[Cryptography] Crypto best practices

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>I would guess that this is an area where the three-letter-agencies are ahead
>of the open research community.  Actual safe use in the real world has always
>of necessity been a requirement for them.

It depends on which side of the agency you're on.  If you're using crypto to
protect TAO-style stuff, as the Vault 7 stuff appeared to be, then your
concern isn't to have it super-secure but to have it detected.  In fact the
last thing you want to use is some super-secure classified technique, because
at some point your gear is going to be discovered and reverse-engineered (or,
in this case, leaked), and you don't want to risk using your best tech to
protect the exfiltration of Putin's laundry list.

Instead, you'd probably be following the rule about what sort of weapons to
use when staging an insurrection: whatever can use the same ammunition as the
government troops, and that sounds identical when fired to government weapons
(unless you're planning to draw them into an ambush with a fake firefight).
So make your exfiltration tunnels look identical to SSL as done by IE or
Chrome, or dress them up as video or VoIP streams, or whatever.

Going even further, lets say Vault 7 used DES in ECB mode.  That's not such a
good idea not because it's weak, but because no-one else uses it so it'd stick
out like a sore thumb.  However, ignoring that, what would happen?  What would
be the threat to a TAO-style operation from using DES in ECB mode?

(Before anyone says "a sufficiently-resourced attacker could decrypt it",
think about what else would be necessary before you can get to that point, and
what the whole point of a covert exfiltration operation is).

Peter.