Slashdot Mirror
What's Holding Back Encryption?
nine-times writes "After many years in IT, I've been surprised to notice how much of my traffic is still unencrypted. A lot of businesses that I interact with (both business and personal) are still using unencrypted FTP, and very few people use any kind of encryption for email. Most websites are still using unencrypted HTTP. DNSSEC seems to be picking up some steam, but still doesn't seem to be widely used. I would have thought there would be a concerted effort to move toward encryption for the sake of security, but it doesn't seem to be happening.
I wanted to ask the Slashdot community, what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?"
is not the whole solution.
Nullius in verba
Isn't it the case in enterprises where they would rather keep things status quo instead of adding additional layers of (potential) problems? I believe they won't convert unless there's sufficient financial (dis)incentive to do so.
Maybe when getting a server cert is free/easy people will do it defacto. but right now it's either shell out for an SSL cert or greet every traveller with the "omg this site has a self-signed cert!!!oneone" browser warning.
...could possibly happen to me. That's it. Perceived risk versus perceived effort.
--I'm so big, my sig has its own sig.
-- See?
I have encrypted this post as my contribution to making encryption more widespread.
Here you go:
kkjkjGHIUgibilhjGHLiubhjbiu78HVji67gfUKGHVuygjh VljhbvolygILJKbIyugIJbikhjbKJBkbvkjnfJ.a,mx jchkdjqJiufhpi9fu{ywe9f8iunsiochjaijkcs
The fun part is that the (UK) cops can demand a decryption key for that, and lock me up when I inevitably fail to provide one....
This is a substitute for a clever sig that fits within the maximum number of characters.
A lack of time to implement it/management changing priorities... again. I would love to and I had thought that I had convinced management why we needed to (Nothing fancy, just ssl on parts of our web page). Then something blew up. Then something else blew up... and it just wasn't that important to management any more.
Businesses don't give a shit about encryption because there isn't any accountability on their part.
Your information is stolen? Too fucking bad. That's your problem.
Show me one company that got sued or whatever and had to pay for their stupidity with regards to information being stolen or lost.
Signed certificates are holding up encryption. Opportunistic encryption doesn't happen if it has to be carefully pre-planned.
Yes, unsigned encryption is vulnerable to MITM. So what? It protects against the far more common traffic sniffing and a plethora of other attacks.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I think that much more often than not most folks just use the default settings on their stuff, and at this point nearly all encryption is not something that is set up by default.
While the learning curve for using encryption in email, http, ftp, etc is not all that high, there is enough of one there for most people to just say "meh", even if they understand why they should be using encryption in the first place.
It's like personal home protection for many people - they don't want a gun in the house until after they've been robbed the first time. I'd wager that many people using encryption are doing so because they've been bitten by a lack of encryption in the past.
There's no reason to encrypt HTTP requests that don't contain personal information.
Because the people who pay for everything don't "see" a problem. From the uneducated user's perspective, everything works "the same" whether or not it's encrypted. They don't see how anything is "broken" so why should they pay $$$ in the form of certs and staff time to upgrade (i.e., "fix") things?
(That's a possible explanation, not an excuse.)
signat-url: http://www2.potsdam.edu/dctm/prescor/signat-url.h
I think it is simply not needed. Why would you put effort in encrypting a public website, or your e-mails to your grandmother to feed your cat while you're away.
Risk = damage x probability. Probability (sniffing email/web traffic) is extremely low on most data, as is damage. I think logins should be encrypted, but not (public) data.
-- The Internet is a too slow way of doing things, you'd never do without it.
Most websites are using unencrypted http for sending non-secure public pages and most people don't use email for secure transmissions and consider it almost public.
The fact that everything is not encrypted does not indicate that anything is being held back.
Encryption has transmission and management costs. It is not "free" so it will never be ubiquitous.
Maybe it's more of an issue of ready availability and accessibility. Plus (I think) some businesses may think that it's an unwarranted cost which should only be used for money transactions or whatever. But then again I'm talking outta my arse here with no previous knowledge.
It's the same thing holding back lots of things: greed. Microsoft would standardized on e-mail encryption support in Exchange/Outlook if it were THEIR "standard" that either locked users in or locked other providers out. So would Apple and damn near every other company out there.
Lots of encryption is in place where companies stand to lose money (eg., DRM, banking, etc.) But where they stand to lose money DUE to encryption, it's not widespread...imagine that. If the security of your data isn't going to lose (or make) a company money, the people running that company don't care a whole lot about the security of your data.
...encrypted communications are too bloody hard to debug!
With unencrypted protocols, I can whip out the packet sniffer and find out *exactly* what's going on. With encrypted protocols, I have to write reports like "we have verified our software configuration and believe it to be correct; perhaps the problem is at your end?"
Maybe we need to come up with a standard way of encrypting things, that our packet sniffers somehow know how to decode. Maybe even with a "relax the crypto" configuration flag we can throw during debug.
Do daemons dream of electric sleep()?
I know at my company a lot of it is apathy. We have an unencrypted FTP site where clients can upload/download stuff at their leisure. It's not sensitive material, so no one really cares if something happens to it or if someone gets hold of what's up there. Probably not the best attitude, but if the higher ups don't concern themselves with it, I don't concern myself with it too much either. That being said, for internal stuff and for access to project files from offsite, I did set up an SSH account on a segregated virtual machine that we can gain access to via SFTP. I also gave out separate keys for each individual in our organization. If a key becomes compromised I can simply issue a new one to the key holder without having to inconvenience everyone else. Still probably not ideal (I'm not a security expert by any stretch of the imagination), but better than nothing.
Both technically and administratively. I've lost count of the number of 'Public Key Certificate Expired' warnings I've had over the years. Also doing crypto slows down servers - the cpu hit on web servers by using https is significant so many only use https for the bits of transactions that really need it. I just wonder what hit Google took by encrypting by default all Gmail sessions.
Without dedicated hardware, https is an incredible performance drain on web servers. And even the dedicated hardware at the data centre won't help the client side. Not to mention the caching rules which mean much more data traffic.
For most web sites, I see no reason to use encryption.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
What's Holding Back Encryption?
Simple: INERTIA.
Remember back in the day when the OpenBSD guys said Enough Already and pretty much dropped telnet, rsh, rcp, rlogin, etc. for the SSH suite of tools? Yeah, a bit of growing pains at the time but no one would want to go back. It took some time but finally other open source projects followed suit.
People are lazy, if there's no push to change most won't no matter what benefit the change offers.
Trolling is a art,
Comment removed based on user account deletion
"Most websites are still using unencrypted HTTP"
that's cause most websites aren't serving up any content that needs encrypting. If you were only looking at banks etc, then maybe I'd worry.
Encrypting lolcats is just a waste of cpu cycles.
As for email, I only use my own mailserver or gmail these days, both of which are using ssl encrypted imap... If your emails contain sensitive information etc, you probably shouldn't be using hotmail etc :p
Suppliers give priority to what their customers nag about, and they nag about the problems they see and feel every day. Only those who get attacked and discover it see the threat of unencrypted traffic.
sudo ergo sum
Because if anything goes wrong, like forgetting the password or corruption on a single byte, can make your whole data unusable
since most people consider their daily transactions ( FTP , mail , what-have-you ) safe, there is no need to go for anything more even if the IT staff understands the risks, any attempt to actually implement something will cause a stone-throwing for "breaking something that was working just fine" even if the downtime is minimal.
People are lazy. I know I am! If It doesn't need encryption, why encrypt it? Then again I have the root password on my linux box set to a single character, so maybe I'm too lazy.
First big problem is you simply cannot send encrypted email to someone without a prior relationship. They aren't going to "get it" and they aren't going to be bothered to figure out why they can't read your email - just delete it.
The second problem is that if you want to be seen doing something "real", you need to spend some money on a "real" certificate. At a corporate level it might seem to make sense to have a corporate level certificate that then signs individual certificates. But this doesn't seem to be "real" enough.
Finally, most people understand that email is insecure and unreliable. They get a few Viagra ads every day and this reinforces the idea that it is insecure. They call people to make sure their email went through - because email is unreliable. Encryption would be another layer of trouble on top of all that insecurity and unreliability for no apparent benefit.
Really, most things which should be encrypted - are. There's no reason to push encryption everywhere; especially if it would confuse people and make them think everything is safe just because it's encrypted.
One that hath name thou can not otter
It won't happen until the pain of not doing it exceeds the cost of implementing it.
I still cannot find the droids I am looking for...
If Chloe can break it at CTU in a couple of keystrokes? DAMN IT!!
Weeks after Google, a technology leader gets hacked by having ancient versions of IE 6 on their desktops, and you're asking why encryption isn't everywhere? Same reason IPv6 isn't everywhere, VOIP isn't everywhere, the current spam-friendly email protocols we've been living with for decades haven't been replaced with authenticated sender-based protocols, and why blacklist-based antivirus hasn't been replaced by a less "lossy" model of security. Why? Because doing nothing costs nothing. Doing something costs something - and if you can't explicitly explain why doing something more than the current "bare minimum" MUST be done, quantify the costs of doing vs. not doing it (and have the latter exceed the former) and/or end-of-life the current methodologies, then things just don't happen in the low-cost/low-budget world of IT.
What problem do we need to solve here? If it ain't broke...
Just for the hell of it I've toyed with hooking my geiger counter up to my computer, generating a couple of DVDs full of random numbers (really random) and using them for one-time pad encryption to send email to my Mom. Which cannot be cracked, by anybody.
There is also the issue that if you lock things down too tight you risk locking yourself out and can't get back in.
...laura
The same happens with telephone conversations, or radio emissions. Except in some specific cases, it is just not worth the hassle.
That's where the hold up is in my opinion.
Secure e-mail via HTTPS/SSL is all but completely standard service throughout most providers, it's passive and in most cases proffered as the default information from a service provider.
Secure FTP via any means is a little touch and go, most hosting providers offer it in differing flavors but it is not well standardized in terms of FTP client support and each have their own name for the same methods.
Secure HTTP by default on sites, not really available for the market en masse due to cost of certificates and limitations of some of those cheap certificates which is why many do not offer it and with shared-services, your certificate is pretty worthless unless you opt for a dedicated IP in most plans/services.
PGP/GPG, now here's a real stick in the mud, this needs to be supported by all clients and implemented equally wherein there is nary a thought to clicking send (eg. what passphrase did I use for this one?)
DNSSEC, much like PGP/GPG, without wide adoption through large registrars and more information from those registrars on its uses, benefits and general reason for existence, it won't be used by many.
For me, it's mostly a tradeoff between the value of the information and the extra work/performance overheads involved in using encryption.
I usually don't bother encrypting my email because it's mostly mundane stuff, and frankly there's more of a threat from the owner of the email server reading my stuff than there is from a MITM attack. Also, getting and using a cert is a bit of extra work.
But if I do need to send sensitive information via email, I will use encryption. Generally by putting that sensitive information in an attachment, and encrypting the attachment using AxCrypt or something similar (128 bit AES which is pretty decent for anything I'd be communicating).
I upload and download files from a web server regularly, that permits standard FTP connections as well as SFTP and SCP. But I generally just use FTP because a) the stuff is usually mundane; and b) FTP maxes out my connection, whereas SCP/SFTP to the same server seems to bottleneck at 60 kB/s upstream for some reason - seems like quite a large performance overhead!
I wish Thunderbird of evolution had some type of automated system for encryption, where you tagged your public key to the bottom of every e-mail. When an in coming e-mail was detected with a key at the bottom all replys were automatically encrypted. I think the problem with encryption at the moment is that people have to think about it so it does not happen.
Encryption is pretty demanding on hardware. A normal webserver without a cryptographic accelerator can serve say 100x more webpages unencrypted then with a full HTTPS encryption.
Verisign. Because of the ridiculous cost of THEIR certificates, and that browsers don't seem to properly recognize any certs but ones from Verisign. People either use fake certs (encrypted traffic, but no verification of trust), or simply don't bother.
Also, because so many sites pull in images and other content from non-origin servers, webmasters do not know how to build a proper SSL site in most cases. It's tricky to do right (not impossible - just tricky), and most web designers / site administrators simply give up on SSL, rather than try to learn how to implement it properly.
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
Outside of our industry of computers and internets, security is handled wiht a simple motto -- secure what needs securing. With the knowledge that Ethan Hunt will always be able to break in, the question is not "what is insecure" but "what is being stolen". You don't need to secure something that no one wants.
Your home is easy to break into. Maybe you have a lock. Maybe you have a dead-bolt. Your locks can be carded, your dead-bolt can be picked.
You wouldn't want real security at your front door, because you'd be trapped outside more often than an actual burgler.
The same is true of computer security. If no one is breaking in, why would you want to slow everything down. My FTP traffic isn't that important. It's just code, and very few people think they want it.
Simply put, the bulk of security problems are not solved by encryption.
In fact encryption and authentication often create more problems than they solve. Corporations are asking for many passwords where they aren't needed, certificates create admin overhead, and encryption is more difficult to set up and get working in-time-to-market than if there were no encryption.
One doesn't invest in something "because it sounds like -- real cool, man". Rather, one must begin with a problem and think creatively to solve that problem. ...and encryption is just one of the available tools.
Also, you can't take the protocols SSL, DNSSEC, SFTP, IPSEC and pool them into one bucket and call it "encryption". Each are separate solutions to separate problems, and indeed will usually be only one component within the solution.
-paul
I know -- why don't we all go to travelocity and check on flights to Pakistan, and then start encrypting all our email?
Or maybe someone could develop a web page that will set us up for encrypted email, and check for flights to Pakistan behind the scenes the first time, first...
Then we might have an interesting test of the security of encryption...
Certificates, bandwidth, cpu power - it all ain't free.
Encryption costs: the obvious - signed certificates aren't free, but also https has higher bandwidth cost than http, encrypting data is CPU intensive - it all sums up.
IMHO encryption will be always limited to the bare minimum - where money and/or sensitive data is involved - and that's fine: why the hell would I want to encrypt anything else?
For most of the Web surfing that I do, full https encryption simply isn't needed. Why do I need encryption (which adds another quite significant protocol layer) to surf Slashdot or CNN or xkcd?
OK, granted, I probably should use encryption or TOR for that last one or the 'raptors will catch on. But other than that... why?
Paleotechnologist and connoisseur of pretty shiny things.
It costs a nonzero amount to get a certificate at all, and a self-signed certificate is barely better than raw http.
It also costs a nonzero amount in server CPU usage and/or dedicated hardware to do the crypto itself, especially the https sessions. For example, Google App Engine will handle the SSL for you for free, using a wildcard cert for *.appspot.com, but the crypto does count towards your CPU quotas.
These two factors suggest that it makes sense for crypto to be used only where needed, rather than using it everywhere we can. Combine that with corporate sluggishness to approve any spending, and you can imagine why even where it is needed, it can be an uphill battle to get it actually adopted.
Don't thank God, thank a doctor!
Ever since our company fell for all the marketdroid hype from Cisco for VOIP and dumped our old but reliable PBX system we've had one problem after another. The new system has been as unreliable as its possible to be whether its large data loads being done over the network causing the voice quality to go through the floor or a network outage killing the system dead or SIP server bugs or just bugs in the IP phones themselves.
VOIP for the office is hype - all it does is save on some cabling and wall sockets which had already been installed and paid for anyway! Well whoop de fucking do. Talk about Emporers new clothes.
...the crypto responsibility moved to the network where it belongs. It can and should be completely transparent to the end-user, and non-optional.
Want to send something via FTP/telnet/http? Fine, go ahead. We'll encrypt/decrypt it silently on your behalf anyway. No need to give it a second thought. Want to encrypt it yourself? Fine, go ahead. We'll encrypt/decrypt it all again, our way.
The answer got leaked a long time ago
No kidding. I mean using HTTPS for most websites? Why in the hell would you do that? If the site is public, well then that means anyone can look at the information anyhow. What would encrypting it gain?
Also encryption isn't free. It takes CPU time (or dedicated crypto units). This isn't a big deal on client PCs, you tend to have plenty of power, but on servers it can be a problem. You can end up needing to get more power if you are going to do a lot encrypted.
Encryption should be used sensibly, not indiscriminately. If there's a password involved, yes that password needs to be encrypted. If the data is sensitive or private in some way, yes that needs to be encrypted too. However there's no reason to encrypt something that is public anyhow. It's just a waste of resources.
because encryption breaks things and makes them run slower. Caching proxies fail with encryption. Error rates increase with every level of complexity, and fixing them gets less likely. Making computer work together is still hard, so making it artificially harder is retarded. I hate DNS-SEC, and I hate the push for encryption for no reason.
As another poster said, the bulk of security problems are not solved by encryption. Many problems are caused by poor attempts at encryption.
- deadshift
Most data traveling in the clear has little value. What value it has may be momentary. A week from now, it is worthless.
Heck, most encrypted data has little value. The fact of the matter is most data is worthless junk.
I was the backup administrator for a Fortune 500 company's branch office of 1,500 users. I have a pretty good idea of what data existed because I was responsible for keeping it safe. Of the terabytes upon terabytes of data sitting in the archive, I could have put the worth-encrypting sensitive company information on a USB thumb-drive. There was really that little of it floating around.
So, the reason most data isn't encrypted is that there really is no reason for its encryption.
Cheers,
Matt
In 1994, I wrote a rant to my friends telling to "get encrypted or get pwned*". Paranoia of that day (new prez, newer congress, Blue laws, Waco, Ruby Ridge, OK city yet to happen) We went through a bit of wrangling to get PGP keys and such. We were not n00bs, but it still seemed more difficult than it should have been. We encrypted our emails, and even our chats... for a while. When we realized that nothing we were saying mattered to anyone interesting (pick a 3 letter acronym), we stopped bothering.
.DOT file comes off as wacko.
But now, it seems like delusional paranoia to think we need to encrypt our every day stuff. I still have that rant on file, and it seems pretty kooky in retrospect. Having to explain the wisdom of encryption to someone who can't open a
*no, I didn't use that word.
The techniques discussed here address only the data in transit. While IO haven't seen anything other than anecdotes, my sense is that the successful attacks have been at the server/database/file level; i.e., static data.
There, I've seen the network guys and the application people pointing fingers at each other saying "encryption is HIS job, not mine.", when it's BOTH their jobs, IMO, since different techniques apply.
The basic reality is that most information really isn't all that private, and that managing certificates is rather tedious and expensive.
People don't generally whisper when they're talking to their friends in public, or talk in code, or anything much else. They don't care too much who overhears. If something is supposed to be secret they take the appropriate steps.
The same is true for web traffic. Most of it just doesn't need to be all that secure. Sure bank details need to be private, and a few other things, but my google search doesn't really need to be. Google is already storing it, and why would anyone bother to spy on it, or care if they did?
The exception to this of course is e-mail which is more of a systematic failure than https or ftps. Most people would indeed like their e-mails to be private, but while webmail providers are starting to provide https interfaces, real, honest to goodness, e-mail encryption is just too damned hard. Key management becomes impossible past more than a couple of keys and the whole process is just incredibly tedious. The person who comes up with a way to get e-mail encryption in a way that isn't too much hassle and doesn't involve storing all your keys with some "trusted" third party will have a license to print money.
First, keep in mind that name-based virtual hosting with HTTPS is very limited. With few exceptions, you're quite restricted in your ability to host multiple SSL-encrypted sites on a single IP address. Most often, one must instead assign each SSL-encrypted virtualhost to a dedicated IP address. If every website was, today, to switch to HTTPS-only operation, and if the RIRs were to allow it, we would immediately run out of IPv4 addresses. You can argue that we should instead be using IPv6, and I might agree, but we're simply not there yet.
Secondly, performance is a major consideration for many companies. This is especially true for internet marketing & advertising efforts, for whom every millisecond matters in their ability to serve their content. Advertisers are unlikely to prefer SSL over unencrypted content. Worse, marketers are those most likely to desire poor security practices in order to gather information and track users, while also being those that provide means of financial sustainability for many sites. That is, if the marketing companies won't go for it, the companies being paid by the marketing companies won't go for it.
Thirdly, cookies and other domain-specific security measures may not be functional via HTTPS, depending on the browser's security configuration. Some browsers provide warnings or block unencrypted content sourced by encrypted pages, or originating from another domain. These security profile of the browser may be much different for SSL-protected sites than for unencrypted pages. Ultimately, this would prevent, discourage, and limit advertising efforts which (again) drive the sustainability of many sites.
In the case of email I am not using encryption because none of my business contacts are. It is kind of like with MS Word. I would love to use something different and I never mail out doc files, only PDF, but if everyone else is doing it's hard to stand your ground.
How often do you speak out loud in a public place?
None of that is encrypted. Someone might overhear you. Break out the tin foil hats!!!!
The other issue is that there is some inherent risk in data encryption. It's another thing that can break. If my data gets a bit corrupted, I can probably recover most of it. If my encrypted data gets a bit corrupted, I don't have such confidence. It depends on the way it was encrypted, and the decryption tool.
I'd agree - most of what really, really needs to be encrypted already is. And there is definitely a diminishing return as we encrypt more things.
Velociraptor = Distiraptor / Timeraptor
The flip side of a "false sense of security" is an "under-appreciation of importance."
In spite of the dismal state of security on the internet, most attacks are still based on human engineering. In other words, the people are still a weaker link than the horrible software security we currently have. Beef up our software, improve certificate and key generation and distribution, and the human engineering attacks would step up. This time they'd have new targets - certificates, private keys, etc. Given the current state of things, such attacks would get exactly what they're after, in too many cases. The real problem is that because "now things are secure" more trust would be placed in internet communications and more money/reputation/etc would be placed at risk. Bad things would happen until we properly recalibrated our habits - or our expectations.
The living have better things to do than to continue hating the dead.
I think the reason is the utter failure that current PKI infrastructure is. Dan Kaminsky's talk at 26C3 opened my eyes:
http://www.youtube.com/watch?v=RE_Z-HKzRW0
Until a couple of years ago, I was a consultant for a large three-letter firm (not IBM) that got a project to implement an internal certificate authority that would be trusted by external partners, in support of email encryption.
Some other projects came up that I needed to do and we started searching for someone else within this 20,000+ employee technology company that could do the project and had at least some familiarity with PKI issues.
There was noone.
Couple that with the fact that we were getting the CA signed by an internal division of the company with a globally-trusted root CA, and that division had precisely two employees. To run a public root CA.
I've been in IT for over 15 years, and I think the number of people I've met in that time who see PKI as anything other than a magical black box can be counted on one hand with fingers left over.
In many cases, the very reason that encryption was not part of a corporate security policy is...well ignorance and/or stupidity on the management part.
They would rather rely on security by obscurity.
I don't have figures handy, but I assume encryption would "waste" a sizable amount of computing power, for no apparent benefit.
Encryption is a big problem to handle.
You are more likely to lose your keys than your privacy; there's just so many ways to get it wrong, even on the lowly USB memory stick, and end up losing your own data.
blog.sam.liddicott.com
Having worked in a company that makes Ethernet adapters that implements IPsec offload, I can tell you EXACTLY what's holding up encryption across the network: Cisco and possibly a few other network hardware vendors. The problem is that they can't see into encrypted traffic, and they want to "own the network". If they can't see into the traffic for deep packet inspection, route optimization, traffic steering, etc. all their fancy hardware becomes pretty neigh useless. And encrypted traffic cannot be viewed by "lumps in the network". And these "lump makers" are, unfortunately, influential enough to make commercial implementation difficult by others. In fact, the best, most effective encryption is done as high up the stack as possible so as to protect the traffic from as many lower layers as possible. And, if you study the problem carefully, you'll see that you actually need encryption at several layers to properly protect the entire attack surface. But you either have to do this cleverly with existing protocols - possibly getting into vendor-specific solutions that would need to be standardized, - or create new protocols. Just applying SSL/TLS to everything is not the answer. As I said, solutions exist even at some large companies that could bring them to market inspite of Cisco. But to bring them to market, there needs to be some market pull from the user community for effective cross-network encryption, which, so far, does not exist.
To answer the original question, the thing holding back encryption is the above mistaken attitude, that using a self-signed cert is barely better than using plaintext.
There won't be a push for improving the cert system (e.g. by moving to an OpenPGP WoT or something) until more people are encrypting, And people won't be encrypting until they get over their foolish attitude that it's pointless to force attackers to use MitM instead of passive snooping.
When more people start to realize that it's a good idea to force their opponents into doing expensive and risky things, then they will choose to do that and start to use (poorly-authenticated) key exchange. Once encryption with poorly-authenticated key exchange becomes more common, people will start to see a benefit to improving their authentication, so they'll attend more key-signing parties, or exert market forces within crippled single-signer systems to have cheaper CAs, or whatever.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
When will Hotmail finally implement full-SSL? Gmail has had this for a long time now.
I'm surprised nobody brought up -- needless encryption makes a *huge* headache for running diagnostics on any sort of server. If any sort of script is not working, there is difficulty in evaluating what is happening, and even network diagnostics is much more complicated.
Additionally, encryption wastes a lot of CPU cycles if not needed. Although a small argument, this slows down networks and costs $$$ by burning fuel.
Finally, you have to make sure encryption is done right to be secure. If you encrypt everything, it is more difficult to see where there might be a vulnerability because there is more to audit. Think of the analoy to personal encryption -- unless you work for the NSA or something it is much better / easier to encrypt a directory on your disk with personal stuff than trying to encrypt your whole logical volume.
Which would be easier to recover from if you had a hardware fault / disaster?
Slashdotter, ID #101. UIDs are in binary, right?
PKI might be theoretically secure, but it is to damn complex to set up and maintain in the face of issuing and then managing certs including expiration of same, email addresses that change causing a cascading exchange of certs, case mismatch between the sender's email address, e.g. "joe.blow@example.com" might not match a cert issued to "Joe.Blow@Example.com", etc.
Same thing's true for trying to set up https on websites. But I'm disappointed at how many corporate high-confidence (e.g. bank) websites don't start off with https these days. They can make the purely server-side investment. Unlike email and point-to-point connections, at least web server security is encapsulated on the server.
Another problem is that most of the time you just want a simple "did this message come from who you thought it did", but the cert authorities add to this confirmed identity. That means you have to pay a company like Verisign a lot of money for an identity cert where they require you to show up with your passport, etc,. Again, -overkill- for what most people need, mostly they want to make sure there's no interference with subsequent messages from the same sender.
The error messages in general are not helpful, in part due to bad human factors engineering and in part due to policies that want to prevent covert channels (akin to the lack of distinction between 'file doesn't exist' and 'file exists, but you don't have access')
It took me several years to get reliable PKI certs working for encrypted email on Thunderbird, but all that broke when I moved my mail over to Apple Mail.app. I'll probably have to move back to Thunderbird (even though there are things about T-bird that I actively despise.) Part of that complexity is exchanging individual certificates with others, and part of that is trying to connect to external corporate LDAP servers to get certificates for new correspondents. (Seems that most mailers assume a single internal LDAP server, and don't provide support for connecting to ldap.xyz.com for XYZ employee certs, ldap.abc.com for ABC employee certs, etc.)
And then there's Smart Cards/Common Access Cards, which work OK if someone who knows what they're doing configures a Windows machine, installing third party software, etc, etc. A security measure that only works on Windows is questionable (and that's before the well-documented problems with Windows vulnerabilities, allowing people to get 'inside the firewall'. Just ask Google, Adobe, etc...)
As someone who's been using personal computers for over 30 years, if -I- don't have patience with this, it's certainly not ready for mom-and-pop.
It's the keys, stupid.
I second this! This is exactly what's keeping most businesses I talk to from using it. Because of the lack of standards, your implementation either isn't compatible with everyone, or if it is you provide a bunch of really complex options that only PhD's understand.
This also produces fear...IT management doesn't understand all those options and the implications of one over the other, and don't want to be held accountable for encryption that doesn't work.
Until there is a simple, uniform and free way to implement certificate authentication, it's just going to wallow.
But I'm not really using encryption because
1- I don't have much of value to encrypt. Clearly, that's not the case for everyone, but encrypting my to-do list, address book, birthday list, and pathetic attempts at programming seem very much overkill.
2- I don't feel confident I would do encryption right. I COULD encrypt my password list, but right now it's on a piece of paper hidden somewhere. If it were on my PC or cellphone, even encrypted, I'm not confident that i would be using a secure encryption method, nor that it wouldn't be short-circuited by a trojan/keylogger
3- I'm afraid I'll get encrypted out of my data. A few times a year, I have to clean up my HD and recover broken files. What happens when the files are encrypted on top of it ? Any way to recover them ?
4- Is encryption reliable ? what if I can't recover my data after I encrypted it ?
5- I'm not sure what programs I should use. Windows has some basic stuff, then there's PGP, Truecrypt...
The Cloud - because you don't care if your apps and data are up in the air.
Put simply encrypting content is just too much effort for most people. I've only ever had dealings with one company that preferred to use crypto. No one else cares.
The only way crypto is going to see wider adoption is if its turned on by default and virtually a no-brainer to use. It has to be virtually transparent. I think it's well past the point of ever happening, although it might gain some traction if a major mail provider such as Google issued all users with a keypair, made it the default to sign outgoing messages.
The question is why Google or any other provider would bother to do that.
An interesting take is the paper titled "why johnny can't encrypt" (no link, only a google away). That clearly shows lack of user education. And that in turn shows a plethora of problems. Such as there are:
People have no idea why it is needed. And then it gets worse. We haven't figured out how to make it as easy as sticking a key in the outside kitchen door. We haven't figured out how to show that something is trustable. For that matter, we haven't properly defined "trust". Currently it comes in two basic flavours. One requires you to specifically assign two values unclear and mutually confusing values to each and every key (how's that for transparency?) and any GUIs around it simply echo the already confusing messages from the underlying layers. That is, they don't FIX anything (nor should they), they just put a pretty face on the confusion (but that doesn't help). Two requires either declaring you trust yourself and getting everybody else to trust you declaring that, which causes most applications to ungracefully barf unless and until you kick them into submission again, or, and that is really a triumph of capitalism, you can pay someone else to declare trust and charge you through the nose for it. That gets even better when *cough* certain vendors *cough* effectively disallow you to not-trust some of those parties by adding them right back to the store of trusted parties after you've expliticly removed them, without telling you. Lovely icing, this cake has. The bottom line here is that these commercial parties only protect you from evildoers they aren't willing to take money from.
So, moving forward, go read the GNU privacy handbook, and if you are terminally bored, go read up on PKI, x509, the OpenPGP specs, but minimally do include Peter Gutmann's "Everything you never wanted to know about PKI but were forced to find out" on your reading list. Try and understand what both systems are really about.
Then it gets fun: Play a little game of what if? and ask yourself what you would do if you would get a signed email from your mom and it doesn't check out. Now ask yourself, how do you explain to your mom, supposing you got her to use crypto in email, what she should do if she gets a signed email from you and it doesn't check out. Do you have a clear and concise answer to this?
Compare with what you would do if you go to a website and your browser starts to complain about the certificates used. What do you do? How do you get the information you need regardless, and in such a way that you can trust that information? Could you trust it in the first place, given that it came in over an encrypted link? What does the certificate chain do to the trust you assign to the information received?
And so on, and so forth. Does the very act of casual encryption as currently done still make sense to you? Does paying a party you have never met for a certificate make sense for anything but shutting up the browser?
I for me think that we need a single system that can do both hierarchical and web-of-trust type key/cert trusting, and we need to re-think what this trust thing means, and what to do when trust fails. We certainly have not figured out the SOP of what to do with many of the innumerable ways crypto can go wrong. And until we do, using crypto remains specialist work.
One of the most disturbing trends to me has been the rise of a lot of SIP based VoIP services (and client software) that offers no encryption. The thing is, there's been a couple IETF RFCs which specify how to secure SIP traffic for a few years, I believe (I'm not exactly sure how it all fits together, but I've read about SIPS, ZRTP, and SRTP).
Skype, of course, does use Encryption, so the most popular VoIP service is using encryption, *but* I'd like to see more VoIP providers offering it as part of their service.
Two of my imaginary friends reproduced once
Who reads your plain text mail? We do, we do!
I work with a vendor that implemented a nice secure upload facility for their support services. I'm sure it's secure, but I haven't been able to use it at a single customer yet because of firewalls and plugin blockers and who knows what else. So instead of using the plain HTTP which they so kindly removed, I now email everything to them instead. Luckily they got an intelligent script that'll parse mail and file it to my case.
Live today, because you never know what tomorrow brings
Exactly!!! if malwareshitstorm.net is encrypted and the files are signed then why not get the new "codec" needed to get free Pr0n. After all it is all encrypted ans safe. After all who would encrypt something that is not safe and trustworthy.
What's holding back HTTPS is the lack of IP addresses combined with the lack of support for modern versions of TLS...
As it stands, you need 1 IP address per HTTPS site.
What's holding back SSH and causing people to continue using telnet is a number of factors:
1, windows doesn't have an ssh client by default, only telnet
2, some networking vendors (eg cisco) charge extra for ssh support on their devices
3, lots of lower end networking devices only support telnet
What's holding back FTPS and the like is much the same, lack of client support and lack of user knowledge, FTP as a protocol pretty much needs to die anyway, it doesn't work well with NAT... Encrypted FTP is even more broken on NAT because the nat device cannot watch for the ftp commands and open up the appropriate data ports.
When you offer hosting, customers demand to use FTP and often refuse to even consider more secure alternatives.
Also, most email being sent is still completely unencrypted.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The problem with Encryption is not the protocols it is the management. Until Windows automagically installs and sets it up for you it is not likely to get heavily used outside of places where the expertise already exists.
There's a large, but slow, movement in the storage area and that is encrypting data at rest. Either in the disk array or on the tape. Both require dedicated hardware either in the array or on the tape drive to be practical and not impact performance. While you can buy current generation tape drives that encrypt data on the fly the pain becomes managing the keys. Now there's plenty of solutions to do Key Management, however many customers I've worked with on this are always afraid of losing the key. We tell them to create a hard copy of the encryption key (or put it on a USB thumb drive) and put it in a safe. You have to be a lot smarter when it comes to dealing with encrypted tapes as it's nolonger in the event of a disaster, "ship the tape from NY to LA" and restore the data. It's also about making sure the correct key is present in the LA datacenter when that tape arrives.
Dealing with encrypted disk based data can be even tougher, especially when you're dealing with replication (SRDF/timefinder/PPRC/Snapshots etc..) Because now you're encrypting a volume/lun and replicating that between datacenters. So either the lun is de-encrypted when it leaves the array or you've got the problem of making sure that the lun/volume stays with it's associated encryption key.
What's wrong with data at rest from a security standpoint? It's not walking away with a tape/HD full of encrypted data, it's a compromised hosts that mounts the filesystem or restores the tape. Hosts always have access to unencrypted data. I don't see encryption being used within the application itself until everyone is willing to purchase encryption offload engines for all their servers as it's too taxing on the primary CPU to encrypt everything.
It's like what's holding back Google Wave; there's no one to talk to. I've had encryption setup for about a decade. I've tried convincing people to set it up. In the end, I'm talking to myself.
If encryption is going to go mainstream, then setting it up and using it has to be the default configuration. Pretend it's a new version of Microsoft Word, defaulting to a new file format. There you go, everyone has upgraded (kicking and screaming).
Apple, Microsoft and Linux distributions need to establish (and export) new keys (or import existing keys) as part of the first boot processes, and use encryption if the destination user has a key by default. It's the only way it will happen.
Can You Say Linux? I Knew That You Could.
Most businesses don't offer encryption because their customers don't demand it. Most users don't demand it because there is no penalty for not using it.
Sure, not using encryption can result in identity theft, someone sniffing your password, someone getting into your financial info, etc. But how often does this really happen? Most users perceive the benefit to be non-existent. "I haven't had a problem before, why should I change now?". Having your financial information ruined is something that always happens to "other people".
Companies have a financial incentive to discourage encryption because it costs them money (regardless of how little) to implement it. They also have financial incentives to poorly protect and secure their customers' data and to lie to customers when their data is leaked.
Oh, all of our customer's credit card numbers, names, addresses, and other personal information is now available on the internet because someone lost a laptop that should never have been taken outside of the building? Let's just cover it up.
Someone leaked to the press that we had a security breach? Let's lie and say that there's no risk to customers.
People are now having their identity stolen because of the leak? let's sue to keep people quiet and offer tiny settlements with NDAs.
We're not going to see encryption become widespread until:
1. Customers demand it. (Which won't happen anytime soon, see above)
2. A bunch of congressmen have their personal info leaked because of a fuckup and they pass some laws about securing personal info.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
People don't think it is actually worth it. Besides, HTTPS alone doesn't halt man in the middle attacks, when user's browsers can accept bogus certificates.
This is my sig.
Free server certs exist STARTSSL.com
For awhile, the CA wasn't included in the Microsoft list, but that has changed for over a year.
If what you are distributing is Open Source or Public Domain, then FTP is just fine. I don't see a problem with half of your communication being unencrypted, provided that same half is not confidential in nature. Encryption should only be used for messages that you would object to seeing on the front page of the newspaper the next day -- but if that is the case, perhaps you shouldn't be sending those messages over the 'net at all!
FTP would be dead if Microsoft would adopt the SSH suite, since SSH has the exact same capabilities as FTP. SSH is the swiss army knife of encrypted networking. Port tunneling is very useful. Less known, but also very nice is the ability to use pipes like this:
echo "hello" | ssh remote_host "cat > hello.txt"
You could use it to make a large backup without consuming disk space on the local machine.
tar -zc directory_to_backup | ssh remote_host "cat > backup.tar.gz"
It also works very well with rsync. Combine with hard links for a great backup strategy.
I like to see the surprise from Microsoft centric developers when they discover what SSH can do. They seem to all have this false assumption that it's just for getting a shell on a remote UNIX system.
Though I haven't kept up with SSH development on Windows, two applications I've used on Windows are: WinSCP and PUTTY sshwindows also looks interesting as I use cygwin + SSH
FUD
I've been looking into putting TLS on my mail server. The instructions are not very clear. It seems certain that I will require a 3rd party certificate. But I don't find anyone offering a TLS certicate; only SSL. I'm assuming that an SSL certicate is what I need but NOBODY says that; you know what happens when you assume.
Then there is the cost. They do cost and it is not a one time cost. The certificate system does appear to be structured to maximize cost. Right now, you have either a self-signed certificate or a 3rd party certificate. How about a self-signed certificate that is authenticated against my 3rd party certificate?
It occurs to me that TLS could be used to reduce SPAM. AFAIK, most spam is sent by spambots. If all legit mail servers used TLS and spambots didn't have access to a verifiable certificate then they would not be able to operate.
Isn't one of the goals of encryption to make your message indecipherable from random noise?
How would one know whether you downloaded an encrypted file or just downloaded some random noise?
Why should I go drop $1000+ for a SSL cert from Verisign for my website when its not passing any sensitive/confidential information "just because"?
The biggest problem with encryption and security in general is the user. The user wants everything out of the box and as easy as possible. I run across way too many home users who don't even have a login password on Windows. I've been trying to use PGP for email for years but I can't get anyone else I communicate with to use it. Most likely even if they did, their passphrases would still be things like "password" or any other password no no's. It's not even a matter of educating the user anymore. A lot of educated users still just don't care. If it's not something they're interested in, they won't do it. Striking the balance between convenience and security has become and impossible task because in the end convenience (read: laziness) will trump all.
Maybe when getting a server cert is free/easy people will do it...
I hate buying/installing SSL certs for clients. But:
How exactly are we supposed to create an "identity verification" process that's "free?"
The whole point of an SSL cert is supposed to be that someone, before issuing it, did some good old-fashioned sanity checking against the application and said, "yes, this person really IS the owner of the domain BankofSeattle.com"
How are you supposed to make that process "free?"
I wish it were easier. I do it all the time and hate it. So this is a sincere question.
But let's not assume it's ever going to be "free." Free, by necessity, means no human is putting any labor into it. Unless we are going to create an open source non-profit SSL issuing authority.
Ooh, sounds so very fun and stimulating. Any volunteers?
I wish *EA* would use hashes or something of the sort on their databases. Last time I tried to reset my password the damn thing mailed me that actual PW in plaintext, which indicates to me that they're too stupid to realize that:
a) Storing non-hashed passwords in a DB is a good way to get hacked and expose all your customers accounts. It's really quite dumb
b) Email is an insecure medium for sending somebody's password down the wire
"Most websites are still using unencrypted HTTP." ...and should be unless security is specifically required as a priority. Pick the right tool.
You asked a simple question, you deserve a simple answer: Managers.
Over my years in IT, I have seen too many decisions being made by people who haven't updated their IT knowledge for 10 years or so. People who think that "FTP" doesn't stand for "Fuck This Protocol" and to whom SSH is "this new encrypted remote login tool". In addition, crypto is inherently difficult to understand, and a lot (I can't emphasize that enough) managers simply don't support anything they don't understand.
Cisco had the right idea of VPNs and making the whole encryption "thingy" become invisible. Unfortunately, that too required some managers to make decisions.
The only places I've ever seen where encryption is used a) consistently and b) well is where someone very high up understood at least enough about the issue to roll out a general policy or put a security officer in place and gave him authority over such decisions. And then proceeded to fire at least one high-ranking middle-management idiot for violating the policy.
Assorted stuff I do sometimes: Lemuria.org
When systems fail they often fail gracefully and often provide you a hint of what's failing. Your image server is broken? Ok, no images but you still get the text and it's plainly obvious there is a problem with the image server.
When encryption fails, you are usually dead in the water with no inkling of what went wrong or how to fix it. Letting you know what is wrong and how to fix it is often considered a security flaw (for example, the classic approach of being vague about which part of your username/password combo is wrong).
Encryption is either all working or all not working by its nature. It is brittle by design and a pain to use as a result.
DNSSEC has absolutely nothing to do with encryption. Nothing is hidden and the resource records are still in clear text. DNSSEC is about integrity of the resource records.
But DNSSEC can be a catalyst for encryption technologies. DNSSEC allow you to put certificates, ssh-keys, etc in the DNS in a secure way.
JB
In the USA, there are nasty regulations on the export of encryption, which been included under the Arms Export Control Act (http://en.wikipedia.org/wiki/Arms_Export_Control_Act). This law has been extended and manipulated in unconstitutional ways: this used to be done as regulations under the Customs department, but were found to be unconstitutional there, and were transferred to the Commerce department, where they've been made somewhat more sane in the last decade but remain burdensome to software authors.
These regulations are not directly controlled by Congress, they're authorized by the Arms Export Control Act, so what is actually in them is confusing and serves the goals of the current administration, not Congress. It seems clear that whether the regulations are designed only to preserve the ability to eavesdrop on foreign communications, their direct effect is to protect the ability to eavesdrop on almost all civilian communications.
The case of Phil. Zimmerman, the author of PGP, being convicted of exporting weapons under this act simply illustrates the point. PGP could have been released for general use 10 years earlier, and incorporated in every email client in the world as a matter of course, if it were not for this regulation. DES suffered similar regulatory problems in the 1980's, and SSL suffered them in the 1990's and still suffers them.
ease of use?
For example e-mail: it is hard for the majority of people to generate a key, select the appropriate strenght/algorithm, know the difference between public and private keys, notify their friends about their keys (and key changes). It is just too much of a hassle, so even if you want to use it yourself, the majority of the people you communicate won't.
Take skype for example (though closed source), they claim to encrypt your calls and video chats using 1024bit public/private RSA keys. The end user doesn't even realize it happens. The same goes for SSL, from the perspective of the end-user it 'just works'.
Unless there is a real necessity, people won't make an effort and just go for the easy way. Therefore it should be easy.
The fun part is that the (UK) cops can demand a decryption key for that, and lock me up when I inevitably fail to provide one....
In the UK, local councils can view your phone and email records, unbelievable as that is. It is a power granted to them under the RIPA Act and it's not just a theoretical power either. They have used it to spy on people for all manner of reasons. Due to these intrusive powers, public usage of encryption etc should be much more common than it is.
I keep hearing everyone bitch about how hard it is to do wide scale encryption with so many user computers to configure, but I have found things like ssh port forwarding between offices to be an incredibly easy and secure solution to much of my encryption needs. Yea, it does not solve all the problems, but it is sure makes life as a systems admin much easier than trying to keep track of all the various possible protocols and their potential faults. It is possible to just about encrypt anything with a high level of transparency to the end user.
Living in Chile
I'd settle for my damn financial sites not forcing me to arbitrary length limited passwords with only alpha numeric characters.
SPECIAL CHARACTERS and spaces ARE VALID PASSWORD CHARACTERS. STOP LIMITING MY CHOICE IN PASSWORDS.
If I want to set my password to
"*?@> $}}% v ^{@:># >>@@* &&^% £ÜÄ-AbN-
Your site needs to accept that.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been digitally signing all my email for about 15 years; I *tried* to encrypt all my mail, but I've run into two problems: inertia on the part of other people, and poor application support. Thunderbird in particular has had a bug report for "encrypt when possible" for years, complete with a detailed operation to address some of the issues, and no one who has development expertise in Thunderbird will implement it. With that, the people who have keys can start using it regularly and then there's a good reason to get other people to get keys and start using them. Without it, it's "ok, does this person have a key or not" and it's just too much bother for most. Thunderbird isn't the only one: I've looked at other mail programs, and it's always all or nothing. That should be a *choice* (it does have its place), but without a "when possible", there's no graceful transition option.
Then there's DNSSEC, which I've tried to implement. It's a voracious consumer of random numbers because of the vast number of keys you need (if you're hosting a large number of domains, as we do). I bought a usb dongle that is a hardware random number generator, and it *still* takes forever (days) to re-sign our domains, something you are supposed to do monthly.
FWIW...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAktUpfIACgkQIQ3y7i+rW6HDnQCgteApON+rI177T8Ggh8NUPFN0
NIIAoP0gOKvUy636m03supXrmDaCDtQZ
=9RCk
-----END PGP SIGNATURE-----
Corporate / Government security operations centers do not want everything to be encrypted, because it makes it much harder to determine when someone/something is doing something that you do not want them to do.
The fact of the matter is that the CIA and NSA have their hands so deep in all the tech companies pockets that none of them want to make it easy for fear of losing the government funding or monopoly protection that those government agencies provide.
Resistance is futile. Your technological distinctiveness will be added to our own. You will become one with the morgue
First of all HTTPS is totally unnecessary for 99.9% of the internet. The VAST MAJORITY of content is static, or dynamic but doesn't change per user, so it's not generally unneeded. HTTPS adds cost and complexity to the site that is probably not even necessary. Second, encrypted email is nice, but also typically unnecessary. Think about the majority of emails you send? Are you sending credit card numbers and social security numbers in your email? No, chances are you saying "Bill slept with Jan last night" or some other stupid BS that nobody really cares about. Even in company email it's generally something like Did you do this? No, ok. However, in company email it's a little different because the mail server is behind a FW anyway so again, encryption becomes unnecessary unless you're trying to hide something from the employees. As for FTP, seriously? Are we transferring bank account numbers via FTP now? Last time I checked FTP was just used for transferring random files, and assuming you don't have some CIA top secret documents you're transferring via FTP for some strange reason, it's perfectly fine. It's not like it's that hard to setup SFTP if you really need it, but chances are, you don't. In summary, you must not be in the IT field or you would know that the general consensus is make it easy and usable. Security is only a concern when private data is really an issue (CC/SS/etc), and all of those type of sites are properly secured. And just in case you haven't noticed, every encryption technology that has ever been created, has already been cracked anyway, so it doesn't even matter if these technologies are used, they can still be cracked, and the data read. I'm betting the sheer volume of traffic over the internet is security enough.. nobody has enough time to go through all that.
People don't understand encryption and so they don't use/insist on it. Moreover, it is usually that thing that gets in the way when they want to be productive. I once saw the security manager at our company spend months specially crafting a security policy for the company and then sought board approval so that he could reign in the CEO and COO anytime they balked at the policies and procedures put in place. This is the 'iron fist' rule which does more to educate than any other tool. When forced to go through the hoop many times, the process becomes simpler. The lesson to be learned here is to design systems that security is understood and mandated. That education and knowledge transfer become mandatory and not optional. This also helps to illustrate and point out the stumbling blocks for poorly designed or cumbersome systems. For instance, ClearOS provides only 2 factor OpenVPN configurations for client VPN access to the network. Because key/password authentication is mandatory, efforts are made so that user key self-service is provided. If another method were provided that caused less friction, then the users would not sufficiently test/validate the process, training, or education of the secure method.
Please. I use to work for a mid-sized company that dealt with Fortune 500 companies. Companies that required us to use specific programs for FTP and accessing their systems. Despite several warnings, several long talks, we still had one account manager in our company that refused to follow the guidelines set out by our clients and used IE for all of his FTP traffic. We were dealing with companies paying us millions and we couldn't get one jackass to follow the rules. Even under the pressure of the IT department and the possible loss of a client couldn't get him to change his ways. Rather then fire the idiot, they moved him to a different client. Just goes to show that even when you beat someone over the head with rules, guidelines, and facts, they're still going to do what they want to do.
- Goran
Carpe Scrotum - The only way to deal with your competition.
SSL and predecessory try to prevent forged messages in addition to providing encrypted communication, adding the unacceptable overhead of handling a key infrastructure, purchasing certificates etc. where for most uses encrypted communication alone would be sufficient and could be achieved in a much simpler, cheaper way (especially when authentication is achieved with passwords anyway). So we're not encrypting traffic and not preventing eavesdropping because preventing forged messages is too hard/costly - congratulations! On the other hand, one should consider the implications of the false sense of security for the layman with only encrypted traffic - which is similar to what we have now with SSL being broken (MD5 etc.)
"I love my job, but I hate talking to people like you" (Freddie Mercury)
People aren't going to implement encryption, but their software might implement and do it all for them.
The consumer mindset is that if it was important the software would take care of it for them. If that sounds like criticism, well it is, but not of consumers. They should be right, partly because they think they are paying (in $ or advert eyeballs) for the software to take care of whatever is important, and partly because it simply wont work any other way. It would be pointless if I installed encryption software on my email client, because I'd need to get everyone I email to have compatible encryption and for them to use it.
It shouldn't even take much industry co-operation to get the ball rolling, according to this more than half of email is conducted through MS clients. Add Yahoo, Google and Apple and you have 90% (admittedly, some of those clients are quite old).
You might have already thought of this, but do you ever use passwords which start or end in whitespace? Or perhaps include non-printing Unicode characters?
OTOH, I recommend using vendors who are less clueless, rather than more. Thanks for sharing your experience.
If you only encrypt what is sensitive, you are flagging your communications as being important. If everything is encrypted, this protects even more your sensitive data. This is a good reason to push encryption everywhere.
What real attacks does HTTPS with a self-signed cert protect against?
The first time I visit your website, it provides no protection at all against a MITM (Man In The Middle) attack.
If the browser caches the cert, then it provides protection the second time I visit your site. However, if you then change your cert for any reason I'll get a bogus security warning. And that's the exact same security warning I'd get if there was a MITM attack, so how do I tell the difference?
Now I suspect you're thinking of passive evesdropping... that's such an old-fashioned attack. Modern networks are switched. So almost any scenario where I can evesdrop, I can also MITM. Even if you're using an unencrypted WiFi access, I can just set up my own base station and arrange for you to connect to it.
The problem is not data leaving the network, it's data leaving the company. Bar eliminating the user or chaining him to the desk, if anyone who knows, or can get to know (i.e. internal access) something valuable, then it can be stolen, even if he/she has to memorize it.
nec sorte nec fato
Sure, everything could be encrypted but encryption data requires more bandwidth to transmit the same amount of data. This would make your internet connection appear slower. It also requires more processing power to encrypt and decrypt, which again, would make the internet appear slower for the end-user. It's not just about speed. Because of the increased computational effort, it would require more power to do equivalent tasks. This means laptop batteries would not last as long, and it would increase greenhouse gas emissions because ultimately that means power plants would have to produce more power. For sending important private data, sure, encrypt that stuff...but let's not all get paranoid and ask that EVERYTHING be encrypted.
As I see it, the problem is less with the technology, and more with providers' lack of steering users there:
1. While this is definitely better these days, in the past, it was common for POP3 tutorials from e-mail services, or FTP tutorials from hosting providers, to describe the unencrypted way of getting in - no doubt because it was the easiest way to get the customer what he wants, and least prone to errors. Many people who learned how to do what they're doing are probably not even aware their connection is unencrypted, or that they could, in fact encrypt it. And even if - they'd probably argue "What for? Why would anyone want to steal the password to my e-mail account?".
2. Redirects. It's a very simple thing: Automatically redirect users to the HTTPS version of websites. No user thinking involved - just set it up and let them enjoy the shiny padlock. Yes, the very large players do this automatically for logins, but the vast majority of small websites, e.g. mom and pop running an osCommerce installation, do not. The user enters through unencrypted HTTP, and proceeds to do what he wants unencryptedly. Had the server just redirected him to the secure site as he entered, he would do the exact same stuff, not having to waste a thought about security, and would still be secure.
3. Lastly, setup. I have a small VPS, and I, in fact, recently tried to set up SSL security for the sites I host. I can't. At least not within a reasonable threshold of effort. Why? Because SSL sucks to set up for virtual hosts. The only thing I could easily do is set up one certificate per IP, and I only have one shared IP for all accounts. Add to that Mozilla's oh-so-brilliant decision to auto-block self-signed certificates, and you end up in a situation where many smaller and non-corporate admins would like to employ secure connections, but they can't, because the setup is needlessly complicated, the easy ways to do it are being blocked, and basically the only way to actually get there is shell out more money.
The Mozilla team justified its decision to auto-block self-signed certificates with the fact that one can get "real" certificates for free from StartSSL. Well, I went there. I tried. I utterly failed. Because having a free certificate for every domain doesn't mean jack shit if you can only deploy a single one - or would have to dig deep into the config for hours to get it working for all of them. ...and that's all not taking into account that certificates expire, and once you committed to going "real", getting new certificates for all sites becomes a periodic task.
I mean, we're talking about a situation where it's easier to tell all users to whitelist an "invalid" (self-signed) certificate than to get real certificates working properly.
Summary: On principle, the technology works fine, but The Powers That Be are not using their powers to quietly encourage its adoption (e.g. by just not offering unencrypted FTP anymore, period), and those responsible for the technical side have created a system where it just sucks to offer encryption.
If the users are not encouraged to use encryption, and the admins are discouraged from offering it - how prevalent can it get, really?
Most browsers still have a warning that cannot be bypassed whenever unencrypted content is linked on an encrypted page. The existence of this warning assumes that the end-users understand the basic HTML security model (laughable in the vast majority of cases) and that the server code is buggy and might allow secure data to be sent insecurely. This prevents caching of items on encrypted pages that really should be cacheable (most css, most images, most flash, most javascript). Using SSL despite the lack of caching reduces website performance and increases hosting costs (so that's not likely to happen except when the added security is worth the added cost and wait). IMHO there should be some kind of explicit unsecure-data-within-a-secure-page protocol (httpu://? httpp://) that prevents the browser warning but allows unsecured css/images/javascript/flash/etc. within secure HTML. This way, all those items could be cached at any point along the way (proxy servers, browser, etc.), and we could still provide warnings for buggy websites that unintentionally included content with http://./ A one-time warning similar to the "switching to secure!" warnings could be included for security-paranoid users, and a different icon for pages with this type of content could be used. Ideally, for those same paranoid users, there'd also be a way to quickly asses WHICH items on the page were insecure, like a button that turns on/off the display of either the secure or the insecure parts of the page.
"O'Connor, smash the window." "Why me, Bigboote?" "It might be boobie-trapped!" "Oh!"<smash> -Buckaroo Banzai
Back in the late 90's I was hopeful that easy to use encryption plug-ins for mail clients would finally bring encryption to the masses. But when gmail came along, with a Gig of space and full text search through your past, end-to-end encryption was finished.
Currently I'm hoping for crypto id tokens to catch on to stop all the id theft issues, but I'm not exactly holding my breath.
I think the only feasible thing for that is for the Government to hand out crypto tokens with a central auth server, and severe penalties for abuse (much like mail fraud), so that at least there is one *good* way to be identified as who you say you are.
Say what you will about Big Brother, but at least voters can do something about government abuse of personal information. Corporate abuse is absolutely unregulated.
In Soviet Russia, articles before post read *you*!
Really, most things which should be encrypted - are.
First, I'll tell you that I don't think that's true. Even in the past few years, I've seen a ridiculous amount of confidential/sensitive/secure information pass over the Internet via unencrypted channels. A lot of people still use FTP and send sensitive information via email without any additional protection. Perhaps you're encrypting everything you should be, but many people aren't.
But even if it were the case, the idea that we should only encrypt the things "which should be encrypted" is problematic too. I'm posting my response here, but I mean to respond to all the people who are saying encryption is generally unnecessary. I'm not saying it's wrong; you may be 100% right that "There's no reason to push encryption everywhere," but it's not so simple; there are also drawbacks to this approach.
The first drawback is perhaps a little paranoid, but it's a little simpler to wrap your head around: by only encrypting sensitive information, you're giving potential attackers a clear target. Metaphorically, if you're trying to protect a bunch of solid gold needles, it may be better to hide them in a haystack rather than in a locked box with the words "SOLID GOLD NEEDLES" printed on the side. Relying on "security through obscurity" alone is a bad idea, but that doesn't mean that you want to share more information with your attackers than you need to.
The second (potential) problem with your line of thinking becomes clear if you translate it into real-world terms: "I have all my valuables locked in a safe in my bedroom, so there's no point in locking my house. After all, there's no point in pushing locks everywhere, especially if it's going to make people think that everything is safe just because it's locked." See some problems here? No, the lock on my house doesn't do much to stop a determined and skilled thief, and most people don't want steal my non-valuable stuff. On the other hand, we don't think it's too silly to want to employ a basic level of security for our physical property. (It may be worth noting, however, that there are people who believe it's a shame that we all lock our houses. I've known people in small towns who don't lock their houses.)
The third possible problem is much more vague and perhaps paranoid, but I believe it's still worth considering: we don't really know what the value is of the information being passed around unencrypted. I'm not talking about people accidentally posting something sensitive through unencrypted channels (though obviously that's a potential problem); I'm talking about people posting seemingly harmless information that may still be useful for nefarious purposes.
Again, I'd like to take this back to real-world terms. Imagine a thief wants to steal something very valuable from me, and there's only one place that I go where there's any security. It's a very secure room with an unpickable lock, and because this is the only secured location, I've already given him a pretty good idea where my valuables are hidden. How can he get in?
Well he doesn't have to pick the lock if he can pick my coat pocket and get the key. He doesn't need to pick my pocket if he can get me to take off my coat. He doesn't need to get me to take off my coat if he has access to the closet where I store my coat. Basically, he doesn't need to confront my security measures head-on, he just needs to find the weakest point and exploit it.
So let's go back to computer security. Let's say I want access to your bank account. I don't need your password if I know the answers to your secret questions. What's your mother's maiden name? Well, I can read your email, and I see there's an email to a guy named "John Smith" where you call him "Grandpa". Since your last name isn't Smith, it's a pretty good guess that your mom's maiden is Smith.
I know, in real-world cases hacking a bank account isn't quite that simple, but I only mean to illustrate how seemingly inn
Seriously, what data do you absolutely require to be encrypted? I would speculate that most data that one transfer across the net will impose no harm to yourself or your peers. Sure some data will eventually be picked up by some services and may, or may not, be used for commercial uses (ad's maybe). If you don't want that you can often opt for other services or use encrypted protocols.
The use of digital signatures in email is closely related to encryption because it requires the same PKI. That may end up being the driving force because of the increasing sophistication of phishing. The institution I work for is now frequently attacked with phishing emails. Our help desk is constantly answering questions about whether a particular email is phishing or not. What's even worse is the people who don't call (and don't know how to smell a phish). We are dealing with hundreds of compromised accounts per year because of phishing. I think this is not only a compelling reason to start authenticating email with digital signatures but also to integrate the recognition of digital signatures into our spam filtering.
Just like anything encryption has a cost. This cost is actually pretty low. Keeping the government loop and comply with regulations so that terrorist plots are detected early is simply part of this cost. There is an optimal use of encryption where it's marginal costs are equal to it's marginal benefits. We may fall short of this optimum if among other things there is imperfect Information about the costs and benefits. #1 The the benefits are hard to measure and unknown. #2 There are social concerns because of a lack of consensus about what constitutes The Greater Good and this undermines trust. People want their communications encrypted but not the communications of others. The costs of encryption are very low and the technical knowledge is common and equipment is ubiquitous. The problem is not primarily technical. The largest technical problem is related to benefit estimates. Other security holes may allow breaches. Encrypted channels must be decrypted at the end points. If the end points are spyware invested sieves then encryption is irrelevant. Encryption use is not promoted. It's better to have most channels open and encrypt only the necessary information. A start would be to create a collection of ROI and Cost/ Benefit analysis for enterprises over type, industry and size, and for various individuals and households over education level, income, and wealth. Create public policy briefs about encryption. There is a lot of communication people can't exploit and so people don't care about it. For example who cares if someone finds out I am reading web pages to try to prevent razor burn and read a web page on gentle ex-foliation. At least the office would know I am trying ! Who pays to disseminate the marginal cost and benefit information? You don't know when encrypted conversations would have been breached or the costs that would have been incurred from the breach. The costs of breaches are a large part of the benefits of security and must be estimated.
there's no point encrypting things that are not usernames/passwords/sensitive information.
Except in the most rare cases, there's no point in encrypting user names (unless you want to argue by semantic shift).
However, whenever you do anything that requires you to be logged in (i.e. post a comment), you should have to prove that you're the rightful owner of the username you post under.
In other words, in every transaction you send some kind of secret to slashdot that proves you're you.
I want that to be guarded with HTTPS. I don't want anyone else to prove they're me. That means everything I do while I'm logged in has to be HTTPS-guarded.
The sooner web code monkeys get this, the better.
Maybe we need to come up with a standard way of encrypting things, that our packet sniffers somehow know how to decode. Maybe even with a "relax the crypto" configuration flag we can throw during debug.
And then only let the government and government-approved network administrators have packet sniffers, to avoid the black hats having them? Except that the Nigerian government could hand them out to any Nigerian if it felt like it, so we need trade embargoes, and...
Exactly what's the point of encrypting something if information will still leak out of the encrypted packets?
Or---when in debugging mode you could send some insensitive unencrypted traffic. That way, people can have their encryption and network debuggers can have their not-encryption.
As odd as it may sound, there are many companies willing to pay tens of thousands of dollars a year on maintaining and making changes to their web site, but some of these don't want to pay $300 a year for a security certificate, even if they pay for an expensive security system to be written.
As for secure FTP, some people don't want to download a separate FTP client, they just want to use what is built into Windows, and I don't think that supports sFTP. You also have to pay for a cert.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
How often do you speak out loud in a public place? None of that is encrypted. Someone might overhear you.
When in a public place, you can see who's there. How often do you speak out your VISA card number, expiry date and three-digit security code in public? Okay, that is encrypted. How often do you speak out your Gmail password in public? Or the ssh password to your computer? How often do you leave your wallet and car keys lying around in public?
The reason that most traffic is not encrypted is simply that encryption is unnecessary for most traffic. Does slashdot need to be encrypted? Arguably, there are some things out there that should be encrypted and aren't, but the basic answer to your question is that most traffic isn't very sensitive.
How is a mailbox provider going to analyze all those potential spam mails when everything is encrypted?
If someone is sufficiently ignorant (I just mean non-geeky; I'm not trying to insult anyone) that they get a false sense of security, don't you think they're also going to be ignorant enough to send sensitive info in plaintext?
Take away the AV software which gives them a false sense of security, and I think they'll still watch porn and download BonziBuddy.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
This is easy. It's not worth it. The losses attributable to "not encrypting" something are less than the cost of "encrypting everything" and managing it. It doesn't hurt enough yet. Wait till we get a large scale breach of a service like alt.com or adultfriendfinder. You will then see some action. Capitalism is not pro-active unless it's clearly profitable and has little risk.
where for most uses encrypted communication alone would be sufficient
Okay, here's a thought experiment:
Suppose you have a two-way key exchange protocol. That is, Alice sends something to Bob, then Bob sends something back, then they can talk encryptedly.
Suppose when Alice sends "Hi Bob, I'm Alice" to Bob, that Alice's ISP, Eve, grabs that bit, then sends her own message to Bob saying "Hi Bob, I'm Alice". Bob returns something ("Oh, hi Alice, Bob here.").
Now Eve is talking to Bob (and vice versa) encryptedly, and Bob thinks Eve is really Alice.
Oh, but we left Alice waiting. Now Eve returns "Oh, hi Alice, Bob here." to Alice.
Then Alice is talking to Eve and vice versa, encryptedly, and Alice thinks Eve is really Bob.
So when Alice sends "I love you, Bob" (the secret message), Eve---who hates Alice---looks at that and cackles. Then she sends "I hate you, Bob. I'm breaking up." to Bob, who now thinks Alice hates him.
Not only did Eve learn what secret and ostensibly encrypted message Alice wanted to send to Bob, she could also forge a completely different one. She could also have just relayed the message, and listen in on the session between Alice and Bob.
Exactly what did we gain?
There's a reason I'm doing my phd in cryptography: if you fail at implementing an efficient algorithm for sorting, or shortest path, or travelling salesman, you know your algorithm is inefficient. If you fail at designing a secure protocol, there's a very real danger you think it's secure. The failure modes of cryptography are worse and more hidden than in almost any other subfield of computer science that I knew I needed to spend more time on it.
Plus, I like the geeky math (finite fields ftw.) and the spy-vs.-spy stories ;)
TME.
First, keep in mind that name-based virtual hosting with HTTPS is very limited. With few exceptions, you're quite restricted in your ability to host multiple SSL-encrypted sites on a single IP address. Most often, one must instead assign each SSL-encrypted virtualhost to a dedicated IP address. If every website was, today, to switch to HTTPS-only operation, and if the RIRs were to allow it, we would immediately run out of IPv4 addresses.
This is effectively true, but it gives the impression that the problem is inherent to the protocol. The main obstacle to secure name-based virtual hosting is that Microsoft won't implement Server Name Indication for Windows XP.
The reason this stuff isn't taking off is because the complexity of a certificate gets in the way of work for most non-technical people. My VeriSign digital signature, for example, took a lot of futzing around with to get working (not to mention costing $100+ to my company) with little to no perceivable value to the end-user.
Self-important people (like my boss) don't have time to be goofing around with their computers to make their security certificates and digital signatures work correctly.
When a boss can't access a certain site or submit a particular proposal because The Computer won't let him, then the boss insists that all these security features just go away.
Maybe the insurance companies?
I want to know why I still have to guard my SSN and my mother's maiden name like it's some sort of dirty secret. No one should be able to open up a credit card in my name unless they somehow got the request signed with my private key.
Cost of recognized certificates, ones which come from the client software's preloaded default certificate authorities is a major problem. Server to server can be self signed, but ones that are customer/user facing have to be ones most browsers and applications will recognize without prompting with a security warning.
And managing those certificates which expire every year or every couple years can be a hassle, or worse they will cause people problems when they expire.
Of the two problems though, if cost was less then you would see wider adoption. For server to server communications, self signed certs make a lot of sense.
What is the point of implementing something that is really not needed? When you are running secure stuff, SSH, SCP, VPN are used. Encrypting harddrives is overkill for the average person. What e-mails are we sending back and forth that is so sensitive it needs to be encrypted? If it is sensitive, most organizations have the approproate framework in place. I mean, why do I need to encrypt an e-mail to my fellow co-workers of the redneck joke of the day, or encrypt my browsing of Slashdot?
You DON'T need to send your public key to someone securely. That's why it's called PUBLIC KEY!
Allow me to explain. Public Key Cryptogrpahy uses 2 VERY LARGE prime numbers as keys. One is your Public Key, which ANYONE CAN KNOW. Give it out freely. Publish anywhere. Paint it on your forehead. Doesn't matter. The other is your Private Key. This you keep PRIVATE! NO ONE, not even your most trusted friends and allies, should or needs to know your private key.
Now, you can use your key-set in two ways: 1) You encrypt a message to someone in particular by using THEIR PUBLIC KEY and YOUR PRIVATE KEY. You send them the encrypted message (and you can even send them a copy of YOUR PUBLIC KEY at the same time if they don't already have it). They decrypt the message you sent them using YOUR PUBLIC KEY and THEIR PRIVATE KEY. At know time does either party let any other party know their PRIVATE KEY. Anyone else who has your Public Key will be unable to decrypt the message (in a reasonable amount of compute time) without access to the PRIVATE KEY of the recipient (who you sent the message to). 2) You generate a second Public/Private Key-Pair (in addition to your normal key-pair). You encrypte a message (or digest thereof) using your REAL PRIVATE KEY and the generated extra PUBLIC KEY from the generated pair. You send the message and encrypted digest along with the generated PRIVATE/PUBLIC KEY PAIR (NOT YOUR REAL PRIVATE KEY THOUGH). The recipient should already have a copy of your public key gotten through offline channels. The recipient uses your REAL PUBLIC KEY plus the generated PRIVATE KEY included with the message plus the encrypted digest to verify that you are indeed the sender. This method is used to verify that the sender is the correct person that matches up with the Public Key I KNOW for a fact I received from that sender previously.
So, method 1 allows encryptiion/decryption of the message and verification that no one has intercepted the message and decrypted it (and, if you have the receiver has a copy of the senders public key already, it verifies the sender as well). Method 2 simply verifies that the sender is, in fact, the sender whose public key the receiver already has a copy of without encrypting the message.
The important point is that nowhere does any party ever give out their real PRIVATE KEY to anyone else.
Another important point: Most of the time Public Key Cryptography is only used in order to encrypt and transmit a Private Key (like an AES key) for a Non-Public Key Cryptography cryptographic method because PKC is computationally intensive whereas private key schemes are require much less computational overhead. So, in effect, we exchange Public Keys, then one party sends the other party an encrypted message containing only the key for a non-public-key crypto method. Then, the two parties begin comunicating using the non-PKC algorithm using the key exchanged via PKC.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
I'd be pro if
1. i had control over who got my key data rather than assuming its gets passed on by default to echelon by versign etc
There is nothing for Verisign to pass on. They only have your public key. You keep your private key private. Look into how Public Key Cryptography works before you worry about non-existent problems
2. i could create keys without firefox complaining like two year old about them
Again, your lack of understanding is astounding. Firefox complains because it has no way of verifying that your generated Public Key is actuall from who is says it is (You). Firefox must be able to get a copy of your public key from a "Trusted" source in order to verify your key. There are 3 possibilities: 1) Register your Public Key with a "Trusted" Key Service (i.e. Verisign), 2) Register your own key signing authority with a "Trusted" service (i.e. Verisign) and then register your public key (Cert) with your own key registrar, 3) Install a copy of your public key (cert) into the pre-trusted keys in Firefox (provide an installer for your end users).
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
> Exactly what's the point of encrypting something if
> information will still leak out of the encrypted packets?
Do you lock your house? Does it have windows?
Do daemons dream of electric sleep()?
openbsd is rather secure, at least until you put applications on it. part of this is cryptography as a os service. so in the us, the os is a export restricted munition and so the openbsd people do not allow us citizens to work on the os. I speculate that this has a negative effect on development of the os. since associated projects like openssl are widely used, one might think there are negative impacts on the use of cryptography in the us.
HTTP proxy caching is a best practice for ISPs and businesses, and going to HTTPS thus adds overhead since this traffic can't be cached.
Furries make the internet go.
+1 Insightful - I wonder why this was not the topic of the first comment.
I don't want to sound pessimistic or paranoid, but from the signs so far I firmly believe that soon the use of encryption will be reason enough for any obscure organisation to raid my house/office/computer.
This is the main reason I do not practice or even consider any kind of encryption. After 20+ years of being online, I think that any sudden change of online behaviour from my static IP will raise a flag on this or another continent. Therefore, I prefer obscurity through transparency: I take special care everyday to visit xxx sites, check new conspiracy theories, visit celeb and gov sites etc like any normal curious person. However I avoid the googleplex, facebook and all permanent records of any personal details on social networks.
Yes, I know about proxies, anonymizers, Tor etc, but I consider these as the orange flags because using them also can be interpreted as changes of online behaviour. There is no escape.
The CPU requirements for handling encrypted traffic are a lot higher than for http.
It costs MONEY - and it's not a linear scaling - doing 1/10th of the transactions/CPU needs more than 10x the number of CPU's since you have to spread load - which imposes more load on the system.
[U]ntil browsers change their behaviour when confronted by a self-signed cert they will never gain widespread acceptance and use with a non-technical crowd.
Agreed. I'd rather see more relaxed behavior: if the browser is presented a cert that does not connect to a known trust root but is otherwise valid, and either has never done https with the site before or has accepted the same cert in the past, accept it, retain it for future reference and continue with no warning -- but also don't show the "secure site" chrome such as padlock, colored address bar, etc. If the key changes, then go ahead and pop up a warning -- the key change is better evidence of a possible MitM attack than mere absence of a shared trust root.
Also, since there's already a precedent for variable chrome established by EV certificates, it might also make sense to have distinguishing chrome for the apparently-valid-but-no-trust-root case. Conveying the sense of "secured against passive snooping, but doesn't prove identity" with the chrome is left as an exercise to the usability specialists -- failing such a case, using the unsecured chrome is acceptable.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
that have led us to this. Certificates should cost no more than $10 yet Verisign wants $1000 for a 1 year enhanced web site certificate. Thawte wants $995 for 2 years. Out and out piracy is my opinion. I'm pretty sure that there would be a lot more security in the small businesses I support if I could buy them certificates for $25.
"Be kind, for everyone you meet is facing a great battle." - Philo of Alexandria -
After various arguments where I propose that unauthenticated encryption is superior to plaintext, I'm left with the sense that some users (whether it's a lot of them or just a few, I don't know) conflate encryption with the nebulous word "secure." There are applications still in use today, which confuse users into thinking that if the communications are encrypted, then no one can listen in. (Either that, or there are people out there mis-training users into thinking that's what the apps are telling them.)
And if that indeed is the case, then some well-meaning people don't want to deploy encryption without authentication, because they feel that it could trick the user. So those defective apps are making your question become "what is holding back authentication?" And that's a whole other problem.
If we don't want to accept that encryption must come after authentication on everyone's todo list, then we need to repair those user interfaces (e.g. get rid of the padlock icon that is displayed when encryption is used).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
As mentioned in a previous post, encryption tends to break many of the other types of security measures we have come to rely upon. Intrusion prevention and detection systems do not always work with encrypted traffic very well; the same goes for mail and web filters. You cannot always trust that which is encrypted and can be as much of a security risk as it is added security. Those types of systems capable of scanning encrypted content can present privacy concerns depending on how they are implemented. Additionally, these systems are not always capable of scanning all types of encrypted traffic, particularly when dealing with proprietary implementations or specs that deviate from a standard. I am not saying that encryption is worthless, however its pros and cons need to be weighed against other aspects of security carefully to ensure that your network gets the best combination of protection and usability that it can have.
I disagree completely. Doctors, Lawyers and accountants are routinely emailing very sensitive information in clear text. I see it happening every day. Many offsite backup solutions don't guarantee encryption for at-rest data (just SSL while on the "wire").
The single biggest problem with encryption is key management. People are just so accustomed to forgetting their passwords that they don't understand that not managing your encryption keys is going to result in lost data. They just "assume" there is some backdoor (I know this because I maintain a secure storage site and have lawyers contacting me weekly that have lost their credentials).
IMHO, one of the problems with the propagation and improvement of encryption is that too many people, knowing that better encryption is possible, reject all forms of encryption that aren't ideal.
I worked at a company and we had a one time need to send data outside the company in a way that would relate individuals without disclosing their identity. It wasn't a problem that we wanted to spend a lot of time and money on. At some point I coldly offered the possibility of simply multiplying the ID's by X. It would obscure the ID's, but not secure them. I expressed my doubts, but the legal representative of the company ruled that we only needed to take reasonable steps - not outwit Sherlock Holmes. I raised a mild objection, but with all of this documented, and with a legal opinion in hand, that's exactly what I did.
But I started thinking about this later and began to realize how woefully inadequate other forms of human communications have been for most of human history. My parents would never trust anything not on paper, but their mailbox was hardly secured. Signatures on contracts are never examined - except perhaps, in a court of law. Today, normal fax machines are legal instruments capable of transmitting prescriptions for controlled substances.
The gap between the now and the ideal is very wide. Symmetric key encryption is adequate for many situations. Asymmetric encryption is a solution that doesn't always need the establishment of trust. That can often be established on a peer-to-peer human level.
Often, when I've developed a program/system that had been generalized to solve anticipated problems in addition to the specific problem to be addressed, I've found that much confusion would follow. I learned to design and code to the general, but expose only that which addressed a specific need. Later I could expose more if needed. That worked much better and, when people later asked if we could add something else, I could say that I'd anticipated it and yes, we could.
So here's the thing. When I did have to implement more general forms of encryption, I felt like an idiot. I'm don't think I'm an idiot. I've written routines to compute surface normals to geometric planes to effect hidden surface removal.
But just figuring out how to get/buy PGP while not get ripped off was hard enough. I knew about GPG but couldn't find any definitive statements that they would work together (PGP being ubiquitous in my industry). Then I was given choices between various ciphers and hashes. Uh, which one is best? No guidance.
Then there was the company that had been recently compromised who's newly formed Information Security department refused to let us send them PGP encrypted data over their FTP site without a security review of *our* company.
Crypto folks, get your heads out of theory and into the real world.
Where can an IT professional get training for using encryption tools? We need to have more training for the realities we face on the Internet. I've been writing interface scripts for banking interactions for a long time, and have only recently seen banks offer some level of encryption. Ideally, we should leverage IP restrictions as well. There should be both in place for any secure transaction. IP restrictions and some level of object encryption and/or session encryption. How can data be safe otherwise? -JW
Most large (and some mid) companies employ a SmartCard of some kind for access to the building. Adding a smart card with a chip then help authenticate getting into the building and (with certs on the chip/card) auth the user onto the network and provide for digital signatures and encryption. Most companies also have a policy governing levels of protected information and how it is shared. There is a bit of 'heavy lifting' as far as implementation and it would come down to how much risk is acceptable. I have worked in both environments and hybrids in-between. SmartCard logon as building ID is the smoothest and easiest for the user as well since a single PIN is needed with the SmartCard. With most people familiar with Bank ATMs, this should be a no brain-er
I believe that the US Post Office should take the lead here. Even 10 years ago, I thought that the USPO was the perfect "official" entity to manage keys. The post office currently serves a sort of official role in guaranteeing safe deliverly of your mail (more or less). If the USPO had official processes for proving you are who you say you are and keeping your public key, then the US Government could safely allow digitally signed emails to represent contracts, etc. Once you reach that point, it seems like signed emails would become the norm for business transactions. Furthermore, once you have all the keys and government endorsement, it seems like encryption would follow very quickly.
Even better, it would become trivial to filter out any non-signed emails as spam, and for any signed spam to be prosecuted.
--Paul
It may not be feasible to employ encryption in everything we do. But we should focus on making it an option to all users to elect to use. A right to privacy shouldn't be nulled because it's to hard to protect. Additionally employing encryption farther from the application level makes it easier to implement it more transparently.
Do you lock your house? Does it have windows?
Will the police catch people who read my mail as it's travelling around some foreign mail servers?
Is it possible to secure as well against breaking and entering as it is to secure against eavesdropping? Is it feasible?
Bad analogy. The trade-off equations are vastly different for securing houses vs. securing information.
Say you wanted to practice your breaking and entering skills. Would you practice picking one of your own locks, or would you demand your neighbours not lock their doors?
I assume you're a nice person who respects their neighbours' wishes. I assume you can extend that nice respect and not insist on picking your neighbours' electronic locks, or on them being unlocked.
If not, why not?
Maybe Perspectives can help show that certs come from the right source.
http://www.cs.cmu.edu/~perspectives/index.html
3 Modes:
1. Non-encrypted - no need to warn, not claiming to be secure (No Lock Shown/No Yellow URL Bar)
2. Signed-Certificate - claiming to be secure, lock-shown, yellow-url bar shown - verification exists that the traffice is in fact encrypted by domain owner (exluding difficult and unlikely MITM)
3. Un-Signed Certificate - claiming to be secure, but, no verification exists that traffice is in-fact encrypted by domain owner.
If you can't understand the difference, then you need to REALLY think about the problem for a moment instead of just shooting off your mouth.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
I had a secure certificate for eMail encryption. Took about a day to figure out how to use it, get it implemented in my mail program, how to inform other eMail users the procedure to decrypt my messages, get the certificate signed by Thawte, etc. As it turned out, only one other person I corresponded with had implemented eMail encryption.
Then one day, the certificate expired. Do you think I could wade my way through the obscure techno-babble of the Thawte website to renew my certificate? If you answered "yes", you'd be wrong. I couldn't even figure out what kind of certificate I had when wading through the obtuse language at Thawte.
Someone has to make this easier than getting 24 bit video at something bigger than 640x480 to work on obscure hardware with a new Linux distro. That was a piece of cake in comparison.
To this day I have no idea what Thawte wanted me to do to renew the certificate.
Link to relevant information....
http://www.bis.doc.gov/encryption/default.htm
It's a shame that a mathematical transformation of information is considered a weapon (of mass destruction). :(
Slashdot CAPTCHA: skulls
(how apt) :P
and many more could care less. Attempting to explain the benefits of encryption to the most people is at best a waste of time and at worst makes you come across as a babbling paranoid geek with something to hide. For years I have had GPG setup so that I can send and receive encrypted email; however I can count on no more than one finger the number of times that I have ever sent a "real" encrypted email and that was to verify an oder with thinkgeek.com. I have yet to receive "real" encrypted email from anyone whether it by my bank, or any of the several companies I deal with even though my public key is readily available. I find that most people are simply confused the whole topic. What I would like to see is for the windows Thunderbird installation routine to include a security setup option that automatically downloads, installs and configures GPG for the user. More people might then start using "secure email/signing" if the option were available by default in their email interface. Self signed certificates are good enough for most people's purposes and could be dealt with by dumbed down security warnings, eg. "Do you really trust this sender...?. Once trust is properly established the only "flags" of real concern would be when a self signed certificate doesn't match the one that has been previously trusted.
I send something to someone to read. They can read it. It can't be read by someone else until the intended recipient gets it and decrypts it. What the recipient does after that has NOTHING to do with encryption (nor can it). If you think otherwise, you really are misinformed. What your are advocating in DRM (Digital Restrictions Management) which is "Defective By Design" and doesn't actually achieve the purpose you are seeking (keeping intended recipient from doing with something you sent them what you don't want done). I'm sorry, but, no sane person is going to every grant you such control.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
Exactly what did we gain?
We gained an encrypted transport, meaning that eavesdropping is not possible without forging packets. What's so hard to understand about it? Yes, MITM is still possible, as it is with weak SSL, but it is a different problem and it does not need to be adressed for many uses. If my ISP can intercept and modify packets, he can forge all my responses in a (unidirectionally authenticated) SSL communication, he can do all sorts of evil stuff pretending to be me and I'm generally out of luck with most current protocols/implementations. The number of people who can eavesdrop is generally higher than that of the evil ISPs who can forge packets and when I have the choice between unencrypted transport and encrypted transport vulnerable to MITM, I will choose the latter, simply because the evil people with only the capability to record conversations will be unsuccessful.
"I love my job, but I hate talking to people like you" (Freddie Mercury)
One word: ITAR.
http://en.wikipedia.org/wiki/ITAR
Not encrypting FTP or email is pretty inexcusable if you're going over the public Internet.
However, most websites use plaintext HTTP most of the time because there's nothing to hide. It's expected that a site will switch into SSL mode when entering a password or displaying personal or financial information, but other than that, there's really not an incentive to encrypt normal web traffic. If someone snooped on my connection and saw spurts of HTTPS traffic coming from IPs assigned to Slashdot and CNN, all they have to do visit those sites themselves to see what I'm reading.
(Although I really do wish Slashdot would at least allow logins and comment submissions over SSL.)
A not so computer-literate user just pleaded me to allow unencrypted FTP because in order to use SFTP on a Mac:
I can't fucking believe it. How can an FTP program come without SFTP support? How can PuTTY be 1 gig? The PuTTY that came with my WinSCP is 1.4 megs big.
At least that's what the NSA, CIA, TFI, FBI, DEA, ONI, ATF, CIA, NGA, DHS, DIA, DOD, DOE, INR, NRO, ISR, RIAA, BSAA, and the Children's Television Workshop have all said at some stage.
The DOJ insisted back in 1999 that its agents need the ability to secretly enter private property and disable security on personal computers. Apparently SELinux has a back door built in using NSAKEY as the password.
The new right fascists are bilingual. They speak English and Bullshit.
It is orthogonal.
FTP is unencrypted because what people want to do is get files from point A to point B. Something as simple as scp causes them to see a warning message that the can't quite make sense of, that looks scary, that is not on the critical path between getting files from point A to point B. So, they do what all humans do, which is go back to the lowest common denominator that is not directly related to their chosen career.
Email? Encryption? Are you fucking kidding me? I knew that was a failure when X509 was pushed. People do now want is-a-person identity verification for themselves, just for everyone else. And it turns out that PGP web of trust sort of key management only works for geeks that like concerning themselves with security. The single best thing that happened to email over the last 12 or so years is admins accepting that opportunistic transport encryption is, yes, basically free and self-signed certs work just as well as that one from Verisign. But, still, this is transport, not storage, so (in the U.S., at least) the legal system intersects, and transport encryption is necessary, but not sufficient, for personal control over one's email. And this is putting aside that a rather large part of the population has migrated to web mail, where they don't even control the storage in the first place, and the service providers have obligations to state actors that are substantially less robust than storing your own damn email on your own damn disk.
I don't think I've seen an ecommerce shop running on port 80 in 5 or 6 years, but I'm sure there are some out there still. But this ignores that we're really not that worried about people compromising routers and whatnot (I'm not saying it hasn't happened, but that is by no stretch the most common security breach mode for Joe User). Transport encryption doesn't help you when the Chinese government targets you with a zeroday, or even when you're not paying attention on a more generic phishing attack.
I was on the Cypherpunks list back in the early 90s, and there is a reason why most of the predictions of the use of crypto did not pan out to create a cyber-anarcho-capitalist-utpoia (dystopia?). And that reason is that a lack of crypto is not the weak link, and, as always, the problem exists between chair and keyboard, if you're prone to considering that the problem.
My view is that people want to get things done, not worry about getting things done securely. And so any time "securely" means even slightly more work, fuck it, it won't happen. And that means even really minor points of friction, because people don't even understand why they're doing these things in the first place. ("Why did my login have to time out? I still want to put things there.")
Ultimately, the right posture for someone who wishes to promote security is to make it transparent. That's not possible, of course. But we, as a culture, are used to accounting safeguards, CPAs imposing annoying multiparty checks and balances and whatnot, so it isn't impossible that this sort of thing could be pushed to consumers. I'm personally skeptical, because the non-geek consumer has an interest in not caring and the people selling stuff have an interest in catering to that.
I forget what 8 was for.
(1) The USA government, or more specifically the USA's intelligence agencies, have for decades opposed any meaningful strong encryption that they might have some difficulty breaking, let alone exporting or re-exporting such encryption. President Clinton's Clipper Chip initiative included the requirement that the keys be sequestered by the government, which destroyed any credibility with businesses or individuals. These requirements, although relaxed somewhat, still exist to this day. (2) USA and foreign computer manufacturers (hardware and software) are compelled to provide either degraded encryption, or else key sequestration to the USA government if they wish to do business with the USA government -- money talks, and big money talks loudly. Without the ability to easily integrate strong encryption into either the Operating System or the Hardware, the use of encryption is problematic for the generally lazy end-user. The entire USA IT industry has been subverted and corrupted by the USA intelligence agencies. Until such time as strong encryption can be shared across national boundaries without fear of any government's intrusion, this situation will persist.
Only Terrorists use encryption, if your not a terrorist you've got nothing to hide.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
There are two kinds of encryption:
- The one that stops your little sister (SSL used to admin firewalls, to fuel VPNs, or RC4 used in Remote-Desktop, etc.)
- The one that puts your company into big trouble because governments will crunch your company if it does not "comply".
This may help to understand why encryption is not widely used: it is either pointless or forbidden.
> Maybe Perspectives can help show that certs come from the right
> source.
> http://www.cs.cmu.edu/~perspectives/index.html
Perhaps something like what Perspectives does for SSL certs would be
feasible for GPG keys pulled off a key server.
As in: "This public key for email@domain has been seen consistently
for X amount of days", i.e. it has not changed thereby preventing
imposters. Would be a nice secondary path of semi-trust in addition
to the Web-of-Trust.
Why use encryption? The Government, and not necessarily your own. Why would a government care about the content you view from websites? I moved to China 6 months ago and am sick of half the internet being blocked, I can't talk to my friends or family on facebook, my porn is cut off and plenty more. And China is only at the forefront, Australia is close behind followed by the UK(in the "free" world), and every other despot country with internet.
http://my.telegraph.co.uk/dublinclontarf
Now, having said that, DNSSEC does let you securely look up SSH fingerprints, X509 keys, etc from DNS data so that you can do key bootstapping. There is even a patch to openssh to automatically accept a key if it matches a fingerprint that was securely retrieved using DNSSEC.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
My experience is that on Debian if you install GpG, Kmail instantyl activates all the buttons and interface changes needed for suporting it. The only thing that is hard to do (or, I guess I just didn't try to learn) is adding other people's keys to your database.
GpG by the way is required by aptitude nowadays, thus almost always present on Debian installs.
Rethinking email
I usually don't bother encrypting my email because it's mostly mundane stuff, and frankly there's more of a threat from the owner of the email server reading my stuff than there is from a MITM attack. Also, getting and using a cert is a bit of extra work.
Bah, that's crap. Fire up Seahorse on Ubuntu (Accessories -> Passwords and Encryption Keys), generate a new key, then publish the key. Then fire up Evolution or Thunderbird + Enigmail and tell it to use the key. There, you're now using signed/encrypted email.
Honestly, this is *dead simple*. The argument that it's too hard is pure BS, IMHO.
Really, most things which should be encrypted - are. There's no reason to push encryption everywhere
Actually, there's a *very* good reason to push encryption everywhere: It adds noise to the signal. Right now, if a government agency wanted to focus their efforts on surveillance, it would make sense to focus it on those who are making use of encryption. After all, as you say, encryption is used where it "matters".
But if everyone used encryption, then it becomes impossible to identify "important" data from "unimportant" data. That's a very good thing.
Or---when in debugging mode you could send some insensitive unencrypted traffic. That way, people can have their encryption and network debuggers can have their not-encryption.
But the "bug" appears only when the encryption is turned on. Only for data for which encryption is turned on. Now what?
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Encryption made easy for the average user. Try https://www.threadthat.com. Effective and simple.