[cryptography] Nirvana

ianG iang at iang.org
Sat Sep 24 05:55:59 EDT 2011

>>>> And further, you should have a client app on your computer for 
>>>> dealing with
>>>> shared secrets, which is only capable of attempting a visa payment 
>>>> with an
>>>> entity trusted by Visa.
> On 2011-09-24 4:06 AM, John Levine wrote:
>> I don't see how to do that in a useful way without non-programmable
>> hardware.  We've seen PC-based malware do pretty much any MITM attack
>> you can imagine.

Most PC malware succeeds in controlling an application [0].  These days, 
more OS support attention is going into stopping a breached app from 
allowing a hop.  This is Android's sandboxing for example.

Hence, the current advice for phishing is "use another browser," as an 
analagous situation.

So, people use Firefox for their general work, and reserve Safari for 
online banking, only [1].  I have actually succeeded in teaching this to 
my mother, who at 70 or so is quite incapable of dealing with computers 
at any geek level, but she does follow a script written out on 4 pages 
to review her bank account.  What's more, she has succeeded in teaching 
the grandchildren that they can use her laptop but they are banned from 
using Safari.

On 24/09/11 11:45 AM, James A. Donald wrote:
> Most computers are not controlled by malware, and the malware argument 
> is as much an argument against existing ssl/https/pki as it is against 
> any alternative to ssl/https/pki

Right, exactly!  It's pretty easy to counter any argument by throwing in 
some theoretical grenade.

    "But wait, all trusted hardware is controlled by the state who 
perverts the chip makers...."
    "But wait, China manufactures all the chips now, so our state is 
perverted by their state..."
    "but wait..."

Experimentation cuts this Gordian Knot.  In this sense, the google CA 
pinning hack is just what the doctor ordered.  That technique was 
obviously easily destroyed in argumentation by any number of theoretical 
grenades.  But, code rebuilds what committees destroy.

Which points to a further problem.  As the lifecycle of a crypto system 
matures, the security apparatus takes on a less fluid form. In the 
extreme, as all security decisions require approval from external 
committees [2], the security model becomes concrete, allowing attackers 
to easily walk around it, on top of it, or through it where the door was 
nicely left.

The way to understand why this doesn't work is to look up OODA loops.  
The consequences of this will destroy a number of myths about security 
and the Internet...


[0] Dealing with phishing is all about risks, not about theoretical 
binary security thinking.  For most part that's because the vendors have 
really not dealt with it, so the users have increased risks, and have 
had to learn to deal with it using ad hoc methods.

[1] Or, IE, v.v.  I've taken to using Chrome a lot lately but only for a 
specific purpose.  It's great for gmail, but horribly sugary for 
news.google.com.  I don't know how anyone can put up with that sort of 
casino look.

[3] The specific construction in concrete here is that browser vendors 
look to PKIX for security guidance, and the latter focus on arcane bugs 
in SSL which have never been exploited in the wild, but really tease the 
cryptominds in the committees.  So, the blind leading the blind.

More information about the cryptography mailing list