[Nottingham] Back doors in encryption

[Matthew Sackman]

On Thu, Nov 05, 2015 at 01:39:16PM +0000, Denny wrote:
> > I get the impression many politicians think that "safely backdoorable"
> > crypto is possible if only the mathematicians would knuckle down and get
> > on with it.
> Politicians aren't qualified to think this but are entitled to wish it. 
> This is firmly in the hands of mathematicians and computer scientists,
> some of which may be in the employ of governments but many of which are
> open source contributors. 

Right, but I don't see why that matters - maybe I'm missing something?
If it's backdoorable then that backdoor will be abused. This is not
about maths, it's about human nature and that power always will corrupt.
If it is known a backdoor exists, then others will find it - it's just a
matter of time.

On a related issue, the fact the NSA/CIA have a week ago suddenly pulled
all their advice to use EC crypto is deeply concerning; they've probably
not found a backdoor, but they've probably developed some new
cryptanalysis that renders it cheap to break.

> The government doesn't get much sympathy on this point.  With over 20
> years of constantly maintaining and improving my IT skills and knowing
> that failing to do so will cause me to become uncompetitive in the
> marketplace, I think we deserve government that demonstrates a similar
> level of commitment.

Right, but the government is cutting spending pretty much everywhere. So
if they can reduce costs in GCHQ then they will. If one way to do that
is to legislate to make their job require fewer people then so be it.

GCHQ is no doubt saying words to the effect of "because of increasing
online activity and increasing crypto, in order to maintain current
confidence in being able to identify threats, we need to employ more
people, at such and such cost". What no one wants is to have a public
discussion as to what is an acceptable mean time between atrocity? How
many lives of UK citizens is it acceptable to lose each year to
terrorism? How much damage to infrastructure is expected? Because we all
know there is no such thing as perfect security - from time to time
something will get through the net, and I think everyone basically
accepts that. But there will be a very wide gulf in what people think is
acceptable.

> > "Not a week passes without news of some supposedly secure data store
> > breaking down. NHS patient data leaked, police crime data leaked,
> > TalkTalk, British Gas and Marks & Spencer customer details all leaked.
> > Adultery agencies are hacked. Communications between lawyers and clients
> > are hacked. In 2009, defence ministry vetting details of RAF officers
> > were leaked. The police have reportedly hacked into journalists’ sources
> > 600 times. If the government can hack citizens’ records, citizens can
> > hack them too, and hack what is hacked. E-government is not security but
> > anarchy."
[some snipping]
> The quoted text appears to be logically disjointed.  First they list a
> number of publicised breaches then discuss events where authorities have
> performed questionable activities, perhaps demonstrating an ineffective
> or nascent oversight process.  It goes on to what is effectively a "call
> to arms", suggesting that since the government made this ham fisted
> blunder, it's legitimate to do so against the government.  I think this
> is an ill advised and dangerous statement.  I choose to think that what
> was meant is that citizens _could_ hack them too... changing the meaning
> into a statement of vulnerability.  Finally, this quote presumes to
> offer a conclusion which for those that are incapable of independent
> thought may be useful but for those that are so capable may find
> insulting.  I don't read The Guardian but if this is an example of their
> standards I'd rather quote The Onion.

Apologies, I should have been much clearer about what I was linking to
and quoting, and why. That is a comment piece by Simon Jenkins.
https://en.wikipedia.org/wiki/Simon_Jenkins gives some background, but I
link to that only to suggest that Simon is very much not a "bleeding
liberal". Indeed his response to the Cecil the Lion shooting thing was
to suggest that if there is a market for shooting big animals then big
animals should be bred and numbers maintained to allow such a market to
both thrive and help increase numbers of such animals. We, after all, do
not get upset when a herd of cows get killed. Anyway, all that's pretty
irrelevant here.

He is very much not a technologist, and I'm also not suggesting that
only "bleeding liberals" talk out their behinds. My intepretation is
that he is pointing out that, as you have, there are plenty of ways in
which information gets hacked (by breaking through faulty software) or
leaked (by someone inside). Now he certainly doesn't seem to distinguish
between the two, but I think that's just saying that if someone wants to
get some dataset released, it's going to happen one way or another. All
backdoorable crypto is going to do is to give another path by which this
can happen.

> > Backdoorable crypto is just going to make this much easier.
> ...to perform intercepts against targets that wilfully comply.

I'm not sure I see how that condition applies. There are various types
of software which if you want to write and sell, you have to have
permission to do so from the government. I have heard stories from
people who have built such bits of software (VoIP with crypto
specifically) that basically the man from the goverment turns up and
walks off with all your private keys and you're never allowed to tell
anyone about it. Imagine that sort of control now extended to, pretty
much everyone, and if you are caught using a certificate for which GHCQ
does not have the private key, that's a criminal offense. Sure, that
doesn't mean DH is banned, but if you're not using certs then DH offers
no protection from transparent MITM.

> This is
> actually rather clever.  If there is even a rumour that legitimate
> traffic is able to be compromised, it may be possible to create a
> signature that distinguishes between such traffic and more nefarious
> traffic that is purposefully avoiding such an intercept, effectively
> filtering high value intercepts.

Again, I can only assume I'm missing something. If they have either your
private key, or the means to derive your private key, then they can read
it all and you'll never know.

Matthew