Wednesday, June 07, 2017

The insanity of trying to control encryption...

Politicians and social commentators keep throwing up this idea that encryption is;
  • Bad (the bolt-hole for terrorists/paedophiles)
  • Somehow controllable (back doors, side doors) by the state.
It's clear that people like Amber Rudd either have no idea (or more likely choose to have no idea) about the nature of data encryption. If you want a little primer I did an intro around a year ago and so thus armed you can explain the difference between symmetric and public-key crypto like a pro!
A few points are worth noting;

  1. Cryptography is maths - all of the algorithms currently in use are published and a decent proportion of computer-science or maths graduates could implement them in code. 
  2. WhatsApp and everyone else that offers end-to-end crypto probably rely on the underlying crypto-primitives provided by the OS - only a fool tries to re-invent the wheel (particularly WRT cryptographic functions)
  3. If you could (and most crypto experts doubt it is achievable) devise a secure public-key algorithm with a back/side-door access how can we trust any public body to not let the private back-door key get out? Five years down the line we discover that some other nation-state has had access to all the private conversations? There is much precedent for this; remember last month's NHS attack was done with code written by and subsequently lost from the NSA. Examples of large governmental bodies loosing data they really didn't want to mislay are legion.
  4. Compromised encryption & identity algorithms will spell the end of eCommerce. No bank will want to expose themselves to that kind of risk.
  5. How do you oblige software writers (who may be anywhere in the world) to use the crypto-crippled algorithm?
  6. How do you oblige "bad guys" to use the crypto-crippled software?
The outcome will be that only people who aren't concerned about security will use the crypto-crippled version of the popular chat/speech apps. Encryption exists outside of laws & countries and people who want privacy (for whatever reason) now have the means to achieve it. No nation state can now stop that.

WRT point 3 (above) I have heard non-technical people say something like "Silicon Valley is full of very clever people - they can figure it out. We were able to put a man on the moon fifty years ago..."
Well, putting a man on the Moon is one thing, putting a man on the Sun is entirely different - and that's what you're asking for, whether you choose to believe the people who actually understand cryptography or not.



Tuesday, June 06, 2017

The 18th Edition is almost upon us...

It's been nearly a decade since the 17th Edition came into force.


Currently at the committee-stage the 18th Edition will come into force at the end of 2018. The request for comments runs through until the end of August and is well worth signing up to the BSI to read the proposal and have a say if you see anything of note.

The most interesting change (for me) is section 8 - energy efficiency. All the changes to sections 4 onwards are better definitions and tighter specs for RCDs and earth leakage etc which are all very important but build on principles that are well established.

I'll post more as I get familiar with the draft, but here is the intro stolen from the IET site;

New section - energy efficiency 

The worldwide need to reduce the consumption of energy means that we have to consider how electrical installations can provide the required level of service and safety for the lowest electrical consumption. The draft proposals enable a client to specify the level of energy efficiency measures applied to an electrical installation. Installations can also be awarded points for energy efficiency performance levels, for example, transformer efficiency. These points can be added together with points for efficiency measures to give an electrical installation an efficiency class, ranging from EIEC0 to EIEC4, depending on the number of points awarded. The new section will cover several energy efficient areas, such as electric vehicles, lighting, metering, cable losses, transformer losses, power-factor correction, and harmonics.