Encryption seems to be the new bone of contention

This entry was originally at http://www.whitehawksoftware.com and then moved here.

It has been a discussion item for a long time. The FBI wants to limit encryption, the president now agrees with scientists, encryption should not be limited. (Why an agency can push against the president beats me.)

Within hours after the Paris terror attack it was mentioned that encryption was a big element of enabling these attacks. I don’t know how anybody could analyze such a complex attack in such short time. In my opinion the arguments must have been long prepared and the attack been the awaited opportunity to present the arguments.use_backdoor

The current discussion about encryption has been going on for quite a long time. But in actuality, the discussion was even going on much longer. Since ‘prehistoric’ times, even before the internet (late 70s, early 80s). Already then there was had a big flare about requiring back doors and special hardware chips providing encryption with back doors. With no warning and no explanation known to me, that discussion simply ceased. Maybe nobody was able to develop such chips which actually would work and have a safe backdoor. Could anybody really believe that if such a thing could have been build, not 200 startup companies would try to market it today?

And even before prehistoric times, in internet times about when humans were climbing down from the trees and learned walking, there were US export restrictions, just as today, against cryptography and encryption hardware. The result was very simple: such chips were build outside of the US borders and used everywhere, even imported to the US.

iceberg

An iceberg represents visible and invisible use of encryption.

Lets be more precise: Today, it is not about controlling and forbidding encryption but about providing backdoors. The obvious, popular, and I think very true argument is: When we build in backdoors for the “good” guys, the “bad” guys will find and use them.

Anyway, so we are supposed to limit encryption. The “good” guys can’t use it anymore. Do you really think the “bad” guys will follow and not use unlimited encryption for their communication? The genie is out of the bottle and entropy prevents it from crawling back into the bottle!

Now lets think a little bit more about what happened between ice ages and when the Titanic was sinking. In particular, what is the percentage of an ice-berg above the waterline? That matches the fraction of encryption that is used for human communication. But there is more outside to obvious human communication area. Cyber crooks can eves-drop on all communication. It’s not clear to me whether there will be a way left to detect tampering with communication. I think somebody went througho a lot of effort to build a division line between hash codes and encryption.sinking

Also: No more credit cards. No more ATM machines. No more safe backups… By the way: No more White Hawk Software.

What if safe backdoors would really exist? Some applications might still work. But some of them wouldn’t. Consider the White Hawk Software user-interface advantage: “One way to direct the strength of a protection is to trade performance for protection strength”. That shows that already now without backdoors performance-limits are painful. Something companies like White Hawk Software need is called “white box” cryptography. (White box cryptography means: Even with an attacker single-stepping the decoding, the passwords (and maybe also) the user data can not be uncovered.) Olollipopk, so fantasy and genies could manage back doors in cryptography. What do you think about managing back doors in “white-box” cryptography? Can I give you a lollypop?

Experience has proven again and again in computer science that: The whole is more than the sum of the parts; sometime to its advantage, about equally often to its disadvantage. So you find an algorithm to do “A”. You also find an algorithm to do “B”. What can we say about an single algorithm to do “A+B”? Yes, cases exist where “A+B” is easier to do. This is cool, and when it happens we are very happy. More often however, an algorithm for “A+B” is about as complex as an algorithm for “A” times and an algorithm for “B’. Of course occasionally it is much worse and exponential functions need to be used. Can you imagine what performance costs would occur if the “decryption-of-code” part in tamper-proofing would require a backdoor?

Not many people will care about White Hawk Software, right? But what about all the critical infrastructure that needs software protection and other stuff protected with White Hawk Software? i.e. the smart grid, the connected car or automated manufacturing? A totally different story…ninja_backdoor

Advertisements

4 Responses to “Encryption seems to be the new bone of contention”

  1. chrisjacobi Says:

    Article: Juniper Hack: DHS Tells Agencies to Close Encryption Backdoors
    A backdoor was detected. Make up your own mind who said what to whom, its complicated.

  2. chrisjacobi Says:

    Apple CEO Tim Cook demands Obama White House formally defend Americans’ right to strong encryption
    The title says it all

  3. chrisjacobi Says:

    First I need to apologize to the FBI: They were not running loose, they did get some presidential support.

    Now that the FBI (allegedly) got the contentious phone decrypted. Did Apple win? Did the FBI win. Did Apple save face? Did the FBI save face? This is of rather minor concern to me.

    We need to give lots of thanks to Apple for staying firm. We have to thank the FBI for finding another solution. I really think we were lucky. I don’t think it is that great when the fight for freedom is left to fight by a single company. If Apple had thrown the towel: Would we now all be forced to add backdoors?

    The fact that the threat of backdoors has diminished is a victory for all. In the name of the industry, and in the name of freedom, this unexpected resolution looks like a victory.

  4. chrisjacobi Says:

    An interesting and matter of fact contribution to this theme was made by Intel.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s