Schneier on Security
A blog covering security and security technology.
« Externalities and Identity Theft |
| Storing Cryptographic Keys with Invisible Tattoos »
April 14, 2010
Matt Blaze Comments on his 15-Year-Old "Afterword"
Fifteen years ago, Matt Blaze wrote an Afterword to my book Applied Cryptography. Here are his current thoughts on that piece of writing.
Posted on April 14, 2010 at 1:30 PM
• 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@Matt Blaze: "One of the most dangerous aspects of cryptology (and, by extension, of this book), is that you can almost measure it."
That's an excellent way to put it. I've been frustrasted in recent years in my career that the very same bosses and decision makers where it is like pulling teeth to get them on board for the simplest, most sensible, most cost effective solutions are often times the ones who get excited about beefing up cryptography.
I think Matt is right, it's probably because they can put a measurement on it.
It's flashy to say after an incident that we've upgraded from N-bit encryption to X-bit encryption.
Problem is usually two fold: First, encryption is usually their strongest link, and it wasn't what was really broken, so they've usually just wasted time and money. Secondly, the strength of encryption is irrellevant if you can bypass it (and therefore not have to even try to crack it). I'm not going to let my computers run attacks for days, weeks, months, or years when I can instead get a keystroke logger on a machine for example.
Like those 140-2 compliant USB sticks that were flawed or the evil maid attacks--in neither case was the cryptography cracked, it was bypassed rendering the strength irrellevant.
Most people here know this, but sometimes I post the obvious (to us) in hopes that a hot-shot decision maker might read it.
Always admirable to second guess oneself, even if you had it right the first time around :)
One can only hope, haha.
I was ten years old when that was first written. Maybe 11. I was programming in LOGO and playing SimCity on my 486. You'd think the field of security would have changed since then, like everything else has, but noooooo.
"I was ten years old... ...programming in LOGO... ...486"
Agh happy days I first started down the software crypto route when,
"I was ~18 years old... ...building robot turtles for fun... ...and playing with them on an Apple II with a 6502, I'd hacked to run at 2Mhz when not doing I/O".
The crypto was a stream cipher system, as perfered over this side of the pond...
It consisted of two seperate stream generators one was a "card shuffling" generator not that disimilar to what later became known as Ron's Code 4 the other almost identical to the Mitchel-Moore generator. The two where combined in what we now would call a "cellular automata".
It is funny how things change but always stay the same ;)
I think we've made progress... but perhaps we've found that what we once thought was a pond is really an ocean. In essence, the more we've learned the less we really know.
OMFG LOGOwriter... !!
God I loved that little turtle :)
As for me, it was Tie Fighter running on a 486 using an optimized boot disk, haha, so I could actually play (albeit in slow-motion, haha).
As for things changing... *sigh*... one might argue it's only getting worse (bad software on top of bad software on top of bad software, etc et al).
@Clive , although I had been interested in historical codes since school I first started down the modern crypto road when I read Martin Gardners column in Scientific American in 1977. I was in university at the time studying computers and mathematics (with a special interest in prime numbers).
Opps I forgot to mention that my memory comes from a little more than 15years before yours.
Oh and Bruce was probably still in College back then ;)
I just got back from a job interview with the a Wall St bank.
They wanted someone with years of experience of PKI, trusted hardware, penetration testing - the usual security stuff
I was early for the meeting so they stuck me in a conference room alone for 30mins. On the whiteboard was a diagram of their entire network, machine names, database names, server roles - the lot.
Together with an internal phone that presumably would have caller-id'ed me as being from IT, and a bunch of presumably live network sockets.
And yes, all their questions in the meeting were about how many bits of encryption would be 'safe'.
Sign of the (old) times: Matt refers to "The Internet worm" and rightly expects his readers to know exactly what he is talking about. Just that sentence would require some augmentation now.
Interestingly enough, the first hit on Google for "the internet worm" was the correct page:
But yeah, I was too young to know about it when that happened, but it was mentioned many times in school etc. and I sure feel old now being reminded about it in 2010.
"I was in university at the time studying computers and mathematics (with a special interest in prime numbers)."
Yup I had an interest in Primes oh about 77, back then I was always puzzled about the issue with twin primes, to me it was obvious that they would go on for ever as you get a twin at every "prime factorial" (2x3=6 5/7, 6x5=30 29/31, 30x7=210 209/211 etc) and we knew that primes where infinite (or so the books said ;) I figured all you had to do was show that a "prime factorial" +-1 could never be a harmonic of another prime (which I assumed was true from studying fourier) so I figured what was the beef about. But when your a teenager you think "yeah so what" especialy when that cute little brunet from the school down the road smiles at you at the bus stop 8)
Certainly did bring back fond memories of writing code corrections with a "hand punch", and the horrors of droping your stack on the way to the reader. I still have one or two stacks with rotted rubber bands around them lurking in the bottom of a filing cabinate along with several rolls of pink and white seven hole punch tape and a listing or ten, one for a BASIC compiler I wrote (in Fortran) for a Prime OS machine...
Eveything in there is just obvious. And he even has the balls to claim this makes him a "visionary genius!"
Seriously, if this is all it takes, maybe I should write afterwords for books too. How much does it pay?
Well maybe it is obvious to you now, but was it obvious to you in 1995?
And he does go on to say "Except for one little thing: I still spent the next decade working on cryptography" but obviously your attention span ended before that...
@jbl What about ROT13 ?
Do you know which "year" that came around?
History is very important, especially in cryptography
Folks in the crypto world, they will refer to BC, 16th ,17th century stuff. When you think of it, the Internet worm is like yesterday, in comparison...
Yup, I learned to program in LOGO Writer on the Apple IIgs, and I built the LEGO LOGO robots to go with it. That was more like 1993, but I kept using the DOS version of LOGO Writer well through '95. All hail the turtle! Also, SimCity 2000 was awesome.
Yep. I was late to the game. '82 with the 8088 processor. I did play with kaypro. really showing my age.
the sad part is for all the trees killed, experts with 'edcation, and crypto with thanks to NSA's help; little has changed.
Go to a starbucks and see what security they are running on a wireless network. (users) It's almost enough to drink a glass of wine in anger. (joking) Geeks still rule the world with most clueless. I still want to clone the damn car key. Haven't figured it out yet. I really am ticked that the damn thing cost me $150.00. I wanted to rip out the ignition system out by the roots. May do it yet. Some things are cheaper to replace (microwave) than repair. Others are just plain mean....Try replacing a car door because the window Mech is broken. Really cheaper. The guy wouldn't even look me in the eye. I took the quote burned it and lit a cigar. Called the auto salvage and bought a used door....
Programming is used in so many things from the bluray to the microwave. Those chips serve some purpose other than popping and swelling like marshmallows. Out of sheer stubborness I replaced one. Took an hour. Decided it would have been better to just buy a new one. I could have made more money working.
Cost/benefit analysis, gotta love it.
so little has changed. alright I'm off to get a latte from starbucks. Imagine, telling someone 15 years ago that millions would pay $5 for a cup of coffee.
I console with myself with the change from 8 tracks to an ipod that holds 5k of music wireless to my radio.
The idea of "getting around cryptography" and making the strength of the encryption irrelevant reminds me of the "technology du jour" mindset of too many security folks. You've likely heard the comment many times ... "If we only had a (insert technology solutions here) then we would be completely secure". And of course the technology solution mentioned changes from year to year - firewalls, virus scanning, encryption, intrusion detection, ...
When it comes to mitigating risk it's best to remember APL (not the programming language) which stands for administrative, physical, and logical. These are the types of controls available to mitigate risk:
o Administrative - procedures, organization structures, responsibilities, awareness and training.
o Physical - facilities based security; secure areas, entry control, supervision, periodic checking.
o Logical - the electronic stuff, computer related security controls (as mentioned above).
And there is more to security controls then just prevention. Consider all of the following:
o Preventive: attempt to avoid the occurrence of unwanted events (inhibit attempts to violate information security).
o Detective: attempt to identify unwanted events after they have occurred (warn of violations or attempted violations).
o Deterrent: attempt to discourage threat agents from violating information security.
o Corrective: attempt to remedy the circumstances that allowed the event, or return conditions to what they were.
o Recovery: attempt to restore lost resources or capabilities and help recover monetary losses.
o Containment: attempt to limit the impact (injury or loss).
@ Donald Johnston
I've made a record of your post because I like the breakdown. I don't know if its yours or from a book, but I plan to use it next time I'm explaining business security to a lay audience. I've mostly been using FISMA's excellent powerpoint as my template, even though their certification process produces questionable benefit.
Well, I'm young enough to have started on a Pentium PC running Windows 3.1, although I preferred the DOS shell. ;) Then it was programming on a Win95 Pentium 2 in this order: QBasic, Visual Basic, Visual C++, Common LISP. The "security explorations" were done on Caldera OpenLinux, I think it was called. Time sure changes things. If I only had an IBM POWER7 or Intel Nehalem chip with 4-64GB of RAM *back then*. Oh the possibilities...
On the blog post issue
I think the biggest problem is legacy. More abstract, the problem is maximizing return on investment and minimizing costly changes, which spans further than IT segment. These business strategies directly result in vendor or platform lock-in's that keep companies or individuals using the same sub-par systems year after year with minimal improvements. It's these economic and sociological issues that create an incentive to *not* produce high quality or secure replacements for existing systems, as it would likely create new costs & reduce ROI on previous investments. Throw in market forces, esp. time to market, and there's no hope now or in the future for pervasive, high assurance COTS even at the lowest levels of the platform. Let's see if I still say the same 10-20 years from now. ;)
The equation: 'Invincibility + Invisibility = Security', which is the 1st Natural Law of Security, makes it slightly easier to measure the effect a particular security measure will have on ones overall security program, be it IT, physical plant or personal security. You still have to assign what are essentially arbitrary values to each component, but the idea of a security measure having a 'net' benefit or detriment based on its combined effect on the two fundamental components of security is much more easily demonstrated. A longish, lecture video that lays out how this works can be found here: http://video.google.com/videoplay?...
I started in the 21st century ....
I wasn't really interested in cryptography until the late 90's (I started programming in the early 80's -- PL/1 and COBOL on mainframes, 6502 assembler and BASIC on a Commodore VIC-20 then C-64, funny, I've forgotten all my PL/1 and COBOL but still remember my 6502 and BASIC ;). I do remember the early 90's though, and all the hoopla amongst the "cryptopunks" that held that cryptography would be the salvation of the Internet against governments and corporate interests eager to censor it. Mixmasters and PGP, oh my. Against that hoopla, Matt Blaze's "Afterword" goes down like a cool tall drink of reality that you can't appreciate now, when much of what he said is "conventional wisdom". It wasn't conventional wisdom in 1995, folks, but, rather, exactly the opposite -- "conventional wisdom" then said that cryptography would be the salvation of freedom and yada yada yada. That's what makes Blaze's afterword history rather than just some dude saying the obvious.
@ Eric Green
Well, to be accurate, not all cipherpunks and such thought crypto would be our salvation. We just thought it was extremely important and useful. Mixmasters, PGP and others are still highly effective when combined with other security measures. Local cops are easily beaten by such measures and the FBI may under certain circumstances. One of the things you neglect to mention was that the use of public libraries, proxies and private forums were combined with crypto methods to achieve practical results. Those of us in the know always knew we'd need whole-system security: all the other stuff was our way of approximating the true security we couldn't have. It's also why the really paranoid people either stay offline or use customized OpenBSD instances behind Freenet or Tor. ;)
@ Nick P,
"It's also why the really paranoid people either stay offline or use customized OpenBSD instances behind Freenet or Tor. ;)"
Surely you mean "moderately" not "really".
Other's (such as myself ;) design our own hardware and write our own minimal OS's, and others take it a bit further and practice various forms of information isolation techniques (kind of like safe sex but with a condom with the thickness of a truck tire and rather less fun 8)
LOL. Yeah, I'm currently working on the "really" paranoid approaches. The previous are moderate and good enough for most paranoids due to the high quality of the OS. OpenBSD even tries to correct processor and firmware bugs at the OS-level, the only OS I know of to do that. The auditing is nice too. One person alone just can't write code of such good quality, I would think. This has implications for coding an OS from scratch. (Not designing from trusted, pre-coded components, though. :) If I would trust anything COTS for paranoia, I'd probably build a platform out of security- and safety-critical embedded stacks like EAL6 INTEGRITY and DO-178B middleware. These usually prove to be highly reliable and predictable, the latter leading to good qualitative security metrics.
As for your condom analogy, I guess I'm trying to replace the tire rubber with a kevlar and nomex based synthetic material that works as well, but is far more comfortable. I guess it will never feel as good as the "safety guru's wishful thinking" (err, Ultrathin) brands. :P
@kevinm: You're not alone--many of us started with that Martin Gardner column. My eventual implementation was on an Apple ][+ with, I want to say, 16-bit primes. Obviously at the time I was a bit hazy on cryptographic strength (I was *young*, OK?), but I was more geeked by the unexpected beauty of the mathematics than by the security implications.
@ChipZ: I would say it's SORT of obvious--obvious enough not to have been stunning then (or now, clearly), but not obvious enough to have been gospel then (or now, either). There has long been a significant segment of the security community that is generally pessimistic about the state of affairs vis a vis computer security--but it is just a segment.
For what it's worth, Matt's claim to be "visionary" reads as "obviously" sardonic to me. Truly visionary would have been to point out a way forward to resolve all of those problems, and be found correct in each case in the years since.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.