Crypto – Page 2 – Preston Byrne

“We are governed by morons”

July 8, 2015July 8, 2015 prestonbyrne

Words fail me:

FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemma http://t.co/9b0reeSPBX pic.twitter.com/rG7MfxjwKg

— The Intercept (@theintercept) July 8, 2015

https://twitter.com/kentindell/status/618916004471664640

How does his head not explode from cognitive dissonance when he repeats he has no tech expertise, then insists everyone who does is wrong?

— Julian Sanchez (@normative) July 8, 2015

The only conclusion I can reach:

https://twitter.com/JZdziarski/status/618861638779830272

Sounds about right:

I hope the British remember how to use telnet because pretty soon SSH is going to be illegal there.

— SwiftOnSecurity (@SwiftOnSecurity) January 13, 2015

The real game: networks

July 8, 2015July 10, 2015 prestonbyrne

From a professional friend and personal hero:

“Without networks, we can’t go anywhere… Getting (TCP-)IP to all of the villages in Africa is probably a much more important goal than a bit more crypto… the real game is in getting packets to people. Once we get the packets there, we can do good stuff with crypto, but it’s just another tool.”

–Ian Grigg

What getting your ass kicked looks like, crypto style

July 7, 2015July 8, 2015 prestonbyrne

If you’re a policymaker in the UK or the US supporting crypto backdoors, now would be a really good time – assuming you haven’t melted into your shoes – to hide under a rock and cry:

Mother of God.

Cryptographers aren’t generally as well known as, say, theoretical physicists, so it might not be immediately apparent quite how stinging a rebuke this is. The rough equivalent would be sort of like having Paul Dirac, Werner Heisenberg, Albert Einstein, Max Born, Niels Bohr, John von Neumann and Erwin Schrodinger show up at your front door – uninvited, all at once, on live television, in complete agreement with each other, and having gone out of their way to do so – to tell you, and the world, that you don’t know jack about quantum mechanics.

Except it’s way, way worse. Because crypto is a practical discipline.

Put another way:

That face when you're the director of the NSA and Bruce Schneier shows up and asks you about crypto #NewAmCyber pic.twitter.com/sdzfi4NXoF

— Andrew Blake (@apblake) February 23, 2015

On the European side of the pond, we at Eris have been on the front lines fighting against crypto bans since January – indeed, from the very day that David Cameron announced the policy. We’re glad to see the big guns finally wading in – who make the argument better and more comprehensively than we ever could:

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws.

Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

Read the whole thing. If you’re in the mood for something a little less technical, check out Bruce Schneier’s interview in Business Insider published yesterday:

My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested.

And:

He can ensure that UK businesses are vulnerable to attack. But he cannot hope to prevent bad actors from using encryption to hide themselves from the police.

And::

As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access… but anyone who has followed all of the high-profile hacking over the past few years knows how futile that would be.

And:

even if Cameron turned the UK into the police state required to even attempt this sort of thing, he still wouldn’t get what he claims he wants. That’s the worst of it: It wouldn’t work, and trying would destroy the internet.

Complete, total, unremitting evisceration. And the official response:

Number 10 has not responded to requests for clarification about Cameron’s comments.

Says it all, really.

This is why you don’t backdoor anything, Mr. Cameron

July 6, 2015July 6, 2015 prestonbyrne

From Motherboard by way of Graham Cluley’s Security Blog:

To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.

“With access to this data it is possible to link a certain backdoor to a specific customer. Also there appears to be a backdoor in the way the anonymization proxies are managed that allows Hacking Team to shut them off independently from the customer and to retrieve the final IP address that they need to contact,” the source told Motherboard.

Or, as put by Cory Doctorow:

“Weak Crypto” is like “slightly fatal.”

Seeing as a proposal to backdoor everything in Britain is currently on the table for this Parliament’s legislative agenda, the Hacking Team incident has particular relevance for the British commercial tech scene.

Mr. Cameron, we’re your friends – we’re really trying to do the government a favour here. Just work with us to make a safer, stronger internet, for crying out loud!

Your electorate will thank you for it.

Hey! I thought we were friends.

July 2, 2015July 2, 2015 prestonbyrne

From the Eris Industries company blog:

“Although I’m pleased to report that we now have premises in the United States, I’m disappointed to report that – despite nearly uniform opprobrium from business and the press – it would appear, per yesterday’s reporting in Ars Technica, that the British government persists in its position that encrypted communications, and presumably by extension any open-source cryptography, are the kind of things that the government should be able to break, on issuance of a warrant signed by a politician and not by a judge…

“Why centuries-old judicial safeguards should be replaced with political control is beyond me. Why such a proposal should be put forward by the Conservative Party – recalling the occasion when Margaret Thatcher reportedly slammed a copy of Hayek’s Constitution of Liberty on a table before saying, “This is what we believe” at a Conservative Party policy meeting – I find even stranger still.”

The Conservatives are driving me crazy at the moment. I don’t get it.

Read the whole thing.