Death of antivirus software imminent

Alex Alten alex at alten.org
Fri Jan 18 05:31:05 EST 2008 

At 07:35 PM 1/18/2008 +1000, James A. Donald wrote:
>Alex Alten wrote:
> > Generally any standard encrypted protocols will
> > probably eventually have to support some sort of CALEA
> > capability. For example, using a Verisign ICA
> > certificate to do MITM of SSL, or possibly requiring
> > Ebay to provide some sort of legal access to Skype
> > private keys.
>
>And all the criminals will of course obey the law.
>
>Why not just require them to set an evil flag on all
>their packets?

These are trite responses.  Of course not.  My point is
that if the criminals are lazy enough to use a standard
security protocol then they can't expect us not to put
something in place to decrypt that traffic at will if necessary.

> > If there is a 2nd layer of encryption then this would
> > require initial key exchanges that may be vulnerable
> > to interception or after-the-fact analysis of the
> > decrypted SSL payloads.
>
>I guarantee I can make any payload look like any other
>payload.  If the only permitted communications are
>prayers to Allah, I can encode key exchange in prayers
>to Allah.

Yeah and you can only communicate with Allah with
that type of design.

Look, the criminals have to design their security system with
severe disadvantages; they don't own the machines they
attack/take over so they can't control its software/hardware
contents easily, they can't screw around too much with the IP
protocol headers or they lose communications with them, and
they don't have physical access to the slave/owned machines.

And, last I heard, they must obey Kerckhoff's law, despite
using prayers to Allah for key exchanges.

Given all this, I'm not saying its easy to do, but it should be
quite possible to crack open some or all of their encrypted
comms and/or trace back to the original source attack
machines.

- Alex

--

Alex Alten
alex at alten.org



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list