Conversations about life & privacy in the digital age

Ask American computer security expert, Jon Callas

You know that crazy interview question, “If you could have dinner with any famous person, living or dead, who would it be?”

Well, someone the other night answered, Jon Callas. Perhaps there are several of you out there with interest in the world of cryptography and information security and would also enjoy the opportunity to ask him some questions.

While we can’t set up a dinner meeting between you with Jon, we can pass along your questions. Jon has graciously granted us the opportunity to send over our readers’ most burning questions for him to answer.

Take the weekend to submit your questions in the comment section and the folks over here at SpiderOak will pick the best 10 to be submitted to Jon.

Who knows, maybe you’ll get a dinner out of this afterall…


  1. Doug Fort says:

    From Ars Technica:

    Google is upgrading the digital certificates used to secure its Gmail, Calendar, and Web search services. Beginning on August 1, the company will start upgrading the RSA keys used to encrypt Web traffic and authenticate to 2048-bits, twice as many as are used now.

    Is this absurd overkill? Is it enough? Should everyone start using 2048 bit RSA keys?

    • Jon Callas says:

      I don’t think it’s really absurd overkill — in this case.

      We security people collectively have decided that it’s time to phase out 1024-bit public keys. NIST (the US National Institute of Science and Technology) set a phase-out date of the end of 2010. Many people didn’t make that, so they held their nose and revised it to the end of 2013.

      The question is what key size to upgrade to. 2048 bits is a natural size to upgrade to, especially for a key you’re going to use for a while, like a web site certificate. If you’re going to change them often, then 1536, or even 1280 would be a good size to go to.

      In reality, 1024-bit keys haven’t fallen as quickly as we thought they would. But advances in cracking come when they are ready not us. If someone published a new technique tomorrow that worked on 1024-bit keys, the odds are that it would apply to larger keys, just slightly less well. You might then regret using a short size. Google has a lot of servers with SSL certificates on them, and if they had to change them all in a hurry, that would be annoying. They want to keep any given key around for a handful of years.

      There’s also a secondary effect here, which is that people tend not to upgrade keys because some software doesn’t support it, but then the software doesn’t get upgraded because there are no longer keys in the wild. This gives a vicious circle. Someone has to move first, and it’s good for Google to force the issue.

      In other cases, it might not matter so much. For example, I was the crypto guy on the DKIM standard for email authenticity. We intentionally designed DKIM to have low crypto requirements. Any given DKIM key only has to be valid for a short amount of time. An email typically remains in flight (out of the sender’s hand, but not yet on the recipient’s servers) for a few days or a week at most. The vast majority of emails are in flight for mere seconds. Furthermore, DKIM signatures are low-value, and the cost of having one break is low. So you can run your DKIM system closer to the hairy edge of insecurity than you’d want to run an SSL system. Now, if I were a large bank, I might respectfully disagree with that assessment of DKIM. But if I were Google, Yahoo!, or someone else who gives out email accounts to anyone who just asks, I might cheapen up on DKIM keys where I wouldn’t on SSL.

  2. Peter says:

    As an expert on encryption do you see a natural relationship between encryption and the law? What’s your stance on how encrypted data should be treated when there’s no idea what it may contain? In some countries there are what I consider very severe key disclosure laws and I wonder if there will ever be a duress scheme or method of deniable encryption that could be so perfect as to make the laws moot.

  3. Erin says:

    Cool! I’d want to know:

    1. How did cryptography make its way into your life and path?
    2. What do you think is the future of cryptography as we know it? Are there any trends you’re seeing, encouraging or discouraging?
    3. What are you working on right now that has you the most excited?
    4. What kind of impact do you hope to leave with Silent Circle?
    5. What is your favorite movie?

  4. After having the pleasure of being in and around this industry for awhile now, I have contended that cryptographers are born and not made. I would be curious to hear Jon’s reaction to this statement and when perhaps he knew he was destined for cryptography?

    • Jon Callas says:

      I think that with everything, there’s a mix of nature and nurture, or talent and practice.

      Just about anyone can be taught to assemble words into sentences, sentences into paragraphs, and paragraphs into essays. But not anyone can be a good writer. On the other hand, someone with raw talent who doesn’t practice isn’t going to become a good writer either.

      I think there’s definitely a talent, and there’s a skill to crypto and security, and there’s practice. I also think that it’s something that’s best done in a team. There’s so much to doing crypto these days that you need different talents. Think of it as being like putting together a rock band. You might be able to do it all yourself, but it’s probably going to sound better if you get other people to work with you.

      When we put together the Skein team for the SHA-3 competition, there was a lot of assembling the team because of talents, and there was both overlap, but a place where every one of us was more of an expert than the others. It’s like the way you’d put together a good band. It’s great if your bass player can also play drums, but it’s better to have a drummer who is a better drummer than your bass player. All of that turns into each individual’s particular mix of talent and experience.

  5. Thomas says:

    Can you trust cryptographic software that is not open source? What should the producers of this software do at minimum to dispel doubts (assuming they do not want to publish all of their code)?

  6. Colossus says:

    Given the advancements in current GPU technology, such as OpenCL Compute units, parallelization, and increasing transistor count. Do you think it’s possible for some of these 1 million square foot data centers, that draw upwards of 65 Megawatts at any given moment, be able to decrypt a 128bit AES ciphertext message using RSA keysize of 2048bits in any reasonable time frame?

    Do you think these massive GPU farms will accelerate the need to adopt larger key sizes?

  7. Edwin says:

    I want to protect my Mac from malware. Are the 2 greatest malware delivery systems: 1) email attachments and 2) malicious websites? Why is it that the act of opening attachments is susceptible to launching malicious code and, more importantly, why is it not possible to intercept the execution of malicious code in an attachment via anti-malware software? There aren’t that many types of attachments to worry about (mostly PDFs and JPGs, some Word, Excel, then miscellaneous). How is the act of simply opening or previewing an email usually safe from malicious code? What are your recommendations for protecting against malware infection? John Seabrook’s recent New Yorker article “Network Insecurity” gives the impression it’s practically hopeless.

  8. Michelle says:

    Given that cryptography is a complicated topic, what advice would you give to the average consumer when purchasing new products? What should people look out for as it relates to information security and privacy?

  9. Keith says:

    User passwords are often the weakest link in the encryption process. What password length do you recommend and do you think encryption software that combines one or more ‘keyfiles’ with a user password, significantly helps to improve what otherwise might have been a week password? An example of a keyfile could be a compressed .mp3 music file, for example.

  10. I was recommended this website by my cousin.
    I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You are amazing! Thanks!

  11. Anonymous says:

    Just read some of Jon’s responses on this page. I wanted to thank him for taking the time to answer our questions. I’m glad I checked this page again and saw Jon’s answers!