Risky Business News is one of the few email newsletters I tolerate in my inbox. This title was an immediate, mandatory read, as is my post on it:

Risky Bulletin: Signal threatens to leave Sweden over backdoor request

If you only have time to read one third of a page, here you go.

Signal Foundation president Meredith Whittaker says the secure messaging app will leave Sweden if the government there passes a new surveillance bill.

The Swedish government is scheduled to discuss a bill next month that would force communication providers to allow police and security services access to message content.

Whittaker told Swedish national public television SVT that adding such a backdoor would undermine its entire network and users across the world, not just in Sweden.

What this means is a concept that was called “key escrow” when it was first introduced about thirty years ago, and it gets trotted out whenever the world gets to feeling uncertain. Just prior to this Apple stopped providing iCloud encryption in the U.K. in order to avoid recent legislation there. This Apple change is an issue I need to review, even though I’m not in the U.K., I know people who are, and this will matter.

Encryption Keys:

This whole concept of encryption keys can be kinda mysterious and there are MANY things to know, but the basics aren’t difficult. This is something I just did on my Mac - creating a public/private key pair for use with the ssh encrypted terminal program.

I invoked the ssh key pair generator and I chose the key type to be ED25519. If you don’t tell it what to do, it’ll make RSA keys for you, which are hundreds of characters long, while the ED25519 public key is a one liner - they’re easier to audit.

The program used some prime number voodoo from within OpenSSL to create a key pair in less than a second, but it would take a LOT of computing power and time trying to reverse it. Once you’ve got the pair, you keep the ~/.ssh/demo private key PRIVATE, you put the short public key on a remote system, and you don’t need to enter your password every time you log in.

Key pairs can be left without a passphrase, but it’s better to run ssh-agent, which lets you load a passphrase encrypted key pair to memory, and keeps it available until you reboot.

Why did I paste the image of a seraphim over the private key and red out a portion of the public key? I just created those keys for demonstration purposes, and they’re already deleted. If I left the full text readable any bozo could use OCR, extract the public/private key pair, employ it in a crime spree, and then tip the FBI that someone found my public key on a compromised system.

Have you read Paranoia: Professional or Pathological? Maybe the prior paragraph sounds a little mental to you, but that is 101% a low hanging fruit way to sting someone. Usually when I show screen shots like that I will take the time to bulk replace two or three hexadecimal characters, replace any actual IP addresses with random junk from Shodan.io, and if I’m in a particularly bad mood there are other ways to poison seemingly public “slips” like that.

Now some ankle biter image board skid is furiously pounding his keyboard with his fists because he’s spent months tracking what I say online in a search for some sort of leverage.

Backdoors & Quantum Cracking:

The Swedish government’s desire for a Signal back door is one angle, and the other thing nation states do is recording traffic they can not read now, in hopes that a future quantum computing system will permit them to crack the keys used.

The cure for backdoored software is simple - expunge it from your environment. Give your contacts word that you’re moving, allow a bit of a grace period, and if they refuse to protect themselves … well … treat them as a security threat. I’ve seen grassroots groups trying to upgrade, and there’s some nosy dirtbag in the mix who will do everything in his/her power to derail the change.

The quantum concern is a trifle trickier, but if you’re on the more technical side maybe you noticed this post.

You don’t need a quantum computer of your own to fend off quantum cracking, you just need cryptographic algorithms that are quantum resistant. There are standards for this now, and you can build the OpenSSL cryptography library that underlies many Linux systems using those standards. One day soon the installation for OpenSSL will default to that stuff, and then there will be an enormous rush as everything else starts to move at once.

You, as an end user, do NOT need to pick up a copy of Applied Cryptography and try to get your head around it. Every open source developer out there is aware of this problem, there are solutions, so you just need to watch for updates on the software you use, and when they trumpet that their stuff is now quantum resistant, you upgrade promptly.

History Lesson:

This is how things were a long time ago, when using IRC or Jabber text chat. Four layers of encryption were required to run safely.

• VPN exiting in uncooperative jurisdiction, keeps local search warrants off you.

• Tor next, so even if the VPN provider is logging, they only know your origin, not your destination.

• TLS encryption to talk to IRC/Jabber, this protects against corrupt Tor exit nodes, which is a big business.

• There is an end to end encryption tool called Off The Record, but I think it’s being slowly replaced by DP5, and both of them provide a point to point encrypted exchange with others using it.

OK, you got that far, the final level is isolating your chat client in a virtual machine behind a fail closed VPN setup. The chat programs themselves are notoriously buggy and are a whole entire attack surface all on their own …

Conclusion:

Things like Sweden’s upcoming attempt to back door Signal always happen when the condition of the world is making people anxious. We’re fine with Signal for the moment, but I am going to go back and review the various encrypted chat alternatives, things like Matrix or Session, and then maybe start nudging my associates to make a change. I’ve always been the one who selects tools and drives migration, which has happened a couple times since the 2010 election.

I hope I’m not belaboring the point, but I want ALL of you to understand. When you use a service, any service, that is between you and your conversation partners, they’ve got encryption keys lurking, and that is a potential problem.

As a non-chat example, I have a grandfathered 16GB Dropbox account that’s my primary means of making files and folders public. It’s Dropbox’s computers, not mine, and they can do whatever with the data. Things not meant for distribution end up in an Age or Veracrypt container, or maybe in an encrypted ZFS dataset. The protection for such things is then stored entirely in my head.

OK, you do NOT have any action item today, Signal is safe and I bet the Swedish government gets pummeled over this. Just be aware that when solutions DO present themselves, I will be here explaining the associated benefits and hazards. Sorting out what to use is a complex undertaking, just following the recipe for yourself when the time comes should be relatively simple.