Sunday, November 17, 2013

follup to comments on the article "Columns > The Bikeshed - More Encryption Is Not the Solution" (by Poul-Henning Kamp on July 1, 2013) (http://queue.acm.org/detail.cfm?id=2508864) on http://queue.acm.org (ACM Queue)

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

context: follup to comments on the article "Columns > The Bikeshed - More Encryption Is Not the Solution" (by Poul-Henning Kamp on July 1, 2013) (http://queue.acm.org/detail.cfm?id=2508864) on http://queue.acm.org (ACM Queue)

>
> Poul-Henning Kamp | Wed, 21 Aug 2013 23:18:44 UTC
>
> I have specifically waited a little while before I replied to you longpoke, I thought a good example of my point would show up soon.
>
> It did.
>
> What good does any encryption do you, if you get detained and told to hand over your passwords or be thrown in jail ?  http://www.bbc.co.uk/news/uk-23776243
>
> This is a political problem, not an encryption problem.

Cryptography is mandatory for telecommunication. Lack thereof is a security vulnerability. This is true regardless of any political circumstance.

Imagine your government was fully trustworthy and never made mistakes. How does this stop some random person on the street from coming into your house and beating information out of you? Even with a government *and* cryptography, he could force you to give up your encryption keys. This doesn't change cryptography at all. This is a flaw in your physical security. It's unfortunate that we are currently so physically insecure, but this is just a fact of life.

The problem is, without cryptography, you become vulnerable to many more threats than simply physical attack/government.

> wtarreau | Sun, 25 Aug 2013 09:02:58 UTC
>
> Longpoke: "And indeed, due to the birthday problem, it would only take thousands (not 100 million) of connections for me to discover that the service has duplicate keys, which would make me think its entropy source is broken. I'd then proceed to connect a few billion times using multiple IP addresses to record all the keys."
>
> Have you ever done this for all the services you're currently using on the web ? If the response is "no", then you understand the problem of trust that we've been having with mandatory encryption forever.

Yes I do understand the problem with trust in the web and centralized services. I just wanted to point out that it's not unheard of for a backdoor of this nature to be discovered.

> What I'm noticing as a user is that I'm getting more and more bad cert warnings. This never ever happened 10 years ago. Now there is a trend of enforcing https everywhere and many sites don't care enough about their certs, or use CAs that are not known in any-but-the-very-latest-browser, etc... In the end, I'm still finding myself to click on the certs details all the day but I know many people who blindly click on the proper buttons without even thinking about it. What we're doing is just to incite users to ignore security for non-important things and get used to this. We should only annoy the user when there is a compelling reason for doing so. It's the same principle as the noisy alarms we can hear all the day in large cities. Who cares anymore about a ringing alarm ? Once in a while it might be a real one though but it remains ignored or unnoticed... A good example how excess of security reduces security.

The web has *no* security. Your flaw is believing otherwise. The web is so deeply flawed on every level from programming languages, confused deputies, cryptography, that I'm not even going to explain it all here. Encryption **must** be mandatory for any protocol to work. X.509 is not an acceptable cryptographic solution on any level. Tor hidden service addresses solve most of the problems with X.509. You cannot know the address without knowing the key. The question of whether to continue on an insecure connection **does not exist**.

Car alarms are **not** for security, they are marketed as security. Two completely different things. The only thing car alarms have accomplished is waking me up at night because someone's car alarm was glitched and sounded the entire night - that and now his car is smashed. Car alarms are a perfect example of how BS reduces security.

> Someone used the analogy with locks. I can go further : right now you have a lock on your door and this is required by your insurance company. If your doorlock doesn't work well, you'll run to the store to buy another one and replace it. Now imagine that your insurance company requires a properly working lock on each and every window and door *inside* your house in exchange for a much cheaper insurance price. You end up with 20 locks in your house that will constantly have to open and close when entering and leaving your house. They'll fail much more often and you'll get used to sometimes go outside with one of them not locked or not fully working, and will be used not to care much about it. Except the day someone comes into your house by breaking the main doorlock which was properly working, the insurance will not cover this because you had one faulty lock inside. The conclusion is : only enforce security where it really matters and leave the choice to users when it does not. It will avoid them getting used to false alarms.

Locks do prevent one threat: kids randomly sneaking into cars/houses to steal small items (avoiding smashing glass for ethical reasons). Other than that, they don't do much, and you shouldn't expect much from them. Yes, I agree that you should not put locks on every door if it's pointless.

> only enforce security where it really matters

In the case of telecommunications, it matters everywhere.

> Last, the weaker point is always the clueless end user. You can't force them to understand their computer because this is complex science.

This is why tor addresses are so beautiful, they provide security without the user having to do anything at all.

> We all know people around us using a completely infected windows PC with an outdate anti-virus configured to shut up because it is the way their PC works best *for them*. When you shout at them, they tell you that if they re-enable it, they can't consult their bank account online, they can't check their kid's photos without clicking on warnings all the time etc...

Once again, antivirus is a scam. Antivirus reduces security most of the time because they introduce new vulnerabilities and run with full privileges. There are three kinds of people I am aware of who make antivirus products:
a) delusional people that think they can code hundreds of thousands of lines of C in short periods of time without introducing a single remote code execution vunlerability
b) people who just want their money yet are smart and understand why antivirus in general is stupid
c) people who just want their money and don't know what they're doing

You also should be aware that antivirus is only for stopping malware that is already known as has already infected thousands/millions/billions of devices. I can make any program bypass all existing antivirus products without any trouble... most people who know anything can do this as well.

Secure operating systems do not need antivirus because they don't run untrusted code with privileges to do damage. These do not exist yet because the industry is too busy smoking drugs.

> These people don't need a secure operating system in the first place. They just need a browser to go to the net once in a while just like they open their radio. By adding many security features there we're making their experience too much complicated for them and they finally completely disable security to get what they need.

The industry standard is to lie to the user to the point where they can't tell their right leg from their left. For people in this state, they indeed do not need a secure operating system, because they can't even walk to their desk to use it.

All these examples you listed are typical bullshit and ignorance that the industry is currently forcing down our throats. People like me have been scrambling to put together a real bullshit-free operating system / programming language for *years* before the NSA news. The NSA news has changed **nothing** for me. I knew all the operating systems were bullshit before, and the news just strengthens my point.

When you're telling the user he can play high end video games on the same computer he can do banking on, you're either completely oblivious, or you're a lying piece of shit.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlKJKukACgkQ3PGpByoQpZHGvwCeNbqgCaoDHrIGcVZqla+5/QEG
R2kAoJfmKz/cK4wPbIMoEqn/5R7nZ2Xm
=HQET
-----END PGP SIGNATURE-----