3-1-1 for Encryption

An excellent idea:

3­1­1 for encryption. RSA, DSA, and ECDSA must be 3.4 ounces (100bits) or less per container; must be in 1 quart-sized, clear, plastic, zip-top bag; 1 bag per message placed in screening bin. The bag limits the total data volume each traveling message can bring.

Posted on January 15, 2015 at 1:22 PM • 19 Comments

Comments

GavinJanuary 15, 2015 6:19 PM

and if your data will not fit in the clear, plastic, zip-top bag you can always use compression first...

Clive RobinsonJanuary 16, 2015 1:53 AM

@ Guesty McGuesterson,

100 bits?

100 mil "level" security ;-)

For those that have ever wondered why we have such a strange unit for volume as "fluid ounces" there are two arguments.

The interesting one you can blaim your ancestral granny and her chickens... Untill a couple of hundred years ago cups, pots and all other home vessels were of different volumes as potters and pan bashers just made things by eye. However a chickens egg was a reliable measure for recipes as even though they varied in size and shape they were usually close to two ounces in weight. But from the cooks point of view if you used the eggs you were going to cook with on one scale of a balance then the dry goods would come out in the correct proportions for the recipe, and it would work no matter how well fed the chickens... Thus it was natural to accept a liquid measure as a weight as that's what you were brought up with, whilst keeping warm in the kitchen and trying to snag the mixing bowl before your siblings :-)

NameJanuary 16, 2015 2:31 AM

Aargh. Maybe someone will leave a comment that tells me what I'm supposed to see there. So far it eludes me entirely. And I hate that. Disabling NoScript didn't help. Is the RSA-DSA-ECDSA thing an in-joke for encryption experts only?

ChristophJanuary 16, 2015 2:56 AM

explaining jokes gives bad karma. but anyway.
its an ironic view at David camerons opportunistic go at weakening encryption for the greater good. In a liberal democracy your speech should be liberated from being private.
By putting this into context of the flight liquid limits, its ridiculing this quite well. also poking fun at british ounce vs metric system values for extra points.
If people show their fluids in planes, they can show their data when it travels the world as well. its all so logical.

Clive RobinsonJanuary 16, 2015 3:43 AM

@ Christoph,

You forgot to mention that the English gave the USA the "imperial measurments" and whilst Britain has long since dropped them the USA took them to heart, changed them and fiercely hang on to them out of tradition or some such.

Speaking of "give aways" apparentlty David Cameron is off to see US Pres BO to give him a piece of his mind. I guess we could crack a few IQ jokes.

Any way as I note over on last fridays squid page Dave Cameron appears to have changed his tune.

NameJanuary 16, 2015 3:45 AM

Thanks, Christoph. I took another look, but the joke (or whatever it is) continues to elude me. Suspect that not having traveled by air recently is the problem. Either that, or Bruce has gone meta ^ meta.

another attempt to explain the joke for NameJanuary 16, 2015 4:22 AM

Carrying fluids on airplanes has been declared dangerous/bad because terrorists could do bad things with fluids on airplanes, therefore we are restricted in what fluids we can take on airplanes and must show them in approved containers and quantities to security personel to be checked/approved before boarding.

So the joke is to apply the same idea to encryption, which Cameron declares dangerous/bad, i.e. new rules requiring that passengers may have only a small amount of encrypted data, which must be showed in an approved container format and viewed by security personel, when they board planes.

Ole JuulJanuary 16, 2015 4:24 AM

@Name
I didn't find it extremely funny either. However the whole thing about putting things like toothpaste and stuff in a clear plastic bag of a specific size so as to be allowed to board a plane is just batshit crazy. Cameron and his ideas are in the same category. It's a fit. Security theatre and Cameron's grip on computers both make Monte Python look like a model of sanity. It's a crazy world and you gotta either laugh or cry.


NameJanuary 16, 2015 8:28 PM

Ok, I get it. I know Cameron is a nut, and why, but yeah I don't keep up with air travel restrictions as I don't fly, and although I sort of half-got the connection, it didn't seem like joke material to me and so I figured there must be something else. So it's a semi-lame joke, and I'm semi-lame, so that's 1.0 lames in total, which is enough to trigger a standard lameness detector. The NSA has probably misconfigured my lameness detector somehow (I used to take my tinfoil hat off at night). Although now my bullshit detector, which has unexpectedly turned against me, is sounding urgently, gotta fly, sorry about the kerfuffle...

someoneJanuary 17, 2015 1:15 AM

It is clear to me now Bruce is a "Security" NUT. If you are not a criminal, there is no reason the government, or trustworthy companies, should not look into your stored data, your e-mails, back-door your data bases or computers, and your phone conversations. Even follow you around. If you are not up to something, what are you worried about?

US law has no specific "right" set aside for electronic privacy-when the US was founded, there really was only the choice of hand delivered mail, or maybe a spoken message to a runner/rider. If you think about it, those are the ONLY kinds of privacy that they intended. No one should be able to ask a messenger what you told them, nor open your stamped US mail.

Other than that you are just paranoid if you feel you need to hide anything else. Your NUTS!

Ole JuulJanuary 17, 2015 8:41 PM

@someone
US law has no specific "right" set aside for electronic privacy-when the US was founded, there really was only the choice of hand delivered mail, or maybe a spoken message to a runner/rider. If you think about it, those are the ONLY kinds of privacy that they intended. No one should be able to ask a messenger what you told them, nor open your stamped US mail. Other than that you are just paranoid if you feel you need to hide anything else. Your NUTS!

I think that distinguishing between electronic and paper privacy is a petty argument. Like you said "No one should be able to ask a messenger . . . nor open your stamped US mail." As for your reference to my nuts, I admit that I don't know what you mean by that.

WaelJanuary 17, 2015 11:29 PM

@Ole Juul,

I admit that I don't know what you mean by that.
Likely a typo of "You're nuts"...

KeithJanuary 19, 2015 8:51 AM

@ Wael
>Likely a typo of "You're nuts"...

I thought that too - but on re-reads thought it could be (cryptically clever and grammatically poor) sentence structure that both alludes to:

If you don't, you are nuts

..and also

If you are going to hide nothing else, please hide your nuts (no one wants to see them - (except the TSA)).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.