[Cryptography] Bruce Schneier has gotten seriously spooked
brg at gladman.plus.com
Sat Sep 7 04:33:28 EDT 2013
On 07/09/2013 01:48, Chris Palmer wrote:
>> Q: "Could the NSA be intercepting downloads of open-source encryption software and silently replacing these with their own versions?"
> Why would they perform the attack only for encryption software? They
> could compromise people's laptops by spiking any popular app.
Because NSA and GCHQ are much more interested in attacking communictions
in transit rather than attacking endpoints.
Endpoint attacks cost more to undertake, only give access to a limited
amount of data and involve much greater risks that their attack will
either be discovered or their means of attack will leave evidence of
what they have done and how they have done it. The internal bueaucratic
costs of gaining approval for (adverarial) endpoint attacks also makes
it a more costly process than the use of network based interception.
There is significant use of open source encryption software in end to
end encryption solutions, in file archivers, in wifi and network
routers, and in protecing the communications used to manage and control
such components when at remote locations. The open source software is
provided in source code form and is compiled from source in a huge
number of applications and this means that the ability to covertly
substitute broken source code could provide access to a huge amount of
traffic without the risks involved in endpoint attacks.
I stress that I am NOT suggesting that this has happened (or is
happening), simply that it has attractions from an NSA/GCHQ viewpoint.
Fortunately, I think it is a difficult attack to mount covertly (that
is, without the acqiecience of the author(s) of the software in question).
On the more general debate here, in my view, 'security for the masses'
through the deployment of encryption is a 'pipe dream' that isn't going
to happen. Functionality (and the complexity that comes with it) is the
enemy of security and it is very clear that the public places a much
higher value on functionality than it does on security (or privacy).
Every time a new device comes onto the market, it starts with limited
functionality and some hope of decent security but rapidly evolves to be
a high functionality product in which the prospect of decent security
declines rapidly to zero. Raspberry Pis look interesting _now_ but I
would be willing to bet that they won't buck the trend of increasing
funtionality and declining security simply because this is what the
majority in even this limited user community will want.
To buck this trend we need an effort like the Raspberry Pi effort but
one driven by our community with a strong commitment to simplicty and
deliberately limited functionality in both hardware and software.
More information about the cryptography