Friday, March 19, 2010

Paper Keys and Me Wearing the Dunce Hat

When I said you could ignore this blog for the next couple of weeks, little did I realize how true that would be. I know this is the internet where no-one is ever wrong, but I'd like to retract some of the statements I made in the previous post about Safeberg's use of paper keys. As I said before, I won't always be right, but I will try to correct myself when I am proven wrong.

My real failure was that I didn't take the time to perform the proper research. That's why I wasn't planning on posting anything in the first place. But then I saw pictures like the one below, and just about every, "Someone is BSing me" alarm I had went off. Hence the angry post.


While some of the underlying points I made were factually correct, I had in my mind that Safeberg was selling standard file encryption software like Truecrypt. Instead they provide file storage and recovery. That's a pretty big misunderstanding on my part. The reason why that makes a difference is the threat models they fall under, and the people who would end up using them.

With normal file encryption the main worries are A) I lost my laptop, or B) The cops kicked down my door and took my laptop. With file backup though, your major worries are a hacker compromising Safeburg's website and grabbing your files, or a hacker breaking into your account and downloading your files. As for the userbases, well with file encryption you're talking about reasonable tech savvy people, or enterprise users who can be trained. With file backup, you're including the general public.

The important thing to remember is that since Safeburg is using PKI, not only are they encrypting your files, but they are encrypting them in a way that only you have access to the key to decrypt them. That's huge. Aka if Safeburg's website gets completely p0wned, an attacker still can't decypt your files. Also, even if an attacker guesses the password to your account, they don't have the private key to decrypt any of the files they download.

As I stated in my original post though, this security is provided by the use of PKI, and public/private keys themselves. It doesn't make you any more secure though if the key is stored on a USB drive or piece of paper. That's where I forgot that everyone is not like me, (and trust me, that's a very good thing). For instance, here is a picture of me grabbing up a couple of items I could store a private key on that I had lying around my desk:



Note, the above doesn't include an old palm phone my roommate was going to throw away, my voice recorder, my slide clicker, or about 10 other usb drives I've picked up over the years. Also, I just wear my defcon speaker badge around all the time. There's no way you could store a private key on it ;)

Most people don't have a modded defcon badge or for that matter a spare usb drive. Even if they do, how many people do you think would accidently save the key to their harddrive instead? People don't understand computers. But just about everyone understands paper records. That means from a usability standpoint, paper keys make a whole lot of sense.

I want to stress the part about PKI again. For file backup, encryption is useless if you give Safeberg the key. If an attacker breaks into their site, then they will also have access to the key. If they break into your account, then they can use the stored key to decrypt your files. The security comes from keeping the key to yourself. Also, the key has to be stored separately from the user's computer. This isn't a security feature so much as the fact that you're backing up your files at a remote site specifically because you are worried your computer is going to die on you. Therefore from what I can tell Safeberg really seems to be on the right track with this, and I should not have called what they were doing snake oil. The worst I can say is their marketing department stretches the truth a bit, but then, so does everyone else.

2 comments:

宴神 said...

thx u very much, i learn a lot

Dustin said...

Matt,

Cool, i appreciate your follow up, but at the same time i don't think that anyone was "forcing the dunce hat" on you. i know i just posted for discussion's sake :)

Awesome "counter perspective" post!