Reply to post: Sigh. So many fundamental problems

NIST told to grow a pair and kick NSA to the curb

btrower

Sigh. So many fundamental problems

I personally find it inconceivable that the massive failure of security all around is not by design. However, even if it is spectacular incompetence all around there is an undeniable profound fundamental flaw that even a child can see:

We have trusted our security to our adversaries.

One of the systemic problems that needs to be addressed is the fact that we are placing trust in too few people and the wrong people at that.

NIST, when it comes to approving a standard in this area needs to be compelled to do it in concert with other entities entirely at arms length that at least have a chance of being honest. The NSA has no chance of being honest, but NIST by itself has already proven untrustworthy, even if it is only by incompetence. They should not be able in any way to pronounce by themselves on such a thing and arguably, beyond rubber-stamping a properly made decision, should not even have input in any core details.

I question the incompetence because it would have to be simply astounding incompetence to have no security expert capable of seeing that the NSA could not possibly be trusted.

When we give the ability to open a bank vault we do not give it to a single person. That would be insane. When it comes to security, security is proportional to the number of trusted entities required to gain access. It is also inversely proportional to the conflict of interest those entities may have. If, for instance, you give oversight of the CRTC to people exclusively from the telecommunications cartel, you can be pretty sure that no matter how many of them you have they will always end up casting a vote that favors their old friends in the telecommunications industry.

In theory, if not in practice, we do not give control of bank vaults to criminals.

I do not trust an all U.S. or U.K. solution for security of any type. End to end security is a planet-wide concern and standards need to be vetted by enough disparate entities to give some hope of security.

As a trivial example, if I need a few random bytes for encryption, I only need to get them from one source. However, if I trust the wrong source then I am sunk. As long as I get even one single set of random bytes, I am golden. If I only use one source, that source can let me down. If use five sources, I am fine as long as any one of them is trustworthy.

We already have examples of instances where key lengths we were told were sufficient were not. We do not need any more to show that limiting the key sizes, especially to minuscule values like 128 bits, is not optimally secure. Why is there any resistance at all to specifying arbitrary key sizes?

If you had a trustworthy source of random bits you could encrypt a message such that, if the key is as long as the message and it is not compromised, the message is provably secure. In practice we can't secure the key absolutely, but whatever we encrypt with a truly random stream is as secure as the key. Why do we not have proper mechanisms to gain such keys and why do we have no reasonable way of securing and transmitting these keys. I expect a mediocre high school student could improve upon what we currently have.

Practically nothing in our network universe can be secured in any meaningful sense. We should be at the stage of guarding against extreme side-channel attacks. Instead, we are stumbling around in the dark with virtually every point of entry compromised in some way.

The specific instance of heartbleed could not be predicted in advance. However, anybody reasonably in the know had to realize that such bugs were there. Having looked at the code, I cannot imagine that they are not there still. The code involved in heartbleed could be fixed. Why is it not being fixed? Why are we instead spending massive resources getting poised to jail grandmothers because their grandchildren accessed the wrong thing on the Internet?

Everywhere I look our security is hopelessly inadequate. If it looks that bad to me it has to look even worse to people who are accomplished at hacking into things. I am not unfamiliar with security, but I am not even close to being an expert like Peter Gutmann or Bruce Schneier or tens or hundreds of thousands of other individuals. This is not hyperbole. Hearbleed was a whopper of a breach. It should never have been possible for it to happen and yet it was inevitable. How is it possible that when anybody can reach just about any security expert in minutes from anywhere in the world that just about no decision makers can gain access to one of them?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019