From: Bryce <wilcoxb@taussky.cs.colorado.edu>
To: Nathaniel Borenstein <nsb+limbo@nsb.fv.com>
Message Hash: 06231dcfea7bffad956c669ba65735741ea0d717433ce342e1c751b67b843785
Message ID: <199512112006.NAA15060@taussky.cs.colorado.edu>
Reply To: <Ikn1ZhGMc50eA2iscn@nsb.fv.com>
UTC Datetime: 1995-12-12 07:05:35 UTC
Raw Date: Tue, 12 Dec 1995 15:05:35 +0800
From: Bryce <wilcoxb@taussky.cs.colorado.edu>
Date: Tue, 12 Dec 1995 15:05:35 +0800
To: Nathaniel Borenstein <nsb+limbo@nsb.fv.com>
Subject: Re: Usability of Cryptography (was Re: More FUD from First Virtual)
In-Reply-To: <Ikn1ZhGMc50eA2iscn@nsb.fv.com>
Message-ID: <199512112006.NAA15060@taussky.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
An entity known as "Tense Hot Alien in Barn" wrote:
>
> This is exactly right. In fact, it isn't even just bad programmer
> decisions; some of the complexity is really inherently needed for
> security. PGP's notion of who you trust to certify keys, for example,
> confuses the heck out of naive users, who want to "trust" anyone they
> believe is a good person, not just people they believe are sophisticated
> enough to sign keys. It's really hard to explain to some people why
> they should say, "No, I don't trust Grandma."
>
> What a lot of people don't seem to realize is that, in crypto software,
***********************************************************************
> there is a fundamental tradeoff between usability and security. You can
***************************************************************
> simplify PGP (or similar software) to the point where it's easy to deal
> with key management, but it will then be far more susceptible to
> compromise.
I'm glad that you are willing to state this opinion,
Nathaniel, and take the flack that you are taking. I think
that as the goals of cypherpunkism (ewww... I just invented a
new "ism"...) *really* pertain to the *use* of cryptography by
large groups of people-- and not merely to the mathematical
details of cryptography-- that this issue is going to become
overwhelmingly important in the very near future.
I challenge you, however, to go beyond pointing this problem
out and start suggesting some approaches to alleviating it.
With your experience in doing security for a successful
Internet transaction system, I would hope that you have
valuable insights which can benefit all of us.
To get to the point, I want to know if this "fundamental
tradeoff" that you refer to is in fact *fundamental*. That is
to say: is the product of the "security factor" and the
"usability factor" a constant? Or are there methods which can
be practically implemented to make strong cryptography easier
for Joe Average to use without exposing Joe to unnecessary
risks?
I'm sure in a trivial sense that there are some such methods.
For example (to pick on everyone's favorite
crypto-for-the-masses), if PGP v1 and v2 had come in a nice
menu-oriented shell, or with a nice API, then a hell of a lot
more people would be using PGP now, and without reducing its
effectiveness as far as I can see. I'm sure that the PGP
guys are aware of this problem, and I am looking forward (as
I'm sure many of us are) to PGP v3 with much anticipation.
But this kind of gooey "user friendliness" is not sufficient
to make crypto *really* convenient to learn and to use, nor
is it sufficient to make Joe Average's use of crypto really
secure. (Note the extreme sparsity of the current PGP Web O
Trust, and the oft-lamented weakness of Joe's passphrase.)
I have made a clumsy first shot at envisioning the kind of
strong, convenient crypto that could perhaps bring the
capabilities that we talk about here to the masses.
I submitted this article to cpunks last week entitled "My
conception of the ideal encryption tool for the masses", and
it was picked up Robert Hettinga and echoed to his e$pam list.
Unfortunately I have not received a single response to this
article either in personal mail or in public. Was my article
so poorly written? Or are the cpunks failing to realize the
importance of the usability/security issue?
I sincerely hope that Nathaniel and others can make progress
in addressing this issue. Ultimately it will be as important
as any issue in cryptography.
Regards,
Bryce
P.S. I just went and re-read "My conception of the ideal
encryption tool for the masses" and I think I failed to make
something clear. The crypto device that I envision is *not*
just useful for buying a pack of cigarettes at the grocery
store. I could imagine it being used for *every*
user-authentication purpose. You sit down at a terminal, plug
your pocket-crypto-box into it, and read your private e-mail.
You walk into a secure building, pass your pocket-crypto-box
in front of the infra-red IO device, and the door opens for
you. You negotiate a million-cyber-credit deal, you plug
your pocket-c'box into the Net, and sign the contract.
Etc. etc. In short, for the vast majority of your crypto
needs you depend *entirely* upon the pocket-c'box and not upon
passphrases and floppy disks.
P.P.S. I am aware that this makes a physical attack upon your
c'box into one of the few remaining viable attacks.
I recommend that everyone carries a handgun next to their
pocket c'box. Deadman switches, good police forces and other
physical security, etc. will also be important. Since this
technology is empowering individuals, it is also increasing
the value of loot than can be gained by robbing an individual.
Alley-bash the right person and you might be able to steal a
personal fortune. Another issue that we who seek a better
future through technology need to address.
P.P.P.S. I can see that there is a major problem with my idea
regarding the IO between the pocket-c'box and the user.
Perhaps the pocket-c'box will have to come with trusted IO
hardware (screen, keyboard, pointer-device, audio,
vox-recog... but I digress...).
P.P.P.P.S. Also note that the pocket c'box should probably
hold many of your pseudonyms (i.e., many of your pseudonyms'
private keys) and your Chaumian pseudonym-exchangeable
credentials.
P.P.P.P.P.S. Remember those under-$600.00 netstations?
Even if they don't pan out this year, they will soon. And
then they will move into our pockets, and into our
wristwatches, etc etc. The cypherpunks need to be ready to
offer Joe a *secure* computer to put into his pocket, so
that he is carrying new capabilities and renewed privacy in
his pocket, rather than carrying a little chunk of Big
Brother.
signatures follow
"To strive, to seek, to find and not to yield." -Tennyson
<a href="http://www.c2.org/~bryce/Niche.html">
bryce@colorado.edu </a>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMMyPLfWZSllhfG25AQHPRQP/fwhKqyUdOv2/t/YCc68GQrNMOhCT69KE
PVE27Fp3CYnx+lGgzynnh1kr9DlH/bOOQRGf+fjqbPswr7PDHUoMaTAnBFr8gzf3
eXPd9moyixjNvHXacMpl0I5A/0tr6Lt2N/L5FUTyMf5zecMzbEbuKyiQE8pOYajx
COKJyTTk794=
=4spo
-----END PGP SIGNATURE-----
Return to December 1995
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”