Skip to main content

When not to Encrypt

I'm publishing this as an unfinished draft because it came up in conversation. Hopefully, I'll go back and rework this later. If you're not a technical person, just skip this one.

In technology circles, there's been a lot of talk about encryption lately. It's regarded as A Good Thing. If you take away one thing from this post, it's that encrypting your data is almost always a good idea. And, if you're not a technical person, you can just shorten that to "Always Encrypt".

But, for the techncal people, there are edge cases. There are always @#$!@% edge cases.

There are two primary reasons to encrypt: privacy and verification. Unfortunately, when it comes to TLS, they're mixed together. Verification is always a good thing, but there are times when the privacy is either unnecessary or actively harmful. For example:
  1. Waste. If you're downloading a public file, and you have another way to verify it, then encryption is just wasted memory and processing power. That's not a big deal for most people. For a large datacenter, that 1-2% difference is noticeable. For a very poor school running old computers or low-cost devices like the Raspberry Pi, encryption is a much bigger hit: it's the thing that makes the computers slow. If you're downloading something like a signed OS patch, the OS will check the file integrity later, so there's no reason to waste the resources encrypting and decrypting it for the trip across the network.
  2. Known Plaintext Attacks. When you encrypt data, you want to avoid encrypting known data because it gives an adversary something to look for. If Microsoft releases a 2.1GB Windows update, that day, millions of people will connect to https://update.microsoft.com and download approximately 2.1GB of data. Everybody who can see the encrypted traffic knows exactly what was downloaded. On a smaller scale, the login page of every service on the web is a small, known size. Anyone who can intercept that data stream can look for weaknesses in the encryption implementation. That's not a problem today, but it's often the first crack in the encryption wall as protocols age. [FIXME: I think this was a genuine problem with the Kerberos 4 protocol, and K5 moved a bunch of data to cleartext to remediate. Research.] 
  3. Caching. Caching becomes much more difficult with current encryption implementations. There are ways to do it, involving basically subverting every machine in the organization with an internal CA so that a central proxy can act as a man-in-the-middle (and that's actually a legal necessity in certain industries in certain countries), but it's ugly. If there was a way to contact the central server to say, "I have a local proxy offering a copy of this page. Is it legitimate?", that would make it far easier for companies or even ISPs to offer proxies to their customers.
Just to get it out of the way, one deeply flawed argument against encryption is "...but terrorists". Spy agencies want to be able to catch terrrorists, which is a good thing. Unfortunately, there is absolutely no way to encrypt things for the good guys but not encrypt for the bad guys (or vice versa). It doesn't exist. 

How would I fix all of these problems? I'd create a standard way to query a webpage to say "Please provide a signature for the contents of this page WITHOUT sending the contents?" In my head, I think of it as HTTPV (for "Verified HTTP"), but it probably makes more sense to handle this with something like a new HTTP verb. Once that exists, you also need a way to inform the browser about optional proxies. [FIXME: Is this something that could be handled by WPAD? Research.] 

It's not easy, and it's not a short term plan, but in the long term, it could make the web a bit faster and a bit safer.

Comments

Post a Comment

Popular posts from this blog

The Chromecast conceptual model

Google makes a device called Chromecast . It's a relatively inexpensive way to turn any TV into a "Smart" TV capable of playing movies or music. It's a clever bit of engineering, but I've run into a few people who have trouble understanding how they work. The key thing to understand is that the Chromecast is the device that's actually receiving and playing the movie (or whatever), and your phone is just the remote. Here's how the process works at a high level: You start watching a video on Youtube 30 seconds in, you decide that you'd like to watch the rest on your TV, so you press the "Cast" button. Your phone stops playing and tells the Chromecast "Get this video directly from Youtube and start playing at the 0:30 mark"  When your phone initially asks the Chromecast to start playing, it also specifies a "default thing" to do when the Chromecast is finished. If the Chromecast is playing a Youtube video, it might...
Post a Comment
Read more

Sometimes, things work as intended

A small computer success story: I have a Synology NAS at home. For those who aren't familiar with them, they're small computers that are set up to make storing and sharing files easy. They keep your data across multiple hard drives so that if a hard drive fails, no data is lost. Or, at least, that's the theory. After we moved last year, I set up the NAS and ran all of the status checks. It reported that one drive was still working but starting to have problems. I bought another drive, plugged it in, and set it as a "hot spare" (basically, the system knew about it, but it wasn't being used). I also turned on monthly disk checks. Months passed with no more problems. ...until last Tuesday. On Tuesday night, the system automatically sent us mail to tell us that The troubled disk had finally failed. Since we had a hot spare, it would be used as a replacement disk and our data would be copied to it. When everything was finished, the system would let us k...
2 comments
Read more

Stinky cheese, man

I'm living in a place that's known for it's cheese. There are hundreds of kinds of cheese at my local grocery store. I try something different every time I go shopping, and I've still barely scratched the surface of what's available. There's one kind of cheese that deserves special mention: Raclette . Raclette is strange for a few different reasons. Most notably, it's almost always served cooked, and there's a bit of a ritual around cooking it. You will never be offered raw raclette. Why? Raw raclette is pungent stuff. It's hard to describe the smell, but I've heard it described as a cross between sweat socks, vomit, and curdled milk. To say that it stinks is a polite understatement. So, why on earth would anyone eat it? Because when you cook it, you somehow cook the stink out of it, and what's left is sublime. It's a sort of oily cheese, and you get something like the best pizza or nacho cheese you've ever had. I've hea...
3 comments
Read more