We help IT Professionals succeed at work.

Why bother?

krakatoa
krakatoa asked
on
Do Bullrun and Edgehill, along with some of the inbuilt shortcomings of SSL/TLS itself, mean that encryption amounts to not much more than a myth ?
Comment
Watch Question

Principal Software Engineer
Commented:
There are two kinds of information worth encrypting:

a) Information with a limited lifetime
b) Information with a long lifetime

Encryption can only protect information with a limited lifetime, because all encryption schemes have eventually been broken.  And as far as protecting information from a government agency, forget it.  The NSA spends all day every day breaking encryption and finding backdoors, and also pressures all companies to put backdoors into their products.

So the best you can do is protect information with a limited lifetime against non-government attackers.  This can only be done with encryption, and only with the encryption available today.

Is it futile?  Against a powerful enough attacker, of course it is futile.  Against two script kiddies in a basement trying to steal credit card numbers and PINs which will be invalid in two years time, it is quite effective.

You pays your money and you takes your choice.  Some protection is better than none.
Are locks on doors a "myth"?  They can be picked, doors can be kicked down, windows can be broken, etc.  Nevertheless, they are quite effective in day-to-day life.  I think the same holds for encryption.  Dr. Klahn makes some very good points.  There are MANY people who can steal unencrypted data.  There are far fewer who have that ability with encrypted data.

I recall years ago hearing a story about a fellow who came up with a new and improved system for generating encryption keys.  Someone heavily involved in security was asked how important the new scheme was.  He answered that he didn't know much about the new scheme, but it really didn't matter to him.  His view was that once you reach a certain level of security, people who want to get past it will find ways around it.  One that he mentioned (seriously) was a threat to someone's life!
A sufficiently determined hacker can indeed get past most encryption - but most hackers are not particularly "determined".  They generally are looking for the simplest and easiest places to attack.  It's just more cost effective.  This is why you see port scanners on any production site - bad guys looking for unpatched and easily attacked sites.

So I'd say encryption is still hugely helpful just because it raises the bar.

It's really a matter of how hard is it to get into your data, compared to somebody else's data.  It's why "the club" works on a car.  It's not that you can't remove it - it's just there's another one right next to it that's easier so the attacker skips over yours.

But certainly, believing that encrypted data can never be broken into is not wise.  That's why things like credit card numbers should never be stored in e-commerce sites - they should be passed along to the banks without being stored, so then there's nothing to hack and get.

Doug
David FavorFractional CTO
Distinguished Expert 2019

Commented:
Without TLS, anyone can hack any packet flow, so yes, TLS is required for any connection dealing with money or passing personal information, which can be used for identity theft...

Anyone... in possession of the tech keywords you mention... likely can easily access your money + personal data without having to use the tech you mention...
Distinguished Expert 2019

Commented:

Locks only keep honest people honest. 

Bullrun goes back many years to the aborted introduction of the clipper chip. The Five Eyes put constant pressure on technology companies to put in back doors which most companies have resisted. 


SSL has proven to be crackable, SHA1 TLS has shortcomings that make it crackable. SHA256 with 2048 keys is currently not crackable. The current versions of the iPhone's internal securityis uncrackable (the federal government is trying to force Apple to relax its phone security claiming national interest) Encryption security is either effective for all or not effective for all. The biggest SSL problem is the initial entropy that is used to set the initial random number that is used to generate one of the prime numbers 

Are locks on doors a "myth"?  They can be picked, doors can be kicked down, windows can be broken, etc

Yeah, that really wasn't so much the destination of my question, because I know that my property faces all those risks and potential compromises. That is not the case in the same way with encryption, as, for one thing, neither side of the argument would ever concede that encryption is entirely secure or ultimately fallible. It is precisely because we don't know to what level these algorithms are safe, that we can never establish an ultimate truth about them, and that makes the situation multi-way unassured and unassurable.

You can, on the other hand, get insurance for your house and its contents, even if they are lost through theft and the insurer aware that the premium covers that sort of risk. I've never heard of anyone being able to take out insurance against their encryption being broken.

@David Johnson, CD
Thanks, useful comment.
But if I were running one of these security services, if we were able to crack 2048 encryption for example, my service's public statement would be that we couldn't. This was already part of the philosophical dilemma faced by the codebreakers at Bletchley Park, because mitigating the effects of every single attack that they identified would have given away the fact that Enigma had been broken, and so sigint would have been effectively compromised and so less effective.
Faced with this, we can never really know whether anything is crackable or not, I don't care whether two kids in a bedroom know I voted one way or another in an election; but I would mind a great deal if that sort of information was unpicked by my government from what was meant to be a confidential and encrypted communication.
but I would mind a great deal if that sort of information was unpicked by my government from what was meant to be a confidential and encrypted communication.

That concern is definitely valid and unfortunately almost certainly impossible to prevent in the long haul.  Because encrypted data can be captured today and decrypted much later once cracking improves.  NSA anyone?

E g. A fully functional quantum computer may make cracking almost all known encryption approaches feasible, because they all rely on the fact that brute force searching for the key isn't practical.  But if you can search an exponentially large space in linear time (which a quantum computer in theory could allow) then those searches become tractible.  

So the most secure rule is - if you're worried that somebody might see it, don't write it down.

Doug
So the most secure rule is - if you're worried that somebody might see it, don't write it down.

Which amounts to the end of democracy.
Which amounts to the end of democracy.

I think that's a little strong, but each to their own :)

(Most of my political views, I don't mind sharing publicly)
Distinguished Expert 2019

Commented:

One of the ways that Enigma was cracked was messages  using a common salutation i..e. Heil Hitler. There were communication errors also i..e. messages sent in cleartext and in cypher. The reuse of cypher keys. The initial settings were supposed to be random but humans are (a) lazy and (b) not very good at picking random numbers/letters.  Certain operators had favorite settings and the operator could be identified by their 'fist' (the way they sent morse code)

SHA-1 lasted about 20 years   https://eprint.iacr.org/2020/014.pdf  https://sha-mbles.github.io/  https://www.grc.com/sn/SN-751-Notes.pdf

Every session uses different keys so if I break 1 session in 24 hours it will take another 24 hours to break another session.  Due to the volume of traffic it will take a long time.  The hardest part is to identify the traffic you want to analyze and decrypt.  If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target. 

Yes, cribs were a crucial part in Bletchley - but so are they today. It doesn't matter how the cryp is broken, only that it is.

If you use a vpn or get a new ip from your ISP then it becomes even harder to identify the target.

One of the apparent successes of govt crypto, has been with VPNs.
And as far as protecting information from a government agency, forget it.

Course, if a really bad-news govt ever came to power "over here" - (which could never happen of course) -  (wherever over here is), I'm confident they'd be honourable enough to delete the previous government's suspects' databases, before embarking on their own digital persecution programs.