On Aug 30, 2013, at 8:43 PM, grarpamp <[email protected]> wrote:
> Are we sure? This seems to tell us they are doing traffic analysis and so
> forth.
> It doesn't seem to say much about cryptanalytic capabilities. For all we know
> they could have all the crypto in the bag but need analysis to identify
> talkers due to people being exceedingly careful about the message content.
I consider delivering a zero-day to be a form of cryptanalysis. I believe that
they do, too. I've been harping on that for some time.
>
> "Blue hen rides over the book on the left side when the sun is low.
> Do you copy?"
>
> Now if someone leaked all the secret crypto capabilities docs out
> in public, or someone else got in trouble solely from what they
> properly encrypted, then we'd know whether or not the crypto works.
I recognize that I have a tendency to be glib in one sentence and then rigorous
in another and that's a character flaw. It's glib to say both "the crypto
works" and "zero days are cryptanalysis" in many respects.
When I say, "the crypto works" I mean the basic structures. We know how to
build block ciphers. We figured out hash functions a few years ago. We
understand integer-based public-key cryptography well enough that it gives us
the creeps. We kinda sorta understand ECC, but not as well as we think we do. I
think our understanding of ECC is like our understanding of hash functions in
2003. Meow.
The protocols mostly work, except when they don't. The software is crap. It's
been nearly fifteen years since Drew Gross enlightened me by saying, "I love
crypto; it tells me what part of the system not to bother attacking."
Look at it anthropicly. We know the crypto works because the adversary says
they're looking at metadata. To phrase that differently, they're looking at
metadata because the crypto works! Look at things like Fishbowl, even. It's
easy to get dazzled by the fact that Fishbowl is double encryption to miss that
it's really double *implementations*.
The crypto works. The software is crap.
Think like the adversary. Put yourself in their shoes. What's cheaper, buying a
'sploit or cracking a cipher? Once you start buying 'sploits, why not build
your own team to do them yourself, and cut out the middleman? Every other part
of the tech world has seen disintermediation, what makes you think this is
different.
On the other end of things, there's traffic analysis. We have seen -- stuff --
from them over the last decade. Papers on social graph analysis, pattern
analysis. Emphasis on malware, validation, and so on.
Here's another analogy. Imagine that you're looking at a huge, fantastically
complex marching band. You're trying to figure out who all is doing what to
what parts of the music and it's horribly complex. And then accidentally one
day, you lose the audio feed and then realize that it's *easier* to tell what
the band is doing when the sound is off.
Aphasiacs are (so I am told) good at telling truth from lies because they look
at the face rather than listen to the voice. They analyze the metadata, because
they can't hear the data and it works *better*.
Traffic analysis is what you do if your feed from the marching band loses its
audio. It's what you do if you're aphasiac -- which is *exactly* what happens
when the crypto works, by the way.
Thus with a large budget, you do both. With one hand, you crack the crypto by
cracking the software. When it works it works. When it doesn't, it doesn't.
Stop stressing. With the other hand, you revel in the glory of silence. In
silence you can think. You watch the band, you watch square dance. You just
watch who is pairing with whom, where the lines cross and the beats are.
Sometimes you can even guess the tune by watching the dance (which is also
cryptanalysis).
And all of that is why the problem in email isn't the crypto, it's SMTP.
Jon
