On 7/02/13 02:35 AM, Jeffrey Walton wrote:
On Wed, Feb 6, 2013 at 7:17 AM, Moti <m...@cyberia.org.il> wrote:
Interesting read.
Mostly because the people behind this project.
http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html
No offense to folks like Mr. Zimmermann, but I'm very suspect of his
claims. I still remember the antithesis of the claims reported at
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.
When we [0] were building the original Hushmail applet, we knew the flaw
- the company could switch the applet on the customer. The response to
that was to publish the applet, and then the customer could check the
applet wasn't switched.
Now, you can look at this two ways: one is that it isn't perfect as
nobody would bother to check their applet. Another is that it isn't
perfect but it was a whole lot better than futzing around with OpenPGP
keys and manual decrypting. And it was the latter 'risk' view that won,
Hushmail filled that niche between the hard core pgp community, and the
people who did business and needed an easy tool.
This is also the same thing that is the achilles heel of Skype. It
turns out (rumour has it) that the attack kit for Skype that circulated
in the late 00s amongst the TLAs was simply a PC breach kit that
captured the Skype externals - keystrokes, voice, screen etc. Once the
TLAs had that, they were happy and they shut up. It was easier for them
to breach the PC, slip in the wrapper tacker, and listen in than
seriously hack the skype model. And, then, media perception that Skype
was unhackable worked again, everyone was happy.
Same will be true of Silent Circle, and they will already know this
(note that I have nothing to do with them, I just read the model like
anyone else). The security requirement here is that they don't need it
to be completely unbreakable, they just have to push 99% of the attacks
onto the next easy thing -- the phone itself. Security is lowest common
denominator, not highest uncommon numerator. See below.
FWIW, their security model looks pretty damn good, in that it is nicely
balanced to their business model (the only metric that matters) and they
trialled this through several iterations (ZRTP, I think). They are the
right team. Even their business customer looks fantastic (hints
abound). If you're looking for an investment tip, this wouldn't be so
far off ;)
I'm also suspect of "... the sender of the file can set it [the
program?] on a timer so that it will automatically “burn” - deleting
it [encrypted file] from both devices after a set period of, say,
seven minutes." Apple does not allow arbitrary background processing -
its usually limited to about 20 minutes. So the process probably won't
run on schedule or it will likely be prematurely terminated. In
addition, Flash Drives and SSDs are notoriously difficult to wipe an
unencrypted secret.
Don't be suspicious, be curious -- this is where security is at.
Remember: The threat is always on the node, it is never on the wire.
Looking back at that Hushmail app, another anecdote. When I was doing
business with a guy who was security paranoid, he used an unpublished
nym, encrypted his messages with PGP, and then sent them via Hushmail to
me. Life then turned aggressive, and we ended up in court. His side
demanded discovery. I took all his untraceable, pgp-encrypted and
Hushmail-protected mails and filed them in as cleartext discovery, as I
was severely told to do by the court. Oops. From there they entered
into the transcript as evidence, and from there, others were able to
acquire the roadmap via subpoena.
The threat is always on the node. Never the wire.
Your node, your partners node, your partner's friend's node .... It is
this that the Mission Impossible deletion feature is aimed at, and it is
this real world node threat that it viably addresses. This is what
people want. The fact that it is theoretically imperfect doesn't make
it unreasonable.
Perhaps a properly scoped PenTest with published results would ally my
suspicions. It would be really bad if people died: "... a handful of
human rights reporters in Afghanistan, Jordan, and South Sudan have
tried Silent Text’s data transfer capability out, using it to send
photos, voice recordings, videos, and PDFs securely."
Nah, this again is the wrong approach. Instead think of it this way:
of 100 human rights reporters, if 99 are protected by this tool, and one
dies, that is probably a positive. If 100 human rights reporters are
scared away by media geeks that say it is unlikely to be perfect, and
instead they use gmail, and 99 are caught (remember Petreus) then this
is probably a negative.
Human rights reporters already put their life on the line. Your mission
is not to protect their life absolutely, as if we are analysing the need
for a neighbour's swimming pool fence, but to make their reporting more
efficient. Which coincidentally also means raising the chances that
they live to report the next one.
Risks, not absolutes.
iang
[0] I saw we - my company had a hand in the original crypto back when
Hushmail was Cliff+1. FWIW.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
