Crypto Snake Oil 215
An anonymous reader writes "Luther Martin of Voltage Security has published an article about the perception of cryptography today with regards to quality and honesty in vendors. From the article: 'Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography. Even after you use cryptography, you are never quite sure that it is protecting you like it is supposed to do.'"
Snake Oil (Score:5, Informative)
'nuff said
How is this different from any other product? (Score:5, Informative)
Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography.
Can you distinguish, by inspection, between a reliable automobile and a piece of junk that will barely last 2 years? I certainly can't. So I rely on reviews by people I trust when I buy a new car.
In the field of cryptography there are several people who have written peer-reviewed books about cryptography, are trusted in the community, and who occasionally review products. Bruce Schneier [schneier.com] is one (there are others, use Google, this is not mean to be a puff for Schneier or his company).
There are also open-source cryptographic programs [gnupg.org], which are peer-reviewed and definitely not snake-oil.
Re:Still not too bad (Score:2, Informative)
If you want security, ask an authority on the matter rather than basing it on inderect things like price, openness, etc.
Re:Still not too bad (Score:4, Informative)
Because WPA is inconvenient when you're using a device that doesn't support it.
Re:Still not too bad (Score:2, Informative)
Cracking PGP is still a Hard Problem, but the times they are a'changin'. It may succumb to quantum computing. Or, it may fall under the combined assault of the army of mathematicians who are studying integer factorization. Nobody knows for sure, but the NSA has been telling people for years now to not rely on RSA. They suggest switching over to Elliptic Curve or other advanced algorithm.
Re:Crypto is scary stuff (Score:3, Informative)
I'm a professional mathematician and have had the opportunity to work with and become friends with some big names in number theory and factoring. No one can know for certain, but my friends were of the general opinion that RSA was probably okay.
The US government was very serious about suppressing the publication of some of the early factoring results, but the mathematicians that I know are still working in that field (for over 10 years) after having published anyway. It seems almost surreal now that they were getting calls from the NSA, because the academic cryptography field has grown so much since then. They're still in the field and still publishing.
I can't give any response to this. You may be right.
Re:Still not too bad (Score:3, Informative)
OTR might be a better choice for social communications, as explained in the paper, but that does not make gaim-encryption (or PGP, etc) weak. For its intended purpose both PGP and gaim-encryption seem strong.
If I wanted to authenticate and keep a message secret from eavesdroppers, I would have no problems using gaim-encryption. At work, non-repudiation is really not a problem, and if my key was compromised, IM compromise would be my smallest problem (assuming that with that key, my SSH and PGP ones were compromised too).
If you know gaim-encryption is weak, I'd like to hear about it. But it looks to me that it is strong, provided you know what you're getting into.
Try This... (Score:3, Informative)
These products have been reviewed by independent labs, who review their implementation to verify that cryptographic mechanisms are implemented properly. This includes reviewing source code and/or hardware designs. Just a thought for anyone who is truly concerned that their hardware or software be compliant. (Note: If you want a "secure" operating system, look into CC Evaluation.)
Re:No, it's much harder than you think. (Score:3, Informative)
Re:Still not too bad (Score:3, Informative)
Yes, "it could be" that many unlikely things are true. But they are still unlikely.
Are you new to cryptogology? It seems you are unfamiliar with the fundamental tenet of cryptography: "If lots of smart people have failed to solve a problem, then it probably will not be solved anytime soon."
You seem to think peer review doesn't have much to do with cryptography, but I would argue that it is the most important thing. If you expect an algorithm to be "provably" secure, then the only algorithm you have any business using is OTP.
Because it is unreasonable to expect you to hire "lots of smart people" to review any crypto you use, the next best thing is to go for using a solution that lots of people (in general) use, and assume that a subset of those people were smart
You really should pick up this book [amazon.com] as a basic intro to crypto.
Re:Article taken from Wikipedia??? (Score:3, Informative)
You'd have thought so... (Score:5, Informative)
Ok, I'll be fair - though God alone knows why, and I think even God gave up trying to figure out the tangled mess I call a brain some time ago. They did use DES - not triple DES, just plain DES - for the really really sensitive stuff. The encryption key was visible to anyone logged in on any account, however, as the DES they used required the key to be the first parameter and they made no effort to erase it. So it was technically encrypted. (Once the passkey has been broadcast to all and sundry, I do not regard the encryption as anything more than a technicality, and in the case of DES, I seriously doubt you could even claim that.)
I've heard that security has since improved. I say "heard", because it was some time AFTER security was said to have been improved that reports started coming out of a fileswapper using NASA storage machines as extra disk space - the very same organization and very same type of mass storage device I had serious doubts about many years prior to that.
But that's a Government institution! Yes, and they're the ones with a great many experts in such matters and a great many contracts with people who can not merely withdraw business but also guarantee a disaster in the next election. The bulk of private corporations out there have neither the skills to draw on OR the incentives to maintain some sort of standard. All they have to do is ROT13 and tell you it's got digital security. Enough suckers'll buy into it to keep the CEO in champaign, caviar and girls of commercially-negotiable virtue for life.
The problem is, there is no mandated minimum standard for security, so those who can WILL use the lowest standard possible that will deceive customers into thinking they're safe whilst staying a gnat's whisker (after being compressed by the forces of a neutron star) beyond what could be sued for in courts, assuming a technically ignorant judge.
IMHO, "snake oil" could be vastly reduced - not eliminated but reduced - by placing minimum standards for crypto, compression and other easily-manipulated areas of technology, and enforcing them. Not maximum - that's what the intelligence services want, and they want it to be zero. I'm strictly talking minimum. Your good, old-fashioned lemon law - does it fill the purpose for which it was sold to the customer? Yes or no.
In the case of cryptography, that would be rephrased as follows: would a reasonable person, aware of the strengths and deficits of the technique concerned, aware of any warnings published on the block crypto lounge, hashing function lounge, etc, aware of the Usenet Crypto FAQ (ie: aware of the "common knowledge" that exists on cryptography), and aware of the grade of security the user is demonstrably expecting, agree or disagree that the cryptographic system sold meets the grade expected or not?
If it does not, it is a lemon for the purpose for which it was sold. It might be perfectly good otherwise, but it doesn't, can't, and never will do what was expected of it.
This would be enforceable, as I said very clearly that I'm talking about weighing the "common knowledge" against the "personal expectation". Both are easy to define and even a non-expert should understand a skull-and-crossbones labelled "BROKEN, DO NOT USE" in a crypto lounge. They might not understand the fine nit-picking or the advanced maths, but that's why I'm sticking solely to what is commonly known and understood, not what is derivable from axiom 327 as applies to lemma 291 as described by Professor Branestawm's obscure paper entitled "techniques for splicing dormice genes into giraffe brai
WPA-supporting devices all but mandatory (Score:2, Informative)
WPA-supporting devices are all but mandatory for laptops and WAPs these days. If your device doesn't support WPA, replace it.
These WEP is little more than a "no tresspassing" sign - it will keep people from accidently connecting to your WLAN, but not much else.
Re:or (Score:3, Informative)
"Even after you use cryptography, you are never quite sure that it is protecting you like it is supposed to do."
If it claims to use AES, does it really? Even if it actually does, are you sure it doesn't conveniently store the key somewhere? Even if it doesn't do anything this stupid, are you sure it doesn't leak one bit of your key in every encrypted block?
The implementation around a secure algorithm is just as important as the algorithm itself. Even if you have the source, some problems can be difficult to detect.
Re:Crypto is scary stuff (Score:3, Informative)
Ohh, you're one of those people. The paranoid, cynic, LBJ-killed-Kennedy people with more willingness to post on slashdot than knowledge about the subject. There is a name for those kind of people, and infact, it's one of the moderation options on slashdot....
First off, on the you-can't-do-research bit. My point was that there are thousands of scholars working on this very subject every day, yet they never get threatened by any sort of law enforcement? How does that fit with your little paranoid world-view?
And, as for modern ciphers being uncrackable, lets have a little demonstration. You obviously have no clue about the numbers involved, so lets do this slowly. It is common knowledge that DES has been cracked. A couple of years ago someone built a machine that could crak DES in 7 hours, unacceptable in modern terms. Today, a supercomputer could maybe crack it in a half-hour or so, probably even a shorter time than that. Now, let's imagine an impossible machine, the fastest machine ever created in any universe, fictional or real. This machine can crack DES in a femtosecond. How long is a femtosecond, you ask? It's one quintillionth of a second, or 10^-15 seconds, or 0.000000000000001 seconds. That's way to short a time for anything at all to happen, infact, during that time, the speed of light can only travel about 0.0003 millimeters. Infact that number is so small that the human mind can't really picture how small it is, just like the human mind can't understand how big 1 quintillion is. Anyway, let's suppose that this computer can crack DES in that amount of time (meaning it can crack 1 quintillon DES ciphers per second!) Suppose we set that computer onto a modern cipher, namely 256bit AES. How long would it take to crack that?
Let's see: Assuming that AES and DES takes approximatly the same time to execute (which is true, AES is about twice as fast), since for each increase in bit-length, the time to solve it doubles, that means (since DES has a 56 bit cipher) that it would take 2^(256-56)=2^200 femtoseconds. Let's convert that to something we can understand. 2^200/((10^15 femtoseconds in a second)*(3600 seconds in an hour)*(24 hours in a day)*(365 days in a year)) = 2^200/(10^15*3600*24*365) = 50955671114250072156962268275658377807 years (rounded to the nearest integer). Let's stop and think about this for a minute. That mindnumbingly fast computer (one that will probably never be built, a neither classical nor quantum computers will ever be that fast), so fast that to imagine one is a feat impossible to human beings, for it, it would take 50955671114250072156962268275658377807 years to complete!!! You do realise that the age of the universe is only about 13700000000.
However, you probably won't be convinced. Your type never gets convinced. But you know what, it's not just the math that backs me up, every security expert in the world that has any weight agrees with me. So why don't you go back to your little hole, and dream up another cynical consipracy theory. Because kid, when it comes to cryptography, you're out of your element.
PS. You said "LOL"! You actually said "LOL"! On slashdot? Seriously dude, you are one sad individual.