[Cryptography] "we need to protect [our dox] by at least encrypting them"

Benjamin Kreuter brk7bx at virginia.edu
Sat Nov 5 19:04:53 EDT 2016 

On Sat, 2016-11-05 at 14:29 +0100, ianG wrote:

> The big picture is this:  the node is the threat, not the
> wire.  This 
> case as 99% of the threat evidence out there is all about hacking
> some 
> server and scarfing up everything, *or* some insider threat leaking
> the 
> trove.

The fact that the server might be hacked is *exactly* why end-to-end
encryption is needed.  PGP is not really about protecting mail on the
wire, it is about dealing with the fact that "sending" mail really
means creating copies on multiple machines, any one of which might be
compromised, and those copies might be stored indefinitely.  Huma
Abedin just learned that lesson the hard way.

I think insider threats are not really a cryptography problem, although
certain approaches to dealing with insider threats call for some sort
of cryptography.  Modern cryptography is about dealing with the
security problems that arise when information flows across some
organizational or security boundaries.  Such problems are inherent to
any Internet-connected system and to any application that uses the
Internet:

> Or both - with the news that 5 intelligence services were likely
> (99%) 
> to have hacked Hillary's private servers, and wikileaks likely
> getting 
> their leaks from insiders.

Exactly: the server is not trustworthy, simply because it is connected
to the Internet.

> Which is to say, we could paper the planet with wire encryption -
> pure 
> PGP mail and HTTPS as standard - and we'd not move the threat needle
> by 
> more than 1%.

How would using PGP fail to move the threat needle?  If the mail on the
server was encrypted the needle would have been moved, in the sense
that hacking just one server would not give you access to anything.  If
the private keys are kept on a hardware token that requires a periodic
button press to decrypt anything, the needle moves even more (and the
usability benefits of having keys on a token are nice too).

-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161105/b38c3369/attachment.sig>

More information about the cryptography mailing list