Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Opportunistic cryptography

By cesarb in News
Thu Jul 20, 2000 at 04:22:44 PM EST
Tags: Freedom (all tags)

With all the recent talk about Carnivore, I think that this is a good time to start using more cryptography. However, most people don't use crypto, because it requires some effort to set up and sometimes even more effort to use.

The best way to do "invisible" cryptography would be to do it automatically. This has been talked about before, and it's called opportunistic cryptography.

Which are the problems that prevent its widespread use, and how could they be solved?

A simple IP-level auto-negotiating protocol would be enough to stop all passive sniffers, while a few people exchanging their keys using an external channel (physically or maybe via encrypted email) could detect any MITM attack (since a MITM relies in being able to change the keys being used, and it would be easy to check if they don't match). It could protect any protocol, including UDP-based protocols, unlike TLS which can only be used with TCP-based protocols.

So, why isn't it being done?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Also by cesarb

Display: Sort:
Opportunistic cryptography | 17 comments (12 topical, 5 editorial, 0 hidden)
We need both transparent and user space crypto (4.30 / 3) (#4)
by DontTreadOnMe on Thu Jul 20, 2000 at 05:17:07 PM EST

We need transparent crypto for a number of reasons
  • secure end-to-end communications (chat, ssh/telnet, instant messaging, VPN, gameplay, ftp, etc. etc.)
  • secure exchange of data between servers, e.g. DNS, SMTP, etc.
  • good authentication without depending on user apps to be well behaved
IPv6 is supposed to have this, although how well it is implimented, and how widespread it will become, remains to be seen.

We also need user space crypto such as GPG. Transparent crypto for mail has the problem that, for example, a user could step away from their machine and someone else could email from their account, impersonating the user. This is true of unsigned mail now, but with transparent crypto it would have the problem of being signed by the user, lending the perception of authenticity where it isn't really present.

I have found seahorse with GPG to be a reasonable level of complexity. There are a few aspects of the interface I'd like to see changed and streamlined, and having GPG/PGP functionality built into the mailer would certainly be preferable (although copy and paste under X is so rediculously easy that that isn't a big issue), but all in all it is very usable even for newbies.

Key management really can't be made a whole lot easier, and shouldn't really be any more transparent. Deciding to trust someone (or their public key) IMHO still needs to be a conscious act.

We need both transparent and user space, non-transparent crypto, just as we need both better streamlining and usability of the GUI frontends AND education of the end user on how to use crypto, what public and private keys are, and how to manage them.

Using GPG with a good GUI really isn't any more difficult than addressing, stamping, and mailing an envelope, but user's do need to be shown how to do it.

(Actually, that inspires a thought: a GPG GUI which looks like an envelope, with the signature filling in the "return address" spot, the "encrypt to" the mailto address, and the email address itself the stamp. We'd still need to educate people on good key management practices, but this paradigm might make the entire concept of GPG/PGP more understandable to the lay person).

http://openflick.org - Fighting Copyright with Free Media

An idea (none / 0) (#5)
by Anonymous Hero on Thu Jul 20, 2000 at 05:50:45 PM EST

PGPDisk is excellent if you can find it.
It's a fully functional disk-image utility. You make PGPDisk files of whatever size, and then mount them like a hard drive. The disk file is encrypted, and you can unmount it manually, with a timer, or with a hotkey. I love it.

Already Been Done (none / 0) (#6)
by Anonymous Hero on Thu Jul 20, 2000 at 06:56:39 PM EST

What you describe is basically already out there in the form on IPSec (part of IPv6) and PKI (Public Key Infrastructure). I think it would be kind of call if they incorporated key servers into DNS, but I think this is already part of PKI ?

IPSec! (none / 0) (#7)
by Anonymous Hero on Thu Jul 20, 2000 at 07:55:48 PM EST

Dude, that's what IPSec is all about - network level encryption. See RFCs 2401-2410 to bore yourself mindless.

The public key negotiation protocols is IKE (used to be ISAKMP/Oakley), and 3DES, DES, RSA, DSS, SHA-1 and MD5 are generally used as the cryptographic functions.

You can either tunnel the whole original packet, or just the data. It can operate in AH mode ("Authentication Header" - where the data is authenticated), or ESP mode (encrypts stuff). Of course, most people would probably want to operate in tunnelled ESP mode.

The protocol was designed against replay attacks. Bruce Schneier tried to pick some flaws back in it a while ago, but so what, he has his own agenda. It was originally designed for IPv6, but can be retrofitted to IPv4.

Supports it: Windows 2000, Linux (FreeS/WAN), FreeBSD (Kame), AIX ...

p.s. I've never heard the term "opportunistic cryptography" before - it doesn't make any sense. This is transparent network-level security.

Re: IPSec! (none / 0) (#9)
by Anonymous Hero on Fri Jul 21, 2000 at 02:01:12 AM EST

Windows 2000 doesn't exactly support it.... DOesn't it only support a Kerberos implementation (not quite the same thing?)

[ Parent ]
Re: IPSec! (none / 0) (#17)
by Anonymous Hero on Mon Jul 24, 2000 at 02:32:10 PM EST

No, Windows 2000 does support it, you can do IPSec:

* using shared secrets
* via certificates
* or using Kerberos.

[ Parent ]

easy to use crypto. (none / 0) (#8)
by Nyarlathotep on Thu Jul 20, 2000 at 08:29:34 PM EST

First, there is not excuse for mail readers to not have GPG or PGP built into them. The mail reader should make you a PGP key and publish it on a keyserver when you first run the mail reader. the mail rader should search the keyserver for public keys of anyone who you are sending mail to. If it can not find a pubklic key for the recipient then it will warn you and place a big nasty letter about why they should be using crypto into the first page of the mail for your recipient. The mail reader should also have an option to save the mail to a special queue and send a Java program as an attachment instead. This program will connect to your system, establish a secure connection, and download the message. It would be a good idea to encrypt IRC private messages too.
Campus Crusade for Cthulhu -- it found me!
Mail readers *do* have crypto built in already (none / 0) (#14)
by Anonymous Hero on Fri Jul 21, 2000 at 02:05:53 PM EST

Microsoft's Outlook Express and Netscape's Messenger both have built-in support for the use of digital certificates. This makes it simple to sign and encrypt email - you have a button for each in the menu bar. Received emails have icons on them to show whether they are signed and/or encrypted. PGP is fine for sophisticated users, but novices struggle with it. Using certificates with Outlook Express and Messenger is *much* simpler.

The only problem - you need a digital certficate. You could go get one from eg Verisign, but they will charge you and embed your real name in the certificate - not ideal. I use a free and anonymous digital certificate from PrivacyX. They offer a POP mail service which also filters mail headers to remove any personally identifying information.

In the wider picture though, we need to adopt the techniques which some already mentioned. FreeS/WAN in particular (an implementation of IPsec) is highly recommended - the underlying philosophy ("If it's possible to encrypt the current communication, regardless of what the communication is, just do it") is one that should be built into *all* network software.


[ Parent ]
Re: Mail readers *do* have crypto built in already (none / 0) (#15)
by Anonymous Hero on Sat Jul 22, 2000 at 01:46:49 PM EST

Sure, but when a user clicks on "get certificate" in Outlook he's only directed to services requiring fees and IDs. No wonder no one uses it. There's really no excuse for the email software not being able to generate its own keys.

[ Parent ]
Mail Readers shouldn't generate their own keys. (none / 0) (#16)
by Anonymous Hero on Sun Jul 23, 2000 at 09:27:40 PM EST

They should send mail.

They should hook up to something that does encryption, whatever flavor-of-the-month is best, but they shouldn't do anything.

-- Ender, Duke_of_URL

[ Parent ]
Everyday use of crypto (none / 0) (#10)
by chip on Fri Jul 21, 2000 at 06:04:36 AM EST

I think that the only answer to the security problems of the net for business and personal use is that encryption of net traffic must become commonplace.

This will be forced by more and more businesses moving onto the net and becoming tired of their communications being read by their governments, other governments and other companies. This will slowly (I think this may take quite few years) create an acceptance for standard encryption of communications throughout most of the world.

I think this will also lead to many sub-nets (VPNs) within and/or connecting to the current Internet, some of which will allow encryption, others which will not.

The company I work for feels that the spread of everyday use of encryption is extremely important. We offer a crypto library in C (we will have a Java version ready within a week or so) under the LGPL license. You can get this library here: http://www.virtualunlimited.com/download/index.html#beecrypt

We also make a free product (which is now in beta) that uses the BeeCrypt library to create a secure point-to-point encrypted mail system that is simple for anyone to use.

You can get the client here (requires Java 2.0): http://www.virtualunlimited.com/download/index.html#beecenter

You can get the server here (Intel Linux/Solaris 2.6): http://www.virtualunlimited.com/products/beeyond/mailserver.html
-- Like science fiction? Try Cordwainer Smith!

Doesn't IPv6 do this? (none / 0) (#11)
by Crutcher on Fri Jul 21, 2000 at 12:18:31 PM EST

I think it does.
Crutcher - "Elegant, Documented, On Time. Pick Two"
Opportunistic cryptography | 17 comments (12 topical, 5 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!