[liberationtech] Peer-review required: SwaTwt and TweedleDH
Michael Rogers
m-- at gmx.com
Wed Sep 29 02:25:56 PDT 2010
Hi Nimrod,
I'm not a cryptographer but I have a few comments on the design.
First, Twitter is the wrong medium for this. If you want to send a
message confidentially to a small group of people, placing the message
on a public website (even in encrypted form) is a bad way to start. It
makes it trivial for an attacker to find all the encrypted messages,
even without wiretaps.
Second, keys derived from passphrases are only secure if you can limit
the number of attempts the attacker has to guess the passphrase. In your
design the attacker has unlimited attempts to guess the passphrase
offline, so the keys can't be considered secure.
Third, no matter how strongly you emphasise that people mustn't send
passphrases over any electronic medium, they will do so. Your design
needs to assume that people will do things the easy way, then try to
make the easy way as safe as possible (the DH tool is a step in the
right direction).
Having said that, your tools are a lot better than anything I've ever
built. Thanks a lot for creating them and putting them up for review.
Cheers,
Michael
On 28/09/10 18:52, Uncle "The Dod" Zzzen wrote:
> I've lately developed 2 nomadic-crypto tools (based on 2002 work by
> magaf.org RIP):
>
> * SwaTwt (sealed with a Tweet) - symmetric encryption in JavaScript,
> with pastebin and [optional] Twitter integration.
> Source: http://github.com/thedod/SwaTwt
> Working site: http://SwaTwt.com
>
> * TwiddleDH - a desktop app for creating a shared secret with a peer
> (Diffie-Hellman key exchange) over IM or Twitter.
> Source: http://github.com/thedod/tweedledh/
>
> There's also a tutorial at http://j.mp/privacy4dummies
>
> Goals:
> 1) The system tries to be as nomadic as possible: zero installation for
> SwaTwt, zero configuration for TweedleDH, no keys are stored. It tries
> to keep the code small and simple enough for review (no binaries - of
> course).
>
> 2) It also tries to address laypeople. Now that is a risky thing to do,
> since - as Bruce Schnier says - "If you think technology can solve your
> security problems, then you don't understand the problems and you don't
> understand the technology". Still - the goal should be that any sensible
> person who reads the documentation would be able use all this rope
> without ending up hanging from it. We can expect some people not to use
> the system wisely, but they also contribute to the signal-to-noise
> ratio :) On the other hand - the documentation shouldn't be
> prohibitively long or too complicated. Bottom line - feedback on
> documentation (or alternative documentation) is especially important in
> this case.
>
> 3) Another goal of the system is integration with twitter (although you
> can use it for one-on-one communication over IM without worrying about
> all this). One of the reasons is not to pursue joindiaspora's idea of
> making an alternative to an existing social network (facebook), but to
> provide an 3rd party tool (like twitpic or twitlonger) to solve a small
> ad-hoc need. Less code, less bugs, less configuration errors, less
> vulnerabilities. SwaTwt does a lot less than what diaspora intends to do
> (the day my mom gets to run a node on *her* PC), but it runs on my cheap
> J2ME phone today.
>
> There's a lot of experimenting to be done with this unstable mixture of
> privacy and social networking, and it's bound to produce leaks (of
> secrets and even keys), but we need (both as individuals and as
> societies) to learn these skills, and to restore the privacy awareness
> socnet moguls keep urging us to forget.
>
> Cheers,
> Nimrod @TheRealDod Kerrett,
> Thailand
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list