Public-key cryptography should replace text passwords

The recent leaking of almost 10 million passwords from LinkedIn, eHarmony and Last.fm is unsettling to say the least, but it has left me wondering…why are we still using text-based passwords?

We already use public-key crypto to secure and authenticate our interactions with websites via SSL. It seems straightforward to have all computers, cellphones, etc. generate a public and private key per user, and then any website they wish to authenticate to can store the user’s public-key. This process is the same used to allow password-less logins to remote servers via SSH, and sites like GitHub and BitBucket already use this technique to authenticate their users for source version control. Proof of identity can be achieved via side-channel confirmation, using SMS confirmation codes, like many sites (including Facebook and Gmail) already do.

This would have some awesome benefits:

  1. People only need to remember passwords to their devices (computers, smartphones, etc.), which is a lot easier to remember.
  2. Users’s accounts at other websites would no longer be vulnerable when a website they use is hacked. There aren’t any passwords to steal! The only thing that could be compromised is their public-key, which is useless to hackers.
  3. Users wouldn’t need to create dozens of passwords to mitigate the risk of any one of their accounts being hacked.
  4. Hackers interested in getting at a person’s data would have to steal or hack an individual’s device in order to copy their private-key.
I am by no means a security expert, so maybe I’m missing something and I’d love to hear counter-arguments. But there is no such thing as perfect security, and I think that given the proper support from device manufacturers (Apple already does a great job with their keychain built into the OS), this could be a breeze to end-users and it would make everyone’s data a lot safer. Coupled with the ability to remote-wipe and track devices (like the Find My iPhone service), this seems like a no-brainer solution to a long-standing problem.

iPhone prices to drop on Verizon and AT&T?

It’s basically accepted as fact by now that the iPhone is coming to Verizon. When? Probably this Christmas, or early in 2011. The point is it’s going to happen, and when it does, things are going to get interesting.

AT&T is currently believed to be paying somewhere around $350-$400 in subsidy for each iPhone sold. That’s a nice, healthy chunk of change for Apple. Since AT&T has exclusivity of the iPhone, they have decided that this subsidy is an acceptable cost for the higher monthly service fees they receive from smartphone customers on their 2 year contracts.

Over on Verizon, there are now a bevy of Android based smartphones selling like hotcakes. Something more interesting is happening on the Android side though. Because there are so many handsets to choose from, you can get an Android phone for cheaper. Many Android handsets are priced below $99. The Motorola Droid has been out for only 9 months, and already is priced cheaper than at launch. Part of this is due to the Droid X’s release–only 8 months after the Droid. But the fact that Android handset makers need to be on a more aggressive release schedule is evidence of how hard they’re competing against each other.

Compare this to Apple. Their handsets don’t have to compete with other iOS based handsets on AT&T. As a result, Apple can keep their prices higher. Their latest iPhone model released every year in June has had the same price points: $99 and $199, since the iPhone 3G was released. They don’t have to drop their prices, because there’s no alternative iOS handset.

Will this change once the iPhone hits Verizon? I bet it will. How else can Verizon and AT&T compete for iPhone customers, if not on price of the handset? It makes more business sense to give customers a discount on the handset, rather than drop the price of service contracts. Dropping the price of the iPhone another $30-50 is a drop in the bucket compared to losing $10/month over the course of a 2 year contract. Despite the iPhone being available on Verizon and AT&T at that point, it’s not as though customers can jump ship to the other carrier–the cellular radios are incompatible.

When the iPhone comes to Verizon, expect to see the price drop. But this won’t affect Apple, mind you, they’ll get a slightly larger subsidy from the carriers as they compete for iPhone customer’s wallets.

Is Consumer Reports misleading the public about iPhone 4?

By now everyone in the world has heard that Apple’s shiny new iPhone 4 allegedly has a fatal flaw worse than the Death Star. Consumer Reports claims that their “engineers have confirmed that iPhone 4 has an antenna problem…” and that it “…really is only with the iPhone 4.”

Oh really?  Just watch this video I recorded this evening with the original iPhone 2G, on T-Mobile USA’s network:


Look familiar?!

Anand Lal Shimpi over at  AnandTech did quite a rigorous investigation into iPhone 4’s reception and observed that:

“squeezing it really tightly, you can drop as much as 24 dB. Holding it naturally, I measured an average drop of 20 dB.”

Interesting! I measured an average drop of 20 dB when holding my iPhone 2G naturally, as seen in my video above. But here’s the kicker from Anand’s research:

“From my day of testing, I’ve determined that the iPhone 4 performs much better than the 3GS in situations where signal is very low, at -113 dBm (1 bar)…I can honestly say that I’ve never held onto so many calls and data simultaneously on 1 bar at -113 dBm as I have with the iPhone 4, so it’s readily apparent that the new baseband hardware is much more sensitive compared to what was in the 3GS. The difference is that reception is massively better on the iPhone 4 in actual use.”

In my opinion–and I happen to be an RF communications engineer at one of the largest cellphone designers in the world–the only thing Consumer Reports really can say with certainty is that signal strength depends on a variety of factors, one of which is dependent on how a phone is held. Any smartphone, or really any radio for that matter, will have it’s performance affected by how the antenna is placed, held, etc. It’s irresponsible and dishonest for them to claim anything otherwise.

But wait a minute! Consumer Reports said that they tested the iPhone 4 in a “signal proof room” that simulates “real life conditions”! Before addressing that, some background:

Your smartphone, and the cellular tower (or “base station”) both are really just digital radios. When you make phone calls, you’re talking on a walkie talkie that digitizes your voice and sends it to the base station using radio waves. Once there, the base station relays that voice data through the carrier’s network to the phone on the other end of the call, and vice versa.

For this whole system to work, you need to have a certain amount of Signal-to-Noise ratio, or SNR, at both the smartphone, and at the base station. SNR is measured in dBm, or decibels referenced to one milliwatt (mW), which is the standard unit of measure for RF engineers. If your SNR drops below the level of sensitivity of either radio, packets (small chunks of data, i.e. your voice or network synchronization traffic data) start getting dropped. If SNR is too low for too long, too many packets are dropped (this is where your voice starts “breaking up”) and then the call is dropped by the tower if SNR doesn’t recover to a level above sensitivity so that you don’t end up consuming precious bandwidth and preventing others from making calls.

What can cause SNR to drop? A whole slew of things:

  • Distance from the cell tower
  • Interference from other radio waves
  • Attenuation from buildings, trees, trucks passing by, and how you hold the phone 😉
  • Multipath distortion (a phenomenon in radio communications where multiple copies of the signal sent bounce off of buildings, etc. and arrive at slightly delayed times, causing inter-symbol interference (ISI). Think of it as the radio confusing 0’s and 1’s, causing corruption in packets sent. Though 2G, 3G, and 4G technologies do have equalization circuits and forward-error-correction (FEC) circuits that can help combat this, it does require a stronger SNR that otherwise to help decode the bits sent over the air.

So, back to the “real life condtions” in Consumer Report’s “signal proof room.” The room they’re referring to is what’s known as a screen room. In their video, they claim that this environment simulates “real life conditions”. No it doesn’t! Screen rooms are designed to test radio performance while ignoring real-life issues, such as multipath, deep fades, interference, etc.

Does shorting the two antennas together cause a degradation in the performance of iPhone 4’s antenna? Sure. Does holding any phone change the performance of the antenna? Absolutely. Is the iPhone 4’s antenna a flawed design? Absolutely not. Could it be better? Definitely…but so can anything. Anand does suggest that Apple should “add an insulative coating…or subsidize bumper cases”. I’m not sure I agree, at least not yet. Depending on how Apple designed their antenna and radio front end, they could improve radio performance with a software update–I’ve implemented algorithms that did precisely this.

All in all, it seems clear that Consumer Reports didn’t prove anything is “flawed” with the iPhone 4, and acted irresponsibly in making the claims they did. The evidence they gave doesn’t support their claims, and was more smoke and mirrors than concrete information. It’s going to be difficult for me to trust their reviews of products in the future. As for what Apple does next, stay tuned for their invitation only press conference, scheduled for this Friday.

Verizon-Motorola Decide, “We don’t need females to buy the DROID”

If you’ve seen the latest salvo by Verizon’s marketing ‘geniuses’, you’re led to believe that only girly-girls buy iPhones. Apparently if you want to be a man, you need a DROID.

If you thought past TV spots for the DROID were bad, check out the latest. You’ll swear you can hear the ‘Team America, World Police’ theme song in the background.

This ad campaign seems hellbent on condemning the DROID to be a niche device rather than one with consumer mass-appeal. No wonder rumors of Google launching their own phone had everybody buzzing over the weekend. There are too many niche devices emerging on the Android platform, and Google is rapidly turning into the Microsoft of smartphones by providing the OS to hardware manufacturers but not launching any devices themselves.

It’s not clear that replicating a Microsoft business model will be profitable for the likes of Motorola, HTC, et. al. Just look at what has happened to PC margins over the past few years: you can go buy a netbook for $200 at razor-thin margins to the manufacturer, yet Apple continues to grow their laptop and desktop market share while commanding margins in excess of 30%.

Google may not be a hardware company, but Motorola better hope that they’re not thinking, “oh this is why Apple made their own phone.”

Can the Pre really save Palm?

Well, Sprint has hopped on the touchscreen bandwagon in a last-ditch effort at mitigating their churn rate. They’ve entered into an exclusive agreement to sell the Palm Pre, Palm’s last-ditch effort at avoiding the use of past-tense in their Wikipedia entry. Are you noticing a trend?  The term “Hail Mary” comes to mind.

To be honest, I was pretty excited about the Palm Pre.  After all, it won the Best of CES 2009‘s “Best in Show” award.  The design was headed up by an Apple veteran, Jon Rubinstein. It sports a brand new OS, WebOS, which if it is as good as it sounds, is a huge plus.  And (control yourselves), it can multitask.

And who can deny, it looks beautiful in all the pictures!

Hey there sexy ;-).
Hey there, sexy ;-).

I mean, jeez, I want the phone just to hold in my hand.  The screen looks so big, bright, and beautiful.  Goodbye iPhone!  Helloooooooo Pre!

I walked into the Sprint store yesterday afternoon, after eating Chipotle for probably the 5th or 6th time in a week (it’s only an addiction if you don’t admit you’ve got a problem, I admit it openly).  I saw it there, on it’s wireless charging pedestal, practically floating like the magical amulet that those crazy unicorns are after.  I walked right up to the demonstration model of the Pre and took it into my hands.  And…

WTF.

I have never been so misled in my life about a piece of technology.  The Pre is a Preice of shit.  First of all, it’s screen is not as big as the iPhone’s, despite many of the pictures floating around on the web.  Exhibit A:

Objects in image may not be the same size as they appear.
Objects in image may not be the same size as they appear.

Head on over to Gizmodo’s Smartphone Comparison to see the real thing side by side with the iPhone.  The iPhone’s screen is 3.5″, the Pre’s is 3.1″.  That may not sound like a lot, but there’s a reason all of the icons on the Pre are tiny.  That screen real-estate does matter.  I wouldn’t have thought so, but as I was playing with the Pre in the Sprint store I started to feel honestly claustrophobic (something I never feel), and it wasn’t because the store was crowded–the Pre’s user interface was.

Next, usability.  I couldn’t figure the damn thing out.  I am a hardware engineer, with software experience as well, and I hate having to read instruction manuals.  I usually don’t need to, in fact ever since I was little I could always figure out electronics without them.  The Pre stumped me.  I even sat through the incredibly condescending “Demo” the phone had on it to teach me how to use it.  Isn’t the point of multi-touch screen phones to not need to learn how to do anything?  Shouldn’t I just touch what I want (giggle)?  I didn’t have to re-learn how to use the mouse when I switched from a Gateway computer to a Dell.  I mean, yea it (usually) would respond when I tapped it with my fingertip, but I just really wasn’t sure how to get what I wanted done quickly (browse the web, make phone calls, open a new tab in the browser, etc.)

I think maybe part of the problem though is that I’ve had an iPhone for over a year now.  It’s user interface is so obvious and so simple, I think it has sapped any patience I might have for even slightly cumbersome user interfaces.  I get angry with ATM machines and gas pumps nowadays, thanks to my iPhone.  I find myself asking random pieces of electronics, “Don’t they have an App for this already?” or “Jesus why is this thing so damn slow!”.

What about the web browser?  It was OK.  It was better than my old RAZR, that’s for sure.  But navigating around big web pages just wasn’t nearly as smooth, precise, or easy as on the iPhone.  They rendered fine and everything, but hey, what’s what WebKit is for…you can’t really fuck that up.

The slide out keyboard is a joke.  The keys are about half as big as the ones on the BlackBerry Curve (already pretty tiny), and they remind me of miniature versions of those puffed up stickers my sisters used to have when we were little.  I practically had to use my thumbnails to type properly on the thing.  Thankfully I hadn’t trimmed my nails in about 2 weeks or I’m really not sure what I would have done.  And I don’t have that big of hands.

Honestly, I am so disappointed, I’m just gonna stop my little review right here.  There are plenty of them out there.  But honestly, people, the iPhone has changed the game forever, and they may just be way too far ahead (for now).  I never really appreciated how good Apple’s touchscreen technology was until I played with the Palm Pre.  I had many occasions with the Pre not registering my touches properly.  That has never happened to me on the iPhone.

So, can the Pre really save Palm?  I don’t know.  Everybody used to think the RAZR was a cool phone.  And for it’s time, it was.  But I can promise you this, anybody who tries an iPhone will see the Pre as a childish, cheap-feeling, slow-running, and more expensive knock-off.  Oh and about that “multitasking”?  Yea, not so much.  Unless you consider multitasking “minimize current application, slide finger over to scroll to the other application I want, touch application I want to be running now”.  Oh wait, that’s exactly the same finger motions I make to open a different application on the iPhone.  Except it happens faster.