Fifthtry

Success and failure of encryption

So for fifthtry, I was considering adding encryption feature, so that one can write personal stuff here, without worrying if I (the site admin) can read their stuff.

File Encryption Has Failed

We have two encryption methods, asymmetric vs symmetric. In symmetric same key/password is used for both encryption and decryption. In asymmetric, one key is for encryption and other for decryption.

Usability wise, both have kind of failed, and here definition of success is “how many billion people use this today?”.

In symmetric, we have to worry about passwords, and sharing passwords, virtually every time I have used this feature in any software, I have lost data because I forgot password.

In asymmetric ones, it’s even worse, as you have to worry about passwords and files.

We have not figured out how to have secure passwords and files, so any method that depends on them will fail.

Encryption Success - Case Study One (fragile)

Where encryption has succeeded is ssl/https, billion(s) of people use this today, and it’s providing real security today.

This is asymmetric encryption, password sharing ones simply can not work beyond n > 1.

While it works, it’s core is based on trust, and thus is fragile.

Encryption Success - Case Study Two (solid)

Signal/whisper protocol is the other instance of successful use of encryption: billions of people use it today.

At its core, this system does not rely on trust the way ssl does. Let me elaborate.

In a system, we have to things to trust, a) one is the your hardware and software running on it, and b) the other is the infra pieces, the pipe, the internet providers, company involved, governments and so forth.

Its theoretically possible to create hardware and software that you can trust, and then you have absolute privacy with whisper (and I attest current commercial solutions are close to this). For absolute privacy using ssl you have to be god (though for commercial privacy, current commercial solutions are ok: and thus the success).

Can Whisper Work For Anything Else?

There are two critical elements on which the absolute privacy in whisper stands (other than reliability of math/local-hardware/software):

  1. Personally Verifying Signature: (which has been made usable) using an off channel method (eg in person). In WhatsApp for example, you can click on a contact, and use camera to scan to verify that the key is valid if you are close to that person.

  2. Local Storage: In the transit the messages are encrypted, and only locally the plain version is available. So if you use cloud backup of any kind, you may not have absolute privacy (unless that system is also end to end encrypted).

The messages are secure on your phone/device, and are from the person you verified (not been read or tampered with in transit).

Since key recovery is not possible, if you lose your phone, you lose past messages. And then you have to re-verify the contacts. With these steps you are absolutely secure (absolute == not even god, given our current state of technology/commerce).

The personal verification step is acceptable as 1. it has to be done once per person you want to securely interest with, per device. 2. No need to remember passwords etc.

How iCloud could be working?

Another moderate success of encryption is iCloud.

They honour the first condition of personally verifying signature by a sending a confirmation code to all other devices owned by that, that user has to enter for every new device to be added to iCloud account.

iCloud satisfies second condition by keeping encrypted stuff in cloud, and never the plain text one, which is only available on devices you own.

Password Less Encryption

To implement password less encryption, we have to:

  1. Generate the key on the local device.
  2. Only store encrypted data on server
  3. To give access a new device or user, generate one time password, send to other party via an independent secure channel, and site can facilitate exchange on key encrypted using this one time password.
  4. If you are confident you will never lose all of your devices, you will not need password.
  5. If you are not: then ask the user to pick a password, encrypt the key using that password and store it on server.

Table Of Content

Immobile v2

Link Log

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020

Recommendations

Books Have Read / Recommend

Product Management Books

Badass: Making Users Awesome

Movies

Five Cs of An Organisation

Success and failure of encryption

Open Source

Observer: Observability for Rust

Realm: Web Development Framework Using Rust and Elm

MartD: Server To Browser Messages

On Writing And Formats Of Written Communications

Rust Stuff

Rust feature flags

Why is diesel not compatible with async?

Making Postgres Only Diesel Code To Also Support Sqlite

Rust Git2’s Concepts

Git Hash And Build Date In Rust Build

Systray Only Native App In Rust

Software and Tools I Use Often

IPFS

DNS Over HTTPS Controversy

The Patel Motel Cartel

Standalone Complex

Awesome

January 2020

Word Of The Day

Monkey

Positions

ViM

Emacs

Nix On OSX Catalina

Postgres: WAL / Logical Decoding

Postgres: Listen-Notify

Wisdom

Rules

Go All The Way

SSH Commands

Lovelace

Sorry

Nu Shell

SHA256 vs SHA224

Pronouns Bad

Ghost

Web Components