[113490] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Death of antivirus software imminent

daemon@ATHENA.MIT.EDU (Alex Alten)
Fri Jan 18 12:29:42 2008

Date: Fri, 18 Jan 2008 02:31:05 -0800
To: "James A. Donald" <jamesd@echeque.com>
From: Alex Alten <alex@alten.org>
Cc: "Leichter, Jerry" <leichter_jerrold@emc.com>,
 "Steven M. Bellovin" <smb@cs.columbia.edu>,dan@geer.org,
 cryptography@metzdowd.com
In-Reply-To: <479072FD.6090607@echeque.com>

At 07:35 PM 1/18/2008 +1000, James A. Donald wrote:
>Alex Alten wrote:
> > Generally any standard encrypted protocols will
> > probably eventually have to support some sort of CALEA
> > capability. For example, using a Verisign ICA
> > certificate to do MITM of SSL, or possibly requiring
> > Ebay to provide some sort of legal access to Skype
> > private keys.
>
>And all the criminals will of course obey the law.
>
>Why not just require them to set an evil flag on all
>their packets?

These are trite responses.  Of course not.  My point is
that if the criminals are lazy enough to use a standard
security protocol then they can't expect us not to put
something in place to decrypt that traffic at will if necessary.

> > If there is a 2nd layer of encryption then this would
> > require initial key exchanges that may be vulnerable
> > to interception or after-the-fact analysis of the
> > decrypted SSL payloads.
>
>I guarantee I can make any payload look like any other
>payload.  If the only permitted communications are
>prayers to Allah, I can encode key exchange in prayers
>to Allah.

Yeah and you can only communicate with Allah with
that type of design.

Look, the criminals have to design their security system with
severe disadvantages; they don't own the machines they
attack/take over so they can't control its software/hardware
contents easily, they can't screw around too much with the IP
protocol headers or they lose communications with them, and
they don't have physical access to the slave/owned machines.

And, last I heard, they must obey Kerckhoff's law, despite
using prayers to Allah for key exchanges.

Given all this, I'm not saying its easy to do, but it should be
quite possible to crack open some or all of their encrypted
comms and/or trace back to the original source attack
machines.

- Alex

--

Alex Alten
alex@alten.org



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post