[Cryptography] [cryptography] Browser JS (client side) crypto FUD

ianG iang at iang.org
Fri Aug 1 07:33:11 EDT 2014 

On 31/07/2014 17:47 pm, Tony Arcieri wrote:
> On Thu, Jul 31, 2014 at 2:00 AM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
> 
>     No, you're prioritising an active attack as more frequent and more
>     harmful than a passive attack.
> 
> 
> Sure, passive data collection is a big problem too, but these systems
> offer "security" when they aren't being attacked. It's trivial for
> anyone with a privileged network position (e.g. your barista) to attack
> them.

As James points out, this is essentially an argument about the economics
of passive attacks versus active attacks.

The essence of opportunistic security is to force the attacker to attack
*actively* which then carries a cost.  Passive attacking carries no
cost, or a cost so marginal when spread over pervasive monitoring that
it is approximately zero.

By forcing a PM attacker to target the attacks, this achieves a
filtering effect because the attacker must now justify use of resources,
get permission, analyse the target, risk revealing, etc.  This is
socially beneficial, those that haven't already "come to the attention
of the attackers/authorities" are now not going to be attacked just
because they can be.

What you have to do is make an argument that says that active attacks
are more costly to society than pervasive monitoring.  That's a tough call.


> Simply using https:// would prevent many active attacks.


Yes, but that is a flawed argument.  Monkey see, monkey do.  It ignores
the costs of the attack to the attacker, the victim and the defender.

> It isn't a lot
> of effort to implement... certainly a lot less than hand rolling a bunch
> of JS crypto.


Well, no.  Implementing HTTPS:// is hard.  It is simply out of the cost
range of about 99% of the websites [0].  Otherwise they would.

The fact that *you might be able to reach that high bar* is irrelevant.
 What is relevant is the 2 decades of history that we have that says
clearly, HTTPS is simply too expensive.


> Some of these sites are arguing that they're *more* secure by *not*
> using https o_O


Yes, and they can make that argument.  HTTPS and PKI carries with it
some downsides such as vulnerability to CA-based attacks, tracking,
inflexibility.

Sure, we can say that HTTPS + JS crypto is clearly stronger than either
alone.  But that is the wrong comparison.  The question is, what is
better than nothing?

JS crypto is BTNS -- better than nothing security.



iang


[0] old figures.  It used to be that around 1% of the websites used
HTTPS, no idea what it is now.

More information about the cryptography mailing list