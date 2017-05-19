This Week In Techdirt History: May 14th - 20th >>
Privacy

by Tim Cushing

Fri, May 19th 2017 7:39pm


Filed Under:
encryption, end to end encryption, messaging, senate, signal



Senate Given The Go-Ahead To Use Encrypted Messaging App Signal

from the feinstein,-burr-will-continue-to-use-AOL-chatrooms dept

Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals.

It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications.

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.

ZDNet has learned the policy change went into effect in March.

If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity.

This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity.

If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with.

Reader Comments

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:04pm

    Interesting article. Having done a little work in the area of encryption, I have always been suspicious of the government's role, even in things like DES and AES. After DES was "broken", the group that promoted it basically said "yeah we knew that", but much after the fact. That is, they knew it was insecure, but promoted it as secure. Why do people believe that AES is secure? The argument is that IF all the details of an encryption scheme (symbol size, Galois Field primitive polynomial definition, encoding group size, substitution table non-linear values, etc.) are publicly disclosed, AND no one publicly shows how to break it, THEN it is secure. I am skeptical. They said the same about DES, then basically laughed about it. Personally, I think it likely that the government ALREADY HAS the backdoors for ALL public encryption standards. Just my opinion, but it is backed up by pretty solid history in this area.

    reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 19 May 2017 @ 10:17pm

      Re: Why do people believe that AES is secure?

      Because it wasn’t created by the US Government.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 7:23pm

        Re: Re: Why do people believe that AES is secure?

        He gives the government way too much credit, lol. Like the government is smart enough to actually produce anything innovative like being able to crack a widely used never before cracked cipher. LOL.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 May 2017 @ 7:51pm

          Re: Re: Re: Why do people believe that AES is secure?

          Well, I would just point you to the history of DES. Take a look. In my recollection, the government influenced the design to be weaker than it had to be. Then, years later, it was proven to be too weak. How did that happen and for what purpose? I got the impression they knew exactly what they were doing all along, years before anyone else did. Could it happen again? That's my point.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 7:21pm

      Re:

      Perhaps it's the case that there could exist an algorithm that can efficiently solve a math problem but that algorithm itself is difficult to solve. Once that algorithm is solved, however, then solving related math problems becomes easy. Maybe there is a way to efficiently factor the multiple of two large prime numbers, for instance, we just don't know how to do it yet.

      But the chances that the government knows how to do it but the public doesn't are pretty low.

      One of the things about cryptography is that no encryption algorithm should be created and used in house without public scrutiny. All algorithms should go through a long period of public scrutiny before being approved for use. Standard algorithms, not non-standard in-house, algorithms are considered safer exactly because they went through a much more thorough testing process that involves a whole lot more very intelligent people before they got approved. It's why the government, IIRC, now uses encryption standards in opposed to stuff that they made in house. Exactly because their in house ciphers later turn out to be garbage.

      Given the fact that the public can much more thoroughly scrutinize a cipher than the small group of people working for the government (and, remember, it's not like the government is composed of the most intelligent meritorious people. They're the government, classic example of lazy people that take your money and don't have the merit to make their own money by actually working. It's the private sector of individuals that are much more intelligent) all it takes is for one person to find a flaw in the cipher, publicly present it, and everyone will know its weakness. Then new ciphers will be worked on. and that's exactly how cryptography advances. Older ciphers become obsolete and get replaced by newer, better, ciphers that don't have the same weaknesses as the older ones. One day AES may also get replaced as weaknesses are found but, in the meantime, it's unlikely that there is a secret esoteric weakness that only our dumb government knows about but the many very smart people that scrutinize these ciphers can't yet figure out.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 7:45pm

        Re: Re:

        Personally, I don't think it wise to depend upon the poor intelligence of the government. What they lack in intelligence they more than make up for in resources (that they got from us). One of my mentors as a young man was Dr. Walter Tuchman of IBM fame, and although quite brilliant himself, he had a LOT of respect for the government based on first hand experience. I would never discount their abilities, and it is usually healthy to question their motives. Abide by the law, no doubt, but question their motives and not their ability. They're smarter than they look. That's part of the "intelligence" show in that sector.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:32pm

    Remember the movie "The Imitation Game" about Alan Turing? Very interesting from many angles. Did he tell the world that he cracked the German's code at the time he did it? Of course not. I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government. Does anyone else find that incredible?

    reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 19 May 2017 @ 10:19pm

      Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

      No need to trust the US Government, or any other Government--just look at what the encryption experts in the open-research community themselves are using--they recommend AES-128.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 May 2017 @ 10:32pm

        Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

        Right (sarcasm). They recommend disclosing a LOT of VERY USEFUL information to ANY ATTACKER, and then say TRUST ME IT'S REALLY UNBREAKABLE even if you HELP ME BREAK IT. If, for example, you made simple modification of the symbol size (say 4 bits or 16 bits instead of 8 bits), you could not argue it was less secure, it could only be more secure. In fact, the more DIFFERENT your scheme is from the PUBLICLY KNOWN scheme (as long as the mods are mathematically sound) the more secure it is by definition, right?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:46pm

          Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

          Actually, sorry for the sarcastic tone, that's a bad habit of mine. My point is that people that don't use AES will NEVER tell you they are not using AES. If there IS a back door to AES, they will NEVER tell you there is. My secondary point is that using the "open-research" community, which conjures up images of well meaning professors with academic interests and funny glasses on the end of their nose, to validate and certify the best funded, most aggressive and successful espionage services in the world (all of them) seems risky, at least.

          reply to this | link to this | view in chronology ]

          • icon
            ThaumaTechnician (profile), 20 May 2017 @ 7:15am

            Re: Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

            No need to apologize for your sarcastic tone, I was reading your comments and adding a lot of sarcastic comments of my own.

            If you knew enough about cryptography to be able to make comments worth paying attention to, you wouldn't be making the comments that you are making.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 20 May 2017 @ 7:21am

              Re: Re: Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

              Well, you've done a pretty good job of hiding your meaning, which is...what? I'm an idiot? I would just say, compared to who? You? Einstein? Turing? Do you actually have anything to say? Spit it out.

              reply to this | link to this | view in chronology ]

              • icon
                OldMugwump (profile), 20 May 2017 @ 11:33am

                Re: Re: Re: Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

                A pretty classic crypto mistake is to invent one's own algorithm, thinking that by using a secret algorithm instead of a published one, you're more secure.

                Unless you're a world-class crypto expert (and maybe even then), you can't possibly come up with a scheme that's more secure than one that has been vetted by dozens of true crypto experts (many of whom do *not* work for your adversary).

                There are lots of techniques for cracking crypto, which, unless you're an expert, you've never heard of.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 20 May 2017 @ 7:58pm

                  Re: Re: Re: Re: Re: Re: Re: I just find it an incredible argument to go to your adversary (the government) to define the encryption scheme (AES) to protect yourself from that same government.

                  Yes, I understand your points. My point is that when the government (or anyone else) says "trust me", I immediately become suspicious. Their certification MUST be motivated by self interest, right? Or would you propose that they REALLY want people to hide information? That seems unlikely to me. I am not saying "invent your own algorithm". I am saying "even small changes may be big improvements", if indeed AES (or other schemes) already have been secretly broken.

                  reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2017 @ 8:44pm

    If the 'government' already has the ability to decrypt AES, why the cries about going dark...

    It's all a show, no matter which perspective you have on it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2017 @ 9:06pm

      Re:

      For sure, a show, and the nature of the show is to not show the show. Welcome.

      For what it's worth, here is my vision of a secure world:

      Pretty much every processor now has a SIMD unit, even tiny little processors on cheap phones and such.

      These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory. Then, this encrypted and protected data chunk can travel wherever it likes. It can be used, abused, corrupted, whatever. However, in the future, when you need it again, you retrieve whatever you get, decrypt it, validate it, and use it, knowing it is correct data with a verifiable measure of certainty.

      Encryption for everyone, everywhere, all the time, for almost no cost. Well programmed, these SIMD units, inside the CPU, burn almost no resources, because they are so inherently parallel and optimized to do just this.

      A protected world.

      Amen. :)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 May 2017 @ 9:23pm

        Re: Re:

        Michael Masnick, would you consider offering some free advice to show the generous side of your nature? It's not convenient yet for me to have lunch with you, but perhaps you could just give me a small part of your opinion regarding the following question.

        Say, for example, that GWiz and I whipped up a kernel driver for Linux that essentially encrypted and protected both the DRAM memory system and the external storage, all the time, with no reasonable performance impact. That is, you would gain the benefits of ECC memory and Erasure Coded RAID using standard memory and standard storage on everything from cell phones to servers.

        The question is: Do you think there is some type of hybrid Open Source + Pay for Something mode that could work in this market segment? For example, offering weaker encryption or protection for free systems, and stronger encryption and protection for pay for systems? Or something like that?

        I really am interested in your opinion, and could well consider lunch with you in the future.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:02pm

          Re: Re: Re:

          And to celebrate the fact that GWiz is not an "Insider" (and also generally well liked), and with respect to the group that does represent itself with a badge declaring they are a "TechDirt Insider", I propose the name "Insider" for this product. It actually runs Inside the CPU, which is a key component of the protection it offers. It keeps information secret, as all Insiders do (I mean, by the definition of the word). And you can use it in everyday life easily - "Does this system have an Insider?" and everyone will know what you mean. I like it. I'm thinking both Linux and Windows versions (already written), that's a huge market. Thanks to you guys, I think I have a great name. What do you think?

          reply to this | link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 19 May 2017 @ 10:25pm

        Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

        Sounds good. Do you have a trustworthy source of random numbers?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 May 2017 @ 10:33pm

          Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

          Why do you need one?

          reply to this | link to this | view in chronology ]

          • identicon
            Lawrence D’Oliveiro, 19 May 2017 @ 11:52pm

            Re: Why do you need one?

            Random numbers are how you choose encryption keys that are hard to guess. How did you think it was done?

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 20 May 2017 @ 12:19am

              Re: Re: Why do you need one?

              Choosing a key is a separate activity (right?) from encoding or decoding. Key selection is not what I am describing. I am describing the permutation (encryption/protection) and recovery of data, even partial data, at very high speed and with a known level of correctness. If you want to use a random number generator, that's ok, but "real" random number generators are REALLY hard to come by.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 20 May 2017 @ 12:45am

                Re: Re: Re: Why do you need one?

                And since you seem like a smart guy, maybe you could answer a question of mine. Every encryption scheme needs to map a number (in the end) to another number. For example, imagine a list of naturally ordered numbers from 0 to 2^128 - 1. For each number, there is a counterpart "encrypted" number. That is, there is EXACTLY ONE counterpart between the "plain text" and the "encrypted text" for a fixed field size, and you can think of encryption as moving from one ordering scheme to another. I think what that means it that if you start with the naturally ordered list (on the left), and move to the same position in the encrypted list (on the right), you cannot end up in the same place, right? Otherwise there would be no encryption. So, if you move back from the encrypted space (on the right) to the natural order space located at the encrypted value, you also cannot end up in the same place, right? Does this provide a reliable mechanisms for a "pseudo" random number generator? That is, to basically "encrypt" the key, and use that in the place of a random number generator. Or does that technique carry some inherent weakness?

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 20 May 2017 @ 12:48am

                  Re: Re: Re: Re: Why do you need one?

                  Sorry, slightly misworded. "you cannot end up in the same place" should have said "you cannot end up with the same value".

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 20 May 2017 @ 3:31am

                    Re: Re: Re: Re: Re: Why do you need one?

                    Here is another view of the same question - if you re-encrypt the encrypted text through the same encryption engine, I believe you will traverse the entire numeric space, visiting each value exactly once. So, if you want to disguise your key, you could follow this trail for some unknown number of entries. Wouldn't that be provably as or more secure than any pseudo-random number generator applied to the plain-text key? And used in place of a standard, wouldn't it only be as good or better, and never worse?

                    reply to this | link to this | view in chronology ]

                    • identicon
                      Joel, 20 May 2017 @ 5:01am

                      Re: Re: Re: Re: Re: Re: Why do you need one?

                      I'm not the guy you asked, but I can tell you that you can indeed use an encryption scheme you know to be indistinguishable under a chosen plaintext by a polynomially bound attacker (IND-CPA) as a pseudorandom generator. Essentially the IND-CPA already tells you that it can't be distinguished from real randomness, so it's pretty much just as good for a pseudorandom generator.

                      Some people like this because it goes back to the proofs of the encryption scheme to prove the pseudorandomness. Others prefer to base their PRNGs on proofs specifically made for random number generators.

                      Don't forget that you still need to seed any PRNG from a good source of initial randomness.

                      reply to this | link to this | view in chronology ]

                      • identicon
                        Anonymous Coward, 20 May 2017 @ 6:09am

                        Re: Re: Re: Re: Re: Re: Re: Why do you need one?

                        Thank you for that, you said it much better than I could have. Really random numbers are really hard to produce, in my memory of such things. And, I am a big fan of recursive definitions when it comes to managing the complexity, and proving the correctness, of systems like this. Big Fan. :)

                        reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 May 2017 @ 5:49am

            Re: Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

            Apparently your understanding of present day encryption needs a bit more than an update.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 20 May 2017 @ 6:24am

              Re: Re: Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

              In what way? Here's another question, then, maybe you can help answer. AES using a combination of linear and non-linear transformations to achieve it's result. But in the end, no matter how many "rounds" are employed, all you have really done is move a number from one numeric ordering to another numeric ordering with a 1-1 mapping. Wouldn't it be simpler and faster to focus on this basic re-ordering, done in as few steps as possible, to achieve the result? The definition of AES (and DES) made it easy to describe and implement in hardware, but it's a software world now. Shouldn't we take advantage of the flexibility and obfuscation that software provides? For example the use of different symbol sizes or primitive polynomials. Or do you think it always better to "trust" the US government to provide the encryption that you use to protect yourself from the US government? At a high level, that sounds kind of crazy to me.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 20 May 2017 @ 1:58pm

                Re: Re: Re: Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

                Lawrence D’Oliveiro:
                "Sounds good. Do you have a trustworthy source of random numbers?"

                To which you replied:
                "Why do you need one?"


                This is why I said you lack knowledge about how present day encryption is performed. One needs a random number to seed what ever algorithm is being used.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 20 May 2017 @ 4:58pm

                  Re: Re: Re: Re: Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

                  It seems to me that using the same encryption technique that encodes the data to encode the key completely removes the requirement for "random" numbers. "Some people like this because it goes back to the proofs of the encryption scheme to prove the pseudorandomness." Using the plain-text key as the seed gets you where you want to go, no?

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 20 May 2017 @ 5:50pm

                    Re: Re: Re: Re: Re: Re: Re: These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory.

                    And in fairness, I would say that your intuition is correct. I consider myself a student of applied cryptography, not a theoretical expert. My interest is in the practical applications to the real world, like "encrypt everything all the time everywhere". I think that would be good, overall, for people in the world. For example, what goes on in our heads is private, unless we show it. Why not make our computers operate the same way? Does this require the MOST secure encryption, or will a "simpler" scheme solve the practical problem in a way that produces a better outcome. That kind of thing.

                    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 19 May 2017 @ 9:06pm

    If encryption's good for the Senate, it's good for the public. There's no other way to spin this.

    The Senate may not grasp encryption issues, but I'm sure they can still master intrinsic angular momentum.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 5:52am

      Re:

      I think the ability to spin their hypocrisy is unbounded, this should be humorous to watch the gaggle discuss another topic they know little about while acting as though they were the experts.

      reply to this | link to this | view in chronology ]

  • identicon
    peter, 20 May 2017 @ 12:19am

    But but but.....we are special

    "Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps"

    Are you kidding? They will have no difficulty at all in creating an special exemption for themselves.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 2:45am

      Re: But but but.....we are special

      Either signal is secure, or it has a backdoor in it. The problem is that those congress critters are arrogant enough to believe that their messages will not be collected along with everybody else's, after all they are not everybody but rather somebody.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 4:02am

    Open Source Security Question

    One of the things I have always found hard to understand is why people believe that Open Source systems are as secure as Closed Source systems. Here is a simple example. In which case are you more secure: the case where the attackers has your source code that you use for encryption and decryption, or the case where he does not? It seems to me that at least the intuitive answer is the case where he does not, i.e., closed source. I understand that there are a lot of public testaments to how secure public and open source encryption standards are. There are a lot of talking points. But I just can't quite see, in the end, that giving your attacker the actual source you use is good for you. Right?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 4:14am

      Re: Open Source Security Question

      If what I say above is true, then I think I have the answer to the question I posed to Michael Masnick - that is, what would be the product definition and market segmentation for "The Insider - Real Time Data Encryption Engine". One version would be for the Open Source market, GWiz and I could do it in our spare time. The closed source version would be for more money, but would also be more secure, as closed source is. Everybody wins. Free people win a little, pay for people win more. Does this fit? I think it follows the usual premise of a product spanning these two market segments, no?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 5:41am

      Re: Open Source Security Question

      The history of DRM cracks gives lie to the idea that closed source is a useful security feature.

      The basic adage of encryption is to assume that the attacker knows all details of the system, and that only the key is secret. Unless you can ensure that the attacker cannot get access to a working system, and/or exfiltrate the source code, they will have details of how the system works.

      In particular with respect to encryption, peer review is essential, and open source gets more peer review than closed source because the peers choose themselves. This usually means that their are people pounding on the code long before it gets widespread use, while with closed source, this pounding usually takes place after it get into widespread use.

      While as ever, no approach is perfect, the open source approach increases the chances of flaws being found before there is widespread use. Further, when a live exploit is in use, finding the bug being exploited is the hard part, and within open source their are many more people available to go looking for it. This is part of the reason why open source reaction times to exploits are measured in hours, rather tan months.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 5:57am

        Re: Re: Open Source Security Question

        Again, I'm not trying to be argumentative, I'm trying to understand the argument about open source encryption. Say, for example, that I use open source encryption, but I lie about it, and say it's not, and make it look like it's not. For example, say that I use standard AES, but mask the result with a fixed constant, and hide that fixed constant inside my own (either purchased or developed) closed source. Since my attacker only knows that I am NOT using open source, haven't I improved, in a guaranteed way, the encryption strength of the solution? That is, I have all the benefits of the open source solution (as you mention) but an additional tool to confound my attacker, right?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 May 2017 @ 7:59am

          Re: Re: Re: Open Source Security Question

          The security of an encryption system should only rely on the secrecy of the key, or in the case of public key systems, the private key, and the amount of time needed to break it, and physical and electronic security of the equipment, and the security of the operating system .

          With modern open source encryption systems, you do not need to worry too much about the encryption, but rather much more about keeping software up to date, and managing your keys in a secure fashion. Currently the biggest threat is not a compromised encryption system, but rather a compromised operating system letting spyware in.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 May 2017 @ 9:45am

            Re: Re: Re: Re: Open Source Security Question

            Yes, I understand that point of view, but it is not the only point of view. For example, even though this article is a little dated, it does reinforce my point about what we know and what we don't know about the government's ability to crack AES:

            Meanwhile, over in Building 5300, the NSA succeeded in building an even faster supercomputer. “They made a big breakthrough,” says another former senior intelligence official, who helped oversee the program. The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES. In other words, they were moving from the research and development phase to actually attacking extremely difficult encryption systems. The code-breaking effort was up and running.

            The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

            In addition to giving the NSA access to a tremendous amount of Americans’ personal data, such an advance would also open a window on a trove of foreign secrets. While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers. “Remember,” says the former intelligence official, “a lot of foreign government stuff we’ve never been able to break is 128 or less. Break all that and you’ll find out a lot more of what you didn’t know—stuff we’ve already stored—so there’s an enormous amount of information still in there.”

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 20 May 2017 @ 12:56pm

              Re: Re: Re: Re: Re: Open Source Security Question

              The biggest protection that open source in general has against nasties being introduced into the code, is that nobody knows how many copies of the repositions exist, or how they track the official development path. While the development model is no guarantee of perfectly clean code, at least the code is open to review, and as the code distribution is source code, there is no way to introduce a backdoor into every binary without putting it in the source code.
              Could another key weakening trick, like the promotion of selected elliptic curves happen,. Wellyes of course it could, but specific suggestions like that will be viewed with more suspicion going forward. Elliptic curve cryptography is still used, it now known that some curves make iit easier to attack, but then all cryptography based on more complex maths ay turn out to have such a weakness. Such attacks however are hard to find, and so only turn up rarely. Also, they tend to nbe of limited use, by bringing the time to decode a message to level where it is useful for selected messages, but nowhere fast enough for geberal surveillance.

              Is open source encryption invulnerable to introduced weaknesses, no, but they will have to be subtle and hard to find, in the mathematical sense, and found by someone who will keep them secret, rather than publishing for academic glory. Also code bugs will occur, but here the open source community can usually respond with a patch to fix the issue within hours.

              With a proprietary binary software model, even if you can examine the source under an NDA, there is no way to check that it is the code running on your system.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 20 May 2017 @ 5:57pm

                Re: Re: Re: Re: Re: Re: Open Source Security Question

                Well, I understand your argument about some of the merits of open source, and I can agree that there are some merits to open source and to opening up code to third party review. From a practical perspective, there are also risks to opening the code to third parties, if the third party is your adversary, right? It just seems to be that building ON TOP of open source with a "secret" mod sounds like it would improve security, right? It would cost more, either in dollars or effort (nothing is really free), but I think even you would agree it is POSSIBLE that it would produce a more secure solution to modify open source, right? My real ambition is to identify faster, more efficient techniques that provide the majority of the benefit while minimizing cost, so that everyone everywhere could enjoy the same privacy they have between their ears on their cell phones, computers, servers and such. Only show what you want to, and keep everything else private. That just sounds inherently good to me.

                reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 5:57am

      Re: Open Source Security Question

      Again, your understanding of encryption systems is somewhat lacking. Access to the source code does not reduce the level of "security".

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 6:01am

        Re: Re: Open Source Security Question

        Well, access to the source code does not INCREASE the level of security, right? And it seems pretty clear that it MIGHT decrease the level of security, because you are supplying a LOT of information about the system to the attacker, right? Even a slight obfuscation of data on top of a known good system makes it stronger and not weaker, right?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 May 2017 @ 2:10pm

          Re: Re: Re: Open Source Security Question

          "access to the source code does not INCREASE the level of security"

          Of course not, but that is a silly thing to say.


          "Even a slight obfuscation of data on top of a known good system makes it stronger and not weaker, right?"

          Wrong. There have been many papers written on this subject, you don't need me telling you this.
          Security by obscurity is not very good security at all, it might stop pimple faced kids in mommies basement but it will not stop knowledgeable and motivated personnel.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 May 2017 @ 4:43pm

            Re: Re: Re: Re: Open Source Security Question

            Ok, well, with dozens of papers, then it must be easy to explain. System A has standard Open Source encryption, say, using AES. System B has closed system encryption, which is the same AES stamped with a fixed binary mask, but hidden from the attacker. The attacker doesn't actually know what is done in System B. Tell me again why System B is easier to attack.

            reply to this | link to this | view in chronology ]

        • identicon
          Lawrence D’Oliveiro, 20 May 2017 @ 4:54pm

          Re: Well, access to the source code does not INCREASE the level of security, right?

          It certainly can. Why do you think experts recommend open-source security solutions?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 May 2017 @ 8:02pm

            Re: Re: Well, access to the source code does not INCREASE the level of security, right?

            Call me a cynic, but I think everyone operates in their own self interest. The reason "experts recommend" open-source is that they benefit from it in some way. It also might be it is the only thing they CAN recommend, because they cannot (by definition) review closed source.

            reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 20 May 2017 @ 6:28pm

      Re: Open Source Security Question

      Security through obscurity simply does not work. Much has been written on this. And given the nature of testing software available since ages ago, i would imagine attacker would be trying to break the code functionally rather than trying to run source in their heads.

      If you want to toss something completely new into the market, though, open source doesn't make it magically more secure out of the gate, any more than big money closed source development does. Many eyes, especially the more qualified ones, over time, is what helps secure your source. Which also goes for your algorithms / novel theory.

      Then you (or rather vendors using your system) have to make sure they don't bork it in their implementation of your implementation. Which was the weak spot several times with quantum crypto tools.

      If this is all happening ultralocally inside a processor or device, it is less likely to be cracked until the attacker has possession. And you had been mentioning governments...


      Many eyes, good eyes, over time. That is the security point of open source. It is only theoretical unless that happens, though. But a truly secure system should be secure regardless of who has the source. Closed systems, you don't know how well it was done in the first place, certainly not that many people checked it, you don't know who may have gotten hold of the source, and... since closed source counts on being closed for security, that is a huge weakness. It should be negligible for security reasons whether the source is closed or not, it certainly should not be counted on as a security factor. (And some seem to depend on that as the main bit of security, sadly.)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 7:31pm

        Re: Re: Open Source Security Question

        Good arguments. I mention governments only because they are likely the most sophisticated attackers, and are also the promoters of the standard. I question their motives. Perhaps I would also question the motives of a private provider, too. I'm not sure. What I (personally) would really like to see is "The Insider", small enough and fast enough to encrypt everything, all the time, inside the CPU, while simultaneously protecting the data from device failure (either bits or blocks). That is, a combined Error Correction Code and encryption feature that would add both privacy and protection from failure in a single computational step, and be easy to use on every electronic device everywhere. No more hardware ECC. No more depending on others (network adapters, storage adapters, storage systems) to verify data is correct. Instead, de-crypt and verify it yourself, right in your application, or at least very close to your application in a driver. I think this could change the computing world, and remove the requirement for complex communication adapters and storage devices. Everything would be simpler, more secure, cheaper, and easier to verify.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 5:46am

    Do as I say, not as I do.

    Hypocrites often do not see themselves as such and frequently project.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 20 May 2017 @ 5:48am

    I don't think their right hands have ever met their left hands so expect them to keep pushing the narrative. When asked they'll simply reply "but the Government is more important" in all 'honesty'.

    reply to this | link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 20 May 2017 @ 10:03am

    Good guy

    I know this isn't as in-depth as everyone else. But I am glad that only good guys are using such a dangerous weapon as Signal. Great job our Senate Masters.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 5:29pm

    Congress funded Signal, so using it is a no-brainer.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 6:13pm

    A question for you enryptions theoreticians

    Here is something I have wondered about, maybe one of you experts out there could help me. If you consider using a simple linear technique to encrypt data, like a traditional encoding matrix, I understand that with a few samples, someone can derive the encoding matrix, and "break" your encryption using pretty standard linear algebra. But, the assumption here is that the attacker knows the underlying Galois field properties employed. If the Galois field properties were hidden (symbol size, primitive polynomial, encoding block size, that kind of thing), then linear algebra cannot be employed, and the simple linear code is no longer simple with respect to the attacker, right? It looks non-linear, unless the underlying field properties are revealed, right?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 May 2017 @ 8:17pm

      Re: A question for you enryptions theoreticians

      The reason I ask is I imagine a different kind of computer architecture altogether. Right now, when data moves out of the CPU, it must pass through a LOT of translations. For example, PCIe data is protected by one form of CRC (if I remember) on the way to the network adapter. The network adapter may use CRC or ECC (or something else) to protect it over the network wire. Then the storage adapter uses something else to protect it over the storage wire. Then the storage controller uses something else to protect it on the media. Then the whole thing is reversed, and you can only hope that nothing went wrong on the way back. Replace this with YOUR OWN Error Correcting Code, right in the CPU. Now, no matter who abused your data, or how much, you can both detect it and correct it, inside the CPU, right next to your application. This would allow things like "overclocking" everything, since you can now both detect and correct errors everywhere. It removes the requirement for protection everywhere else while allowing the user choose his own level of protection and encryption appropriate for his application. It is a fundamentally different computing architecture (IMHO) and leverages current technology in the CPU to protect real application data while simultaneously simplifying everything else. The Chinese could manufacture disk drives, for example, because they don't need a complex ECC design in the drive. They don't need a complex manufacturing process to verify the media. Close (in terms of correctness) becomes good enough, since errors can be both detected and corrected by the application, not a whole chain of unknown devices. And encryption is free.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 May 2017 @ 8:35pm

        Re: Re: A question for you enryptions theoreticians

        And just to finish my thought: If you accept that an encoding matrix can be used as a suitable encryption device, by hiding field properties, then there is no distinction between Error Correcting Code and encryption. Maybe my premise is true and maybe not, but if it is true, it means that when you protect the data by producing ECC, you have simultaneously encrypted the data, using the same cycles to complete 2 tasks. Finally, this encrypted "tag" (the ECC symbol set) is the perfect de-duplication tag, it is actually even better than a hash. Now you have used the same cycles to perform 3 tasks, and it becomes computationally possible to de-duplicate encrypted main memory in modern CPUs.

        Same cycles, 3 tasks that all contribute to the protection, encryption and compression of the data.

        That's the basic idea - what do you think?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 May 2017 @ 9:28pm

          Re: Re: Re: A question for you enryptions theoreticians

          OK, one more detail to try to draw out you anonymous but brilliant cowards for comments: This is an architecture, not a software solution. The way to think about it is with software, you can trade latency to the dram in return for de-duplication, encryption, and protection from memory failures. Or, you can do exactly the same thing in hardware, and eliminate that latency. Mathematically, you are doing exactly the same thing, but in one case you are exploiting the SIMD processor and in another you are exploiting the fundamentally parallel nature of encoding matrixes with gates. Either way, you could (for example) implement DRAM systems for virtual computing environments that really could take advantage of the duplicate copies of things. That could be a big multiplier. Simultaneously, you could use non-ECC DRAM, because the ECC produced by this architecture is stronger. Correctly configured, you could hot service the DRAM without rebooting the system. Finally, you could measure with certainty the reliability of every storage and network connection by measuring it as data arrived. Strong, configurable application level ECC belongs either in or near the processor, but today is it implemented (literally) everywhere but.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 May 2017 @ 10:06pm

            Re: Re: Re: Re: A question for you enryptions theoreticians

            Here is another view of the same thing. Today, the strong error correction codes are as far as possible from the application. I don't think anyone would dispute that near the storage media itself is where the majority of error detection and correction take place. Then, data is passed hand to hand (cable to cable) until it gets back to the application with a totally unknown level of protection.

            My suggestion is that the opposite needs to happen. If the application has the ECC encoder and decoder, nothing else actually needs one. The result is simpler, more configurable, more measurable, and as open source, more verified (hard drive and flash vendors guard their ECC techniques). All good, right?

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 6:31pm

    Senator says..

    Encryption bans are good.
    For *other* people, that is.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2017 @ 7:06pm

    You all have way too much bad stuff you want to hide.

    reply to this | link to this | view in chronology ]


