More precisely its the exposed meta-data in the SMTP. But why would you use meta-data rich transport for silent circle internal-mail? (Internal-mail I mean silent circle user to silent circle user vs external mail being smtp mail to silent circle user or silent circle user to smtp mail user). I said it before, but again: why not cancel external mail, and leave the internal mail working - silent circle obviously have the tech for that because they have SMS equivalent in-mail. Good for you: users who want to continue to communicate will encourage the people they are communicating with to also pay for subscriptions. Maybe you could allow people to give each other gifts of 1month membership, which you hope they extend themselves; or some referal system with a bonus free month to the existing user etc. Now there might be some software legacy, but that seems straight forward enough. The crypto gap is purely the in and out mail. (Other than forced software changes, but others have discussed how to combat that issue, and some claim legal advice is that its harder for the mil-int community to legally force companies to change their software. (Hushmail saga not withstanding!) Adam On Sat, Aug 31, 2013 at 12:13:28AM -0700, Jon Callas wrote:
On Aug 30, 2013, at 8:43 PM, grarpamp <grarpamp@gmail.com> wrote:
Are we sure? This seems to tell us they are doing traffic analysis and so forth. It doesn't seem to say much about cryptanalytic capabilities. For all we know they could have all the crypto in the bag but need analysis to identify talkers due to people being exceedingly careful about the message content.
I consider delivering a zero-day to be a form of cryptanalysis. I believe that they do, too. I've been harping on that for some time.
"Blue hen rides over the book on the left side when the sun is low. Do you copy?"
Now if someone leaked all the secret crypto capabilities docs out in public, or someone else got in trouble solely from what they properly encrypted, then we'd know whether or not the crypto works.
I recognize that I have a tendency to be glib in one sentence and then rigorous in another and that's a character flaw. It's glib to say both "the crypto works" and "zero days are cryptanalysis" in many respects.
When I say, "the crypto works" I mean the basic structures. We know how to build block ciphers. We figured out hash functions a few years ago. We understand integer-based public-key cryptography well enough that it gives us the creeps. We kinda sorta understand ECC, but not as well as we think we do. I think our understanding of ECC is like our understanding of hash functions in 2003. Meow.
The protocols mostly work, except when they don't. The software is crap. It's been nearly fifteen years since Drew Gross enlightened me by saying, "I love crypto; it tells me what part of the system not to bother attacking."
Look at it anthropicly. We know the crypto works because the adversary says they're looking at metadata. To phrase that differently, they're looking at metadata because the crypto works! Look at things like Fishbowl, even. It's easy to get dazzled by the fact that Fishbowl is double encryption to miss that it's really double *implementations*.
The crypto works. The software is crap.
Think like the adversary. Put yourself in their shoes. What's cheaper, buying a 'sploit or cracking a cipher? Once you start buying 'sploits, why not build your own team to do them yourself, and cut out the middleman? Every other part of the tech world has seen disintermediation, what makes you think this is different.
On the other end of things, there's traffic analysis. We have seen -- stuff -- from them over the last decade. Papers on social graph analysis, pattern analysis. Emphasis on malware, validation, and so on.
Here's another analogy. Imagine that you're looking at a huge, fantastically complex marching band. You're trying to figure out who all is doing what to what parts of the music and it's horribly complex. And then accidentally one day, you lose the audio feed and then realize that it's *easier* to tell what the band is doing when the sound is off.
Aphasiacs are (so I am told) good at telling truth from lies because they look at the face rather than listen to the voice. They analyze the metadata, because they can't hear the data and it works *better*.
Traffic analysis is what you do if your feed from the marching band loses its audio. It's what you do if you're aphasiac -- which is *exactly* what happens when the crypto works, by the way.
Thus with a large budget, you do both. With one hand, you crack the crypto by cracking the software. When it works it works. When it doesn't, it doesn't. Stop stressing. With the other hand, you revel in the glory of silence. In silence you can think. You watch the band, you watch square dance. You just watch who is pairing with whom, where the lines cross and the beats are. Sometimes you can even guess the tune by watching the dance (which is also cryptanalysis).
And all of that is why the problem in email isn't the crypto, it's SMTP.
Jon