[Cryptography] Bruce Schneier has gotten seriously spooked

David D david at 7tele.com
Sun Sep 8 08:47:31 PDT 2013 

The prior war did not occur in an environment with a semi-full disclosure of the enemy's capabilities.   Eliminating assumptions of capabilities and focusing solely on actual capabilities changes the battle field.   

The current filtering/censoring of the NSA documents (by the journalists) is causing a lot of finger pointing, WAGs, and wasted time.  A full Wikileaks style document dump of the Snowden material is what is needed and a resulting "known good" list would allow those technologies to be expanded and the "known bad" to be discarded.    

Snowden pieces I have been pondering:

1.  He was using Lavabit for at least one email account.  We do not know if he used Lavabit once or if he used Lavabit for everything.   Was he also using PGP on top of Lavabit?    He chose Lavabit for a reason...  Was it because of ECC or was it simply because it was not Gmail/Ymail/etc? 

2.  Greenwald et al were/are using TrueCrypt.   (Source:  http://www.forbes.com/sites/timworstall/2013/08/31/first-tragedy-then-farce-the-latest-ed-snowden-nsa-and-glenn-greenwald-security-blunder/)

3.  Snowden would only talk to Greenwald via PGP.  (Source:  http://www.huffingtonpost.com/2013/06/10/edward-snowden-glenn-greenwald_n_3416978.html)   

3.  Snowden stated, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on".  What his definition of "Properly implemented strong crypto" needs to be answered.

4.  It remains to be seen if Google actually gave the NSA a direct link or not.  Based on this comment, "By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document." I am not so sure.    Google is using SSL /w PFS on their web properties, TLS on outgoing mail to other TLS capable mail servers, POP3s, IMAPs, etc. etc.  If Google is -not- a bad actor and the NSA can pull mail off the wire/fiber then there are some fairly large security issues with SSL/TLS.


     

-----Original Message-----
From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of CypherPunk
Sent: Sunday, September 08, 2013 3:57 PM
To: cypherpunks at cpunks.org
Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked

On 09/08/2013 08:43 AM, Eugen Leitl wrote:
> 
> Of course, you might well be right about the future direction they 
> will have to travel because increasing volume in combination with 
> better end to end protection must be a nightmare scenario for them.  
> But I don't see this move happening all that soon because a 
> surprisingly large amount of the data in which they have an interest 
> crosses our networks with very little protection.  And it seems even 
> that which is protected has been kept open to their eyes by one means or another.

I believe we're headed back to the crypto wars of the 1990's. Except, this time, the cypherpunks are going to have to battle both a technical and a political adversary along with a fearful public who's easily convinced of whatever the government wants them to believe.

Once end point security and end to end encryption get good enough to keep them out, they'll start pushing for new laws requiring a backdoor.
The FBI tried this already only a few years ago.

Get ready for CryptoWars II. It's right around the corner.

Cypherpunk

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3392 / Virus Database: 3222/6632 - Release Date: 09/02/13

More information about the cypherpunks mailing list