[Cryptography] [FORGED] Re: millions of Ashley Madison bcrypt hashes cracked efficiently

Ray Dillinger bear at sonic.net
Mon Sep 14 03:33:11 EDT 2015



On 09/13/2015 07:28 PM, Phillip Hallam-Baker wrote:

> Still, how do we do AM right with cryptography? That should be the thing we
> look at!

Hmmm.  What set of services are needful to provide?

Obviously people want to be able to use their browsers to see
HTML pages that get regularly updated.  And they want deniability,
which is specifically an avoidance of anything like authentication,
so SSL certificates on the server side are okay but not on the
client side.

But those HTML pages, images, etc, can be on their own filesystems,
yes?  So they could get a big encrypted package daily-or-so that
contains the site updates - probably via bittorrent or equivalent,
which gets unpacked directly onto their filesystem in encrypted
form.  Then they can browse using their browser with a local-system
proxy that decrypts the material without ever writing the plaintext
to the filesystem.  If and as they answer or write ads, their proxy
uploads a relatively tiny update, no more than once per hour, to
the server - possibly via Tor or encrypted and tucked into an ICMP
packet.

Obviously this won't work if the site services need to include very
time sensitive things like live chat, and very heavy datastreams
like streaming movies, but it would certainly work for a relatively
simple private website a heck of a lot more resistant to traffic
analysis and account hacks than AM ever was.

If the central server sees your searches in plaintext, then it could
tailor an update for you depending on your searches - but there's a
privacy issue with the trusted central server where someone can
demand to see those searches.  Otherwise, users would need to select
a subsite to browse (a torrent seed, basically) based strictly on
statistical data or general interests, and have searches be local-
only.

Obviously anybody will be able to subscribe and get the daily update
bundles, so the ads people place should not be considered to be
private material.  But who placed which ad, I believe, is information
that is legitimately private and should be withheld from anyone who
declines to answer the ad and meet face to face.

				Thoughts?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150914/e598e783/attachment.sig>


More information about the cryptography mailing list