Archive 2016

 

Cryptography Mailing List

 

Trying To Solve The Hen-And-Egg Problem

We're living in an online world that is severely harmed by universal surveillance.

Our every-day lives in this world depend on complex and pretty obscure services run by companies, that leave the ordinary internet user with little alternative to giving up their privacy.

In doing so, they also have substantially reduced our freedom, the freedom to share thoughts with other people confidentially.

It's time to take back this freedom and to have secure communications without the fear of surreptitious intrusions into our privacy. Secure communication is a right, not a generous concession. And it will only work, if you're going to take control over what happens yourself.

Why is it so hard to find a useful solution?

Ordinary users are no encryption experts, and they don't want to become an expert. Secure communication should be a matter of course for everyone.

On the other hand, there is no simple solution for secure communications ready to go. And the reason is simple: a solution is useful only, if it is secure, if it can defend against the numerous threats lurking around in the online world. To design such a secure solution is hard, because the threats are complex and constantly changing.

This fact makes people believe that they have to trust the internet giants to deliver and run secure communication for them, which they don't control nor understand or worse, that they have to send their messages unprotected. And many decide to do exactly this.

A well-designed encryption tool under your control

The Crypto Bone is here to change that.

We all know that computers we use today are complex things and can be attacked in may ways.

So it is prudent to delegate all the hard work of message encryption to a separate device - the Crypto Bone - that is prepared to work reliably as an isolated, well-designed tool with minimal complexity.

It is much easier to ensure that such a device encrypts your messages securely than your complex computer.

People who have tried to use encryption often find themselves in the desperate situation of managing all the different and confusing encryption keys. Key management is a really hard job and should also better be done by a separate device, especially designed for that task.

These were the two main reasons for me to develop the Crypto Bone.

In short, the Crypto Bone will make your life easier, because it offers you a choice, you didn't have before: to escape the universal surveillance in a way that you control yourself.

Encryption has to be both: Secure and Usable

This new approach to key management is what makes the Crypto Bone really easy-to-use. For any contact you wish to share messages in private, you'll need to provide an initial secret to the Crypto Bone only once.

After that the messages are automatically encrypted and sent to your correspondent. You won't have to bother about message keys from now on and you can send your messages safely through the Crypto Bone, which takes care of all the complex tasks, you won't spend a second thought about.

But how would you be sure that the Crypto Bone is really secure in its operation?

Well, the only answer is peer-review. The Crypto Bone has been designed to be as auditable as possible, it uses the OpenBSD operating system and one single high-quality crypto library (CryptLib, maintained by Peter Gutmann) as the core crypto engine. And I have invited security experts from day one of the development to scrutinize the source code.

The Hen-And-Egg Problem

But as far as I know, this peer-review has not happened, yet.

And despite the fact that I have taken any possible precaution to make sure the code does not have any security problems, I cannot say the Crypto Bone is secure to use.

But on the other hand, without a relevant user base, the incentive to take the time and effort for a thorough code review is virtually non-existent.

This is a special version of the hen-and-egg problem, that has to be solved one way or the other.

The Crypto Bone ALL-IN-ONE

Well, not everyone has a Beagle Bone.

And, if you're using the Crypto Bone, your encrypted messages will reach other people who might not have a Beagle Bone. And that's why very few people will use this kind of secure communication, yet.

On the other hand, checking the software - and even the core software - for security pays off, only if many users rely on this software day-by-day. Only if the Crypto Bone's user base has become large enough, security experts will take the time to poke inside the software for bugs and security problems.

I try to approach this dilemma by making it easy for everyone to run a Crypto Bone, even if you don't possess the extra hardware. I have developed a software-only version of the Crypto Bone that can be installed on every Linux computer, as RPM and DEB packages are readily available.

After installation of the RPM or DEB package, anyone will be able to use a Crypto Bone within seconds. Think of it as a virtual Crypto Bone, made available on your Linux computer instead of using an external, separate hardware.

Of course, the question has to be answered, if the software-based Crypto Bone is secure to use. Would the software-based version not destroy the main benefit of a separate encryption device, its isolation and independence from all the numerous attacks on your main computer?

Attacks on the Crypto Bone

In a way, yes that's true, a separate system is always better protected than the virtual Crypto Bone.

There are a number of possible attacks on the Crypto Bone most of which can be defeated with the current design of the Crypto Bone. If the protected message key database is now stored on your computer instead of the separate device, the virtual Crypto Bone has to make sure, that someone who wants to attack these secrets, would need root permission to do this. Of course, its much more likely that an attacker will succeed to gain root permission on your local computer, because of the sheer number of additional software installed, but if someone has got root permission, well, essentialy the game is over already.

In this sense, using the ALL-IN-ONE virtual Crypto Bone is pretty safe if you guard your root account and you can switch to using a real Crypto Bone while you are using your GUI program that controls your virtual or real Crypto Bone.

So why not check out the ALL-IN-ONE Crypto Bone, and tell me what you think.