
When Engineers Lie  - evo_9
http://www.cringely.com/2011/06/when-engineers-lie/
======
tptacek
This is nonsensical from nose to tail.

Encryption capabilities that are (on paper at least) unbreakable by any
agency† are practically _de rigueur_ in all modern applications. Where those
applications are getting broken, it _is not_ because the government is
weakening algorithms. Nobody is breaking 128 bit AES, let alone 256 bit (or
Cringely's fictional 4096 bit version). They're breaking applications and
protocols.

Similarly, IPv6 has practically nothing to do with network security. If
anything, by reestablishing a static addressing regime, it makes the Internet
_easier_ to monitor. The devices that the government uses to monitor backbone
connections aren't limited by protocols; they're limited by speeds and feeds.
If the government has policies advising operators to turn off IPv6 on Cisco
gear, it's because IPv6 has (at least until recently) made devices _less
stable_ and _less secure_.

What worries me here is that Cringely, who has been irrelevant almost since
the moment he lost his gig at PBS, is feeling revitalized by these most recent
infosec stories. He is clearly ill-informed, but has enough of an audience
that his name puts him on the front page of HN. People seem to feel this way
about Gruber, but there is at least a point to Gruber (apart from the fact
that he writes circles around Cringely): he is a passionate advocate for a
perspective that is at least valid, even when we disagree with it.

What's Cringely an advocate for? From what I can tell, it's "taking crumbs of
information from anonymous sources and writing entire speculative stories
about them". Just look at this one! "The government is suppressing strong
cryptography which is why we don't have IPv6, [my sources tell me]".

† _Using "unbreakable" for "the disclosure of information that could only have
been obtained by breaking it, thereby disclosing our capability of breaking
it, would be a calamity for national security, diplomacy, and the economy"._

~~~
akkartik
The nose at least seems to have a point. There is _no_ claim that 'the
government is weakening algorithms'. The claim is that the government is
weakening implementations -- 'applications and protocols' as you put it. He's
speculating that proprietary vendors are hiding details about the break-ins
because the details would show backdoors for the government. That seems
plausible on the face of it. Or am I being too much of a conspiracy theorist?

Half your comment is just ad hominem. He's mentioned no 'sources' in this
article, and it's not clear why we should be 'worried'.

It's not a great article, but your response is overblown.

~~~
tptacek
The point of the comment _is_ the ad hominem. Ad hominem is a fallacy when
it's unwarranted and not germane to the argument. Cringely's lack of
credibility _is_ my argument. It's semantically void to point out that this
amounts to "ad hominem".

I'm responding to an article in which Cringely (paraphrased) asks "is 1024 and
2048 bit enough", answers "no", and then claims that if you fielded "4096 bit
AES", the DoJ would come knocking. That Cringely doesn't understand what AES
is is a minor point. That he doesn't understand the differences in
capabilities between DHS, the DOJ, and NSA is less minor. That he thinks this
has something to do with why we don't have IPv6 is baffling, all the more so
because it appears to be the thesis of his article.

That this hairy ball of cat barf and innuendo plays on our autonomic fear of a
malicious government in order to score page views -- a play that devalues
_real_ concerns about misuse of authority, by allowing authority's defenders
to cite nonsense like this article --- is contemptible. It deserves to be
called out as such.

------
eli
He totally lost me with the part about IPv6. What does any of that have to do
with security or government eavesdropping?

I read the linked article and it just says that the NSA recommends you disable
IPv6 if you're not using it. Which, well... duh.

~~~
83457
Maybe it has to do with devices and computers being directly addressable?

~~~
iwwr
You can no longer rely on NAT to provide a default firewall, can you?

~~~
tptacek
If you enjoyed the security of NAT in IPv4, you're free to continue using it
in IPv6.

------
pilom
From a government network security consultant: The vendors recommend disabling
IPv6 because they understand that it is hard enough to harden just IPv4. By
disabling IPv6 on government networks, you minimize the number of places a
security auditor can miss something thus hopefully improving overall security.
IPv6 really does require a new set of skills to secure so it is better to be
old, simple, and proven (or at least we know where most of the problems are),
than new, advanced and unknown when you are talking about security.

------
PaulHoule
he makes a very good point.

the U.S. government relaxed it's restrictions on key lengths after it came to
the conclusion that vendors in general would not get key management right

~~~
tptacek
In the time period during which the government cared about strong
cryptography, its use was almost unheard of in off-the-shelf products. By the
time SSHv2 was released, shipping strong cryptography internationally was
reduced to a simple bureaucratic formality.

This notion that a malignant intelligence in the federal government is
plotting ways to keep IT products insecure is a product of the narrative
fallacy. The government may think that many steps ahead when it comes to China
(or, as recent events indicate, maybe not), but when it comes to civilian
information security, it is _entirely reactive_.

~~~
cube13
I think the government also realized that for the majority of communications,
truly strong cryptography is pretty useless. There is always a point where the
information is basically worthless to keep secret.

For example, if the president(or other high ranking official) is making a
"secret" visit, that information only needs to be kept encrypted for fairly
short amount of time(maybe a week or so), which means that a less secure
algorithm that takes a few weeks to crack is enough to encrypt the
information. That way, even if an enemy gets the information and cracks it,
it's useless when they finally read it.

For things that may need to stay secret for longer periods of time, like
intelligence reports with the names of informants or long-term defense
strategy plans, a stronger encryption method would be needed.

~~~
tptacek
I have no insight into the NSA's capabilities; I've heard murblings that their
practical edge is in knowing classes of implementation flaws that we don't,
and in having decades of experience weaponizing those flaws... but for all we
know, they have some algebraic structure attack on AES that makes it trivial
to break.

However, bear in mind that there's a real dollars-and-cents value to obscurity
in cryptography when you're the NSA. When you're the NSA, you know your custom
undocumented algorithm isn't trivially breakable (unlike virtually all bespoke
commercial ciphers, which end up getting solved by SAT solvers as an
exercise). Forcing your adversary to cryptanalyze an entirely new cipher
imposes real and severe costs on them.

That alone is a huge motivation to keep their own capabilities secret, and to
not use standard algorithms to protect their own secrets --- even if, for all
they know, those algorithms are sound.

