A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Crypto-Anarchism’ tag

Trade-offs

without comments

I frequently recommend Signal as a secure messaging platform because it strikes a good balance between security and usability. Unfortunately, as is always the case with security, the balance between security and usability involves trade-offs. One of the trade-offs made by Signal has recently become the subject of some controversy:

When Signal Desktop is installed, it will create an encrypted SQLite database called db.sqlite, which is used to store the user’s messages. The encryption key for this database is automatically generated by the program when it is installed without any interaction by the user.

As the encryption key will be required each time Signal Desktop opens the database, it will store it in plain text to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json.

When you open the config.json file, the decryption key is readily available to anyone who wants it.

How could the developers of Signal make such an amateurish mistake? I believe the answer lies in the alternative:

Encrypting a database is a good way to secure a user’s personal messages, but it breaks down when the key is readily accessible to anyone. According to Suchy, this problem could easily be fixed by requiring users to enter a password that would be used to generate an encryption key that is never stored locally.

In order to mitigate this issue the user would be required to do more work. If the user is required to do more work, they’ll likely abandon Signal. Since Signal provides very good transport security (the messages are secure during the trip from one user to another) abandoning it could result in the user opting for an easier to use tool that didn’t provide as effective or any transport security, which would make them less secure overall.

iOS and many modern Android devices have an advantage in that they often have dedicated hardware that encryption keys can be written to but not read from. Once a key is written to the hardware data can be sent to it to be either encrypted or decrypted with that key. Many desktops and laptops have similar functionality thanks to Trusted Platform Modules (TPM) but those tend to require user setup first whereas the smartphone option tends to be seamless to the user.

There is another mitigation option here, which is to utilize full-disk encryption to encrypt all of the contents on your hard drive. While full-disk encryption won’t prevent resident malware from accessing Signal’s database, it will prevent the database from being copied from the computer by a thief or law enforcers (assuming they seized the computer when it was off instead of when the operating system was booted up and thus the decryption key for the drive was resident in memory).

Written by Christopher Burg

October 25th, 2018 at 10:30 am

A Seemingly Good Idea with a Steep Price

without comments

When you use a free e-mail provider, you are the product, which means that the provider most likely snoops through the contents of your e-mail to deliver targeted ads. Because of this I encourage people to move away from free providers. Paid e-mail providers are less inclined to snoop through your e-mails but the best option is to host your own e-mail server. Unfortunately, hosting e-mail is a pain in the ass so very few people are interested in doing it. A new product, Helm, is promising the best of both worlds: self-hosted e-mail without the complexity of administering an e-mail server. From a technical standpoint, it looks like a solid product:

The service takes a best-of-both-worlds approach that bridges the gap between on-premises servers and cloud-based offerings. The server looks stylish and is small enough to be tucked into a drawer or sit unnoticed on a desk. It connects to a network over Ethernet or Wi-Fi and runs all the software required to serve email and calendar entries to authorized devices. An expansion slot allows an additional five terabytes of storage.

The server also provides a robust number of offerings designed to make the service extremely hard to hack, including:

  • A system-on-a-chip from NXP that stores keys for full-disk encryption and other crypto functions to ensure keys are never loaded into memory, where they might be leaked. The disk encryption is designed to prevent the contents from being read without the key, even if someone gets physical possession of the device.
  • Support for secure boot and keys that are hardwired during manufacture so the device can only run or install authorized firmware and firmware updates. The devices are manufactured in the US or Mexico to ease concerns about supply-chain weaknesses.
  • Firmware that only communicates over an encrypted VPN tunnel. This measure prevents employees of the user’s ISP, or anyone monitoring the home or office connection, from knowing who the user is communicating with. The firmware also automatically generates TLS certificates from the free Let’s Encrypt service.
  • Before being backed up in the cloud, messages are encrypted using a key that’s stored on the personal server and is available only to the end user. That means if the cloud server is ever hacked or the provider is legally compelled to turn over the backed up data, it can’t be decrypted without the key.
  • Two-factor authentication that’s based on what Helm calls “proximity based security.” The tokens that generate one-time passwords can only be installed on a smartphone that has come into close physical proximity with the Helm device during pairing by someone who knows the device password. Pairing new phones, adding email accounts, or making other changes not only requires a device password but also an OTP from an already-paired phone.

Technical specifications and implementation often don’t match so I’ll be interested to see how well this product works in the wild. However, I’m guessing that this product isn’t going to fly off of the shelves because the price is steep:

The startup is betting that people will be willing to pay $500 to purchase the box and use it for one year to host some of their most precious assets in their own home. The service will cost $100 per year after that. Included in the fee is the registration and automatic renewal of a unique domain selected by the customer and a corresponding TLS certificate from Let’s Encrypt.

$500 is a lot of money for a consumer-grade embedded computer and a $100 per year subscription fee isn’t chump change no matter how you shake it. You can buy a ProtonMail subscription for significantly less and enjoy what most consumer would consider pretty reasonable security. But if you want a self-hosted e-mail option without the hassle that usually accompanies setting up and maintaining your own e-mail server (and have a few Benjamins to spare), this may be a product to look into.

Written by Christopher Burg

October 18th, 2018 at 11:00 am

Cloudflare Makes Tor Use More Bearable

without comments

One of the biggest annoyances of using the Tor Browser is that so many sites that rely on Cloudflare services throw up CAPTCHA challenges before allowing you to view content. Yesterday Cloudflare announced a change to its service that should make life more bearable for Tor users:

Cloudflare launched today a new service named the “Cloudflare Onion Service” that can distinguish between bots and legitimate Tor traffic. The main advantage of this new service is that Tor users will see far less, or even no CAPTCHAs when accessing a Cloudflare-protected website via the Tor Browser.

The new Cloudflare Onion Service needed the Tor team to make “a small tweak in the Tor binary,” hence it will only work with recent versions of the Tor Browser –the Tor Browser 8.0 and the new Tor Browser for Android, both launched earlier this month.

Hallelujah!

Written by Christopher Burg

September 21st, 2018 at 10:00 am

Cody Wilson: 1, Department of Justice: 0

without comments

When Cody Wilson demonstrated the futility of gun control once and for all but publishing specifications for a 3D printable handgun, the United States government was displeased. It didn’t like the idea that the language of the Second Amendment, namely the part that says “shall not be infringed,” might actually be enforceable by its subjects. In response to Wilson’s antics, the federal government tried to censor him. Wilson decided to sue on the argument that censoring 3D printer specifications was an infringement of his First Amendment rights. The Department of Justice (DoJ), the body of the government that tried to censor Wilson and got sued for its shenanigans, finally gave up:

Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First.

“If code is speech, the constitutional contradictions are evident,” Wilson explained to WIRED when he first launched the lawsuit in 2015. “So what if this code is a gun?”

The Department of Justice’s surprising settlement, confirmed in court documents earlier this month, essentially surrenders to that argument. It promises to change the export control rules surrounding any firearm below .50 caliber—with a few exceptions like fully automatic weapons and rare gun designs that use caseless ammunition—and move their regulation to the Commerce Department, which won’t try to police technical data about the guns posted on the public internet. In the meantime, it gives Wilson a unique license to publish data about those weapons anywhere he chooses.

Realistically, the DoJ had no choice by to relent. As soon as it tried to censor Wilson’s 3D printer designs, the Streisand effect kicked and ensured that the files were obtained by so many people that censorship became impossible. Beyond Wilson’s case, the DoJ was also fighting a losing battle because even if it managed to censor his designs, anybody with an Internet connection could upload their own designs. The DoJ is one agency that only has authority here in the United States. The Internet is a global communication network. The odds of a single agency winning against a global network are pretty much zilch.

Written by Christopher Burg

July 12th, 2018 at 11:00 am

Another Bang Up Job

with 2 comments

Legacy cellular protocols contained numerous gaping security holes, which is why attention was paid to security when Long-Term Evolution (LTE) was being designed. Unfortunately, one can pay attention to something and still ignore it or fuck it up:

The attacks work because of weaknesses built into the LTE standard itself. The most crucial weakness is a form of encryption that doesn’t protect the integrity of the data. The lack of data authentication makes it possible for an attacker to surreptitiously manipulate the IP addresses within an encrypted packet. Dubbed aLTEr, the researchers’ attack causes mobile devices to use a malicious domain name system server that, in turn, redirects the user to a malicious server masquerading as Hotmail. The other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users.

Encrypting data is only one part of the puzzle. Once data is encrypted the integrity of the data must be protected as well. This is because encrypted data looks like gibberish until it is decrypted. The only way to know whether the encrypted data you’ve received hasn’t been tampered with is if some kind of cryptographic integrity verification has been implemented and used.

How can you protect yourself form this kind of attack? Using a Virtual Private Network (VPN) tunnel is probably your best bet. The OpenVPN protocol is used by numerous VPN providers that provide clients for both iOS and Android (as well as other major operating systems such as Windows, Linux, and macOS). OpenVPN, unlike LTE, verifies the integrity of encrypted data and rejects any data that appears to have been tampered with. While using a VPN tunnel may not prevent a malicious attacker from redirecting your LTE traffic, it will ensure that the attacker can’t see your data as a malicious VPN tunnel will fail to provide data that passes your client’s integrity checker and thus your client will cease receiving or transmitting data.

Written by Christopher Burg

July 3rd, 2018 at 11:00 am

Avoid E-Mail for Security Communications

with one comment

The Pretty Good Privacy (PGP) protocol was created to provide a means to securely communicate via e-mail. Unfortunately, it was a bandage applied to a protocol that has only increased significantly in complexity since PGP was released. The ad-hoc nature of PGP combined with the increasing complexity of e-mail itself has lead to rather unfortunate implementation failures that have left PGP users vulnerable. A newly released attack enables attackers to spoof PGP signatures:

Digital signatures are used to prove the source of an encrypted message, data backup, or software update. Typically, the source must use a private encryption key to cause an application to show that a message or file is signed. But a series of vulnerabilities dubbed SigSpoof makes it possible in certain cases for attackers to fake signatures with nothing more than someone’s public key or key ID, both of which are often published online. The spoofed email shown at the top of this post can’t be detected as malicious without doing forensic analysis that’s beyond the ability of many users.

[…]

The spoofing works by hiding metadata in an encrypted email or other message in a way that causes applications to treat it as if it were the result of a signature-verification operation. Applications such as Enigmail and GPGTools then cause email clients such as Thunderbird or Apple Mail to falsely show that an email was cryptographically signed by someone chosen by the attacker. All that’s required to spoof a signature is to have a public key or key ID.

The good news is that many PGP plugins have been updated to patch this vulnerability. The bad news is that this is the second major vulnerability found in PGP in the span of about a month. It’s likely that other major vulnerabilities will be discovered in the near future since the protocol appears to be receiving a lot of attention.

PGP is suffering from the same fate as most attempts to bolt security onto insecure protocols. This is why I urge people to utilize secure communication technology that was designed from the start to be secure and has been audited. While there are no guarantees in life, protocols that were designed from the ground up with security in mind tend to fair better than protocols that were bolted on after the fact. Of course designs can be garbage, which is where an audit comes in. The reason you want to rely on a secure communication tool only after it has been audited is because an audit by an independent third-party can verify that the tool is well designed and provides effective security. And audit isn’t a magic bullet, unfortunately those don’t exist, but it allows you to be reasonably sure that the tool you’re using isn’t complete garbage.

Written by Christopher Burg

June 15th, 2018 at 10:00 am

You Must Guard Your Own Privacy

without comments

People often make the mistake of believing that they can control the privacy for content they post online. It’s easy to see why they fall into this trap. Facebook and YouTube both offer privacy controls. Facebook along with Twitter also provide private messaging. However, online privacy settings are only as good as the provider makes them:

Facebook disclosed a new privacy blunder on Thursday in a statement that said the site accidentally made the posts of 14 million users public even when they designated the posts to be shared with only a limited number of contacts.

The mixup was the result of a bug that automatically suggested posts be set to public, meaning the posts could be viewed by anyone, including people not logged on to Facebook. As a result, from May 18 to May 27, as many as 14 million users who intended posts to be available only to select individuals were, in fact, accessible to anyone on the Internet.

Oops.

Slip ups like this are more common than most people probably realize. Writing software is hard. Writing complex software used by billions of people is really hard. Then after the software is written, it must be administered. Administering complex software used by billions of people is also extremely difficult. Programmers and administrators are bound to make mistakes. When they do, the “confidential” content you posted online can quickly become publicly accessible.

Privacy is like anything else, if you want the job done well, you need to do it yourself. The reason services like Facebook can accidentally make your “private” content public is because they have complete access to your content. If you want to have some semblance of control over your privacy, your content must only be accessible to you. If you want that content to be available to others, you must post it in such a way where only you and them can access it.

This is the problem that public key cryptography attempts to solve. With public key cryptography each person has a private and public key. Anything encrypted with the public key can only be decrypted with the private key. Needless to say, as the names implies, you can post your public key to the Internet but must guard the security of your private key. When you want to make material available to somebody else, you encrypt it with their public key so hey can decrypted it with their private key. Likewise, when they want to make content available to you they must encrypt it with your public key so you can decrypt it with your private key. This setup gives you the best ability to enforce privacy controls because, assuming no party’s private key has been compromised, only specifically authorized parties have access to content. Granted, there are still a lot of ways for this setup to fall apart but a simple bad configuration isn’t going to suddenly make millions of people’s content publicly accessible.

Written by Christopher Burg

June 8th, 2018 at 10:30 am

EFAIL

without comments

A vulnerability was announced yesterday that affects both OpenPGP and S/MIME encrypted e-mails. While this was initially being passed off as an apocalyptic discovery, I don’t think that it’s scope is quite as bad as many are claiming. First, like all good modern vulnerabilities, it has a name, EFAIL, and a dedicated website:

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

The weakness isn’t in the OpenPGP or S/MIME encryption algorithms themselves but in how mail clients interact with encrypted e-mails. If your e-mail client is configured to automatically decrypt encrypted e-mails and allows HTML content to be displayed, the encrypted potion of your e-mail could be exfiltrated by a malicious attacker.

I generally recommend against using e-mail for secure communications in any capacity. OpenPGP and S/MIME are bandages applied to an insecure protocol. Due to their nature as a bolted on feature added after the fact, they are unable to encrypt a lot of data in your e-mail (the only thing they can encrypt is the body). However, if you are going to use it, I generally recommend against allowing your client to automatically decrypt your encrypted e-mails. Instead at least require that your enter a password to decrypt your private key (this wouldn’t defend against this attack if your client is configured to display HTML e-mail content but it would prevent malicious e-mails from automatically exfiltrating encrypted content). Better yet, have your system setup in such a manner where you actually copy the encrypted contents of an e-mail into a separate decryption program, such as the OpenPGP command line tools, to view the secure contents. Finally, I would recommend disabling the ability to display HTML e-mails in your client if you are at all concerned about security.

If you perform the above practices, you can mitigate this attack… on your system. The real problem is, as always, other people’s systems. While you may perform the above practices, you can’t guarantee that everybody with whom you communicate will as well. If an attacker can exploit one party, they will generally get the e-mails sent by all parties. This is why I’d recommend using a communication tool that was designed to be secure from the beginning, such as Signal, over e-mail with OpenPGP or S/MIME. While tools like Signal aren’t bulletproof, they are designed to be secure by default, which makes them less susceptible to vulnerabilities created by an improper configuration.

Written by Christopher Burg

May 15th, 2018 at 11:00 am

Set a Strong Password on Your Phone

without comments

My girlfriend and I had to take our cat to the emergency vet last night so I didn’t have an opportunity to prepare much material for today. However, I will leave you with a security tip. You should set a strong password on your phone:

How long is your iPhone PIN? If you still use one that’s only made by six numbers (or worse, four!), you may want to change that.

Cops all over the United States are racing to buy a new and relatively cheap technology called GrayKey to unlock iPhones. GrayShift, the company that develops it, promises to crack any iPhone, regardless of the passcode that’s on it. GrayKey is able to unlock some iPhones in two hours, or three days for phones with six digit passcodes, according to an anonymous source who provided security firm Malwarebytes with pictures of the cracking device and some information about how it works.

The article goes on to explain that you should use a password with lowercase and upper case letters, numbers, and symbols. Frankly, I think such advice is antiquated and prefer the advice given in this XKCD comic. You can create more bits of entropy if you have a longer password that is easier to remember. Instead of having something like “Sup3r53cretP@5sw0rd” you could have “garish-bethel-perry-best-finale.” The second is easier to remember and is actually longer. Moreover, you can increase your security by tacking on additional words. If you want a randomly generated password, you can use a Diceware program such as this one (which I used to generate the latter of the two passwords.

Written by Christopher Burg

April 19th, 2018 at 10:00 am

Overt Internet Censorship

with 2 comments

The Internet, especially the free speech that it has enabled, was fun while it lasted but it has become obvious that the governments of the world will no longer tolerate such a free system. Of course few governments wants to admit to attacking free speech so they are using euphemisms. For example, the United States government isn’t censoring free speech, it’s fighting sex trafficking:

WASHINGTON (Reuters) – U.S. law enforcement agencies have seized the sex marketplace website Backpage.com as part of an enforcement action by the Federal Bureau of Investigation, according to a posting on the Backpage website on Friday.

Groups and political leaders working to end forced prostitution and child exploitation celebrated the shutdown of Backpage, a massive ad marketplace that is primarily used to sell sex. But some internet and free speech advocates warned the action could lead to harsh federal limits on expression and the press.

Notice how they managed to throw the “for the children” get out of jail free card in there? Shutting down Backpage wasn’t about prostitution, it was about human trafficking, especially the trafficking of children. It’s just like how the Stop Enabling Sex Traffickers Act (SESTA) is being sold as a law against sex trafficking but it’s really about opening the door to censoring any online material that offends the political class.

Fortunately, there are new frontiers. Tor Hidden Services and I2P offer a mechanism for server operators to keep their location concealed, which makes taking them down more difficult than taking down a standard Internet service. As the precedent being set by SESTA expands, more Internet service operators will find themselves having to utilize the “dark web” to avoid being censored.