Lesson in a Haystack: Kerckhoffs' principle in action

In this second of two articles about the Haystack project designed to help Iranian dissidents and others fighting intrusive dictatorships, we follow the rise and fall of the project.

* * *

As described in a Sept. 13, 2010 review of the history of Heap's efforts by Jillian C. York entitled "Haystack and Media Irresponsibility," there was a flurry of enthusiastic reporting about the goals of Haystack. For example, Maggie Shiels, Technology Reporter for the BBC News in Silicon Valley, quoted Heap and Colascione extensively in a complimentary interview ("On Iran's virtual front line") published Aug. 6, 2009 on the BBC News Web site; the two idealists spoke at length about their commitment to freedom, making a difference, changing the world, and good vs. evil. 

She also quoted Heap as saying, "It's completely secure for the user so the government can't snoop on them. We use many anonymising [sic] steps so that identities are masked and it is as safe as possible so people have a safe way to communicate with the world."

The Guardian named Austin Heap its prestigious "Innovator of the Year" for 2010.

On Sept. 9 2010, Evgeny Morozov posted "One week inside the Haystack" in Foreign Policy magazine. He challenged the security claims of the Haystack project and provided strong criticism of the failure of the project to publish its source code or publish results of security testing.

The next day, according to Morozov, Haystack issued a promise that "Haystack will not be run again until there is a solid published threat model, a solid peer reviewed design, and a real security review of the Haystack implementation."

As of this writing in mid-September, Haystack has been shut down: "We have halted ongoing testing of Haystack in Iran pending a security review. If you have a copy of the test program, please refrain from using it." The BBC News Technology page and blogger John Graham-Cumming published interesting analyses of the situation. For a brief radio piece about media involvement in the debacle, you can listen to National Public Radio's On the Media program for Sept. 19, 2010 where there's a 10-minute piece called "After Haystack: Speech and Privacy Online."

Concluding comments: Just last week, in my introduction to information assurance class, my students and I were going through an introduction to principles of cryptography. Slide 17 is about Kerckhoffs' Principle (see Bruce Schneier's 2002 discussion of this topic), which is often summarized as "The strength of an encryption algorithm does not reside in the secrecy of the algorithm." And the corollary: "The strength of an encryption algorithm is not measurable unless the algorithm is known."

Slide 18 of my notes is entitled "Dangers of Proprietary Algorithms" and the details are as follows:

Therefore beware of secret, proprietary algorithms

• Many amateurs have failed utterly to defeat cryptanalysis

• Must demonstrate that even with knowledge of the algorithm and even knowledge of a plaintext & ciphertext sample, still too expensive to decrypt general ciphertext to make cryptanalysis worthwhile

Hmmm: the experts have a point. I'm sorry that ignoring it endangered Iranian dissidents.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)