I think that fabricating a key here is more likely to mean fabricating an
authentication 'key' rather than an encryption key. Alexander is talking to
Congress and is deliberately being less than precise.

So I would think in terms of application level vulnerabilities in Web based
document servers.

One of the things that I have thought weak in our current approach to use
of crypto is the way that we divide up access control into authentication
and authorization. So basically if Bradley had a possible need to see a
file then he has an authorization letting him see it. Using access control
alone encourages permissions to be given out promiscuously.

The Snowden situation sounds like something slightly different. Alexander
says he was not authorized but he was able to get access. The common way
that happens on the Web is that Alice has account number 1234 and
authenticates herself to the server and gets back a URI ending something
like ?acct=1234&.... To get access to Bob's account she simply changes that
to ?acct=1235&...

It should not work, but it works very often in the real world. Having
worked with contractors I have seen people hired out as 'programers' at
$1500 per day whose only coding experience was hacking Dephi databases. No
C, C++, Java or C#. Not even a scripting language.

So it would not shock me to find out that their document security comes
undone in the same way that it does in commercial systems.

Heads should be rolling on this one. But they won't.
The cryptography mailing list

Reply via email to