SoylentNews is people
SoylentNews
posted by
Woods
on Saturday May 17 2014, @03:50AM
from the complex-cryptography-cannot-cover-corner-cutting dept.
from the complex-cryptography-cannot-cover-corner-cutting dept.
In a presentation titled "Crypto Won't Save You" at the AusCERT conference on Australia's Gold Coast, respected cryptographer Peter Gutmann of the University of Auckland took security bods through a decade of breaches featuring a laundry list of the world's biggest brands. Gutmann's point was to demonstrate how the weakest point of cryptography was typically in its implementation rather than the maths itself. He demonstrated that consumer devices from the Amazon Kindle to the Sony Playstation and Microsoft Xbox consoles were hacked not because of weak cryptography, but due to poor deployment of security mechanisms, which were bypassed by attackers.
This discussion has been archived.
No new comments can be posted.
Crypto-guru Slams 'NSA-proof' Tech
|
Log In/Create an Account
| Top
| 15 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
We are now enjoying total mutual interaction in an imaginary hot tub ...
(Score: 1) by Anonymous Coward on Saturday May 17 2014, @04:10AM
The maths is typically proven correct, whereas the implementation is typically hacked together by code monkeys on meth.
(Score: 2) by sgleysti on Saturday May 17 2014, @04:27AM
The maths is typically proven correct, whereas the implementation is typically hacked together by code monkeys on meth.
I think you're onto a straight-to-DVD movie. One that I would watch.
(Score: 4, Interesting) by edIII on Saturday May 17 2014, @05:24AM
It's not that simple. Mr. Gutman is both correct and incorrect.
It *IS* the maths. The weaknesses introduced (AFAIK) were largely mathematical.
To clarify, the most serious weaknesses we need to be concerned about are not the implementation ones. Those can be solved readily with just a little intelligence and willpower, and what holds that back once again are greedy stupid suits (yes, I'll tell you how I really feel later).
While the GSS was responsible for taking the 10 million dollars from the NSA and that is rightfully considered implementation, it was still pulled off by introducing a rather brilliant and impressive effort by the NSA to covertly compromise the maths. It's amazing quite frankly.
That is why we need to be so damned concerned about the math, and also why cynicism is not entirely unfounded and unreasonable. I'm not sure if Mr. Gutman isn't conveniently ignoring the 800lb gorilla in the room, Quantum. In my opinion, which is based on a hobbyists interest in the field, the quantum cryptanalysis tools are going to be here much faster (SOMUCH) than the encryption tools. We might have a very significant multi-year gap before the encryption tools arrive, and the only thing that will save us is the *rate* our encryption is sliced through like butter. I say this because I don't see anything in the known literature I have access to that exudes confidence that any one method is quantum resistant in nature.
So let's ignore quantum stuff, that's even more bleak and scary.
Encryption is broken down into parts, and it's all mathematical in nature. Implementation typically requires complete secrecy, and I'm damn sure any reasonable method assumes that construction remains private. In this regard, Mr. Gutman has a valid point with many breaches being solved with better implementation.
What he is ignoring though is that the NSA compromised a specific CSPRNG, and as such, compromised more than one method. That was an introduced mathematical weakness that would be present regardless of implementation.
The distinction between the math and implementation is not pedantic here either. You need high entropy random numbers, key exchange, and a method of encryption, while keeping the both the construction of the ciphertext private and the reverse of ciphertext into plaintext.
We could have PERFECT encryption today. Mathematically proven. It's key exchange that is such a bitch that precludes it from being a reality.
These are all extremely complicated things that only geniuses (no hyperbole) can even visually spatially in their heads to understand the whole process mathematically, much less write pseudo-code and advise on implementations. Guess how many of them work for the NSA and the Five Eyes? It's no wonder that it's hard to trust crypto 100% right now.
Unless it's the perfect crypto, all methods and implementations (leave Quantum out of this) suffer from probabilities and permutations. It's trivial to calculate permutations. It's a work of art to calculate probabilities.
There are any number of ways to hammer down on a method HARD and reduce not just the permutations (in fact you might not at all), but tear down probabilities by several orders of magnitude. You might even collapse it down to ONE, and that's just a free pass to the plaintext buffet line.
It's an amazingly complicated field, but my limited knowledge and experience tells me there are any number of avenues to take that don't even need to consider implementation. Implementation attacks are for the plebes.
Hubris is what this sounds like, and I bet Mr. Gutman had a German counterpart in WWII saying the same thing about the Enigma method being the pinnacle of brilliance mathematically and as long as the officers weren't morons, and the soldiers cowards, Hitler could talk in privacy.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Saturday May 17 2014, @05:39AM
God bless the Morons who ensure that every Hitler and every Einstein will live in misery.
(Score: 2) by frojack on Saturday May 17 2014, @06:35AM
Actually what he said is that the Crypto is simply avoided, end-run, bypassed, by backdoors, and collecting the data before it is encrypted or after it is decrypted.
He actually said:
He specifically said its not about the maths. He couldn't have been clearer about this point.
No, you are mistaken. I've always had this sig.
(Score: 2, Redundant) by edIII on Saturday May 17 2014, @07:18AM
No, I got that. I'm saying it is about the maths ultimately and saying we don't need NSA-proof protocols is wishful thinking and hubris.
There are methods of exploitation that ignore implementation. For example, if you 100% compromise the CSPRNG algorithm (not implementation of it), you may so dramatically reduce the level of protection afforded that you can consider the method highly compromised. In similar fashion you can compromise key exchange protocols without respect to implementations. Just the math and logic.
That well-designed part covers the math, and that implies to me that the math is important. I hardly think that the CSPRNG the NSA compromised was thought of as not well designed at the time it was accepted into standards and used in many methods.
Nothing is NSA-proof. Nothing except quantum stuff that doesn't exist yet, and that will still be vulnerable to implementations too. It's all about probabilities and the amount of processing power you can throw at it. While they talk impressive numbers nearing 100th order, the truth is that adding key exchange protocols and CSPRNGs to it can very significantly weaken that back down to a point were petascale computing can handle it, and exascale computing will find it manageable.
You may have chosen a number between 1 and 1x10^99999, but if I can predict what that will be from a sophisticated analysis of the probabilities and the methods, you might as well have chosen from a range of one. The math is far more important than he is letting on, and he is saying they are done. The NSA has math only tools at their disposal.
I just don't know how you can make a blanket statement that our methods are bulletproof now if we only had proper implementations of them. That's quite a statement to say the methods can withstand that amount of brain power looking for mathematical weaknesses and also withstand the sheer amount of processing power that will be directed towards it.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Saturday May 17 2014, @07:01PM
You're saying it's is the math because broken math is susceptible to compromise no matter how good the non-algorithm implementation is.
Gutman is saying it doesn't matter how good the math (by which he means only the encryption algorithm) is, because all the other parts of the system are easier to break. The key exchange procedure, for example. Or just the fact that, in order to be useful, the data has to exist, unencrypted at some point, and it can just be stolen then. His point is that the encryption algorithms already in use are sufficiently complex that it's already easier for Them to target other parts of the system. He's saying that, even if the math is imperfect and less complex than we think, it's still easier to use a keylogger.
Even quantum-encrypted data exists in cleartext before being encrypted. It's much easier to get it off the encrypting computer before processing than to muck about decrypting the data in transit. Who cares if you're doing quantum encryption, if They have a video camera pointed at your monitor?