[Cryptography] Email is unsecurable

Arnold Reinhold agr at me.com
Wed Nov 27 20:00:31 EST 2013 

On Nov 27, 2013, at 4:20 PM, Jerry Leichter wrote:

> On Nov 27, 2013, at 1:18 PM, Arnold Reinhold <agr at me.com> wrote:
>>> Fortunately, there is a solution that we have long been aware of, which
>>> is smart cards....
>> With the maker movement, open hardware, Adruino, et al, the barrier to entry for hardware has dropped dramatically.... Simple hardware systems have less space to hide backdoors.  I don't want to dump on the people trying to improve existing e-mail protocols and infrastructure, but maybe we should explore different, simpler paths at the same time. 
> 
> Ah, the irony.
> 
> NSA was for years resistant to software-based cryptography.  The DES initial and final permutations were trivial in hardware, a pain in software.  It's long been thought that they were in the algorithm exactly to slow software implementations.  FIPS and similar standards, whose form was clearly influence by NSA, to this day, have a bias toward hardware, to the point where parts of them have to be really stretched to even make sense for software.
> 
> To this day, NSA seems to be big on smart cards and encryption "black boxes" rather than software on general-purpose machines.
> 
> It was fashionable for years to dismiss that NSA mindset as just a hold-over from the past - we in the software world knew better.
> 
> Well ... maybe we didn't.  :-(
>                                                        -- Jerry
> 

I always assumed the NSA/FIPS bias favoring fast hardware implementation of crypto algorithms over software efficiency was to give cryptanalysis, presumably using massively parallel cracking arrays, an edge. But regardless, a lot has has changed since early software crypto systems for personal computers, such as PGP, were introduced. Back then CPU chips were much simpler: the Intel 8086 in early PCs had fewer than 30,000 transistors vs 1.4 billion in the latest Haswell processors. PC firmware was provided in unalterable ROM chips, not rewritable flash memory. E-mail was text-only and the idea it could be used to transmit viruses was considered ludicrous.  Operating systems were much smaller and did not feature a plethora of hooks, like scripting languages and plug-ins, for malware writers to exploit. 

All this has changed in the name of progress, giving us more versatile and useful devices. But  that progress has created a security disaster, with vastly more places to inject and hide malware and backdoors. It has become extremely difficult for experts to have confidence they control their own computers nearly hopeless for the general public. 

John Kelsey asked:

> Are hardware trojans really a bigger practical threat than compromised software?

The answer, of course, is that we must have trustworthy software running on trustworthy hardware.  Either without the other is worse than useless, by creating a false sense of security. My current nightmare is the future "Internet of Things" where major pieces of infrastructure are run with minimalist devices that have no source of entropy other than the RNG instruction in a billion transistor CPU.  As has been shown, whoever controls the masks in the CPU fabrication process can to silently subvert the RNG process, allowing them take control of anything they want. The best software imaginable cannot prevent that.

We need to ask the question: what will it take today and in the future to get hardware we can trust?


Arnold Reinhold

More information about the cryptography mailing list