[Cryptography] Vote of no confidence.
Bear
bear at sonic.net
Fri Jun 6 15:08:27 EDT 2014
"A secure computer is one that is powered down and
not connected to any network."
We've all heard that before, yeah?
I have a confession. I believe it.
I realized I believe it when a financial services
firm asked me to install a password manager on my
phone. On my android phone, which shares information
with people whom I don't trust on a regular basis,
where every "upgrade" to anything asks for ever-more
access to personal information, contact lists, location,
etc. An application written by people I don't know.
Who don't seem to give out any guarantees. And who are
very reassuring that if my phone is lost, my passwords
won't be... meaning they're storing a hell of a lot
more than a hash.
And I said no. I understand that the current wisdom
is that password managers are a good thing, but....
I just cannot trust the people who develop them and
the environments they run on. The complexity runs
off beyond the horizon and I just can't say, for certain,
that nothing else can see this thing in memory which
this particular app is using.
I do business with that company now, on the basis
of a sixty-character password, which is complicated
and slow to type and not stored in any electronic form
anywhere. It's stored on a "computer that's powered
down and not connected to any network," along with a
bunch of my other important passwords. But maybe
"computer" is the wrong word. It's actually an iron
box with a padlock. Also known as a computer whose
security model is simple enough to understand and whose
operating system is known completely enough to trust.
And when I log in using that password, the company sends
my phone (which NEVER syncs on my computer) a nonce
via SMS which I then enter to finish the login.
There is no automatic authentication when the stakes
are high. That which is automatic, in an environment
where complexity runs beyond the horizon, I just cannot
guarantee will never admit someone else. There is no
"password sync" between phone and computer... because
I don't want the attack surface that comes with any
electronic script-detectable association between the
two. I don't want to have to secure phone information
on my computer, and I don't want to have to secure
computer information on my phone. There is no "password
wallet" in my browser, because I don't want my browser
to store passwords. Anywhere. Ever. Because I don't
believe I can keep anything accessible to, or especially
managed by, a browser secure.
My cryptographic keys (to bitcoin savings, SSH tunnels,
and some other high-stakes things) are no more complex
than many of my other passwords, and I save them in the
same way. With ink. On index cards. In the iron box.
With a padlock.
I don't worry about a trojan horse program or a worm
stealing my passwords when I'm not using them, because
I'm reasonably confident that the restricted computing
environment inside a padlocked iron box with no power
supply, no CPU, and an index-card memory isn't complex
enough for such a program to run.
I could worry about burglars, I guess. But a burglar
would actually leave evidence - he might get something
but I'd know he'd got it. Further, a burglar has to
spend time and effort and personal risk on each and
every target, instead of writing some program to rip
off the thousands of people who didn't patch the hole
it exploits, leaving no visible evidence of the breach.
And then launching it anonymously from some Internet
cafe in a jurisdiction with no extradition treaties. It
just seems to me like simple burglary is a more direct
and detectable and therefore more acceptable risk than
the activities of seven billion apes and software
complexity that goes out beyond the horizon, out there
somewhere in the universe.
That leaves me slightly worried about keyloggers when
I'm actually entering passwords, but I have one trusted
software source (linux distro) and seven applications
in total that come from any other source. Of those
seven applications, for five I have compiled from source
and for two I have taken the trouble to obtain binary
hashes of public repositories using machines in other
places with separate connections to the network. And
then I've brought those binary hashes home - on paper -
to make sure they match the software I downloaded. And
I run with the 'bin' directory mounted readonly, so I'm
not all that worried about keyloggers.
Ultimately, I believe in security. But what I believe
about security leaves me far from the cutting edge; my
security environment is more like bearskins and stone
knives, because bearskins and stone knives are simple
enough that I can *know* they won't do something I don't
want them to do. Smartphones and computers simply cannot
provide that guarantee. The parts of their security models
that I do understand, *won't* prevent any of the things
I don't want them to do.
An iron box with a padlock on the other hand is a simple
enough security model to understand, and does provide
strong guarantees about what that environment won't do.
Just a musing, I guess.... the point is that the industry
is now building security models which want to provide
collaboration, and single sign-on, and synchronization,
and interoperation, and 'cloud storage' and so forth -
but in doing so simply do not and can't provide good
reasons for trust nor solid mathematical proofs of
how the things I don't want them to ever do have been
rendered impossible.
In fact, most of them simply refuse to enumerate things
they render impossible. Security means guaranteeing that
certain things are impossible. Nobody's even trying to do
that because doing the minimum to achieve meaningful
guarantees that meaningful kinds of abuse are impossible,
would also mean that features like password wallets
where they can guarantee password 'recovery' are also
impossible.
They're selling the set of things that are enabled rather
than the things that are prevented.
Good computer security could be built. But maybe it can't
be sold.
And because that's what computer security is like these
days ... I'm forced to use an iron box. With a padlock.
Bear
More information about the cryptography
mailing list