[tahoe-dev] cleversafe says: 3 Reasons Why Encryption is Overrated

Zooko Wilcox-O'Hearn zooko at zooko.com
Fri Jul 24 06:33:29 PDT 2009 

[cross-posted to tahoe-dev at allmydata.org and cryptography at metzdowd.com]

Disclosure:  Cleversafe is to some degree a competitor of my Tahoe- 
LAFS project.  On the other hand, I tend to feel positive towards  
them because they open-source much of their work.  Our "Related  
Projects" page has included a link to cleversafe for years now, I  
briefly collaborated with some of them on a paper about erasure  
coding last year, and I even spoke briefly with them about the idea  
of becoming an employee of their company this year.  I am tempted to  
ignore this idea that they are pushing about encryption being  
overrated, because they are wrong and it is embarassing.  But I've  
decided not to ignore it, because people who publicly spread this  
kind of misinformation need to be publicly contradicted, lest they  
confuse others.

Cleversafe has posted a series of blog entries entitled "3 Reasons  
Why Encryption is Overrated".

http://dev.cleversafe.org/weblog/?p=63 # 3 Reasons Why Encryption is  
Overrated
http://dev.cleversafe.org/weblog/?p=95 # Response Part 1: Future  
Processing Power
http://dev.cleversafe.org/weblog/?p=111 # Response Part 2:  
Complexities of Key Management
http://dev.cleversafe.org/weblog/?p=178 # Response Part 3: Disclosure  
Laws

It begins like this:

"""
When it comes to storage and security, discussions traditionally  
center on encryption.  The reason encryption – or the use of a  
complex algorithm to encode information – is accepted as a best  
practice rests on the premise that while it’s possible to crack  
encrypted information, most malicious hackers don’t have access to  
the amount of computer processing power they would need to decrypt  
information.

But not so fast.  Let’s take a look at three reasons why encryption  
is overrated.
"""

Ugh.

The first claim -- the today's encryption is vulnerable to tomorrow's  
processing power -- is a common goof, which is easy to make by  
conflating historical failures of cryptosystems due to having too  
small of a crypto value with failures due to weak algorithms.   
Examples of the former are DES, which failed because its 56-bit key  
was small enough to fall to brute force, and the bizarre "40-bit  
security" policies of the U.S. Federal Government in the 90's.  An  
example of the latter is SHA1, whose hash output size is *not* small  
enough to brute-force, but which is insecure because, as it turns  
out, the SHA1 algorithm allows the generation of colliding inputs  
much quicker than a brute force search would.

Oh boy, I see that in the discussion following the article "Future  
Processing Power", the author writes:

"""
I don’t think symmetric ciphers such as AES-256 are under any threat  
of being at risk to brute force attacks any time this century.
"""

What?  Then why is he spreading this Fear, Uncertainty, and Doubt?   
Oh and then it gets *really* interesting: it turns out that  
cleversafe uses AES-256 in an All-or-Nothing Transform as part of  
their "Information Dispersal" algorithm.  Okay, I would like to  
understand better the cryptographic effects of that (and in  
particular, whether this means that the cleversafe architecture is  
just as susceptible to AES-256 failing as an encryption scheme such  
as is used in the Tahoe-LAFS architecture).

But, it is time for me to stop reading about cryptography and get  
ready to go to work.  :-)

Regards

Zooko
---
Tahoe, the Least-Authority Filesystem -- http://allmydata.org
store your data: $10/month -- http://allmydata.com/?tracking=zsig
I am available for work -- http://zooko.com/résumé.html

More information about the tahoe-dev mailing list