Uncategorized

Sending a sensitive file, one that should be encrypted, amongst Linux and OSS geeks is doable. Most have heard of PGP, many have a GPG key (here is mine) and some even use it.

Sending an encrypted file to most people is a non-starter. The software may be there (Outlook is S/MIME capable), but the knowledge and the experience definately isn’t. Which is a shame, because I’d like to have my bank statement securely sent to my email account.

PGP Desktop has a feature called the Self Decrypting Archive. To quote the PGP Command Line for Servers FAQ:

A Self-Decrypting Archive (SDA) is an executable containing a file that has been encrypted using a passphrase. A recipient of an SDA runs the executable and enters the passphrase to decrypt the file.

SDAs are an attempt to make encrypted email easier, by making decryption far easier for the recipient. However, Self Decrypting Archives are fundementally insecure. Here is how they’re meant to work:

1. Alice runs PGP Desktop to encrypt a sensitive file, so she can send it to Bob.
2. Bob doesn’t have any encryption software, so PGP Desktop encrypts the sensitive file and appends it to a small decryptor program. The decryptor + sensitive file is the SDA.
3. Alice sends the SDA to Bob, attached to an email. Over the phone she tells him the encryption key.
4. Bob receives the email, and runs the SDA.
5. The SDA requests the decryption key, and decrypts file for Bob.

That sounds great. Alice can encrypt files, send them securely to Bob, then he can decrypt them. Bob doesn’t need any encryption software installed.

Here’s the problem: Bob is running an unverified program. Supposedly it’s from Alice, but he can’t be sure. This is exactly how email viruses spread. Bob cannot trust the SDA, since he cannot be sure what he received was really sent by Alice.

Could Alice sign the SDA, including the decryptor program? Yes, but it won’t help.

All Bob has to verify Alice’s signature on the SDA, is the decryptor program in that same SDA. Here’s how Mallory, an attacker can subvert this:

1. Alice sends the encrypted, signed SDA to Bob, and tells Bob the encryption key
2. Mallory  intercepts the email, replaces the decryptor program with his own. He sends the modified SDA on to Bob, spoofing the from address.
3. Bob receives the email, and runs Mallory’s SDA.
4. Mallory’s decryptor, running on Bob’s machine fakes a signature verification.
5. Mallory’s decryptor requests the encryption key and decrypts the file for Bob. It also sends the decrypted file back to Mallory, and installs a back door on Bob’s computer.

The bottom line, is that you and I must be able to trust our encryption software, or the encryption is pointless. For that we must be able to verify we got it from a trustworthy source. Unsigned email, or email that verifies it’s own signature, cannot be trustworthy.

I have no evidence, and it’s wishful thinking more than anything. However, I predict that just before the expected release Microsoft will reveal Windows 7 is to be a free upgrade for Windows Vista users.

P.S. If you have any trouble posting a comment to this blog, please let me know on alex@moreati.org.uk.

Slashgeo have noted the release of Deep Zoom in Javascript aka Seadragon, by Microsoft. Deep Zoom allows one to deliver a very high resolution image over the web, with pan and zoom. Only the portions viewed are download, so bandwidth usage is minimised. Until now Deep Zoom was Silverlight only.

It works similarly to OpenStreetMap, Google Maps or Live Search Maps. A large image is transformed into a ‘pyramid’, by generating lower resolution versions (e.g. full, ½, ¼, ⅛ …) and stacking them until a peak is reached. Each level is cut into square tiles, which are stored individually in a known hierarchy. The pyramid generation is similar to mip-mapping.

The image might be satellite or aerial photography, a scanned map, a legal document, medical imagery (e.g. a smear test or x-ray) or any highly detailed photograph. Deep Zoom joins a collection of platforms and technologies that perform a similar role, which I’ll briefly summarise. More >

• The XBox 360 (Xenon), Wii (Broadway) and Playstation 3 (Cell) all use an IBM licensed PowerPC CPU.
• The Ubuntu spell-check dictionary includes ‘SPARCstation’, but not ‘PlayStation’.
• YSlow rocks.
• Users of IIS should not believe the official docs on HTTP Compression, instead go to Coding Horror.
• MythTV has a several second delay, changing between live channels, the delay is inherent to the architecture.
• FreeView are renumbering their channels and apparently removing friendly channel numbering from their broadcasts, in favour of firmware updates.

In Fitts’ Law and Minimalism vs GTK+ and Qt I complained about the excessive use of borders and padding in GTK+ and Qt. Here’s what I’ve got so far (click for unscaled versions):

Although work in progress still, I think the window looks cleaner already. Most importantly the chat history scrollbar now lies flush with the window edge. To achieve this, I’ve created a customized gtkrc and made a small patch for pidgin.
More >