21 comments

[ 2.8 ms ] story [ 62.7 ms ] thread
Not to be pedantic but "PRISM" is a code name for a specific program, and it's not the one that does in-transit interception. That would be XKeyscore.
why would one expect the Comodo Group(!) to be more aware of the subtleties and technical details?
> PRISM is reputed to be a classified US government that involves [...] This document describe the security concerns [...]

/facepalm

Those darn classified governments.
I feel like there's some irony in serving up these recommendations on a non-encrypted connection
> Passive attacks are however limited in the information they can reveal

Of course they are limited in the information they can reveal. They can only reveal as much information as is there to reveal. That in itself is a limit. That is a non-informational, misleading statement.

> ... and easily defeated with relatively simple cryptographic techniques.

While some cryptographic techniques are "relatively simple" to use, those same techniques can be undermined. In the current case, the attacker was involved in developing that technique and/or has the overwhelming power to make the technique worthless (acres of server farms, able to churn on any of it).

The only tecnique to guard data against passive attacks is to destroy the data, all its copies, and all who ever saw the data.

Some comments from: http://www.theregister.co.uk/2013/09/12/ietf_floats_prismpro...

'The proposal has just one author - Phillip Hallam-Baker of the Comodo Group – which makes it a little unusual as most IETF proposals are the work of several folks in pursuit of a common goal.'

'Sadly the paper is a little light on for actual ideas about how the internet can be PRISM-proofed, offering “a security policy infrastructure and the audit and transparency capabilities to support it” as one item that should be on any hardening effort's to-do list. More use of cryptography is also proposed, so that “two layers of public key exchange using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications”. That regime should, Hallam-Baker suggests, make it harder to snoop on everyday traffic.'

Heavily emphasis on the should on that last sentence.

I don't understand what point of this I-D is. It's a sort of white paper survey of random Internet surveillance concepts by the CTO of a SSL CA. It doesn't make internal sense; in one instance, "kleptography" means using as many as 1000 of the bits of an RSA modulus to sneak hidden messages out, and in another it means constructing weak ECC curves. Amusingly, the two sentences in the whole draft about CAs downplay the notion of CA complicity in surveillance. CA's are, of course, one of the biggest Internet privacy weak points.
Okay Thomas, what is the NSA attack tree for doing things like stealing the private key(s) off of my machine or doing meta-data analysis on me? I bet a lot of people would like to see this analysis from you!
I'm not sure what this has to do with my comment.
You keep poo-pooing internet commentators that are trying to identify and mitigate the threat posed by the NSA - you did it in this thread, and you did it in another HN thread [1], the article where some kid wants to generate private keys in a secure way.

But what you're not doing is giving your own alternative analysis. What is the threat posed by the NSA and what are the attacks that we should think seriously about, and what are the threats we can safely ignore? What can we do about the former?

[1] https://news.ycombinator.com/item?id=6385866

That's not what I'm doing here at all.
That's the effect are having!

Kleptography is pretty well defined in the first sentence of its section: Kleptography is persuading the party to be intercepted to use a form of cryptography that the attacker knows they can break. So yes, in some instances it's encouraging the cracked RSA standard, and in others, it means encouraging "weak ECC curves".

You're a highly-regarded member of this site and a very vocal security expert, yet lately you've started dodging security questions you used to freely answer, and you post odd comments that tend to derail security threads. At one time, you regularly had the top comment with a highly insightful technical explanation of how a security concept works. What happened?

That's not happening either. Are you alarmed by how easily you can be manipulated into sniping at people? Have you ever once on this site been sniped at by me? Are you comfortable with the kind of comment you just wrote? Are conversations like these why you read HN?
(Offtopic: I was hoping whenever you get a minute you'd be able to take a look at https://news.ycombinator.com/item?id=6384789)

EDIT: I responded to your reply. I was hoping you could look at it whenever you have time, because your response seemed to be talking about a different timing attack on a different encryption scheme than what I was talking about.

Fitting that it was published on September 11th, 2013.

A dozen years after the attacks on the World Trade Centers, it's clear that the terrorists won. The USA cannot be called the "land of the free, home of the brave" anymore. Terrorists know that their tactics work very well, and has made the US vulnerable to even more attacks because of cowardice.

Imagine if the US government had decided _not_ to be terrorized, like the Norwegians did for the 2011 Oslo attacks:

---

  And at the political level, the Prime Minister Jens Stoltenberg pledged
  to do everything to ensure the country's core values were not undermined.

  "The Norwegian response to violence is more democracy, more openness and 
  greater political participation," he said.

  A year later it seems the prime minister has kept his word.

  There have been no changes to the law to increase the powers of the police
  and security services, terrorism legislation remains the same and there
  have been no special provisions made for the trial of suspected terrorists.

  On the streets of Oslo, CCTV cameras are still a comparatively
  rare sight and the police can only carry weapons after getting special
  permission.

  Even the gate leading to the parliament building in the heart of Oslo
  remains open and unguarded.

  "It is still easy to get access to parliament and we hope it will stay 
  that way, " said Lise Christoffersen, a Labour party MP.

  She is convinced people do not want laws passed which would curtail
  their basic rights and impinge on their privacy despite the relative
  ease with which Breivik was able to plan and carry out his attacks.
---

There is a way back to the way the US used to be, but the answer is not something most people will even consider or listen to.

This is a comment that could be attached to any NSA related story on the site. It betrays no evidence whatsoever of being informed by the story it's attached to.
(comment deleted)