Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

In Europe, politicians continue to push privacy-invasive legislation that won’t solve any real problems, but will enable the police to monitor and harass anyone that triggers inherently flawed algorithms, all the while excluding themselves from monitoring. Open letters penned by scientists are ignored.

The deal is said to be dead in the water, but maybe it’s not or it’s just a question of time, as it looks like the push will continue indefinitely, until the surveillance laws are passed in some capacity or other. The Belgian presidency of the Council of the EU is pushing for these changes at the moment, but as Hungary will take the presidency as of July, it’s not clear if the push will continue.

The latest move is to use a risk-based approach, effectively penalizing everyone who cares about their privacy. The use of fully encrypted services such as Signal or WhatsApp would translate to higher “risk,” increasing the likelihood that “detection orders” will be issued in order to escalate the monitoring. Some reports indicate that text and audio monitoring is being dropped, but that photo and video monitoring will effectively be made mandatory.

Broadly, the overall theme is to deploy continuous automated monitoring of any piece of communication, chat, video, or audio on your devices, with some automation that will magically detect abuse without false positives at world scale. The dystopia clock is ticking at one minute to midnight.

Although Europe is struggling, there is hope elsewhere in the world. On April 8, 2024, the Chilean government passed a cybersecurity law that identifies encryption as a right for every person in Chile.

Short News

Here are some things that caught our attention since the previous newsletter:

• Mozilla escalated its conflict with Entrust, which has been involved in a number of compliance incidents. Although the incidents are minor, Mozilla is not happy with how Entrust has been responding to them.
• Prossimo’s safer TLS library, Rustls, is now verified to work with Nginx via the library’s OpenSSL compatibility layer. The switch is as simple as installing a new system package. Prossimo is an initiative of the Internet Security Research Group.
• At the Real World Crypto 2024 conference, Josh Brown and Paul Grubbs gave a presentation about the problems with STIR/SHAKEN (see the slides and video), a US standard that’s designed to help combat phone number spoofing. They also appeared on the Security Cryptography Whatever podcast.
• WhatsApp will leave India if it’s asked to comply with traceability requirements.
• William Brown, the author of webauthn-rs, wrote on his blog about the shattered dream of passkeys.
• Just last month, Matt Palmer reminisced about his discovery, made sixteen years ago, of a disastrous flaw in the Debian operating system that botched all private key generation (!), but we’re not done. To celebrate, Hanno Böck scanned the world’s DKIM keys and discovered plenty that were generated on vulnerable Debian platforms.
• Mutually Agreed Norms for Routing Security (MANRS) is a global initiative that helps reduce the most common routing threats using PKI. There is now an open-source tool called Rose-T that’s designed to help with MANRS compliance.
• In the US, parts of the government began to implement RPKI, while the FCC is starting to take interest.
• RPKI recently announced a key milestone of more than half of all IPv4 routes being protected.
• Solar Designer gave a presentation on password security from an offensive perspective: Password Cracking: Past, Present, Future (the OffensiveCon 2024 keynote).
• Russ Cox and Filippo Valsorda wrote about the improvements to random number generation in Go 1.22 and introduction of a new generator called ChaCha8Rand.
• In the UK, a new law now forbids default passwords.
• Microsoft announced plans to do better when it comes to security. One of its measures will be tying the compensation of the security leadership team to the team’s progress in their security plans and milestones.
• Evervault offers a nice summary of key cryptography papers.
• Microsoft is deprecating RSA keys shorter than 2,048 bits.
• Jeremy Kun wrote a high-level technical overview of fully homomorphic encryption (FHE).
• In 2024, Firefox still loads passive mixed content, but apparently not for much longer.
• Jean-Philippe Aumasson is in the process of completing the second edition of his book Serious Cryptography. We’ve read the first edition and recommend it.
• Apple and Google, who have both built systems to track people, now want to combat malicious use of their technologies.
• Hanno Böck also discovered a bug in Firefox’s handling of HSTS (see the video).
• Keyfactor has started publishing short videos on interesting PKI topics. Here are three videos for your viewing pleasure, on certificate chains, certificate revocation strategies, and post-quantum algorithms.
• Eric Rescorla wrote about how to manage a quantum computing emergency.
• Following up on its earlier blog post that documented the company’s post-quantum threat model, Google wrote about taking the next migration step with hybrid deployments.
• Cloudflare reports that post-quantum security is now used for 17% of its traffic (the data is part of the company’s Adoption & Usage section of Cloudflare Radar).
• In “Post-quantum Cryptography Is Too Damn Big,” David Adrian talks about the prohibitively large size of quantum-resistant cryptographic algorithms. Whereas a normal TLS handshake might have about 1,200 bytes worth of signatures, post-quantum crypto would be ten times that much.
• The Polish Embassy in London published interviews with Marian Rejewski, the first person to crack the Enigma encryption. Although the events took place in the 1930s, the interviews happened some forty years later.
• Professor Bill Buchanan interviewed Daniel J. Bernstein on the ASecuritySite podcast.
• If you didn’t think bash was good enough for serious programming, take a look at this bash implementation of TLS 1.2.