Encryption? Are we surprised?

On 2013-09-14 05:54, Jim Henderson wrote:
> On Sat, 14 Sep 2013 01:13:15 +0000, Carlos E. R. wrote:
>
>> I can read code. But I can not audit encryption code, because I’m not
>> the mathematical genius that can really understand encryption
>> algorithms.
>>
>> That narrows very much what auditing is available to us.
>
> To you, maybe, but there are plenty of people who are versed in crypto
> who audit the code. Phil Zimmerman comes to mind - somehow it seems
> pretty hard to believe that he’d be speaking out for privacy rights while
> at the same time subverting the very crypto algorithms his business
> depends on.

Not him…

I heard one expert saying that they had to redesign internet
cryptography again, entirely, to bring it back to the people.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

PGP and similar (GPG for example) seem to be okay.

I have long been critical of web security. It is based on a hierarchical trust model. I am supposed to trust website X because they paid money to certification authority Y and Microsoft says that Y can be trusted. For all I know, Y might have bribed Microsoft. It is a terrible trust model.

The web of trust, used by PGP, is not perfect. But it is far superior to the hierarchical trust model. The hierarchical trust model seems to have been designed with one primary goal – to provide a means for CAs to earn money.

On Sat, 14 Sep 2013 08:53:12 +0000, Carlos E. R. wrote:

> On 2013-09-14 05:54, Jim Henderson wrote:
>> On Sat, 14 Sep 2013 01:13:15 +0000, Carlos E. R. wrote:
>>
>>> I can read code. But I can not audit encryption code, because I’m not
>>> the mathematical genius that can really understand encryption
>>> algorithms.
>>>
>>> That narrows very much what auditing is available to us.
>>
>> To you, maybe, but there are plenty of people who are versed in crypto
>> who audit the code. Phil Zimmerman comes to mind - somehow it seems
>> pretty hard to believe that he’d be speaking out for privacy rights
>> while at the same time subverting the very crypto algorithms his
>> business depends on.
>
> Not him…
>
> I heard one expert saying that they had to redesign internet
> cryptography again, entirely, to bring it back to the people.

I heard that quote too, and it had to do with SSL, not on-disk encryption.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

What me really makes wondering is how much avanced knowledge certain agencies must have in this area compared to the academic world which is not available as it is locked away from certain agencies. I know this let a lot of room for speculations but in the last weeks we good a lot of information from various media all over the world how many mathematicians the NSA employs and for this reason I think they have a big advantage and knowledge in this area. Somewhere it was written they are maybe ten years ahead of academic crypto world.

On Sat, 14 Sep 2013 22:06:02 +0000, FurciferPardalis wrote:

> What me really makes wondering is how much avanced knowledge certain
> agencies must have in this area compared to the academic world which is
> not available as it is locked away from certain agencies. I know this
> let a lot of room for speculations but in the last weeks we good a lot
> of information from various media all over the world how many
> mathematicians the NSA employs and for this reason I think they have a
> big advantage and knowledge in this area. Somewhere it was written they
> are maybe ten years ahead of academic crypto world.

Citations? I don’t know about you, but I find “somewhere it was written”
to not be entirely credible - kinda like “I heard from my friend’s
brother’s girlfriend’s ex-stepfather’s parakeet that this is true”.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 2013-09-14 19:26, nrickert wrote:

> PGP and similar (GPG for example) seem to be okay.
>
> I have long been critical of web security. It is based on a
> hierarchical trust model. I am supposed to trust website X because they
> paid money to certification authority Y and Microsoft says that Y can be
> trusted. For all I know, Y might have bribed Microsoft. It is a
> terrible trust model.

That trust only implies that the certification authority says they gave the certification to “name”,
and that “name” is really “name”.

> The web of trust, used by PGP, is not perfect. But it is far superior
> to the hierarchical trust model. The hierarchical trust model seems to
> have been designed with one primary goal – to provide a means for CAs
> to earn money.

That web of trust is also problematic.

You are supposed to sign a key of somebody only when you meet that person face to face and you
exchange keys. However, I know of several people that have signed my keys at hundreds or thousands
of kilometers away because “they trust me” - but they have never seen me! They can not swear on a
court of law that the key belongs to me.

If that is how people sign pgp keys, the web of trust is broken.

–
Cheers / Saludos,

Carlos E. R.
(from oS 12.3 “Dartmouth” GM (rescate 1))

I did say that it is not perfect.

I don’t agree with that part. Meeting somebody face to face is no guarantee of their trustworthiness. There are some people that one knows better on the basis of their online activity, than you would ever know by face to face meeting.

However, I do agree that some folk are a bit too indiscriminate in signing keys. But that does not affect you unless you make their keys trusted.

On 2013-09-15 02:06, nrickert wrote:
>
> robin_listas;2584955 Wrote:
>> That web of trust is also problematic.
> I did say that it is not perfect.
>
> robin_listas;2584955 Wrote:
>> You are supposed to sign a key of somebody only when you meet that
>> person face to face and you exchange keys.
> I don’t agree with that part. Meeting somebody face to face is no
> guarantee of their trustworthiness.

Trustworthiness is irrelevant.
The PGP “web of trust” is not about “trustworthiness” of a person.

It is about how sure you are that he is who he claim he is, and how sure
you are that he manages PGP correctly.

> However, I do agree that some folk are a bit too indiscriminate in
> signing keys. But that does not affect you unless you make their keys
> trusted.

It does.

A -> B -> C -> D

I’m A, you B. For instance. The web of trust above connects us both -
but node C in the middle is not reliable, although B says he is. There
is no way I can know that, but your identity can be false, although the
web of trust says you are correct.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Sure, it is. Or at least their trustworthiness in their use of their key.

And the second of those is a matter of trustworthiness.

A -> B -> C -> D

In that case, you should never assign trust to key B. And if you sign key B, you should make that a private signature, never to be exported. That way, the trust is not transitive to C or D.

On 2013-09-15 04:06, nrickert wrote:
>
> robin_listas;2584981 Wrote:
>> The PGP “web of trust” is not about “trustworthiness” of a person.
> Sure, it is. Or at least their trustworthiness in their use of their
> key.

Only the trustworthiness in their use of their key is relevant - he may
be a crook otherwise

I made a typo:

A -> B -> C -> D

I’m A, you D. For instance. The web of trust above connects us both

> In that case, you should never assign trust to key B. And if you sign
> key B, you should make that a private signature, never to be exported.
> That way, the trust is not transitive to C or D.

But B does not fail, it is C who fails unbeknown to B.

Ie, B is sure, because he personally knows C (or C has shown him his
passport), that the key is correct. So A trusting B is correct.

Other keys that B signs are totally reliable.

The point is that, with a long web of trust, you have to rely on others
you know nothing about, who are in the middle. Both models have issues.

With the other model, I have a certificate with a local authority, that
handles out certificates only after you personally meet an official
authority (from the government functionarate), who certifies my name is
correct. So I really trust those keys from this particular authority. I
don’t know about others.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

I agree that both have issues, due to human failings.

The web certificates only allow a single certifying signature. PGP keys can have multiple certifying signatures, and that is what provides a better basis for the kind of trust needed.

Resurrecting a thread here…I have steered clear of commenting in this thread because the nuts and bolts of encryption is not something i can comment on intelligently, but clearly at least “some” of Snowden’s statements about the breadth of the NSA’s evesdropping and capabilities are accurate (i won’t defend that statement, there is plenty of information around).

Latest bit of information I ran across is that may be possible to compromise DRBG (random number generation). This may be just a kneejerk accusation since the NSA co-developed the system, but apparently people that audit these things point at the Dual_EC_DRBG algorithm as a possible weakness.

Don’t Use NSA-Influenced Code in Our Products, Security Company Warns - Tom’s Guide

As others have noted, some of this information should be taken with the knowledge that it is from sources that have their own agenda and sensationalize it for their own reasons. I have come to believe this is not the case.

A NIST list of products/software that use this security framework:

DRBG Validation List

I know next to nothng about encryption. That being said, why as an average human, living an average life in the average USA, in 2013, should I be concerned about what Snowden revealed?
It seems to me that all Snowden has done is revive the paranoia of “black helicopters.” While some monitoring is voluntary - this thread in this forum - and other monitoring is not - me >> GOOGLE >> NSA, what is your main point? That we should be able to decided 100% of the time if we allow monitoring? That seems rather naive and very impractical.

This is bordering on the verge of political.

It really depends on your faith in your government and your faith in other’s who can break your encryption, or break the encryption of those with whom you depend for your livelihood

Will they spy on you because you support the Green Party ? Will they put extra tax revenue audits on you ? How expensive (on your time) is an extra unnecessary tax audit ? How about if you support something like the US tea party ? How about if your daughter dumped an NSA analyst who wants to date her ? How about if you are CFO of a company whose stock will go either significantly up, or significantly down, dependant on news that only you and the CEO know. Will an NSA analyst spy on you to gain financial information for their private trading ? or even if you are not the CFO/CEO, is it fair that an NSA analyst could spy on the CEO/CFO and then become rich because of illegal use of the system which was promised to only be used to catch terrorists (but now also given access to FBI and Drug Enforcement making that first claim a lie … justifiable perhaps, but still a lie) ? What if such spying took place and gave another company an unfair advantage, causing the 1st company to go bankrupt ? What if your job depended on the success of the 1st company ?

How about if you as a private citizen observed a Drug Enforcement Official or observed an FBI agent doing something illegal and wanted to report it ? Would the Drug Enforcement official concerned (or their friends) or the FBI agent concerned (or their friends) then use these tools to spy on you to blackmail you to stop you from reporting the crime you observed.

Who stops the abuse ? What legacy do you wish to bequeath to your children ? To your grandchildren ? To all your descendants ?

This goes far beyond black hawk helicopters.

I feel very uncomfortable in speculating any more about this on a public forum …

On 2013-09-23 20:36, oldcpu wrote:

> It really depends on your faith in your government and your faith in
> other’s who can break your encryption, or break the encryption of those
> with whom you depend for your livelihood

And one government spying “en masse” the citizens and the government
staff of another friendly government. Mmm. Friendly? :-?

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Really? I don’t know much about other countries on this point but, in the UK, history shows that the academic world (e.g. oldest and top universities) were and possibly still are recruiting grounds for “spooks”.

Personally, I’d go along with the “still are” … and likely always will be.