1 |
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: |
2 |
> There's a lot FUD out there and equally there is some truth. the NSA "we can |
3 |
> decrypt everything" statement was really very vague, and can easily be done if |
4 |
> you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the |
5 |
> level of security to something that is crackable. |
6 |
> for 'compatibility' very many low powered encryption schemes are supported and |
7 |
> it is these that are the issue. |
8 |
|
9 |
I think you're right because it'll be much easier to read the data at one |
10 |
endpoint than to decrypt everything. If big corporations like Google or Cisco |
11 |
can be forced to cooperate (and they can - that much is fact), it'd be the |
12 |
likelier way to get your data. |
13 |
On the other hand e.g. Bruce Schneier warns of ECC because the NSA promoted it |
14 |
intensively. So there may be some secret that helps to decrypt it in the hands |
15 |
of the NSA (possible something about the NIST curve definitions that reduce the |
16 |
effective keylength). |
17 |
> if you are using ipsec tunnels with aes encryption you can happily ignore |
18 |
> these. |
19 |
This would be true if you have an secure endpoint. And I think that nowadays |
20 |
nothing is secure... |
21 |
> if you are using mpls networks you can almost guarantee your isp and therefore |
22 |
> your network is compromised. |
23 |
> the question really is what do you define as security ? |
24 |
> if someone was to hit you on the head with a hammer, how long til you willingly |
25 |
> gave out your passwords ? [1] |
26 |
> I agree with the lack of faith in certificate CA's and i feel that the reason |
27 |
> that warnings over ssl are so severe is to spoon feed folks into the owned |
28 |
> networks. I far more trust the way mozilla do their web of trust [2] but |
29 |
> equally am aware that trolls live in the crowds. |
30 |
> while ssh authorized_keys are more secure than passwords, i can't (and am |
31 |
> hoping someone can point me to) find how to track failed logins as folks |
32 |
> bruteforce their way in. yes it's orders of magnitude more difficult but then |
33 |
> internet speed is now orders of magnitude faster, and OTP are looking more |
34 |
> sensible every day [3] to me. |
35 |
> i used to use windows live messenger and right near the end found that if you |
36 |
> send someone a web link to a file filled with /dev/random called passwords.zip |
37 |
> you would have some unknown ip connect and download it too. |
38 |
> who then is doing that and i trust skype and it's peer2peer nonsense even less. |
39 |
> who even knows you can TLS encrypt SIP ? |
40 |
> there are many ways of encrypting email but this is not supported from one site |
41 |
> to another, even TLS support is often lacking, and GPG the contents means that |
42 |
> some folks you send email to cannot read it -- there is always a trade off |
43 |
> between usability and security. |
44 |
> i read in slashdot that there is a question mark over SELinux because it came |
45 |
> from the NSA [4] but this is nonsense, as it is a means of securing processes |
46 |
> not network connections. i find it difficult to believe that a backdoor in a |
47 |
> locked cupboard in your house can somehow give access through the front door. |
48 |
This point you get wrong. SELinux implement the LSM API (in fact the LSM API |
49 |
was tailored to SELinux needs). It has hooks in nearly everything |
50 |
(file/directory access, process access and also sockets). One of the biggest |
51 |
concerns at the time of creation of the LSM API was rootkits hooking that |
52 |
functions. It's definitively a thread. I'm not saying that SELinux contains |
53 |
a backdoor (I for myself would have hidden it in the LSM part, not in SELinux |
54 |
because that would enable me to use it even if other LSMs are used). If you |
55 |
google for "underhanded C contest" you'll see that it's possible to hide |
56 |
malicious behaviour in plain sight. And if the kernel is compromised all other |
57 |
defenses mean nothing. (As I said, I don't want to spread fearbut that is |
58 |
something to consider imho). |
59 |
> how far does trust need to be lost [5] before you start fabricating your own |
60 |
> chips ? the complexity involved in chip fabs is immense and if bugs can slip |
61 |
> through, what else can [6] |
62 |
> ultimately a multi layer security approach is required, and security itself |
63 |
> needs to be defined. |
64 |
You need an anchor from which you can establish trust. If there is a hardware |
65 |
backdoor you'll not be able to fix that problem with software. There is an |
66 |
excellent paper from Ken Thompson called "Reflections on trusting trust" that |
67 |
theorizes about the possibility of a trojanized compiler that injects malicous |
68 |
code and therefore makes code audits pointless. Security sadly is hard.. |
69 |
> i like privacy so i have net curtains, i don't have a 3 foot thick titanium |
70 |
> door with strengthened hinges. |
71 |
> if someone looks in my windows, i can see them. either through the window or on |
72 |
> cctv. |
73 |
> security itself has to be defined so that risk can be managed. |
74 |
> so many people buy the biggest lock they can find and forget the hinges. or |
75 |
> leave the windows open. |
76 |
> even then it doesn't help in terms of power failure or leaking water or gas |
77 |
> mains exploding next door (i.e. the definition of security in the sense of |
78 |
> safety) |
79 |
> to some security means RAID, to others security means offsite backup |
80 |
> i like techniques such as port knocking [7] for reducing the size of the scan |
81 |
> target |
82 |
> if you have a cheap virtual server on each continent and put asterisk on each |
83 |
> one; linked by aes ipsec tunnels with a local sip provider in each one then you |
84 |
> could probably hide your phone calls quite easily from snoops. until they saw |
85 |
> your bank statement and wondered what all these VPS providers and SIP accounts |
86 |
> were for, and then the authorities if they were tracking you would go after |
87 |
> those. why would you do such a thing? perhaps because you cannot trust the |
88 |
> monopoly provider of a country to screen its equipment [8] |
89 |
> even things like cookie tracking for advertising purposes - on the lighter side |
90 |
> what if your kids see the ads for the stuff you are buying them for christmas ? |
91 |
> surprise ruined? where does it stop - its one thing for google to announce |
92 |
> governments want your search history, and another for advertising companies to |
93 |
> sell your profile and tracking, essentially ad companies are doing the |
94 |
> governments snooping job for them. |
95 |
> ultimately it's down to risk mitigation. do you care if someone is snooping on |
96 |
> your grocery list? no? using cookie tracking ? yeah profiling is bad - |
97 |
> wouldn't want to end up on a terrorist watchlist because of my amusement with |
98 |
> the zombie apocalypse listmania [9] |
99 |
> encryption is important because you don't know what other folks in the internet |
100 |
> cafe are doing [10] |
101 |
> but where do you draw the line ? |
102 |
> if you go into a shop do you worry that you are on cctv ? |
103 |
> <SNIP> |
104 |
|
105 |
Hi, |
106 |
you'll find my answers inline due to the length of this mail... |
107 |
|
108 |
I think in the long term the only way to get security is to control the |
109 |
agencys. Unless that happens there is not much chance to get reasonable |
110 |
security... |
111 |
|
112 |
WKR |
113 |
Hinnerk |