Tuesday, November 16, 2004

Strong Names, what are they good for?

Recently Valery responded to one of my comments on the Microsoft's security newsgroup. It gave me a whole new perspective to think about on the concept of Strong Names and how useful they are:

Strong names are not security related! Stop relying on them for security
reasons and view them only for the purposes they were invented at the first
place - versioning. period.
There are plenty ways of stealing private key. Watching spreading rate of
malware and spyware suggests that stealing private key from personal
computer is trivial task at least on 90% of installed Windows base (refer to
the recent publications with claims* that at least 90% of Windows users have
spyware running on their computers). That will fall even to the script
kiddies.
If we go further - very few could actually handle their private keys good
(if you ask me - I can't handle my private keys). For handling private keys
well (like for example Verisign or Microsoft handles their pks) you would
need tempest protected hardware setup in highly electromagnetically isolated
location guarded with strong locks and live guards. Electromagnetic
radiation, processor heat, power consumption, operation timing and even
sound produced by processor - all that was shown to be able leaking private
keys to adversaries.
No system may be considered secure as long as it doesn't mitigate known
security threats. And strong names used for security reasons do nothing with
regards to key management and key revocation protocols. Leaving key
management and key revocation protocols for in-house implementation would
inevitably lead to security weaknesses.

[*] Even so I refer to 90%, but I believe that claim is quite questionable,
but even halving it to 45% still presents quite threatening picture.

P.S. I have several "strong names " related posts in my blog - if you
interesting you can simply search my blog for strong names.

No comments: