[Cryptography] Dedicated servers, was Re: Signal planning no support for plaintext SMS

Peter Fairbrother peter at tsto.co.uk
Fri Nov 4 02:31:46 EDT 2022 

On 02/11/2022 00:45, John Gilmore wrote:
I
> got tired of finding tricks to dodge Signal's insistence that I "create
> a PIN" that it would then use to upload all my contacts into Signal's
> servers 

I know almost nothing about Signal, but if any messaging app has its own 
dedicated servers then it is going to be insecure. If the servers have 
any kind of private information on them they are a security risk.

2nd law: An attacker can't steal things which aren't there to steal

What do they need dedicated servers for? Technically, there is no 
security to be gained from having dedicated servers. That includes 
better usability (which is a security issue). To combat DOS? Dedicated 
servers just give a single point of DOS attack.

I can think of two other possible reasons why app designers might want 
to use dedicated servers - monetisation or honey-trapping. 
Honey-trapping is obviously bad security (from the user POV), and 
monetisation necessarily involves private info and is therefore bad 
security as well.



6th law: Only those you trust can betray you



-- Peter Fairbrother



The laws and principles of secure system design:

The laws:


0 It's all about who is in control

1 Someone else is after the things you have

2 An attacker can't steal things which aren't there to steal

3 Everywhere can be attacked

4 More complex systems provide more places to attack

5 Attack methods are many, varied, ever-changing and eternal

6 Only those you trust can betray you

7 Holes for good guys are holes for bad guys too

8 A system which is hard to use will be misused, abused and underused

9 Security is a Boolean. [1]

10 Items of data once publicly linked cannot be reliably unlinked


[1] Looking back in time from the future - did it work? Then it was 
secure enough. Can be hard to see that from the present though, and even 
from the future not all harmful breaches can be seen.




The principles: (a work in progress)

A capable attacker will look for plaintext
red/black separation
Schneiers's principle
Zooko's tradeoff
Kerckhoffs's Principle
Corollary to Metcalfe's principle [2]
It is easier for insiders to steal information - also janitors, cleaners
Design for known threats
Design for future threats
Design for unknown threats as far as possible
existing systems persist
defence in depth
monoculture -> target more attractive, usually more brittle
the capital and operating costs of well-designed secure systems are 
about the same as those of insecure ones until the insecure ones fail
keep intrusion records
keep i/o records
cheap and effective security needs good system design.
if it's expensive, it probably won't be effective.
Unless it is for your use alone you do not control what a system is to 
be used for
Even if it is for your use alone you do not control the resources which 
will be pitted against your system
cryptanalysis is difficult - but people can do difficult things
people offering the impossible are lying
in code, nothing ever really goes away

etc.

The principles can sometimes be broken or wrong, unlike the laws.


[2] the security of a secret is inversely proportional to the square of 
the number of people who know it

More information about the cryptography mailing list