More Encryption Is Not the Solution 207
CowboyRobot writes "Poul-Henning Kamp argues that the 'recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: "More encryption is the solution." This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.' His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: 'There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and "whatever-as-service" providers and make them an offer they couldn't refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'"
Links or it didn't happen (Score:5, Informative)
It would be super cool if there was some kind of technology that allowed you to provide a link to the source material for discussion...
http://queue.acm.org/detail.cfm?id=2508864 [acm.org]
Re:better title:some common encryption practices s (Score:4, Informative)
Uh, no.
The problem is that the government leans on the server you're talking to and gets your data after it's decrypted.
No amount of encryption can fix that, but the idea that more encryption is not part of the solution is just silly. Obviously it eliminates one means of eavesdropping on your communications.
So, more OPENSOURCE encryption? (Score:4, Informative)
This has nothing to do with encryption, and has everything with software you can't audit and verify yourself is secure.
I mean, do you really think it is that unlikely there are backdoors and/or monitoring hooks in your Cisco router? Or your Linksys AP? Or whatever?
The moment you trust blindly, be it the government or companies in a position to be influenced by others, you are putting yourself at risk.
Saying this is a cryptography issue, and not a "blackbox" issue, makes me wonder about ulterior motives...
Re:No story? (Score:2, Informative)
Had to dig a little, but found it in the ACM Queue. NB: the article is about a month old.
http://queue.acm.org/detail.cfm?id=2508864
Re:No story? (Score:1, Informative)
Are you new to the internet? http://lmgtfy.com/?q=More+encryption+is+not+the+solution+Poul-Henning+Kamp&l=1 [lmgtfy.com]
NB: the article is about a month old.
FTFY.
Re:Interesting quote about OSS project (Score:4, Informative)
I think he's referring to when Debian did exactly this to their openssl library.
It took two years for anyone to notice. [swtch.com]
Server doesn't create the session key (Score:5, Informative)
Umm... you should go re-read the SSL/TLS specs. The server doesn't get to dictate the session key.
The session key (AKA master key) is computed from a "pre-master" secret key and two random numbers, one provided by client the other from the server. Both sides perform this computation independently, and the server has no control over the client random -- nor the client over the server random. Also, the pre-master secret is either generated entirely by the client, or else generated through a Diffie Hellman key agreement protocol, which again involves input from both sides.
There may be other attacks, but the one described in the summary doesn't work.
Re:quick key repetition (Score:5, Informative)
What, you think the 1% who do won't be able to get the word out to their less technical family members, who will in turn tell their friends, co-workers, bosses, etc, who will in turn tell their friends, co-workers, bosses, etc, cascading into a full-on shitstorm?
Exactly.
One guy, Snowden, a geek by anyone's definition, managed to stir up a shitstorm of monumental proportions.
People are now pissed enough, or perhaps I should say enough people are pissed, that another attempt like that would bring down the whole house of cards.
The government would probably have to engineer another terrorist attack, with mass casualties in order to induce people to demand that Congress authorize such a power grab.