I’m struggling to understand how a 1-bit hash error can get irreversibly incorporated into CT, while all the blockchains of the world hum along happily. groups.google.com/a/chromium.org…
The problem here is not that a hash can be corrupted, because that happens. The problem is that somehow the totally “breaks” the CT log? Seems like an avoidable design error. But it’s early and I’m still drinking my coffee.
Anyway, it seems to me that every cryptographic system should be built with the assumption that something (memory, network, 56K phone modem) will introduce errors, and the system will detect those errors — but not by exploding.
I wonder if anyone calculated the mean-time-to-hash-error before deploying CT. Using conservative assumptions about deployment of ECC RAM, etc. Are we way outside the expected range now?
In any case: someone down in comments points out that log failure is supposed to happen, and that there are lots of logs so this is NBD. I’m open to that perspective — but I’ll be honest it still makes me nervous.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

6 Jul
I was going to laugh off this Kaspersky password manager bug, but it is *amazing*. In the sense that I’ve never seen so many broken things in one simple piece of code. donjon.ledger.com/kaspersky-pass…
Like seriously, WTF is even happening here. Why are they sampling *floats*? Why are they multiplying them together? Is this witchcraft? Image
And here, Kaspersky decided that instead of picking a random password, they should bias the password to be non-random and thus “less likely to be on a cracker list”. 🤦🏻‍♂️ ImageImage
Read 11 tweets
16 Jun
This is an amazing paper. It implies (with strong statistical evidence) that the design of a major mobile-data encryption algorithm — used in GPRS data — was deliberately backdoored by its designer. eprint.iacr.org/2021/819
The GPRS standards were extensions to the GSM (2G/3G) mobile standard that allowed phones to use data over cellular networks. This was before LTE. For security, the standards included encryption to provide over-the-air security for your data. 2/
As is “normal” for telephony standards, the encryption was provided by two custom ciphers: GEA-1 and GEA-2. While there were strong export control regulations in place for crypto, there’s little overt indication that either of these ciphers was deliberately weakened. 3/
Read 14 tweets
14 Jun
My wife has upgraded both dogs to have a Tile and an Airtag each. I think she’s worried about lack of Android support?
Our dogs are each dragging around enough microprocessor hardware to land the Apollo missions. Image
For scale: these are not large dogs. Image
Read 4 tweets
14 Jun
We appear to be in the “try to force it into Gmail” lifecycle phase of Google’s latest chat app.
This will be followed by two name changes and removal from Gmail, before Google kills it and we start the cycle over in about 18 months.
What even is this. Image
Read 4 tweets
12 Jun
Reporters: when Apple says it hands over “metadata”, ask them what the hell that means.
Every time you start an iMessage conversation with someone, Apple logs the phone number. That’s “metadata”.

Did Apple turn that metadata over in this case?
Ok, following some research. It appears there are three orders that courts/law enforcement can use to obtain metadata. This is complex. Sheesh. 1/
Read 12 tweets
12 Jun
This is where we’re at. The responsibility for fighting surveillance abuse falls to tech companies, because nobody even pretends that the Federal government and courts are functional moral actors.
I have to assume that right now Apple and other tech companies are developing procedures to identify subpoenas that are aimed at Congress, on the assumption that the DoJ can’t be trusted to tell them.
“Well, we only handed over metadata, not content.”

You handed over a list that could contain every phone number House Intelligence Committee members ever spoke to or texted with, and you think that makes it ok?
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(