NordVPN Promotion

Home / Blogs

Cryptographic Catastrophe Theory

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Technologists and law enforcement have been arguing about cryptography policy for about 30 years now. People talk past each other, with each side concluding the other side are unreasonable jerks because of some fundamental incompatible assumptions between two conceptual worlds in collision.

In the physical world, bank branches have marble columns and granite counters and mahogany woodwork to show the world that they are rich and stable. This works because that kind of building is slow and expensive to construct. Even if something with marble and mahogany is not exactly a bank, it is still likely to be rich, stable, and bank-like. But on the Internet, whatever a bank can do on their website, bored teenagers in Moldova can copy, which is one of the reasons we have so much phishing. People’s assumptions about what banks look like not only fail, but they don’t fail a little bit; they fail catastrophically.

In the physical world, when things fail, they tend to fail gradually. It is not surprising when a building has leaks and cracks, but very surprising when it collapses. Pre-computer security models generally failed a little bit, too. If the law says you need a court order for a wiretap, and someone lies to a judge or sends the phone company a forged order, that lets them tap one line, not the entire phone system.

But in software, catastrophic failure is normal. Software security breaches don’t just disclose one or two account credentials; they leak every user’s credentials. They don’t give the attackers access to one customer’s network; they get into every customer’s network.

Cryptographic software has the same problems as any other software. Decades of effort have told us that cryptographic software can fail and if it fails, it is likely to fail catastrophically.

This is where the talking past each other happens. Law enforcement people who want back doors or lawful access or whatever it’s called these days, have a wiretap mental model. There are rules to control who gets to use the back door. They will mostly work, and the costs when they don’t are contained. So it’s a small decrease in security, a reasonable tradeoff to fight all that crime.

We, software people, have the catastrophe model. If you build a back door into your device, the system will always be one disaffected clerk or one misconfigured server away from hostile private and state actors being able to open that back door anywhere, any time, a catastrophic failure. Personally, I think that’s a much more likely scenario.

It’s not like we haven’t tried to explain this, but the people who believe in the wiretap model believe in it very strongly, leading them to tell us to nerd harder until we make it work their way, which of course we cannot.

I don’t see any way out of this impasse, which does not mean I am ignoring or minimizing the issues that law enforcement is trying to deal with. But compromise with catastrophe just doesn’t exist.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

NordVPN Promotion