Thank you for your quick response. I'm not convinced by your arguements yet. I comment in between.
On 08/12/13 04:13, Francisco Ruiz wrote: > In your message, you wrote: > >>1. I have to *run* it to get the hash of the application from the help >>page. That is already a leap of faith to run unverified code. > > Good point. A counterfeit copy of the page might lead to a different > server, and the help page thus obtained would display a different code > which, of course, would check out all right. Both the active code and > the help page come via TLS, but maybe this is not enough. In any case, > this would be just about the same risk that anyone incurs when loading > any page via https, so almost every crypto app out there would have the > same security flaw.This is why I added the video verification, anyway. > It's a lot harder to fake a video. What you run into is the classical secure distribution problem. With native applications (not js-apps) that's a once-per-install hurdle. With a server serving pages, it's a once-per-run hurdle. Unless, somehow my browser remembers the code. Then it degenerates into *installed* code. Now we have the secure update problem in another form. There is another problem. You rely on HTTPS. Here is the 64000 dollar question: Q._"What is the CA-certificate for your banks' website?"_ I ask that question to anyone who claims to be security conscious. No one has given me positive answer so far. Not even a wrong answer. Only that people don't know. So I take it for granted that people won't verify anything, ever. >>2. I have to verify the hash code with a spoken message in a youtube >>video. The message is spoken by someone I've never met, so how do I >>verify that it is you who's saying it and not an actor hired by a spooky >>agency? Or just dubbed with a new audio score. Hollowood can do that >>without a blink. > > I'm not Justin Bieber (thank God) and there's nothing I can do about > that. But maybe someone in this forum knows a privacy-conscious > celebrity who could be persuaded to do the reading. It should be > possible to find one. Actors are into all kinds of causes these days... I think I change my mind on voice hash verification. It's a neat idea but a big hassle. Not even GPG users check the certificates and identities. They just assume that if it is encrypted, it is secure. This xkcd is spot on: http://xkcd.com/1181/ I am using GPG to encrypt mail to a certain person. He uses one key to send mail to me, and I use a different key to send back. I haven't seen a complaint from him... > > Concerning faking a video. Sure, it can be done too, but mere dubbing > won't work because you have to sync the lips. Chopping the video into > little pieces and reassembling it to make a different code won't be easy > to pull off, either, especially with background music to serve as a sort > of "tamper-evident paper". I'd like to see more discussion on this. Ok, here it comes: What is the music on the background? How do I know it is your music and not a score that the attacker downloaded from mp3.xyz? Hashes are for a computer-verified protocol. Not for humans. My view on Javascript as a platform: Browsers and javascript are a platform on their own. They are becoming operating systems. Firefox even calls their browser "OS". Operating systems are not neutral technology. *He who controls the operating system, controls the user.* The most important aspect of operating systems is not to schedule resources efficiently. It is to *protect the user* against all threats, both external as well as their own ignorance/stupidity. The current crop of operating systems has gone a long way from DOS to where we are now. Unix/linux went through that phase, Windows followed. We still haven't got a way to protect against malware, drive by downloads and other threats. Threats due to the Ambient Authority model of Posix. See Polaris, KeyKos, Eros-os, genode.org, Qubes-os, MinorFS for capability-secure solutions to the malware problem. Why are virtual machines so popular? It's an easy way out of the ambient authority. But instead we have Javascript trains that are just leaving the DOS-station. Relearning all security errors from the past. The hard way. Again. No thanks. Let's fix our current OS'es first.... Regards, Guido. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
