One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 614398 |
| Date de publication | 2018-04-25 16:46:42 (vue: 2018-04-25 23:09:10) |
| Titre | No, Ray Ozzie hasn\'t solved crypto backdoors |
| Texte | According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the part we already know how to solve. He's deliberately ignoring the stuff we don't know how to solve. We know how to make backdoors, we just don't know how to secure them.The vault doesn't scaleYes, Apple has a vault where they've successfully protected important keys. No, it doesn't mean this vault scales. The more people and the more often you have to touch the vault, the less secure it becomes. We are talking thousands of requests per day from 100,000 different law enforcement agencies around the world. We are unlikely to protect this against incompetence and mistakes. We are definitely unable to secure this against deliberate attack.A good analogy to Ozzie's solution is LetsEncrypt for getting SSL certificates for your website, which is fairly scalable, using a private key locked in a vault for signing hundreds of thousands of certificates. That this scales seems to validate Ozzie's proposal.But at the same time, LetsEncrypt is easily subverted. LetsEncrypt uses DNS to verify your identity. But spoofing DNS is easy, as was recently shown in the recent BGP attack against a cryptocurrency. Attackers can create fraudulent SSL certificates with enough effort. We've got other protections against this, such as discovering and revoking the SSL bad certificate, so while damaging, it's not catastrophic.But with Ozzie's scheme, equivalent attacks would be catastrophic, as it would lead to unlocking the phone and stealing all of somebody's secrets.In particular, consider what would happen if LetsEncrypt's certificate was stolen (as Matthew Green points out). The consequence is that this would be detected and mass revocations would occur. If Ozzie's master key were stolen, nothing would happen. Nobody would know, and evildoers would be able to freely decrypt phones. Ozzie claims his scheme can work because SSL works -- but then his scheme includes none of the many protections necessary to make SSL work.What I'm trying to show here is that in a lab, it all looks nice and pretty, but when attacked at scale, things break down -- quickly. We have so much experience with failure at scale that we can judge Ozzie's scheme as woefully incomplete. It's not even up to the standard of SSL, and we have a long list of SSL problems.Cryptography is about people more than mathWe have a mathematically pure encryption algorithm called the "One Time Pad". It can't ever be broken, provably so with mathematics.It's also perfectly useless, as it's not something humans can use. That's why we use AES, which is vastly less secure (anything you encrypt today can probably be decrypted in 100 years). AES can be used by humans whereas One Time Pads cannot be. (I learned the fallacy of One Time Pad's on my grandfather's knee -- he was a WW II codebreaker who broke German messages trying to futz with One Time Pads).The same is true with Ozzie's scheme. It focuses on the mathematical model but ignores the human element. We already know how to solve the mathematical problem in a hundred different ways. The part we don't know how to secure it the human element.How do we know the law enforcement person is who they say they are? How do we know the "trusted Apple employee" can't be bribed? How can the law enforcement agent communicate securely with the Apple employee?You think these things are theoretical, but they aren't. Consider financial transactions. It used to be common that you could just email your bank/broker to wire funds into an account for such things as buying a house. Hackers have subverted that, intercepting messages, changing account numbers, |
| Envoyé | Oui |
| Condensat | 000 100 144 300 able about according account additional addressed aes again against agencies agent algorithm all allows already also american analogy another any anybody anything app appease appeases apple apps are aren around article assumption attack attacked attackers attacks back backdoor backdoors backdoorswe bad bank/broker banks/brokers barrier based because becomes been before believe bgp billion borderless both break bribed broke broken but buying called can cannot care catastrophic certificate certificates changing china chinese citizens claim claims codebreaker common communicate computers conclusionozzie confound consequence consider convinces could couple create created crime criminals crypto cryptocurrency cryptographers cryptography damaging dark data day days dealers decrypt decrypted decryption definitely deliberate deliberately designed detected device different discover discovering dns doesn doing don doubting down drug easily easy editors effort element email employee encrypt encryption enforcement engineers enough equivalent essentially europe even eventually ever everyone evildoers experience failure fairly fallacy famous fawning fbi figure financial fixing focuses forcing forward found fraudulent freely from funds futz general german get getting give going good got governments grandfather graykey green guilty hackers had happen happened harder hardware/software has hasn have helping here hero himself his house how human humans hundred hundreds identity ignored ignores ignoring illegitimate important impossible includes incompetence incomplete inevitably innocent insecure install installing intercepting iphones iphones: isn issues judge just key keys knee know korea lab larger lately law lead leads learned learning legitimate less let letsencrypt like list listed living locked long look looks magazine make many mass master mathematical mathematically mathematics mathwe matthew may mean means messages might million millions mistakes model more most move much necessarily necessary new news nice nobody none north not nothing numbers occur often old one only oppress oppressive other out over own ozzie pad pads part particular pass past people per perfectly person phone phones phrases point points police political post powerless pretends pretty preventing private probably problem problemozzie problemphones problems proposal protect protected protections provably provide pure purpose quickly rare ray really reason recent recently regardless repeat: repressive requests require revocations revoking russia russians same say saying scalable scale scales scaleyes scheme secrets secure securely security see seems sees show shown sides signal signing situation solution solve solved solving some somebody something spoofing ssl standard states stealing stolen stop strange stress struggle stuff subverted successfully such sure talking technology terms than that them then theoretical these they things think those thousands time timely today touch transactions transfers true truly trusted trying two unable united unlikely unlocking use used useless uses using validate vastly vault vaults verification verify villain vulnerability wait wants ways weaken website well what whatever when where whereas which who why will willing wire wired woefully won work works world would year years your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.