Slashdot Mirror
What's Holding Back Encryption?
nine-times writes "After many years in IT, I've been surprised to notice how much of my traffic is still unencrypted. A lot of businesses that I interact with (both business and personal) are still using unencrypted FTP, and very few people use any kind of encryption for email. Most websites are still using unencrypted HTTP. DNSSEC seems to be picking up some steam, but still doesn't seem to be widely used. I would have thought there would be a concerted effort to move toward encryption for the sake of security, but it doesn't seem to be happening.
I wanted to ask the Slashdot community, what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?"
is not the whole solution.
Nullius in verba
Isn't it the case in enterprises where they would rather keep things status quo instead of adding additional layers of (potential) problems? I believe they won't convert unless there's sufficient financial (dis)incentive to do so.
Maybe when getting a server cert is free/easy people will do it defacto. but right now it's either shell out for an SSL cert or greet every traveller with the "omg this site has a self-signed cert!!!oneone" browser warning.
I have encrypted this post as my contribution to making encryption more widespread.
Here you go:
kkjkjGHIUgibilhjGHLiubhjbiu78HVji67gfUKGHVuygjh VljhbvolygILJKbIyugIJbikhjbKJBkbvkjnfJ.a,mx jchkdjqJiufhpi9fu{ywe9f8iunsiochjaijkcs
The fun part is that the (UK) cops can demand a decryption key for that, and lock me up when I inevitably fail to provide one....
This is a substitute for a clever sig that fits within the maximum number of characters.
Signed certificates are holding up encryption. Opportunistic encryption doesn't happen if it has to be carefully pre-planned.
Yes, unsigned encryption is vulnerable to MITM. So what? It protects against the far more common traffic sniffing and a plethora of other attacks.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I think that much more often than not most folks just use the default settings on their stuff, and at this point nearly all encryption is not something that is set up by default.
While the learning curve for using encryption in email, http, ftp, etc is not all that high, there is enough of one there for most people to just say "meh", even if they understand why they should be using encryption in the first place.
It's like personal home protection for many people - they don't want a gun in the house until after they've been robbed the first time. I'd wager that many people using encryption are doing so because they've been bitten by a lack of encryption in the past.
There's no reason to encrypt HTTP requests that don't contain personal information.
What's Holding Back Encryption?
Simple: INERTIA.
Remember back in the day when the OpenBSD guys said Enough Already and pretty much dropped telnet, rsh, rcp, rlogin, etc. for the SSH suite of tools? Yeah, a bit of growing pains at the time but no one would want to go back. It took some time but finally other open source projects followed suit.
People are lazy, if there's no push to change most won't no matter what benefit the change offers.
Trolling is a art,
Really, most things which should be encrypted - are. There's no reason to push encryption everywhere; especially if it would confuse people and make them think everything is safe just because it's encrypted.
One that hath name thou can not otter
It won't happen until the pain of not doing it exceeds the cost of implementing it.
I still cannot find the droids I am looking for...
What problem do we need to solve here? If it ain't broke...
Just for the hell of it I've toyed with hooking my geiger counter up to my computer, generating a couple of DVDs full of random numbers (really random) and using them for one-time pad encryption to send email to my Mom. Which cannot be cracked, by anybody.
There is also the issue that if you lock things down too tight you risk locking yourself out and can't get back in.
...laura
Verisign. Because of the ridiculous cost of THEIR certificates, and that browsers don't seem to properly recognize any certs but ones from Verisign. People either use fake certs (encrypted traffic, but no verification of trust), or simply don't bother.
Also, because so many sites pull in images and other content from non-origin servers, webmasters do not know how to build a proper SSL site in most cases. It's tricky to do right (not impossible - just tricky), and most web designers / site administrators simply give up on SSL, rather than try to learn how to implement it properly.
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
It costs a nonzero amount to get a certificate at all, and a self-signed certificate is barely better than raw http.
It also costs a nonzero amount in server CPU usage and/or dedicated hardware to do the crypto itself, especially the https sessions. For example, Google App Engine will handle the SSL for you for free, using a wildcard cert for *.appspot.com, but the crypto does count towards your CPU quotas.
These two factors suggest that it makes sense for crypto to be used only where needed, rather than using it everywhere we can. Combine that with corporate sluggishness to approve any spending, and you can imagine why even where it is needed, it can be an uphill battle to get it actually adopted.
Don't thank God, thank a doctor!
In the case of email I am not using encryption because none of my business contacts are. It is kind of like with MS Word. I would love to use something different and I never mail out doc files, only PDF, but if everyone else is doing it's hard to stand your ground.
How often do you speak out loud in a public place?
None of that is encrypted. Someone might overhear you. Break out the tin foil hats!!!!
Until a couple of years ago, I was a consultant for a large three-letter firm (not IBM) that got a project to implement an internal certificate authority that would be trusted by external partners, in support of email encryption.
Some other projects came up that I needed to do and we started searching for someone else within this 20,000+ employee technology company that could do the project and had at least some familiarity with PKI issues.
There was noone.
Couple that with the fact that we were getting the CA signed by an internal division of the company with a globally-trusted root CA, and that division had precisely two employees. To run a public root CA.
I've been in IT for over 15 years, and I think the number of people I've met in that time who see PKI as anything other than a magical black box can be counted on one hand with fingers left over.
"large data loads being done over the network causing the voice quality to go through the floor"
You (or Cisco) are doing it wrong.
We have a fairly simple, Asterisk-based, VoIP system in-house, serving about 20 extensions. Our 3Com 100Mbit managed switches (ex-elsewhere via ebay, and not even close to current tech) prioritise VoIP traffic, so even though the Asterisk server is on the same gigabit switch in the system rack as some pretty beefy servers, I can transfer 40+ GB virtual disk images from server to server (or my desktop PC) and the VoIP users will not notice a thing. Our infrastructure setup is not sophisticated - we could have created a separate VoIP VLAN on the IT room switches, but found no need.
Something's not good with your network design and whoever put it in should be taking a look.
Encryption is a big problem to handle.
You are more likely to lose your keys than your privacy; there's just so many ways to get it wrong, even on the lowly USB memory stick, and end up losing your own data.
blog.sam.liddicott.com
To answer the original question, the thing holding back encryption is the above mistaken attitude, that using a self-signed cert is barely better than using plaintext.
There won't be a push for improving the cert system (e.g. by moving to an OpenPGP WoT or something) until more people are encrypting, And people won't be encrypting until they get over their foolish attitude that it's pointless to force attackers to use MitM instead of passive snooping.
When more people start to realize that it's a good idea to force their opponents into doing expensive and risky things, then they will choose to do that and start to use (poorly-authenticated) key exchange. Once encryption with poorly-authenticated key exchange becomes more common, people will start to see a benefit to improving their authentication, so they'll attend more key-signing parties, or exert market forces within crippled single-signer systems to have cheaper CAs, or whatever.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I'm surprised nobody brought up -- needless encryption makes a *huge* headache for running diagnostics on any sort of server. If any sort of script is not working, there is difficulty in evaluating what is happening, and even network diagnostics is much more complicated.
Additionally, encryption wastes a lot of CPU cycles if not needed. Although a small argument, this slows down networks and costs $$$ by burning fuel.
Finally, you have to make sure encryption is done right to be secure. If you encrypt everything, it is more difficult to see where there might be a vulnerability because there is more to audit. Think of the analoy to personal encryption -- unless you work for the NSA or something it is much better / easier to encrypt a directory on your disk with personal stuff than trying to encrypt your whole logical volume.
Which would be easier to recover from if you had a hardware fault / disaster?
Slashdotter, ID #101. UIDs are in binary, right?
Put simply encrypting content is just too much effort for most people. I've only ever had dealings with one company that preferred to use crypto. No one else cares.
The only way crypto is going to see wider adoption is if its turned on by default and virtually a no-brainer to use. It has to be virtually transparent. I think it's well past the point of ever happening, although it might gain some traction if a major mail provider such as Google issued all users with a keypair, made it the default to sign outgoing messages.
The question is why Google or any other provider would bother to do that.
FTP would be dead if Microsoft would adopt the SSH suite, since SSH has the exact same capabilities as FTP. SSH is the swiss army knife of encrypted networking. Port tunneling is very useful. Less known, but also very nice is the ability to use pipes like this:
echo "hello" | ssh remote_host "cat > hello.txt"
You could use it to make a large backup without consuming disk space on the local machine.
tar -zc directory_to_backup | ssh remote_host "cat > backup.tar.gz"
It also works very well with rsync. Combine with hard links for a great backup strategy.
I like to see the surprise from Microsoft centric developers when they discover what SSH can do. They seem to all have this false assumption that it's just for getting a shell on a remote UNIX system.
Though I haven't kept up with SSH development on Windows, two applications I've used on Windows are: WinSCP and PUTTY sshwindows also looks interesting as I use cygwin + SSH
You asked a simple question, you deserve a simple answer: Managers.
Over my years in IT, I have seen too many decisions being made by people who haven't updated their IT knowledge for 10 years or so. People who think that "FTP" doesn't stand for "Fuck This Protocol" and to whom SSH is "this new encrypted remote login tool". In addition, crypto is inherently difficult to understand, and a lot (I can't emphasize that enough) managers simply don't support anything they don't understand.
Cisco had the right idea of VPNs and making the whole encryption "thingy" become invisible. Unfortunately, that too required some managers to make decisions.
The only places I've ever seen where encryption is used a) consistently and b) well is where someone very high up understood at least enough about the issue to roll out a general policy or put a security officer in place and gave him authority over such decisions. And then proceeded to fire at least one high-ranking middle-management idiot for violating the policy.
Assorted stuff I do sometimes: Lemuria.org
When systems fail they often fail gracefully and often provide you a hint of what's failing. Your image server is broken? Ok, no images but you still get the text and it's plainly obvious there is a problem with the image server.
When encryption fails, you are usually dead in the water with no inkling of what went wrong or how to fix it. Letting you know what is wrong and how to fix it is often considered a security flaw (for example, the classic approach of being vague about which part of your username/password combo is wrong).
Encryption is either all working or all not working by its nature. It is brittle by design and a pain to use as a result.
DNSSEC has absolutely nothing to do with encryption. Nothing is hidden and the resource records are still in clear text. DNSSEC is about integrity of the resource records.
But DNSSEC can be a catalyst for encryption technologies. DNSSEC allow you to put certificates, ssh-keys, etc in the DNS in a secure way.
JB
I keep hearing everyone bitch about how hard it is to do wide scale encryption with so many user computers to configure, but I have found things like ssh port forwarding between offices to be an incredibly easy and secure solution to much of my encryption needs. Yea, it does not solve all the problems, but it is sure makes life as a systems admin much easier than trying to keep track of all the various possible protocols and their potential faults. It is possible to just about encrypt anything with a high level of transparency to the end user.
Living in Chile
SSL and predecessory try to prevent forged messages in addition to providing encrypted communication, adding the unacceptable overhead of handling a key infrastructure, purchasing certificates etc. where for most uses encrypted communication alone would be sufficient and could be achieved in a much simpler, cheaper way (especially when authentication is achieved with passwords anyway). So we're not encrypting traffic and not preventing eavesdropping because preventing forged messages is too hard/costly - congratulations! On the other hand, one should consider the implications of the false sense of security for the layman with only encrypted traffic - which is similar to what we have now with SSL being broken (MD5 etc.)
"I love my job, but I hate talking to people like you" (Freddie Mercury)
The problem is not data leaving the network, it's data leaving the company. Bar eliminating the user or chaining him to the desk, if anyone who knows, or can get to know (i.e. internal access) something valuable, then it can be stolen, even if he/she has to memorize it.
nec sorte nec fato
If someone is sufficiently ignorant (I just mean non-geeky; I'm not trying to insult anyone) that they get a false sense of security, don't you think they're also going to be ignorant enough to send sensitive info in plaintext?
Take away the AV software which gives them a false sense of security, and I think they'll still watch porn and download BonziBuddy.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
First, keep in mind that name-based virtual hosting with HTTPS is very limited. With few exceptions, you're quite restricted in your ability to host multiple SSL-encrypted sites on a single IP address. Most often, one must instead assign each SSL-encrypted virtualhost to a dedicated IP address. If every website was, today, to switch to HTTPS-only operation, and if the RIRs were to allow it, we would immediately run out of IPv4 addresses.
This is effectively true, but it gives the impression that the problem is inherent to the protocol. The main obstacle to secure name-based virtual hosting is that Microsoft won't implement Server Name Indication for Windows XP.
Do you lock your house? Does it have windows?
Will the police catch people who read my mail as it's travelling around some foreign mail servers?
Is it possible to secure as well against breaking and entering as it is to secure against eavesdropping? Is it feasible?
Bad analogy. The trade-off equations are vastly different for securing houses vs. securing information.
Say you wanted to practice your breaking and entering skills. Would you practice picking one of your own locks, or would you demand your neighbours not lock their doors?
I assume you're a nice person who respects their neighbours' wishes. I assume you can extend that nice respect and not insist on picking your neighbours' electronic locks, or on them being unlocked.
If not, why not?
Actually, when I came here, I convinced everyone that we *should* be signing our mail and got everyone thawte certs. thawte's process for that was so painful that no one wanted to go through renewal a year later. Despite being a target of phishing scams, the practicalities of role based email mean that inertia is *still*, many years later, impeding routine use.