Who bought off Zimmermann?

Jon Callas jon at callas.org
Sat Aug 31 00:13:28 PDT 2013


On Aug 30, 2013, at 8:43 PM, grarpamp <grarpamp at gmail.com> wrote:

> Are we sure? This seems to tell us they are doing traffic analysis and so forth.
> It doesn't seem to say much about cryptanalytic capabilities. For all we know
> they could have all the crypto in the bag but need analysis to identify
> talkers due to people being exceedingly careful about the message content.

I consider delivering a zero-day to be a form of cryptanalysis. I believe that they do, too. I've been harping on that for some time.

> 
> "Blue hen rides over the book on the left side when the sun is low.
> Do you copy?"
> 
> Now if someone leaked all the secret crypto capabilities docs out
> in public, or someone else got in trouble solely from what they
> properly encrypted, then we'd know whether or not the crypto works.

I recognize that I have a tendency to be glib in one sentence and then rigorous in another and that's a character flaw. It's glib to say both "the crypto works" and "zero days are cryptanalysis" in many respects.

When I say, "the crypto works" I mean the basic structures. We know how to build block ciphers. We figured out hash functions a few years ago. We understand integer-based public-key cryptography well enough that it gives us the creeps. We kinda sorta understand ECC, but not as well as we think we do. I think our understanding of ECC is like our understanding of hash functions in 2003. Meow.

The protocols mostly work, except when they don't. The software is crap. It's been nearly fifteen years since Drew Gross enlightened me by saying, "I love crypto; it tells me what part of the system not to bother attacking."

Look at it anthropicly. We know the crypto works because the adversary says they're looking at metadata. To phrase that differently, they're looking at metadata because the crypto works! Look at things like Fishbowl, even. It's easy to get dazzled by the fact that Fishbowl is double encryption to miss that it's really double *implementations*.

The crypto works. The software is crap.

Think like the adversary. Put yourself in their shoes. What's cheaper, buying a 'sploit or cracking a cipher? Once you start buying 'sploits, why not build your own team to do them yourself, and cut out the middleman? Every other part of the tech world has seen disintermediation, what makes you think this is different.

On the other end of things, there's traffic analysis. We have seen -- stuff -- from them over the last decade. Papers on social graph analysis, pattern analysis. Emphasis on malware, validation, and so on. 

Here's another analogy. Imagine that you're looking at a huge, fantastically complex marching band. You're trying to figure out who all is doing what to what parts of the music and it's horribly complex. And then accidentally one day, you lose the audio feed and then realize that it's *easier* to tell what the band is doing when the sound is off.

Aphasiacs are (so I am told) good at telling truth from lies because they look at the face rather than listen to the voice. They analyze the metadata, because they can't hear the data and it works *better*.

Traffic analysis is what you do if your feed from the marching band loses its audio. It's what you do if you're aphasiac -- which is *exactly* what happens when the crypto works, by the way.

Thus with a large budget, you do both. With one hand, you crack the crypto by cracking the software. When it works it works. When it doesn't, it doesn't. Stop stressing. With the other hand, you revel in the glory of silence. In silence you can think. You watch the band, you watch square dance. You just watch who is pairing with whom, where the lines cross and the beats are. Sometimes you can even guess the tune by watching the dance (which is also cryptanalysis).

And all of that is why the problem in email isn't the crypto, it's SMTP.

	Jon





More information about the cypherpunks mailing list