On Mon, Mar 24, 2014 at 03:16:51PM +0100, Christoph Anton Mitterer wrote: > I just agreed to Ivan's opinion... right now many people say "it's > better to do crypto, even if it's anonymous and you have no idea who > you're talking to"... their reason is usually on of > - the attacker may miss the point where the communication starts and > therefore the point where he could do an MitM > - even if the attacker does MitM, he would need more computing power > (and therefore money) to decrypt everything.
No, the point is that an attacker is detectable. Do you think the NSA does MITM attacks on all connections? I seriously thought that they might. So when I traveled from the US to the Netherlands, I took a copy of the key of my machine in the Netherlands, as seen from my browser in the US. I compared that copy when I was in the Netherlands, and it matched. If the NSA starts doing this, someone will catch them. That will be big news and everyone will start checking their keys. And if none of them match, things will be fixed. As long as they don't do it, checks like the one I did will confirm that nothing is wrong. Well, not exactly, of course. It is still very likely that they are trying to (and also that they succeeded to) put back doors into the encryption protocols, or at least their implementations. > But that's just the point... When an attacker sits on the line > between A and B,.. and they don't encrypt... than obviously he can > read/tamper with everything. Depending on what you mean by "sitting on the line". They can always read, but to tamper they need to sit "in" the line, not just on it. They have to make sure the original packets don't reach their destination. I take it that's what you mean. (Note that this is a much smaller group of machines; for example, I can read all traffic on the subnet of my block of houses, but I can't effectively tamper with it.) > If the attacker sits on the line between Alice and Bob (which he > apparently does, since he was able to read the unencrypted stuff)... and > if Alice and Bob don't verify their identities... then he can to MitM... > just as you explained it above. But if they start to doubt, they can check if they have been attacked, by comparing their keys through an independent channel. There will have been a small window where their communication was intercepted, but that's still much better than having everything always public. > So I'd say... anonymous encryption does not really help that much... > at least not against someone who constantly sits on the line and > watches all traffic (which NSA&friends surely do) It gives rather a > wrong sense of security. Anonymous encryption is better than no encryption. And it gives actual security. Certainly against people who are only listening (of which there are many), and (with a small delay where you might send sensitive data to the NSA) also against MITM attacks, because some people will check some keys every now and then. If any of them is found to be under attack, more checks will be done; if many of those will fail, all hell will break loose. And the NSA is not stupid. They know this. So they aren't going to try. Instead, they are claiming that "it doesn't really help anything" and "it only gives a false sense of security", to convince people that not encrypting is better than encrypting with unchecked keys. Sure they like it when the entire internet is unencrypted, it makes their work easier. It does not however provide any benefit to us or our users. > > A certificate authority does not provide the encryption keys. It only > > puts signatures on them. Without any CA, you can still encrypt if you > > have the target's public key. > Well sure.. but what do you want to tell us? Of course you can.. but > nobody usually manually trusts X.509 certs (i.e. non-CA-certs) You're claiming that having an evil CA in the list means that my communication is in danger of being eavesdropped. I'm saying that this is nonsense, because: > > An evil CA cannot read your traffic (unless they are in > > the path of your communication). You are saying that the NSA has control over evil CAs, and also is in the path of communication. So they can eavesdrop. Technically this is true. But there are two things to consider: 1. Due to the fact that they would be detected if they tried this on a large scale, they won't actually do this. 2. Your conclusion that because the NSA can eavesdrop, we should allow everyone else too (by not encrypting at all) is beyond ridiculous. Thanks, Bas
signature.asc
Description: Digital signature
