Thursday, October 13, 2011

Being paranoid: imagining a grand encryption conspiracy

There are times when we all need to communicate securely. There are other times when that communication needs to be safe from even the most determined interloper and it's in those times that we turn to encryption. Using the right algorithm with the right passphrase and the right security measures, it's generally accepted that good encryption would take on the order of thousands to billions of centuries to break and, in some cases, trillions of centuries. Against those odds, how would any attacker ever hope to decipher secret communication?

Most experts agree that trying to find someones encryption passphrase through ordered guessing is useless. The search space is simply too massive and even our most impressive computing resources aren't generally believed to be able to process such massive amounts of data in a timely way. That's why those who are dedicated to the cause of codebreaking often use some sort of cryptanalysis where, instead of attacking the passphrase the user chose, they attack the encryption algorithm itself hoping to find flaws that would short curciut or completely eliminate the need to find the users passphrase.

But cryptographers are clever and they've developed all sorts of tricks to stop many attacks on crypto and there are a few algorithms out there that are widely considered currently unbreakable. This, of course, presents all sorts of problems for entities like governments who've dealt with strong crypto in various ways. Some have outright banned its use, some have made it a crime not to reveal your passphrase during an investigation, and others, like Sweden, have basically ignored it.

But I believe some governments may be taking a much darker approach; one that quickly makes us understand why the spy world lives by the motto "trust no one".

Imagine this scenario for a moment:

Most people, even those who are highly paranoid, have trouble with coming up with truly random, long, passphrases. The human brain simply doesn't do well with randomness and works much better in order and meaning. That's why many people use websites and programs that either generate or generate and store secure passwords for them and this is where the problem comes in.

Imagine a government dedicated to spying on its citizens faced with a large and growing subset of those citizens who use cryptography to protect their communications. They aren't doing anything 'wrong' or illegal, they just don't want to be snooped on by the government (or anyone else, for that matter). So the government goes to work, as it has many times in the past, creating a series of 'trusted identities'. These trusted identities are people on the Internet who become trustworthy. They are knowledgeable of cryptography, join and contribute to communities, rail against the 'surveillance state' that they see developing, and maybe even work on protecting privacy by creating some really good crypto software or algorithm. They become a legend in the crypto community; someone who's name is the first to come to mind when the subject comes up.

Over time, they become trusted; trusted to the point where it is almost considered sacrilegious to speak ill of them or question their intentions. WHY would they betray the community, after all? They've, by now, helped build it!

Now this person puts up a website because he knows people don't like to download and set up software and it's just easier to go to a site and get stuff done. This site generates incredibly secure passwords, does not track or identify you in any way, and even analyzes your password and gives you an idea of just how strong it is. The site is amazing, safe, and used pretty widely by the community.

At this point, most people would deem this site safe to use. But what if that site were saving a copy of every single password it generated and then sharing that with codebreakers in government or law enforcement? "Well", some would say, "that doesn't matter because they aren't tracking who the passwords are assigned to! I'm safe."

Wrong.

What this site has done is greatly reduce the search space for attacks. Now, anyone armed with the list of passwords the site's generated will first run through this list before resorting to brute force guessing. If the site is widely enough used, there's a fairly decent chance that the users password was generated from this site and, thus, will be on the list. The attacker doesn't need to know which password was assigned to you; it just needs to be contained in the list.

At this point 120 character long random passwords that contain numbers and letters which would normally take trillions of years to determine, can be broken in minutes or seconds. The more widely used the site is, the more likely it is that a password will be in the list.

I know some of you may think I'm being paranoid and you're right. But I have a reason behind my paranoia. History is littered with examples of government integrating itself info communities specifically to disrupt them or gain an upper hand in intelligence gathering operations. While there's no reason to suspect any current member of the cryptography community of doing this kind of action right now, there's also no reason not to suspect every single member of doing it. The truth is, we can never know and that's the constant dance those of us who want or need to protect our information constantly go through.

I believe that, as crypto gets better, we're going to see much more infiltration type attacks than we will brute force or cryptanalytic ones. Even with computing resources becoming cheaper and faster, it's also getting harder and harder to break good crypto so those who want to do it will need to find other, more efficient, ways to do it. I believe the scenerio I described above is one of those ways that will be used in the very near future if it's not already being used now.

Of course, this doesn't just apply to password generation. Fake sites around trusted identities (and keep in mind these 'identities' don't need to just be individuals, they could be organizations too) are fairly easy to set up and administer. There's little stopping a dedicated attacker from spreading their wings wide and performing a multi-pronged attack against the community and no one would ever know.

So what's the answer and how do we fix it? A first step would be to adopt the spy motto I mentioned earlier. Place no one above suspicion. Make friends, have fun, but if you have information that really needs protection, always be suspicious.

Next, stop using online password generators and storage vaults. They're ripe for abuse and you'd never know they were compromised. Instead, learn the open source tools that are available to help you protect information and use them on your own computer. Tools like GnuPG, KeepassX, TrueCrypt, LUKS, and their brethren, can go a long way in making sure that your information isn't being leaked into the wrong hands.

Last, and this has been security advice for a long time, don't use the same password anywhere. Assume every site is collecting and sharing your password with someone and that data could be used to attack you. What if you use the same long, random, passphrase for your Gmail account that you do for your cryptographic key? Wouldn't you think that your Gmail password might be one of the first passwords an attacker might try everywhere else, including your key?

Could I be completely insane? Sure. Perhaps I've been reading too many Robert Ludlum novels. But what if I'm right? What if that last email you just sent isn't protected at all even though it's encrypted?

What if?

No comments: