Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum

> Why is there this rhetoric as if all of the bugs in JS crypto are unique to
> JS crypto? These breaks happen in other platforms too, but simply occur in
> different forms. However, overwhelmingly, the frequency and severity do
> compare.

There are specific bugs in the JS crypto library and as a result, the
rest of the software breaks, badly.

> 
> I think that there is a lot of optimism to be had if we look at the recent
> Pwn2Own results — Chrome's sandboxing prove exceptionally difficult to
> break, while Chrome OS was actually unbroken. These are web technologies
> and they are performing very impressively on the security front.
> 

Actually, I was at Pwn2Own with Ralf and he owned it. Though there was
small timing dispute about the contest though, so he polished it up and
gave it to them after pwn2own:

 
http://googlechromereleases.blogspot.de/2013/04/stable-channel-update-for-chrome-os.html

That he sat on the bug for a while does not really suggest good things
about the security of the platform. Though I like ChromeOS and Chrome -
still, it was not unbroken by any means.

> Nothing is perfect, but there's also a selection and confirmation bias
> where we pretend that just because a class of security considerations is
> new, that it must therefore be more present in severity and frequency than
> other flaws. However it's largely, if of course never entirely, a matter of
> perception.
> 

Javascript web crypto has all of the problems of traditional crypto
without a solid basis on which to build. As a result, the application on
top has some set of unknown issues and the underlying library code does
as well. This is especially true with homebaked crypto protocols and
those issues are realistically compounded by say, a broken library that
does some standard thing but does it badly.

It is often said that "Nothing is perfect" as if this excuses known to
be dangerous constructions. So rather than repeat that until I'm blue in
the face, I'll offer a corollary point to move past the rhetoric: Many
projects are exponentially worse through compounding failures that are
almost completely avoidable in production software. The concern is not
perfection, it is about repeating the mistakes of the past and
compounding them with the arrogance of the future.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Griffin Boyce
Jacob Appelbaum  wrote:

> Spoofing? I mean, I suspect impersonating a phone requires knowledge of
> secret keys on the telephone. So to own the phone as you suggest, I
> think you'd have to have the phone already or control the BES.


  Probably.


> > Maybe.  I'd wager it's much worse.  Depends on those affected.
>
> Ok... was there something here that I'm missing? If you can downgrade
> the security that the BES would otherwise offer, you'd end up with...
> the default BlackBerry "security" protections.
>

  Yes. If someone pwns the BES (the Windows server that it's on), they wind
up with patient lists, browser history, potentially any medical information
on the device. Phone security in medicine (especially telemedicine) starts
out scary and just keeps going.


> Install Gibberbot, OTR comes for free.
>

  Not my point. Training and support for Gibberbot/OTR is not negligible.
Not every cost is financial.


> Neither requires an advanced user - both are so simple as to not require
> anything beyond remembering a single password, which can even be set to
> something simple, if you wanted.
>

Very good to know.  =)

Yes, both are more expensive than free but compared to a BlackBerry
> device with a BES? Negligible cost differences.
>

  They're not "more expensive than free," my understanding is that they're
more expensive than a thousand dollars.  Compare to an average BlackBerry
user who might spend $200 and renew their contract.  Enterprise users are
another category entirely and usually have their devices covered by their
employer.

Oh? How so? What did you go with and how does it contrast? For example
> the new Android Cryptophone has a baseband firewall - does your kit have
> something similar?
>

  We opted for the combination of more travel and encrypted chat.  When I
looked at costs vs features, I was more comfortable with that setup.  It
also seemed obnoxious to ask her to carry a phone that is just for talking
to me :D  And *I* rarely carry a phone because of security concerns.  So
overall it just didn't seem like a fit.

  Cryptophones are sexy as hell, but expensive, and not always the right
choice.

I'm not sure that I'd call my choice a bias.
>

  Most choices have some amount of bias inherent in them. Considering the
human factors here, yeah, it's probably biased to some extent on both sides

best,
Griffin

-- 
Technical Program Associate, Open Technology Institute
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Nadim Kobeissi
NK


On Mon, Apr 29, 2013 at 9:23 PM, Jacob Appelbaum wrote:

> Griffin Boyce:
> > Jacob Appelbaum  wrote:
> >
> >>> You already know this, but for the benefit of the list 
> >>
> >> Unless these are on a BES server - it's all insecure - if it is on a BES
> >> server, it may still be insecure depending on a few factors.
> >>
> >
> >   Depends on whether they enable SMS logging, but that only requires
> > setting a flag. Phone call metadata is stored by default. The multitude
> of
> > things stored on / synced with is extensive, and includes email, address
> > book, browser history, and list of all apps installed.  It can also
> access
> > the Password Keeper file remotely (you'd still need to brute force the
> main
> > password, but it's likely trivial).
> >
>
> Right - so without a BES server - the entire cell phone network would
> get this data, with a few exceptions.
>
> >   If a user sets up sync, someone spoofing their phone could retrieve the
> > whole shebang, including all messages.
>
> Spoofing? I mean, I suspect impersonating a phone requires knowledge of
> secret keys on the telephone. So to own the phone as you suggest, I
> think you'd have to have the phone already or control the BES.
>
> >
> >> What REALLY scares me about this is how many medical providers use
> >>> Blackberry products in their practices.
> >> Well, sure. It would be as bad as every other BlackBerry device
> >> normally. A real joy, I tell you.
> >>
> >
> > Maybe.  I'd wager it's much worse.  Depends on those affected.
>
> Ok... was there something here that I'm missing? If you can downgrade
> the security that the BES would otherwise offer, you'd end up with...
> the default BlackBerry "security" protections.
>
> >
> >
> >> There are obviously degrees of secure.
> >>
> >
> >   There are also degrees of availability/access/usability.  As a tech guy
> > with a lot of non-techy friends, the amount of work involved to get my
> > close friends using Pidgin+OTR has been non-trivial.  For many options,
> > there are usability issues, class issues, that keep adoption pretty low.
> >
>
> Install Gibberbot, OTR comes for free. The same is true for Adium. It
> will soon be the case when I get around to importing pidgin-otr into
> pidgin's hg repository.
>
> >   And what does it mean to be one of a privileged subset who can get
> ahold
> > of eg a VOIP STE or buy a set of Cryptophones.  For the first, you need
> > connections, and for both you need to be an advanced user (not to mention
> > have the money to afford them).  Most people would picture the costs of
> > adoption to be greater than the benefits of adoption.
> >
>
> Neither requires an advanced user - both are so simple as to not require
> anything beyond remembering a single password, which can even be set to
> something simple, if you wanted.
>
> Yes, both are more expensive than free but compared to a BlackBerry
> device with a BES? Negligible cost differences.
>
> > I suggest you check out Cryptophone
> >
> >
> >   I've considered getting a pair for my girlfriend and myself, but other
> > options have proven to be a better fit.
>
> Oh? How so? What did you go with and how does it contrast? For example
> the new Android Cryptophone has a baseband firewall - does your kit have
> something similar?
>
> >
> > GibberBot with OTR provides the same set of features without all of the
> >> home rolled crypto problems, the web related problems or a third party
> >> that you're not already using on a daily basis.
> >>
> >
> >   Well, I'm using it on a daily basis.  We're both biased in different
> > directions ;-)
> >
>
> I'm not sure that I'd call my choice a bias.
>
> Many people use XMPP/Jabber already and they get federation for free -
> just as they do with email and in some cases, it is the same address for
> both email and Jabber.
>
> The crypto is similarly not subject to the bleeding edge Javascript
> crypto world; I'm sure there are issues with everything though recently
> the Stanford Javascript library did sorta accidentally break uh, what,
> everything using it?
>

Why is there this rhetoric as if all of the bugs in JS crypto are unique to
JS crypto? These breaks happen in other platforms too, but simply occur in
different forms. However, overwhelmingly, the frequency and severity do
compare.

I think that there is a lot of optimism to be had if we look at the recent
Pwn2Own results — Chrome's sandboxing prove exceptionally difficult to
break, while Chrome OS was actually unbroken. These are web technologies
and they are performing very impressively on the security front.

Nothing is perfect, but there's also a selection and confirmation bias
where we pretend that just because a class of security considerations is
new, that it must therefore be more present in severity and frequency than
other flaws. However it's largely, if of course never entirely, a matter of
perception.


> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change passwor

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum
Griffin Boyce:
> Jacob Appelbaum  wrote:
> 
>>> You already know this, but for the benefit of the list 
>>
>> Unless these are on a BES server - it's all insecure - if it is on a BES
>> server, it may still be insecure depending on a few factors.
>>
> 
>   Depends on whether they enable SMS logging, but that only requires
> setting a flag. Phone call metadata is stored by default. The multitude of
> things stored on / synced with is extensive, and includes email, address
> book, browser history, and list of all apps installed.  It can also access
> the Password Keeper file remotely (you'd still need to brute force the main
> password, but it's likely trivial).
> 

Right - so without a BES server - the entire cell phone network would
get this data, with a few exceptions.

>   If a user sets up sync, someone spoofing their phone could retrieve the
> whole shebang, including all messages.

Spoofing? I mean, I suspect impersonating a phone requires knowledge of
secret keys on the telephone. So to own the phone as you suggest, I
think you'd have to have the phone already or control the BES.

> 
>> What REALLY scares me about this is how many medical providers use
>>> Blackberry products in their practices.
>> Well, sure. It would be as bad as every other BlackBerry device
>> normally. A real joy, I tell you.
>>
> 
> Maybe.  I'd wager it's much worse.  Depends on those affected.

Ok... was there something here that I'm missing? If you can downgrade
the security that the BES would otherwise offer, you'd end up with...
the default BlackBerry "security" protections.

> 
> 
>> There are obviously degrees of secure.
>>
> 
>   There are also degrees of availability/access/usability.  As a tech guy
> with a lot of non-techy friends, the amount of work involved to get my
> close friends using Pidgin+OTR has been non-trivial.  For many options,
> there are usability issues, class issues, that keep adoption pretty low.
> 

Install Gibberbot, OTR comes for free. The same is true for Adium. It
will soon be the case when I get around to importing pidgin-otr into
pidgin's hg repository.

>   And what does it mean to be one of a privileged subset who can get ahold
> of eg a VOIP STE or buy a set of Cryptophones.  For the first, you need
> connections, and for both you need to be an advanced user (not to mention
> have the money to afford them).  Most people would picture the costs of
> adoption to be greater than the benefits of adoption.
> 

Neither requires an advanced user - both are so simple as to not require
anything beyond remembering a single password, which can even be set to
something simple, if you wanted.

Yes, both are more expensive than free but compared to a BlackBerry
device with a BES? Negligible cost differences.

> I suggest you check out Cryptophone
> 
> 
>   I've considered getting a pair for my girlfriend and myself, but other
> options have proven to be a better fit.

Oh? How so? What did you go with and how does it contrast? For example
the new Android Cryptophone has a baseband firewall - does your kit have
something similar?

> 
> GibberBot with OTR provides the same set of features without all of the
>> home rolled crypto problems, the web related problems or a third party
>> that you're not already using on a daily basis.
>>
> 
>   Well, I'm using it on a daily basis.  We're both biased in different
> directions ;-)
> 

I'm not sure that I'd call my choice a bias.

Many people use XMPP/Jabber already and they get federation for free -
just as they do with email and in some cases, it is the same address for
both email and Jabber.

The crypto is similarly not subject to the bleeding edge Javascript
crypto world; I'm sure there are issues with everything though recently
the Stanford Javascript library did sorta accidentally break uh, what,
everything using it?

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Griffin Boyce
Jacob Appelbaum  wrote:

> > You already know this, but for the benefit of the list 
>
> Unless these are on a BES server - it's all insecure - if it is on a BES
> server, it may still be insecure depending on a few factors.
>

  Depends on whether they enable SMS logging, but that only requires
setting a flag. Phone call metadata is stored by default. The multitude of
things stored on / synced with is extensive, and includes email, address
book, browser history, and list of all apps installed.  It can also access
the Password Keeper file remotely (you'd still need to brute force the main
password, but it's likely trivial).

  If a user sets up sync, someone spoofing their phone could retrieve the
whole shebang, including all messages.

> What REALLY scares me about this is how many medical providers use
> > Blackberry products in their practices.
> Well, sure. It would be as bad as every other BlackBerry device
> normally. A real joy, I tell you.
>

Maybe.  I'd wager it's much worse.  Depends on those affected.


> There are obviously degrees of secure.
>

  There are also degrees of availability/access/usability.  As a tech guy
with a lot of non-techy friends, the amount of work involved to get my
close friends using Pidgin+OTR has been non-trivial.  For many options,
there are usability issues, class issues, that keep adoption pretty low.

  And what does it mean to be one of a privileged subset who can get ahold
of eg a VOIP STE or buy a set of Cryptophones.  For the first, you need
connections, and for both you need to be an advanced user (not to mention
have the money to afford them).  Most people would picture the costs of
adoption to be greater than the benefits of adoption.

I suggest you check out Cryptophone


  I've considered getting a pair for my girlfriend and myself, but other
options have proven to be a better fit.

GibberBot with OTR provides the same set of features without all of the
> home rolled crypto problems, the web related problems or a third party
> that you're not already using on a daily basis.
>

  Well, I'm using it on a daily basis.  We're both biased in different
directions ;-)

best,
Griffin

-- 
Technical Program Associate, Open Technology Institute
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum
Griffin Boyce:
> Jacob Appelbaum  wrote:
> 
>> Griffin Boyce:
>>> I disagree.  Blackberry isn't openly selling your data or
>>> otherwise gifting it to third parties, but I don't think that's
>>> really enough.
>> 
>> That is exactly what they're doing. They have a key that is static
>> and from what I've heard, disclosed to LE and intel agencies,
>> specifically to retain or to enhance their marketshare.
>> 
> 
> Well, their market share is enhanced more by shiny packaging and 
> bullshitting their customers into thinking their phones are secure.
> 

That is exactly my point. They're selling out their end users because
their real "customers" are either carriers or governments.

> 
>>> Keep in mind that all PINs are 8-digit hex strings. Narrows the
>>> field a bit. ;P
>> The PIN is just the hardware identifier as I understand things -
>> that isn't my concern - my concern is the fixed key.
> 
> 
> Granted, but you need to determine the PIN (and then spoof it), for 
> PIN-to-PIN Blackberry messages.
> 

Neither of those things matters to me at all. That is - if I can decrypt
your messages, I can trivially recover your PIN if you ever send any
message with it, ever.

> You already know this, but for the benefit of the list:  There's a 
> difference between BBM messages and Pin-to-Pin messages.  With BBM,
> you have to request permission to be added to their list and then you
> both mutually approve each other.  With Pin-to-Pin, you can send
> anyone a message if you have their PIN.  A PIN message is similar to
> email, and displays red in your "messages" queue. BBM is threaded and
> closer to chat. As of Blackberry v10 (I believe), BBM no longer uses
> a PIN, but the BBID.
> 

Unless these are on a BES server - it's all insecure - if it is on a BES
server, it may still be insecure depending on a few factors.

> Also, while a PIN message can be encrypted, the default option on
> both a BES ~and~ PIN messages is to not be encrypted.

Solidly awful.

> 
> What REALLY scares me about this is how many medical providers use 
> Blackberry products in their practices.  A stolen PIN coupled with a
> poorly set-up BES could lead to a serious privacy breach.

Well, sure. It would be as bad as every other BlackBerry device
normally. A real joy, I tell you.

> 
> Andrés Leopoldo Pacheco Sanfuentes  wrote:
> 
>> Are there "truly secure" solutions? I don't think so.. especially
>> not when we add the qualifier "of mass consumption "
>> 
> That's probably the real question.  It probably doesn't exist with 
> off-the-shelf solutions.

Yes, it does. There have been off-the-shelf solutions for decades. Some
require a clearance or connections (eg: STU-III), others require money
(eg: cryptophone ), still others require some technical skill (eg:
Guardian apps on Android).

There are obviously degrees of secure.

> TextSecure is useful and secure, but the
> network effect applies there as everywhere else.  If I send you an
> encrypted text, and you don't use the same app, you can't reasonably
> decrypt it.

That isn't really a problem as far as I'm concerned.

> Cryptocat mobile would be a game-changer here, but it
> also doesn't allow for asynchronous communication since it's a chat
> program.  And both parties would still need to use it.
> 

GibberBot with OTR provides the same set of features without all of the
home rolled crypto problems, the web related problems or a third party
that you're not already using on a daily basis.

> I'm not sure there's a full solution right now.  Definitely a market 
> opportunity.
>

I suggest you check out Cryptophone:

 http://www.cryptophone.de/

I've been a reasonably happy user on and off since ~2003.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Guido Witmond

On 04/29/2013 10:49 PM, Andrés Leopoldo Pacheco Sanfuentes wrote:

Are there "truly secure" solutions? I don't think so.. especially not
when we add the qualifier "of mass consumption "


I'm not sure. But I've given it a try. I call it eccentric 
authentication. See [1], [2], [3].



In short:

It uses client side certificates (with private keys). Each account at 
each site uses a different key and is a different identity.


Each site signs the certificates for its own site *only*. It uses a 
First Party CA for that. That CA signs every request when the CommonName 
is still available. (that's important). But only that.
By signing the site can recognise its customers based upon the 
certificate and private key.


Customers can do more. They can sign blog entries at the site with their 
private key, creating an unforgeable identity amongst other site-users.


I define a registry of (dis)honesty that keeps the sites and there CA's 
honest with respect to keeping the CommonName unique at their site. This 
is important.


The protocol uses DNSSEC and DANE to distribute server keys. There can 
be only one First-Party CA for each domain name.


These two make the CN@Sitename a global unique identifier, although 
completely pseudonymous. Use Tor to hide IP-addresses and become anonymous.


With decoupling identities from message addressing we can have private, 
secure messaging between total strangers. The only thing they need to 
trust is their computer and software and the DNSSEC root key.


Regards,
Guido Witmond.

[1] http://witmond.nl/eccentric-authentication/introduction.html
[2] 
http://witmond.nl/blog/2012/10/22/announcing-eccentric-authentication.html
[3] 
http://witmond.nl/blog/2012/10/22/the-worlds-most-private-dating-site.html



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Griffin Boyce
Jacob Appelbaum  wrote:

> Griffin Boyce:
> >   I disagree.  Blackberry isn't openly selling your data or otherwise
> > gifting it to third parties, but I don't think that's really enough.
>
> That is exactly what they're doing. They have a key that is static and
> from what I've heard, disclosed to LE and intel agencies, specifically
> to retain or to enhance their marketshare.
>

  Well, their market share is enhanced more by shiny packaging and
bullshitting their customers into thinking their phones are secure.


> > Keep in mind that all PINs are 8-digit hex strings. Narrows the field a
> > bit. ;P
> The PIN is just the hardware identifier as I understand things - that
> isn't my concern - my concern is the fixed key.


  Granted, but you need to determine the PIN (and then spoof it), for
PIN-to-PIN Blackberry messages.

  You already know this, but for the benefit of the list:  There's a
difference between BBM messages and Pin-to-Pin messages.  With BBM, you
have to request permission to be added to their list and then you both
mutually approve each other.  With Pin-to-Pin, you can send anyone a
message if you have their PIN.  A PIN message is similar to email, and
displays red in your "messages" queue. BBM is threaded and closer to chat.
 As of Blackberry v10 (I believe), BBM no longer uses a PIN, but the BBID.

  Also, while a PIN message can be encrypted, the default option on both a
BES ~and~ PIN messages is to not be encrypted.

  What REALLY scares me about this is how many medical providers use
Blackberry products in their practices.  A stolen PIN coupled with a poorly
set-up BES could lead to a serious privacy breach.

Andrés Leopoldo Pacheco Sanfuentes  wrote:

> Are there "truly secure" solutions? I don't think so.. especially not when
> we add the qualifier "of mass consumption "
>
  That's probably the real question.  It probably doesn't exist with
off-the-shelf solutions.  TextSecure is useful and secure, but the network
effect applies there as everywhere else.  If I send you an encrypted text,
and you don't use the same app, you can't reasonably decrypt it. Cryptocat
mobile would be a game-changer here, but it also doesn't allow for
asynchronous communication since it's a chat program.  And both parties
would still need to use it.

  I'm not sure there's a full solution right now.  Definitely a market
opportunity.

best,
Griffin

-- 
Technical Program Associate, Open Technology Institute
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Andrés Leopoldo Pacheco Sanfuentes
Are there "truly secure" solutions? I don't think so.. especially not when
we add the qualifier "of mass consumption "
On Apr 29, 2013 2:44 PM, "Griffin Boyce"  wrote:

> Andreas Bader  wrote:
>
>> Blackberry secures the connection if other firms want to get your data.
>> If the government wants it then you should better use open source
>> encrypted  Hardware.
>> I have been a BB user for years, but there are some mail accounts that
>> are only used on my Laptop, not on the BB.
>>
>> Andreas
>>
>
>   I disagree.  Blackberry isn't openly selling your data or otherwise
> gifting it to third parties, but I don't think that's really enough.
>
>   To me, it's disingenuous for companies to promote secure solutions that
> they know allow some kind of backdoor access.
>
> Jacob Appelbaum  wrote:
>
>> What an embarrassing joke
>>
>
> Keep in mind that all PINs are 8-digit hex strings. Narrows the field a
> bit. ;P
>
> ~Griffin
>
> --
> Technical Program Associate, Open Technology Institute
> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum
Griffin Boyce:
> Andreas Bader  wrote:
> 
>> Blackberry secures the connection if other firms want to get your data.
>> If the government wants it then you should better use open source
>> encrypted  Hardware.
>> I have been a BB user for years, but there are some mail accounts that
>> are only used on my Laptop, not on the BB.
>>
>> Andreas
>>
> 
>   I disagree.  Blackberry isn't openly selling your data or otherwise
> gifting it to third parties, but I don't think that's really enough.

That is exactly what they're doing. They have a key that is static and
from what I've heard, disclosed to LE and intel agencies, specifically
to retain or to enhance their marketshare.

> 
>   To me, it's disingenuous for companies to promote secure solutions that
> they know allow some kind of backdoor access.
> 
> Jacob Appelbaum  wrote:
> 
>> What an embarrassing joke
>>
> 
> Keep in mind that all PINs are 8-digit hex strings. Narrows the field a
> bit. ;P
> 

The PIN is just the hardware identifier as I understand things - that
isn't my concern - my concern is the fixed key.

All the best,
Jake

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Anthony
On 04/29/2013 02:44 PM, Griffin Boyce wrote:
> Andreas Bader  > wrote:
> 
> Blackberry secures the connection if other firms want to get your data.
> If the government wants it then you should better use open source
> encrypted  Hardware.
> I have been a BB user for years, but there are some mail accounts that
> are only used on my Laptop, not on the BB.
> 
> Andreas
> 
> 
>   I disagree.  Blackberry isn't openly selling your data or otherwise
> gifting it to third parties, but I don't think that's really enough.
> 
>   To me, it's disingenuous for companies to promote secure solutions
> that they know allow some kind of backdoor access.

And, really, if there's a backdoor, the company can't really claim your
communications are secure. As someone else here said, if it's available
to them it's available to anybody. It's just a matter of someone outside
of Blackberry figuring out how to get to the communication.

Anthony Papillion



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Griffin Boyce
Andreas Bader  wrote:

> Blackberry secures the connection if other firms want to get your data.
> If the government wants it then you should better use open source
> encrypted  Hardware.
> I have been a BB user for years, but there are some mail accounts that
> are only used on my Laptop, not on the BB.
>
> Andreas
>

  I disagree.  Blackberry isn't openly selling your data or otherwise
gifting it to third parties, but I don't think that's really enough.

  To me, it's disingenuous for companies to promote secure solutions that
they know allow some kind of backdoor access.

Jacob Appelbaum  wrote:

> What an embarrassing joke
>

Keep in mind that all PINs are 8-digit hex strings. Narrows the field a
bit. ;P

~Griffin

-- 
Technical Program Associate, Open Technology Institute
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Andreas Bader
Griffin Boyce:
> Jacob Appelbaum  wrote:
> 
>> When people ask how secure BBIM is - I suppose we can now cite RIM's
>> official documentation on the topic - without a BES server, it's
>> encrypted with a key that is embedded in all handsets.
>>
> 
>   This was critical in the London Riots case back in 2011.  As most people
> on this list know, building in the ability to decrypt *some* users means
> that they can decrypt *all* users.  Which is basically what happened [1].
> 
> Surely someone has already extracted this Triple DES 168-bit key, right?
> 
> 
>   Yep, though you may not even need it if you use another Blackberry device
> (and not, say, a laptop).  A Blackberry device can spoof the PIN of another
> and read all of its messages.  It's been a bit of a controversial topic for
> a few years now, as you might imagine.
> 
>   BBM is perhaps *slightly* more secure than plain email or SMS, but users
> aren't protected in case of government interest or vindictive exes.
> 
> best,
> Griffin Boyce
> 
> [1]
> http://www.guardian.co.uk/uk/2011/aug/15/mi5-social-messaging-riot-organisers-police
> 

Blackberry secures the connection if other firms want to get your data.
If the government wants it then you should better use open source
encrypted  Hardware.
I have been a BB user for years, but there are some mail accounts that
are only used on my Laptop, not on the BB.

Andreas

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum
Griffin Boyce:
> Jacob Appelbaum  wrote:
> 
>> When people ask how secure BBIM is - I suppose we can now cite RIM's
>> official documentation on the topic - without a BES server, it's
>> encrypted with a key that is embedded in all handsets.
>>
> 
>   This was critical in the London Riots case back in 2011.  As most people
> on this list know, building in the ability to decrypt *some* users means
> that they can decrypt *all* users.  Which is basically what happened [1].
> 
> Surely someone has already extracted this Triple DES 168-bit key, right?
> 
> 
>   Yep, though you may not even need it if you use another Blackberry device
> (and not, say, a laptop).  A Blackberry device can spoof the PIN of another
> and read all of its messages.  It's been a bit of a controversial topic for
> a few years now, as you might imagine.
> 
>   BBM is perhaps *slightly* more secure than plain email or SMS, but users
> aren't protected in case of government interest or vindictive exes.

This document outlines the entire problem very well:

  http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html


What an embarrassing joke.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


Re: [liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Griffin Boyce
Jacob Appelbaum  wrote:

> When people ask how secure BBIM is - I suppose we can now cite RIM's
> official documentation on the topic - without a BES server, it's
> encrypted with a key that is embedded in all handsets.
>

  This was critical in the London Riots case back in 2011.  As most people
on this list know, building in the ability to decrypt *some* users means
that they can decrypt *all* users.  Which is basically what happened [1].

Surely someone has already extracted this Triple DES 168-bit key, right?


  Yep, though you may not even need it if you use another Blackberry device
(and not, say, a laptop).  A Blackberry device can spoof the PIN of another
and read all of its messages.  It's been a bit of a controversial topic for
a few years now, as you might imagine.

  BBM is perhaps *slightly* more secure than plain email or SMS, but users
aren't protected in case of government interest or vindictive exes.

best,
Griffin Boyce

[1]
http://www.guardian.co.uk/uk/2011/aug/15/mi5-social-messaging-riot-organisers-police

-- 
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] BlackBerry and CALEA-II

2013-04-29 Thread Jacob Appelbaum
Hi,

I've long heard things about BlackBerry and RIM regarding BBIM. I was
unable to substantiate until this morning when a friend pointed me at this:


http://docs.blackberry.com/en/admin/deliverables/21760/PIN_encryption_keys_for_BBM_1840226_11.jsp

The relevant part is here:

"The PIN encryption key is a Triple DES 168-bit key that a BlackBerry®
device uses to encrypt BlackBerry® Messenger messages that it sends to
other devices and to authenticate and decrypt BlackBerry Messenger
messages that it receives from other devices. If a BlackBerry device
user knows the PIN of another device, the user can send a BlackBerry
Messenger message to the device. Before a user can send a BlackBerry
Messenger message, the user must invite the recipient to add the user to
the recipient's contact list.

"By default, each device uses the same global PIN encryption key, which
Research In Motion adds to the device during the manufacturing process.
The global PIN encryption key permits every device to authenticate and
decrypt every BlackBerry Messenger message that the device receives.
Because all devices share the same global PIN encryption key, there is a
limit to how effectively BlackBerry Messenger messages are encrypted.
BlackBerry Messenger messages are not considered as confidential as
email messages that are sent from the BlackBerry® Enterprise Server,
which use BlackBerry transport layer encryption. Encryption using the
global PIN encryption key is sometimes referred to as "scrambling".

When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.

I've heard other things relating to similar intentional cryptographic
designs - stuff that also makes me question the BES solutions - though
this largely comes from the fact that I believe one can't trust people
who backdoor their *some* of their users.

Surely someone has already extracted this Triple DES 168-bit key, right?

And surely, this key is only used for BBIM, right? And surely, the rest
of the data in and out of the device isn't using other static keys,
right? :-)

I think this basically represents the kind of stuff we're going to see
if this CALEA-II like legislation comes to pass:


http://www.washingtonpost.com/world/national-security/proposal-seeks-to-fine-tech-companies-for-noncompliance-with-wiretap-orders/2013/04/28/29e7d9d8-a83c-11e2-b029-8fb7e977ef71_story.html

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech