Re: [Cryptography] Bruce Schneier has gotten seriously spooked
----- Forwarded message from Brian Gladman <brg@gladman.plus.com> ----- Date: Sun, 08 Sep 2013 00:32:50 +0100 From: Brian Gladman <brg@gladman.plus.com> To: Gregory Perry <Gregory.Perry@govirtual.tv> Cc: Cryptography Mailing List <cryptography@metzdowd.com> Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 On 07/09/2013 20:58, Gregory Perry wrote:
On 09/07/2013 02:46 PM, Brian Gladman wrote:
Because NSA and GCHQ are much more interested in attacking communictions in transit rather than attacking endpoints.
Endpoint attacks cost more to undertake, only give access to a limited amount of data and involve much greater risks that their attack will either be discovered or their means of attack will leave evidence of what they have done and how they have done it. The internal bueaucratic costs of gaining approval for (adverarial) endpoint attacks also makes it a more costly process than the use of network based interception.
There is significant use of open source encryption software in end to end encryption solutions, in file archivers, in wifi and network routers, and in protecing the communications used to manage and control such components when at remote locations. The open source software is provided in source code form and is compiled from source in a huge number of applications and this means that the ability to covertly substitute broken source code could provide access to a huge amount of traffic without the risks involved in endpoint attacks.
I would submit that the exact inverse is the real target - endpoint devices. There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades. It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs.
I don't have experience of how the FBI operates so my comments were directed specifcally at NSA/GCHQ interests. I am doubtful that very large organisations change their direction of travel very quickly so I see the huge investments being made in data centres, in the tapping of key commmunications cables and core network routers and 'above our heads', as evidence that this approach still works well for NSA and GCHQ. And I certainly don't think that volume is a problem yet since they have been able to invest heavily to develop the techniques that they use to see through lightweight protection and to pull out 'needles from haystacks'. Of course, you might well be right about the future direction they will have to travel because increasing volume in combination with better end to end protection must be a nightmare scenario for them. But I don't see this move happening all that soon because a surprisingly large amount of the data in which they have an interest crosses our networks with very little protection. And it seems even that which is protected has been kept open to their eyes by one means or another. Brian _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
On 09/08/2013 08:43 AM, Eugen Leitl wrote:
Of course, you might well be right about the future direction they will have to travel because increasing volume in combination with better end to end protection must be a nightmare scenario for them. But I don't see this move happening all that soon because a surprisingly large amount of the data in which they have an interest crosses our networks with very little protection. And it seems even that which is protected has been kept open to their eyes by one means or another.
I believe we're headed back to the crypto wars of the 1990's. Except, this time, the cypherpunks are going to have to battle both a technical and a political adversary along with a fearful public who's easily convinced of whatever the government wants them to believe. Once end point security and end to end encryption get good enough to keep them out, they'll start pushing for new laws requiring a backdoor. The FBI tried this already only a few years ago. Get ready for CryptoWars II. It's right around the corner. Cypherpunk
The prior war did not occur in an environment with a semi-full disclosure of the enemy's capabilities. Eliminating assumptions of capabilities and focusing solely on actual capabilities changes the battle field. The current filtering/censoring of the NSA documents (by the journalists) is causing a lot of finger pointing, WAGs, and wasted time. A full Wikileaks style document dump of the Snowden material is what is needed and a resulting "known good" list would allow those technologies to be expanded and the "known bad" to be discarded. Snowden pieces I have been pondering: 1. He was using Lavabit for at least one email account. We do not know if he used Lavabit once or if he used Lavabit for everything. Was he also using PGP on top of Lavabit? He chose Lavabit for a reason... Was it because of ECC or was it simply because it was not Gmail/Ymail/etc? 2. Greenwald et al were/are using TrueCrypt. (Source: http://www.forbes.com/sites/timworstall/2013/08/31/first-tragedy-then-farce-...) 3. Snowden would only talk to Greenwald via PGP. (Source: http://www.huffingtonpost.com/2013/06/10/edward-snowden-glenn-greenwald_n_34...) 3. Snowden stated, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on". What his definition of "Properly implemented strong crypto" needs to be answered. 4. It remains to be seen if Google actually gave the NSA a direct link or not. Based on this comment, "By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document." I am not so sure. Google is using SSL /w PFS on their web properties, TLS on outgoing mail to other TLS capable mail servers, POP3s, IMAPs, etc. etc. If Google is -not- a bad actor and the NSA can pull mail off the wire/fiber then there are some fairly large security issues with SSL/TLS. -----Original Message----- From: cypherpunks [mailto:cypherpunks-bounces@cpunks.org] On Behalf Of CypherPunk Sent: Sunday, September 08, 2013 3:57 PM To: cypherpunks@cpunks.org Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked On 09/08/2013 08:43 AM, Eugen Leitl wrote:
Of course, you might well be right about the future direction they will have to travel because increasing volume in combination with better end to end protection must be a nightmare scenario for them. But I don't see this move happening all that soon because a surprisingly large amount of the data in which they have an interest crosses our networks with very little protection. And it seems even that which is protected has been kept open to their eyes by one means or another.
I believe we're headed back to the crypto wars of the 1990's. Except, this time, the cypherpunks are going to have to battle both a technical and a political adversary along with a fearful public who's easily convinced of whatever the government wants them to believe. Once end point security and end to end encryption get good enough to keep them out, they'll start pushing for new laws requiring a backdoor. The FBI tried this already only a few years ago. Get ready for CryptoWars II. It's right around the corner. Cypherpunk ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3392 / Virus Database: 3222/6632 - Release Date: 09/02/13
participants (3)
-
CypherPunk -
David D -
Eugen Leitl