20 September 2015

The case for symmetric encryption

There are circumstances when symmetrical encryption, that is where both sender and recipient use the same secret key to encrypt and decrypt messages, is the most practical and safest method for encrypting email.

Whenever a message sender, who is known by cryptographic custom as Alice, wishes to write an end-to-end encrypted email to a recipient, customarily known as Bob, one of two cryptographic systems can be used.

The simpler is symmetric encryption in which Alice and Bob have a single secret key, which is used by both of them to encrypt and decrypt messages. The obvious shortcoming of symmetrical encryption is that before Alice and Bob can email, they need to meet up – or have some other safe channel – through which to communicate the secret key. Asymmetrical encryption solves that problem. Both Alice and Bob have two mathematically related keys, one private one public. For Alice to send Bob an encrypted message she ascertains his public key and encrypts her message using it. The message can only be decrypted using Bob's private key, which he keeps secret and safe.

It would seem, then, that asymmetrical encryption, involving no prior secret exchange of keys, enjoys a clear advantage, and for many purposes it does. But there are a number of things that can go wrong with asymmetrical encryption, which can't happen with symmetrical encryption – or at least can’t happen when the secret symmetric key is agreed face-to-face. Let us look at what can screw up with asymmetric encryption:

1. Alice is sending Bob a message encrypted with Bob's public key. However she needs to authenticate it; i.e. prove the message is from her. Precisely because Bob's public key is public anybody could encrypt a message using it and then impersonate Alice. To prevent that, Alice “signs” the message using her own private key. To decrypt the message Bob uses his private key; and to verify the authenticity of the message he needs Alice's public key. The difficulty is solved, but only at the expense of complexity. With symmetric encryption signing and verification are not necessary because the ability to encrypt and decrypt using the single secret key is proof of authenticity.

2. Before Alice can email Bob she needs to find Bob's public key, which may be on his website or in some other public place. But how can Alice be sure that the website or key server has not been tampered with, and that she is not encrypting the message with a key that can be read by somebody else? Equally, when Bob needs to find Alice's public key from a public place to verify the message, how can he know it is genuine? If Alice and Bob had agreed a symmetric key face-to-face the issue of tampering and impersonation would not arise.

3. It could happen that Alice or Bob believe that their private key is no longer secret and safe. If someone else had acquired it, all his or her incoming mail could be read, but revoking the key from a public place is not easy. To be successful, everyone who has or might use it needs to know of the revocation and of the replacement. With symmetric encryption, compromising one key only affects the two parties involved; they can then easily set up a new key – and maintain different levels of security for each key used with different people. Alice's communication with Bob can be kept more securely than her communication with Bill, for instance.

Asymmetric public key encryption therefore brings with it a number of difficulties not suffered by symmetric encryption. The sole disadvantage of symmetric encryption is that Alice and Bob need to agree a secret key face-to-face or through some other safe channel. But in many cases that it is no difficulty at all. It may well be that Alice and Bob meet in person as well as send emails. Alice and Bob could be lovers, or they could be members of a political action group which is under surveillance by security agencies. There is no safer form of email encryption than for Alice and Bob to meet, agree a twenty-character long password consisting of random numbers and letters, and for both of them to keep it secret and safe and to use it to encrypt and decrypt their text emails.

13 September 2015

Jeremy Corbyn's stunning victory

The stunning victory of Jeremy Corbyn in the Labour leadership election on 12 September 2015 has changed the political game for the Left

One of the advantages of being a rather insignificant person is that I can be wrong about things without it having any great significance. I was among those who didn’t believe until it actually happened that the bureaucracy of the Labour Party, probably in cahoots with the security services, would allow Jeremy Corbyn to be elected leader of the Labour Party. But fortunately from my point of view the Labour Party bureaucracy screwed up to an extent that nothing could help them.

Ed Miliband thought that widening the leadership franchise to one-person-with-three-quid one vote would excite Britain’s middle class into choosing between a handful of New Labour politicians, and so bring them over to Labour. It failed: progressives and working people took up the offer and used it to batter New Labour. Then Labour MPs miscalculated in nominating Corbyn, thinking that a defeated left in the party would be better than facing a challenge to Labour from outside. But very soon they then had to contend with the fact that Corbyn was not about to be defeated. And even though they responded by disqualifying thousands of Labour supporters with the sole purpose of denying Corbyn votes, they failed to prevent his election. Corbyn won among party members, affiliate organisation members and registered supporters. And all together he won a stunning victory garnering just under 60% of the vote.

And I was wrong too about the Labour Party. I wrote recently: “[Since the 1990s] The Labour Party has swung to the right, and under the label of New Labour became a mere adjunct of capitalist power, while jettisoning any meaningful attempt to reform capitalism or the British state in a progressive direction. By the end of the 1990s, even before the Iraq War, I ceased to identify with Labour, and saw the way forward - if there were one - as outside the Labour Party.”

So I was wrong again. The election of Jeremy Corbyn with a quarter of a million votes is the greatest victory for the left since at least the defeat of the poll tax. But the way ahead is difficult. Not only will Corbyn face an onslaught from the media and the wider establishment, but also Labour MPs and and party bureaucracy will do what they can to undermine him. But all that underlies the key point: the coming political fight is now inside the Labour Party not outside it fiddling around in left groups. To the extent that parties like Left Unity played a role in bringing about Corbyn’s victory it won, but it no longer has a meaningful role opposing Corbyn’s Labour - certainly not in putting up a Left Unity candidate in Islington North.