Why about cryptography? I myself have rather superficial knowledge about it. Yes, I read the classic work , but very long ago; yes, I understand the difference between symmetric and asymmetric encryption, I understand what elliptic curves are, but that's all. Moreover, existing cryptographic libraries, with their cute habit of including the full name of the algorithm in the name of each function and a bunch of initializers sticking out, gives me a terrible butthurt as a programmer.
So why? Probably because when reading the current wave of publications on data protection, confidential information, etc., I get the feeling that we are digging somewhere in the wrong place, or more specifically, we are trying to solve essentially social problems with the help of technical means (cryptography). . Let's talk about it, epoch-making discoveries, as well as specific proposals, I do not promise, they are idle thoughts.
A little bit of history, just a bit
In 1976, the United States adopted the federal standard for symmetric encryption algorithms - DES. It was the first public and standardized cryptographic algorithm created in response to growing business demands for data protection.
bearded curiosity
The algorithm was published in error. It was optimized for hardware implementation and was considered too complex and inefficient for software implementation. However, Moore's Law quickly put everything in its place.
It would seem - the end of the story, take, encrypt, decrypt, if necessary, increase the length of the key. Perhaps you know for sure that the Americans left bookmarks in it, then there is a Russian analogue for you - , which you probably trust even less. Then use both, one on top of the other. If you believe that the FBI and the FSB united for you and exchanged their bookmarks, then I have good news for you - you are not paranoid, you have a banal megalomania.
How does symmetric encryption work? Both participants know the same key, it is also the password, what is encrypted by them can be decrypted by them. The scheme works great for spies, but is completely unsuitable for the modern Internet, since this key must be transmitted to each of the interlocutors in advance. For some time, while relatively few companies protected their data when communicating with a previously known partner, the problem was solved with the help of couriers and secure mail, but then the Internet became massive and came on the scene.
Asymmetric cryptography
where two keys are involved: public, which is not kept secret and is communicated to anyone; And privatewhich only its owner knows. What is encrypted with the public key can only be decrypted with the private key, and vice versa. Thus, anyone can find out the public key of the addressee and send him a message, only the addressee will read it. It would seem that the problem is solved?
But internet is not working properly, the problem arises in full growth authentication and especially, initial authentication, and in a sense, the opposite problem anonymity. In short, how can I be sure that the person I'm talking to is really the person I was going to talk to? and the public key I'm using really belongs to whoever I was going to talk to? Especially if I'm talking to him for the first time? And how to inspire confidence in your partner while maintaining anonymity? Already here, if you look closely, you can see an internal contradiction.
Let's consider in general terms what schemes of interaction between participants exist and are applied in practice:
- server - server (or business - business, in this context it is the same thing): this is the simplest classical scheme for which symmetric cryptography is quite enough, the participants know everything about each other, including off-network contacts. However, please note that we are not even talking about any anonymity here, and the number of participants is strictly limited to two. That is, this is an almost ideal scheme for an extremely limited number of communications and, in the general case, is obviously of little use.
- server - anonymous (or business - client): there is some asymmetry here, which is successfully served by asymmetric cryptography. The key point here is the lack of client authentication, the server does not care with whom it exchanges data; if suddenly one is required, the server conducts secondary authentication using a prearranged password, and then it all comes down to the previous case. On the other hand, the client essential server authentication, he wants to be sure that his data goes exactly to the one to whom he sent them, this side in practice is based on a certificate system. In general, such a scheme is quite conveniently and transparently covered by the https:// protocol, but there are a couple of interesting points at the junction of cryptography and sociology.
- trust in the server: even if I sent some information to the north in a completely secure way, outsiders technically have access to it there. This problem is completely outside the scope of encryption, but I ask you to remember this point, it will still pop up later.
- server certificate trust: the certificate hierarchy is based on the fact that there is some root certificate worthy absolute trust. Technically, a sufficiently influential attacker [, please consider the word attacker as a technical term, and not as a slander or insult to the existing government] can replace a certificate of any lower level, however, it is assumed that everyone needs the certification system equally, i.e. that certifier will be immediately ostracized and all of its certificates revoked. So it is true, but still notice that the system is based not on technical means, but on some kind of social contract. Speaking of hotAs part of the expected doomsday pupation of the RuNet, has anyone analyzed the possible pupation of the Russian root certificate and the consequences? If anyone read / wrote on this topic, send links, I'll paste it, it seems to me the topic is interesting
- indirect deanonymization on the server: also a sore subject, even if the server does not have formal registration / authentication, there are many ways to collect information about the client and ultimately identify him. It seems to me that the root of the problem is in the existing http:// protocol and others like it, which, as expected, could not foresee such a disgrace; and that it would be quite possible to create a parallel protocol without these punctures. However, this goes against all existing monetization practices and is therefore unlikely. Still wondering if anyone has tried?
- anonymous - anonymous: two meet online, (option - just met), (option - not two but two thousand), and they want to chat about their own, but in such a way that Big Brother didnβt hear (option - mom didnβt find out, everyone has their own priorities). You may hear irony in my voice, but that's because that's what it is. Let's apply Schneier's postulate to the problem (any algorithm can be cracked if enough resources are investedi.e. money and time). From this point of view, penetration into such a group by social methods is not difficult, not to mention money, that is, the cryptographic strength of the algorithm zero with the most sophisticated encryption methods.
However, in this case we have a second bastion - anonymity, and we put all our hopes on him, let everyone know us, but no one can find us. However, with the most modern technical methods of protection, do you seriously think that you have a chance? I remind you that I am now talking only about anonymization, it seems that we have already convincingly finished with data protection. Let's agree for definiteness that if your name is known or home address or ip-address, turnout failed completely.
Speaking of ip, this is where the aforementioned comes into play server trust, he knows your ip without a doubt. And here everything plays against you in general - from simple human curiosity and vanity, to corporate policies and the same monetization. Just keep in mind that VPS and VPN are also servers, these abbreviations are somehow aside for cryptography theorists; yes, and the jurisdiction of the server does not play a role in case of great need. End-to-end encryption also gets here - it sounds nice and solid, but the server still has to take a word.
What is the role of the server in such a messenger? First, it's trivial for the postman, if the recipient is not at home, come back later. But also, and this is much more important, this is a meeting point, you cannot send a letter directly to the addressee, you send it to the server for further transmission. And most importantly, the server conducts necessary authentication, certifying for everyone that you are you, and for you - that your interlocutor is really the one you need. And he does it with your phone.
Don't you think that your messenger knows too much about you? No, no, we certainly believe him (and by the way, our phone at the same time, um), but cryptographers assure that itβs in vain, that you canβt trust anyone at all.
Not convinced? But there is still the same social engineering, if you have a hundred interlocutors in a group, you simply have to mean that 50% of them are enemies, 49% are either vain, or stupid, or simply careless. And the remaining one percent, no matter how strong you are in the methods of protecting information, you most likely cannot resist a good psychologist in a chat.
The only defensive strategy seems to be to get lost among millions of such groups, but this is no longer about us, again about some terrorist spies who do not need network fame or monetization.
Well, it seems to me that I somehow substantiated (no, I didnβt prove it, I just substantiated) my harsh thoughts about data protection in the modern model of society. The conclusions are simple but sad - we should not count on more help from data encryption than we already have, cryptography has done everything it could, and it has done well, but our model of the Internet completely contradicts our desire for privacy and negates all our efforts. In fact, I have never been a pessimist and I would very much like to say something bright now, but I just donβt know what.
Try to look into the next section, but I warn you - there are completely rosy unscientific fantasies, but they can reassure someone, and at least just cheer someone up.
Can anything be done at all?
Well, for example, to reflect on this topic, preferably liberating consciousness and discarding prejudices. For example, let's temporarily completely sacrifice anonymityno matter how terrible it may sound. Let everyone be given a unique personal public key from birth, and, of course, the corresponding private key. No need to yell at me and stomp your feet, in ideal world this is extremely convenient - here is a passport, and TIN, and even a phone number in one bottle. Moreover, if you add an individual certificate to this, you get a universal authenticator / login; and also a pocket notary with the ability to certify any documents. You can make the system multi-level - in the public domain only a public key and a certificate, for friends (whose list of keys is attached here) you can make the phone available and what else your friends trust there, there may be even deeper levels, but this already implies unnecessary trust in the server .
With such a scheme, the privacy of the information sent is achieved automatically (although, on the other hand, why, in an ideal world?), Alice writes something to Bob, but no one will ever read it except Bob himself. All messengers automatically receive end-to-end encryption, their role is reduced to mailboxes and, in principle, there can be no claims to content. Yes, and the servers themselves become interchangeable, you can send through one, you can through another, or you can even through a chain of servers, like an email. And you can also send it directly to the addressee if its ip is known, without contacting any intermediaries at all. Really great? Itβs only a pity that you wonβt have to live at this beautiful time - neither me nor you Β© Nn-yes, again I'm talking about sad things.
Further, where to store it all? Well, offhand, to make an open hierarchical system, something like the current DNS, only more powerful and branched. In order not to load root DNS admins with additions-modifications, one could make free registration, the only necessary check is for uniqueness. Type >> " Hello, we are five people, the Ivanov family. Here are our names/nicknames, here are the public keys. Who asks - please send to us. And here's a list of XNUMX grandmothers from our area with their keys, if they are asked, send them to us too.Β«
It is only necessary to make the installation and configuration of such a home server extremely simple and convenient, so that anyone can figure it out if they wish, again, no one will once again load all sorts of official state servers.
Stop!, and what does the state have to do with it then?
And now you can carefully restore anonymity. If anyone can generate a private key for themselves and confirm it with an individual certificate and install a lower-level CA server for themselves, or ask a neighbor, or which public server, why do we need all this officialdom? Yes, and then there is no need to become attached to a real character, complete privacy, security and anonymity. It is enough that there is someone trustworthy at the beginning of the hierarchy, well, we believe TM or Let's Encrypt, and well-known public DNS's have not yet sent anyone to the steppe. On the part of the bureaucracy, too, there should not seem to be any complaints, that is, there will certainly be complaints, but what exactly?
Perhaps someday such a system, or something similar, will be created. And of course, we have no one to rely on but ourselves, none of the states known to me will build such a system. Fortunately, the already existing Telegrams, i2p, Tor, and probably forgot someone else, show that nothing is fundamentally impossible. This is our network, and we should equip it if we are not satisfied with the current state of affairs.
Brrr, I accidentally ended on a pathetic note. In fact, I donβt like it, I somehow feel closer to sarcasm.
PS: it's all of course pink snot and girlish dreams
PPS: but if suddenly someone decides to try - reserve a nickname for me please, I'm used to it
PPPS: and the implementation seems quite simple by the way
Source: habr.com