Image of the glider from the Game of Life by John Conway
Skip to content

Sufficient Paranoia

With all the recent revelations about the NSA violating United States citizen's 4th amendment rights with their warrantless wiretapping, and now the news of Silk Road being taken down, and the NSA trying to crack Tor (it won't happen- I trust the mathematics), I thought now would be a good time to discuss the concept of healthy, or sufficient paranoia.

I am a system administrator by profession. I have certain levels of fears that make sure I don't make a mistake:

  • I assume that installing new software will break something.
  • I assume upgrading the BIOS will brick the hardware.
  • I assume the hardware firewall will fail.
  • I assume hard drives will fail.
  • I assume the janitors have installed a key logger on my machine.
  • I assume walking away from my machine, means my coworkers will want to hack my Gibson.
  • I assume backups aren't working

As such, I take the following measures:

  • I have a backup of the data.
  • I have a disaster recovery plan to take out the old drives, and put them into new hardware.
  • I have redundant software firewalls installed on all my boxes.
  • I have redundant drives, and I have a backup of the data on those drives.
  • I run visual checks to make sure no new hardware has been added.
  • I always lock my workstation. Always.
  • I test restoring data, even when I don't have to.

There's other paranoia that I have. These things keep me in check. They help me sleep at night. Once, I heard a story from my scout leader about always being prepared. He shared the story like this:

It was at the annual county fair, and farmers from far and near had come to exhibit their harvest and to engage hired hands for the next year. One prosperous farmer came across a husky lad and asked: "What can you do?" The answer: "I can sleep when the wind blows." With such an answer the farmer turned and started to walk away, perturbed at the impudence of the man. But he turned again and asked: What did you say?" "I can sleep when the wind blows." "Well," said the farmer, "I don't know what that means, but I'm going to hire you anyway."

Winter came, followed by the usual spring, and the new hired hand didn't show any particular signs of extra work, but filled the duties of his work as most others would have done. And then one night in early summer the farmer noticed a strong wind rising. He dashed to the hired hand's quarters to arouse him to see that all the stock was properly cared for. There he found the hired hand asleep. He was about to awaken him, when he remembered the boy's strange statement. He went to his barns and there found all his animals in their places, and the doors and windows securely locked. He found the haystack had been crisscrossed with heavy wires, anticipating such a night, and that it would weather the storm.

Then the farmer knew what his hired man meant when he gave as his only qualification, "I can sleep when the wind blows."

I'm sure you've heard similar versions of this story. It has a lot of applications, including sufficient paranoia. The hired assistant kept realized the fear of lost of dead animals. He understood the fear of haystacks blown away with the wind. He knew what flooded barns and stables meant. He had sufficient paranoia, that in the worst of cases, he was prepared. However, not only was he sufficiently paranoid, but his paranoia likely lead to a behavior that most would consider odd.

The same can be said for security. I cryptographically sign all of my emails with my GPG key. I have been doing this since 2005, and I don't see any need to stop now. I've been asked about it many times. My response is always the same: "If you receive an unsigned email from me, then you should question the authenticity of the sender." Of course, it's their duty to verify the signature is valid. I've done my duty by signing them. And what happens when I appear in front of a judge in a court of law, and an email claiming to be sent from me is called into question? I can show with unwavering consistency that I have signed every email since 2005, which would then call into doubt the email in question, if that email is not cryptographically signed. Innocent until proven guilty.

I recently did an audit on all my account passwords. Not only is every account a different, truly random password, but I make sure that the entropy of every passwords exceeds 120 bits, where possible. Further, every account uses a password I know from my password card, as well as a long password I don't know from my Yubikey. So, I have two-factor authentication for every account, where possible. Given what I know about password cracking, this is good security, for very little cost. Not even my wife knows my passwords (which could prove to be difficult if I die).

I even have a different SSH key for every computer, and each SSH key is encrypted with a different password. I encrypt the SSH key with SSL, instead of the default encryption OpenSSH uses, to slow down offline passphrase attacks.

I don't recycle my shredded paper. Instead, I use it as kindling for my parents fireplace during the winter. I've also used it as mulch for our small box garden in the back yard, and our flower garden in the front. If it gets thrown away, I do it in sections- thoroughly mix the shredded paper, and throw away 1/10th of it one month. Then 1/10th the next month, at a different location. Et cetera. I'm paranoid that someone at the land fill is going through the garbage, looking for freebies. The last thing I want is my bank account number found (although improbable given my super awesome paper shredder).

I use Ghostery and AdBlock as necessary extensions for my browsers. When I don't have control of the computer, or the network, I use a browser on a USB thumb drive, in private browsing mode, connected to either an SSH or Tor proxy, including proxying DNS, and I never view Flash media.

Whenever I walk away from my computer, I make sure I lock the screen, pull my Yubikey, and put it in my wallet. Yes, it's trivial for someone to take the contents of the key while I am away, and it's just as trivial for me to take my Yubikey with me when I leave the keyboard.

I run an encrypted filesystem on my computers and servers. For sensitive data, I keep those GPG-encrypted in an eCrypftFS mount, which is also two-factor password protected. I can give law enforcement what I know, without needing to tell them about what I have, without compromising the system.

There are many other things I do, such as not divulging private details of personal things over SMS or IM, or sometimes, even over voice. I always lock my doors, even if I'm occupying the space. When in crowded environments, I put my wallet in my front pocket, under my hand. I could go on and on.

I do these things, because I have what I call "sufficient paranoia". It's just good security practice. Does it make me look crazy, even to my coworkers? Of course. Am I worried that the NSA has bugged my house, or my wife is a secret spy? No. I maintain balance.

We don't know what the future will bring. We don't know if tomorrow, it can be proved that P = NP, and all cryptograhpy falls apart as a result. We don't know the full extent of the NSA illegal spying. We don't know when Google is breached, and all accounts are sold to the highest bidder. We can't control these things. What we can control is how to be prepared for them. We can control a certain level of paranoia that keeps everything in check.

Sufficient paranoia.

{ 6 } Comments

  1. Anonymous using Firefox 24.0 on Ubuntu 64 bits | October 5, 2013 at 12:46 am | Permalink

    s/We don't know when/We don't know since when/

  2. s3hh using Firefox 24.0 on Ubuntu 64 bits | October 5, 2013 at 9:41 am | Permalink

    It sounds like you're using the yubikey to print out a static passphrase. I assume you know this - and it may not work depending on the devices you need to use it with - but you can also use the yubikey in challenge-response mode so you input a secret password and get back a long string. That not only lets the string vary based on site (I realize you add a passphrase to it already), but makes a stolen yubikey less useful to the thief.

  3. Aaron Toponce using Google Chrome 29.0.1547.57 on GNU/Linux 64 bits | October 6, 2013 at 9:07 am | Permalink

    I'm familiar with challenge-response, but not how to get it functioning. If you have any guides you can point me to, that would be great.

  4. axel using Firefox 24.0 on Ubuntu 64 bits | October 9, 2013 at 2:35 am | Permalink

    For the “others left behind” problem, there a few approaches.

    Cory Doctorow has half of his private GPG key's passphrase with his wife and half with his parents's lawyer . In case of tragedy, they can combine both halves to get the key which presumably unlocks more things on his computer. (http://brian.carnell.com/articles/2009/cory-doctorow-on-real-world-key-escrow/)

    I've been interested in trying SSSS out. (http://point-at-infinity.org/ssss/)
    It lets you split a secret in as many part as you want, with as many parts needed to reconstruct the secret as you see fit.
    Leave an encrypted version of your key with a crazy passphrase to a trusted friend or two, split the passphrase say in 8, and require at least 4 people to be able to retrieve it.
    Or do the same for your LUKS passphrase, which will let your nearest and dearest unlock your computer / backups and retrieve necessary info.

    On that respect, do you use a password manager? You mention long and truly random passwords, I assume you don't remember them all by heart?

  5. s3hh using Firefox 24.0 on Ubuntu 64 bits | October 11, 2013 at 6:35 am | Permalink

    Sure, I originally described how to use the yubikey challenge-response mode for passphrases here: http://s3hh.wordpress.com/2011/10/28/personalizing-yubikeys-for-passphrase-management/

  6. s3hh using Firefox 24.0 on Ubuntu 64 bits | October 11, 2013 at 6:36 am | Permalink

    BTW, thanks for this post. Just as I need to read fitness magazines to get psyched about working out, I need occasional posts like this to remind me about the bits I've gotten lazy about. And there are always more than one of those...

Post a Comment

Your email is never published nor shared.

Switch to our mobile site