Leisure thoughts of a leisure person about cryptography and data protection
Why about cryptography? I myself have quite superficial knowledge about her. Yes, I read the classic work of Bruce Schneier , but a very long time ago; Yes, I understand the difference between symmetric and asymmetric encryption, I understand what elliptic curves are, but that's all. Moreover, the existing cryptographic libraries, with their sweet custom of including the full name of the algorithm in the name of each function and a bunch of initializers sticking out, makes me as a programmer a terrible butchert.
So why? Probably because when reading the current publications on data protection, confidential information, etc., I get the feeling that we are digging somewhere else, or more specifically, trying to solve social problems with the help of technical means (cryptography) . Let’s talk about this, epoch-making discoveries, as well as concrete offers, I don’t promise, idle thoughts are idle thoughts.
A little bit of history, just a bit
In 1976, the United States adopted the federal standard for symmetric encryption algorithms - DES. It was the first public and standardized cryptographic algorithm created in response to the growing demands of the business for data protection.
The algorithm was published by mistake. It was optimized for hardware implementation and was considered too complex and inefficient for software. However, Moore's Law quickly put everything in its place.
It would seem - the end of the story, take, encrypt, decrypt, if necessary, increase the key length. Perhaps you know for sure that the Americans left bookmarks in it, then for you there is a Russian analogue - GOST 28147-89 , which you probably trust even less. Then use both, one on top of the other. If you believe that the FBI and the FSB have united and exchanged their bookmarks for you, then I have good news for you - you are not paranoid, you have a banal megalomania.
How does symmetric encryption work? Both participants know the same key, it is the password, what it encrypted can be decrypted by it. The scheme works great for spies, but it is completely unsuitable for the modern Internet, since this key must be transferred in advance to each of the interlocutors. For a while, while relatively few companies defended their data when communicating with a previously known partner, the problem was solved with the help of couriers and secure mail, but then the Internet became widespread and entered the scene
where two keys are involved: public , which is not kept secret and is communicated to anyone; and private , which only its owner knows. What is encrypted with a public key can only be decrypted with a private key, and vice versa. Thus, anyone can find out the public key of the addressee and send him a message, only the addressee will read it. It would seem that the problem is solved?
But the Internet does not work that way , the problem of authentication and, especially, the initial authentication , and in a sense, the inverse problem of anonymity , is in full swing . In short, how can I be sure that the one with whom I speak is really the one with whom I was going to speak? and the public key that I use really belongs to the one with whom I was going to talk? Especially if I communicate with him at all for the first time? And how to inspire confidence in a partner, while maintaining anonymity? Already here, if you look closely, you can notice an internal contradiction.
Let's look at a general outline of what patterns of interaction between participants exist and are applied in practice:
- server-server (or business-to-business, in this context it is one and the same): this is the simplest classical scheme for which symmetric cryptography is quite enough, participants know everything about each other, including off-network contacts. However, please note that we are not even talking about any anonymity, and the number of participants is strictly limited to two. That is, this is an almost ideal scheme for an extremely limited number of communications and in the general case is obviously of little use.
- server - anonymous (or business - client): there is some asymmetry here, which is successfully served by asymmetric cryptography. The key point here is the lack of client authentication, the server does not care with whom it exchanges data; if you suddenly need one, the server performs secondary authentication using a pre-negotiated password, and then it comes down to the previous case. On the other hand, the authentication of the server is extremely important for the client, he wants to be sure that his data goes exactly to the person to whom he sent them, this side is based on a certificate system in practice. In general, such a scheme is quite conveniently and transparently covered by the https: // protocol, but a couple of interesting points arise at the intersection of cryptography and sociology.
- trust in the server: even if I sent some information to the north in an absolutely safe manner, outsiders have purely technical access to it there. This problem is completely outside the scope of encryption responsibility, but I ask you to remember this point, it will still pop up later.
- trust in the server certificate: the hierarchy of certificates is based on the fact that there is some kind of root certificate worthy of absolute trust. Technically, a fairly powerful attacker
[, I ask you to consider the word an attacker a technical term, and not a slander or an insult to the existing government]can replace the certificate of any lower level, however, it is assumed that everyone needs the certification system equally, i.e. this certifier will be ostracized immediately and all of its certificates revoked. So it is, but still note that the system is not based on technical means, but on some kind of social contract.Speaking of hotAs expected doomsdaypupation of runet, did anyone analyze the possible pupation of the Russian root certificate and the consequences? If anyone read / wrote on this topic, send links, I will insert, I think the topic is interesting
- indirect deanonymization on the server: also a sore subject, even if the north does not have a formal registration / authentication, there are many ways to collect information about the client and ultimately identify it. It seems to me that the root of the problem is in the existing http: // protocol and the like, which, as expected, could not have foreseen such disgrace; and that it would be entirely possible to create a parallel protocol without these punctures. However, this goes against all existing monetization practices and is therefore unlikely. And still interesting, but did anyone try?
- Anonymous - Anonymous: two meet on the network, (option - just met), (option - not two but two thousand), and they want to crack on their own, but so that Big Brother does not hear (option - mom did not know, everyone their priorities). Perhaps you can hear the irony in my voice, well, that's because it is. Let's apply the Schneier postulate to the problem ( any algorithm can be hacked if you invest enough resources , that is, money and time). From this point of view, penetration into such a group by social methods is not difficult, not to mention money, that is, the cryptographic strength of the algorithm is zero with the most sophisticated encryption methods.
However, in this case we have a second bastion - anonymity , and so we put all our hopes on it, even if everyone knows us, but no one can find us. However, with the most modern technical protection methods, do you seriously think that you have a chance? I remind you that I am now talking only about anonymization, we seem to have convincingly done away with data protection. For definiteness, let's agree that if your name or home address or IP address becomes known , the turnout is completely failed.
Speaking of ip, this is where the aforementioned trust in the server rises to the full height , since he knows your ip without a doubt. And here everything plays against you in general - from simple human curiosity and vanity, to corporate policies and the same monetization. Just keep in mind that VPS and VPN are also servers; these abbreviations are somewhat sideways to the cryptography theorists; yes, and the server’s jurisdiction doesn’t play a role in case of great need. End-to-end encryption also falls here - it sounds beautiful and solid, but the server still has to take a word.
What is the server’s role in such a messenger? Firstly, it is trivial for the postman, if the recipient is not at home, call again later. But also, and this is much more significant, this is the meeting point, you cannot send a letter directly to the addressee, you send it to the server for further transmission. And most importantly, the server performs the necessary authentication , certifying for everyone that you are you, and for you - that your interlocutor is really the one you need. And he does it using your phone.
Don't you think that your messenger knows too much about you? No, no, we certainly believe him (and by the way, our phone at the same time, um), but cryptographers say that it’s in vain that no one can be trusted.
Not convinced? But there is still the same social engineering, if you have a hundred people in the group, you simply have to mean that 50% of them are enemies, 49% are either conceited, stupid, or simply careless. And the remaining one percent, no matter how strong you are in the methods of protecting information, you most likely cannot resist a good psychologist in a chat.
The only defensive strategy seems to be to get lost among millions of such groups, but this is not about us, again about some kind of spy-terrorists who do not need network glory or monetization.
Well, it seems to me that I somehow justified (no, did not prove, just justified) my harsh thoughts about data protection in the modern model of society. The conclusions are simple but sad - we should not rely on help from data encryption more than we already have, cryptography did everything it could and did a good job, but our Internet model completely contradicts our desire for privacy and negates all our efforts. Actually, I’m never a pessimist and would really like to say something bright now, but I just don’t know what.
Try to look into the next section, but I warn you - there are completely pink unscientific fantasies, but they can reassure someone, and at least just cheer someone.
Is there anything you can do?
Well, for example, to reflect on this topic, it is desirable to liberate consciousness and discard prejudices. For example, let's temporarily completely sacrifice anonymity , no matter how horrible it sounds. Let everyone be given a unique personal public key from birth, well, and the corresponding private one is natural. No need to shout at me and stomp my feet in an ideal worldit’s extremely convenient - here you have a passport, and TIN, and even a phone number in one bottle. Moreover, if we add an individual certificate to this, we get a universal authenticator / login; and also a pocket notary with the ability to certify any documents. You can make the system multilevel - only the public key and certificate are shared, for friends (the key list of which is attached here) you can make the phone available and what else they trust friends there may be even deeper levels, but this already implies unnecessary trust in the server .
With this scheme, the privacy of the information sent is achieved automatically (although on the other hand, why, in an ideal world?), Alice writes something to Bob, but no one will ever read it except Bob himself. All instant messengers automatically receive end-to-end encryption, their role is reduced to mailboxes and, in principle, there can be no complaints about content. And the servers themselves become interchangeable, you can send it through one, you can send it through another, or you can generally through a chain of servers, like an email. And you can also send it directly to the recipient if his ip is known, without contacting any intermediaries at all. Really great? It’s a pity, I don’t have to live in this wonderful time - neither to me nor to you © Nn-yes, again I'm talking about sad things.
Further, where is all this stored? Well, offhand, to make an open hierarchical system, something like the current DNS, only more powerful and branched. In order not to load root DNS admins with add-modifications, you could make a free registration, the only necessary check is for uniqueness. Type >> " Hello, there are five of us, the Ivanov family. Here are our names / nicknames, here are the public keys. Whoever asks, please send to us. And yet, a list of five hundred grandmothers from our area with their keys, if asked, also send to us. "
It is only necessary to make the installation and configuration of such a home server extremely simple and convenient so that anyone can figure it out, if desired, again, no one will once again load all sorts of official state servers.
Stop! and what does the state have to do with it then?
But now you can and carefully restore anonymity. If anyone can generate a personal key for themselves and confirm it with an individual certificate and install a lower-level CA server, or ask a neighbor, or to which public server, why is all this officialdom needed? And then there is no need to become attached to a real character, complete privacy, security and anonymity. It’s enough that there should be someone trustworthy at the beginning of the hierarchy, well, we believe TM or Let's Encrypt, and well-known public DNS’s still didn’t send anyone to the steppe. On the part of the bureaucrats, there also seemed to be no complaints, that is, of course there will be claims, but to what in fact?
Perhaps someday such a system, or something like that, will be created. And of course, there’s no one to count on us but ourselves, not one of the states I know will build such a system. Fortunately, the already existing Telegrams, i2p, Tor, and probably someone else forgot, show that there is nothing fundamentally impossible. This is our network, and we should equip it if we are not satisfied with the current state of affairs.
Brrr, accidentally ended up on a pathos note. Actually, I don’t like this, I’m somehow closer to sarcasm.
PS: it's all pink snot and girlish dreams, of course.
PPS: but if suddenly someone decides to try it - reserve the nickname degs for me, please, I'm used to it.
PPPS: and the implementation seems quite simple by the way.