Hacker News new | past | comments | ask | show | jobs | submit login
The Fallacy of Cracking Contests (1998) (schneier.com)
164 points by _pius on Dec 19, 2013 | hide | past | favorite | 19 comments



I assume this is about Telegram?


Indeed. Here's a critique of the Telegram challenge and how it relates to this article: https://news.ycombinator.com/item?id=6931922

If it's mistaken or isn't comprehensive enough, then I'd be relieved if you'd correct it.


Your analysis is correct. Their terms and conditions rule out just about every form of attack.


I found this story when following some of the Schneier links in the Telegram thread, but I don't have a horse in this race. I rather regret posting the link now, as it seems like a mean-spirited dig against Telegram, when in fact I just thought this was an interesting — if timely — piece.


I just wish Telegram would have less hubris. Ever since they launched, they've downplayed any possible problem. I know they've had to wade through a bunch of bogus criticisms, but there are some legitimately worrying aspects of Telegram that they seem to be trying to sweep under the rug. This $200k contest stunt seems to be a (very effective) marketing ploy which further distracts people from the fact that Telegram hasn't demonstrated any desire to seek out professional cryptographers to examine their entire end-to-end pipeline for flaws.

It seems like the best possible thing they could do is to hire Matasano to fly out and dig through their whole architecture for flaws. That way they'd either earn tacit approval from the crypto community, or any obvious internal oversights would be exposed (in which case fixing those errors would earn them approval anyway). This contest doesn't seem to achieve those ends.

The message they've been sending is, "We're Telegram, and we're confident we don't need your help." But resisting the ability of governments to rifle through our data must be a community effort to succeed. Telegram is claiming to be a trustworthy hero. But individual heroes are single points of failure, and have historically been far too easy to coerce or circumvent.

There's also nothing stopping Telegram from being malicious (or being coerced), so I'm worried people won't notice if Telegram themselves try to snoop on everyone's messages by e.g. pushing an update which tweaks the protocol just slightly enough to be exploitable. Whereas if TextSecure tried to pull something like that, people would notice.

Of course, since Telegram refuses to give a proof for the security of their home-grown KDF, it seems like it's possible they designed it to be exploitable in some secret way, in order to access people's conversations. A security proof would prevent this possibility, but they don't seem to think it's a big deal. https://news.ycombinator.com/item?id=6918907

In fact, they've been bizarrely evasive on that point. Why design your own KDF? Speed? Then why not use a secure tunable KDF like scrypt? Is it to show off their own genius? Then why haven't they published it for peer review to take credit for their achievement? And why turn down Moxie's offer to join forces and incorporate an existing 10 million userbase? https://news.ycombinator.com/item?id=6915741 ... None of that makes sense, and the only reasonable explanation I can think of is that maybe they're trying something sneaky.


> And why turn down Moxie's offer to join forces and incorporate an existing 10 million userbase? https://news.ycombinator.com/item?id=6915741 ... None of that makes sense, and the only reasonable explanation I can think of is that maybe they're trying something sneaky.

Their app is already more popular than TextSecure[1][2] and available for more platforms. Why in the world they should all of a sudden change protocol (and probably lose some features, lose control over changes in the protocol, etc.) and join to a less popular network?

[1] http://www.appannie.com/apps/google-play/app/org.telegram.me...

[2] http://www.appannie.com/apps/google-play/app/org.thoughtcrim...


> I just wish Telegram would have less hubris.

Well, if their own marketing spiel is to be believed, and all the work was done by Mathematicians instead of cryptographers, it's understandable that they'd go and behave like they have. Not out of malice, but ignorance of the accepted practices and modes of behavior that the crypto-community has adopted...often for very good reasons.


Or better marketing - basically everyone with an interest in cryptography distrusts these contests by default. I'd expect anyone with a cryptography product to at least understand the culture.


The article was written in Dec. 1998 but OP probably posted it in response to the Telegram challenge, yes.


This may be unrelated, but one of the things I've always thought is that contests, bug bounties, and things like it kind of give a free pass to hacking attempts, don't they?

Is this a well-understood part of these kinds of programs? Even the ones that say "color inside these lines" can be used to say, "Oh, sorry, I didn't know I was outside of the boundaries" if a person ever gets caught trying to get into a bad place.

So you've got all kinds of logs of me trying to break into your system, but as long as I fail I can just pretend like I was going after the bounty you've placed, right?


Except that, if you're going after the bounty, you'll have read the rules, which define the particular attempts you're making as out of bounds, i.e., still malicious.

I'm trying, but failing, to find a recent article about a guy who found a password in a dropbox for another company that had a "hack us" contest, and subsequently was indirectly accused of potentially illegal conduct (they settled on sending him a shirt instead of money).


That's my point though, he certainly didn't go to jail, did he?

These are still new enough that a person could mask any legitimate hacking attempts in the guise of "I didn't know I couldn't do that". So you get to be as malicious as you'd like, and no one's going to come after you, lest an Internet mob forms or something.


It wasn't a hack us contest, just a bug bounty that applied to a limited number of domains (not including whatever site the dropbox password went to). That's what I remember, anyway.


On the flipside, it sounds like every company looking to prove their security should offer a cracking contest for the very reasons described in this article, because: 1) Investors will love it 2) No one in their right mind will attempt to crack it 3) in the rare event that someone does crack it, a nominal prize of 5k - 10k is probably still worth the good PR and the confidence it would give investors.


2) No one in their right mind will attempt to crack it

What are you saying? Does offering cash decrease the chances of cracking?


What I'm trying to say is that these cracking contests offer great PR, and you don't actually need to worry about the security of your site. So it's great for companies who are trying to instill investor/consumer confidence in their security, even if they are not confident in their security. (I'm not condoning a company using this technique as a ploy to prove their non-existant security is secure, but if they are strategic, they could absolutely hold a cracking contest to do just that.)


If it's so difficult and expensive to break the system and no one is willing to do it for the prize money, doesn't that show it is relatively secure?


It just shows it is too difficult and expensive to break the system given the prize value and the constraints put on what are acceptable attacks.

Any system can be proven secured by such a contest if you limit acceptable attacks to the parts where you know the system is the strongest... but a real attacker will always aim at the weakest part.


It can also mean that when the system is broken it's more profitable to use that for something other than collecting the prize money.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: