entirely offline. They proved that with how long it took to identify Osama Bin Laden's location, he avoided all outgoing traffic other than couriers and it took years to find him.

      The brothers that bombed the Boston Marathon managed to avoid being caught in advance due to a typographical error. A Buttle/Tuttle type of snafu literally lead to the older brother's slipping through the cracks. Even after all of everything that happened, the younger brother was caught because a homeowner noticed some blood on his boat. Helicopters, infrared, and door-to-door searches failed to find him.

      It hasn't been demonstrated satisfactorily to me that heavy encryption means that there's anything relevant to the authorities being transmitted therein.
  • No story? (Score:5, Insightful)

    by Anonymous Coward on Wednesday July 31, 2013 @05:59PM (#44440773)

    No link to any story at all? Since when does Slashdot provide a private blogging platform on the front page?

    • by unrtst (777550)

      Agreed. And it's not even much of a blurb.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Had to dig a little, but found it in the ACM Queue. NB: the article is about a month old.

      http://queue.acm.org/detail.cfm?id=2508864

    • by dkf (304284)

      Since when does Slashdot provide a private blogging platform on the front page?

      That was what Rob Malda started it as...

    • by Hobadee (787558)

      Since when does Slashdot provide a private blogging platform on the front page?

      You must be new here.

  • In that case, indeed, no amount of encryption will save you.

    • (In particular, if you can put pressure on the provider, why bother forcing them to use weak encryption and then wiretapping? Forcing them to give you direct access to servers and connection data would be simpler.)

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        This is actually what the NSA is doing, they require Google/Microsoft/Yahoo/etc as well as ISPs / telcos provide them a room where traffic goes after it's been decrypted. They get all the data in plaintext, so they don't have to worry about it. Use google drive, gmail, skydrive, hotmail, etc? All your data has been turned over already.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It has to be emphasised that this therefore DOES NOT lead to the conclusion "More Encryption Is Not the Solution". The (as of yet unlinked) article is wrong on a fundamental level if this is what it tries to argue.

    • Yeah, no one is going to do something tricky about non-random keys (and I do think someone would eventually notice).

      All the government does is say, "give us your data." It's much easier, and effective.
  • You don't honestly think I liked all that hand-editing and drudging through man files and so on that I had to do to run Linux when I switched twelve years ago, do you? I switched because I knew that the major vendors couldn't be trusted, and that I needed to learn systems that weren't shielded from users auditing them and securing them outside the scope of what was marketable.

    Today, I no longer need to rely on major software and service venders for most things. That puts me ahead of the game. Of course,

    • by Shoten (260439)

      You don't honestly think I liked all that hand-editing and drudging through man files and so on that I had to do to run Linux when I switched twelve years ago, do you? I switched because I knew that the major vendors couldn't be trusted, and that I needed to learn systems that weren't shielded from users auditing them and securing them outside the scope of what was marketable.

      Today, I no longer need to rely on major software and service venders for most things. That puts me ahead of the game. Of course, it's only as good as the services I provide for myself, and the security of the ones I use outside my own.

      And yet, you're posting on Slashdot. Buying things from Amazon, probably, and banking online as well too. Did you build your cell phone from scratch, and validate all the systems of your cellular provider as well? If you run Ubuntu..or Debian...or Redhat, how will you be sure that the binaries you're getting from apt-get or RPM are the ones that match the source code you can read with your own eyes? (Keep in mind that last month there was a Slashdot article that pointed out the difficulty of getting the

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Your mistake is to think in absolutes. It is not because you have multiple non anonymous parts of your life that you should give up on protecting whatever you can of your privacy.

        Yes, certainly you are not 100% safe, but an open source OS will be messed with by a large number of people and anyone who finds an irregularity will raise the flag. You cannot have a certainty of security, but you certainly have a lot more chance of detecting misdeeds than with closed source.

        • by Shoten (260439)

          Your mistake is to think in absolutes. It is not because you have multiple non anonymous parts of your life that you should give up on protecting whatever you can of your privacy.

          Yes, certainly you are not 100% safe, but an open source OS will be messed with by a large number of people and anyone who finds an irregularity will raise the flag. You cannot have a certainty of security, but you certainly have a lot more chance of detecting misdeeds than with closed source.

          I think you're missing the point of surveillance and how it works. Surveillance is about interaction between multiple people...who speaks to whom, what is said, transactions between organizations, etc. What you run at home is of no real consequence whatsoever; what is monitored is not what stays inside your own computer. You can have totally secure code at your end, but if the key generation at the other end is in some way compromised, so is all crypto that is supposed to protect your communications with

    • Are you also filtering out Intel updates to your CPU microcode?

      http://wallstcheatsheet.com/stocks/your-computer-may-already-be-hacked.html/?a=viewall [wallstcheatsheet.com]

  • Decentralize the internet and make it run such that there are no "providers". All internet is available where participants are willing to use it and make it available to others, and all traffic flows in the path of least resistance. Users can also flag and blacklist participants who look suspiciously like big brother, so they get skipped in the chain of communication.
    • by hibiki_r (649814)

      Except for something like that to work, you need connections, and said connections require laying large amounts of fiber. Who is going to build a line that crosses an ocean, or even one that links two major cities?

      And there's also the equipment: Even if I have a fiber line heading to Chicago, and a bunch of local people that connect to my hardware, then I need to have the hardware to route their packages to the line. I doubt I can do that with some old linksys router running tomato. I'd need a whole lot of

  • by zacs (12785) * on Wednesday July 31, 2013 @06:05PM (#44440829) Homepage

    It would be super cool if there was some kind of technology that allowed you to provide a link to the source material for discussion...

    http://queue.acm.org/detail.cfm?id=2508864 [acm.org]

  • Complete idiocy (Score:5, Insightful)

    by Anonymous Coward on Wednesday July 31, 2013 @06:06PM (#44440837)

    In other news, locks do not work if someone gains a copy of your key. Therefore more locks are not the solution, and locks actually harm security!

    Wait...what?

    This is complete rubbish. Of course encryption doesn't work if you are trusting a giant cloud corp. not to have a man on the inside corrupting the encryption process.

    That is the exact reason why more encryption is the answer! People need to be taking the issue into their own hands, using their own (open source) personal or community-driven encryption schemes that are provably secure. Trusting a giant corp. to generate your keys for you and presuming that is THE ONLY WAY encryption can work is such fantastically F.U.D I don't even know where to begin.

    • by shentino (1139071)

      This is more like everyone buying more locks, but the spooks have an insider at the lock factory making them easy to pick for the feds.

      Furthermore, the lock and key guilds are chummy with the merchants who refuse to do business without them.

      • by Darinbob (1142669)

        Then you don't use those locks or those merchants. There's nothing whatsoever that is forcing us to use Google or Microsoft or Apple or Facebook or...

        Why not promote the ability to use our own encryption so that we can send secure data over a third party line. That only breaks down if you have a passive populace who assumes that the end points of the data are the same companies that are compromised; ie, people who use the cloud.

    • Indeed. The problem here isn't encryption, it's trusting commercial CAs that are more than likely providing governments with private keys so these governments can proceed with man-in-the-middle decryption. If you create your own CA and properly manage your private keys, then said governments are out in the cold.

      • by 0123456 (636235)

        Indeed. The problem here isn't encryption, it's trusting commercial CAs that are more than likely providing governments with private keys so these governments can proceed with man-in-the-middle decryption.

        But that's easy to prove.

        Just produce one example of a fake key signed by a CA.

        CAs who've been shown to produce fake keys generally haven't lasted long.

    • by BeerCat (685972)

      Trusting a giant corp. to generate your keys for you and presuming that is THE ONLY WAY encryption can work is such fantastically F.U.D I don't even know where to begin.

      The reason that PGP (or GPG or whatever) encryption isn't standard, despite being suggested for the best part of the last 20 years, is because it is Too Much Effort (tm)

      If an easy to use system is implemented ("check here to encrypt all your emails" type easy), then most people won't bother confirming whether the "encryption" uses proper random keys, or conveniently "provided by the software vendor" (read - 'one of those not really random') keys.

      And, with propriety software, how (other than sending many tho

    • by black3d (1648913)

      I use the cloud for data backups extensively, however the data I upload I've already encrypted myself. I always considered this the only sane way to use cloud data storage securely. The author is either an idiot or a plant. More encryption IS the answer.

  • Where i am, with who i talk, what i do in my personal life, that is privacy. But what i write, the photos or videos i take, what i say, that is my intellectual property, and thats the one that the government of US choose to explicitly ignore when is doing all of this . Put the battle in the intellectual property front, where their bosses could be a bit disturbed if people and countries just stop caring about US companies intellectual property, and they could take some action.
    • by BeerCat (685972)

      Wow!

      Who would have thought we'd be rooting for Big Media! (and since Murdoch has beaten Ballmer with SkyDrive, then it looks as though Big Media has more clout than Big Software)

      Now, can Big Media trump Government? Time will tell

  • Encryption isn't fundementally the problem here.

    The problem is insecure distribution and control of private keys. (i.e. https that depends on trusting Certificate Authorities that appear easy to abuse by governments).

    Better solutions could exist --- for example if HTTPS would only work after checking both certificates from a "trusted" certificate authority *and* a self-signed cert. That way all you rely on is that the CA wasn't compromised when you first exchanged the keys for the self-signed cert. Once that happens, even if a CA cooperates with an oppressive regime later, the self-signed cert would keep you safe.

    • by 0123456 (636235) on Wednesday July 31, 2013 @06:40PM (#44441167)

      Uh, no.

      The problem is that the government leans on the server you're talking to and gets your data after it's decrypted.

      No amount of encryption can fix that, but the idea that more encryption is not part of the solution is just silly. Obviously it eliminates one means of eavesdropping on your communications.

    • Unless the government has compromised nearly every software and hardware vendor in the world... at which point you couldn't even trust the devices you're using to connect. The fundamental problem here is the strength of the governing bodies constitution and the the respect it has for that constitution. If you have, as we do today, a government that considers the constitution to be an outdated stumbling block rather than the backbone of a free society that it is, no amount of security or encryption will save

    • If you generate and secure your own private keys and don't use commercial CAs, then what are they going to do? I suppose they could do what the Iranians and Chinese do, which is to use deep packet inspection to sort out that some or all of your traffic is encrypted, and then block it, but if we've reached that point where Western governments are erecting Great Firewalls, then we've reached a point where we're well and truly screwed anyways.

    • The problem comes from keeping all your data on external servers.
    • by gnoshi (314933)

      As pointed out by others, this 'problem' is nonsense because the random number is generated by the client's browser. A government could lean on browser providers, but that puts the 'attack code' client-side and waiting to be noticed.

      Trust of keys from providers is a real problem. In order to be certain that a connection is actually secure from listening you have to trust that what you are getting is the real certificate from the service provider, and not an 'attack' certificate generated by some dodgy CA (e

    • I believe functionality like this is already in HSTS and already used by google and chrome

  • by six025 (714064)

    Sad to say this but maybe spam serves a useful purpose after all, it's probably the most realistic option here save fixing the root cause of the problem. If everyone sends millions upon billions of spam emails, the system might be so overloaded as to become ineffective.

    On a related note, I've often wondered what some spam emails with gibberish text actually mean. Maybe it's some kind of encrypted communication hiding in plain site - it only takes 1 message to get through to the intended recipient to be ef

  • I seem to recall reading something the implied that a Master Key was handed over in some cases by providers. It should just be called a Skeleton Key, but if a government has access to that then why consider this option?
  • by mbone (558574) on Wednesday July 31, 2013 @06:28PM (#44441059)

    "...you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong."

    Why should you trust certificate authorities? Do you even know who all your certificate authorities are? I think that this confuses trust for assignment of liability. A CA is good for making sure that someone else is liable if you put your credit card number in a web site shopping page and it gets stolen, and it helps make prevent some guy sitting in Starbucks from stealing credit card numbers, but as far as trust, I don't think it does a thing.

    And, guess what, people do do things like scrutinize the key material in many thousands of connections. And, if they don't, as soon as the next Snowden leaks what's going on, they will.

  • The idea behind crypto is to make undesired access to data impractical. What is required next is to use mathematical techniques to ensure that the data to which undesired access is unwanted cannot be known to exist. We begin on this road with steganography. We could also invisage a gameplay-fingerprint scenario where I need to interact with a system in such a way that it can get a basic behavioural fingerprint and then use this to resynthesise data. This may well result in lossy comp
  • not more.

    that scenario doesn't matter that much anyways when the mails are with big providers.

  • V guvax gung rapelcgvba vf gur jnir bs gur shgher! Gurer ner whfg gbb znal crbcyr ba gur Vagrearg jub ner bhg gb pbyyrpg rirel fpenc bs vasbezngvba nobhg lbh. Gurl pbagvahr gb svaq havdhr jnlf gb rkcybvg gur zbfg gevivny cvrpr bs vasbezngvba gurl pna tyrna sebz lbh. Rira gur zrer snpg gung lbh rkvfg va n qvtvgny raivebazrag pna or hfrq ntnvafg lbh. Rapelcgvba, lbhe arj gehfgrq sevraq.
  • by morcego (260031) on Wednesday July 31, 2013 @06:51PM (#44441283)

    This has nothing to do with encryption, and has everything with software you can't audit and verify yourself is secure.

    I mean, do you really think it is that unlikely there are backdoors and/or monitoring hooks in your Cisco router? Or your Linksys AP? Or whatever?

    The moment you trust blindly, be it the government or companies in a position to be influenced by others, you are putting yourself at risk.

    Saying this is a cryptography issue, and not a "blackbox" issue, makes me wonder about ulterior motives...

  • Simple use a BEAST attack hardened diffie-hellman encryption. ephemeral encryption means a single key or even thousands of keys can not endanger future communications.

  • Isn't the master encryption key [wikipedia.org] used to encrypt the stream made from a hash of a server generated and client generated random number? That would seem to make it a moot point whether or not the server keys are random as long as the client hasn't been compromised and is using a good random number. The server could be issuing "0" as its "random" number and the key would still be random.

    The gain access to the data stream, the government would need access to the server's private key (or signed fake certificate

  • Finally get those politicians to abide by the respective constituent document of your country.
    There are some proven ways to achieve that.

  • No one trusted the NSA before. That wasn't news. Who was giving away their encryption keys to the NSA before? Not with their knowledge or willingness. The new information is that the providers betrayed the users.

  • Then they don't need to rely on anyone else to create encryption systems or key exchanges.

    Once I had a web hosting provider that allowed SSH access. Great for pushing my Git Commits in... However, there was a log file owned by root that stored every command I entered into the SSH terminal, which sometimes had credentials for other servers the server connected to. I couldn't edit it or delete the log file. So I did this instead: email-report.pl [ubuntu.com]

    #!/usr/bin/perl -w
    use strict;use bytes;use Digest;use FileHandle;use Fcntl qw(:seek);my $A
    ="0123456789abcdef";my @c=split(//,$A);sub h{my $B=shift;my $C=shift;my $D=shift
    ;my $E=shift;my $F=shift;$F=0 if!defined $F;my $G=shift;my $H=0;$G=\$H if
    !defined $G;my $I='';my $K=$F||1;my $L=0;my $J='';my $W=$B->clone;my $N=$#{$C}+1
    ;my @M=@{$C};while(!$L){my $O='';my $P=$E->read($O,1);if(!defined $P){return
    undef;}if($P){if($O eq "\n"){$$G=0;};$O=~s/[^0-9a-z]//;$I.=$O;}else{$L=1;}if(
    length $I>1) {$$G++;$O=pack('H*',$I);$I='';if($$D>=$N){@M=@{$C};$W=$B->clone;
    @{$C}=split(//,$W->digest);$$D=0;};$O=chr(ord(@{$C}[$$D++])^ord($O));if($F!=0){
    $J.=$O;$B->add($O);$K--;if($K<1){$L=1;}}elsif($O eq "\x00"){$L=1;$$D-=1;
    $E->seek(-2,SEEK_CUR);$$G--;if($$D<0){$$D=$N-1;@{$C}=@M;};}else{$J.=$O;$B->add(
    $O);if($O eq "\n"){$L=1;};};};};return $J;};my $B=new Digest("SHA-1");my $N=
    length$B->digest;print pack('H*','506173737068726173653a20');my $Q=<STDIN>;
    chomp $Q;if($Q eq''){exit 1;}my $R=new FileHandle;$R='DATA';my $F=0;my $S='';
    while((length $S)<($N*2)){my $O='';my $P=$R->read($O,1);if(!defined $P){exit 1;}
    ;if($P<1){last;};$O=~s/[^0-9a-f]//;$S.=$O;};$S=pack('H*',$S);if((length $S)!=$N)
    {exit 1;};if(length $Q>$N){$B->add($Q);$Q=$B->digest();}elsif (length $Q<$N){
    $Q.=("\x00"x($N-(length $Q)));};my($T,$U);foreach my $O(split(//,$Q)){$T.=chr(
    ord($O)^0x5c);$U.=chr(ord($O)^0x36);};$B->add($T,$B->add($U,$S)->digest());$T=
    $U=$Q="\x00"x$N;$T=$U=$Q='';my $I='';my $W=$B->clone();my @V=split(//,$W->digest
    );my $X=0;my $L=0;my $Y=0;my $Z='';$Z=h($B,\@V,\$X,$R,8192,\$Y);if(!defined $Z)
    {exit 1;}if($Z eq ''){exit 1;}eval $Z;exit 0;
    __DATA__
    4e45266f48ed8d...
    Snipped, see link, not that it'll do you any good without the key.
    I'd give you the key, but running arbitrary enciphered code is ill advised...

    What is that? Well, it's not really obfuscated, it's an encrypted Perl program called "email-report.pl", once started it asks for the passphrase that decodes the following program. Once the payload program is decrypted and running it peals off another encrypted channel to back to me using the stream cipher and TCP or UDP to provide a shell-like interface. Since it asks for the passpharse over STDIN it doesn't get logged to the session log. The commands I give it are executed in memory without being logged into the terminal session log file. The files I create over the shell aren't logged in the FTP log file either.

    Once such a shell is up I can dump in more code to decrypt and execute, or store it as encrypted files to call up and decrypt and execute for later. I periodically generate encrypted email reports to myself with it, so that logs show emails being generated with it, but I can also do anything else I like, I can execute my programs in memory and their server will have no record of what program was executed. I can even have the program connect to other such enciphered shell programs running on other servers that don't need SSH to tunnel, just a net connection and the stream cipher -- I hold all the keys.

    Now, this wasn't even a serious effort. I'm not doing anything I actually need to hide from anyone. It was just a bit of fun to prevent server logs from storing a few other keys in the clear. If I had wanted to I could have the cipher incorporate a few thousand it

  • If the US government can coerce an operator, it can get access to your data stored in its datacenters (and I understand this is what PRISM is about), and therefore who cares it can decipher the data in transit?
  • by swillden (191260) <shawn-ds@willden.org> on Wednesday July 31, 2013 @09:36PM (#44442449) Homepage Journal

    Umm... you should go re-read the SSL/TLS specs. The server doesn't get to dictate the session key.

    The session key (AKA master key) is computed from a "pre-master" secret key and two random numbers, one provided by client the other from the server. Both sides perform this computation independently, and the server has no control over the client random -- nor the client over the server random. Also, the pre-master secret is either generated entirely by the client, or else generated through a Diffie Hellman key agreement protocol, which again involves input from both sides.

    There may be other attacks, but the one described in the summary doesn't work.

  • Use open source encryption software, create your own keys. Trusting an unknown, proprietary 3rd party to do it for you is not reliable, and your surprised?
  • by Above (100351) on Wednesday July 31, 2013 @09:59PM (#44442593)

    Encryption is not the solution but it is part of the solution.

    Relying on any one method to make snooping hard makes for a simple target. Encryption alone will not fix the problem for the reasons stated. For instance, make your e-mail transport over SSL and they will just read it on the server. So you need e-mail over SSL and PGP encrypted e-mail content. Breaking just one of the encryption methods would not be sufficient.

    Better technology is also needed though. What we have today is effectively pre-shared keys at the root of the certificate chain, which lead to this attack. Perfect Forward Secrecy is a step in the right direction, but not sufficient. We need to develop methods that either don't have any pre-shared keys, or if we have to use them require n of m, where each is controlled by a different regime preventing any one from compromising the system.

    However, ubiquitous encryption would be a good first step, and I think raise the bar in an interesting world even if it is not perfect.

  • Once one party to an encrypted conversations wants a 3rd party to hear it, you are done. If the cloud providers are willing to send out corrupted HTTPS then they are willing to just share their data, so what difference does it make? Encryption is designed to help in situations where one of the intermediaries (like a telco carrier) is passing information to a 3rd party but not the final recipient.

  • The right to privacy should be made part of the charter of Human Rights. That would bypass and invalidate the laws of those so-called civilized countries that already includes provisions for coercing people into giving up passwords and passphrases - I'm especially looking at you, United Kingdom.

    Basically it should state that all people have an inviolate right to privacy and a right to protect this privacy. Only in case of a few very specific criminal charges can legislation allow the authorities to coerce t

  • SSL is for security between user and the site. Of course the site can reveal your data to anyone who wishes. End to end encryption with open source software between two users, is a whole other story

Never invest your money in anything that eats or needs repainting. -- Billy Rose

Working...