[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] PRISM-Proofing and PRISM-Hardening

To: [email protected], [email protected], [email protected]
Subject: [Cryptography] PRISM-Proofing and PRISM-Hardening
From: [email protected] (Eugen Leitl)
Date: Fri, 20 Sep 2013 14:16:40 +0200

----- Forwarded message from ianG <[email protected]> -----

Date: Wed, 18 Sep 2013 11:05:46 +0300
From: ianG <[email protected]>
To: [email protected]
Subject: Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

On 17/09/13 23:52 PM, John Kemp wrote:
> On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker <[email protected]

>> I am sure there are other ways to increase the work factor.
> 
> I think that "increasing the work factor" would often result in
> switching the kind of "work" performed to that which is easier than
> breaking secrets directly.

Yes, that's the logical consequence & approach to managing risks.
Mitigate the attack, to push attention to easier and less costly
attacks, and then start working on those.

There is a mindset in cryptography circles that we eliminate entirely
the attacks we can, and ignore the rest.  This is unfortunately not
how the real world works.  Most of risk management outside
cryptography is about reducing risks not eliminating them, and
managing the interplay between those reduced risks.  Most unfortunate,
because it leads cryptographers to strange recommendations.

> That may be good. Or it may not.

If other attacks are more costly to defender and easyish for the
attacker, then perhaps it is bad.  But it isn't really a common
approach in our security world to leave open the easiest attack, as
the best alternative.  Granted, this approach is used elsewhere (in
warfare for example, minefields and wire will be laid to channel the
attack).

If we can push an attacker from mass passive surveillance to targetted
direct attacks, that is a huge win.  The former scales, the latter
does not.

> "PRISM-Hardening" seems like a blunt instrument, or at least one which
> may only be considered worthwhile in a particular context (technical
> protection) and which ignores the wider context (in which such technical
> protections alone are insufficient against this particular adversary).

If I understand it correctly, PRISM is or has become the byword for
the NSA's vacuuming of all traffic for mass passive surveillance.  In
which case, this is the first attack of all, and the most damaging,
because it is undetectable, connects you to all your contacts, and
stores all your open documents.

Prev by Date: [Cryptography] The paranoid approach to crypto-plumbing
Next by Date: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux
Previous by thread: [Cryptography] The paranoid approach to crypto-plumbing
Next by thread: Mailtap
Index(es):
- Date
- Thread