Cryptography 'Becoming Less Important,' Adi Shamir Says

Trailrunner7 writes "In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a 'post-cryptography' world. 'I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,' Shamir said during the Cryptographers' Panel session at the RSA Conference today. 'We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it's there. But recent history has shown us that the APT can survive both of these defenses and operate for several years.""

He put the S in RSA

Without him, it'd just be RA, which isn't even RAD.

Re:He put the S in RSA

[ls671]

He put the S in Rivest-Shamir-Alderman

Re:He put the S in RSA

[a_hanso]

He put the S in Rivest-Shamir-Alderman

You mean Adleman.

Re:He put the S in RSA

[ls671]

Holy shit , thanks for that.

https://en.wikipedia.org/wiki/Leonard_Adleman

Re:He put the S in RSA

[a_hanso]

No problem. I used to do the exact same thing!

Re:He put the S in RSA

[noh8rz10]

Thank you for helping with the acronyms, but what the feck is APT?

Re:He put the S in RSA

[schitso]

Advanced, persistent threat.

Re:He put the S in RSA

[treeves]

Well, he did say that everything he writes is lies. Had to stay true to form.

Re:He put the S in RSA

[EETech1]

Looks like he could have quite the neckbeard if he wanted to:)

Re:He put the S in RSA

[Culture20]

Did he say that, or did he write it? The difference is important.

Re:He put the S in RSA

[crutchy]

it's the debian package manager :)

Re:He put the S in RSA

[RoboJ1M]

*switches to yum*

Re:He put the S in RSA

[bluefoxlucid]

RSA?? You mean that DIFFIE-HELLMAN RIP-OFF?

It's more like the postman's kid.

Re:He put the S in RSA

Yes he did, but didn't RSA suffer a major breach. I am no expert, but when the police are overwhelmed by the bad guys you need more police or better/different police, not less. Sure any system is susceptible to breach, but you would think RSA would have a recovery plan as should every customer, who claims they protect customer data. I'm sorry RSA has failed twice in my opinion. Number one the rumor mill is that, RSA is no longer updating their own products in this space when it's obvious that encryption and trust are more important today than ever. Number two, having your leader announce to the world that the bad guys have essentially won and there is nothing you can do to stop them is a horrible thing to say. As a leader in the encryption field you should have answers to solve problems. Perhaps this article is not the full story, but if I was a RSA customer, my next call would be to another security provider.

Re:He put the S in RSA

[ChatHuant]

RSA?? You mean that DIFFIE-HELLMAN RIP-OFF?

Eh? How is RSA a Diffie-Hellman rip off? One is an asymmetric encryption algorithm, the other one a key-exchange protocol. While there are some things where you could use either of them, their capabitilies don't overlap completely. Or is it because they both work on groups of integers modulo n? But then they're both rip-offs of the table of multiplication!

Re:He put the S in RSA

[darkonc]

.....But then they're both rip-offs of the table of multiplication!

Dunno about you, I only memorized my multiplication tables up to about 2 digits, not 800.

Re:He put the S in RSA

[bluefoxlucid]

Uh. How do you think the RSA key-exchange protocol works? Hint: It's an asymmetric encryption algorithm.

no

[masternerdguy]

Encryption is the best anti-tampering mechanism you have in computing. Well placed encryption protects OS data from tampering, user data from theft, and sensitive communications secured. It's only getting more important.

Re:no

[masternerdguy]

Code signing to the rescue but slashdotters seem to hate that idea.

Re:no

[masternerdguy]

Before I get flamed, it is possible to do code signing without using it for evil. It's a tool like anything else.

Re:no

[jonwil]

Slashdotters (including myself) dont hate code signing, they just hate code signing where the owner of the computer does not control what gets signed and what can run.

Re:no

[happylight]

I think the point is no encryption is going to protect you from users installing malware, buggy software, or just plain hand over data unknowingly. Next to no attackers would attack the cryptography itself. The weakest link is always somewhere else.

Re:no

[masternerdguy]

Crypto is part of a full solution containing (crypto), proper segregation of permissions, proper segregation of user data / accounts, proper firewall configuration, proper software configuration, patching vulnurabilities, malware detection (lots of solutions on Windows, chkrootkit on linux), and user education. If I forgot anything add it to the list.

Re:no

[ls671]

Encryption is the best anti-tampering mechanism you have in computing

Let me disagree; the best anti-tampering mechanism is checksums taken from preferably remote access to the file system from a highly protected host. md5sum and the like are your friend to find 0 day exploit root kits.

Note that this is line with what Rivest-Shamir-Alderman Adi Shamir is trying to warn us about.

Re:no

And, in the short term, current cryptographic techniques may be good enough that focus needs to be placed on these other links.

Re:no

Most of the attacks came by email from unknown senders. If we started using encrypted e-mail to verify authenticity, wouldn't that drastically lower the chance of being infected? By default you would never open files if they were never signed.

Re:no

[Kaenneth]

The problem is most owners have no clue how to do code signing, and would rather their equipment/software vendor take care of it.

My car door/ignition lock came from the factory; I have no idea how to fix it if something goes wrong, but that's fine by me, since for more than 10 years it has just worked.

The best encryption is transparent to the user; most people won't notice if a link uses HTTP or HTTPS, a bright red bar might get their attention, but that's about it.

Re:no

Its fine for someone else to take care of it. The problem is when you complicate it for those who don't want someone else taking care of it. The reasons it is being done differ from those stated. They are doing it with malicious intent.

Re:no

[swilde23]

user education should be printed in all caps, bold, underlined, comic sans, etc...

At some point, unless we develop new algorithms that utterly break how current encryption algorithms behave (which I know I know, is a possibility... and of course the NSA has it already)... your weakest point is not going to be the computer. It's going to be the lackey at the front-desk happily letting a "tech" in (physically or electronically)

Re:no

[ceoyoyo]

The weakest link is the encryption if you don't have any.

Encryption has just become so important, and so good, that attackers are forced to look elsewhere.

Re:no

[Clarious]

MD5 isn't that secure, and AFAIK SHA1 usage is not recommended due to near future threats too. The system you referred to is just the same one as my laptop, with the TPM chip as the 'highly protected host'.

Re:no

[the_B0fh]

bah. 15 years ago, there was a post on BugTraq about this internet mapping that someone was doing. The systems were running redhat, everything was locked down, tripwired, only thing running was ssh, and it required certs to get in.

The guy felt something was wrong. Compared tripwired hashes to what was on the disk. Everything looked good. lsmod, ps -ef, netstat -an, everything looked kosher.

A couple of days later, he decided to take the system down anyway, and run an offline tripwire. Found shit.

Can you figure out how they got in?

Re:no

[viperidaenz]

Unless the subject of the email is "NAKED PICTURES OF " Then Average Joe will dismiss all warnings without reading them.

Re:no

[happylight]

What you're referring to is more often called information security. Cryptography usually just refers to the methods, algorithms, and protocols of transferring data.

But there's little point in arguing the semantics of words. I think we can all agree the human factor plays a large part in almost all intrusions these days.

Re:no

[ls671]

I don't give a damn about how secure it is, I could even use crc-32 if the snapshot takes too long. The idea is only to be alerted about unexpected file changes, especially system executable like; top, login, w, etc. but you should look wider.

1) Take periodic checksums
2) Have differences reported
3) If they don't match documented updates you have an intruder.

That's why it is recommended to run the checksum program from a secluded host because the rootkit hopefully won't have had a chance to get at the checksum program on the secluded host. View that host as the ultimate secured host in a good rsync backup strategy, the CA in a good PKI strategy, etc...

It used to be common practice in the old days to take periodic checksums to detect intrusion into systems. Now, with all the fancy IDS solutions around, it seems to be less used but I do not see anything that really replaces it yet.

Re:no

I think the canonical formulation of what you just said is that people aren't attacking the crypto, they're attacking how it's used. (And it's working.)

Re:no

[jythie]

keyboard?

Re:no

[a_hanso]

Exactly. Securing the data is not much use if the programs accessing that data are compromised. If the encryption program is conning you into thinking that your data has been securely encrypted, you're screwed. I'm not an expert in this area, but I don't know why this approach is not more widespread.

Re:no

[Sulphur]

Unless the subject of the email is "NAKED PICTURES OF " Then Average Joe will dismiss all warnings without reading them.

Hillary Clinton?

Re:no

[ls671]

Easy analogy: In spy movies, they put a tiny piece of something between the door frame and the door when leaving. If not there when back, then you have an intruder.

Same basic principle.

Re:no

Exactly. When the code signing process can not be initiated by the end user should they chose to sign an unsigned executable. It's just asking the vendors of your hardware and OS to establish a monopoly on your user experience by locking out competition.

This current system of all-or-nothing needs to go unless they offer an easy but out of the way means of signing an executable. All the current system does is make dumb users choose the nothing route and forgo all of the transparent benefits of the all route.

Hell stick the signer in a control panel app or similar easy to access location. Restrict it to administrative/root level for usage. That's enough to deter anyone from using it unless it's needed. The process should not be so obscure that you must resort to potentially malicious 3rd party sources just to get started. Especially with all the self-proclaimed experts out there that regularly dish out advice like "disable UAC" instead of pointing out the simple process to give an individual program automatically elevated privileges.

Re:no

[Junta]

The problem is the execution. In my mind SecureBoot both restricts the user power *and* comes up short of a comprehensive solution. I can't imagine a comprehensive solution that wouldn't completely supersede SecureBoot strategy and allow user control.

Re:no

[EETech1]

Seems they've gotten to Bit-9, and found ways to get around that too.

OS security needs to have a major makeover, zero days for sale to the highest bidder, state sponsored malware with forged certs, vulnerabilities everywhere.

It's getting scary on the ol' Interweb...

She ain't what she used to be

Re:no

[Kaenneth]

For code signing, if you could sign everything yourself, what stops malware (or an attacker with temporary physical access) with the same privileges as the user from doing the exact same operations, and signing itself to install a rootkit?

Re:no

[demonlapin]

This is true but unfortunately irrelevant. You can do all the user education in the world and it means nothing if the IT staff are idiots.

I have a handful of fairly secure passwords. They're reasonably long, are incredibly easy for me to memorize, and don't rely on any details of my life (pets, wife, kids, birthday, etc.). But I have to deal with websites that demand a series of ridiculous standards: some require (thank you, AmEx) a number in the username, some require passwords to have number, capital letter, and symbol. I spent a lot of damned time figuring out a password that people can't guess, and I can't use it because I can't remember the rules for any random website - so I have to get a password reset email sent to me in plaintext. And on top of that, I can't use a password I've used before - so every time I log into a website I rarely use, I have to reset the password to something I will forget in a few days. I'd use something like Keepass but I need to be able to log in from non-home computers.

Re:no

[SternisheFan]

When you build a better safe, there will always be a better safecracker. Same applies to encryption.

Re:no

[tibman]

15 Years ago there were bugs in ssh?

Re:no

[dbIII]

Means nothing if the IT policy is set by idiots.

Re:no

[grumbel]

I think the point is no encryption is going to protect you from users installing malware, buggy software, or just plain hand over data unknowingly.

That's a problem of the current day extremely fragile OS design. Stuff a user installs should simply never have the right to do any damage. Just like a HTML app is strictly sandboxed and can't access your whole HDD, so should a native executable. You don't really have to worry about malware when its locked up in a sandbox and can't even modify itself.

To make quick Unix example of how things should work:

Wrong way: sed "s/foo/bar/" file
Right way: cat file | sed "s/foo/bar/"

In the first one 'sed' has all the rights the user has and can do whatever it wants behind the users back. In the second case 'sed' needs absolutely no rights at all aside from being able to read stdin and could be completely sandboxed away. It's 'cat' that has the right to access users files and pass the data down the line to other programs. Thus instead of having dozens or hundreds of apps with file access, you have just one. Similar concepts can be adopted to the GUI easily where the file dialog (the GUIs 'cat' equivalent) becomes part of the OS instead of the application.

Re:no

[grumbel]

user education should be printed in all caps, bold, underlined, comic sans, etc...

If the user can break the OS, then the OS wasn't secure enough. It should be completely impossible to get the OS into a state where it's unrecoverable or unverifiable. If the OS fails at that, blame the OS, not the user, maybe then we get some progress in computer security.

Re:no

[InfoJunkie777]

user education should be printed in all caps, bold, underlined, comic sans, etc...

At some point, unless we develop new algorithms that utterly break how current encryption algorithms behave (which I know I know, is a possibility... and of course the NSA has it already)... your weakest point is not going to be the computer. It's going to be the lackey at the front-desk happily letting a "tech" in (physically or electronically)

I would tend to agree. Many of the stories I have read, like the Iranian nuke plants getting infected with Stuxnet, were due to human engineering. Getting to stupid people inside to get access or keywords or geting them to insert an infected thumb drive into the wrong computer. Hard to work against that. People are lazy much of the time.

Re:no

[tsotha]

Actually, a safe is a good analogy. Nobody actually "cracks" a safe any more, in the same way criminals don't gain access to your computer by cracking your crypto. Safes are blown open, battered open, cut open, or subjected to some fancy chemical attack. But modern high-quality combination locks are impervious to the guy with nimble fingers and a stethoscope (which is a Hollywood thing anyway).

Installing a rootkit from an email is roughly analogous to having your safe opened because you put the combination in the top right drawer of the adjacent desk.

Re:no

"After they take it from you"

What sort of fatalist defeatist bullshit is this?

Re:no

[hairyfeet]

Exactly, its like how a friend of mine was nearly fired because he wouldn't let a PHB have his "files" from his "friend" Melissa, yep the moron was threatening to fire him if he didn't let a worm loose on the network. Lucky for Glenn the guy above the PHB wasn't a retard and actually kept up on current events so he just said "Is he talking about the worm that's going around?" and then gave Glenn a free steak dinner while giving the PHB the riot act for trying to compromise security for an imaginary girl.

At the end of the day you just can't protect from a case of the stupids, you just can't. I was quite proud of having an unbroken record, nothing but happy customers and well running systems,until I finally had to throw a customer out of the shop and threaten to call the cops, why? because this was right after Limewire had been shut down, I told him flat footed "The courts shut Limewire down, it doesn't exist and anything that says its limewire is either worthless or a malware laden fake" so guess what he did? promptly went home, downloaded "the new limewire" and then demanded i fix the machine for free because...shock... it was nothing but a bunch of malware with the limewire logo. When i threw him out the shop he was saying "it says its limewire now you make it work!"

Sadly there is only so much you can do without turning the system into nothing but a locked down, corporate controlled thin client and as long as the user has the right to install you are at the whims of somebody who may be a moron. I learned you do the best you can but at the end of the day stupid is as stupid does.

Re:no

[tlhIngan]

user education should be printed in all caps, bold, underlined, comic sans, etc...

At some point, unless we develop new algorithms that utterly break how current encryption algorithms behave (which I know I know, is a possibility... and of course the NSA has it already)... your weakest point is not going to be the computer. It's going to be the lackey at the front-desk happily letting a "tech" in (physically or electronically)

First off, any security system designed should account for Dancing Pigs in which security decisions should not be left up to the user because the user will always choose dancing pigs/rabbits/kittens over security basically 100% of the time. (Replace it with whatever - pr0n, pirated programs/apps, "free money", etc).

And anyone who says users should learn everything about computing before allowed in front of one - do you know everything about your car? Do you want your mechanic to be able to fix your car, or to compile and install a new Linux kernel? (Especially on your dime).

Re:no

[the_B0fh]

no. They finally tracked it down. They watched the guy come in and take over the box again. He got in and owned the box in 8 seconds.

The hacker found an old samba server in Australia (version 0.5 or some such), took it over. Used that to remotely mount the windows desktop used by the researchers in Japan.

Found the private cert/key on the windows box. Used that to ssh in to the linux server. Ran a zero day gnome exploit and took it over.

After taking over the server, installed 2 kernel modules that hid itself and also trapped certain calls like the ones used by tripwire and basically returned true for all the operations for tripwire and removed itself from the modules list and the process list.

damned cool hack, and that was 15 years ago!

Re:no

[PReDiToR]

You're looking for Password Hasher and if you're not on your own computer the demo page will work in (nearly) any browser.

In case you (or someone else) doesn't click it, if you use your UID as the passphrase and "slashdot" as the site tag you get "i0+v+dXNbzPpvpW177NeV9eYnK" at my default settings of 26 characters, upper, lower, numbers and symbols.
For remembering just your UID. How simple is that?
To bump it up and alter the password completely when you change it there is a button that will change "slashdot" to "slashdot:1" - a change that is remembered by your browser, or can be written in a text file as a reminder because that isn't sensitive information.

This is not perfect security but it would go a long way to making identity theft and account hijacking harder if everyone showed their mother and their kids how to use this simple piece of code. They could go on using that one stupid password that is the only thing they can remember but be secure from rainbow tables and GPUs for a few years.

Re:no

[crutchy]

would you remove all the locks on the doors and windows of your house merely because they couldn't stop aliens from abducting you?

also, window locks are uselss because burglers can simply smash the window

any level of personal security (even the fake security cameras, lasers, etc) is better than none at all

but on the other hand, imposing your ideas of "security" on others is not a good idea (such as the TSA)

people should be free to decide what level of security they think is appropriate for themselves, as long as it doesn't adversely affect others (don't install a nuclear reactor powered ion cannon in your back yard because your neighbors likely won't be very happy having risks from your ideas of security imposed on them)

Re:no

[AK+Marc]

Like I said, cowards and liars take the mythical best case of their preferred opinion, and the absolute worst case of the opposite. Every time. Predictable (stupid), cowards, and liars.

Re:no

[Sique]

The problem with code signing is the idea, that there is always one party doing the coding and another party doing the running of the code, and that they are always different. It turns the operator of a computer strictly in the consumer position without a chance to leave it again, because neither self written code nor modified code will be signed. If we allow selfsigning of code, we are back at the situation of being allowed to run every code, and we are back to the spreadfest of malware. The main problem is that even code for simple tasks is utterly complex and mainly unreadable for most of us - either because we don't even have the ability, not being coders, or not the capability, because we have better things to do than reading each and every byte of code we are running. Open Source has its advantage, because there, the signed part is not only runnable code, but source code. Thus we still have the advantage of signed code (proof of origin), but without the disadvantages (we can run modified or selfwritten code without hassle). And the process of executing non signed code is transparent to us and very in the open, because we do the process of installing, modifying and and executing unsigned code, when we are actually know we are installing, modifying and executing code.

Re:no

[Threni]

I think that's what he's saying, though. Use it, but stop pretending it's the solution. It's the solution to a decreasingly important part of the overall picture.

Re:no

[ls671]

You are the man, You got the full picture which I was trying express.

Re:no

[ls671]

I used to be, I would be tempted to blame IDS fud and hype.

http://slashdot.org/comments.pl?sid=3497631&cid=43021047

Re:no

[ls671]

Also, same thing here. When something is detected that way, set honey pots to discover how they do it.

Re:no

[ls671]

Damn, I meant to say: IT used to be

Re:no

[grumbel]

No, that was just a theoretical example of how a secure 'sed' could be build. I don't think it's actually implemented that way anywhere, not even sure if it's possible with SELinux, but it might. The point I was trying to make is simply that you can build a highly flexible toolset (i.e. the Unix toolbox) in a way that has no direct system access.

Re:no

[HuguesT]

Somehow that sounds unlikely. Why was the samba server useful? Why was the researcher's desktop shared? Over the internet to boot? Why was a cert useful to log onto the RedHat box? What was the motivation for taking over the box in this fashion?

Do you have a link to the bugtraq discussion?

Re:no

[L4t3r4lu5]

I have my Keepass database hosted on Dropbox, synching with my computer and Android phone. However, the database contains only 4 characters which satisfy the idiosyncrasies of whatver the site requires, e.g. A$s4 for CAPITAL, $pecial, lower, numb3r. In the notes is a number corresponding the position to insert these characters into my easy to remember and secure password, as you have. If the maximum size is shorter than my password, I clip it to the maximum it can be.

The database is useless without my secure password (which isn't the password to the database), site access is secure as the full password is not stored in the database, and I never need to worry about forgetting a password regardless of the stupid decisions of others. Further, any site storing the key in plaintext only gets the password for that site; They'd need the Keepass database unlocked to use the key anywhere else.

Re:no

[UltraZelda64]

Stay away from Windows, obviously... problem minimized. Also distrust any other "mainstream" OS and avoid typing up anything important with them. I don't know why the fuck anyone would be using a phone or tablet computer to type up anything important, but Android would probably be included as mainstream... with the added bonus of being easily stolen, since people take the machines that run it everywhere they go.

Re:no

[dnaumov]

I'd use something like Keepass but I need to be able to log in from non-home computers.

Do use Keypass and install it on your phone as well.

Re:no

[CrashandDie]

The problem is most owners have no clue how to do code signing

Paraphrased: "The problem is most owners have no clue how to safely store a gun." Or even: "The problem is most owners have no clue how to do proper parallel parking."

Just because you give everyone access to a tool doesn't mean everyone knows how to use it. That's where education comes into play. The same way we educate individuals how to talk, or behave in society. Education is important, hence, that's why it is mandatory up to a specific level.

I'm not saying everyone needs to know how to do proper code signing, but then again, not everyone knows how to service their car. But just because some people don't know, or don't want to learn doesn't mean that everyone should be banned from servicing their car.

And there is the real problem: we use the excuse that knowledge is optional to impose restrictions on others. You may not know how your door lock works now, but if you were so inclined, you could still replace it with one of your choosing. You could learn about the mechanics and even make your own. Or you could remove it altogether. Why couldn't you do the same with the lock on your computer?

Re:no

[flyneye]

In this case, the only hiding place left is the first layer of the OSI model. I can't believe no one thinks of that. When you find the final receiving/originating server go to the physical location and either investigate log ins from there or find the culprit sitting on his ass. Recidivism is a concern, so old fashioned arrest is out of the question, especially if it's a foreign country. 3 letter agencies just eat more tax dollars, which leaves us with hoodlums to disappear,the problem/black hat. Hoodlums drive their business, so hoodlums can close their business. It would just be a "move", "business". How much would a person or group or business entity be willing to pay to delete black hats? There would be overhead costs of course, hiring a "white hat" to do the digital work and travel expenses for the physical business meeting.

It may not totally eliminate the problem, but I'm betting it could drop activity a good 90% once a few disappear and word starts going around. Leave the hoodlum work to hoodlums and quit relying on some money gobbling geek corporation or government clowns to do the job right and actually get it done. It's a first layer problem.

Re:no

Why was the samba server useful?

So the attack would not be traced to the hacker's own machine

Why was the researcher's desktop shared? Over the internet to boot?

By "desktop" he likely means C$, which used to be shared by default on any windows box with F/S turned on. He's talking about 1997, remember.

Why was a cert useful to log onto the RedHat box?

SSH will let you authenticate using a private/public key pair, where the public key is on the server and the private key held secret on the client. If that private key is a) not encrypted/pw protected and b) shared over C$ to the internet, then any random joe can use it to impersonate the owner.

What was the motivation for taking over the box in this fashion?

It works. Steal someone's login credentials (through an obfuscating intermediary), elevate privileges, and hide your trail. In fact, I'm pretty sure that's the classic approach to taking over a box.

Re:no

[the_B0fh]

AC gave the perfect answer, but seriously, give it a bit of thought. I had originally mentioned that the ssh server was locked down and only accepted certs/keys, and you come back and ask why a cert was useful to login to the redhat box?

As for the link, it was just a one liner mention in one post (never seen him post before) that was really about another bug. It was a throwaway line that pointed to a URL, and for some reason, I was curious that day, and followed that URL, and read it, and went *WOW*

Re:no

[GameboyRMH]

The regression in computer security over the last few years is due to "cyberwarfare." Zero-days are being sold to militaries as "cyber-weapons" and being used in a very targeted manner, instead of being sold to common black hats and being used as widely as possible where security researchers can at least find them soon after the fact, or ideally being reported/disclosed.

Re:no

[cryptizard]

This is what Apple is doing now but people flip out about it. Apps in the app store can only interact with files through the OS file chooser, so they are effectively sandboxed and can only see files explicitly allowed by the user.

Re:no

[cryptizard]

You are missing the point of the checksum. In a situation where random error or corruption might happen, then sure CRC is fine because it will most likely catch the change. In an adversarial setting, if someone changes any of your file maliciously they can EASILY craft it so it matches the old checksum. That is the point of cryptographic hashes, it is very difficult to find two things that hash to the same value. If you realize that, then you have to use at least SHA-1 because it is relatively easy right now to craft collisions with MD5.

Re:no

[Hatta]

Is it possible to do code signing without enabling others to use it for evil? It's a tool like anything else.

Re:no

[swilde23]

I was unaware of the dancing pigs. I love that analogy.

Re:no

[drinkypoo]

When i threw him out the shop he was saying "it says its limewire now you make it work!"

These are the people I don't understand. Not because they don't listen to you, that's normal. But what I don't understand is why they would trust you to fix their computer when they don't trust you to tell them what to do with it.

Re:no

[Neil+Boekend]

They should start with telling the requirements for a password after the first attempt. This knowledge is easily found by a hacker, but not knowing this can be a big obstacle to a legitimate user.

Re:no

[blueg3]

because it is relatively easy right now to craft collisions with MD5.

Only if you control the original file as well as the new file. (Or, more simply, it's easy to craft two files with the same MD5 hash provided you're able to modify both files.)

Crafting a new file that has a chosen MD5 hash (or, equivalently, has the same hash as a preexisting file you cannot modify) is still hard.

Re:no

[frinkster]

This is what Apple is doing now but people flip out about it. Apps in the app store can only interact with files through the OS file chooser, so they are effectively sandboxed and can only see files explicitly allowed by the user.

Apple is going even further with this, as an App Store "app" - now is encouraged to contain XPC services. Each service runs as its own process (started and stopped by the OS as needed) within its own sandbox and its own reduced set of privileges (and it is explicitly NOT possible for one of these services to get root).

Re:no

[steelfood]

if you use your UID as the passphrase and "slashdot" as the site tag you get "hunter2"

That's funny... I see hunter2.

Re:no

[Natales]

1Password will do the trick. It works on almost every platform and you can access your encrypted items remotely via Dropbox with a fairly nice HTML UI.

Re:no

[TangoMargarine]

Except for the part where if the person in question knows you use this service and your username, you're basically just leaving your login without a password.

Re:no

[That_Dan_Guy]

I think many people are missing the point of what was being said in the article.

Cryptography is not just about keeping secrets, it's also about verifying identity. The article pointed out that if CAs are under pressure from their local Gov'ts to issue false certificates to them (happened in Turkey) the whole PKI is useless for identity verification as you can't trust any CA after that.

Re:no

[tibman]

Cool but GNOME had not been released 15 years ago. I'm not even sure if the kernel had module support either. It just got ELF at the time, as an idea for kernel maturity. But getting the key would be a slick way in. Like leaving the keys to your house in the mailbox : /

Re:no

[the_B0fh]

Gnome was started in 1997, so, right by there. It was many many years ago, in my first job, so pre-y2k.

Re:no

[hairyfeet]

Beats the shit out of me Drinkypoo, you'd think that with over 20 years of exp they would at least understand I know WTF I was talking about, or why would they bring it to me in the first place?

To me the bitch was the limewire installer was exactly what I said it was yet he expected me to "magically" make the limewire network come back to life so he could use it....WTF? I've had idiots that would tell me to "just hack it" like I can magically reset passwords on servers halfway around the world (I always make the "hack the gibson" joke they never get) but at least once i explain a little about how what they see on the screen is NOT actually on their computer? they at least see I can't magically make it work. This bozo had decided that I could rebuild the limewire network AND magically turn a fake installer into a functional one and thought if he got in my face he could get me to do it.

But I spent 3 years playing behind chicken wire, had a gun put in my face by a mobster, so needless to say this fat fuck wasn't gonna intimidate me, I shoved his ass out the door and told him if he didn't leave I'd call the cops. But it amazes me sometimes how clueless a person can truly be, and not listening to me is expected but to not listen AND want me to do the work?

Re:no

[OdinOdin_]

tripwire much ?

http://www.linuxjournal.com/article/2160 "Tripping up Intruders with Tripwire, Issue #40, Aug 01, 1997"

Re:no

[OdinOdin_]

Sure you have to craft the file to match MD5 but also be interpreted as a substitute of the original but with evil data.

This can become an easier problem to resolve if you are allowed unlimited length of input, but with a digest hash it becomes much harder if you also sign the input length the same as the original.

Re:no

[Sabriel]

If you've got a system where the user(s) log in as admin/root a lot (for whatever reason), make the code signing app require rebooting into a special mode.

If you've got an "attacker with temporary physical access", you've got bigger problems. Start looking at full disk encryption, multi-factor authentication, etc.

Re:no

[ls671]

Obviously you check file size too. Additionally, the intruder doesn't know which kind of checksum you use and nothing prevents you from using more than one checksum scheme. Damn it, just use rsync with incremental backups to detect changed files and use diff if you are really paranoid about collisions.

Re:no

[PReDiToR]

Knowing that I use "slashdot" for the site tag, or maybe "slashdot.org" as it can be configured to default to, does not mean you know what I use for my passphrase.
I used his/her UID for an example. The previous reply to my post obviously used his code "*******" (which is all I could see) instead of his UID to create the password.
This in NO WAY is less secure than using "hunter2" to log in, and using "slashdot" and "hunter2" yields "4bnth/jYK1JCBP32NZzGjQUHKd"

Re:no

[Sigg3.net]

But I'm a dog person, you insensitive clod!

Re:no

[Sigg3.net]

They want free stuff, it's not rocket science.

There's always one person making a riot because his pirated, Russian XP isn't working "as advertised" and want a genuine version free of charge, because he "knows" IT people gets it for free.
Usually screaming at the top of his lungs.

Re:no

[hughperkins]

Check out Nic's password generator: http://angel.net/~nic/passwd.current.html

I extended it a bit https://github.com/hughperkins/passwordbookmarklet :
- longer passwords generated
- the bookmarklet password field uses password characters
- there's the option of using a bookmarklet with a 'confirm' field
- added a console application (python) which invisibly copies the password to the clipboard, for non-web applications

Re:no

[darkonc]

No problem with code signing, per se. Big problem with using Code signing to lock in market control and limit people's control of their own machine. -- Especilly the signatures are controlled by a company with an abysmal history of code security.

Microsoft-controlled code-signing is like putting 3 bulky padlocks on a house with big, open windows.

Re:no

[GuB-42]

Considering how much crap uninformed users tend to install just to ask their their more knowledgeable friends to fix their mess, I don't think that putting a small barrier is a bad thing.

Dress for suck-(cess)

My vote is for just giving up and letting the bad guys have their way with us.

Re:Dress for suck-(cess)

You mean business as usual for a lot of companies? I've heard the adage, "security has no ROI" way too many times... with its companion, "Tata or Geek Squad can fix anything."

Re:Dress for suck-(cess)

[eksith]

No... long answer, no way in hell and you can take my PGP from cold dead hands.

Re:Dress for suck-(cess)

[vux984]

His point wasn't that cryptography wasn't useful, but simply that dealing with modern threats doesn't require "better cryptography" because modern threats aren't attacking the crypto. They are attacking the public key infrastructure (PKI), they are attacking the end points before encryption/after decryption.

Our security focus is there.
In other words, PGP doesn't protect your email, if you have a virus on your system sending everything to an attacker after its decrypted. PGP doesn't protect your email if the PKI is hacked, and you are signing mail with public keys generated by people impersonating the intended recipients.

Etc. Etc.

A better PGP crypto algorithm isn't going to help you here.

Re:Dress for suck-(cess)

[mhajicek]

Security has no ROI, but a lack thereof has a negative ROI. It may be better received if called "loss prevention".

Re:Dress for suck-(cess)

[viperidaenz]

I don't need to take your PGP, I just need to take your private key.

Re:Dress for suck-(cess)

[viperidaenz]

Tatas fix a lot of things, but security isn't one of them.

Re:Dress for suck-(cess)

[tsotha]

I have never run across a company that wasn't serious about security. The problem has always been keeping people out takes a different skill set and a different mindset than building things. Companies I've worked for had their systems compromised because they didn't understand the nature of the threat, not because it didn't have "ROI". By now I think most companies realize a bad hacking incident can be an existential threat to a product line or even the company itself.

My current employer hands over tons of cash to a consulting firm that specializes in this sort of thing. As much as I think using consultants is usually a waste of money, in this case it probably makes sense.

Personally I'd like to take the Neuromancer route and have a corporate hit squad run these fuckers down and shoot them (katanas would be good, too), but my boss won't go for it. Something about liability. Pffft.

Re:Dress for suck-(cess)

[heypete]

I don't need to take your PGP, I just need to take your private key.

Considering that my PGP key exists on a tamper-resistant smartcard specifically to prevent that type of attack, that would be impressive.

Sure, one could apply the old rubber hose or steal the smartcard and extract the data from the chip but that seems a bit extreme.

Re:Dress for suck-(cess)

There is a limit to what you can do to secure the endpoints, but the PKI can be improved upon in certain situations.

As an example, bitmessage (a bitcoin-inspired messaging application) and cjdns (a mesh routing engine) both follow basically the same idea: derive your address from your public key. In applications where this makes sense to do, it eliminates the need for a hackable PKI--keys can be distributed with little thought to security, because the validity of each key can be (and is) checked by everyone.

Admittedly, the result in the above cases is that you get something which looks like a bitcoin address for bitmessage, and an fc00::/8 ipv6 address for cjdns. Not the most user friendly things to work with, and adding a human-readable version (something like a DNS lookup table) reintroduces a lot of the problems. But it's a start.

Re:Dress for suck-(cess)

[TCM]

Just because there are weaker links doesn't mean stronger links should stop getting stronger or even become weaker.

No idea WTF the author is smoking. Must be one of those post-privacy pussies, too, who just give up.

Re:Dress for suck-(cess)

[viperidaenz]

So you only ever use computers you own that haven't been infected with malware and never use a smartphone or tablet because they don't have smart card readers? Awesome case of paranoia you have there.

If your paranoia is justified though, there's always this method.

Re:Dress for suck-(cess)

[heypete]

So you only ever use computers you own that haven't been infected with malware and never use a smartphone or tablet because they don't have smart card readers? Awesome case of paranoia you have there.

When I use PGP, absolutely.

It's not paranoia, it's common sense: why would anyone use a potentially-untrustworthy system when dealing with secure communications? I also don't check my banking records from potentially-untrustworthy systems. Is that paranoid?

In regards to tablets and smartphones, I haven't really found any that pique my interest. I prefer more standard computers and a relatively basic mobile phone.

If your paranoia is justified though, there's always this method.

Indeed. That is not the threat model I'm worried about -- I have no illusions about securing communications from major world governments that have a personal interest in reading them and who are willing to use force in pursuit of that goal. I'm more concerned about more mundane, everyday threats like malware. Using a smartcard provides effective protection against such threats.

APT

Would have been nice to define APT...

Re:APT

[Dizzer]

Advanced Persistent Threat

Re:APT

[Nerdfest]

I'm guessing "Advanced Persistent Threat", but I may be wrong. Yes, It would have been nice to define it at first use.

Re:APT

[Frosty+Piss]

Advanced Persistent Threat

Re:APT

[Omnifarious]

I agree. Making it an acronym makes an annoying piece of jargon slightly inscrutable for people who aren't conversant with the field. APT in this case refers to Advanced Persistent Threat.

Re:APT

[fuzzyfuzzyfungus]

It's doubly annoying because(in PR-flack ass-covering speak) an "Advanced Persistent Threat" is "Any bad guy smarter than our dumbest sysadmin's stupidest mistake".

It might have been a clear category at one point(and there still are attackers who are pretty clearly both advanced and persistent); but the constant "Well, we could say 'gosh, we fucked up, how stupid of us.' or we could say 'It was and Advanced Persistent Threat, total national security shit, probably chinamen or something!'" pressure hasn't helped...

Re:APT

[obarthelemy]

Actually, I know plenty of intelligent people who make mistakes. Almost as many as retards who take pleasure in calling others out.

Re:APT

"APT-get" is a well known tool available to Debian users for upgrading all the advanced, persistant and threatening installed packages on their pc.

Re:APT

[Score+Whore]

Always Perky Titties. The thing is the nerds in IT are easily distracted by some nice sweater stretchers which enables the bad guys to have their way with the servers while the boobs are bouncing around.

Re:APT

[the_B0fh]

damn, I wish I hadn't commented previously!

Re:APT

[kangsterizer]

To be honest, it's a cool new word to say you've been massively rootkited by humans :P

Re:APT

[bentcd]

Advanced Persistent Threat

Damn, that puts a whole new perspective on apt-get ...

Re:APT

[L4t3r4lu5]

Actually, I know plenty of intelligent people who make mistakes. Almost as many as retards who take pleasure in calling others out.

This was ironically recursive, right?

Re:APT

[Sigg3.net]

# apt-get remove apt

Problem solved!

Re:APT

[peawormsworth]

Would have been nice to define APT...

From this content, it is apparent that the original submitter did not know what ATP meant at the time of submission. Because the quoted article doesnt define it either.

Depends on your threat model

[Omnifarious]

If you're trying to protect your big organization against foreign spies, yes. If you are a little guy who wants to communicate without having that communication be laid wide open for a large organization to see, then I think encryption is still pretty useful. Even if just because managing all those separate unique intrusions over a long period of time requires a lot more resources than just tapping into a trunk line.

Re:Depends on your threat model

If you're trying to protect your big organization against foreign spies, yes.

It's still useful and important. Not foolproof, but useful and important.

The way I do security

I have a PC that I use for all of my financial stuff, record keeping, and other critical data. I don't encrypt the hard drive. I don't even password protect files.

You know how I do security for the PC that handles my most critical data?

It's not plugged into the fucking Internet. That's how.

Re:The way I do security

[masternerdguy]

Have fun when Joe the Burgler takes your computer.

Re:The way I do security

[godel_56]

I have a PC that I use for all of my financial stuff, record keeping, and other critical data. I don't encrypt the hard drive. I don't even password protect files.

You know how I do security for the PC that handles my most critical data?

It's not plugged into the fucking Internet. That's how.

And what do you rely on if your computer gets stolen? How about if your computer suddenly craps out and you have to take it in for repair, and the repair shop has full access to all your files as soon as the power supply is fixed?

Re:The way I do security

[CRCulver]

If you move records from an internet-connected computer to this isolated computer via a removable drive, you may still be susceptible to attack. After all, Stuxnet and other viruses have spread this way. Viruses were already a problem for PC users long before network-connected device. And even if the computer is totally isolated from both networks and USB drives, the data can still be compromised through a TEMPEST attack (assuming you were a target for a state or especially savvy organized crime network).

Re:The way I do security

[swilde23]

I think what most of the people responding to this post aren't realizing (or acknowledging) is that your security needs to be appropriate for the data it's protecting.

If we're talking about a corporations backbone, then yeah saying "it's not connected to the internet" isn't acceptable.

If instead we're talking about some John Doe's personal data, then you aren't going to be attacked in the same way. Keeping it on a drive that has no internet access is probably good enough.

Re:The way I do security

[masternerdguy]

I fix the computers of friends and co workers all the time.

Re:The way I do security

[cffrost]

How about if your computer suddenly craps out and you have to take it in for repair, and the repair shop has full access to all your files as soon as the power supply is fixed?

Why would somebody (particularly somebody who posts on Slashdot) haul the entire machine to a repair shop to replace a dead PSU? Five minutes with a Phillips-head screwdriver and a replacement PSU — done.

Re:The way I do security

[jythie]

Not only that, but people are not really taking the APT element into account. The security that is appropriate for a computer siting around that no one knows about is pretty different from the security useful for when you have a targeted attack by a motivated entity. Even if you are just some random individual, a persistant attacker would probably do things like break into your house...

Re:The way I do security

[dbIII]

People don't remove their drives that contain sensitive information before sending them in for repair? You are right, some people don't know any better, but the sort of people that are interested in this discussion would know that full physical access means being able to get to anything on the machine.

Re:The way I do security

[L4t3r4lu5]

Ladies and gentleman, I present a quintessential example of the disconnect between "us" and "them".

My grandfather designed fuel line systems for Rolls Royce in his youth; His engineering knowledge is staggering. However, I know for a fact that he hasn't got the faintest idea what a Molex connector is, and why his three year old HP PC likely doesn't need any.

Translation:

[gman003]

Encryption doesn't do shit if they're grabbing it before encryption or after decryption. It's not a magic security bullet. It has its uses, but now it's become easier for Eve to hack Alice and read the plaintext than to intercept and brute-force the ciphertext. And when Alice is talking to not just Bob, but Carol and Dave, well, that makes Alice a high-value target worth spending time on.

Re:Translation:

[dbIII]

As an example of the above, the disturbing trend of using proxies on encrypted web traffic is opening a lot of people up for a full man in the middle attack where encryption doesn't matter. When people start getting used to accepting certs for a proxy they can be more easily tricked into passing things through a rogue proxy that is put in place for harvesting credit card details or whatever. Combine it with an open wireless access point in a busy area, or spoofed SSIDs for a more targeted approach, and you've conned a pile of people that think they know a lot about computers and think they are doing the right thing.
Also whatever criminal manages to crack a legitimate https proxy stands to gain a lot. It's only a matter of time because do you really think anyone that implements such a stupid idea is going to put in enough attention to detail to do it properly?

Understandable

In a world where cryptography gets used for DRM purposes, it is not surprising to think that someone would say it was "becoming less important".
If you understand cryptography, you know that the opposite is true: It is absolutely essential and therefore extremely important.
It is not a silver bullet designed to kill every security problem; nothing ever will be. That doesn't mean it's not important.

perhaps differently put

[ewertz]

Perhaps it's really just that encryption is a lesser part of the total solution, so in that respect, it's relatively less important than it used to be.

Now get that meat off of my cyberlawn!

Security was never about encryption

[qbitslayer]

The use of encryption is only intended to provide a way for legitimate remote users to gain supervised access to the system without having to hack into it. The real culprit behind bad security is software reliability. Attackers look for and try to exploit the defects in the software. Why is software defective? Because (it's the bugs, stupid!) the Turing/Von Neumann model of computing is inherently insecure and unreliable. Why? Because timing is not an essential part of the model. I predict that this decade will see the end of the Turing madness and that the future of computing is non-algorithmic. There is no alternative and the sooner, the better.

Re:Security was never about encryption

[hamster_nz]

I've read the links, and that is an awfully long bow to draw.

The use of encryption is to try and limit information to those that are intended to see it.

None of the ideas on your blogs address how to "end the Turing madness" in a way that will still allow you to post on Slashdot.

Re:Security was never about encryption

[qbitslayer]

None of the ideas on your blogs address how to "end the Turing madness" in a way that will still allow you to post on Slashdot.

I disagree but, just in case you missed it, read How to Solve the Parallel Programming Crisis.

Re:Security was never about encryption

[DamnStupidElf]

Non-algorithmic computing won't keep authentication, authorization, or privilege escalation bugs from happening. It won't prevent side-channel attacks or social engineering. It won't provide automatic segregation and compartmentalization of data. All the major problems we have today will still exist; they'll just happen synchronously.

What you should actually look into is formally verifiable software design where the model of computation and data representation can be formally analyzed and every program can be proven to adhere to a security policy that enforces capability-based access to data and resources, limited access to timing information to prevent remote timing attacks, fine-grained authentication and authorization directly tied to capabilities, and a formal proof verifier that can check the entire system from the BIOS to the running applications every time you turn the computer on. Forget trusted computing; we need provable computing.

Re:Security was never about encryption

[hamster_nz]

If you truly believe that then you should get an FPGA development kit and start your revolution. The are excellent at evolving a large state vector over time,

A large FPGA may have 2.5 megabits of state and clock rates of 500MHz, so you can update over 1,000,000,000,000,000 bits of state every second - about 1000 times what a CPU can do., They also have 300 pins of I/O, and a dozen interfaces of > 10Gb/s and the logic transform can be dynamically reprogrammed. Oh, can have 5,000 GigaMACs (multiply + accumulates per second) - about 4,000x that of a CPU core.

Maybe get yourself a small one - small development boards are under $100. Have a go - let me know how you get on. The same board can implement a system equivalent to a 486 CPU - 32 bits, 100MHz. Should be enough to get started with.

Re:Security was never about encryption

[steelfood]

I'm not sure that's possible. Humans think linearly. We're horrible at multitasking, and that applies to both sexes. The point of attack is still going to be the human interface, which is going to be linear.

You can theoretically use this idea to harden the software and hardware down all you want (though I'm not sure how you'd do that on a circuit level because electrical signals are processed linearly unless you outright move away from electrical signals and into something with more dimensions like chemical signals), but you can't remove the human element from computer security.

The tradeoff, as is the same in the non-electronic world, is between convenience and security. Most people aren't willing to trade a significant portion of their convenience for securing their data. It's a cost-benefit thing. You can actually calculate the amount of time spent being inconvenient and if it's more than what the data is worth as a secret, then it's not a practical security model. And most of the time, the data is worth less than the cost of the security around it.

Re:Security was never about encryption

[Raenex]

The use of encryption is only intended to provide a way for legitimate remote users to gain supervised access to the system without having to hack into it. The real culprit behind bad security is software reliability.

Encryption is used to send a message from A to B across an insecure network. Other uses are to prevent someone from getting access to stored data, such as on a portable flash drive. This has nothing to do with software reliability. Not acknowledging such basic facts makes you a crank.

certificates

[manu0601]

From TFA

One way to help shore up defenses would be to improve--or replace--the existing certificate authority infrastructure, the panelists said

Indeed. IMO SSL public keys could be stored in DNSsec protected DNS records. That way one would only have to trust the manager of the root zone and the TLD, which would be a good improvement compared to the CA debacle.

Re:certificates

[Lorens]

Indeed. IMO SSL public keys could be stored in DNSsec protected DNS records. That way one would only have to trust the manager of the root zone and the TLD, which would be a good improvement compared to the CA debacle.

Right, and when you buy example.com you should be able to sign certs for whatever.example.com for free.

Re:certificates

[manu0601]

Exactly, plus the ability to roll a new key with no delay.

Active Defense System

[wakeboarder]

Why can't you build a system to monitor and defend against attacks? Once a virus gains control of your system it is quite easy to find and remove based on file signatures (time installed,ect). If you know what you have and something changes you should be able to identify it. It would be easy to identify attacks on a network when things go outside the norm. "Well, lets see somebody opened up a bunch of ports and is transferring files to some random IP in X country that isn't on my list of recently accessed http sites, I think I'll shut those down. Oh, a user is downloading 20% more classified files than normal users, maybe we should pay him a visit and shut down his access until we figure out what is going on. Implementing such a system would be difficult, but patterns should be statistical and you should be able to see most of what goes on. Yes people could slip through the cracks, but if you develop a good model, you should be able to spot the differences between malicious and normal behavior.

Encryption doesn't protect you

[elucido]

so if you know the information the enemy will find out through you.

Legal system threats

[gmuslera]

Another reason that it could become less important is if the zone becomes a patent minefield. Maybe math is not patentable, or shouldn't be (but even natural genes get patented) but there are enough borders around it that could be used as excuse that could be a tool to force only the use of "approved" encryption methods.

Is he saying about all uses of cryptography?

[osoriojr]

Governments are trying to follow all our steps over the internet, intercepting and parsing everything we do. Encrypting our communications and trying to encrypt everything is the secure method to make the Internet freedom to us all.

Re:Is he saying about all uses of cryptography?

[compro01]

What's he's saying is encryption doesn't matter if there's shit in the system grabbing your stuff before the encryption or after the decryption.

He's probably just fed up.

[Animats]

I suspect he's just fed up with the state of software security, which is appallingly bad. We now have patch-and-release on everything. This turns out to be a failed strategy against competent attackers.

I used to work on secure microkernels in the 1980s. I thought that by now we'd have provably secure microkernels in ROM with a mandatory security model enforced. Systems like that have been built a few times for the three-letter agencies, but never went mainstream. Instead, we have bloated operating systems with a high churn rate, and far too much trusted software per system.

Ballmer used to call this "strategic complexity". As Ballmer once put it, when asked why Microsoft kept adding functions to Windows, "If we stopped adding functions to Windows, it would become a commodity, like a BIOS. And Microsoft is not in the BIOS business".

Most applications should be running with far less privileges than they have. But if they are locked down properly, their ad tracking, update checking, and self-modification won't work. The user would actually be in charge.

Cryptography only provides a secure way to communicate between secure regions. If there are few or no secure regions, it doesn't help much.

Re:He's probably just fed up.

[IamTheRealMike]

Secure microkernels in ROM with mandatory enforced security models did go mainstream, actually. Hundreds of millions of people have one in their living room, it's called a games console and they have a pretty enviable track record of being difficult to hack even by extremely competent attackers who have physical access to the machine. The sad thing is that despite Microsoft having a lot of in-house expertise in how to build these kinds of system, they deployed exactly none of it to build secure business workstations, instead that's been left to Google with ChromeOS which (you guessed it) is made up of layers of sandboxes with a secure ROM that integrity checks the next level up before running it. If you disable extensions, which I think admins can do remotely for managed domains, it's proven extremely difficult to penetrate.

Article leaves out some steps...

[khb]

Upon reflection, and not surprisingly, the expert has made a good point.

If due to an Advanced Persistent Threat (APT), your secret data was captured after it was decoded (as it must be to be actively used, or created, or transferred, at some point) or if the private keys are compromised (either due to torture, pressure on appropriate authorities, or captured as created (see above)) the benefit(s) of encryption are greatly reduced (even if the cryptosystem itself is very secure).

It is a bit of a chilling thought, and yes other posters have pointed to various good zones of defense, but Shamir's point is that some existing APTs in the wild have penetrated to the deepest levels.

As for the "air gap" method, as has been pointed out in other places, that's often compromised even for very secure infrastructures by people with laptops, cellphones, or compromised printers that are moved from one side of the "air gap" to the other....

Yes, because ...

[dbIII]

The problem as I see it is that not enough people actually care so it doesn't get used when it should. Other options that are not quite as good but you can actually get people to use are worth a try. Even military intelligence aerial camera footage gets sent in the clear in real time using publicly available codecs for anyone tuned to the right frequency for hundreds of miles to pick up. Trivial encryption is seen as just too much of a hassle. It's not seen as important.

I do not agree!

[endus]

I was just having a discussion about this at work today. Encryption should be ubiquitous now. There is no excuse. It's not "free" in terms of the resources it takes up, but it's pretty close. Everything should be encrypted in transit. Everything should be encrypted at rest. "Well you mean the table with the PII and not...." NO! I mean EVERYTHING. The servers drive should be encrypted. The entire database should be encrypted. Every network connection should be encrypted.

This doesn't mean encryption is a panacea solution to APTs or to any other security threat, but its an absolutely critical layer which is still not widely implemented enough. To prevent tampering, to prevent certain types of attacks, to prevent breaches through physical theft, etc. Saying encryption isn't as important anymore is like saying that keyboards aren't that important anymore. Sure, management shouldn't spend a lot of time worrying about them, and should be focusing on other problems instead....but that doesn't mean everything will be cool if everyone's keyboard is stolen overnight.

It needs to be there, and by there I mean everywhere. And its not. Every day developers are looking at security guys like, "huh??" because they are looking for encryption to be incorporated into the product. Or, they want to "just get the system built out" without encryption, but they'll totally enable it once everything is working perfectly and all the testing is done (FYI developers, security guys aren't falling for that, we realize that you really mean, 'we'll think about enabling it until we realize how many things it will break, and then we'll ship the product without it, ignoring the enormous liability it creates'). You would think things would be different now that its 2013...they are different, but not that much different. Security still isn't regarded as a core piece, or even an important feature, of most products.

Re:I do not agree!

[DigitAl56K]

I am a proponent for more widescale use of encryption, but I am against braindead application of it as you seem to advocate for. As has been called out time and time again, the application of the encryption is critically important to it fulfilling its role. It's easy to get it so wrong in practice that all you provide your users is a false sense of security that encourages them to put more highly sensitive material than they otherwise would have at risk. Then there are other considerations. Once you bring encryption into the fold on every single aspect of your product, how easy is it to test and debug? Is your time to market now twice as long because you have to develop special QA tools rath than use something off the shelf? Is the data actually sensitive? What are these "tampering" and "certain types of attacks" that this encryption is going to protect against? Do you and your team actually understand what they are? If you don't, how do you know the encryption scheme you're using protects against them? What about export restrictions? Where does your product need to be distributed? Does your encryption help at all if your servers are rooted, since they can presumably decrypt all the data anyway? Is the encryption giving you a false sense of security around your customers data? If everything your product does is encrypted, are your customers going to be happy about their ability to implement compatible products? How can customers trust and validate your product if they can't see how it works?

"Encrypt everything" isn't a very well thought-out plan.

Re:I do not agree!

[IamTheRealMike]

Encryption is not in any way "free". The calculations might be fast but the complexity of the key distribution and management infrastructures are never free.

Re:I do not agree!

[FireFury03]

The servers drive should be encrypted. The entire database should be encrypted.

Its not so simple. A server requires the drive to be mounted (and therefore decryptable) in order to function. So from the time the server is powered up until the time it is powered down, the file system is vulnerable - for a server that is powered on all the time, this means the window of opportunity for an attacker is huge. It stops a burglar from getting at the data after they unplug the machine and walk off with it, but if your server is in a secure datacentre then this isn't such a big worry - the concern is the server being compromised *while its running* (and as mentioned, servers tend to be running all the time). This could happen either by a remote attack, or by someone physically accessing the machine. So really, for an always-on server there often isn't a lot of point in encrypting it. Add to this that, unless you want to store the encryption key on the server itself (which rather defeats the point), you need to manually load it every time the server boots, which isn't great for failure resilliance.

And especially for I/O heavy servers (frequently the case with big DB servers), encryption is *not* free - it can have a significant performance hit.

There are places where filesystem encyption on servers makes sense - this is where the encrypted filesystems are only mounted for brief periods of time. For example, a server that is performing remote backups of another server can retrieve the key from the machine its backing up, mount the FS, do the backup, unmount the FS and wipe the local copy of the key. The window of opportunity for an attacker is relatively short there (the duration of the backup); although obviously if an attacker can load persistent malware on the machine they can have it capture the key when the backup next starts.

Re:I do not agree!

[indymike]

Security isn't a "core piece" because it is a pain in the ass for everyone but security people and easy to defeat most of the time. If you get root, collecting keys and salt for secure hashes becomes a lot easier. A good example is DRM - almost every crack comes from extracting keys. Most of the time, when you think encryption, your time would be better invested in say, keeping software up to date, auditing user permissions and doing other basic things that actually do have a big impact on real security. Almost every security choice is a trade between secure and easy to use. Magic solutions that claim somehow make everything secure often are not magic and not very secure. The let's encrypt everything concept is a virus of the mind - it sounds good, but in application is often riddled with a combination of bugs, assumptions and mistakes that result in big holes and big bills from security consultants. Oh, and with encryption you also inject a probability of data loss... some idiot losing a key is more of a threat that unauthorized access.

Re:I do not agree!

[endus]

"Getting it wrong" in the implementation stage is a function of developers not viewing security as part of their job. I'm not saying that we can eliminate mistakes and develop perfect code every time, but you have to try. The more experience developers get with implementing it and the more universal it becomes, the fewer mistakes they're going to make when implementing it. Right now, it seems to be regarded as a novelty by most developers.

I don't buy the "false sense of security" argument at all, sorry. If it's not encrypted I can absolutely guarantee its not secure. If it's encrypted then at least that's one layer of protection to help mitigate issues at the many other layers they can occur.

I also don't buy that implementing encryption is going to double your time to market. That's another excuse used because the initial impact is large, but as developers gain experience with it the impact will be reduced.

Here's the thing with your other questions. When the product gets built, maybe the information isn't sensitive or regulated. It will be, though. This will happen either by the regs changing, because of new customer requirements, or because the scope of what the product is handling will increase. I see it every day. Developers don't seem to get eyes on the questionnaires that security gets from customers too often, but they should. Customers are asking VERY detailed security questions now and some have very very stringent requirements. So your choice is, a.) build security into the product and make it part of the value proposition or b.) wait until you get hammered by a customer and either have to reinvent the wheel in three months (or two weeks!) or, worse, lose the business. This happens over and over and over again but no one seems to understand that getting AHEAD of these requirements is going to save money in the long term.

Export restrictions are a valid point, that one I accept.

"If your server is rooted" is specious. If someone spearfishes an employee and gains remote access to their machine they will be able to bypass the firewall...so we shouldn't have firewalls? No, that's obviously not true. Integrity, audit, access control are critical almost no matter what data you are hosting. Even if it's not regulated data, your customers will eventually be asking.

Re:I do not agree!

[endus]

You're right about key management. Good point.

Re:I do not agree!

[endus]

I get the point about the I/O heavy servers.

I don't agree with the always on server argument, though. Yes, it's not going to protect against many types of attacks, but it will protect against some and that is what's important. It's another layer. More importantly, it's a layer that is being increasingly asked for by customers whether or not any of us think it makes sense for a particular application. Building encryption in after the fact is an absolute nightmare and usually the costs and impact to production is going to be higher if you wait until you have to get it done in a month or you will lose a big deal. Better to implement it in the first place and put it in your marketing material so the question never even gets asked.

Re:I do not agree!

[endus]

I totally agree that it doesn't solve all your problems. If your security people are telling you it does you need new security people. The problem is that keeping software up to date, auditing user permissions and doing other basic things doesn't have as big an impact as you might think.

Well...ok...keeping software up to date does...and I can certainly write a huge diatribe about that too that will be no less universal and impassioned.

But it's all about layers and it's all about getting ahead of regs and requirements. Turn security into a feature of the product, not something you bolt on at the last minute. The more we implement encryption universally the easier it will be for developers and the more mature key management solutions will be.

Re:I do not agree!

[indymike]

Getting ahead of regs and requirements doesn't make anything secure. It's busywork.

Re:I do not agree!

[endus]

You must be a manager to have such a negative and limited point of view. If you look at the regs from the point of view of a manager, it's a checkbox to check. If you look at it from the perspective of a security engineer it's a driver to implement legitimate controls. All the regs have fluff and vagaries, but they all also have very useful requirements and provide a stick to make the business pay for reasonable controls.

It's also about liability. Sure, you can lie to your customers, but in addition to being unethical it means that if you have a breach you are in for a tremendous shitstorm. Comply with or, better yet, get ahead of the regs and you will be in a much stronger position to a.) not have a breach in the first place, b.) fare well in court if you do have a breach.

How about that?

[satuon]

Stop using email.

Re:APT?

[xenocide2]

Advanced Persistent Threat. The idea is that your threat is a state agent deliberately after you, not just the economically cheapest target (ie the one with the weakest security).

Just because THEY can doesn't me WE shouldn't

[Eraesr]

If there's some elite group of hackers who like to target high profile websites and services that can get past the most complex forms of encryption, then does that automatically mean we shouldn't use encryption anymore? For all I know, at the very least, encryption will keep out the 13 year old bedroom hackers who write vbscripts and call it a virus.

Similar to me having MAC filtering enabled on my wireless router. I know MAC filtering won't keep out the determined hacker, but it will be enough of a blockade for some wannabe punk that thinks it's cool to spend a weekend trying to access insecure wifi routers. To keep out more advanced and experienced intruders, more is needed, but that's no reason for me to just open the gate to every laptop owner with half a braincell who bookmarked a "hacking 101" tutorial.

Re:Just because THEY can doesn't me WE shouldn't

[Sigg3.net]

I used to log into unsecured Wifi network routers and change the SSID to "You need to protect your network" all caps.

It was probably illegal but the number of unprotected networks dropped to nil. Today routers are usually protected out of the box, and the owner is legally responsible for encrypting it.

APT?

[Porchroof]

What is APT?

It's a matter of motivation

[opscure]

The larger problem here is motivation of software developers, white hats, and black hats. The developers; whether it be open source or proprietary, tend to code towards a particular functionality and usually with deadlines. The white hats are preforming a job function to the best of their ability usually no more than 40-50 hours a week in teams. Whereas, the black hat is playing a game or solving a puzzle for personal enjoyment reasons. Now, I'm not saying that there is any weakness to any of the aforementioned groups, but when people do things for enjoyment, it tends to yield a higher chance of success especially when the black hat needs only to find a single point of attack in a system that largely extends from the digital realm or job functions of the software developer or the infosec ops.

Re:The ideology of "ME!"

[Hatta]

Code cannot be owned. Problem solved.

Anybody who sends a password in plaintext

[durdur]

in response to a reset request is not hashing passwords and would fail a security audit (but I have certainly seen sites like this). There is no reason for the remote site you are logging into to ever store your password, vs. storing a hash (a strong hash, repeated multiple times to make brute force reverse hashing difficult).

Re:Anybody who sends a password in plaintext

[demonlapin]

It doesn't send my old password; it sends a replacement password - Wqu@%$ or something like that - but it sends that in plaintext.