[Cryptography] Questions of taste on UDF presentation

Jonathan Thornburg jthorn4242 at gmail.com
Sat Feb 16 20:56:19 EST 2019 

On Sat, Feb 16, 2019 at 02:48:23PM -0500, Phillip Hallam-Baker wrote:
> So lets imagine we are on a business trip. We stay at a Hilton, we get
> a drink at Starbucks, etc. and when we get home we have a pile of
> receipts that we have to remember to turn in.
> 
> 
> What if each of those receipts had a QR code that linked to an
> encrypted version of the receipt? What if we didn't need any PKI or
> even public key to decrypt it? What if [[...]]

Using this requires that I (a potential user) scan lots of QR codes.
In the real world, that's not a very prudent thing to do:
* What if one of these QR codes pwns my phone?
* What if one of these QR codes signs me up for even more spam?
* What if one of these QR codes takes me to a nasty website while
  I'm in a country with a "one strike" law?

The basic problem is that there's no easy way to tell what a QR code
is going to do without doing "it".  And trusting a random crumpled
receipt that says "Starbucks" and has the Starbucks logo on it,
doesn't seem a lot safer than trusting a random website that says
"Starbucks" and has the Starbucks logo on it.

As Jerry Leichter wrote on 2014-09-12 in this mailing list
(message-id <F432B43A-F5EB-4E14-8BDF-598C2B268FA8 at lrw.com>)
> In a world of drive-by web attacks and continuous warnings (well
> founded or not) not to click on "unfamiliar" links ... the concern
> they raise is reasonable.  Advertisers want a quick, no-effort path
> from the real-world QR code to a site that sells you something.
> Such a path is incompatible with security in today's world.
> 
> If QR codes were truly "just a glob of data" which could not trigger
> any automatic action, I might be willing to scan one.  But unfortunately
> they trod the same path as e-mail, but before they were even released:
> From just a blob of data that couldn't harm you to something
> "convenient" - but laden with all kinds of hidden semantics that
> can not just deliver, but even execute, attack code on your system.
> 
> Yes, it's *possible* to create "safe" QR codes.  And it's possible
> to send "safe" mail.  It's also possible to run an email program
> that will ignore all the dangerous stuff - Alpine is still out there
> - and it's possible to run a QR reader that won't do anything
> dangerous.  But the software most people have on their phones for
> this purpose is *not* safe - and what's important is not that it's
> possible to produce "safe" messages/QR codes, but that it's possible
> to produce "unsafe" ones.

ciao,
-- 
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list