Comments

SirwanMarch 1, 2013 5:16 PM

Dear Schneier,

Kindly can you tell me about security of RC5 algorithm?its good algorithm for network security?

regards
Eng.Sirwan A.moahmmed
Sulaimaniyah INT.Airport

hasherMarch 2, 2013 4:32 AM

Suggestion for a weekly column:

Every week some security company publishes a new discovery of some nefarious hack. In recent days we've had Mandiant's Unit 61398 takedown, Kaspersky's Red October revelation and Kaspersky's Miniduke revelation. (Symantec, are you slacking?)

We need something like Schneier's Hack Parade so that we can read informed comment on the latest cyber espionage hack.

The revelations seem to be coming fast and furious. One wonders: if that's what's being revealed so often, what's going on under the radar?

It would also be interesting to see a seminar on attribution. Suggestion:

1. Attempts to attribute by reverse-engineering the target set.

2 Attempts to attribute by analyzing the technical style of the hack (not just coding style, also language choice, design etc).

3. Attempts to attribute by combining 1 & 2.

4. Discussion of how possible false flags are from a technical POV.

Question: Don't they try to do cyber espionage on Linux? Or has it just not been uncovered?

infosec starterMarch 3, 2013 12:05 AM

I'd be interested to know Bruces thoughts (and others) on companies such as E&Y, KPMG, Deloitte etc who offer cyber and pen testing services. How do they compare to say BT?

Are they good places to begin careers. Are they too business focused and not enough tech?

RogerMarch 3, 2013 2:33 AM

@Sirwan:
Since no-one else answered, I will.

RC5 has several parameters to choose, which can be confusing for the non-expert. It is a fairly strong algorithm, if implemented with reasonably conservative values to these parameters.

There are some known attacks that are better than brute force, but generally regarded as impractical. But those attacks are not nearly as much of a concern as the very fact that you are asking for a "good algorithm for network security". That hints that you might be tryign to design a network security protocol without knowing much about cryptology.

Designing a secure network protocol is extremely difficult. If you try to invent you own, it is highly likely to have subtle but dangerous flaws. These flaws are likely to be much more serious than any theoretical weakness in RC5.

Instead, it would be a much better idea to run your communications over a standardised security protocol. Unfortunately, due to those aforementioned design difficulties, none of the current readily available protocols are perfect. Probably your best choice is IPSec -- but if you are new to crypto, you will need expert advice on configuring it.

André MelloMarch 3, 2013 2:23 PM

It seems that the guys responsible for the art of the Flower and Journey games are excited about squids as well...

Twitter

John CampbellMarch 3, 2013 4:08 PM

Actually, perhaps we need something like Letterman's Top Ten lists of idiocies of the week...

... Schneier style.

Maybe ROT13'd for anything that is NSFW?

(chuckles)

Clive RobinsonMarch 4, 2013 3:59 AM

@ Roger,

Even though it's a joke... I've known one or two (actually quite a few) users who would be pushed to understand what it's saying and would thus treat the message the same way as a "vodo chant" or sprinkling of water by a bloke in a skirt.

PentesterMarch 4, 2013 8:00 AM

@infosec starter

I work as a pentester at one of those companies.

If you want to become a pentester just make sure you're applying to a pentester role - aka something where the aim is to get you CHECK certified. Try these two links, any company which is CHECK certified with both an infrastructure and app CTL (preferably some CTMs too) will be doing hands on pentesting:

http://www.cesg.gov.uk/Finda/Pages/...

http://www.crest-approved.org/...

Of course there is a lot of consultancy that goes on, but you're unlikely to be forced into it if you specifically joined as a pentester. The bigger risk is you'll get forced into management as you progress, but there's that risk anywhere.

BobbyMarch 4, 2013 10:07 AM

@Bruce I saw an interview in which you said you have no facebook account. there is someone, probably an NSA drone, posting as you. they pick up points from this blog and post. I am still following this drone.

KarlMarch 4, 2013 10:27 AM

Link to an essay on how PayPal stepped up and took on the job of managing the risk of cyber fraud.

Rather than sitting around and hoping that government would solve its problems, PayPal took matters into its own hands. It developed a fraud monitoring system that used artificial intelligence to detect potentially fraudulent transactions. If 100 separate accounts were transferring $1,000 to one account and that recipient was suddenly attempting to withdraw $100,000, alarm bells would ring to have PayPal employees, not government, check up on the situation.

....
PayPal basically assumed the risk of fraud on behalf of customers and profited immensely by reducing it. PayPal now processes $100 billion worth of transactions per year and has an industry leading loss rate of only 0.5 percent. It prices the cost of fraud into each transaction, and that gives the company incentives to minimize it.

(Emphasis added)

SJMarch 4, 2013 10:44 AM

As another comment on the security methods and practices surrounding the Papal Elections:

Each round of voting is done on paper, then the ballots are burned. The practice of burning the ballots produces a signal that is visible to all who are within line-of-sight of the building.

The color of smoke contains a 1-bit message about the state of the Papal Election. White means one thing, black means the other.

This message is very hard to block, jam, or garble.

The technology of smoke-signals is an abandoned technology. Yet the institute of the Vatican still uses them, for reasons of tradition.

This doesn't change the analysis of the security of the Papal Election. But it does show another way in which the College of Cardinals developed a low-tech communications method intended to preserve secrecy. This method announces the state of the election process, but cannot reveal information about the votes that produced the results.

ModeratorMarch 4, 2013 3:01 PM

@Bruce I saw an interview in which you said you have no facebook account. there is someone, probably an NSA drone, posting as you. they pick up points from this blog and post. I am still following this drone.

There is a blog feed in the form of a Facebook page, yes. As far as I know Bruce has never personally logged in, and it wouldn't surprise me if during that interview he'd simply forgotten it existed, but it's available for people who want it.

murrayMarch 4, 2013 4:12 PM

Heh, bonus points for getting "Paypal" and "Papal" into the some blog discussion. :-)

Clive RobinsonMarch 4, 2013 4:19 PM

@ Nick P,

More trouble for quantum crypto in the making? Remember that attacks only get better

At the moment it still requires multiplle photons etc to get results but looking at some other work sugests that this may not be as big a problem as it first appears.

The problem with Heisenberg's famous Uncertainty Principle is it's a "principle not a law" and comes about due to a "walk in the park" by Heisenberg one very cold December's evening...

As a principle all it explains is what our senses perceive, that is it is empirical and, thus, not a law based on what are considered mathematical facts [1]

This has certain issues when it comes to experimental science in that experiments may increase the confidence in a principle but don't prove it to be true. And as with other Laws of Physics (many of Newton's) may become superseded with time or more accurate measurment (Einstien's relativity etc).

Does this lack of "proof of truth" and inability to satisfactorily model and test have a direct bearing on Physics, well not much we still use Newton's laws to get satellites around the Solar System and only resort to Einstein's relativity when it comes to requiring greater precison (as in GPS and Cellular Comms).

But what about security, well there the "proof of truth" is often considered fundemental and a lack of it as we know leaves a large fat question mark hanging over the idea. Further in general, information security is considered (incorrectly) to be "all or nothing" rather than relative [2].

So as far as I'm concerned QKD is a very expensive and very limited in capability technology with a diminishing security margin due in part to the failings of practical implimentations and also in part to the "cheese pairing" attacks it's underlying principles are suffering.

Further it's limitations in range and bandwidth whilst extreamly limiting, it has further effectivly fatal failings one of which is it's inability to be switched. Both the range limmiting and nonswitching issues means that to be of use "nodes" are required in a general purpose QKD system and the security of these nodes has no magical quantum guarantees. Just the normal physical ones which we know have such a multitude of failings we don't even know what they all are and thus have to assume are limitless...

Thus to be honest I'd rather rely on other time honourd systems such as multiple encryption with the KeyMat sent by multiple (supposedly) reliable couriers and frequent "trust checks".

Although there are some other "fringe" ideas floating around that I keep my eye on (one of which is the use of induced flaws in crystals as code book engines and is a spin off from data storage ideas) by and large "tried and tested" is my prefered route.

[1] I'll not go further into the issue that mathmatics and it's underlying logic and the issues involved there, and the fact that they are at the very least bassed on assumptions or "best guesses" we call axioms. I'll leave it at the simple fact that mathmatics is an invention of mankind to help explain the world as man percieves it, and note that mathmatics in no way controls the world around us.

[2] Actually outside of some strictly controled assumptions all security is probablistic in nature. Take for instance in cryptography the One Time Pad, it's security is based on the assumption that only two copies of the KeyMat exists, remove that assumption and it's just another stream cipher with a known start point on the key stream...

Clive RobinsonMarch 4, 2013 5:23 PM

OFF Topic:

This might amuse,

Apparently the UK Prison Service allowed a convicted carder to attend a computer training course whilst in prison and he hacked the computer network used.

Apparently the UK prison Service sacked the teacher for allowing the carder on the course. The teacher is suing for unfair dismissal as they were not responsible for selecting who did or did not attend the course nor were they ever told about each prisoners crime type or punishment...

http://www.v3.co.uk/v3-uk/news/2252112/...

Oh and another one from the same site mashing-up a Bruce Schneier post into a news item,

http://www.v3.co.uk/v3-uk/news/2249975/...

Infosec starterMarch 4, 2013 10:36 PM

@pentester

Thank you very much for your reply and insight!
Much appreciated!

@everyone

Is there any chance you can check my understanding of all these acronyms relating to the qualifications and other terms etc

BCS -- British Computer Society -- can award CEng and CITP along with CESG Certified a professional (CCP)

IET --- Institute of Engineers --- Can award CEng and MIET (not much security use?)

IISP --- Istitute of information security professionals --- awards membership MinstISP and can also award CESG CCP (like the BCS) are they better for CCP?

CISSP - certified information security progressional - quite general infosec qualification needs an exam and some years job experience?

OSCP - offensive security certified professional - course run by people who make backtrack - reputation unknown in real world?

CESG - communications electronic security group - commercial arm of UK GCHQ - not sure of the relationship to private sector though...

CHECK --- a certification that shows CESG think you can pentest?? - either as a team member or leader?

Tiger --- Qualification needed to get CHECK status?

CREST --- other qualification that can be used to get CHECK status?

CEH --- certified ethical hacker --- pentest qualification with American focus?

ITHC --- IT Health Check --- process undertaken by CHECK pentester to look at UK public sector systems?

CISA --- certified information systems auditor --- audit qualification --- is this much use?

CISM --- certifies information systems manager --- not sure what this really means :/

CLAS --- CESG listed advisor --- someone who is a CHECK person and holds a security clearance --- not so sure ....

CCP ---- CESG certified professional --- looks like new entry level infosec acreditation offered by BCS and IISP, is it worth looking at getting?

CTAS --- process by which systems are evaluated compared to CESG guidelines.

CAS(T) --- process by which telecom systems are evaluated?


Like I say if any of the above are wrong please help me understand the terms better.
If anyone has advice on which are worthwhile to pursue that'd be great too. Anything I've missed off also welcome!

Thank you!

John27rgMarch 5, 2013 2:51 AM

Very engaging talk by Amanda Palmer on trust. (I'm old enough to never have heard of this musician who combines punk & cabaret.) Twists the question of "how do we make people pay for music?" to "how do we let people pay for music?".

Raises all sorts of perspective on trust - like would you stand naked in front of drunk strangers and let them draw on you?

http://thebrowser.com/videos/...

PeterMarch 5, 2013 3:16 AM

@Clive, the Heisenberg-Gabor-Weyl uncertainty principle is a theorem in information theory, not just a principle.

Clive RobinsonMarch 5, 2013 10:13 AM

@ Peter,

the Heisenberg-Gabor-Weyl uncertainty principle is a theorem in information theory

It is but it's not the original Heisenberg uncertainty principle. And the original principle was changed by Heisenberg due to the EPR paradox that followed from Karl Poppers observations.

Yes I know the Uncertainty principle is in effect due to a Fourier effect of the duality of wave/particle on electrons within the atom and the Gabour limit imposses a minimum occupancy as you cannot both time and bandwidth limit a signal

However as Karl Popper put it about Heisenberg's formulae,

are, beyond all doubt, derivable formulae misinterpreted by those quantum theorists who said that these formulae can be interpreted as determining some upper limit to the precision of our measurements.

In otherwords the principle is a creation of man and his mathmatical models not of nature it's self. And as noted has been revised atleast once.

Quantum mechanics has some real problems fitting in with our perception of the Universe around us and some attempts to align the two have given rise to such things as "The many Worlds interpretation" view point. Which would appear to fly in the face of Occham's Razor, likewise other theories.

Such issues have given rise to the observation about teaching physics that "you get taught one lie after another each being successively more accurate than those preceding".

One such issue is to do with "information theory" what does it actually relate to and do the laws of our perceivable physical universe actually apply to information? Some people hold with the view that our tangible universe is a subset of the intangible information universe that in effect describes it, and others have differing views.

Depending on the relationship to information and the physical laws could we find constraints in one having a bearing on the other?

All that can realy be said of information is that it has tangible form when either stored or communicated simply because it is in effect encoded onto physical objects in some way. But what about information when not stored or communicated in physical form?

Further when it comes to fourier analysis things are moving on apace there with for instance the likes of overcompleatness which indicates there may be further room for improvment on detection capabilities that could be applied against physical implementations of QKD devices.

Further the question arises as to if, an effect in the physical world, that gives rise to the touchy feely goodness of QKD, holds in the information universe if such a thing exists...

Now as far as the engineering side of things goes, I'm happy to go with the flow just as space engineers are happy with Newton's laws. However when it comes to information security nagh, all I'm prepared to do is say we don't know enough to know, so I'd urge caution.

Clive RobinsonMarch 7, 2013 3:56 PM

Any RSA attendees want to confirm this story,

http://www.theregister.co.uk/2013/03/01/...

Apparently Adi Sahmir has said we should prepare for a post crypto world because of Government sponsored APT.

Whilst I would agree with (and have been saying similar things) to what Adi is reported to have said I don't think we are close to an "end to crypto".

WaelMarch 7, 2013 11:24 PM

@ Clive Robinson

Any RSA attendees want to confirm this story...

What's wrong Clive Robinson? You don't trust the YouTube link in the article you linked? He did say that at 16:20 in the video.

Clive RobinsonMarch 8, 2013 4:39 AM

@ Wael,

No for health reasons I'm on smart phone only at the moment with a poor connection (I did ask for the bed by the window as I did not want to be next to the toilet but they said no :-(

And it's long in the tooth like it's owner (I've still not found a replacment I like :-( I can get the article but it barfs on most videos at the moment.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..