Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Encryption Is Not the Solution

Posted by Soulskill on from the more-cowbell-still-in-the-running dept.

CowboyRobot writes "Poul-Henning Kamp argues that the 'recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: "More encryption is the solution." This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.' His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: 'There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and "whatever-as-service" providers and make them an offer they couldn't refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'"

11 of 207 comments (clear)

  1. No story? by Anonymous Coward · · Score: 5, Insightful

    No link to any story at all? Since when does Slashdot provide a private blogging platform on the front page?

  2. In this scenario, the endpoint is compromised. by Arancaytar · · Score: 5, Insightful

    In that case, indeed, no amount of encryption will save you.

    1. Re:In this scenario, the endpoint is compromised. by Anonymous Coward · · Score: 2, Insightful

      It has to be emphasised that this therefore DOES NOT lead to the conclusion "More Encryption Is Not the Solution". The (as of yet unlinked) article is wrong on a fundamental level if this is what it tries to argue.

    2. Re:In this scenario, the endpoint is compromised. by DuckDodgers · · Score: 4, Insightful

      Right. This "More Encryption is Not the Answer" assumes everyone continues to use the big cloud corporations for the data.

      If I host my own email and use PGP, host my own distributed social network instance, browse the internet through Tor, use Yacy for search where possible, etc... then all I have to do is ensure my SSL certificate is valid (or use a self-signed one but find a secure way to distribute the signature to my friends). I can do that, the problem is that Johnny Public doesn't care to do it.

      Which leads me to the conclusion that the solution to the NSA problem isn't a political one, it's an engineering one. It's a huge engineering problem, but the cynic in me says the open source community will get far more accomplished with regards to reigning in government surveillance than our elected officials.

  3. Complete idiocy by Anonymous Coward · · Score: 5, Insightful

    In other news, locks do not work if someone gains a copy of your key. Therefore more locks are not the solution, and locks actually harm security!

    Wait...what?

    This is complete rubbish. Of course encryption doesn't work if you are trusting a giant cloud corp. not to have a man on the inside corrupting the encryption process.

    That is the exact reason why more encryption is the answer! People need to be taking the issue into their own hands, using their own (open source) personal or community-driven encryption schemes that are provably secure. Trusting a giant corp. to generate your keys for you and presuming that is THE ONLY WAY encryption can work is such fantastically F.U.D I don't even know where to begin.

    1. Re:Complete idiocy by elewton · · Score: 3, Insightful

      Setting up GPG is easy. The difficulties associated with secure key management increase significantly with time.

  4. better title:some common encryption practices suck by ron_ivi · · Score: 5, Insightful
    Encryption isn't fundementally the problem here.

    The problem is insecure distribution and control of private keys. (i.e. https that depends on trusting Certificate Authorities that appear easy to abuse by governments).

    Better solutions could exist --- for example if HTTPS would only work after checking both certificates from a "trusted" certificate authority *and* a self-signed cert. That way all you rely on is that the CA wasn't compromised when you first exchanged the keys for the self-signed cert. Once that happens, even if a CA cooperates with an oppressive regime later, the self-signed cert would keep you safe.

  5. Re:Call it the Fermat's Last Theorem Effect by TWX · · Score: 5, Insightful

    Like bank transfers and just about all financial-services communications?

    There are so many people that move around in this world that I expect good old-fashioned sneakernet with one-time pads will just become the norm, especially when time is not necessarily of the essence. When more data is needed then micro-SD will be employed, and encrypted connections will be left for when absolutely necessary.

    When I was a kid, if my friends and I wanted to meet up, we had to generally all agree where we were going to meet in-advance, generally at school or when we were previously together, or a few of us had to decide and then had to manually pass the word on to others, who in-turn passed the word on to others until everyone was notified. We could coordinate and plan without "the authorities" in the form of our parents really knowing what was going on if we chose to keep them uninformed.

    If the evil "they" still want to do us harm they can do it entirely offline. They proved that with how long it took to identify Osama Bin Laden's location, he avoided all outgoing traffic other than couriers and it took years to find him.

    The brothers that bombed the Boston Marathon managed to avoid being caught in advance due to a typographical error. A Buttle/Tuttle type of snafu literally lead to the older brother's slipping through the cracks. Even after all of everything that happened, the younger brother was caught because a homeowner noticed some blood on his boat. Helicopters, infrared, and door-to-door searches failed to find him.

    It hasn't been demonstrated satisfactorily to me that heavy encryption means that there's anything relevant to the authorities being transmitted therein.

    --
    Do not look into laser with remaining eye.
  6. Re:quick key repetition by Anonymous Coward · · Score: 1, Insightful

    After about 15000 connections you would see the first repetition of a key. That scheme would be discovered in NO TIME.

    Admit it: You're not poring over and analyzing every key that passes through HTTPS. No, seriously, you're not. And you haven't been doing so, EVER, for your entire internet life. Yes, yes, I know, NOW you're going to concoct some harebrained scheme on your firewall to look for it, post it on GitHub, and brag about how l337 you are to all your fellow tinfoil haberdashery fashion designers. But only now that someone's put that idea in your head. You absolutely, ultimately never would've figured that out on your own.

    Now, let's say they come up with a completely different scheme. Or, let's say they don't. You never know. Go foil it.

    What? No, that's all the information I'm giving you: "A scheme, or maybe not". That's all the information you'd get in that situation. So get to work, hotshot.

  7. Re:Serve yourself. by Anonymous Coward · · Score: 2, Insightful

    Your mistake is to think in absolutes. It is not because you have multiple non anonymous parts of your life that you should give up on protecting whatever you can of your privacy.

    Yes, certainly you are not 100% safe, but an open source OS will be messed with by a large number of people and anyone who finds an irregularity will raise the flag. You cannot have a certainty of security, but you certainly have a lot more chance of detecting misdeeds than with closed source.

  8. Re:The NSA says never encrypt... by hawguy · · Score: 3, Insightful

    Microsoft can simply request your graphics card to take regular snapshots of your screen, and you will never know this because the message stream to the GPU (for protected path functions) is encrypted with protected path control keys. A full screen JPG is quite a small file even for a high-resolution screen, and can be sneaked out to an NSA server with you standing ZERO chance of noticing the traffic blip

    I took a full screen snapshot of my 1920x1080 screen (maximized browser window with this Slashdot page loaded, so there's a lot of white space on the screen) and saved it as a JPG. The size of the default quality JPG was 480KB (which looked about the same as the corresponding PNG which was only 275KB). I created JPG's of decreasing quality until the text became mostly illegible, that happened at a quality level of "7" (on a scale of 1 - 100 with 100 being the best). The resulting JPG ended up being 95KB in size.

    That's not exactly what I could call "quite a small file", and though many people wouldn't notice that size file going out periodically (every hour? every minute?), it's big enough that some would - especially paranoid people that are worried about someone spying on them. 95KB sent out every minute would be around 15kbit/second on average, so it's definitely enough to be noticable.