[cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

Kevin W. Wall kevin.w.wall at gmail.com
Thu Jun 16 18:52:36 EDT 2011


On Thu, Jun 16, 2011 at 5:27 PM, James A. Donald <jamesd at echeque.com> wrote:

> On 2011-06-17 4:02 AM, Nico Williams wrote:
>
>  Crypto is no more than an equivalent of doors, locks, keys, safes, and
>> hiding.
>>
>
> The state can break locks, but it cannot break crypto.
>
> Hiding *is* effectual against the state - and long has been even before
> crypto.
>

The key word here being *effectual*. Crypto is effective, but some of your
posts
make it seem to be a panacea, similar to how Bruce Schneier originally
thought
(see preface of *Applied Cryptography*) that cryptography was going to be
the
salvation of information security. Crypto certainly has a major role to play
in ensuring confidentiality and integrity, but it is not an be-all
andend-all.
The point is, the state doesn't always *need *to *break *crypto to get your
secrets.

To that end, I think you are misinterpreting what Nico was trying to say,
which
was, crypto is no guarantee that you can hide things from the state, at
least
as it is practiced by the general populace.

Specifically, if that "state" is some corrupt regime, crypto *may*[1] help,
but it
will not ensure with 100% certainty that your secrets will remain
confidential
from the state.

For that to be true, everything would have to be secure, from the OS all the
way
down to all the firmware. (See Ken Thompson's ACM Turing Award lecture,
*On Trusting Trust*.)  You'd also have to eliminate all possible side
channel
attacks such as EMF leaks. And even if you are secure from attacks coming
from
all those threat sources, an unscrupulous state will have no compunctions
about using a rubber hose attack on you or ones you care about to get your
secrets or get you to divulge your crypto keys. (Someone in an earlier post
mentioned how it is already getting close to that in certain criminal cases
in
England. How much worse would it be with a corrupt regime not following
principled rule-of-law at all?)

While I don't want to put words into Nico's mouth, I think he was merely
trying to point out the difference between the use of crypto in theory and
crypto in practice.
_________
[1] Using crypto in a fascist or otherwise corrupt state where crypto is not
the norm
may have the opposite affect of drawing attention to yourself and arousing
the
suspicion of the state. So in such cases, one at least needs to account for
plausible deniability, otherwise you'd be better off keeping your head low
so as not to be noticed in the first place.

-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110616/c05124d3/attachment.html>


More information about the cryptography mailing list