Re: [liberationtech] In defense of client-side encryption (Guido Witmond)

[Guido Witmond]

Thank you for your quick response.

I'm not convinced by your arguements yet. I comment in between.


On 08/12/13 04:13, Francisco Ruiz wrote:
 In your message, you wrote:
 
1. I have to *run* it to get the hash of the application from the help
page. That is already a leap of faith to run unverified code.
 
 Good point. A counterfeit copy of the page might lead to a different
 server, and the help page thus obtained would display a different code
 which, of course, would check out all right. Both the active code and
 the help page come via TLS, but maybe this is not enough. In any case,
 this would be just about the same risk that anyone incurs when loading
 any page via https, so almost every crypto app out there would have the
 same security flaw.This is why I added the video verification, anyway.
 It's a lot harder to fake a video.

What you run into is the classical secure distribution problem. With
native applications (not js-apps) that's a  once-per-install  hurdle.
With a server serving pages, it's a once-per-run hurdle. Unless, somehow
my browser remembers the code. Then it degenerates into *installed*
code. Now we have the secure update problem in another form.


There is another problem. You rely on HTTPS. Here is the 64000 dollar
question:

Q._What is the CA-certificate for your banks' website?_

I ask that question to anyone who claims to be security conscious. No
one has given me positive answer so far. Not even a wrong answer. Only
that people don't know.

So I take it for granted that people won't verify anything, ever.


2. I have to verify the hash code with a spoken message in a youtube
video. The message is spoken by someone I've never met, so how do I
verify that it is you who's saying it and not an actor hired by a spooky
agency? Or just dubbed with a new audio score. Hollowood can do that
without a blink.
 
 I'm not Justin Bieber (thank God) and there's nothing I can do about
 that. But maybe someone in this forum knows a privacy-conscious
 celebrity who could be persuaded to do the reading. It should be
 possible to find one. Actors are into all kinds of causes these days... 

I think I change my mind on voice hash verification. It's a neat idea
but a big hassle.

Not even GPG users check the certificates and identities. They just
assume that if it is encrypted, it is secure. This xkcd is spot on:
http://xkcd.com/1181/

I am using GPG to encrypt mail to a certain person. He uses one key to
send mail to me, and I use a different key to send back. I haven't seen
a complaint from him...


 
 Concerning faking a video. Sure, it can be done too, but mere dubbing
 won't work because you have to sync the lips. Chopping the video into
 little pieces and reassembling it to make a different code won't be easy
 to pull off, either, especially with background music to serve as a sort
 of tamper-evident paper. I'd like to see more discussion on this.

Ok, here it comes:

What is the music on the background? How do I know it is your music and
not a score that the attacker downloaded from mp3.xyz?

Hashes are for a computer-verified protocol. Not for humans.




My view on Javascript as a platform:

Browsers and javascript are a platform on their own. They are becoming
operating systems. Firefox even calls their browser OS.

Operating systems are not neutral technology. *He who controls the
operating system, controls the user.*

The most important aspect of operating systems is not to schedule
resources efficiently. It is to *protect the user* against all threats,
both external as well as their own ignorance/stupidity.

The current crop of operating systems has gone a long way from DOS to
where we are now. Unix/linux went through that phase, Windows followed.
We still haven't got a way to protect against malware, drive by
downloads and other threats.

Threats due to the Ambient Authority model of Posix. See Polaris,
KeyKos, Eros-os, genode.org, Qubes-os, MinorFS for capability-secure
solutions to the malware problem. Why are virtual machines so popular?
It's an easy way out of the ambient authority.

But instead we have Javascript trains that are just leaving the
DOS-station. Relearning all security errors from the past. The hard way.
Again. No thanks.

Let's fix our current OS'es first

Regards, Guido.
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] In defense of client-side encryption (Guido Witmond)

[Francisco Ruiz]

In your message, you wrote:

1. I have to *run* it to get the hash of the application from the help
page. That is already a leap of faith to run unverified code.

Good point. A counterfeit copy of the page might lead to a different
server, and the help page thus obtained would display a different code
which, of course, would check out all right. Both the active code and the
help page come via TLS, but maybe this is not enough. In any case, this
would be just about the same risk that anyone incurs when loading any page
via https, so almost every crypto app out there would have the same
security flaw.This is why I added the video verification, anyway. It's a
lot harder to fake a video.

2. I have to verify the hash code with a spoken message in a youtube
video. The message is spoken by someone I've never met, so how do I
verify that it is you who's saying it and not an actor hired by a spooky
agency? Or just dubbed with a new audio score. Hollowood can do that
without a blink.

I'm not Justin Bieber (thank God) and there's nothing I can do about that.
But maybe someone in this forum knows a privacy-conscious celebrity who
could be persuaded to do the reading. It should be possible to find one.
Actors are into all kinds of causes these days...

Concerning faking a video. Sure, it can be done too, but mere dubbing won't
work because you have to sync the lips. Chopping the video into little
pieces and reassembling it to make a different code won't be easy to pull
off, either, especially with background music to serve as a sort of
tamper-evident paper. I'd like to see more discussion on this.

3. How can I validate that the youtube url is correct? They are all
gibberish to me. Again could be a fake by some adversary. This mail was
not encrypted and validated.

Well, the URL leads to me (or a famous actor, in the future ;-) reading the
hash for a particular version. If the guy in the video says something else,
you know you don't have the right video. I think videos have great
potential for authentication, since they are so much richer, and harder to
fake, than a mere piece of text.

 There?s no legal action that can shut down PassLok because it consist of
 pure code, and pure code is speech, protected from government
 interference under the 1^st amendment to the US Constitution.

Theoretically you are correct. In practice, we've seen the value of your
US constitution...

Lavabit and Silent Mail have shut down due to legal challenges rooted in US
law. The same laws cannot be used to force a website (or many websites, for
there should be mirrors) to stop delivering a certain document, unless it
is pornographic or hate speech, because of the 1st Amendment. So far, free
speech has been quite successfully protected in the USA.

Thanks!

-- 
Francisco Ruiz
Associate Professor
MMAE department
Illinois Institute of Technology

PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok

get the PassLok privacy app at: http://passlok.com
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.