As a user, I just want to be able to message another person, over the internet without having to worry about setting up plugins or setting up any kind of keys. I want to add them to my friend list, click their name, send them a message and be comfortable in the fact that my communication cannot be intercepted.
I'm still waiting for simple, usable crypto - but I'm not willing to settle for evidence-free, warm assurances of safety from borderline incompetents in the field while I wait for it.
>I can't help but think if security researchers spent as much time on creating usable, secure software as they did in proving that other's implementations were flawed we'd be in a much better place.
Can this comment be part of the HN crypto thread drinking game? It's in every thread x10. I can't help but think if commenters spent as much time learning how to use good crypto as complaining about the time researchers spend picking apart bad crypto, all of their issues with the current implementations would disappear.
Not really, because each commenter here interacts with 10's if not 100's of people who have little to no chance of learning to use good crypto.
The problem isn't that nobody understands that, the problem is that that's a very difficult (arguably impossible) problem to solve.
https://news.ycombinator.com/item?id=5776111
Edit: another thought, looking at the incentives involved:
* If you, as a security guy, spend your time breaking stuff, you win some points for that if you score a 'hit'. If you don't, well no one is really paying attention. Pretty much all systems - even those written by really bright guys like cperciva - have flaws, so if you look enough, you'll probably find some.
* If you write your own system, you attract the attention of all the people out to break it. And eventually they probably will find some problem and write Comic Book Guy style posts about how the system is badly flawed. And your reputation will suffer.
I have nothing against criticism. If there's a flaw in something, let's talk about it. But I don't care for "I know how to do it better," and nothing more.
..than communicate in plain text? Yes.
Where's the alternative? We can have Cryptocat shut down, which is what the author is suggesting, but then what are we (and by that I really mean people who currently use Cryptocat) going to do?
/s
Make formal security proofs, implement them, open source your prototypes, and have them vetted by as many cryptographers as possible (so one or two if you're lucky.) Then figure out how to market your product.
By far the hardest aspect of cryptography engineering is getting people to use your software in the first place. It doesn't matter how good you are at crypto if your software is never used.
It's very easy to criticize. Much harder to actually make more secure, more usable alternatives. (And, ironically, the people who ought to be doing this the most are much more hesitant to do so since they know of many more subtle ways to make mistakes.)
I think perhaps a neglected aspect of the problem is how to turn difficult social / political problems (eg. nobody uses PGP and people think you're a weirdo if you try to persuade them to) into tractable technical problems (the kind cryptographers mostly talk about). I sometimes think it would be preferable to start from a point where everybody had public and private keys and knew how to use them, but the crypto was no better then ROT13, than the current situation where the crypto is pretty good but getting people to use it is nearly impossible.
I also think the emotive "bad crypto puts lives at risk" argument only really makes sense if you're talking about crypto for the military or a small number of political activists, who will in any case benefit if their encrypted transmissions are buried among everybody else's. Those people need to be more careful than the rest of us with our more quotidian privacy concerns. I would rather have more bad (but tractable) crypto than great crypto that is used by nobody.
Hopefully somebody will persuade me I am wrong about this so I can stop feeling like a crypto heretic.
Also, a part of the social/political problem is that people tend to not know that the crypto they are using is bad, and political activists tend to not necessarily be cryptography experts either, so how would they know that they are in danger when everyone around them tells them that the broken crypto they are using is the thing to use?
Also, suppose some new appliance regularly killed its users due to bad electrical isolation. Would you use the same argument when someone criticizes the manufacturer of that appliance? People doing things in a way that harms others is beyond criticism unless you yourself are doing things better? You wouldn't complain if your doctor treated you incompetently unless you could do it better yourself?
Also, your basic premise is flawed: Making valid criticism is not "very easy", but also often requires considerable expertise, which in turn takes considerable work to acquire. But that doesn't matter anyhow: Criticism either points out actual problems or it doesn't, it's completely irrelevant to its validity how much work went into it.
I don't think anyone is above criticism, nor do I think truly understanding how a piece of software works is "very easy." All I'm saying is that we see criticism of Cryptocat over and over, yet, here we are, with people still using Cryptocat.
The author wants Cryptocat shut down, but if that happens, what will the people using Cryptocat do? Communicate in plaintext? Isn't it irresponsible (and in line with your own reasoning about putting people in danger) to not present the users with a better alternative first?
Of course, if that was the case, the edge of your response is blunted, because then responsibility for that failure is more distributed.
It's not that black and white. Yes, usability tends to carry with it some measure of sacrifice in security, but Skype used to have a lot more security, and was as easy to use as it is today. They're not absolutes. You can have "quite usable and very secure" and "very usable and quite secure", things none of the apps we're discussing are.
I don't have any big concerns with OTR (aside from the inability to do offline messaging,) just the implementions, mainly OTR in Adium. OTR in Pidgin appears to be decent, but hasn't received a lot of review, as far as I know, and Pidgin has its own problems/provides its own attack surface.
There is also TextSecure (https://whispersystems.org/), but it requires text messaging.
Agree that TextSecure and Redphone are great tools, albeit in different categories, and as far as I can tell their implementations are sound.
After listening to Glen Greenwald at the CCC it was quite clear that cryptography that is easier to use than PGP is really needed in this world (he almost lost the Snowden story due to it). I think that Nadim needs to be encouraged. Sure, point out any flaws but aim for constructive feedback.
The points here centre around it "not good enough". This is a bit of a chicken and egg problem and isn't really helpful.
I agree that the "world" could benefit from an easier to use cryptography product than PGP (event thought I'm fine with PGP) and I think that this post is valid criticism.
Disclaimer: Not a cryptography expert in any way, neither annoyed by the fact cryptography is hard and will probably benefit from processes like peer-review.
Slightly off-topic, but this is one of those areas that bugs the hell out of me, and I don't know the solution. On one hand, security and cryptography people tell lawmakers and those in authority that crypto is math, anyone can do it, it's silly to try to regulate it, etc. On the other hand, these same experts tell the "anyones" of the world not to implement their own crypto, mistakes are easy to make, correct implementations are hard ...
Here's the kicker for me: If you absolutely should never release another piece of software that might have bugs that could endanger someone's life, then you'll never release another piece of software. You can become the greatest cryptographic implementor on the planet, implement to the current state of the art, and, in a couple years, still have your work completely obliterated by a new attack against a cryptosystem that you are using correctly.
The "cutesy" icons and flashy colours that Cryptocat displays are really nothing more than lipstick on a pig.
For all I know this guy could be totally right about Cryptocat, but this is absolutely not the way to make this kind of statement. It isn't well-reasoned and it sure as shit isn't informative.
"I remember a conversation with Brian Snow, a highly placed senior cryptographer with the NSA. He said he would never trust an encryption algorithm designed by someone who had not earned their bones by first spending a lot of time cracking codes. That did make a lot of sense. I observed that practically no one in the commercial world of cryptography qualified under this criterion. "Yes", he said with a self assured smile, "And that makes our job at NSA so much easier." A chilling thought. I didn't qualify either. "
https://www.schneier.com/blog/archives/2011/04/schneiers_law...
edit:
By the way I think that Jeffrey Paul has a relevant point, I think it deserves to be taken into account. I understand his words can hurt Nadim Kobeissi nevertheless from my point of view they carry no such will.
