Slashdot Mirror
Current Crypto Trends with Bruce Schneier
Saint Aardvark writes "SecurityFocus has published an interview with Bruce Schneier. Fascinating stuff, especially the level-headed assessments of the NSA, spam and the impact of full disclosure: 'Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.'"
Every posting in his cryptogram seems to be telling me the same thing - nothing anyone is doing is actually secure, and no currently proposed measures are going to help. So basically he's telling me to live in a shack in the woods like the Unabomber if I want security. Also he seems to be drifting more and more into political banter...and I don't consider him to be any more informed that the next blogger.
I thoroughly recommend reading the linked articles. Some fascinating stuff (e.g. on why elliptic curve crypography is current considered secure and why this may not last).
Tsunami -- You can't bring a good wave down!
Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
[Emphasis mine.]
How is that an unexpected public disclosure? With that example, he alters the conditions of the experiment, just like opening Schroedinger's box.
If 5,000 people went to Amazon.com and bought something with the expectation that the connection was via SSL, and it turns out it wasn't, the smarter of those 5,000 people would be closing their credit card accounts and their Amazon.com accounts, and demanding restitution from Jeff Bezos for their compromised personal information. Amazon.com would fight them tooth and nail.
Now, tell me that isn't chaos.
With such a pronouncement "from on high" like that, my respect for Mr. Schneier took a serious hit.
Since you seem to have read more on the subject, let me ask you a simple question about since you'll hopefully have the asnwer mroe readily available.
Is a reversible computing system Turing Complete? What's the speed/space loss of interpreting a turing machine in the reversible equivalent of a universal turing machine? If this loss is exponential or compounded by runing time (i.e. unavoidable memory leak) then that's your answer to your question.
I ask this because intuitively, it looks to me like forcing all programs to be reversible would wither limit their functionality or require you to keep around useless data for the purposes of reversing a computation, whicch you never do in normal operation but would be very nice for debugging.
(I've worked on capture/replay systems, profiling, analized program traces, tried to keep dynamic slices of a running program and read a lot about related problems. When I ask about memory overhead I mean it)
BTW, On reading your post again, it seems you have your terminology a little wrong. Erasing a bit (in the page you describe) is taken as destroying information, rather than setting a bit to 0. The argument is thermodynamic in origin (insert simpson quote here), even appearing in Hawkings' "A brief history of time" as part of his discussion about why time flows and entropy increases. Basically the idea is something like: if you have random data (strings of 1s and 0s) and you draw a conclusion (all 0s, or in some order that's not random), you have decreased the amount of entropy inside the computer and therefore the rest of the universe must have more entropy to make up for it, or something like that. So, you perceive time flowing because you are gathering information, and it feels like it flows in the direction of more entropy. I probably botched the description, so if anyone wants, I can go get my copy of the book and explain it better.
Reversible computing comes in so you don't throw away that randomness, and so your entropy doesn't change (since you can go back anyway) so it is theoretically and thermodynamically possible to create a machine to do the calculations with a minimum drawing of power. That's the context I've heard it in, but it doesn't mean that such a machine exists now, that it is practically feasible, or that the needed chaos storage unit won't overflow.
And BTW, if your operations are fully reversible and you don't want to end up with a chaos overflow/information underflow, you'd have to transmit all the byproducts of your encryption(chaos) along with the encrypted data (which has information) and since your calculation is reversible, any eavesdropper can decode it. So no, it's not useful for crytography at all.
Another analogy for you: Dave Clark once commented that using cryptography to communicate with a stranger is like meeting that stranger in a dark alley. Whatever happens, there won't be any witnesses.
I guess the lesson is to use the right tool for the right job. No dogma.
-Fzz
This guy obviously doesn't run any mail servers.
Sure, new spam filters can be pretty effective. But it takes a lot of resources to deal with spam in terms of hardware and network bandwidth. 75% of all e-mail traffic is SPAM. Millions upon millions a day.
SPAM is a real problem and it's not getting better, it's getting worse. The better we get at blocking it the more spam gets sent to counter this.
Some people might think that if we get good enough at blocking spam, it won't be profitable to send it anymore. I beg to differ. It costs almost nothing to send a million spams. And with all the bot-nets and hijacked mail servers, it's not hard to get them out.
So, because of this very brushed-off response and attitude like he's an authority, I can't take any of his other responses seriously.
- It's not the Macs I hate. It's Digg users. -
in the last 25 years there has been another development in cryptography which bruce has seemingly left. namely the formal what is often refered to as provable cryptography. i.e. the proccess:
1) Formaly defining both the working model (network, involved parties, computational & other capbabilities...)
2) Defining the variouse forms of security to be achieved. (For example a protocol must be secure if run once, many times in a sequential manour or even in a concurrently manour. Each is a different kind of security and results in a different protocol.)
3) Designing a solution (algorithmn, protocol,...) and useing mathematical methods to PROVE the defficulty of breaking the stated security in the given model is equivalent to some common mathematical problem. (such as certain "large" integers or calculating the descreet log in "large" algebraic groups.)
Public key cryptography is the first practical product of this type of cryptography, however theoretical cryptography is almost nothing BUT this kind of work. the problem with protcols and algorithms designed in such a way is that they are often alot more inefficient then there conventional counter parts. thus most practical cryptographic algorithms (SHA-*, RC*, MD*, DES, AES,...) are not designed in such a rigorouse manour. (if this were the case then the entire field of cryptanalysis would be relegated to efficiently solving a few basic mathematical problems efficiently.) A quick example of a compareson is the note that one provably secure hashing algorithm requires a modular exponentiation per bit hashed. compare that with md5...
As Bruce said, desiging secure protocols is VERY difficult even for the most experienced of cryptographers. This has been the main motivation behind developing and applying a provable approach to cryptography. as the cost of computation and communication decrees and the theoretical tools become more and more efficient i think we will be seeing more of this type of cryptography in practical use. (Zero Knowlege proofs, for example, are already being used in some authentication schemes.) In any case IMHO it is a "trend" to be watched as it is the FIRST line of research in cryptography that truely quantifies security. (i.e. by reduceing the security of a scheme to the difficulty of solving a specific mathematical problem of a given size.)
For decades, in some cases centuries, there have been known bad and good approaches to security and still people violate evidence and common sense on security.
Security professionals know there are certain basic ideas to apply towards security. If they consult, they apply the same basic lessons again and again to several people and often repeat themselves to repeat customers. If the work as a security profession in one organization, they repeat the same thing for their whole career.
The good thing about Schneier's blog is he takes the rudimentary ideas of security and shows the diversity in their applications.
If repetition wasn't necessary, there wouldn't be a plethora of security sites, publications and blogs - or the abundance of exploits, succesfuly viruses, worms, etc.
How many of you don't have a relative whose computer you can sit down on and immediately find some spyware, adware, trojan, virus or other bugger? Can you quiz them on how to handle their id online and on the phone without tripping them up?