3:05PM - cert.pem
Cilvēk, you supposedly went through all that effort to "use" crypto, generate keys … then you turn around and just store your "private" keys in ~/.ssh/id_{rsa,dsa,ecdsa}, ~/.gnupg/secring.gpg etc.? Pity the fool! I guess all that data/traffic you were trying to "protect" is worth less than ~40 bucks. 'Coz, if you don't have it air-gaped or neatly compartmentalized w/ something like Qubes OS, all your ${HOME} are belong to us. But you knew that, right?
Remember Comodohacker & DigiNotar fail? Well, guess why he failed to penetrate StartSSL? Hardware Security Module (HSM).
4:14PM
"How many Silicon Valley technologists will look back at their work in 50 years and have the same kind of feeling that Nazi scientists had, that Manhatten Project physicists had, that the inventors of mustard gas had?
Whether technology will be used as a weapon in the hands of a selfish elite, or as a tool for liberation for the impoverished and underprivileged, is being decided now by how these technologists use their time."
6:19PM
Ieraksts tikai kiberpankiem.
Kripto pasaule ir dziļa bēdu ieleja. Sākot ar autentifikāciju: the trust model of CAs is broken (thx, Comodohacker, _NSAKEY). A strange world: you're better of trusting yourself (i.e., verifying fingerprints vs. placing trust in your CA store). Cert-pinning nav scalable. OK, ceram uz DNSSEC+DANE, vai kaut ko a la Convergence/Perspectives. But how many OSes come with a validating resolver? Yeah. We're moving at glacial speed. Pat ja uz brīdi ignorē CA problēmu, arī protokolu līmenī: we haven't even ditched SSL yet! Labi, var teikt, ka cilvēki ir beidzot ieslēguši crypto. Pirms tam kaut ko muldēja par "impact on performance". Prior to FireSheep all major sites were positively "transparent". Cik pārklūku atbalsta >TLS 1.0? Welcome to the world of BEAST, CRIME and Lucky 13. How do we mitigate BEAST? Oh, I know, let's prioritize an RC4 cipher! Yeah... Arī ja palasa OpenSSL kodu, jāsāk ticēt Bilam Binijam. Protams, kļūdai nav obligāti jābūt that far up the chain.
Cerams, ka tas ir trauksmes zvans, kas pamudinās skudru pūzni. Līdzīgi kā reizē ar alleged IPSec backdoor in OpenBSD. Par anonimitāti var aizmirst, ja nav atrisinātas pamatproblēmas: security is a prerequisite of privacy, and not vice versa.