Slashdot Mirror
More On The SDMI Crack & Why Digital Sigs Are Not
The latest issue of Crypto-Gram has some good coverage of the new digital signatures law as well as more on the SDMI crack. The signatures law is interesting - essentially claiming that a digital signature law is /not/ the same as signatures.
Things like this go to show that you need humans to mediate human interactions. The semantics of signing that Bruce talks about are a human issue, and only a true AI might become acceptable as a suitable substitute for a human in many subjective (and legality, value, trust - all are subjective) issues.
The reason we trust the notary public to countersign a document is that we are willing to believe what a human has seen and done because we can relate to it. The way you can lie as a notary public is pretty well known to humans - but forgery of digital signatures or hijacking a legitimate one is pretty new area for humans.
Tamper-proof computers would be needed for any digital system to be truly trustworthy, but that is probably raising the bar too high - higher than we keep it for our usual activities. What is required are procedures and oversight that humans can feel comfortable allows such a statistically low chance of error - through malice or accident - as to be worth trusting.
It is only partially attacks by other humans, thus, which we fear in digital signatures and similar mechanisms (like electronic voting). It is also machine error. We wants humans to recount votes and attest to signatures. Until more people are comfortable with the machines this will continue.
Finally, I will tip my hat to the open source community: by opening up the black boxes, people will start to feel more comfortable with machines - even if they remain ignorant. Few people actually fix their own cars, but over time they became confident that the standards and knowledge were such that they could trust those who do, and that the information was available for them to at least perform some rudimentary oversight if needed (indeed, as more car parts become black boxes, people are LOSING their trust in cars...)
So, what we need is comfort levels for humans, through open systems, and acceptable standards and procedures which maintain the highest feasible levels of security, privacy, reliability, and trustworthiness in the subjective view of people... There are NO tamper-proof systems, electronic or physical, but we still have a society functions without total paralysis from fear of a total trust breakdown.
Digital signatures will come into their own with improved security and oversight (monitoring and reporting) on PCs...
o/~ we are pissed, we are pissed, we have to resist... o/~ - ec8or
First. What legally speaking is a signature?
;-)
;-) (He writes great books though)
It's not as easy as it seems. Is it a cross on a piece of paper? It can be, particularly if the signer is unable to write.
Is it a thumb print. Yup could be.
Is it a digital signature. Yup often is.
The point is that the law is actually more flexible and subtle than its often assumed to be.
Ok. Can written signatures be forged? Of course. Happens every day and twice on sundays.
Can digital signatures be forged? Yes, either by cracking the cryptographic system (usually very hard) or by hacking into the system that has the cryptographic system running on it (usually pretty easy, although not always).
Also with digital signatures (and with written signatures) there is a question of identity - is the John Smith that's signing the SAME John Smith that's paying? And if so, who says so?
Either way a fraud can been commited. And either way the court is the place to duke it out.
Is a digital signature less secure than a written one? Right now I doubt it, although in future it may be less or more so depending on the systems used.
I personally think that Bruce Schneier is trying to drum up more business for his security company
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"That's not the point. The point is, whether you read it or not, we know you intended to sign the video club contract. You had it in your hands and chose to sign it. We can't prove that you intended to sign a digitally-signed message.
But do you trust the program that computes your digital signature? I think this is one of the applications where having access to the source is vital. Maybe it would be even better if the algorithm were very easy to implement, so everyone could roll their own signing program and be absolutely certain that it was kosher?
[TMB]
I've heard this so many times, and it's just an assertion. Before public key crypto was out, they said the same. I believe you can't secure digital data against an insecure recipient who can decode it; nothing says the data itself can't contain stuff the user can't notice -- you can't do a mathematical proof about content / the human ear, people! What's to say they can't do inaudible phase shifts, volume changes you can't hear, and other such? I don't think they can, but it takes a lot of chutzpah to just say you CAN'T outright with no backing. They did a good (not good enough, it seems) job; what's to say they can't do sufficiently better? I'll wager it takes more than just more money, but I don't see why they can't. Any thoughts?
For large documents, obviously, you're not performing a signature operation on all the text. But, maybe at the bottom of the page, you put your unique public key ID (which is then used to find your public key in a big database), then another line with, say, date, cost, and PO #, then the calculated result. If you lose your little card, you simply go down to the post office (or somesuch), get a new one, and they invalidate the old one for any new use after date X.
Obviously, the big problem here is the public key database, but that's been the bugaboo all along. But the advantages of something like this are:
Disadvantages:
You could (and, I'd argue, should, with proper back-end privacy features) put proximity technology into this and use it as your gas speedpass, grocery-store bonus card, office key, and gym pass. I like the ideas of the prox-cards (with authentication) for checkouts (like the Mobil Speedpass) but am loathe to put a dozen dongles on my already too-heavy keychain.
Anyway, does anyone like this idea? Can anyone point me to a better way to do secure authentication/validation on paper or over the phone? (yes, I'm ignoring for the moment the possiblity of loss/theft of the card and/or PIN).
david.
my opinion on written signatures vs digital signatures is that, in the end, they both rely on a bsic concept: trust in the sytem.
Yeah, and Shneier is talking about how the "system" works: with a physical signature, you're trusting that someone hasn't forged/copied it, which is something you can at least try to verify in a courtroom (and having it notarized is even more useful in that way). With a digital sig, you're trusting that no one has compromised the signing computer, which is going to be totally impossible to verify in the courtroom. This is a key difference in the two "systems", as Shneier explains.
Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.
What does this mean? They can be "copied"? A digital signature, by definition, is attached to a single document. So "copying" it is meaningless/impossible. In contrast a physical signature can be copied and placed on a different document.
But, so can written signatures. The articles states that a written signature guarantees contact between the signer and the document. What about forgery?
The article also mentions that public notaries are often used for important documents. Public notaries are people too; they can be bribed.
As Shneier talks about in Secrets & Lies, it's not about making a system which can't be tricked/hacked/broken/etc. It's about minimizing the risks of that, so that you can conduct communication and business meaningfully. Despite your claim that it's all a matter of trust in the "system", Shneier makes a very clear distinction between physical signatures, which, though they can be forged and copied, have a reasonable chance of standing up in court, especially if they've been notarized. Of course, you could trick this system, but it is difficult enough to do that that the system works most of the time. In contrast, it's not clear if a digital sig would ever stand up in court, because you could always claim that your computer was compromised, which is not the kind of thing the court can rule on.
And then there is a meaningless rant about how everything can be broken, making incorrect assumptions about Quantum Computing (which would only render Public Key algorithms unusable -- it would just require longer keys for Symmetric algorithms).
And then...
As of yet, only one encryption method has been proven to work flawlessly, and it's not even encryption: it was the translation of English into Navajo during World War II.
One-time pads are provably unbreakable. They're just not very useful, because of the difficulty of distributing pads.
Jeesh...
-Dan
I have written a truly remarkable operating system which this sig is too small to contain.
Be careful who you trust. No matter how careful I am about installing software, scanning for viruses, etc, I wouldn't trust any PC fully. Can you be _sure_ that Win98 has no backdoors? Can you be _sure_ that Linux has no backdoors?
The real danger in digi signatures is considering them to have the potential to be any different from regular signatures. If you require a notary to witness a physical signature, then you damn well better require a notary to _physically_ witness the real person issuing a digital signature. Maybe there's a digital means for authenticating a person better than a human notary, so that may be an option. But authenticating the person in a truly secure way is necessary. This is not only an issue for the signer, but also for the party with whom he is contracting -- if there is any doubt that the signature was inauthentic, they are open to litigation... so really, everyone wants authentication from human->document.
Of course, I am of the opinion that physical artifacts should not be done away with. For many tasks, they may be the best solution available -- if security is really at stake, you may be better off _not_ moving at full internet speed.
A bunch of programmers read about digital signatures and they think "Great, here's a way to verify that a specific person signed a specific document. How cool." (And it is very cool, don't get me wrong). Then Shneier comes along and points out the problems with using these digital signatures to replace the role of physical signatures in our current legal system (they won't stand up to court challenge, because it's so easy to claim that the computer was compromised or the key stolen).
He's right. His point is about the legal system, not about the philosophical issue about how to verify that someone actually signed something. Sure physical signatures don't do that, but that doesn't matter. They work well in our legal system. He argues that digital sigs won't.
So everyone should stop making such a todo about how he's being solipsistic, or techophobic or whatever. He's talking about legal issues.
-Dan
I have written a truly remarkable operating system which this sig is too small to contain.
-jon
As the article points out, the SDMI contest has no real meaning, other than fame and dough for them. Nothing that can be decrypted can't be cracked. It may be hard, but there is always a way. I especially liked the little point that watermarked files can still be duplicated. It's just like the ID3 tag "copyrighted". A pirate is not very likely to care about the FBI warning on the first part of a copied video tape. Of course, this still doesnt protect the average consumer with the intelligence of a potato, who believes what the company tells them, and goes out to buy all the software for this "copy proof signature". Technology: friend or foe?
I am !amused.
After reading this article I have a few concerns about what this person is talking about:
1. He mentions that a digisig is less secure than a normal sig because the person does not have to read what he/she is signing. Well, isnt this also the case with normal sigs? How many of you read the contract when you joined your local video club? It is hoped that the person doing the digisiging will have read and agreed the document. Something that could be done about this could be maybe include a signing message, in which you sign the document, and also include a short sentence like "I agree" or "I disagree".
2. The computer is not a trusted environment. Well, if you dont trust your machine, then thats your own problem. I trust mine, because I take care of it remaining trusted. Sure, some assumptions have to be made, but one thing is caution, and another paranoia. I am SURE that at this moment I have no backdoor programs running in my Win98 system. I also know that I have no Office virii in here either. This is not only due to the antivirus software, but also to my downloading/trusting habits. I also have to make the assumption that Win98 itself is not sending data to someone else, but then that becomes the stuff of legend amongst the MS haters.
Point is that forgery and thievery occurs in the real world and in the digital world. The idea that a program will sign another document when you didnt tell it is akin to telling you to sign with a pen a peice of paper and having underneath it a carbon paper and another document with the signature line in the same place, but saying something else. Or hell, even easier, just beating you until you sign a paper or you die.
This sort of fear towards technology is nothing new, but it is shocking to see who is displaying this fear in this case.
The problems presented in this article are not computer problems, but rather human problems, and the lack of ethics in the world of today (and yesterday too).
It is the cost of entry to forgery that is the basis by which we can judge any signature method. Creating a well forged signature is difficult... you must know the person well, or have lots of practice forging their signature (or all handwriting). Bribing a notary republic is expensive, can can blow up in your face. And for all of these activities, they are not what most people consider 'fun and involving', or practicing the skills required a particularly safe thing to be caught doing. However, with digital signatures anyone who has access to a computer lab has access to the tools required. There is a large society of hackers who enjoy trying to take apart encryption methods, and exploits are often posted publicly up for all to see. Well known exploits have programs written specifically to take advantage of them, allowing barely skilled users to utilize the security flaws. Thus, the cost of entry for digital forgery is lower than the cost of entry for physical forgery. The chances of detection are lower, and the ability to hide your tracks is greater. This is why digital signatures must have a much GREATER security level than normal ones, and the differences inherent in how they are, and are not, secure from written signatures should be well documented and publicised. Raven
And my soul from out that shadow that lies floating on the floor
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
my opinion on written signatures vs digital signatures is that, in the end, they both rely on a bsic concept: trust in the sytem.
... an excellent book, i might add)
Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.
But, so can written signatures. The articles states that a written signature guarantees contact between the signer and the document. What about forgery?
The article also mentions that public notaries are often used for important documents. Public notaries are people too; they can be bribed.
There is no truly secure method of signing a document, of encrypting information, or anything else of the sort. Anything and everything can, and will, at some point be broken.
As it stands, PGP is fairly secure. Current computers can not current perform the mathematics required to break a PGP encryption in a reasonable amount of time. However, when quantum computers are available, PGP will be useless.
Although the advent of quantum computers will also bring about quantum cryptography, which has been labelled as "unbreakable."
True, the concepts regarding quantum physics would currently render the encryption unbreakable, who knows what technologies may later emerge?
As of yet, only one encryption method has been proven to work flawlessly, and it's not even encryption: it was the translation of English into Navajo during World War II.
(For more information on these subjects, read Singh's -The Code Book-
--------------
Well, not really, but this is the basic solopsistic problem.
/without/ using your senses?
/probability/ of error.
Since your only interaction with the world is through your senses, how can you verify that it is as it seems, or even exists at all;
The best answer that anyone ever came up with is "I refute it thus" and kicking a rock. (not making this up). In reality, there is no true answer, indiviudals must make the "leap of faith", or the "leap of presumption" at least, and presume that the world is more or less as it appears to be.
Since true signatures validity can only be 'proven' by either A) testimony to the fact (which doesn't really require the signature, after the testimony) or B) the voice of 'experts'; the 'experts' can be cryptography experts, and can, like the hyndwriting experts, testify about the
And it is ultimately only about how probable it is, since you can't prove anything.
-- Crutcher --
#include <disclaimer.h>
-- Crutcher --
#include <disclaimer.h>