[cryptography] Introducing SC4 -- feedback appreciated

Ron Garret ron at flownet.com
Fri Apr 17 19:25:19 EDT 2015


On Apr 17, 2015, at 3:51 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret <ron at flownet.com> wrote:
> The fact that to use PGP you have to install an application.  (This is true for Peerio as well.)  That turns out to be too much friction for most people.  Whenever you have to install an application you have to decide whether or not you trust the application, and most people have no basis for making that assessment. 
> 
> Why should anyone trust your web page?

Why should anyone trust anyone’s web page?  When was the last time you obtained a software application that was *not* delivered via the web?

I’m not saying this isn’t a problem, just that it is not a problem unique to SC4.  *Every* application has this problem.  Do you use PGP?  Did you build it from source?  Are you sure you can trust your compiler?  Did you verify the signatures?  Are you really confident in the root of your chain of trust?

> Do you expect people to audit the source code every time they use it?

No.  SC4 was designed to support a wide variety of risk postures.  If you don’t trust my server, you can run SC4 from a standalone file on your own file system.  The code to generate that standalone file is part of the current SC4 distribution.  If you don’t trust that, then it’s pretty easy to write an SC4 implementation in C.  If you don’t trust that then I confess that I am at a loss.

> If they don't, perhaps you made a change which exfiltrates the plaintext to your personal server. Perhaps you targeted a single person, and everyone else sees the "real version”

Yes, all these things are possible, but they are also possible for PGP.

> This is why web pages aren't trustworthy for cryptographic purposes.

Then what do you propose?  If I want to run secure crypto software, how should I do it under the attack model that you’ve implied by your questions?

> I wrote a blog post on this topic:
> 
> http://tonyarcieri.com/whats-wrong-with-webcrypto

Yes, and I am very sympathetic to this argument.  But the problem is that it applies to anything you download from the web, not just webapps.

My claim is not that SC4 is secure.  My claim is that SC4 is at least potentially as secure as anything else in today’s world.

rg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150417/a41e111d/attachment.html>


More information about the cryptography mailing list