Profile cover photo
Profile photo
Matt Blaze
Scientist, safecracker.
Scientist, safecracker.
Matt's posts

NJ to allow voting by email on Tuesday for displaced residents.

Is this s a good idea?  Some thoughts here:

"Key Escrow from a Safe Distance: Looking back at the Clipper Chip"

Paper for my ACSAC '11 invited talk next month (a spooky subject, finished just in time for Halloween).

Post has attachment
A recent NY Times piece, on the response to a "credible, specific and unconfirmed" threat of a terrorist plot against New York on the tenth anniversary of the September 11 attacks, includes this strikingly telling quote from an anonymous senior law enforcement official:

"It’s 9/11, baby,” one official said. “We have to have something to get spun up about.”

Indeed. But while it's easy to understand this remark as a bitingly candid assessment of the cynical and now reflexive fear mongering that we have allowed to become the most lasting and damaging legacy of Al Qaeda's mad war, I must also admit that there's another, equally true but much sadder, interpretation, at least for me.

We have to get spun up about something because the alternative is simply too painful. I can find essentially two viable emotional choices for tomorrow. One is to get ourselves "spun up" about a new threat, worry, take action, defend the homeland and otherwise occupy ourselves with the here and now. The other is quieter and simpler but far less palatable: to privately revisit the unspeakable horrors of that awful, awful, day, dislodging shallowly buried memories that emerge all too easily ten years later.

The relentless retrospective news coverage that (inevitably) is accompanying the upcoming anniversary has more than anything else reactivated the fading sense of overwhelming, escalating sadness I felt ten years ago. Sadness was ultimately the only available response, even for New Yorkers like me who lived only a few miles from the towers. It was in many ways the city's proudest moment, everyone wanting and trying to help, very little panic. But really, there wasn't nearly enough for all of us to do. Countless first responders and construction workers rushed without a thought to ground zero for a rescue that quickly became a recovery operation. Medical personnel reported to emergency rooms to treat wounded survivors who largely didn't exist. You couldn't even donate blood, the supply of volunteers overwhelming the small demand. (Working for AT&T at the time, I went to down to a midtown Manhattan switching office, hoping somehow to be able to help keep our phones working with most of the staff unable to get to work, but it was quickly clear I was only getting in the way of the people there who actually knew how do useful work.)

All most of us could really do that day and in the days that followed was bear witness to the horror of sensless death and try to comprehend the enormity of what was lost. Last words to loved ones, captured in voicemails from those who understood enough about what was happening to know that the would never see their families again. The impossible choice made by so many to jump rather than burn to death. The ubiquitous memorials to the dead, plastered in photocopied posters on walls everywhere around the city, created initially as desperate pleas for information on missing loved ones.

Rudy Giuliani, a New York mayor for whom I normally have little patience, found a deep truth that afternoon when he was asked how many were lost. He didn't know, he said, but he cautioned that it would be "more than any of us can bear".

I remember trying to get angry at the bastards who inflicted this on us, but it didn't really work. Whoever they were, I knew they must be, in the end, simply crazy, beyond the reach of any meaningful kind of retribution. Anger couldn't displace the helplessness and sadness.

Remember all this or get "spun up"? Easy, easy choice.

Post has shared content
Old news, of course, but still very important to publicize periodically.

Everything else aside, the recent Wikileaks/Guardian fiasco (in which the passphrase for a widely-distributed encrypted file containing an unredacted database of Wikileaks cables ended up published in a book by a Guardian editor) nicely demonstrates an important cryptologic principle: the different security properties of keys used for authentication and those used for decryption.

Authentication keys, such as login passwords, become effectively useless once they are changed (unless they are re-used in other contexts). An attacker who learns an old authentication key would have to travel back in time to make any use of it. But old decryption keys, even after they have been changed, can remain as valuable as the secrets they once protected, forever. Old ciphertext can still be decrypted with the old keys, even if newer ciphertext can't.

And it appears that confusion between these two concepts is at the root of the leak here. Assuming the Guardian editor's narrative accurately describes his understanding of what was going on, he believed that the passphrase he had been given was a temporary password that would have already been rendered useless by the time his book would be published. But that's not what it was at all; it was a decryption key -- for a file whose ciphertext was widely available.

It might be tempting for us, as cryptographers and security engineers, to snicker at both Wikileaks and the Guardian for the sloppy practices that allowed this high-stakes mishap to have happened. But we should also note that confusion between the semantics of authentication and of confidentiality happens because these are, in fact, subtle concepts that are as poorly understood as they are intertwined, even among those who might now be laughing the hardest. The crypto literature is full of examples of protocol failures that have exactly this confusion at their root.

And it should also remind us that, again, cryptographic usability matters. Sometimes quite a bit.

A version of this post also appears at

I'd ask each presidential candidate one question: "What's the difference between a theory and a hypothesis?"

Post has shared content
The centralized certificate authority model is bad enough, but the way it's implemented in browsers, where all blessed CAs are trusted equally for all purposes, is even worse.

When a trusted CA goes bad, you'll need to dig in to unfamiliar browser configuration territory to protect yourself.
The web stays safe(r) due to SSL (web encryption). A certificate provider in the Netherlands messed up: they released a wildcard certificate for Google. Basically, anyone can impersonate Google now. Here's how to tell your browser not to trust the compromised certificate from OSX. There are other docs online for Windows and Linux.

Post has attachment
People are getting more and more fed up with parasitic scientific/academic publishers. This piece in the Guardian yesterday has a nice perspective (and generated quite a response):

I wrote about ACM and IEEE's loathsome, regressive copyright policies earlier this year:

Depressing email of the day: out of the blue message from a radio engineer (or someone claiming to be a radio engineer, at least) ranting at me that users who can't figure out a crypto UI don't "deserve" security.

If that attitude is representative of the designers of P25 equipment, it explains a lot. Of course, we can't throw too many stones; indifference or hostility toward usability was surprisingly mainstream in computing not long ago.

I blog about our P25 results, one-way cryptography, and Morris' "First Rule of Cryptanalysis" at
Wait while more posts are being loaded