On 7/02/13 02:35 AM, Jeffrey Walton wrote:
On Wed, Feb 6, 2013 at 7:17 AM, Moti <m@cyberia.org.il> wrote:
Interesting read. Mostly because the people behind this project. http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_...
No offense to folks like Mr. Zimmermann, but I'm very suspect of his claims. I still remember the antithesis of the claims reported at http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.
When we [0] were building the original Hushmail applet, we knew the flaw - the company could switch the applet on the customer. The response to that was to publish the applet, and then the customer could check the applet wasn't switched. Now, you can look at this two ways: one is that it isn't perfect as nobody would bother to check their applet. Another is that it isn't perfect but it was a whole lot better than futzing around with OpenPGP keys and manual decrypting. And it was the latter 'risk' view that won, Hushmail filled that niche between the hard core pgp community, and the people who did business and needed an easy tool. This is also the same thing that is the achilles heel of Skype. It turns out (rumour has it) that the attack kit for Skype that circulated in the late 00s amongst the TLAs was simply a PC breach kit that captured the Skype externals - keystrokes, voice, screen etc. Once the TLAs had that, they were happy and they shut up. It was easier for them to breach the PC, slip in the wrapper tacker, and listen in than seriously hack the skype model. And, then, media perception that Skype was unhackable worked again, everyone was happy. Same will be true of Silent Circle, and they will already know this (note that I have nothing to do with them, I just read the model like anyone else). The security requirement here is that they don't need it to be completely unbreakable, they just have to push 99% of the attacks onto the next easy thing -- the phone itself. Security is lowest common denominator, not highest uncommon numerator. See below. FWIW, their security model looks pretty damn good, in that it is nicely balanced to their business model (the only metric that matters) and they trialled this through several iterations (ZRTP, I think). They are the right team. Even their business customer looks fantastic (hints abound). If you're looking for an investment tip, this wouldn't be so far off ;)
I'm also suspect of "... the sender of the file can set it [the program?] on a timer so that it will automatically b burnb - deleting it [encrypted file] from both devices after a set period of, say, seven minutes." Apple does not allow arbitrary background processing - its usually limited to about 20 minutes. So the process probably won't run on schedule or it will likely be prematurely terminated. In addition, Flash Drives and SSDs are notoriously difficult to wipe an unencrypted secret.
Don't be suspicious, be curious -- this is where security is at. Remember: The threat is always on the node, it is never on the wire. Looking back at that Hushmail app, another anecdote. When I was doing business with a guy who was security paranoid, he used an unpublished nym, encrypted his messages with PGP, and then sent them via Hushmail to me. Life then turned aggressive, and we ended up in court. His side demanded discovery. I took all his untraceable, pgp-encrypted and Hushmail-protected mails and filed them in as cleartext discovery, as I was severely told to do by the court. Oops. From there they entered into the transcript as evidence, and from there, others were able to acquire the roadmap via subpoena. The threat is always on the node. Never the wire. Your node, your partners node, your partner's friend's node .... It is this that the Mission Impossible deletion feature is aimed at, and it is this real world node threat that it viably addresses. This is what people want. The fact that it is theoretically imperfect doesn't make it unreasonable.
Perhaps a properly scoped PenTest with published results would ally my suspicions. It would be really bad if people died: "... a handful of human rights reporters in Afghanistan, Jordan, and South Sudan have tried Silent Textbs data transfer capability out, using it to send photos, voice recordings, videos, and PDFs securely."
Nah, this again is the wrong approach. Instead think of it this way: of 100 human rights reporters, if 99 are protected by this tool, and one dies, that is probably a positive. If 100 human rights reporters are scared away by media geeks that say it is unlikely to be perfect, and instead they use gmail, and 99 are caught (remember Petreus) then this is probably a negative. Human rights reporters already put their life on the line. Your mission is not to protect their life absolutely, as if we are analysing the need for a neighbour's swimming pool fence, but to make their reporting more efficient. Which coincidentally also means raising the chances that they live to report the next one. Risks, not absolutes. iang [0] I saw we - my company had a hand in the original crypto back when Hushmail was Cliff+1. FWIW. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE