[Cryptography] Apple?s iMessage Defense Against Spying Has One Flaw

Jerry Leichter leichter at lrw.com
Thu Sep 10 15:49:11 EDT 2015 

On Sep 10, 2015, at 2:53 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> Jerry Leichter wrote this message on Thu, Sep 10, 2015 at 09:56 -0400:
>> Apple is producing something for mass consumption.  Checking against some out of band information, transmitted in some unspecified way?  Not the kind of thing that's compatible with mass usage....
> 
> Not really...  Say Alice is sending her key to Bob, Alice uses her
> current device key to sign a list of public keys aka devices, and
> sends that sgned list to Bob, this can easily work...  Then Bob has a
> list of approved devices which are trusted to be Alice's, and future
> changes to the list of approved devices/keys can be automated by any
> of those verified devices...
I'm not sure in what universe this is "easy".

And you're skipping lightly over the important steps.  In the iMessage world, Alice doesn't send her key to Bob.  She isn't even aware that a key exchange took place.  And, of course, she doesn't need some external, secure, verifiable channel to complete this transfer.  When Alices's phone dies and he gets a new one (hence a new key), are you expecting her to somehow send an update of her list of trusted devices - signed by another trusted device that her receivers already know about, if she has one; or through the magic external channel if she doesn't - to everyone she communicates with?

Encrypted mail and other kinds of encryption have been around for decades.  Hardly anyone uses them.  Exchanging and setting up keys, checking fingerprints ... too complicated, too easy to get wrong.  There are plenty of studies of this stuff, and they've all come to the same conclusion:  Cryptography is easy; usable (and hence used) cryptography is difficult.  Cryptography at large scale (tens of millions of people - and up) is *very* difficult.

I'm willing to bet that the total number of bytes encrypted and transmitted securely by iMessages in the last year - which, given forward security, are now forever secure - exceeds by a large multiple the total number of bytes of email, chat, etc., (not counting government messaging) that were encrypted and transmitted with a comparable level of security in the previous 20 years.  (OK, maybe Skype conversations back in the early days - who knows what the security is now.  Not that anyone on the outside really knew anything for sure about the security even then.)

You can focus on super high security against ever-unlikelier threats for a tiny fraction of the population; or you can build something that provides quite high levels of security for large fractions of the population.  Apple has gone for the latter.
                                                        -- Jerry

More information about the cryptography mailing list