· · Security
· What happened was, I was fooling around with zero-knowledge proof ideas and needed to post public keys on the Internet in textual form. I picked ed25519 keys (elliptic-curve, also known as EdDSA) so I asked the Internet “How do you turn ed25519 keys into short text strings?” The answer took quite a bit of work to find and, after I posted it, provoked a discussion about whether I was doing the right thing. So today’s question is: Should these things be encoded with the traditional PKIX/PEM serialization, or should developers just blast the key-bits into base64 and ship that? ...
How to Interchange Ed25519 Keys
· Herewith pointers to Java 15 and Go code that converts Ed25119 public keys back and forth between short text strings and key objects you can use to verify signatures. The code isn’t big or complicated, but it took me quite a bit of work and time to figure out, and led down surprisingly dusty and ancient pathways. Posted to help others who need to do this and perhaps provide mild entertainment.
[Update 04/23: “agwa” over at YCombinator showed how to simplify the Go with x509.MarshalPKIXPublicKey and x509.ParsePKIXPublicKey.] ... [2 comments]
TLS Wiretap Fear
· There is a hot lengthy argument going on in the IETF’s TLS Working Group which has been making me uncomfortable. It’s being alleged that there is an attempt to weaken Web security in a deep fundamental way, which if true is obviously a Big Deal ... [1 comment]
On Password Managers
· It has come to my attention that people are Wrong On The Internet about password managers. This matters, because almost everybody should be using one. Herewith background, opinions, and a description of my own setup, which is reasonably secure ... [27 comments]
· I got interested in Keybase.io the day I left Google in March, and I’ve been evangelizing it, but even more the idea behind it: Using authenticated posts here and there to prove public-key ownership. Also I’ve contributed Keybase-client code to OpenKeychain (let’s just say “OKC”), a pretty good Android crypto app. I’m more or less done now ... [6 comments]
How To Be Secret
· Suppose you need to exchange messages with someone and be really, really sure that nobody else reads them. Here’s how I’d do it ... [5 comments]
· The Internet is a dangerous place. We have tools to make it safer, but they go unloved and unused; by ordinary people I mean, the ones who aren’t geeks. How can we fix that? Let’s look through some recent evidence; The conclusion is pretty obvious ... [3 comments]
Making Android Crypto-friendly
· Google could tweak Android, in a pretty simple way, and make it immensely easier for anyone, not just geeks, to do cryptography with a nice user experience. All the pieces are there ready to go ...
Is Encrypting Phones OK?
· Starting now, more and more phones will have their data encrypted, so nobody but the phone’s owner can peek. Apple just started and Android’s following suit. Now we hear howls of outrage from government officials claiming this will protect criminals, doom victims, and so on. But they’re completely wrong ... [3 comments]
· Release 3.0 of the OpenKeychain Android app is out today. I’m super-proud to have been a (minor) contributor. It’s getting pretty slick, if I say so myself; maybe almost civilian-ready. Read on for an explanation, with screencasts and geek notes too! ... [4 comments]
Keys in the Cloud
· I just landed a nifty new feature for OpenKeychain. It’s simple enough: If you want to communicate privately with someone, you need their key. So, just like when you’re looking for anything else, you type their name or email or whatever into a search box and find it on the Internet ... [1 comment]
· Hey, are you operating an app or a Web site? If so, are you among the (large number of) people (for example, Instagram) who connect via “http:” instead of “https:”? Here’s some advice ... [1 comment]
· Privacy is good. Perfect privacy is really hard, probably unachievable. It’s not a binary thing, but a big dial we can turn up or down. So obviously, we should be turning it up ... [3 comments]
Java Security Hole
· Good solid cryptography is an essential foundation for sound business usage of the Internet, and essential to provide a sane privacy level. But the tools for Java programmers are in horrible shape ... [4 comments]
Trusting Browser Code
· It would be useful if you could really trust code running in your browser. It’s not obvious that this is possible; but it’s not obvious that it isn’t, either ... [2 comments]
· You should be able to exchange messages privately using the Internet. My profession should be working on making this easy for everyone, including non-geek civilians who shouldn’t need to understand cryptography ... [12 comments]
Where Is Your Data Safe?
· You can store it on a USB stick or your mobile or your personal computer or your company servers or out there in the cloud. Where is it safe? That’s not a simple question, but here’s my answer: Your own personal computer, if you take a few basic precautions, can be a pretty safe place to store things that matter, including secrets that matter ... [4 comments]
Pervasive Monitoring Is an Attack
· That’s the title of RFC 7258, also known as BCP 188 (where BCP stands for “Best Current Practice”); it represents Internet Engineering Task Force consensus on the fact that many powerful well-funded entities feel it is appropriate to monitor people’s use of the Net, without telling those people. The consensus is: This monitoring is an attack and designers of Internet protocols must work to mitigate it ... [8 comments]
· There were these headlines yesterday, for example in CNET, about a serious security flaw in OAuth & OpenID, with garish graphics claiming that Google and Facebook and Yahoo and, well, every other website you ever heard of, was vulnerable. I’ve been digging a bit and I still don’t know if there’s a there there; at the moment I think not. But I was left nauseated by the amateur-hour reporting ... [3 comments]
· It’s like this: Everybody ought to be able to use strong cryptography any time they’re going to send anything to anybody. Ideally it should just happen, by default, but let’s take baby steps. This is a messy rambling work diary on trying to put some of the pieces together to make that a little more practical than it is today ... [8 comments]
· I’ve been fooling around with this for the last couple of days; you can find me at keybase.io/timbray. I think it might be pointing a useful way forward on private-by-default communication and, for what it does, it gets a lot of things right ... [12 comments]
Is This Page Safe?
· What happened was, Paul Hoffman, Lauren, and I were sitting up talking about privacy, looking at a WordPress blog, and this weird thing happened: We typed in its address with “https:” at the front, and it showed up as locked/HTTPS in some browsers but not others. It took quite a bit of poking around to figure out ... [5 comments]
· Surveillance on the Internet is pervasive and well-funded; it constitutes a planetary-scale attack on people who need the Net. The IETF is grappling with the problem but the right path forward isn’t clear ... [11 comments]
HTTP Encryption Live-blog
· The IETF HTTP Working Group is in a special place right now. It held a meeting this morning at IETF 88 on encryption and privacy; the room was packed and, just possibly, needles that matter were moved ... [10 comments]
Not the Softest on the Block
· We moved into our current place in early 1997 and, almost immediately, were badly burgled. Last week, Mat Honan got badly hacked. We took home-security measures and haven’t had any problems since. I protect my online presence, with similar results. Some lessons apply to both cases ... [1 comment]
Unserious About Security
· Our devices all touch the Internet all the time. There are many people on the Internet who are extremely smart and extremely bad and want to steal your money. We need to take security very seriously. The tech community’s writers, both professional and amateur, are doing an inadequate job; arguably guilty of both recklessness and laziness ... [6 comments]
· Maybe I’m just being paranoid here, but I’m starting to get a little worried that RubyGems could be a nasty attack vector, given certain combinations of malice and stupidity ... [19 comments]
· As usual, there isn’t a unifying theme. In this issue: lumpiness, stuff, microformats, eye candy, metaprogramming, beards, and psychology ... [1 comment]
Telnet SNAFU from the Inside
· Well, yes, there was that embarrassing mile-wide hole in telnet (I haven’t used telnet in years except to debug Web protocols, but I guess someone must; seems to me anyone who leaves telnetd facing the Internet is exhibiting, uh, questionable judgment; but still.) Nasty security gotchas are nothing new in this world, but here’s something that is new: a first-hand report from the guy who got the call you don’t want to get, and then got the patch into the system. Actually, I don’t understand quite a bit of the jargon: “patch gate”, “RTI logging”, and so on; but it’s still a compelling story. [2 comments]
· Perhaps someone who knows this subject can explain. Given some of the comments here (yeah, there are lots of morons, but some savvy-sounding hands-on PHPfolk too), and stories like this, I have a question: why isn’t this part of this? [10 comments]
Web Application Security
· A pretty fierce debate has broken out on how to do security for Web-applications (REST, WS-*, whatever). I’m gratified that it seems to have started in the comments to S for Simple. The proponents are Gunnar Peterson and Pete Lacey, and what they have to say is interesting. I think Gunnar didn’t do a good enough job of filling in one of the bases of his position, although in private email he sent me a link to a PDF from eBankingSecurity.com which is worth a look. The point is that a significant proportion of Windows PCs are compromised with trojans and keystroke-loggers and other flavors of bad-ware; significant enough that the pretty-decent transport-level security provided by TLS is immaterial. Those of us who are technically-competent and don’t use Windows can feel individually secure, but that doesn’t mean Gunnar doesn’t have a point. [5 comments]
· Tap, tap, tap, pause... “hmph”. Tap, tap, tap, pause... "grmph". [Ten minutes pass.] Tap, tap, tap, pause... “Hellfire.” Tap, tap, tap, pause... “Crap.” [Ten more minutes.] Tap, tap, tap, pause... “<multiple expletives deleted>.” Tap, tap, tap, pause... loud splat sound as the yellow-stickies pad impacts the far office wall. The cats, sensing trouble, have left the room. Is this the sound of: Trying to book a flight to somewhere attractive using points? Multi-threaded software being debugged? An attempt to write WSDL by hand? Solving a really nasty Myst-series puzzle? None of the above. Those sounds would be me trying to pick a new Sun LDAP password that meets the incredibly-stiff requirements of our new (SarbOx-driven, they say) security policy. The dictionary they check includes variant spellings of the names of little towns in the Lebanese mountains! I asked Lauren: “How am I going to remember this?” She said: “Go pick up that that yellow-stickies pad you threw across the room, write it down on one, and put it somewhere safe. Bruce Schneier says that’s OK.” While I generally approve of forcing people to avoid easily-stolen passwords, I do worry a little that these hard-to-guess things can also be hard to type, and perhaps thus vulnerable to prying eyes. But anyhow, if you were thinking of writing a program to guess anyone’s password here at Sun, well forget about it. [Update: I got a bunch of suggestions on how to deal with this, some of them good.] ...
· Via Rob Sayre (who’s co-editing the Atom Internet-Drafts), the disturbing realization that there doesn’t seem to be anywhere you can go read about all the things that can (and will) go wrong if you embed an HTML processor in your software. This is bad, because such embedding is getting very easy and common.
Regulate ISPs Now
· I keep thinking about our experience at Christmas, when we set up my Mom for broadband, and the local ISP thought it was just fine to send her home with a DSL modem to plug into her Win98 box; no warnings, no education, no firewalls. This is just not OK. We have all sorts of regulation in place to ensure that drivers are equipped with reasonably safe gear and have some basic education on how to proceed safely. Similarly, we regulate residential construction and investment dealers and employers and manufacturers, and this is a good thing. So I think we need some legislation in place that says if someone’s computer gets hacked through no fault of their own and inflicts damage on some Internet user somewhere, the ISP is liable for that damage unless they can show they took some minimal effort to explain to their customers that the Internet is a dangerous place, but that you can be safe if you follow a few simple precautions.
· Today I turned on the FileVault thingie on my Mac, so every atom of my data is 128-bit encrypted (Pleasingly, there doesn’t seem to be any perceptible slowdown). On top of which, we’re running another 128 bits of encryption on the WiFi around the house, plus the link to the ongoing web host is via
ssh which is RSA, uh I forget how many bits in my key. So these humble letters have been through a whole lotta bit-bangin’ along their route from my fingertips to your retina. Getting all this set up takes more work than it really ought to, but it’s getting easier, and once the arrangements are there, it totally doesn’t get in the way. Which is a good thing, because the Internet is a rough neighborhood, and in a rough neighborhood you don’t send your kids walking off to school alone. No more should you send your vulnerable little words out on its mean streets without some cryptographic Block Parents lending a hand.
Insecurity by Obscurity
· There’s this big company out there whose name everyone knows. I’ll just call them “Example Corp” because this is a good example of how things can go wrong. What happened was, this morning I glanced at my server logs and saw hits from
http://legal.example.com/blog; puzzled, I checked it out and was challenged for my email before it would let me in. They were fine with my ordinary address, and I found myself in their legal department’s internal blog, full of discussions of people suing them, reports to management, real juicy stuff. Nice Moveable Type group-blog setup; and they’d pointed to my recent bulleted-list rant, leaving a trail of crumbs back to their unprotected unmentionables. I saw that a few of the posts were by a
jbloggs and Google, via a search for
email@example.com, revealed that this particular Joe was their Senior Vice President and General Counsel. So I sent him an email saying “Er, your legal department blog is open to the public.” and a couple of hours later got friendly email from someone
@example.com saying “I think we closed it, could you check?” and they had. A couple of details in the narrative have been changed to protect the guilty, but if I told you what went between
.com you’d gasp. Anyhow, we already knew these things, but on the evidence it can’t hurt to say them again: First, security by obscurity just doesn’t work, and second, never assume something on a Web server isn’t Internet-visible until you’ve had somebody try from outside and prove it.
By Tim Bray.
The opinions expressed here
are my own, and no other party
necessarily agrees with them.
A full disclosure of my
professional interests is
on the author page.