Simpson Garfinkel on creepy cryptographic action at a distance
Excellent to read. One example:
Consider the case of basic public-key cryptography, in which a person’s public and private keys are created together in a single operation. These two keys are not related to quantum physics, but to mathematics.
When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine. Typically, I generate a public and private key pair on my laptop and upload the public key to Amazon, which stores my public key in the server’s admin account. So my laptop and this uninstall server are confused because the only way to get into the server is to use the key on my laptop. And since that admin account can do anything to that server, read sensitive data, hack the web server to install malware on people who visit its web pages, or anything else I’d like to do, the private key on my laptop poses a security risk to this server.
That’s why it’s impossible to evaluate a server and know if it’s secure: as long as that private key exists on my laptop, that server has a vulnerability. But if I remove that private key, the vulnerability disappears. By removing the data, I removed the risk to the server’s security and its security increased. It’s really confusing! And it’s terrifying: the server hasn’t changed a single bit, but it’s more secure.
I read everything.
Bruce Schneier sidebar photo by Joe McInnis.
