[cryptography] "Meet the groundbreaking new encryption app set to revolutionize privacy..."

ianG iang at iang.org
Thu Feb 7 03:52:17 PST 2013

On 7/02/13 02:35 AM, Jeffrey Walton wrote:
> On Wed, Feb 6, 2013 at 7:17 AM, Moti <m at cyberia.org.il> wrote:
>> Interesting read.
>> Mostly because the people behind this project.
>> http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html
> No offense to folks like Mr. Zimmermann, but I'm very suspect of his
> claims. I still remember the antithesis of the claims reported at
> http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.

When we [0] were building the original Hushmail applet, we knew the flaw - 
the company could switch the applet on the customer.  The response to that 
was to publish the applet, and then the customer could check the applet 
wasn't switched.

Now, you can look at this two ways:  one is that it isn't perfect as  
nobody would bother to check their applet.  Another is that it isn't  
perfect but it was a whole lot better than futzing around with OpenPGP  
keys and manual decrypting.  And it was the latter 'risk' view that won,  
Hushmail filled that niche between the hard core pgp community, and the  
people who did business and needed an easy tool.

This is also the same thing that is the achilles heel of Skype.  It turns 
out (rumour has it) that the attack kit for Skype that circulated in the 
late 00s amongst the TLAs was simply a PC breach kit that captured the 
Skype externals - keystrokes, voice, screen etc.  Once the TLAs had that, 
they were happy and they shut up.  It was easier for them to breach the PC, 
slip in the wrapper tacker, and listen in than seriously hack the skype 
model.  And, then, media perception that Skype was unhackable worked again, 
everyone was happy.

Same will be true of Silent Circle, and they will already know this (note 
that I have nothing to do with them, I just read the model like anyone 
else).  The security requirement here is that they don't need it to be 
completely unbreakable, they just have to push 99% of the attacks onto the 
next easy thing -- the phone itself.  Security is lowest common  
denominator, not highest uncommon numerator.  See below.

FWIW, their security model looks pretty damn good, in that it is nicely  
balanced to their business model (the only metric that matters) and they  
trialled this through several iterations (ZRTP, I think).  They are the  
right team.  Even their business customer looks fantastic (hints abound).  
If you're looking for an investment tip, this wouldn't be so far off ;)

> I'm also suspect of "... the sender of the file can set it [the
> program?] on a timer so that it will automatically bburnb - deleting
> it [encrypted file] from both devices after a set period of, say,
> seven minutes." Apple does not allow arbitrary background processing -
> its usually limited to about 20 minutes. So the process probably won't
> run on schedule or it will likely be prematurely terminated. In
> addition, Flash Drives and SSDs are notoriously difficult to wipe an
> unencrypted secret.

Don't be suspicious, be curious -- this is where security is at. Remember:  
The threat is always on the node, it is never on the wire.

Looking back at that Hushmail app, another anecdote.  When I was doing  
business with a guy who was security paranoid, he used an unpublished nym, 
encrypted his messages with PGP, and then sent them via Hushmail to me.  
Life then turned aggressive, and we ended up in court.  His side demanded 
discovery.  I took all his untraceable, pgp-encrypted and  
Hushmail-protected mails and filed them in as cleartext discovery, as I  
was severely told to do by the court.  Oops.  From there they entered into 
the transcript as evidence, and from there, others were able to acquire the 
roadmap via subpoena.

The threat is always on the node.  Never the wire.

Your node, your partners node, your partner's friend's node ....  It is  
this that the Mission Impossible deletion feature is aimed at, and it is  
this real world node threat that it viably addresses.  This is what people 
want.  The fact that it is theoretically imperfect doesn't make it 

> Perhaps a properly scoped PenTest with published results would ally my
> suspicions. It would be really bad if people died: "... a handful of
> human rights reporters in Afghanistan, Jordan, and South Sudan have
> tried Silent Textbs data transfer capability out, using it to send
> photos, voice recordings, videos, and PDFs securely."

Nah, this again is the wrong approach.  Instead think of it this way: of 
100 human rights reporters, if 99 are protected by this tool, and one  
dies, that is probably a positive.  If 100 human rights reporters are  
scared away by media geeks that say it is unlikely to be perfect, and  
instead they use gmail, and 99 are caught (remember Petreus) then this is 
probably a negative.

Human rights reporters already put their life on the line.  Your mission  
is not to protect their life absolutely, as if we are analysing the need  
for a neighbour's swimming pool fence, but to make their reporting more  
efficient.  Which coincidentally also means raising the chances that they 
live to report the next one.

Risks, not absolutes.


[0] I saw we - my company had a hand in the original crypto back when  
Hushmail was Cliff+1.  FWIW.

cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list