Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
if ever we managed to provide an interface where users successfully managed their own keys without screwing up. The only answer is to take key management out of the users' hands. And do it automatically as part of the work flow. Guido. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On Mon, Jul 01, 2013 at 01:31:51PM +0200, Guido Witmond wrote: The only answer is to take key management out of the users' hands. And do it automatically as part of the work flow. You need at least a Big Fat Warning when the new fingerprint differs from the cached one, and it's not just expired. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On Mon, Jul 1, 2013 at 9:05 AM, Eugen Leitl eu...@leitl.org wrote: On Mon, Jul 01, 2013 at 01:31:51PM +0200, Guido Witmond wrote: The only answer is to take key management out of the users' hands. And do it automatically as part of the work flow. You need at least a Big Fat Warning when the new fingerprint differs from the cached one, and it's not just expired. OTR's model should suffice. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx From the article: ... The company has benefited from current events, particularly recent revelations about the National Security Agency's surveillance of Internet and telephone communications. Growth, already a strong 100 percent month-over-month, rocketed to 420 percent in the last two-and-a-half weeks. ... Danilo! On Wed, May 22, 2013 at 10:30 AM Danilo Gligoroski danilo.gligoro...@gmail.com wrote: ... 3. I see a chance for some other product like: Zfone (that never took significant popularity),maybe Pidgin, maybe Cryptocat, ... ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx Silent Circle expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Everything else is snake oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am looking at you) However, everyone has found it hard to enable end users to manage keys. User interface varies from hostile, to unbearably hostile. Silent Circle publish end users public keys, which would seem to create the potential for a man in the middle attack. I would like to see a review and evaluation of Silent Circle's key management. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On 30-06-13 09:44, James A. Donald wrote: On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx [...] expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Agree However, everyone has found it hard to enable end users to manage keys. User interface varies from hostile, to unbearably hostile. Disagree. Not everyone. I believe this below to be a way out of the unencrypted web into an crypto-by-default web that is easy for the end user. It should be so easy that the users do not realize that they are using cryptography. It should be part of the account creation and log in process. Imagine: - forget passwords and password accounts; we use client certificates; - place a certificate signer at each website signing only for that site; - every CSR is signed without ado as long as the CN is unique at that site; - the CN is really the account name; - end user decides the CN; - the user uses a local agent to manage - the user agent logs in with the certificate at the site; To protect the user against an external party performing a MitM we publish the servers' TLS certificate in DNSSEC with DANE. This makes the sites CA unique and the certificate world wide recognizable identities. (Anonymous identities as there is no need to hand any personal identifying information at certificate signup). With the public and private key pair, the users can encrypt and sign messages between each other with message delivery either via the site or via any third party message delivery. To protect the user against a sites' signer creating a shadow certificates of its own users we deploy a global registry of client certificates. The registry monitors if a site ever signs two certificates for the same CN. If so, the site loses all respect. Users' agents are expected to check that registry before signup at a site, and when starting to communicate with another user at the site. Once a few messages have been send and received by any two end users, they have sufficient trust there is no MitM. There can be even more advanced benefits with a small change in web browsers: - phishing protection; - XSS, CSRF protection, making javascript web applications secure. It's here: http://eccentric-authentication.org/ Cheers, Guido. PS. It needs Tor to protect against traffic analysis, it needs Capability operating systems for the end user to protect the users' keys. PPS. I'd love to see some funding to keep me going with this. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jun 30, 2013, at 12:44 AM, James A. Donald jam...@echeque.com wrote: Silent Circle expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Everything else is snake oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am looking at you) However, everyone has found it hard to enable end users to manage keys. User interface varies from hostile, to unbearably hostile. Silent Circle publish end users public keys, which would seem to create the potential for a man in the middle attack. I would like to see a review and evaluation of Silent Circle's key management. This isn't quite correct. You have the gist of it, though. Silent Phone uses ZRTP, which is ephemeral DH with hash commitments for continuity, in the style of SSH. The short authentication string is there for explicit MITM protection. There's no explicit public key. Silent Phone uses SCIMP, which is also a EDH+hash commitment protocol, and also has no explicit public keys. The problem there is that unlike a voice protocol when you can use a voice recitation of a short authentication string, there's no implicit second channel in a text protocol. We're working on improvements there. There's a SCIMP paper up on silentcircle.com. Please look at it. Jon -BEGIN PGP SIGNATURE- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFR0KhvsTedWZOD3gYRAiYEAJ4w96a0qdNjeDRAlii7qaF/dZ1TsACfUVJI zfGnH862J4muQrTHag9sL48= =ZqZE -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On 2013-06-30, at 3:44 AM, James A. Donald jam...@echeque.com wrote: On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx Silent Circle expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Everything else is snake oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am looking at you) You seem to be implying that Cryptocat does not manage keys on the end-user side. This is false — Cryptocat users do manage their own keys on the client side, in fact. I would recommend reading our paper for more information: http://arxiv.org/abs/1306.5156 We also have quite a bit of documentation, threat modelling and so on on our development wiki: https://github.com/cryptocat/cryptocat/wiki/Threat-Model NK However, everyone has found it hard to enable end users to manage keys. User interface varies from hostile, to unbearably hostile. Silent Circle publish end users public keys, which would seem to create the potential for a man in the middle attack. I would like to see a review and evaluation of Silent Circle's key management. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On 2013-07-01 8:55 AM, Nadim Kobeissi wrote: On 2013-06-30, at 3:44 AM, James A. Donald jam...@echeque.com wrote: On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx Silent Circle expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Everything else is snake oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am looking at you) You seem to be implying that Cryptocat does not manage keys on the end-user side. This is false � Cryptocat users do manage their own keys on the client side, in fact. According to the paper, there are no long term public and private keys. ID is therefore wholly username and password Cryptocat does not currently store long-term key pairs (see x 9.2), need to be generated, along with DSA pa-rameters, each time the application is launched Which of course does not make cryptocat inherently insecure, or fatally flawed, but nonetheless, does not provide the security that would come from users managing their own keys, if ever we managed to provide an interface where users successfully managed their own keys without screwing up. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)
On 2013-06-30, at 7:36 PM, James A. Donald jam...@echeque.com wrote: On 2013-07-01 8:55 AM, Nadim Kobeissi wrote: On 2013-06-30, at 3:44 AM, James A. Donald jam...@echeque.com wrote: On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm --- http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com m.aspx Silent Circle expects end users to manage their own keys, which is of course the only way for end users to be genuinely secure. Everything else is snake oil, or rapidly turns into snake oil in practice. (Yes, Cryptocat, I am looking at you) You seem to be implying that Cryptocat does not manage keys on the end-user side. This is false � Cryptocat users do manage their own keys on the client side, in fact. According to the paper, there are no long term public and private keys. ID is therefore wholly username and password Ah, but there are no usernames and passwords either. Sessions are completely ephemeral. Cryptocat does not currently store long-term key pairs (see x 9.2), need to be generated, along with DSA pa-rameters, each time the application is launched Which of course does not make cryptocat inherently insecure, or fatally flawed, but nonetheless, does not provide the security that would come from users managing their own keys, But yes, long-term keys are worth investigating. NK if ever we managed to provide an interface where users successfully managed their own keys without screwing up. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography