[Cryptography] PRISM-Proofing and PRISM-Hardening
john at jkemp.net
Tue Sep 17 16:52:26 EDT 2013
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> My phrase PRISM-Proofing seems to have created some interest in the press.
> PRISM-Hardening might be more important, especially in the short term. The objective of PRISM-hardening is not to prevent an attack absolutely, it is to increase the work factor for the attacker attempting ubiquitous surveillance.
> Examples include:
> Forward Secrecy: Increases work factor from one public key per host to one public key per TLS session.
How does that work if one of PRISMs objectives is to compromise data _before_ it is transmitted by subverting its storage in one way or another?
Forward secrecy does nothing to impact the "work factor" in that case.
> Smart Cookies: Using cookies as authentication secrets and passing them as plaintext bearer tokens is stupid. It means that all an attacker needs to do is to compromise TLS once and they have the authentication secret. The HTTP Session-ID draft I proposed a while back reduces the window of compromise to the first attack.
> I am sure there are other ways to increase the work factor.
I think that "increasing the work factor" would often result in switching the kind of "work" performed to that which is easier than breaking secrets directly. That may be good. Or it may not. "PRISM-Hardening" seems like a blunt instrument, or at least one which may only be considered worthwhile in a particular context (technical protection) and which ignores the wider context (in which such technical protections alone are insufficient against this particular adversary).
> Website: http://hallambaker.com/
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography