Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy Social Networks

Encrypted Social Network Vies For Disgruntled Facebook Users 162

Posted by timothy from the network-effects-are-hard-to-handwave dept.
angry tapir writes "With the look of Google Plus and Facebook-like elements, a new social network named "Syme" feels as cozy as a well-worn shoe. But beneath the familiar veneer, it's quite different. Syme encrypts all content, such as status updates, photos and files, so that only people invited to a group can view it. Syme, which hosts the content on its Canada-based servers, says it can't read it. "The overarching goal of Syme is to make encryption accessible and easy to use for people who aren't geeks or aren't hackers or who aren't cryptography experts," co-founder Jonathan Hershon said in an interview about the service." See also Diaspora.
This discussion has been archived. No new comments can be posted.

Encrypted Social Network Vies For Disgruntled Facebook Users More

Encrypted Social Network Vies For Disgruntled Facebook Users

Comments Filter:

  • 1984 reference (Score:5, Informative)

    by Anonymous Coward on Friday November 29, 2013 @10:05PM (#45559069)
    Syme—Winston's colleague at the Ministry of Truth, whom the Party "vaporised" because he remained a lucidly thinking intellectual. He was a lexicographer who developed the language and the dictionary of Newspeak, in the course of which he enjoyed destroying words, and wholeheartedly believed that Newspeak would replace Oldspeak (Standard English) by the year 2050. Although Syme's politically orthodox opinions aligned with Party doctrine, Winston noted that "He is too intelligent. He sees too clearly and speaks too plainly". After noting that Syme's name was deleted from the members list of the Chess Club, Winston infers he became an unperson who never had existed. Goldstein's book says that "Between the two branches of the Party there is a certain amount of interchange, but only so much as will ensure that weaklings are excluded from the Inner Party and that ambitious members of the Outer Party are made harmless by allowing them to rise." It is unknown whether Syme has been killed or promoted in the Inner Party in another province.

    • My first thought was Gabriel Syme, the titular Man Who Was Thursday. That's a novel where everyone's an anarchist, a secret policeman or both, so would have made sense as a reference.

      Apparently Deus Ex makes several nods to the novel, but I've never played that game (my geek card is already winging its way to the appropriate authorities).

  • Its reasonable! (Score:5, Interesting)

    by Anonymous Coward on Friday November 29, 2013 @10:12PM (#45559101)

    I read the article expecting it to be crap, ignore meta-data etc. What I found however was a decent article discussing that the service used open source client side crypto libraries, and they even acknowledged the meta-data problem and how it makes their service not truly private. They also mentioned how its very unlikely to go big like facebook and it summed up with some reasonable example use cases. I haven't see such a non crap article in a long time!

    • I signed in to check out the interface. I see no way to find existing friends, except by entering each of their E-mail addresses by hand. Thus endeth experiment.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        It wouldn't be very private if anyone who signed in could see who else is using it, would it? If anything, the inability to do that is a sign of a sound design.

  • The FAQ mentions that they intend to open the source, but of course opened source doesn't really necessarily imply libre. And in the interview they talk of a paid version. So, are there ads or not?

    So what's the point of a different Facebook if it's not libre? Just a different way to sell yourself to advertisers (reminder: for Facebook, you are not the customer, you are the product).

    A truly free social network would have no ads, no profit motive, no logs, no intrusion; just a way for people to share as much

    • Re:So is it libre or not? (Score:5, Insightful)

      by rudy_wayne ( 414635 ) on Friday November 29, 2013 @11:09PM (#45559305)

      A truly free social network would have no ads, no profit motive, no logs, no intrusion; just a way for people to share as much or as little with only those they wish to share with.

      Is there really no true libre social network, and if not, why not?

      Money.

      Facebook and Google don't do the things they do simply because they are evil. They do it because that;s how they get the money to pay for those giant buildings full of servers that they run, which provide the services you use.

      Maybe in the 24th century when The Federation is building starships, colonizing the galaxy and zooming around the universe, all without any apparent need for money, they can also build your "no ads, no profit motive" social network.

      • Maybe in the 24th century when The Federation is building starships, colonizing the galaxy and zooming around the universe, all without any apparent need for money, they can also build your "no ads, no profit motive" social network.

        USENET.

        • Paid for either as part of your ISP bill when you use their servers, or when you sign up to a USENET provider. I never saw a free provider which gave you all branches, especially alt.binary etc.

          • In the early 2000s there were a few places that had free binaries. I tried them out. They were slower than dialup and a pain to use, but if you wanted to wait several days to get your binary files, they were there. I didn't like to wait and I had kept my paid usenet account so I just went back to it. The last time I tried one of those free ones was around 2005.

            • Re: (Score:2)

              by AndroSyn ( 89960 )

              Indeed there were some open usenet servers back in the early 2000s. I know when I was at Teleglobe in the early 2000s, we ran several open(read-only) usenet servers and we carried as much as alt.binaries.* as we could, we didn't have a very long retention time..but hey you weren't paying either ;)

      • Re:So is it libre or not? (Score:5, Insightful)

        by Toe, The ( 545098 ) on Friday November 29, 2013 @11:35PM (#45559391)

        Yeah, I understand Economics 101. I also understand that Firefox, Linux, Wikipedia, Apache, PHP, etc. are not all about the money (thought money is tied to most of them extraneously; but not really at all to Wikipedia).

        There are these things called non-profits. A non-profit social network seems like a no-brainer, and I'm not sure why it doesn't exist; let alone rule them all.

        A non-profit social network could show ads... to people who felt like seeing them. Money gets made (enough to buy servers & connectivity), but the profit itself isn't the core motive. And the users are not product.

        • There are these things called non-profits. A non-profit social network seems like a no-brainer, and I'm not sure why it doesn't exist; let alone rule them all.

          A non-profit social network could show ads... to people who felt like seeing them. Money gets made (enough to buy servers & connectivity), but the profit itself isn't the core motive. And the users are not product.

          I think that was rudy_wayne's point ... that one doesn't exist, let alone rule them all, would suggest that the economics of that idea don't work, for that particular problem space anyway. At least at this time.

        • Re: (Score:3)

          by mellon ( 7048 )

          Wikipedia does frequent fundraising. Linux is all about the money—there are amateur linux hackers, but more professionals. Firefox makes money. Of course they aren't all about the money, but money is important. A geek's got to eat. So if you don't think about the economics of the development cycle, you are being unrealistic. It may well be that the economics of a good distributed social network do require that the hacking be done by amateurs; it may be that there's a way to make a business

      • Bittorrent. You can distribute huge amounts of information over bittorrent, and the only expenses are for the internet connection you're already paying to have, the electricity your computer uses to do the work involved in operating the Bittorrent protocol, and the computing device you already purchased. A social network can work the same way.

        A centrally hosted social network can't work the same way, because someone has to pay for the server farm. But a decentralized, peer to peer social network can

    • Re:So is it libre or not? (Score:4, Insightful)

      by fyngyrz ( 762201 ) on Friday November 29, 2013 @11:59PM (#45559447) Homepage Journal

      So what's the point of a different Facebook if it's not libre?

      How about a "different Facebook" where they didn't censor the things you write and post, but instead, your content is judged, and viewed (or not viewed) based on the opinions of those you've invited to share your pages? How about a "different Facebook" where anyone can join? How about a "different Facebook" where you can cleanly choose ads, or paid presence? How about a "different Facebook" where you control how your personal information is accessed, instead of having control assumed by the social network?

      Your focus on "libre" is incomprehensible to me. Of all the myriad things wrong with Facebook -- and by that I mean things directly harmful to its users and potential users, and unchangeable by them -- "libre" is far down any list ranked by importance.

    • Is there really no true libre social network, and if not, why not? Do I need to start one, or is it already in the works?

      There really isn't. There isn't because none of them are truly P2P. It's not an easy problem to solve, but in theory all the pieces are there. Even CMSs like Drupal or (shudder) WP have syndication modules. In theory you could make the system automatically syndicate the articles of your followers.

      In practice, you'd want some kind of P2P filesharing system built into it, or you'd want to build it around one of those. But not torrent, because even the protocol is suspicious to some...

  • The nerve! (Score:1)

    by Anonymous Coward

    How dare you spy on me as i post every detail of my life online!

    Why... im going to encrypt everything! that'll show you! you have no right to violate my privacy as i tell the world about everything in my entire life!

    • Re:The nerve! (Score:5, Insightful)

      by tftp ( 111690 ) on Saturday November 30, 2013 @12:47AM (#45559569) Homepage

      you have no right to violate my privacy as i tell the world about everything in my entire life!

      The discussion here is about sharing within a controlled group.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        }}controlled group.

        Impossible. If i can see it. I can copy it. No matter what. I CAN make a copy. Even going all the way to manual transcription or recording my monitor.
        Your group just lost complete control. And we're back to the world.

        There is always a weak link in any chain. One will always break first.
        So you can pretty much guarantee anything you 'share' with a controlled group will be available to the world. Especially if there's gain to be made. Even faster among people who have no severe lif

        • Re: (Score:2)

          by tftp ( 111690 )

          (a) You know who can read your messages.
          (b) You cannot know where they end up.

          You select (a) to be sufficiently secure with (b). This does not always work (ask Snowden,) but it is better than nothing when you cannot work alone. It is certainly not equivalent to sharing with the entire world; otherwise you would know all the secrets on this planet. Do you? If not, Q.E.D.

        • Re:The nerve! (Score:5, Interesting)

          by mellon ( 7048 ) on Saturday November 30, 2013 @09:07AM (#45560669) Homepage

          It is impossible to control the dissemination of information that you make available to other people. But it is not impossible to make it expensive to crack an entire social network and feast on the gooey interior. Best is the enemy of good enough. Right now it is clearly the case that everything that happens on Facebook and Google is visible and mineable at least by Facebook and Google, and possibly by interested governments. A peer-to-peer social network makes that kind of data mining much more expensive.

  • I read the article, and all I could see is that when you join a group, you get the decryption key for that group - but from whom? If it is automatically done (i.e. Syme holds the key), then it is no more secure to snooping from agencies than any other service (well, except for the fact that it is based in Canada - ah, who am I kidding). What you would need is the group/thread creator send the decryption key directly to the collaborators - which basically means they already need a secure communication medium

    • Re: (Score:2, Funny)

      by Dan East ( 318230 )

      Which would then bring me to ask why not just use that medium?

      So by your logic Facebook or Google+ don't need to exist because we have insecure email already?

    • You're safe from the NSA, but the Mounties own you.

    • Re:Who keeps the keys? (Score:4, Informative)

      by mlts ( 1038732 ) * on Friday November 29, 2013 @10:48PM (#45559225)

      I can see two ways to do groups:

      1: The group is a collection of private keys, so when one encrypts to Alice's group, in reality, Alice, Bob, Charlie, David, Elizabeth, and Frank have a key encrypted with their public keys and stored. The good about this is that the keys are secured, and there are no intermediate steps. The bad is that if Alice boots Charlie from the group and adds Mallory, stuff encrypted to the group is still readable by Charlie and not by Mallory until the object's core unlock key [1] is unlocked, the old names removed and new ones added.

      The second is having the group have its own key, which is unlocked by Alice, Bob, etc. If someone is booted from the group, their user has the key removed from it. This makes things easier in not having to partially decrypt an object to add stuff, but it means one more key generated and possibly compromisable.

      [1]: Most encryption uses a core symmetric key that is randomly generated, then encrypts that core key using the user's hashed passphrase, their public key, or both. Public key crypto is very rough on the CPU, so it is only used as little as possible, and in general, symmetric key algorithms are more secure than public/private key ones.

      • Re: (Score:2)

        by tftp ( 111690 )

        Solution 1. When Alice posts to the group, she encrypts to keys of Bob, Charlie and David. If David wants to boot Charlie, he generates a new key and sends individual copies, encrypted, to Alice and Bob. Each copy is encrypted to one key and can be only read by key holder.

        Charlie can still post; however his post won't be readable by David because he changed the key, and David doesn't have it. David won't encrypt his posts to Charlie's key. Alice and Bob can either post using Charlie's key, or they can al

      • Re: (Score:2)

        by Kjella ( 173770 )

        There is so much fail in your post, where to begin... perhaps the most obvious is that you say "the object's core unlock key [1] is unlocked, the old names removed and new ones added" when you're referring to a symmetric key that doesn't have names. Either that or you're talking about encrypting the master key with different decryption keys, which is pointless since Charlie already has the master key (you can not assume the client throws this away after each session). Not only that, since the key is symmetr

  • Chrome only (Score:4, Insightful)

    by Curunir_wolf ( 588405 ) on Friday November 29, 2013 @10:36PM (#45559175) Homepage Journal

    So it's a social network that "protects your data" ... and requires Google Chrome. :/

    Why am I skeptical?

    • Re: (Score:1)

      by Anonymous Coward

      So it's a social network that "protects your data" ... and requires Google Chrome. :/

      Why am I skeptical?

      Because you've internalized the slashdot groupthink.

      • Re: (Score:2)

        by chihowa ( 366380 ) *

        Skepticism is always a positive attitude when evaluating security. Not implicitly trusting third parties with apparent conflicts of interest is also very rational.

        Dismissing valid concerns out of hand because you're a fan of a company is the failure in reasoning here.

    • .. with more or less everything else broken into how secure should I really feel using it?

    • Re:Chrome only (Score:5, Interesting)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Friday November 29, 2013 @11:01PM (#45559271) Journal

      So it's a social network that "protects your data" ... and requires Google Chrome. :/

      Why am I skeptical?

      The extension should work just fine with Chromium, I would expect. And they said Firefox is in the works.

      Personally, I think the idea is an interesting one. In general, I think it's on the right track. The only way to get the masses to use encryption is to make it invisible. The flaws of SSL are well-known, but the fact is that in practice it mostly works really well, and it is used by basically everyone on the web. Making it invisible means that you have to embed key management seamlessly into the infrastructure, and making it have some hope of being secure means that it has to be pushed out to the endpoints -- including key management.

      On the right track, but this is a really, really hard problem to solve fully.

      One issue is that although the keys are generated in the browser plugins, they're obviously exchanged through the Syme server, putting it in an ideal position to completely subvert the claimed security. Making security both transparent and strong is hard.

      Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.

      Still, I like to see initiatives like this. The only way hard problems get solved is by clever people trying.

      (Disclaimer: Since this post mentions Google+ and Chrome, I should probably mention that I'm a Google engineer, but I'm not speaking for Google.)

      • These guys [trsst.com] are doing something similar, more more twitter/message based. It was a recent KickStarter,and the beta should be ready in December.

        • Anything that works via a browser is automatically not secure. The same reasons that Tor is not secure apply to all other things that use a web browser. This service would be interesting if it weren't for the fact that it "supports the open web."

          For the purposes of security, the "open web" is completely broken. The required change is far more radical than "we can do encrypted tweet-like communications with heavily insecure and NSA-breakable applications as the framework."

      • Re: (Score:3)

        by fyngyrz ( 762201 )

        The flaws of SSL are well-known, but the fact is that in practice it mostly works really well

        The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]

        FTFY.

        • The flaws of SSL are well-known, but the fact is that in practice it mostly works really well

          The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]

          FTFY.

          It's impressive how completely you missed the point.

          • Re: (Score:2)

            by fyngyrz ( 762201 )

            Well, It was impressive to me how the claim that SSL "work really well" was dropped as if it was actually the truth. Obviously truth is not a concern for you. That's ok. I'm not looking to change any dug-in mindsets.

            • Well, It was impressive to me how the claim that SSL "work really well" was dropped as if it was actually the truth. Obviously truth is not a concern for you. That's ok. I'm not looking to change any dug-in mindsets.

              I understand the issues you raised, however ham-fistedly. But they don't change the facts that it's widely used by ordinary people and it does work. It could work better, it could work in more cases, but it does work. And there is no other encryption scheme that has those two characteristics. None. So you can complain all you like about how SSL isn't quite what it ought to be, it's still a model worth looking at, because it's the only real success story we have.

      • SSL would work a lot better if client certificates were used by banks and payment websites ... but since the client can't be authenticated, the key exchange can always be MitM attacked.

        • SSL would work a lot better if client certificates were used by banks and payment websites ... but since the client can't be authenticated, the key exchange can always be MitM attacked.

          An attacker who can successfully fake the server cert can MITM the connection. Client certs would mitigate that... but only if the attacker couldn't also fake the client cert. I don't see why an attacker with access to a CA signing key capable of creating a bogus server cert couldn't also create a bogus client cert.

          • Because properly generated client certs would be distributed by the sites not a third party signing authority.

            • Because properly generated client certs would be distributed by the sites not a third party signing authority.

              That still requires a secure connection to the site at least once, or the attacker can MITM the cert distribution. It's not much different from having the browser watch for unexpected server cert changes; get the true certificate once, and you're good.

              I think Moxie Marlinspike's Convergence system is a simpler, cheaper (to the end user, which is where the real cost is) and more flexible solution to the possibility of CA compromise. Certificate pinning is also a very useful tool, though it's of necessity m

    • As someone else pointed out, why not use Chromium, upon which Chrome is based? Same thing, no Google integration.

  • So, who wants odds on how long it'll take before this becomes a haven for pæderasts to swap kiddie porn? Anyone?
    I'm guessing about six months..

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      So, who wants odds on how long it'll take before this becomes a haven for pæderasts to swap kiddie porn? Anyone?
      I'm guessing about six months..

      Fuck the children... not in that way though. This is why we can't have anything nice, there's always someone trying to save the kids.

    • So, who wants odds on how long it'll take before this becomes a haven for pæderasts to swap kiddie porn? Anyone?
      I'm guessing about six months..

      How could you tell? For that matter, would you want to tell?

      Quick question: would you support banning CP if it resulted in more children getting molested?

      I only ask because the best evidence we have indicates that it does. The website will change a legal framework that, despite the best intentions, promotes child abuse.

      And this will not inconvenience the police in any way. If they have evidence of wrong-doing, they can get a "sneak and peek" [wikipedia.org] warrant and install a bug on the suspect's computer.

      This system on

      • sigh ... I wish folks hadn't read more into my initial comment than I intended, but I suppose its my own fault.
        I wasn't actually stating an opionion on whether people trading pictures online was in itself a bad thing-- in fact, I suspect the other commentor up above is probably right, that "won't anybody think of the children??!!" is a bullshit argument that probably does more harm than good.
        But any service that explicitly advertises itself as beyond the reach of surveillance will be, I suspect, very quickl

    • Re:What could go wrong? (Score:4, Informative)

      by Opportunist ( 166417 ) on Saturday November 30, 2013 @02:28AM (#45559855)

      So what? The threat from pedos is insignificant compared to the threat from politicians.

      • This is an attitude I wish more people would understand; Big Brother vs. Criminals ... I'll take criminals.

  • How it works and how its contents remain "private" and "secure":

    You use it, but none of your friends do.

  • Sniff test (Score:4, Insightful)

    by onyxruby ( 118189 ) <onyxruby@ c o m c a s t . net> on Friday November 29, 2013 @11:12PM (#45559321)

    If you aren't being charged for the product, you are the product.

    This axiom has been true for a very long time and it's true for this site as well as any other such thing. How are they making money? I'm not objecting to their making money, after all they have to pay for their servers, bandwidth and admins and so on.

    It's a fundamental question that you simply can't ignore and economics requires that you have to deal with it whether you want to or not. You can have sponsors that donate time and materials, you have generic ads, volunteers to a certain point, you can charge people for your service and so on.

    The point is somehow or another you have to get money, and this site is claiming that they get money in ways that don't exploit your privacy. Since exploiting your privacy is how these sites normally pay your bills, this leaves serious questions on how they are monetizing their site.

    I love the idea that a site can raise money without exploiting privacy in an evil manner, but before I can give them any credibility to their model I have to know their model works. I hate to rain on people's feel good parade, but you can' run a website on community goodwill, hugs and unicorn farts.

    • Re: (Score:3)

      by Hatta ( 162192 )

      If you aren't being charged for the product, you are the product.

      This axiom has been true for a very long time and it's true for this site as well as any other such thing.

      Linux?

      • Are you trying to make my point for me?

        Linux has easily had billions of dollars in development costs over it's life and easily costs hundreds of millions of dollars per year. Linux gets by on donated servers, hardware, millions of donated hours of labor, countless patents that are donated and on and on. Open source companies are just as expensive as closed source companies, only they wrap their costs into maintenance instead of licenses.

        Open source companies aren't alive through good will, they are live bec

        • Re: (Score:3)

          by Hatta ( 162192 )

          Who said Linux was without cost? You said "If you aren't being charged for the product, you are the product." I am not charged for Linux, and I am not being sold either. What made you think I said no one pays for Linux?

          These companies do so because it is in their mutual best interest to do so (the overwhelming majority of Linux code is written by large corps). My point about the costs stand, the costs are overwhelmingly donated.

          And that's a great point. If you provide value to the parties providing the

  • When I read the summary I immediately thought to myself that I have similar goals to these guys, in that I want to make cryptography easily accessible to a wide variety of users. I'm specifically focused on secure file transfer, and am in open beta. You guys can check it out at https://www.senderdefender.com/ [senderdefender.com] and let me know what you think. Given how insecure cloud data is in general I suspect we will see a growing number of client side encrypted communication tools.

    Matt
    • That eyeball freaks me out. When I see your web page, I immediately think you're saying: "Install my software and I can watch you just like I'm looking through this peephole."

  • Content remains scrambled as it traverses the Internet and is unreadable even to Syme, which stores the data on its servers. Co-founder Mullie authored a white paper [github.com] describing Syme's use of a two-step, hybrid encryption system that is fast, secure and efficient.

  • See also Diaspora.

    Right, like that's going anywhere now? See also Libertree [libertreeproject.org], which has no centralized servers, sneaky profiteers, or ulterior motives behind it. Go run a node/tree yourself!

  • If the content's viewable in a regular Web browser without needing special plug-ins, it's not encrypted. Oh, it might be encrypted on disk somewhere, but the server has the keys to decrypt it and will decrypt it and send it in the clear (modulo SSL, which Facebook and Google+ have too). Anyone who can compromise the server can get the keys and decrypt the data. Anyone who can snoop on the connection can view the data. Anything running on the user's computer can see the data. And anyone logging in as the use

    • Re: (Score:3)

      by EvilSS ( 557649 )

      If the content's viewable in a regular Web browser without needing special plug-ins...

      It is not. It requires a browser plugin.

  • Well, I'm also a disgruntled Chrome user, so... (Score:3)

    by Max Threshold ( 540114 ) on Saturday November 30, 2013 @03:12AM (#45559941)
    I guess I'll wait for the Firefox version.

    • Word. I thought the days of browser lock-in were a thing of the past, but apparently it's not. Stumbling into way too many Chrome-only things recently.
      I just don't want to need to have Chrome installed for such a thing, so I think this won't be tested anytime soon.

  • Crypto in Syme may be unsound (Score:5, Interesting)

    by Animats ( 122034 ) on Saturday November 30, 2013 @03:36AM (#45560007) Homepage

    I'm looking at the source to Syme's Google Chrome plug-in. While I'm not a crypto expert, I've found three things that seem to weaken the encryption.

    • In "crypto.js", lines 262-270: diffieHellman: function (privateKey, publicKey) {
      // Calculate the Diffie-Hellman shared key.
      return privateKey.dh(publicKey);
      // Strengthen the key by running through PBKDF2.
      //return this.deriveKey(symKey, salt);
      },
       Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.
    • Syme uses the Stanford JavaScript crypto library, which has a crypo-grade random number generator. But it only works if you turn on its entropy collector before asking for random bits. [github.com] Otherwise you just get a function of the current time, which is easy to guess. The enthropy collector is turned on by calling startCollectors(). There is no call to startCollectors() in the add-on.
    • There are two copies of the "sjcl" crypto library, one in "sjcl.jh" and one in "app.js". They may be different. One of them is dead code. Not clear which one.

    This is highly suspicious. This code needs a close look by a security expert before anyone trusts it.

    • Re:Crypto in Syme may be unsound (Score:5, Informative)

      by Kjella ( 173770 ) on Saturday November 30, 2013 @05:35AM (#45560217) Homepage

      Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.

      More like the commented out code was done by someone who doesn't understand crypto and replaced by someone who did. PBKDF2 has a single purpose and that is to make password recovery from a hash difficult, this looks like it is negotiating a session key where it would be totally pointless since it's not based on a password at all.

      To give you a very brief primer on PBKDF2:
      In the beginning, people stored passwords in plaintext. That was stupid so they started hashing them with for example MD5, so instead of storing $password they'd store md5( $password ). Of course since the same password would end up having the same MD5 sum in every system, leading to rainbow tables. To counter this you add a salt and store md5( $password + $salt ). However, short passwords are quite few so it was still possible to loop through all of them in a short amount of time. So someone thought hey, why don't we just MD5 it again many times and store md5(md5(....(md5(md5($password + $salt))...)). PBKDF2 is basically a system for this, where you pick the hash function and number of iterations. Now testing a single password takes much longer, which is feasible to do on a single login but takes far too long to recover the passwords from a hash table by looping through all of them. So it is useful, but only for this specific purpose.

    • Re:Crypto in Syme may be unsound (Score:4, Insightful)

      by IamTheRealMike ( 537420 ) on Saturday November 30, 2013 @07:36AM (#45560449)

      Read the link you provide - startCollectors is not required when the browser supports the proper crypto RNG, Chrome does, and they only support Chrome. So there is no bug.

      A bigger problem is the possibility of back doors. Their privacy policy merely asserts that they would rather shut the service down than add a back door, but when the men in black come knocking they won't be given any choice in the matter so this assertion is worthless. What's more Chrome apps silently auto update. I won't be too harsh on them for this though because fixing it would require them to split the RSA key used for signing updates, find people in other jurisdictions who can review their code (assuming it's open source - their website didn't seem to say), and generally making the whole process deterministic. BTW if the authors are reading this comment, I have an open source RSA threshold signature library (but which isn't publicly available, it's the result of some academic research project). Feel free to email me and I will send it onwards. It might make it possible to ensure app updates have to be signed by a large group of people before they take effect.

Slashdot Top Deals

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Close