Schneier on Security

Clive Robinson • January 20, 2023 6:07 PM

@ William, ALL,

Re : Cryptographers.

“Cryptographers rarely create anything of value.”

Value to whom and in what way?

I can argue that the security guard at the front door of a building never create anything of value, in fact worse they represent a continuous cost…

So why do so many people pay for the services of security guards?

“Meanwhile, systems have exploded in complexity. Developers are being challenged with complex AND complicated scenarios all the time.”

Who’s fault is that?

Certainly not the cryptographers or nearly every one else related to actual security research work.

It’s actually the fault of two non qualified departments in most software development organisations,

1, Managment.
2, Marketing and sales.

At senior level most CSO’s have next to no say, carry significant liability and more often than you would expect have next to no training in security where as corporate managment and law… This should be telling you something.

Which in part tells you why,

“The fact is, most problems are NOT cryptographic, they’re security system problems.”

Actually it’s worse than that, they are mostly down to “lack of common sense”. Nearly all “Computer Crime” is not new, it’s old certainly older than computers. That is it is well established tangible object physical world crimes that are just “changed a little” to work with intagible object information world systems.

Invariably such crimes are based on the simple notion of sending a list of instructions to a computer system which is in no way under the criminals control, and the system carries them out…

Why an earth would any rational person not see where the fault for that actually exists…

I’ll give you a clue it’s not with the cryptographers, and they darn well know it, which is why the give that

“Don’t run with scissors warning”

Of,

“don’t roll your own”

Because they know from experience that mostly those with whom the problem exists,

1, Lack the training / competence.
2, Seek to externalise risk&blaim.

What highlights this inability of understanding is that people would say,

“Keep doing the same exact thing that was invented before anyone had ever heard of the cloud.”

Actually what is needed to be done for secure communications and storage was known before any computer including Babbage’s were ever thought up let alone built.

Information systems cover three areas,

1, Information Storage.
2, Information Communications.
3, Information Processing.

None of them are realy new ideas, Queen Elizabeth The First of England half a millennium ago certainly appeared to understand all three or at least Sir Francis Walsingham her “Spymaster” and close confidant certainly did.

The “physical object” security and communications methods from back then have in no way realy changed just some ot the techniques in the minor steps.

What has changed and only since the 1970’s is how we process information. Whilst the pre 1970’s security physical methods still work as ever they did we now want to do something entirely different.

Processing Information in the Cloud is not in anyway under your control or in actuallity anybody who you rent the systems from. Even though you have to sign away every right and throw away every sensible precaution people want that “cheep deal today” and “S@d the consequences tommorow”.

Have a look at the failures of “hardware solutions” in CPU’s to see that fundementally the computer architectures we mainly use are not in anyway designed for security in the lower levels in the computing stack. In fact they have been designed for convenience in which efficiency not security played the real driving role.

Supprisingly cryptographers are working quite industriously to solve this physical problem with an informational solution, and we know it’s no easy task and the result almost certainly will be in most cases slow, inefficient and therefore costly to implement. So unlikely to be of any use in saving money in the cloud, so probably won’t get used, or more importantly used properly.

And “used properly” is a big big issue when it comes to cryptographic algorithms, protocols and standards. Apparently it does not matter how we write them, some one will always either put their own spin on it or think they know better.

If you don’t believe me go and look up the history of “Number used Only Once”(nonce). It’s a very simple idea, however it can be extrodinarily hard to implement correctly in fact it can be shown to be imposible to do reliably in some cases. Often though the entire proof of security is founded on it…

You can almost guarentee if you give developers not sufficiently versed in security –as most are not– even a well written specification and implementation guide they will get it wrong…

“notice that cryptographers never have time to review anything.”

That “not having time” aspect is not just the fact that cryptographers are a very scarce resource (which they very definately are). But also amoungst other things going around telling people the same thing over and over again, and having those people then ignore you, have it blow up on them, and then blaim you not themselves, is at best a thankless task. Worse with idiot lawyers running the CSO Show you risk way more than you have for no gain, which is not sensible. So look on it as a “polite refusal to shoot themselves in the foot”.

It is also why you get the issue of,

“I’ve been to several conferences and gathered most all papers are related to dissertations. Umpteen lectures on the Internet, how encryption works, are the same thing over and over and over.”

Two points to think about,

1, Who the conferences are actually for, almost certainly not non cryptographers…
2, If you as a person for whom the conference is not actually for, can not get the basics right, why should those letting you in bother going beyond the basics you are going to ignore anyway…

Which brings us onto the next selfish accusation,

“They can never say if anything is secure.”

Nobody and I mean nobody can say something is 100% secure, all they can do is say they have found something wrong within the limits of our current quite small knowledge.

If you meet someone who says they can give you security guarentees with cryptography they are almost certainly a sales person or wrong. In many cases due to unicity distance in crypto algorithms and similar in modes and protocols they are used in. And if they are not wrong, then almost certainly it’s not practical in all but quite specific cases (see say the OTP and dealing with more than two communicating parties or more recently why E2EE is very difficult to get working securely in all multiparty “secure messaging apps”).

As for,

“All they do is wait until someone does something then collect enough evidence to bury them.”

Actually whilst it might feel like they are being buried remember,

1, They were told not to run with scissors.

2, The resulting mess they are sitting in, is entirely down to them ignoring what they’d been told.

3, Ignoring even the most basic of security advise is such a trend in the industry that just saying “I told you not too” is nolonger enough. Being nice does not work, it just encorages idiots to strike out.

4, It’s their own mess they are sitting in, why should anyone else clean it up for them? Especially when there is nothing in it for those daft enough to do so.

So unless you can find more positive observations in Mr Stewart’s book I’m assuming one or both of you do not understand very much about cryptographers.

Clive Robinson • January 22, 2023 7:34 AM

@ tfb, Winter,

“It wasn’t quite enough, but they’re not the villains they are being made out to be, I think.”

The question of “villainy” is an open one, and falls not under the purview of the involved, but those who look on as observers.

As has been highlighted above the “villains” are that because they “rolled their own” and got it wrong.

But arguably they had no choice, because there was nothing already rolled and available at the time.

So damned if they did damned if they did not.

As I’ve noted above AES is a security failure in several important ways as those ways were deliberately excluded from the compatition assessment process[1]. Further I suspect that at some point in time AES’s basic constructs will become questionable (there were better AES candidates, but “the cute mutt won the show”).

Security is hard to implement and extrodinarily fragile, testing it is well neigh impossible for anyone outside of Government because of the number of people you would have to hire would be prohibitive and commensurably expensive.

The only reason the NIST competitions happen is “for the fame” or publicity and if you are lucky the potential to convert that into a reasonable position in an organisation.

The only way most people can get their system sufficiently tested is by making a target of themselves.

The classic example of crypto dog piling was probably the “Fast Encryption ALgorithm”(FEAL) that got torn to pieces so badly it was effectively a “blood sport”.

However it pushed people to come up with new attack methods (differential and linear) which kind of pushed quite a few other cryptographic algorithms off of the stage, the most obvious being DES.

You can get a feel for the salvaging FEAl got from

https://en.m.wikipedia.org/wiki/FEAL

So the reality is unless you are a Government, you have to have two things happen,

1, Be totally Open and Unencumbered.
2, Have sufficient standing to be news worthy enough to give others fame / publicity to in effect form a competition.

They had neither at the time, but things changed and they got both of them…

[1] Much that should have been in the AES competition was not even though known to be concern areas to the “Technical advisors” to NIST the NSA. In fact the competition looks very much like it was rigged to make the most insecure implementations of AES get put into just about every piece of software it could and every code library… Worse the NSA does not realy approve of AES themselves, noting it is secure to protect “data at rest” to secret. Worse if you look around you will find the NSA do not approve of the use of AES when systems are processing or communicating information… So theoretically secure, OK for stored data, but not to be used to encrypt or decrypt in systems that can be reached externally.

Clive Robinson • January 22, 2023 11:16 AM

@ Winter, ALL,

Re : D Wheeler HowTo Extract.

“I follow David A Wheeler [1] here. It is the fact that they kept the source closed until 2020 which allowed them to grow a large user base, that is objectionable.”

I’ve read it and it actually says very little.

Your argument of,

“… to grow a large user base, that is objectionable.”

Would be funny if you’ld said it about Microsoft or Apple and their many many as, if not more, serious security faults march out the door almost daily.

As I pointed out above, nobody would have looked at Threema’s code unless they became sufficiently large to be newsworthy.

That’s the reason the researchers looked, because they are now “big enough to boast about”.

In Western culture nobody is realy interested if you beat up on a 35kg little kid, or they will take the little kids side and look badly at you. However you beat down a 140kg behemoth then the crowd will shout and cheer and yell for more. The story of David v Goliath exemplifies this.

Nobody would have looked at Threema’s code when they had to roll it themselves because they were not worth the time or effort back then. Now they have lots of users they are newsworthy and that is a path to fame for others.

That is the only reason the code was looked at, pure and simple.

Pretending Threema are villains just to sell newspaper space really does not change anything. Because the users would still have signed up to them or some other insufficiently secure system provider.

As I’ve mentioned before “None of the Secure Messaging Apps are Secure” and “The designers of those systems know it”.

I very much doubt that any “user usable” communications program is secure, as the all have the same fundemental foundational mistakes.

It’s why over and over I tell people not to trust consumer / commercial programs on consumer / commercial platforms, because I know beyond reasonable doubt they are all insecure and in practice can not be anything close to secure. It is afterall not that hard to work out why and gets confirmed almost every day as look through CVE will show.

I’ve even told people how to get better security but I know that few if any will heed my advice let alone actually follow it.

Why?

Because the evidence points to the fact that people in general won’t make the effort[1], they all want convenience and will quite happily believe in any old nonsense as long as they can share photos of kittens that look grumpy or cute.

I’ve shown the horse the path to water, I’m not going to waste any more effort to drag it down there and push it’s nose in it, just to have it kick back at me now or in the future.

And am I happy Threema’s proved me right? nope.

Will I be happy when I’m proved right about the rest of them? nope.

All your comment proves is that “a large user base” failed to do their simple due diligence, because they wanted conveniance etc, so who is realy to blaim?

The answer from my perspective is the users, they had alternatives, they did not have to use Threema, the same as you don’t have to use Microsoft, Apple, Google, or Adobe products.

We once were all told we had to have “Flash” or “Java” in our webbrowsers, I said we did not, and after a veritable death race carnage of security vulnarabilities most do not use Flash or Java in their browsers now. I’ve as consistently warned about JavaScript and more recently HTML5. They too are going to have their own blood and gut strewn street of security vulnerabilities… But will they stop going for the convenience? Nope because that’s how users are and,

“You can not stop stupid doing as stupid does”.

History tells us this over and over like a wheel stuck in a rut.

[1] Look up all the “Why Johnny can’t encrypt” research.

Clive Robinson • January 22, 2023 2:23 PM

@ Winter,

“Attracting a large user base with self-developed Cryptographic protocols and primitives is far from “responsible security practices”.”

But that is the way the software industry works, and as far as I can remember, how it’s always been done with consumer / commercial grade software in even the largest of software companies untill fairly recently.

So in effect you are saying Threema’s crime is to have followed industry best practice of the time?