back to article Not all data encryption is created equal

I've written a recent spate of articles channelling the tinfoil hat industry that triggered some interesting conversations. Most interesting was a debate about whether or not an organisation like the National Security Agency could take over my home network if it so chose. I suspect any decent hacker with access to the right …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    good article....I think TrueCrypt really is worthwhile - it's open source and they provide alternative algorithms that most software don't even use - even though they are really robust (Twofish and Serpent come to mind). The plausible deniability function is great for those that plan on getting taken hostage one day. :)

  2. Anonymous Coward
    Anonymous Coward

    Bitlocker

    Thank 'insert deity here' for that, there's no way MS would put an NSA backdoor in there, it'd be unpatriotic!

  3. Anonymous Coward
    Anonymous Coward

    FIPS 140-2

    Do you really trust a security standard endorsed by the US government (Federal Information Processing Standard). to not have a backdoor.

    1. Velv Silver badge
      Headmaster

      Re: FIPS 140-2

      Nothing wrong with the standard. It's the implementation that might be susceptible to containing a back door.

      1. Androgynous Crackwhore
        Headmaster

        Re: FIPS 140-2

        I'm inclined to side with AC! While the standard may be adequate, to infer this certainly isn't:

        A FIPS 140-2 certificate confirms that the encryption has been implemented in a way that cannot be circumvented.

        Also, while I'm under the silly hat: Assuming our Trev understands the difference between a cipher and digest, he might like to rephrase this...

        Not all encryption is made equal. SHA-1 and MD5 are common encryption methods and are about as safe as plaintext. Cracking them is beyond easy. AES-256 is better – probably the minimum that should be used – but how to be sure the implementation is sound?

        ...'cos it mikes him sound like a bit of a tit. A SHA-256 typo?

    2. tony2heads
      Trollface

      backdoors

      Maybe the Chinese manufacturer make a firmware backdoor in the US designed backdoor?

      Yo dawg I heard you liked backdoors, so I put a backdoor in your backdoor

      1. Tony Haines
        Happy

        Re: backdoors

        "...I put a backdoor in your backdoor"

        This should have a name. I suggest 'catflap'

    3. Tomato42 Silver badge
      Windows

      Re: FIPS 140-2

      standard that is made of algorithms created by people outside NSA or NIST, and vetted secure by NSA for use for Top Secret data

      if NSA thinks that a 3rd party algorithm is good enough to protect state secrets, it's good enough to protect my junk

      seriously, only tinfoils consider AES or SHA-3 insecure

  4. Anonymous Coward
    Anonymous Coward

    The NSA has either authored, or been deeply involved in the development of, every major Internet security and encryption protocol.

    AES-256 is the only "US Government officially approved" encryption method. It was certified by the NSA. As was SSL.

    Connect the dots.

    1. Steve Knox Silver badge
      Boffin

      Show me the backdoor

      These security and encryption protocols have also been investigated and tested by the best academics and independent experts.

      Many of these experts have been outspoken critics of the NSA and advocates for privacy.

      None of them have found a backdoor.

      The Russian government, the Chinese government, the executives of every major multinational corporation, the Pirate Bay, and the creators of TOR (to name but a few) have the resources and the reasons to find and publicize any NSA backdoors in these standards.

      None of them have.

      It's fucking hard to connect your dots with these encrypted firewalls between them.

      1. Anonymous Coward
        FAIL

        Re: Show me the backdoor

        The weakness in your argument is "publicize". The counter example is Stuxnet and its children.

        Do you really believe that Chinese military hackers, or the Russians, or the NSA would publicize the holes/backdoors they find, i.e., show YOU or anyone else their backdoors?

        1. Steve Knox Silver badge
          Boffin

          Re: Show me the backdoor

          The weakness in your argument is "publicize". The counter example is Stuxnet and its children.

          Do you really believe that Chinese military hackers, or the Russians, or the NSA would publicize the holes/backdoors they find, i.e., show YOU or anyone else their backdoors?

          The weakness in your argument is in selecting only the weakest examples I have given.

          The NSA probably would not but that's why the OP painted them as the baddies and why I didn't cite them as a party who would publicize.

          The Russians and Chinese are a different story. The Chinese might if it were politically expedient, but they're equally likely to lie and say they have found an exploit when they haven't, in order to keep their populace scared of speaking out. The Russians may keep it secret for a time, or they may sell it to some of their hackers.

          But the other examples I cited (and you conveniently left out), the independent privacy advocates, some of whom had a part in creating these algorithms, certainly would publicize any holes and backdoors they found.

      2. Mookster
        Facepalm

        Re: Show me the backdoor

        it's in the random number generator that's used to make your key...

      3. Charles Manning

        How much tin foil have you got?

        A problem with any of these discussions is that they never educate, they only serve to amplify paranoia.

        For example, people could argue that Pirate Bay is just an NSA front to make people think there is a dissenting voice out there, when instead it is just an NSA arm that monitors activity. NSA in deep cover if you will...

        Ultimately though, even if the NSA had the resources to hack my network why would they? The cops could in theory also be staking my house out, recording who comes and goes. Or they might have a wire tap. Or a drone circling my house.

        Like 99.9% of the people on the planet I'm completely boring to the authorities. Nothing of value to be gleaned from snooping my network except for a look at where I keep my stash of tin foil.

    2. Velv Silver badge
      Black Helicopters

      It's also a published algorithm and therefore subject to open review by the finest mathematicians in the world. It *may* have weaknesses, but none have been found yet.

      Your choice then is the implementing application. Again most Security bods would advise choosing an open source application that is subject to open review. You chose a vendor from the USA? Now you can put your hat back on.

      1. hj
        WTF?

        implementing security applications

        Check out the "nice" service of HP: http://www.lolware.net/hpstorage.html

    3. Daniel B.
      Boffin

      AES has been tested.

      The algorithm has been pounded everywhere, even by security bods who don't trust the NSA and it hasn't been cracked. Yes, the implementation even in FIPS 140-2 certified implementations might be considered "NSA 0wnable" but those that aren't should be moderately secure.

      Also, take into account that at least in some FIPS 140-2 revisions, the ghastly TDES is still "certified" ... which I actually distrust. DES was cracked 10+ years ago, and it is pretty possible that GPU/FPGA hardware in the "chump change" range might be able to crack DES within hours; TDES is simply doing DES three times with three different keys. But theoretically, throwing hardware at it should eventually crack it... and it probably has been cracked already.

      1. Fred Flintstone Gold badge

        Re: AES has been tested.

        It may also be worth observing that AES is a bit of a rebadge - the original cipher was called "Rijndael", and was developed by two Belgian cryptographers.

    4. Ru
      Paris Hilton

      AES-256 is the only "US Government officially approved" encryption method. It was certified by the NSA. As was SSL.

      Connect the dots.

      It isn't really in the interests of the NSA to have widely used encryption algorithms with exploits, because you are basically gambling on there being no-one in the whole of the rest of the world who will be clever enough to find out, and nor will the details of the backdoor be leaked within the expected lifetime of the cipher.

      Ultimately, if US citizens and businesses are shafted as a result of inept cloak'n'dagger games by their own government security services, the enemies of the US will be the ones who benefit most, which rather defeats the point of the whole exercise.

    5. Jaybus

      Really?

      Firstly, the 5 year long AES process was a NIST (National Institute of Standards) program. There is no evidence that NSA had anything to do with the selection of the winner. All NSA cryptographic work is classified and will never be published. The NSA did, however, publicly approve the use of AES by the US government. AES-256 is NOT the only method approved by NSA. In fact, their are two suites of algorithms (Suite A and Suite B) approved for various different purposes, one of which uses AES-128.

      And btw, the winning algorithm selected by NIST was called the Rijndael cypher and was developed by a pair of Belgian cryptographers. To my knowledge neither Professor Rijmen nor Dr. Daemen have ever worked for the NSA.

      The only reason it was a big deal to begin with is because Rijndael was the very first open and publicly available cypher that was approved by the NSA for the top secret classification. The NSA were actually the late comers. AES was first approved for Dept. of Commerce use by the Secretary of Commerce in 2002. It took the NSA 3 more years to clear it for top secret use.

      All AES contestant cyphers, especially Rijndael, have since been examined by mathematicians worldwide, but if you don't want to use AES, then by all means try the Twofish cypher, a runner up in the AES process that also has never been broken and doesn't have patent issues. The mcrypt open source software is quite good and can use a number of the AES contestants, including Rijndael and Twofish. An open source implementation and an open, published algorithm, together with a tin foil hat, should help keep your dots disconnected.

    6. Yet Another Anonymous coward Silver badge

      The guarantee is inter-service rivalry.

      The CIA wouldn't use an encryption that the NSA could break - the secret service wouldn't use something the CIA could read and so on.

  5. Velv Silver badge
    Black Helicopters

    Flawed assertions

    Encryption is important, don't underestimate that. It does provide some level of protection against some attacks.

    However you should never forget that no matter how strong the encryption algorithm is, it is completely useless if you are authorised to access the data. It's often easier to capture or crack the user ID or even the user.

    From a business perspective, 85% of hack activities and data leakage occur by staff. Staff who have a user ID which will grant them access to the data (otherwise how would they do their job). It might not be raw access, they might not be able to walk out with a disk from a server, but they have legitimate access to the data. Or whoever has stolen their ID has access to the data.

    So the encryption is only as strong as the weakest link.

  6. Anonymous Custard Silver badge

    Your average consumer

    It is not something your average consumer can do, but your average consumer wouldn't even think about the vulnerability of an IPv6 light bulb in the first place

    Given their current price, your average consumer probably wouldn't buy one in the first place either...

  7. JimmyPage Silver badge
    FAIL

    *Properly* implemented encryption ...

    8192 bit encryption is worthless if a user chooses "password" as .... well, as their password.

    1. Fred Flintstone Gold badge
      Coat

      Re: *Properly* implemented encryption ...

      I use 8 stars. It's the only thing the computer seems to accept..

      TGIF, and no, I don't have a coat - with this weather?!?

    2. Anonymous Coward
      Anonymous Coward

      Re: encryption is worthless if a user chooses "password" as .... well, as their password.

      And when you choose something suitably obscure as your password, the encryption is still worthless when you forget/lose it. No, wait - the encryption isn't worthless, your encrypted "data" is. And possibly your miserable existence also, when the other half finds out that n-years of photos/financial records/etc are likewise gone.

    3. Daniel B.
      FAIL

      Re: *Properly* implemented encryption ...

      Indeed. That's why I consider most iPhones insecure, because the "password" is actually a 4-digit PIN. So instead of 2^256 guesses at an AES key, you only need to try 10000 "password" combinations to crack the crypto.

      1. Anonymous Coward
        Anonymous Coward

        Re: *Properly* implemented encryption ...

        <That's why I consider most iPhones insecure, because the "password" is actually a 4-digit PIN>

        Settings - general - passcode lock - simple password off. Oh, and "erase data on" (zap the phone after 10x failure).

        You can set the iPhone to accept a longer, complex password as well. If you're paranoid about it showing the characters one by one or you want to be deceptive, you can even set a long digit-only one and it will go present a digital keyboard and not mirror the digits to the screen. The main benefit of that is deception: most people will assume it's a 4 digit code and run into the 10x failure limit without ever coming near the right password.

        Deception is fun. I had one of those Samsonite briefcases with electronic lock, and someone tried to open it on an hacking event - he spent the entire weekend trying. He must have tried every 4 digit combination, but being an evil sod I'd already worked out that you didn't need to use all 4 digits - I just pretended to hit 4 keys. The actual code was just a simple "9" :)

  8. Anonymous Coward
    FAIL

    SHA1 and MD5 are not encryption methods

    Hate to trouble you, but those are cryptographic hashes … not encryption methods.

    Encryption can be revered through a process called decryption. Cryptographic hashes can not be reversed (in theory — in practice it is possible to guess a cleartext that matches a given hash, but in most cases it's computationally expensive).

    1. diodesign (Written by Reg staff) Silver badge

      Re: SHA1 and MD5 are not encryption methods

      Yes, honest, we do know SHA-1 and MD5 are one-way. I've fixed the article.

      C.

  9. Jim 59
    Happy

    Good article - but you worry too much!

    Of all the on-line activities open to a hacker, breaking into someone's home network is surely the least interesting and poorly rewarded. He might spend 18 hours getting through your router, only to find that all the internal systems are switched off. He just doesn't know until he tries it. And if your NAS is on, is he really going to spend another 20 hours getting into it, only to find a slew of encrypted data ? If at last he gets the goods, will he really be that thrilled to be reading your wife's PDF of a flyer for last year's church garden fete ?

    Somewhere on your network may be the holy grail - say a spreadsheet of your banking passwords. But you know and I know that it is probably on a powered-off system, in an encrypted password app in an encrypted container on an encrypted disk and you have put up so many other obstacles in the way that sometimes even you have trouble accessing it, what with those funny ports, key files, loooooooong passphrases and all.

    All the hacker is going to discover is that you run one of the most secure home networks in Britain.

    I think the key is to have many levels of diverse security, even within the network, so that the "egg" is hard boiled. Regarding cloud - unless you would happily give your front door key to Cloud Ltd, don't give them your data either. Regarding smart phones - I don't see why these should carry personal data, except for a few songs and pictures.

  10. Cliff

    outrun the raptor?

    Do you need to outrun the raptor? Or outrun the fat guy in your tour group?

    For most of us, not being the lowest hanging fruit is as good as we actually need.

    1. Destroy All Monsters Silver badge
      Trollface

      Re: outrun the raptor?

      Kim Dotcom?

  11. Joe Montana
    FAIL

    WTF

    "The simple reality is that most networks are like eggs – protected by a relatively strong shell but the inside is soft and gooey. If you manage to compromise any one thing on my network the rest will fall like dominoes."

    And this is the whole problem, fundamentally flawed design.

    Every device should be as hardened and closely monitored as necessary given the data on it, and every device should be configured as if it was directly exposed to the internet. If you then choose not to expose such devices you are doing so as an extra line of defence, not as your only line. And you should not accept devices which are fundamentally broken and unfixable.

    Encryption is also not the answer, encrypting your hard drive is great until your machine gets compromised via a network level attack, at which point the encryption key has already been entered and the running system can access all the data.

    Encryption is often misused, for instance DRM schemes where both the encrypted data and the key are provided to the user which means its mere obfuscation as opposed to proper encryption. Similarly many security standards and guidelines say you must encrypt data, but if you also need to access that data then the key must be available too... Quite often convenience wins out, and the key is kept on the same machine.

    In these situations your security is not as strong as your encryption, it is only as strong as the effort required to work out how the data is obfuscated and extract the key - which for a widespread/common system only has to be done once.

    1. Fred Flintstone Gold badge

      Re: WTF

      Every device should be as hardened and closely monitored as necessary given the data on it, and every device should be configured as if it was directly exposed to the internet. If you then choose not to expose such devices you are doing so as an extra line of defence, not as your only line. And you should not accept devices which are fundamentally broken and unfixable.

      Hmm. Be careful not to treat security as an absolute. It's a balance between budget and risk tolerance. Sure, you can nail every single device down - I sometimes have to because of my job, but I also know what that means in terms of maintenance overhead and impact on usability. When I'm onsite, my machines all have a bluetooth lock so the moment I'm away from my desk they lock. They have full disk crypto because that's easier than trying to protect each segment individually, but it means I must fully shut down the box at the end of the day or I'm wasting my time.

      Etc etc etc. So, yes, ideally you lock everything down individually so none can become a bridge head, in practice it tends to be easier to manage the residual risk of not being 100% locked down but have easier to use machines.

  12. Anonymous Coward
    Anonymous Coward

    Can't even get into my router to monitor it as its locked down by the ISP....

    ....To add insult to injury they're using WEP for their entire customer base. What donkeys!

    1. an it guy
      FAIL

      Re: Can't even get into my router to monitor it as its locked down by the ISP....

      and you're not allowed/bothered to pick up a router yourself? They're not that expensive (<£40 for a cheap one) where you can alter the encryption.

      1. Anonymous Coward
        Anonymous Coward

        Re: Can't even get into my router to monitor it as its locked down by the ISP....

        Can't with my ISP. It simply doesn't work. Whatever configuration, handshaking or screening they are doing on their end, they are blocking user connected routers. If I was a cynic I'd say that it was a deliberate decision to stop people in apartments or condos sharing the pipe by using additional routers to widen and boost the signal to neighbours etc. In addition they place a seal over the coax to stop you even unscrewing it. I had to break one of the outlets to even try....

        1. Long John Brass Silver badge
          Happy

          Re: Can't even get into my router to monitor it as its locked down by the ISP....

          Then treat the router as part of the internet.

          Place a router of your choosing between your and the ISP supplied one and harden that

        2. Anonymous Coward
          Facepalm

          Re: Can't even get into my router to monitor it as its locked down by the ISP....

          "Can't with my ISP. It simply doesn't work. Whatever configuration, handshaking or screening they are doing on their end, they are blocking user connected routers."

          Urgh… my condolences. My advice... if you can't convince those peanuts to implement real security on those routers… get a suitable 50ohm dummy load with the right fitting and swap it with the Wi-Fi antenna(s). Ensure the ERP is well and truly below the receive sensitivity of any Wi-Fi equipment within close proximity, then get a Wi-Fi AP that you control if you need Wi-Fi.

          Whatever dimwit thinks WEP is anything other than blatent false advertising (RC4 encryption, no key management, flawed authentication and CRC32 hashes, don't make me laugh) should be shot.

          I also think there's a lot said for having a dedicated access point separate to the router. We recently replaced a dickey 3G Netcomm router that we were just using as an AP which had been trouble from day one… The Cisco WAP4410N might've been more than triple the price of some wireless routers, but we wouldn't be using the routing function if it had one, and this device does one thing, and one thing well rather than trying to do everything mediocre.

  13. David Ireland

    Category error: SHA-1 and MD5 are Digests, AES256 is a Cipher

    SHA-1 and MD5 are used to Digest passwords. Digests are one way functions: you don't ever need the password back.

    There is a reason for the confusion BTW: there are sound ways to use a Digest as a cipher, and vice versa, but the result is always less good (usually the computational advantage of the defender over the attacker is less) than a best of bread function designed for it's purpose, which shouldn't come as a surprise.

    The arstechica article you link to might leave people thinking that the low cost of calculating a digest is a problem, which should be fixed by making the category error of using a cipher instead, but that's not the case: digests are designed to be collision resistant. You can prove that if a digest is collision resistant, then repeating the digest N times (I.e. digest then digest the digest, ...) is the cheapest way to arrive at that answer, so you can make an arbitrarily slow digest, given a collision resistant digest.

    The problem is the way the digest is used. You can equally make the mistake of not salting the digest.

    MD5 is not all that collision resistant, that's it's problem. SHA1 is not as collision resistant as it's designers thought, but no one has actually found one yet. By all means use SHA2, or SHA3.

    More complicated schemes are harder to prove things about: an implementation may be slow, but without a proof that that's the cheapest way to get the answer, the scheme may later prove to be weak.

    People bang on a lot about how GPUs are being used to crack passwords, but attackers and defenders have access to GPUs to calculate digests, and because hackers benefit from economies of scale, they will always use commodity hardware.

  14. Anonymous Coward
    Anonymous Coward

    "The OpenWRT project doesn't exactly seem to be screaming along, which means that any number of vulnerabilities in that device could be exploited if someone knew where to look.

    The OpenWRT firmware running the router is essentially a Linux distribution. The radio has its own firmware as well. I don't even know how to update that.

    It could have a vulnerability in it that allows a privilege escalation within the router and all of a sudden a knowledgeable attacker owns my Linux-based Wi-Fi router. "

    No one was sacked for purchasing MS,Cisco, etc.... But a Linux distro with no support? No thanks.

    1. Anonymous Coward
      FAIL

      "No one was sacked for purchasing MS,Cisco, etc.... But a Linux distro with no support? No thanks."

      No support? You must be a Microsoft "Technical Evangelist".

      You will be hard pressed to find a modern and popular Linux distro that doesn't have support, either free or purchased. Of course, you could be a troll and pick a Linux distro that few have ever heard of or has been abandon.

      For most major commercial software the paid support is often inferior to the support freely available online. Free online support forums are usually started by users who are frustrated with the quality of the paid support, or its exorbitant cost.

    2. Beecause

      Support - what support

      There have definitely been security holes in commercial home network gear.

      So how good is the support? Anyone ever had an email to say they need to update their home router?

      It's always good to check if an opensource project is alive in making decisions but if it is, security normally gets attention. Commercial support often only lasts so long, often not long on home kit.

  15. John Smith 19 Gold badge
    Unhappy

    The bottom line is it's damm hard work for *experts* to ensure their privacy. *but*

    That is not an argument to give up.

    The internet protocols made some assumptions which are no longer valid.

    All users were authorized to use the internet by default (no bad guys) and all users knew what they were doing and the operator (back then mostly governments) is not interested in peeking.

    None of these can be relied upon any more, despite the fact there is no legitimate reason for 24/7/365 surveillance of all internet traffic in a country that still believes in the presumption of innocence.

    It's time for a new generation of protocols which support privacy and security. So I don't have to say who I am all the time but when I identify myself it really can only be me.

    IOW it's time to make the egg "hard boiled"

  16. Duncan Macdonald Silver badge

    Easy for the NSA and friends to make "strong" security actually be weak

    A number of protocols (SSL being a major example but also PGP) have one side chosing a long random key and sending that key via public key encryption to the other party. An easy backdoor for the suppliers of the software is to make the apparently 128bit (or 256bit) random key have only 32bits of randomness and the other bits derived by an algorithm from those 32bits. An ordinary user would not notice any difference but for the NSA it would reduce the crack time down to insignificence as they would only have a 32 bit key space to search.

    If such a backdor is present in Windows or the commercial version of PGP, it would be almost invisible to users who think that they have strong steel armour but instead have wet tissue paper. (Linux and OpenPGP should be secure as the sources are published and any backdoors would be rapidly found.)

    1. Jaybus

      Re: Easy for the NSA and friends to make "strong" security actually be weak

      True, such a back door would be trivial to implement. But it would be a really stupid move. The NSA equivalent in all other nations would also trivially discover the back door. Although it is a government agency, I think the NSA is at least more clever than that.

  17. Beecause

    What are the chances...

    '''"To be clear: the chances of a vulnerability existing, someone knowing about it and having both the skill and equipment to compromise such a device are vanishingly... "'''

    But then you don't need everyone to know you just need an efficient scanner and devices to be visible.

    I remember people thinking what are the chances of a modem connecting to my phone number - there are millions of phone numbers... Then war dialing became popular and people started using passwords...

  18. Anonymous Coward
    Anonymous Coward

    Ken Thompson - Reflections on Trusting Trust

    http://en.wikipedia.org/wiki/Backdoor_(computing)

    "Ken Thompson's Reflections on Trusting Trust, his Turing Award acceptance speech in 1984, was the first major paper to describe black box backdoor issues, and points out that trust is relative.[5] It describes a very clever backdoor mechanism based on the fact that people only review source (human-written) code, and not compiled machine code. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job.

    Thompson's paper describes a modified version of the Unix C compiler that would:

    Put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and as a twist

    Also add this feature undetectably to future compiler versions upon their compilation as well.

    Because the compiler itself was a compiled program, users would be extremely unlikely to notice the machine code instructions that performed these tasks. (Because of the second task, the compiler's source code would appear "clean".) What's worse, in Thompson's proof of concept implementation, the subverted compiler also subverted the analysis program (the disassembler), so that anyone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. This version was, officially, never released into the wild. It is believed, however, that a version was distributed to BBN and at least one use of the backdoor was recorded.[6]

    This attack was recently (August 2009) discovered by Sophos labs: The W32/Induc-A virus infected the program compiler for Delphi, a Windows programming language. The virus introduced its own code to the compilation of new Delphi programs, allowing it to infect and propagate to many systems, without the knowledge of the software programmer. An attack that propagates by building its own Trojan horse can be especially hard to discover. It is believed that the Induc-A virus had been propagating for at least a year before it was discovered.[7]"

  19. Eugene Crosser
    Boffin

    NAS encryption

    Arguably, encrypting data on a NAS is pointless.

    Encrypting an Android device is mostly useless too.

    Encrypting all data on a device makes sense if that device spends most of the time turned off. Such as a thumb drive, for instance. When "they" get the device, it does not contain the decryption key, so your data is safe. Ditto a laptop with FDE if you turn it off while not in use.

    Encrypting data on a NAS device only helps against burglary, while the most probable attack is to take over the running device. While it is running, the decryption key is in its memory, and all data is accessible. Ditto Android device in your pocket that has dark screen, but running CPU. Encrypting it may be useful to comply with some stupid corporate policy, but does very little to protect the data from leakage.

    What makes sense is to keep select sensitive bits encrypted, such as to keep passwords in a "crypto wallet". In such applications, the decryption key and decrypted data only stays in memory for a few minutes after you've entered the password, and is safely encrypted for the most of the lifetime of the device that carries it.

  20. Jim Preis
    Black Helicopters

    Security achieved!!!

    Thank God for the expertise of the author and the deep contributions of the expert commenters!!!

    Now the picture of me from my 45th birthday party that resides on my NAS has NO chance of falling in to the hands of the Russins (no?) Poles (not them either?) Afghans(really?! not them either???) Americans!!!

    Do you guys have any idea what would happen if that picture got out?!?!? I'm going to encrypt it; right after I share it publicly unencrypted on Google+

    I AM IN CONTROL!!! (And 40 other myths.)

    Maj. Anthony Nelson, USAF

    Or

    Jim Preis

  21. Anonymous Coward
    Anonymous Coward

    All is not hopeless

    I figure network hardening @ home is a lot like burglar-proofing your home.

    Unless you're keeping your Rembrandt original @ home and have the corresponding alarm budget, a really skilled burglar _will_ get in. Realistically, that is not really a problem. All you have to do is to make your house sufficiently secure that a burglar with the maximum expected level of skill will choose to go break into your neighbors' house instead. And, yes, with due excuses to Bruce Schneier, security theatre is useful here.

    I use TrueCrypt myself, with a decent password, but NOT as a fulldisk encryption. The TrueCrypt is only mounted when I need to access its contents and is set to time out. Yes, theoretically, somebody may be able to recover the keys from memory. But that's a damn sight better, imho, than having my important files open to any old process that is running under my user credentials as soon as the machine is up and running.

    Do I care what the NSA is up to or whether AES is crackable? Not really, though they have NO right to rummage around in my files. My worries are more Johnny Rumanian Hacker and his band of merry Nigerian ID thieves. Or an opportunistic meatspace burglar getting hold of my bank accounts.

    Anon, cause I've said too much about my TrueCrypt usage not to.

  22. RonWheeler
    Windows

    Brute force attacks

    are rare. So much of the IT navel-gazing fraternity are obsessed with perfecting encryption that they forget that the MD's secretary will hand over her password to somebody who will just fill out the following online form from from the National Audit Office (http)

    Just in case the insult gets missed by the assburger syndrome sufferers. Security professionals are snake-oil charlatans who get paid too much to make everything run slowly.

    1. h3

      Re: Brute force attacks

      Anyone trying to get something will obviously choose the easiest way.

      Most of that encryption research is paid for by the military.

      I used to know a pro shoplifter who got away with it for at least 5 years then a 3 month prison sentence. Now he is a health and safety manager on a building site.

      Stuff can be set up so it is more difficult to just blag your way in. (Telehouse is much harder than the pretenders to blag your way in if you forget your card).

      If something is really important it shouldn't be written down just stored in someones mind with a suitable memory.

  23. C Phillips

    Too Much Fear

    It is good to use the best security you can possibly use, but knowledge is even better. For instance, the linux you talk about is more secure than windows, even without firewalls and anti-virus. I have been using linux now for 10 years. Second, learn how to work your router. Don't just use hidden network names, or mac addressing. Learn to work every security feature out of it you can. For instance, most people don't use IP addressing tied to the Mac addresses for each computer or device. If you only allow IP's for each device and tie that to each mac address of those devices it adds another layer of security by only allowing an IP address for those mac devices listed and will kick anyone else off the network. Linux, even an old version is very secure so I wouldn't worry about WRT. The idea is to make it as difficult for someone to hack your systems as possible. Each layer of security you add will do this so even hardened hackers will want to turn away. There are too many easier fish to fry. If you really want to be secure on your devices learn how to use linux, or even better yet, a more unix type system like Free BSD for all the things you need to do that require security. Learning to use linux or BSD will make other things easier and less time consuming in the long run (not having to run continuous virus/adware scans and checks). If your system is then compromised you can restore your user desk in just a few minutes instead of reinstalling or fixing a virus infiltrated windows computer. Hope things go well for you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too Much Fear

      Wow, we need a "wall of text" icon.

      Basically you only need to make your network more secure than the neighbours. I run WPA2 Enterprise (in fact the set up here was the basis for my workplace's configuration) so that guests can be set up with a temporary account that we can delete after they're gone.

      MAC address filtering and locking down IPs is all well and good, but that doesn't stop me spoofing a MAC address of say, your laptop, and waiting for you to leave with said laptop before launching the attack … unless of course you're diligent enough to remove your laptop's MAC address from the whitelist before you leave.

      1. Anonymous Coward
        Anonymous Coward

        Re: Too Much Fear

        "Basically you only need to make your network more secure than the neighbours."

        That's true for many sorts of attacks but if you are, say, Julian Assange, Edward Snowden, or perhaps just a vocal pro-privacy journo or activist (or just someone with access to a work VPN that secures high-value secrets), they may well be specifically after your system access, not that of your neighbour's and you'll have to have an approach informed by a high level of paranoia to have a chance of prevailing.

  24. jason 7

    There are two needs for encryption.

    1. To protect financial and state secrets etc. from espionage/criminal experts.

    2. To stop the chap who nicked your laptop from looking at what's on it before he sells it in the pub carpark for £30.

    I think most of us fall into the second category.

  25. Anonymous Coward
    Flame

    @Pott: Ignorance Breeds Anxiety

    If you run a proper operating system, your router can be administered directly by NSA. All your operating system updates will be cryptographically signed by the operating system vendor/source. Your OS will only install those patches if they are properly signed. So, your router is IRRELEVANT.

    Regarding cryptography, that can be considered a Problem Solved. Even RC4 is quite secure, if properly used. And, 128 bits of symmetric key secret is GOOD ENOUGH ! It is a definite sign of your ignorance that you think you need 256 bits of symmetric key. 2^128 is such a large number that brute-force keyspace enumeration won't be in the reach of any government, including those of America, Russia and China. Just do a little bit of math and you will find out that fact.

    The big threat is the C and C++ style bugs and software bugs in general. Why should I bother breaking your crypto, if I can inject a virus directly into your software (from router, OS, crypto software to application software) ? Both the yellow ones and the cowboys apparently does this kind of thing on a large scale, if the reports are to be trusted.

    Software correctness is the enormous, unsolved challenge and a sysadmin can do little about it. Sandboxing is a band-aid approach for that, but certainly not the silver bullet. Dropping C and C++ as a programming language might be a good start from an industry perspective.

    1. John Smith 19 Gold badge
      Meh

      Re: @Pott: Ignorance Breeds Anxiety

      "Regarding cryptography, that can be considered a Problem Solved. Even RC4 is quite secure, if properly used. And, 128 bits of symmetric key secret is GOOD ENOUGH"

      The EFF demonstrated brute force attack against the 56 bit DES using a single board full of ASICS clocked at 20MHz around 2000.

      Toshiba* state they can do 21 MGates/sq mm at 250GHz toggle frequency.

      a factor of 12 500 in speed and the NSA could fill rooms with this tech.

      They also have the advantage of recording the data stream so can decode offline

      Still think 128 bits is enough?

      *Found after almost 2 whole minutes of searching the interwebs.

  26. h3

    As far as I know with Openwrt escalation stuff is trivial if you can get on it at all.

    (I was shown how to do it once by someone no longer associated with the project but he was the reason why the stuff for user accounts was never added).

  27. Long John Brass Silver badge
    Big Brother

    Nothing new under the sun

    This problem isn't new, I remember the paranoid freak-outs everyone had back when I was running a BBS back in the early 80's. the NSA/GCSB etc are watching us, recording our BBS sessions .... *sigh*

    There is no such thing as 100%; 100% safe?, Nope; 100% secure? Nope.

    Secure your data by putting it in a safe, wrap that in concrete & dump it in the middle of the ocean?

    Someone could still get at your data, wouldn't be easy, but it could in theory be done.

    So what is to be done? As many have already suggested, it's all a matter of cost vs ease of access, complexity

    SSL/TLS covers many session based encryption problems not just https; pops, imaps & smtps all come as standard on most servers & clients even if they aren't always enabled/allowed by $yourVendor

    If you don't want Yahoo or Google handing over your e-mails, set-up & run your own , Yeah I know that's beyond most home users, but surely not most el Reg commentards :)

    The problem really comes down to this...

    Every time $badThing happens people scream and yell that $someOne should have done something to stop $badThing

    This is why the work at large is going from free -> police state

    The other problem is the lie we tell ourselves and our children

    "What to $otherPeople want?" ... well they are "just like you" they want what you want

    This is why politicians are deathly afraid of everyone around them; they assume that everyone is a power hungry socio-path, "Just like them"

    Mines the one with the keys to the Faraday shielded bunker in them

  28. Anonymous Coward
    Anonymous Coward

    @The author

    Please excuse my stupidity, but does your router have some version of ACL's? What's your (or commentards) thoughts on strengths/weaknesses/effectiveness of then?

    1. Anonymous Coward
      Anonymous Coward

      Re: @The author

      *them

  29. Anonymous Coward
    Anonymous Coward

    Here's what I'm waiting for...

    .. confirmation that "they" not only copy sniffed unencrypted smtp (or pop3 and imap) traffic but also decrypt, on-the-fly, 128bit encrypted (and beyond) whatever traffic (ie read everything).

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019