Slashdot Mirror
Thawte Protects The World From Crypto
nutsaq writes: "Thawte.com, a South African Certificate Authority, in a move of astonishing wrong-headedness, has inexplicably changed it's developer certificate policy. To quote from the site: 'Due to current world circumstances developer certificates can no longer be issued to individuals.'Sucks to be working with crypto these days. Apparently I'll get no help from Thawte to encrypt stuff, oh wait, I didn't need it, the browsers did."
This is about signing certificates, nothing with "oops, my browser encrypted" bla. This is a very interesting move, that I cannot quite follow. Why in the world would you only limit signing certificates and blame it on the "world". Excuse me? I mean if it was about global server IDs, strong encrpytion, etc. I might find some reasons in current events to limit the distribution. But code signing certs? Quote from the Site: "Your customers can be confident that a Thawte Developer Certificate will guarantee that your code remains tamper proof, and that the content originated from the source on the certificate. Important Notice:
Due to current world circumstances developer certificates can no longer be issued to individuals." Or am I totally missing the point here (probably too late here on Pacific Time)
Actually, I know that it was, because I wrote it for the Wipout competition, which is spookily enough another /. story of the day.
I wrote this story in early September, pre-11th. It postulates a society where knowledge of crypto is so strongly controlled that... well, read the story.
At the time that I wrote it, it was science fiction. It now looks like I was way too conservative, and events are already on the way towards overtaking my predictions. Hey ho.
If you were blocking sigs, you wouldn't have to read this.
Now only real companies, like the MANY that bin Laden's network runs, can get encryption tools.
The line must be drawn here. This far. No further.
To pick some nits, the One-Time Pad (OTP) cryptosystem has perfect secrecy. So in that sense, it's at least as strong as any other cryptosystem. However, it lacks features that are found in more sophisticated systems, such as protection from a known-plaintext attack or even authentication.
Those facts, plus its requirement that a key the maximum length of a future message be sent ahead of time via secure channels, means that it is not necessarily the best cryptosystem.
So saying that it's the strongest is true only in a limited sense. From the perspective of the public, they might prefer it if "terrorists" went back to hand-encoding/decoding messages, since investigative agencies have a better chance of breaking the key distribution than breaking some of the modern ciphers.
Well, not a lot of people/companies anyway.
Half the time I try to download an application/plugin I get the message 'this code was not signed'. This happens so often that the average user will simply click 'run anyway'.
This will only affect companies that have actually taken the time to set the system security policy to 'never run unsigned software'. Which nobody on this planet has done, because all the really useful software has not been signed. *sigh*
Code signing is rather useless anyway, it's a good concept. However, the certificate issuers only certify that a company writes software (which you knew anyway, you just downloaded a piece of their work), they do *explicitly* not certify 'this is software written by a company that will not copy all files from your harddrive and publish them on IRC'.
In it's current implementation it makes software somewhat tamper proof. Which is nice...
The whole decision is silly. All thawte is doing is loosing business. If a terrorist wants to encrypt a webpage, it's easier and faster to just set up OpenSSL/mod_ssl and sign your own cert.
If the visitor is another terrorist looking to download encrypted content, all he has to do is click OK to the browser box that says it's not trusted and then the encrypted stream of content will begin.
All thawte is doing is removing the part where the cert is trusted. I doubt a terrorist would care.
You want an SSL cert on the cheap? Go see the folks over at TuCows.
That's about as cheap as it gets for an SSL cert from a CA with it's root cert in most browsers.
Disclaimer: I work for Entrust.
"Tomorrow's forecast: a few sprinkles of genius with a chance of doom!" - Stewie Griffin
if it's a truely random key (hard to find) then there are no patterns to take advantage of. it's unbeatable.
If it's not a truely random key, it's not a one-time pad (in the standard sense) but rather some type of stream cipher.
A stream cipher uses a keyed mathematical algorithm to generate a stream of data that "looks random" but of course is completely deterministic. This keystream is then XOR-ed with the plaintext, as in the OTP.
I find it helps to think of the one-time pad as "secret splitting" - you take the original plaintext, and divide it into two halves (the random keystream, and the keystream XOR the plaintext). Neither half by itself tells you anything about the plaintext, but when you have both of them you can recover the plaintext. (This can be extended to N > 2 as well)
Another way to think of it: For a given ciphertext, there exists a keystream corresponding to EVERY POSSIBLE plaintext of that length. If you don't have the keystream, you have no knowledge about which plaintext was actually used.
A stream cipher does not have this property. For a given ciphertext, there are at most 2^(keysize) possible plaintexts that could have produced it. However that can still be a very large number, and you have the advantage that the key is much smaller than the plaintext (therefore easier to store and distribute).