Make security more easy

Hanno's Blog

Tuesday, January 3. 2006

Make security more easy

Today I held a talk about »Technical defense against surveillance« on an event with rather non-technical visitors.

I noticed that we still really have a lot of problems when providing easy-to-use security.

Things like "yes, you can do gpg with jabber, but only with a few clients, there's also another thing called otr, that's better from a cryptographic point of view but it is not based on the gpg-key-infrastructure and it's also only supported by some (other) clients" are really horrible to say if you always fear that nobody understands you.

A short list of things that came me to mind:
- I found no easy way on encrypting partitions with linux. Maybe I missed something, but I googled for it, tried it in ubuntu, found nothing. Had to tell them "there are some console-apps, dm-crypt, cryptsetup, etc.".
- Apps should enable ssl by default. Servers should forbid login without ssl. No more pop3, smtp, imap, jabber, webmail, whatever-web-login without ssl-encryption.
- Jabber should have a standard for encryption, based on gpg, with the cryptographic features of otr.
- We need to get rid of all unsecure algorithms (MD5, SHA1, RSA/DSA/ElGamal with 1024 bit) by default (yes, I know I said this hundred times before). GPG still creates 1024bit DSA-keys.
- Things like tor could be integrated into distributions, to be enabled by a click or similar.

Just some random ideas. It is possible to create much more secure systems. We just need to do it.

(And to not only cry, I hope I'll find some time and motivation to push some of the things I suggested in the near future)
Posted by Hanno Böck in Cryptography, English, Gentoo, Linux at 23:48 | Comments (6) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

My kind of thinking exactly.

Good luck with pushing those ideas!
#1 N-S on 2006-01-04 00:23 (Reply)
Cryptsetup was the defacto for sometime for using dm-crypt to pipe i/o through a cipher of your choice. Cryptsetup is dead now, LUKS (http://luks.endorphin.org/) has taken it's place. The great thing about LUKS is it also has a gnome GUI which I've seen some Ubuntuer trying to use, so the potential for tossing in your encrypted usb keychain and typing in a password is there. Also LUKS supports all the old cryptsetup functionality in their own cryptsetup-luks command line util (available in portage).

For the admin types cryptsetup-luks is very easy to use for day to day usage, also you can set it up with /etc/conf.d/cryptfs and do things like random encrypted swap/tmp partitions on bootup.

This is a major problem today, our algos are getting weak and no one has brought crypto to the masses. We need a major movement, I say "crypto to the people".

Also we need to start getting off closed solutions like AIM or MSN. Who controls the service and who has access to your data is going to become a bigger issue over the years.

Hope that helps.
#2 postmodern on 2006-01-04 03:04 (Reply)
Thanks, reading this article I also want to hint on LUKS.
#2.1 Lars+Strojny (Homepage) on 2006-01-04 10:29 (Reply)
encfs works perfectly here. It's fast, it's secure, it does not need fixed size partitions and it just works!
#3 Bart Braem (Homepage) on 2006-01-04 19:10 (Reply)
I've been on about making security easy to use for ages. Take something as "simple" as encrypting and signing email in Evolution, it should be default and why is there no easy way when I'm on a mailing list and other people sign their mail to verify the signature against a known database - this should be automatic or at the very least a one click operation.

On the lower level we could look at some of the malloc work OpenBSD did for their 3.8 release, it's well within specification and yet it breaks a lot of applications - security as debugging, this would be a great idea to enable on development branches (I guess for Gentoo ~x86 would be a decent choice). Weed out those easy to spot bugs, and for production releases to counter the overhead it carries we could disable it, once the easy to spot bugs have been removed we still gain a bit of security from this.

I for one would fully support secure by default, we have useflag defaults to help us, security should be something you explicitly turn off, not turn on. Even if the birthing process is a bit painful.

The good news would be that the newer glibc and gcc 4.1 come with some great out of the box features to enhance security and combat those nasty stack smashing attacks. SELinux is shaping up and has great backing. We should in theory be improving.

Tor out of the box would be great, especially if forums.gentoo.org would allow me to post using the default setup. Tor might be slow now, but as there's more widespread adoption we should hopefully see it get faster.
#4 David Nielsen (Homepage) on 2006-01-05 15:02 (Reply)
http://www.rsbac.org
#5 xx (Homepage) on 2006-01-09 04:13 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz