Note - I give anyone and everyone my express permission to mirror or otherwise repost this article, anywhere in the world and for all time.
Dedication - To two wonderful friends I have abroad, each of whom has helped me greatly in his and her own way. My best wishes to both of you -- and keep safe!
IntroductionBack in the 1950's, the Egyptian
(
Read more... )
It's not "magical", but it does "allow brute-forcing" previously "unbreakable encryption keys." The reason why is that it acts as a multiplier to processing power of a system's capability. (The trade-off is that the system becomes more delicate, as it can crash by prematurely collapsing its state).
This of course does not make the system infinitely capable. But it does allow the system to do things a conventional system could not. When quantum computing was developed, a whole bunch of cryptographic systems which had previously been deemed mathematically "unbreakable" became "breakable."
One time pads are still unbreakable, but that's a system unavailable for the purposes of most users, and completely unavailable to TPM-based systems because they need to be able to access each other remotely and unpredictably in order to perform their distributed security function.
Furthermore, it's not an issue of brute force or subtler techniques, it's an issue of brute force and subtler techniques. Quantum computing allows the application of more brute force to existing subtler techniques.
The TPM is a potential vulnerability, but you seem to have missed my point that it's no different from any other potential vulnerability that arises from large number of machines having the same chips and/or software running on them (e.g., Windows).
Actually, it is different, and here's the difference: TPM requires that you let strange systems have at least limited access to your own computer, because without such access the distributed security system doesn't work. This offers a potential back door into your system, which can be opened wide enough to let an intruder completely in if he has cracked his own TPM chip (automatic for those with access to the manufacturers' information and proven possible even for those without) and he can guess your half of the password. Normally this last part would be the deal-killer, but the combination of user stupidity (half of all users choose dangerously-easy passwords) and the alliance of sophisticated techniques with repeated brute-force attacks open the backdoors into many systems for attackers with the resources of Powers or major Organizations backing them. And what's worse, if the user is on an intranet, this may open up the whole intranet to the attacker.
Note that I said "intranet," not "internet." An "intranet" is a local network. The "internet" is the global network. Intranets can be (and usually are) attached to the Internet. Examples of intranets are the arrangements of computers found in most business office suites, or in the home of someone with multiple computers and the desire to create one.
And that this is not some new thing that was cooked up in 2011 to suddenly be thrust upon the entire world, as your article implies; the technology has been around, and in use, for over ten years.
The "new thing" is that in later implementations of TPM the distributed security feature becomes mandatory: there is no designed way to turn off remote access to one's own computer. (This doesn't mean that it's not theoretically possible to do so, it just means that it requires actually cracking the system).
Reply
The difference is that massacring protesters must be done overtly, while selected and targeted copying, deletion or editing of dissidents' files could be done covertly. This makes such cyber-strikes much more attractive and deniable to an overweening President.
Moreover, my point was not that the NSA doesn't need to be watched and even feared, but that particularly all the non-U.S. citizens throwing conniptions because their metadata might have been collected in a databases somewhere (and I wish people would actually familiarize themselves with what "metadata" means - it does not mean "the NSA is reading your email") seem completely oblivious to the fact that Russia, China, Iran, and other countries (including their own) are very likely doing similar things, with a lot less oversight or accountability.
Did you actually read my whole article? One of the sections under "threats" discusses exactly this scenario, and it argues that TPM makes us much more vulnerable to such foreign cyber-attacks, while lulling us into a false sense of security against them. I directly analogized it to the way in which the Axis was vulnerable to codebreaking in World War II!
Reply
Er, no, it became theoretically possible to break them in a much shorter period of time using quantum parallelism. Quantum computers would effectively represent a quantum (heh) leap in processing power. Now, it's been a while since I was current in that particular area, but to my knowledge, a practical quantum computer that can break modern encryption has yet to be developed and most experts are skeptical that we are ever going to see an end to modern encryption as some of the more fanciful claims about the capabilities of quantum computing have predicted.
Experiments in quantum physics have theoretically communicated information bits faster than light, but we're no closer to building an Ansible.
I appreciate you explaining to me what an intranet is /sarcasm, but the "insider threat" problem is also not a new one, nor the problem of weak and insecurely communicated passwords.
I am not saying your concerns about the TPM representing a point of vulnerability are invalid. I'm saying (a) there are countermeasures, and the vulnerability, even if exploited, is very unlikely to allow a threat on the "doomsday" scale you are proposing, and (b) there already exist vulnerabilities that are much easier to exploit. How much do you trust your operating system? How do you know your OS doesn't have a backdoor built into it? Or an exploit? Yes, you have more choice over OSes than you do with hardware, but the vast majority of the world runs on a very small set of OSes and enterprise software, which is being cracked all the time.
My point about foreign outrage over U.S. surveillance was somewhat of a tangent (the French and the Germans are shocked, shocked!, that there is gambling going on in the casino *rolleyes*), but the way in which Axis codes were broken is far more analogous to my scenario (vulnerability in a common Operating System, or in the Germans' case, the Enigma machine) than yours (in which the closest analogy would be discovering that every radio used by the Axis had a switch that could be made to secretly transmit all their signals in the clear).
As for the President ordering the NSA to conduct surveillance and espionage against his domestic enemies, I do wonder just how you envision that working. Neither the President nor the Attorney General have the legal authority to order the Director of the NSA to do things that are explicitly spelled out as unconstitutional. For him to do what you are suggesting on any kind of scale would require a deeply corrupt government all the way down to the rank-and-file, in which case, again, we're all screwed anyway. Is it possible that some kind of shadow cabinet could be running black ops, with the complicity of a few high-ranking officials (in this scenario, you'd certainly have to include either the DIRNSA or some very highly-placed subordinates who are acting without the DIRNSA's knowledge). Yes, but the probability of this going on without being exposed eventually is very low. See: the Church Committee.
To be clear, I am all for transparency (which is a difficult thing to balance with legitimate national security concerns) and very stringent safeguards and oversight. But my point is that you seem to think that an Evil President can simply order any government agency to do whatever he likes. For someone prone to lecturing on how the Constitution works, I find this a strangely uninformed position for you to take.
Reply
(For those who are maybe a little less familiar with quantum computing: So, one of the big ways that modern security - RSA, let's say - works is by relying on certain properties of very large prime numbers. It turns out to be very time-consuming to factor a product of two extremely large primes; without doing this factoring, it is difficult/impossible to break the relevant encryptions.
With a sufficiently large quantum computer, though, it's possible to check all possible factorings simultaneously. Don't think of this as the computer being just "faster," or even "orders of magnitude faster": think of this as taking something that formerly took anywhere from a second to a few thousand years and making it always take a flat few seconds.
The reason we can still use things like RSA, then, is that there are - to our knowledge - no quantum computers large enough to allow this kind of work to be done on the kinds of very big primes currently in use. If that stops being true - if quantum computers of appropriate size are developed - everything changes, cryptographically-speaking.)
Reply
Well yeah -- that's what I meant by "orders of magnitude faster." An order of magnitude is a factor of 10 -- if something would normally take a millennium and now takes a second, it is roughly 10 orders of magnitude faster, as a millennium is some 30 trillion seconds long.
I think the limitation on quantum computing is resolution of the results -- you have to arrange the circuit very delicately to avoid premature collapse of the wave function and past a certain point of complexity your detection equipment wouldn't be able to figure out what the wave was doing fast enough to be of any use. Wouldn't the ultimate limit on performance here be the Heisenberg one itself, such that sufficiently complex problems would require absurdly large quantum computers?
Reply
Right, but it's not so much about the fact that the time is different as it is that the growth of the time is different - we move from time that's super-polynomial on the length of the product to time that's something like linear on the length of the product. That's a bigger deal, from an algorithmic point of view, than even a very large constant-factor speed-up.
Wouldn't the ultimate limit on performance here be the Heisenberg one itself, such that sufficiently complex problems would require absurdly large quantum computers?
*shrugs* Really depends on how far you're willing to push "ultimate," I guess. Quantum computing at a reasonable scale - let's say the storage capabilities of the traditional computers of a few decades ago - would smash anything remotely like current RSA, I think.
Reply
Oh, it's not that everyone at the NSA (or CIA, or FBI, or whatever alphabet-soup agency is under discussion) is utterly ruthless and disloyal to the Constitution. It's that all the President (who remember, as the ultimate boss of all these agencies has a lot with which to offer or threaten the ambitious or weak-willed) needs to do is find a few corruptible minions to do his bidding and oppress his personal enemies.
Remember, by the nature of things an intelligence agency such as the NSA works under compartmentalized security (exactly what the TMP chip lacks). So if (say) Project Nineveh and Tyre, composed of three guys whose job it is (for argument's sake) to frame dissidents for child pornography and tax evasion, is massively violating the Constitution, there's no reason why other parts of the NSA necessarily know what they're doing. The vast majority of NSA agents could be honest defenders of the Republic, while a few villains were dong the tyrant's bidding.
Reply
Leave a comment