Prove, don't claim
Tags: musings, security
In the wake of Edward Snowden's activities, several new communication services started catering towards security-minded users. In principle, this is a good thing. However, these companies need to take the burden of proof more seriously. It is simply not good enough to claim that you “value the privacy of your costumers”. Quotes such as
We take your privacy seriously. We will never collect data about you. We use state-of-the-art encryption to guarantee that your files cannot be accessed by unauthorized persons.
simply evoke a “Huh, I guess that's good for you” response from myself. In the worst case, they might trick users into believing your company without good cause. Why am I being so harsh? A simple reason: Good cryptography is hard to do right. Repeat after me: Good cryptography is hard to do right.
Take the guys from whistle.im, for instance. They “talk the talk” and even give some insights into their algorithms, yet a detailed analysis by neXus shows that they violated even the most basic principles of security. Darn. At least, I award them some points for being somewhat open about their protocols.
If your company does not talk openly about the detailed steps you are going to take to ensure that my data are encrypted properly, I will not even remotely trust you. Sorry. Shannon coined the adage “The enemy knows the system”. And at least in the cryptographic context, this is what I am assuming as well.
If you are unwilling to prove the security of your algorithms, I will assume that you are incapable of doing so. To be fair: I myself am incapable as well. To clarify: I consider myself capable of using established cryptographic systems such as Off-the-Record and GnuPG. But it is a very large step from being able to understand the workings of, say, RSA, to designing and running my own cryptosystem.
Would that all people and companies were aware of their limitations! As the aftermath of the recent Adobe hack shows, it is very easy to get things wrong. Adobe, for example, did not hash passwords properly. That is an epic on the fail scale. Some people are already working on analysing the passwords statistically or analysing the security problems in general. And it appears that there is already a list of the top 100 passwords used. I very much hope that the majority of the users did not use the same password for other services. Since their e-mail addresses have been included in the data dump, this would allow attackers to target things like e-mail accounts, e-commerce stuff (amazon, eBay, …), and so on. And what does Adobe have to say? The usual drivel, it turns out:
We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you.
In the official security announcement, there is not a word about their abysmal security practices. Not even an honest summary of the situation.
So, if even a large company like Adobe can get something that basic that wrong–why should I trust your new & hot startup? If you pretend to care about the privacy of your customers, you are required to disclose your algorithms completely. Not because somebody should poke fun at them but rather because you might have overlooked something, which in turn might negatively affect the efficiency of your encryption schemes. This happens to the best of us. The most recent example is probably Moxie Marlinkspike's critique of Lavabit. Cryptocat, had its share of problems, as well.
To all the people involved in privacy-aware services, be it whistle.im, Cryptocat, myIDkeeper, Lavabit, or something else entirely, I say: Thanks for your work and dedication. If you really want the trust of your users, please disclose your algorithms. Prove the security to me, don't just claim it. Given enough eyeballs, all bugs are shallow. Even those in cryptography.