That security systems are designed in the most paranoid fashion possible doesn't tell you anything about the real nature of the threat. Schneier's book doesn't tell you that the NSA has been strong arming corporations into giving up their private keys and into installing backdoors on chips.
Yeah, I'm a little baffled by Schneier's reaction to this. The revelation is advanced cryptanalytic capabilities at NSA, which is literally an article of faith with Schneier. Why is he freaking out about this when he didn't instead freak out about wholesale call record database dumps or AT&T fiber taps?
This is not just about cryptanalysis. The NSA has been deliberately introducing weaknesses into cryptosystems used by the general public. That is beyond keeping cryptanalysis techniques secret, which we all assumed they would do and which few really drew any issue with. We are talking about an honest-to-goodness conspiracy, one that yesterday many would have written off as a conspiracy theory that was not even worth considering.
Basically, what we thought were the rules of the game are not the rules of the game. We thought we knew where we stood with the NSA -- they would try to attack, we would try to defend. Now we need to be thinking of a much different set of rules, one in which the NSA is not just attacking ciphers but also deliberately sabotaging our defense, and doing so covertly. We cannot even assume that mistakes really are mistakes anymore -- they could be the NSA's doing.
Basically, what we thought were the rules of the game
Er...speak for yourself buddy. If you thought that you could get proper crypto security from a boxed software product then I'd like to offer you a fantastic deal on a bridge.
Yes, and I think anyone who is reasonably good at math is qualified to do so. I'm not saying I could build undefeatable crypto, mind; I'd have to spend a year brushing up my number theory before I'd make an attempt and I don't fool myself that I'm smarter than the average NSA analyst, so I might well fail.
But if you want proper crypto and are willing to invest some time in it, I'd say take a strong open source algorithm and then rewrite it. Sure, maybe there's backdoors in the compilers, in the chips, maybe they have quantum computers and there's backdoors in the fabric of reality.
My point is not that I know unbeatably secure crypto, but that I have always assumed the NSA was using any and all means available to defeat crypto, and if you ever thought otherwise you were telling yourself fairy stories.
I said nothing about incompetence. Rather, I assume that any commercial product of that kind is compromised, because spies have such an obvious interest in compromising it. I mean, if I were a spy I wouldn't just ask companies to put backdoors in (although I would do that too), I would actively spy on the software companies. I have always assumed powerful intelligence agencies adopted a zero-sum approach to things, because ultimately they are judged on results, not a purity score.
I think there is a fundamental difference advanced Cryptanalysis (which we always assumed they had due to hiring practices and history) and being able to break crypto by subverting infrastructure.
If the NSA said, "Our super smart brain trust figured out how to own your stuff with math five years ago ... ha ha!", I think we would be Totally Fine with that. Hats off to them for winning that game, but at least they played mostly fairly. (In theory.)
However, this is different. Winning the cryptanalyis game because they backdoored protocols, gained access to trusted entities' private keys, etc, just means that they are really good at the SPYING game, not at the cryptanalysis game, and somehow that just feels worse.
But speaking as a non-American here, what do you expect? The NSA is in the spying business, and ultimately its performance is measured by results, not methodologies. All this hand-wringing is a bit like people expressing horror over the discovery that the CIA sometimes stoops to burglary or deception.
I mean, in an ideal world the only way to compromise my password would be to for a beautiful lady spy to seduce me and trick me into revealing it in a moment of passion, but in the meantime it's a safer bet that they'll just try and fish it out of my modem/router/ISP/etc.
Note to NSA: I'm actually happily married, so please don't send over any beautiful lady spies, which would be totally awkward.
And I would imagine that your password is complex enough that it would be hard to recite in a moment of passion. That being a rather single-thread activity.
>> what do you expect? The NSA is in the spying business, and ultimately its performance is measured by results, not methodologies.
The NSA, as a government agency, is in the business of serving the US citizens who pay its salaries and acting in their interests. Ultimately its performance is measured by us.
My boss would fire me if I put a backdoor in his email.
I think there's some cognitive dissonance at work here in the hacker community. It's easier to look up to the NSA et. al. if they're just better at math than you. It's so clean, so pure, if you ignore the black-bag jobs and kinetic side of their work.
I would be keeping my hat on. They would have done it with the taxpayers' money but without their consent or even knowledge. They would then be withholding a major scientific breakthrough from the public that financed it. A scientific breakthrough that might have all sorts of applications that could make our lives better.
They would be exposing all the people that rely in strong cryptography to major risks. Including people that have done nothing illegal and helped fund their research.
And more importantly, they shouldn't be reading our emails to being with, independently of them being encrypted or not. That was never the deal, no democratic process ever gave them the right.
Paying some 22 year old deskjockey a couple mil to code a backdoor into an encryption app isn't a scientific breakthrough, it's just traditional spycraft. Using the weight of the US government to force Microsoft to code a backdoor into Bitlocker isn't a scientific breakthrough, it's the sort of things governments do.
> If the NSA said, "Our super smart brain trust figured out how to own your stuff with math five years ago ... ha ha!", I think we would be Totally Fine with that. Hats off to them for winning that game, but at least they played mostly fairly. (In theory.)
I disagree. Certainly they'll be doing that too, but breaking crypto is hazardous to the populace independently of how it's broken, right?
Either way from NSA's perspective they are fighting a war, with terrorism, with other nation's crypto efforts, etc. In that context there are very few "unfair" ways to fight. And indeed, the U.S. has done something like this to a certain Soviet pipeline, as I recall.
Besides, this at least leaves open the possibility of like-minded people to maintain countermeasures. If crypto is broken in general then we're all naked. If weak implementations are weak then we would need to be fixing those anyways.
I just wish I knew which one it is we're looking at.
> Undermining cryto from the inside means deliberately exposing all communicates to increased risk of hacking by anyone, anywhere
Well, that does depend on how they weaken it. If it gets weakened such that it goes from "impossible" to "nation-states can crack" then there's still only 3-4 agencies in the whole world that could decrypt.
But that would also tend to preclude passive wideranging cryptanalysis, which is what I'm sure NSA would prefer to be able to do.
> If it gets weakened such that it goes from "impossible" to "nation-states can crack" then there's still only 3-4 agencies in the whole world that could decrypt.
You'd have to be talking about a gigantic change for it to benefit them. I want my crypto to take 10 billion years to crack; intelligence agencies want to crack it in a week.
And what they can crack in a week today, hobbyists will be able to crack in a day a few years from now.
Weakening crypto means opening it to every criminal in the world. Computers get faster and secret backdoors get leaked.
If it isn't safe from everyone, in the long run, it isn't safe from anyone.
There's a difference between assuming something because it's prudent to do so and actually knowing it's true. And even if Schneier was extremely confident about it, he was still, in the minds of most people, just a paranoid guy on the corner screaming conspiracy theories about what the NSA may have and what they may be doing with it. Now he has some ammo, and he'd be foolish not to use it.
Becuse he assisted the Guardian in working on the story and must have seen some documents that made him hit the ceiling. Even if he isn't explaining the nitty gritty, I trust his reaction.
I keep hoping that Schneier's position is going to be some kind of guiding light forward because of his longstanding position that these "revelations" should be taken for granted. Since he does seem to be freaking out, do you have another voice that's worth listening to about how to think about all of this going forward?
In fact Schneier himself is outraged to the point that he seems to be calling for a redesign of basic Internet protocols and governance in his article today, http://www.theguardian.com/commentisfree/2013/sep/05/governm...