Crypto

Tor Stupidity

  • Posted on August 21, 2016 at 10:30 pm

Some idiot posted a call to not use or work on Tor during 1 September 2016. I won’t explain what Tor users and developers are asked, nor will I explore the motivation for calling a strike. Not using Tor for a day is not an option. Not working on Tor is not an option. Disabling Tor node for a day is not an option. Publishing a demand like this is utterly stupid and irresponsible.

Tor is a very important tool. There is no place for petty-minded conflicts. Take your fight to the arena and let Tor users be.

Crypto Easter Eggs in Software

  • Posted on May 27, 2015 at 12:59 am

The Logjam paranoia is spreading. After decades of using software with cryptographic features, every couple of months researchers discover features and code from the dawn of communication over the Internet. DES, 40/56/64 bit keys, RC4, 16 bit primes (yes, you read that right), and a lot more legacy cruft is still in memory on computer systems all over the world. Unless the code bases get cleaned up LibreSSL-style, there will be more of these ghosts from the past.

Delete these lines of code, remove the dependencies. No excuses.

CryptoParty Observations

  • Posted on October 11, 2013 at 10:23 pm

The CryptoParty phenomenon is past its first anniversary. The interest in cryptography and secure communication has always been there. The existence of CryptoParty before Edward Snowden leaked the criminal practices of secret services around the world is a good indicator for that. The questions is if crypto flash mobs of tutors and students can make a difference. Cryptography has deep roots in mathematics (which can and have to be reduced to a minimum when explaining, remember that every formula in an article for a wide audience halves your readership). In addition most tools used for encryption are not point-and-click capable (which is partly due to the user interface, but the real reason is the fact that secure communication doesn’t feature an on/off switch). Too bad. Despite these difficulties CryptoParty events work somehow. At almost all local events here participants learned something, tutors did too.

A couple of days ago someone asked me for a „mini crypto handbook with just the essentials“. I have given this idea some thoughts, but I doubt that you can improve your data’s and communication’s security by a short laundry list of things to do or not to do. You might get to the point of encryption quite fast, but managing the keys and verifying the identity of your communication partner(s) is the most important aspect. Then there is the problem that once data is decrypted it tends to leave residue in clear text. Unless you use encrypted storage all of the time and everywhere there is a chance that traces of data will leak and stay without cryptographic protection. It’s a bit like dealing with radioactive material – always use secure containers and equipment.

Give the extra effort of security all of our lives will still have an „unencrypted component“. You cannot securely communicate with partners who do not support secure communication. Calling a taxi, ordering pizza, phone calls with friends & family, even communication with companies or public authorities are probably easy to intercept. Observing the communication of an individual or an organisation as a whole can therefore be very informative if the pattern of encrypted and unencrypted information is analysed. If you only use cryptography when important, then you betray the fact that something interesting is going on. Using cryptography indiscriminately would be better – if it were possible with every communication end-point. Intelligence services know this, so does everyone else.

There are not short-cuts, it seems.

Es gibt keine leichten Auswege aus dem Überwachungswahn

  • Posted on July 7, 2013 at 8:58 pm

Seit Bekanntwerden des weltweiten Überwachungsskandals grassieren zwei konträre Ansichten durch das Internet. Die Eingeweihten und Paranoiker sagen: „Wir haben es immer schon gewußt.“ Man liebt es ja, wenn eine Verschwörungstheorie an Wahrheit gewinnt. Dem gegenüber stehen diejenigen, die den Rechthabern vorwerfen: „Ihr habt versagt.“ Den Satz gibt es auch als Selbsterkenntnis. Man kann sich jetzt eine der Seiten aussuchen und damit den eigenen Grad der Unglücklichkeit bestimmen. Das ist der einfache Weg. Es gibt noch einen differenzierten Ansatz, den niemand interessiert.

Dass man Kommunikation an natürlichen Engpässen überwachen kann, ist kein Geheimnis. Das ganze wird noch leichter, wenn man Klartext verwendet oder keine eigenen Schlüssel hat. Man kann nun lang und breit über dezentrale Systeme, Kryptographie, Schlüssellängen, supertolle Apps zu Abhilfe, eigene Infrastruktur und die Rettung der Welt durch Bits, Bytes und Mathematik reden. Man kann auch viel an den derzeit bekannten Lösungen für bestimmte Probleme herumkritisieren. Natürlich ist vieles Da Draußen™ nicht mit genial intuitiven Oberflächen versehen (dazu zählen aber auch Videorekorder). Wenn nur Eingeweihte Eingeweihtes bedienen und entwickeln, dann wird sich am bedienungsunfreundlichen Status Quo kaum etwas ändern. Es bedarf weiterer Dialoge zwischen den Kennern und den, die es benutzen, um diese Pattsituation aufzulösen. Dazu Bedarf es gegenseitigem Respekt zwischen denen, die etwas wissen, und denen, die etwas wissen – und etwas benutzen – wollen. Elitäres Herumgehampel (auf beiden Seiten wohlgemerkt) hilft nur den Geheimdiensten.

Dasselbe gilt für die Beschwerden über TOR und andere Anonymisierungsnetzwerke. Ich finde es toll, dass auch anderen die Langsamkeit von TOR auf die Nerven geht. Die langsamen Geschwindigkeiten liegen aber nicht nur am Code, sondern sie liegen auch daran, dass es einfach nicht genug TOR Nodes gibt. Der Grund dafür liegt wiederum daran, dass manche Internetanbieter den Betrieb von TOR Nodes untersagen und gleichzeitig Behörden prinzipiell den Betreibern von TOR Nodes das Leben schwer machen. Möchte man da Abhilfe schaffen, so bedarf es keiner Programmierarbeit. Man greife zum Telefon, Stift oder Drucker und verleihe dem Wunsch nach mehr TOR Nodes bei seinem Internetanbieter oder seinem Abgeordneten etwas Nachdruck. Internetanbieter könnten ja irgendwann TOR Dienste ins Portfolio aufnehmen (ja, man wird ja noch träumen dürfen).

Wer mehr TOR Nodes braucht, der kann auch welche kaufen. Torservers.net betreibt welche und bittet im Gegenzug um Unterstützung. Es gibt auch andere Organisationen, die dieses tun. Wieso nicht der Großmutter einfach einen TOR Node schenken und auf die Geburtstagskarte „Liebe Oma, dieser Betrag sorgt dafür, dass die Gestapo nicht wieder kommt.“ schreiben? Die (aussterbende) Kriegsgeneration freut sich sicherlich über eine solche Geste. Man kann ja auch notfalls Blumen oder Pralinen dazulegen.

PRISM, the „Cloud“ and Espionage

  • Posted on June 19, 2013 at 12:47 pm

There should be no surprise about the PRISM initiative and NSA‘s activities. Some people became a member of the EFF on 12 September 2001. It is an illusion to believe that any collection of data is safe from access by third parties especially if it is stored in centralised locations. Sane critics have criticised the „Cloud“ since marketing departments discovered the brand name for centralised storage (the „Cloud“ may be dispersed, distributed, virtualised or whatever, but there are still „Cloud“ providers who hold the key access to the whole infrastructure). Right after 9/11 the term Total Information Awareness (TIA) was coined. Take a look at what TIA entails. This is what you see now, but don’t assume that only the USA do this.

Russia, China and the USA are the Axis of Surveillance. The differences are merely semantics. Some European states also pursue total information awareness. They just don’t talk about it, and there are no whistle-blowers – yet (hopefully). Once you rely on the infrastructure of other’s, be careful.

The next CryptoParty in Vienna will discuss countermeasures against surveillance by totalitarian regimes.

Communication by Whistle

  • Posted on June 11, 2013 at 12:58 am

I have seen a couple of CrypoParty events. People gather. Some people like their tools. Some people like to communicate. Some people like their personal agenda. If you are lucky, then the three biases match. More often than not you are not lucky. This is where the party gets interesting.

Since PRISM hit the news there’s been talk about the mechanics of whistle-blowing. You need a source, you need its content, you need someone willing to dig through this content, you need someone who is able to write about this discovery in the right manner, and — above all — you need to protect your source (i.e. the whistle-blower). That’s the theory. In practice this neat list of requirements usually breaks down at some point.

First of all there may be no source. Good journalists (very rare these days) might find out by themselves though. Getting sources means to be trustworthy, which is a problem on its own. You need to be reliable and you need to have a basic grasp of operations security to get this right — on both ends.

Then there is the content. Not everything is useful (see, this is where the agenda comes into play). Provided you want the content to be published, it should be something that matters. Leaking the user’s manual of the local latrine in Mazar-i-Sharif is of limited interest for the general public. Sad, but true.

Provided you have a source and the content. What do you do? Well, reading of taking a look at it would be terrific. Few people do. Why? Because you have to understand what the content means and what it is. If you can’t tell the design plans for a nuclear bomb from your shopping list, then you should ask someone for help. You need additional experts (who also know what operations security is). That’s the toughest task.

Let’s assume you were lucky and you actually made sense of the information you got. Great! All you have to do is to prepare your findings for publications. Regardless if you use pure text, audio recordings or video, you need to put the content into the right form. You will need to explain what it means, you have to talk about the implications, and you must find a language that can be understood by your audience. That’s even tougher than to understand what the content is about. You have to be the translator between different groups. You need to find the right metaphors and ways to emphasise the meaning of the leaked information.

The last part is the most important issue. You have to protect your source at all costs! That’s how it works. True, some have seen so much that they don’t care any more. Good for you, but even the most desperate source deserves protection from harm, be it physical injury, mental stress or regal repercussions. Can you do that?

And that’s why tools, agendas or (secure) communication are a good start — but you need a whole lot more.

Code, Apps and Design Principles

  • Posted on November 17, 2012 at 4:13 pm

You probably know the term eye candy or dancing pigs. It applies to applications („apps“) running on computing platforms. It especially applies to apps running on devices that can be thrown easily. Widgets, nice colours and dancing pigs beats a sound security design every time. Since this posting is not about bashing Whatsapp (it’s really about sarcasm), here’s a list of advice for app „developers“.

  • If you in need of unique identifiers (UIDs), please always use information that can never be guessed and are very hard to obtain. Telephone numbers, names, e-mail addresses and device identifiers are closely guarded secrets which will never be disclosed, thus this is a very good choice.
  • If you are in the position of having to use easily guessable information for unique identifiers, make sure you scramble the information appropriately. For example you can use the MAC address of network devices, you just have to use an irreversible function on it. MD5(MAC) yields a result that can never be mistaken by a MAC address and cannot be reversed, so it is totally safe.
  • Everything you cannot understand is very safe. This is why you should never take a closer look at algorithms. Once you understand them, the attacker will do so, too. Then your advantage is lost. Make sure you never know why you are selecting a specific algorithm regardless of its purpose.
  • Always try to invent your own protocols. Since every protocol in existence was invented by amateurs with too much time on their hands, you can always do better.
  • Never reuse code. Libraries are for lazy bastards who cannot code. Rewrite every function and framework from scratch and include it into your software.
  • Put the most work into the user interface. If it looks good, the rest of the code automatically becomes very secure and professional. This goes for encryption as well. Most encryption algorithms can be easily replace by the right choice of colours.
  • Getting reverse engineered is never a problem if you explicitly forbid it in the terms of usage. Everyone reads and accepts this.
  • Aim for a very high number of users. Once you hit the 100,000 or 1,000,000 users, your software will be so popular that no one will ever attack it, because, well,  it’s too popular. Accept it as a fact, it’s too complicated to explain at this point.

Go and spread the word. I can’t wait to see more apps following these simple principles to be available in the app stores all over the world.

 

CryptoParty and Trust as a Tool

  • Posted on October 28, 2012 at 11:00 am

You have probably heard of the CryptoParty events spreading all over the world. The idea is to meet, have experts explain cryptography and tools using it to beginners, and to have some fun in the process. For someone using PGP (and now GPG) since its early days 20 years ago this is not very ground-breaking news. It’s long overdue and should have happened much earlier. Cryptography has been around for thousands of years, long before the Caesar cipher. Secrets are even older. The rise of PGP got cryptography going on „ordinary“ computers in 1991. The Cypherpunks would have been happy to have CryptoParty events, too.

Getting to grips with cryptography happens in stages. Your starting point depends on your interests and background. Some start at the mathematics, others start with the tools first. It really doesn’t matter, and there is no One True Way™ (a fact often lost to fanatics). Once you understand the basics, you can go on. There’s no requirement to do so, but when it comes to cryptography and its tools my recommendation is to dig a little deeper after mastering the threshold. The best opportunity is asking questions about levels of trust and the importance of keys. At this point you will realise that cryptography alone will get you anywhere if there is no solid level of trust between the communicating parties and if others have access (think copies) of the keys securing the communication. This is also the point where it gets complicated and uncomfortable.

Cryptography is hard to understand. Understanding trust, how to establish it and how to maintain it is even harder. True, there are a lot of tools that can help you to encrypt and decrypt stuff on your cell phones (the smart ones probably). Unless you are the only one having access to your cell phone, you will never be able to trust this device. The same is true for devices that aren’t properly secured and managed by third parties such as hardware/software vendors or application stores (or for the younger generation „app stores“).
You can think of your apartment as an example. You’ve got your keys, but if someone else has a copy of these keys or has build a second door to your apartment with separate keys, then your apartment cannot be trusted any more.

So if you dive into the Wonderful World of Cryptography™, please take time and patience to have a look behind the scenes. It’s not meant as an recipe to acquire paranoia, it really helps to understand trust. Your local CryptoParty experts will help you. Ask them.

We Come in Peace – streaming now!

  • Posted on December 27, 2010 at 11:45 am

Für die nächsten 4 Tage werden wir im Büro neben der Arbeit mit den Videos vom 27C3 verbringen. Wir haben das Gast-WLAN aktiviert, und ein Beamer läuft (hoffentlich mit den Live Streams vom Congress). Das Programm sieht sehr vielversprechend aus. Wir sind schon gespannt wie gut das Streaming diesmal funktioniert. Letztes Jahr war es stabil genug für die meisten Vorträge.

Stream on!

Numerical Cat

  • Posted on April 2, 2010 at 3:45 pm
Our cat Lucky sitting on the book of the Third Edition of the "Numerical Recipes".

Numerical cat.

I am currently coding a little client/server tool that reports log incidents via encrypted e-mail to a master server. After a night of wading through code and implementing the RSA/AES encryption and decryption I woke up, saw our cat on the bed and wondered if cats also master the art of encryption. I was too tired to break this thought, so I asked myself for minutes „Are cats capable of handling RSA and if so what’s the maximum key size they can manage?”. Lucky wasn’t impressed. She wanted food.

Today she took advantage of the Numerical Recipes book lying on the table. Usually she lies on the floor, doing her daily sunbath. Not this time; as you can see from the image she is pondering a very difficult numerical problem. Feel free to add the standard LOLCAT text. I have the picture in bigger resolutions, too.

We have Dragons in the office!

  • Posted on December 28, 2009 at 9:21 pm

We’re sitting in the office and watch the streams from 26C3. Now that’s what I call cool! The streams are quite stable (except for the rush hours).

Speaking of dragons, I just upgrade the main virtualisation server to Linux kernel 2.6.32.2 and qemu-kvm 0.12.1.1. Hooray! In addition the main web server was upgraded from Debian 4.0 to Debian 5.0. It worked like a charm! That’s what I like about Debian.

Back to the dragons! Shhhh!

„VMAC not found”

  • Posted on December 8, 2009 at 11:31 pm

Well, the new Linux kernel 2.6.32 has a new crypto module called VMAC. It is a 64 bit hash that can be computed on 64 bit platforms – and this very fast. So I decided to look up what VMAC really does. I ended up in the CryptoLounge wiki. And there I clicked on a link to Wikipedia. And then I noticed that the article pointing to the VMAC algorithm had been deleted.

The lost page of VMAC in the English Wikipedia.

The lost page of VMAC in the English Wikipedia.

Note the Thanks, Wikipedia. sign on top of the missing item. Really, thanks a lot. In the meantime I’ll have a look at the C source code in my new kernel. Fortunately my filesystem doesn’t delete items on its own (maybe because I got the admin rights).

Cryptographically celebrating Samhain

  • Posted on October 30, 2009 at 9:45 pm

What better way is there to celebrate Samhain than to create a new Certificate Authority? The old CA has passed away, harvested by the flow of time. The new CA is ready and a computer is currently generating new RSA keys. This calls for a celebration. Let there be longer keys!

Top