On 8/04/13 04:06 AM, Peter Gutmann wrote:

"Kevin W. Wall" writes:

...

I think you're giving the NSA way too much credit on why security sucks. Even if we were to restrict 'security' to the scope of cryptography, even there, I think the NSA has much less to do with dumbing down crypto security than other factors.

Exactly. If the NSA didn't exist at all the only difference we'd notice is that there'd be less of this weird obsession with ECDSA (via pressure to adopt Suite B). Computer security as a whole wouldn't suck any less.

I think we all suffer a fair amount of cognitive dissonance on this one. We all know stories. DES is now revealed as interfered with, yet for decades we told each other it was just parity bits. The same process happened to GSM -- MiBs specified the 40 bit key, but because it was a secret design, they didn't need to create a legend to hide the 16 bits of zeroes. Add in export control regs, add in the war against PRZ. If someone where to do a longitudinal study of the public knowledge of the interference, I think it would mount up. Individually, we can ignore those stories as conspiracy theory, but in aggregate, much harder.

...

IMO, the biggest factor is that 95% or more of developers are completely ignorant of best practices in cryptography.

At the other end of the scale, 99.9% of developers who do know security have no idea how to create *usable* security. At the moment there are exactly two crypto-using products I can think of that I'd feel confident a random member of the public could walk up and use, those being Skype and iMessage.

This is the good news. I think the message has finally got through that usability is more important than classical CIA, etc.

(Unfortunately to the crypto-purists they're not good enough because they're MITM-able. You should be tunnelling SIP over OpenVPN, it's really easy, here's a pointer to a list of links to 100-page discussion threads on web boards for ways of doing this that may work sometimes).

Yeah. This is a mystery to me, where did this crap come from? Although it aligns perfectly with the geek mentality, other specialties in CS tend to create a greater resistance to the guild mentality. I can't pin the causality on it as yet.

Incidentally, the NSA is, from all the reports I've seen, even worse than we are at making security usable. My favourite publication on security usability, Laura Heath's "An Analysis of the System Security Weaknesses of the US Navy Fleet Broadcasting System, 1967-1974, as exploited by CWO John Walker?", goes into this in more detail.

A great read! An interference attack can be extremely high-leverage. Being good at it can do a lot of damage. This however doesn't mean that one is any good at defence.

Peter.

iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE