[Cryptography] Other obvious issues being ignored?

Jerry Leichter leichter at lrw.com
Sat Oct 24 16:35:08 EDT 2015 

>> 1.  You're saying out loud what's obvious but unacknowledged:
>> The base of your trust is not in any CA, it's in your browser's
>> code.  Whether open source or closed, browsers are way to complex
>> and change way too often to be effectively audited by any outside
>> team.  All the cryptography in the world can't protect you from
>> attack code within your browser itself.
>> 
>> ...snip...
> 
> So, let me suggest that audit is headed for a brick wall.  I don't
> like that, but it seems so.  The reason, as you say, is a side
> effect of complexity that leads to obscurity.  But obscurity is
> the malware writer's central technique and, arguably, stealing our
> opponents' techniques is fair if not brilliant.  See, in other
> words, DARPA's in-progress work looking at obfuscation -- original
> announcement here:
> 
> https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90b1e84fdb91d7dd382396&tab=core&_cview=0
> 
> which leads me to ask the general question, what does one do when
> something you might soon depend upon can simply never be analyzed?
We've always been in that domain.  Who knows what's actually in your hardware?

It's all a question of risks:  Trying to pin them down, trying to determine who you are trusting (recall the NSA definition of "trusted party":  Some who can break your security).  At no time, in no place, has anyone had absolute security.  Monarchs who relied on trusted praetorian guards have been assassinated by those very same guards.

Audits are important; program proving techniques are important; cryptography is important.  But the search for absolutes is pointless.  Build your own systems from NAND chips, write your own code from the ground up - and you're still vulnerable to someone who slips a camera into your home to watch your keyboard as you type.  If the NSA can't protect itself against an Edward Snowden, what chance do any of the rest of us have?

Provable program obfuscation may be on its way, but *practical* program obfuscation has been here for many years.  Suppliers of software will have to build trust the way suppliers of physical objects and services have built trust.  And sometimes that trust will be violated.

Are we safer or less safe if people can hack into and analyze car computer systems?  Right now, the debate is over the *permission* meaning of "can".  If we use the *possibility* meaning instead - well, in theory, if no one, black hat or white, can hack in - the world's a better place.
                                                        -- Jerry

More information about the cryptography mailing list