From tedks at riseup.net Sun Sep 1 17:44:51 2013 From: tedks at riseup.net (Ted Smith) Date: Sun, 01 Sep 2013 17:44:51 -0400 Subject: what to install on a secure communication device In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <1378071891.11504.9.camel@anglachel>
On Sat, 2013-08-31 at 10:47 +0200, Eugen Leitl wrote: > I'm looking to build a list for reasonably secure (no snake oil) > ways to communicate (search, store, etc.). My ad hoc list so far is: > > Pidgin/OTR
OTR is good, but libpurple is a "rat's nest of zero days" according to many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's better though. Maybe irssi+otr?
> cables
Is there really enough peer review of this system for it to be useful?
> GnuNet
I think this is redundant with Retroshare -- but I'd probably prefer GNUnet over RetroShare. GNUnet does f2f and p2p, and is developed by really smart people with a great track record.
> No doubt I'm missing a lot. Any further suggestions?
* Freenet -- also redundant with GNUnet, but better suited to censorship-proof storage. * Any async voice/video? Probably way easier to secure than real-time.
What's the endgame for this? Just a webpage with a list of stuff on it? A livecd with stuff on it? With or without redundancy?
-- Sent from Ubuntu ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL:
From eugen at leitl.org Mon Sep 2 03:49:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Sep 2013 09:49:03 +0200 Subject: [tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries Message-ID: <[email protected]>
----- Forwarded message from Erik de Castro Lopo
Date: Mon, 2 Sep 2013 11:35:22 +1000 From: Erik de Castro Lopo
Heads up on a new paper suggesting that its possible to unmask Tor users using traffic correlation:
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
Code here:
http://torps.github.io/
Would be interested in hearing the opinions of the core Tor develpoment team on this stuff.
Cheers, Erik ------Erik de Castro Lopo http://www.mega-nerd.com/ -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 2 06:11:07 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Sep 2013 12:11:07 +0200 Subject: [tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries Message-ID: <[email protected]>
----- Forwarded message from Roger Dingledine
Date: Sun, 1 Sep 2013 22:10:56 -0400 From: Roger Dingledine
On Mon, Sep 02, 2013 at 11:35:22AM +1000, Erik de Castro Lopo wrote: > Hi all, > > Heads up on a new paper suggesting that its possible to unmask > Tor users using traffic correlation: > > http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf > > Code here: > > http://torps.github.io/ > > Would be interested in hearing the opinions of the core Tor > develpoment team on this stuff.
Yep. They're part of the Tor research community. I have plans for writing a blog post about the paper, to explain what it means, what it doesn't mean, what we should do about it, and what research questions remain open. Stuff keeps catching fire with bigger flames though.
The extremely short answer is "Yes, a big enough adversary can screw Tor users. But we knew that. I think it's great that the paper presents the dual risks of relay adversaries and link adversaries, since most of the time when people are freaking out about one of them they're forgetting the other one. And we really should raise the guard rotation period. If you do their compromise graphs again with guards rotated every nine months, they look way different." https://trac.torproject.org/projects/tor/ticket/8240 https://trac.torproject.org/projects/tor/ticket/9321
--Roger
-- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 2 06:14:31 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Sep 2013 12:14:31 +0200 Subject: [Cryptography] NSA and cryptanalysis Message-ID: <[email protected]>
----- Forwarded message from Jerry Leichter
Date: Mon, 2 Sep 2013 00:06:21 -0400 From: Jerry Leichter
On Sep 1, 2013, at 6:06 PM, Perry E. Metzger wrote: > We know what they spec for use by the rest of the US government in > Suite B. > > http://www.nsa.gov/ia/programs/suiteb_cryptography/ > > AES with 128-bit keys provides adequate protection for classified > information up to the SECRET level. Similarly, ECDH and ECDSA using > the 256-bit prime modulus elliptic curve as specified in FIPS PUB > 186-3 and SHA-256 provide adequate protection for classified > information up to the SECRET level. Until the conclusion of the > transition period defined in CNSSP-15, DH, DSA and RSA can be used > with a 2048-bit modulus to protect classified information up to the > SECRET level. > > AES with 256-bit keys, Elliptic Curve Public Key Cryptography using > the 384-bit prime modulus elliptic curve as specified in FIPS PUB > 186-3 and SHA-384 are required to protect classified information at > the TOP SECRET level. Since some products approved to protect > classified information up to the TOP SECRET level will only contain > algorithms with these parameters, algorithm interoperability between > various products can only be guaranteed by having these parameters as > options. > > We clearly cannot be absolutely sure of what they actually use, but > we know what they procure commercially. If you feel this is all a big > disinformation campaign, please feel free to give evidence for that. I > certainly won't exclude the possibility, but I find it unlikely. I'll make just a couple of comments:
- Given the huge amount of material classified these days, SECRET doesn't seem to be a very high level any more, whatever its official definition. TOP SECRET still means a great deal though. But the really important stuff is compartmented (SCI), and Suite B is not approved for it - it has to be protected by unpublished Suite A algorithms.
- To let's look at what they want for TOP SECRET. First off, RSA - accepted for a transition period for SECRET, and then only with 2048 bit moduli, which until the last year or so were almost unknown in commercial settings - is completely out for TOP SECRET. So clearly they're faith in RSA is gone. (Same for DH and DSA.) It looks as if they are betting that factoring and discrete logs over the integers aren't as hard as people had thought.
The whole business of AES-128 vs. AES-256 has been interesting from day one. Too many recommendations for using it are just based on some silly idea that bigger numbers are better - 128 bits is already way beyond brute force attacks. The two use the same transforms and the same key schedule. The only clear advantage AES-256 has is 4 extra rounds - any attack against the basic algorithm would almost certainly apply to both. On the other hand, many possible cracks might require significantly heavier computation for AES-256, even if the same fundamental attack works. One wonders....
NSA also wants SHA-384 - which is interesting given recent concerns about attacks on SHA-1 (which so far don't seem to extend to SHA-384).
I don't want to get into deep conspiracy and disinformation campaign theories. My read of the situation is that at the time NSA gave its approval to this particular combination of ciphers, it believed they were secure. They seem to be having some doubts about RSA, DSA, and DH, though that could be, or could be justified as, ECC being as strong with much smaller, more practical, key lengths.
Now, imagine that NSA really did find a way in to AES. If they were to suddenly withdraw approval for its use by the government, they would be revealing their abilities. A classic conundrum: How do you make use of the fruits of your cryptanalytic efforts without revealing that you've made progress? England accepted bombing raids on major cities to keep their crack of Enigma secret. So the continuation of such support tells us little. What will be interesting to see is how long the support continues. With work under way to replace SHA, a new version of the NSA recommendations will eventually have to be produced. Will it, for example, begin a phase-out of AES-128 for SECRET communications in favor of requiring AES-256 there as well? (Since there's no call so far to develop a cipher to replace AES, it would be difficult for NSA to recommend something else.)
It's indeed "a wilderness of mirrors", and we can only guess. But I'm very wary of using NSA's approval of a cipher as strong evidence, as the overall situation is complex and has so many tradeoffs. -- Jerry
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Mon Sep 2 06:18:58 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Sep 2013 12:18:58 +0200 Subject: [liberationtech] Snowden masks for Holloween? Message-ID: <[email protected]>
----- Forwarded message from Paul Elliott
Date: Mon, 2 Sep 2013 03:59:50 -0500 From: Paul Elliott
Is it not funny, no one seems to be commercially oftering Snowden masks for this Holloween.
I looked on Amazon and google and nothing on the first page of a cursory search.
You would think it would be a top seller.
Is presure being applied?
Please tell me if you are aware of a source.
Thank You.
-- Paul Elliott 1(512)837-1096 pelliott at BlackPatchPanel.com PMB 181, 11900 Metric Blvd Suite J http://www.free.blackpatchpanel.com/pme/ Austin TX 78758-3117 --- "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." Edward Snowden
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 2 07:12:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Sep 2013 13:12:13 +0200 Subject: [Cryptography] NSA and cryptanalysis Message-ID: <[email protected]>
----- Forwarded message from Jerry Leichter
Date: Sun, 1 Sep 2013 07:11:06 -0400 From: Jerry Leichter
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote:
> John Kelsey
In practical terms, the vast majority of encrypted data in the world, whether in motion or at rest, is protected by one of two algorithms: RSA and AES. In some cases, RSA is used to encrypt AES keys, so an RSA break amounts to a bypass of AES. If you want to consider signatures and authentication, you come back to RSA again, and add SHA-1.
This is not to say there aren't other techniques out there, or that new ones aren't being developed. But to NSA it's clearly a game of numbers - and any kind of wedge into either of just two algorithms would expose huge amounts of traffic to interception.
Meanwhile, on the authentication side, Stuxnet provided evidence that the secret community *does* have capabilities (to conduct a collision attacks) beyond those known to the public - capabilities sufficient to produce fake Windows updates. And recent evidence elsewhere (e.g., using a bug in the version of Firefox in the Tor Browser Bundle) has shown an interest and ability to actively attack systems. (Of course, being able to decrypt information without an active attack is always the ideal, as it leaves no traces.)
I keep seeing statements that "modern cryptographic algorithms are secure, don't worry" - but if you step back a bit, it's really hard to justify such statements. We *know*, in a sense, that RSA is *not* secure: Advances in factoring have come faster than expected, so recommended key sizes have also been increasing faster than expected. Most of the world's sites will always be well behind the recommended sizes. Yes, we have alternatives like ECC, but they don't help the large number of sites that don't use them.
Meanwhile, just what evidence do we really have that AES is secure? It's survived all known attacks. Good to know - but consider that until the publication of differential cryptanalysis, the public state of knowledge contained essentially *no* generic attacks newer than the WW II era attacks on Enigma. DC, and to a lesser degree linear cryptanalysis not long after, rendered every existing block cipher (other than DES, which was designed with secret knowledge of DC) obsolete in one stroke. There's been incremental progress since, but no breakthrough of a similar magnitude - in public. Is there really anything we know about AES that precludes the possibility of such a breakthrough?
There's a fundamental question one should ask in designing a system: Do you want to protect against targeted attacks, or do you want to protect against broad "fishing" attacks?
If the former, the general view is that if an organization with the resources of the NSA wants to get in, they will - generally by various kinds of bypass mechanisms.
Of the latter, the cryptographic monoculture *that the best practices insist on* - use standard protocols, algorithms and codes; don't try to invent or even implement your own crypto; design according to Kirchoff's principle that only the key is secret - are exactly the *wrong* advice: You're allowing the attacker to amortize his attacks on you with attacks on everyone else. If I were really concerned about my conversations with a small group of others being intercepted as part of dragnet operations, I'd design my own small variations on existing protocols. Mix pre-shared secrets into a DH exchange to pick keys. Use simple steganography to hide a signal in anything being signed - if something shows up signed without that signal, I'll know (a) it's not valid; (b) someone has broken in. Modify AES in some way - e.g., insert an XOR with a separate key between two rounds. A directed attack would eventually break all this, but generic attacks would fail. (You could argue that the failure of generic attacks would cause my connections to stand out and thus draw attention. This is, perhaps, true - it depends on the success rate of the generic attacks, and on how many others are playing the same games I am. There's no free lunch.)
It's interesting that what what little evidence we have about NSA procedures - from the design of Clipper to Suite B - hints that they deploy multiple cryptosystems tuned to particular needs. They don't seem to believe in a monoculture - at least for themselves. -- Jerry
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From dgerow at afflictions.org Mon Sep 2 11:07:22 2013 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 2 Sep 2013 12:37:22 -0230 Subject: what to install on a secure communication device In-Reply-To: <1378071891.11504.9.camel@anglachel> References: <[email protected]> <1378071891.11504.9.camel@anglachel> Message-ID: <20130902150722.GA11669@plebeian>
Ted Smith wrote: > > Pidgin/OTR > > OTR is good, but libpurple is a "rat's nest of zero days" according to > many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's > better though. Maybe irssi+otr? libpurple may be a "rat's nest of zero days", but irssi+otr is a nightmare to get working properly. I've given up on it, and I've started using mcabber+otr instead. bitlbee+otr might be a better choice, and might provide the same network access as libpurple, with irssi as the interface. However, I can't comment as to the usability of such a configuration.
From gutemhc at gmail.com Mon Sep 2 11:14:41 2013 From: gutemhc at gmail.com (Gutem) Date: Mon, 2 Sep 2013 12:14:41 -0300 Subject: New breakthrough could bring quantum encryption to smartphones Message-ID:
- Gutem ------next part ------An HTML attachment was scrubbed... URL:
From nick at lupine.me.uk Mon Sep 2 11:53:03 2013 From: nick at lupine.me.uk (Nick) Date: Mon, 02 Sep 2013 16:53:03 +0100 Subject: what to install on a secure communication device In-Reply-To: <20130902150722.GA11669@plebeian> References: <[email protected]> <1378071891.11504.9.camel@anglachel> <20130902150722.GA11669@plebeian> Message-ID: <[email protected]>
On Mon, 2013-09-02 at 12:37 -0230, Damian Gerow wrote: > Ted Smith wrote: > > > Pidgin/OTR > > > > OTR is good, but libpurple is a "rat's nest of zero days" according to > > many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's > > better though. Maybe irssi+otr? > > libpurple may be a "rat's nest of zero days", but irssi+otr is a nightmare > to get working properly. I've given up on it, and I've started using > mcabber+otr instead. > > bitlbee+otr might be a better choice, and might provide the same network > access as libpurple, with irssi as the interface. However, I can't comment > as to the usability of such a configuration.
Last I looked, Bitlbee used an in-tree fork of an ancient version of libpurple for its protocol support. That may have changed since.
/Nick
From bbrewer at littledystopia.net Mon Sep 2 13:05:34 2013 From: bbrewer at littledystopia.net (b. brewer) Date: Mon, 02 Sep 2013 13:05:34 -0400 Subject: New breakthrough could bring quantum encryption to smartphones In-Reply-To:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 9/2/2013 11:14 AM, Gutem wrote: > http://www.extremetech.com/extreme/165281-new-breakthrough-could-bring-quantum- encryption-to-smartphones > > - Gutem >
More centralized requirements, so, in essence, not assisting 'us' in (m)any way, really.
Le. Sigh. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSJMVeAAoJEL6hlgkLoYcAfekH/RNfmZPCKcIVJyCvAlX10INC Oomuz66CwIETcu/d690jj4B+liS1z9QGDslVLwsDXQWT2PCxjY5Ii7fwGfdzNS54 GuDXorq5mzKCUEAkL9N+ZOza3W4v+M0hdBStLTzYwHXGVGh9hJ+WxR+CvPMTO9tR C+XGd5yZnnE4H9KCN+3KduOn8Zyt/zxnI2BWGHZyneWpRW0FCCOdKEflQHDxVhQr EFzCgrm73UflrbOBxCw40LdyZpNbdiZaJAO4jrXkX5NYrMNNq2dYDZwSLQMeleLc 5G8N0BEHB6NzAt3ZytZNu44Pz3GSpIet5hWTsCFHZgF3L5gADvotsztTGx6mtkI= =J7Gc -----END PGP SIGNATURE-----
From gfoster at entersection.org Mon Sep 2 13:44:04 2013 From: gfoster at entersection.org (Gregory Foster) Date: Mon, 02 Sep 2013 12:44:04 -0500 Subject: WaPo releases details on US offensive cyber-ops Message-ID: <[email protected]>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Washington Post (Aug 30) - "U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show" by @BartonGellman & @nakashimae: http://www.washingtonpost.com/world/national-security/us-spy-agencies-mounted-231- offensive-cyber-operations-in-2011-documents-show/2013/08/30/d090a6ae-119e-11e3-b4cb- fd7ce041d814_story.html
> under an extensive effort code-named GENIE, U.S. computer > specialists break into foreign networks so that they can be put > under surreptitious U.S. control. Budget documents say the $652 > million project has placed ?covert implants,? sophisticated > malware transmitted from far away, in computers, routers and > firewalls on tens of thousands of machines every year, with plans > to expand those numbers into the millions.
...
> The NSA designs most of its own implants, but it devoted $25.1 > million this year to ?additional covert purchases of software > vulnerabilities? from private malware vendors, a growing > gray-market industry based largely in Europe. gf
- -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJSJM5iAAoJEMaAACmjGtgjdbIP/12OFrDd3Hjp8vnmT8gj39Ke BuNqryCsN1yrJtDmDfUjjXoQ5L/Hkd5wxavmEOLd+ujJHle3hYhzaOcbYhCJxXmO Yh/8T1VRxjthxCloZhF4o+y3cd9/Hroq98wN+i6lNQMSfWgJcOnOmTxukkjE+W5+ dz/BuFuwyKH+A7nCdFLyvsBThq9vciIstEAY4aBgFODD7is373qWaJ/rbCTg4Q0R ySkaW1jSiyds8fbro4y8MLJDktRuDoG6Y8iimwiiab0nBl/2Emhrjl59Bgr1kZEw C6zn1yD8ZCdR4asAGyObLOByu2wcSycTAeVRwVMI0Jd9jAE3jh2XZpk7KJ8hV3+7 iNblmunYi3JbmYqzuByRqGNEr/Dr1lNqKJYEPh1wk7xtb5Tidta+m4yfc2zToHX6 evlHkhxDNuDzS9SulZ0/a7X7cFFDhnsg649H1HLCzSq85SvwsRDs50OFD4IO8sw3 UaIz4Mxa+HHBuTaOUtYgPl8OEtB+TiVRgsSWvp5H0IOAFS3hfWF8Qa+fim3X0aXu Iboh8NxX0tbx95mvVo98IZfor++cXY3PvIDRZFHHvFphoYWjp7o2LZTEWzb+zVub 6Ph4iSZ3xQCqxDsKCxU51DwQZXf5UpCGGq3BbmmSCj3XSAP0KPLmrs/qrt/3W9qe C7PeIi/toTCeJPMRdCN0 =ihTp -----END PGP SIGNATURE-----
From romanafirst at gmail.com Mon Sep 2 14:04:05 2013 From: romanafirst at gmail.com (Romana Machado) Date: Mon, 2 Sep 2013 11:04:05 -0700 Subject: Help with JPEG Stego app? Message-ID: <[email protected]>
I've decided to upgrade my project, Stego, conceived as an easy-to-use, near- universally available, maximally browser compliant, message PGP encrypted, steganography web app, to encode JPEGs, the most universal image format today (in cell phone cameras, and all over the web). Which means I have to decipher information-dense papers, pick a suitable algorithm, and code it up in client-side Javascript. Which greatly increases the workload, but I expect I'll be a better engineer for it. It also means that I'll be reusing none of the original code. Fortunately there are a few open source Javascript JPEG libraries. I'm writing to ask for help with picking the stego algorithm, hoping that someone here has a knowledgable opinion.
Romana Machado 310-940-7888
------next part ------An HTML attachment was scrubbed... URL:
From adam at cypherspace.org Mon Sep 2 14:18:07 2013 From: adam at cypherspace.org (Adam Back) Date: Mon, 2 Sep 2013 20:18:07 +0200 Subject: Help with JPEG Stego app? In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
PGP stealth by Henry Hastur has the stego support for pgp2 formats and RSA. (Aside from stripping boiler plate Hal Finney had observed that you have to make sure the RSA encryption part doesnt narrow down which key it could be addressed to. (A message m > user A's n public value could not be addressed to A (as m is computed mod n, it is always < n)).
Its C code, quite old and not really maintained but perhaps you could use it for comparison or ideas. http://www.cypherspace.org/adam/stealth/
Adam
On Mon, Sep 02, 2013 at 11:04:05AM -0700, Romana Machado wrote: > I've decided to upgrade my project, Stego, conceived as an > easy-to-use, near-universally available, maximally browser compliant, > message PGP encrypted, steganography web app, to encode JPEGs, the most > universal image format today (in cell phone cameras, and all over the > web). Which means I have to decipher information-dense papers, pick a > suitable algorithm, and code it up in client-side Javascript. Which > greatly increases the workload, but I expect I'll be a better engineer > for it. It also means that I'll be reusing none of the original code. > Fortunately there are a few open source Javascript JPEG libraries. I'm > writing to ask for help with picking the stego algorithm, hoping that > someone here has a knowledgable opinion. > Romana Machado > 310-940-7888
From romanafirst at gmail.com Mon Sep 2 14:41:47 2013 From: romanafirst at gmail.com (Romana Machado) Date: Mon, 2 Sep 2013 11:41:47 -0700 Subject: Help with JPEG Stego app? In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID:
Here's the Javascript PGP library I've chosen. I expect the 128 bit setting will be sufficient. Comments welcome as always. http://crypto.stanford.edu/sjcl/ Romana Machado 310-940-7888
On Sep 2, 2013, at 11:18 AM, Adam Back
> PGP stealth by Henry Hastur has the stego support for pgp2 formats and RSA. (Aside from stripping boiler plate Hal Finney had observed that you have to > make sure the RSA encryption part doesnt narrow down which key it could be > addressed to. (A message m > user A's n public value could not be addressed > to A (as m is computed mod n, it is always < n)). > > Its C code, quite old and not really maintained but perhaps you could use it > for comparison or ideas. > > http://www.cypherspace.org/adam/stealth/ > > Adam > > On Mon, Sep 02, 2013 at 11:04:05AM -0700, Romana Machado wrote: >> I've decided to upgrade my project, Stego, conceived as an >> easy-to-use, near-universally available, maximally browser compliant, >> message PGP encrypted, steganography web app, to encode JPEGs, the most >> universal image format today (in cell phone cameras, and all over the >> web). Which means I have to decipher information-dense papers, pick a >> suitable algorithm, and code it up in client-side Javascript. Which >> greatly increases the workload, but I expect I'll be a better engineer >> for it. It also means that I'll be reusing none of the original code. >> Fortunately there are a few open source Javascript JPEG libraries. I'm >> writing to ask for help with picking the stego algorithm, hoping that >> someone here has a knowledgable opinion. >> Romana Machado >> 310-940-7888 ------next part ------An HTML attachment was scrubbed... URL:
From lee at guardianproject.info Mon Sep 2 15:38:12 2013 From: lee at guardianproject.info (Lee Azzarello) Date: Mon, 2 Sep 2013 15:38:12 -0400 Subject: Help with JPEG Stego app? In-Reply-To:
Pixelknot. Android stego app with source. https://github.com/guardianproject/pixelknot On Sep 2, 2013 2:45 PM, "Romana Machado"
> Here's the Javascript PGP library I've chosen. I expect the 128 bit > setting will be sufficient. Comments welcome as always. > > http://crypto.stanford.edu/sjcl/ > > Romana Machado > 310-940-7888 > > > On Sep 2, 2013, at 11:18 AM, Adam Back
From romanafirst at gmail.com Mon Sep 2 16:09:25 2013 From: romanafirst at gmail.com (Romana Machado) Date: Mon, 2 Sep 2013 13:09:25 -0700 Subject: Help with JPEG Stego app? In-Reply-To:
Awesome, thanks! Why was old school F5 chosen vs QIM or others?
Romana Machado 310-940-7888
On Sep 2, 2013, at 12:38 PM, Lee Azzarello
From coderman at gmail.com Mon Sep 2 16:21:31 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Sep 2013 13:21:31 -0700 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
>... > - Given the huge amount of material classified these days, SECRET doesn't seem to be a very high level any more, ... really important stuff is compartmented (SCI), and Suite B is not approved for it - it has to be protected by unpublished Suite A algorithms.
[ insert campaign for Snowden to release Suite A specs here. ] From sganush at me.com Mon Sep 2 16:32:57 2013 From: sganush at me.com (Sylvia Ganush) Date: Mon, 02 Sep 2013 22:32:57 +0200 Subject: Wikileaked Stratfor admin talks crypto. Nonsense? Message-ID:
'Any encryption based on an algorithm can be decrypted with the resources available to a government.'
These are words of Michael Mooney, the hapless system administrator of Stratfor, a private intelligence agency that got hacked, doxed, and wikileaked in 2011-2012: http://search.wikileaks.org/gifiles/?viewemailid=3424010
Is Mr Mooney correct?
On the one hand he's proven his incompetence by storing clients' credit card numbers in the clear. On the other hand, Stratfor sell themselves as spooks well-versed in security questions and hence could know better.
What do cypherpunks think of Mr Mooney's statement? Does it really take a government only one month to crack a 2048-bit key?
Sylvia
From coderman at gmail.com Mon Sep 2 16:57:48 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Sep 2013 13:57:48 -0700 Subject: Wikileaked Stratfor admin talks crypto. Nonsense? In-Reply-To:
On Mon, Sep 2, 2013 at 1:32 PM, Sylvia Ganush
> These are words of Michael Mooney, the hapless system administrator of > Stratfor, a private intelligence agency that got hacked, doxed, and > wikileaked in 2011-2012: there's a whole lot of bullshit, exaggeration, and unfounded assumption in here, not worth my time to respond in detail. moral of this story: don't get your information from STRATFOR. unless you like it suitably polluted...
> What do cypherpunks think of Mr Mooney's statement? Does it really take > a government only one month to crack a 2048-bit key? no. i'll leave the detailed current power and scale calculation to Marsh Ray ;) note that this is a different question from how long 2048 bit RSA might be considered secure. if you're responsible for protecting TOP SECRET information against nation state attacks for multiple decades, QC may become a non-negligible risk. RSA of any length is not acceptable for such data, however this does not mean that RSA of decent key length is immediately at risk.
From coderman at gmail.com Mon Sep 2 17:07:14 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Sep 2013 14:07:14 -0700 Subject: Wikileaked Stratfor admin talks crypto. Nonsense? In-Reply-To:
On Mon, Sep 2, 2013 at 1:57 PM, coderman
From coderman at gmail.com Mon Sep 2 17:13:45 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Sep 2013 14:13:45 -0700 Subject: [liberationtech] WaPo releases details on US offensive cyber-ops In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On Mon, Sep 2, 2013 at 10:44 AM, Gregory Foster
From coderman at gmail.com Mon Sep 2 17:26:09 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Sep 2013 14:26:09 -0700 Subject: Lavabit and End-point Security In-Reply-To:
From jya at pipeline.com Mon Sep 2 17:49:37 2013 From: jya at pipeline.com (John Young) Date: Mon, 02 Sep 2013 17:49:37 -0400 Subject: Eccentricity: How Hard to Crack a Cryptosystem In-Reply-To:
One of the many eccentricities of crypto is speculating on how long and how much computing power would be needed to crack a particular cryptosystem, its algorithm or "implementation." A favorite of popular writing on the topic, it is likely these claims are pure fiction fabricated to satisfy headlines and deadlines -- and, as always, to market or rididule a competitor's piece of shit.
No Wikipedia entry on the phrase "crypto implementation," the all-time favorite excuse for the shit's absolute certain failure.
Some examples among hundreds:
No. 1 http://www.digicert.com/TimeTravel/math.htm
[No date]
DigiCert's base standard is to use 2048-bit keys in secure SSL certificates - that is enormously stronger than anything Lenstra et al attempted, in fact, it would require factoring a 617-digit number. RSA Labs claim (see: http://www.rsa.com/rsalabs/node.asp?id=2004) that 2048-bit keys are 2^32 (2 to the power of 32) times harder to break using NFS, than 1024-bit keys. 2^32 = 4,294,967,296 or almost 4.3 billion, therefore breaking a DigiCert 2048-bit SSL certificate would take about 4.3 billion times longer (using the same standard desktop processing) than doing it for a 1024-bit key. It is therefore estimated, that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.
In putting together our video, we estimated the age of the Universe to be 13,751,783,021 years or a little over 13.75 billion years, therefore if you tried to break a DigiCert 2048-bit SSL certificate using a standard modern desktop computer, and you started at the beginning of time, you would have expended 13 billion years of processing by the time you got back to today, and you would still have to repeat that entire process 468,481 times one after the other into our far far distant future before there was a good probability of breaking the certificate. In fact the Universe itself would grow dark before you even got close.
-----
No. 2 http://www.eetimes.com/document.asp?doc_id=1279619
How secure is AES against brute force attacks?
Mohit Arora, Sr. Systems Engineer & Security Architect, Freescale Semiconductor
5/7/2012 05:29 PM EDT
Even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key.
-----
No. 3 http://www.computerworld.com/s/article/354997/The_Clock_Is_Ticking_for_Encryption
The clock is ticking for encryption
The tidy world of cryptography may be upended by the arrival of quantum computers.
By Lamont Wood
March 21, 2011 06:00 AM ET
Today's encryption algorithms can be broken. Their security derives from the wildly impractical lengths of time it can take to do so.
Let's say you're using a 128-bit AES cipher. The number of possible keys with 128 bits is 2 raised to the power of 128, or 3.4x1038, or 340 undecillion. Assuming no information on the nature of the key is available (such as the fact that the owner likes to use his or her children's birthdays), a code-breaking attempt would require testing each possible key until one was found that worked.
Assuming that enough computing power was amassed to test 1 trillion keys per second, testing all possible keys would take 10.79 quintillion years. This is about 785 million times the age of the visible universe (13.75 billion years). On the other hand, you might get lucky in the first 10 minutes.
But using quantum technology with the same throughput, exhausting the possibilities of a 128-bit AES key would take about six months. If a quantum system had to crack a 256-bit key, it would take about as much time as a conventional computer needs to crack a 128-bit key.
A quantum computer could crack a cipher that uses the RSA or EC algorithms almost immediately.
-----
No. 4 https://xkcd.com/538/
Thanks, XKCD
------next part ------An HTML attachment was scrubbed... URL:
From otr at riseup.net Mon Sep 2 20:23:55 2013 From: otr at riseup.net (otr at riseup.net) Date: Tue, 3 Sep 2013 00:23:55 +0000 Subject: WaPo releases details on US offensive cyber-ops Message-ID: <355092055-1378167796-cardhu_decombobulator_blackberry.rim.net-744217887- @b26.c23.bise6.blackberry>
Greg, et al -- I'm going to keep digging on US cyber operations, and particularly on "computer network exploitation" and "computer network attack." I'd be interested in theories, questions or suggestions from the smart folks here as I think about my reporting strategy. --Bart
------Date: Mon, 02 Sep 2013 12:44:04 -0500 From: Gregory Foster
Washington Post (Aug 30) - "U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show" by @BartonGellman & @nakashimae: http://www.washingtonpost.com/world/national-security/us-spy-agencies-mounted-231- offensive-cyber-operations-in-2011-documents-show/2013/08/30/d090a6ae-119e-11e3-b4cb- fd7ce041d814_story.html
> under an extensive effort code-named GENIE, U.S. computer > specialists break into foreign networks so that they can be put > under surreptitious U.S. control. Budget documents say the $652 > million project has placed ?covert implants,? sophisticated > malware transmitted from far away, in computers, routers and > firewalls on tens of thousands of machines every year, with plans > to expand those numbers into the millions.
From moritz at headstrong.de Tue Sep 3 00:38:57 2013 From: moritz at headstrong.de (Moritz) Date: Tue, 03 Sep 2013 06:38:57 +0200 Subject: Help with JPEG Stego app? In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
On 09/02/2013 08:04 PM, Romana Machado wrote: > > I've decided to upgrade my project, Stego, conceived as an easy-to-use, > near-universally available, maximally browser compliant, message PGP > encrypted, steganography web app, to encode JPEGs, the most universal > image format today (in cell phone cameras, and all over the web).
Cool. You might be interested in my GSoC project, the "Steganography Browser (Extension)". Our student could definitely use help, it would be a shame to not join efforts.
So far, he's been concentrating on the UI parts. Recently, he added SJCL. We've been holding back on including any steganography library, but the design should allow to plug-in libraries flexibly for varying content types. https://github.com/rharishan/Steganography-Browser https://lists.torproject.org/pipermail/tor-dev/2013-May/004939.html
#tor-stego on irc.oftc.net
It would be great to receive a review and a hand in guiding the student; we are two mentors, but we both don't have much time. :-(
--Mo
From eugen at leitl.org Tue Sep 3 07:16:43 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 3 Sep 2013 13:16:43 +0200 Subject: building a community on RetroShare Message-ID: <[email protected]> One of my RS identities is
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenPGP:SDK v0.9 xsBNBFG68IABCADXB1o49wDjL8ZF91kivo4pSMdq0xfzKMXi6ZyNt/oxhlNCBK6o PaVpo6GNu7E2Gdvh5ZQn+p6NQYE4y+2riQIsStO/ikmKaIfZ43wOOFdy52R71HHF nb3JzvS7pBhskpaBmyYiAoe9lHaOMPzpizJzbG26yFY+jizm1IcCa/vggzTSpzFc 5AfQBNwL+TXovaUi4FU4FLYlD0jikwQAVony4l3SB4cTjULVBxJyJATGwnTayAUn LQQIzdEYOIhNSVO4JEa8lmWhnWZHNUV9FwG48TiTkyMhZsS4urrwqd7KaX3T5ihC hksJPCFgFUtaIZBzQOpw2kNTYtMrEhTRRA0rABEBAAHNN0V1Z2VuIExlaXRsIChH ZW5lcmF0ZWQgYnkgUmV0cm9TaGFyZSkgPGV1Z2VuQGxlaXRsLm9yZz7CwF8EEwEC ABMFAlG68IAJEBwZ2iRKZrKNAhkBAAD9Wgf8CzCNaUoRqPqrbv5peqzrsl4Jv/wT 0dp9tvrJm7ooV5iAX81NRdwXOQ098iLoRKPaSHIcQz949nV93mUn70/7dexvrFYn P1Ugnp08f1WSH0wtwjB1C6NeN6h+RTwFtgy/92oJpbHumN+eEeFjMCLLxrJUIWFK 0np0oE7+Y1izFfuMWsfh7HzhO4E9eTMzzHHAgsDC2zI5An5W1yJ1HGmudB/EfFP3 fur+s711VE3jlfvzfx1fB7Hve8+0lWQAvwAnaJNANorZFnsieQkClmqpp4jLqAQU Ss9BlEu2REP7LZ2aWyDBqmGV1370pHNm37dfjMiEDsCsmyE146rHpH984w== =38D/ -----END PGP PUBLIC KEY BLOCK----- see you there. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From noonslists at gmail.com Tue Sep 3 08:10:23 2013 From: noonslists at gmail.com (Noon Silk) Date: Tue, 3 Sep 2013 22:10:23 +1000 Subject: building a community on RetroShare In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP:SDK v0.9 xsBNBFG9DlkBCACmwn6bdSM5Jg5/OIIw0q8Bkt7t08cwnVT+xBfq0yZ7jErQgVXZ gZKNoTMRi4gmdY0vfNDTz22egWeOgscChtkavuBu9PC6Y0SoOAUGOE3/1FASztUd
Dcc1MB8ps8TOYWdhJZGjjdu60xVKe09jiYaE/zxN4g5GCrn0v9BvVkoa4BrGam/r o8bWe8SHtobjPlQvhh/jzV52M/x5/99MmiFB59AN52cyx1xsS89LF3tDobrxmN9N v4wpkl6GtWhDRTzVjhKDc66WAjlg59RvTD8LTjIqUG95i9/7oV0d5PM4l+p13URs sKGY/yxvQuCxn3rGTEO7pfrPxGkS8/FpuunhABEBAAHNJk5vb24gU2lsayAoR2Vu
ZXJhdGVkIGJ5IFJldHJvU2hhcmUpIDw+wsBfBBMBAgATBQJRvQ5ZCRAhDkn/QH2Z wAIZAQAAVZEIAIBq0I00J1T5E1ZuA5Hg9G98y7+AMUwUAQ3ejJkTnr8vg6191c8Y
VpZQKUoRLAAD2VVWtZGr4jGHkDY4EjeRcHYP6D1VocMYdg4N03AkMCf4G4p/z18H
SQSWYH7OJntV751Kh6gi/bEZG1u0YYTQbTVcfEucHurgFLvxc9QRyPJI7x6q4X/w pa0Ut7VeGYb1jxAfx6CDZnpjlTkgn9aIoLYSoVkeMJHjnBe3F2Fzcv+EceB9ijMu E8QEjemUFrhNGYQ6BsN5o106Emo/wjhzEJRL0obwk3SoHp7uYgy2yUnPKK8azf9l
A1bm6+/7heerig0axCkqQRqIJZ34vcCRZDA=
=xkvI
-----END PGP PUBLIC KEY BLOCK-----
-- Noon Silk ------next part ------An HTML attachment was scrubbed... URL:
From drwho at virtadpt.net Tue Sep 3 11:10:09 2013 From: drwho at virtadpt.net (The Doctor) Date: Tue, 03 Sep 2013 11:10:09 -0400 Subject: what to install on a secure communication device In-Reply-To: <1378071891.11504.9.camel@anglachel> References: <[email protected]> <1378071891.11504.9.camel@anglachel> Message-ID: <[email protected]>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/01/2013 05:44 PM, Ted Smith wrote:
>> cables > Is there really enough peer review of this system for it to be > useful?
I am uncertain. That the last time the codebase was updated was nine months ago (https://github.com/mkdesu/cables) is somewhat concerning.
> What's the endgame for this? Just a webpage with a list of stuff on > it? A livecd with stuff on it? With or without redundancy?
More toolkits being passed around and trained on?
- -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/
Where does the flame go when it is blown out?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIl+9EACgkQO9j/K4B7F8HigwCguvOwzwREj6sLHFp3gddfh9uv kWAAoMjWX7ChBfsuW7zEZ2YsRGxnjpVp =GCc5 -----END PGP SIGNATURE-----
From romanafirst at gmail.com Tue Sep 3 14:36:15 2013 From: romanafirst at gmail.com (Romana Machado) Date: Tue, 3 Sep 2013 11:36:15 -0700 Subject: Stego, ease of use and maximal availability Message-ID: <[email protected]> Mo, I wish your student great success. I will definitely take a look! I expect the UI for a plugin to be quite different to that of a web app. I've chosen not to build a plugin or a single platform app for obvious reasons, though it is nice to know that there are efforts in these directions that may assist my own in part.
Here's the plan to create ease of use: taking note of the UIs of existing tools, collaborating with experienced UI designers, and making use of an extensive background and contacts in UI test.
Romana Machado
From tedks at riseup.net Tue Sep 3 14:43:32 2013 From: tedks at riseup.net (Ted Smith) Date: Tue, 03 Sep 2013 14:43:32 -0400 Subject: what to install on a secure communication device In-Reply-To: <[email protected]> References: <[email protected]> <1378071891.11504.9.camel@anglachel> <[email protected]> Message-ID: <1378233812.10405.6.camel@anglachel>
On Tue, 2013-09-03 at 11:10 -0400, The Doctor wrote: > > What's the endgame for this? Just a webpage with a list of stuff on > > it? A livecd with stuff on it? With or without redundancy? > > More toolkits being passed around and trained on?
I'm just curious; it does make what I'd recommend somewhat different.
For example, you could pick one of each of these things, and build a Live CD that would have all of them (a TAILS variant, maybe). Then it'd be easy to download and use that for non-technical users (I have known several non-technical activists that have used TAILS, and switched from using encrypted laptops to TAILS).
If you wanted a wiki for similar reasons, you'd also not want redundancy. But, if you wanted a wiki for the cypherpunks community, you'd want the redundancy, in order to get people to evaluate each of them.
-- Sent from Ubuntu ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL:
From tedks at riseup.net Tue Sep 3 14:45:33 2013 From: tedks at riseup.net (Ted Smith) Date: Tue, 03 Sep 2013 14:45:33 -0400 Subject: building a community on RetroShare In-Reply-To:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenPGP:SDK v0.9 mQINBEoZu0kBEAClwCIjKd8sQtxZEoIyj0ZQaLzouyyHTOgVfJNaENnvFIGVY/GP fOh3tKHd8Coy7xGwW2AJyMk3UhR1R3zacje16CIv23pVjZvYripJ7T+s1Q3DkScZ IXCZGJ2CRHy6DGURvuEX1LPrdyKFBqoL+9sZaufKd+tNhUQn7cMKFE9Jb3D0u6uZ 8XyB2CfTxXldWBxH8VVCiNqI9Glt8SvjCEPBJd3Y8/BLAp2MISu7/ff86xbVebhr Xbc08jgyiwMTxx0iPdc7kDvpMpHRyfQA1xwrTEIR9NVNASzfCHugIbSpiaY1s62b Pn0qwcRGq/B3rJQlFWpaltkgAXKiQerforrKnZEQbvUtW5bAeXDMFTWmlvDDtiGt yOKtjOHYqSxczxtZVJWCPxJSAdGH8Ouk7Qur+PH3bkzXc3gn5gR81Q0sMJk0uOzX fOhi7Toxf4I29eXVn/30nAcQg3pmb4KKrvDFzu54l07wWsWlpjWRFKZRMD+ZVwOS gXFSOi0uZsgn7d4XqU6tIXFgnXxVXpiApUcHOddsRi0CjphSjERkuotTRf4cwASW atkS11PXd+AC0ZNDPaF8fkHugod5KZ1c9A82IJBs+DcMsG6LrgBTAe4vz48jwAjB g/sg991pbuQgOPMMXi/n3AN5+Z/6ufHLqXxPgkFhQI/gGCM8/0Rwz5WZlQARAQAB tEJUZWQgU21pdGggKFByaW1hcnkgR251UEcga2V5IGFzIG9mIE1heSAyNCAyMDA5 KSA8dGVkZGtzQGdtYWlsLmNvbT6JAjoEEwEIACQCGyMFCwkIBwMFFQoJCAsFFgID AQACHgECF4AFAk9rh0MCGQEACgkQpoIksUDg18IFwg/7BkFyenNqJrV0IxRWrtkQ blCmisRrsKQ0VvFwIjkBquPCMHQMyrf32VI2g2kG9s5bwdUFAoe4lbkBlqAWpte9 +IVsh9tgFHQ5mDhxRWUvEFLDcffENHAtHlGWPJChPiowiUMpDmlI3pc3oZE3+m3D QXMdXkdZE+DRJwDGPC9bZPwGIwOJFM66X7MfSwogTQzeHWnunFJGFyD+Wc9xch19 EVSS3sPM67pwbvuyIALCtrSprCD+YJTvnyB8NdUjVyG7HJ6+RkVqZkrohzddThQP KsUnOiiExXgspozhzVli7pqcjoUZWyWVdLvrBYDFajb7fAfhDGQaPdhyYXGX1y46 XcsoiB4qbIEnzV27xtjFxeNlp9eAjKG1BJ3BuhAP6J9+s8BtfivhQS2hI7ZRNU0L jT92et89N71NkFW1hxiwyj7TpzMaUZsPNUdRh0FAXOG8ynawJEThCwd0YyWVmbVV N/rqgIucmopZ03W7qVc9YHfd1Zy+tG56b2Y9OuRccZWUQqBfj0uorvWLb39FcO5s xA1hHniKiGeHsg8pzhhebXTv65aHzcpCLHlnysbZhKlw/HPO+6obrCFbtf85B7hy zz+h4IaHjdc8JX+MeLVOWJoiJCYNpzwLXQWaAFLnosWwd1aYcOg4eeNHUMGYvWdm kfuMOEUaP2hEbECzmeItPP4= =5YrU -----END PGP PUBLIC KEY BLOCK------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL:
From jya at pipeline.com Tue Sep 3 15:09:46 2013 From: jya at pipeline.com (John Young) Date: Tue, 03 Sep 2013 15:09:46 -0400 Subject: WaPo releases details on US offensive cyber-ops In-Reply-To: <355092055-1378167796-cardhu_decombobulator_blackberry.rim. [email protected]> References: <355092055-1378167796-cardhu_decombobulator_blackberry.rim.net-744217887- @b26.c23.bise6.blackberry> Message-ID:
Bart,
An et al asks:
How cyber ops physically take place, the architecture and engineering of the cyber architecture Snowden alludes to. Computers and networks are small pieces compared to where they housed, bunkered, trenched, drowned, aired, emitted, lofted, arrayed, hidden. Those structures of the infrastructure are as costly as the human power and much greater in scope and necessity -- and immensely targetable thanks to ostentatious appurtenances of antennas, fences, barriers, sensors, stand-offs, chopper pads, cafes, health and environmental inspections, power lines and sub-stations, and not least loose lips of contractors and disaffected employees.
We know the location of some of the principal offices and HQs, but those are misleading icons, as much ruses as as leaked budget tables, congrats for those teasing leads BTW. Specifics may be withheld to "protect operations and lives" but that also leaves out how these systems function beyond stupidly idiotic slides and dissimulative photoshops, which may thrill and placate with top classification markings governmental overseers reading public but are ridiculously simple-minded to techies who are obliged to seance dot connections of mouse to LAN to WAN to Internet to hubs to hotels to White House to SE-WE-ME.
Care to share those kind docs we architects can de-blueprint for you?
At 08:23 PM 9/2/2013, you wrote: >Greg, et al -- I'm going to keep digging on US cyber operations, and >particularly on "computer network exploitation" and "computer >network attack." I'd be interested in theories, questions or >suggestions from the smart folks here as I think about my reporting >strategy. --Bart > >------>Date: Mon, 02 Sep 2013 12:44:04 -0500 >From: Gregory Foster
From ei8fdb at ei8fdb.org Tue Sep 3 18:12:57 2013 From: ei8fdb at ei8fdb.org (Bernard Tyers - ei8fdb) Date: Tue, 3 Sep 2013 23:12:57 +0100 Subject: Safest exit country? Message-ID:
Two parts:
1. Requirement: Minimise the possibility of surveillance at egress point.
Surveillance of the wire between my country X and the egress country Z is not a concern. (NB: It is a concern, but not taken into account in this thought experiment)
Question: If I was able to choose which country to route my IP traffic through and have act as my egress point to "the Internet public" which country would I choose?
2. Question: Is Iceland as safe as people think? Safe is defined as a location where surveillance and monitoring is minimal/non-existent.
My answer: No.
Thanks, Bernard ------Bernard / bluboxthief / ei8fdb
IO91XM / www.ei8fdb.org
------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL:
From jya at pipeline.com Tue Sep 3 19:04:39 2013 From: jya at pipeline.com (John Young) Date: Tue, 03 Sep 2013 19:04:39 -0400 Subject: Safest exit country? In-Reply-To:
Look for gaps in global and national systems. Where there is limited or no services. Rig a temporary hook-up, move often, spread chaff, wipe traces.
Review ham radio history of legal and illegal provenance, bootlegged and boot-strapped comms systems, illegal systems which subversively tap into legal systems, short and long-term.
Study favelas, ghettos, urban poverty rigs, ingenuity-led poor countries, irrational rogue states, uncontrollable mavericks, misfits and outlaws, rebels, and huge variety of criminals, white, blue, pink, T-shirt collared.
Study covert operations of many kinds and histories. They are a great many of them, past, present and future, all "under the radar," more or less, but who knows for sure.
Avoid advanced countries who are manifestly in favor of ubiquitous spying at home and in other countries; their spies work in concert and in opposition but above all else hate spylessness and avidly work to infect the healthy unspied.
Expect to be betrayed, deceived, tricked, given shitty advice, plagarized for good stuff, fed very bad stuff. Like this forum.
Whatever you set up keep quiet about it or it will be invaded and violated. Do not feed the animals.
At the moment, it would be prudent to avoid Tor which has become a favorite target and user of spies, counterspies, betrayers, opportunists, hustlers, tricksters, con artists, panhandlers, pornographers, thieves, security testers, data gobblers, sting operators, in short, no better or worse than the internet but not as bad as cellphone systems and human discourse.
Read the Tor mail lists, founts of hype and disinfo: Tor Project hustlers currently advise critics "if you don't like Tor, set up your own." That is excellent advice, and a surefire indicator that that is what they have done. Yep, another Tor onion-routed below the ruse, tucked behind easily found hidden services, exited around camouflaging exits. That, to be sure, was and remains the fundamental intent of Tor: off the grid, criminal, illegal, illegitimate, government grade security.
From bill.stewart at pobox.com Tue Sep 3 20:43:17 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 03 Sep 2013 17:43:17 -0700 Subject: Email traffic analysis (Was: Who bought off Zimmermann?) In-Reply-To:
At 08:43 PM 8/30/2013, grarpamp wrote: > > On 8/30/13, Jon Callas
If they know that Alice and Bob have been sending mail to each other, that's often more valuable than the traffic itself. Certainly for the model that says they're tracking two or three degrees of separation from Alice the Foreigner, with a court letting them demand that ISPs hand over any plaintext they have, though you can avoid some of that by using remailers.
>>> Received:, Message-ID:, etc. Those are tricky. They're not really part of SMTP, they're part of the email message. A "pen register" style of wiretapping the envelope gets you the SMTP headers TO and FROM and the IP addresses and email options, but at least if you're using SMTP encryption you won't get the message headers. On the other hand, if you're just using PGP or SMIME on the message body, you do get them, so that's not going to help alice at gmail.com much.
From grarpamp at gmail.com Wed Sep 4 02:13:33 2013 From: grarpamp at gmail.com (grarpamp) Date: Wed, 4 Sep 2013 02:13:33 -0400 Subject: Safest exit country? In-Reply-To:
No exit is really safe... some say pick an underdeveloped clueless state, perhaps. But those states are fed from cables that are monitored on the other end. As such, and since you can do no better, your best bet is to limit your exposure by picking an exit within the same jurisdiction as your target. You might even get lucky if said state is externally paranoid but does not care about its inside traffic.
> At the moment, it would be prudent to avoid Tor which > "if you don't > like Tor, set up your own." That is excellent advice
Some people have a thing against Tor by default. That's probably not a very useful idea. Tor is good at what it does well, such as letting the average Jane surf out her irrelevant daily net life in relative anonymity. Just don't try to put Tor to task for the entire spectrum of what is possible without understanding what isn't. For that, you need to read a lot about it. Just like any other thing you might set up on your own.
From grarpamp at gmail.com Wed Sep 4 04:44:18 2013 From: grarpamp at gmail.com (grarpamp) Date: Wed, 4 Sep 2013 04:44:18 -0400 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To:
>> - Given the huge amount of material classified these days, SECRET doesn't >> seem to be a very high level any more, ... really important stuff is >> compartmented (SCI), and Suite B is not approved for it - it has to be >> protected by unpublished Suite A algorithms.
SCI is an access control, not a separate classification level. Though the specific compartmentalization might require various other crypto. https://en.wikipedia.org/wiki/Classified_information https://en.wikipedia.org/wiki/Sensitive_Compartmented_Information https://en.wikipedia.org/wiki/Special_access_program
> [ insert campaign for Snowden to release Suite A specs here. ]
So far his dataset has not shown any access to, nor much interest, regarding the crypto dept. Then, even if it does drop someday, you have to wish that the news reporters publish the actual doc instead of uselessly paraphrasing it in an effort to claim interpretive credit.
If there's breaks with any "B" or other respected public algos, you can bet they keep that well compartmented. Losing some node somewhere is no big deal. Going dark on all your nodes as a result of wholesale crypto replacement response would be a big deal.
Knowledge of "A" would indeed be interesting to instructive.
From jya at pipeline.com Wed Sep 4 07:00:40 2013 From: jya at pipeline.com (John Young) Date: Wed, 04 Sep 2013 07:00:40 -0400 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To:
> > you have to wish that the news reporters publish the actual doc instead > > of uselessly paraphrasing it in an effort to claim interpretive credit. This is the achilles heel of the Snowden drop. PowerPoint, Photoshop and redactions coutured in editorial elaboration of documents not revealed is exactly what officials do to spin material and manipulate the public.
The Snowden material needs an untethered, unchoked, and unmarionetted leaker not more commercial journalism dribbling what, unforntunately has become common in the "era of WikiLeaks journalism," is disinfo. And implies the prospect of complicity with authorities under rigging of privileged journalism and coddled D-Noticers.
The Guardian has belatedly confessed to that. And WaPo and the NYT have they have and will vet Snowden material with the USG before release. Which suggests cotinuation of a lot more editorial elaboration, TV garavitasing, bowdlerized reports and articles, Dough-Boy books, Op X films, primly steriolized documentaries. In effect, a propaganda push right out of the 1950s through the 2010s configured for cyberwar coldwar. Manchurian Assange, Manning, Snowden featured a la Zizek in the Guardian yesterday.
Little crypto will be revealed, except misleading urge to use it as Snowden has done, instead much fancified metadata -- not to overlook the metaphysics of hyping entertaining leakage, now a booming culture of deceit continuing the cult of spy fiction began in days of Art of War.
>If there's breaks with any "B" or other respected public algos, >you can bet they keep that well compartmented. Losing some >node somewhere is no big deal. Going dark on all your nodes >as a result of wholesale crypto replacement response would >be a big deal. > >Knowledge of "A" would indeed be interesting to instructive.
From eugen at leitl.org Wed Sep 4 07:00:56 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 4 Sep 2013 13:00:56 +0200 Subject: [tor-talk] Tor Weekly News =?utf-8?B?4oCU?= =?utf-8?Q?_September?= 4th, 2013 Message-ID: <[email protected]>
----- Forwarded message from Lunar
Date: Wed, 4 Sep 2013 12:51:54 +0200 From: Lunar
======Tor Weekly News September 4th, 2013 ======
Welcome to the tenth issue of Tor Weekly News, the weekly newsletter that covers what is happening in the skyrocketing Tor community.
Serious network overload ------
The tremendous influx of new clients that started mid-August?[1] is stretching the current Tor network and software to its limits.
Several relay operators reported their relays to be saturated?[2] by the amount of connections and circuits that relays currently have to handle?[3].
Mike Perry wishing to ?compare load characteristics since 8/19 for nodes with different types of flags? issued a call to relay operators?[4]: ?especially useful [are] links/graph images for connection counts, bandwidth, and CPU load since 8/19.?
It was reported on IRC that on some relays, only one circuit was successfully created out of four attempts. This unfortunately implies that clients retry to build more circuits, resulting in even more load on Tor relays.
The tor 0.2.4 series introduced a new circuit extension handshake dubbed ?ntor??[5]. This new handshake is faster (especially on the relay side) than the original circuit extension handshake, ?TAP?. Roger Dingledine came up with a patch to prioritize circuit creations using ntor over TAP?[6]. Various observers reported that these overwhelming unidentified new clients were likely to be using Tor 0.2.3. Prioritizing ntor is then likely to make them less a burden for the network, and should help the network to function despite being overloaded by circuit creations.
Sathya and Isis both reported the patch to work. Nick Mathewson pointed out a few issues in the current implementation?[7] but overall it looks like a band-aid good enough for the time being.
[1]?https://metrics.torproject.org/users.html?graph=direct-users&start=2013-08- 15&end=2013-09-02#direct-users [2]?https://lists.torproject.org/pipermail/tor-relays/2013-August/002594.html [3]?https://lists.torproject.org/pipermail/tor-relays/2013-August/002589.html [4]?https://lists.torproject.org/pipermail/tor-relays/2013-August/002612.html [5]?https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor- handshake.txt [6]?https://bugs.torproject.org/9574#comment:10 [7]?https://bugs.torproject.org/9574#comment:12
Latest findings regarding traffic correlation attacks ------
Erik de Castro Lopo pointed tor-talk readers?[8] to a new well written paper named ?Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.??[9] To be presented at the upcoming CCS 2013 conference?[10] this November in Berlin, Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson describe their experiments on traffic correlation attacks.
This research paper follows on a long series of earlier research papers to better understand how Tor is vulnerable to adversaries controlling portions of the Tor network or monitoring users and relays at the network level.
Roger Dingledine?wrote to tor-talk readers?[11]: ?Yes, a big enough adversary can screw Tor users. But we knew that. I think it?s great that the paper presents the dual risks of relay adversaries and link adversaries, since most of the time when people are freaking out about one of them they?re forgetting the other one. And we really should raise the guard rotation period. If you do their compromise graphs again with guards rotated every nine months, they look way different.?
One tricky question with raising guard rotation period?[12] is: ?How do we keep clients properly balanced to match the guard capacities???[13] It is also probably another signal for any Tails supporter that wishes to help implementing guard persistence?[14].
?I have plans for writing a blog post about the paper, to explain what it means, what it doesn?t mean, what we should do about it, and what research questions remain open? wrote Roger. Let?s stay tuned!
[8]?https://lists.torproject.org/pipermail/tor-talk/2013-September/029755.html [9]?http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf [10]?http://www.sigsac.org/ccs/CCS2013/ [11]?https://lists.torproject.org/pipermail/tor-talk/2013-September/029756.html [12]?https://bugs.torproject.org/8240 [13]?https://bugs.torproject.org/9321 [14]?https://labs.riseup.net/code/issues/5462
A peek inside the Pirate Browser ------
Torrent-sharing website The Pirate Bay started shipping a custom browser ? the Pirate Browser ? on August 10th. They advertised using Tor to circumvent censorship but unfortunately did not provide any source code for their project.
Matt Pagan examined the contents of the package?[15] in order to get a better idea of what it was. He compared the contents of the Pirate Browser 0.6b archive using cryptographic checksums to the contents of the Tor Browser Bundle 2.3.25-12 (en-US version).
According to Matt?s findings the Pirate Browser includes unmodified versions of tor 0.2.3.25 and Vidalia 0.2.20. The tor configuration contains slight deviation from the one shipped with the Tor Browser Bundle. One section labeled ?Configured for speed? unfortunately shows wrong understanding of the Tor network. Roger Dingledine commented in a subsequent email?[16]: ?Just for the record, the three lines here don?t help speed much (or maybe at all).?
The remaining configuration change that ?probably has the biggest impact on performance?, according to Roger, excludes exit nodes from Denmark, Ireland, United Kindgom, the Netherlands, Belgium, Italy, China, Iran, Finland, and Norway. ?Whether it improves or reduces performance [Roger] cannot say, though. Depends on a lot of complex variables around Internet topologies.?
The browser itself is based of Firefox 23.0, with FoxyProxy configured to use Tor only for a few specific addresses?[17], and a few extra bookmarks.
Later, Matt also highlighted?[18] that some important extensions of the Tor Browser, namely HTTPS Everywhere, NoScript, and Torbutton were also missing from the Pirate Browser.
In any cases, the Pirate Browser is unlikely to explain the sudden influx of new Tor clients. grarpamp forwarded an email exchanged with the Pirate Browser admin contact?[19] which shows that numbers (550 000 known direct downloads) and dates (?most downloads during the first week?) do not match.
[15]?https://lists.torproject.org/pipermail/tor-talk/2013-August/029703.html [16]?https://lists.torproject.org/pipermail/tor-talk/2013-August/029729.html [17]?http://piratebrowser.com/piratebrowser_patterns.json [18]?https://lists.torproject.org/pipermail/tor-talk/2013-August/029707.html [19]?https://lists.torproject.org/pipermail/tor-talk/2013-August/029736.html
Monthly status reports for August 2013 ------
The wave of regular monthly reports from Tor project members for the month of August has begun. Sherief Alaa released his report first?[20], followed by reports from George Kadianakis?[21], Lunar?[22], Arturo Filast??[23], Colin C.?[24], Arlo Breault?[25], Philipp Winter?[26], Roger Dingledine?[27], Karsten Loesing?[28], and Isis Lovecruft?[29]. The latter also caught up with June?[30], and July?[31].
[20]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000314.html [21]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000315.html [22]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000316.html [23]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000317.html [24]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000318.html [25]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000319.html [26]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000320.html [27]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000321.html [28]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000322.html [29]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000323.html [30]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000324.html [31]?https://lists.torproject.org/pipermail/tor-reports/2013-September/000325.html
Help Desk Roundup ------
This week Tor help desk saw an increase in the number of users wanting to download or install Orbot. Orbot can be downloaded from the Google Play store, the Amazon App store, f-droid.org, and guardianproject.info. Guides on using Orbot can be found on the Guardian Project?s Orbot page?[32], or on the Tor Project?s Android page?[33]. It looks like Orbot is currently inaccessible from the Google Play store in Iran. Please join the discussion on tor-talk?[34] if you have input about the latter.
[32]?https://guardianproject.info/apps/orbot/ [33]?https://www.torproject.org/docs/android.html [34]?https://lists.torproject.org/pipermail/tor-talk/2013-August/029684.html
All versions of the Tor Browser Bundle which include tor 0.2.4.x have been reported to work in Iran. This includes the latest Pluggable Transport Bundle, the 3.0 alpha series, and the 2.4 beta series. Follow our Farsi blog?[35] for more Iran related news.
[35]?https://fa-blog.torproject.org/
Miscellaneous news ------
The next Tails contributors meeting?[36] will happen on IRC on September 4th at 8pm UTC (10pm CEST). ?Every one interested in contributing to Tails is welcome? to join #tails-dev on the OFTC network.
[36]?https://mailman.boum.org/pipermail/tails-dev/2013-August/003523.html
Yawning Angel has been ?designing a UDP based protocol to serve as the bulk data transport for something along the lines of ?obfs3, but over UDP?.? They are soliciting feedback on their initial draft of the Lightweight Obfuscated Datagram Protocol (LODP)?[37].
[37]?https://lists.torproject.org/pipermail/tor-dev/2013-August/005334.html
K?vin Dunglas announced?[38] their work on a PHP library for the Tor Control Port?[39], released under the MIT license.
[38]?https://lists.torproject.org/pipermail/tor-dev/2013-August/005340.html [39]?https://github.com/dunglas/php-torcontrol/
Kathy Brade and Mark Smith have released a first patch?[40] for Mozilla?s update mechanism which ?successfully updated TBB on Linux, Windows, and Mac OS ?in the lab? using both incremental and ?full replace? updates.? This is meant for the 3.x series of the Tor Browser Bundle and is still a work a progress, but this is a significant milestone toward streamlined updates for TBB users.
[40]?https://bugs.torproject.org/4234#comment:19
Erinn Clark announced?[41] that the software powering trac.torproject.org has been upgraded to version 0.12.3. Among several other improvements, this new version allowed Erinn to experiment with the often requested Git integration?[42].
[41]?https://lists.torproject.org/pipermail/tor-dev/2013-August/005328.html [42]?https://lists.torproject.org/pipermail/tor-dev/2013-September/005346.html
David Goulet has released the second release candidate for the 2.0 rewrite of Torsocks?[43]: ?Please continue to test, review and contribute it!?
[43]?https://lists.torproject.org/pipermail/tor-dev/2013-September/005359.html
Much to her surprise, Erinn Clark found a ?fraudulent PGP key with [her] email address? on the keyservers?[44]. ?Do not under any circumstances trust anything that may have ever been signed or encrypted with this key? of short id 0xCEE1590D. She reminded that the Tor Project official signatures are listed on the project?s website?[45].
[44]?https://lists.torproject.org/pipermail/tor-dev/2013-September/005348.html [45]?https://www.torproject.org/docs/signing-keys.html
Philipp Winter published the final paper version?[46] of the ScrambleSuit pluggable transport?[47], dubbed ?A Polymorphic Network Protocol to Circumvent Censorship?.
[46]?http://www.cs.kau.se/philwint/pdf/wpes2013.pdf [47]?http://www.cs.kau.se/philwint/scramblesuit/
Upcoming events ------
Sep 4 8pm | Tor Q&A with Roger Dingledine | University of the Sciences, Philadelphia, PA, USA | http://www.phillylinux.org/meetings.html | Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV | Berlin, Germany | https://www.openitp.org/openitp/circumvention-tech-summit.html | Oct 09-10 | Andrew speaking at Secure Poland 2013 | Warszawa, Poland | http://www.secure.edu.pl/
This issue of Tor Weekly News has been assembled by Lunar, dope457, mttp, malaparte, Nima, bastik, and Roger Dingledine.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page?[48], write down your name and subscribe to the team mailing list?[49] if you want to get involved!
[48]?https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [49]?https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From l at odewijk.nl Wed Sep 4 09:20:45 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 4 Sep 2013 15:20:45 +0200 Subject: Safest exit country? In-Reply-To:
> > Yep, another Tor onion-routed below the ruse, tucked behind > easily found hidden services, exited around camouflaging > exits. That, to be sure, was and remains the fundamental > intent of Tor: off the grid, criminal, illegal, illegitimate, > government grade security.
Now, who would just *love *to get people off something secure, and onto something insecure. All the while making them believe it's secure.
I suppose the more secure countries are Iran, Cuba, Russia. Those are (*should be) isolated from NSA developments and should be at about public level. Russia might not be that ignorant though, best stick with Cuba. Iran and North Korea should be 100% monitored and likely don't run any Tor nodes. This is on the basis of their hostility towards America (&friends) and with that the assumption of isolation from their developments and no cooperation. China is hard to judge but might also be better than anything else. Hong Kong might be the best in China. HK is in China's womb yet, like a baby, it isn't China.
All of the less-than-stable Africa seems like a good target. Too busy running crime or trying to keep stuff together to have developed international spy agencies. South Africa might have an agreement with GB/US (doesn't actually matter which) so I'd avoid them. The northern "dictator-band" has been/is being disassembled. The US is likely only involved to protect its interests now that the obedient dummy dictators are gone. That means there's no telling what the status of surveillance is, but it might be very good (iow: absent). Regardless the Internet connections are unreliable and the security will likely be US-colors soon enough.
Asia except for China is hard to judge (for me). Taiwan (aka "Republic of China", hilarious story that is) is developed and connected but has had trouble getting recognition/allegiance due to the People's Republic of China. No clue about security allegiances. Can imagine it's been declaring its independence so hard it doesn't have any, and might be a good target. Any of the not-that-developed countries should be decent exit points (the whole Vietnam, Cambodia, Thailand, Laos (esp. Laos), Myanmar, Philippines, Indonesia group). (There's quite some difference between those countries, but I *think* they still end up in the same category). Singapore is a total no-go.
The whole region around India I have no knowledge off. India and Pakistan are both very mixed in their level of development to a point where mass-surveillance just doesn't make sense. They're also nuclear powers, which does testify to their willingness and ability to stand up to world powers. Probably good exit points.
All the middle east is probably bad because of oil/militairy interests. Special mention of Isreal as being extremely bad.
Turkey too is subject to military interests and wants to be EU and whatnot so let's just avoid them. EU is all surveillance or wants to be surveillance. Eastern Europe has the developmental backlog that might've caused them to push it further down the to-do list. Greece, Italy, Spain, might be so busy not going bankrupt that they've skimped on the surveillance. Morocco and Algeria are oddballs, close to the EU but nothing else (deserts) they might've not had purpose for surveillance, yet have better connections than the rest of Africa. (Tunisia?)
The world feels pretty good about the Nordic countries but I think they just tie into the US+ spynet so that makes them useless. Iceland's small population and distance to everything made it really nice, now I'm not so sure. The amount of attention means the pressure should be rising. No idea how that'll work out. The population is small enough to be smart. I suppose they're observed in any non-politically approved but still possible way. Err.. Nevermind.
Enough mind games. You have to pass the wires anyway, encrypt and trust the endpoints. (and encrypt hard) ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Wed Sep 4 09:22:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 4 Sep 2013 15:22:03 +0200 Subject: [Bitcoin-development] 0.8.4 released, fixes critical denial-of-service issue Message-ID: <[email protected]>
----- Forwarded message from Gavin Andresen
Date: Wed, 4 Sep 2013 11:16:35 +1000 From: Gavin Andresen
Bitcoin-Qt version 0.8.4 is now available from: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/
This is a maintenance release to fix a critical bug and three security issues; we urge all users to upgrade.
There were no changes from 0.8.4 release candidate 2, so if you are running 0.8.4rc2 you do not need to upgrade.
Please report bugs using the issue tracker at github: https://github.com/bitcoin/bitcoin/issues How to Upgrade ------
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).
If you are upgrading from version 0.7.2 or earlier, the first time you run 0.8.4 your blockchain files will be re-indexed, which will take anywhere from 30 minutes to several hours, depending on the speed of your machine.
0.8.4 Release notes ======
Security issues ------
An attacker could send a series of messages that resulted in an integer division-by-zero error in the Bloom Filter handling code, causing the Bitcoin-Qt or bitcoind process to crash. Bloom filters were introduced with version 0.8, so versions 0.8.0 through 0.8.3 are vulnerable to this critical denial-of-service attack.
A constant-time algorithm is now used to check RPC password guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838 (CVE-2013-4165)
Implement a better fix for the fill-memory-with-orphan-transactions attack that was fixed in 0.8.3. See https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors- of-attack/ for a description of the weaknesses of the previous fix. (CVE-2013-4627)
Bugs fixed ------
Fix multi-block reorg transaction resurrection.
Fix non-standard disconnected transactions causing mempool orphans. This bug could cause nodes running with the -debug flag to crash.
OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!) prevent the database corruption issues many people have experienced on OSX.
Linux: clicking on bitcoin: links was broken if you were using a Gnome-based desktop.
Fix a hang-at-shutdown bug that only affects users that compile their own version of Bitcoin against Boost versions 1.50-1.52.
Other changes ------
Checkpoint at block 250,000 to speed up initial block downloads and make the progress indicator when downloading more accurate.
Thanks to everybody who contributed to the 0.8.4 releases! ------
Pieter Wuille Warren Togami Patrick Strateman pakt Gregory Maxwell Sergio Demian Lerner grayleonard Cory Fields Matt Corallo Gavin Andresen
------Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
______Bitcoin-development mailing list Bitcoin-development at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From kylem at xwell.org Wed Sep 4 10:06:36 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Wed, 4 Sep 2013 09:06:36 -0500 Subject: Safest exit country? In-Reply-To:
On Wed, Sep 4, 2013 at 8:20 AM, Lodewijk andr? de la porte
Which, generally speaking, will still not defeat traffic analysis without special considerations...
-- @kylemaxwell
From l at odewijk.nl Wed Sep 4 10:21:16 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 4 Sep 2013 16:21:16 +0200 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To:
2013/9/4 John Young
> The Snowden material needs an untethered, unchoked, > and unmarionetted leaker not more commercial journalism > dribbling what, unforntunately has become common in the > "era of WikiLeaks journalism," is disinfo. And implies the > prospect of complicity with authorities under rigging of > privileged journalism and coddled D-Noticers. >
You could say playing games is what politicians do. But not playing the games means you get no game. Assange does explicitly, publicly and knowingly play games. He knows they work. Had all the documents been published unedited there would be a single headline in every newspaper.
Now there's thousands. Every week it's hammered upon. We see people claiming "Oh, see, the NSA said something to make it okay, and I think it actually is!" only to be stomped by the next headline showing it was definitely not okay. This releasing scheme is a very, very good match for the current journalistic reality.
Given Assange seems to be pretty well on the side of civil liberty, freedom and power, I think he's doing a rather good job. ------next part ------An HTML attachment was scrubbed... URL:
From l at odewijk.nl Wed Sep 4 10:33:49 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 4 Sep 2013 16:33:49 +0200 Subject: Safest exit country? In-Reply-To:
2013/9/4 Kyle Maxwell
> On Wed, Sep 4, 2013 at 8:20 AM, Lodewijk andr? de la porte
I'm gonna go ahead and suggest trickle connections. It's in my paper about mesh networking that I might release once. You have n connections to n nodes (1 on 1) and you continuously flow (both directions) random data over it. Occasionally instead of random data you put an encrypted package in it. The other end continuously (tries to) decrypt packages. This way you never know if something is being sent or not, at the cost of some bandwidth.
Schematically: generate random > send buffer secret package > send buffer send buffer > stream encryption > transmit buffer transmit buffer > rate limited connection to peer on the other side: receive buffer > stream decryption > package detector > usual way of dealing with incoming packages. If you never actually use these trickle connections, but you do have them, you can deny being the origin of packages (I didn't know what it was! I got it over a trickle connection!). If you mark packages as "top secret" they should only be send over trickles and they'll never be network observable at all.
Additional tricks such as delayed further transmission, network path mixing, etc. are all possible with what I have in my paper and should be (easily) doable in Tor.
I never really understood the problem with traffic analysis. ------next part ------An HTML attachment was scrubbed... URL:
From jya at pipeline.com Wed Sep 4 10:51:00 2013 From: jya at pipeline.com (John Young) Date: Wed, 04 Sep 2013 10:51:00 -0400 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To:
Still, it is not easy knowing who is who when they play the same game using the same strategies, moves, gambits, ploys, feints, struts, deceptions. This mirroring of the opposition is a long tradition of authorities, their covert agents and provocateurs manipulating their citizenry, consumers, fans, doling out manufactured information.
No doubt the game advances the interests of all the games players so long as they follow their agreed upon rules and cheat very carefully. We may admire their skill and daring and triumphs but the rules state we are not qualified to be the players, that requires ranking by authorities of the game.
Assange was once not a player, studied hard, watched the masters, now he is surrounded by grand masterful players and reaps the rewards of fame, acclaim, and happily the monetary prizes, to be sure spending a lot of that on lawyers and promoters. So it goes.
Meanwhile there is a need for more undoctored documents for the newbies and bystanders angling for a chance, for consumers to see what happens offstage, how vetting and redacting, parceling and censoring is done.
But Assange and cohorts have become secretive about the WikiLeaks operation and apparently (who knows) hidden stashes of income, in concert with the practices of secretkeepers of all stripes.
And not least WL engages in defamation to an almost hysterical extent that suggests much to hide, again mirroring authoritarian shilling. Promoting adversarialism is ancient theocracy where only priests play the game they rig.
Let us all play, unmedicated by reputation-mongering tradecraft of TV, news, advertizing, limited access to documentation and overload of "if you knew what we know, trust us" pulp fiction.
At 10:21 AM 9/4/2013, you wrote: >2013/9/4 John Young <
From kylem at xwell.org Wed Sep 4 11:25:05 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Wed, 4 Sep 2013 10:25:05 -0500 Subject: Safest exit country? In-Reply-To:
On Wed, Sep 4, 2013 at 9:33 AM, Lodewijk andr? de la porte
> Additional tricks such as delayed further transmission, network path mixing, > etc. are all possible with what I have in my paper and should be (easily) > doable in Tor. > > I never really understood the problem with traffic analysis.
Trickle connections are an interesting idea and will work for some applications where high latency and possibly low throughput are okay. I look forward to reading that paper.
Though re: traffic analysis, if your traffic stands out too much (i.e. for relatively low n on a global scale), then you'll still have issues[0]. And the devil's in the details, as Tom Ritter's fine work around AAM[1] has shown.
[0]: Obligatory XKCD: http://xkcd.com/1105/ [1]: http://ritter.vg/blog-deanonymizing_amm.html
-- @kylemaxwell
From l at odewijk.nl Wed Sep 4 11:38:57 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 4 Sep 2013 17:38:57 +0200 Subject: [Cryptography] NSA and cryptanalysis In-Reply-To:
2013/9/4 John Young
> Let us all play, unmedicated by reputation-mongering tradecraft > of TV, news, advertizing, limited access to documentation and > overload of "if you knew what we know, trust us" pulp fiction. >
But you, a willing contestant, may educate yourself on the intricacies. The rest, even when invited, will pass on the virtue of not having the time.
The revolution or the soccer game, which one do you think the layperson prefers?
Assange is cunning in making the revolution fitting in the normal flow of conversation about actualities, his words dance the usual harmony. Such it resonates in society.
It matters not what tune a bird sings, no matter how beautiful, if it sings it between the cogs and gears of a deafening machine.
Surely, I would like it if there was any honesty to be found at all. But showing the smoke and mirrors would show you nothing but smoke and mirrors. Now, the responses of grandmasters of deception are the most telling of the story; the (inter)national security agency dances where before it was merely looming in the shadows.
I hope fiercely that Assange's trickery will, regardless of its perpetual infallible ignorance, convince the public of the silent observer's devilry. Not all smoke and mirrors are fun and games.
The government fears the people. Forgetting it is the people it's eyes grew watchful. One wonders when it uses the arms given for protection against it's people. The three laws have but one logical conclusion. ------next part ------An HTML attachment was scrubbed... URL:
From tbiehn at gmail.com Wed Sep 4 11:46:49 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 4 Sep 2013 11:46:49 -0400 Subject: Safest exit country? In-Reply-To:
On Wed, Sep 4, 2013 at 11:25 AM, Kyle Maxwell
> On Wed, Sep 4, 2013 at 9:33 AM, Lodewijk andr? de la porte
The problem is that bandwidth isn't free; also standing out ;)
-- Twitter
From l at odewijk.nl Wed Sep 4 11:58:11 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 4 Sep 2013 17:58:11 +0200 Subject: Safest exit country? In-Reply-To:
2013/9/4 Travis Biehn
> The problem is that bandwidth isn't free; also standing out ;) Any idea how much fiber/copper goes dark for extended periods of time? Remember Fidonet*? Remember 0.00000...1 == 0! Besides, what's privacy/plausible-deniability worth to you?
*pairing agreements make a lot of bandwidth free both ways, after the physical connections are constructed. Problems arise when destinations aren't preferred ones, but why would you trickle towards not preferred ones? As long as you can onion route towards preferable you'll be green. ------next part ------An HTML attachment was scrubbed... URL:
From tbiehn at gmail.com Wed Sep 4 12:18:33 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 4 Sep 2013 12:18:33 -0400 Subject: Safest exit country? In-Reply-To:
Although it's a separate conversation (Cost vs Privacy / ISPs policies etc): Domestic ISPs have caps on data and euphemistically named 'traffic shaping' policies. For many users bandwidth isn't free.
On Wed, Sep 4, 2013 at 11:58 AM, Lodewijk andr? de la porte
> 2013/9/4 Travis Biehn
-- Twitter
From jya at pipeline.com Wed Sep 4 13:05:43 2013 From: jya at pipeline.com (John Young) Date: Wed, 04 Sep 2013 13:05:43 -0400 Subject: Media Gag of Barrett Brown Case Message-ID:
Filed this morning for the hearing:
Media should cover the USG Exhibits to gag media coverage of Barrett Brown:
The USG argument to gag media coverage:
Defense opposition to the gag order:
From rich at openwatch.net Wed Sep 4 13:29:11 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 4 Sep 2013 10:29:11 -0700 Subject: Media Gag of Barrett Brown Case In-Reply-To:
"Perhaps without realizing the prejudicial effects on Brown, the media repeatedly has publicized potentially inadmissible and prejudicial information, such as Brown?s (1) incarceration status, (2) anarchist idealology, (3) three indictments and potential sentences, (4) admissions of conduct and involvement in Anonymous activities, (5) relationship to other Anonymous figures or hackers, (6) troubled childhood and alternative schooling, (7) declaration that he was an atheist, (8) use and abuse of ecstasy, acid, heroin, suboxine, and marijuana, (9) lack of steady employment, (10) claimed diagnoses of ADHD and depression, (11) associates descriptions of Brown as a junkie, name fag, moral fag, court jester, (12) self-proclaimed and otherwise assigned titles with Anonymous (spokesperson, senior strategist), (13) receipt of data stolen through hacks conducted by other Anonymous members, (14) use of the stolen data to prank call individuals, publicize personal and confidential information, (15) associates and Brown opining that Brown would end up in jail, and (16) property seized by FBI."
Is the prosecution assuming the judge knows what namefagging is?
Also, what do "reserved" exhibits mean? Are those to be presented at a later date?
R ------next part ------An HTML attachment was scrubbed... URL:
From jya at pipeline.com Wed Sep 4 15:37:51 2013 From: jya at pipeline.com (John Young) Date: Wed, 04 Sep 2013 15:37:51 -0400 Subject: Gag Ordered in Barrett Brown Case In-Reply-To:
Barrett Brown judge issued a gag order today:
------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Wed Sep 4 16:12:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 4 Sep 2013 22:12:40 +0200 Subject: NSA Laughs at PCs, Prefers Hacking Routers and Switches Message-ID: <[email protected]> http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
NSA Laughs at PCs, Prefers Hacking Routers and Switches
BY KIM ZETTER09.04.136:30 AM
Photo: Santiago Cabezas/Flickr
The NSA runs a massive, full-time hacking operation targeting foreign systems, the latest leaks from Edward Snowden show. But unlike conventional cybercriminals, the agency is less interested in hacking PCs and Macs. Instead, America?s spooks have their eyes on the internet routers and switches that form the basic infrastructure of the net, and are largely overlooked as security vulnerabilities.
Under a $652-million program codenamed ?Genie,? U.S. intel agencies have hacked into foreign computers and networks to monitor communications crossing them and to establish control over them, according to a secret black budget document leaked to the Washington Post. U.S. intelligence agencies conducted 231 offensive cyber operations in 2011 to penetrate the computer networks of targets abroad.
This included not only installing covert ?implants? in foreign desktop computers but also on routers and firewalls ? tens of thousands of machines every year in all. According to the Post, the government planned to expand the program to cover millions of additional foreign machines in the future and preferred hacking routers to individual PCs because it gave agencies access to data from entire networks of computers instead of just individual machines.
Most of the hacks targeted the systems and communications of top adversaries like China, Russia, Iran and North Korea and included activities around nuclear proliferation.
The NSA?s focus on routers highlights an often-overlooked attack vector with huge advantages for the intruder, says Marc Maiffret, chief technology officer at security firm Beyond Trust. Hacking routers is an ideal way for an intelligence or military agency to maintain a persistent hold on network traffic because the systems aren?t updated with new software very often or patched in the way that Windows and Linux systems are. ?No one updates their routers,? he says. ?If you think people are bad about patching Windows and Linux (which they are) then they are ? horrible about updating their networking gear because it is too critical, and usually they don?t have redundancy to be able to do it properly.?
He also notes that routers don?t have security software that can help detect a breach.
?The challenge [with desktop systems] is that while antivirus don?t work well on your desktop, they at least do something [to detect attacks],? he says. ?But you don?t even have an integrity check for the most part on routers and other such devices like IP cameras.?
Hijacking routers and switches could allow the NSA to do more than just eavesdrop on all the communications crossing that equipment. It would also let them bring down networks or prevent certain communication, such as military orders, from getting through, though the Post story doesn?t report any such activities. With control of routers, the NSA could re-route traffic to a different location, or intelligence agencies could alter it for disinformation campaigns, such as planting information that would have a detrimental political effect or altering orders to re-route troops or supplies in a military operation.
According to the budget document, the CIA?s Tailored Access Programs and NSA?s software engineers possess ?templates? for breaking into common brands and models of routers, switches and firewalls.
The article doesn?t say it, but this would likely involve pre-written scripts or backdoor tools and root kits for attacking known but unpatched vulnerabilities in these systems, as well as for attacking zero-day vulnerabilities that are yet unknown to the vendor and customers.
?[Router software is] just an operating system and can be hacked just as Windows or Linux would be hacked,? Maiffret says. ?They?ve tried to harden them a little bit more [than these other systems], but for folks at a place like the NSA or any other major government intelligence agency, it?s pretty standard fare of having a ready-to-go backdoor for your [off-the-shelf] Cisco or Juniper models.?
Not all of the activity mentioned in the budget document involved remote hacking. In some cases, according to the document, the operations involved clandestine activity by the CIA or military intelligence units to ?physically place hardware implants or software modifications? to aid the spying.
?Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO),? the Post writes in its story about the document. ?As its name suggests, TAO builds attack tools that are custom-fitted to their targets.?
A handful of security researchers have uncovered vulnerabilities in routers in recent years that could be used to do the kind of hacking described in the budget document.
In 2005, security researcher Mike Lynn found a serious vulnerability in Cisco IOS, the operating system running on millions of Cisco routers around the world.
Lynn discovered the vulnerability after his employer, Internet Security Systems, asked him to reverse-engineer the Cisco operating system to see if he could find security problems with it. Cisco makes the majority of the routers that operate the backbone of the internet as well as many company networks and critical infrastructure systems. The Cisco IOS is as ubiquitous in the backbone as the Windows operating system is on desktops.
The vulnerability Lynn found, in a new version of the operation system that Cisco planned to release at the time, would have allowed someone to create a router worm that would shut down every Cisco router through which it passed, bringing down a nation?s critical infrastructure. It also would have allowed an attacker to gain complete control of the router to sniff all traffic passing through a network in order to read, record or alter it, or simply prevent traffic from reaching its recipient.
Once Lynn found the vulnerability, it took him six months to develop a working exploit to attack it.
Lynn had planned to discuss the vulnerability at the Black Hat security conference in Las Vegas, until Cisco intervened and forced him to pull the talk under threat of a lawsuit.
But if Lynn knew about the vulnerability, there were likely others who did as well ? including intelligence agencies and criminal hackers.
Source code for Cisco?s IOS has been stolen at least twice, either by entities who were interested in studying the software to gain a competitive advantage or to uncover vulnerabilities that would allow someone to hack or control them.
Other researchers have uncovered different vulnerabilities in other Cisco routers that are commonly used in small businesses and home offices.
Every year at computer security conferences ? including the Black Hat conference where NSA Director Keith Alexander presented a keynote this year ? U.S. intelligence agencies and contractors from around the world attend to discover information about new vulnerabilities that might be exploited and to hire talented researchers and hackers capable of finding more vulnerabilities in systems.
In 2008, a researcher at Core Security Technologies developed a root kit for the Cisco IOS that was designed to give an attacker a persistent foothold on a Cisco router while remaining undetected.
According to the Post story, the NSA designs most of the offensive tools it uses in its Genie operation, but it spent $25.1 million in one year for ?additional covert purchases of software vulnerabilities? from private malware vendors who operate on the grey market ? closed markets that peddle vulnerabilities and exploits to law enforcement and intelligence agencies, as opposed to the black market that sells them to cyber criminals.
The price of vulnerabilities and exploits varies, depending on a number of factors. Vulnerabilities and exploits can sell for anywhere from $50,000 to more than a million, depending on the exclusivity of the purchase ? some vulnerabilities are sold to multiple parties with the understanding that others are using it as well ? and their ubiquity. A vulnerability that exists in multiple versions of an operating system is more valuable than a vulnerability that exists in just one version. A class of vulnerability that crosses multiple browser brands is also more valuable than a single vulnerability that just affects the Safari browser or Chrome.
The Stuxnet cyber weapon that was reportedly created by the U.S. and Israel to sabotage centrifuges used in Iran?s uranium enrichment program, used five zero-day exploits to spread itself among systems in Iran, including a rare exploit that attacked the .LNK function in multiple versions of the Windows operating system in order to spread the worm silently via infected USB sticks.
Ubiquitous router vulnerabilities are difficult to find since there are so many different configurations for routers, and an attack that works against one router configuration might not work for another. But a vulnerability that affects the core operating system is much more valuable since it is less likely to be dependent on the configuration. Maiffret says there hasn?t been a lot of public research on router vulnerabilities, but whenever someone has taken a look at them, they have found security holes in them.
?They?re always successful in finding something,? he says.
Once a vulnerability becomes known to the software maker and is patched, it loses a lot of its value. But because many users and administrators do not patch their systems, some vulnerabilities can be used effectively for years, even after a patch is available. The Conficker worm, for example, continued to infect millions of computers long after Microsoft released a patch that should have stopped the worm from spreading.
Routers in particular often remain unpatched because system administrators don?t think they will be targeted and because administrators are concerned about network outages that could occur while the patch is applied or if the patch is faulty.
Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties.
Read more by Kim Zetter
Follow @KimZetter and @ThreatLevel on Twitter.
From eugen at leitl.org Wed Sep 4 16:13:56 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 4 Sep 2013 22:13:56 +0200 Subject: [Cryptography] Popular curves (was: NSA and cryptanalysis) Message-ID: <[email protected]>
----- Forwarded message from Jose Luis Gomez Pardo
Date: Wed, 04 Sep 2013 18:35:52 +0200 From: Jose Luis Gomez Pardo
At 08:20 04/09/2013, ianG wrote: > On 3/09/13 18:13 PM, Phillip Hallam-Baker wrote: > .... >> Do we have an ECC curve that is (1) secure and (2) has a written >> description prior to 1 Sept 1993? > > > (Not answering your direct question.) Personally, I was happy to > plan on using DJB's Curve25519. He's done the research and says it > is good. Comments? > > iang
Curve25519 was designed for elliptic Diffie-Hellman taking care of both security and efficiency aspects and seems very strong in both of them. Some comments on its usage for other purposes can be found in http://stackoverflow.com/questions/2515948/use-of-curve25519
This curve was originally written for x86 32-bit platforms and a 64-bit implementation can be found in the following links: https://code.google.com/p/curve25519-donna/ https://github.com/agl/curve25519-donna
In addition to this curve and to the NIST curves, another source for elliptic curves that can be (according to the developers) freely used is: http://certivox.org/display/EXT/CertiVox+Standard+Curves where cuves over 384 and 512-bit prime fields can be found which are likely secure. Of course, in all these cases you have to trust the curve developers somewhat although you can also check these curves for possible vulnerabilities.
Alternatively, one can build one's own curve and for this one needs to have access to an implementation of the SEA point counting algorithm. A little while ago I was writing a cryptography book that uses Maple to implement both cryptographic schemes and cryptanalytic algorithms and, for a while, I contemplated the idea of programming SEA in Maple. However, I soon discarded it because there are already some freely available excelent implementations in compiled languages and my Maple implementation would necessarily be much slower. Thus, for some computations in the examples in my book I ended using MIRACL, a C/C++ library with excellent support for ECC which was recently adquired by CertiVox and can be found in the following links: http://www.certivox.com/miracl/ https://github.com/CertiVox/MIRACL
Using the SEA algorithm one can readily find elliptic curves of prime order (or with a very small cofactor) which, additionally, can be tested to ensure that they satisfy some important conditions such as not having small embedding degree (to prevent the MOV reduction attack) or not having trace one (anomalous curves) which makes them also vulnerable. Of course, if the curves are (pseudo)randomly generated, it is very unlikely that they suffer from these vulnerabilities. Methods for verifiably random generation of such curves can be found in: http://www.secg.org/download/aid-780/sec1-v2.pdf and some recommended elliptic curves generated using these methods (including curves over 384-bit and 521-bit prime fields) are available from: http://www.secg.org/download/aid-784/sec2-v2.pdf
Of course, I don't know whether these curves are completely free from IP concerns but, according to the sources where these curves are published, this seems to be the case (I am far from expert in the IP subject but, as a mathematician, the idea of someone "owning" an elliptic curve in some sense, seems to me very strange).
Jose Luis.
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 4 16:16:12 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 4 Sep 2013 22:16:12 +0200 Subject: [tor-talk] Exit node stats collection? Message-ID: <[email protected]>
----- Forwarded message from The Doctor
Date: Wed, 04 Sep 2013 13:14:35 -0400 From: The Doctor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/03/2013 06:06 PM, mirimir wrote:
> How would one identify new, and suddenly very popular, hidden > services?
I do not know if this link has been posted yet, but this jumped out at me this morning - it's a technique for correlating publically known Tor nodes against hidden services: http://cybermashup.com/2013/09/04/dont-run-a-tor-router-and-a-hidden-service-from-the- same-connection/
Thoughts from the community?
- -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/
"It is the mark of an educated mind to be able to entertain a thought without accepting it." --Aristotle
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlInansACgkQO9j/K4B7F8HwgwCfc1irnBwHpVmfV2Ge4ank1xLH KbIAoIgMqFH2t2NytXCQnJShwWyDct14 =jMxZ -----END PGP SIGNATURE------tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From rich at openwatch.net Wed Sep 4 16:54:10 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 4 Sep 2013 13:54:10 -0700 Subject: NSA Laughs at PCs, Prefers Hacking Routers and Switches In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
No surprises there then, I remember the underground talking
Wasn't that how Sabu et al got you guys, John?
On Wed, Sep 4, 2013 at 1:12 PM, Eugen Leitl
> > http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/ > > NSA Laughs at PCs, Prefers Hacking Routers and Switches > > BY KIM ZETTER09.04.136:30 AM > > Photo: Santiago Cabezas/Flickr > > The NSA runs a massive, full-time hacking operation targeting foreign > systems, the latest leaks from Edward Snowden show. But unlike conventional > cybercriminals, the agency is less interested in hacking PCs and Macs. > Instead, America?s spooks have their eyes on the internet routers and > switches that form the basic infrastructure of the net, and are largely > overlooked as security vulnerabilities. > > Under a $652-million program codenamed ?Genie,? U.S. intel agencies have > hacked into foreign computers and networks to monitor communications > crossing > them and to establish control over them, according to a secret black budget > document leaked to the Washington Post. U.S. intelligence agencies > conducted > 231 offensive cyber operations in 2011 to penetrate the computer networks > of > targets abroad. > > This included not only installing covert ?implants? in foreign desktop > computers but also on routers and firewalls ? tens of thousands of machines > every year in all. According to the Post, the government planned to expand > the program to cover millions of additional foreign machines in the future > and preferred hacking routers to individual PCs because it gave agencies > access to data from entire networks of computers instead of just individual > machines. > > Most of the hacks targeted the systems and communications of top > adversaries > like China, Russia, Iran and North Korea and included activities around > nuclear proliferation. > > The NSA?s focus on routers highlights an often-overlooked attack vector > with > huge advantages for the intruder, says Marc Maiffret, chief technology > officer at security firm Beyond Trust. Hacking routers is an ideal way for > an > intelligence or military agency to maintain a persistent hold on network > traffic because the systems aren?t updated with new software very often or > patched in the way that Windows and Linux systems are. > > ?No one updates their routers,? he says. ?If you think people are bad about > patching Windows and Linux (which they are) then they are ? horrible about > updating their networking gear because it is too critical, and usually they > don?t have redundancy to be able to do it properly.? > > He also notes that routers don?t have security software that can help > detect > a breach. > > ?The challenge [with desktop systems] is that while antivirus don?t work > well > on your desktop, they at least do something [to detect attacks],? he says. > ?But you don?t even have an integrity check for the most part on routers > and > other such devices like IP cameras.? > > Hijacking routers and switches could allow the NSA to do more than just > eavesdrop on all the communications crossing that equipment. It would also > let them bring down networks or prevent certain communication, such as > military orders, from getting through, though the Post story doesn?t report > any such activities. With control of routers, the NSA could re-route > traffic > to a different location, or intelligence agencies could alter it for > disinformation campaigns, such as planting information that would have a > detrimental political effect or altering orders to re-route troops or > supplies in a military operation. > > According to the budget document, the CIA?s Tailored Access Programs and > NSA?s software engineers possess ?templates? for breaking into common > brands > and models of routers, switches and firewalls. > > The article doesn?t say it, but this would likely involve pre-written > scripts > or backdoor tools and root kits for attacking known but unpatched > vulnerabilities in these systems, as well as for attacking zero-day > vulnerabilities that are yet unknown to the vendor and customers. > > ?[Router software is] just an operating system and can be hacked just as > Windows or Linux would be hacked,? Maiffret says. ?They?ve tried to harden > them a little bit more [than these other systems], but for folks at a place > like the NSA or any other major government intelligence agency, it?s pretty > standard fare of having a ready-to-go backdoor for your [off-the-shelf] > Cisco > or Juniper models.? > > Not all of the activity mentioned in the budget document involved remote > hacking. In some cases, according to the document, the operations involved > clandestine activity by the CIA or military intelligence units to > ?physically > place hardware implants or software modifications? to aid the spying. > > ?Much more often, an implant is coded entirely in software by an NSA group > called Tailored Access Operations (TAO),? the Post writes in its story > about > the document. ?As its name suggests, TAO builds attack tools that are > custom-fitted to their targets.? > > A handful of security researchers have uncovered vulnerabilities in routers > in recent years that could be used to do the kind of hacking described in > the > budget document. > > In 2005, security researcher Mike Lynn found a serious vulnerability in > Cisco > IOS, the operating system running on millions of Cisco routers around the > world. > > Lynn discovered the vulnerability after his employer, Internet Security > Systems, asked him to reverse-engineer the Cisco operating system to see if > he could find security problems with it. Cisco makes the majority of the > routers that operate the backbone of the internet as well as many company > networks and critical infrastructure systems. The Cisco IOS is as > ubiquitous > in the backbone as the Windows operating system is on desktops. > > The vulnerability Lynn found, in a new version of the operation system that > Cisco planned to release at the time, would have allowed someone to create > a > router worm that would shut down every Cisco router through which it > passed, > bringing down a nation?s critical infrastructure. It also would have > allowed > an attacker to gain complete control of the router to sniff all traffic > passing through a network in order to read, record or alter it, or simply > prevent traffic from reaching its recipient. > > Once Lynn found the vulnerability, it took him six months to develop a > working exploit to attack it. > > Lynn had planned to discuss the vulnerability at the Black Hat security > conference in Las Vegas, until Cisco intervened and forced him to pull the > talk under threat of a lawsuit. > > But if Lynn knew about the vulnerability, there were likely others who did > as > well ? including intelligence agencies and criminal hackers. > > Source code for Cisco?s IOS has been stolen at least twice, either by > entities who were interested in studying the software to gain a competitive > advantage or to uncover vulnerabilities that would allow someone to hack or > control them. > > Other researchers have uncovered different vulnerabilities in other Cisco > routers that are commonly used in small businesses and home offices. > > Every year at computer security conferences ? including the Black Hat > conference where NSA Director Keith Alexander presented a keynote this > year ? > U.S. intelligence agencies and contractors from around the world attend to > discover information about new vulnerabilities that might be exploited and > to > hire talented researchers and hackers capable of finding more > vulnerabilities > in systems. > > In 2008, a researcher at Core Security Technologies developed a root kit > for > the Cisco IOS that was designed to give an attacker a persistent foothold > on > a Cisco router while remaining undetected. > > According to the Post story, the NSA designs most of the offensive tools it > uses in its Genie operation, but it spent $25.1 million in one year for > ?additional covert purchases of software vulnerabilities? from private > malware vendors who operate on the grey market ? closed markets that peddle > vulnerabilities and exploits to law enforcement and intelligence agencies, > as > opposed to the black market that sells them to cyber criminals. > > The price of vulnerabilities and exploits varies, depending on a number of > factors. Vulnerabilities and exploits can sell for anywhere from $50,000 to > more than a million, depending on the exclusivity of the purchase ? some > vulnerabilities are sold to multiple parties with the understanding that > others are using it as well ? and their ubiquity. A vulnerability that > exists > in multiple versions of an operating system is more valuable than a > vulnerability that exists in just one version. A class of vulnerability > that > crosses multiple browser brands is also more valuable than a single > vulnerability that just affects the Safari browser or Chrome. > > The Stuxnet cyber weapon that was reportedly created by the U.S. and Israel > to sabotage centrifuges used in Iran?s uranium enrichment program, used > five > zero-day exploits to spread itself among systems in Iran, including a rare > exploit that attacked the .LNK function in multiple versions of the Windows > operating system in order to spread the worm silently via infected USB > sticks. > > Ubiquitous router vulnerabilities are difficult to find since there are so > many different configurations for routers, and an attack that works against > one router configuration might not work for another. But a vulnerability > that > affects the core operating system is much more valuable since it is less > likely to be dependent on the configuration. Maiffret says there hasn?t > been > a lot of public research on router vulnerabilities, but whenever someone > has > taken a look at them, they have found security holes in them. > > ?They?re always successful in finding something,? he says. > > Once a vulnerability becomes known to the software maker and is patched, it > loses a lot of its value. But because many users and administrators do not > patch their systems, some vulnerabilities can be used effectively for > years, > even after a patch is available. The Conficker worm, for example, continued > to infect millions of computers long after Microsoft released a patch that > should have stopped the worm from spreading. > > Routers in particular often remain unpatched because system administrators > don?t think they will be targeted and because administrators are concerned > about network outages that could occur while the patch is applied or if the > patch is faulty. > > Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, > security and civil liberties. > > Read more by Kim Zetter > > Follow @KimZetter and @ThreatLevel on Twitter ------next part ------An HTML attachment was scrubbed... URL:
From skquinn at rushpost.com Wed Sep 4 17:10:23 2013 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Wed, 04 Sep 2013 16:10:23 -0500 Subject: Gag Ordered in Barrett Brown Case In-Reply-To:
On Wed, Sep 4, 2013, at 02:37 PM, John Young wrote: > Barrett Brown judge issued a gag order today: > >
Where's the order? This looks like just an exhibit list.
-- Shawn K. Quinn skquinn at rushpost.com
From jya at pipeline.com Wed Sep 4 17:21:51 2013 From: jya at pipeline.com (John Young) Date: Wed, 04 Sep 2013 17:21:51 -0400 Subject: Gag Ordered in Barrett Brown Case In-Reply-To: <[email protected] .com> References:
For the order use: http://cryptome.org/2013/09/brown-093.pdf
The t.co is not by us.
From jerry at jerryrw.com Wed Sep 4 17:30:09 2013 From: jerry at jerryrw.com (Jerry) Date: Wed, 4 Sep 2013 17:30:09 -0400 Subject: Gag Ordered in Barrett Brown Case In-Reply-To: <[email protected]> References:
On Sep 4, 2013, at 5:10 PM, Shawn K. Quinn wrote:
> On Wed, Sep 4, 2013, at 02:37 PM, John Young wrote: >> Barrett Brown judge issued a gag order today: >> >>
All 4 of the links were shortened to the same URL http://t.co/klI5BvhH2i that points to brown-091.pdf.
From wb8foz at nrk.com Wed Sep 4 21:16:38 2013 From: wb8foz at nrk.com (David) Date: Wed, 04 Sep 2013 21:16:38 -0400 Subject: Gag Ordered in Barrett Brown Case In-Reply-To: <[email protected]> References:
>> Barrett Brown judge issued a gag order today:
Paging Barbra Streisand, please report to the beach entrance. From eugen at leitl.org Thu Sep 5 06:05:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 12:05:49 +0200 Subject: Content and popularity analysis of Tor hidden services Message-ID: <[email protected]> http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Content and popularity analysis of Tor hidden services
July 29, 2013
Alex Biryukov
University of Luxembourg alex.biryukov at uni.lu
Ivan Pustogarov University of Luxembourg ivan.pustogarov at uni.lu
Ralf-Philipp Weinmann University of Luxembourg ralf-philipp.weinmann at uni.lu
ABSTRACT
Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hidden services an attractive platform for every kind of imaginable shady service. The ease with which Tor hidden services can be set up has spurred a huge growth of anonymously provided Internet services of both types. In this paper we analyse the landscape of Tor hidden services. We have studied Tor hidden services after collecting 39824 hidden service descriptors on 4th of Feb 2013 by exploiting protocol and implementation aws in Tor: we scanned them for open ports; in the case of HTTP services, we analysed and classified their content. We also estimated the popularity of hidden services by looking at the request rate for hidden service descriptors by clients. We found that while the content of Tor hidden services is rather varied, the most popular hidden services are related to botnets.
Keywords
Tor, hidden services, port scanning, classification
From risko at csl.sri.com Wed Sep 4 18:22:08 2013 From: risko at csl.sri.com (RISKS List Owner) Date: Wed, 4 Sep 2013 15:22:08 PDT Subject: [RISKS] Risks Digest 27.46 Message-ID:
RISKS-LIST: Risks-Forum Digest Wednesday 4 September 2013 Volume 27 : Issue 46
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at
Contents: Our Newfound Fear of Risk (Bruce Schneier) 'Walkie-Talkie' skyscraper melts Jaguar car parts (Martyn Thomas) How the "Internet of Things" May Change the World (Matthew Kruk) "Video: PostgreSQL succeeds where MySQL fails" (Pete Babb via Gene Wirchenko) "Developers hack Dropbox and show how to access user data" (Lucas Mearian via Gene Wirchenko) No password is safe from new breed of cracking software (Salon.com via David Farber) Windows 8 Picture Passwords Easily Cracked (ACM TechNews) Password must be 10 characters and begin and end with a number (jidanni) Test 'reveals Facebook, Twitter and Google snoop on e-mails' (Martin Delgado via Henry Baker) "IBM starts restricting hardware patches to paying customers" (Joab Jackson via Gene Wirchenko) The Ghost Messages of Yahoo's Recycled IDs (Lauren Weinstein) "Report: NSA pays millions for US telecom access" (Joab Jackson via Gene Wirchenko) Re: HuffPo Edward Snowden Impersonated NSA Officials (Dimitri Maziuk, Paul Schreiber) Re: In ACLU lawsuit, scientist demolishes NSA's `It's just metadata' (Amos Shapir) Re: Sensitive data left on hard drives (David Alexander) Re: Text a driver in New Jersey, and you could see your day in court (B.J. Herbison, Larry Sheldon, Paul Robinson) Re: DC, Maryland: Speed Camera Firms Move To Hide Evidence (Paul Robinson) Abridged info on RISKS (comp.risks)
------
Date: Wed, 04 Sep 2013 12:37:09 -0500 From: Bruce Schneier
Bruce Schneier, Our Newfound Fear of Risk http://www.schneier.com/blog/archives/2013/09/our_newfound_fe.html
We're afraid of risk. It's a normal part of life, but we're increasingly unwilling to accept it at any level. So we turn to technology to protect us. The problem is that technological security measures aren't free. They cost money, of course, but they cost other things as well. They often don't provide the security they advertise, and -- paradoxically -- they often increase risk somewhere else. This problem is particularly stark when the risk involves another person: crime, terrorism, and so on. While technology has made us much safer against natural risks like accidents and disease, it works less well against man-made risks.
Three examples:
* We have allowed the police to turn themselves into a paramilitary organization. They deploy SWAT teams multiple times a day, almost always in nondangerous situations. They tase people at minimal provocation, often when it's not warranted. Unprovoked shootings are on the rise. One result of these measures is that honest mistakes -- a wrong address on a warrant, a misunderstanding -- result in the terrorizing of innocent people, and more death in what were once nonviolent confrontations with police.
* We accept zero-tolerance policies in schools. This results in ridiculous situations, where young children are suspended for pointing gun-shaped fingers at other students or drawing pictures of guns with crayons, and high-school students are disciplined for giving each other over-the-counter pain relievers. The cost of these policies is enormous, both in dollars to implement and its long-lasting effects on students.
* We have spent over one trillion dollars and thousands of lives fighting terrorism in the past decade -- including the wars in Iraq and Afghanistan -- money that could have been better used in all sorts of ways. We now know that the NSA has turned into a massive domestic surveillance organization, and that its data is also used by other government organizations, which then lie about it. Our foreign policy has changed for the worse: we spy on everyone, we trample human rights abroad, our drones kill indiscriminately, and our diplomatic outposts have either closed down or become fortresses. In the months after 9/11, so many people chose to drive instead of fly that the resulting deaths dwarfed the deaths from the terrorist attack itself, because cars are much more dangerous than airplanes.
There are lots more examples, but the general point is that we tend to fixate on a particular risk and then do everything we can to mitigate it, including giving up our freedoms and liberties.
There's a subtle psychological explanation. Risk tolerance is both cultural and dependent on the environment around us. As we have advanced technologically as a society, we have reduced many of the risks that have been with us for millennia. Fatal childhood diseases are things of the past, many adult diseases are curable, accidents are rarer and more survivable, buildings collapse less often, death by violence has declined considerably, and so on. All over the world -- among the wealthier of us who live in peaceful Western countries -- our lives have become safer.
Our notions of risk are not absolute; they're based more on how far they are from whatever we think of as "normal." So as our perception of what is normal gets safer, the remaining risks stand out more. When your population is dying of the plague, protecting yourself from the occasional thief or murderer is a luxury. When everyone is healthy, it becomes a necessity.
Some of this fear results from imperfect risk perception. We're bad at accurately assessing risk; we tend to exaggerate spectacular, strange, and rare events, and downplay ordinary, familiar, and common ones. This leads us to believe that violence against police, school shootings, and terrorist attacks are more common and more deadly than they actually are -- and that the costs, dangers, and risks of a militarized police, a school system without flexibility, and a surveillance state without privacy are less than they really are.
Some of this fear stems from the fact that we put people in charge of just one aspect of the risk equation. No one wants to be the senior officer who didn't approve the SWAT team for the one subpoena delivery that resulted in an officer being shot. No one wants to be the school principal who didn't discipline -- no matter how benign the infraction -- the one student who became a shooter. No one wants to be the president who rolled back counterterrorism measures, just in time to have a plot succeed. Those in charge will be naturally risk averse, since they personally shoulder so much of the burden.
We also expect that science and technology should be able to mitigate these risks, as they mitigate so many others. There's a fundamental problem at the intersection of these security measures with science and technology; it has to do with the types of risk they're arrayed against. Most of the risks we face in life are against nature: disease, accident, weather, random chance. As our science has improved -- medicine is the big one, but other sciences as well -- we become better at mitigating and recovering from those sorts of risks.
Security measures combat a very different sort of risk: a risk stemming from another person. People are intelligent, and they can adapt to new security measures in ways nature cannot. An earthquake isn't able to figure out how to topple structures constructed under some new and safer building code, and an automobile won't invent a new form of accident that undermines medical advances that have made existing accidents more survivable. But a terrorist will change his tactics and targets in response to new security measures. An otherwise innocent person will change his behavior in response to a police force that compels compliance at the threat of a Taser. We will all change, living in a surveillance state.
When you implement measures to mitigate the effects of the random risks of the world, you're safer as a result. When you implement measures to reduce the risks from your fellow human beings, the human beings adapt and you get less risk reduction than you'd expect -- and you also get more side effects, because we all adapt.
We need to relearn how to recognize the trade-offs that come from risk management, especially risk from our fellow human beings. We need to relearn how to accept risk, and even embrace it, as essential to human progress and our free society. The more we expect technology to protect us from people in the same way it protects us from nature, the more we will sacrifice the very values of our society in futile attempts to achieve this security.
This essay previously appeared on Forbes.com.
------
Date: Mon, 02 Sep 2013 19:29:55 +0100 From: Martyn Thomas
A risk overlooked in the CAD program? http://www.bbc.co.uk/news/uk-england-london-23930675
[This is strange. A London skyscraper under construction is apparently being blamed for intensifying the sun's rays and reflecting light on a nearby automobile in which various parts melted. Martyn suggests that the possibility of such an occurrence might have been ignored by the architectural CAD program used to design and spec the building. Waggin' the tale of the Jaguar? PGN]
------
Date: Mon, 2 Sep 2013 23:50:25 -0600 From: "Matthew Kruk"
------
Date: Wed, 04 Sep 2013 10:30:48 -0700 From: Gene Wirchenko
Pete Babb, InfoWorld, 03 Sep 2013 Head-to-head comparison shows MySQL failing to report major data errors, which would lead to big headaches for developers http://www.infoworld.com/t/sql/video-postgresql-succeeds-where-mysql-fails-225874 selected text:
In the above video, Conery sets up a basic MySQL query, including a directive that nulls should not be allowed. He then intentionally tries to add data with nulls, hoping that MySQL will catch the error. It doesn't. Conery notes, "MySQL decided, 'You tried to insert null, but what you really meant was zero.'
------
Date: Fri, 30 Aug 2013 13:35:17 -0700 From: Gene Wirchenko
Lucas Mearian, Computerworld, 28 Aug 2013 The cloud storage provider's two-factor authentication was bypassed to gain access to user data http://www.infoworld.com/d/security/developers-hack-dropbox-and-show-how-access-user- data-225800
------
Date: Sun, 1 Sep 2013 15:40:16 -0400 From: David Farber
No password is safe from new breed of cracking software. Chances are you need to change your password. No matter how long it is. [This article originally appeared on The Daily Dot.]
Over the weekend, the free password cracking and recovery tool oclHashcat-plus released a new version, 0.15, that can handle passwords up to 55 characters. It works by guessing a lot of common letter combinations. A lot. Really really fast.
Other long-string password-crackers exist, such as Hashcat and oclHashcat-lite, though they take a great deal more time to cycle through. This improvement runs at 8 million guesses per second while also allowing users to cut down the number of guesses required by shaping their attacks based on the password-construction protocol followed by a company or group.
A combination of increasing awareness of official scrutiny, such as the NSA leaks, growing instances of hacking of all kinds and leaked password lists, has inspired users to radically lengthen their passwords and use passphrases instead.
As Dan Goodin noted in Ars Technica, ``Crackers have responded by expanding the dictionaries they maintain to include phrases and word combinations found in the Bible, common literature, and in online discussions.''
One security researcher cracked the passphrase Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1 -- a phrase from an H.P. Lovecraft horror story. It was less impossible than it was super easy, crackable in minutes, because it was in an easily available hacker word list.
The release notes state that the ability to target increased character counts was their most requested change in a development process which took the team six months, who modified 618,473 lines of source code, more than half the code in the product.
------
Date: Wed, 4 Sep 2013 11:59:27 -0400 From: ACM TechNews
[From ACM TechNews; 4 Sep 2013] Read the TechNews Online at: http://technews.acm.org
[Source: *InformationWeek*, 30 Aug 2013, Thomas Claburn]
Microsoft Windows 8's picture gesture authentication (PGA) system is not difficult to crack, according to security researchers from Arizona State and Delaware State universities. The researchers say their experimental model and attack framework enabled it to crack 48 percent of passwords for previously unseen pictures in one dataset and 24 percent in another, in a paper presented at the recent Usenix Conference in August. The researchers also believe their results could be improved with a larger training set and stronger picture-categorization and computer-vision techniques. Windows 8 offers gesture-based passwords and traditional text-based passwords. Setting up a gesture-based password involves choosing a photo from the Picture Library folder and drawing three points on the image to be stored as grid coordinates. However, users tend to pick common points of interest, such as eyes, faces, or discrete objects, and the passwords derived from this constrained set have much less variability than randomly generated passwords. The researchers suggest Microsoft could implement a picture-password-strength meter, and integrate its PGA attack framework to inform users of the potential number of guesses it would take to access the system. http://www.informationweek.com/security/vulnerabilities/windows-8-picture-passwords- easily-crack/240160625
------
Date: Sun, 01 Sep 2013 11:41:21 +0800 From: jidanni at jidanni.org Subject: Password must be 10 characters and begin and end with a number
Signing up at http://www.ellisisland.org/ Password ______(Must be 10 characters and begin and end with a number)
Gee, doesn't pinning it down so firmly merely help the crackers? PCRE /^\d.{8}\d$/
[Yes. Old topic in RISKS, still lives. PGN.]
------
Date: Sun, 01 Sep 2013 13:41:33 -0700 From: Henry Baker
Sunday, Sep 01 2013 9PM 87?F 12AM 84?F 5-Day Forecast
Test 'reveals Facebook, Twitter and Google snoop on e-mails': Study of net giants spurs new privacy concerns
* Study set out to test confidentiality of 50 of the biggest Internet companies * Researchers sent unique web address in private messages through firms * They found six of the companies opened the link from the message
Martin Delgado, *Daily Mail*, 31 Aug 2013 http://www.dailymail.co.uk/news/article-2407949/Test-reveals-Facebook-Twitter-Google- snoop-emails-Study-net-giants-spurs-new-privacy-concerns.html
Facebook, Twitter and Google have been caught snooping on messages sent across their networks, new research claims, prompting campaigners to express concerns over privacy.
The findings emerged from an experiment conducted following revelations by US security contractor Edward Snowden about government snooping on Internet accounts.
Cyber-security company High-Tech Bridge set out to test the confidentiality of 50 of the biggest Internet companies by using their systems to send a unique web address in private messages.
Experts at its Geneva HQ then waited to see which companies clicked on the website.
During the ten-day operation, six of the 50 companies tested were found to have opened the link.
Among the six were Facebook, Twitter, Google and discussion forum Formspring.
High-Tech Bridge chief executive Ilia Kolochenko said: ``We found they were clicking on links that should be known only to the sender and recipient.
If the links are being opened, we cannot be sure that the contents of messages are not also being read.
All the social network sites would like to know as much as possible about our hobbies and shopping habits because the information has a commercial value.
``The fact that only a few companies were trapped does not mean others are not monitoring their customers. They may simply be using different techniques which are more difficult to detect.''
Earlier this year scientists in Germany claimed another big computer company, Microsoft, was spying on customers using its Skype instant messaging service.
Facebook declined to comment on the latest research but said it had complex automated systems in place to combat phishing (Internet identity fraud) and reduce malicious material.
Twitter also declined to comment directly but said it used robotic systems to bar spam messages from customer accounts.
A source at Google said: ``There is nothing new here. It simply isn't an issue.''
An independent expert explained: ``In principle these companies should not be opening the links, but in practice they are giving a service to customers. The protection provided outweighs any potential commercial gain.''
But campaigners called for stricter safeguards.
Nick Pickles, director of pressure group Big Brother Watch, said: ``This is yet another reminder that profit comes before privacy every day for some businesses. Companies such as Google and Facebook rely on capturing as much data as possible to enhance their advertising targeting. They intrude on our privacy to build an ever more detailed picture of our lives.''
------
Date: Fri, 30 Aug 2013 14:16:40 -0700 From: Gene Wirchenko
Joab Jackson, InfoWorld, 28 Aug 2013 Following an Oracle practice, IBM starts to restrict hardware patches to holders of maintenance contracts http://www.infoworld.com/d/computer-hardware/ibm-starts-restricting-hardware-patches- paying-customers-225813
------
Date: Tue, 3 Sep 2013 19:40:04 -0700 From: Lauren Weinstein
Eva Chan knows the value of a good username. She's had @EC on Twitter "longer than Twitter has had vowels." So when Yahoo started offering recycled user IDs, she put a few names on her wishlist. A little later, Yahoo gave her one of those names. Then she started getting e-mails about a stranger's cancer. http://j.mp/176KZQf (Medium via NNSquad)
------
Date: Wed, 04 Sep 2013 10:33:34 -0700 From: Gene Wirchenko
Joab Jackson, InfoWorld, 30 Aug 2013 The Washington Post reports the NSA paid telecom companies $278 million this fiscal year to intercept phone calls, e-mail, and instant messages http://www.infoworld.com/d/security/report-nsa-pays-millions-us-telecom-access-225961
------
Date: Fri, 30 Aug 2013 15:26:59 -0500 From: Dimitri Maziuk
> 'Every day, they are learning how brilliant [Snowden] was, an anonymous > former intelligence official told NBC, `'This is why you don't hire > brilliant people for jobs like this. You hire smart people. Brilliant > people get you in trouble.''
As a Unix systems administrator, I have access to files owned by, or can assume the identity of, any user of this system. Including my superiors -- there's nothing brilliant about that, it's how Unix works.
(I haven't done Windows since last century, so I'm not sure what security knobs are available in the recent versions. I expect the above is also true of MS Windows -- and OSX of course has a Unix inside.)
So,
- is it that NSA is using its own highly secure OS where the administrator's access is limited, and Snowden brilliantly hacked through its security layers? And if so, I'm curious: how do the subcontractors' computers interoperate with it, what kind of security clearance do you need to see the API, what does EULA look like, and so on.
- or is is that NSA and its subcontractors are using COTS OS and have zero to no understanding of the levels of security and access actually afforded by the system? Or if they do understand, how do they subcontract sysadminning to someone without the highest NSAnet security clearance?
Dimitri Maziuk, Programmer/sysadmin, BioMagResBank, UW-Madison http://www.bmrb.wisc.edu
------
Date: Fri, 30 Aug 2013 20:57:02 -0400 From: Paul Schreiber
> 'Every day, they are learning how brilliant [Snowden] was, ...
To me, this sounds like a nontechnical user trying to explain how sudo su [1] works. `Impersonating' is too attention-grabbing.
[1] Or its GUI equivalent for their Intranet (View page as ...)
------Date: Sun, 1 Sep 2013 18:32:20 +0300 From: Amos Shapir
If current laws and technology were in effect 40 years ago, Nixon wouldn't need clumsy "plumbers" -- the NSA could have bugged the Watergate offices legally (collecting only "metadata" of course), Deep Throat would be sent to jail, and the Washington Post would be prohibited from reporting anything about the whole affair!
------
Date: Sat, 31 Aug 2013 07:34:53 +0100 (BST) From: David Alexander
The only news aspect of this article is that people are still doing it.
Andy Jones and Andrew Blyth at the University of Glamorgan were doing surveys like this and publishing the results at least 10 years ago, with the same findings. I watched the movie "Grosse Point Blank" again recently and was amused to see Joan Cusack 'destroying' a PC by hitting the casing with a club hammer. The really funny thing is that some people actually think it works --
------
Date: Sun, 01 Sep 2013 19:08:32 -0400 From: "B.J. Herbison"
> Even the theoretical concept of holding the person at the other end of an > electronic communication (hell, even another person just talking in the same > vehicle) responsible for a driver's stupidity is beyond ludicrous.
I disagree. If a passenger intentionally distracts a driver and a crash occurs the passenger has liability for the crash. Moving the distractor outside of the vehicle electronically shouldn't reduce the liability.
The key though is "knows that the recipient is driving and texting". That is often unknowable and usually hard to prove.
------
Date: Fri, 30 Aug 2013 16:45:36 -0500 From: Larry Sheldon
There is no word in my vocabulary for how wrong this.
One of my typical uses of electronic messaging is and has long been sending messages to people I know will be, at the time, asleep, eating a meal, in a meeting, or in some other way indisposed to real-time conversation.
Under this insanity, the only safe thing for me is to never ever originate a message that might conceivably be delivered to a mobile device.
------
Date: Mon, 2 Sep 2013 18:44:13 -0700 (PDT) From: Paul Robinson
... holding responsible for a driver's stupidity is beyond ludicrous.
And unconstitutional. This violates a number of United States Supreme Court -- and other courts -- decisions on a court's jurisdiction to hale a distant defendant into court to defend a lawsuit.
Desktop Techs., Inc. v. Colorworks Reprod. & Design, 1999 U.S. Dist. Lexis 1034 (1999) is pretty much on point. A Canadian company merely running a website was not subject to jurisdiction in Pennsylvania. A mere usenet posting is of less quality for holding jurisdiction than a website. Griffis v. Luban, 646 N.W.2d 527 (2002 Minn.) found that a Usenet posting does not cause the poster to be subject to the jurisdiction of a foreign state.
A text message doesn't even rise to the level of a Usenet posting, let alone a website, and therefore there should be no grounds to hold a person sending texts or e-mails, absent some criminal behavior such as threats or stalking or other First Amendment unprotected activity, liable for the transmission or give the courts standing to bring the sender in as the party to a case.
There must be at least minimum contact with a state for the courts there to have jurisdiction. Hanson v. Denckla, 357 U.S. 235, 78 S. Ct. 1228, 2 L. Ed. 2d 1283 (1958); Helicopteros Nacionales de Colombia, S.A. v. Hall, 466 U.S. 408, 104 S.Ct. 1868, 80 L.Ed.2d 404 (1984); International Shoe Co. v. Washington, 326 U.S. 310, 66 S. Ct. 154, 90 L. Ed. 95 (1945); Shaffer v. Heitner, 433 U.S. 186, 97 S. Ct. 2569, 53 L. Ed. 2d 683 (1977); World-Wide Volkswagen Corp. v. Woodson, 444 U.S. 286, 100 S. Ct. 559, 62 L. Ed. 2d 490 (1980).
Paul Robinson
------
Date: Mon, 2 Sep 2013 16:42:04 -0700 (PDT) From: Paul Robinson
It doesn't say if it was a British patent, which would mean it was unpatented in the United States and no royalties would be due, or if it was (or was also) patented in the U.S., in which case the patent, under the rules then, expired 17 years after issuance, and that's only if the intervening maintenance fees on the patent were also paid, which are due at 3, 7 and 11 years after issuance for all patents issued after December 12, 1980 or the patent automatically and irrevocably expires 6 months after the maintenance fee is not paid; paying it late will not reinstate the patent.
So the patent would have expired at best, about 13 years ago. Now the rules are even stricter on expirations, you could tie a patent up in holds by constantly refiling with amendments (some inventors did that to try to capture current practices which were done in a way that unknowingly would infringe upon an applied for patent if the patent's original filing were revised to cover new practices the inventor discovered after filing the application), now, to stop that "practice" (pun unintentional; the filing of patents is called a "practice") U.S. patents expire 17 years after issuance, 20 years after the first filing, or six months after non-payment of maintenance fees, whichever comes first.
Paul Robinson
------
Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request at csl.sri.com Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request at csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe at csl.sri.com or risks-unsubscribe at csl.sri.com depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online.
=> .UK users may contact
------
End of RISKS-FORUM Digest 27.46 ************************
From rysiek at hackerspace.pl Thu Sep 5 07:09:07 2013 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 05 Sep 2013 13:09:07 +0200 Subject: PayPal freezes MailPile's account Message-ID: <2780551.exnjNUlKQP@laptosid>
Hi there,
You might remember MailPile, the privacy-aware, encryption-supporting webmail: http://mailpile.is/
Today PayPal froze MailPile's account with $45k on it: http://www.mailpile.is/blog/2013-09-05_PayPal_Freezes_Campaign_Funds.html http://www.indiegogo.com/projects/mailpile-taking-e-mail-back?c=activity
PayPal's comment: "Please provide an itemized budget and your development goal dates for your project"
MailPile team's comment: "After going round and round on the phone with PayPal, I am left with the very strong feeling that this entrpreneurial freedom is in jeopardy. If PayPal has financial risks to mitigate, why is that specially true in our case? Are the risks larger because we are successful?" inb4 "why would they use PayPal" -- from what I've heard they didn't plan it originally but it was brought in by popular demand.
-- Pozdr rysiek ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL:
From eugen at leitl.org Thu Sep 5 07:19:33 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 13:19:33 +0200 Subject: PayPal freezes MailPile's account In-Reply-To: <2780551.exnjNUlKQP@laptosid> References: <2780551.exnjNUlKQP@laptosid> Message-ID: <[email protected]>
On Thu, Sep 05, 2013 at 01:09:07PM +0200, rysiek wrote:
> inb4 "why would they use PayPal" -- from what I've heard they didn't plan it > originally but it was brought in by popular demand.
Why, why did they keep 45 kUSD worth of funds in an account run by known jerks? Friends don't let friends use PayPal.
From eugen at leitl.org Thu Sep 5 07:20:18 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 13:20:18 +0200 Subject: [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches Message-ID: <[email protected]>
----- Forwarded message from liberationtech at lewman.us -----
Date: Wed, 4 Sep 2013 22:27:46 -0400 From: liberationtech at lewman.us To: liberationtech at lists.stanford.edu Subject: Re: [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches Organization: The Tor Project, Inc. X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.20; x86_64-pc-linux-gnu) Reply-To: liberationtech
On Wed, 4 Sep 2013 20:33:09 -0400 Robert Guerra
> > Curious on people's comments on types of routers, firewalls and > other appliances that might be affected as well as mitigation > strategies. Would installing a pfsense and/or other open source > firewall be helpful in anyway at a home net location?
When I read this article, I read core routers and switches at ISPs, like Cisco, Juniper, F5, etc. I don't read this as linksys, dlink, netgear, etc. I'm sure NSA could crack into anything consumer level with ease, it's likely any 4-bit criminal could do it too. However, it makes more sense for NSA to watch the core connectivity points on the Internet, rather than watching individuals, solely from an economic effort versus benefit point of view.
When I ran global networks, one can record everything and sort out the individual streams later to find employees doing various layers of fraud or not. There was no point in watching the end points because it was too resource intensive.
I'm sure the NSA has analyzed this and come to the same conclusion. There's no point in going after tens of millions of endpoints, when you can own them all with a handful of switches.
A counterpoint is that most core Internet routers and switches are running at capacity and any monitoring affects quality of service and gets customers complaining.
-- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Thu Sep 5 07:47:23 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 13:47:23 +0200 Subject: [tor-talk] Content and popularity analysis of Tor hidden services Message-ID: <[email protected]>
----- Forwarded message from Asa Rossoff
Date: Thu, 5 Sep 2013 04:36:14 -0700 From: Asa Rossoff
>From Lunar: > Eugen Leitl: >> http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf >> >> Content and popularity analysis of Tor hidden services > > Watch out for dead horses?[1] and see the previous discussion?[2]. > > [1]?https://en.wikipedia.org/wiki/Flogging_a_dead_horse > [2]?https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html
Whether or not all issues were discussed in detail or the same detail in the prior thread as well as in the paper, I don't know, but the paper has relevance beyond Tor network flaws:
- It exposes an estimate on how manny hidden services existed at the time of the study - It gives a breakdown of what services/some of the services those hidden services offered. - It categories HTTP(S) services by content type, which is interesting.
- It describes what resources they required to perform the attack, which sound relatively modest.
- It highlights the botnet and botnet command and control activity on Tor.
- It describes server configuration issues that allowed easily correlating the shared hosting of many services - It describes server configuration issues that allowed easily deanonymizing the true IP Address of some hidden services.
The last two points are importasnt reminders of some of the pitfalls in attempting anonymization, and might be good to be documented in the wiki (if they're not) for setting up hidden services.
The prior points are of social and historic value. The present situation with massively escalating numbers of Tor users/"users" highlights the threat that botnets might pose to the Tor network's ability to function. A botnet worm of course could also be used to create a largescale anonymity attack requiring many nodes.
Today's RC just announced does some traffic prioritization which should be a bandaid for the current problem, but doesn't really address similar issues in the longterm. I don't know what solutions to propose, as obviously the fundamental rule is that this is an anonymous system, and we probably want to respect net neutrality to the point practical, but more thought/research/development may have to be done to guard against botnets threatening the functionality of the Tor network or botnets' potential to attack the network's anonymity features.
Asa -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From cypherpunk at cpunk.us Thu Sep 5 07:58:07 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Thu, 5 Sep 2013 06:58:07 -0500 Subject: PayPal freezes MailPile's account In-Reply-To: <2780551.exnjNUlKQP@laptosid> References: <2780551.exnjNUlKQP@laptosid> Message-ID:
This kind of stuff really makes me wish Indigogo would allow donations via Bitcoin as well as PayPal. Too many people have had trouble with PayPal and they've done this kind of thing before. I, for one, am encouraging anyone who wants to donate to do so via Bitcoin on the MailPile site. Who the hell needs Paypal!
From danstaples at disman.tl Thu Sep 5 08:06:36 2013 From: danstaples at disman.tl (Dan Staples) Date: Thu, 05 Sep 2013 08:06:36 -0400 Subject: PayPal freezes MailPile's account In-Reply-To:
Why did they use Paypal? Probably because they are aspiring to gain popular attention and support, and most people don't use Bitcoin; they use Paypal and credit cards for online transactions.
Of course Paypal is a liability in terms of privacy and the risks of them doing something just like what they did, but if MailPile hadn't gone with Paypal, it's likely they wouldn't have gotten the amount of funding that was donated so far. It's always a tradeoff of risk, especially when you're aiming to go mainstream.
On Thu 05 Sep 2013 07:58:07 AM EDT, CypherPunk wrote: > On 09/05/2013 06:09 AM, rysiek wrote: >> >> inb4 "why would they use PayPal" -- from what I've heard they didn't plan it >> originally but it was brought in by popular demand. > > This kind of stuff really makes me wish Indigogo would allow donations > via Bitcoin as well as PayPal. Too many people have had trouble with > PayPal and they've done this kind of thing before. I, for one, am > encouraging anyone who wants to donate to do so via Bitcoin on the > MailPile site. Who the hell needs Paypal! > > > > -- http://disman.tl OpenPGP key: http://disman.tl/pgp.asc Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
From cypherpunk at cpunk.us Thu Sep 5 08:19:15 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Thu, 5 Sep 2013 07:19:15 -0500 Subject: PayPal freezes MailPile's account In-Reply-To: <[email protected]> References: <2780551.exnjNUlKQP@laptosid>
On 09/05/2013 07:06 AM, Dan Staples wrote: > Why did they use Paypal? Probably because they are aspiring to gain > popular attention and support, and most people don't use Bitcoin; they > use Paypal and credit cards for online transactions. > > Of course Paypal is a liability in terms of privacy and the risks of > them doing something just like what they did, but if MailPile hadn't > gone with Paypal, it's likely they wouldn't have gotten the amount of > funding that was donated so far. It's always a tradeoff of risk, > especially when you're aiming to go mainstream.
Oh I completely understand why they used Paypal. Like you said, not enough people use Bitcoin to really make a successful go of a Bitcoin based fundraising campaign. I'm just saying I'd like to see Indigogo offer Bitcoin as an option. I'm sure a lot of people would use it and it would also be a good way to get people interested in Bitcoin.
From eugen at leitl.org Thu Sep 5 09:13:32 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 15:13:32 +0200 Subject: US stops jailed activist Barrett Brown from discussing leaks prosecution Message-ID: <[email protected]> http://www.theguardian.com/world/2013/sep/04/barrett-brown-gag-order-us-government
US stops jailed activist Barrett Brown from discussing leaks prosecution
Federal court order prohibits Brown from talking to the media in what critics say is latest in crackdown on investigative journalism
Ed Pilkington in New York theguardian.com, Wednesday 4 September 2013 22.50 BST
Barrett Brown, Anonymous spokesman
Brown's lawyer says the gagging order is a breach of Brown's first amendment rights. Photograph: Nikki Loehr
A federal court in Dallas, Texas has imposed a gag order on the jailed activist-journalist Barrett Brown and his legal team that prevents them from talking to the media about his prosecution in which he faces up to 100 years in prison for alleged offences relating to his work exposing online surveillance.
The court order, imposed by the district court for the northern district of Texas at the request of the US government, prohibits the defendant and his defence team, as well as prosecutors, from making "any statement to members of any television, radio, newspaper, magazine, internet (including, but not limited to, bloggers), or other media organization about this case, other than matters of public interest."
It goes on to warn Brown and his lawyers that "no person covered by this order shall circumvent its effect by actions that indirectly, but deliberately, bring about a violation of this order".
According to Dell Cameron of Vice magazine, who attended the hearing, the government argued that the gag order was needed in order to protect Brown from prejudicing his right to a fair trial by making comments to reporters.
But media observers seen the hearing in the opposite light: as the latest in a succession of prosecutorial moves under the Obama administration to crack-down on investigative journalism, official leaking, hacking and online activism. Brown's lead defence attorney, Ahmed Ghappour, has countered in court filings, the most recent of which was lodged with the court Wednesday, that the government's request for a gag order is unfounded as it is based on false accusations and misrepresentations.
The lawyer says the gagging order is a breach of Brown's first amendment rights as an author who continues to write from his prison cell on issues unconnected to his own case for the Guardian and other media outlets.
In his memo to the court for today's hearing, Ghappour writes that Brown's July article for the Guardian "contains no statements whatsoever about this trial, the charges underlying the indictment, the alleged acts underlying the three indictments against Mr Brown, or even facts arguably related to this prosecution."
The gag order does give Brown some room to carry on his journalistic work from prison. It says that he will be allowed to continue publishing articles on topics "not related to the counts on which he stands indicted".
Following the imposition of the order, Ghappour told the Guardian: "The defense's overriding concern is that Mr Brown continue to be able to exercise his first amendment right as a journalist. The order preserves that ability."
The lawyer adds that since the current defence team took over in May, Brown has made only three statements to the media, two of which where articles that did not concern his trial while the third ran no risk of tainting the jury pool. "Defendant believes that a gag order is unwarranted because there is no substantial, or even reasonable, likelihood of prejudice to a fair trial based on statements made by defendant or his counsel since May 1, 2013."
Brown, 32, was arrested in Dallas on 12 September last year and has been in prison ever since, charged with 17 counts that include threatening a federal agent, concealing evidence and disseminating stolen information. He faces a possible maximum sentence of 100 years in custody.
Before his arrest, Brown became known as a specialist writer on the US government's use of private military contractors and cybersecurity firms to conduct online snooping on the public. He was regularly quoted by the media as an expert on Anonymous, the loose affiliation of hackers that caused headaches for the US government and several corporate giants, and was frequently referred to as the group's spokesperson, though he says the connection was overblown.
In 2011, through the research site he set up called Project PM, he investigated thousands of emails that had been hacked by Anonymous from the computer system of a private security firm, HB Gary Federal. His work helped to reveal that the firm had proposed a dark arts effort to besmirch the reputations of WikiLeaks supporters and prominent liberal journalists and activists including the Guardian's Glenn Greenwald.
In 2012, Brown similarly pored over millions of emails hacked by Anonymous from the private intelligence company Stratfor. It was during his work on the Stratfor hack that Brown committed his most serious offence, according to US prosecutors ? he posted a link in a chat room that connected users to Stratfor documents that had been released online.
The released documents included a list of email addresses and credit card numbers belonging to Stratfor subscribers. For posting that link, Brown is accused of disseminating stolen information ? a charge with media commentators have warned criminalises the very act of linking.
As Geoffrey King, Internet Advocacy Coordinator for the Committee to Protect Journalists, has put it, the Barrett Brown case "could criminalize the routine journalistic practice of linking to documents publicly available on the internet, which would seem to be protected by the first amendment to the US constitution under current doctrine".
In its motion to the Dallas district court, US prosecutors accuse Brown and his associates of having "solicited the services of the media or media-types to discuss his case" and of continuing to "manipulate the public through press and social media comments".
It further accuses Ghappour of "co-ordinating" and "approving" the use of the media, and alleges that between them they have spread "gross fabrications and substantially false recitations of facts and law which may harm both the government and the defence during jury selection".
But Ghappour in his legal response has pointed out that several of the specific accusations raised by the government are inaccurate. Prosecutors refer to an article in the Guardian by Greenwald published on 21 March 2013 based partly on an interview between the journalist and Brown, yet as Ghappour points out that piece was posted on the Guardian website before the accused's current legal team had been appointed.
Under his legal advice, Ghappour writes, Brown has maintained "radio silence" over his case and has given no further interviews, thus negating the government's case for a gagging order.
From eugen at leitl.org Thu Sep 5 09:16:35 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 15:16:35 +0200 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry Message-ID: <[email protected]> http://rt.com/news/wikileaks-spy-files-release-402/
Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry
Published time: September 04, 2013 16:06
Edited time: September 05, 2013 10:00 Get short URL
Screenshot from a leaked documentScreenshot from a leaked document
Tags
Central Asia, Information Technology, Intelligence, Internet, Middle East, WikiLeaks
The growing surveillance industry complex is providing governments with increasingly sophisticated spying software to track and control their citizens, the latest documents obtained by the pro-transparency group, WikiLeaks reveal.
A trove of documents, outlining the activities of dozens of companies operating in the ever-expanding electronic snooping industry, were made available by the pro-transparency group on Wednesday.
?Lawful interception?, mass monitoring, network recording, signals and communication intelligence, and tactical interception devices were among the services and products provided by a litany of Western based firms, as outlined in hundreds of pages of documents covering trade brochures, internal memos, and invoices.
"WikiLeaks' Spy Files #3 is part of our ongoing commitment to shining a light on the secretive mass surveillance industry. This publication doubles the WikiLeaks Spy Files database,? the accompanying press release cites Julian Assange. ?The WikiLeaks Spy Files form a valuable resource for journalists and citizens alike, detailing and explaining how secretive state intelligence agencies are merging with the corporate world in their bid to harvest all human electronic communication."
One 2011 document showed how companies such as UK-based Gamma Group, German-based Desoma and Swiss-based Dreamlab are working in concert to ?create Telecommunications Intelligence Systems for different telecommunications networks to fulfill the customers? needs? regarding ?massive data interception and retention.?
In March, Gamma International, which is a subsidiary of Gamma group, made Reporters Without Borders 'Corporate Enemies of the Internet' list for 2013, which singled out five ?digital mercenaries? who sell their surveillance technology to authoritarian regimes.
The firm?s FinFisher Suite (which includes Trojans to infect PCs, mobile phones, other consumer electronics and servers, as well as technical consulting), is considered to be one of the most sophisticated in the world. During the search of an Egyptian intelligence agency office in 2011, human rights activists found a contract proposal from Gamma International to sell FinFisher to Egypt.
Bill Marczak, a computer science doctoral candidate at the University of California, helped investigate the use of FinFisher spyware against activists and journalists in Bahrain in 2012, as well as in other states.
?We don?t have any sort of contracts, so that we could see financial dealings between companies and these governments. The only indications that we have as to where the spyware has been used are based on the research. In cases that we?ve seen the spyware has been targeted against activists and journalists in a particular country. We?ve been scanning the internet looking for this technology. So we found, as I said, spywares in Bahrain. We saw it being targeted against Bahraini journalists and activists last year. We?ve also found servers for the spyware in a number of other countries, such as Turkmenistan, Qatar, Ethiopia,? Marczak told RT.
RT was the only Russian broadcaster that collaborated with WikiLeaks in this investigation, which also brought into the spotlight other companies including Cobham, Amees, Digital Barriers, ETL group, UTIMACO, Telesoft Technologies and Trovicor.
Trovicor, incidentally, also features among Reporters Without Borders ?digital mercenaries.? The firm, whose monitoring centers are capable of intercepting phone calls, text messages, voice over IP calls (like Skype) and Internet traffic, has also been accused by of helping Bahrain imprison and torture activists and journalists.
Screenshot from a leaked documentScreenshot from a leaked document
While a smoking gun in the form of government contracts or invoices was not forthcoming, internal documents discovered by WikiLeaks do confirm that the firm?s dealings with autocratic states.
In a December 2010 correspondence between Nicolas Mayencourt, the CEO of Dreamlab Technologies AG, and Thomas Fischer from Gamma Group?s Germany-based branch Gamma International GmbH, a ?quotation concerning the Monitoring system for iproxy (infection proxy)-project? is provided for an unspecified end customer in Oman.
One concern involved keeping the client [Oman] aware of any changes made to the proxy [intermediary] server infected with their software for the sake of culling information from select targets.
?During the integration tests in Oman in September 2010 the end customer figured out that not all of the components of the iproxy infrastructure are under their full control. It is, for example possible that changes of the Oman-network may occur without their knowledge. Thus, it might occur that ISPs [Internet service providers] may modify some of the current configuration. Therefore, the question arose whether it is possible to identify such a modification in the network setup by monitoring the whole iproxy infrastructure.
>From this point of view, a request for an efficient and user-friendly monitoring of the iproxy infrastructure including all components of the systems was derived. This requirement is discussed and a proposal for solution is described in this offer.?
The infection process as was conducted on-site in Oman in 2010 can be conducted in two different variants, as described in a separate document, ?System Manual Project O?, prepared for the Gulf client.
The first is described as a binary infection, whereby binaries (non-text computer files) are infected after being downloaded by the configured target.
?In order to do this, the software analyzes the data streams on the NDPs [network data processors] at both of the Internet exchanges (IX). As soon as a matching type of binary is downloaded, the infection mechanism is initiated, then it attaches loader and payload (trojan) to the binary.?
Screenshot from a leaked documentScreenshot from a leaked document
The second method is described as update infection, which ?works by sending counterfeit server responses to predefined applications (for example iTunes, Winamp, OpenOffice and SimpleLite), when they are searching for updates.?
Data can be captured both through traditional public switch telephone networks (PSTN), mobile providers and internet protocol suites across a range of devices.
The user?s information, including his or her IP address, user name, [cell] phone number, the date time and identity of the person being communicated with, and the method or protocol (mail, WWW, Skype, chat, voice, fax, and SMS) are all up for grabs.
Upon being captured, the data is stored in a ?Data Warehouse? and ?retrieved on command.?
Quotations for the project, enumerated in Swiss francs (CHF), are broken down in multiple categories:
Monitoring and alarming 83,355.00
Services provided by Dreamlab 34,400.00
Training 5,400.00
Annual solution maintenance 24,000.00
Redundant monitoring implementation 57,955.00
Services provided by Dreamlab for redundancy 5,760.00
Annual solution maintenance for redundant system 12,000.00
Note: 1 CHF = 1.06720 USD
Although such software does have legitimate applications for law enforcement, it can easily be used to stifle civil society, as Marczak argues was the case in Bahrain.
Apart from journalists and activists, he noted that in the Malaysia and Ethiopia, members of the political opposition were apparently being targeted as well. One piece of FinFisher spyware discovered, for example, contained details relating to the upcoming Malaysian elections.
?You couldn?t say exactly who was targeted against, but the use of election-related content suggests politically motivated targeting. We also found a sample of this spyware that appeared to be targeted at activists in Ethiopia. The spyware contained a picture of Ethiopian opposition leaders that was displayed when the user opened it. By opening the picture the user copied the spyware,? he said.
From jya at pipeline.com Thu Sep 5 09:41:49 2013 From: jya at pipeline.com (John Young) Date: Thu, 05 Sep 2013 09:41:49 -0400 Subject: Tor Project Fora Critique In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
Tor Project discussion lists have become characterized by a a tone of dismissiveness, knee-jerkedness, when critiques are presented. This is pretty common in such fora as they age and lazy old-timers put down newbies as if a sport, shooting fish in a barrel, or as in this instance, flogging a dead horse.
Occasionally, again as in this instance of critiquing Hidden Services, a thoughtful response is provided rather than a putdown. The more experienced Tor contributors are not as susceptible to putdowns as the middling and bottomers, certainly not as offensive as the Tor Project promoters, funders and fans.
It would be helpful to distinguish between those who know onion-routing in depth and those who advocate its use with what often appears to be primarily public relations and advertizing disdain toward critics and inquirers.
Reviewing the depth of research at the Naval Research Laboratory on network security and anonymization indicates that serious research has been done long before Tor Project appeared. Three of those researchers are affiliated with Tor Project and keep it from being dubious flim-flammery in which posing and pontificating front for technical inexperience.
Tor Project is more like a sales operation for scientific and engineering endeavors. And in that role it boosts and promotes, sounding sometimes like snake oil, another overused cliche, than the skeptical and inquiring research at scientists and engineers at the NRL.
Tor fora suffer the same consequences as this one, producing mostly shallow bullshit, mea culpa, with occasional leads for pursuing offline endeavors requiring much time for lasting fruition.
Chat and mail lists, like reader comments and polls, have become promotional gimmicks, run by PR hustlers with about as much knowledge of discussion topics as salespeople usually have.
One clue to unreliability is when a former engineer takes over sales and deploys promotional hyperbole as the principal marketing tool on fora, at talks, with speeches, articles, interviews, fund-raisers, documentaries, books, parties, conferences, 2P2, F2F, debates, all aimed at dominating a niche. In Tor Project's case, propaganda for illusory anonymity has become its main product, as befits an org established and funded by the USG for that purpose.
Naval Research Laboratory should not be demeaned to the level of the all too slick Tor Project. And chattering on Tor fora should not to be confused with substantial contributions to helping protect the non-technical public from technical exploitation by sales and advertising gimmickery.
NSA is far from being alone in this USG-sponsored dual-use, dual-purpose, duplicity. Layered security like onion-routing is cloaking how things work with How Things Work for Dummies.
From jya at pipeline.com Thu Sep 5 10:02:39 2013 From: jya at pipeline.com (John Young) Date: Thu, 05 Sep 2013 10:02:39 -0400 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
Time to stop using weasely "surveillance" and "intelligence" and "analysis" and "actionable" and "national security."
It's all spying.
The weasel words were invented and are promoted to avoid the rightful horror, stigma, sleaze, criminality, betrayal, illegality, dishonor, distrust, deception, assassination and worse duplicity and treachery of official policy.
Perhaps not so surprising, the newly all-powerful US uses the weasel words more than the older nations who know what we newbies refuse to acknowledge: millions die because of deliberate official and commercial spying lies.
Good on WikiLeaks for naming what the shamefully spreading shit is.
Fuck RT for lying about its name as a spy unit is obliged to do. KGB=FSB=RT. As global state-privileged media continues to do obediently for the same commercial reason.
Coda: Free the Snowden docs, end censoring, peddling and lying about them like spies. That's you I'm talking about WikiLeaks, Guardian, Der Spiegel, Washington Post, O Globo, New York Times, ProPublica, end your secretive commercial spy aiding.
At 09:16 AM 9/5/2013, you wrote:
>http://rt.com/news/wikileaks-spy-files-release-402/ > >Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry From eugen at leitl.org Thu Sep 5 10:19:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 5 Sep 2013 16:19:51 +0200 Subject: [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches Message-ID: <[email protected]>
----- Forwarded message from Scott Helms
Date: Thu, 5 Sep 2013 10:02:39 -0400 From: Scott Helms
The last paragraph in the post is the most important, but it invalidates the rest of the post. Core routers are a terrible intercept point because of load and the sheer amount of packets they process and they are also MUCH more likely to be running up to date firmware than a router in an edge network where the main technical person is primarily a Windows/Exchange admin. The problem with recording "everything" is that its not feasible and the idea that all/most/many core routers are merrily sending a copy of all packets to some external storage facility is demonstrably false. If you want to record flows that's a bit more technically (and legally in the US since its meta-data) feasible, but again netflow traffic from all/most/many core routers is extremely hard to hide on a 24/7 basis and again is demonstrably false.
Its far easier (technically and legally) for the NSA to have a directory of devices they can tap on demand without the knowledge of the owners either through unpatched security flaws, cooperation from the carrier, or intentionally built back doors. Its also more feasibly for them (and we have good evidence this has happened) to directly mirror the layer 2 traffic on some of the largest backbone networks. This of course allows them to passively listen without impacting the core router, but that approach is quite difficult to leverage when you're trying to target a specific person or organization since the volume of unimportant information so greatly exceeds the targeted information.
Scott Helms Vice President of Technology ZCorum (678) 507-5000 ------http://twitter.com/kscotthelms ------
On Thu, Sep 5, 2013 at 7:20 AM, Eugen Leitl
> ----- Forwarded message from liberationtech at lewman.us ----- > > Date: Wed, 4 Sep 2013 22:27:46 -0400 > From: liberationtech at lewman.us > To: liberationtech at lists.stanford.edu > Subject: Re: [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers > and Switches > Organization: The Tor Project, Inc. > X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.20; x86_64-pc-linux-gnu) > Reply-To: liberationtech
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From dwhite at olp.net Thu Sep 5 11:12:20 2013 From: dwhite at olp.net (Dan White) Date: Thu, 5 Sep 2013 10:12:20 -0500 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry In-Reply-To:
I don't get the idea that releasing the Snowden docs in bulk and unfiltered is entirely up to the media outlets listed. My guess is Snowden himself is doing much of the metering. The slow, but consistent, rate of blockbuster headlines is resulting in a punctuated evolutionary change in the public's view of what the NSA is doing.
Remember headlines like this?: http://thehill.com/homenews/house/305409-house-intel-chiefs-snowden-lying
By releasing information in this way, Snowden has clearly made liers out of these head-in-the-sand politicians. By being specific, he has forced them to defend one issue at a time. There can no longer be any blanket statements of deniability. The onus is on the defenders of these secrets to prove that they are false, to the American public.
Snowden is, simply put, one of the great American heros of our time. His interests are clear, and his integrity has yet to be breached.
From kylem at xwell.org Thu Sep 5 11:31:53 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Thu, 5 Sep 2013 10:31:53 -0500 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry In-Reply-To: <[email protected]> References: <[email protected]>
On Thu, Sep 5, 2013 at 10:12 AM, Dan White
The journalists (like Barton Gellman) working on the releases have specifically stated that Snowden's not doing this. According to Gellman[0], Snowden passed them the docs with fairly minimal instructions ("select for news and avoid damage"). One could certainly disbelieve Gellman, but there's the assertion nonetheless.
[0]: https://twitter.com/bartongellman/status/373143485215670272
-- @kylemaxwell
From dwhite at olp.net Thu Sep 5 11:51:30 2013 From: dwhite at olp.net (Dan White) Date: Thu, 5 Sep 2013 10:51:30 -0500 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry In-Reply-To:
On 09/05/13?10:31?-0500, Kyle Maxwell wrote: >On Thu, Sep 5, 2013 at 10:12 AM, Dan White
I could believe that he's not redacting information contained within classified documents (which may raise suspicion about his motives).
There was an article posted to this list a couple of weeks back that showed, at least in his initial contacts with journalists, that he was being selective in what information he was providing them.
From companys at stanford.edu Thu Sep 5 11:53:43 2013 From: companys at stanford.edu (Yosem Companys) Date: Thu, 5 Sep 2013 08:53:43 -0700 Subject: PayPal freezes MailPile's account In-Reply-To:
Yes, but they could have used WePay, Stripe, or some other alternative. Remember Diaspora? $80K in donations frozen by PayPal. Once you get your account unfrozen, as Diaspora learned, your momentum stops. So it's doubtful that they'll make over $45K now, without another appeal.
On Thu, Sep 5, 2013 at 5:19 AM, CypherPunk
> On 09/05/2013 07:06 AM, Dan Staples wrote: > > Why did they use Paypal? Probably because they are aspiring to gain > > popular attention and support, and most people don't use Bitcoin; they > > use Paypal and credit cards for online transactions. > > > > Of course Paypal is a liability in terms of privacy and the risks of > > them doing something just like what they did, but if MailPile hadn't > > gone with Paypal, it's likely they wouldn't have gotten the amount of > > funding that was donated so far. It's always a tradeoff of risk, > > especially when you're aiming to go mainstream. > > Oh I completely understand why they used Paypal. Like you said, not > enough people use Bitcoin to really make a successful go of a Bitcoin > based fundraising campaign. I'm just saying I'd like to see Indigogo > offer Bitcoin as an option. I'm sure a lot of people would use it and it > would also be a good way to get people interested in Bitcoin. > > > > ------next part ------An HTML attachment was scrubbed... URL:
From kylem at xwell.org Thu Sep 5 12:13:57 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Thu, 5 Sep 2013 11:13:57 -0500 Subject: PayPal freezes MailPile's account In-Reply-To:
Fortunately it looks like they have another $90k from non-Paypal sources or at least already transferred, so they're not dead yet. ("I'm feeling much better, I'd like to go for a walk!")
On Thu, Sep 5, 2013 at 10:53 AM, Yosem Companys
From coderman at gmail.com Thu Sep 5 13:47:10 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 10:47:10 -0700 Subject: regarding the NSA crypto "breakthrough" Message-ID:
""" James Bamford, a veteran chronicler of the NSA, describes the agency as having made "an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users". That sounds a lot like saying that the the spooks have managed to break at least some of the cryptographic codes that protect everything from secure e-mail to e-commerce. """ however, the crypto breakthrough discussed is more mundane: deployment of deep packet inspection with SSL/TLS capabilities.[0] this represents three significant efforts: 1. upgrading physical infrastructure (DPI systems at this scale use ASICs for processing, not software which can be upgraded on demand.) 2. secret partnerships with service providers to obtain server SSL/TLS secret keys. 3. key distribution to provision the DPI classifiers/sniffers with requisite secret keys when updated by service providers. hence, a "crypto breakthrough" providing unprecedented actionable visibility into previously opaque streams, with such inspection occurring at the edges rather than the mothership (where all encrypted data is sent, decryptable or not...) these efforts are compartmented, with few aware of how these different pieces fit together, thus fueling speculation about the nature of this break. from a technician point of view, you would notice the new ability to see inside SSL traffic, but may not understand how it was done. (e.g. with keys handed over in secret agreement for "reasonable compensation" and national security, rather than a basement full of quantum computers breaking web server keys...)
class break in discrete log? quantum code crackers? you've been watching too much Sneakers![1] ;)
0. "SSL: Intercepted today, decrypted tomorrow" , should read "SSL: Intercepted and decrypted in real-time, almost everywhere" http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted- tomorrow.html less than a third of a percent of SSL/TLS web traffic uses forward secrecy!
1. "Sneakers" still the best hacker film to date... http://www.imdb.com/title/tt0105435/
From coderman at gmail.com Thu Sep 5 13:47:10 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 10:47:10 -0700 Subject: regarding the NSA crypto "breakthrough" Message-ID:
""" James Bamford, a veteran chronicler of the NSA, describes the agency as having made "an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users". That sounds a lot like saying that the the spooks have managed to break at least some of the cryptographic codes that protect everything from secure e-mail to e-commerce. """ however, the crypto breakthrough discussed is more mundane: deployment of deep packet inspection with SSL/TLS capabilities.[0] this represents three significant efforts: 1. upgrading physical infrastructure (DPI systems at this scale use ASICs for processing, not software which can be upgraded on demand.) 2. secret partnerships with service providers to obtain server SSL/TLS secret keys. 3. key distribution to provision the DPI classifiers/sniffers with requisite secret keys when updated by service providers. hence, a "crypto breakthrough" providing unprecedented actionable visibility into previously opaque streams, with such inspection occurring at the edges rather than the mothership (where all encrypted data is sent, decryptable or not...) these efforts are compartmented, with few aware of how these different pieces fit together, thus fueling speculation about the nature of this break. from a technician point of view, you would notice the new ability to see inside SSL traffic, but may not understand how it was done. (e.g. with keys handed over in secret agreement for "reasonable compensation" and national security, rather than a basement full of quantum computers breaking web server keys...)
class break in discrete log? quantum code crackers? you've been watching too much Sneakers![1] ;)
0. "SSL: Intercepted today, decrypted tomorrow" , should read "SSL: Intercepted and decrypted in real-time, almost everywhere" http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted- tomorrow.html less than a third of a percent of SSL/TLS web traffic uses forward secrecy!
1. "Sneakers" still the best hacker film to date... http://www.imdb.com/title/tt0105435/
From moritz at headstrong.de Thu Sep 5 14:27:19 2013 From: moritz at headstrong.de (Moritz) Date: Thu, 05 Sep 2013 20:27:19 +0200 Subject: PayPal freezes MailPile's account In-Reply-To:
On 09/05/2013 05:53 PM, Yosem Companys wrote: > Yes, but they could have used WePay, Stripe, or some other alternative.
Not really, since Indiegogo is the largest platform besides Kickstarter, and Kickstarter is only available for projects in US/UK (due to Amazon Payments). Indiegogo exclusively uses Paypal. You want to use one of the large crowdfunding platforms for outreach.
--Mo
From grarpamp at gmail.com Thu Sep 5 14:38:38 2013 From: grarpamp at gmail.com (grarpamp) Date: Thu, 5 Sep 2013 14:38:38 -0400 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On 9/5/13, coderman
Links to links to source quotes... http://lists.randombit.net/pipermail/cryptography/2013-June/004477.html http://lists.randombit.net/pipermail/cryptography/2013-June/004523.html
> however, the crypto breakthrough discussed is more mundane:
Source? Sure, non-PFS can be exploited. But extending that as underlying explanation of the Bamford quote is dangerous. It's Bamford's quote, ask him.
> deployment of deep packet inspection with SSL/TLS capabilities.[0]
I'd call it 'applied decrypting' not some breakthrough in 'cryptanalyze'ing or 'break'ing any crypto. Words are important.
> 0. "SSL: Intercepted today, decrypted tomorrow" , should read "SSL: > Intercepted and decrypted in real-time, almost everywhere" > > http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted- tomorrow.html > less than a third of a percent of SSL/TLS web traffic uses forward > secrecy!
From adi at hexapodia.org Thu Sep 5 14:58:02 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Thu, 5 Sep 2013 11:58:02 -0700 Subject: PayPal freezes MailPile's account In-Reply-To: <[email protected]> References: <2780551.exnjNUlKQP@laptosid> <[email protected]> Message-ID: <[email protected]>
On Thu, Sep 05, 2013 at 01:19:33PM +0200, Eugen Leitl wrote: > On Thu, Sep 05, 2013 at 01:09:07PM +0200, rysiek wrote: > > inb4 "why would they use PayPal" -- from what I've heard they didn't plan it > > originally but it was brought in by popular demand. > > Why, why did they keep 45 kUSD worth of funds in an > account run by known jerks? Friends don't let friends > use PayPal.
Your first and second sentences don't go very well together, Eugen. :)
Using Paypal is not a bad idea; they're pretty efficient in terms of fee percentage, their servers don't go down very often, and they have a very large market presence in the US and a few other markets. I personally don't use any other standalone online payment system.
But, keeping a significant fraction of your capital in Paypal is a terrible idea. They have very little patience for innovative business models, they have a poor track record of customer service, and their default response to any surprise is to freeze the account balance.
Noisebridge automatically transfers our Paypal balance to our bank account on a regular schedule (nightly, I think, but don't quote me.)
-andy
From gfoster at entersection.org Thu Sep 5 15:15:36 2013 From: gfoster at entersection.org (Gregory Foster) Date: Thu, 05 Sep 2013 14:15:36 -0500 Subject: Guardian on NSA & GCHQ cryptowar Message-ID: <[email protected]>
The Guardian (Sep 5) - "US and UK spy agencies defeat privacy and security on the internet" by @jamesrbuk, @julianborger, @ggreenwald: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security gf
-- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/
From nick at lupine.me.uk Thu Sep 5 15:38:01 2013 From: nick at lupine.me.uk (Nick Thomas) Date: Thu, 05 Sep 2013 20:38:01 +0100 Subject: Guardian on NSA & GCHQ cryptowar Message-ID:
"Fuck" - the world
------Original message ------From: Gregory Foster
The Guardian (Sep 5) - "US and UK spy agencies defeat privacy and security on the internet" by @jamesrbuk, @julianborger, @ggreenwald: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security gf
-- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ ------next part ------An HTML attachment was scrubbed... URL:
From rich at openwatch.net Thu Sep 5 15:52:31 2013 From: rich at openwatch.net (Rich Jones) Date: Thu, 5 Sep 2013 12:52:31 -0700 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To:
Where are the d0x? Grr.
On Thu, Sep 5, 2013 at 12:38 PM, Nick Thomas
> "Fuck" - the world > > > > ------Original message ------> From: Gregory Foster
-- ?????????????
Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS
From gfoster at entersection.org Thu Sep 5 16:01:57 2013 From: gfoster at entersection.org (Gregory Foster) Date: Thu, 05 Sep 2013 15:01:57 -0500 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To:
On 9/5/13 2:52 PM, Rich Jones wrote: > Where are the d0x? Grr. http://s3.documentcloud.org/documents/784048/crypt-guide2.pdf http://s3.documentcloud.org/documents/784159/sigintenabling-clean-1.pdf http://s3.documentcloud.org/documents/784047/bullrun-guide-final.pdf via Amie Stepanovich: https://twitter.com/astepanovich/status/375701755776217088 gf
On 9/5/13 2:52 PM, Rich Jones wrote: > Where are the d0x? Grr. > > > On Thu, Sep 5, 2013 at 12:38 PM, Nick Thomas
-- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/
From jya at pipeline.com Thu Sep 5 16:06:05 2013 From: jya at pipeline.com (John Young) Date: Thu, 05 Sep 2013 16:06:05 -0400 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
NYT and ProPublica join Guardian. Spiegel, WaPo, O Globo to withhold Snowden docs, substitute editorializing for fearful to print. From rich at openwatch.net Thu Sep 5 16:04:07 2013 From: rich at openwatch.net (Rich Jones) Date: Thu, 5 Sep 2013 13:04:07 -0700 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To: <[email protected]> References:
Ah! Merci beaucoup.
On Thu, Sep 5, 2013 at 1:01 PM, Gregory Foster
> On 9/5/13 2:52 PM, Rich Jones wrote: > > Where are the d0x? Grr. > > http://s3.documentcloud.org/documents/784048/crypt-guide2.pdf > http://s3.documentcloud.org/documents/784159/sigintenabling-clean-1.pdf > http://s3.documentcloud.org/documents/784047/bullrun-guide-final.pdf > > via Amie Stepanovich: > https://twitter.com/astepanovich/status/375701755776217088 > > gf > > > On 9/5/13 2:52 PM, Rich Jones wrote: > > Where are the d0x? Grr. > > > > > > On Thu, Sep 5, 2013 at 12:38 PM, Nick Thomas
From rich at openwatch.net Thu Sep 5 16:06:16 2013 From: rich at openwatch.net (Rich Jones) Date: Thu, 5 Sep 2013 13:06:16 -0700 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To:
Hm, looks like those ones aren't the PPTs screenshotted in the Guardian article.
On Thu, Sep 5, 2013 at 1:04 PM, Rich Jones
> Ah! Merci beaucoup. > > > > On Thu, Sep 5, 2013 at 1:01 PM, Gregory Foster
-- ?????????????
Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS
From coderman at gmail.com Thu Sep 5 16:17:03 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 13:17:03 -0700 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 5, 2013 at 11:38 AM, grarpamp
> But extending that > as underlying explanation of the Bamford quote is dangerous. > It's Bamford's quote, ask him. there's lots of disinformation around this topic, comparisons and analogies that indicate this has been filtered through less technical intermediaries. he can't say much about specifics, remember?
>> deployment of deep packet inspection with SSL/TLS capabilities.[0] > > I'd call it 'applied decrypting' not some breakthrough in 'cryptanalyze'ing > or 'break'ing any crypto. Words are important. see above regarding technical vs. non-technical. for the high ups, getting access to encrypted communication is "breaking encryption". whether that is breaking by cooperative agreement and new hardware, or breaking by new attacks on crypto primitives themselves, it is indistinguishable to them but makes all the difference to us.
to walk through with rough ballpark but by no means representative numbers, consider: - modern CPU - 1,500 to 9,000 sessions per second - "typical web 2.0 service provider" - SSL ops: 800k/min, 13,333/sec (no keep-alive) - Bandwidth: 24kB/s or 200kbps (no CDN) verdict: medium to large internet sites can offload SSL/TLS to their front-end load balancers or servers without much effort. crypto accelerators no longer required (unless used for HSM protection of server keys). Google proved this. now do the math for OC48 passive drops feeding the DPI collectors: - for sake of argument, consider just 5% of channel capacity using SSL/TLS: 2.5Gb / 20 == 125Mb/sec - for sake of argument, consider 5k/sec sessions per 200kbps (gloss over specific algo. overhead) - 125Mb/200kb= 625 times more load than our provider example above with 3.1mm sessions/sec. verdict: you need a rack of servers at each collection point just to extract keys for the DPI sniffer.
summary: NSA "breakthrough" at the Multiprogram Research Facility, or Building 5300, is a system for the real-time recovery of session keys from public key exchanges, which do not implement forward secrecy, the session keys then used for DPI of SSL/TLS traffic. (AES faster and easier to do in hardware, solved already.) conveniently enough the real-time support can be applied retroactively against all stored encrypted communications (c.f. NSA Utah) which are now vulnerable to recovery as server public keys for the period in question are handed over, taken, or cracked. what would be even more interesting is if Building 5300 also built a TWIRL[0] or SHARK[1] device to get the 1028 bit secret keys used by servers all over the world for their traffic, thus achieving DPI-SSL visibility for non-cooperative entities.
to the critics: sorry, i have nothing to prove. there hints are out there, but sadly, you'll just have to take me at face value or dig along with others until you've got your own compelling picture of what this entails. like a good spy or journo, i don't burn intelligence sources; least of all just to prove i'm right on the internets ;P
to everyone else: start using 2k or 4k keys immediately! burn your 1k keys with fire!!!
0. "The TWIRL integer factorization device" http://cs.tau.ac.il/~tromer/twirl/
1. "SHARK - a realizable special hardware sieving device for factoring 1024-bit integers" http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/ conferences/shark.pdf
From rysiek at hackerspace.pl Thu Sep 5 16:21:14 2013 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 05 Sep 2013 22:21:14 +0200 Subject: PayPal freezes MailPile's account In-Reply-To:
Dnia czwartek, 5 wrze?nia 2013 11:13:57 Kyle Maxwell pisze: > Fortunately it looks like they have another $90k from non-Paypal > sources or at least already transferred, so they're not dead yet.
And apparently they gathered $4k *just today* (no doubt slashdotting of the campaign page due to PayPal SNAFU helped a bit here).
> ("I'm feeling much better, I'd like to go for a walk!")
I, for one, would like to thank you for the random Monty Python quote that is so much needed from time to time to lighten up this dark, dark world. In return, I offer two of the best renditions of the Parrot Sketch, both from Amnesty International's "Secret Policemans's Ball" (how on-topic, eh?): http://www.youtube.com/watch?v=F_hfOY4IIuk (Michael Palin loses it and John Cleese is not helping) http://www.youtube.com/watch?v=BTV3lQc4AmQ (surprisingly short)
-- Pozdr rysiek ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL:
From coderman at gmail.com Thu Sep 5 16:21:51 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 13:21:51 -0700 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 5, 2013 at 1:17 PM, coderman
From coderman at gmail.com Thu Sep 5 17:06:43 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 14:06:43 -0700 Subject: regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 5, 2013 at 10:47 AM, coderman
"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable." -[ED: note how if they can't DPI it at the origin, they consider it discarded. however, as mentioned, this just means it is placed into long term storage for later analysis.]
The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries". "These design changes make the systems in question exploitable through Sigint collection ? with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact." -[ED: a compromised RDRAND becomes a fancy linear generator and only NSA (and Intel) would know your random bits are totally predictable.]
Among the specific accomplishments for 2013, the NSA expects the program to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system". -[ED: who's seen elevated activity in the "Secret" telco rooms? anyone? bueller?] """
From coderman at gmail.com Thu Sep 5 17:06:43 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 14:06:43 -0700 Subject: regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 5, 2013 at 10:47 AM, coderman
The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs. -[ED: now this budget area i'd love to see on a line item basis...]
"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable." -[ED: note how if they can't DPI it at the origin, they consider it discarded. however, as mentioned, this just means it is placed into long term storage for later analysis.]
The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries". "These design changes make the systems in question exploitable through Sigint collection ? with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact." -[ED: a compromised RDRAND becomes a fancy linear generator and only NSA (and Intel) would know your random bits are totally predictable.]
Among the specific accomplishments for 2013, the NSA expects the program to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system". -[ED: who's seen elevated activity in the "Secret" telco rooms? anyone? bueller?] """
From grarpamp at gmail.com Thu Sep 5 18:10:45 2013 From: grarpamp at gmail.com (grarpamp) Date: Thu, 5 Sep 2013 18:10:45 -0400 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
Partly how providers claim they don't provide any info:
### To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for "human intelligence" refers to information gleaned directly from sources or undercover agents.
This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry." ###
Moles or not, bets on when massive lawsuits will start to be filed against these companies for breach of contract, etc? (or links to current suits?)
From grarpamp at gmail.com Thu Sep 5 19:14:40 2013 From: grarpamp at gmail.com (grarpamp) Date: Thu, 5 Sep 2013 19:14:40 -0400 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On 9/5/13, coderman
Didn't John just say something about journalists and interpretation ;)
>> But extending that >> as underlying explanation of the Bamford quote is dangerous. >> It's Bamford's quote, ask him. > > there's lots of disinformation around this topic, comparisons and > analogies that indicate this has been filtered through less technical > intermediaries. > > he can't say much about specifics, remember? > > >>> deployment of deep packet inspection with SSL/TLS capabilities.[0] >> >> I'd call it 'applied decrypting' not some breakthrough in >> 'cryptanalyze'ing >> or 'break'ing any crypto. Words are important. > > see above regarding technical vs. non-technical. for the high ups, > getting access to encrypted communication is "breaking encryption". > whether that is breaking by cooperative agreement and new hardware, or > breaking by new attacks on crypto primitives themselves, it is > indistinguishable to them but makes all the difference to us. > > > > to walk through with rough ballpark but by no means representative numbers
All good extended analysis indeed. Perhaps my issue is just with the words. I read Bamford as indicating attacks against the crypto itself, not tricks applied downstream or around it (regardless of how wholesale, specific, successful or profitable a given applied approach might be in the eyes of the doers or the done).
While recently novel and profitable with centralized services, borrowing traditional certs [1] or logging the PFS session keys [2] is vastly different from having a working "cryptanalysis" against the long term thought to be dependable underlings such as RSA, AES, ECC, etc.
Surely if the cooperation to achieve [1] is so tight then [2] would be equally doable. Then again, might as well ship the plaintext straight off the servers.
From jya at pipeline.com Thu Sep 5 19:56:38 2013 From: jya at pipeline.com (John Young) Date: Thu, 05 Sep 2013 19:56:38 -0400 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
More words from a non-techie:
David Kahn, James Bamford, Seymour Hersh and quite a few NSA and other spy types, in particular heads of agencies, Congress, POTUS. SCOTUS, DoJ, are word people. So try as they might to match a word account to the coders and mathematicians, it's pretty well impossible. And the reverse is true from the techies to the wordies.
Not many hard core cryptographers are persuasive wordies, so the wordies often run the public show, in the same way the hard cores runs the labs and hacker blow-outs with wearable computers and fuzzy PowerPoints of what a literate person would see as alphanumeric wallpaper.
Keep in mind that even many of the reputable tech reporters are not all that techie but are adept at using words lifted from tech drunken orgies. Same in my field of archtecture: the highly literate architectural critics know squat of the down and dirty but excell at reaching the public with artfully simulated accounts burnishing reputations of marketable greatness.
In the case of NSA, be damn sure that all its heads knew or know squat about NSA deep tech so they are suited to move the product in blissful ignorance to customers of similar know-not. Michael Hayden and Keith Alexander are perfect for using vapid words to persuade non-techies as little truth as possible is just fine.
Back to the latest failure to reveal technical docs. Those who know what's important about them are not likely to tell journalists that, may be incapable of doing so in a way that journalists can apply their vaunted skepticism of sources -- using word skills of truthiness. So what is transferred are narratives, stories, rhetoric, bombast, in lieu of technical specs, math, algorithms, fabrication drawings, chemical and electrical formulations, doses of EM and anti-EM just precisely zapped to the nano-fullerine /->^256/1029: the myrrh and honey of technies, sleep-eeze to the wordies who yawn is that a go or no go to slick brochure printing.
"Breakthrough" is PR, which might suggest quotation marks around all the NSA revelations -- so far. A long shot that technical docs will be leaked inadvertently, maybe left as digital debris inside one of the PowerPoint files put on a reused thumb drive and recoverable in a filthy techie lab. I think Ross Anderson could siphon and decipher that compromising junk in a flash.
Ross is pretty good at no-nonsense English too.
From coderman at gmail.com Thu Sep 5 20:01:43 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 17:01:43 -0700 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 5, 2013 at 4:14 PM, grarpamp
> While recently novel and profitable with centralized services, > borrowing traditional certs [1] or logging the PFS session keys [2] > is vastly different from having a working "cryptanalysis" against the > long term thought to be dependable underlings such as > RSA, AES, ECC, etc. you'll notice that all of the targets mentioned above have a public key exchange mechanism where by session secrets can be exchanged in presumed privacy - unless forward secrecy is used. we've seen how the "latency" added for forward secrecy provides fig leaf coverage for real reason. keep-alive don't care about your start-up latency! in short: #1 with the private keys handed over or pilfered, to support DPI-SSL, is reasonable, effective, and fits within the parameters of what we've discovered. it could be part of the certificate renewal process, an infrequent one-off.
#2 is not done, since this would be logistically ugly - every web server somehow feeding back ephemeral keys or session secrets to the spooks. not going to happen.
#2 does raise an interesting proposition - if forward secrecy becomes common this collection mechanism is crippled. watch for push back against wide deployment of PFS suites on large web properties. (spoiler alert: i'll bet you money this won't happen, for all sorts of stated reasons except the real one.)
> Then again, might as well ship the plaintext > straight off the servers. the live dip is PRISM, the passive snarf is UPSTREAM, of which BULLRUN is a part? remember, "You should use both." best regards,
From coderman at gmail.com Thu Sep 5 20:15:37 2013 From: coderman at gmail.com (coderman) Date: Thu, 5 Sep 2013 17:15:37 -0700 Subject: Guardian on NSA & GCHQ cryptowar In-Reply-To:
On Thu, Sep 5, 2013 at 3:10 PM, grarpamp
""" December 2006 Vodafone Greece was fined ?76 million by the Communications Privacy Protection Authority, a Greek privacy watchdog group, for the illegal wiretapping of 106 cellphones. The fine were calculated as ?500,000 for each phone that was eavesdropped on, as well as a ?15 million fine for impeding their investigation.
October 19, 2007, Vodafone Greece was again fined ?19 million by EETT, the national telecommunications regulator, for alleged breach of privacy rules. """ gotta find them, and have proof first...
From adi at hexapodia.org Thu Sep 5 21:25:42 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Thu, 5 Sep 2013 18:25:42 -0700 Subject: what has the NSA broken? Message-ID: <[email protected]> Tinfoil hat time ... http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
With today's disclosures, the question turns to -- what has the NSA broken? Unfortunately the journalists bowed to pressure from the espionage-industrial complex and decided not to publish specific details of what's broken; and the Snowden documents don't include all the compartmentalized details anyways. So all we can do is speculate based on what is already known and the high level overview provided.
I don't believe that NSA has a complete AES break. Call me foolish if you must, but it's just not consistent with what we know so far. I believe that a correctly implemented, truly randomly keyed AES-256-CBC or -CTR cipher is robust against cryptanalysis. It seems just barely possible that AES-128 has a complete break, since I suspect NSA can do 2^80 work on 2^60 bytes if it gives them decrypts of all the AES-128 they can sniff.
However, virtually nobody properly keys their ciphers with physical entropy. I suspect that correlated key PRNG attacks are almost certainly a significant part of the NSA/GCHQ crypto break. Many deployed systems expose a significant amount of correlated output of /dev/urandom or the in-process PRNG. Given a global passive adversary and serveral TFLOPs of built-to-spec supercomputers [1], this seems like an obvious place for a hidden advance.
Also, retrieving key material from endpoints is a high return activity. Nearly nobody uses PFS ciphersuites, many HTTPS privatekeys are used for multiple years, and a single 1 KiB leak of key material is sufficient to decrypt all traffic under that key. (You don't even need the whole key, just half the bits are plenty to reconstruct RSA keys using attacks in the open literature.) Insiders copying privatekey files after hours, DRAM remanence after "hardware failure" in SSL offload boxes, bugdoors leaking key bits in subtly biased entropy from crypto accelerator hardware, on-disk encrypted keys decrypted due to low entropy passphrases, etc. Any key stored on a US-based VPS is obviously compromised. (Doubly so if your VPS is linode.) Radio emissions from colocated boxes are a nearly completely unexplored area of research. Server-class IPMI baseboard coprocesssors have undisclosed access to host RAM at runtime, and often unaudited access via provider management-plane Ethernets. If I had to get the keys out deniably, I'd be scanning RAM for high entropy key schedules and leaking key bits in the timing of heartbeat messages.
It seems fairly likely that NSA is at least a decade ahead of academic RSA factoring. I've heard second-hand stories of $10M machines of custom ASICs built to attack RSA before 2005, and third-hand stories of machines far weirder than that. RSA-1024 I'd treat as dead, RSA-2048 is probably robust enough that if NSA have an attack it would be too valuable to risk exposing under anything but an existential threat scenario.
Non-AES legacy/proprietary ciphers are probably toast. People switching to RC4, stahp! A5/2, lulz. Maybe GOST and twofish and Salsa20 are secure; I've met djb and all my checks for NSA minders came up negative.
[1] Cray is still in business, building 10,000 CPU with attached FPGA and 1?s interconnect megaclusters for "undisclosed government customers". The systems listed as "Government" in the latest top500 list are just the tip of the iceberg; larger systems are built and installed without any public disclosure.
-andy
From coderman at gmail.com Fri Sep 6 03:49:59 2013 From: coderman at gmail.com (coderman) Date: Fri, 6 Sep 2013 00:49:59 -0700 Subject: Bruce Schneier on BULLRUN and related NSA programs Message-ID:
"The NSA Is Breaking Most Encryption on the Internet" http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
""" Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted. ... [regarding magic curve constants] Bruce Schneier ? September 5, 2013 4:07 PM I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry. ...
Bruce Schneier ? September 5, 2013 7:32 PM
"You recommended to 'Prefer symmetric cryptography over public-key cryptography.' Can you elaborate on why?"
It is more likely that the NSA has some fundamental mathematical advance in breaking public-key algorithms than symmetric algorithms.
[EDITOR: the safety margin for key lengths over time is definitely more reassuring for symmetric ciphers*. and aggravating that hardware security products and other encryption appliances and systems do not accomodate 4k or even 2k keys well, not to mention the varied cipher suites you may prefer...] ... Bruce Schneier ? September 5, 2013 4:58 PM "Why are you not going to write about those 'other few things'? Can you write about the here please?
I want to keep some secrets in my back pocket. """
* key length recommendations in bits Lenstra and Verheul Equations (2000) symmetric: 70 pubkey. 952 hash: 140 compare to: ECRYPT II 2011-2015 symmetric: 80 pubkey: 1248 hash: 160 and considering projection: ECRYPT II >2041 symmetric: 256 pubkey: 15424 hash: 512
From jya at pipeline.com Fri Sep 6 04:43:49 2013 From: jya at pipeline.com (John Young) Date: Fri, 06 Sep 2013 04:43:49 -0400 Subject: Bruce Schneier on BULLRUN and related NSA programs In-Reply-To:
Thanks for this pointer which leads to Schneier's two reports in the Guardian about cooperating with Greenwald.
As head of BT security it is hard to believe that Schneier did not know about BT's covert cooperation with GCHQ and NSA. His NDA with BT would likely prevent disclosing that knowledge along with protection of his vaunted rep as an incorruptible FOI battler.
Similarly with other notable comsec wizards, the duplicity of NSA and GCHQ should not be a surprise unless pretense of surprise is part of the highly rewarding covert cooperation.
Cryptographers are of necessity shady operators, the louder they profess trustworthiness the more likely not, NSA and GCHQ role models and dispensers of lucre the role model.
I seem to recall that there is an inverse relationship between advertized trust and deserved. Modest and quiet cryptographers have superior ethics over word artists. So a good match between commercially successful essayists Schneier and Greenwald. Let the haughty rhetoric gush.
And as Schneier blogs, wise to keep secrets in their pocket(book)s. And as he demurs to the Guardian and others on why not release all the Snowden docs, presumably the docs need careful vetting to prevent embarassing disclosures of duplicity of media and comsec wizards, a tradition as old as comsec.
Schneier's aptly revealing humor about crypto weakness: it's never the math, its the agents of the code.
At 03:49 AM 9/6/2013, you wrote: >select quotes from > >"The NSA Is Breaking Most Encryption on the Internet" > http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html > >""" >Remember this: The math is good, but math has no agency. Code has >agency, and the code has been subverted. >... >[regarding magic curve constants] >Bruce Schneier ? September 5, 2013 4:07 PM >I no longer trust the constants. I believe the NSA has manipulated >them through their relationships with industry. >... > >Bruce Schneier ? September 5, 2013 7:32 PM > >"You recommended to 'Prefer symmetric cryptography over public-key >cryptography.' Can you elaborate on why?" > >It is more likely that the NSA has some fundamental mathematical >advance in breaking public-key algorithms than symmetric algorithms. > >[EDITOR: the safety margin for key lengths over time is definitely >more reassuring for symmetric ciphers*. and aggravating that hardware >security products and other encryption appliances and systems do not >accomodate 4k or even 2k keys well, not to mention the varied cipher >suites you may prefer...] >... >Bruce Schneier ? September 5, 2013 4:58 PM >"Why are you not going to write about those 'other few things'? Can >you write about the here please? > >I want to keep some secrets in my back pocket. >""" > > >* key length recommendations in bits >Lenstra and Verheul Equations (2000) >symmetric: 70 >pubkey. 952 >hash: 140 > >compare to: ECRYPT II 2011-2015 >symmetric: 80 >pubkey: 1248 >hash: 160 > >and considering projection: ECRYPT II >2041 >symmetric: 256 >pubkey: 15424 >hash: 512
From eugen at leitl.org Fri Sep 6 05:01:50 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 11:01:50 +0200 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To:
On Thu, Sep 05, 2013 at 10:47:10AM -0700, coderman wrote: > of all the no such agency disclosures, this one fuels the most wild speculation.
It is reported that the journalists deliberately withheld details which are available in Snowden's original documents. Somebody better leak these, fast.
The claims are that some code and magic constants have been weakened, but also that NSA still has problems with some methods.
We need to know.
Obviously, as a short-term workaround there's fallback to expensive/inconvenient methods like one-time pads, but long-term we obviously need new cyphers. Not tainted by any TLA poison.
From jd.cypherpunks at gmail.com Fri Sep 6 05:19:04 2013 From: jd.cypherpunks at gmail.com (jd.cypherpunks at gmail.com) Date: Fri, 6 Sep 2013 11:19:04 +0200 Subject: [cryptography] regarding the NSA crypto "breakthrough" In-Reply-To: <[email protected]> References:
You're right. http://cpunks.wordpress.com/2013/09/06/how-to-remain-secure-against-surveillance-a- practical-guide/
--Michael 06.09.2013 11:01 Eugen Leitl
> On Thu, Sep 05, 2013 at 10:47:10AM -0700, coderman wrote: >> of all the no such agency disclosures, this one fuels the most wild speculation. > > It is reported that the journalists deliberately withheld details > which are available in Snowden's original documents. Somebody > better leak these, fast. > > The claims are that some code and magic constants have been weakened, > but also that NSA still has problems with some methods. > > We need to know. > > Obviously, as a short-term workaround there's fallback to > expensive/inconvenient methods like one-time pads, but long-term > we obviously need new cyphers. Not tainted by any TLA poison. > ______> cryptography mailing list > cryptography at randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Fri Sep 6 05:37:53 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 11:37:53 +0200 Subject: The US government has betrayed the Internet. We need to take it back Message-ID: <[email protected]> http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa- spying
The US government has betrayed the Internet. We need to take it back
The NSA has undermined a fundamental social contract. We engineers built the Internet ? and now we have to fix it
Bruce Schneier
The Guardian, Thursday 5 September 2013 20.04 BST
Internet business cables in California.
'Dismantling the surveillance state won't be easy. But whatever happens, we're going to be breaking new ground.' Photograph: Bob Sacha/Corbis Government and industry have betrayed the Internet, and us.
By subverting the Internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards.
This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.
And by we, I mean the engineering community.
Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can ? and should ? do.
One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don't cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.
We need to know how exactly how the NSA and other agencies are subverting routers, switches, the Internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.
Two, we can design. We need to figure out how to re-engineer the Internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.
We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems ? these will be harder for the NSA to subvert.
The Internet Engineering Task Force, the group that defines the standards that make the Internet run, has a meeting planned for early November in Vancouver. This group needs to dedicate its next meeting to this task. This is an emergency, and demands an emergency response.
Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the Internet. The UK is no better. The NSA's actions are legitimizing the Internet abuses by China, Russia, Iran and others. We need to figure out new means of Internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.
Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's Internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country.
Generations from now, when people look back on these early decades of the Internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose.
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.
To the engineers, I say this: we built the Internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it. ? Bruce Schneier writes about security, technology, and people. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive. He is working for the Guardian on other NSA stories
From eugen at leitl.org Fri Sep 6 06:03:23 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 12:03:23 +0200 Subject: [cryptography] Bruce Schneier on BULLRUN and related NSA programs Message-ID: <[email protected]>
----- Forwarded message from ianG
Date: Fri, 06 Sep 2013 13:01:54 +0300 From: ianG
On 6/09/13 10:49 AM, coderman wrote: > select quotes from > > "The NSA Is Breaking Most Encryption on the Internet" > http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html > > """ > Remember this: The math is good, but math has no agency. Code has > agency, and the code has been subverted.
Nice quote!
> Bruce Schneier ? September 5, 2013 7:32 PM > > "You recommended to 'Prefer symmetric cryptography over public-key > cryptography.' Can you elaborate on why?"
Some of us have been saying this for a while. E.g.,
" #2.4 Avoid Public Key Cryptography like the Plague
Public key cryptography is the kiss of death to simplicity. The problem is that it is not simple, not amenable to KISS, and full of traps that will swallow a battleship. Although the very basic idea is understandable and elegant, none of the instantiations of public key cryptography can create simple interfaces that are free of minefields. ..." http://iang.org/ssl/h2_divide_and_conquer.html#h2.4
> It is more likely that the NSA has some fundamental mathematical > advance in breaking public-key algorithms than symmetric algorithms.
It is more likely that the implementors made a mistake. This can be seen also in that all the symmetric algorithms are amenable to black-box and deterministic testing, whereas the asymmetric ones are not so amenable.
Oh, and forget the key sizes. This is not about the key sizes. iang ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From mag_foto at mac.com Fri Sep 6 06:40:48 2013 From: mag_foto at mac.com (MARK GORE) Date: Fri, 06 Sep 2013 06:40:48 -0400 Subject: Spy Files: New WikiLeaks docs expose secretive, unruly surveillance industry In-Reply-To: <[email protected]> References: <[email protected]>
On Sep 5, 2013, at 11:12 AM, Dan White
> Snowden is, simply put, one of the great American heros of our time. His > interests are clear, and his integrity has yet to be breached.
WHOOP, From what I've seen is the three letter akro's (CIA,NSA) i'll stop, are still having a pissing contest, the whole lot, three letter agencies and the wanna bee spooks.
Baby face Eddie (the friendly spook) may just be ruse-no? Look at the timing, locals, principles,profits,defunding+WTF hearings (future),RT(Rutzkies) pouncing the shit hole agency and POTUS.
*I would steer your attention to the collaboration (and its wickedly close) of the BND and CIA and 5th column countries, ours being one of them.
For me when something is to good to be true, well then it might should be food for thought grounds for further research.
This may be a study; to see, what the sheeple do, act, don't give a fuck etc., and prepare when some real shit hits the wiki fan! _Mg
*A recent (and pre?dictably slanted) Wall Street Jour?nal arti?cle dealt with a leak of Naval Intel?li?gence secrets dur?ing the course of World War II. Dis?clos?ing the piv?otal fact that U.S. intel?li?gence had cracked the Japan?ese ? White Code? (not spec?i?fied in the WSJ arti?cle), ?Colonel? Robert R. McCormick?s Chicago Tri?bune leaked vital infor?ma?tion for the sec?ond time in less than a year.
Hav?ing pre?vi?ously leaked the Rain?bow Five con?tin?gency plan for U.S. mobi?liza? tion and war-making doc?u?ments for the Sec?ond World War, McCormick was a mem?ber of Amer?ica First. Osten?si?bly iso?la?tion?ist and ?patri?otic? in out?look, the orga? ni?za?tion was, in fact, actively funded by Third Reich intel?li?gence and com?prised (for the most part) of doc?tri?naire fas?cists who loved Hitler and Mus?solini and hated Franklin Delano Roo?sevelt with a passion.
(For a good under?stand?ing of the active pro-fascist nature of Amer?ica First, open Under Cover by John Roy Carl, son and use the ?find? func?tion on your com?puter, search?ing ?Amer?ica First.? This will yield a good under?stand?ing of the nature of that orga?ni?za?tion and its members.) As dis?cussed in AFA #11, the prob?a?ble source of the leak of the Rain?bow Five pro? gram was Gen?eral Albert Wede?meyer, one of its pri?mary authors and an active Amer? ica Firster. (See text excerpts below for infor?ma?tion about Wede?meyer and the leak of Rain?bow Five.)
A lynch?pin of the China Lobby, the MacArthur group in the mil?i?tary and the milieu that coa?lesced into the John Birch Soci?ety, Wede?meyer stud?ied at the Ger?man mil? i?tary acad?emy, begin?ning in 1936, rent?ing his apart?ment from Ger?hard Ross?bach, one of the lead?ers of the Brown?shirts (SA.) Later (as dic?sussed in AFA #11) Ross? bach went to work for the CIA in the post?war period.
Yet another point about Wede?meyer set forth in AFA #11 is the fact that Ronald Rea? gan appointed Wede?meyer as a spe?cial mil?i?tary adviser.
------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Fri Sep 6 06:25:15 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 12:25:15 +0200 Subject: PayPal freezes MailPile's account In-Reply-To: <[email protected]> References: <2780551.exnjNUlKQP@laptosid>
On Thu, Sep 05, 2013 at 08:27:19PM +0200, Moritz wrote: > On 09/05/2013 05:53 PM, Yosem Companys wrote: > > Yes, but they could have used WePay, Stripe, or some other alternative. > > Not really, since Indiegogo is the largest platform besides Kickstarter, > and Kickstarter is only available for projects in US/UK (due to Amazon
I've used Kickstarter from Germany. Amazon is present in many countries beyond US/UK.
> Payments). Indiegogo exclusively uses Paypal. You want to use one of the > large crowdfunding platforms for outreach.
From eugen at leitl.org Fri Sep 6 06:51:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 12:51:40 +0200 Subject: The US government has betrayed the Internet. We need to take it back Message-ID: <[email protected]>
----- Forwarded message from "John S. Quarterman"
Date: Fri, 06 Sep 2013 06:47:26 -0400 From: "John S. Quarterman"
> On 2013-09-06 05:57, Roland Dobbins wrote: > > There are no purely technical solutions to social ills. Schneier of > > all people should know this.
Schneier does know this, and explicitly said this.
-jsq
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet- nsa-spying
Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.
Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country.
Generations from now, when people look back on these early decades of the internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose.
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.
To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Fri Sep 6 07:14:42 2013 From: jya at pipeline.com (John Young) Date: Fri, 06 Sep 2013 07:14:42 -0400 Subject: Matthew Green: An understated response to the NSA and unidentifed friends treachery In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
An understated response to the NSA and unidentifed friends treachery: http://blog.cryptographyengineering.com/2013/09/on-nsa.html More of these expected, many. But who knows, as Green says, all could go back to swell comsec business as usual.
From eugen at leitl.org Fri Sep 6 07:15:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 13:15:29 +0200 Subject: [liberationtech] NYTimes and Guardian on NSA Message-ID: <[email protected]>
----- Forwarded message from Daniel Colascione
Date: Thu, 05 Sep 2013 12:48:53 -0700 From: Daniel Colascione
On 9/5/13 12:32 PM, Richard Brooks wrote: > Latest articles: > > http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html? emc=edit_na_20130905&_r=0&pagewanted=print > > http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security > > > I find most of this (if not all) silly. They seem shocked that the > NSA does cryptanalysis. It would be nice if the newspapers had > people with some knowledge of the domain writing articles. >
There is a massive difference between cryptanalysis and decade-long, well-funded, and top-secret program to subtly weaken international cryptographic protocols and sabotage industry implementations.
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From gizmoguy1 at gmail.com Fri Sep 6 07:17:26 2013 From: gizmoguy1 at gmail.com (John Preston) Date: Fri, 06 Sep 2013 12:17:26 +0100 Subject: Old list archives Message-ID: <[email protected]>
I'm having trouble finding the list archives going back into the 90's; they're not on cpunks.org. Anyone got them? From eugen at leitl.org Fri Sep 6 07:23:23 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 13:23:23 +0200 Subject: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches Message-ID: <[email protected]>
----- Forwarded message from Jim Thompson
Date: Thu, 5 Sep 2013 15:07:00 -0500 From: Jim Thompson Subject: Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches X-Mailer: Apple Mail (2.1786.1) Reply-To: pfSense support and discussion
Read ?em and weep: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet- encryption.html?_r=0
My take is that most places don?t enable PFS (because it?s ?hard?) in IPSec.
In theory, Transport Layer Security (TLS) can choose appropriate ciphers since SSLv3, but in everyday practice many implementations have refused to offer PFS or only provide it with very low encryption grade. http://www.ietf.org/mail-archive/web/tls/current/msg02134.html
I don?t know the situation on pfSense (I?ve not gone to look, as I?m elbows deep in an IPv6 IPsec issue atm.)
In theory, OpenSSL supports perfect forward secrecy using elliptic curve Diffie? Hellman since version 1.0. Do we set "enable-ec_nistp_64_gcc_128? on pfSense? Do we enable the DHE-RSA-AES128-SHA cipher suite? How about ECDHE-RSA-AES128-SHA? Do we build the 64-bit optimized version for 64-bit images? http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
Anyway, the ?evidence? is that there is some fundamental weakness in DH, since the NSA itself recommends EC crypto rather than DH in their ?Suite B? offering. http://www.nsa.gov/ia/programs/suiteb_cryptography/
One would think that pfSense would follow suit.
______List mailing list List at lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From cypherpunk at cpunk.us Fri Sep 6 07:27:42 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Fri, 6 Sep 2013 06:27:42 -0500 Subject: Old list archives In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
From eugen at leitl.org Fri Sep 6 08:08:39 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 14:08:39 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
Plants in the IETF? Sounds plausible.
----- Forwarded message from Phillip Hallam-Baker
Date: Thu, 5 Sep 2013 16:33:58 -0400 From: Phillip Hallam-Baker
On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger
> I would like to open the floor to *informed speculation* about > BULLRUN. > > Informed speculation means intelligent, technical ideas about what > has been done. It does not mean wild conspiracy theories and the > like. I will be instructing the moderators (yes, I have help these > days) to ruthlessly prune inappropriate material. > > At the same time, I will repeat that reasonably informed > technical speculation is appropriate, as is any solid information > available. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security ? The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.
I believe this confirms my theory that the NSA has plants in the IETF to discourage moves to strong crypto.
-- Website: http://hallambaker.com/
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Fri Sep 6 08:52:24 2013 From: jya at pipeline.com (John Young) Date: Fri, 06 Sep 2013 08:52:24 -0400 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
About time this "informed speculation" happened, long overdue. Hope it turns out to be that and more:
For those not on the cryptography list by Perry Metzger, the thread so far:
Heavily moderated, no bullshit except of the highest quality of informed speculation.
At 08:08 AM 9/6/2013, you wrote:
>Plants in the IETF? Sounds plausible. > >----- Forwarded message from Phillip Hallam-Baker
From eugen at leitl.org Fri Sep 6 10:26:43 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 16:26:43 +0200 Subject: [Cryptography] Sabotaged hardware (was Re: Opening Discussion: Speculation on "BULLRUN") Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Fri, 6 Sep 2013 10:25:17 -0400 From: "Perry E. Metzger"
On Thu, 5 Sep 2013 22:31:50 -0400 Jerry Leichter
This is troubling. It implies that there are widely used crypto accelerators in use at large organizations that intentionally harm the security of users. Random number generator flaws would seem like an obvious possibility here.
This is especially disturbing because other actors can now start doing teardowns on a wide variety of such devices looking to find the flaws so they can themselves attack the traffic in question.
Perry -- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 10:52:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 16:52:51 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Thu, 5 Sep 2013 16:41:18 -0400 From: "Perry E. Metzger"
On Thu, 5 Sep 2013 15:58:04 -0400 "Perry E. Metzger"
Here are a few guesses from me:
1) I would not be surprised if it turned out that some people working for some vendors have made code and hardware changes at the NSA's behest without the knowledge of their managers or their firm. If I were running such a program, paying off a couple of key people here and there would seem only rational, doubly so if the disclosure of their involvement could be made into a crime by giving them a clearance or some such.
2) I would not be surprised if some of the slow speed at which improved/fixed hashes, algorithms, protocols, etc. have been adopted might be because of pressure or people who had been paid off.
At the very least, anyone whining at a standards meeting from now on that they don't want to implement a security fix because "it isn't important to the user experience" or adds minuscule delays to an initial connection or whatever should be viewed with enormous suspicion. Whether I am correct or not, such behavior clearly serves the interest of those who would do bad things.
3) I would not be surprised if random number generator problems in a variety of equipment and software were not a very obvious target, whether those problems were intentionally added or not.
4) Choices not to use things like Diffie-Hellman in TLS connections on the basis that it damages user experience and the like should be viewed with enormous suspicion.
5) Choices not to make add-ons available in things like chat clients or mail programs that could be used for cryptography should be viewed with suspicion.
Perry -- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 11:04:36 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 17:04:36 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Phillip Hallam-Baker
Date: Thu, 5 Sep 2013 16:58:07 -0400 From: Phillip Hallam-Baker
On Thu, Sep 5, 2013 at 4:41 PM, Perry E. Metzger
> On Thu, 5 Sep 2013 15:58:04 -0400 "Perry E. Metzger" >
Or they contacted the NSA alumni working in the industry.
> 2) I would not be surprised if some of the slow speed at which > improved/fixed hashes, algorithms, protocols, etc. have been adopted > might be because of pressure or people who had been paid off. >
> At the very least, anyone whining at a standards meeting from now on > that they don't want to implement a security fix because "it isn't > important to the user experience" or adds minuscule delays to an > initial connection or whatever should be viewed with enormous > suspicion. Whether I am correct or not, such behavior clearly serves > the interest of those who would do bad things. >
I think it is subtler that that. Trying to block a strong cipher is too obvious. Much better to push for something that is overly complicated or too difficult for end users to make use of.
* The bizare complexity of IPSEC.
* Allowing deployment of DNSSEC to be blocked in 2002 by blocking a technical change that made it possible to deploy in .com.
* Proposals to deploy security policy information (always send me data encrypted) have been consistently filibustered by people making nonsensical objections.
3) I would not be surprised if random number generator problems in a > variety of equipment and software were not a very obvious target, > whether those problems were intentionally added or not. >
Agreed, the PRNG is the easiest thing to futz with. It would not surprise me if we discovered kleptography at work as well.
> 4) Choices not to use things like Diffie-Hellman in TLS connections > on the basis that it damages user experience and the like should be > viewed with enormous suspicion. > > 5) Choices not to make add-ons available in things like chat clients > or mail programs that could be used for cryptography should be viewed > with suspicion.
I think the thing that discouraged all that was the decision to make end user certificates hard to obtain (still no automatic spec) and expire after a year.
-- Website: http://hallambaker.com/
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Fri Sep 6 11:14:30 2013 From: jya at pipeline.com (John Young) Date: Fri, 06 Sep 2013 11:14:30 -0400 Subject: FBI OpenBSD Backdoors and RSA Cipher Vulnerability Message-ID:
12 January 2012. FBI OpenBSD Backdoors and RSA Cipher Vulnerability:
From eugen at leitl.org Fri Sep 6 11:39:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 17:39:13 +0200 Subject:
----- Forwarded message from nettime's avid gift giver
Date: Thu, 05 Sep 2013 23:36:35 +0200 From: nettime's avid gift giver
Gifts to Federal Employees from Foreign Government Sources Reported to Employing Agencies in Calendar Year 2012 https://www.federalregister.gov/articles/2013/08/30/2013-21264/office- of-the-chief-of-protocol-gifts-to-federal-employees-from-foreign-gover nment-sources-reported#t-5
Agency: Central Intelligence Agency
Revolving desk clock barometer/thermometer. Rec'd?1/8/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Silver double-spouted presentation teapot. Rec'd?1/19/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Bronzed composition of a soldier. Rec'd?1/20/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration Bronze dagger blade, circa 930-586 BCE, with a silver wreath mount. Rec'd?1/26/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Steel kilij-style blade saber with copper mounted leather scabbard. Rec'd?2/2/2012. Est. Value?$700.00. Disposition?Pending Transfer to General Services Administration
White Fendi wristwatch. Rec'd?2/10/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration Large check Burberry cashmere scarf. Rec'd?2/10/2012. Est. Value?$395.00. Disposition?Pending Transfer to General Services Administration
Silver Valentino wristwatch. Rec'd?2/10/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration Large, framed lithograph of a seated figure, unsigned. Rec'd?2/10/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Maple Walnut two-string lahuta in a fitted walnut case. Rec'd?2/13/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Gold overlaid opaque white glass vase. Rec'd?3/12/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Coral studded filigree silver single-edge dagger. Rec'd?3/13/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration
Coral-studded filigree silver model of a four-masted ship. Rec'd?3/14/2012. Est. Value?$3,500.00. Disposition?Pending Transfer to General Services Administration
Three Roman-Byzantine pottery vessels, circa 1st Century A.D.?5th Century B.C. Rec'd?3/19/2012. Est. Value?$750.00. Disposition?Pending Transfer to General Services Administration
Silver model of a two-masted ship. Rec'd?4/16/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration
6? x 4? silk rug, red ground with a red and navy blue border. Rec'd?4/23/2012. Est. Value?$1,200.00. Disposition?Pending Transfer to General Services Administration
Bronze commemorative monument. Rec'd?5/9/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration Single-edged steel saber in a brass mounted scabbard. Rec'd?6/5/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Silver and pink glazed coffee set. Rec'd?6/5/2012. Est. Value?$400.00. Disposition?Pending Transfer to General Services Administration Gilt metal hilted commemorative replica of Khan Kubrat's sword. Rec'd?6/6/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Silver mounted black leather scabbard and steel blade saber. Rec'd?6/7/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration
Silver presentation bowl. Rec'd?6/12/2012. Est. Value?$700.00. Disposition?Pending Transfer to General Services Administration Large golden falcon with a clock insert. Rec'd?7/9/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration
Small golden falcon with a clock insert. Rec'd?7/9/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Petrus Pomerol Grand Vin, 2001. Rec'd?7/9/2012. Est. Value?$1,700.00. Disposition?Pending Transfer to General Services Administration 6.8? x 4.4? silk rug, ivory with a light blue and beige background. Rec'd?7/10/2012. Est. Value?$8,000.00. Disposition?Pending Transfer to General Services Administration
Rolex gentleman's stainless steel automatic chronometer wristwatch. Rec'd?7/10/2012. Est. Value?$6,500.00. Disposition?Pending Transfer to General Services Administration
5? x 3? silk rug, ivory background with beige and rose accents. Rec'd?8/2/2012. Est. Value?$700.00. Disposition?Pending Transfer to General Services Administration
6.6? x 4.1? silk rug, red background with a beige ground guard border. Rec'd?9/3/2012. Est. Value?$5,000.00. Disposition?Pending Transfer to General Services Administration
Filigree silver scabbard with short sword. Rec'd?9/7/2012. Est. Value?$2,500.00. Disposition?Pending Transfer to General Services Administration
Sheep's horn bow and arrow. Rec'd?11/11/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Woven fabric in a commemorative metal mounted red stained wood stand. Rec'd?2/21/2012. Est. Value?$500.00. Disposition?On Display in the Deputy Director's Suite for Official Use Only
Cartier silver men's watch. Rec'd?2/21/2012. Est. Value?$9,000.00. Disposition?Pending Transfer to General Services Administration
Black steel barrel and walnut stock shotgun. Rec'd?3/4/2012. Est. Value?$700.00. Disposition?Pending Transfer to General Services Administration
Filigree silver double-edged short sword and scabbard. Rec'd?3/4/2012. Est. Value?$2,500.00. Disposition?Pending Transfer to General Services Administration
One medium plate with semi-precious stones inlaid and one matching small plate. Rec'd?4/25/2012. Est. Value?$500.00. Disposition?On Display in the Deputy Director's Suite for Official Use Only
Six silver commemorative medallions. Rec'd?6/17/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
8? x 5? silk rug, navy blue ground with three vertical rows of stylized flowers. Rec'd?6/19/2012. Est. Value?$2,000.00. Disposition?On Display in the Deputy Director's Suite for Official Use Only
Hamilton Jazzmaster watch. Rec'd?7/9/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration Filigree silver double-edged dagger. Rec'd?9/28/2012. Est. Value?$1,500.00. Disposition?On Display in the Deputy Director's Suite for Official Use Only
Gold bullion presentation coin. Rec'd?2/1/2008. Est. Value?$2,000.00. Disposition?Pending Transfer to General Services Administration Two silk rugs, one brown and one yellow. Rec'd?6/1/2010. Est. Value?$800.00. Disposition?Pending Transfer to General Services Administration
Cartier Roadster fountain pen. Rec'd?1/5/2012. Est. Value?$750.00. Disposition?Pending Transfer to General Services Administration
18? brown wood grain M1 rifle. Rec'd?1/18/2012. Est. Value?$699.00. Disposition?Pending Transfer to General Services Administration
Chess set and a silk rug. Rec'd?4/16/2012. Est. Value?$1,080.00. Disposition?Pending Transfer to General Services Administration
Cartier ink pen. Rec'd?4/30/2012. Est. Value?$395.00. Disposition?Pending Transfer to General Services Administration
Sterling silver cufflinks and silver fountain pen. Rec'd?5/25/2012. Est. Value?$800.00. Disposition?Pending Transfer to General Services Administration
Baum and Mercier quartz watch. Rec'd?5/25/2012. Est. Value?$1,190.00. Disposition?Pending Transfer to General Services Administration Romanson Trofish edition Swiss wristwatch. Rec'd?6/15/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration
Romanson Trofish edition Swiss wristwatch. Rec'd?6/15/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration
Romanson Trofish edition Swiss wristwatch. Rec'd?6/15/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration
Romanson Trofish edition Swiss wristwatch. Rec'd?6/15/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration
Femini-T Tissot lady's watch. Rec'd?6/28/2012. Est. Value?$850.00. Disposition?Pending Transfer to General Services Administration
Cartier ink pen. Rec'd?7/7/2012. Est. Value?$395.00. Disposition?Pending Transfer to General Services Administration
Hamilton Jazzmaster Watch. Rec'd?7/9/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration Hamilton stainless steel wristwatch with brown leather band. Rec'd?7/10/2012. Est. Value?$1,500.00. Disposition?Pending Transfer to General Services Administration
Pierre Balmain Swiss quartz men's watch. Rec'd?7/16/2012. Est. Value?$700.00. Disposition?Pending Transfer to General Services Administration
Raymond Weil watch. Rec'd?7/18/2012. Est. Value?$750.00. Disposition?Pending Transfer to General Services Administration EOS 60D SLR camera with 18-135MM lens. Rec'd?7/27/2012. Est. Value?$1,150.00. Disposition?Pending Transfer to General Services Administration
Rolex gold and stainless steel wristwatch. Rec'd?7/30/2012. Est. Value?$14,000.00. Disposition?Pending Transfer to General Services Administration
Silk rug. Rec'd?9/16/2012. Est. Value?$500.00. Disposition?Pending Transfer to General Services Administration
Rado Centrix men's wristwatch. Rec'd?10/18/2012. Est. Value?$1,250.00. Disposition?Pending Transfer to General Services Administration
Six encased displays with various historical items including rare stamps, currencies, and prayer books. Rec'd?11/6/2012. Est. Value?$6,000.00. Disposition?Pending Transfer to General Services Administration
3? x 5? silk rug. Two bottles of cologne. An iPhone 5. Rec'd?12/20/2012. Est. Value?$3,375.00. Disposition?Pending Transfer to General Services Administration
Chopard cufflinks. Chopard ballpoint pen. Chopard money clip. Rec'd?12/29/2012. Est. Value?$1,000.00. Disposition?Pending Transfer to General Services Administration
# distributed via
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 11:45:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 17:45:29 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from arxlight
Date: Fri, 06 Sep 2013 00:46:15 +0200 From: arxlight
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
What surprises me is that anyone is surprised. If you believed OpenBSD's Theo de Raadt and Gregory Perry back in late 2010, various government agencies (in this specific case the FBI- though one wonders if they were the originating agency) have been looking to introduce weaknesses wholesale into closed AND open source software and OS infrastructures for some time. Over a decade in his example.
(See: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2)
Those of us old enough might marvel at the fact that going back to the late 1980s a huge dust up was caused by the allegations that Swiss firm "Crypto AG" introduced backdoors into their products at the behest of Western (read: United States and the BND) intelligence agencies, products that, at the time, were in widespread use by foreign governments who, one presumes, could not afford to field their own national cryptology centers to protect their own infrastructure (or were just lazy and seduced by a Swiss flag on the corporate domicile of Crypto AG).
For the unwashed on the list, Wikipedia (and Der Spiegel) relate the story of (probably) hapless Crypto AG salesman Hans Buehler's 1992 arrest by the Iranian authorities after those allegations came to light, and the fact that Crypto AG paid a $1m ransom for him (but then later billed him for the $1m--you stay classy, Crypto AG).
(See: http://en.wikipedia.org/wiki/Crypto_AG)
But fear not. Governments and NGOs around the world will be pleased to know that Crypto AG lives on and continues to provide superior crypto and security solutions to foreign institutions of all kinds, including:
"National security councils, national competence centres, e-government authorities, encryption authorities, national banks, ministries of defence, combined/joint commands, cyber commands, air forces, land forces, naval forces, special forces, military intelligence services, defence encryption authorities, ministries of foreign affairs and numerous international organisations, ministries of the interior, presidential guards, critical infrastructure authorities, homeland security authorities, intelligence services, police forces, and cyber forces."
(See: http://www.crypto.ch/ - The inclusion of a shot of the Patrouille Suisse is an especially nice touch. I often drive by their offices in Steinhausen and was stunned to realize a few years ago that they are thriving- I can only imagine what the mortgage on that place costs).
I expect that today many of us feel quite naive at being shocked by those penetration revelations (sorry, allegations) given that it seems highly probable now that anyone using any sort of Microsoft, Cisco, Google, Facebook, Yahoo, YouTube, Skype, AOL or Apple product has now been elevated to a collection priority that seemed confined to the Irans of the world in the 1990s and early 2000s.
Perry wondered after the "unpardonable carelessness" of the NSA in giving 50,000 Snowden's access to a Powerpoint with all the Prism partners. I would argue that the NSA had good cause to think no one would notice or care given how many people who should know MUCH MUCH better still send Crypto AG scads of money. And going back to the days of toad.com hasn't this always been the story?
Security is expensive. Most people (and some governments) are cheap.
There's something about the present political climate in the United States that really interests me. Mere mention of the word "fascism" in any context other than sarcasm seems to brand one quite instantly as a tin-foil nutjob. Granted, I think the world "fascism" is as overused as the word "communism," but it bears mentioning that the usurpation of corporate entities and industry by the state to its own purposes is one of the classic tenants of fascism. I'm sure the list's readers sense where I'm going with this by now.
It is hard to escape noticing that the NSA and its sister and orbital agencies have long since broken the traditional firewall and morphed themselves into domestic surveillance agencies. But the United States is late to the party here.
In the world of finance it was long understood that certain state-dominated Russian firms were front-running a number of U.S. economic indicators prior to release. The rumor at the time was that this activity stopped cold after a security audit at the offending U.S. agencies. It's possible that the story was apocryphal, but I sort of doubt it. The economic intelligence apparatus of foreign intelligence services was the place to be if you wanted to find yourself in the good graces of your nation-state. (It's not an accident that Nikolay Patolichev, once the Soviet Union's Foreign Trade Minister, led the pack having been awarded the Order of Lenin twelve times).
Of course, drafting otherwise independent-appearing private enterprises to the purposes of the state was popular then (the CIA would routinely interview U.S. businessmen and businesswomen after trips to jurisdictions of interest, and leverage their presence in foreign lands to their own advantage), and appears even more popular now.
I won't belabor the point (made long ago and loudly by Kate Martin, only to fall upon decidedly deaf ears) that U.S. Courts generally refuse to examine the legality of collection of inculpatory evidence that is dropped into their lap- but it is important to at least acknowledge. Again, those of us shocked by those revelations (that evidence of domestic crimes "accidentally" collected by intelligence agencies would not necessarily be inadmissible) might feel awfully stupid now that it seems that the NSA expressly retains or passes on evidence of crimes unrelated to foreign intelligence activities or terrorism, and that the DEA (presumably among others) routinely engages what could fairly be called wholesale perjury to conceal the source of such evidence from courts and defense counsel when it is presented in support of criminal prosecutions.
Finally returning to the original topic (please forgive the diversion) I think what is the most important element to understand is that what was once opportunistic synergy between national intelligence agencies and law enforcement agencies (here the War on Drugs was clearly the camel's nose) has become Fusion Center level integration- and bilateral information flow. Don't take my word for it, just read some of the Fusion Center testimony to various congressional committees- this is their bread and butter. Whichever asshole it was who first blamed 911 on a lack of cooperation between law enforcement and intelligence did a great deal of damage to the United States, but the trend was already pressing forward.
What seems even more daunting is the new path of information from the bottom up. Now that you have local law enforcement humming around in cars collecting position and "metadata" on every license plate within 20m of a cop car prowling around on its beat, federal agencies are just a "Fusion Center query" away from access to... well... nearly everything.
Look at this model (local collection at local expense re-purposed to federal exploitation), basic "exception processing," and the impact of the last decade and a half of "crony capitalism" and it is suddenly pretty hard not to credit BULLRUN with far more access than is public even given the latest revelations.
Certainly, I don't run the NSA, but it doesn't take much more than a middling operations professional to tell you that exception processing is the key. Attacking this stuff is a question of priorities.
Though experiment: What order of difficulty would you assign:
Catch it in the clear. Compromising a vendor (including keys and users passwords- which might be reused). Injecting poor RNG (with vendor cooperation). Stealing a master key. Stealing a session key. Stealing a password to master or session key. Dictionary-attacking a password. Brute-forceing a weak password. Compromising an endpoint. Compromising a physical machine. Rubber-hoseing a password. Brute-forceing a strong password. Brute-forceing a weak key. Brute-forceing a strong key.
Include in your analysis the cost of bending (or breaking) constitutional protections in the post-911 era (if any).
Just look at the leverage an unwieldy, all-encompassing central government has on large US based firms (See e.g. Qwest post-cooperation refusal) and reflect on the bi-lateral Fusion Center model and then try to speculate that BULLRUN is overstated.
I don't think you need a major factoring breakthrough to have FANTASTIC success in accessing the vast majority of (for example) SSL "protected" internet traffic. Anyone know what the market penetration of Microsoft IIS is?
No, quite the contrary. I'll be amazed to find that the NYT piece isn't UNDERstated.
To coin a phrase with reference to large and medium sized Western IT firms:
They're all Crypto AG now.
- - uni -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJSKQm3AAoJEAWtgNHk7T8QJOEQALI381nUcAHtALvqw/ac/k84 Tdn+Zd2+T54stDJPwJvOQXkeIJJKAURyhPgG+oGkXHbzjLnwTp6zpB9+et4pM5n7 PRc8X/9fAF8+X8EzDwQA90wYEZaAaSmnnaXi034faw0kKw0T0EDenDBgJ6J9fHGa DtsQECUlYenj2Evm0cY60Uz52/zJcXryWS5vRS4IU+i4ELCC3CbY6cX3MAT6Y6jc reh1B8Wf1fbmaXYR5Ws+Dd5VE4+9T2VkB2MZQN9T+/NbS9abe+lFVZkqjNx28RT4 OHC9VVqG0rGgn3a7tiLY2StmPSIxyV08LRmoz89CU0smdjb8pZDc+08V29anIH+Q E6xo+pJdc+SF34wHurCBRYqeH4TLowB2Bl/pLQ05FUFCcj6bIGO1lwf5sHaPpsKU 3mAC4HnQwlgd61epbLVbNcltp40nz5Soz/tfyyRM2T2VNdkxcriJUezKQRwu+t6d pCbQow9KEpcrdL3TlaQgcvNH0btU5HRnz7EJSrctL+FfZBKUj4jcRCUgASt6gRBd cnrzFcFAYoSgBBR/wJBxUATpzxMl+xZ74zPKJPdaIiA0XPd1F9ZIUe+mzDL+IxHT b08+gUgME9OMpjwToSkoopYL02AkK/GRirC14C2cXieC8JwjrevIoBQmCLUutNK6 XC4sOGrFZ7Z37sXL+1jT =4NbV -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From grarpamp at gmail.com Fri Sep 6 12:13:50 2013 From: grarpamp at gmail.com (grarpamp) Date: Fri, 6 Sep 2013 12:13:50 -0400 Subject: Old list archives In-Reply-To:
On 9/6/13, CypherPunk
For those that use real MUA's/search with local copies instead of crippled web indexes further subject to disappearance, and to cover time gaps and provide a canonical answer to this recurring question....
I suggest people here collaborate and contribute to create a complete historical archive in mbox and/or maildir format. Once compiled and deduplicated it could be broken out and presented by year in said formats and also loaded into mailman/pipermail.
What datasets do you all have and in what formats? Can you upload and/or post links to them?
I believe cpunks.org is willing to host such an archive.
From eugen at leitl.org Fri Sep 6 14:34:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 20:34:40 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Benjamin Kreuter
Date: Fri, 6 Sep 2013 11:28:22 -0400 From: Benjamin Kreuter
On Fri, 6 Sep 2013 01:19:10 -0400 John Kelsey
> I don't see what problem would actually be solved by dropping public > key crypto in favor of symmetric only designs. I mean, if the > problem is that all public key systems are broken, then yeah, we will > have to do something else. But if the problem is bad key generation > or bad implementations, those will be with us even after we abandon > all the public key stuff.
Not necessarily. A bad implementation of a block cipher will be probably spotted quickly if you need it to interoperate with a good implementation; a bad implementation of a public key cipher might interoperate just fine with good implementations. Public key systems often have parameters or requirements that affect security without affecting the correctness of encryption or decryption. ElGamal encryption might appear to work even though you are using a group where the DDH assumption does not hold. Elliptic curve systems have even more parameters that need to be set correctly for security.
I am not saying that we should abandon public key cryptography, I am just saying that there a number of ways for public key systems to go wrong that do not apply to symmetric ciphers.
Just my 2 cents, Ben
-- Benjamin R Kreuter UVA Computer Science brk7bx at virginia.edu KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From joseph.g.tag at gmail.com Fri Sep 6 14:37:30 2013 From: joseph.g.tag at gmail.com (Joseph Tag) Date: Fri, 6 Sep 2013 14:37:30 -0400 Subject: cypherpunks Digest, Vol 3, Issue 15 In-Reply-To:
The govt uses red/black switches and KG-n, KIV7hs, KIV19,(boxes) and KOV9 and more PCMIA cards to protect themselves. Semiconductor firms useto make DES chips. Boeing made an MLS server. Isn't Crypto supposed to be incorporated into firmware of Routers? Yes, bribery of network managers ( personnel security and trust ) is a big concern. 576-bit Group Keys / Key Encrypting Keys interest me. Thank you. Best wishes. ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Fri Sep 6 15:03:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 21:03:49 +0200 Subject: Secrecy News -- 09/08/13 Message-ID: <[email protected]>
----- Forwarded message from Steven Aftergood
Date: Fri, 06 Sep 2013 08:08:09 -0700 From: Steven Aftergood
Format Note: If you cannot easily read the text below, or you prefer to receive Secrecy News in another format, please reply to this email to let us know.
SECRECY NEWS from the FAS Project on Government Secrecy Volume 2013, Issue No. 79 September 6, 2013
Secrecy News Blog: http://blogs.fas.org/secrecy/
** TRENDS IN INTELLIGENCE SPENDING, AND MORE FROM CRS ** RESOURCES ON CONFLICT IN SYRIA FROM CRS
TRENDS IN INTELLIGENCE SPENDING, AND MORE FROM CRS
The rise and fall (and rise) of intelligence spending over the past three decades is traced in a newly updated report from the Congressional Research Service.
"Limited publicly available data suggests intelligence spending, measured in constant 2014 dollars, has roughly doubled since the September 11, 2001, terrorist attacks and, before declines over the last three years, was almost double spending at its peak at the end of the cold war," the CRS report notes.
The report does not explicitly deal with the latest disclosure of a classified intelligence budget document in the Washington Post. "Because the document leaked to the news media is classified, CRS is unable to provide a discussion of the specific detail of that budget submission." But the report provides a useful compilation of previously disclosed intelligence budget data, along with some sensible extrapolations to round out the picture.
CRS also reviews proposals to restructure the intelligence budgeting process. See "Intelligence Spending and Appropriations: Issues for Congress," September 5, 2013:
http://www.fas.org/sgp/crs/intel/R42061.pdf
But any proposals to modify current intelligence budget practices face strong opposition in Congress. In its report on the FY2014 defense authorization act, the House Armed Services Committee included language to prohibit efforts by the Secretary of Defense to create a new budget account for the National Intelligence Program. (Section 924)
http://gpo.gov/fdsys/pkg/CRPT-113hrpt102/html/CRPT-113hrpt102.htm
The Committee also said that the Defense Department has been secretly maneuvering to promote a consolidated National Intelligence Program budget within the Department of Defense as a separate budget category -- a step favored by the 9/11 Commission, among others, as a way to increase clarity and accountability in intelligence spending. "The committee is concerned that the executive branch has failed to notify the appropriate congressional committees about its continuing efforts to pursue consolidation of the portion of the Department of Defense budget designated as part of the National Intelligence Program," the House report said. The Committee directed the Department of Defense to submit a report to Congress on "any planning [for future intelligence budget consolidation] that has occurred during the past two years."
Some other noteworthy new reports from the Congressional Research Service that Congress has withheld from online public distribution include the following.
War in Afghanistan: Campaign Progress, Political Strategy, and Issues for Congress, August 29, 2013:
http://www.fas.org/sgp/crs/natsec/R43196.pdf
Instances of Use of United States Armed Forces Abroad, 1798-2013, August 30, 2013:
http://www.fas.org/sgp/crs/natsec/R42738.pdf
Navy Littoral Combat Ship (LCS) Program: Background and Issues for Congress, September 3, 2013:
http://www.fas.org/sgp/crs/weapons/RL33741.pdf
Banning the Use of Racial Preferences in Higher Education: A Legal Analysis of Schuette v. Coalition to Defend Affirmative Action, September 3, 2013:
http://www.fas.org/sgp/crs/misc/R43205.pdf
Wildfire Management: Federal Funding and Related Statistics, August 30, 2013:
http://www.fas.org/sgp/crs/misc/R43077.pdf
U.S. Farm Income, August 30, 2013:
http://www.fas.org/sgp/crs/misc/R40152.pdf
Proposed U.S.-Mexico Transboundary Hydrocarbons Agreement: Background and Issues for Congress, August 29, 2013: http://www.fas.org/sgp/crs/row/R43204.pdf
Kyrgyzstan: Recent Developments and U.S. Interests, August 30, 2013:
http://www.fas.org/sgp/crs/row/97-690.pdf
Climate Change and Existing Law: A Survey of Legal Issues Past, Present, and Future, August 28, 2013:
http://www.fas.org/sgp/crs/misc/R42613.pdf
RESOURCES ON CONFLICT IN SYRIA FROM CRS
Here are some new and updated reports on the conflict in Syria prepared by the Congressional Research Service:
Possible U.S. Intervention in Syria: Issues for Congress, September 3, 2013:
http://www.fas.org/sgp/crs/mideast/R43201.pdf
Syria: Overview of the Humanitarian Response, September 4, 2013:
http://www.fas.org/sgp/crs/mideast/R43119.pdf
Syria's Chemical Weapons: Issues for Congress, August 30, 2013:
http://www.fas.org/sgp/crs/nuke/R42848.pdf
______Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.
The Secrecy News Blog is at: http://www.fas.org/blog/secrecy/
To SUBSCRIBE to Secrecy News, go to: http://blogs.fas.org/secrecy/subscribe/
To UNSUBSCRIBE, go to http://blogs.fas.org/secrecy/unsubscribe/
OR email your request to saftergood at fas.org
Secrecy News is archived at: http://www.fas.org/sgp/news/secrecy/index.html
Support the FAS Project on Government Secrecy with a donation: https://members.fas.org/donate
______Steven Aftergood Project on Government Secrecy Federation of American Scientists web: www.fas.org/sgp/index.html email: saftergood at fas.org voice: (202) 454-4691 twitter: @saftergood
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 15:06:50 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 21:06:50 +0200 Subject: Old list archives In-Reply-To:
On Fri, Sep 06, 2013 at 12:13:50PM -0400, grarpamp wrote: > On 9/6/13, CypherPunk
An excellent idea. Unfortunately, I lost my 1980s/90s emails due to a shredded RAID.
> format. Once compiled and deduplicated it could be > broken out and presented by year in said formats and > also loaded into mailman/pipermail. > > What datasets do you all have and in what formats? > Can you upload and/or post links to them? > > I believe cpunks.org is willing to host such an archive.
I will put up a mirror as well. mbox format is perfect.
From grarpamp at gmail.com Fri Sep 6 15:11:57 2013 From: grarpamp at gmail.com (grarpamp) Date: Fri, 6 Sep 2013 15:11:57 -0400 Subject: [cryptography] Matthew Green: An understated response to the NSA and unidentifed friends treachery In-Reply-To:
On 9/6/13, John Young
Linked from said blog... http://software.intel.com/en-us/blogs/2012/05/14/what-is-intelr-secure-key-technology
Bull Mountain Technology ... BULLRUN.
Bullshit naming coincidence or genuine cooperative wordplay? ;)
From eugen at leitl.org Fri Sep 6 15:15:05 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 21:15:05 +0200 Subject: [Cryptography] Matthew Green on BULLRUN Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Fri, 6 Sep 2013 15:09:27 -0400 From: "Perry E. Metzger"
Some interesting nuggets here, including the fact that he explicitly calls out the existence of NSA's new HUMINT division that infiltrates corporations for a living. http://blog.cryptographyengineering.com/2013/09/on-nsa.html
-- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 15:41:08 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 21:41:08 +0200 Subject: [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from Andy Isaacson
Date: Fri, 6 Sep 2013 12:34:54 -0700 From: Andy Isaacson
On Fri, Sep 06, 2013 at 10:45:46AM -0700, Joe Szilagyi wrote: > Does anyone put any stock into the rumors floating lately that the > government may have influenced Intel and/or AMD into altering in > subtle ways that CPUs handle random number generation? I keep seeing > this possible FUD floating around in comments here and there on > other articles.
I agree with some of your premises, but disagree with the conclusion you seem to be drawing. Yes, it's just a fear of uncertainty. We do not have evidence, nor even a claim based on knowledge, that HWRNG backdooring has occurred.
However, I claim that the fear is well founded and should be taken into account by all threat models.
HWRNG is a nearly-uniquely difficult security problem to crack. By definition it is impossible to prove that a black-box HWRNG is safe. This is different from the security properties of a blackbox AES or MODMUL accelerator, which can be demonstrated to conform to a known specification. If your AES instructions don't do AES, then testing against a software implementation will show it! The AES logic unit will have a hard time leaking the AES keybits since there's nowhere nondeterministic to put them. etc.
By contrast, a properly functioning HWRNG cannot be tested in a way that distinguishes it from the output of a stream cipher seeded with a backdoor key. And there's no way to test the behavior of HWRNG on an ongoing basis; even if you had a test to run, it might switch to "stream cipher mode" under the covers.
This is not to say that RdRand is completely unusable. Putting RdRand entropy into a software pool implementation like /dev/urandom (or preferably, a higher-assurance multipool design like Fortuna) is a cheap way to prevent a putative backdoor from compromising your system state.
Now, there is a way that we can learn that a backdoor was included; if someone does a tear-down of a HWRNG and finds circuitry that has no purpose other than being a backdoor, that would be conclusive. AFAIK nobody has tried that experiment.
Weighing towards distrusting HWRNG we have the fact that NSA is reported (yesterday) to have intentionally backdoored Dual_EC_DRBG, and to have spent significant amounts of money to backdoor chip implementations, with enough success that they brag about it in administrative summaries.
So, I put a lot of credence in distrusting HWRNG black box implementations. But unfortunately we need a lot more reliable entropy. A fully open source, nothing up my sleeve hardware entropy source would be a huge improvement.
-andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Fri Sep 6 16:17:54 2013 From: jya at pipeline.com (John Young) Date: Fri, 06 Sep 2013 16:17:54 -0400 Subject: Cypherpunks Archive 1992-1998 In-Reply-To: <[email protected]> References: <[email protected]>
By year: http://cryptome.org/cpunks/cpunks-1992.zip (790KB) http://cryptome.org/cpunks/cpunks-1993.zip (7.4MB) http://cryptome.org/cpunks/cpunks-1994.zip (11.8MB) http://cryptome.org/cpunks/cpunks-1995.zip (10.1MB) http://cryptome.org/cpunks/cpunks-1996.zip (21.6MB) http://cryptome.org/cpunks/cpunks-1997.zip (20.7MB) http://cryptome.org/cpunks/cpunks-1998.zip (10.8MB)
Who October 26, 1996: http://cryptome.org/cpunks/cpnkwho-102296.txt (34KB)
At 03:06 PM 9/6/2013, you wrote: >On Fri, Sep 06, 2013 at 12:13:50PM -0400, grarpamp wrote: > > On 9/6/13, CypherPunk
From eugen at leitl.org Fri Sep 6 16:25:32 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 22:25:32 +0200 Subject: [cryptography] regarding the NSA crypto "breakthrough" Message-ID: <[email protected]>
----- Forwarded message from Tony Arcieri
Date: Fri, 6 Sep 2013 13:21:21 -0700 From: Tony Arcieri
On Fri, Sep 6, 2013 at 11:47 AM, James A. Donald
> Time to generate and select new elliptic curves by an open process, > wherein any large random quantities are chosen by a non secret process, > such as searching for the appropriate value nearest a round number. >
There are curves not selected by e.g. NIST with a published rationale for their selection, like Curve25519. Is there any reason why such curves can't be evaluated retroactively? http://cr.yp.to/ecdh/curve25519-20060209.pdf
See in particular Theorem 2.1.
-- Tony Arcieri
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 16:35:54 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 22:35:54 +0200 Subject: [Cryptography] tamper-evident crypto? Message-ID: <[email protected]>
----- Forwarded message from John Denker
Date: Fri, 06 Sep 2013 12:31:47 -0700 From: John Denker
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/05/2013 06:48 PM, Richard Clayton wrote: > so you'd probably fail to observe any background activity that tested > whether this information was plausible or not .... and then some chance > event would occur that caused someone from Law Enforcement (or even a > furnace maintenance technician) to have to look in the basement.
Well, I'm sure /somebody/ on this list is clever enough to arrange countersurveillance and counterintrusion measures... a) especially given that detecting surveillance and/or intrusion is the whole point of the exercise; b) especially given that we have all the time in the world to arrange boatloads of nanny-cams and silent alarms etc., arranging everything in advance, before provoking the opponent; c) especially given that we know it's a trap, and the opponent probably isn't expecting a trap; d) especially given that the opponent has a track record of being sometimes lazy ... for instance by swearing that the fruits of illegal wiretaps came from a "confidential informant who has been reliable in the past" and using that as the basis for a search warrant, at which point you've got them for perjury as well as illegal wiretapping, *and* you know your information security is broken; e) especially given that we get to run this operation more than once.
> (assuming that the NSA considered this [kiddie porn] > important enough to pursue) *) If they don't like that flavor of bait, we can give them something else. For example, it is known that there is a large-diameter pipeline from the NSA to the DEA. http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving- your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/ *) Again: We get to run this operation more than once.
I repeat the question from the very beginning of this thread: Shouldn't this be part of the /ongoing/ validation of any data security scheme?
There's a rule that says that you shouldn't claim a crypto system is secure unless it has been subjected to serious cryptanalysis. I'm just taking the next step in this direction. If you want to know whether or not the system is broken, /measure/ whether or not it is broken.
One of the rules in science, business, military planning, et cetera is to consider /all/ the plausible hypotheses. Once you consider the possibility that your data security is broken, the obvious next step is to design an experiment to /measure/ how much breakage there is.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iD8DBQFSKi2j2FOSJqrRXAoRAtJAAJ9zUubRz66YdcdRM3G3Wpx70TcDtgCgm9tE xiI/Ikqt4PbbTDZeC0sK9vI= =UYAV -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 16:36:50 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 22:36:50 +0200 Subject: [tor-talk] Tor users are not anonymous Message-ID: <[email protected]>
----- Forwarded message from "Carsten N."
Date: Fri, 06 Sep 2013 19:16:08 +0000 From: "Carsten N."
On 06.09.2013 18:55, grarpamp wrote: > Can you build, from the TC source, hash identical binaries to > the TC binaries TC distributes?
No - you can not compile the TC source without modification. The source code you can download from the website doesn't compile.
An analysis of Truecrypt was done by the Privacy-CD team: en: https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf de: https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-de.pdf
Best regards cane
-- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 16:48:20 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 22:48:20 +0200 Subject: [guardian-dev] Crazy Nate's Guardian Project Open-Source Secure App Emporium! Message-ID: <[email protected]>
----- Forwarded message from Nathan of Guardian
Date: Fri, 06 Sep 2013 12:19:51 -0400 From: Nathan of Guardian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Happy Friday everyone! Keep your chins up out there. https://www.youtube.com/watch?v=3KBcbumRX9I
Crazy Nate with an important message for all of you lamenting the loss of your private bits...
I am here with some good news...
Announcing the: Crazy Nate's Guardian Project Open-Source Secure App Emporium! All Year, All Time Blow Out Sale! with savings up to 100% for ever
We've got
Bots that eat Onions Onions for your Webs Browsers that can Proxy and Proxies that can Mobilize, Anonymize and Obfuscate!
Off-the-record Chats and On-the-record Cameras Blurry Cameras, Smart Cameras and everything in between!
And for you developers, developers, developers out there, don't think we forgot about you! Ciphers for your SQL Ciphers for your IO Ciphers for your Network and to wrap it up, the Lilest Debi evah!
We've got it all for the very low price of
FREEEEEE!
You get the app for free. The code for free. The developer support for free. You can mix it, mash it, slice it and dice it.
Free Code, Free Beer, Free Speech, what more can you want? and if you act now, we might just thrown in some Free Dumb too!
This is a non-limited time 365 day a year sale, with prices that are insane, but true!
Crazy Nate's Guardian Project Open-Source Secure App Emporium!
WOW! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKgCnAAoJEKgBGD5ps3qppAEP/3kp1q3FxYSpD7MoeCiVwXf1 DJwvhgat+5PXAg1GjTq2zJnoZpkEAlLRCifqUVsbw++3wRTNJOkENNHxAEAKdKtn KI7lDWmSeaT9JOCyYeGaZGi8GqiEuLfyHLZKtpgB5D0uasTdAc+zyU8RgI5mWZUa sLgWvXX4aLdQ9foHmtwasB8zNEXh3rcTEYOG2KXwgtfem2VNxJ7fno/73E822JFL Ji0Qp2JPEJVHozuWqx1OkfHOsJYP6N6tIw5HrpqUagY94Dlsn4pumvZ0sIYacrU6 ViEmFIr4XX4rP8JOrfQjaqyMKh44LbaX5CWBf+1Lq4b8kdryeKebfe4skq7ZpJOG yW5UhNecpL+0j7rD7iDpqiiqfVlRwils0WqDnFNiHzystPcYOWmo8I1QeAF1CL0L ZiOY1YSup0u/0IJmgazcD5zfadiROY0uEjZWLTlV9Ctbt2cGjFw25O5vDv+f39Fd yZDc5FqDt9DAWYaHoHE0/NnbDJ8NdfTr1geZ8SlQ0xQBvJbSlN7kRtsN0iavEfkS XbN1Dh1VYA8jHLdPbh1Pv9gYN4u7R4I6ylSRCNBlekZ/mFmc+XOfK8HqvQGIx+Ik p5yteUx9RzfFZzrWs0TrmcY2NNCd6Wwnmdd7OfwcniyBLbGOiDr4I9RLPMEKnI6W Rlkbb3Cu3yHoctdaV8ob =VA2N -----END PGP SIGNATURE----- ______Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org
You are subscribed as: eugen at leitl.org
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From sgreeran at gmail.com Fri Sep 6 16:53:38 2013 From: sgreeran at gmail.com (Steven Greeran) Date: Fri, 6 Sep 2013 13:53:38 -0700 Subject: Quantum Computer Access on the 20th Message-ID:
From eugen at leitl.org Fri Sep 6 16:55:58 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 22:55:58 +0200 Subject: [liberationtech] NYTimes and Guardian on NSA Message-ID: <[email protected]>
----- Forwarded message from Shava Nerad
Date: Fri, 6 Sep 2013 16:54:45 -0400 From: Shava Nerad
Basically the regulation says, in keeping with new DHS structures, if the governor is taking a bath and can't be disturbed, and there's an emergent situation, we get to just use any DHS chain of command and communications structure to call in reinforcements however we like, so WHEE! DRONE STRIKE!
Or whatever.
In Massachusetts, we're actually having to pass a *law* forbidding the SWAT teams in MA from deploying drone strikes. No kidding. They at least had the good graces to ask permission rather than forgiveness. Not sure if it was directly related, but it came up in June of this year. So we're turning them down in code. No toyz, boyz.
It's the implicit, not explicit, issues that are disturbing.
There have been a number of issues in the US having to do with energy, food security, border security and other converging simulation scenarios that are not necessarily overlapping with cybersecurity that have been used to wedge "reforms" out of civil liberties and LE/military/prison industry/border patrol practice in recent years by waving nightmare/doomsday scenarios in front of executive and congressional folks in the same way we see "children on the Internet" used over and over again. The same sort of erosion of rights, and the same asshattery.
It's not all our military, or LE, or whomever. But there does seem to be (forgive me gentlemen) a lot of unbridled testosterone out there, who think that the wargames on counters or on computers are the same things as life on the ground. They are "protecting our precious bodily fluids" as it were, and some few of the beltway companies and various contracting interests are making serious money off of all this I'm more than sure.
I had a lovely chat with the head of the MA ACLU last year, when Bill Binney came to speak at MIT. I told her that conspiracy theories were just made-for-TV-drama versions of history -- all the bits resolve too neatly, and really, they make people feel safer, because they are more understandable than studying real history, which is never a finite game. Conspiracy theories are chaff thrown against the sort of thing that happens like these NSA things, which are real conspiracies, which then seem unbelievable, and people deny, and decline to take action against.
Likewise, when boring Brazil-like executive orders float by tearing down checks and balances, or when folks like Binney & Co with their officerly demeaner telling us that the sky is falling in calm words respecting the Constitution and the dignity of the corps, it misses the public's conditioned response to expect excitement and bread and circuses with their conspiracies.
Why did Snowden get press when Binney did not? Because Snowden was a brave, disproportional, total dumbass, and exposed himself to be assassinated and called a traitor or as Ron Paul said -- have Obama send a drone up his ass.
He stole government documents, he committed espionage, he exposed things that compromised government programs. In all likelihood in most cases, deserved every bit of it, but I cringe here and there too that it came to this rather than internal and Congressional accountability -- please understand this is catastrophic that it had to come to this as an *external* reveal and is a failure of OVERSIGHT as well as internal common freaking sense -- and now it's criminal.
Snowden broke the law, committed civil disobedience in such a flamboyant way we may never be able to clear it up regardless of how much the wound needed to be cleansed. And there are people here who are going to say I am a bad person for saying that. I'm not judging him (I might have made the same decisions -- it's hard to know -- God, I hope I would never ever ever be in that position! I think I'd turn inside out...). It's an assessment. It would take full on whole culture truth and reconciliation in DC to sort this out.
And although I would love to see that happen, I can hardly imagine such a thing in the current climate.
It's like Watergate. Should never have happened. But there really is starting to feel like some systemic rot, and we need to start laying in more and more support to the folks we know who are working on the bolstering side of this...
I haven't talked to Ron Wyden for a while...hmm... Not much I can do from here though... yrs,
On Fri, Sep 6, 2013 at 1:28 PM, Matt Johnson
--
Shava Nerad shava23 at gmail.com
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From grarpamp at gmail.com Fri Sep 6 17:03:27 2013 From: grarpamp at gmail.com (grarpamp) Date: Fri, 6 Sep 2013 17:03:27 -0400 Subject: Random number generation influenced, HW RNG Message-ID:
On 9/6/13, Eugen Leitl
> However, I claim that the fear is well founded and should be taken into > account by all threat models. > > HWRNG is a nearly-uniquely difficult security problem to crack. By > definition it is impossible to prove that a black-box HWRNG is safe. > This is different from the security properties of a blackbox AES or > MODMUL accelerator, which can be demonstrated to conform > ... > By contrast, a properly functioning HWRNG cannot be tested in a way that > distinguishes it from the output of a stream cipher seeded with a > backdoor key. And there's no way to test the behavior of HWRNG on an > ongoing basis; even if you had a test to run, it might switch to "stream > cipher mode" under the covers.
Even dieharding the stream since inception is insufficient test.
> If your AES instructions don't do AES, then testing > against a software implementation will show it!
Unless some of those billion gates are dedicated to recognizing and modifying software AES to match, and every separate processor you might have handy to run software test on since AES came out has also been backdoored. There is always custom test rig or by hand.
> This is not to say that RdRand is completely unusable. Putting RdRand > entropy into a software pool implementation like /dev/urandom (or > preferably, a higher-assurance multipool design like Fortuna) is a cheap > way to prevent a putative backdoor from compromising your system state.
> Weighing towards distrusting HWRNG we have the fact that NSA is reported > (yesterday) to have intentionally backdoored Dual_EC_DRBG, and to have > spent significant amounts of money to backdoor chip implementations, > with enough success that they brag about it in administrative summaries. > > So, I put a lot of credence in distrusting HWRNG black box > implementations. But unfortunately we need a lot more reliable entropy. > A fully open source, nothing up my sleeve hardware entropy source would > be a huge improvement.
True, if you can't see and verify it you can't trust it. Assuming there is no aforementioned subversion in other parts of the CPU, an RNG is then of base importance to much crypto...
So what would be the cost per box to build 10,000 open source [1] RNG's [2] and sell them for middling/no profit? As assembled boxes, as you-build kits, or as free blueprints.
If you don't need speed/quantity for speedy/large OTP XOR streams, these hobby jobbers would suffice to seed software prngs, and work well in combination with other software sources. What would be the cost bumps for speedy units, still complying with [1 and 2], for various definitions of speed?
Dieharding this and any rng since inception over various block sizes would seem warranted to catch component and other failures [3], whereupon the /dev/
[1] For example, entirely from breadboard discrete logic you can buy and validate from any local parts supplier. ie: not using embedded asics or fancy usb fobs... but resistors, diodes, 74 series gates, etc.
[2] Based on radiation, radio, audio/video, environmentals, etc.
[3] Neutrino and other hits, Intel/AMD on-die gate failure, etc.
From eugen at leitl.org Fri Sep 6 17:04:28 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 23:04:28 +0200 Subject: [cryptography] Random number generation influenced, HW RNG Message-ID: <[email protected]>
----- Forwarded message from grarpamp
Date: Fri, 6 Sep 2013 17:03:27 -0400 From: grarpamp
On 9/6/13, Eugen Leitl
> However, I claim that the fear is well founded and should be taken into > account by all threat models. > > HWRNG is a nearly-uniquely difficult security problem to crack. By > definition it is impossible to prove that a black-box HWRNG is safe. > This is different from the security properties of a blackbox AES or > MODMUL accelerator, which can be demonstrated to conform > ... > By contrast, a properly functioning HWRNG cannot be tested in a way that > distinguishes it from the output of a stream cipher seeded with a > backdoor key. And there's no way to test the behavior of HWRNG on an > ongoing basis; even if you had a test to run, it might switch to "stream > cipher mode" under the covers.
Even dieharding the stream since inception is insufficient test.
> If your AES instructions don't do AES, then testing > against a software implementation will show it!
Unless some of those billion gates are dedicated to recognizing and modifying software AES to match, and every separate processor you might have handy to run software test on since AES came out has also been backdoored. There is always custom test rig or by hand.
> This is not to say that RdRand is completely unusable. Putting RdRand > entropy into a software pool implementation like /dev/urandom (or > preferably, a higher-assurance multipool design like Fortuna) is a cheap > way to prevent a putative backdoor from compromising your system state.
> Weighing towards distrusting HWRNG we have the fact that NSA is reported > (yesterday) to have intentionally backdoored Dual_EC_DRBG, and to have > spent significant amounts of money to backdoor chip implementations, > with enough success that they brag about it in administrative summaries. > > So, I put a lot of credence in distrusting HWRNG black box > implementations. But unfortunately we need a lot more reliable entropy. > A fully open source, nothing up my sleeve hardware entropy source would > be a huge improvement.
True, if you can't see and verify it you can't trust it. Assuming there is no aforementioned subversion in other parts of the CPU, an RNG is then of base importance to much crypto...
So what would be the cost per box to build 10,000 open source [1] RNG's [2] and sell them for middling/no profit? As assembled boxes, as you-build kits, or as free blueprints.
If you don't need speed/quantity for speedy/large OTP XOR streams, these hobby jobbers would suffice to seed software prngs, and work well in combination with other software sources.
What would be the cost bumps for speedy units, still complying with [1 and 2], for various definitions of speed?
Dieharding this and any rng since inception over various block sizes would seem warranted to catch component and other failures [3], whereupon the /dev/
[1] For example, entirely from breadboard discrete logic you can buy and validate from any local parts supplier. ie: not using embedded asics or fancy usb fobs... but resistors, diodes, 74 series gates, etc.
[2] Based on radiation, radio, audio/video, environmentals, etc.
[3] Neutrino and other hits, Intel/AMD on-die gate failure, etc. ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 17:04:55 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 23:04:55 +0200 Subject: [Cryptography] Bruce Schneier calls for independent prosecutor to investigate NSA Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Quoting:
All of this denying and lying results in us not trusting anything the NSA says, anything the president says about the NSA, or anything companies say about their involvement with the NSA. We know secrecy corrupts, and we see that corruption. There's simply no credibility, and -- the real problem -- no way for us to verify anything these people might say. https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html
-- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 17:16:54 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 23:16:54 +0200 Subject: [Cryptography] People should turn on PFS in TLS (was Re: Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption) Message-ID: <[email protected]>
----- Forwarded message from Anne & Lynn Wheeler
Date: Fri, 06 Sep 2013 16:48:01 -0400 From: Anne & Lynn Wheeler
As part of mapping "SSL" technology to payment transactions we had to audit operations selling "SSL" digital certificates and also came up with recommendations on how browsers and servers would deploy and use the technology. Almost immediately several of the recommendations were violated, resulting in some number of the exploits that continue to this day.
We were then tangentially involved in the Cal. data breach notification legislation, having been brought in to help wordsmith the Cal. electronic signature legislation. Many of the parties were heavily involved in privacy issues and had done numerous, indepth, public surveys. The number one issue was "identity theft" of the form involving fraudulent financial transactions ... frequently as result of data breach. The issue was nothing was being done about the problems and so it was hoped that the publicity from the notifications might motivate corrective action. Part of the issue is normally institutions take security measures in self-interests ... however, the institutions having breaches weren't at risk, it was the account holders.
PCI DSS shows up some time after Cal. data breach notification and frequently the joke is that if you have a breach ... you loose your PCI DSS certification. It turns out that there was a number of Federal "data breach notification" bills introduced, preempting state legislation and effectively eliminating notification requirements ... citing PCI DSS industry effort as justification for no longer needing notification.
Another problem we've frequently pointed out is current paradigm with "dual use" paradigm and even if the planet was covered in miles of information hiding encryption, it wouldn't stop data leakage. Account information is used for authenticating new transactions and so has a requirement that it be kept totally confidential and never divulged to anybody ... but at the same time, account information is needed in dozens of business processes at millions of locations around the planet. disclaimer: we were co-authors of the x9.59 financial transaction standard that slightly tweaked the current payment paradigm and eliminated the dual-use characteristic .... which then also eliminated the need to hide account information and as a result it also eliminated the need for SSL to hide account information in electronic commerce transactions .... eliminating the major requirement for SSL in the world today.
-- virtualization experience starting Jan1968, online at home since Mar1970 ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From billstclair at gmail.com Fri Sep 6 17:24:54 2013 From: billstclair at gmail.com (Bill St. Clair) Date: Fri, 6 Sep 2013 17:24:54 -0400 Subject: Random number generation influenced, HW RNG In-Reply-To:
On Fri, Sep 6, 2013 at 5:03 PM, grarpamp
Wow! They've solved the halting problem? That's much bigger news than the NSA being able to read SSL traffic.
-Bill ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Fri Sep 6 17:29:01 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 6 Sep 2013 23:29:01 +0200 Subject: [liberationtech] Find, fix and finish: Syrian activists targeted for online activities Message-ID: <[email protected]>
----- Forwarded message from Rafal Rohozinski
Date: Fri, 6 Sep 2013 17:20:10 -0400 From: Rafal Rohozinski
A sad story from Syria, part of our activities there. Depressing to see the Syrian regime forces adopting tactics developed by US joint special operations command against nonviolent activists.
Rafal
Find, fix and finish: Syrian activists targeted for online activities
6 September 2013. Assad regime forces arrested a Syrian non-violent activist in a regime-controlled area near Damascus. Recent reports suggest that he has been killed. Available information strongly suggests he was detained as a result of poor digital security practices. The case indicates that the Assad regime is still able and willing to monitor the online activities of Syrians. The regime is also prepared to detain and kill individuals for their online activities.
Please see the linked FlashNote for further information. http://gallery.mailchimp.com/eb7c0bde6ff78e88f9b0c8662/files/ SecDev_FlashNote11_FindFix_6Sept2013.pdf
Reportedly a member of the opposition, this individual's prominence in social media made him a target: his poor online security practices made him a victim. In Syrian shorthand, his crime was using social media to communicate with foreigners about the conflict.
It is tempting to assume that the Assad regime is too busy conducting a shooting war to monitor digital communications. That is clearly not the case. The regime continues to use social media SIGINT to find, fix and finish activists who are reliant on popular social media platforms. In this case, a life was lost because of poor digital security practices. But the repercussions are wider. The information obtained from the individual's unprotected cell phone and computer are a roadmap for Syrian security forces to intimidate, capture, and kill many others.
------More about our Syria activities here: https://www.facebook.com/SalamaTech https://syria.secdev.com https://salamatechwiki.org/index.php?title=??????_???????? ------
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 18:06:57 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 00:06:57 +0200 Subject: [Freedombox-discuss] [James Vasile] tinc rollout and fbox Message-ID: <[email protected]>
----- Forwarded message from Guus Sliepen
Date: Fri, 6 Sep 2013 23:36:34 +0200 From: Guus Sliepen
On Sat, Aug 10, 2013 at 03:37:06PM -0400, Sandy Harris wrote:
> " On the 15th of September 2003, Peter Gutmann posted a security > analysis of tinc 1.0.1. He argues that the 32 bit sequence number used > by tinc is not a good IV, that tinc?s default length of 4 bytes for > the MAC is too short, and he doesn?t like tinc?s use of RSA during > authentication. We do not know of a security hole in this version of > tinc, but tinc?s security is not as strong as TLS or IPsec. We will > address these issues in tinc 2.0. > > Gutmann is a well-known and respected expert. His best-known > paper was one back in the 90s on reading "erased" disk drives > and what bit patterns it took to block that. Most "secure erase" > utilities around use those suggestions (even though current > drives are quite different, so those may be inappropriate now). > He has done /a lot/ of other stuff as well. > > The current Tinc release is 1.0.21 > > My reading of that is that Tinc has known problems and > they probably will not be fixed soon. To me, that means > it is not ready for serious consideration as a component > for FreedomBox.
The documentation is perhaps a little outdated. All problems mentioned by Gutmann have been adressed in a new protocol that has been included in tinc 1.1pre3 and later.
If people are interested in using tinc to connect freedomboxes together, I would be happy to help fix any problems that might come up. Even if tinc (as it is) is not suitable for the Freedombox, I am very interested in discussing what the requirements are for the Freedombox regarding VPN functionality.
-- Met vriendelijke groet / with kind regards, Guus Sliepen
______Freedombox-discuss mailing list Freedombox-discuss at lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From sgreeran at gmail.com Fri Sep 6 18:25:05 2013 From: sgreeran at gmail.com (Steven Greeran) Date: Fri, 6 Sep 2013 15:25:05 -0700 Subject: Fwd: Quantum Computer Access on the 20th In-Reply-To:
------Forwarded message ------From: Steven Greeran
------IMPORTANT WARNING: This email (and any attachments) is only intended for the use of the person or entity to which it is addressed, and may contain information that is privileged and confidential. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Unauthorized redisclosure or failure to maintain confidentiality may subject you to federal and state penalties. If you are not the intended recipient, please immediately notify us by return email, and delete this message from your computer. ------
From eugen at leitl.org Fri Sep 6 18:33:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 00:33:51 +0200 Subject: [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from Maxim Kammerer
Date: Sat, 7 Sep 2013 00:51:19 +0300 From: Maxim Kammerer
On Fri, Sep 6, 2013 at 10:34 PM, Andy Isaacson
Nearly nothing from what you wrote is relevant to RDRAND, which is not a pure HWRNG, but implements CTR_DRBG with AES (unclear whether 128/192/256) from NIST SP 800-90A [1,2]. Interaction with hardware entropy source (ES) is implemented in microcode, so in case the relevant microcode is reverse-engineered (or relevant documentation obtained from Intel), it is possible to verify correctness of most of RDRAND operation. ES operation could be perhaps analyzed in a lab.
The choice of CTR_DRBG over (probably much faster) Hash_DRBG seems weird on first sight, but secure hashes are not yet available in Intel processors [3]. Of course, an interesting conspiracy theory would then be that NSA influenced Intel to delay secure hash instructions deployment after breaking AES in order to exploit an AESNI-based RDRAND.
[1] http://software.intel.com/en-us/articles/intel-digital-random-number-generator- drng-software-implementation-guide [2] http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf [3] http://software.intel.com/en-us/articles/intel-sha-extensions
-- Maxim Kammerer Libert? Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 19:31:38 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 01:31:38 +0200 Subject: [Cryptography] IA side subverted by SIGINT side Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Fri, 06 Sep 2013 10:27:58 -0700 From: John Gilmore
> I have a small amount of raised eyebrow because the greatest bulwark > we have against the SIGINT capabilities of any intelligence agency are > that agency's IA cousins. I don't think that the Suite B curves would > have been intentionally weak. That would be a shock.
Then be "shocked, shocked" that the muscular exploitation side of an intelligence agency would overrule the weak Information Assurance side. It happens over and over.
It even happens in companies that have no SIGINT side, like Crypto AG, when somebody near the top is corrupted or blackmailed into submission. As late as 1996, the National Academy of Sciences CRISIS panel was tasked by the US Congress with coming up with a US crypto policy that would be good for the whole nation, updating the previous policy that was driven by spy agency and law enforcement excesses to sacrifice the privacy and security of both people and companies. After taking a large variety of classified and unclassified input, the panel's unanimous consensus suggested that everybody standardize on 56-bit DES, which they KNEW was breakable.
Diffie, Hellman and Baran persuasively argued in the 1970s when DES was up for standardization that a brute force DES cracker was practical; they recommended longer keys than 56 bits. See for example this contemporaneous 1976 cassette recording / transcript:
https://www.toad.com/des-stanford-meeting.html
Subsequent papers in 1993 (Weiner, "Efficient DES Key Search") and in 1996 (Goldberg & Wagner, "Architectural Considerations for Cryptanalytic Hardware") provided solid designs for brute-force DES key crackers. Numerous cryptographers and cypherpunks provided input to the CRISIS panel as well. They even cited these papers and input on page 288 of their report.
I have never seen a subsequent accounting by the CRISIS panel members for this obviously flawed recommendation. It was rapidly obsoleted by subsequent developments when in June 1997 Rocke Verser coordinated a team to publicly crack DES by brute force in months; when in 1998 EFF revealed its DES Cracker hardware that cost $250K and could crack DES in a week; and when in 2000 the export regs were effectively removed on any strength encryption in mass market and free software, a change forced upon them by EFF's success in Dan Bernstein's First Amendment case.
The panel members included substantial information-assurance folks like Marty Hellman and Peter Neumann, Lotus Notes creator Ray Ozzie, and Willis Ware (an engineer on WW2 radars and the Johnniac, who later spread computers throughout aviation design and the Air Force, ended up at RAND, and served on the 1974 Privacy Act's Privacy Protection Study Commission). But several of those people (and others on the panel such as Ann Caracristi, long-term NSA employee and 2-year deputy director of NSA) also have a long history involved with classified military work, which makes their publicly-uttered statements unlikely to reflect their actual beliefs.
John
PS: The CRISIS panel also recommended that encryption of any strength be exportable "if the proposed product user is willing to provide access to decrypted information upon a legally authorized request". They assumed the ongoing existence of a democratic civilian government and a functioning independent court system in the United States -- an assumption that is currently questionable. I don't think the panel foresaw that a single "legally authorized request" would come with a gag order from a secret court, would purport to "target" a single unnamed individual, but would nevertheless require that information about every person making a phone call in the United States be turned over to a classified government agency for permanent storage and exploitation. Nor did they see that the government they were part of would be committing serious international war crimes including political assassination, torture, indefinite detention without trial, and wars of aggression, on an ongoing basis. Either that, or maybe NSA blackmailed the committee members into these recommendations, just as J. Edgar Hoover blackmailed his way through 40 years of unchecked power. Trouble is, Hoover eventually had to die; NSA, not being human, does not have that natural limit. ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 6 19:39:17 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 01:39:17 +0200 Subject: [Cryptography] NSA and cryptanalysis Message-ID: <[email protected]>
----- Forwarded message from ianG
Date: Fri, 06 Sep 2013 13:13:40 +0300 From: ianG
On 6/09/13 04:44 AM, Peter Gutmann wrote: > John Kelsey
It looks like it is "all of the above." These are the specific interventions I have seen mention of so far:
* weakened algorithms/protocols for big players (e.g., GSM, Cisco) * weakening of RNGs * inside access by 'covert agents' to hand over secrets (e.g., big 4) * corruption of the standards process (NIST 2006?) * corruption of certification process (CSC) * crunching of poor passwords * black ops to steal keys * black ops to pervert systems
Which makes sense. Why would the biggest player just do "one thing" ? No, they are going to do everything within their power. They'll try all the tricks. Why not, they've got the money...
What is perhaps more interesting is how these tricks interplay with each other. That's something that we'll have trouble seeing and imagining.
iang ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From lee at guardianproject.info Fri Sep 6 22:05:20 2013 From: lee at guardianproject.info (Lee Azzarello) Date: Fri, 6 Sep 2013 19:05:20 -0700 Subject: [guardian-dev] Crazy Nate's Guardian Project Open-Source Secure App Emporium! In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
Don't forget the Skype replacement ostel.co
-lee On Sep 6, 2013 1:52 PM, "Eugen Leitl"
> ----- Forwarded message from Nathan of Guardian < > nathan at guardianproject.info> ----- > > Date: Fri, 06 Sep 2013 12:19:51 -0400 > From: Nathan of Guardian
From grarpamp at gmail.com Sat Sep 7 04:19:42 2013 From: grarpamp at gmail.com (grarpamp) Date: Sat, 7 Sep 2013 04:19:42 -0400 Subject: [tor-talk] Tor users are not anonymous In-Reply-To: <[email protected]> References: <[email protected]>
On 9/6/13, Carsten N.
Just taking a moment to thank anyone reviewing the code of others. Regardless of how complete or accurate, or even in some cases dated, the review is... this donation of time to the betterment of some other project than your own is *important* and needed for the open source model to succeed, especially up against the adversaries we all face together. Thanks.
From eugen at leitl.org Sat Sep 7 04:34:00 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 10:34:00 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Fri, 06 Sep 2013 17:22:26 -0700 From: John Gilmore
Speaking as someone who followed the IPSEC IETF standards committee pretty closely, while leading a group that tried to implement it and make so usable that it would be used by default throughout the Internet, I noticed some things:
* NSA employees participted throughout, and occupied leadership roles in the committee and among the editors of the documents
* Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto. For example, using the same IV (initialization vector) throughout a session, rather than making a new one for each packet. Or, retaining a way to for this encryption protocol to specify that no encryption is to be applied.
* The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically". See for example:
https://www.schneier.com/paper-ipsec.html
That simplification never happened.
The IPSEC standards also mandated support for the "null" encryption option (plaintext hiding in supposedly-encrypted packets), for 56-bit Single DES, and for the use of a 768-bit Diffie-Hellman group, all of which are insecure and each of which renders the protocol subject to downgrade attacks.
* The protocol had major deployment problems, largely resulting from changing the maximum segment size that could be passed through an IPSEC tunnel between end-nodes that did not know anything about IPSEC. This made it unusable as a "drop-in" privacy improvement.
* Our team (FreeS/WAN) built the Linux implementation of IPSEC, but at least while I was involved in it, the packet processing code never became a default part of the Linux kernel, because of bullheadedness in the maintainer who managed that part of the kernel. Instead he built a half-baked implementation that never worked. I have no idea whether that bullheadedness was natural, or was enhanced or inspired by NSA or its stooges.
In other circumstances I also found situations where NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!). The resulting paralysis is how we ended up with encryption designed by a clueless Motorola employee -- and kept secret for years, again due to bad NSA export control advice, in order to hide its obvious flaws -- that basically XOR'd each voice packet with the same bit string! Their "encryption" scheme for the control channel, CMEA, was almost as bad, being breakable with 2^24 effort and small numbers of ciphertexts:
https://www.schneier.com/cmea-press.html
To this day, no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols. This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.
John Gilmore
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 04:35:43 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 10:35:43 +0200 Subject: [cryptography] Compositing Ciphers? Message-ID: <[email protected]> ----- Forwarded message from Jeffrey Walton
Date: Fri, 6 Sep 2013 20:27:47 -0400 From: Jeffrey Walton
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20 without a MAC) and wrapping it in AES with an authenticated encryption mode (or CBC mode with {HMAC|CMAC}).
I'm aware of, for example, NSA's Fishbowl running IPSec at the network layer (the "outer" encryption") and then SRTP and the application level (the "inner" encryption). But I'd like to focus on hardening one cipherstream at one level, and not cross OSI boundaries.
I'm also aware of the NSA's lightweight block ciphers (http://eprint.iacr.org/2013/404). I may have been born at night, but it was not last night....
Has anyone studied the configuration and security properties of a inner stream cipher with an outer block cipher?
Jeff ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 04:37:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 10:37:03 +0200 Subject: [cryptography] Compositing Ciphers? Message-ID: <[email protected]>
----- Forwarded message from Natanael
Date: Sat, 7 Sep 2013 02:53:22 +0200 From: Natanael
I think you should worry about your PRNG and it's seed before you focus on AES. Your key should both have enough entropy and be secret. Is your PRNG backdoored already? And I'm guessing the cipher mode probably matters a bit more than the exact choice of algorithm.
On Sat, Sep 7, 2013 at 2:27 AM, Jeffrey Walton
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 04:43:10 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 10:43:10 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Jon Callas
Date: Fri, 6 Sep 2013 17:58:33 -0700 From: Jon Callas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sep 6, 2013, at 6:23 AM, Jerry Leichter
> Is such an attack against AES *plausible*? I'd have to say no. But if you were on the stand as an expert witness and were asked under cross-examination "Is this *possible*?", I contend the only answer you could give is "I suppose so" (with tone and body language trying to signal to the jury that you're being forced to give an answer that's true but you don't in your gut believe it).
I'd be happy to give a different answer, like -- almost certainly not.
> > Could an encryption algorithm be explicitly designed to have properties like this? I don't know of any, but it seems possible. I've long suspected that NSA might want this kind of property for some of its own systems: In some cases, it completely controls key generation and distribution, so can make sure the system as fielded only uses "good" keys. If the algorithm leaks without the key generation tricks leaking, it's not just useless to whoever grabs onto it - it's positively hazardous. The gun that always blows up when the bad guy tries to shoot it....
We know as a mathematical theorem that a block cipher with a back door *is* a public- key system. It is a very, very, very valuable thing, and suggests other mathematical secrets about hitherto unknown ways to make fast, secure public key systems.
To me, it's like getting a cheap supply of gold and then deciding you'll make bullets out of it instead of lead. To riff on that analogy, it feels like you're suggesting that they would shoot themselves in the foot because they know that the bullet fragments will hurt their opponent.
That's why I say almost certainly not. It suggests irrationality beyond my personal ken. It's something I classify colloquially as "too stupid to live."
My assumptions about the NSA are that they're smart, clever, and practical. Conjectures about their behavior that deviate from any of those axes ring false to the degree that they deviate from that.
My conjectures start with assuming they're at least as smart as me, and I start with "what would I do if I were them?" I think they're smart enough not to attack the strong points of the system, but the weak points. I think they're smart enough to prefer operating in stealth.
Yeah, yeah, sure, if with those resources I stumbled into a fundamental mathematical advantage, I'd use it. But I would use it to maximize my gain, not to be gratuitously sneaky.
The math we know about block ciphers suggests (not proves, suggests) that a back door in a cipher is impractical, because it would imply the holy grail of public key systems -- fast, secure, public key crypto. It suggests secure trapdoor functions that can be made out of very simple components.
If I found one, it would be great, but I'd devote my resources to places where I technology is on my side. Those include network security and software security, along with traffic analysis.
If I wanted to devote research resources, I'd be looking closely at language-theoretic security. I'd be paying close attention to the fantastic things that have come out of there.
The stuff that Bangert, Bratus, Shapiro, and Smith did on turning an MMU into a Turing machine is where I'd devote research, as well as their related work on "weird machines."
I apologize for repeating myself, but I'd fight the next war, not the last one.
Jon
-----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFSKno7sTedWZOD3gYRAjMUAJ9qDQcQZVr/1580qZStlu/7fFgLIwCg2U5r WFth65Vi4GIDF1wu5oVukYs= =M/f+ -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 05:46:09 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 11:46:09 +0200 Subject: [tor-talk] NIST approved crypto in Tor? Message-ID: <[email protected]>
----- Forwarded message from "Sebastian G.
Date: Sat, 07 Sep 2013 11:25:24 +0200 From: "Sebastian G.
Hi,
Tor switches over to ECC what's a reasonable step.
I'm unable to find the blog post (or maybe it was an official comment on the blog) [With DDG and StartPage] where someone said that if the NIST (I guess) is not lying ECC is safe.
Is the ECC used by Tor in some way certified by NIST?
Are other parts of Tor certified by NIST?
Recent leaks revealed that the NSA spends many resources in influencing standards to make their lives easier (or not too hard). NIST could be either participating or tricked into preferring standards that are weak in some regard. Note that I'm not saying that this is the case, but it could be.
I was able (it was not a blog post, it was an essay) to find what Bruce Schneier wrote about the NSA preferring a weak random-number-generator. [1]
Quotes [my comments, notes]: "The U.S. government released a new official standard for random-number generators this year [essay from 2007], and it will likely be followed by software and hardware developers around the world."
"(...) the 130-page document contains four different approved techniques, called (...) "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves."
" (...) one of those generators (...) Dual_EC_DRBG [elliptic], (...) three orders of magnitude slower than its peers."
" It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute."
"The math is complicated, but the general point is that the random numbers it produces have a small bias. [2006 knowledge]"
"But today [2007] there's an even bigger stink brewing around Dual_EC_DRBG" (...) Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described as a backdoor."
"There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from."
" (...) these numbers have a relationship with a second, secret set of numbers (...). If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. (...) you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."
"The researchers don't know what the secret numbers are. (...) the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem."
" (...) we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG [or not, we can't know]"
Read the full essay which contains links to papers if you are interested.
And the NSA work on standards repeatedly. "The NSA has always been intimately involved in U.S. cryptography standards -- it is, after all, expert in making and breaking secret codes."
That's also what comes out of the Snowden leaks.
I understand that ECC used for Tor is different from what the essay is about.
However the NSA may found something it can exploit in ECC and made NIST (maybe unknowingly) standardize the curve (or whatever) that is most vulnerable or recommends for a weak one, or for too short keys.
Does Tor use stuff certified or recommended by NIST?
If so would it be reasonable to move to international standards (whatsoever) without the involvement of NIST and NSA 'consultation'? (Completely unrelated to what might be going on, just as defense-in-depth.)
The NSA likes playing around. [2][3] (found while searching)
Oh and I'm not trying fear-mongering here or try to conspire whenever or not the NSA has subverted cryptographic functions (in one way or another).
Best, Sebastian G.
[1] https://www.schneier.com/essay-198.html [2] https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html [3] https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 06:30:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 12:30:51 +0200 Subject: [Cryptography] NSA hates sunshine Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Fri, 06 Sep 2013 19:13:17 -0700 From: John Gilmore
> > As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. > > For some value of "forbidden". :-)
Yeah, just like employees at big companies are "forbidden" to reveal how they are collaborating with NSA.
Years ago I heard what happened when George Davida filed a patent on something related to encryption, all the way back in 1978, and eventually received a communication from the government telling him that his patent was subject to patent secrecy, that it would never issue, and that he could not even tell anyone that it had been suppressed, nor could he ever tell anyone how his invention worked. In theory, the law was all on the NSA's and the patent office's side. But in fact, they were in a very weak position.
Instead of acquiescing, Davida shouted it to the housetops, engaged the press and his university about censorship of academic freedom, involved his Congressperson, etc. Within months, the secrecy order was rescinded.
NSA hates sunshine. NSA secrecy relies on the cowardice of most people. Courage is all it takes to beat them.
If NSA tries to shut you up, just shine a lot of attention on their attempt to shut you up. Spread the information that they are trying to suppress, far and wide. Send copies to a dozen random post-office boxes in different cities, asking the recipient to physically bring it in to their local newspaper. Leave your cellphone at home, then stash copies in places that you don't frequent, so that government agents can't come raid your house and office and steal all copies of what they're trying to suppress. In my case I posted something like this (a suppressed paper by Ralph Merkle) to Usenet, and it was suddenly on thousands of servers overnight.
NSA habitually decides that the publicity that their activities get from any continued effort to suppress the information is FAR worse than the damage caused by the initial release of the info. Any efforts they make to shut you up, prosecute you, jail you, etc give you a perfect soapbox, and the attention of the news media and the public. Keep repeating the info, from your jail cell if necessary, and you're likely to win. Because if NSA relents, your revelations become "last week's news" and get a lot less public attention. When NSA found out I had copies of an early encryption tutorial that they considered classified (I was suing them under FOIA to get a copy, but then found copies in a public library), they first tried to persuade my lawyer to "bring in all the copies so we can secure them in a safe place". That's NSA-ese for "throw them down a deep hole where you'll never see them again". When we refused, and instead contacted the New York Times, which printed a story about the attempted suppression, NSA and DoJ buckled within one day. (Indeed, the way I found out they had suddenly declassified the document is that they called the NYT reporter to tell him. They never did tell me; I got the news from the reporter.)
As part of suing the government, the Al Haramain foundation accidentally received a government report making it clear that the government had illegally wiretapped their phone calls. They noticed this but it took the government 60 days to notice. Unfortunately, instead of making hundreds of copies of the document, and spreading them all over the world and to the press, they did what the government asked, and destroyed all their copies of the document. Once all copies of the document were gone, NSA went to the court and claimed first that the whole thing was a state secret and couldn't proceed, and then second that the group didn't have any standing to challenge the wiretaps in court because Al Haramain (now) had zero evidence that the taps had even occurred. The foundation and their lawyers have literally spent years of work recovering from that one mistake, and only the kind indulgence of a smarter than average judge enabled their lawsuit to survive at all. See this story by one of their lawyers:
http://www.salon.com/2008/07/09/alharamain_lawsuit/
Don't make the same mistake when NSA, or their minions at the FBI or FISA or DoJ come to threaten YOU to suppress information that came to you through no fault of your own.
John Gilmore
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 07:00:56 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 13:00:56 +0200 Subject: [Cryptography] Why prefer symmetric crypto over public key crypto? Message-ID: <[email protected]>
----- Forwarded message from "Marcus D. Leech"
Date: Fri, 06 Sep 2013 23:51:49 -0400 From: "Marcus D. Leech"
> > The magic of public key crypto is that it gets rid of the key > management problem -- if I'm going to communicate with you with > symmetric crypto, how do I get the keys to you? The pain of it is > that it replaces it with a new set of problems. Those problems > include that the amazing power of public-key crypto tempts one to > do things that may not be wise. > I find public-key cryptography to be full of "dirty little secrets". Some of the notions inherent in public-key *infrastructure* are, on the face of them, preposterous. Consider the notion of a certificate authority. I am to trust some third party (the CA) that I've never met, and have not the slightest reason to trust, is able to make a "believable" assertion about the identity (and corresponding public-key binding), of some *other* party I've never met, and have no real reason to trust. It always struck me as another instance of "there's no problem in CS that can't be solved by adding another layer of abstraction". I think this is an instance of a general problem with digitally-signed documents of all kinds: confusion about exactly what they are--a signature on a document (like a certificate) says nothing about the *essential truth* of the statements contained within the document. When SlushySign issues a certificate for "www.crowbars-r-us.com", there's a subtle distinction between "we believe this to be the appropriate binding between this public-key, and an entitity known as www.crowbars-r-us.com" and "this really is the binding between this pubic-key, and the entity you all know as www.crowbars-r-us.com".
I started thinking about the "essential truth" problem back when the whole TPM thing was popular, and proponents were talking as if the digital signature of a computer stating that it was "sane" was somehow the same is said computer actually being "sane". Absent independent verification, there's no way to distinguish a strongly-signed "lie" from a strongly-signed "truth". That isn't necessarily a problem that's confined to PK systems. Any digital-signature scheme has that problem.
The other thing that I find to be a "dirty little secret" in PK systems is revocation. OCSP makes things, in some ways, "better" than CRLs, but I still find them to be a kind of "swept under the rug" problem when people are waxing enthusiastic about PK systems.
However, PK is the only pony we've managed to bring to this circus, so, we we "make do" with making the "dirty little secrets" as inoffensive as we can.
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 07:14:02 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 13:14:02 +0200 Subject: [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from Andy Isaacson
Date: Fri, 6 Sep 2013 22:24:00 -0700 From: Andy Isaacson
On Sat, Sep 07, 2013 at 12:51:19AM +0300, Maxim Kammerer wrote: > On Fri, Sep 6, 2013 at 10:34 PM, Andy Isaacson
That's the claimed design, yes. I see no particular reason to believe that the hardware in my server implements the design. I can't even test that the AES whitening does what it is documented to do, because Intel refused to provide access to the prewhitened input.
Providing accessible "test points" (software interfaces to the innards of the implementation, with documentation of expected behavior between the components) would be the absolute minimum to provide believable assurance of the absence of a backdoor. Better would be documents from Intel of how the chip is designed at the mask level, and a third party mill-and-microphotograph of a retail chip showing that the shipped implementation matches the design.
Intel will never go for that, of course, since their chip masks are their jealously guarded IP. Since they can't provide evidence of a lack of a backdoor, any reasonably cautious user should avoid depending on Intel's implementation.
-andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 14:21:37 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 20:21:37 +0200 Subject: [tor-talk] NSA has cracked web encryption! Message-ID: <[email protected]>
----- Forwarded message from krishna e bera
Date: Sat, 07 Sep 2013 12:02:06 -0400 From: krishna e bera
On 13-09-06 10:26 PM, Nick Mathewson wrote: > Over the 0.2.5 series, I want to move even more things (including > hidden services) to curve25519 and its allies for public key crypto. > I also want to add more hard-to-implement-wrong protocols to our mix: > Salsa20 is looking like a much better choice to me than AES nowadays, > for instance. I also want to support more backup entropy sources.
Schneier says in the Guardian [1]:
"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can." and in Wired [2]: " Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily.
If we think that?s the case, the fix is easy: increase the key lengths.
The NSA can make use of everything discovered and openly published by the academic world, as well as everything discovered by it in secret. Assuming the hypothetical NSA breakthroughs don?t totally break public-cryptography ? and that?s a very reasonable assumption ? it?s pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We?re already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits. "
Are there some assurances that Tor is using the best parameters on its symmetric, public key and curve cryptography? And how can we check?
[1] http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
[2] http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas- cryptanalytic-capabilities/
-- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 14:49:39 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 20:49:39 +0200 Subject: [tor-talk] NIST approved crypto in Tor? Message-ID: <[email protected]>
----- Forwarded message from Nick Mathewson
Date: Sat, 7 Sep 2013 13:02:04 -0400 From: Nick Mathewson
On Sat, Sep 7, 2013 at 5:25 AM, Sebastian G.
The TLS ECDH groups P-256 and P-224 are NIST-certified. For circuit extension, we use Dan Bernstein's non-NIST-certified curve25519 group.
> Are other parts of Tor certified by NIST?
NIST has certified tons of stuff, including AES and SHA1 and SHA256 and SHA3. If you're jumping ship from NIST, you need to jump ship from those as well.
Of all the NIST stuff above, my suspicion is not that they are cryptographically broken, but that they are deliberately hard to implement correctly: see * http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf (on the P groups) and * http://cr.yp.to/antiforgery/cachetiming-20050414.pdf (on AES)
Also, we're not using DSA, but DSA (as recommended by NIST) fits into this pattern: DSA (as recommended by NIST) requires a strong random number generator to be used when signing, and fails terribly in a way that exposes the private key if the random number generator is the least bit week or predictable. (see https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity)
To me, this suggests a trend of certifying strong cryptographic algorithms while at the same time ensuring that most implementations will be of poor quality. That's just speculation, though.
(And I'm probably falling to the fallacy where you assume that whatever results somebody gets are the ones they wanted.) Of course, the "deliberately" in "deliberately hard to implement correctly" is almost impossible to prove. Is it nearly impossible to write a fast side-channel-free AES implemenation in C because because of a nefarious conspiracy, or simply because cryptographers in 2000 didn't appreciate how multiplication in GF(2^8) wasn't as software-friendly a primitive? (Looking at the other AES finalists, I see a bunch of other hard-to-do-right-in-fast-software stuff like GF(2^8) multiplication and table-based s-boxes.) Are the ECC P groups shaped that way for nefarious reasons, or simply because the standards committee didn't have an adequate appreciation of the software issues?
And it's not like NIST standards are the only ones that have problems. TLS is an IETF standard, but TLS implementations today have three basic kinds of ciphersuirte: a fraught-with-peril CBC-based pad-MAC-then-encrypt kind where somebody finds a new active attack every year or so; a stream-cipher-based kind where the only supported stream cipher is the ridiculously bad RC4, and an authenticated encryption kind where the the AEAD mode uses GCM, which is also hard to do in a side-channel-free way in software.
Conspiracy, or saboteurs in the (international) TLS working group, or international bureaucratic intertia? Who can say?
And let's not mention X.509. Let's just not, okay? X.509 is byzantine in a way that would make any reasonable implementor's head spin, *and* the X.509 CA infrastructure is without a doubt one of the very worst things in web security today. And it's an international standard.
[...] > I understand that ECC used for Tor is different from what the essay is > about. > > However the NSA may found something it can exploit in ECC and made NIST > (maybe unknowingly) standardize the curve (or whatever) that is most > vulnerable or recommends for a weak one, or for too short keys. > > Does Tor use stuff certified or recommended by NIST?
Yes; see above. Also, there were once NIST recommendations for using TLS; I have no idea whether we're following them or not. (There are NIST recommendations for nearly )
> If so would it be reasonable to move to international standards > (whatsoever) without the involvement of NIST and NSA 'consultation'? > (Completely unrelated to what might be going on, just as defense-in-depth.)
I'm not sure that there *are* international-standards recommendations for ECC groups or for ciphers that diverge from NIST's. The IETF is an international body, after all, and TLS standards have been happily recommending SHA1, SHA256, AES, DSA, and the P groups for ages. (See also notes above about the not-much-betterness of international stuff.)
With any luck, smart cryptographers will start to push non-NIST curves and ciphers into prominence. I've got some hopes for the EU here; ECRYPT and ECRYPT II produced some exceptionally worthwhile results; I hope that whoever makes funding decisions funds a nice targeted ECRYPT III some time.
As I said on another mail, I've got a mind to move a lot of our crypto for other reasons, as well.
The elephant in the room here is TLS itself. Frankly, I'm starting to think we should cut the Gordian Knot here and start a little independent protocol group of our own if the TLS working group can't get its act together and have one really good ciphersuite some time soon.
> The NSA likes playing around. [2][3] (found while searching) > > Oh and I'm not trying fear-mongering here or try to conspire whenever or > not the NSA has subverted cryptographic functions (in one way or another).
Yeah, I know how it is. I'm seeing conspiracies under every protocol and in every patch these days. Gotta stay focused, write the best protocols and designs and software I can, and maintain.
(And with that in mind I should really start on my weekend soon.) peace, -- Nick -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 16:26:32 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 22:26:32 +0200 Subject: [cryptography] Random number generation influenced, HW RNG Message-ID: <[email protected]>
----- Forwarded message from Thor Lancelot Simon
Date: Sat, 7 Sep 2013 15:36:33 -0400 From: Thor Lancelot Simon
On Sat, Sep 07, 2013 at 09:05:33PM +0200, Eugen Leitl wrote: > > This pretty much rules out CPU-integral RNGs. It has to be > a third-party add-on (USB or PCIe), and it has to be open hardware.
I think you take this more than a little too far. I see CPU-integral RNGs as very valuable source to be mixed with other sources in a software pool of entropy. Why should we reject them, unless we think the mixing functions themselves are useless?
The lesson here seems to me to be that we should be far more assiduous in seeking out additional sources of entropy and in always ensuring software RNGs mix input from multiple such sources into all output. We should abandon sacred cows like the notion of information-theoretic randomness (that we don't actually know how to measure, but in pursuit of which we hamstring our software RNGs by arranging that they refuse to produce any output unless, by some questionable criterion, there is enough of it) and pursue engineering goals we can actually achieve, like mixing enough other-source input, of whatever quality, with the output of fast generators we can no longer trust that the adversary must actually attack the mixing function, rather than iteratively guessing the few state bits he does not already know.
Secondarily -- and sadly! -- we must now be very suspicious of devices that integrate random number generation and encryption. Can we even trust raw hardware RNG output for the generation of IVs? I would argue not, because the same device's AES engine could be leaking key bits into our explicit IVs, etc, and we couldn't ever know. Devices that offload packet processing in its entirety (SSL accellerators, IPsec accellerators, etc.) have even more opportunity to do this sort of thing. Hardware crypto offload may still be very useful -- random number generation perhaps in particular -- but we will have to apply it with extreme care, and with a deliberate eye towards eliminating covert channels put in place by people at least as smart as we are, and with far more time and experience thinking about the problem from the offensive point of view.
Finally, we have to accept that the game might just be over, period. So you use a pure software RNG, mixing in RdRand output or not as you may prefer. How hard do you think it is to identify the datastructures used by that RNG if you can execute code on a coprocessor with access to host RAM? Almost every modern server has such a coprocessor built in (its management processor) and you won't find the source code to its firmware floating around. Intel even puts this functionality directly on its CPUs (Intel AMT). Rather than beating up on the guy who put a lovely RNG instruction into every processor we're likely to use any time soon, it seems to me we ought to be beating up on ourselves for ignoring far simpler and more obvious risks like this one for well over a decade.
Seriously, show of hands, who here has ever really put his or her foot down and insisted that a product they were purchasing _omit_ such functionality? Not chosen not to pay for it, refused to buy server X or mainboard Y simply on the basis that management processor functionality was onboard? Now, compare to the number of people complaining about backdoored RNGs here and elsewhere on the Internet. Go figure.
To me the interesting question, but one to which I don't expect to ever know the answer, is whether the adversary -- having, we can assume, identified high value devices to systematically compromise, and lower value devices to defer for later or simply ignore entirely -- went at those devices sniper-style, or shotgun-style. Were a few key opportunities for tampering identified, and one or two attempted against each targeted device? Or were a wide variety of avenues explored, and every single one that seemed relevant attempted everywhere, or at least against certain particularly high value devices? If we knew that, in a way we might know, when we did finally see concrete evidence of a particular kind of tampering, how long to keep looking for more.
But we aren't going to know that, no matter how much we might want to. Attacks on crypto hardware, attacks on management processors, attacks on supervisory or trusted execution modes seldom exercised in normal system operation, attacks on flash modules holding boot code, so that under the right circumstances they replace page P with evil page P', attacks on elements of IC vendors' standard cell libraries (DMA engines would seem promising); assume the adversaries are smart, and good at their jobs, and the sky would seem to be the limit.
The sky will fall, of course, when various nation-states' agencies really start digging for the holes punched in all of our security by the agencies of others (not my own observation, I should note). Too much of this stuff will become all-too-common knowledge. It's going to be quite a ride.
But I see no reason to beat up on hardware random number generators *in particular*. They are, at least, tools we may still be able to figure out how to use in a safe way.
Thor
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sat Sep 7 17:02:57 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 7 Sep 2013 23:02:57 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Phillip Hallam-Baker
Date: Sat, 7 Sep 2013 16:20:18 -0400 From: Phillip Hallam-Baker
On Sat, Sep 7, 2013 at 3:13 PM, Gregory Perry
> >If so, then the domain owner can deliver a public key with authenticity > >using the DNS. This strikes a deathblow to the CA industry. This > >threat is enough for CAs to spend a significant amount of money slowing > >down its development [0]. > > > >How much more obvious does it get [1] ? > > The PKI industry has been a sham since day one, and several root certs > have been compromised by the proverbial "bad guys" over the years (for > example, the "Flame" malware incident used to sign emergency Windows > Update packages which mysteriously only affected users in Iran and the > Middle East, or the Diginotar debacle, or the Tunisian "Ammar" MITM > attacks etc). This of course is assuming that the FBI doesn't already > have access to all of the root CAs so that on domestic soil they can > sign updates and perform silent MITM interception of SSL and > IPSEC-encrypted traffic using transparent inline layer-2 bridging > devices that are at every major Internet peering point and interconnect, > because that would be crazy talk. >
Before you make silly accusations go read the VeriSign Certificate Practices Statement and then work out how many people it takes to gain access to one of the roots.
The Key Ceremonies are all videotaped from start to finish and the auditors have reviewed at least some of the ceremonies. So while it is not beyond the realms of possibility that such a large number of people were suborned, I think it drastically unlikely.
Add to which Jim Bizdos is not exactly known for being well disposed to the NSA or key escrow.
Hacking CAs is a poor approach because it is a very visible attack. Certificate Transparency is merely automating and generalizing controls that already exist.
But we can certainly add them to S/MIME, why not. -- Website: http://hallambaker.com/
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 05:25:43 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 11:25:43 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Gregory Perry
Date: Sat, 7 Sep 2013 21:14:47 +0000 From: Gregory Perry
On 09/07/2013 05:03 PM, Phillip Hallam-Baker wrote:
Good theory only the CA industry tried very hard to deploy and was prevented from doing so because Randy Bush abused his position as DNSEXT chair to prevent modification of the spec to meet the deployment requirements in .com.
DNSSEC would have deployed in 2003 with the DNS ATLAS upgrade had the IETF followed the clear consensus of the DNSEXT working group and approved the OPT-IN proposal. The code was written and ready to deploy.
I told the IESG and the IAB that the VeriSign position was no bluff and that if OPT-IN did not get approved there would be no deployment in .com. A business is not going to spend $100million on deployment of a feature that has no proven market demand when the same job can be done for $5 million with only minor changes.
And this is exactly why there is no real security on the Internet. Because the IETF and standards committees and working groups are all in reality political fiefdoms and technological monopolies aimed at lining the pockets of a select few companies deemed "worthy" of authenticating user documentation for purposes of establishing online credibility.
There is no reason for any of this, and I would once again cite to Bitcoin as an example of how an entire secure online currency standard can be created and maintained in a decentralized fashion without the need for complex hierarchies of quasi-political commercial interests.
Encrypting SMTP is trivial, it's all about the standard to make it happen. Encrypting IPv6 was initially a mandatory part of the spec, but then it somehow became discretionary. The nuts and bolts of strong crypto have been around for decades, but the IETF and related standards "powers to be" are more interested in creating a global police state than guaranteeing some semblance of confidential and privacy for Internet users.
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:27:46 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:27:46 +0200 Subject: [cryptography] Random number generation influenced, HW RNG Message-ID: <[email protected]>
----- Forwarded message from "James A. Donald"
Date: Sun, 08 Sep 2013 08:34:53 +1000 From: "James A. Donald"
On 2013-09-08 3:48 AM, David Johnston wrote: > Claiming the NSA colluded with intel to backdoor RdRand is also to > accuse me personally of having colluded with the NSA in producing a > subverted design. I did not.
Well, since you personally did this, would you care to explain the very strange design decision to whiten the numbers on chip, and not provide direct access to the raw unwhitened output.
A decision that even assuming the utmost virtue on the part of the designers, leaves open the possibility of malfunctions going undetected.
That is a question a great many people have asked, and we have not received any answers.
Access to the raw output would have made it possible to determine that the random numbers were in fact generated by the physical process described, since it is hard and would cost a lot of silicon to simulate the various subtle offwhite characteristics of a well described actual physical process.
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:48:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:48:40 +0200 Subject: [Cryptography] Bruce Schneier has gotten seriously spooked Message-ID: <[email protected]>
----- Forwarded message from Brian Gladman
Date: Sat, 07 Sep 2013 09:33:28 +0100 From: Brian Gladman
On 07/09/2013 01:48, Chris Palmer wrote: >> Q: "Could the NSA be intercepting downloads of open-source encryption software and silently replacing these with their own versions?" > > Why would they perform the attack only for encryption software? They > could compromise people's laptops by spiking any popular app.
Because NSA and GCHQ are much more interested in attacking communictions in transit rather than attacking endpoints.
Endpoint attacks cost more to undertake, only give access to a limited amount of data and involve much greater risks that their attack will either be discovered or their means of attack will leave evidence of what they have done and how they have done it. The internal bueaucratic costs of gaining approval for (adverarial) endpoint attacks also makes it a more costly process than the use of network based interception.
There is significant use of open source encryption software in end to end encryption solutions, in file archivers, in wifi and network routers, and in protecing the communications used to manage and control such components when at remote locations. The open source software is provided in source code form and is compiled from source in a huge number of applications and this means that the ability to covertly substitute broken source code could provide access to a huge amount of traffic without the risks involved in endpoint attacks.
I stress that I am NOT suggesting that this has happened (or is happening), simply that it has attractions from an NSA/GCHQ viewpoint. Fortunately, I think it is a difficult attack to mount covertly (that is, without the acqiecience of the author(s) of the software in question).
On the more general debate here, in my view, 'security for the masses' through the deployment of encryption is a 'pipe dream' that isn't going to happen. Functionality (and the complexity that comes with it) is the enemy of security and it is very clear that the public places a much higher value on functionality than it does on security (or privacy).
Every time a new device comes onto the market, it starts with limited functionality and some hope of decent security but rapidly evolves to be a high functionality product in which the prospect of decent security declines rapidly to zero. Raspberry Pis look interesting _now_ but I would be willing to bet that they won't buck the trend of increasing funtionality and declining security simply because this is what the majority in even this limited user community will want.
To buck this trend we need an effort like the Raspberry Pi effort but one driven by our community with a strong commitment to simplicty and deliberately limited functionality in both hardware and software.
Brian Gladman
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:49:44 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:49:44 +0200 Subject: [Cryptography] XORing plaintext with ciphertext Message-ID: <[email protected]>
----- Forwarded message from Jerry Leichter
Date: Sat, 7 Sep 2013 07:25:43 -0400 From: Jerry Leichter
On Sep 7, 2013, at 4:13 AM, Jon Callas wrote: >> Take the plaintext and the ciphertext, and XOR them together. Does the >> result reveal anything about the key or the painttext? > > It better not. That would be a break of amazing simplicity that transcends broken. The question is much more subtle than that, getting deep into how to define a the security of a cipher.
Consider a very simplified and limited, but standard, way you'd want to state a security result: A Turing machine with an oracle for computing the encryption of any input with any key, when given as input the cyphertext and allowed to run for time T polynomial in the size of the key, has no more than an probability P less than (something depending on the key size) of guessing any given bit of the plaintext. (OK, I fudged on how you want to state the probability - writing this stuff in English rather than mathematical symbols rapidly becomes unworkable.) The fundamental piece of that statement is in "given as input..." part: If the input contains the key itself, then obviously the machine has no problem at all producing the plaintext! Similarly, of course, if the input contains the plaintext, the machine has an even easier time of it.
You can, and people long ago did, strengthen the requirements. They allow for probabilistic machines as an obvious first step. Beyond that, you want semantic security: Not only shouldn't the attacking machine be unable to get an advantage on any particular bit of plaintext; it shouldn't be able to get an advantage on, say, the XOR of the first two bits. Ultimately, you want so say that given any boolean function F, the machine's a postiori probability of guessing F(cleartext) should be identical (within some bounds) to its a priori probability of guessing F(cleartext). Since it's hard to get a handle on the prior probability, another way to say pretty much the same thing is that the probability of a correct guess for F(cleartext) is the same whether the machine is given the ciphertext, or a random sequence of bits. If you push this a bit further, you get definitions related to indistinguishability: The machine is simply expected to say "the input is the result of apply ing the cipher to some plaintext" or "the input is random"; it shouldn't even be able to get an advantage on *that* simple question.
This sounds like a very strong security property (and it is) - but it says *nothing at all* about the OP's question! It can't, because the machine *can't compute the XOR of the plaintext and the ciphertext*. If we *give* it that information ... we've just given it the plaintext!
I can't, in fact, think of any way to model the OP's question. The closest I can come is: If E(K,P) defines a strong cipher (with respect to any of the variety of definitions out there), does E'(K,P) = E(K,P) XOR P *also* define a strong cipher? One would think the answer is yes, just on general principles: To someone who doesn't know K and P, E(K,P) is "indistinguishable from random noise", so E'(K,P) should be the same. And yet there remains the problem that it's not a value that can be computed without knowing P, so it doesn't fit into the usual definitional/proof frameworks. Can anyone point to a proof?
The reason I'm not willing to write this off as "obvious" is an actual failure in a very different circumstance. There was work done at DEC SRC many years ago on a system that used a fingerprint function to uniquely identify modules. The fingerprints were long enough to avoid the birthday paradox, and were computed based on the result of a long series of coin tosses whose results were baked into the code. There was a proof that the fingerprint "looked random". And yet, fairly soon after the system went into production, collisions started to appear. They were eventually tracked down to a "merge fingerprints" operation, which took the fingerprints of two modules and produces a fingerprint of the pair by some simple technique like concatenating the inputs and fingerprinting that. Unfortunately, that operation *violated the assumptions of the theorem*. The theorem said that the outputs of the fingerprint operation would look random *if chosen "without knowledge" of the coi n tosses*. But the inputs were outputs of the same algorithm, hence "had knowledge" of the coin tosses. (And ... I just found the reference to this. See ftp:// ftp.dec.com/pub/dec/SRC/research-reports/SRC-113.pdf, documentation of the Fingerprint interface, page 42.)
-- Jerry
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:50:21 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:50:21 +0200 Subject: [Cryptography] Why prefer symmetric crypto over public key crypto? Message-ID: <[email protected]>
----- Forwarded message from "Jeffrey I. Schiller"
Date: Sat, 7 Sep 2013 10:05:22 -0400 From: "Jeffrey I. Schiller"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Sep 07, 2013 at 10:57:07AM +0300, ianG wrote: > It's a big picture thing. At the end of the day, symmetric crypto > is something that good software engineers can master, and relatively > well, in a black box sense. Public key crypto not so easily, that > requires real learning. I for one am terrified of it.
Don?t be. There is no magic there. From what I can tell, there are two different issues with public key. 1. Weaknesses in the math. 2. Fragility in use.
The NSA (or other national actors) may well have found a mathematical weakness in any of the public key ciphers (frankly they may have found a weakness in symmetric ciphers as well). Frankly, we just don?t know here. Do we trust RSA more then Diffie-Hellman or any of the Elliptic Curve techniques? Who knows. We can make our keys bigger and hope for the best.
As for fragility. Generating random numbers is *hard*, particularly on a day to day basis. When you generate a keypair with GPG/PGP it prompts you to type in random keystrokes and move the mouse etc., all in an attempt to gather as much entropy as possible. This is a pain, but it makes sense for one-lived keys. People would not put up with this if you had to do this for each session key. Fragile public key systems (such as Elgamal and all of the variants of DSA) require randomness at signature time. The consequence for failure is catastrophic. Most systems need session keys, but the consequence for failure in session key generation is the compromise of the message. The consequence for failure in signature generation in a fragile public key system is compromise of the long term key!
I wrote about this in NDSS 1991.... I cannot find an on-line reference to it though.
Then if you are a software developer, you have the harder problem of not being able to control the environment your software will run on, particularly as it applies to the availability of entropy.
So my advice.
Use RSA, choose a key as long as your paranoia. Like all systems, you will need entropy to generate keys, but you won?t need entropy to use it for encryption or for signatures.
- -Jeff
______Jeffrey I. Schiller Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room E17-110A, 32-392 Cambridge, MA 02139-4307 617.910.0259 - Voice jis at mit.edu http://jis.qyv.name ______
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSKzKi8CBzV/QUlSsRAhoSAJ98g7NreJwIK+aYODM1zDsVsreMCQCcD2R9 vnvmNc4Uo45+ckUFQafuE4U= =x9bK -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:50:46 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:50:46 +0200 Subject: [Cryptography] Protecting Private Keys Message-ID: <[email protected]>
----- Forwarded message from "Jeffrey I. Schiller"
Date: Sat, 7 Sep 2013 10:20:52 -0400 From: "Jeffrey I. Schiller"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
While we worry about symmetric vs. public key ciphers, we should not forget the risk of compromise of our long-term keys. How are they protected?
One of the most obvious ways to compromise a cryptographic system is to get the keys. This is a particular risk in TLS/SSL when PFS is not used. Consider a large scale site (read: Google, Facebook, etc.) that uses SSL. The private keys of the relevant certificates needs to be literally on hundreds if not thousands of systems. Chances are they are not encrypted on those systems so those systems can auto-restart without human intervention. Those systems also break periodically. What happens to the broken pieces, say a broken hard drive?
If one of these private keys is compromised, all pre-recorded traffic can now be decrypted, as long as PFS was not used (and as we know, it is rarely used).
Encrypted email is also at great risk because we have no PFS in any of these systems. Our private keys tend to last a long time (just look at the age of my private key!).
If I was the NSA, I would be scavenging broken hardware from ?interesting? venues and purchasing computers for sale in interesting locations. I would be particularly interested in stolen computers, as they have likely not been wiped.
The bottom line here is that the NSA has upped the game (and probably did so quite a while ago, but we are just learning about it now). This means that commercial organizations that truly want to protect their customers from the NSA, and other national actors whom I am sure are just as skilled and probably more brazen, need to up their game, by a lot!
- -Jeff
P.S. I am very careful about which devices my private key touches and what happens to it when I am through with it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSKzZE8CBzV/QUlSsRAqTsAJ4xJymTj04zCGF7v9OaZ4vJC3WoMgCfU1Qd 960tkxkWdrzz4ymCksyaKog= =0JHf -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:52:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:52:13 +0200 Subject: [Cryptography] Why prefer symmetric crypto over public key crypto? Message-ID: <[email protected]>
----- Forwarded message from Bill Stewart
Date: Sat, 07 Sep 2013 11:07:39 -0700 From: Bill Stewart
> On 7/09/13 09:05 AM, Jaap-Henk Hoepman wrote: >>> Public-key cryptography is less well-understood than >>> symmetric-key cryptography. It is also tetchier than >>> symmetric-key crypto, and if you pay attention to us talking >>> about issues with nonces, counters, IVs, chaining modes, and >>> all that, you see that saying that it's tetchier than that is a >>> warning indeed. >> >> You have the same issues with nonces, counters, etc. with >> symmetric crypto so I don't see how that makes it preferable over >> public key crypto.
At 12:57 AM 9/7/2013, ianG wrote: > It's a big picture thing. At the end of the day, symmetric crypto > is something that good software engineers can master, and > relatively well, in a black box sense. Public key crypto not so > easily, that requires real learning. I for one am terrified of it.
Public-key crypto requires learning math, and math is hard (or at least ECC math is hard, and even prime-number-group math has some interesting tricks in it.) Symmetric-key crypto is easy in a black-box sense, because most algorithms come with rules that say "You need to do this and not do that", yet the original PPTP did half a dozen things wrong with RC4 even though the only rule is "never use the same state twice." But if you want to look inside the black box, most of what's there is a lot of bit-twiddling, maybe in a Feistel network, and while you can follow the bits around and see what changes, there can still be surprises like the discovery of differential cryptanalysis. Public-key crypto lets you use math to do the analysis, but [vast over-simplification] symmetric-key mostly lets you play around and decide if it's messy enough that you can't follow the bits.
But there are other traps that affect people with either kind of system. Once PGP got past the Bass-o-matic stage, the biggest security problems were mostly things like variable-precision numbers that were trying so hard to save bits that you could trick the program into interpreting them differently and accepting bogus information. Fortunately we'd never have problems like that today (yes, ASN.1 BER/DER, I'm looking at you....), and nobody ever forgets to check array bounds (harder in modern languages than in C or Fortran, but still quite possible), or fails to validate input before using it (SQL injections), etc.
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 07:54:14 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 13:54:14 +0200 Subject: [Cryptography] Bruce Schneier has gotten seriously spooked Message-ID: <[email protected]>
----- Forwarded message from Gregory Perry
Date: Sat, 7 Sep 2013 19:58:50 +0000 From: Gregory Perry
On 09/07/2013 02:46 PM, Brian Gladman wrote: > Because NSA and GCHQ are much more interested in attacking communictions > in transit rather than attacking endpoints. > > Endpoint attacks cost more to undertake, only give access to a limited > amount of data and involve much greater risks that their attack will > either be discovered or their means of attack will leave evidence of > what they have done and how they have done it. The internal bueaucratic > costs of gaining approval for (adverarial) endpoint attacks also makes > it a more costly process than the use of network based interception. > > There is significant use of open source encryption software in end to > end encryption solutions, in file archivers, in wifi and network > routers, and in protecing the communications used to manage and control > such components when at remote locations. The open source software is > provided in source code form and is compiled from source in a huge > number of applications and this means that the ability to covertly > substitute broken source code could provide access to a huge amount of > traffic without the risks involved in endpoint attacks.
I would submit that the exact inverse is the real target - endpoint devices. There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades. It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs.
For decades the FBI were literally the spies that couldn't shoot straight, as was evidenced by CALEA (lets put backdoors into every phone switch), and Comverse Infosys (then lets outsource all of our wiretap operations). But even with all of those idiotic mistakes, the FBI got their amended FISA 2008 and the Patriot Acts passed which in effect repealed the Posse Comitatus Act and gave the FBI their political power play to gain control over all of the NSA's signals intelligence capabilities, for domestic spying and wiretapping here on U.S. soil without any judicial oversight whatsoever.
I would even wager that Herr Bob Mueller himself arranged this Snowden debacle with the Crown of England and his Chinese and Russian counterparts, to guarantee Snowden safe asylum once he absconded with the NSA crown jewels. A simple reading of the international media chatter shows that the NSA (and the USA by proxy) are the bad guys now, with nary a mention of the FBI being involved at any level of this with their own domestic spying operation that is many orders of magnitude more powerful than anything the NSA and/or DoD had ever even dreamed of accomplishing with foreign signals intelligence gathering.
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 08:02:24 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 14:02:24 +0200 Subject: [Cryptography] Why prefer symmetric crypto over public key crypto? Message-ID: <[email protected]>
----- Forwarded message from Tony Arcieri
Date: Sat, 7 Sep 2013 15:40:08 -0700 From: Tony Arcieri
On Sat, Sep 7, 2013 at 1:01 PM, Ray Dillinger
> And IIRC, pretty much every asymmetric ciphersuite (including all public- > key crypto) is vulnerable to some transformation of Shor's algorithm that > is in fact practical to implement on such a machine.
Lattice-based (NTRU) or code-based (McEliece/McBits) public key systems are still considered "post-quantum" algorithms. There are no presently known quantum algorithms that work against these sorts of systems.
See http://pqcrypto.org/
-- Tony Arcieri
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Sun Sep 8 08:58:15 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 14:58:15 +0200 Subject: [Cryptography] Speaking of EDH (GnuTLS interoperability) Message-ID: <[email protected]>
----- Forwarded message from Viktor Dukhovni
Date: Sun, 8 Sep 2013 04:31:28 +0000 From: Viktor Dukhovni
Some of you may have seen my posts to postfix-users and openssl-users, if so, apologies for the duplication.
http://archives.neohapsis.com/archives/postfix/2013-09/thread.html#80 http://www.mail-archive.com/openssl-users at openssl.org/index.html#71903
The short version is that while everyone is busily implementing EDH, they may run into some interoperability issues. GnuTLS clients by default insist on a minimum EDH prime size that is not generally interoperable (2432 bits). Since the TLS protocol only negotiates the use of EDH, but not the prime size (the EDH parameters are unilaterally announced by the server), this setting, while cryptographically sound, is rather poor engineering.
The context in which this was discovered is also "amusing". Exim uses GnuTLS and has a work-around to drop the DH prime floor to 1024-bits, which is interoperable in practice. Debian however wanted to "improve" Exim to make it more secure, so the floor was raised to 2048-bits in a Debian patch. As a result STARTTLS from Debian's Exim (before sanity was restored in Exim 4.80-3 in Debian wheezy, AFAIK it is still broken in Debian squeeze) fails with Postfix, Sendmail, and other SMTP servers.
In all probability this "stronger" version of Exim then needlessly sends mail without TLS, since with SMTP TLS is typically opportunistic, and likely after TLS fails delivery is retried in the clear!
-- Viktor.
P.S. shameless off-topic plug: If you want better than opportunistic TLS for email, consider adopting DNSSEC for your domains and publishing TLSA RRs for your SMTP servers. Postfix supports DANE as of 2.11-20130825. See
https://tools.ietf.org/html/draft-dukhovni-smtp-opportunistic-tls-01 http://www.postfix.org/TLS_README.html#client_tls_dane
Make sure to publish either "IN TLSA 3 1 1" or "IN TLSA 2 1 1" certificate associations. ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Sun Sep 8 08:59:18 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 14:59:18 +0200 Subject: [linux-elitists] Surveillance Message-ID: <[email protected]>
----- Forwarded message from Marc MERLIN
Date: Sat, 7 Sep 2013 22:03:01 -0700 From: Marc MERLIN
On Sat, Sep 07, 2013 at 08:00:04PM -0700, Seth David Schoen wrote: > Marc MERLIN writes: > > > On Sat, Sep 07, 2013 at 06:59:48PM -0700, Don Marti wrote: > > > > > Can you build on localhost and have it come out > > > identical to what comes down from the build farm? > > > > Yes. > > Do you think you could help distributors help other users achieve the > same result? That's awesome.
There is no magic involved, it's just time consuming and virtually no companies have staff they are willing to spend on it. Also, that's a server distribution with fewer than 200 packages.
My laptop: gandalfthegreat:~$ dpkg --list | wc -l 3061 server #1: magic:~$ dpkg --list | wc -l 1195 server #2: gargamel:~# dpkg --list | wc -l 2685
You get the point, it's time consuming, especially if you're checking / stripping each package first, including fixing parts that make the package non invariant on rebuilds.
We also had a package diff-er that accounted for zipped man pages, pyc files, and other files that changed each time you rebuilt them. But really, not rocket science.
Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems ...... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ ______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 08:59:57 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 14:59:57 +0200 Subject: [linux-elitists] Surveillance Message-ID: <[email protected]>
----- Forwarded message from Mark van Walraven
Date: Sun, 8 Sep 2013 17:09:32 +1200 From: Mark van Walraven
On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote: > But what else needs to be worked on? What gaps do people feel we have > that are cauing problems that we can solve with technological measures, > not just legal ones?
How can I trust my hardware and the firmware therein? If it's so hard to check that Huawei haven't embedded snooping mechanisms in the chips and use covert channels to export the data, how can I trust Intel or AMD or Broadcom or Marvell? Covert channels can be subtle and during the cold war the intelligence agencies did some amazing work in detecting data embedded in what seemed to noise. Is there some way to crowd-source counter-espionage? Can we automate "many eyes" to detect snooping?
Open hardware with quartz windows on the IC packages would be nice, but then I'd still want a way to validate that what I had was the same as what some transparent authority had declared to be a clean implementation. Difficult with commonly-available equipment, but perhaps it could be common enough to make spy(hard)ware difficult and risky to deploy.
My life and work are undoubtedly painfully uninteresting to any intelligence service, but the disrespect for my privacy rankles me; I would pay significantly extra for a clean platform.
Cheers,
Mark. ______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 09:09:25 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 15:09:25 +0200 Subject: [cryptography] Random number generation influenced, HW RNG Message-ID: <[email protected]>
----- Forwarded message from "James A. Donald"
Date: Sun, 08 Sep 2013 15:22:58 +1000 From: "James A. Donald"
On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote: >> Access to the raw output would have made it possible to determine >> that the random numbers were in fact generated by the physical >> process described, since it is hard and would cost a lot of silicon >> to simulate the various subtle offwhite characteristics of a well >> described actual physical process. > I am extremely skeptical of this claim.
Intel shows a circuit that should in theory output near random bits. If the bits are actually coming from this circuit, we would expect to see some long term anti correlation - an unusually long stream of zeros should have a higher than random percent chance of being followed by an unusually long stream of ones, and some short term correlation - a zero should have a higher than fifty percent chance of being followed by another zero, and a lower than fifty percent chance of being followed by a one.
If we don't see that, we are not getting the raw unwhitened output, or there is no hardware true randomness for us to get.
Conversely, if we do see that, we can be pretty sure that the circuit exists and is producing true randomness, though of course we don't know if that true randomness is necessarily being fed into the whitener. But then we don't need to use the output of the whitener, we can feed the off white output into a software whitener. ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Sun Sep 8 09:12:25 2013 From: jya at pipeline.com (John Young) Date: Sun, 08 Sep 2013 09:12:25 -0400 Subject: Political Cypherpunks Trumps Apolitical Cryptography In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
Notable among those raising the political threat are those who disdained the issue on cypherpunks and stomped off to set up alternatives ham-handedly moderated to cease and desist the "off-topic."
A few now say, bray more like it, NSA has betrayed us through political manipulation of officials and the public, and that is an important point which often came up on cypherpunks and still does, with somewhat less complaining about it.
For Snowden has shown the political has won out over the technical, and the technicals are fraught with what to do about it, and much fingerpointing is going on along with a few claims of having forewarned this betrayal would happen. No moderation yet has shut down this "off-topic." But much gumming and gnawing of the futility of technical means against the vulgar political.
What has been shown in the discussion is that the technical wizards are not nearly as competent at the messy political as they are at technical sophistication. The resulting conversation is a mish-mash of fairly high level technical discourse interleaved with fairly clumsy political opinionating. So technical clubs are being swung to answer political jabs, that is petty squabblling and exchange of slurs has replaced rational discourse. Thus the convo has become politicized with as much stupidity and ignorance as sharp thinking and mutual respect.
NSA and its bosses would be happy if this became the norm in cryptography as in the real world. And some opine that this outcome is being, and has been in the past, and will be in the future, orchestrated for just that result.
That sounds like what cypherpunks was set up to combat, the withdrawal from politcial affairs into safe sanctuary of infallible mathematics coated with unending challengences to implement illusory protection from political mayhem. So it has come to pass, there is no refuge from politics, and the once reviled tin-hats of conspiracy theories are replacing anomymous masks, especially by the best and brightest cryptographers who have been hoodwinked far more than dreamed of in earliest days of cypherpunks.
Still, there are die-hard PR-driven comsec experts rolling out advice for what to do to protect the public -- meaning, cynically protecting their severely damaged reputation of "concern for the public interest (R)". Not yet willing to admit losing the comsec and privacy war so avidly promoted with HTTPS, SSL, PGP, PFS, OTR, Tor, on and on, they continue to hustle comsec customers with promises of here's what we have got to do, take it from us experienced veterans (read my remarks, hear my TV interviews, read my messages on cryptography, gorge on recyclings on Slashdot, Twitter, Reddit, Voice of America, EFF. Guardian, New York Times, ProPublica, ACLU, EPIC, on and on):
Lo, special prosecute NSA, take it to the courts, a tired political gambit for media semaphoring, fund raising, conceding technical defeat and begging political rescue by what's that you say, account churning lawyers, political lobbyists and journalistic hacks.
That is so obnoxious, murmurs the cryptography mail lists, so opportunistically off-topic, moderator do your censoring, let's get back to the good stuff. Despite the murmurrings there recurs calls for "cut the cowardly shit, let's fight." One guess who said that.
From eugen at leitl.org Sun Sep 8 09:43:16 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 15:43:16 +0200 Subject: [Cryptography] Bruce Schneier has gotten seriously spooked Message-ID: <[email protected]>
----- Forwarded message from Brian Gladman
Date: Sun, 08 Sep 2013 00:32:50 +0100 From: Brian Gladman
On 07/09/2013 20:58, Gregory Perry wrote: > On 09/07/2013 02:46 PM, Brian Gladman wrote: >> Because NSA and GCHQ are much more interested in attacking communictions >> in transit rather than attacking endpoints. >> >> Endpoint attacks cost more to undertake, only give access to a limited >> amount of data and involve much greater risks that their attack will >> either be discovered or their means of attack will leave evidence of >> what they have done and how they have done it. The internal bueaucratic >> costs of gaining approval for (adverarial) endpoint attacks also makes >> it a more costly process than the use of network based interception. >> >> There is significant use of open source encryption software in end to >> end encryption solutions, in file archivers, in wifi and network >> routers, and in protecing the communications used to manage and control >> such components when at remote locations. The open source software is >> provided in source code form and is compiled from source in a huge >> number of applications and this means that the ability to covertly >> substitute broken source code could provide access to a huge amount of >> traffic without the risks involved in endpoint attacks. > > I would submit that the exact inverse is the real target - endpoint devices. There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades. It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs.
I don't have experience of how the FBI operates so my comments were directed specifcally at NSA/GCHQ interests. I am doubtful that very large organisations change their direction of travel very quickly so I see the huge investments being made in data centres, in the tapping of key commmunications cables and core network routers and 'above our heads', as evidence that this approach still works well for NSA and GCHQ. And I certainly don't think that volume is a problem yet since they have been able to invest heavily to develop the techniques that they use to see through lightweight protection and to pull out 'needles from haystacks'.
Of course, you might well be right about the future direction they will have to travel because increasing volume in combination with better end to end protection must be a nightmare scenario for them. But I don't see this move happening all that soon because a surprisingly large amount of the data in which they have an interest crosses our networks with very little protection. And it seems even that which is protected has been kept open to their eyes by one means or another.
Brian
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From cypherpunk at cpunk.us Sun Sep 8 09:56:34 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Sun, 8 Sep 2013 08:56:34 -0500 Subject: [Cryptography] Bruce Schneier has gotten seriously spooked In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On 09/08/2013 08:43 AM, Eugen Leitl wrote: > > Of course, you might well be right about the future direction they will > have to travel because increasing volume in combination with better end > to end protection must be a nightmare scenario for them. But I don't > see this move happening all that soon because a surprisingly large > amount of the data in which they have an interest crosses our networks > with very little protection. And it seems even that which is protected > has been kept open to their eyes by one means or another.
I believe we're headed back to the crypto wars of the 1990's. Except, this time, the cypherpunks are going to have to battle both a technical and a political adversary along with a fearful public who's easily convinced of whatever the government wants them to believe.
Once end point security and end to end encryption get good enough to keep them out, they'll start pushing for new laws requiring a backdoor. The FBI tried this already only a few years ago.
Get ready for CryptoWars II. It's right around the corner.
Cypherpunk
From eugen at leitl.org Sun Sep 8 10:07:25 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 16:07:25 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from "Jeffrey I. Schiller"
Date: Sat, 7 Sep 2013 19:52:44 -0400 From: "Jeffrey I. Schiller"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Sep 07, 2013 at 09:14:47PM +0000, Gregory Perry wrote: > And this is exactly why there is no real security on the Internet. > Because the IETF and standards committees and working groups are all > in reality political fiefdoms and technological monopolies aimed at > lining the pockets of a select few companies deemed "worthy" of > authenticating user documentation for purposes of establishing > online credibility. > ... > Encrypting IPv6 was initially a mandatory part of the spec, > but then it somehow became discretionary. The nuts and bolts of > strong crypto have been around for decades, but the IETF and related > standards "powers to be" are more interested in creating a global > police state than guaranteeing some semblance of confidential and > privacy for Internet users.
I?m sorry, but I cannot let this go unchallenged. I was there, I saw it. For those who don?t know, I was the IESG Security Area Director from 1994 - 2003. (by myself until 1998 after which we had two co-AD?s in the Security Area). During this timeframe we formed the TLS working group, the PGP working group and IPv6 became a Draft Standard. Scott Bradner and I decided that security should be mandatory in IPv6, in the hope that we could drive more adoption.
The IETF was (and probably still is) a bunch of hard working individuals who strive to create useful technology for the Internet. In particular IETF contributors are in theory individual contributors and not representatives of their employers. Of course this is the theory and practice is a bit ?noisier? but the bulk of participant I worked with were honest hard working individuals.
Security fails on the Internet for three important reasons, that have nothing to do with the IETF or the technology per-se (except for point 3).
1. There is little market for ?the good stuff?. When people see that they have to provide a password to login, they figure they are safe... In general the consuming public cannot tell the difference between ?good stuff? and snake oil. So when presented with a $100 ?good? solution or a $10 bunch of snake oil, guess what gets bought.
2. Security is *hard*, it is a negative deliverable. You do not know when you have it, you only know when you have lost it (via compromise). It is therefore hard to show return on investment with security. It is hard to assign a value to something not happening.
2a. Most people don?t really care until they have been personally bitten. A lot of people only purchase a burglar alarm after they have been burglarized. Although people are more security aware today, that is a relatively recent development.
3. As engineers we have totally and completely failed to deliver products that people can use. I point out e-mail encryption as a key example. With today?s solutions you need to understand PK and PKI at some level in order to use it. That is likely requiring a driver to understand the internal combustion engine before they can drive their car. The real world doesn?t work that way.
No government conspiracy required. We have seen the enemy and it is...
-Jeff
______Jeffrey I. Schiller Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room E17-110A, 32-392 Cambridge, MA 02139-4307 617.910.0259 - Voice jis at mit.edu http://jis.qyv.name ______-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSK7xM8CBzV/QUlSsRApyUAKCB6GpP/hUHxtOQNGjSB5FDZS8hFACfVec6 pPw4Xvukq3OqPEkmVZKl0c8= =9/UP -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 10:08:45 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 16:08:45 +0200 Subject: [tor-talk] NIST approved crypto in Tor? Message-ID: <[email protected]>
----- Forwarded message from Gregory Maxwell
Date: Sun, 8 Sep 2013 06:44:57 -0700 From: Gregory Maxwell
On Sat, Sep 7, 2013 at 8:09 PM, Gregory Maxwell
Okay, I need to eat my words here.
I went to review the deterministic procedure because I wanted to see if I could repoduce the SECP256k1 curve we use in Bitcoin. They don't give a procedure for the Koblitz curves, but they have far less design freedom than the non-koblitz so I thought perhaps I'd stumble into it with the "most obvious" procedure.
The deterministic procedure basically computes SHA1 on some seed and uses it to assign the parameters then checks the curve order, etc.. wash rinse repeat.
Then I looked at the random seed values for the P-xxxr curves. For example, P-256r's seed is c49d360886e704936a6678e1139d26b7819f7e90.
_No_ justification is given for that value. The stated purpose of the "veritably random" procedure "ensures that the parameters cannot be predetermined. The parameters are therefore extremely unlikely to be susceptible to future special-purpose attacks, and no trapdoors can have been placed in the parameters during their generation".
Considering the stated purpose I would have expected the seed to be some small value like ... "6F" and for all smaller values to fail the test. Anything else would have suggested that they tested a large number of values, and thus the parameters could embody any undisclosed mathematical characteristic whos rareness is only bounded by how many times they could run sha1 and test.
I now personally consider this to be smoking evidence that the parameters are cooked. Maybe they were only cooked in ways that make them stronger? Maybe????
SECG also makes a somewhat curious remark:
"The elliptic curve domain parameters over (primes) supplied at each security level typically consist of examples of two different types of parameters ? one type being parameters associated with a Koblitz curve and the other type being parameters chosen verifiably at random ? although only verifiably random parameters are supplied at export strength and at extremely high strength."
The fact that only "verifiably random" are given for export strength would seem to make more sense if you cynically read "verifiably random" as backdoored to all heck. (though it could be more innocently explained that the performance improvements of Koblitz wasn't so important there, and/or they considered those curves weak enough to not bother with the extra effort required to produce the Koblitz curves). -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 11:14:34 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 17:14:34 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Jimmy Hess
Date: Sun, 8 Sep 2013 10:04:36 -0500 From: Jimmy Hess
On Sun, Sep 8, 2013 at 9:07 AM, Eugen Leitl
> 1. [...] In general the consuming public cannot tell the > difference between ?good stuff? and snake oil. So when presented > with a $100 ?good? solution or a $10 bunch of snake oil, guess > what gets bought.
Or there might be 2 good solutions for certain security functions around $100. And 10 different flavors of $90 snake oil,and plenty of $50, $100, and $120 snake oil flavors. The world is full of salespeople and marketers; and the snakeoil salespersons are just as great as the "good stuff" salespeople ---- also, with more resources to devote to sales, than engineering; the snakeoil salespersons have more time and resources available to look at their competitors' merchandising, and make the snakeoil bottles on the store shelves are the ones that look the most appealing to the potential buyers.
A wary buyer should not believe the salesperson, but demand a thorough long-term critical review (a 30 day demo of some product is not sufficient duration to discover that it's totally bunk).
2. Security is *hard*, it is a negative deliverable. You do not know > when you have it, you only know when you have lost it (via > compromise). It is therefore hard to show return on investment > with security. It is hard to assign a value to something not > happening. >
This is because it doesn't make sense to say that security itself has a ROI in the first place. IT security is risk management --- therefore, in isolation security means nothing: security is a way of mitigating fundamental risks that are improbable events that are nevertheless certain to happen eventually (given enough time) that have an average negative ROI.
There is a fundamental tradeoff between risk and return: If you spend NO money on security, lawyers, to help structure the business to avoid liabilities, and other protections such as insurance then you INCREASE return; in the short term, you will most likely have much greater profit, if you don't bother with any insurance, lawyers, or security.
It all works fine, until there is a disaster, someone files a lawsuit, or you have a breakin.
For example: by not purchasing insurance on your business assets; you avoid spending insurance premium dollars. This increases how much money you make (your return), as long as nothing bad happens.
However, not buying insurance, or not paying the costs of security greatly increase the risk that the business incurs a loss because something bad happens.
Furthermore, spending a lot of money on security reduces return, BUT also reduces the risk. Security does not have a ROI, but it does have a tradeoff.
That tradeoff should be understood using the language of risk management, not profit/loss. And there is no reason people can't understand that.... after all; they do understand, what happens if you don't pay lawyers to help your enterprises comply with the law, or draft successfully binding contracts.
You should expect to spend amounts on security per year, commensurate with the costs of insuring those data assets against the liability that would be incurred if they were tampered with or leaked to the public; granted, plenty of orgs are much more likely to have an internet-based security breach than a fire or a flood, therefore, the risk you take on by not spending on security is possibly a larger risk.
2a. Most people don?t really care until they have been personally > bitten. A lot of people only purchase a burglar alarm after they > have been burglarized.
Most people purchase homeowners' insurance.
Vehicle insurance is mandated by the state in many cases. I wonder if someday; a similar per-PC mandatory purchase will someday be required for computer security.
> 3. As engineers we have totally and completely failed to deliver > products that people can use. I point out e-mail encryption as a > key example. With today?s solutions you need to understand PK and > PKI at some level in order to use it. That is likely requiring a > driver to understand the internal combustion engine before they > can drive their car. The real world doesn?t work that way.
Yes. This is a total nightmare.
Before Joe consumer can send an encrypted mail; he has to either go to some command line and gpg --gen-key or go to Xyz CA corporation, buy a personal SSL certificate for some expensive per-year premium $10 or more... and then go through a lot of trouble to figure out how to import that into the browser, and manually repeat this process every 1 to 3 years that his certificate expires; the process Joe has to go through to S/MIME enable every copy of his mail client on all his different computers, and his webmail provider, is even more complicated.
Before anyone can send Joe an encrypted message; Joe somehow has to get all his correspondents to manually import a copy of his certificate. This is clearly miles outside the realm of possibility for the average Windows user.
> -Jeff >
-- -JH
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 11:19:32 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 17:19:32 +0200 Subject: [linux-elitists] Surveillance Message-ID: <[email protected]>
----- Forwarded message from "D. Joe"
Date: Sun, 8 Sep 2013 15:15:48 +0000 From: "D. Joe"
On Sun, Sep 08, 2013 at 06:58:08AM -0700, Don Marti wrote: > begin Greg KH quotation of Sat, Sep 07, 2013 at 09:14:31PM -0700: > > But what else needs to be worked on? What gaps do people feel we have > > that are cauing problems that we can solve with technological measures, > > not just legal ones? > > A repository of deliberately subverted packages > for some key components? Not just to show what's > possible when Bad Builds Happen to Good Software, > and call attention to it, but to give people some > real scenarios to work through.
A little less . . . equinimity . . . in the face of unauditable blobs, maybe?
Getting back to deterministic builds, Eugen has mentioned Tor's efforts with regard to deterministic builds, and I think we get the nugget of what deterministic builds entail in the context of a single system vis a vis a centralized repository, but consider:
https://blog.torproject.org/category/tags/deterministic-builds
Working out the conventions for this could diffuse the targets of malefactors' subversion attempts against source repositories, against binary repositories, and against build environments.
Think of it, perhaps, as a web-of-trust applied to the build process, or DVCS meets web-of-trust meets grid computing.
A great deal of the "build from source" enthusiasm revolves around making customized builds. To the extent that these are one-off efforts (even if done on a grand scale, as Marc has described), they don't yield to distributed end-to-end auditing of the code, from source to object.
With the ability to compare the code at each end of the build toolchain, perhaps subcommunities of interest will have more incentive to share details of their more specialized efforts: So they can groom each other for bugs in the build environment.
-- Joe On ceding power to tech companies: http://xkcd.com/1118/ man screen | grep -A2 weird A weird imagination is most useful to gain full advantage of all the features.
______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From david at 7tele.com Sun Sep 8 11:47:31 2013 From: david at 7tele.com (David D) Date: Sun, 8 Sep 2013 17:47:31 +0200 Subject: [Cryptography] Bruce Schneier has gotten seriously spooked In-Reply-To:
The prior war did not occur in an environment with a semi-full disclosure of the enemy's capabilities. Eliminating assumptions of capabilities and focusing solely on actual capabilities changes the battle field.
The current filtering/censoring of the NSA documents (by the journalists) is causing a lot of finger pointing, WAGs, and wasted time. A full Wikileaks style document dump of the Snowden material is what is needed and a resulting "known good" list would allow those technologies to be expanded and the "known bad" to be discarded.
Snowden pieces I have been pondering:
1. He was using Lavabit for at least one email account. We do not know if he used Lavabit once or if he used Lavabit for everything. Was he also using PGP on top of Lavabit? He chose Lavabit for a reason... Was it because of ECC or was it simply because it was not Gmail/Ymail/etc?
2. Greenwald et al were/are using TrueCrypt. (Source: http://www.forbes.com/sites/ timworstall/2013/08/31/first-tragedy-then-farce-the-latest-ed-snowden-nsa-and-glenn- greenwald-security-blunder/)
3. Snowden would only talk to Greenwald via PGP. (Source: http:// www.huffingtonpost.com/2013/06/10/edward-snowden-glenn-greenwald_n_3416978.html)
3. Snowden stated, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on". What his definition of "Properly implemented strong crypto" needs to be answered.
4. It remains to be seen if Google actually gave the NSA a direct link or not. Based on this comment, "By 2012, GCHQ had developed ?new access opportunities? into Google?s systems, according to the document." I am not so sure. Google is using SSL /w PFS on their web properties, TLS on outgoing mail to other TLS capable mail servers, POP3s, IMAPs, etc. etc. If Google is -not- a bad actor and the NSA can pull mail off the wire/fiber then there are some fairly large security issues with SSL/TLS.
-----Original Message----- From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of CypherPunk Sent: Sunday, September 08, 2013 3:57 PM To: cypherpunks at cpunks.org Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked
On 09/08/2013 08:43 AM, Eugen Leitl wrote: > > Of course, you might well be right about the future direction they > will have to travel because increasing volume in combination with > better end to end protection must be a nightmare scenario for them. > But I don't see this move happening all that soon because a > surprisingly large amount of the data in which they have an interest > crosses our networks with very little protection. And it seems even > that which is protected has been kept open to their eyes by one means or another.
I believe we're headed back to the crypto wars of the 1990's. Except, this time, the cypherpunks are going to have to battle both a technical and a political adversary along with a fearful public who's easily convinced of whatever the government wants them to believe.
Once end point security and end to end encryption get good enough to keep them out, they'll start pushing for new laws requiring a backdoor. The FBI tried this already only a few years ago.
Get ready for CryptoWars II. It's right around the corner.
Cypherpunk
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3392 / Virus Database: 3222/6632 - Release Date: 09/02/13
From eugen at leitl.org Sun Sep 8 12:49:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 18:49:03 +0200 Subject: [linux-elitists] Congruent Infrastructure (was: Re: Surveillance) Message-ID: <[email protected]>
----- Forwarded message from Andy Bennett
Date: Sun, 08 Sep 2013 17:14:01 +0100 From: Andy Bennett
Hi,
>> Which means I need to set up that build the source >> package and check that the binaries match thing. >> Anyone doing this already for your favorite >> distribution? > > I did that at google for our distribution that runs in production, > well more specifically we don't run upstream binaries at all. We've > re-bootstrapped our own distribution, maintain and compile our own openssl, > openssh and so forth. > > We also have mostly binary invariant builds, and yes that was work, we had > to patch stuff for sure. > However, that process didn't tell us if the upstream binaries were the same > because we modified most of our source to be leaner and compiled differently > than upstream.
> Home page: http://marc.merlins.org/
I notice you did this: http://marc.merlins.org/linux/talks/getupdates/
I'd be very interested in your views on things such as Puppet or Chef: I myself have been very skeptical of them. Some of the issues are outlined in this blog post (not by me): http://blog.thestateofme.com/2013/04/30/an-adventure-with-chef/
It seems that all the evangelists for such things have never heard of things like MIT Athena and http://www.infrastructures.org/ and don't seem to know much about the underlying theory. infrastructures.org describes a system similar to the one in your slides, albeit using slightly older technology.
I'd be interested in your thoughts on "congruent infrastructure management" especially around the issues of avoiding divergence, proving convergence and recovery from failure that doesn't involve wiping the machine.
Regards, @ndy
-- andyjpb at ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF
______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 13:09:06 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 19:09:06 +0200 Subject: [linux-elitists] Surveillance Message-ID: <[email protected]>
Anyone with CA/package signing opsec clue willing to help Linux distros with advice to improve package signing security?
----- Forwarded message from Greg KH
Date: Sun, 8 Sep 2013 09:58:23 -0700 From: Greg KH
On Sun, Sep 08, 2013 at 06:43:09PM +0200, Eugen Leitl wrote: > On Sun, Sep 08, 2013 at 09:08:24AM -0700, Greg KH wrote: > > > > Real physical security and a process to keep signing secrets > > > secure in community based Linux and *BSD distributions. > > > > What are the problems in the existing processes that you feel are week? > > For example, what is wrong with openSUSE's signing process that you feel > > are wrong? > > I'm only aware of how Debian does things, and not in any detail.
Then don't assume that all distros have this type of problem please.
> What I would do is to separate the signing secrets across multiple > key people, and do a recorded/witnessed ceremony following a CA-like > model, signing on an air-gapped machine which is securely > wiped afterwards and transferring packages via sneakernet > (making sure there's nothing autoexecuted on plugin) > to the machine where it is being published. Yes, this is a huge > pain.
And it makes automated builds an almost impossible thing to achive, so it's not realistic.
> So have a secure process in place, monitor the process by > external parties so that we can be sure that it is actually being > done the way it is said to be done. Trust, but verify.
Agreed, and I think that other distros already do this, Debian might be the exception :(
> > > Review of anything crypto based. Completely different process > > > for anything crypto based than for everything else. No more > > > undetected regression meltdowns a la Debian. > > > > What type of review? What type of process would catch stuff like that? > > Getting in the professionals. A lot of old cryptography and > cypherpunk hands have reappeared and the woodwork is buzzing > with activity. They have clue and they're willing to help.
Projects almost always gladly accept patches and review, what's stopping anyone from doing this today? I know of a handful of people who started doing this for the Linux kernel a few years ago and instantly got job offers to continue doing this full-time. Some of them accepted and have been working very well on fixing a huge range of issues. Some decided to stay where they were and continue to churn out great tools that let us fix these issues (academia is a good place for stuff like this.) Those tools work on all projects if they wish to be used, it's only a matter of the developers using them.
> Somebody should first get them talking, and then organize a > physical meeting. If I knew any distro guys I would try to > hook them up.
Have them go to FOSDEM, where all the distros have a multi-day track to work on issues that encompass them all. greg k-h ______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From rysiek at hackerspace.pl Sun Sep 8 15:05:06 2013 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 08 Sep 2013 21:05:06 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <2128572.yZnCeXR8Aq@laptosid>
Dnia pi?tek, 6 wrze?nia 2013 14:08:39 Eugen Leitl pisze: > Plants in the IETF? Sounds plausible.
How about we say "fuck the IETF, we'll make a better one; with blackjack and hookers".
And start working together to design and implement stronger crypto on-line. I mean, we can push the world in the right direction, right?
-- Pozdr rysiek ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL:
From eugen at leitl.org Sun Sep 8 16:22:11 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 22:22:11 +0200 Subject: [cryptography] NSA can spy on smart phone data Message-ID: <[email protected]>
----- Forwarded message from ianG
Date: Sun, 08 Sep 2013 20:11:47 +0300 From: ianG
Privacy Scandal: NSA Can Spy on Smart Phone Data
SPIEGEL has learned from internal NSA documents that the US intelligence agency has the capability of tapping user data from the iPhone, devices using Android as well as BlackBerry, a system previously believed to be highly secure.
The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. Top secret NSA documents that SPIEGEL has seen explicitly note that the NSA can tap into such information on Apple iPhones, BlackBerry devices and Google's Android mobile operating system.
The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been.
The documents also indicate that the NSA has set up specific working groups to deal with each operating system, with the goal of gaining secret access to the data held on the phones.
In the internal documents, experts boast about successful access to iPhone data in instances where the NSA is able to infiltrate the computer a person uses to sync their iPhone. Mini-programs, so-called "scripts," then enable additional access to at least 38 iPhone features.
The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can "see and read SMS traffic." It also notes there was a period in 2009 when the NSA was temporarily unable to access BlackBerry devices. After the Canadian company acquired another firm the same year, it changed the way in compresses its data. But in March 2010, the department responsible at Britain's GCHQ intelligence agency declared in a top secret document it had regained access to BlackBerry data and celebrated with the word, "champagne!"
The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable.
In response to questions from SPIEGEL, BlackBerry officials stated, "It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic." The company said it had not programmed a "'back door' pipeline to our platform." The material viewed by SPIEGEL suggests that the spying on smart phones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smart phone companies.
Visit SPIEGEL ONLINE International on Monday for the full article. ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Sun Sep 8 16:28:56 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Sep 2013 22:28:56 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Jean-Francois Mezei
Date: Sun, 08 Sep 2013 15:50:33 -0400 From: Jean-Francois Mezei
With regards to the 10$ snake oil security product versus the real one at $100: since the NSA can break both, they are both worth worth $0 in terms of privacy.
>From a business/corporate point of view, there are two aspects:
1- Image: If your weak security has allowed a data breach to become public (such as TJ-Maxx) then you have damage to your image. But TJ-Maxx has survived and average person forgot about millions of credit card numbers having been stolen from its databases.
If the NSA snoops on your systems to see what kind of underwear Ossama Bin Ladin buys and where he has them delivered, there is nothing your company can do about it. Either you don't know it is happening and NSA will never make it public (no image problem), or you got a warrant and were forced to do it (some image problem, but you can say your hands were tied and shift blame to NSA)
2- Real cost: if you're a bank, and someone intercepts a letter of credit or payment transaction to find out how much a corporate customer pays for widgets, that customer can sue you for breach of security/confidentiality (since its competitors now know what deal he has negotiated to buy those widgets). The lawsuit against the bank has real costs (not only lawyers, but settlement as well). It becomes easier to cost justify security when you can put real costs to not having security.
So risk management is an important factor in both cases.
BUT, when you get to general public, the equation changes: For the general public, a burglary is a good analogy. You can easily put value to the stolen TV set and replace it. But this isn't what happens when the NSA spies on your private communications and you have no real measurable damage.
The damage you get is akin to losing your family pictures or the feeling of having been violated because someone came into your home and rummage through all your personal stuff and not knowing exactly what they will do with your personal items and why they stole them. Putting a value to this is next to impossible. Risk managememnt becomes impossible, except at the politival level.
If the NSA intercepts private emails between a husband and his mistress, the husband can't know if the NSA will ever use this against him. This fear remains because the NSA night hold on to these emails for a long time (or might not).
And at the political level, Obama made it clear in a recent speech that he hopes this will blow over and that he will be able to convince americans that the NSA is doing good things. Their political staffers evaluated the risk that this might backfire and figured it wouldn't. This has nothing to do with selection of technology to guard against the NSA' it is all about political public opinion.
Here is what the politicians forget: Because the economy is moving to the internet, losing trust in the internet is akin to losing trust in the banking system.
I am not sure network operators have much of a choice. Sure, someone like Bell Canada will hopefully review their no-peering policy in Canada (forcing so much traffic to route via USA), but for other networks there isn't much they can do to prevent NSA from accessing any/all data while in transit.
What is really needed is for an intelligent debate by politicians on the need to preserve trust in the internet and whether preventing a couple of bombs is really worth the loss of trust and freedom due to implementation of measures worse than what "1984" predicted.
Since intelligent debate by politicians is impossible, the other way to change things is to seriously deprive any politician who supports excessive spying by NSA of any money and chance to be re-elected.
Imagine the good publicity AT&T and/or Verizon would get if they were to announce that they are ceasing all political contributions to any party or individual politician who supports the indiscriminate data collection done by NSA.
And this might be enough to tilt the table and get politicians to start to criticise the NSA and call for measures to limit its spying.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From coderman at gmail.com Sun Sep 8 18:17:44 2013 From: coderman at gmail.com (coderman) Date: Sun, 8 Sep 2013 15:17:44 -0700 Subject: [Cryptography] tamper-evident crypto? In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
.... > Well, I'm sure /somebody/ on this list is clever enough to > arrange countersurveillance and counterintrusion measures... this is both much more complicated for a technically savvy adversary, and a horrible idea. your legal council might call it a "lunatic plan", ... would you be fooled by the approach you describe? most/all? attacks to date using truly 0day exploits have been inter-nation-state espionage and "cyberwar". non-exclusive 0day platforms for surveillance are fairly visible. (e.g. domestic activist suppresion, etc.) even the onion hack used weeks old fodder to catch the low hanging fruit.
> One of the rules in science, business, military planning, > et cetera is to consider /all/ the plausible hypotheses. > Once you consider the possibility that your data security > is broken, the obvious next step is to design an experiment > to /measure/ how much breakage there is. if you decide to play this game, the "red teaming" can also provide useful estimate on the cost to penetrate. e.g. is the time and money hardening providing RoI? i hear you convince a sufficiently resourced attacker, you're of sufficient value and legitimacy, and fend off the gamut of known attacks, you see escalation to some very inventive levels... personally i'd bet on the powerball ;P
... last but not least, as an ethical discussion, on a less serious tangent, what would you do with a high value captured payload? you have a tactical value to consider, you have a monetary value to consider, you have a reputation/P.R. value to consider, you have a full disclosure value to consider, within your reasoning for greatest benefit.
From jan at janhkrueger.de Sun Sep 8 18:23:02 2013 From: jan at janhkrueger.de (Jan H. Krueger) Date: Mon, 09 Sep 2013 00:23:02 +0200 Subject: [cryptography] NSA can spy on smart phone data In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08.09.2013 22:22, Eugen Leitl wrote: > ----- Forwarded message from ianG
*snip* > > The material viewed by SPIEGEL suggests that the spying on smart > phones has not been a mass phenomenon. It has been targeted, in some > cases in an individually tailored manner and without the knowledge of > the smart phone companies.
Spiegel is as funny as always. Why doing the hard work to hack a phone if you can get the data right out of the cloud ecosystem?
While the article is technically not false it doesn't tell us all, it lulls the people into false safety.
- -- gpg: 0x5D8BB0A9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGcBAEBAgAGBQJSLPjEAAoJEPCgX0tdi7CphIoMALKpWnmqJVF67czWh6UZetW6 wQ8dJrj9v2+LXZwNagFtijYqrmkMA9slzYa5roXHYdilD2ymdHjOa6I6we6R6UTU /aGdXjXP9HtlCqG7RCIn6wjntJFJVG3ntF5py4VZosfClV5vC7ECW5D1eL8Ma2v3 7scSBXQkuYeQ0EV+FetNfauUZ1Sqa+Ru8VYlSdHQa9ii59UJVAq9IlXGsBX241+A q3igjfGJlhNCq0a3OLy61tKA1z0FfrNDy3p89llKrFqfkZsenj7JR1RxJgh2lDi4 EJdNPK5gr3CHGJrixY55O2PZk2dzX0FGNDsre1uGfUlLDRhO1ZoxldTHgq6Sz/X5 bi79bBsJXjw/F8sn8kpL1CVkaow/spoUTOy+zyHe6TwYynwrpcgxYsJhILqBuasC pEAzWfBOMl3eUkJnw0e5XEu5kl1+iAO9zE7IwEwYL1Lpox3R9ip1KNKBUU9d3AxU cv0YL5dvxJjngc2HiMeFlUoGjpEN7Meuu5exyY9QqQ== =LPLc -----END PGP SIGNATURE-----
From coderman at gmail.com Sun Sep 8 18:57:51 2013 From: coderman at gmail.com (coderman) Date: Sun, 8 Sep 2013 15:57:51 -0700 Subject: Political Cypherpunks Trumps Apolitical Cryptography In-Reply-To:
On Sun, Sep 8, 2013 at 6:12 AM, John Young
> ... So it has come > to pass, there is no refuge from politics, indeed. worse yet, the politics of others directly impact the realities of us all. to fix our own political mess is not enough; all must be addressed...
From coderman at gmail.com Sun Sep 8 19:25:47 2013 From: coderman at gmail.com (coderman) Date: Sun, 8 Sep 2013 16:25:47 -0700 Subject: [Cryptography] IA side subverted by SIGINT side In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
... > J. Edgar Hoover blackmailed his way through 40 years of unchecked > power. Trouble is, Hoover eventually had to die; NSA, not being > human, does not have that natural limit. of any aspect of this whole disclosure orgy, this alone is the most disturbing conclusion.
"intelligence" has morphed into a feedback cancer in multiple aspects of our public and private lives, currently yet to realize an awefull inevitable corruption to extremes without restraint by increasingly malevolent actors. there is no rational justification for billions in covert crimes committed not just foreign but domestic, with the audacity of judicial seal under collusion, all at public expense. fuck that! your dollars at work, for BULLRUN alone[0], not to mention DIA/DoD budgets, not to mention foreign players: * weakened algorithms/protocols for big players (e.g., GSM, Cisco) * weakening of RNGs * inside access by 'covert agents' to hand over secrets (e.g., big 4) * corruption of the standards process (NIST 2006?) * corruption of certification process (CSC) * corruption of judial process (NSL to "compell under duress") for access to long term keys and to build in back door support. * using certification process early-access to prepare backdoors for production runs (CSC) * crunching of poor passwords * black ops to steal keys * black ops to pervert systems
[0] thanks ian!
From electromagnetize at gmail.com Sun Sep 8 21:52:36 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 8 Sep 2013 20:52:36 -0500 Subject: [0] crypto obs. Message-ID:
Yet without establishing and relying upon its verification - not only in but as truth - the assumption could exist that [z] by its very nature is by default true because it is believed, versus the core data being corrupted in the realm of ideas, accuracy of viewpoint; actual intelligence and validation and verification of the accuracy and worth of ideas, which ultimately must ground to truth, as close to unerring as possible, else that is where problems creep in and erosion of shared views begins. In that, [z]=truth could be assumed yet could be based on an ideological framework, lacking both depth and knowledge, and instead exist as 'shared falsity' which, if unaccounted for, has all the pragmatic worth of 'shared truth' yet exists and is functional only virtually, as long as it remains unaccounted for.
In this way, [z]=partial truth or [z]=falsity could be what is exchanged via crypto softwarez. A weak point in crypto may be the data being exchanged, its integrity and actual versus perceived value. In such a way a false perspective could be established via this 'secured communication' that is a secrecy based on shared lies.
And that more than anything else to me describes the corruption at the core of crypto systems today, their total invalidity as platforms of secure exchange and instead the means for trojan horsing and backdooring every last electronic and photonic and emissive blip, including neurotic gray matter signaling, as if people are just that fucking stupid to believe all the collective bullshit this involves.
The ideological mindset that allows this, nay, the binary religion of technocrats schooling the captive society via oppressive social engineering into _only using 10% of their brains - else blitzkrieg pills and the psych ward for you! - regulates into existence a drugged compliant machine-like population of yes men and pacified complacent children who can only memorize and repeat, creating a supercomputer via that wonder-component of electronics: the human slave, until a robot or more efficient part can be made, the former natural resource to be exploited then discarded, made obsolete for the automated state megamachine. Godless Bureaucracy that is, just like these shithole dysfunctional computers serving its crooked agenda, labyrinths for extortion, oppression, exploitation, billionaires, trillions made off of this enslavement, all the while the future and hope vanish for those so entombed, buried alive in the silicon wasteland.
These pyramids of late 20th century cities not unlike the massive e-commerce grid of banks and businesses at scale and distributed online, the canned CMS sites like big-box stores along highways, with long arteries of regressive planning extending standardized mediocrity akin to the subsidized utopia of suburban sprawl - yet at a price of infrastructure and dilution of culture, the society made for and run by middle-management; a realm reliant on taxes and yet with a tax system incapable of accounting for its own transactions: such basic knowledge not taught in schools at any level, thus reliant on a professional class and its politics of interpretation. Illiteracy, the subtext, if even that can be read anymore. Bad thoughts, no-no's are no-go, shaming, a certain kind walking around like freaks in surveillance databases, no single varsity letters: scarlet alphabets. Ah, two way mirrors and glass walls, reflections inside refracted reflections.
The lie allowing this, the inaccuracy is the binary worldview, the conceit of notation of truth (1) and falsity (0) as a normative pleasure and determination, as if quiz show answering via gut instinctual response, biofeedbacking truth via the electrode array of slime, however networked, modeled, theorized to exist- statistics, monetization, force feedback, saliva or ejaculatory bliss. Get the animal in the box, then drop the walls to reveal the cage with which to drown the beast. That would be humanity, sanitized and ultimately anesthetized then poked, prodded, punctured, and administered the lethal injections via homeopathic drips and drops via poisoned air, food, water, relations, environment itself- the antireason for the ruling ideology of the puritanical who hate love and serve only their own truth.
The bullshit of years of the universe and binary crypto is an obscenity to the mind to calculate again and again, ever longer the lie, as if 101001010101 is some stronghold of information when for 50 plus years it is likely quantum computers have existed in the background, nothing in the publicly available global state uncrackable at the level of public service, private service or otherwise. An entirely 'nother platform assumably exists beyond this non-sense. That said, this is based on the reality of aliens, time-travel and other state fair ephemera, the deep-frying of collective consciousness, counterculture onward, not removed from any of this civilizational exploration and development and instead, driving its evolution and devolution simultaneously, acid in the water supply as the insurance plan for speeding up armageddon, to the point today of completely idiocy as the conversation mediated, regurgitated, forced to swallow and share vomit again and again.
Great Society, eh? The damned never had it so good. Living like kings and queens, freedom of opinion, shared views, messaging, gossip, "secrets". FANCY. So the game seems to be a false perspective based on a binary worldview that becomes software that fronts for this cultural maldevelopment that is moving towards increased *ignorance* and *incapacitation* of citizens, rather than towards their liberation and providing tools for the control and governing of said lunatic murderous state. Boot licking not enough for survival, extinction is the only placeholder for humanity in the algorithm, these other populations whether deranged hominids or robotic-workforces of sell-out cyborgs or shared-POV androids, their goggles glass already, whether false eyeballed, contacts or frame, able to relay and relate via 'shared state' in other dimensionality while dumbstruck humans have no words to match experience and are disallowed from thinking and thus thinking and intelligently communicating beyond the rubric of the already always corrupted viewpoint. This, relativism's schtick.
Even email software standards degraded to disallowed cave wall comms, inline diagrams disallowed, uncontrollable word-wrap, menacing nannyized webware making sure helplessness is ever increasing- now THAT is a service economy. The deception, deceit, hatefuless encoded, encrypted in these events too. Hidden, secrets to be revealed or not- depending on one too many wrong thoughts that tease open the nightmare and make an irreconcilable differance, then and now.
The malice involved, key, mendacity at every level, crypto protecting that shared lie, how secret is it really and what if it becomes transparent, the crypto is not protecting anything because it becomes "known" by others, observable via other effects, actions, every intricacy reliant and structuring its worldly manifestation.
Most likely the only way worldwide communications could feasibly be cracked in real-time would be by undocumented technology and storage and involve other physics, perhaps the quantum computer an entrance into the weaving of interdimensional entanglement into every life and object- else in a clean-room simulation, this a contingent magic realm of converging parallel worlds, partly true and partly artifice (actively reengineered, reenactment) to fuse-form past and future into the present, some military project of the future recreating model civilization under various scenarios to unite them, bring them together then run them live together as a best of all possible worlds gambit, who knows, maybe that master narrative is nothing of contemporary history as if sorting out the past into respective file cabinet folders of previous beliefs, as if more explanatory, geopolitics of today better explaining the existing path than- say- Old and New Testament. In other words, writing and views of today incapable of fitting that data into its box and instead it is vice-versa, better explained in reverse, more insightful and informative about the how and why as a shared frame of reference. The wisdom of believers in the roughest lands holding steady over centuries and millennia of this deep connection more grounded in the political reality - the stakes - than a coddled soft carebear of somatized educated class of the privileged, their morality on par with mold spores.
Stay happy, stay healthy, the diseased open sore puss filled atmosphere chokes against each breath, constricting further the phlegmatic release of black bile into spittoon of once-open mail list culture, now sanitized germ-free and wet-wiping nose fingers and ears for any trace of contaminating residue, giving away the game, that yes- "we think you are all idiots to believe this and we are taking you for a ride, suckers!" Not only are people making these bets, their careers, mortages, children's futures are reliant on its sustenance. Hmm, GO figure. Black and White.
Semaphore of cryptic communications, the ops, Platonic mirroring of language, role of the cymbal, its transmutation via calculus. The reliance upon shared truth, understanding, awareness for secure interconnection- grounding as it were, a ground state or condition, like a neutral antenna that naturally fevers when in contact with truth, love. Shared empiricism, foundational. The accuracy of accounting for truth in its absolute verse dilute state. The scale of consideration being 'the internet' itself is the cryptogram, junk DNA the profile moreso than the fiction of a series of zeros and ones, laughable as a stage-set and huckster paradise.
[infinity] x [infinity] x [infinity] ... {N}
The model presumed existant. A string such as TK32LJ35DX_4SJLSLU&*#(@((@(@()P)_ need not be decoded as binary to obtain its meaning. Instead, it could be multivariant, exist in superposition, an intricate puzzle or maze, beyond the two dimensional, involving collapsing code, parallel structuring, trap doors, and cascading transformative dynamics given the key, which could be multiple in a bounded context of the infinite. Then scale that to all information and data coursing through a shared framework, the global network, including connected global minds as a noospheric calculating nervous system, natural, artificial, virtual- and what have you if not something more in-line with random event generators and spooky action at a distance, crystal ball computing scenarios, where the mind itself as an observing entity chimes in with the flow of the aetheric wind making its way through structures and circuitry, that familiar hum and tune of validation, the submerged conscience moving in and out of the lapping waves both above and below the waterline.
YHS DFK UYX
Given literacy, a tiny box could contain some meaningful information for someone, somewhere. Depending on what is shared as truth, it may or may not be decrypted or decoded by another or others elsewhere. It could be assumed perhaps to contain only one correct answer- "this is its truth". And in doing so, the revealing would validate its truth via correctly removing its binarization. Whereas in an 'analog' (perhaps) approach, or gradient, it may coexist in binary and other systems of consideration, parallel interpretrations, some right, some wrong- it could remain a question and in a realm of mystery; or even involve nesting of codes within other codes- who is to say the code actually is the code- how do you know Alice is not actually Edward in drag? So, the issue not only of truth, whatever it may be and its reliance upon shared value (which could be a lie), though also of indeterminacy, the contingent, the potential impossibility of knowing if not having the correct viewpoint, and again the issue of calculability- can its meaning be deciphered or the information decrypted of all possible combinations and permutations not only of the "numbers" or "digits" (as if 1 and 0 finiteness) and instead in their inherent symbolic mutability, say for any given perspective what those various patterns or combinations or collections of data could potentially mean- in any given context. That is, any thought from any viewpoint of any aspect of this event in its entire potential for meaning: could a computer calculate that, and how would it be able to decide what what is what not intelligible, especially if A.I. based and reliant upon preexisting and preestablished scaffolding of meaning.
It would not, instead of a single answer there would be a vast ever increasing span of probabilities, big-bang inflations, interpretation inside nested interpretation, as data relates in and between cosmic circuitry. The grounding in truth of one acronym in relation to another, or one number pattern traced into 7-segment like display versus another, and here we are dealing with infinities within infinities, as a potential, and their tuning in and out of various scenarios and ~sequences. Maybe it is useful, maybe it is not- what is required is massive computation along with massive competence, and if enemies do not think alike, their very attempt to crack or decipher or decode by default reveals their own perspective and scaffolding, the wonderful self-same biasing of onesideness that is the binarists weakness, such that the very action of trying to relate across the boundary of ideology punctures the threshold of their own security and breeches the psyche with other thoughts and ideas, questions and assumptions, mindworks and frameworks as the calculating machines take hold of external 'truth' and try to engineer and mold it to fit their needs. This is a self-creating labyrinth in reverse, as the security of binary crypto is made insecure outside its ideological domain, that terror maze created and sustained in the stupidity of false absolutism turned inside-out and incapable of mediating the very possibility it confronts. The crypto itself is the trap. The core of an unshared idea, truth as the foundational of shared reality- versus its compromise, corruption. There is a difference between right and wrong, yet to those who do not distinguish, they do not know which is which. And thus false views easily erected, even if having the code and the keys, the variables within variables allowing paths to precede the investigation, hints and clues and signage until hovering above the tarpits and ground disappears.
The type and grammatical rarer, whose zoo to this. Ahhh. Just fucking breathe... and via that inhalation, taking in the poison pill whether via ears eyeballs snout or gullet or antennaed skinsuit, fingertips at peak of inner domicile, circling around like a crazed bird trapped inside, til figuring the way out, and then back in again.
Another type of crypto, core to language, its metaphysics, its calculative pattern-based scaffolding, potential for unifying human awareness, communicating shared and unshared views, parsing truth within the noise of degradation, cross- and inter- and multi-cultural. Not pop-cult BS, here a song there a song everywhere a song-song, kick the bastards out of civilization and let the airwaves be filled with pure commercials, no more charade, waxing lyrical about sentences, binary transmissions of "diary music" and follow-alongs into the cattle chute, queued and awaiting slaughter by compatriot handlers.
The Binary Crypto Regime (BCR!) is the bullshit par excellance!
Hocking bullshit trapdoor code to exploit users in the hidden terror state dynamics, traitors. Every last device backdoors, weaponized alarm clocks and TVs that can be TSCM tapped to remote view, who knows if your speaker system is going to be entrancing you in the night hours when that little blue light repeatedly turns on even when turned off. Lightbulbs as speakers, speakers as microphones, here a data logger, there a data logger, everywhere a data logger...
You think people are that fucking stupid to not differentiate computers made to exploit, with chips and protocols themselves designed by spy agencies worldwide, and then being held under watchful omniscient private-eyes, multiplying across the grid, across society, across landscape, this false perspective all knowing that presumes to 'know' TRUTH via this absurd binary mindset, a realm of childlike belief and infallibility in assumptions of a protected, privileged exploitative class. Now that is a trap if ever there was one, to be in that central position in the panoptic assemblage. A VERY BAD AND DANGEROUS PLACE TO BE. Anymore not paranoid of consequences for that level of betrayal would best wise up and get medicated quick, cause it can only get crazier and crazier on the inside.
How many licks of the boot to get to the center, the deep core beyond the false door of inner mountain, underground bunker society of black op civilization, all that is feasible indicates a barrier between worlds of knowing, and the crypto of state is not of this domain, not of its computers or software, and like bunny suited FAB workers at the assemblyline, dancing together with machinery in the ongoing orchestration of circuitry, the hidden hand or tripwire of entanglement is triggered and magic happens, that ephemeral state of connectedness and shared being, alien to the ordinary and mundane of ever present surveillance in electromagnetic hell, and from this that vantage, within such a context, the surveillers are themselves being surveilled, all is known about the mockery of the human race, its holocaust via planned demise, and those holding the fake steering wheel, pockets full of money and hollow lifestyle- the cruel and wicked machinery their destiny, their love, their meaning. Terror itself embodied by lost souls with dead or non-existent hearts. What if the only secure crypto is based within grounded truth. And that this is reliant upon context and scale, of cosmic dimensions. And of populations, numbers of observers. Those false may presume shared awareness yet it is finite and also artificial to a degree, affected, existence in the key of nothingness. Whereas those grounded in nature connect with its circuitry and values of life, and in this, of love, and of love, true love that transcends normal boundaries and involves pre-existent shared connection, an already-knowing or 1:1 relation, as if once whole, then meeting in a separated condition, realizing this wholeness, and having that as an understanding, a foundation of truth as the value, its validation and verification via its observance, and service to the shared principles. Empirical truth in this way would only be possible, seemingly, through already achieving this "absolute" knowing of shared connection as a basis for other empirical observation, thus values of honesty, integrity, shared destiny and the human project. In knowing true love, it is to know and be connected with 'the absolute' in its truth, and in this way, provides reference for other observations and relations, particularly those lacking love or truth, which then tend towards falsity or are absolute lies. This polarization, the yin-yang duality and the particle smashing encounters between reason and anti-reason indicative of the differing paradigms, realities. One is real and the other is a contingent unstable false view, yet has achieved governance of the state, which due to such stupidity could only have happened by design. They own binary computing and crypto. That is domain of thick layers of bullshit layered over and under and throughout every last detail of existence via these scum.
You want to sell me a device that enables you to spy, cheat, exploit, extort, tattle, subvert, control my life, and another device and another government program and another educational degree and another family member and another corrupted technology and another corrupted communication or message or idea... And you think you are really SMART for getting away with it, smarter than everybody else because you _think you are running this game, not realizing the setup. The global civil discontent this relies upon, those dangerous dynamics, as if the ploy is fortified and not meant to fail once the supports are pulled out. A trillion stresses could appear out of nowhere with the wrong data breech, opening wide the once secured though always fictional private properties of oppression, the inner workings to be massaged as egos wade above the surface, unaware of the sharks both visible and invisible, eyes on their first, long awaited appetizers.
This is the difference between intelligence and those who are 'smart' in a finite, non-philosophical sense. Reality is not as simple as an equation, and if it were it would be a highly accurate equation of extreme precision and resolution. Obvious errors would have no place, that just is sloppy and not cleaning up these things would indicate a certain presumptiveness of relations between those who think they know and those who know better or more or actually developed the cosmos. Instead the binarist as ideologue can believe they 'know truth' and use it to create and sustain a charade or false perspective, requiring masquerade and built on shared lies, and think no one is the wiser who is on the outside of this duplicity. This is where 'partly true' is equated with 'wholly true' and 'mostly false' is made into 'totally true, just ignore the vagaries' which is the obey and proceed model of workforce indoctrination and mindwashing, er the educational system. That there is no effective feedback in a society reliant on cybernetics and circuitry is a massive tell of top-down autocratic and dictatorial aims of such administration, and in this way CRYPTO emblemizes the detached arrogance and contempt of a mass mediated surreality force-fed to a beaten down, poisoned global population, where each and every person is configured to oppress others by their very existence, this most notable as 'economics' where the concepts of shared destiny and basic exchange are hijacked to have the money only serving some people while others die horrendous torturous deaths due to no food, clean water, shelter, and live in environments of rape and torture and oppression, in addition to be overtaken or held in regions of perpetual war to sustain this insane automated machinery. The money itself is tyrannical, its monopoly paper, and yet figuring it out is off the table, it is all or nothing, a onesided evaluation at every considered stage, as that is the only option, to play the rigged game by those who operating within the illusion of total control. There is no place for love in a world like this- nor truth. That is why it has been engineered out of existence. Unspeakable, uncommunicable, unless it is happening in other channels, outside the limiting framework, which it is.
Today it is likely the meat in the supermarket is fake, artificial meat. There is every indication. So too, sensors grafted into flora and fauna. And brain-tapping of consciousness by others as part of the surveillance regine. Sci-Fi today. So beyond the bullshit, the neutrality of "silence" and secretive HUSH-HUSH quietism is presumably to protect what is already known of this condition, no one wants to say or be held responsible for saying what more actually exists as it exists, if not for fear of life-ending consequences. And yet a data breech- of ideas- of the ubiquity of surveillance which itself asks a question- well if the government obviously can tap everything in real time globally, what is the real government doing, and how does that relate to known surviellence far beyond this in terms of methods of control, whether RFID or other sensors in teeth or various chemicals that trigger walk-by monitoring systems as this relates to recognition systems, facial and otherwise. Tracking of people, selling of data, subverting of equipment via purchase triggers for corrupting via software bugs. What of, say, a musician that legend has it went offline decades ago, is not their false identity being tracked like everyone else and accounted for. And if special privileges, in such ubiquity, would they not need to occupy an exception list, and thus at some level the data could be known, and thus old school anonymity is likewise a false future, even if politically connected, due to the need to pattern match, account for, at the level of each person a potential threat to society. Are they are zero or a one today? What does the department store returned items complaint put them at, or the mistaken debit card exchange- has the scale tipped, the feather become lead? DOOM.
What is presumed is that any surveillance that is occurring in onesided dynamics is itself not secure as a binary system and can be 'logged' and thus crimes against the human population can be documented, in parallel, and you'd have to be idiot to believe otherwise, reliant on a safely embubbled worldview. Say a dwelling is rife with monitoring and used to oppress a person held in an illegal prison by a dictatorial regime, that very technology that is the oppressors strength becomes a weakness when what it is doing can itself be monitored- it becomes legal evidence, and can lead to real-world consequences for those involved.
The recent film The Numbers Station had a story of a code broadcasting station in England that automatically sends out a dispatch that would close down a spy program and this process was somehow subverted due to a security lapse. At the time, once a particular message was relayed, a kill list would be sent out that would put into action a self-destructive sequence based on targeted assassinations. This would be automatic. Once the list is out, there is nothing fuzzy involved, it is presumed "TRUTH" and becomes an order. And so its very existence in the system, as the code, as the instruction, determines its validity, its truth, otherwise it would not be present in the message. If you were to read such instructions it would not be debatable, there is no going back. Kind of like the launch sequence of a nuclear missile, past the point of no return, warheads launched to multiple sites. And let's just say for convenience that this is of a binary mindset and a shared awareness is already secured- such a transmission is equivalent to fate. It is just a matter of when it is going to happen, how it will be carried out.
The weird thing about it is that few things are this absolute in normal life, and even in government today it seems most of what is occurring is at the 50 yard line or middle of the playing field, and the goal posts are at 45 and 55 respectively for tallying points. And yet, white to white and black to black, yin-yang, it seems as though through osmosis or other cultural filtering, that the 'human' is congregating on one side of the field and the anti-human on the other, both with their kill lists as part of the real world consequences of bloodsport and destiny. And that is also where cryptography resides, in these same dynamics. The thing is, one crypto system may be reliant on an unstable foundation for its decision-making, unable to deal with uncertainty, and thus requiring the middle zone for its continued functioning, to exploit the similarity while secretly and subversively pushing for polarized difference, every closer to a game winning touchdown. And there could be every indication via media that this is the situation, that is the 'shared awareness' of the common lie that frames the society, towards this loss via its exploitation.
And yet likewise and opposite, outside that simplistic binary viewpoint, the ambiguous realm of paradox, myth, superstition, and magic, the metaphysics of language and mathematics- another realm of crypto where the algorithm is secondary to truth and does not seek to determine or limit or confine it to something less than it actually is. This is the human realm, and its crypto occurs not within the same parameters, though can still connect through, inside, outside and around the binary structuring- it occurs in archaeological finds, anthropological studies, cryptozoological investigations, indebted and embedded within deep reasoning of truth and in the same way as artistic insight, reveals the shared reality and brings it into alignment with other structures of truth, its circuitry, local, global, yet also cosmic, involving life itself as the current and currency. In this way, perhaps like nothing else comparable, aesthetics are the basis for this pure communication that carries with it a security of the intelligible, where fakes and imposters and mimics are easily revealed, and the labyrinth walls built. In this, the secret messaging is multidimensional, it is of culture itself, ancient, of those here first and of shared being. A deep investment, with trickle-charge connections everywhere into capacitors storing the wealth of truth held outside existing society, a Pluto-like condition of non-recognition and title loss, does it exist or not? And thus an issue of non-belief by those who cannot fathom another perspective beyond their own boundary, any truth beyond their self-serving onesided skew that the ungrounded relativism and corrupted empiricism allow - effectively invisible and unthinkable, that this is not a football game, the stadium is a lie, and game-over remains with the same consequence, yet they cannot read nor even imagine the infinity codes that are circulating everywhere, and if they do try to figure it out they will bring about their own demise by trying, as the walls and blocked passages are erected around them until they have no where to move, checkmate ad infinitum. Thus the final accounting mentioned, of truth and falsity. That is the real issue of security within the cryptic exchange. Corrupt ideas will perish, and those who serve them will have to face the consequences of their actions.
In this way, like Jim Bell's Assassination Politics, the internet is essentially a metaphysical Numbers Stations except those reliant on the false perspective cannot read the 'signs', it only mirrors their viewpoint back to them, the self-certainty of absolute infallible perspective- a position of God over an enslaved humanity. It would not be possible for any machine to calculate the infinities involved in parsing every possible combination of encrypted messaging in real-time, nor like a random event generator, comprehend the significance of changing constellations of data as it is intertwined across manifold and myriad interconnectivities - circuits - that like a cosmic intelligence are a form of omniscience in service to this empirical truth, as it is grounded in merging perspective of shared being. The level of awareness may remain unrecognized, the intelligence completely hidden in its cosmic scope and span, the only hint of its depth, hated and ignored theology that feeds the heart with the divinity of love, and reminds of the importance of virtue, including service and sacrifice, and faith, even in the worst scenarios.
Those who submit to truth, it absolute requirement for the foundation for life and the role of logic in establishing reality, would operate within a different sense of cryptography than those who rely on shared lies and a finite reductionist approach that seeks to determine what is acceptably and allowably "true" as a means for exploitation. They seem to think a massive string of binary digits is indecipherable to those whose world they exist within. The clue is that their entire system has been backdoored from the very beginning. The oppressors positions of greatest strength are actually an illusion, they are instead their positions of greatest weakness- it is just an issue of taking it down, collapsing the structures, accounting for truth amidst a false stage-set civilization built upon shared lies. And thus in any given text or image, in any given exchange, critical data of humanity could be coursing through the veins with missions and intelligence and instructions and taking into account those naughty and nice, and this could be actively tallied and ready for implementation when those fate triggering events potentially occur. And so whose side you on- who do you serve- what is your purpose, why is your crypto illiterate to the cause, why the bullshit in times like these. Tick tick tick... tock.
Perhaps that is the big reveal: To find out who thinks this is actually believes this is a game of football underway and not soccer, ferchrisssakes.
The enemies of humanity do not stand a chance. Do you believe in chance? BULLSHIT!
:) p.s. paper - scissors - rock what if ideas on paper are wrong, theory not hypothesis what if rock is artificial, hollow, toxic or cracked scissors if dull or manufactured to break, a+n. ------next part ------An HTML attachment was scrubbed... URL:
From wilfred at vt.edu Mon Sep 9 01:20:15 2013 From: wilfred at vt.edu (Wilfred Guerin) Date: Sun, 8 Sep 2013 19:20:15 -1000 Subject: Standard Open Crypto Libs Message-ID:
Standard libraries for encoding, compression, and encryption have existed for decades. In addition to plain text or block data, stego and a diversity of other encoding methods exist. JS, ecmascript, javascript, flash, as3-5, swf, all have standard libraries available for most if not all functions.
Unless everyone has been killed again, it is impossible to claim that noone can produce a tutorial to explain general encodings and operational demonstration in any diversity of easily accessible methods.
Additional to bouncy-castle or gnu libs, there are varieties of functions and state machine with validation for every standard encoding method.
HTML5 includes typed arrays in addition to html standard text boxes or canvas, there are public tools to package JS w/ html into phone apps in addition to http access.
There is need to explain the reasons for the efficiency and effectiveness of certain functions, and the general concepts of multiple factors, nested encoding or wrapping, and use of multiple disparate routes for both raw data and encoding data.
Any idiot can fabricate a wrapper function in html5 javascript using standard published libraries in a matter of minutes.
Please someone provide an educational demonstration of the viability and efficiency of all combinations of encoding which includes all functions for public demonstration. Text boxes with javascript were common over a decade ago before Y2K, where are they now?
All this situation really needs is the standard libraries to be packaged with a wrapper function and placed on an appropriate publicly accessible server with the demonstrations and access instructions. One should note diversities of data transport methods, including visual image, audio and video encoding via air, especially for private factor based encoding methods.
Who can bother with 5 minutes to save the poor little world and teach them to save themselves?
Wilfred at VT.edu
From wilfred at vt.edu Mon Sep 9 01:20:15 2013 From: wilfred at vt.edu (Wilfred Guerin) Date: Sun, 8 Sep 2013 19:20:15 -1000 Subject: Standard Open Crypto Libs Message-ID:
Standard libraries for encoding, compression, and encryption have existed for decades. In addition to plain text or block data, stego and a diversity of other encoding methods exist. JS, ecmascript, javascript, flash, as3-5, swf, all have standard libraries available for most if not all functions.
Unless everyone has been killed again, it is impossible to claim that noone can produce a tutorial to explain general encodings and operational demonstration in any diversity of easily accessible methods.
Additional to bouncy-castle or gnu libs, there are varieties of functions and state machine with validation for every standard encoding method.
HTML5 includes typed arrays in addition to html standard text boxes or canvas, there are public tools to package JS w/ html into phone apps in addition to http access.
There is need to explain the reasons for the efficiency and effectiveness of certain functions, and the general concepts of multiple factors, nested encoding or wrapping, and use of multiple disparate routes for both raw data and encoding data.
Any idiot can fabricate a wrapper function in html5 javascript using standard published libraries in a matter of minutes.
Please someone provide an educational demonstration of the viability and efficiency of all combinations of encoding which includes all functions for public demonstration. Text boxes with javascript were common over a decade ago before Y2K, where are they now?
All this situation really needs is the standard libraries to be packaged with a wrapper function and placed on an appropriate publicly accessible server with the demonstrations and access instructions. One should note diversities of data transport methods, including visual image, audio and video encoding via air, especially for private factor based encoding methods.
Who can bother with 5 minutes to save the poor little world and teach them to save themselves? Wilfred at VT.edu
From eugen at leitl.org Mon Sep 9 02:10:41 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 08:10:41 +0200 Subject: [Cryptography] Why prefer symmetric crypto over public key crypto? Message-ID: <[email protected]>
----- Forwarded message from Jerry Leichter
Date: Sun, 8 Sep 2013 07:32:14 -0400 From: Jerry Leichter
On Sep 7, 2013, at 11:06 PM, Christian Huitema wrote:
>> Pairwise shared secrets are just about the only thing that scales worse than public key distribution by way of PGP key fingerprints on business cards. > The equivalent of CAs in an all-symmetric world is KDCs.... If we want secure crypto that can be used by everyone, with minimal trust, public key is the only way to do it. > > I am certainly not going to advocate Internet-scale KDC. But what if the application does not need to scale more than a "network of friends?" Indeed, that was exactly what I had in mind when I suggested we might want to do without private key cryptography on another stream.
Not every problem needs to be solved on Internet scale. In designing and building cryptographic systems simplicity of design, limitation to purpose, and humility are usually more important the universality. Most of the email conversations I have are with people I've corresponded with in the past, or somehow related to people I've corresponded with in the past. In the first case, I already have their keys - the only really meaningful notion of "the right key" is key continuity (combined with implied verification if we also have other channels of communication - if someone manages to slip me a bogus key for someone who I talk to every day, I'm going to figure that out very quickly.) In the second case - e.g., an email address from a From field in a message on this list - the best I can possibly hope for initially is that I can be certain I'm corresponding with whoever sent that message to the list. There's no way I can bind that to a particular person in the real world wit hout something more.
Universal schemes, when (not if - there's no a single widely fielded system that hasn't been found to have serious bugs over its operation lifetime, and I don't expect to see one in *my* lifetime) they fail, lead to universal attacks. I need some kind of universal scheme for setting up secure connections to buy something from a vendor I never used before, but frankly the NSA doesn't need to break into anything to get that information - the vendor, my bank, my CC company, credit agencies are call collecting and selling it anyway.
The other thing to keep in mind - and I've come back to this point repeatedly - is that the world we are now designing for is very different from the world of the mid- to late-1990's when the current schemes were designed. Disk is so large and so cheap that any constraint in the old designs that was based on a statement like "doing this would require the user to keep n^2 keys pairs, which is too much" just doesn't make any sense any more - certainly not for individuals, not even for small organizations: If n is determined by the number of correspondents you have, then squaring it still gives you a small number relative to current disk sizes. Beyond that, everyone today (or in the near future) can be assumed to carry with them computing power that rivals or exceeds the fastest machines available back in the day - and to have an always-on network connection whose speed rivals that of *backbone* links back then. Yes, there are real issues about how much you can trust that computer you carry around with you - but after the recent revelations, is the situation all that different for the servers you talk to, the routers in the network between you, the crypto accelerators many of the services use - hell, every piece of hardware and software. For most people, that will always be the situation: They will not be in a position to check their hardware, much less build their own stuff from the ground up. In this situation, about all you can do is try to present attackers with as many *different* targets as possible, so that they need to split their efforts. It's guerrilla warfare instead of a massed army.
-- Jerry
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 02:11:59 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 08:11:59 +0200 Subject: [Cryptography] A Likely Story! Message-ID: <[email protected]>
----- Forwarded message from Peter Fairbrother
Date: Sun, 08 Sep 2013 16:20:40 +0100 From: Peter Fairbrother
This is just a wild story, It isn't true. If we cryptographers found it was true we would all be totally gobsmacked.
The Beginning:
Sometime in 2008 the NSA - the United States National Security Agency, who employ many times more mathematicians than anyone else does - discovered a new mathematical way to factorise big numbers better.
It wasn't a huge advance, but it would be good enough for them to factorise several hundred 1024-bit-long numbers per month using some big computers they wanted to build.
In the form of RSA public keys, these 1024-bit numbers were (and sometimes still are) used to generate the session keys which encrypt and protect internet traffic.
A session key is the key which is used to encrypt the traffic between you and a website, using a normal cipher - it is a shared secret between you and the website.
Setting up a shared secret session key, when the communications used to set it up may also be intercepted, is quite difficult and involves considerable tricky math. That's where RSA and factorising comes in.
In 2008, when you saw a little padlock in your browser, the connection was almost always encrypted using a session key whose secrecy depends on the inability of anybody to factorise those 1024-bit RSA numbers.
They change every few years, but usually each big website only uses one RSA key per country - so when the NSA factorised just one of those RSA keys it could easily find the session keys for all the internet sessions that website had made in that country for a couple of years.
Now the NSA had been collecting internet traffic for years, and when the big computers were built they would be able to see your past and present online banking, your secret medical history, the furlined handcuffs you bought online ..
The Dilemma:
So, did the NSA then go "Hooray, full steam ahead?" Not quite. The NSA has two somewhat conflicting missions: to be able to spy on people's communications, and to keep government communications secure.
On the one hand, if they continued to recommend that government people use 1024-bit RSA they could be accused of failing their mission to protect government communications.
On the other hand, if they told ordinary people not to use 1024-bit RSA, they could be accused of failing their mission to spy on people.
What to do?
Some Background:
Instead of using 1024-bit RSA to set up session keys, people could use a different way, called ECDHE. That stands for elliptic curve Diffie Hellman (ephemeral), the relevant bit here being "elliptic curve".
You can use any one of trillions of different elliptic curves,which should be chosen partly at random and partly so they are the right size and so on; but you can also start with some randomly-chosen numbers then work out a curve from those numbers. and you can use those random numbers to break the session key setup.
The other parts are: starting from the curve, you can't in practice find the numbers, it's beyond the capabilities of the computers we have. So those if you keep those random numbers you started with secret, only you can break the ECDHE mechanism. Nobody else can.
And the last part - it is convenient for everybody to use the same elliptic curve, or perhaps one or two curves for different purposes. So if you know the secret numbers for the curve, you can break everybody's key setup and get the secret session keys for all the traffic which uses those curves.
The Solution:
Make government people use ECDHE instead of RSA, but with the NSA's special backdoored elliptic curves. Ordinary people will follow suit.
This solves both problems - when people change to the new system the NSA can still break their internet sessions, and government communications are safe from other people (although the NSA can break US government communications easily - but hey, that's the price of doing business, and we're the NSA, right?). Someone else might find the factoring improvement, but it is thought infeasible that someone else would be able to find the secret backdoor.
"Hooray, full steam ahead!"
That's the story.
The rest is just details - maybe the NSA somehow got NIST to put their special backdoored curves into NIST FIPS 186-3 recommendations in 2009, so people would use them rather than make up curves of their own - it is usual and convenient, but not strictly necessary, for ECDHE software to only be able too use a small selection of curves.
Maybe they asked the US Congress for several billion in extra funding in the 2010 budget to run the RSA-breakers.
Maybe they are building a new "data center" in Utah to use the session keys to decrypt the communications they have intercepted over the years.
Maybe they put those special backdoored curves into Suite B, their official requirements for US Government secret and top secret communications.
Or maybe they didn't. It's just a story, after all. The cryptography, while incomplete, is correct, and it may all seem plausible - but of course it isn't true.
-- Peter Fairbrother ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 02:15:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 08:15:29 +0200 Subject: [Cryptography] Points of compromise Message-ID: <[email protected]>
----- Forwarded message from Phillip Hallam-Baker
Date: Sun, 8 Sep 2013 13:53:49 -0400 From: Phillip Hallam-Baker
I was asked to provide a list of potential points of compromise by a concerned party. I list the following so far as possible/likely:
1) Certificate Authorities Traditionally the major concern (perhaps to the point of distraction from other more serious ones). Main caveat, CA compromises leave permanent visible traces as recent experience shows and there are many eyes looking. Even if Google was compromised I can't believe Ben Laurie and Adam Langley are proposing CT in bad faith.
2) Covert channel in Cryptographic accelerator hardware.
It is possible that cryptographic accelerators have covert channels leaking the private key through TLS (packet alignment, field ordering, timing, etc.) or in key generation (kleptography of the RSA modulus a la Motti Young).
3) Cryptanalytic attack on one or more symmetric algorithms.
I can well believe that RC4 is bust and that there is enough RC4 activity going on to make cryptanalysis worth while. The idea that AES is compromised seems very less likely to me.
4) Protocol vulnerability introduced intentionally through IETF
I find this rather unlikely to be a direct action since there are few places where the spec could be changed to advantage an attacker and only the editors would have the control necessary to introduce text and there are many eyes.
5) Protocol vulnerability that IETF might have fixed but was discouraged from fixing.
Oh more times than I can count. And I would not discount the possibility that there would be strategies based exploiting on the natural suspicion surrounding security matters. It would have been easy for a faction to derail DNSSEC by feeding the WG chair's existing hostility to CAs telling him to stand firm.
One concern here is that this will fuel the attempt to bring IETF under control of the ITU and Russia, China, etc.
-- Website: http://hallambaker.com/
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 02:16:37 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 08:16:37 +0200 Subject: [linux-elitists] Surveillance Message-ID: <[email protected]> ----- Forwarded message from Teh Entar-Nick
Date: Sun, 8 Sep 2013 18:01:34 +0000 From: Teh Entar-Nick
Eugen Leitl: > I'm only aware of how Debian does things, and not in any detail. What > I would do is to separate the signing secrets across multiple key > people, and do a recorded/witnessed ceremony following a CA-like > model, signing on an air-gapped machine which is securely wiped > afterwards and transferring packages via sneakernet (making sure > there's nothing autoexecuted on plugin) to the machine where it is > being published. Yes, this is a huge pain.
This is what Ubuntu does, and I was under the impression that they learned it from their Debian experiences with the same process.
Also I'm not entirely sure what you meant by "a CA-like model" but if you're only talking about identity verification, you're missing a few things. Most important is keeping the real secrets in a master key that can authorise or revoke functional signing keys as needed. There are other steps that the security experts all worked out when they first realised that crypto wasn't magic and needed human processes to keep it relevant. It's all In The Literature.
> So have a secure process in place, monitor the process by external > parties so that we can be sure that it is actually being done the way > it is said to be done. Trust, but verify.
I'm not sure how you audit something that's meant to happen in a sealed bunker with a select few trusted shardholders.
-- "Man, if everything were object-oriented then rsync could do this already. Of course, if everything were object-oriented I'd have a bushy moustache and be wearing flares, which would suck." -- Sean Neakums ______Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists at zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 03:04:36 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 09:04:36 +0200 Subject: [Cryptography] Techniques for malevolent crypto hardware (Re: Suite B after today's news) Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Sun, 8 Sep 2013 14:34:26 -0400 From: "Perry E. Metzger"
On Sat, 07 Sep 2013 19:19:09 -0700 Ray Dillinger
Yes and no. There are limits to what such hardware can do. If such hardware fails to implement a symmetric algorithm correctly, that failure will be entirely obvious since interoperation will fail immediately. If it uses bad random numbers, that failure will be subtle.
The most obvious implementation defects are bad RNGs and bad protection against timing analysis.
One might also add side channels to leak information. Obvious side channels for malevolent hardware are radio frequency interference (if you can deploy listening equipment in the same colo this might be quite a practical way to extract information) and timing channels (not only in the sense of failure to protect against timing analysis but also in the sense of using inter-event delays to encode information like keys).
I think that in most applications power consumption side channels are probably not that interesting (smart cards etc. being an exception) but I'm prepared to be proven wrong.
Any other thoughts on how one could sabotage hardware? An exhaustive list is interesting, if only because it gives us information on what to look for in hardware that may have been tweaked at NSA request.
> Given good open-source software, an FPGA implementation would > provide greater assurance of security.
I wonder, though, if one could add secret layers to FPGAs to leak interesting information in some manner. It seems unlikely, but I might simply not be creative enough in thinking about it.
Perry -- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 04:26:15 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 10:26:15 +0200 Subject: [cryptography] Random number generation influenced, HW RNG Message-ID: <[email protected]>
----- Forwarded message from "James A. Donald"
On 2013-09-09 1:54 AM, Thor Lancelot Simon wrote: > On Sun, Sep 08, 2013 at 03:00:39PM +1000, James A. Donald wrote: >> On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote: >>> On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote: >>>> Well, since you personally did this, would you care to explain the >>>> very strange design decision to whiten the numbers on chip, and not >>>> provide direct access to the raw unwhitened output. >>> You know as soon as anyone complained about this, they turned around >>> and provided access to the unwhitened output in the next major version >>> of the same product family, right? >> I am not aware of this. Could you provide further details? > http://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and- rdseed
RDSEED provides the output of the /enhanced/ non-deterministic random number generator (ENRNG
Which is "enhanced" by being whitened.
And therefore makes it just as impossible to tell if the supposed randomness is backdoored as RDRAND does.
What we need is the output of the entropy source.
Supposedly we have a circuit that generates fairly random offwhite noise. (The entropy source) This is then AES encrypted (the enhanced non deterministic number generator), and the enhanced non deterministic random number generator then continuously seeds a pseudo random number generator, which provides the output of RDRAND
To tell if there is a backdoor or not, we need the output of the entropy source, unenhanced.
If the entropy source is real, it will show its analog characteristics leaking into the digital abstraction. The correlations and anti correlations between nearby bits will reflect the analog values of the circuit, thus no two chips will show quite the same correlations, and the correlations will vary with temperature and overclocking. These analog variations would be compelling evidence that the entropy source is the something very like the claimed circuit.
Because RDSEED gives us the encrypted output of the entropy source, we cannot tell if the entropy source is a real entropy source, or a counter encrypted with the NSA's secret key.
Since the whitening is deterministic, it is potentially reversible, but Intel does not appear to be releasing sufficient information to reverse it.
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 04:42:47 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 10:42:47 +0200 Subject: Quark : A Web Browser with a Formally Verified Kernel Message-ID: <[email protected]> http://goto.ucsd.edu/quark/
Quark : A Web Browser with a Formally Verified Kernel
University of California, San Diego
Computer Science and Engineering
Quark is an experimental, formally verified browser.
Watch it run popular sites like GMail, Facebook, and Amazon! [video 1] [video 2]
Web browsers mediate access to valuable private data in domains ranging from health care to banking. Despite this critical role, attackers routinely exploit browser vulnerabilities to exfiltrate private data and take over the underlying system. We present Quark, a browser whose kernel has been implemented and verified in the Coq proof assistant. We give a specification of our kernel, show that the implementation satisfies the specification, and finally show that the specification implies several security properties, including tab non-interference, cookie integrity and confidentiality, and address bar integrity.
Our Web browser, Quark, exploits formal verification and enables us to verify security properties for a million lines of code while reasoning about only a few hundreds. To achieve this goal, Quark is structured similarly to Google Chrome. It consists of a small browser kernel which mediates access to system resources for all other browser components. These other components run in sandboxes which only allow the component to communicate with the kernel. In this way, Quark is able to make strong guarantees about a million lines of code (e.g., the renderer, JavaScript implementation, JPEG decoders, etc.) while only using a proof assistant to reason about a few hundred lines of code for the Quark kernel. Because the underlying system is protected from Quark's untrusted components (i.e., everything other than the kernel) we were free to adopt state-of-the-art implementations and thus Quark is able to run popular, complex Web sites like Facebook and GMail.
Publications
Establishing Browser Security Guarantees through Formal Shim Verification [Tech Report]
USENIX Security 2012
Dongseok Jang, Zachary Tatlock, Sorin Lerner
Downloads
Source code(.tar.gz) (Version 0.1, 08/07/2012, 1.3MB)
Contributors
Dongseok Jang Zachary Tatlock
Sorin Lerner
From eugen at leitl.org Mon Sep 9 04:57:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 10:57:13 +0200 Subject: [guardian-dev] APK signing keys are vulnerable WAS: pgp, nsa, rsa Message-ID: <[email protected]>
----- Forwarded message from Daniel McCarney
Date: Sun, 8 Sep 2013 18:31:35 -0400 From: Daniel McCarney
> Wow, that is bad news indeed. It would be awesome to have androidobservatory.org also display full info about the signing keys, like the algorithm used, the bitness, generation date, etc. so we can easily check which keys are vulnerable.
Working on rolling that functionality out. I had to rewrite the app import pipeline so that I could store that information. I have the data collected but it isn't user facing yet. I can tell you that looking at the ~6,000 unique certificates in the observatory data about 75% are RSA 1024.
As far as I'm aware it isn't possible to learn the key generation date from the certificate data in the PKCS7 structure stored in the META-INF directory of an APK.
> I figure if the NSA can break 1024 bit RSA, its only a matter of time before China also has that capability. China are experts at industrial espionage, and they certainly know how to make chips. It is very conceivable that they could acquire the NSA's RSA cracking chip design and then build it domestically. Then I imagine that China would also be willing to sell those chips to allies, or perhaps even the highest bidder.
Yeah, the current NIST[1] advice on key sizes is very clear that 1024 bit RSA should be deprecated (though evidently NIST might not be an unbiased source of information...).
> We'll have to make sure our signing key is not 1024 bit, and if so, work on a migration plan. The easiest way to start is to sign all new apps with a new key.
The pubkey in the cert used for the core Guardian Properties (ChatSecure, Obscuracam, etc) is definitely 1024 RSA. So is the pubkey in the cert used for Orweb. It would definitely be a good idea to start talking about migration plan, (and using a strong keysize in a new cert for all new properties)
- Dan
[1] http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
______Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org
You are subscribed as: eugen at leitl.org
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 04:58:06 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 10:58:06 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from Doug Barton
Date: Sun, 08 Sep 2013 15:44:05 -0700 From: Doug Barton
On 09/08/2013 02:25 AM, Eugen Leitl wrote: > ----- Forwarded message from Gregory Perry
I was also there in 2003, and for a long time before that, and was also one of the voices that was saying that we needed opt-in, and protection from zone walking, or else the thing wouldn't fly. I don't recall that any 1 person was the reason those things didn't happen sooner than they did; in fact I recall near-universal sentiment that zone walking was a non-issue, and that opt-in defeated the very nature of what DNSSEC was trying to accomplish.
Fast forward to my time at IANA in 2004 and after considerable behind the scenes organization a coalition of TLD registries came forward and said that they would not deploy DNSSEC without those 2 features, and were willing to dedicate the resources to create them. So it was not 1 person who stopped DNSSEC deployment, and it wasn't 1 person who made it happen. Your larger point about fiefdoms and oligarchies in the IETF is, however, tragically accurate. The blindness of the DNSSEC literati to the real-world needs was a huge part of what caused the delay in deployment on the authoritative side, and the malaise caused by the decade+ of fighting to get it out the door is a big contributor to what's preventing any real solution to the last mile problem (which is what it takes to make DNSSEC really useful).
Doug
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:00:20 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:00:20 +0200 Subject: [Cryptography] In the face of "cooperative" end-points, PFS doesn't help Message-ID: <[email protected]>
----- Forwarded message from james hughes
Date: Sun, 08 Sep 2013 16:16:57 -0700 From: james hughes
On Sep 7, 2013, at 8:16 PM, "Marcus D. Leech"
> But it's not entirely clear to me that it will help enough in the scenarios under discussion. If we assume that mostly what NSA are doing is acquiring a site > RSA key (either through "donation" on the part of the site, or through factoring or other means), then yes, absolutely, PFS will be a significant roadblock. > If, however, they're getting session-key material (perhaps through back-doored software, rather than explicit cooperation by the target website), the > PFS does nothing to help us. And indeed, that same class of compromised site could just as well be leaking plaintext. Although leaking session > keys is lower-profile.
I think we are growing closer to agreement, PFS does help, the question is how much in the face of cooperation.
Let me suggest the following.
With RSA, a single quiet "donation" by the site and it's done. The situation becomes totally passive and there is no possibility knowing what has been read. The system administrator could even do this without the executives knowing.
With PFS there is a significantly higher profile interaction with the site. Either the session keys need to be transmitted in bulk, or the RNG cribbed. Both of these have a significantly higher profile, higher possibility of detection and increased difficulty to execute properly. Certainly a more risky think for a cooperating site to do.
PFS does improve the situation even if cooperation is suspect. IMHO it is just better cryptography. Why not? It's better. It's already in the suites. All we have to do is use it...
I am honestly curious about the motivation not to choose more secure modes that are already in the suites?
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:09:47 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:09:47 +0200 Subject: [tor-talk] Many more Tor users in the past week? Message-ID: <[email protected]>
----- Forwarded message from mirimir
Date: Mon, 09 Sep 2013 07:13:33 +0000 From: mirimir
This
> The Mysterious Mevade Malware > Published on September 5th, 2013 > Written by: Feike Hacquebord (Senior Threat Researcher) > > ... > > Yesterday, Fox-IT published evidence for this plausible explanation. > The Mevade malware family downloaded a Tor component, possibly as a > backup mechanism for its C&C communications. (We will release a > second blog post describing in more detail the behavior of the > Mevade variants we have encountered.) > > Feedback provided by the Smart Protection Network shows that the > Mevade malware was, indeed, downloading a Tor module in the last > weeks of August and early September. Tor can be used by bad actors > to hide their C&C servers, and taking down a Tor hidden service is > virtually impossible. > > The actors themselves, however, have been a bit less careful about > hiding their identities. They operate from Kharkov, Ukraine and > Israel and have been active since at least 2010. One of the main > actors is known as ?Scorpion?. Another actor uses the nickname > ?Dekadent?. Together, they are part of a well organized and > probably well financed cybercrime gang. > > ... -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:14:33 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:14:33 +0200 Subject: [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from coderman
Date: Sun, 8 Sep 2013 16:44:43 -0700 From: coderman
On Sat, Sep 7, 2013 at 10:26 AM, Eugen Leitl
RDRAND/RDSEED can not be used a trusted manner with access to the unwhitened, raw output. the AMD768 RNG has not produced a detailed design like XSTORE and cryopgraphy research, nor does it support the raw mode like needed, always reading some "4 bytes:" of randomness (IIRC). there are USB and other external sources for entropy if your CPU does not support it, of course. these are useful to augment any userspace entropy daemons like Havegd.
0. "Evaluation of C3 Nehemiah Random Number Generator" http://www.cryptography.com/public/pdf/VIA_rng.pdf -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:23:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:23:29 +0200 Subject: IETF: Security and Pervasive Monitoring Message-ID: <[email protected]> http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
Security and Pervasive Monitoring
The Internet community and the IETF care deeply about how much we can trust commonly used Internet services and the protocols that these services use. So the reports about large-scale monitoring of Internet traffic and users disturbs us greatly. We knew of interception of targeted individuals and other monitoring activities, but the scale of recently reported monitoring is surprising. Such scale was not envisaged during the design of many Internet protocols, but we are considering the consequence of these kinds of attacks.
Of course, it is hard to know for sure from current reports what attack techniques may be in use. As such, it is not so easy to comment on the specifics from an IETF perspective. Still, the IETF has some long standing general principles that we can talk about, and we can also talk about some of the actions we are taking.
In 1996, RFC 1984 articulated the view that encryption is an important tool to protect privacy of communications, and that as such it should be encouraged and available to all. In 2002, we decided that IETF standard protocols must include appropriate strong security mechanisms, and established this doctrine as a best current practice, documented in RFC 3365. Earlier, in 2000 the IETF decided not to consider requirements for wiretapping when creating and maintaining IETF standards, for reasons stated in RFC 2804. Note that IETF participants exist with positions at all points of the privacy/surveillance continuum, as seen in the discussions that lead to RFC 2804.
As privacy has become increasingly important, the Internet Architecture Board (IAB) developed guidance for handling privacy considerations in protocol specifications, and documented that in RFC 6973. And there are ongoing developments in security and privacy happening within the IETF all the time, for example work has just started on version 1.3 of the Transport Layer Security (TLS, RFC 5246) protocol which aims to provide better confidentiality during the early phases of the cryptographic handshake that underlies much secure Internet traffic.
Recent days have also seen an extended and welcome discussion triggered by calls for the IETF to build better protections against wide-spread monitoring.
As that discussion makes clear, IETF participants want to build secure and deployable systems for all Internet users. Indeed, addressing security and new vulnerabilities has been a topic in the IETF for as long as the organisation has existed. Technology alone is, however, not the only factor. Operational practices, laws, and other similar factors also matter. First of all, existing IETF security technologies, if used more widely, can definitely help. But technical issues outside the IETF?s control, for example endpoint security, or the properties of specific products or implementations also affect the end result in major ways. So at the end of the day, no amount of communication security helps you if you do not trust the party you are communicating with or the devices you are using. Nonetheless, we?re confident the IETF can and will do more to make our protocols work more securely and offer better privacy features that can be used by implementations of all kinds.
So with the understanding of limitations of technology-only solutions, the IETF is continuing its mission to improve security in the Internet. The recent revelations provide additional motivation for doing this, as well as highlighting the need to consider new threat models.
We should seize this opportunity to take a hard look at what we can do better. Again, it is important to understand the limitations of technology alone. But here are some examples of things that are already ongoing:
We?re having a discussion as part of the development of HTTP/2.0 as to how to make more and better use of TLS, for example to perhaps enable clients to require the use of security and not just have to react to the HTTP or HTTPS URLs chosen by servers.
We?re having discussions as to how to handle the potentially new threat model demonstrated by the recent revelations so that future protocol designs can take into account potential pervasive monitoring as a known threat model.
We?re considering ways in which better use can be made of existing protocol features, for example, better guidance as to how to deploy TLS with Perfect Forward Secrecy, which makes applications running over TLS more robust if server private keys later leak out.
We?re constantly updating specifications to deprecate older, weaker cryptographic algorithms and allocate code points for currently strong algorithm choices so those can be used with Internet protocols.
And we are confident that discussions on this topic will motivate IETF participants to do more work on these and further related topics.
But don?t think about all this just in terms of the recent revelations. The security and privacy of the Internet in general is still a challenge even ignoring pervasive monitoring, and if there are improvements from the above, those will be generally useful for many reasons and for many years to come. Perhaps this year?s discussions is a way to motivate the world to move from ?by default insecure? communications to ?by default secure?. Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security tools to implementors ensuring that their products are secure.
In the Vancouver IETF meeting, there will be time dedicated to discuss this, and we ask that those interested in working on this topic contribute to the analysis and develop proposals in this area. Those contributions are very welcome and can start now and continue in Vancouver and beyond.
Relevant mailing lists (from most specific to most general) include:
The perpass mailing list (perpass at ietf.org), recently set up to consider how the IETF ought react to pervasive monitoring
The ietf security area mailing list (saag at ietf.org), for general security topics
The ietf main mailing list (ietf at ietf.org), for general discussion
Jari Arkko, Chair of the IETF and Stephen Farrell, IETF Security Area
Director This entry was posted in IETF on 2013/09/07.
From eugen at leitl.org Mon Sep 9 05:26:09 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:26:09 +0200 Subject: [Cryptography] Techniques for malevolent crypto hardware Message-ID: <[email protected]>
----- Forwarded message from Kent Borg
Date: Sun, 08 Sep 2013 20:34:55 -0400 From: Kent Borg
On 09/08/2013 06:16 PM, John Kelsey wrote: > I don't think you can do anything useful in crypto without some > good source of random bits.
I don't see the big worry about how hard it is to generate random numbers unless:
a) You need them super fast (because you are Google, trying to secure your very high-speed long lines), or
b) You are some embedded device that is impoverished for both sources of entropy and non-volatile storage, and you need good random bits the moment you boot.
On everything in between, there are sources of entropy. Collect them, hash then together and use them to feed some good cryptography. If you seem short of entropy, look for more in your hardware manual. Hash in any local unique information. Hash in everything you can find! (If the NSA knows every single bit you are hashing in, no harm, hash them in anyway, but...if the NSA has misunderestimated any one of your bits...then you scored a bit! Repeat as necessary.)
I am thinking pure HW RNGs are more sinful than pure SW RNGs, because real world entropy is colored and hardware is the wrong place to fix that. So don't buy HW RNGs, buy HW entropy sources (or find them in your current HW) and feed them into a good hybrid RNG.
On a modern multi-GHz CPU the exact LSB of your highspeed system counters, when the interrupt hits your service routine, has uncertainty that is quite real once the you push the NSA a few centimeters from your CPU or SoC. Just sit around until you have a few network packets and you can have some real entropy. Wait longer for more entropy.
In case you did notice, I am a fan of hybrid HW/SW RNGs.
-kb
P.S. Entropy pools that are only saved on orderly shutdowns are risking crash-and-playback attacks. Save regularly, or something like that.
P.P.S. Don't try to estimate entropy, it is a fool's errand, get as much as you can (within reason) and feed it into some good cryptography.
P.P.P.S. Have an independent RNG? If it *is* independent, no harm in XORing it in. ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:33:28 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:33:28 +0200 Subject: [Cryptography] Opening Discussion: Speculation on "BULLRUN" Message-ID: <[email protected]>
----- Forwarded message from "Jeffrey I. Schiller"
Date: Sun, 8 Sep 2013 21:23:33 -0400 From: "Jeffrey I. Schiller"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Sep 06, 2013 at 05:22:26PM -0700, John Gilmore wrote: > Speaking as someone who followed the IPSEC IETF standards committee > pretty closely, while leading a group that tried to implement it and > make so usable that it would be used by default throughout the > Internet, I noticed some things: > ...
Speaking as one of the Security Area Directors at the time...
I have to disagree with your implication that the NSA intentionally fouled the IPSEC working group. There were a lot of people working to foul it up! I also don?t believe that the folks who participated, including the folks from the NSA, were working to weaken the standard. I suspect that the effort to interfere in standards started later then the IPSEC work. If the NSA was attempting to thwart IETF security standards, I would have expected to also see bad things in the TLS working group and the PGP working group. There is no sign of their interference there.
The real (or at least the first) problem with the IPSEC working group was that we had a good and simple solution, Photuris. However the document editor on the standard decided to claim it (Photuris) as his intellectual property and that others couldn?t recommend changes without his approval. This effectively made Photuris toxic in the working group and we had to move on to other solutions. This is one of the events that lead to the IETF?s ?Note Well? document and clear policy on the IP associated with contributions. Then there was the ISAKMP (yes, an NSA proposal) vs. SKIP. As Security AD, I eventually had to choose between those two standards because the working group could not generate consensus. I believed strongly enough that we needed an IPSEC solution so I decided to choose (as I promised the working group I would do if they failed to!). I chose ISAKMP. I posted a message with my rationale to the IPSEC mailing list, I?m sure it is still in the archives. I believe that was in 1996 (I still have a copy somewhere in my personal archives). At no point was I contacted by the NSA or any agent of any government in an attempt to influence my decision. Folks can choose to believe this statement, or not.
IPSEC in general did not have significant traction on the Internet in general. It eventually gained traction in an important niche, namely VPNs, but that evolved later.
IPSEC isn?t useful unless all of the end-points that need to communicate implement it. Implementations need to be in the OS (for all practical purposes). OS vendors at the time were not particularly interested in encryption of network traffic.
The folks who were interested were the browser folks. They were very interested in enabling e-commerce, and that required encryption. However they wanted the encryption layer someplace where they could be sure it existed. An encryption solution was not useful to them if it couldn?t be relied upon to be there. If the OS the user had didn?t have an IPSEC layer, they were sunk. So they needed their own layer. Thus the Netscape guys did SSL, and Microsoft did PCT and in the IETF we were able to get them to work together to create TLS. This was a *big deal*. We shortly had one deployed interoperable encryption standard usable on the web.
If I was the NSA and I wanted to foul up encryption on the Internet, the TLS group is where the action was. Yet from where I sit, I didn?t see any such interference.
If we believe the Edward Snowden documents, the NSA at some point started to interfere with international standards relating to encryption. But I don?t believe they were in this business in the 1990?s at the IETF.
-Jeff
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSLSMV8CBzV/QUlSsRAigkAKCU6erw1U7FOt7A1QdItlGbFRfo+gCfeMg1 0Woyz0FyKqKYqS+gZFQWEf0= =yWOw -----END PGP SIGNATURE----- ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Mon Sep 9 05:35:05 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:35:05 +0200 Subject: [liberationtech] Meet the 'cowboy' in charge of the NSA Message-ID: <[email protected]>
Looks paywalled. Can someone liberate the document, and repost it here?
----- Forwarded message from Noah Shachtman
Date: Sun, 8 Sep 2013 21:36:04 -0400 From: Noah Shachtman
All:
Sorry if this is considered spamming the list - if it is, it won't happen again.
At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one.
One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a "cowboy" who's barely concerned with law.
Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander
All the best,
nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shachtman at gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Mon Sep 9 05:52:41 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:52:41 +0200 Subject: [cryptography] [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from David Johnston
Date: Sun, 08 Sep 2013 21:26:24 -0700 From: David Johnston
On 9/7/2013 6:11 PM, James A. Donald wrote: > On 2013-09-07 9:14 PM, Eugen Leitl wrote: >> That's the claimed design, yes. I see no particular reason to believe >> that the hardware in my server implements the design. I can't even test >> that the AES whitening does what it is documented to do, because Intel >> refused to provide access to the prewhitened input. > > On chip whitening is extremely suspicious behavior. Since the need > for random numbers is low bandwidth, on chip whitening is a waste > of silicon. > > Despite repeated requests, the decision to do whitening on chip has > never been explained. >
I answered this once before many months ago, the last time you asked.
There is no 'whitener'. It is a CBC-MAC based entropy extractor, as per the spec in the current SP800-90B draft. You can call it a whitener, but that would risk confusing it with things like the Von Neumann or Yuval Peres whiteners, which are a different class of algorithm with different constraints.
The reasons for it are:
#1) Maintaining a strong security boundary. We don't want an attacker to be able to infer the seed values by exposing them to all sorts of classes of attack by letting the values get into the system state accessible by the microprocessor SW.
#2) FIPS compliance. Which is more or less #1 restated. It wants stuff to happen within a well defined boundary.
#3) Robust engineering. Our goal is to make the lack-of-entropy problem go away on intel based products. Reseeding the DRBG 2 million times a second is a good way of making it hard to infer the state of the DRBG. This is one of several stages of mitigation design, intended to make the DRBG robust even if a problem should arise with any one of the stages. You can't do that in software. In general, once attackers have got a foot in the door of a software system, it is game over.
#4) Software solutions have been a demonstrable failure. At least this hardware solution remains robust. #5) A non-goal is making James A Donald satisfied. Sorry, but no solution compatible with security and manufacturing realities is going to satisfy the demands you have made.
DJ
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:53:47 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:53:47 +0200 Subject: [cryptography] urandom vs random Message-ID: <[email protected]>
----- Forwarded message from David Johnston
Date: Sun, 08 Sep 2013 21:57:43 -0700 From: David Johnston
On 8/17/2013 9:39 AM, Sandy Harris wrote: > Papers like Yarrow with respected authors argue convincingly that > systems with far smaller state can be secure.
I've argued in private (and now here) that a large entropy pool is a natural response to entropy famine and uneven supply, just like a large grain depot guards against food shortages and uneven supply.
If you've got lots of good quality random data available, you don't need a large state. You can just stir lots on raw data into a small state and the small state will become fully entropic. The natural size for the state shrinks to the block size of the crypto function being used for entropy extraction. Once the value is formed and fully entropic, you spit it out and start again.
This is one of the things that drove the design decisions in the RdRand DRNG. With 2.5Gbps of 95% entropic data, there is no value in stirring the data into a huge pool (E.G. like Linux) so that you can live off that pool for a long time, even though the user isn't wiggling the mouse or whatever. There will be more random data along in under 300ps, so prepare another 256 bits from a few thousand raw bits and reseed.
A consequence of Linux having a big pool is that the stirring algorithm is expensive because it has to operate over a many bits. So an LFSR is used because it's cheaper than a hash or MAC. An LFSR may be a good entropy extractor, but I don't know of any math that shows that to be the case. We do have that math for hashes, CBC-MACs and various GF arithmetic methods.
When I count my raw data in bits per second, rather than gigabits per second, I am of course going to use them efficiently and mix up a large pot of state, so I can get maximum utility. With the RdRand DRNG, the bus is the limiting factor, not the supply or the pool size.
DJ
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Mon Sep 9 05:54:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:54:51 +0200 Subject: [cryptography] [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from coderman
Date: Sun, 8 Sep 2013 22:05:33 -0700 From: coderman
On Sun, Sep 8, 2013 at 9:26 PM, David Johnston
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:57:45 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:57:45 +0200 Subject: [liberationtech] Pew: Anonymity, Privacy, and Security Online Message-ID: <[email protected]>
----- Forwarded message from Collin Anderson
Date: Mon, 9 Sep 2013 01:24:15 -0400 From: Collin Anderson
This was linked to in the FP piece on Alexander, and should hopefully be of interest to many here in privacy and CFAA work (14% have used VPNs, Tor, etc). - Collin
--- http://pewinternet.org/Reports/2013/Anonymity-online/Summary-of-Findings.aspx
Most internet users would like to be anonymous online at least occasionally, but many think it is not possible to be completely anonymous online. New findings in a national survey show:
- 86% of internet users have taken steps online to remove or mask their digital footprints?ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their internet protocol (IP) address. - 55% of internet users have taken steps to avoid observation by specific people, organizations, or the government - Still, 59% of internet users do not believe it is possible to be completely anonymous online, while 37% of them believe it is possible.
A section of the survey looking at various security-related issues finds that notable numbers of internet users say they have experienced problems because others stole their personal information or otherwise took advantage of their visibility online?including hijacked email and social media accounts, stolen information such as Social Security numbers or credit card information, stalking or harassment, loss of reputation, or victimization by scammers.
- 21% of internet users have had an email or social networking account compromised or taken over by someone else without permission. - 13% of internet users have experienced trouble in a relationship between them and a family member or a friend because of something the user posted online. - 12% of internet users have been stalked or harassed online. - 11% of internet users have had important personal information stolen such as their Social Security Number, credit card, or bank account information. - 6% of internet users have been the victim of an online scam and lost money. - 6% of internet users have had their reputation damaged because of something that happened online. - 4% of internet users have been led into physical danger because of something that happened online. - 1% of internet users have lost a job opportunity or educational opportunity because of something they posted online or someone posted about them.
Some 68% of internet users believe current laws are not good enough in protecting people?s privacy online and 24% believe current laws provide reasonable protections.
Most internet users know that key pieces of personal information about them are available online?such as photos and videos of them, their email addresses, birth dates, phone numbers, home addresses, and the groups to which they belong. And growing numbers of internet users (50%) say they are worried about the amount of personal information about them that is online?a figure that has jumped from 33% who expressed such worry in 2009.
People would like control over their information, saying in many cases it is very important to them that only they or the people they authorize should be given access to such things as the content of their emails, the people to whom they are sending emails, the place where they are when they are online, and the content of the files they download.
-- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 05:58:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 11:58:49 +0200 Subject: [cryptography] urandom vs random Message-ID: <[email protected]>
----- Forwarded message from coderman
On Sun, Sep 8, 2013 at 9:57 PM, David Johnston
> ... The natural size for the state > shrinks to the block size of the crypto function being used for entropy > extraction for best effective performance, it seems memory bus(es) constrains the optimal transmission unit size. 4k extended instructions providing more throughput than repeated instructions at 512bit chunks. the worst case scenarios, you're passing entropy directly into AES native instructions, and/or onward to PCIe lanes...
> This is one of the things that drove the design decisions in the RdRand > DRNG. With 2.5Gbps of 95% entropic data, there is no value in stirring the > data into a huge pool (E.G. like Linux) you keep coming back to this assumption that RDRAND is entirely trusted and always available. consider adding additional entropy sources like USB keys, scavengers like Dakarand or Haveged, and so forth. conversely to your argument, there is no harm in aggressively mixing a large pool with a high rate hardware entropy source. if you are one of the worst case scenarios, like seeding an entire new volume for full disk encryption with entropy, then you can manage accordingly and cut out the OS level, kernel pool middle man, system call boundary, and other overhead accordingly.
> A consequence of Linux having a big pool is that the stirring algorithm is > expensive because it has to operate over a many bits. but not effectively expensive! again, i find very few the situations in which my modern processor is unable to keep a properly refilled aggressively reseeded /dev/random up to any demanded rate of consumption for high speed network services, common client side uses, most key generation, and so forth. if you are one of the worst case scenarios, like seeding an entire new volume for full disk encryption with entropy, then you can manage accordingly and cut out the OS level, kernel pool middle man, system call boundary, and other overhead
> When I count my raw data in bits per second, rather than gigabits per > second, I am of course going to use them efficiently and mix up a large pot > of state, so I can get maximum utility. With the RdRand DRNG, the bus is the > limiting factor, not the supply or the pool size. fair enough, but consider the inverse, particularly for a skeptical audience knowing what we do now: why not mix aggressively with multiple sources if you have the CPU budget? why not provide access to the raw, un-mixed, un-encrypted, un-whitened, un-obfuscated state of the raw entropy bits for those so inclined to use it in such a manner? efforts to drive RDRAND into direct use instead of the kernel entropy pool in the linux kernel, efforts to steadfast refuse access to the raw entropy stream, are thus viewed with elements of suspicion and provide an air of lack of credibility. even with all of these concerns, i have publicly said and will continue to assert, using RDRAND is better than nothing. the current state of entropy on most operating systems and especially virtual machine environments on these operating systems, is very poor. it is just a shame this resource cannot be used to greater utility and confidence, as would be provided, were raw access be available. best regards, ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From jya at pipeline.com Mon Sep 9 06:48:47 2013 From: jya at pipeline.com (John Young) Date: Mon, 09 Sep 2013 06:48:47 -0400 Subject: Meet the 'cowboy' in charge of the NSA In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
From eugen at leitl.org Mon Sep 9 07:06:14 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 13:06:14 +0200 Subject: [cryptography] New NSA Slides and Details Released last night via Fantastico (BR) Message-ID: <[email protected]>
----- Forwarded message from David D
Date: Mon, 9 Sep 2013 12:56:17 +0200 From: David D
No millisecond counter:
1:49 US-983 Stormbrew - Fiber connections
1:49 US-983 Stormbrew - "KEY CORPORATE PARTNER WITH ACCESS TO INTERNATIONAL CABLES, ROUTERS, AND SWITCHES". (# traceroute google.com)
2:07 - "QUERY BY CERTIFICATE META DATA"
2:07 - "Private keys of Diginotar stolen by hacker" FLYING PIG ... Launch a MITM attack.
2:08 - mail.ru and server IP: 94.100.104.14
This site has broken out some of the screenshots from the video: http://leaksource.wordpress.com/2013/09/09/economic-espionage-nsa-spies-on-b razil-oil-giant-petrobras/
"How the attack was done:" image is most interesting. http://leaksource.files.wordpress.com/2013/09/nsa-brazil-5.png
Based on this slide, it appears that the bandwidth providers are dumping the traffic at core routers directly to the NSA.
-----Original Message----- From: cryptography [mailto:cryptography-bounces at randombit.net] On Behalf Of David D Sent: Monday, September 09, 2013 12:07 PM To: 'Crypto discussion list' Subject: Re: [cryptography] New NSA Slides and Details Released last night via Fantastico (BR)
Lots of gems in this video: http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-sta tes-spied-brazilian-oil-giant.html
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Mon Sep 9 07:05:45 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 13:05:45 +0200 Subject: [liberationtech] Meet the 'cowboy' in charge of the NSA In-Reply-To: <[email protected]> References: <[email protected]>
On Mon, Sep 09, 2013 at 12:50:49PM +0200, phryk wrote: http://cryptome.org/2013/09/nsa-cowboy.htm
9 September 2013
The Cowboy of the NSA Keith Alexander
------http://www.foreignpolicy.com/articles/2013/09/08/ the_cowboy_of_the_nsa_keith_alexander
Foreign Policy Magazine
The Cowboy of the NSA
Inside Gen. Keith Alexander's all-out, barely-legal drive to build the ultimate spy machine.
BY SHANE HARRIS | SEPTEMBER 9, 2013
Shane Harris is a senior writer for Foreign Policy and author of The Watchers: The Rise of America's Surveillance State.
On Aug. 1, 2005, Lt. Gen. Keith Alexander reported for duty as the 16th director of the National Security Agency, the United States' largest intelligence organization. He seemed perfect for the job. Alexander was a decorated Army intelligence officer and a West Point graduate with master's degrees in systems technology and physics. He had run intelligence operations in combat and had held successive senior-level positions, most recently as the director of an Army intelligence organization and then as the service's overall chief of intelligence. He was both a soldier and a spy, and he had the heart of a tech geek. Many of his peers thought Alexander would make a perfect NSA director. But one prominent person thought otherwise: the prior occupant of that office.
Air Force Gen. Michael Hayden had been running the NSA since 1999, through the 9/11 terrorist attacks and into a new era that found the global eavesdropping agency increasingly focused on Americans' communications inside the United States. At times, Hayden had found himself swimming in the murkiest depths of the law, overseeing programs that other senior officials in government thought violated the Constitution. Now Hayden of all people was worried that Alexander didn't understand the legal sensitivities of that new mission.
"Alexander tended to be a bit of a cowboy: 'Let's not worry about the law. Let's just figure out how to get the job done,'" says a former intelligence official who has worked with both men. "That caused General Hayden some heartburn."
The heartburn first flared up not long after the 2001 terrorist attacks. Alexander was the general in charge of the Army's Intelligence and Security Command (INSCOM) at Fort Belvoir, Virginia. He began insisting that the NSA give him raw, unanalyzed data about suspected terrorists from the agency's massive digital cache, according to three former intelligence officials. Alexander had been building advanced data-mining software and analytic tools, and now he wanted to run them against the NSA's intelligence caches to try to find terrorists who were in the United States or planning attacks on the homeland.
By law, the NSA had to scrub intercepted communications of most references to U.S. citizens before those communications can be shared with other agencies. But Alexander wanted the NSA "to bend the pipe towards him," says one of the former officials, so that he could siphon off metadata, the digital records of phone calls and email traffic that can be used to map out a terrorist organization based on its members' communications patterns.
"Keith wanted his hands on the raw data. And he bridled at the fact that NSA didn't want to release the information until it was properly reviewed and in a report," says a former national security official. "He felt that from a tactical point of view, that was often too late to be useful."
Hayden thought Alexander was out of bounds. INSCOM was supposed to provide battlefield intelligence for troops and special operations forces overseas, not use raw intelligence to find terrorists within U.S. borders. But Alexander had a more expansive view of what military intelligence agencies could do under the law.
"He said at one point that a lot of things aren't clearly legal, but that doesn't make them illegal," says a former military intelligence officer who served under Alexander at INSCOM.
In November 2001, the general in charge of all Army intelligence had informed his personnel, including Alexander, that the military had broad authority to collect and share information about Americans, so long as they were "reasonably believed to be engaged" in terrorist activities, the general wrote in a widely distributed memo.
The general didn't say how exactly to make this determination, but it was all the justification Alexander needed. "Hayden's attitude was 'Yes, we have the technological capability, but should we use it?' Keith's was 'We have the capability, so let's use it,'" says the former intelligence official who worked with both men.
Hayden denied Alexander's request for NSA data. And there was some irony in that decision. At the same time, Hayden was overseeing a highly classified program to monitor Americans' phone records and Internet communications without permission from a court. At least one component of that secret domestic spying program would later prompt senior Justice Department officials to threaten resignation because they thought it was illegal.
But that was a presidentially authorized program run by a top-tier national intelligence agency. Alexander was a midlevel general who seemed to want his own domestic spying operation. Hayden was so troubled that he reported Alexander to his commanding general, a former colleague says. "He didn't use that atomic word -- 'insubordination' -- but he danced around it."
The showdown over bending the NSA's pipes was emblematic of Alexander's approach to intelligence, one he has honed over the course of a 39-year military career and deploys today as the director of the country's most powerful spy agency.
Alexander wants as much data as he can get. And he wants to hang on to it for as long as he can. To prevent the next terrorist attack, he thinks he needs to be able to see entire networks of communications and also go "back in time," as he has said publicly, to study how terrorists and their networks evolve. To find the needle in the haystack, he needs the entire haystack.
"Alexander's strategy is the same as Google's: I need to get all of the data," says a former administration official who worked with the general. "If he becomes the repository for all that data, he thinks the resources and authorities will follow."
That strategy has worked well for Alexander. He has served longer than any director in the NSA's history, and today he stands atop a U.S. surveillance empire in which signals intelligence, the agency's specialty, is the coin of the realm. In 2010, he became the first commander of the newly created U.S. Cyber Command, making him responsible for defending military computer networks against spies, hackers, and foreign armed forces -- and for fielding a new generation of cyberwarriors trained to penetrate adversaries' networks. Fueled by a series of relentless and increasingly revealing leaks from former NSA contractor Edward Snowden, the full scope of Alexander's master plan is coming to light.
Today, the agency is routinely scooping up and storing Americans' phone records. It is screening their emails and text messages, even though the spy agency can't always tell the difference between an innocent American and a foreign terrorist. The NSA uses corporate proxies to monitor up to 75 percent of Internet traffic inside the United States. And it has spent billions of dollars on a secret campaign to foil encryption technologies that individuals, corporations, and governments around the world had long thought protected the privacy of their communications from U.S. intelligence agencies.
The NSA was already a data behemoth when Alexander took over. But under his watch, the breadth, scale, and ambition of its mission have expanded beyond anything ever contemplated by his predecessors. In 2007, the NSA began collecting information from Internet and technology companies under the so-called PRISM program. In essence, it was a pipes-bending operation. The NSA gets access to the companies' raw data--including e-mails, video chats, and messages sent through social media--and analysts then mine it for clues about terrorists and other foreign intelligence subjects. Similar to how Alexander wanted the NSA to feed him with intelligence at INSCOM, now some of the world's biggest technology companies -- including Google, Microsoft, Facebook, and Apple -- are feeding the NSA. But unlike Hayden, the companies cannot refuse Alexander's advances. The PRISM program operates under a legal regime, put in place a few years after Alexander arrived at the NSA, that allows the agency to demand broad categories of information from technology companies.
Never in history has one agency of the U.S. government had the capacity, as well as the legal authority, to collect and store so much electronic information. Leaked NSA documents show the agency sucking up data from approximately 150 collection sites on six continents. The agency estimates that 1.6 percent of all data on the Internet flows through its systems on a given day -- an amount of information about 50 percent larger than what Google processes in the same period.
When Alexander arrived, the NSA was secretly investing in experimental databases to store these oceans of electronic signals and give analysts access to it all in as close to real time as possible. Under his direction, it has helped pioneer new methods of massive storage and retrieval. That has led to a data glut. The agency has collected so much information that it ran out of storage capacity at its 350-acre headquarters at Fort Meade, Maryland, outside Washington, D.C. At a cost of more than $2 billion, it has built a new processing facility in the Utah desert, and it recently broke ground on a complex in Maryland. There is a line item in the NSA's budget just for research on "coping with information overload."
Yet it's still not enough for Alexander, who has proposed installing the NSA's surveillance equipment on the networks of defense contractors, banks, and other organizations deemed essential to the U.S. economy or national security. Never has this intelligence agency -- whose primary mission is espionage, stealing secrets from other governments -- proposed to become the electronic watchman of American businesses.
This kind of radical expansion shouldn't come as a surprise. In fact, it's a hallmark of Alexander's career. During the Iraq war, for example, he pioneered a suite of real-time intelligence analysis tools that aimed to scoop up every phone call, email, and text message in the country in a search for terrorists and insurgents. Military and intelligence officials say it provided valuable insights that helped turn the tide of the war. It was also unprecedented in its scope and scale. He has transferred that architecture to a global scale now, and with his responsibilities at Cyber Command, he is expanding his writ into the world of computer network defense and cyber warfare.
As a result, the NSA has never been more powerful, more pervasive, and more politically imperiled. The same philosophy that turned Alexander into a giant -- acquire as much data from as many sources as possible -- is now threatening to undo him. Alexander today finds himself in the unusual position of having to publicly defend once-secret programs and reassure Americans that the growth of his agency, which employs more than 35,000 people, is not a cause for alarm. In July, the House of Representatives almost approved a law to constrain the NSA's authorities -- the closest Congress has come to reining in the agency since the 9/11 attacks. That narrow defeat for surveillance opponents has set the stage for a Supreme Court ruling on whether metadata -- the information Alexander has most often sought about Americans -- should be afforded protection under the Fourth Amendment's prohibition against "unreasonable searches and seizures," which would make metadata harder for the government to acquire.
Alexander declined Foreign Policy's request for an interview, but in response to questions about his leadership, his respect for civil liberties, and the Snowden leaks, he provided a written statement.
"The missions of NSA and USCYBERCOM are conducted in a manner that is lawful, appropriate, and effective, and under the oversight of all three branches of the U.S. government," Alexander stated. "Our mission is to protect our people and defend the nation within the authorities granted by Congress, the courts and the president. There is an ongoing investigation into the damage sustained by our nation and our allies because of the recent unauthorized disclosure of classified material. Based on what we know to date, we believe these disclosures have caused significant and irreversible harm to the security of the nation."
In lieu of an interview about his career, Alexander's spokesperson recommended a laudatory profile about him that appeared in West Point magazine. It begins: "At key moments throughout its history, the United States has been fortunate to have the right leader -- someone with an ideal combination of rare talent and strong character -- rise to a position of great responsibility in public service. With General Keith B. Alexander ... Americans are again experiencing this auspicious state of affairs."
Lawmakers and the public are increasingly taking a different view. They are skeptical about what Alexander has been doing with all the data he's collecting -- and why he's been willing to push the bounds of the law to get it. If he's going to preserve his empire, he'll have to mount the biggest charm offensive of his career. Fortunately for him, Alexander has spent as much time building a political base of power as a technological one.
* * *
Those who know Alexander say he is introspective, self-effacing, and even folksy. He's fond of corny jokes and puns and likes to play pool, golf, and Bejeweled Blitz, the addictive puzzle game, on which he says he routinely scores more than 1 million points.
Alexander is also as skilled a Washington knife fighter as they come. To get the NSA job, he allied himself with the Pentagon brass, most notably Donald Rumsfeld, who distrusted Hayden and thought he had been trying to buck the Pentagon's control of the NSA. Alexander also called on all the right committee members on Capitol Hill, the overseers and appropriators who hold the NSA's future in their hands.
When he was running the Army's Intelligence and Security Command, Alexander brought many of his future allies down to Fort Belvoir for a tour of his base of operations, a facility known as the Information Dominance Center. It had been designed by a Hollywood set designer to mimic the bridge of the starship Enterprise from Star Trek, complete with chrome panels, computer stations, a huge TV monitor on the forward wall, and doors that made a "whoosh" sound when they slid open and closed. Lawmakers and other important officials took turns sitting in a leather "captain's chair" in the center of the room and watched as Alexander, a lover of science-fiction movies, showed off his data tools on the big screen.
"Everybody wanted to sit in the chair at least once to pretend he was Jean-Luc Picard," says a retired officer in charge of VIP visits.
Alexander wowed members of Congress with his eye-popping command center. And he took time to sit with them in their offices and explain the intricacies of modern technology in simple, plain-spoken language. He demonstrated a command of the subject without intimidating those who had none.
"Alexander is 10 times the political general as David Petraeus," says the former administration official, comparing the NSA director to a man who was once considered a White House contender. "He could charm the paint off a wall."
Alexander has had to muster every ounce of that political savvy since the Snowden leaks started coming in June. In closed-door briefings, members of Congress have accused him of deceiving them about how much information he has been collecting on Americans. Even when lawmakers have screamed at him from across the table, Alexander has remained "unflappable," says a congressional staffer who has sat in on numerous private briefings since the Snowden leaks. Instead of screaming back, he reminds lawmakers about all the terrorism plots that the NSA has claimed to help foil.
"He is well aware that he will be criticized if there's another attack," the staffer says. "He has said many times, 'My job is to protect the American people. And I have to be perfect.'"
There's an implied threat in that statement. If Alexander doesn't get all the information he wants, he cannot do his job. "He never says it explicitly, but the message is, 'You don't want to be the one to make me miss,'" says the former administration official. "You don't want to be the one that denied me these capabilities before the next attack."
Alexander has a distinct advantage over most, if not all, intelligence chiefs in the government today: He actually understands the multibillion-dollar technical systems that he's running. "When he would talk to our engineers, he would get down in the weeds as far as they were. And he'd understand what they were talking about," says a former NSA official. In that respect, he had a leg up on Hayden, who colleagues say is a good big-picture thinker but lacks the geek gene that Alexander was apparently born with.
"He looked at the technical aspects of the agency more so than any director I've known," says Richard "Dickie" George, who spent 41 years at the NSA and retired as the technical director of the Information Assurance Directorate. "I get the impression he would have been happy being one of those guys working down in the noise," George said, referring to the front-line technicians and analysts working to pluck signals out of the network.
Alexander, 61, has been a techno-spy since the beginning of his military career. After graduating from West Point in 1974, he went to West Germany, where he was initiated in the dark arts of signals intelligence. Alexander spent his time eavesdropping on military communications emanating from East Germany and Czechoslovakia. He was interested in the mechanics that supported this brand of espionage. He rose quickly through the ranks.
"It's rare to get a commander who understands technology," says a former Army officer who served with Alexander in 1995, when Alexander was in charge of the 525th Military Intelligence Brigade at Fort Bragg, North Carolina. "Even then he was into big data. You think of the wizards as the guys who are in their 20s." Alexander was 42 at the time.
At the turn of the century, Alexander took the big-data approach to counterterrorism. How well that method worked continues to be a matter of intense debate. Surely discrete interceptions of terrorists' phone calls and emails have helped disrupt plots and prevent attacks. But huge volumes of data don't always help catch potential plotters. Sometimes, the drive for more data just means capturing more ordinary people in the surveillance driftnet.
When he ran INSCOM and was horning in on the NSA's turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.
"He had all these diagrams showing how this guy was connected to that guy and to that guy," says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. "Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops."
A retired military officer who worked with Alexander also describes a "massive network chart" that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."
Those network charts have become more massive now that Alexander is running the NSA. When analysts try to determine if a particular person is engaged in terrorist activity, they may look at the communications of people who are as many as three steps, or "hops," removed from the original target. This means that even when the NSA is focused on just one individual, the number of people who are being caught up in the agency's electronic nets could easily be in the tens of millions.
According to an internal audit, the agency's surveillance operations have been beset by human error and fooled by moving targets. After the NSA's legal authorities were expanded and the PRISM program was implemented, the agency inadvertently collected Americans' communications thousands of times each year, between 2008 and 2012, in violation of privacy rules and the law. Yet the NSA still pursued a counterterrorism strategy that relies on ever-bigger data sets. Under Alexander's leadership, one of the agency's signature analysis tools was a digital graph that showed how hundreds, sometimes thousands, of people, places, and events were connected to each other. They were displayed as a tangle of dots and lines. Critics called it the BAG -- for "big ass graph" -- and said it produced very few useful leads. CIA officials in charge of tracking overseas terrorist cells were particularly unimpressed by it. "I don't need this," a senior CIA officer working on the agency's drone program once told an NSA analyst who showed up with a big, nebulous graph. "I just need you to tell me whose ass to put a Hellfire missile on."
Given his pedigree, it's unsurprising that Alexander is a devotee of big data. "It was taken as a given for him, as a career intelligence officer, that more information is better," says another retired military officer. "That was ingrained."
But Alexander was never alone in his obsession. An obscure civilian engineer named James Heath has been a constant companion for a significant portion of Alexander's career. More than any one person, Heath influenced how the general went about building an information empire.
Several former intelligence officials who worked with Heath described him as Alexander's "mad scientist." Another called him the NSA director's "evil genius." For years, Heath, a brilliant but abrasive technologist, has been in charge of making Alexander's most ambitious ideas a reality; many of the controversial data-mining tools that Alexander wanted to use against the NSA's raw intelligence were developed by Heath, for example. "He's smart, crazy, and dangerous. He'll push the technology to the limits to get it to do what he wants," says a former intelligence official.
Heath has followed Alexander from post to post, but he almost always stays in the shadows. Heath recently retired from government service as the senior science advisor to the NSA director -- Alexander's personal tech guru. "The general really looked to him for advice," says George, the former technical director. "Jim didn't mind breaking some eggs to make an omelet. He couldn't do that on his own, but General Alexander could. They brought a sense of needing to get things done. They were a dynamic duo."
Precisely where Alexander met Heath is unclear. They have worked together since at least 1995, when Alexander commanded the 525th Military Intelligence Brigade and Heath was his scientific sidekick. "That's where Heath took his first runs at what he called 'data visualization,' which is now called 'big data,'" says a retired military intelligence officer. Heath was building tools that helped commanders on the field integrate information from different sensors -- reconnaissance planes, satellites, signals intercepts -- and "see" it on their screens. Later, Heath would work with tools that showed how words in a document or pages on the Internet were linked together, displaying those connections in the form of three-dimensional maps and graphs.
At the Information Dominance Center, Heath built a program called the "automatic ingestion manager." It was a search engine for massive sets of data, and in 1999, he started taking it for test runs on the Internet.
In one experiment, the retired officer says, the ingestion manager searched for all web pages linked to the website of the Defense Intelligence Agency (DIA). Those included every page on the DIA's site, and the tool scoured and copied them so aggressively that it was mistaken for a hostile cyberattack. The site's automated defenses kicked in and shut it down.
On another occasion, the searching tool landed on an anti-war website while searching for information about the conflict in Kosovo. "We immediately got a letter from the owner of the site wanting to know why was the military spying on him," the retired officer says. As far as he knows, the owner took no legal action against the Army, and the test run was stopped.
Those experiments with "bleeding-edge" technology, as the denizens of the Information Dominance Center liked to call it, shaped Heath and Alexander's approach to technology in spy craft. And when they ascended to the NSA in 2005, their influence was broad and profound. "These guys have propelled the intelligence community into big data," says the retired officer.
Heath was at Alexander's side for the expansion of Internet surveillance under the PRISM program. Colleagues say it fell largely to him to design technologies that tried to make sense of all the new information the NSA was gobbling up. But Heath had developed a reputation for building expensive systems that never really work as promised and then leaving them half-baked in order to follow Alexander on to some new mission.
"He moved fairly fast and loose with money and spent a lot of it," the retired officer says. "He doubled the size of the Information Dominance Center and then built another facility right next door to it. They didn't need it. It's just what Heath and Alexander wanted to do." The Information Operations Center, as it was called, was underused and spent too much money, says the retired officer. "It's a center in search of a customer."
Heath's reputation followed him to the NSA. In early 2010, weeks after a young al Qaeda terrorist with a bomb sewn into his underwear tried to bring down a U.S. airliner over Detroit on Christmas Day, the director of national intelligence, Dennis Blair, called for a new tool that would help the disparate intelligence agencies better connect the dots about terrorism plots. The NSA, the State Department, and the CIA each had possessed fragments of information about the so-called underwear bomber's intentions, but there had been no dependable mechanism for integrating them all and providing what one former national security official described as "a quick-reaction capability" so that U.S. security agencies would be warned about the bomber before he got on the plane.
Blair put the NSA in charge of building this new capability, and the task eventually fell to Heath. "It was a complete disaster," says the former national security official, who was briefed on the project. "Heath's approach was all based on signals intelligence [the kind the NSA routinely collects] rather than taking into account all the other data coming in from the CIA and other sources. That's typical of Heath. He's got a very narrow viewpoint to solve a problem."
Like other projects of Heath's, the former official says, this one was never fully implemented. As a result, the intelligence community still didn't have a way to stitch together clues from different databases in time to stop the next would-be bomber. Heath -- and Alexander -- moved on to the next big project.
"There's two ways of looking at these guys," the retired military officer says. "Two visionaries who took risks and pushed the intelligence community forward. Or as two guys who blew a monumental amount of money."
As immense as the NSA's mission has become -- patrolling the world's data fields in search of terrorists, spies, and computer hackers -- it is merely one phase of Alexander's plan. The NSA's primary mission is to protect government systems and information. But under his leadership, the agency is also extending its reach into the private sector in unprecedented ways.
Toward the end of George W. Bush's administration, Alexander helped persuade Defense Department officials to set up a computer network defense project to prevent foreign intelligence agencies --mainly China's -- from stealing weapons plans and other national secrets from government contractors' computers.
Under the Defense Industrial Base initiative, also known as the DIB, the NSA provides the companies with intelligence about the cyberthreats it's tracking. In return, the companies report back about what they see on their networks and share intelligence with each other.
Pentagon officials say the program has helped stop some cyber-espionage. But many corporate participants say Alexander's primary motive has not been to share what the NSA knows about hackers. It's to get intelligence from the companies -- to make them the NSA's digital scouts. What is billed as an information-sharing arrangement has sometimes seemed more like a one-way street, leading straight to the NSA's headquarters at Fort Meade.
"We wanted companies to be able to share information with each other," says the former administration official, "to create a picture about the threats against them. The NSA wanted the picture."
After the DIB was up and running, Alexander proposed going further. "He wanted to create a wall around other sensitive institutions in America, to include financial institutions, and to install equipment to monitor their networks," says the former administration official. "He wanted this to be running in every Wall Street bank."
That aspect of the plan has never been fully implemented, largely due to legal concerns. If a company allowed the government to install monitoring equipment on its systems, a court could decide that the company was acting as an agent of the government. And if surveillance were conducted without a warrant or legitimate connection to an investigation, the company could be accused of violating the Fourth Amendment. Warrantless surveillance can be unconstitutional regardless of whether the NSA or Google or Goldman Sachs is doing it.
"That's a subtle point, and that subtlety was often lost on NSA," says the former administration official. "Alexander has ignored that Fourth Amendment concern."
The DIB experiment was a first step toward Alexander's taking more control over the country's cyberdefenses, and it was illustrative of his assertive approach to the problem. "He was always challenging us on the defensive side to be more aware and to try and find and counter the threat," says Tony Sager, who was the chief operating officer for the NSA's Information Assurance Directorate, which protects classified government information and computers. "He wanted to know, 'Who are the bad guys? How do we go after them?'"
While it's a given that the NSA cannot monitor the entire Internet on its own and that it needs intelligence from companies, Alexander has questioned whether companies have the capacity to protect themselves. "What we see is an increasing level of activity on the networks," he said recently at a security conference in Canada. "I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in."
* * *
Now, for the first time in Alexander's career, Congress and the general public are expressing deep misgivings about sharing information with the NSA or letting it install surveillance equipment. A Rasmussen poll of likely voters taken in June found that 68 percent believe it's likely the government is listening to their communications, despite repeated assurances from Alexander and President Barack Obama that the NSA is only collecting anonymous metadata about Americans' phone calls. In another Rasmussen poll, 57 percent of respondents said they think it's likely that the government will use NSA intelligence "to harass political opponents."
Some who know Alexander say he doesn't appreciate the depth of public mistrust and cynicism about the NSA's mission. "People in the intelligence community in general, and certainly Alexander, don't understand the strategic value of having a largely unified country and a long-term trust in the intelligence business," says a former intelligence official, who has worked with Alexander. Another adds, "There's a feeling within the NSA that they're all patriotic citizens interested in protecting privacy, but they lose sight of the fact that people don't trust the government."
Even Alexander's strongest critics don't doubt his good intentions. "He's not a nefarious guy," says the former administration official. "I really do feel like he believes he's doing this for the right reasons." Two of the retired military officers who have worked with him say Alexander was seared by the bombing of the USS Cole in 2000 and later the 9/11 attacks, a pair of major intelligence failures that occurred while he was serving in senior-level positions in military intelligence. They said he vowed to do all he could to prevent another attack that could take the lives of Americans and military service members.
But those who've worked closely with Alexander say he has become blinded by the power of technology. "He believes they have enough technical safeguards in place at the NSA to protect civil liberties and perform their mission," the former administration official says. "They do have a very robust capability -- probably better than any other agency. But he doesn't get that this power can still be abused. Americans want introspection. Transparency is a good thing. He doesn't understand that. In his mind it's 'You should trust me, and in exchange, I give you protection.'"
On July 30 in Las Vegas, Alexander sat down for dinner with a group of civil liberties activists and Internet security researchers. He was in town to give a keynote address the next day at the Black Hat security conference. The mood at the table was chilly, according to people who were in attendance. In 2012, Alexander had won plaudits for his speech at Black Hat's sister conference, Def Con, in which he'd implored the assembled community of experts to join him in their mutual cause: protecting the Internet as a safe space for speech, communications, and commerce. Now, however, nearly two months after the first leaks from Snowden, the people around the table wondered whether they could still trust the NSA director.
His dinner companions questioned Alexander about the NSA's legal authority to conduct massive electronic surveillance. Two guests had recently written a New York Times op-ed calling the NSA's activities "criminal." Alexander was quick to debate the finer points of the law and defend his agency's programs -- at least the ones that have been revealed -- as closely monitored and focused solely on terrorists' information.
But he also tried to convince his audience that they should help keep the NSA's surveillance system running. In so many words, Alexander told them: The terrorists only have to succeed once to kill thousands of people. And if they do, all of the rules we have in place to protect people's privacy will go out the window.
Alexander cast himself as the ultimate defender of civil liberties, as a man who needs to spy on some people in order to protect everyone. He knows that in the wake of another major terrorist attack on U.S. soil, the NSA will be unleashed to find the perpetrators and stop the next assault. Random searches of metadata, broad surveillance of purely domestic communications, warrantless seizure of stored communications -- presumably these and other extraordinary measures would be on the table. Alexander may not have spelled out just what the NSA would do after another homeland strike, but the message was clear: We don't want to find out.
Alexander was asking his dinner companions to trust him. But his credibility has been badly damaged. Alexander was heckled at his speech the next day at Black Hat. He had been slated to talk at Def Con too, but the organizers rescinded their invitation after the Snowden leaks. And even among Alexander's cohort, trust is flagging.
"You'll never find evidence that Keith sits in his office at lunch listening to tapes of U.S. conversations," says a former NSA official. "But I think he has a little bit of naivet?? about this controversy. He thinks, 'What's the problem? I wouldn't abuse this power. Aren't we all honorable people?' People get into these insular worlds out there at NSA. I think Keith fits right in."
One of the retired military officers, who worked with Alexander on several big-data projects, said he was shaken by revelations that the agency is collecting all Americans' phone records and examining enormous amounts of Internet traffic. "I've not changed my opinion on the right balance between security versus privacy, but what the NSA is doing bothers me," he says. "It's the massive amount of information they're collecting. I know they're not listening to everyone's phone calls. No one has time for that. But speaking as an analyst who has used metadata, I do not sleep well at night knowing these guys can see everything. That trust has been lost."
From eugen at leitl.org Mon Sep 9 08:40:10 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 14:40:10 +0200 Subject: Scott Aaaronson: NSA: Possibly breaking US laws, but still bound by laws of computational complexity Message-ID: <[email protected]> http://www.scottaaronson.com/blog/?p=1517
NSA: Possibly breaking US laws, but still bound by laws of computational complexity
Last week, I got an email from a journalist with the following inquiry. The recent Snowden revelations, which made public for the first time the US government?s ?black budget,? contained the following enigmatic line from the Director of National Intelligence: ?We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.? So, the journalist wanted to know, what could these ?groundbreaking? capabilities be? And in particular, was it possible that the NSA was buying quantum computers from D-Wave, and using them to run Shor?s algorithm to break the RSA cryptosystem?
I replied that, yes, that?s ?possible,? but only in the same sense that it?s ?possible? that the NSA is using the Easter Bunny for the same purpose. (For one thing, D-Wave themselves have said repeatedly that they have no interest in Shor?s algorithm or factoring. Admittedly, I guess that?s what D-Wave would say, were they making deals with NSA on the sly! But it?s also what the Easter Bunny would say.) More generally, I said that if the open scientific world?s understanding is anywhere close to correct, then quantum computing might someday become a practical threat to cryptographic security, but it isn?t one yet.
That, of course, raised the extremely interesting question of what ?groundbreaking capabilities? the Director of National Intelligence was referring to. I said my personal guess was that, with ~99% probability, he meant various implementation vulnerabilities and side-channel attacks?the sort of thing that we know has compromised deployed cryptosystems many times in the past, but where it?s very easy to believe that the NSA is ahead of the open world. With ~1% probability, I guessed, the NSA made some sort of big improvement in classical algorithms for factoring, discrete log, or other number-theoretic problems. (I would?ve guessed even less than 1% probability for the latter, before the recent breakthrough by Joux solving discrete log in fields of small characteristic in quasipolynomial time.)
Then, on Thursday, a big New York Times article appeared, based on 50,000 or so documents that Snowden leaked to the Guardian and that still aren?t public. (See also an important Guardian piece by security expert Bruce Schneier, and accompanying Q&A.) While a lot remains vague, there might be more public information right now about current NSA cryptanalytic capabilities than there?s ever been. So, how did my uninformed, armchair guesses fare? It?s only halfway into the NYT article that we start getting some hints:
The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian?s Web site in June.
?Properly implemented strong crypto systems are one of the few things that you can rely on,? he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted?
Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency?s success depends on working with Internet companies ? by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware?
Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency?s 2013 budget request was to ?influence policies, standards and specifications for commercial public key technologies,? the most common encryption method.
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort ?a challenge in finesse.?
So, in pointing to implementation vulnerabilities as the most likely possibility for an NSA ?breakthrough,? I might have actually erred a bit too far on the side of technological interestingness. It seems that a large part of what the NSA has been doing has simply been strong-arming Internet companies and standards bodies into giving it backdoors. To put it bluntly: sure, if it wants to, the NSA can probably read your email. But that isn?t mathematical cryptography?s fault?any more than it would be mathematical crypto?s fault if goons broke into your house and carted away your laptop. On the contrary, properly-implemented, backdoor-less strong crypto is something that apparently scares the NSA enough that they go to some lengths to keep it from being widely used.
I should add that, regardless of how NSA collects all the private information it does?by ?beating crypto in a fair fight? (!) or, more likely, by exploiting backdoors that it itself installed?the mere fact that it collects so much is of course unsettling enough from a civil-liberties perspective. So I?m glad that the Snowden revelations have sparked a public debate in the US about how much surveillance we as a society want (i.e., ?the balance between preventing 9/11 and preventing Orwell?), what safeguards are in place to prevent abuses, and whether those safeguards actually work. Such a public debate is essential if we?re serious about calling ourselves a democracy.
At the same time, to me, perhaps the most shocking feature of the Snowden revelations is just how unshocking they?ve been. So far, I haven?t seen anything that shows the extent of NSA?s surveillance to be greater than what I would?ve considered plausible a priori. Indeed, the following could serve as a one-sentence summary of what we?ve learned from Snowden:
Yes, the NSA is, in fact, doing the questionable things that anyone not living in a cave had long assumed they were doing?that assumption being so ingrained in nerd culture that countless jokes are based around it. (Come to think of it, people living in caves might have been even more certain that the NSA was doing those things. Maybe that?s why they moved to caves.)
So, rather than dwelling on civil liberties, national security, yadda yadda yadda, let me move on to discuss the implications of the Snowden revelations for something that really matters: a 6-year-old storm in theoretical computer science?s academic teacup. As many readers of this blog might know, Neal Koblitz?a respected mathematician and pioneer of elliptic curve cryptography, who (from numerous allusions in his writings) appears to have some connections at the NSA?published a series of scathing articles, in the Notices of the American Mathematical Society and elsewhere, attacking the theoretical computer science approach to cryptography. Koblitz?s criticisms were varied and entertainingly-expressed: the computer scientists are too sloppy, deadline-driven, self-promoting, and corporate-influenced; overly trusting of so-called ?security proofs? (a term they shouldn?t even use, given how many errors and exaggerated claims they make); absurdly overreliant on asymptotic analysis; ?bodacious? in introducing dubious new hardness assumptions that they then declare to be ?standard?; and woefully out of touch with cryptographic realities. Koblitz seemed to suggest that, rather than demanding the security reductions so beloved by theoretical computer scientists, people would do better to rest the security of their cryptosystems on two alternative pillars: first, standards set by organizations like the NSA with actual real-world experience; and second, the judgments of mathematicians with ? taste and experience, who can just see what?s likely to be vulnerable and what isn?t.
Back in 2007, my mathematician friend Greg Kuperberg pointed out the irony to me: here we had a mathematician, lambasting computer scientists for trying to do for cryptography what mathematics itself has sought to do for everything since Euclid! That is, when you see an unruly mess of insights, related to each other in some tangled way, systematize and organize it. Turn the tangle into a hierarchical tree (or dag). Isolate the minimal assumptions (one-way functions? decisional Diffie-Hellman?) on which each conclusion can be based, and spell out all the logical steps needed to get from here to there?even if the steps seem obvious or boring. Any time anyone has tried to do that, it?s been easy for the natives of the unruly wilderness to laugh at the systematizing newcomers: the latter often know the terrain less well, and take ten times as long to reach conclusions that are ten times less interesting. And yet, in case after case, the clarity and rigor of the systematizing approach has eventually won out. So it seems weird for a mathematician, of all people, to bet against the systematizing approach when applied to cryptography.
The reason I?m dredging up this old dispute now, is that I think the recent NSA revelations might put it in a slightly new light. In his article?whose main purpose is to offer practical advice on how to safeguard one?s communications against eavesdropping by NSA or others?Bruce Schneier offers the following tip:
Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Here Schneier is pointing out a specific issue with ECC, which would be solved if we could ?merely? ensure that NSA or other interested parties weren?t providing input into which elliptic curves to use. But I think there?s also a broader issue: that, in cryptography, it?s unwise to trust any standard because of the prestige, real-world experience, mathematical good taste, or whatever else of the people or organizations proposing it. What was long a plausible conjecture?that the NSA covertly influences cryptographic standards to give itself backdoors, and that otherwise-inexplicable vulnerabilities in deployed cryptosystems are sometimes there because the NSA wanted them there?now looks close to an established fact. In cryptography, then, it?s not just for idle academic reasons that you?d like a publicly-available trail of research papers and source code, open to criticism and improvement by anyone, that takes you all the way from the presumed hardness of an underlying mathematical problem to the security of your system under whichever class of attacks is relevant to you.
Schneier?s final piece of advice is this: ?Trust the math. Encryption is your friend.?
?Trust the math.? On that note, here?s a slightly-embarrassing confession. When I?m watching a suspense movie (or a TV show like Homeland), and I reach one of those nail-biting scenes where the protagonist discovers that everything she ever believed is a lie, I sometimes mentally recite the proof of the Karp-Lipton Theorem. It always calms me down. Even if the entire universe turned out to be a cruel illusion, it would still be the case that NP ? P/poly would collapse the polynomial hierarchy, and I can tell you exactly why. It would likewise be the case that you couldn?t break the GGM pseudorandom function without also breaking the underlying pseudorandom generator on which it?s based. Math could be defined as that which can still be trusted, even when you can?t trust anything else.
This entry was posted on Sunday, September 8th, 2013 at 11:31 am and is filed under Complexity, Nerd Interest. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
24 Responses to ?NSA: Possibly breaking US laws, but still bound by laws of computational complexity? Aaronson on crypto. Schneier ?elliptic-curve systems; the latter have constants that the NSA influences when they can.? | Gordon's shares Says: Comment #1 September 8th, 2013 at 1:22 pm [?] Link. Trust math, but not NSA mathematicians. [?]
Douglas Knight Says: Comment #2 September 8th, 2013 at 1:35 pm Could you be more specific about what you mean by the hypothetical ?big improvement? on number theory algorithms that is covered by your 1%?
Do elliptic curve algorithms count? Does an L(1/4) algorithm count, or only quasi-polynomial? What if they can?t break all instances, but, as has repeatedly happened, they discovered bad primes or bad exponents that make particular keys weak? Breaking a random half of all keys is almost as good as breaking all of them. Schneier?s condemnation of ECC seems to require more than 1% chance NSA knows something special about ECC.
PS ? David Jao, commenting on Schneier?s blog says that we can and do use cryptography to prevent NSA from meddling with mystery constants. He says that the ECC standard curves are generated by SHA-1, so to meddle, NSA would have to break the has function. (But if half of curves are bad, that?s easy.)
Anonymous Says:
Comment #3 September 8th, 2013 at 1:45 pm
You are making good and interesting points. However, Koblitz also has some valid criticisms of TCS even if his conclusions are not valid. The mathematical models we built in TCS are useless if they don?t relate to the practice and we know many of our standard models are not good enough approximation of the reality and arguably there isn?t enough effort to deal with these issues. Technical heavy weight lifting is used as the ultimate criteria for judging the value of research projects inside the community.
Also I think you are exaggerating what most cryptographers expected that NSA was doing. I have heard several famous crypto experts quite surprised by these revelations and it has shaken their trust in the government institutions. I never understood why some people presume that government is a benevolent entity, such beliefs in government institutions seems like ideology to me.
Daniel Armak Says: Comment #4 September 8th, 2013 at 2:06 pm
You can trust the math itself, and so can Bruce Schneier and a few tens of thousands of other people. But everyone else who can?t grok the entire mathematical arguments for each cryptographical system, or doesn?t want to spend a long time studying it, must trust the word of people like you. And since the NSA can and does subvert people like you, who do original work and analyze others? work and sit on standards committees, not to mention the programmers who implement it in code, what are we to do?
Daniel W. Says:
Comment #5 September 8th, 2013 at 2:33 pm
In my mind, the best circumstantial evidence that the NSA has not practically broken any of the major cryptosystems is the following:, if they had, they would most likely keep this as a highly guarded secret to be used only against high value targets rather than as a means of monitoring potential terrorists. It would most likely be contained within a small circle and not mentioned in power-point presentations to low-level analysts.
Of course, the above argument may be flawed by assuming the NSA has too high of a level of competence.
T H Ray Says:
Comment #6 September 8th, 2013 at 2:43 pm
Scott,
? ? the clarity and rigor of the systematizing approach has eventually won out.?
No doubt. In Euclid?s time as well as the present, though, it is helpful to have something to systematize. Making that assumption available and convenient is what mathematicians do.
Scott Says:
Comment #7 September 8th, 2013 at 3:02 pm
Daniel Armak #4:
You can trust the math itself, and so can Bruce Schneier and a few tens of thousands of other people. But everyone else ? must trust the word of people like you. You raise an excellent point, which I think applies even more broadly than you say. For one thing, I merely understand some of the general ideas: I haven?t gone through every detail of the math used by the crypto in my web browser, and I dare say that most professional cryptographers haven?t either.
For another, the point is much broader than cryptography: how can you trust quantum mechanics, if you haven?t done the requisite experiments yourself? The physicists could?ve all been bought off by some anti-realist cabal. :-) Or how can you trust that the government isn?t putting mind-control drugs into the fruit you buy in the supermarket, etc. etc.
So we?re extremely lucky that science hit on a solution to these problems?the only workable solution, really?back in the 17th century. The solution is to open up every question to scrutiny, discussion, and challenge by any interested person. Assertions gain credibility by surviving public criticism?and that?s just as true in math as it is in experimental sciences. I believe many theorems even though I haven?t checked the proofs myself, because I know that if there were an error, then someone else could?ve made a name for themselves by finding it. Now, for this Popperian dynamic to work, the whole process has to be carried out in the open: if I thought someone who found a fatal flaw in a proof would only tell their friends, then that doesn?t do me any good. That?s why the dividing line between ?crypto as black art? and ?modern crypto? happened precisely when new discoveries started being published in the open literature, rather than being filed in a drawer at NSA or GCHQ. wolfgang Says:
Comment #8 September 8th, 2013 at 3:20 pm
Unfortunately, this xkcd.com/538/ had it right imho.
Scott Says:
Comment #9 September 8th, 2013 at 3:20 pm
Daniel W. #5: If the NSA had really broken strong cryptosystems, then why would they have resorted to so many covert tactics (or, in the case of the Clipper Chip, overt attempts) to prevent people from using strong crypto, unless NSA has a backdoor? I suppose it?s all elaborate psychological warfare, to prevent us from discovering the fact that these cryptosystems were broken? And that even Snowden himself is part of the NSA?s master plan? :-)
At least in my book, every time you claim that what looks on its face like evidence for X, is really evidence for a powerful cabal trying to prevent everyone from discovering not(X), the plausibility of your theory gets cut by a factor of maybe 50,000. This is directly related to the fact that I don?t believe any conspiracy theories?as in zero, not one.
Scott Says:
Comment #10 September 8th, 2013 at 3:32 pm
Douglas Knight #2: Sure, dramatic improvements in elliptic-curve algorithms would certainly count?as would ?merely? subexponential algorithms, were the improvements large enough to threaten key sizes that the academic cryptographers considered safe.
More broadly, though, you?re entirely right that there?s not a sharp line between ?improved number-theory algorithms? and ?implementation vulnerabilities.? Often, what?s happened in practice is that an implementation vulnerability has opened the way for an attack that still requires interesting and nontrivial number theory. But I suppose that sort of thing would still belong to the ?99%? part of my probability estimate. In the ?1%? part, I really had in mind ?something that would give theoretical cryptographers a heart attack? (like, I dunno, factoring in L(1/10), or elliptic curve discrete log in quasipolynomial time).
Scott Says:
Comment #11 September 8th, 2013 at 5:03 pm
Anonymous #3:
You are making good and interesting points. However, Koblitz also has some valid criticisms of TCS even if his conclusions are not valid. I completely agree that Koblitz has some valid criticisms.
However, I?ve read pretty much all of his and Menezes?s anti-TCS screeds, and to me what he?s doing seems, if you like, too easy to be helpful. Koblitz?s favorite M.O. is to recount various slip-ups by people in the ?Goldreich school of crypto? and laugh at them: ?haha, they talk about ?provable security,? but there was a bug in their proof! or their security definition left out an important class of side-channel attacks!? Then, with even more glee, Koblitz relates how the hapless computer scientists put out a new paper supposedly fixing the problem, but that paper had its own problems, and so on.
The trouble is, that is indeed what a bunch of incompetent buffoons would look like, but it?s also what science looks like! :-) Koblitz never seems to want to acknowledge that the end result of the process is better scientific understanding and more secure cryptosystems than before (even if still not perfect).
Also, of course, Koblitz almost defiantly refuses to suggest any better mathematical foundations for cryptography, besides the reduction-based foundations that were built up over the last 30 years. I.e., it?s not that instead of adaptive chosen ciphertext attack, he has a better definition to propose, or that instead of ?bodacious? new hardness assumptions, he can give a single assumption that suffices for everything. Instead, what he appears to want is simply a return to the ?black art? era of cryptography, when security arguments boiled down to ?we tried to break it and failed? or ?trust us, we have better mathematical taste than you.?
The trouble is, I can?t think of a single case in the history of science when mathematical foundations as well-developed as cryptography?s now are, were simply abandoned wholesale without better mathematical foundations to replace them. So intellectually, Koblitz strikes me as someone who?s throwing spears at battle-tanks. Being the excellent marksman that he is, he actually scores some hits?but the reduction-encrusted battle-tanks are still going to win in the end.
The mathematical models we built in TCS are useless if they don?t relate to the practice and we know many of our standard models are not good enough approximation of the reality and arguably there isn?t enough effort to deal with these issues. Would one also say that the mathematical foundations of topology?open sets, Urysohn?s Lemma, etc.?are useless if they don?t relate to the practice of tying and untying knots? I think that?s a pretty close analogy for the relationship between what, say, Goldreich or Goldwasser or Micali do, and the actual practice of cryptography. In both cases, yes, there?s some relation between the intellectual foundations on the bottom and the beautiful ornaments on top, but not surprisingly there are many floors in between. Starting from a one-way function, for example, you first have to construct a quasi-regular one-way function, then a pseudoentropy generator, then a pseudorandom generator, then a pseudorandom function, and then maybe you can start to think about building (say) a rudimentary private-key cryptosystem or signature scheme.
Also I think you are exaggerating what most cryptographers expected that NSA was doing. I have heard several famous crypto experts quite surprised by these revelations and it has shaken their trust in the government institutions. I never understood why some people presume that government is a benevolent entity, such beliefs in government institutions seems like ideology to me. My situation is different: I never had any real doubt that NSA was doing such things; the thing I genuinely don?t know is whether they have good reasons to be doing them. I consider it conceivable that the NSA has indeed stopped many terrorist attacks or other international disasters that we never hear about?in which case, the strongest case in their favor might be stronger than the strongest case that can ever be made publicly. The fact that President Obama, who?s so reasonable on so many issues, has implied as much is evidence for that view from my perspective. On the other hand, I also consider it conceivable that the current eavesdropping regime is purely a result of the universal tendency of bureaucracies to expand, justify themselves, and zealously guard their power and privileges. Or it could be some combination of the two.
For me, though, the deciding consideration is that, even in a fantasy world where the NSA?s actions had always been 100% justified, I?d still want them to be more accountable to the public than they are now. ?Trust that we have our reasons, even though we can?t tell you what they are? simply doesn?t work over the long term in a democracy, even if the trust is justified at any particular time or in any particular case (and of course, often it hasn?t been).
Anonymous Says:
Comment #12 September 8th, 2013 at 8:05 pm
I agree with you that his attitude is not constructive criticism. I would even go further than you and say it is stupid to forget the science of crypto and go back to purely engineering art treatment.
Regarding reasonability of what NSA does, NSA and its backers would of course claim these tools are useful. To be honest, security was a weak point of Obama?s campaign, he is not really knowledgeable in these issues and he has not gone and will not go against his advisers if they tell him these tools are necessary to fight terrorism. However, as far as I have heard, they have hard time convincing anyone outside executive branch that these tools have been as useful as they are claiming. How many major terrorist plots they have been uncovered and prevented using these tools? It seems that they are using these tools for a very wide range of activities including industrial and political espionage on foreign governments and companies and gain political and commercial advantage (what they call US national interests, not just securing Americans against terrorists). Does anyone really believe that EU or Brazil or liberal NGOs will launch a terrorist attack on US? FBI?s actions against Dr. King is telling how far they would go. They use the fear factor of a possible terrorist attacks to justify these actions to the public, however the laws allow them to do whatever they want to and when there are restrictions (like the fourth amendments) they find ways to circumvents them (e.g. by colliding with foreign intelligence services like GCHQ to spy on American citizens) or change the interpretations of those laws. We are very lucky that many influential Americans in the previous generations had a negative view of the federal government and wanted to restrict its powers as much as possible, restrictions which are being removed in practice (partly because some people want to settle sociopolitical disputes present in the country using the government?s power). I don?t see why so much power should be invested in a single authority with almost no real public supervision and scrutiny (a role that media was playing to some extent in previous decades but is coming under heavy pressure from government as Manning, Swartz, Snowden, ? cases demonstrate). And even when courts find that someone in the government has seriously violated the laws the president forgives them and they avoid real punishment (as Scoot Libby case demonstrates).
It is not just US government, there is a trend in western liberal democracies. It is simply unbelievable that the UK security forces used a law passed to fight terrorism to hold the partner of a Guardian journalist for 9 hours without a lawyer and without the protection of Miranda rights against self-incrimination. Anyone who thinks that security forces will only use the authority and tools they obtain to the limited extent of the original goal suffers from extreme nativity. They will use any tools in their disposal to the fullest extent they can to achieve what they perceive to be the goals of their institution. When they perceive journalists like Greenwald as a threat to the national interests they use these tools to fight them which includes intimidating the partner of a journalist using terrorism fighting powers. I still fund it really hard to believe that we have gone so far in the direction of an Orwellian society.
What can theoretical computer science offer biology? | Theory, Evolution, and Games Group Says:
Comment #13 September 9th, 2013 at 2:16 am
[?] the aid that cstheory can offer to biological understanding. In yesterday?s post on the NSA and computational complexity, Aaronson ? with attribution to mathematician Greg Kuperberg ? provided the following [?] Paul Beame Says:
Comment #14 September 9th, 2013 at 2:45 am
Some of the NSA revelations have been no surprise at all. It was well known in the 1980?s, particularly after the publication of The Puzzle Palace, that the NSA was tapping all the trans-Atlantic telephone cables; gathering up of all e-mail to foreign addresses seems like more of the same.
The relationship of the NSA with TCS cryptographers has been pretty shaky. I recall attending a theory of cryptography workshop at MIT?s Endicott House in June 1985 with one or two official NSA attendees. At the time, there were one or two TCS attendees known to have NSA funding and the NSA people wanted to recruit more. In announcing their desire to sponsor more TCS cryptographers, one of the NSA people cast a pall over the meeting by saying: ?If you are interested, just mention it in a phone conversation with one of your friends and we?ll get back to you.? This didn?t exactly endear them to anyone.
J Says:
Comment #15 September 9th, 2013 at 2:51 am
?Math could be defined as that which can still be trusted, even when you can?t trust anything else?
Wait till someone shows multiplication and addition have same complexity or possible Voevodsky?s/Nelson?s worst nightmare comes true
Refer: http://mathoverflow.net/questions/40920/what-if-current-foundations-of-mathematics- are-inconsistent http://mathoverflow.net/questions/36693/nelsons-program-to-show-inconsistency-of-zf
Scott Says:
Comment #16 September 9th, 2013 at 4:20 am
J #15: Multiplication and addition having the same complexity (and yes, it?s conceivable that there?s a linear-time multiplication algorithm) wouldn?t do anything whatsoever to undermine my trust in math?why would it?
Also, even if ZF set theory were shown to be inconsistent (and it won?t be :-) ), that wouldn?t do anything whatsoever to undermine my trust in theorems about (say) finite groups, or low-dimensional topology, or theoretical computer science?in fact, about anything that doesn?t involve transfinite sets. It would ?merely? tell me that there was a need (and, of course, an exciting opportunity) to rethink the foundations. That?s something that already happened 100+ years ago (the renovations causing virtually no damage to the higher floors), and that could conceivably happen again.
Vitruvius Says:
Comment #17 September 9th, 2013 at 4:58 am
I agree, Scott, with your general position that any time one claims that ?evidence for x is really evidence for a powerful cabal trying to prevent everyone from discovering not(x)? one?s credibility drops by an irrecoverably large factor, and I agree with you that ?math can be defined as that which can still be trusted, even when you can?t trust anything else? (as you put it), yet that still begs the question of how we the people decide what to trust to be valid math.
Similarly, while your suggestion to ?open up every question to scrutiny, discussion, and challenge by any interested person? may be necessary in order to establish public trust, it isn?t sufficient because we still have the problem of deciding which such interested persons to trust, and which to write off as conspiracy theorists in their own right. How do we feasibly decide, in effect, whether Ehrenhaft is a crackpot (as it were), and whether ?Snowden himself is part of the NSA?s master plan? (as you playfully alluded to)?
To that end you may be interested in Why Doesn?t the Public Trust Scientists?, a lecture by The Right Honourable Professor The Baroness O?Neill of Bengarve, Emeritus Professor of Philosophy at the University of Cambridge and past Principal of Newnham College, Cambridge, which she presented in 2005 as part of the Science Futures series by the San Diego Science and Technology Council?s Center for Ethics in Science and Technology.
Note that while ?scientists? are the titular and exemplary referent matter in that lecture, Baroness O?Neill?s talk actually considers a range of questions in regard of public trust, including the roles of professional organizations, trustworthiness (which can?t replace trust because of the quis custodiet ipsos custodes problem), statutory regulation, post hoc accountability, &c, which apply more broadly to the matters of public trust in any and every profession and institution, including politics and the law.
O?Neill argues, if I may be so bold as to suggest a pr?cis, that going back through the 17th century (as you noted) western liberal democracies have indeed evolved a multipartite methodology that does tend work in practice and that may well be the best we can get in principal, though it remains unclear to me how well we are applying those techniques to matters of state security in general, and how effectively you folks in the United States of America are applying those techniques to your vaunted Agency in particular.
Scott Says:
Comment #18 September 9th, 2013 at 5:01 am
Paul Beame #14: I?ve actually heard that joke many times, in other variants. (?Interested in career opportunities at the NSA? Call your mom and let her know!?) I didn?t know that NSA people themselves used the joke at conferences, but it doesn?t surprise me at all.
J Says: Comment #19 September 9th, 2013 at 6:39 am ?Multiplication and addition having the same complexity (and yes, it?s conceivable that there?s a linear-time multiplication algorithm) wouldn?t do anything whatsoever to undermine my trust in math?why would it??
I thought I read somewhere that if addition and multiplication turn out to be similar in complexity, then it would imply something is wrong with mathematics.
On the same vein think of the generalization of scheme theory that Mochizuki claims to have undertaken to take apart + and x in ring structure.
I would think something fundamentally would have changed in our picture if they turn to be similar in complexity.
J Says:
Comment #20 September 9th, 2013 at 6:47 am
Atleast for computational purposes, the multiplicative group structure and additive group structure of $\Bbb Z$ seem to be coinciding. This seems wrong. I cannot directly relate to $Z \bmod p$ but this seems to have implication to Discrete Log. An implication for this may not be beyond reach for atleast a few other rings as well.
Scott Says: Comment #21 September 9th, 2013 at 7:02 am
J #19: Well, we already have a remarkable O(n logn loglogn) multiplication algorithm (due to F?rer, and building on many previous works), and it hasn?t created any problem for the foundations of mathematics that I know about. Meanwhile, just like for most problems, we currently have no lower bound for multiplication better than the trivial ?(n). I suppose I?d guess that ?(n logn) is some sort of barrier, but not with any strength of conviction: if a linear-time algorithm were discovered, it certainly wouldn?t cause me to doubt the consistency of ZF set theory. :-)
Scott Says:
Comment #22 September 9th, 2013 at 7:16 am
Vitruvius #17: it remains unclear to me ? how effectively you folks in the United States of America are applying those techniques to your vaunted Agency in particular. As long as we?re trading mild national barbs, you?re Canadian? You guys do have the Communications Security Establishment, which according to the NYT article is one of only four foreign agencies (along with Britain?s, Australia?s, and New Zealand?s) that ?knows the full extent? of the NSA?s decoding capabilities and is cleared for its ?Bullrun? program. Though I confess that, when I try to imagine Canada?s CSE, I come up with something like the following:
Read this gentleman?s private email? Ooo, nooo, that doesn?t sound terribly polite, eh?
J Says:
Comment #23 September 9th, 2013 at 7:21 am
Professor I am well aware of all $n^{1+\epsilon}$ algorithms and Schonage?s $O(n)$ algorithm on multitape machines. I cannot find the reference I am thinking. It was written by a TCS theorist. I would seriously think that the standard ring structure in $\Bbb Z$ could be modeled differently. I do not know if ZF would be affected. However the question of treating x and + differently for computation purposes compare to mathematical purposes arises making things murky.
I am not implicating ZF with $O(n)$ algorithms for standard x operations on the standard structure of $\Bbb Z$. The ZFC comment was a second piece of mathematical conundrum some reputed folks have raised awareness about for a need to be more well-grounded and it rang well with your statement on truth in math as we know it. (Unrelated but bringing in ? $Z$ has been a puzzle before as well ? it is the simplest ring with a spectrum of prime ideals whose dimension is unclear to be interpreted in a standard way)
Scott Says:
Comment #24 September 9th, 2013 at 7:23 am
Wolfgang #8:
Unfortunately, this xkcd.com/538/ had it right imho.
YES! I especially liked the mouseover text (?Actual actual reality: nobody cares about his secrets?). ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Mon Sep 9 10:37:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 16:37:13 +0200 Subject: [Bitcoin-development] Blockchain archival Message-ID: <[email protected]>
----- Forwarded message from rob.golding at astutium.com -----
Date: Sun, 08 Sep 2013 04:56:17 +0100 From: rob.golding at astutium.com To: bitcoin-development at lists.sourceforge.net Subject: Re: [Bitcoin-development] Blockchain archival User-Agent: Roundcube Webmail/0.8.5
> (there's no way to be completely trust-free without this).
Not quite true, as I said balance-at-point-in-time would solve that (and make the storage requirements much lower)
>> If going that route, then solutions to the 'consolidate >> addresses/wallets' >> question and formal 'discard' of addresses could get addressed. > > Not sure what you mean here. Addresses and wallets are two completely > different things. Addresses are single-use destinations that point to > a wallet > (which is itself private and unknown to the network).
For bitcoin to grow beyond interesting experiment into global everyday use a number of things would have to happen, not least of which is taking 'average punter' into account. Whilst new ideas can filter into the general consciousness over time,sometimes concepts have to go with 'what already works' :)
People's concept of money hasn't really changed in over 1,000 years - it remains 'something of known value i can exchange for something else'.
No-one outside of bitcoin dev's and early adopters really gets the one-shot concept of addresses - possibly rightly so - keeping issues of it lowering levels of anonymity etc out of the discussion - it doesn't fit with the mindset people have - it's difficult enough getting merchants to setup separate addresses for each client, one per transaction is simply a waste (of addresses, storage, blockchain size, numnber of inputs|outputs when spending etc)
I'm sure the wife would love a new handbag everytime she gets some money, but the real-world just isnt like that ;)
Addresses are perceived as the equivalent of a jar you stick your coins in. You can have lots of jars. Each jar can be for a specific reason or whatever, but the analogy is there.
Wallets are like a box you keep some of your jars in. With the added interesting concept that a jar can be in multiple boxes at the same time. Only the person with the right 'key' can open the jar and take the contents.
However unlike the 3 money boxes I have behind me right now - which i can take 1 single penny out of one and put it into another - if I want to move bitcoins from one addresses (jar) to another *of my own* I have to pay a fee. Worse still if the jar doesnt have much in it I'm denied that ability. End user will neither understand why or want to pay the fee, for dealing with their own coins. If a jar breaks I can just tip the contents into a new one - unless I'm very careless, the amount in the new one = the amount in the old one - people will want/need it to work like that.
Similarly if you do have all these addresses around, you may want (as good housekeeping) discard some of them (after moving the cash).
So having the ability to specify address to send from is essential (and a sadly missing feature of the QT client)
'intra-wallet' transfers with an 'also discard the sending address' would be a way of (once confirmed) stopping any further use of that address (denied any further transactions by miners ?) and when balance-at-point-in-time is implemented, a way of shrinking the storage for all other bitcoin users (who chosse not to have a full transaction set).
If i send luke 10, and luke sends me back 3, i have 3, luke has 7. If luke sends me 2, and i send luke 1, i have 4 and luke has 6. To verify my ability to send jeff 4, all that is needed is to know that I have 4, not all the transactions that led to that state - thats how its done now, thats not necessarily efficient as bitcoin grows
If luke sends me 4 more, i now have 4 again, luke has 3 If i send 1 to each of the children, they have 1 each (*4)
Having a 'family' wallet means when on holiday they can have that rental of quad-bikes - to send the rental company 4 the client only needs to know that those addresses now have 1 each in them, not all the previous transactions - if they didnt exist at the point-in-time balance, then yes, it would need to know about the luke>rob>kids transactions, but thats all
I moved to a new netbook recently - it took 140 *hours* to d/load and process the blockchain (yes the wifi was that bad), I heard from one of our clients that (although they only had the client running during working hours) that to their desktop it was over 9 days before it had caught up.
If all I was d/loading were the transactions since the last difficulty change (as one example of a fixed point), and the remaining balance on any not-discarded address as at that point it would have been much much quicker, and not be shagging my shiny new hard drive.
There's more but it's 4.45 in the morning, and I cant think coherently until after a few hours kip and some good coffee :)
Rob
------Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk ______Bitcoin-development mailing list Bitcoin-development at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Mon Sep 9 15:17:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 21:17:51 +0200 Subject: [Cryptography] What TLS ciphersuites are still OK? Message-ID: <[email protected]>
----- Forwarded message from Ben Laurie
Date: Mon, 9 Sep 2013 17:29:24 +0100 From: Ben Laurie
Perry asked me to summarise the status of TLS a while back ... luckily I don't have to because someone else has: http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only available in TLS 1.2:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From juan.g71 at gmail.com Mon Sep 9 15:32:35 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Mon, 09 Sep 2013 16:32:35 -0300 Subject: hardware RNG Message-ID: <[email protected]>
very naive question here :
Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
J.
From bill.stewart at pobox.com Mon Sep 9 15:58:28 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 09 Sep 2013 12:58:28 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
At 12:32 PM 9/9/2013, Juan Garofalo wrote: >very naive question here : >Wouldn't it be possible to build a RNG using something like a zener >diode and a $2 microcontroller?
Sure, and if you like playing with Arduinos and similar electronics, it'd be a good experiment.
The main issues you run into (besides getting a decent fast USB interface without having to use surface-mount electronics, which are annoying to solder), are validating the quality of the randomness and getting enough speed to be useful (which depends not only on your noise quality but also on whether you're using a USB-enabled chip or just bit-banging.
DieHard http://en.wikipedia.org/wiki/Diehard_tests is probably still the standard quality test - your noise is almost certain to be biased, rather than purely uniform, so you'll need to whiten the data and adjust your entropy estimates appropriately.
From eugen at leitl.org Mon Sep 9 16:01:19 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 9 Sep 2013 22:01:19 +0200 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
On Mon, Sep 09, 2013 at 04:32:35PM -0300, Juan Garofalo wrote:
> Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
I would use a cheap analog circuit like http://www.maximintegrated.com/app-notes/ index.mvp/id/3469 and let your audio card to A/D. Bonus points: there are already entropy gathering daemons which use soundcard input.
Even cheaper: hang a cheap microphone into a fan exhaust. Noise definitely not white, but certainly more entropy than just looking at lowest bits of A/D.
From rich at openwatch.net Mon Sep 9 16:05:14 2013 From: rich at openwatch.net (Rich Jones) Date: Mon, 9 Sep 2013 13:05:14 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID:
Here's some folks who did it using a lava lamp! http://www.lavarnd.org/
Obviously I wouldn't take this too seriously, but could be a fun weekend hack.
On Mon, Sep 9, 2013 at 12:58 PM, Bill Stewart
> At 12:32 PM 9/9/2013, Juan Garofalo wrote: > >> very naive question here : >> Wouldn't it be possible to build a RNG using something like a zener diode >> and a $2 microcontroller? >> > > Sure, and if you like playing with Arduinos and similar electronics, it'd > be a good experiment. > > The main issues you run into (besides getting a decent fast USB interface > without having to use surface-mount electronics, which are annoying to > solder), > are validating the quality of the randomness and getting enough speed to > be useful (which depends not only on your noise quality but also on whether > you're using a USB-enabled chip or just bit-banging. > > DieHard http://en.wikipedia.org/wiki/**Diehard_tests
-- ?????????????
Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS
From coderman at gmail.com Mon Sep 9 16:08:37 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Sep 2013 13:08:37 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On Mon, Sep 9, 2013 at 12:32 PM, Juan Garofalo
0. "Cryptographic Engineering" (2009) http://link.springer.com/book/10.1007/978-0-387-71817-0/page/1 or https://play.google.com/store/books/details/%C3%87etin_K_Ko%C3% A7_Cryptographic_Engineering?id=nErZY4vYHIoC
From juan.g71 at gmail.com Mon Sep 9 19:28:47 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Mon, 09 Sep 2013 20:28:47 -0300 Subject: hardware RNG In-Reply-To:
Thanks for the replies guys! I'm going through the links provided.
Meanwhile I got a follow up question...
Creating hardware rngs for individual PCs or phones or similar devices isn't really hard. We don't need to rely on a multibillion american corporation like intel to produce some state-of-the-art circuitry. There are applications that need a fast stream of random numbers, but those applications are not the applications end users run on their devices for security purposes - Did I get the general idea right?
J.
From adi at hexapodia.org Tue Sep 10 00:38:13 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Mon, 9 Sep 2013 21:38:13 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID: <[email protected]>
On Mon, Sep 09, 2013 at 12:58:28PM -0700, Bill Stewart wrote: > At 12:32 PM 9/9/2013, Juan Garofalo wrote: > >very naive question here : > >Wouldn't it be possible to build a RNG using something like a > >zener diode and a $2 microcontroller? > > Sure, and if you like playing with Arduinos and similar electronics, > it'd be a good experiment.
If you go down this path, you'll want to review the math at http://www.av8n.com/turbid/paper/turbid.htm
> The main issues you run into (besides getting a decent fast USB > interface without having to use surface-mount electronics, which are > annoying to solder), > are validating the quality of the randomness and getting enough > speed to be useful (which depends not only on your noise quality but > also on whether you're using a USB-enabled chip or just bit-banging. > > DieHard http://en.wikipedia.org/wiki/Diehard_tests is probably still > the standard quality test - your noise is almost certain to be > biased, rather than purely uniform, so you'll need to whiten the > data and adjust your entropy estimates appropriately.
Diehard is very good at what it does ... but what it does is not very useful for validating a HWRNG. There's a long but very clear explanation of why, including examples, in the Turbid paper, section 7: http://www.av8n.com/turbid/paper/turbid.htm#sec-measurement
-andy
From bill.stewart at pobox.com Tue Sep 10 03:13:32 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 10 Sep 2013 00:13:32 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> <[email protected]> Message-ID: <[email protected]>
At 04:28 PM 9/9/2013, Juan Garofalo wrote: > Creating hardware rngs for individual PCs or phones or > similar devices isn't really hard. We don't need to rely on a > multibillion american corporation like intel to produce some > state-of-the-art circuitry. There are applications that need a fast > stream of random numbers, but those applications are not the > applications end users run on their devices for security purposes - > Did I get the general idea right?
Except for security purposes, most people who need a lot of random numbers are doing things like simulation or generating events in games, so they need a source with very good statistics about independence and uncorrelatedness, but don't mind if it's predictable (and in fact being predictable can be useful, since you can run the same random data stream against different versions of your application and see if it performed better or worse). For those people, a statistically good pseudorandom number generator is usually just fine, and if it's cryptographically secure that's nice but only because crypto stuff needs to be statistically good. Fast on-chip hardware random number generation is useful to non-security people because it's also likely to be statistically good.
Security's different, of course. In a typical client-server or peer-to-peer environment, a client or peer isn't going to be generating a lot of random session keys per second, much less a lot of high-strength long-term-use public keys, so the only reason performance matters is that you don't want the user to use a too-short key because generating a long enough key would have taken 15 minutes or required them to wave a mouse around for a long time. A web server or mail server or sometimes a peer with a lot of traffic (e.g. a Tor node) is a different case; they might handle enough traffic that fast strong hardware random number generation is necessary, and they're also the more interesting targets for Bad Guys to attack.
The other set of security people who want a large quantity of really good random numbers are people who use one-time pads. Most of them are either hobbyists (who can wait), or actually military/spies/anti-government activists (who are going to ship keys around by courier, which is slow, so they should be willing to generate them in advance), or paranoids (who don't trust public-key crypto, or who don't trust their hardware not to have backdoors, so they've got lots of challenges.) Using OTPs in a professional environment is operationally expensive; you should be willing to spend money on hardware if you're doing it.
From eugen at leitl.org Tue Sep 10 04:23:04 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 10 Sep 2013 10:23:04 +0200 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> Message-ID: <[email protected]>
On Tue, Sep 10, 2013 at 12:13:32AM -0700, Bill Stewart wrote:
> The other set of security people who want a large quantity of really > good random numbers are people who use one-time pads. Most of them > are either hobbyists (who can wait), or actually > military/spies/anti-government activists (who are going to ship keys > around by courier, which is slow, so they should be willing to > generate them in advance), or paranoids (who don't trust public-key > crypto, or who don't trust their hardware not to have backdoors, so > they've got lots of challenges.) Using OTPs in a professional > environment is operationally expensive; you should be willing to > spend money on hardware if you're doing it.
Many cheap embeddes have hardware RNGs -- e.g. ALIX (Geode), which can take e.g. HiFn 7955 on a mini-PCI, plus mixing in some entropy from e.g. an USB device is not that expensive. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From kylem at xwell.org Tue Sep 10 10:49:02 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Tue, 10 Sep 2013 09:49:02 -0500 Subject: [cryptography] Matthew Green: An understated response to the NSA and unidentifed friends treachery In-Reply-To:
Feels like naming coincidence, particularly given that the GCHQ analogue is named similarly. From The Guardian[0]:
"The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier."
[0]: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
On Fri, Sep 6, 2013 at 2:11 PM, grarpamp
-- @kylemaxwell
From eugen at leitl.org Tue Sep 10 11:02:22 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 10 Sep 2013 17:02:22 +0200 Subject: [Cryptography] The One True Cipher Suite Message-ID: <[email protected]>
----- Forwarded message from Jerry Leichter
Date: Tue, 10 Sep 2013 07:42:55 -0400 From: Jerry Leichter
On Sep 9, 2013, at 12:00 PM, Phillip Hallam-Baker wrote: > Steve Bellovin has made the same argument and I agree with it. Proliferation of cipher suites is not helpful. > > The point I make is that adding a strong cipher does not make you more secure. Only removing the option of using weak ciphers makes you more secure. I'm not so sure I agree. You have to consider the monoculture problem, combined with the threat you are defending against.
The large burst of discussion on this list was set off by Perry's request for ways to protect against the kinds of broad-scale, gather-everything attacks that Snowden has told us the NSA is doing. So consider things from the side of someone attempting to mount this kind of attack:
1. If everyone uses the same cipher, the attacker need only attack that one cipher. 2. If there are thousands of ciphers in use, the attacker needs to attack some large fraction of them.
As a defender, if I go route 1, I'd better be really, really, really sure that my cipher won't fall to any attacks over its operational lifetime - which, if it's really universal, will extend many years *even beyond a point where a weakness is found*.
On the other hand, even if most of the ciphers in my suite are only moderately strong, the chance of any particular one of them having been compromised is lower.
This is an *ensemble* argument, not an *individual* argument. If I'm facing an attacker who is concentrating on my messages in particular, then I want the strongest cipher I can find.
Another way of looking at this is that Many Ciphers trades higher partial failure probabilities for lower total/catastrophic failure probabilities.
Two things are definitely true, however:
1. If you don't remove ciphers that are found to be bad, you will eventually pollute your ensemble to the point of uselessness. If you want to go the "many different ciphers" approach, you *must* have an effective way to do this. 2. There must be a large set of potentially good ciphers out there to choose from. I contend that we're actually in a position to create reasonably good block ciphers fairly easily. Look at the AES process. Of the 15 round 1 candidates, a full third made it to the final round - which means that no significant attacks against them were known. Some of the rejected ones failed due to minor "certificational" weaknesses - weaknesses that should certainly lead you not to want to choose them as "the One True Cipher", but which would in and of themselves not render breaking them trivial. And, frankly, for most purposes, any of the five finalists would have been fine - much of the final choice was made for performance reasons. (And, considering Dan Bernstein's work on timing attacks based on table lookups, the performance choices made bad assumptions about actual hardware!)
I see no reason not to double-encrypt, using different keys and any two algorithms from the ensemble. Yes, meet-in-the-middle attacks mean this isn't nearly as strong as you might naively think, but it ups the resource demands on the attacker much more than on the defender.
Now, you can argue that AES - the only cipher really in the running for the One True Symmetric Cipher position at the moment - is so strong that worrying about attacks on it is pointless - the weaknesses are elsewhere. I'm on the fence about that; it's hard to know. But if you're going to argue for One True Cipher, you must be explicit about this (inherently unprovable) assumption; without it your argument fails.
The situation is much more worse for the asymmetric case: We only have a few alternatives available and there are many correlations among their potential weaknesses, so the Many Ciphers approach isn't currently practical, so there's really nothing to debate at this point.
Finally, I'll point out that what we know publicly about NSA practices says that (a) they believe in multiple ciphers for different purposes; (b) they believe in the strength of AES, but only up to a certain point. At this point, I'd be very leery of taking anything NSA says or reveals about it practices at face value, but there it is. -- Jerry
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Tue Sep 10 11:37:15 2013 From: jya at pipeline.com (John Young) Date: Tue, 10 Sep 2013 11:37:15 -0400 Subject: [cryptome] Interesting In-Reply-To:
Security theater. Phony as thinking NSA and national spies spy from embassies, not the key internet exchanges and telecom hubs in Frankfurt and other locations around the globe.
This is amply described in a slew of technical reports and popular articles and books. Although, tellingly, not much discussed on crypto and comsec fora where the telecom and internet experts blow smoke and jerk off one other about trivial arcana to conceal their role in helping the spies for handsome salaries and fees. NDAs behind the wanking are abundant, hopefully some to be revealed by Snowden if not quietly redacted by those very same wankers ostensibly helping spread the word of perfidy by TLAs as cover for crypto onanism.
At 09:23 AM 9/10/2013, you wrote:
>Colleagues, > >
From eugen at leitl.org Tue Sep 10 12:15:37 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 10 Sep 2013 18:15:37 +0200 Subject: generating noisy samples at a high rate with RTLSDR Message-ID: <[email protected]>
Just remembered another cheap option for generating a lot of noisy samples: http://sdr.osmocom.org/trac/wiki/rtl-sdr
Especially, with wideband RF noise source.
From eugen at leitl.org Tue Sep 10 12:35:57 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 10 Sep 2013 18:35:57 +0200 Subject: [guardian-dev] OpenPGP Keychain 2.1 with new API Message-ID: <[email protected]>
----- Forwarded message from David Holl
Date: Tue, 10 Sep 2013 12:29:17 -0400 From: David Holl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Sep 10, 2013 at 05:44:33PM +0200, Natanael wrote: > While mentioning smartcards, the Yubikey Neo seems to have an > OpenPGP smartcard mode (that needs to manually actiated in > firmware), could that work with this app?
I would hope so. Does the Neo claim to be compatible with the open specification? http://g10code.com/docs/openpgp-card-2.0.pdf
> Then you'd always have a hardware protected keypair (if you don't > lose your Yubikey), so even rootkits can't get your private key.
Exactly! :) Rootkits or compromised firmware... And even if a compromised device does cache my pin and use my card (while briefly inserted), I hope to be alerted of any illicit accesses courtessy of the signature counter built into the card.
There seem to be at least 3 potential "cards" that I'm aware of: OpenPGP SmartCard V2 Yubikey Neo Crypto Stick https://www.crypto-stick.com/
(I put "cards" in quotes, because the Crypto Stick includes a "thumb" form-factor USB interface. Though not as tiny as the Neo, it still supports 4096 bit keys.)
- - David
Aside:
I selected the OpenPGP SmartCard V2 for my personal use, because the Crypto Stick has been out of stock for a while, and the Yubikey Neo appears to only support 2048 bit keys. If I really want the "thumb" form factor of the Crypto Stick, I may try popping out the ID-000 minicard from the OpenPGP SmartCard and putting it into a "Gemalto USB Shell Token V2" (aka the "IDBridge K30"). Otherwise, the "SCM SCR3500" reader is almost small enough for use on a key chain, and is widely available at reasonable prices. (about $40 total for a SmartCard V2 with a SCM SCR3500 reader.) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSL0jdAAoJEDnNbkIYxVca7psP/1oJT7/IFofnfM8Qs4ugb7RJ 1P3jeZHKD7QtgGtRQk4kUYypvxZq56xGQd2k2hZSUtVYrmewj//Siyi9cpIRrdts h2XUi5RhOUCT6Rz/Zd8Mti0urcEghbxaDHjUa4JichEOlKRAjZsQjc0xnHsuyauw TBGCuOeAhw9gCuKrXOpHnzwnRtcmBRcxLrOn+q9cQCx8EkdEiQgklMl5qqzNpOa3 VnvvMNk5wZ144WUYd5F78Tn9ssDEO/Jt1DO6WtWEJq5DjTAZVxyRXVp1/7e6/se9 haiUJu8Zl8Co7HeLZBtJlNDG2pzqiQu5vCywZyprMFf0ZNpLwpvP7iLmuz2n5R16 0EYQJ5z3g5c2YLivIawxzUO+26gXEDLpFZZFzRf8zobnfYhvqjQFPNU3HtR/jp34 UPgg3urHlUIvGPns3/Z2pfIuyru7uUfLZEWHPiPx/g4pFBLrZAdzyRJZOJ9SWCtd eNdfNGtMf/XfRYyb4eYlEUxEdvt0qJ8M9u+/1jPupDYvVhn/feFgZE/cumlv+AM3 VFA8HvQ1grDgW9JL4KkUCuasEpAjJo9on7AGx0SrKiHyYKSjOCR183yzlckoOz8c O5hhbGb07hL4cfGAIDJ7rBwAliejyrZ2OBHpyLvJ3Eanwbdux72saIcEvmStDK5L MI3+5DeZoV0vBUVmkgxp =pa6I -----END PGP SIGNATURE----- ______Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org
You are subscribed as: eugen at leitl.org ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jens at hillerup.net Tue Sep 10 12:47:28 2013 From: jens at hillerup.net (Jens Christian Hillerup) Date: Tue, 10 Sep 2013 18:47:28 +0200 Subject: generating noisy samples at a high rate with RTLSDR In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On Tue, Sep 10, 2013 at 6:15 PM, Eugen Leitl
> Just remembered another cheap option for generating a lot > of noisy samples: http://sdr.osmocom.org/trac/wiki/rtl-sd
Isn't RTLSDR only for *reading* signals?
JC ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Tue Sep 10 12:55:46 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 10 Sep 2013 18:55:46 +0200 Subject: generating noisy samples at a high rate with RTLSDR In-Reply-To:
On Tue, Sep 10, 2013 at 06:47:28PM +0200, Jens Christian Hillerup wrote: > On Tue, Sep 10, 2013 at 6:15 PM, Eugen Leitl
That's exactly what you need, if you want to get entropy from the real world. Wide-band white noise generator circuits up to 300 MHz are very cheap and easy.
This gives you some 1.4 Msamples @ 8 bit. With a wideband white noise source there will be several bits of entropy in each sample, estimated. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/09/2013 04:01 PM, Eugen Leitl wrote:
> Even cheaper: hang a cheap microphone into a fan exhaust. Noise > definitely not white, but certainly more entropy than just looking > at lowest bits of A/D.
I've been playing with one of these for a while with one of my netbooks: https://www.sparkfun.com/products/11345
By default, the firmware running in the on-board microcontroller records the time between three successive hits on the 'tube (t1, t2, t3). If (t2 - t1) < (t3 - t2), it prints a 0 to the serial port, else, it prints a 1 to the serial port. Hardly high resolution entropy, but it can be stirred into an entropy pool. New firmware can, of course, be developed using the existing C code as a base. I'm not entirely certain how helpful or useful it is (I have my doubts, to be honest), but if nothing else it's given me cause to do some reading up and try a few small scale experiments.
- -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/
Your memories are fiction.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIvYZMACgkQO9j/K4B7F8EkFACffdFMYDo4n4b5o28SVwNGO6DJ CS8An3uWoQfewFYBCmP+1xByr3yDxgH2 =/y/F -----END PGP SIGNATURE-----
From bill.stewart at pobox.com Tue Sep 10 14:38:06 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 10 Sep 2013 11:38:06 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> <[email protected]> Message-ID: <[email protected]>
At 11:14 AM 9/10/2013, The Doctor wrote: >By default, the firmware running in the on-board microcontroller >records the time between three successive hits on the 'tube (t1, t2, >t3). If (t2 - t1) < (t3 - t2), it prints a 0 to the serial port, >else, it prints a 1 to the serial port. Hardly high resolution >entropy, but it can be stirred into an entropy pool. I don't know how many bits/second you're getting out of it, but it's definitely high quality entropy, one real bit per bit, assuming they don't reuse the intervals. (It's ok to use t3 as the starting point for the next two intervals, so bit2 = ( (t4-t3) < (t5-t4) ), but not bit2 = ( (t3-t2) < (t4-t3) ), which would be correlated with bit1.)
From eugen at leitl.org Wed Sep 11 02:56:27 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 08:56:27 +0200 Subject: [cryptography] ProPublica's Jeff Larson on the NSA Crypto Story and Another View Message-ID: <[email protected]>
----- Forwarded message from John Young
Date: Tue, 10 Sep 2013 14:38:01 -0400 From: John Young
ProPublica's Jeff Larson on the NSA Crypto Story http://source.mozillaopennews.org/en-US/articles/propublicas-jeff-larson-nsa-crypto- story/
Describes two months of digging through the Snowden documents, using search tool Intella, finding code words, looking for references to those, scrambling to understand and explain the technology to experts and the public, traveling between New York and London, thrill of working with NYT, Guardian and others.
Claims extraordinary security was laid on to protect the material. But doesn't say what it was or is.
Pretty good gritty back story compared to the burnished fronts. Hard to tell if it is a front story as well due to admission of withholding materials.
Nothing said about consulting with USG or HMG.
Here's a much less polite viewpoint: http://ohtarzie.wordpress.com/2013/09/10/fuck-the-guardian-take-your-drip-and-stick- it/
______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 04:38:42 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 10:38:42 +0200 Subject: [guardian-dev] pgp, nsa, rsa Message-ID: <[email protected]>
----- Forwarded message from Billy Gray
Date: Tue, 10 Sep 2013 14:32:02 -0400 From: Billy Gray
Do you guys follow Matthew Green? Great stuff: http://blog.cryptographyengineering.com/2013/09/on-nsa.html http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fixing- mistakes.html
I think he does a good job of breaking down what's in these recent reports. It's a good thing to send to people who read the NY Times report and think that all crypto is now broken (like a friend of mine asked me at NWC yesterday).
And then there was this: http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog- post-johns-hopkins
One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above. http://libtom.org/?page=features&newsitems=5&whatfile=crypt http://nacl.cr.yp.to
Cheers, Billy
On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux wrote:
> NSA?s mission includes deciphering enciphered communications is not a > secret, and is not news*. I am concerned the nytimes.com article will > have the effect of causing the public to lose trust in all encryption > including open-source algorithms. Hopefully people realize reviewing > source code for encryption algorithms** is much more relaxing than > reading the NY Times. > > > * nsa.gov states that its mission includes leading ?the U.S. Government > in cryptology ? in order to gain a decision advantage for the Nation and > our allies.? > > ** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and > > http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz > > > Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN. > > This is a secret document. > > > > Cheers, > > Michael > > ______> Guardian-dev mailing list > > Post: Guardian-dev at lists.mayfirst.org > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net > > You are subscribed as: wgray at zetetic.net >
-- Team Zetetic http://zetetic.net
______Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org
You are subscribed as: eugen at leitl.org
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 04:55:41 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 10:55:41 +0200 Subject: [cryptography] Forward Secrecy Extensions for OpenPGP: Is this still a good proposal? Message-ID: <[email protected]>
----- Forwarded message from Adam Back
Date: Tue, 10 Sep 2013 22:09:26 +0200 From: Adam Back
You know coincidentally we (the three authors of that paper) were just talking about that very topic in off-list (and PGP encrypted:) email.
I remain keen on forward-secrecy, and it does seem to be in fashion again right now.
Personally I think we in the open community need to up our game an order of magnitude. We thought we won the last crypto wars when mandatory key escrow was abandoned, and US crypto export regs basically scrapped. But it turns out instead they just went underground and sabotaged everything they could gain influence over with a $250m/year black budget and limited regard for law, ethics and human rights. Apparently including SSL MITMs using CAs keys.
You've got to think (NSA claims to be the biggest employer of mathematicians) that seeing the illegal activities the US has been getting up to with the fruits of their labour that they may have a mathematician retention or motivation problem on their hands. Who wants their life's work to be a small part in the secret and illegal creation of a surveillance state, with a real risk of creating the environment for a hard to recover fascist political regime over the next century if the events allow even worse governments to get in that further overthrow democratic pretense.
How about this for another idea, go for TLS 2.0 that combines ToR and TLS, and deprecate HTTP (non TLS) and TLS 1.x and SSL. Every web server a ToR node, every server an encrypted web cache, many browsers a ToR node.
Do something to up the game, not just blunder along reacting and failing year on year to deploy fixes for glaring holes.
Adam
On Tue, Sep 10, 2013 at 08:35:08PM +0200, Fabio Pietrosanti (naif) wrote: > Hi all, > > i just read about this internet draft "Forward Secrecy Extensions for > OpenPGP" available at > http://tools.ietf.org/html/draft-brown-pgp-pfs-03 . > > Is it a still good proposal? > > Should it be revamped as an actual improvement of currently existing use > of OpenPGP technology? ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 07:21:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 13:21:29 +0200 Subject: SPDZ, a practical protocol for Multi-Party Computation Message-ID: <[email protected]> http://www.mathbulletin.com/research/ Breakthrough_in_cryptography_could_result_in_more_secure_computing.asp
Breakthrough in cryptography could result in more secure computing (9/10/2013)
Tags: computer science, research, security, cryptography
Nigel Smart, Professor of Cryptology
New research to be presented at the 18th European Symposium on Research in Computer Security (ESORICS 2013) this week could result in a sea change in how to secure computations. The collaborative work between the University of Bristol and Aarhus University (Denmark) will be presented by Bristol PhD student Peter Scholl from the Department of Computer Science.
The paper, entitled 'Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits', builds upon earlier joint work between Bristol and Aarhus and fills in the missing pieces of the jigsaw from the groups prior work that was presented at the CRYPTO conference in Santa Barbara last year.
The SPDZ protocol (pronounced "Speedz") is a co-development between Bristol and Aarhus and provides the fastest protocol known to implement a theoretical idea called "Multi-Party Computation".
The idea behind Multi-Party Computation is that it should enable two or more people to compute any function of their choosing on their secret inputs, without revealing their inputs to either party. One example is an election, voters want their vote to be counted but they do not want their vote made public.
The protocol developed by the universities turns Multi-Party Computation from a theoretical tool into a practical reality. Using the SPDZ protocol the team can now compute complex functions in a secure manner, enabling possible applications in the finance, drugs and chemical industries where computation often needs to be performed on secret data.
Nigel Smart, Professor of Cryptology in the University of Bristol's Department of Computer Science and leader on the project, said: "We have demonstrated our protocol to various groups and organisations across the world, and everyone is impressed by how fast we can actually perform secure computations.
"Only a few years ago such a theoretical idea becoming reality was considered Alice in Wonderland style over ambitious hope. However, we in Bristol realised around five years ago that a number of advances in different areas would enable the pipe dream to be achieved. It is great that we have been able to demonstrate our foresight was correct."
The University of Bristol is now starting to consider commercialising the protocol via a company Dyadic Security Limited, co-founded by Professor Smart and Professor Yehuda Lindell from Bar-Ilan University in Israel.
Note: This story has been adapted from a news release issued by the University of Bristol ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 11 07:40:10 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 13:40:10 +0200 Subject: WREN: The First Satellite YOU Can Fly Message-ID: <[email protected]> http://www.kickstarter.com/projects/1467273745/wren-fly-a-real-spacecraft-by-yourself
The only satellite in Earth orbit that YOU can control DIRECTLY ! You are the pilot. Launch is this year! Even nowadays space is not opened to the public, but we will change that - this year !
We are four guys in a garage, and we have dedicated ourselves to open space for everyone. For that purpose we designed the miniaturized satellite WREN. It?s a so called Pocketqub-Femtosatellite. It has only 5x5x5cm? of volume and 250g of mass, and fits perfectly into your hand, like a tennis ball. Despite of its size, it even has real thrusters.
It can be remotely positioned by you in every direction and it has a camera onboard for taking pictures from outer space. It will be released into a polar orbit before the end of this year on board of the UNISAT-5 deployer, which is launched inside a DNEPR Rocket from Yasni in Russia.
It will race around the globe every 98 minutes, passing every point of the earth during each day, seven days a week, just waiting for the command to be remotely flown by you.
System overview
WREN System Overview
WREN is equipped with a camera, a gyro and a magnetic field sensor. Those three components will form an adaptive feedback guidance system which helps you to easily navigate the satellite by your own by using its momentum wheels and microthrusters. The camera is equipped with an image processing system which can find the position of the sun and the earth automatically. This technology will make the control of the satellite more easy. With the camera system you can of course remotely take pictures of the earth, the sun and other space objects. You can navigate the satellite directly in order to make your own picture.
The communication up- and downlink will be performed at 437,405 MHz, a frequency in the 70cm amateur radio band which has been kindly assigned to us by the International Amateur Radio Union (IARU). Wren will be flying in a sun synchronous orbit at 700km of altitude at an incredible speed of 7500 m/second, so that it will take only 98 minutes to fly one time all around the planet. Practically, a link is possible for about 10 minutes from a single ground station, up to three times a day. The mission control software is equipped with prediction algorithms in order to predict the flyby- time according to your location, so you can prepare yourself for the upcoming communication window and take control over the satellite again.
We hope that amateur radio enthusiasts will join our network and provide a link from time to time to use WRENs lifetime as long as possible.
Send a message into deep space
You can send a message into deep space. Of course it will be also receptable on earth. Everytime WREN sends his status to earth, it will also send out one of the saved messages.
If WREN survives for years, your message will be sent several times into the deep far universe.
Project Status
The rocket launch is scheduled for November this year.
Wren is currently in the final assembly process and will be integrated into the deployer in October this year, after the shaker test.
We will be helped out with a professional ground station after launch for the first weeks, but we want to build our own mobile groundstation to be able to establish the link for you anytime. We will publish the plans for the groundstation as soon as it is ready and working, so everybody can build it!
How do we get into space so cheaply?
Bringing one kilogram of mass into orbit costs about 50000$. Rockets must carry their fuel all the way up, so the laws of physics make them big, heavy and expensive.
So how do we fly so relatively cheaply?
First, we are light, about 250 grams. And we fly piggyback on a bigger satellite called "UNISAT-5". This satellite, together with some others, are all stored in one rocket, so the costs for the launch will be shared according to the mass. Wren will be stored in a deployment unit called MRFOD.
Wren will be waiting inside this MRFOD in the satellite "UNISAT-5" for his release into the open space
The rocket will go up in November and will release UNISAT-5 and other satellites. Wren will be released into space out of Unisat about one month later.
Please Spread the message
We want to bring space into your living room. To achieve this we need your help, not only by asking you for backing us with money but also by telling the story to everybody you know who may be interested in space. We also need amateur radio guys who would like to take part in project and follow Wren all along its way around the planet by listening its beacon and messages you pledged for, being heard. Our blogs and webpages, reports and videos are just a few components of the whole message. You are the messengers, you are the carrier of the idea of transporting space into everybody's living room - and beyond!
From eugen at leitl.org Wed Sep 11 08:36:12 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 14:36:12 +0200 Subject: [Cryptography] soft chewy center Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Tue, 10 Sep 2013 19:05:40 -0400 From: "Perry E. Metzger"
On Tue, 10 Sep 2013 21:58:28 +0000 bmanning at vacation.karoshi.com wrote: > some years back, i was part of a debate on the relative value of > crypto - and it was pointed out that for some sectors, crypto > ensured _failure_ simply because processing the bits introduced > latency. for these sectors, speed was paramount. > > think HFT or any sort of "Flash Mob" event where you want in/out as > quickly as possible.
The latency cost of a stream cipher implemented in hardware can be as little as the time it takes a single XOR gate to operate -- which is to say, low even by the standards of my friends who do high frequency trading (many of whom do, in fact, claim to encrypt most of their communications).
Certainly crypto is not the only (or even most important) way to make systems secure. In breaking in to a system, implementation bugs are where you look, not cracking cipher keys. However, latency qua latency seems like a poor reason to avoid encrypting your traffic. It might, of course, be a reason to avoid certain architectural decisions in how you use the crypto -- a public key operation per packet would clearly add unacceptable latency in many applications.
Perry -- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 08:36:41 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 14:36:41 +0200 Subject: [Cryptography] EFF press release on latest FISA opinions release Message-ID: <[email protected]>
----- Forwarded message from "Perry E. Metzger"
Date: Tue, 10 Sep 2013 19:12:32 -0400 From: "Perry E. Metzger"
The documents haven't yet been completely processed, but they've already found some interesting features.
Quoting:
The NSA apparently believed that it had the authority to search the telephone records database in order to obtain the 'reasonable articulable suspicion' required to investigate those numbers. Essentially, they were conducting suspicionless searches to obtain the suspicion the FISA court required to conduct searches. https://www.eff.org/deeplinks/2013/09/government-releases-nsa-surveillance-docs-and- previously-secret-fisa-court
Note that the USG has misleadingly claimed that this document release was part of an effort to be "transparent" -- in fact, these are the result of an EFF FOIA and were released at court order.
-- Perry E. Metzger perry at piermont.com ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 08:49:30 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 14:49:30 +0200 Subject: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment) Message-ID: <[email protected]>
----- Forwarded message from Andy Isaacson
Date: Tue, 10 Sep 2013 16:37:36 -0700 From: Andy Isaacson
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote: > Starting a new thread - it's related but a slightly different topic. > > Despite having several devices with fingerprint scanners, I've never used one. > > With the release of iPhone 5S and all the discussion around it, I'm > curious if fingerprints on file with various Law Enforcement agencies > could be printed out or otherwise used to unlock devices detained at > border crossings or during other investigations?
Printing a fingerprint is pretty easy: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en
No word yet if this technique works on the iPhone reader.
-andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 09:49:33 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 15:49:33 +0200 Subject: NIST reopens RNG public comment period Message-ID: <[email protected]> http://csrc.nist.gov/publications/PubsDrafts.html
Sep. 9, 2013
SP 800-90 A Rev 1 B and C DRAFT Draft SP 800-90 Series: Random Bit Generators 800-90 A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators 800-90 B: Recommendation for the Entropy Sources Used for Random Bit Generation 800-90 C: Recommendation for Random Bit Generator (RBG) Constructions
In light of recent reports, NIST is reopening the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C. NIST is interested in public review and comment to ensure that the recommendations are accurate and provide the strongest cryptographic recommendations possible. The public comments will close on November 6, 2013. Comments should be sent to RBG_Comments at nist.gov.
In addition, the Computer Security Division has released a supplemental ITL Security Bulletin titled "NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)" to support the draft revision effort.
Draft SP 800-90 A Rev. 1 (721 KB) Draft SP 800-90 B (800 KB) Draft SP 800-90 C (1.1 MB) ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From jon at callas.org Wed Sep 11 11:17:28 2013 From: jon at callas.org (Jon Callas) Date: Wed, 11 Sep 2013 08:17:28 -0700 Subject: hardware RNG In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
On Sep 9, 2013, at 12:32 PM, Juan Garofalo
> very naive question here : > > Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
Yes. If you took noise off of a diode or even a resister and just threw it into Yarrow, you'd have a very nice thing.
The biggest problem with building good random number generators is that it's harder than you think on first glance and easier than you think on third glance.
Jon
From jon at callas.org Wed Sep 11 11:19:02 2013 From: jon at callas.org (Jon Callas) Date: Wed, 11 Sep 2013 08:19:02 -0700 Subject: [guardian-dev] pgp, nsa, rsa In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
LTC is my preferred place to start with a crypto library. It's just brilliant in design.
Jon
From eugen at leitl.org Wed Sep 11 11:30:16 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 17:30:16 +0200 Subject: [tor-talk] Tor Weekly News =?utf-8?B?4oCU?= =?utf-8?Q?_September=2C?= 11th 2013 Message-ID: <[email protected]>
----- Forwarded message from Lunar
Date: Wed, 11 Sep 2013 17:21:30 +0200 From: Lunar
======Tor Weekly News September 11th, 2013 ======
Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter that covers what is happening in the taut Tor community. tor 0.2.4.17-rc is out ------
There are now confirmations?[1] that the sudden influx of Tor clients which started mid-August?[2] is indeed coming from a botnet. ?I guess all that work we?ve been doing on scalability was a good idea,? wrote Roger Dingledine in a blog post about ?how to handle millions of new Tor clients??[3].
On September 5th, Roger Dingledine announced the release of the third release candidate for the tor 0.2.4 series?[4]. This is an emergency release ?to help us tolerate the massive influx of users: 0.2.4 clients using the new (faster and safer) ?NTor? circuit-level handshakes now effectively jump the queue compared to the 0.2.3 clients using ?TAP? handshakes??[5].
It also contains several minor bugfixes and some new status messages for better monitoring of the current situation.
Roger asked relay operators to upgrade to 0.2.4.17-rc?[6]: ?the more relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.?
For relays running Debian or Ubuntu, upgrading to the development branch can be done using the Tor project?s package repository?[7]. New versions of the beta branch of the Tor Browser Bundle are also available?[8] since September 6th. The next Tails release, scheduled for September 19th?[9] will also contain tor 0.2.4.17-rc?[10]. Hopefully, this will be the last release candidate. What looks missing at this point to declare the 0.2.4.x series stable is simply enough time to finish the release notes.
[1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network- overload/ [2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html [3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients [4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html [5] https://bugs.torproject.org/9574 [6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html [7] https://www.torproject.org/docs/debian.html.en#development [8] https://blog.torproject.org/blog/new-tor-02417-rc-packages [9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html [10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography ------
After the last round of revelations from Edward Snowden, described as ?explosive? by Bruce Schneier?[11], several threads started on the tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some have raised concerns?[12] about 1024 bit Diffie?Hellman key exchange?[13]. This has already been addressed with the introduction of the ?ntor? handshake?[14] in 0.2.4 and Nick Mathewson encourages everybody to upgrade?[15].
Another thread?[16] prompted Nick to summarize?[17] his views on the future of Tor cryptography. Regarding public keys, ?with Tor 0.2.4, forward secrecy uses 256-bit ECC, which is certainly better, but RSA-1024 is still used in some places for signatures. I want to fix all that in 0.2.5 ? see proposal 220?[18], and George Kadianakis? draft hidden service improvements?[19,20], and so forth.? Regarding symmetric keys, Nick wrote: ?We?re using AES128. I?m hoping to move to XSalsa20 or something like it.? In response to a query, Nick clarifies that he doesn?t think AES is broken: only hard to implement right, and only provided in TLS in concert with modes that are somewhat (GCM) or fairly?(CBC) problematic.
The effort to design better cryptography for the Tor protocols is not new. More than a year ago, Nick Mathewson presented proposal 202?[21] outlining two possible new relay encryption protocols for Tor cells. Nick mentioned that he?s waiting for a promising paper to get finished here before implementation.
A third question was raised?[22] regarding the trust in algorithms certified by the US NIST?[23]. Nick?s speculations put aside, he also emphasized that several NIST algorithms were ?hard to implement correctly??[24].
Nick also plans to change more algorithms?[25]: ?Over the 0.2.5 series, I want to move even more things (including hidden services) to curve25519 and its allies for public key crypto. I also want to add more hard-to-implement-wrong protocols to our mix: Salsa20 is looking like a much better choice to me than AES nowadays, for instance.?
Nick concluded one of his emails with the words: ?these are interesting times for crypto?, which sounds like a good way to put it.
[11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html [12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html [13] https://en.wikipedia.org/wiki/Diffie?Hellman_key_exchange [14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor- handshake.txt [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html [16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html [17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html [18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ecc- id-keys.txt [19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html [20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html [21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202- improved-relay-crypto.txt [22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html [23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology [24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html [25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool ------
?I just finished [?] sketching out the requirements and a software design for a new Torperf implementation? announced Karsten Loesing?[26] on the tor-dev mailing list.
The report begins with: ?Four years ago, we presented a simple tool to measure performance of the Tor network. This tool, called Torperf, requests static files of three different sizes over the Tor network and logs timestamps of various request substeps. These data turned out to be quite useful to observe user-perceived network performance over time?[27]. However, static file downloads are not the typical use case of a user browsing the web using Tor, so absolute numbers are not very meaningful. Also, Torperf consists of a bunch of shell scripts which makes it neither very user-friendly to set up and run, nor extensible to cover new use cases.?
The specification lays out the various requirements for the new tool, and details several experiments like visiting high profile websites with an automated graphical web browser, downloading static files, crafting a canonical web page, measuring hidden service performance, and checking on upload capacity.
Karsten added ?neither the requirements nor the software design are set in stone, and the implementation, well, does not exist yet. Plenty of options for giving feedback and helping out, and most parts don?t even require specific experience with hacking on Tor. Just in case somebody?s looking for an introductory Tor project to hack on.?
Saytha already wrote that this was enough material to get the implementation started?[28]. The project needs enough work that anyone interested should get involved. Feel free to join him!
[26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html [27] https://metrics.torproject.org/performance.html [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013 ------
The wave of regular monthly reports from Tor project members continued this week with Sukhbir Singh?[29], Matt Pagan?[30], Ximin Luo?[31], mrphs?[32], Pearl Crescent?[33], Andrew Lewman?[34], Mike Perry?[35], Kelley Misata?[36], Nick Mathewson?[37], Jason Tsai?[38], Tails?[39], Aaron?[40], and Damian Johnson?[41].
[29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html [30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html [31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html [32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html [33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html [34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html [35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html [36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html [37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html [38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html [39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html [40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html [41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news ------
Not all new Tor users are computer programs! According to their latest report?[42], Tails is now booted twice as much as it was six months ago (from 100,865 to 190,521 connections to the security feed).
[42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
Thanks to Frenn vun der Enn?[43] for setting up a new mirror?[44] of the Tor project website.
[43] http://enn.lu/ [44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
With the Google Summer of Code ending in two weeks, the students have sent their penultimate reports: Kostas Jakeliunas for the Searchable metrics archive?[45], Johannes F?rmann for EvilGenius?[46], Hareesan for the Steganography Browser Extension?[47], and Cristian-Matei Toader for Tor capabilities?[48].
[45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html [46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html [47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html [48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
Damian Johnson announced?[49] that he had completed the rewrite of DocTor in Python?[50], ?a service that pulls hourly consensus information and checks it for a host of issues (directory authority outages, expiring certificates, etc). In the case of a problem it notifies tor-consensus-health@?[51], and we in turn give the authority operator a heads up.?
[49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html [50] https://gitweb.torproject.org/doctor.git [51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
Matt Pagan has migrated?[52] several Frequently-Asked Questions from the wiki to the official Tor website?[53]. This should enable more users to find the answers they need!
[52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26333 [53] https://www.torproject.org/docs/faq.html
In his previous call for help to collect more statistics?[54], addressed to bridge operators, George Kadianakis forgot to mention that an extra line with ?ExtORPort 6669? needed to be added to the tor configuration file?[55]. Make sure you do have it if you are running a bridge on the tor master branch.
[54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html [55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted a regression while ?playing with an ISO built from experimental, thanks to our Jenkins autobuilder??[56]. This marks a significant milestone in the work on automated builds?[57] done by several members of the Tails team in the course of the last year!
[56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html [57] https://labs.riseup.net/code/issues/5324
Tails? next ?low-hanging fruit? session will be on September 21st at 08:00 UTC?[58]. Mark the date if you want to get involved!
[58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
David Fifield gave some tips on how to setup a test infrastructure?[59] for flash proxy?[60].
[59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html [60] https://crypto.stanford.edu/flashproxy/
Marek Majkowski reported?[61] on how one can use his fluxcapacitor tool?[62] to get a test Tor network started with Chutney?[63] ready in only 6.5 seconds. A vast improvement over the 5 minutes he initially had to wait?[64]!
[61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html [62] https://github.com/majek/fluxcapacitor.git [63] https://gitweb.torproject.org/chutney.git [64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
Eugen Leitl drew attention?[65] to a new research paper which aims to analyze the content and popularity of Hidden Services by Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann from the University of Luxembourg?[66].
[65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html [66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup ------
The Tor help desk had a number of emails this week asking about the recent stories in the New York Times, the Guardian, and ProPublica regarding NSA?s cryptographic capabilities. Some users asked whether there was a backdoor in Tor. Others asked if Tor?s crypto was broken.
There is absolutely no backdoor in Tor. Tor project members have been vocal in the past about how tremendously irresponsible it would be to backdoor our users?[67]. As it is a frequently-asked question, users have been encouraged to read how the project would respond to institutional pressure?[68].
The Tor project does not have any more facts about NSA?s cryptanalysis capabilities than what has been published in newspapers. Even if there is no actual evidence that Tor encryption is actually broken, the idea is to remain on the safe side by using more trusted algorithms for the Tor protocols. See above for a more detailed write-up.
[67] https://blog.torproject.org/blog/calea-2-and-tor [68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community! ------
Tor is about protecting everyone?s freedom and privacy. There are many ways to help?[69] but getting involved in such a busy community can be daunting. Here?s a selection of tasks on which one could get started:
Get tor to log the source of control port connections?[70]. It would help in developing controller applications or libraries (like Stem?[71]) to know which program is responsible for a given access to the control facilities of the tor daemon. Knowledge required: C programming, basic understanding of network sockets.
Diagnose what is currently wrong with Tor Cloud images?[72]. Tor Cloud?[73] is an easy way to deploy bridges and it looks like the automatic upgrade procedure caused problems. Let?s make these virtual machines useful again for censored users. Knowledge required: basic understanding of Ubuntu system administration.
[69] https://www.torproject.org/getinvolved/volunteer.html.en [70] https://bugs.torproject.org/9698 [71] https://stem.torproject.org/ [72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html [73] https://cloud.torproject.org/
Upcoming events ------
Sep 29 | Colin at the Winnipeg Cryptoparty | Winnipeg, Manitoba, Canada | http://wiki.skullspace.ca/index.php/CryptoParty | Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV | Berlin, Germany | https://www.openitp.org/openitp/circumvention-tech-summit.html | Oct 09-10 | Andrew speaking at Secure Poland 2013 | Warszawa, Poland | http://www.secure.edu.pl/
This issue of Tor Weekly News has been assembled by Lunar, dope457, mttp, malaparte, harmony, Karsten Loesing, and Nick Mathewson.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page?[74], write down your name and subscribe to the team mailing list?[75] if you want to get involved!
[74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
Il 9/11/13 10:38 AM, Eugen Leitl ha scritto: > One more question: any of y'all used libTomCrypt? We have an experimental > implementation of it in SQLCipher. Open-source alternatives to OpenSSL > could use some love. DJB's NaCl is neat, too. Curious if you guys are leery > of relying so heavily on OpenSSL, given the above.
We used LibTomCrypt while implementing the independent OSS Zorg ZRTP implementation stack: https://github.com/privatewave/zrtp-cpp
Fabio
From rich at openwatch.net Wed Sep 11 14:34:50 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 11 Sep 2013 11:34:50 -0700 Subject: Dual EC DRBG Memo Message-ID:
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?
From http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore- confidence-on-encryption-standards/?src=twrhp&_r=1&
But internal memos leaked by a former N.S.A. contractor, Edward Snowden, > suggest that the N.S.A. generated one of the random number generators used > in a 2006 N.I.S.T. standard ? called the Dual EC DRBG standard
R ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Wed Sep 11 15:04:38 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 21:04:38 +0200 Subject: [Cryptography] Defenses against pervasive versus targeted intercept Message-ID: <[email protected]>
----- Forwarded message from Phillip Hallam-Baker
Date: Wed, 11 Sep 2013 12:11:52 -0400 From: Phillip Hallam-Baker
I have spent most of yesterday writing up much of the traffic on the list so far in the form of an Internet Draft.
I am now at the section on controls and it occurs to me that the controls relevant to preventing PRISM-like pervasive intercept capabilities are not necessarily restricted to controls that protect against targeted intercept.
The problem I have with PRISM is that it is a group of people whose politics I probably find repellent performing a dragnet search that may later be used for McCarthyite/Hooverite inquisitions. So I am much more concerned about the pervasive part than the ability to perform targeted attacks on a few individuals who have come to notice. If the NSA wanted my help intercepting Al Zawahiri's private emails then sign me up. My problem is that they are intercepting far too much an lying about what they are doing.
Let us imagine for the sake of argument that the NSA has cracked 1024 bit RSA using some behemoth computer at a cost of roughly $1 million per key and taking a day to do so. Given such a capability it would be logical for them to attack high traffic/high priority 1024 bit keys. I have not looked into the dates when the 2048 bit roll out began (seems to me we have been talking about it ten years) but that might be consistent with that 2010 date.
If people are using plain TLS without perfect forward secrecy, that crack gives the NSA access to potentially millions of messages an hour. If the web browsers are all using PFS then the best they can do is one message a day.
PFS provides security even when the public keys used in the conversation are compromised before the conversation takes place. It does not prevent attack but it reduces the capacity of the attacker.
Similar arguments can be made for other less-than-perfect key exchange schemes. It is not necessary for a key exchange scheme to be absolutely secure against all possible attack for it to be considered PRISM-Proof.
So the key distribution scheme I am looking at does have potential points of compromise because I want it to be something millions could use rather than just a few thousand geeks who will install but never use. But the objective is to make those points of compromise uneconomic to exploit on the scale of PRISM.
The NSA should have accepted court oversight of their activities. If they had strictly limited their use of the cryptanalytic capabilities then the existence would not have been known to low level grunts like Snowden and we probably would not have found out.
Use of techniques like PFS restores balance.
-- Website: http://hallambaker.com/
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Wed Sep 11 15:14:02 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 21:14:02 +0200 Subject: [Cryptography] SPDZ, a practical protocol for Multi-Party Computation Message-ID: <[email protected]>
----- Forwarded message from Max Kington
Date: Wed, 11 Sep 2013 18:14:42 +0100 From: Max Kington
On 11 Sep 2013 18:01, "Eugen Leitl"
A colleague is looking into this venture. I gave him a synopsis of their additions to SPDZ. There is a white paper describing their technology at their website which talks about the other two related protocols, Yao and Tiny-OT.
One interesting use that occurred to me was the ability to split the two nodes in their implementation across jurisdictions. Especially those who are unlikely to ever collaborate. That giving you an advantage over a typical HSM which could live in a jurisdiction that could be seized.
The wp and associated bibliography is available at http://www.dyadicsec.com/SiteAssets/resources1/DyadicWhitePaper.pdf
Max
> > Note: This story has been adapted from a news release issued by the > University of Bristol > > ______> The cryptography mailing list > cryptography at metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From yan at mit.edu Wed Sep 11 15:15:12 2013 From: yan at mit.edu (Yan Zhu) Date: Wed, 11 Sep 2013 12:15:12 -0700 Subject: Dual EC DRBG Memo In-Reply-To:
Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports."
Looks like the version that nytimes links to can be found here
It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg.
On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones
> NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but > didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy? > > From > http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore- confidence-on-encryption-standards/?src=twrhp&_r=1& > > But internal memos leaked by a former N.S.A. contractor, Edward Snowden, >> suggest that the N.S.A. generated one of the random number generators used >> in a 2006 N.I.S.T. standard ? called the Dual EC DRBG standard
-- Yan Zhu http://web.mit.edu/zyan/www/ ------next part ------An HTML attachment was scrubbed... URL:
From david at 7tele.com Wed Sep 11 15:20:49 2013 From: david at 7tele.com (David D) Date: Wed, 11 Sep 2013 21:20:49 +0200 Subject: NSA dumping unfiltered data directly to Israel In-Reply-To:
It appears the tin foil crowd has been correct for years.
http://www.theguardian.com/world/interactive/2013/sep/11/nsa-israel-intellig ence-memorandum-understanding-document?CMP=twt_gu http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-isr ael-documents
------next part ------An HTML attachment was scrubbed... URL:
From rich at openwatch.net Wed Sep 11 15:20:56 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 11 Sep 2013 12:20:56 -0700 Subject: Dual EC DRBG Memo In-Reply-To:
It's not the actual spec I'm interested in - it's the memo, which could detail any number of things; how they were able to pressure NIST, theoretical attacks, actual attacks, known vendors, limitations, etc.
Names, basically. I want to see if there are any names.
R
On Wed, Sep 11, 2013 at 12:15 PM, Yan Zhu
> This is the most recent revision of the document in which DUAL_EC_DRBG was > presented (specifically, in SP800-90A): > http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20B,%20and %20C > > Interestingly, review of this document was reopened for public comment a > few days ago "in light of recent reports." > > Looks like the version that nytimes links to can be found here
-- ?????????????
Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS
From eugen at leitl.org Wed Sep 11 15:37:37 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 11 Sep 2013 21:37:37 +0200 Subject: [liberationtech] iPhone5S Fingerprint and 5th amendment Message-ID: <[email protected]>
----- Forwarded message from Joseph Lorenzo Hall
Date: Wed, 11 Sep 2013 13:27:42 -0400 From: Joseph Lorenzo Hall
On 9/11/13 12:08 PM, Eugen Leitl wrote: > On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote: > >> Similarly, any other sort of one-way algorithm that prevents you from >> reconstructing a valid input from the stored data is not going to work. > > Typical fingerprint matching uses classification, recognizing and > encoding multiple features into a vector. You could use a one-way > hash on that vector. This is likely subject to a precompiled hash > lookup table attack, as the number of all possible fingerprints, > quantized via a classification vector is not that large.
There's a good deal of existing research out there on using symmeteric hashes -- a hash that can accept discrete inputs in arbitrary order and always calculate to the same value -- for secure biometric template storage and matching.
Here is a paper I point people to that many of you will find absolutely fascinating (although it's been some years so do check citations pointing to this for further work):
Sergey Tulyakov, Faisal Farooq, Praveer Mansukhani, & Venu Govindaraju. (2007). Symmetric hash functions for secure fingerprint biometric systems. Pattern Recognition Letters, 28(16), 2427?2436. Retrieved from http://www.researchgate.net/ publication/222570842_Symmetric_hash_functions_for_secure_fingerprint_biometric_system s/file/79e4150d06419e02ec.pdf
-- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe at cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From electromagnetize at gmail.com Thu Sep 12 01:31:27 2013 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 12 Sep 2013 00:31:27 -0500 Subject: [1] crypto-p.wd Message-ID:
// disclaimer: half of what i say here is false (right), though may yield some ideas... // there appears to be huge intangibility involved in cryptography, belonging both to highly advanced mathematics and its mediation in designs of advanced technology, as if betting at the limits of what can be known - in extreme territories and with potentially massively powerful tools where the ideas, hypotheses are tested. and yet failure may not be readily known, even by the cryptologists- if peer-review and mathematical and security advances are compartmentalized (deep state capacity versus everyday society) or oppositional capabilities, perhaps some 'unknowns' have been solved for some time and are the basis for breaking existing codes and creating others. again, a naive person like myself may think this is what p=np and calculating largest prime numbers are about, those those only a small sample of a different security-driven secret landscape of ideas, techniques, and technologies that may be nowhere near public or even private discourse in day to day civilization; again, this assumption based on an otherness or differing capacity for crypto beyond existing technology and public encryption standards. strong on mathematics, strong on technology- yet what about strong on ideas as the basis for the code? what about the secret communication dimension, not just Bell Theorem signal and noise, also Saussure and others with basic models of communication - have these assumptions become dogmatic and assumed solid when instead they are ready and ripe for exploits based on misconceived notions, like a social viewpoint that is accepted and unquestioned yet inaccurate or even to a degree untrue, then allowing a false viewpoint or perspective to become standard, able to be exploited from the start due to not fixing the errors, and so on... those being errors in thinking, in conceptualization, in assumptions of 'what code is' and where it begins and ends, and the issue of its conceptualization and especially ~understanding or meaning. utility is a much hated word though in an infrastructural sense perhaps relevant, and likewise: purpose. this is where i contend that "code" that is assumed 'true' by its very nature of transmission is insecure by the assumption that this viewpoint is actually shared in a model of trust that grounds to truth removed of errors, versus partial truth or even a fiction that establishes an illusion, behind the security mask of encrypted communications. and is that level of auditing going on with the messaging, what is transmitted- and where does the code actually end-- is the model of encryption -simplistically- only an issue of creating a container to send data within, thus in some sense providing security and cover for hidden conversations, and thus like a brown paper bag that goes from point A to point B and blocks any attempts at intercepting the contents (say anti-magnetic, un-x-rayable, etc), and is it a binary data model that scrambles the contents within this container to an indecipherable format, related to particular cryptographic equations, and via key exchange or other means, can be decrypted and the message taken out of the brown bag when confirmed to safely arrive at point B. and should someone gain access to the bag, they may only be able to investigate its outside, and if advanced enough perhaps the bag would degrade or disintegrate over time or by any attempts to access what is on the inside of the temporary security container. a horribly uninformed guess of the dynamics perhaps, though issues of mass or targeted surveillance of encrypted data (say by NSA or the local police force, in a terror-allowed extra-judicial surveying getting around the bureaucratic blind-eye syndrome, not everything dealt within the courts these days if ever it was) - then perhaps the brown bag is actually instead, via the capacity for decryption and key-escrow scenarios- a transparent ziplock pouch containing the message that is meant to be secret and thus the data is accessible both at its origin, along its route of transfer, at its destination, and in any storage capacity, potentially. And perhaps that information could even be stored off-site in some database- perhaps the ideal model for the security state, just like the fantasy of electronic health records-- who could feasibly do a better job of this than a ubiquitous surveillance state- what would the ur database of secrecy be, would it be a data warehouse in some desert or underground mine somewhere, with all the hidden information of peoples private lives, chock full of lies, betrayals, indictable offenses, then to be queried should *any* citizen step out of line, in any political context- to call upon electronic blackmail or other data to shape, sculpt the future state via such exploitative information operations? is that not the fear at least, about unrestricted data gathering and loss of trust for where the boundaries are, the law no longer seemingly protecting citizens or held as a hypocritical Damocles sword above each individual, should they question the state, bureaucracy, its authority and various representatives, public though especially privately connected, advantaged, as if now you are on the wrong side- no chair for you when the music stops. it just seems like so much is riding on the infallibility of a model that has obvious weaknesses, in particular the serialization and digital mantra of long numbers and calculation in a particular ~style of computation, as if somehow the peak of intellect, while seriously flawed both in its thinking (rendering a too simple worldview as binary ideology) and its technical limitations (leading to abysmal computing for human beings, though great for dumb and powerful machines). Try to eek artificial intelligence out of a concept that is not grounded firstly in truth, inaccurate models detaching quickly from human values- humans serving the machines, trading life for the toxic necropolis though also a structural idiocy built upon the falsehood, unstable, which is why the ideology must be 'absolute' and basically monopolize options- the barrier of the binary is keeping people away from understanding and being able to shape technology, its obfuscation and abstraction far away from 'thinking code' that was once the goal, so everyone could program a computer and instead, only a professional class can do it, and it is so horrendous in terms of implementation at scale that devices are basically hobbled together in a mish-mash of oftentimes conflicting code, if not having such design issues as the basis for exploitation, for weakening software to disallow any brown bag or secure website to possibly exist, though held within a context that ideologically presumes and declares the brown bag scenario is the default situation, versus the transparent ziplock bag, whether cellphone data kept from the manufacturer who monitors it for statistics and advertising, to others, including government, or home computers that are like ant farms these days in terms of potential exploits, like a plague environment where quarantine is likely not even possible anymore, especially with TEMPEST or keyloggers or NFC or whatnot. cancer is not only devastating the populations, there is a cancer of ideological code, a virus-like contagion that has overtaken technology and is best, most iconomically represented by the binary digits of 'digital ideology' as if progress in some backwards mind-washed and societally-engineered global cesspool.
100101101001000001101010100110010101000101011100
What is that stream of data exiting or entering my computer? -thinks the naive person to themselves- is it my bank records being pinged remotely by the local magistrate to use against me in an extortion scheme or to frame me and cause my downfall? At some level, this is the universal currency of computation today for those who can use and "program" the devices to do things, though of course it is reliant on computer architecture, processor design, transistors themselves and if 2-values are the approach, that establishes a structure that influences everything within its functional domain, as a kind of superset operation 2(everything).
Thus, an issue like "literacy" in a very limited context may be if you have foundational knowledge and can understand and comprehend the situation involved, (in contrast to omniscience as a basis for literacy.) Those who have this 'binary computation' literacy then are able to program computers to do things via software and hardware designs, and particular systems: e.g. a security model that becomes crypto technology, via customized hardware and software development. And that likely is based on certain assumptions about how things work, yet within a particular (binary) framework as the overall, largest, or overriding assumption. A situation like qbits or spintronics potentially upsets the model or analog computation (if not 3-value or N-value) best suited for artificial intelligence in that 'grey area' is vital -- retaining "unknowns" or "neutral" states -- as part of the consideration of IDEAS within a computational and analytic context, versus forcing an answer, most especially if this is premature or even inelegant and in its lowlier determinism, degrades the question in achieving its answer, dumbing things down.
For people to succeed in society they have to become binary machines, think like on/off switches, a quick way to success if taking on machine values and reinforcing them, and in this way the binarist has found their religion in a false absolutist framework that has also killed though within the educational system, universities in particular, where ungrounded viewpoints of subjective relativism (a=b) enable an authority to determine truth, thus trump any errant thinking, and allow the machine to proceed on its political path, via its own antihuman values, much of this supported by tax dollars, loans, and lifetimes of tithing-- to gain what exactly- "the correct viewpoint of a person who can function in the machine, as the machine, become the machine, extend its principality".
For those not literate enough to program and much less to design crypto systems in that context, the binary code itself is the encryption- the opaque wall that is impenetrable, a mystery behind which all truth in society is either captured or missing, held outside of, and thus delegitimated by its absence (~nothingness). In this way, the existential no-exist crisis, everything reliant on a computational system and approach that has disenfranchised humanity, yet people are told and sold on the faith in corrupted technology (and corrupt ideas) that the whole mess actually works and there is a hidden purity in it all, behind the code you cannot understand nor fathom. That it is actually beautiful and not horrendous and a terror, "you just do not and cannot understand", unless indoctrinated, made literate. And most everything keeps that from happening for certain people on the outs with those running the exploitative power game, which is also part of the 'idea'. In that limiting access, segmenting populations of those who can and those who cannot, then is active political science as computer science and its development. This leading to the online webwork and network culture of today which is more a global junk drawer than anything else, civilization turned into foolish wasteland, the trinket icons for social media most like those thingamajigs put in the safe zone of a baby crib for the enforced society of mass adolescence, by DESIGN.
So for one of these fools, myself, for me the binary code is a form of encryption (or perhaps encoding with an incapacity to decode) that carries with the mystery of perfectly hidden communication, that only few, masters of this realm, can deal with to the degree of breaking actual cryptography that is further embedded in this modeling of data in what seemingly amounts to electric charge and magnetism as this is moved around and stored within circuits, on an individual local level and as it relates to vast global networks and congregations of such data in what are likely only "pseudo-empirical" models, not dealing with _absolute truth and instead reliant upon a shorter quicker route that estimates what truth is using the same binary ideology, which tends towards reliance on ~subjective mathematics; subjective in the sense of A=B whereas objective would be A=A, relations involving like and unlike.
Plato enabled the questioning of paradox, accounting for it, whereas Aristotle apparently deny its existence- and this more like Aristotle's world. Both could be correct if delving into it, modeling it, figuring out how the relativism fits into a shared model of truth- it could be an issue such as allowing for time that favors one view over another, for instance. And yet if assuming 'everything was known and figured out' and thus "absolute truth" could be determined, after all the facts are in, then an A=A approach may be valid as an unrealized hypothetical, a model of truth that is highly accurate towards truth (95% +unknowns/errors) that is then essentially "truth" yet remains contingent, based on falsification or new data that tests and challenges the model, further solidifying or tweaking or undermining it. This is the assumption of the binary 1, absolute truth, and in contrast 0 as falsity. As if a daily encounter people can categorize their experiences within. That is, as an idea, as an ideology-- yet throughouly in the bed of relativism, without grounding in a larger error-correcting empirical truth, and instead reliant on the local individual skews and warping and distortion of uncorrected observations, shared and unshared, as a basis for 'infallible' assumptions and presumption of truth as an easily accessible, decidable condition- a choice as it were. A right even, for an individual to determine what will be their specific reality on a given day. Flip-flop circuitry, today it is true tomorrow false and in two weeks truth again. No sliding scale of the N-value analog of looping probability (.1 then .8) nor 3-value grey days in the neutral or unknown middle zone (1-N-0) -- instead, like 'the only correct answers on standardized exams" in the indoctrination system to brain wash humans into machine ideology for pre-programmed, exploitable functioning, there is always a right answer available, and someone has it and will move ahead and those who question or think differently are challenging the machine, breaking the ideological coherence, and must be removed as if defective transistors, part of the corporate state business model of mass manufacturing human components into a living global computer based on machine values. And what is proposed is that an assumption exists in cryptographic models that involves this issue where, most basically, the assumption that A=A is itself not accurate in the least, including at the computational or hardware level, its architecture, as this then evolves into software, which "ideas" then both are born of and born within what likely are 'inaccuracies' of thought, of consideration about IDEAS themselves that are the basis for the code and the secret communication. A lot of assumptions could be wrong, including at the level of messaging which crypto may assume is A=A by default, of shared grounded interpretation when instead it is most likely A=B by default, a question, a very grey-area of consideration -- how do you even know what the encrypted code is, where the crypto begins and ends-- and it seems to be that 'the crypto algorithm' is this device that delineates : here is the crypto. And for the uninitiated and illiterate (in this realm) it becomes a situation not only of seeing the binary code as a wall of mystery and actual oppression, a limit or boundary or threshold behind or beyond which is an inaccessible realm that has the capacity lost in another realm, the potential for action, for ideas, held in the hands and minds of others, then to be faced with a stream of numbers and repeatedly told of their security and really- infallibility- as a security model, because of the length of the string or the size of the prime numbers being computed. As if entirely about numbers, truth and ideas, and not about logic and truth firstly or in relation to these, foundationally.
And so from the outside it seems some of those who actually believe such things must either be very naive "thinkers" and have no real philosophical sensibility -- that is, in the realm of ideas or models of actual human communication -- or they are lying and bullshitting and are fully aware of the exploitation. Perhaps there is a hidden social aspect for humans involved, implicit understanding and awareness of these limitations, though for others it seems like the classic crooked salesman situation, crowds gathered round for the miracle cure which is a ripoff. Intelligence wise this is a sure thing, the deception- though the scale has gone from a public context into a no rules private context where seemingly anything goes within a given networked boundary- which perhaps is the setup, allowing the petri dish to populate its ecosystem, observe and categorize the dynamics, and so on. And thus, implicit in this suspension of disbelief, the grey area appears in the paradoxical nature of the situation- there is and is not security, it is contingent on varying factors and can ebb and flow day to day. And yet at some juncture this is already well into the application or implementation of crypto models and assumptions-- say people are walking around with encrypted access badges and it leads to biometric and other parallel security technologies to make a physical security situation as robust as it can be in terms of verifying identification.
Yet even then the well known issue of intention, the person moving from one point to another could have ulterior motives and that access granted them is actually an issue of insecurity due to duplicity, or who knows, with counter intelligence it could be triplicity and fake messaging or whatnot that is moved as information. And so that depth and issues of trust. And then in an online, remote connection scenario, software is mediated the locked doors and verification, yet the same issue remains of trust between sender and receiver or the relation of those communicating via secure exchange. And here is the question again- how can it be verified that Alice is not Edward and Bob is not Nancy or is that irrelevant and a 'social issue' of security and not involved in the cryptographic model.
For instance, assume there is an Edward and Bob who are exchanging a message and it is in a biased pronoun perspective (subjective) of "history" that warps and skews human existence to only oneside of the ledger at some interpretative level, where inaccuracies or falsities could persist in the data itself.
Edward ----> ("history") ----> Bob If Bob receives the encrypted information and "decrypts" it, presumably Bob would then have "history" on his side and the exchange would be successful, the crypto would have worked, and it could be assumed the data is TRUE by default of its transmission; the code is some fancy algorithm (brown bag) that moves the intended information from one point to another in a protected, secure way.
(history) Edward <===> Bob (history)
Yet what if Bob is actually Nancy in drag... what if the identity of sender and receiver are unshared in some relativistic aspect that remains unaccounted for in the general model of trust- easily equated with a sender or receiver who is lying or an impersonator, etc. Or, an ungrounded observation assumed universal and the basis for shared empiricism...
(history) Edward <===> Nancy (history)
The reasoning or thinking person may evaluate inaccuracies or flaws within the 'message' or 'ideas' and discern or deliberate from that context, which could still involve 'encrypted data' as it relates to actual truth in the model of shared exchange. For Nancy or a human being, "herstory" may balance the biasing of the male perspective where relevant as a shared framework, and thus there could be 'both truth and falsity' in the message, or shared and unshared POVs. This is proposed a potential weakness in terms of security, because the 'secret writing' does not end with the data transmission...
(T) Edward <===> Nancy (T/F) ------> his|her-story
Now perhaps there is implicit understanding between Edward and Nancy about these dynamics, so a kind of autocorrect could occur via observation, such that a human view could emerge from both a male and female accounting of the story- yet it also may not and lead to diverging interpretations, one biased only to male evaluation in an extreme version, and thus the female structurally subordinate yet functioning within that realm by ideological compliance. Institutional politics seems to occupy this realm by default, attempting to engineer a solution while not dealing with the corrupt code involved, or false ideas allowed to persist.
So assume this split in interpretation is not to do with sex or gender issues and instead it is just about an unshared idea, where a model could exist that the data exchanged in a secure way is actually A=A when instead it is A=B, and what that dynamic establishes in terms of corrupting assumptions of trust. In a scenario of ungrounded relativistic observation, there could be 'N' such security problems for any variance in the ideas themselves. Hidden readings belonging to other levels of secret writing and hidden communication-- and this is all about meaning and language itself as the primordial code of ideas, not mathematical concepts as the meaning, value, and worth of the exchange, presumably.
Thus the double-agent problem could be:
(T/F) <===> (T/F)
And depending on how those doubles interact, it could be sharing like or unlike lies or sharing truth or unshared truth. And that is before any ambiguity or grey area would be modeled where a question may exist, unknowns, in what is being communicated- which is usually the norm for exchange of information in that people are not omniscient and not capable of thinking through every last detail of a communication due to boundedness, though computers may have more potential ability for this-- in plain text. Like newspapers headlines related to other headlines in a categorical model. (T/N/F) <===> (T/N/F)
In the above example, the middle or 3rd value could either function as 'unknown' and thus not involve determination of what the meaning is of the message or *some aspect of it* which could remain unintelligible or ~vague, in some way or dimension, else it could involve an N-value approach that slides across from truth to falsity depending on probability of understanding, whereby 'truth' and 'falsity' are never actually attained (impossible, I say, this absolute knowing) in the basic data model, and there is always already an implicit realm of error and misunderstanding and non-awareness inherent in the "secure exchange" via these shared relations that is part of the condition of serial language based on non-empirically grounded signs today. In other words: most all language and communication exists in this gray area (N) from the start, even within computers, and the binary framework (1,0) and truth and falsity in an absolute framework are a fiction; and in this way-- a security problem in each and every exchange in terms of the actual accounting for the truth in the secure exchange, its validity and its role in establishing shared observation when this is more unlikely than likely, if there are unstable shifting conditions for observation (observers moving goalposts, etc).
So in a security model of relational exchange it would appear required to account for ambiguity from the start, such that any exchange exists in an insecure condition *as language* which itself can be further encrypted or encoded and depending on the observers may or may not be shared as a viewpoint. This is the realm of linguists as thinkers of ideas, the potential for language as code, that extreme threshold of intelligibility that can *appear* and actually *be* that garbled mess of signs and symbols and numbers and yet remain intelligible as language, as hidden or secret communication.
Observer.1 (N) <===> Observer.2 (N)
This is to attempt to convey the idea that while 'binary code' and encryption could transmit an idea between observers, that there is still the issue of viewpoint, understanding and analysis- the meaning of the data in the exchange, as this relates to secure communication. Perhaps it only applies in a textual exchange format, yet the encryption itself may go further than PGP or SSL and the issue of data integrity seemingly may not even relate to the issue of 'truth' of the data itself, which in some instances may be required though in others, it would seem to imply either a shared empiricism must exist that error-corrects false views and thus enables 'truth' to co-exist via remote connections, and perhaps involve shared dictionaries or keys-- which tends towards truth-- or that it could be wrongly assumed that this is a shared condition else asymmetrical, and those dynamics could be involved.
The reason it may be relevant, especially in an untrusted context, is that the 'officially' decrypted code may not be the actual hidden message, it may be the self-evident signage of successfully contained and delivered 'security content' yet its meaning may remain ambiguous until further analyzed, which could be done successfully or not, and may or may not be time dependent upon having the window or keys to decipher its hidden meaning, thus long term storage may not be an issue if it quickly degrades, the originating context evaporates with which to contextualize it, make sense of it, etc.
In other words, the 'official communication' could be a false perspective and the double or *surveiller* may access the decrypted headline and interpret at that level of binary correlation and categorization in its rough global-model, yet the actual intelligence may not be surface level, it may still be encrypted within that content-- and here is the idea: like the fiction of the binary string being some intellectual stronghold that transports the valued information, it is instead that that decrypted string or gibberish data when made into plain text is not verifiably the "decrypted code" which could still exist in plain language without a computer algorithm determining its structure (instead it is ~ideas themselves, their truth) and that this could even involve raw crypto code itself (guessing hash data) that could carry within it decipherable yet hidden meaning. e.g.
A SENTENCE COULD HAVE ANOTHER HIDDEN MEANING WITHIN IT.
The signage (letters, words, punctuation) does not readily move to a A=A scenario in certain chaotic environments where meaning is unshared. It could be variable, unstable, collapse if falsified or the hypothesis is known inaccurate or false- thus A=B that it tends towards the grey-area or even falsity. The sign itself, say a [word], could be ambiguous, it may not translate across cultural differences as a concept or may exist in various zoned definitions, say word processing software or written word or spoken word, or may be a typo (world). They are potentials, possibilities, and if not having the key, it may be missed or details that cannot be comprehended given an unshared understanding or inaccuracies in viewpoint or reasoning process. Say, if forcing things to a biased perspective and thus there is data loss in attempting to access the meaning, because it does not readily fit into the same conceptual framework. Issues of language. Yet further there is an entire realm of language missing from this that is moreso that of code and encrypted communication: symbolism.
If for instance a PGP encrypted communication was shared between observers 1 and 2 and so it streamed through computer processors and across networks as digital bits and a string of abstracted encrypted information that arrives at its destination; and for all that trouble the "officially" decrypted message is a word that can be written in different directions, and thus is either the same or has different meaning; say [ton] and [not] else, [wow] and [wow] or [mom], else the ever classic anagram [santa] and [satan]. This kind of 'word permutations' are similar to calculus in that they transform the situation from one scenario into another, and this is mentioned in Plato in regards to mirroring and language, that that is when the meaning of language is unlocked and understanding begins.
This is the most basic first step into this realm, though the idea is that signs have mutability, yet there can also be a symbolic aspect that is inherent in all language (categorization, archetypes, say a tree in relation to other trees as it models the 'concept' of what a tree is); and so images and objects can function as language and be used in communication, such as a barber pole or sign for bread outside a bakery via the image of bread. Symbol dictionaries are the place to look for this type of rich cultural information which dates back to the beginning of civilization and involves the esoteric and mystical realm, in addition to that of theology and philosophy, essentially metaphysics which can veer straight into the occult or the core of the world's religious institutions. so entire languages or systems of communication are already establishes for millennia and tied into present-day language and sign and symbol systems that potentially could be referenced in a 'decrypted communication' that remains encrypted in this context; and it directly parallels the [infinity] x [infinity] x [infinity] ... {N} approach, because each letter or word or idea could potentially map into another unknown context, unless having the capacity to decipher this non-linear, multi-linear ecology of ideas in their various empirical frameworks-- if accessible to the observer. It is not a serial string that suddenly is decrypted and becomes A=A by the magic of cryptography and instead becomes a question of assuming 'the answer' is the most immediate signage encounter upon 'official decryption' versus what may be an extended hidden communication that is the foundation and basis for human language and communication throughout its development of culture, and that this is not a serial string of signs (say, greatest idea is largest prime number!) and instead about the interconnected logic of symbolism as it identifies truth, and those who shared this empiricism and understanding communicate within it, and those who do not may have the signage, and potentially the keys, yet may not be able to see it because of an unshared model of truth (theirs: pseudo-truth) that degrades the interpretation via the action of seeking to determine meaning.
Imagine the decrypted official message, post-binary, post crazy code, is the plaintext word:
rotor
And somehow the hidden key indicates to twist this 180 degrees, such that:
jo+oj
In this arbitrary example, given pre-existing library of meaning or contextual interpretation (say, contingent meaning based on temporary shared keys) that this is referencing the song _these boots are made for walkin'. Such that perhaps the two letters j somehow reference this as pictographs and then there is additional content related to the potential signs/symbols of that fragment as a linked cryptogram. The plaintext rotor may be embedded in a larger decrypted document yet be distinguished by a secret shared key that opens up or unlocks its potential meaning; in that it may or may not be "accurate" or true, though if grounded as a shared viewpoint it could tend towards 1 or absolute truth in that finite micro-perspective that may identify or share some critical data. If considering that each word in this email could carry some potential for decryption of hidden information, not only is each letter and word a potential variable, their combination and connections both inside and outside this text are also relevant thus instead of a binary string of ones and zeroes and their abstraction as an indication of the intangibility of accessing the cryptic code, instead it is the empty set and that question that stand in for the self-evident (yet potentially wrong) signage saying: the decrypted code is here, read the serial message: this is a secret, shhhh....
Do you see the absurdity of assuming encryption occupies only an obfuscated realm when in a context of philosophy, truth, ideas, logic, and mathematics involved in those questions versus what are by comparison computational trivialities in terms of "intelligence" as it exists in the realm of ideas versus vacuum packed into a clean-room context of science, technology, and technocrats with a ruling agenda? It is really laughable, in that there is real idiocy involved in assuming an idea is simply true or decrypted as a sign of a language system and that there are clear boundaries between these security concepts. I doubt humans do this though apparently a great many in the population are ideological adherents and enforce this viewpoint, have taken over entire institutions, in particular the education system itself, government, health care, and are determining by this false perspective binary mindset the future of humanity, which is not only in decline, it is that of the earth turned into an open air concentration camp and yet given tools to communicate about it (ziplock bags) that would lead to their further persecution for being revealed an enemy of the rogue terror state via gilliam Brazil-like error-nightmares that can never be recovered from, bad components must die, only the ideologically pure will survive, who like in the Matrix now use humans as batteries to keep their machine running, "evolving".
A related aspect involving Plato is that there are original ideas, fundamental concepts, and then there are "copies". And it seems very relevant to issues of code, programming, cryptography and security, including with hardware development (knock-off chips, secret instructions, etc). Issues of verification of A=A that can be lost via mutations or loss of oversight or control or unshared goals, ideas, as part of the process. So that seems to describe some of the politics involved, where an idea can start out in truth (A=A) yet move towards another viewpoint or further into pseudo-truth (pT) over time, such that A=>B (or, A=B). This is like a once-secure crypto approach that is subverted somehow, either known (A=B) and thus invalidated for its security or believed secure (pT=T) and thus in that error there is a loss in security; in that *subjectivity* as it were, that unaccounted for ambivalence or the impossibility of determining its truth via accounting.
Yet what is even more readily evident in "popular crypto" appears to be the issue of 'copies of copies' which is the internet model of software distribution, whereby the issue of the first copy had a close relation to the original, such that A1=A2 may be nearly indistinguishable, whereas through the reiterative process of 'copying the copy', (such that A2 => A3...A300+) then also involves erosion of the original within the realm of the copies, whereby A2 is closer to B than A1, and A300 is no longer recognizably the same, cannot function as an imposter, and is a self-evident degradation of the original idea (A=B), "unlike". It does not pass, the camouflage of the mimicry broken; just repeating signs (code) without "understanding" then has entropic loss of intelligibility as a consequence.
And thus at the level of signage, a key could be known and repeated, attempted to be used, yet if it is ungrounded, shallow, disconnected, the observer would stay on the outside of the conversation, surface interaction, versus entering into a shared realm of awareness. The hidden communication could be right in front of a person and they may never know it. That is, in terms of ideas. How to encrypt a phone call or video the same way probably relies on existing concepts tied into binary data transmission, though still even in those domains the same issues of subtext and accessibility apply. Grounding, ungrounded truth, verification.
So this is to presume that cryptography has innate connection to conceptualization, modeling of the relations, exchange, in a context of security and shared data. And yet in some ways this language viewpoint inverts the signal/noise approach, in that the secret writing may instead occur in the noise and not within the signal as is presumed of 'decrypted message' via a software solution, at least formally, from a naive view. In that there could be many needle-in-haystack scenarios inherent in ordinary language transmission that effectively function as encrypted information or messaging as part of ordinary communication processes. And you could have your optic nerve tapped by neuroscientists who are reading your brainwaves and seeing what you see, seeing the keys and considerations, yet if the empirical model of truth is unshared or errors are relied upon, that split fractures and limits interpretation, making it potentially inaccessible in that it functions in a different paradigm of consideration, outside the framework of evaluation-- in the realm of ideas, not of ideological determinism to validate a too simple model that becomes a method of behavioral command and control.
This conceptual code, beyond the sign, into the sign, between the signs, appears absent in the thinking and ideas of crypto as computation, though in terms of its calculus-like ~mathesis (mathematics of language, language of mathematics) based in logical reasoning, this infrasign, intra-sign and symbolic question go into the deep core of culture at its earliest and its most recent era where the same model of truth has been relied upon and extended, in the realm of ideas, and thus de|con-struction and other approaches -- hell, triple loop, salchow, flip and lutz in skating is itself language, or the arrangement of flowers, or the color and details of clothing ensembles-- and that these domains can be secretly written/read, parsed for hidden meaning in day to day interactions and this is also and perhaps more prominently the realm of crypto-communiations, if not preceding its technological development because the mathematics are different; what if every number of the largest prime was a bounded infinity and each related to the next in sequence, what computer can deal with that? none. The conceit is that today's crypto is that strong, whereas the "ideas" of this crypto is indeed that strong, just not the technology to communicate it. The ideas are the protection, as they are encoded or hidden in others, requiring thinking yet also competence, not mere mimicry, not just stand-ins or copies or clones seeking to exploit via subversion or controlling a domain- such as: the classic "x" marks the treasure, therefore everyone is at x, yet that is not the real x, it is actually x', and so on, because it is symbolic, goes beyond the sign=sign as truth when instead it is a question relying upon shared verification, validation, testing, rigor-- security.
An example of the difference would be a coin toss, a binarist having modeled the issue to only allow heads or tails, when there is a slight probabilistic chance it could land on its edge under certain conditions, and thus paradoxically be 'both' heads and tails or indeterminate, and thus an issue also of time is involved. So even though the probability may be hypothetically 0.00001 that it lands on its edge, say the coin toss lands between thick blades of grass on the soccer field, and thus requires a follow-on toss, that instead this ambiguity can be removed from the binary model, made irrelevant, as with 'unknowns'. That is only amplified when dealing with a realm that more closely occupies this edge-condition day to day, issue to issue, then forcing it to goals on one side or the other (1,0) when instead it is likely in a gradient between them (N), either as 3-values (unknown) or the bounded scale, sampling a resolution up to infinity between them, for any given evaluation of truth, in an empirical framework. Relativism, the ideological beast, ignores this and goes binary to allow 'super large prime numbers' to exist as ideological viewpoints, irrespective and ignoring their falsifiability, that is the essential corruption of the rigged game that ends with killing off humanity.
Whereas if you are in outer space, there is no horizon and you flip the coin, presumably it is going to keep spinning and spinning until friction eventually slows it down though perhaps outside influence will motivate it (ionic wind or hot-cold difference from sun) and perhaps that will keep it going and going and going... and yet even if it were to stop spinning someplace so remote as to have no place to 'land', no horizon to tell what side is UP, how without this frame of reference would the coin toss be determined in its sidedness. Seemingly it would involve being pulled toward the nearest gravitational source and if habitable and surviving reentry, say on a dead moon, it may finally land in some dusty realm, highly unlikely on its edge, though perhaps removed of its identifiable sides or not, yet at that point, it would be determined-- this is the result of that long ago flip of probability minus immediate gravity. The weightlessness of not knowing, of having questions, not enough variables to model an idea fully, and taking that time _before deciding what is true, is that realm of the neutral observer, and of a method of analysis requiring of hypothesis, not reliant upon the quick answers a false-theoretical framework provides, such that for universal or enigmatic situations the first choice would instead be absolute "truth" or "falsity" in the binary mindset, further constructing and building the false perspective of ungrounded relativism. A trillion quadrillion zillion coin tosses true and false-- that is what we can do! -- Yet what if most of those evaluations are inaccurate, hollow, even destructive for the ideas they are mediating, to the point that it subverts "truth" and replaces it with a fake realm of false choices and corrupt relations as the status quo. Perhaps more time need be given to let the coin spin for each and every question, instead of seeking to determine its outcome in a too simple model of reality.
s8b 23x d0s
The code snippet above could have as much or more "computational complexity" than the largest prime number, in terms of its cryptographic potential, if instead of evaluating a single message or correct answer that there could be a novel's worth of meaning. This is the 'universe in a grain of sand' approach, more like that of scrying where set theory universes could be nested within others, and these ecologically connected inside and linked outside the matrix, crypto patterns that are bounded N-variable relations that offer an interpretative open range of decipherment, yet like a random number generator, do not necessarily hold intention or intelligible structure by default of their 'random' creation. Enigma RNG, like a slot machine with symbols that tally, except these could instead be TLAs or gap substitutions or mutated or phased dynamics, or various movements etched, all of it libraried such that patterns could be revealed that are insightful and map to existing other frameworks-- in that like archetypes and tarot (applied symbolism) or especially crystal balls, something is revealed momentarily and this may not be connected to another via obvious key exchange- instead it could exist via SAD and quantum correlations, the entanglement of a shared resonant instance that pops out like a constellations or its key revealed this way, accessing a noosphere like collective consciousness where truth actually does determine reality and in this surrender to the weather-like dynamics of this ephemeral condition, its magic- what is grounded can be made accessible this way, revealed.
A computer may be able to parse or frame small aspects, yet to decipher or read or make sense of it, more would need be involved, shared consciousness, to consider the questions that may arise that could weight certain variables over others in a given moment, and then transform the context and provide a path down another previously unseen interpretation as a result, only to have the wave function collapse and the idea disappear from view, safely stored in its state of mystery. That is, more of the realm of "information" as ideas existing outside the brain, in the atmosphere, accessible by others, and not just about brains in skulls and neurons blipping as if all language and knowledge can be flattened to a graph or visualized by modern-era phrenologists with dangerous beliefs.
This is more than parallel worlds model of relation, entanglement inherent in shared ideas if the 'original' is pinged by distributed others, then how accurate the relation with the idea and with others as a basis for trust and security. In binary worldview everything occurs in the same set theory universe (U1) yet this is a false POV, whereas in a paradoxical logic approach, the shared universe (U) is born from their integration and structural interconnection of all relative universes (U1, U2, U3 ... U^N) that are grounded in truth, removed of error, and thus modeled and related to and through via shared perspective; archetypes, language, communication, shared identity, trust, value, exchange, information as current and currency, onward to hidden civilization, cosmic lineage, secret order.
The crypto-bomb is that, as with set theory, there can be hierarchic nested relations within a conceptualization of code and secret communication such that issues of apparent and vaunted 'peak complexity' that declare cryptographic integrity today (transparent ziplock as if brown bag) are themselves quite simplistic and rudimentary in comparison to the mathematics involved in this other phenomenally and incomparably more intense "intellectual" evaluation -- involving ideas themselves in the security model -- in that, take for instance the Kryptos enigma ( http://en.wikipedia.org/wiki/Kryptos) -- it is very impressive such a sculpture exists and a single message can be deciphered that is said to explain its various grid of letters. So its hidden patterns must be accessible via the established conventions that indicate a correct way to go about and solve the puzzle. Yet what if there is more than one puzzle or that 'intention' may exist beyond the quote unquote author (finite person versus cosmic intelligence) and that like a RNG those same letters could carry other meaning that is potentially relevant in a given instance or could be referenced or a shared or unshared key could decrypt.
This is more the Hunter S. Thompson-Timothy Leary key exchange approach to cryptography, psychodelicode perhaps, akin to cloud-code, observing the sky for recognizable patterns of meaning or significance, consciousness as divining rod, tuning into N-variables depending on individual or shared literacy, all about language in its symbolic, mathematical, logical foundation in terms of patterning, constellations of ideas, building from truth (A:A), finding it, locating it, securing it, yet with time it could move, change shape, and so trying to grasp what is there if it is there, the grounded moving toward sanity, ungrounded fast tracked to madness and extreme anguish. one time pad of mind, else post-it notes and micro-cut security shredder to consider the calculus, the math is already witin the alphanumeric structure, HIOX of the spinning horizontal letters and vertical, twisting around to reveal themselves the same while others mutate, letters, words, sentences, texts, ideas this way, stories, beliefs. back to into logic, circuitry, matter, energy, this information. Crypt code in context, WYSINWYG. It is a question with potentially many correct answers depending on viewpoint, frame of reference, quantum versus classical dynamics, methodology, thought, belief. Sequencing alphabet, tabulating uppercase, lowercase cut in half along middle line, mirroring. Chess move patterns, anything mapped onto its structure as a potential interpretive device. Fractal code, within the noise, more and more structure reveals itself, likely more information in that potential framework than computational power on the order of magnitude of today's crypto breaking claims (death of universe). Can you map all the information in Kryptos, its potential relational meaning, via machine translation, how many series of encyclopedia would be needed to explain the data mining of deep significance of random connections in their associational relevance-- who decides what is true, how is it weighted probabilistically, especially if the code functions as oracle? That is, what is true within it is true, however so. How to access it, how much is there- can mathematicians figure out and model such a scenario of bounded infinities within infinities in seemingly arbitrary noise, looking, searching for structure, relational, value? And what if that is tapped as a shared reference, a small part of it, say a 2x2 grid of letters via coordinates-- is not this d?tournement also cryptographic. That is, its apparent noise containing meaning, given perspective- if it were to exist, and who is to say it does or does not- how is that decided-- by a binary algorithm that tests against its own conventions and modeling? Or perhaps are the machines blind in such a context if the map does not represent the territory. Of course it's black and white! -- said the grey to the gray.
Randomness, noise, entropy, "structure"-- why the dogma that a binary code must determine this, why not a messy fragment with structure, or even a landscape or topography or bryce-3D model as data set, is it a deterministic view based on unique numbers, primes- what if each bit was effectively larger than the largest prime, and there are infinite bits? The issue of infallibility, infallible perspective or one correct shared viewpoint as presumption versus the cosmically difficult work of establishing this through hard-fought and hard-won hypothesis, including blood and agony- to arrive at _tentative and contingent models versus faith-based mathematics and belief systems functioning as techno-religion and crypto-theology, yet fundamentally flawed in terms of the ideas invovled at the level of the propositions, the dogma ear-shattering as if loudspeakers given official viewpoints over and over everyone is supposed to conform to, believe, "trust the technologists- trust the code" when this is exactly opposite the idea, trust truth- verify everything first, stay vigilant, check and error correct eternally. Instead that is process hacked, subverted, errors standardized-- so what is trust in such a shared environment- perhaps crypto is not so limited in terms of ideas that may use the technology as its carrier wave yet exist otherwise, as a kind of poetry of a people, a living truth that is shared, versus an inaccurate, flawed, and genuinely stupid worldview to sustain due to its basis in corruption. Does the transparent ziplock bag really surprise anyone operating in this environment? What if that is the assumption all along (presumably) and the crypto is occurring outside the 'official' lines, beyond the perspective of unshared observer, exploiters...
The question of the question involves a critical detail related to what is rational, a rational versus irrational approach. Inconceivable, perhaps is the meaning of the latter though i tend to think that irrational may not really exist as a concept in terms of thinking, because like a circuit, if cause is involved, likely there is a direct connect to the path some event is occurring on, and it is a matter of perspective, if another person can understand it (rational, reasonable) or not ("irrational" yet still likely rational in some sense for the other person). This idea of paradox and crypto may be believed just an issue of some sign-based leetspeak where it appears the sign remains its original referent in a modified form, in that the letter S becomes 5 yet still functions as the letter S. A narrow consideration of this would evaluate it only in terms of the original, thus the 5=S, and essentially A=A. Though a paradoxical view could extend this into a question, what if 5 means something via kabbalah or numerology that substitutes for the letter E because it is the 5th letter of the alphabet, and thus E=S and onward into oblivion. That moves quickly into symbolism, mapping of numbers and letters onto other events and each variable could have multiple definitions or references and together function much like Chinese characters (ideographs). With alphanumerics (26 letters and 10 numbers) of 16 segment and 7 segment electronic displays, it is basically its own mastercode-base that makes every aligned text into its shared universe (U) of a global Kryptos document, any given combination running into infinity given perspective, conceptual scaffolding, shared libraries. It is not surface, not a foil or ploy though it could be if a deception to establish barriers. And so how is the person without the key to know where to enter and how to interpret, and even if they have the key and the 'official plaintext' how do they know where the encryption begins and ends-- unless to assume software and hardware crypto defines the 'side', that there is no edge to land on, it can only be the simplest view... albeit wrong. And to either constantly be wrong in interpretation or run into limits, much like binarization in reverse, though paradox in its place. A wall of chaos, unintelligible communication- even with keys, even with decodes, one time in one context may vanish like a raindrop into the ground to be recycled elsewhere, it no longer exists the same, the field has changed or not, the truth has transformed, time has passed, the coin still spins eternally until it stops.
What if their stopped time is the wrong view, built upon a warped, skewed, distorted framework. Trying to relate from that relativism into another could cause it to be torn apart, any structural connections would bring down their weakened connections and constructions -- yes go ahead, copy it, use it, make assumptions and join the conversation... and it will be entropy in action once the bending takes hold, crushing at the false views, the lies and deceptions unable to reason or continue the charade, collapsing upon themselves via unbearable pressures, the difference continually falling, falsity unable to be sustained, geologic events in the lives of peoples nervous systems, psychically torn apart, unable to cope, adapt, continue. Brutal involution, fracturing, implosion, insane weakening via intolerable stresses, shattered into fragments the schizoid imposters moving straight toward the extreme each and every variance from their false modeling. A false universe torn apart piece by piece, bit by bit, the psychological impact of losing total control due to serving fundamentally wrong ideas and beliefs. To know and realize that there is only nothingness to embrace as the remaining option, the void, emptiness, hopelessness, death, that that is the future of such activity.
What is worse than trying to kill off the human race? -- failing to do so and having to deal with the consequences.
#half of what i write here is false (right)
--- holographic context, multiperspectival, unexpected, psychic blips, assumption of freudian slip as conventional tell, mystical code, inversion: signal is noise; noise is signal, error and anomaly, question of time, x=y as false POV, pT=T is security exploit binary decrypt => reveal? [official plaintext] : + [secret1] [secret2] ... [secretN]
SPECIAL SYMBOLS TEST: [?] [?] [?] <== infinity ??
ATTACHMENT TEST: capture.9!f ------next part ------An HTML attachment was scrubbed... URL:
From electromagnetize at gmail.com Thu Sep 12 02:17:17 2013 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 12 Sep 2013 01:17:17 -0500 Subject: [1] addenda- artwork examples Message-ID:
#note on quantum correlation-- discovered in first image search query for Jasper Johns examples... transparent ziplock with acid written on it, yellow letters inside, by Ray Geary (?) http://vapidforever.com/wp-content/uploads/2013/03/Acid-241x300.jpg https://www.google.com/search?q=jasper+johns+alphabet&safe=off&client=firefox- a&hs=zF1&rls=org.mozilla:en-US:official&source=lnms&tbm=isch&sa=X&ei=-lQxUp-JBIfy8ASn- 4GYDA&ved=0CAkQ_AUoAQ&biw=1266&bih=762&dpr=1#q=jasper+johns+alphabet +sculpture&rls=org.mozilla:en-US% 3Aofficial&safe=off&tbm=isch&facrc=_&imgdii=_&imgrc=iQ28F5tJozoMaM%3A%3Bq68iwPCboZjZbM %3Bhttp%253A%252F%252Fvapidforever.com%252Fwp-content%252Fuploads%252F2013%252F03% 252FAcid-241x300.jpg%3Bhttp%253A%252F%252Fvapidforever.com%252F%3B241%3B300 ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Thu Sep 12 06:29:38 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 12 Sep 2013 12:29:38 +0200 Subject: [Cryptography] Laws and cryptography Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Wed, 11 Sep 2013 13:20:13 -0700 From: John Gilmore
> ... the Wassenaar Arrangement clearly says that > material, software and technology need an authorization to be exported / > published. > > What is actually the status of the law about cryptography and publishing > new algorithms ? Is the cryptographer that publish a paper without > governmental authorization an outlaw
There is a tension between fundamental freedoms and crypto controls. Often fundamental freedoms win (as they should). The Wassenaar Arrangement is a private agreement among a bunch of governments -- it is not a treaty -- and has no legal force at all. What matters are the statutes in your own country, and how they are interpreted.
I don't know of any cryptographers who have been punished under crypto export controls, anywhere in the world, for publishing papers about encryption. So invent your own cryptosystem if you want, write about it, and publish!
Human-written software was considered to be different from human-written papers for a while; in the US it took three court cases (Bernstein v. US being the first winner) to sort this out. In the 1990s, Europe did not control freely published ("mass-market and public-domain") software, and by 2000 that was true in the US also.
Unless you want to find and pay a lawyer with relevant expertise, the best way to get a more-or-less definitive answer for your particular country is to look in Bert-Jaap Koops' "Crypto Law Survey". He has been maintaining it for decades, and actually did his PhD thesis on global regulations about encryption. See:
http://cryptolaw.org/
> The department of the ministry of defense that handle this regulation > can't answer if publishing a cryptographic algorithm needs an > authorization.
Can't answer, or won't? In the United States, both the NSA and the agencies responsible for the export controls (State Department and Commerce Department) have been known to lie to the public, unofficially, about what is actually allowed. Their tendency is to talk you into assuming that you have no rights, even if the law is clear that you do. Or they will tie you up in knots over how you might be able to comply with finicky regulations, without ever telling you that you are exempt from those regulations. We even caught them lying officially once or twice (e.g. refusing export of Kerberos authentication software on the bogus theory that someone, someday, might adapt it to do encryption).
John
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Thu Sep 12 06:32:04 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 12 Sep 2013 12:32:04 +0200 Subject: [tor-relays] Getting max bandwidth out of a relay Message-ID: <[email protected]>
----- Forwarded message from Andy Isaacson
Date: Thu, 12 Sep 2013 02:06:13 -0700 From: Andy Isaacson
On Wed, Sep 11, 2013 at 05:13:04PM +0200, Jeroen Massar wrote: > Are boxes that are doing these speeds running at a CPU or a network cap? > Or maybe better asked, they do run at 100% usage of their cores or do > they just use two/three cores to the max?
There are three main sinks of CPU usage in a well-configured large Tor relay:
1. doing AES and SHA. This scales with the network bandwidth used. 2. doing Montgomery multiplication for circuit creation requests. 3. bookkeeping.
(4. kernel TCP overhead etc.)
Until the August botnet hit, #1 was the primary user of CPU on most relays. A single Xeon core can do about 150 MB/sec of AES, or with AES-NI around 700 MB/sec.
With the vastly increased circuit creation load currently in progress, #2 and #3 have become a larger problem. The bookkeeping, in particular, has grown significantly. On noisetor right now, 17% of all CPU cycles are being spent in a single bookkeeping routine, circuit_unlink_all_from_channel, according to "perf top". https://trac.torproject.org/projects/tor/ticket/9683
This increased circuit-create-and-destroy CPU load reduces the CPU available to do useful AES, so as a result, currently many Tor relays are showing increased CPU usage with decreased bandwidth usage. You'll have trouble getting a single Xeon core to run much more than 300 Mbps even with AES-NI, even without the botnet increasing CPU load without increasing throughput usage. In the current state, with so much extra bignum work and bookkeeping, a single daemon will have even more trouble pushing much bandwidth.
Best practice for maximum bandwidth is to run one Tor daemon per physical core, each on a distinct IP address. Plan for each daemon to push about 15 MByte/sec. They can do more like 20 or 30, but planning for lower leaves some headroom.
Your boxes, with 12 cores and 70 GB of RAM, are quite a bit overpowered for running 500 Mbps of Tor. If you ran a Tor daemon per core, you'd be able to push around 2 Gbps of Tor traffic, easily.
-andy ______tor-relays mailing list tor-relays at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From jya at pipeline.com Thu Sep 12 07:40:01 2013 From: jya at pipeline.com (John Young) Date: Thu, 12 Sep 2013 07:40:01 -0400 Subject: Backdooring Crypto Message-ID:
In response to the Philip Hallam-Baker message below with his IETF draft, posted on Cryptome, these responses have been offered:
1. A 1997 paper: "Kleptography: Cryptography Against Cryptography," by Adam Young and Moti Yung. http://link.springer.com/chapter/10.1007%2F3-540-69053-0_6
"Kleptography: persuading the party to be intercepted to use a form of crypto that the attacker knows they can break."
2. "Phil's background as Verisign's principal designer is wellknown, and so are his design efforts in 'certificates, cert crypto and secure dns'. Lesser known are his friendships with the 'men-in-black'."
-----
>Date: Wed, 11 Sep 2013 16:30:50 -0400 >From: Phillip Hallam-Baker
From eugen at leitl.org Thu Sep 12 09:45:02 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 12 Sep 2013 15:45:02 +0200 Subject: [liberationtech] Henry Farrell for Democracy Journal: The Tech Intellectuals Message-ID: <[email protected]>
----- Forwarded message from Yosem Companys
Date: Wed, 11 Sep 2013 14:52:06 -0700 From: Yosem Companys
The Tech Intellectuals
The good, bad, and ugly among our new breed of cyber-critics, and the economic imperatives that drive them.
Henry Farrell
A quarter of a century ago, Russell Jacoby lamented the demise of the public intellectual. The cause of death was an improvement in material conditions. Public intellectuals?Dwight Macdonald, I.F. Stone, and their like?once had little choice but to be independent. They had difficulty getting permanent well-paying jobs. However, as universities began to expand, they offered new opportunities to erstwhile unemployables. The academy demanded a high price. Intellectuals had to turn away from the public and toward the practiced obscurities of academic research and prose. In Jacoby?s description, these intellectuals ?no longer need[ed] or want[ed] a larger public?. Campuses [were] their homes; colleagues their audience; monographs and specialized journals their media.?
Over the last decade, conditions have changed again. New possibilities are opening up for public intellectuals. Internet-fueled media such as blogs have made it much easier for aspiring intellectuals to publish their opinions. They have fostered the creation of new intellectual outlets (Jacobin, The New Inquiry, The Los Angeles Review of Books), and helped revitalize some old ones too (The Baffler, Dissent). Finally, and not least, they have provided the meat for a new set of arguments about how communications technology is reshaping society.
These debates have created opportunities for an emergent breed of professional argument-crafters: technology intellectuals. Like their predecessors of the 1950s and ?60s, they often make a living without having to work for a university. Indeed, the professoriate is being left behind. Traditional academic disciplines (except for law, which has a magpie-like fascination with new and shiny things) have had a hard time keeping up. New technologies, to traditionalists, are suspect: They are difficult to pin down within traditional academic boundaries, and they look a little too fashionable to senior academics, who are often nervous that their fields might somehow become publicly relevant.
Many of these new public intellectuals are more or less self-made. Others are scholars (often with uncomfortable relationships with the academy, such as Clay Shirky, an unorthodox professor who is skeptical that the traditional university model can survive). Others still are entrepreneurs, like technology and media writer and podcaster Jeff Jarvis, working the angles between public argument and emerging business models.
These various new-model public intellectuals jostle together in a very different world from the old. They aren?t trying to get review-essays published in Dissent or Commentary. Instead, they want to give TED talks that go viral. They argue with one another on a circuit of business conferences, academic meetings, ideas festivals, and public entertainment. They write books, some excellent, others incoherent.
In some ways, the technology intellectuals are more genuinely public than their predecessors. The little magazines were just that, little. They were written for an elite and well-educated readership that could be measured in the tens of thousands. By contrast, TED talks are viewed 7.5 million times every month by a global audience of people who are mostly well-educated but are not self-conscious members of a cultural elite in the way that the modal reader of Partisan Review might have been.
In other ways, they are less public. They are more ideologically constrained than either their predecessors or the general population. There are few radical left-wingers, and fewer conservatives. Very many of them sit somewhere on the spectrum between hard libertarianism and moderate liberalism. These new intellectuals disagree on issues such as privacy and security, but agree on more, including basic values of toleration and willingness to let people live their lives as they will. At their best, they offer an open and friendly pragmatism; at their worst, a vision of the future that glosses over real politics, and dissolves the spikiness, argumentativeness, and contrariness of actual human beings into a flavorless celebration of superficial diversity.
This world of conversation and debate doesn?t float unsupported in the air. It has an underlying political economy, which is intuitively understood by many of its participants. As Jacoby emphasizes, all debates about ideas are shaped by their material conditions. The intellectual possibilities of the purported golden age of the 1950s were in part the product of bad pay, cheap rent, and a small but intensely engaged audience of readers. Those of the 1960s and ?70s were influenced by a burgeoning university system, which rewarded intellectuals for writing impenetrably for an audience of their peers.
The possibilities today reflect a different set of material conditions again, which don?t determine individual choices so much as they pull on them, gently but insistently. They influence what is discussed and what isn?t, who wins and who loses. And much goes undiscussed. The working consensus among technology intellectuals depicts a world of possibilities that seems starkly at odds with the American reality of skyrocketing political and economic inequality. It glosses over the deep conflicts and divisions that exist in society and are plausibly growing worse. And the critics of this consensus fare no better. They work within the same system as their targets, in ways that compromise their rejoinders, and stunt the development of more useful lines of argument.
[snip] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From coderman at gmail.com Thu Sep 12 12:21:50 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Sep 2013 09:21:50 -0700 Subject: Backdooring Crypto In-Reply-To:
On Thu, Sep 12, 2013 at 4:40 AM, John Young
From gutemhc at gmail.com Thu Sep 12 21:12:57 2013 From: gutemhc at gmail.com (Gutem) Date: Thu, 12 Sep 2013 22:12:57 -0300 Subject: Shadow Hardening Message-ID:
Someone already used this? http://www.openwall.com/tcb/
- Gutem ------next part ------An HTML attachment was scrubbed... URL:
From eugen at leitl.org Fri Sep 13 01:32:04 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 07:32:04 +0200 Subject: [guardian-dev] Improving enabled TLS Cipher Suites Message-ID: <[email protected]>
----- Forwarded message from coderman
Date: Wed, 11 Sep 2013 15:13:09 -0700 From: coderman
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 all the rest do not provide forward secrecy, or use ECC with suspect constants, or use weak ciphers. i'm open to hearing arguments otherwise.
> ... > TLS_RSA_WITH_AES_256_CBC_SHA256 > TLS_RSA_WITH_AES_128_CBC_SHA256 > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > TLS_DH_anon_WITH_AES_128_CBC_SHA256 > TLS_DH_anon_WITH_AES_256_CBC_SHA256 > TLS_DH_anon_WITH_AES_128_CBC_SHA > TLS_DH_anon_WITH_AES_256_CBC_SHA > TLS_ECDH_anon_WITH_AES_128_CBC_SHA > TLS_DH_anon_WITH_3DES_EDE_CBC_SHA > TLS_ECDHE_ECDSA_WITH_NULL_SHA > TLS_ECDHE_RSA_WITH_NULL_SHA > TLS_RSA_WITH_NULL_MD5 > SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_WITH_NULL_SHA256 > TLS_RSA_WITH_NULL_SHA > SSL_RSA_WITH_NULL_MD5 >> ... >> "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", >> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", >> "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", >> >> "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", >> "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", >> "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", >> >> "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", >> "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", >> "TLS_ECDHE_RSA_WITH_RC4_128_SHA", >> >> "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", >> "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", >> "TLS_ECDH_RSA_WITH_RC4_128_SHA", >> >> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", >> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", >> >> "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", >> "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", >> >> "TLS_RSA_WITH_AES_256_CBC_SHA", >> "TLS_RSA_WITH_AES_128_CBC_SHA" >> ... ______Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org
You are subscribed as: eugen at leitl.org
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 13 01:36:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 07:36:03 +0200 Subject: [liberationtech] Inside the Effort to Crowdfund NSA-Proof Email and Chat Services | Motherboard Message-ID: <[email protected]>
----- Forwarded message from Yosem Companys
Date: Wed, 11 Sep 2013 15:29:15 -0700 From: Yosem Companys
Back in 1999, Seattle-based activists formed the communication collective Riseup.net. The site's email and chat services, among other tools, soon offered dissidents a means of encrypted communication essential to their work. Fourteen years later, Riseup is still going strong. In fact, they've been fighting the US state surveillance apparatus longer than most people have been aware of the NSA's shenanigans. Now, the collective is hoping to expand, given the gross privacy transgressions of the NSA and US government as a whole.
"What surveillance really is, at its root, is a highly effective form of social control," reads an AugustRiseup newsletter. "The knowledge of always being watched changes our behavior and stifles dissent. The inability to associate secretly means there is no longer any possibility for free association. The inability to whisper means there is no longer any speech that is truly free of coercion, real or implied. Most profoundly, pervasive surveillance threatens to eliminate the most vital element of both democracy and social movements: the mental space for people to form dissenting and unpopular views."
The impetus behind the project is Riseup's struggle to keep up with new user demand for an email service that doesn't log IP addresses, sell data to third parties, or hand data over to the NSA. Riseup will also be able to expand its considerable anonymous emailing lists, which features nearly 6 million subscribers spread across 14,000 lists. Their Virtual Private Network (VPN), which allows users to securely connect to the internet as a whole, will also be made more robust. What Riseup can't do is offer its users an anonymous browsing experience, but that's not their aim.
To offer Riseup to more users, Free Press's Joshua Levy, Elizabeth Stark (an open internet advocate who has taught at Stanford and Yale), as well as others at the StopWatching.Us campaign (backed by Mozilla) recently launched an Indiegogo crowd-funding effort on behalf of the group. They hope to raise $10,000 in order to provide Riseup?which is run by volunteers?with a new server, hardware, and software capabilities. In short, they want to expand their reach so that internet users have another alternative to email services such as Gmail, Yahoo, and Hotmail.
To get a clearer picture of what StopWatching.Us and Riseup are doing, I spoke with Levy, Stark, and an anonymous Riseup collective member. We talked about how the crowdfunding money will be spent; how Riseup helps users avoid NSA, as well as state and local repression; and why, contrary to reports, the Tor Browser bundle is still the best option for anonymous, encrypted browsing. (As of today, the crowdfunding campaign reached it's $10,000 goal, but the organizers are hoping to exceed that total by a good margin.)
[snip] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 13 01:58:17 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 07:58:17 +0200 Subject: [liberationtech] Is Dropbox opening uploaded documents? Message-ID: <[email protected]>
Dropbox is pulling a Skype.
----- Forwarded message from Joe Szilagyi
Date: Thu, 12 Sep 2013 08:42:17 -0700 From: Joe Szilagyi
Found online: http://www.wncinfosec.com/dropbox-opening-my-docs/
-- Joe Szilagyi
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 13 02:02:42 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 08:02:42 +0200 Subject: [Freedombox-discuss] Freedombox CA Message-ID: <[email protected]>
----- Forwarded message from Jonathan Wilkes
Date: Thu, 12 Sep 2013 12:19:59 -0400 From: Jonathan Wilkes
On 09/12/2013 10:06 AM, Keith wrote: > After further thought: > > With a CA on each freedombox we could have something like this > > Create a CA using (options used could be changed) > openssl genrsa -des3 -out "Freedombox CA.key" 4096 > openssl req -new -x509 -days 3650 -key "Freedombox CA.key" -out > "Freedombox CA.pem" > > Possibly replace any snakeoil keys created by Debian (Postfix uses 2048 > bits, could use 4096 bits if Postfix is the MTA used). > > Include in Plinth an option for a freedom box to obtain ssl keys with > the Freedombox CA. No interface to an external website, openssl can do > this. > > The public key of the Freedombox CA could be published, to be imported > into someone else's browser, could be a problem with multiple Freedombox > CA's with the same name. > > Possibly a paranoid option to rotate the ssl keys on the freedom box > running manually and/or as a cron job (Now doing this daily with one of > my mailservers).
Hi Keith, In short, the entire white-hat security community guessed what "prohibitively expensive" meant. They guessed too low. Now we know, and everyone (including the white-hats and the surveillance industry) are scrambling to recover from the revelation.
Some are thinking of it as the tinfoil hats coming off. I think of it as tinfoil hats appearing on every head of every person who has a device connected to the internet. I like it that way because "paranoid" becomes a synonym for "human", and all those previous "paranoid options" that are cordoned off with scant documentation suddenly become "bad human interfaces" which were prohibitively complicated to have actually provided security or privacy to the user when it turned out that they needed it.
So to me, "paranoid option" now either means a) core feature which should be implemented cleanly, by default, or b) a dead coal mine canary that says the interface itself is too complicated, so start over and rethink it.
Best, Jonathan
______Freedombox-discuss mailing list Freedombox-discuss at lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 13 03:54:54 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 09:54:54 +0200 Subject: [cryptography] very little is missing for working BTNS in Openswan Message-ID: <[email protected]>
----- Forwarded message from Nico Williams
Date: Thu, 12 Sep 2013 14:04:08 -0500 From: Nico Williams
On Mon, Sep 09, 2013 at 10:25:03AM +0200, Eugen Leitl wrote: > Just got word from an Openswan developer: > > " > To my knowledge, we never finished implementing the BTNS mode. > > It wouldn't be hard to do --- it's mostly just conditionally commenting out > code. > " > There's obviously a large potential deployment base for > BTNS for home users, just think of Openswan/OpenWRT.
Note: you don't just want BTNS, you also want RFC5660 -- "IPsec channels". You also want to define a channel binding for such channels (this is trivial).
To summarize: IPsec protects discrete *packets*, not discrete packet *flows*. This means that -depending on configuration- you might be using IPsec to talk to some peer at some address at one moment, and the next you might be talking to a different peer at the same address, and you'd never know the difference. IPsec channels consist of ensuring that the peer's ID never changes during the life of a given packet flow (e.g., TCP connection). BTNS pretty much requires IPsec configurations of that make you vulnerable in this way. I think it should be obvious now that "IPsec channels" is a necessary part of any BTNS implementation.
Nico --
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From s at ctrlc.hu Fri Sep 13 05:14:11 2013 From: s at ctrlc.hu (stef) Date: Fri, 13 Sep 2013 11:14:11 +0200 Subject: [liberationtech] Is Dropbox opening uploaded documents? In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]>
On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote: > Dropbox is pulling a Skype. no it's not, it's generating thumbnails. also this is advertising.
-- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt
From eugen at leitl.org Fri Sep 13 05:49:24 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 11:49:24 +0200 Subject: Stealthy Dopant-Level Hardware Trojans Message-ID: <[email protected]> http://people.umass.edu/gbecker/BeckerChes13.pdf
Stealthy Dopant-Level Hardware Trojans ?
Georg T. Becker1
, Francesco Regazzoni2
, Christof Paar1,3 , and Wayne P. Burleson1
1University of Massachusetts Amherst, USA
2TU Delft, The Netherlands and ALaRI - University of Lugano, Switzerland
3Horst ortz Institut for IT-Security, Ruhr-Universiat Bochum, Germany
Abstract.
In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how dicult it would be in practice to implement one.
In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against "golden chips". We demonstrate the ectiveness of our approach by inserting Trojans into two designs | a digital post-processing derived from Intel's cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation and by exploring their detectability and their ects on security.
Keywords: Hardware Trojans, malicious hardware, layout modifications, Trojan side-channel ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 13 06:14:18 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 12:14:18 +0200 Subject: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Message-ID: <[email protected]>
----- Forwarded message from Michael Rogers
Date: Fri, 13 Sep 2013 10:56:49 +0100 From: Michael Rogers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 13/09/13 10:04, Eugen Leitl wrote: > Baseband processors leave the system wide open to all kind of > attacks. Countermeasure would be running the 2G/3G/4G stack in an > open source SDR radio, or using an open source VoIP device that > connects by WLAN to a MiFi, which is considered part of the > untrusted Internet. > > The open source WLAN VoIP handset is more difficult than it > appears. In practice you'll have to use e.g. Jitsi with an USB > headset on a portable computer. Not exactly painless, and it opens > you up to system compromises. > > If anyone is aware of suitable dedicated hardware, I'd be thankful > for pointers.
The Samsung Galaxy Player (Samsung Galaxy S WiFi in some countries) is essentially an Android phone without a baseband. I believe you can run CyanogenMod on it.
Cheers, Michael
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSMuFgAAoJEBEET9GfxSfMN6MH/i9od0mmSAZAC5kxudPAfvbO fqKJ4l9dlxnn/hlBvq0K+B3FPaLuqOQlnY8bxaGi1uMhCVBqiUUBC601Nk+Bv06m MPO1sdpcYbW/cpPNxOqFthiiWpzm3ZR37ycB7gxtwx/AZDGfLGPefZHxX4Hb0Fif 7RIWS8LkYgHkc0JeFURYE/pkE1PZ088KaiTR7RRl4Ya0IZ37U3fmlvP5uahapM0N l7AQQsVog70+8JFNNh4E2PWA6mwLG3MtUfvnvNiP7PBiFYv9i9knOqzczvgU8KXf uZ5yxuLsBtmwOHQsp7KhXZ9SsJR4RkVwYMx9VYBW58lQIJ079a12RYbVAyQ0SGE= =CTO/ -----END PGP SIGNATURE-----
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Fri Sep 13 08:21:26 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 14:21:26 +0200 Subject: [cryptography] motivation, research ethics & organizational criminality (Re: Forward Secrecy Extensions for OpenPGP: Is this still a good proposal?) Message-ID: <[email protected]>
----- Forwarded message from Adam Back
Date: Fri, 13 Sep 2013 14:10:07 +0200 From: Adam Back
I suspect there may be some positive correlation between brilliant minds and consideration of human rights & ability to think independently and critically including in the area of uncritical acceptance authoritarian dictates. We're not talking about random grunt - we're talking about gifted end of PhD mathematicians or equivalent to be much use to NSA for surrepticiously cracking or backdooring ciphers in the face of public analysis. (Well the DRBG one was pretty ham-fisted, but maybe they have some better ones we hvent found yet, or at least tried).
Take a look eg at this washington monthly article, there is a history of top US universities having to divest themselves of direct involvment with classified research due to protestations of their academic staff about the ethical considerations. http://www.washingtonmonthly.com/ten-miles-square/2013/09/ does_classified_research_corru046860.php
> ?In the 1960s students at MIT protested strongly against having a > classified research laboratory on the campus and MIT said we will divest > it, so it won?t be part of MIT anymore,? said Leslie. ?It still exists in > Cambridge, but it?s not officially connected.? Leslie also points to > Stanford, where they made the decision for their Stanford Research > Institute to disaffiliate and become an independent non-profit.
Psychopaths are a minority, and people on the top end of crypto/maths skills are sought after enough to easily move jobs even in a down market - so the "must collect pay-check" argument seems unlikely. So I stand by my argument that they probably scored an own goal on the retention and motivation front. I think for the majority of people - they wont like to go to work, or will feel demotivated, feeling the world is sneering at their employer as a quasi-criminal org.
Adam
On Tue, Sep 10, 2013 at 11:05:58PM +0200, David D wrote: > Quote, " You've got to think (NSA claims to be the biggest employer of > mathematicians) that seeing the illegal activities the US has been getting > up to with the fruits of their labour that they may have a mathematician > retention or motivation problem on their hands." > > You mean like the principled mathematicians working on cluster bombs, > drones, and other "cool shit"? > > Everyone at the NSA knows exactly what they are doing. > > I suspect, like most that suck off the military-industrial complex tit, > there is surprising low turnover. > > Paychecks only go so far with the principled, but spineless will collect a > check forever and do whatever it takes to keep it coming. ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 13 08:53:53 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 14:53:53 +0200 Subject: [Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox Message-ID: <[email protected]>
----- Forwarded message from Keith
Date: Fri, 13 Sep 2013 13:41:22 +0100 From: Keith
PFS with snakeoil works. Trying it out here https://snakeoil.cf
Using Apache 2.4 on a server running Jessie, it looks reasonable using just the default ciphers of SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5. Open to tweaking SSLCipherSuite.
Now trying pfs for Postfix, will this email actually use it?
On Fri, 2013-09-13 at 08:01 +0200, Eugen Leitl wrote: > On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote: > > With a CA on each freedombox there need not be a requirement for a > > server. > > > > If my understanding of Tor is right, it is designed for anonymity, not > > encryption, should not need a CA for this. > > Can you get PFS with snakeoil (I presume these are generated during > the installation, is there at all enough entropy at that time so > this is safe?) certs? > > Postfix and dovecot in newer versions can do PFS: > http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fur- postfix-und-dovecot/ > ______> Freedombox-discuss mailing list > Freedombox-discuss at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Fri Sep 13 10:02:37 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Sep 2013 16:02:37 +0200 Subject: [Cryptography] Matthew Green on BULLRUN: briefly censored Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Wed, 11 Sep 2013 21:23:29 -0700 From: John Gilmore
> http://blog.cryptographyengineering.com/2013/09/on-nsa.html
Johns Hopkins University censored this exact blog post by Prof. Green, because of a complaint from its local defense contractor affiliated with NSA, the Applied Physics Laboratory (https://en.wikipedia.org/wiki/Applied_Physics_Laboratory).
The university gets slight credit for backtracking one day after the censorship story hit Twitter and the press. So the blog post is now back (and is still worth reading).
Here's the story:
http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown- blog-post-johns-hopkins http://www.techdirt.com/articles/20130909/11193024453/johns-hopkins-tells-security- researcher-to-remove-blog-post-about-nsa-encryption-attacks-university-server.shtml http://arstechnica.com/security/2013/09/crypto-prof-asked-to-remove-nsa-related- blog-post/ http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fixing- mistakes.html
Now, why is it that so many folks with links to NSA think like totalitarians? It's wonderful seeing them crawl out of the woodwork and try to give orders to the public about what it is allowed to think, what it is allowed to read, and what it is allowed to write. It's only wonderful because the huge public counter-reaction protects us -- the totalitarians reveal their true colors, but they don't actually get to tell us what to do. Thank you, fellow denizens of the world, for creating your own freedom, by making a lot of noise when some NSA-affiliated idiot tries to take it away.
John
PS: How much NSA tax money does JHU's Applied Physics Lab get? I don't know, but here's a guy on LinkedIn who worked at NSA in the past, works at the Lab today, and brags that he's managing a $120M contract from NSA:
http://www.linkedin.com/pub/john-trent/18/a95/b04 ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From rich at openwatch.net Fri Sep 13 13:04:08 2013 From: rich at openwatch.net (Rich Jones) Date: Fri, 13 Sep 2013 10:04:08 -0700 Subject: FLYINGPIG // Tor Message-ID:
Screenshots from FLYINGPIG interface show a tab for "Tor events QFD" http://www.scribd.com/doc/166821334/FlyingPig
Any more details out there?
Bruce: https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
R ------next part ------An HTML attachment was scrubbed... URL:
From harmony01 at riseup.net Fri Sep 13 14:07:07 2013 From: harmony01 at riseup.net (harmony) Date: Fri, 13 Sep 2013 18:07:07 +0000 Subject: FLYINGPIG // Tor In-Reply-To:
The Tor Project responds: https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation
You might reply 'well, they would say that, wouldn't they', but I think the Tor community has long assumed that the authorities have something like what Andrew Lewman describes and would be shocked if they didn't.
Also, this guarantees nothing, but Edward Snowden, who presumably knows exactly what that QUICK ANT tab does, still has enough confidence in Tor to have the logo stuck on his laptop lid.
Rich Jones: > Screenshots from FLYINGPIG interface show a tab for "Tor events QFD" > > http://www.scribd.com/doc/166821334/FlyingPig > > Any more details out there? > > Bruce: https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html > > R >
From jya at pipeline.com Fri Sep 13 14:43:49 2013 From: jya at pipeline.com (John Young) Date: Fri, 13 Sep 2013 14:43:49 -0400 Subject: FLYINGPIG // Tor In-Reply-To:
It continues to mystify why Greenwald and others crop and redact documents and slides but show them to staff at O Globo, Guardian, Der Spiegel, New York Times, ProPublica, Washington Post and perhaps others yet to be disclosed with bombshell releases (now even Clapper is applauding the Snowden campaign, which stinks of the fix is in on what to release and when).
O Globo videos show glimpses of slides which are then further redacted or cropped for release as slides alone.
Schneier claims to be working with Greenwald so he is presumably seeing full views of docs and slides. Yet he sustains a steady beat of surprise and outrage, almost as if overly defensive about who knows what.
Greenwald has tweeted that there are legal reasons to not show full views nor "distribute" document instead only "report" on them. No answer to a tweet to GG about who set those legal boundaries.
This seems to be game the Snowden manipulators are playing with authorities, or at least lawyers are playing with the gov, to toy with and tease the public by hoarding documents, maintaining insider privileges of "journalists" against outsiders, their readers, and experts who could deconstruct the journo's pallid intepretation.
This is a game played also by secret-hoarding governments against their citizens, aided and abetted by duplicitous laws and lawyers.
MITM exploitation is what it is whatever they chose to call their privilege protection racket.
And not to overlook the singular role of Tor in MITM exploitation. The same distinctive rhetoic is deployed by all of them to wave off suspicions as as if tradecraft.
From gfoster at entersection.org Fri Sep 13 16:59:09 2013 From: gfoster at entersection.org (Gregory Foster) Date: Fri, 13 Sep 2013 15:59:09 -0500 Subject: "FBI Admits It Controlled Tor Servers Behind Mass Malware Attack" Message-ID: <[email protected]>
Wired (Sep 13) - "FBI Admits It Controlled Tor Servers Behind Mass Malware Attack" by @kpoulsen: http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ gf
-- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/
From rich at openwatch.net Fri Sep 13 17:31:50 2013 From: rich at openwatch.net (Rich Jones) Date: Fri, 13 Sep 2013 14:31:50 -0700 Subject: "FBI Admits It Controlled Tor Servers Behind Mass Malware Attack" In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
No mention of SAIC, who almost certainly actually built the thing. On Fri, Sep 13, 2013 at 1:59 PM, Gregory Foster
> Wired (Sep 13) - "FBI Admits It Controlled Tor Servers Behind Mass > Malware Attack" by @kpoulsen: > http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ > > gf > > -- > Gregory Foster || gfoster at entersection.org > @gregoryfoster <> http://entersection.com/ > ------next part ------An HTML attachment was scrubbed... URL:
From electromagnetize at gmail.com Sat Sep 14 00:25:28 2013 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 13 Sep 2013 23:25:28 -0500 Subject: [2] sampling Message-ID:
// attempt to block-out the text, clarify a few points, provide examples, more ideas...
--- re: transparent ziplock example ---
In the previous post addendum [1] the following link was provided for artwork that demonstrates a most immediate aspect for how "cryptography" can function within everyday language situations in a realm of mutable signs and symbolism. transparent ziplock with acid written on it, yellow letters inside, by Ray Geary (?) http://vapidforever.com/wp-content/uploads/2013/03/Acid-241x300.jpg
Here is a quick viewpoint for how it might or could be read, whether or not the intended meaning; (basically it potentially involves superposition as the letters could be in different positions of rearrangement (ACID) given their movement in the bag, so chaos or arbitrariness are inherent)... the off-kilter AC could reference 'alternating current', referencing a back and forth movement in relation to power, [if not also air conditioner], the letters I and D could ping the idea of 'the id' which is a dark realm of the psyche where subterfuge may exist and their backwards reading, Defense Intelligence. Likewise the letters C and I could relate to counterintelligence (CI) and intelligence community (IC). The 'C' and 'I' could be put back together into a second capital letter D which would change the four letters to three, leaving ADD as another potential. This in a context of acid as mentioned in the previous post about ushering in armageddon, forcing splits, etc, as the context for 'variables' and their meaning, grounded or not. If you think about it though, the assumption of a secure "brown paper bag" instead being an insecure "transparent ziplock bag" - including with its contents on the outside as a 'signage' - it has interesting corollary to issues of both a false encryption regime, which essentially ramps up the paranoia level, though also the jumbled letters may also signify more could be occurring than simply a repetition or A:A relation between what the signage says (ACID) and the contents (A,C,I,D) in their structurally detached 'linear' state.
For instance, a search of the Internet Anagram Server for the word ACID only provides two possibilities for rearranging the original meaning using these same letters, the original word itself (ACID) and (CAD I). And yet just looking at acronyms or other 'known' cultural examples - shared libraries of knowledge or understanding as it were - then opens up other levels of interpretative possibility. In this way, concepts such as counterintelligence, defense intelligence, intelligence community, alternating (power) current, the id, who knows- AI and DC even further, then potentially "decrypt" actual meaning or relevance to what it may mean if the supposed security of encryption is knowingly subverted and yet the lies are being sold as a mainstream perspective- and what that may result in, in terms of a transparency within "security products" and industry.
It probably is a lot more involved than this, such that there could be levels or layers to encryption that exist beyond 'the letters' in the transparent envelope, which is assumed what is actually happening in a double-model where security does exist, yet is invisible and extends beyond the signs as delivered, carrying placards "this is a secret". So perhaps counterintelligence is built-into encryption, as a trapdoor and some other encryption approach functions as a failsafe within that, yet unidentified or unmediated using the same approaches, algorithms or conceptual communication channels. Which was the point about language, though likewise could extend into different mathematics that take 'the message' received upon decrypt or before decrypting, and decrypt otherwise. In other words, the artwork provides example that the external 'sign' read by surveillers and the transparent package contents could be assumed A=A, whereby ACID=ACID and it is of finite meaning as a decrypted message, whereas if the label (ACID) and the contents could be interpreted beyond this via A=B analysis, the message may not be decrypted if the assumption remains the inside meaning is bounded only at ACID, and not involving AC, CI, IC, DI, ID, DC, ADD, etc.
Another aspect would be if noise was added such that a number 1 replaced the capital i, as the label and contents, and then "keyword" software may never consider ACID as the word or other connections, due to a category error, such that the set {ACD,1} may not be interpreted that way machinically, if not programmed for this basic substitution, and thus AC, DC may result though nothing like CI, IC, DI, ID, which would bound potential meaning as a result. Whereas these substitutions could be obvious for a person who is on the lookout or reads this way, such that texts can function like puzzles and if in a context of secret communications, can be solved or resolved via such methods.
It seems then an issue of *how do you know* what is a correct interpretation? And that is again like cloud-code, scrying, crystal ball skills involving the revealing of patterns as they align with other structures, and find grounding. The decrypt, whether from another person or 'psychic intelligence' tapped out of noosphere, relies upon the observer and their state of being, sane to insane, and how well they are grounded in truth, or reliant upon falsity, and how this interpretation either is stable and reliable or destabilizes and leads to paranoia and self-destruction by not having the skills to mediate ideas from within noisefields, like a Random Event Generator or scrying device. A high-risk thus could be involved and without a solid foundation in truth it could lead to significant problems in thinking, with high likelihood of losing mental grasp with day to day existence, and thus promoting a schizoid condition via unanswered or assumed perspectives, the hall of mirrors of wrong assumptions, and all the private chaos that could generate and also be noticeable to others, as a person goes off the deep end into la la land or no man's land, a point of no return, which can lead to extreme behavior, justifications, etc. Thus the issue of limits of interpretation and personal limits of awareness, could cause one person to immediate violent action due to unresolved, unlivable mental conditions whereas another may be able to think or understand beyond that boundary and continue functioning. So the psychic snap effect is likely related to a threshold of awareness and understanding, the ability to find and attain grounding in a world of subversion and locate a path to continued existence. This would be especially interesting if those who realize they are trapped then are provided an opening, turned, via these same means, because there is really no way out of it once captured within the labyrinth. It is final. Another cultural reference, somewhat analogous is Johnny Carson's repeated skits of Carnac the Magnificent, where he takes a sealed envelope and holds it up to his head while wearing huge turban (perhaps secret tech inside) and derives an answer for a question via psychic investigation of the contents, which then is tested against the actual question in the envelope, opened and recited, completing the joke.
Johnny Carson as "Carnac" from 1974 http://www.dailymotion.com/video/x802iz_johnny-carson-as-carnac-from-1974_fun http://en.wikipedia.org/wiki/Carnac_the_Magnificent
This appears in some way equivalent to a false encryption scheme (via psychic key escrow perhaps) that allows encrypted communications to be accessed and read remotely yet appear secure and untouched. Perhaps this root access or god-like access would be assumed in any scenario of civilization in a context of power struggles, how could it feasibly not be, and yet perhaps a further consideration would be *malice* and misuse of this potential, versus a beneficence, watchful eye, protecting aspect. That could equate to *trust government* at some point, yet what if the government interfaced is venal, corrupt, contemptuous of human values and no longer serving the citizenry.. or more specifically- only their private citizenry. In such a case, the false encryption could bound or trap their activities within it, while allowing them to monitor enemies using the same technology, and so the ultimate setup scenario could exist via and within the corruption. The nightmare of state, by comparison to comedy skit, would be if a person could query the ur database of secrets at any time, get an answer, and use it against you for their personal and shared group advantage, for an antihuman agenda. There are indications this is actually what is going on, including with blacklists, and it is wide in the open, businesses and organizations micropoliticized, 'standing armies' even within workforces, conflicts mediated by control over accounting spreadsheets and expenditures, who gets access or moves ahead and who is sidelined, versus overt violence. Soft war, balkanization, though also Vietnam War fracturing, taking of sides, forcing splits and oppositional dynamics within daily environments and interactions. And then these kinds of activities, supported by supposedly 'secure' encryption involved as infrastructure and the "complexity" of that, all computers, their obfuscatory aspects that can be both a hinder and a help if the subversion or false floors are built-into the code regime, and when triggered for collapse, impaling ideological adherents in response.
Related to this would be psychic activity as a basis for shared relations, as it relates to shared knowledge or secret communications, versus those who are not like this. Perhaps the toxic pollutive wi-fi blanketing environments is a countermeasure, to short-circuit the atmosphere, fill it with thick signals of electromagnetic fog to disorient the tuning of interconnection even. Such that not only is it promoting long term EMF side-effects of cancer, the wireless radio and computer and cellphone signals are jamming and blocking the mind from functioning, both inside and between individuals and the larger group, in additional to animal life, including colony collapse of bees, etc. What is not active covert warfare about these crimes against nature and humanity? Instead, "bureaucratic language" can choose to only validate and interpret one side of the issue (binary bias) that sides with the same technocratic agenda as delivered by scientists and technologists, made standard, made a basis for profit and 'the economy' that is functioning against humans and the earth itself. And because both the role of electromagnetism in this situation is actively censored out of existence and because "logic" itself has been removed from education entirely, such that relativistic pseudo-truth based on authoritative control has essentially become the means for dictatorial power, that *no feedback is possible* to correct these mechanisms because they are actually part of the masterplan, decades if not centuries old and underway, to defeat humanity. So what if observers are not even allowed to think, allowed to freely observe, and a natural state of being even becomes criminalized (in some way perhaps related to anarchists and libertarian issues or policy views here). What if that state or corporate agenda actually diminishes a society's health and vast many peoples ability to think or relate in a *sane context* versus an insane, unstable, toxic, sick, unhealthy, oppressive environment. Think kindergarteners who go to then go to the same gradeschool and junior high for 8 more years, sitting in classrooms for hours a day, in direct proximity to a massive active cellphone tower that is without question bathing them in sickness inducing toxic radiation* via long-term exposure- and that likewise, people in apartments are likewise criminally exposed to such hazards, by design. What allows *words* to have so little shared meaning that the truth involved can be removed from the signs, via legal -protection clauses- (security), and cannot be related back to truth, to defeat the scam? People are literally dying and being made deathly ill, for profit, by the obfuscatory approach-- like that transparent ziplock, the evil planning agenda, and yet nothing is or can be done to stop it apparently because LOGIC is absent from reasoning, people are illiterate and unable to communicate about what is actually going on as the situation has been made ever-more 'variable' via relativism, you can choose what to believe and have a friction-free lifestyle versus consider other humans, the results of decisions. And thus Babel fully realized, complete incoherence of worldview and local observation, everything is skew, warping and distortion- all of it as simple as the Binary Code Regime allows. It does not exist, just keep believing in the false perspective, stay within the herd that is benefiting and surviving- you can be one of them if only you let go of your delusions.
(*not to mention interaction between EMFs and cellular signals and industrial chemicals in the body, breakdown of cells, and relation with psychiatric and other pills which can trigger other effects; obesity, diabetes, cancers, skin problems, and other issues potentially connected to electromagnetically saturated and compromised environs.)
It reeks of Fahrenheit 451 dynamics, say the wrong thing, think the wrong thought, share or relate in the wrong dynamics and an alarm goes off somewhere to justify a potential security response that likely involves breaking into your computer, remotely monitoring everything you do, going through all health, education, banking records in a context of "terrorism" or potential enemy of the state, future citizen criminal evaluation, that can also be used as a map for take-down and behavioral and social engineering, suddenly you lose your mate, lose your job, cannot get rehired, etc. Blacklisting would be expected if there is unchecked power, carte blanche to take down enemies of a hidden dictatorial agenda. That is, a private takeover advantaged by a onesided viewpoint that is governing the security state via its corrupt ideology. A public takedown of humans, so there is no longer any illusion of having control, it is a charade and masquarade and at some point the liars will need to be counted in the same way they are counting everyone else. A double encryption scheme could account for this, say a next level standard that is 'not exploited' yet similarly backdoored and trapdoored.
Further, basic dwelling as embassy. Whether in-built systems or dual-use off the shelf consumer electronics made to TSCM tap, say wireless speaker systems-- what surveiller could ask for more, unless of course including trance-inducing or hypnotizing technology as part of the arrangement. There are probably 50 ways within every domicile if not more to fully keep track of people, from relaying of printer and scanner data to viewing through TVs or listening through radios, to siphoning data through mice, keyboards, USB drives especially, routers, as if there is no limit even, and this likely possible remotely without resources on-site or locally. Plus the technology itself is toxic and in its design specifications, EMF-wise, the emissions can cause illness and disease, yet they are not identified as such- so completely onesided the 'reality' involved. And who benefits? Those making and making a living off of this death-machine and those who serve its agenda without considering the sell out and consequences. It seems for some it is a known pogrom with genocidal intent, which they live to support, through normalized doublespeak and cloaked similarity while polarized, pressing onward. Reason does not work when people do not observe truth, the antireason crowd has the debate, they own this crooked language, law, state, its policies of mediocrity. And it is as if no one is the wiser because of the silence, and thus the *alarm* when someone actually says something 1:1 about this situation-- SECURITY ALERT! SECURITY ALERT! -- as if even constitutional rights are a threat to the state now, because it ruins the party going on for the group benefiting from and building out the false perspective. Hollywood must be involved, it is just too perfect, too fictional, too much like a stage set, yet for the ignorant they may not realize the difference, as it confirms 'true beliefs'.
Thus likely it is part of a long-ago strategy, this then the big reveal, curtains opened on the security theater, its players on stage, before the proscenium, taking on their critical roles in the performance- voicing their rehearsed lines, going through the scripted motions as required of the social engineering, whether at grocery store or in government positions, making decisions one by one that influence things for their betterment, undermining culture and civilization in the process, all the while smiling or smug, a self righteousness afforded most to the ideological carried as a scent, fingerprint on the bounded limited psyche, these, the self-same lot those grabbing cellphones and pointing directly at others- diagnostic scans of the borg, counting, monitoring, 'watching' as all-seeing private eyes, tallying elsewhere their observation into warped skew of shared view, corrupt yet to them - divine, highest, a view of privilege and entitlement, everyone else stealing from them, selfish, undeserving, while they dismantle civilization itself, their end game is ending humanity, a rationalists conceit, believing themselves smartest on the block- oh how that had to be fun to set this whole cosmic takedown up... The pain of living through it, centuries upon centuries, something different, though ultimately it will be worthwhile to rid the world of the plague of such a deceit-filled organization.
(It is like the model where the Devil is the greatest servant of God, leading the unbelievers to their demise, the ultimate double cross and sacrifice unimaginable to most all yet ultimately of shared love and commitment to truth. Versus, say, the 'real devil' who sees themselves as the real leader of unbelievers, himself the false God, their king, etc. It fits the terrorism/security model quite well, actually. "Bomb plans on the internet- here's the link... hell, here are 5,012,202 links to sundry and unsound activities... go for it!")
--- literacy in relation to truth ---
It is proposed that there is mass illiteracy in the culture, as part of this overall design for its takeover, that has subverting the reasoning process to that of behavioral science and its methods as a form of social control via pavlovian conditioning. Bad thought! leading to "no think" via pills, therapies, conditioning. Contra, bad thoughts everywhere via advertisement, forgetting values and exploiting urges and instincts, making populations animalistic in relations and self-evaluation. So a question such as how an individual relates to a situation may be assumed they have a foundational understanding and awareness that was once cultivated in the education system though has further and further become detached from the lived reality (especially its technological escape velocity from any known documentation explaining what exactly _is going on, in the terms it actually exists). And thus expecting that people are operating at truth (1) and accurate observation for relations could be largely mistaken for most of the population, and thus 'groups' and individuals could be building their consensus around more what amounts to shared lies or shared warped views that include and rely upon errors to support their limited thinking and frameworks, which could be spoon fed to them via news and talkshows and popular communications. In this way, relation could occur in a vast context of falsity (0) to start with, and some very minor truth may occur what is effectively a false world view that only locally finds grounding in some accurate, temporal way. For instance, "I am married" instead of "My spouse is a robot" or imposter in the nightmare scenario, whereas for others this may be for them utopia. And movies and books have made critical contributions to recontextualizing the present, such as the Matrix and Truman Show as related to living within a simulation, or cyberpunk literature or other bridge-building between views, as these go back into old and ancient ideas, and issues of whether they are surface interpretations or find grounding in relation to the foundation of knowledge, via logical reasoning, and referencing and accounting for shared beliefs in terms of ones and zeros, hypotheses necessarily removed of errors. Yet holier than thou dogmas occur and lifestyles emerge, the cult of culture, where entire scenes are based on the shallow superficial *image* and the actuality can become yet another alphabet for letters, words, and sentences, more diary-based activities, more like a theme park of state, carnival rides than deep investigations- as if getting tattoos is the signifier for a meaningful life, versus doing things that correspond to those tattoos beyond mere consumption and trend following. Thus the image of the thing, and the thing itself, and issues of copies, copies of copies, and dilution of truth into something ultimately opposite, ideological, dissimilar. What once may have had truth or "literacy" as it were, instead becomes in some sense "illiterate" and removed of its original truth and conditions for existence, if not devolved.\
Personal Computers and networking for public citizens from homebrew to Dumb Terminals in service to the Corporate Terror State and the global junk drawer, hand over your passport, drivers license, health and banking records, all private documents, secrets, and we will let you continue to login in and use the network for hedonistic pleasures.
Thus questions related to a security model based on shared/unshared communications, and various combinations...
a. illiterate <-----> illiterate
b. literate <-----> illiterate
c. literate <-----> literate
In 'shared illiteracy' there could be a shared false POV that functions as truth (T) yet is only pseudo (pT) that tends towards falsity (0). This could be exploited in crypto whereby the sign=sign yet it is a deception, thus the decrypt is what is expected though a false perspective, thus relaying and serving up B=B though believed to be A.
In the asymmetrical, doubling aspects of true and false could co-exist, various siphoning, whereby literate could coexist within A & B views, rely on A while sharing a false view of B as the relation with the illiterate via bounded, threshold interaction, so from the illiterate side B=B would be the only reality shared in the exchange. In this way distortion, warp, skew function as camouflage by reinforcing ideological bias, perhaps itself a form of conditioning via confirming bias, no questions, no new answers. Also, feedback from B could occur, thus pulling information out of exchange, like animal training perhaps, this probably normal for most exchanges in terms of manipulations within some dimensions, whether business or personal.
And then assumption of A=A relations in relations and communication exchange within shared grounded truth (1) that may have some errors (A=B) yet be identifiable, recognized, within the involved dimensions. This is to clarify, in contrast to the first example of shared illiteracy that while shared literacy 'shares truth' it still would be of the domain of pseudo-truth (pT), the difference being that it tends towards 1 (absolute truth) and not 0 (falsity), unlike shared views of illiteracy that are ungrounded and continue to detach from whatever may correct the viewpoint, increase the understanding, etc, because it may not be ideologically necessary, even. Then to consider "encryption" and crypto in a such a context of actual intelligence and ignorance of varying degrees and dimensions, that again may shift given context. A very smart person could be highly literate in binary code and programming (c) yet in terms of intelligence in a larger realm be incompetent (a) and both of these occupy an issue such as secret communication and secure exchange, such that they may "believe" crypto is secure on ideological grounds due to belief in technology yet without considering the ideas and thinking beyond that context, due to illiteracy of ideas, thinking, conceptualization, that could then be exploited in an unshared situation (b) whereby the asymmetrical pseudo-truth shared exchange can be exploited...
pT(1) <-----> pT(0) whereby:
pT(A/B) <-----> pT (B)
In essence leading to a falsed shared state of the second observer in shared falsity (B), tending to zero, and allowing the first observer to double in a contained accurate view (A) while feeding and interacting in a false view of B.
The pseudo-truth of the first tending toward truth, and the second toward falsity, yet perceived as if a shared state by the latter in an asymmetrical relation due to 'not knowing' what they do not know or remain unaware of, via bias, threshold, limitations. And thus errors, skew, warping, distortion relied upon as structures can be security exploits.
1<=A|B=>0 <===crypto===> B=>0
Note: a shared viewpoint of pseudo-truth thus could be shared by observers one and two, where for the latter it appears both share the same reality (0) even though it tends towards falsity, where from their perspective it defaults to absolute truth, if uncritical ideology is confirmed, though for the former this could be known, a deception, and thus knowingly misinforming while functioning in a realm of truth (1) beyond this interaction.
In this way, the first observer could even send a message to the second which is decrypted, verified as 'secret' and send this further down the line, which could still be encoded or encrypted, should it encounter another who is of the shared 'shared awareness' or literacy, whether human or machine, and therefore if the view was hidden it could bypass or go beyond the observer (say surveiller) via the bounded interpretation or knowledge, and yet still be deciphered by some other observer down the line. Perhaps this most possibly in a context of ignorance or more advanced approaches, beyond the capacity of the second observer to gain any clues about via observation.
It would thus seem that 'zoning' and 'tiered access' whether hidden or unhidden could relate to this issue of "perspective", a holographic quality even given access, angle, or dimensional perch. Maybe this is sliding scale and is about more/less knowledge, thus literacy and more literacy, that paradoxical back and forth, so that in certain views if deception it would actually be true that B is the higher state, say the Binary Crypto Regime, where those adhering to standard A are viewed illiterate by their dissimilarity or incapacity even, and thus strong crypto (knowingly false) is knowingly presented and sold this way (B=A) as a deception, yet via an ideology founded on pseudo-truth, lies, such that their ungrounded A=A equations and assessments tend toward zero by default, when outside their limits of control, and ability to govern over its action and interpretation. Thus the importance of maintaining and exploiting illusions.
--- more on pseudo-truth --
Without spelling it out entirely, beyond 1
Thus a potential for relation could exist in that each person has a capacity for some ignorance and some intelligence, or relies on some falsity and some truth within their observational frameworks...
A|B <=====> A|B
In this model A is assumed to be pseudo-truth tending towards truth (1) and B is towards falsity (B).
A <=====> A
In a grounded ~empirical resolution of shared observation, contingent truth via tested hypotheses would enable 'shared truth' to exist in A=A relations between two observers, and this could be the result of logical evaluation and debate.
The plague that is relativistic ideology breaks this process, and allows ungrounded observation to exist as if A, without removal of errors, and thus 'unshared A' which may only be hypothetical and untested and uncorrected outside its controlled private boundaries, based upon "theoretical" beliefs, heavily invested in a binary worldview as its intellectual justification, cherry-picking data that confirms the viewpoint and ignoring the role of falsification and error-correction as part of the process of grounding ideas...
A (1) <===/ /===> A (0)
Everything is equal, unless the false-viewpoint is in control, say of education, then 'truth' (1) can be censored out and presented as 'illegal thinking', while the false view actually is reliant upon and moving towards falsity (pt=>0) and is actually an A=B situation, though disallows debate that has facts and argument indicating B=B is the actual substance of the corrupted observation. And thereby discourse must stop, and the default machine progression of institutional ideas thus favors this closed-ideological approach or 'theoretical observation' that is inherently ungrounded, untested, and essentially reliant upon and promoting a fiction for the shared reality to which others must conform to proceed within institutions of learning and education, which function against ideas, against learning, and against society in their day to day agendas, except insofar as it benefits those who serve the goals of this subversive agenda, who then likely are doubles and very smart yet duplicitous or extremely ignorant and selfish.
A -----> A|B
The function of debate in terms of feedback has been to provide empirical and observational oversight to ideas, such that panoptic qualities of additional views of a situation can often held refine the limited perspective, and therefore any observation of error (A=B) could be recognized and corrected. A <-----> A
In this way, empirical resolution and refinement can 'improve' ideas via shared observation and this can be a back and forth encounter between one observer and another or one observer and many, or many with many- the belief in bugs and eyeballs, which seems opposite of where the code is at these days in terms of sensible understanding. That is the bugs are normalized, errors prolific and rife and relied upon, the beast of antisecurity making its fortune on the pT=T exploit now a structure of the technology, this protected even by subverted law, ah how language has become detached from its reliance and verification in truth by the relativistic mindset and its beliefs. unbelievable, the extent of the corruption, making its way into nervous systems and reprogramming people to believe and serve lies via brain washing and other methods of indoctrination.
A|B <====> A|B
The potential for debate then is that each side has some truth and falsity, and if ungrounded these 'shared observations' in pseudo-truth via relativistic frameworks can lead to 'shared falsity' that tends towards zero, in terms of the sliding scale, where "ideas" communicated are reliant upon scaffoldings of wrong assumptions, errors, flawed thinking and beliefs, skew and bias, such that whatever contingent truth may exist and be shared, it would be reliant on massive falsity to communicate and share and thus exist only as a minor aspect, homeopathic amounts, a tincture within a much larger frame of flawed observation, and this normalized as the basis for exchange.
B <=====> B
In this way 'shared truth' could instead, if ungrounded and reliant on the errors for its structure and sustenance, be *believed* true (1) yet actually be so minor and reliant on false belief and wrong assumptions that the pseudo-truth tends towards falsity overall, if taking into account the context needed to sustain the truth, its container of other ideas and thinking, most likely flawed ~ideology that no longer asks question and relies on previous answers or a particular observation becomes solidified as 'the POV', thus limiting the questions to a finite, skewed model that requires its errors to be continued as a viewpoint, keeping opposite views outside, allowing false utopia to exist inside.
Whereas if partial truth is accessed in an accurate framework, this same contingent aspect of discerning what is real and actual and existent via observation can be removed of errors via debate, and what is true can be separated from what is false.
A <====> A
Thus observers could validate the same truth (A=A) while simultaneously recognizing the errors in this condition (B=B) and thus instead of relying on the errors, discard them or learn from them, yielding what is accurate from the forces of skew, warping, and distortion as force fields aligning with disconnected truth yet not relying on these as if they are themselves unfettered truth, which relativists allow and require and celebrate-- THE BULLSHIT basically.
In the above example, as a situation moves from A|B --> A, via logical reasoning of grounded empirical observation, pT=>T, and falsity is removed from the process of shared communication as a structural framework.
Subvert logical reasoning, disallow it, including freedom of speech and thinking and censoring and controlling what facts are allowed - controlling POV - then the opposite occurs: B ---> A, such that pT => T This is the crypto exploit of the Binary Code Regime, where B=A(0) and pT(0)=>T(1)
And it is the same ideological 'code' used as an authoritarian means of control over debate, to stop error-correction and install a false POV as the shared false 'empiricism' whereby truth is ignored, logical reasoning disallowed, facts censored, views onesided, and right answers based on 'authority' - power over ideas, versus ideas themselves.
In this way, ~Enronomics goes beyond accounting for Sokal Hoax of financialization and into classrooms and minds everywhere, engineering 'shared pseudo-truth' => 0.
It must be said also that 'bullying' and the ego of the oppressor oftentimes is part of this relation, pT>T, and likewise B>A, and goes hand in hand with the bullshit regime, and in this way intimidation or the need of the powerful to let the oppressed know they are superior is a security lapse, revealing what hides behind the facade of security theater.
Thus false POVs, vanity, egotism, sadism, and flawed assumptions of observers should not be discounted as security threats, weaknesses or strengths for hack/crack attacks. And this is certainly accounted for already, though it seemingly is not being accounted for in ideas themselves, their truth (1) in a shared empirical framework. Thus what if crypto is protecting or reliant upon bad ideas and yet this is not being accounted for due to social issues or non-mathematical variables of a civilization in ruin? ------next part ------An HTML attachment was scrubbed... URL:
From electromagnetize at gmail.com Sat Sep 14 00:37:19 2013 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 13 Sep 2013 23:37:19 -0500 Subject: [2] error correction Message-ID:
--- Subvert logical reasoning, disallow it, including freedom of speech and thinking, censoring and controlling what facts are allowed - controlling POV - then the opposite occurs: the viewpoint of B 'overtakes' A such that an error-reliant pseudo-truth (0) = truth (1)
This is critical to establishing the false perspective, basically a hack by removing logic from reasoning via faith-based binary ideology as a means to control 'programming' populations, institutions, the state and world itself via what amounts to submission and servitude to lies and the grand deception.
Note: this relies on B=A which leads to B>A and pT=T, which leads to pT(0) > T(1) ------next part ------An HTML attachment was scrubbed... URL:
From juan.g71 at gmail.com Sat Sep 14 01:49:26 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 14 Sep 2013 02:49:26 -0300 Subject: Musings... Message-ID: <[email protected]> So, the washington-london-jerusalem axis of infinite goodness and boundless moral perfection uses the internet to keep close tabs on their subjects. Western cattle is free to use google, facebook, wikipedia and similar technological wonders so that the all-loving state can freely spy on them.
Now, what happens when a country is ruled by an evil power that prevents people from connecting to the 'free' internet? Seems to me that the morally perfect western governemnts are denied the opportunity of spying on people living in those countries. Say, I don't know, China.
What is the axis of goodness to do now, I wonder...? What about helping all those oppressed people, especially the ones unhappy about their government and so likely to be useful in further spreading western imperialism?
What kind of tools could the US military develop to be able to influence those foreign yellow assets and to collect internet usage information from yellow cattle?
J.
From coderman at gmail.com Sat Sep 14 08:08:16 2013 From: coderman at gmail.com (coderman) Date: Sat, 14 Sep 2013 05:08:16 -0700 Subject: FLYINGPIG // Tor In-Reply-To:
On Fri, Sep 13, 2013 at 11:43 AM, John Young
MI6 also downplaying. but if you read between the lines, this is signalling defeat. they're fucked; the docs will leak, ongoing, in a tight fisted drip of insufficient and insufferable dribble... perhaps this is their zen state - nothing to do but see how much is burned, and continues to be burned, for months and years ahead. watch for indications of political fights and influence, lobbying, persuasion, LOVEINT blackmail? cut part or much funding and they've really got a problem!
From jya at pipeline.com Sat Sep 14 09:26:42 2013 From: jya at pipeline.com (John Young) Date: Sat, 14 Sep 2013 09:26:42 -0400 Subject: FLYINGPIG // Tor In-Reply-To:
May it be true the spies admit defeat. But not likely, more likely a ruse, for they are highly trained liars and tricksters. Feints are commonplace to disarm and delude opponents.
Pardons of Manning and Snowden, shutdown investigating of Assange, and several other intimidating and chilling operations would be persuasive. Hearings on abuse would help air the stench. But will not eliminate the rot of secrecy.
These formulaic conciliatory gestures would be cheap discounts of giant budgets for ancient practices of extorting money from the public, for, what else, protection, protection against government defined threats, identified by secret means.
The spying apparatus will re-surge as it has forever, governments cannot survive without spying on its taxpayers. IRS and global revenue agencies the main data collectors on citizens and subjects from birth to death for everyone everywhere, even spies. SSN the ubiquitous UID. Got a problem with that, go to jail. Tax refusers and evaders more stigmatized and loathed than terrorists.
Joint Terrorism Task Forces around the world spend more time chasing and prosecuting voluminous tax cheats then the tiny number of terrorists. With their contractors this produces handsome tax revenue, confiscations and fines. Prison populations too.
Spying was invented to catch tax cheats and assure revenue for government operation and rule, and nothing unites the world's governments more than that essential transfusion of money to sustain government beneficiares, in the US the three branches, state and local. Military merely cops to control obedient payment.
In NYC, the racket of Wall Street is to pay NYPD to stay away from finance through the Police Foundation. The recently published "Enemies Within," by two AP reporters recount how this has come about through the services of David Cohen, formerly CIA Director of Operations, who has set a completely unaccountable spying operation.
Prior to setting this up, Ray Kelly, NYPD chief, and Cohen worked for Wall Street firms. Mayor Bloomberg happily endorsing the 1% bribery methodology.
Nobody should believe this will change without a lot more than hopeful dreaming.
At 08:08 AM 9/14/2013, you wrote: >On Fri, Sep 13, 2013 at 11:43 AM, John Young
From electromagnetize at gmail.com Sat Sep 14 14:43:44 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 14 Sep 2013 13:43:44 -0500 Subject: [3] sampling continued Message-ID:
// apologies- yet another attempt at error correction of a previous statement and clarification. quote: Subvert logical reasoning, disallow it, including freedom of speech and thinking and censoring and controlling what facts are allowed - controlling POV - then the opposite occurs: A|B ---> B, such that T => pT
This is the code exploit of the Binary Crypto Regime, where B(0)=A and pT(0)>T(1)
--- clarification on computational approach ---
I made an error in description of processing in the context of infinities, stating one infinity to the next is evaluated as if a serial approach when instead this would be nonlinear and require massively parallel processing, along with serial evaluations in a looping evaluative heuristic - testing against a hypothesis or model, 'running code' or living code' as it were, versus a static one-time interaction of data and algorithms, instead more like a situation of intelligent life in a bounded context as if data aquarium or code planetarium. the reason for this parallelization relates to considering all the combined permutations in terms of probabilities, and thus [x][y][z] as variables are not necessarily, seemingly, about an algorithm that reveals a structure that helps move from x->y->z by some mathematical structure, or so that is my naive guess, such that if you use conventional crypto approach #1 something may be revealed between these that matches an equation pattern, provides order within the chaos of variability, until legible, intelligible.*
In other words, instead of XYZ being a serial number that could extend linearly onward toward infinity, that is: [xyz] ...[?], and that "string" is a horizontal number or code, that can in particular be related perhaps to binary on-off processing in a highly efficient manner, processing and computational speed and largest prime numbers as context-- instead, the assumption for this same situation in another crypto framework is that it could be happening 'vertically' like a slot machine that runs to bounded infinities (largest primes or not), within each variable, and thus [xyz] may not have a discernible linear structure or overall equation that makes sense of the resulting 'horizontal' string. such that: [x][y][z] => [n?][n?][n?]...[n?] whereby [n] is variable and could be anything- a number, a function, a calculation, null, its own computation. And in this way, each variable could tend towards infinity or its own structuring, within the string, whose length is not so much the issue as the difficulty in resolving its total structure, especially linearly, such that [n???] would not be decipherable running algorithms across its horizontal string and instead solving for each variable or say grouped variables in the string, eg. [n?][n???][n???]
Thus, while i have no actual idea of how crypto and binary code relate in terms of encryption methods and decryption, it is assumed this approach remains serial and directly interrogates the serial string to reveal its structure, across various formats of the code (various programming, encoding and other data formatting schemes). Thus, a binary string would be an example, 10100011001010001010101010010101, whereby to solve for [xyz...n] would involve finding the overall linear structure that provides for such linear organization, say assuming it is encrypted code *)S)*S*))SA&*S&**S()S*S)aAUIHNL*0, and therefore the assumption would remain that each variable is related to the next in some 'coherence' and solving one part or layer may reveal another, such as HSKSLLILHSILALSWLWLSDUI and thus the string [xyz] is made intelligible by this coherence within the linear string, across that massive horizontality (very large streams of data that contain data and programs and messaging).
Whereas for a paradoxical logic approach, each variable could itself be 'many' in place of a single bit- or the boundary of the single bit could be [N] and move towards a bounded infinity, a mathematical function, or other calculation in that same location. disclaimer, stating the obvious, i have no idea what this is in terms of applied cryptography, there is tremendous gap between these statements and actual code, though to me the approach is much more accurate as "thinking code" that involves human processing via logical reasoning, parallel and serial processing, and thus the very idea of a string of code in that view could also function as signal in noise or even absolute truth, in terms of messaging. and so it is obvious 'binary thinking' is not like everyday evaluation in the sense that there is grey-area to mediating events, a pause to decision- yet within this pause, bounded infinities of hypotheses can be queried (referencing previous instances in stored or external memories) that then influence the tallying of the response, which most likely will be weighted between 1 and 0, unless purely ideological.
Thus- *conceptually*- to consider "code" in this human context, of a living breathing idea that is grounded in empirical truth in a shared human viewpoint, that is to be shared as information, via exchange, it is more grayscale than 10110101010100001, in terms of language and how thinking functions, more about looping and weighting of variables than having a *single correct result* when there can be several overlapping or contrasting interpretations *at the same time*. So imagine if the binary string had each bit that was variable instead in a 0-9 scale of weighting the evaluation, such that 10927238292340246.
This moves the [binary] string into a fragmented string of variables, more like analog computation [1][0][9]...[6]. In this way it is to consider the 'bit' as N-variable, and thus what if it were the alphabet instead of numbers: 26 letters possible for each bit: USOWHLSELNSQAHBVY the issue being that like a slot machine, those [N] variable bits could tally up any potential letter of 26, or +10 numbers with alphanumerics, or add lower case and punctuation or symbols and suddenly a small 'string' of data could involve huge interrelational structures that may or may not be related across the horizontal span, depending on how it is constructed via algorithms and conceptual formatting. Maybe this already is the way transformed code is achieved with taking a certain sized content- variable [x], and then transmuting its entirety into a string or stream of obfuscated data that must be 'worked at' to decrypt or be translated to make use of.
The seeming difference would be computationally, how this relation exists in processing, in terms of hardware and software, though also thinking, programming. Because what if there is a limit to these transmutations that is forced into a binary 1/0 and thus bounds these infinities to only certain algorithmic space, or even computationally, that such numbers cannot be adequately computed and thus *do not exist* as calculations within machines and software approaches, crypto perhaps especially, when the security they would provide would be unfathomable in terms of existing brute force calculations of 'linear' patterns. my speculation is of an unknowing of applied cryptography and computer programming yet knowing of logical reasoning and empirical thinking, awareness, and how the two are ideologically at odds in approach in terms of basic assumptions. thus within my condition of 'illiteracy' there is an attempt to share an idea (pT) about a shared situation from an outsider vantage, with those of highest literacy of applied code, yet within what to my observation is a flawed idea and based on false and inaccurate assumptions, in particular the primacy of binarism for security when this nonlinear/multilinear computation (parallel & serial) would easily defeat it. such that it is not about strings and instead parallel sets: [x|x|x|x]...[n] as the [variable] yet this may not be coherent in a horizontal algorithm to solve, it may not have 'rationality' across, from one digit to the next, revealing its hidden structure. instead, randomness would be inherent instead of woven into the code, it would be more revealing information out of noise structures than putting information into noise that is bounded and can be shaped into structure. in this way also, noise could have structure yet not lead to decryption, it may be a false corridor within the ever expanding maze. it is that [N] variables each are in superposition, not static by default, finite and absolute, and instead 'truly variable', unbounded to a certain extent (infinities within infinities across infinities via nested sets). the conceit or test of the heresy would be 256 'bit' quantum computer that solves 256 AES, though if it were a binary string this could even be trivial, versus say [N]-bit, which seemingly could take *forever* to evaluate, via running, looping code evaluation and a shared empirical model that develops alongside, out of and through the technology as a 'thinking machine'-- which, the more it is like the human brain, the more likely the messaging could be made sensible via existing concepts and structures to test against, evaluating patterns and looking for correlations. in that context, a three bit [N]-variable string of code could probably defeat all computing power today, especially if large expanses were allowed, numbers, letters, symbols-- it would be unsolvable potentially, extremely probable. Largest primes would be a minor detail, another variable seemingly in such a context, due to its potential for incoherence and complexity. likewise, this [N]-bit approach for random number generators, yet why not random outside of 1/0 as a noise field, generating strings via a two [N]-variable string, just let it run and tap that, without or without structure, would it even matter. in other words: take any two ideas, any two signs or symbols or colors or whatever, and relate them and tally and extend this as a process. that is proto-language in a nutshell, this the crazy nut cracked open yet beyond the insanity of my own incapacity to communicate and flaws in understanding-- there is something about this approach and basically observation that has *coherence* that is absent in a binary approach and serial algorithms-- because that is not how people think or communicate, it is N-dimensional, geometrical, looping. and processors and code and software at present cannot model this, allow for it. and that formats reasoning, perception, what options are available to share ideas and evaluate them, and we are stuck in binary because it is enshrined both in technology though also in institutions-- it is the dead static code of shared ideological non-thinking that is pushing decision-making and actions towards its deterministic end game, which is a onesided machine-based value system, devoid of life, nature, and humanity, except insofar as it profits its own continuing automated development and further extension. so the gap between my illiterate views and the actuality of implemented security code by those literate is one aspect, though another is my literacy in thinking code and the illiteracy of thinking within foundational technology, its infrastructure, and the result of this, which requires a world like it is, and relies on bad code and ideas to allow for it. thus an audit or accounting of the situation, an attempt to get across the idea that there is a model of dumb, unintelligent code at the base of this situation, the approach is so flawed as to be the basis for tyranny, and it ties into 'ideology' across platforms, individuals and groups of people to software/hardware and bureaucratic systems, and in that 'combined state' of a false-perspective empire, the kernel is corrupt and the whole thing invalid, including at the constitutional level which itself is ignored, by binary default, the epic loophole of relativistic frameworks allowing the fiction and its virtuality to replace shared logical reasoning, because truth and logic can simply be ignored, 'privatized'. and enclaves can rule over others as if a caste-system via technology and ideological assumptions that function as religion, technologists as priests, gods of this technocratic utopia, the peasants not having the understanding to operate in such a realm, as guaranteed by the originating lie and tradeoff that allows for all of this to continue. that absolute truth is an everyday condition and you get to choose what to believe as if a right or protected mode of operation, no matter how many others must suffer for it, to sustain the illusion and shared delusion. the cloud here in the corrupted model a state filing cabinet, digital bureau for the bureaucracy, citizens organizing info into others invisible folder structures, volunteering the data via handover, designed into the technology itself as a marketing and communications strategy. the sieve of private data is equivalent to entire populations seeking out pickpockets to hand over their contents, incentivized as it is. and so 'security' is as if a kind of institutional transparency in relation to a corrupted, failed, rogue state that can read and see everything you are doing, whether or not encrypted, dumb terminals every computer to the state mainframe, rebranded and rebadged, hidden, 'anonymous'.
--- more of this insane ungrounded viewpoint -- it was mentioned a three variable 'string' [x|y|z] would be differently approached if parallel versus serial, in that each bit of a binary string could be N-variable in a parallel approach, or so it is assumed possible, as with probabilities and slot machines, or basic everyday observation of events and what enters and exits consciousness given context. and while not knowing the depth of this in terms of cryptography, completely out of my depth, it would seem the concept of keyspace could relate to how such a 'paradoxical string' could exist, given the boundary for determining what N could be for [x], [y], [z]. For instance if it were binary ones and zeroes, the probabilities could be run and 8 different permutations or combinations: 111, 100, 110, 101, 010, 011, 001, 000.
And within that, perhaps there is meaning. Yet if 'the probabilities' are changed via [N]-bit variables, it could go all the way to infinity for a single variable, and thus BIG BANG inflate via probabilities into a huge keyspace, perhaps unpacking structures this way that reference others already developed, as if infrastructure being revealed that connects with others elsewhere, via wormhole-like connectivity and then closing down upon successful messaging, thus encrypting and decrypting via few variables, via inherent yet hidden structural relations within these combinations, which could be infinities related to infinities and then the issue of how to find them or what to look for. Black box yet even moreso, RNG as model for signal, not noise, thus tending toward psychic Random Event Generator as if innate sense of animals before catastrophe, cosmic faults and folds. the idea or difference is paradox- essentially *superposition* of the bit as [N]-variable, no longer finite and static, potentially active and transformative, diagnostic even in a sensor sense of the analogue as queued circuit. What if alignment occurs in the string under certain conditions and not others, what if it tunes in and structures revealed, decrypt, yet out of tune it vanishes, code collapse or changes as with temperature sensing colors, and the variables change, mask into background, returning to mystery. It does not seem that computers today can even adequately allow for infinity, a single bit of this, versus a larger parallel string- and what might that mean about thinking, too. nothing more than finite discreet thoughts, one decision to the next unconnected, unless largest prime, say rogue US terror-state pwns earth as if master discourse, shared POV, even though ungrounded- this the dumbed down unintelligent lowliest shared viewpoint of situations in their depth, instead made shallow, sold as daily headline? the CODE makes it so, in brains and machinery and bureaucracy. binary is the enforced and corrupted 'shared state', conceptually and ideologically, yet it is a false belief. the issue then of shared and unshared identity, belonging or not belonging to this 'master/slave' thinking...
shared ID <-----> unshared ID
And how this relates to default interpretations, the quickest route for 'feedback' and determining events based on perspective... are you binary or paradoxical?
Can you make sense of your own consciousness or must you take on false consciousness to function in society and go about decision-making in its frameworks, taking on its value systems yet which fragment a person from their own 'true' self, taking over and reformatting and reprogramming a life to serve the machine agenda over and against 'shared humanity' -- now an unshared identity, via private relativistic ideology. sell out your ancestors and neighbors for a place in the machine...
Quickest route to thinking- *binary* of course, processor speed as if SUPERSMART! --- "look- i can decide things and determine things irrespective of their actual truth, and it works for me and others, everyone else is just lazy!" Like water flowing downhill, 'logical reasoning' turned into Price is Right PLINKO game, quick and easy 'automated reasoning' via path of least resistance aided and abetted by binary ideology, creating friction-free virtual universe, mind detached from body by also flawed historical beliefs, enabling this madness its onesided platform. the trope of largest prime 'uncorrected ideological perspective' the trophy award for the most stupid, greedy, and ignorant. an entire society and civilization built around rewarding those whose activities align with this, against human conscience and its needs, that then is viewed as the enemy.
--- major social dynamic --- ideologically there is a differentiation in terms of the process of reasoning, how information is parsed...
intelligent <-----> smart also, how shared identity may differ between empirical and relativistic models of truth... truth <-----> partial truth and the difference in conceptualization, reliance on how frameworks are constructed, tested...
ideas <-----> facts and this directly relates to issues of observation and cybernetics (looping circuitry)...
fallible observer <-----> infallible observer
error-correction <-----> no error correction
In this way 'inflated' or 'bubble' views can rely on warping, skew, distortion for their truth which is verified by conforming to a false or inaccurate model reliant on a limited *protected* or SECURED version of pseudo-truth (pT), as if shared empirical reality (T) removed of error, because it is believed to be, via ideology.
grounded empiricism <-----> ungrounded relativism
In this way a 'private worldview' can replace 'the public' view as if a shared domain, and become the basis for one-sided 'reasoning' depending on authoritative beliefs, where facts can be chosen to fit the model, others discarded, to uphold the perimeter, basically privatizing perspective to a finite inaccurate view as the exploit.
reality (1) <-----> false-perspective (0)
humanity <-----> the state (?)
There is always the possibility that this was planned in advance as a cosmic setup from the beginning, and therefore the state could be doubled, paradoxical, existing both in the shared truth of humans and in the lies of the false viewpoint...
humanity <-----> state (T|F)
In this way the two state solution could be moving those 'false' on the side of humanity over to the false state, and the true state over to side with humanity, via reversal of dynamics, trapping the exploiters within their own rigged game...
human state (1) <-----> rogue state (0)
And thus doubled or backdoor crypto could be vital to this process, itself constituting the trap while transcending this context of surveillance and putting it to use for human goals and values, working-through this hell into the birth of new cosmic civilization, of shared identity, as this relates to eco|soc|pol-issues, shared set evaluations for money and taxes and policy and direction slash governance, versus the corrupt code and its circuits etched into the world and minds today as pain, suffering, terror, horror, insanity.
// * the following repeated text in case superscript numbers do not translate, for reference:
In other words, instead of XYZ being a serial number that could extend linearly onward toward infinity, that is: [xyz] ...[infinity], and that "string" is a horizontal number or code, that can in particular be related perhaps to binary on-off processing in a highly efficient manner, processing and computational speed and largest prime numbers as context-- instead, the assumption for this same situation in another crypto framework is that it could be happening 'vertically' like a slot machine that runs to bounded infinities (largest primes or not), within each variable, and thus [xyz] may not have a discernible linear structure or overall equation that makes sense of the resulting 'horizontal' string. such that:
[x][y][z] => [n^1][n^2][n^3]...[n^n] whereby [n] is variable and could be anything- a number, a function, a calculation, null, its own computation. And in this way, each variable could tend towards infinity or its own structuring, within the string, whose length is not so much the issue as the difficulty in resolving its total structure, especially linearly, such that [n^123] would not be decipherable running algorithms across its horizontal string and instead solving for each variable or say grouped variables in the string, eg. [n^1][n^2-3][n^4-9]
? ------next part ------An HTML attachment was scrubbed... URL:
From electromagnetize at gmail.com Sat Sep 14 18:09:37 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 14 Sep 2013 17:09:37 -0500 Subject: [4] hash funktion Message-ID:
// attempt at a basic comparative example here...
--- code play --- first to reference the previous transparent ziplock with letters (ACID) to provide conceptual framework for what follows... and how the *interpretive* aspect of the code, its encoding/decoding and encrypting/decrypting, may likewise relate in some way as a transformative, calculative process (if not phase-change). not going theory, just abstraction into a realm of N-dimensions and probability versus linear equation exegesis... here are some online resources then for examining the letters [A,C,I,D], as recombinational variables:
#Internet Anagram Server mentioned two solutions: http://wordsmith.org/anagram/index.html
CAD I, and ACID
#Scrabble Word Finder lists 8 word solutions: http://www.scrabblefinder.com/solver/
4 letters: acid, cadi, caid 3 letters: aid, cad 2 letters: ad, ai, id
And other scrabble word searches find additional, including 'da' and 'i'
So there are these permutative interactions that can occur within and between signs (letters and their arrangement, though also symbols) and this is mapped out to some degree with anagrams, palindromes, ambigrams, rebus', kangaroo words (word within a word), and so on.
#Palindromes, anagrams, and 9 other names for alphabetical antics http://theweek.com/article/index/244111/palindromes-anagrams-and-9-other-names-for- alphabetical-antics
In terms of language, this is a zone of paradox where multiple meanings could exist in a 'string' that could have more than one interpretation, say the word 'top' and 'top', one indicating 'the upper part of something' and the other 'a child's toy' via dictionary reference. yet without context how can you determine which viewpoint is correct: is there actually a 1:1 meaning or is it one to many? Thus, in some sense, weighted given the environment it occupies for observation. Thus paradox, though also superposition, and an aspect of the unknown or mystery within the ordinary and everyday that in a binary worldview would seek to determine a 1:1 answer and discard the other 'variables', and linearly "progress" in such computations down a particular _unique path that then is equated with _the correct path, analytically, even though potentially arbitrary or flawed.
Any such search engines for 'words' can be broken via substitutions, as mentioned before, and doing so would limit or bound the interpretation to a smaller set. Thus using a number one instead of capital 'i' causes the library reference to ignore the variable, discard it from consideration, and only analyze ACD; returning only 3 sets: cad, ad, da. So it moves from 8 words to 3 words due to illiteracy or incapacity to translate or substitute, as mentioned previously.
Yet once again consider the ACID letters, in particular the letter 'I' again as it may be hypothetically or conceptually connected to the letter D and result in new letter potentials: P, d, q, b --- likewise the letter 'C' could be turned sideways into the letters U and n. Note the transgression of upper and lowercase alphabets, opening up a much wider range of letter combinations via allowing multiple scales to co-exist in the evaluative framework. Further, the letters C and I can be combined into a second letter D.
Thus A,C,I,D, can become [A,C,I,D,D,U,n,p,d,q,b] as a potential string, if 'suspending judgement' and allowing time to configure and reconfigured *in a probability space* these co-existing parallel potentials. inputting the string (aciddunpdqb) at the Scrabble Word Finder leads to 110 words, with six letters the highest word count of eleven total.
A question being, is the 'string' ACID really only ACID, as if 1:1 in terms of code and its meaning, and if 'decrypted' perhaps CAD I would be a result; and likewise, what if this could range to 110 words, without considering two or more letter acronyms and abbreviations, and then, each of these unpacked "variables" could potentially be related to one another as a structural framework from which to further reveal or construct code, such as via the subset words: candid, baud, pin. Perhaps keys or a bermuda triangle zone that submerges or reveals purposefully scuttled content. This location related to another inside the same hash function: cab, pain, quid; or yet another: cabin, cupid, id.
Essentially sets related if not collided and run against other sets, one against many, symmetries or asymmetrical dynamics, spins, planes, fields, layers, levels, zones of meaning shared and unshared. Perhaps someone could even have the key and yet get lost in the ever expanding forest of never ending choices, thus: the labyrinth is constructed by each interaction and decision and without the correct context, variables in their superposition could remain hidden in their correct interpretation (A=A) how could you know without an observer of shared identity and same model of empirical truth to reference, given N-possibilities for each choice and evaluation, potentially, as this is bounded by whatever the keyspace may be: only capital letters, alphanumeric plus symbols, whatever. and likewise, in terms of computation and equipment, could this same HASH function be recreated _without identical equipment, due to the floating point aspect (if it were to still exist) in computating irrational numbers, given a necessary boundary to stop and round up or down at that limit, thus forcing alphabets or equations into one hash scenario or another-- and could enough of this be controlled to even allow two machines to function identically or may there inherently be noise (chaos) between them, and so it is an issue of approximation, creating the same structures via unpacking a superposition ~bit-string and yet having variability still within these parallel models It just reminds so much of enigma and patch cords that perhaps the the RNG with patch-cord like custom circuit wiring could tweak machines to a shared match or 'entangled parallelism' that technology may be limited in allowing due to limits to standardization at the level of unique processors with slightly different characteristics, processor temperatures or working transistors that could somehow effect computation, speed, rounding, at what boundary the evaluation is bounded. perhaps different bounding could provide different codes or access: abc^10 opening up one hash and abc^2 opening up another entirely different subset universe in terms of what appears in its relational structuring. different tech, different hashspace (?) given how much infinity can be modeled and to what extent -- And thus what might keys be. what if the starting variable was used multiple times, such as opened at one level and then reopened at another, and these compared, or some mathematical computation occurring to parse each against the other, and using that derivation for the keyspace. The idea of custom wiring in addition just unpacking then potentially allowing one version of crypto-signage to be used many times and in many different ways, as if signpost even or relay or storage device, as if such crypto could be infrastructure, if not alive like a sensor network in terms of feeding and routing information through such matrices it is curious if perhaps this is opposite the idea of the hash, in that it is an inversion or reverse hash function or something such, due to its exponentiality of parallelism and superposition versus linearity that appears standard to the naive outside observer of this.
Just to provide a different example entirely, for consideration- imagine a two variable string, [v][w], in this superposition context. Despite the known transmutations such as the letters being flipped and turned, such that two letters v = w, or when flipped could equate to acronym 'mn', it is more than a single letter as the variable and instead, say, the signs S and O that are overlapped for a single variable [v], such that their layering appears as if the number 8 or letter B. and likewise, a second variable as letters F and L traced atop one another, resulting in the combined letter E, much like a Jasper Johns painting or 7 segment or 16 segment display. In this approach, [B][E] then could, as a 'string' carry these other letter potentials within it or could no longer be decipherable as a standard alphabet letter and instead as a structural pattern, and then computation could occur via breaking down these patterns in that abstraction, mapped to potential letters and numbers and their recombination. For instance the letter B is equivalent to number 8 and via 7-segment displays, encompasses all numbers 0-9 in its geometry. Thus what if [3][E] were suddenly evaluated in a context of letters [S,O,B,E,L,F] and its 47 words unpacked from this starting point; say 'fobs' <=> 'lobes', as a subset universe within which, via another key, may match to a circuit elsewhere or provide meaning and thus 'shared framework for interpretation' whether intentional or unintentional. likewise, lesbo and sol, fe, Io, os & so -- leading into potential transcendent oblivion... or other dimensionality beyond what can be determined, predicted or controlled even- the RNG as REG, tapping cosmic circuitry as if interdimensional tendrils of noosphere
--- another aspect --- in terms of superposition variables, the length of [x] in the string [x,y,z] could be _anything. the bit as container could hold a bounded infinity, it could hold a mathematical function, it could hold five numbers or a hundred million trillion, or could nest or subset other variables in chained relations, such that x = xz. and thus a larger string could generate more complex entry code or certain structures, yet it may be unrelated to solving the interior of the hashing package because its inside is larger than its outside symbols especially relevant here, HIOX, fractal codes, ciphers within signage so that it is beyond ordinary language to begin with, such an approach could be two variable and encompass a vast universe of relations, say as a partial HIOX symbol (16 segment) or fractal-based sign of letters embedded one inside the next, say a Y being letters I and V combined, yet far beyond this and into a keyword written inside a starting letter, at scale, and moving downward or across, and having that be a variable that unpacks certain letters and characters and not others, thus potentially relating this outside with inside via the starting string, thus providing context via its superposition options that may be more complex "structurally", all of this requiring a standard approach that is shared, grounded in truth and logical reasoning, to allow 'the language as code' to be useful for shared communication, carrying ideas, or being the idea- seemingly about providing context, creating the conditions allowing for such interpretation to exist also, it should be noted that this could easily involve numbers and so alphanumerics could exist in a state of superposition between their mathematical and linguistic meaning, again 'variable' in terms of interpretive framework; for instance, a number 4 may be missing its hypotenuse or upper-left bracket -- given character style or typographic standard -- and thus it may look instead like a sideways letter T, in some sense. And thus the glyph representing sideways-T could *potentially* occupy both the realm of the letter T and-or the number 4 in terms of superposition, given that it is somewhat corrupted or incomplete or has extra information (such as Q and O similarly). thus a starting bit-string could have strange symbols that could map into letters and numbers via transformation (its de|con-struction via constructions and destructions) of subset relations and dynamics, unpacking particular characters and relations, creating a particular type of noise field for other content, perhaps framing it for interpretation. And thus language itself, tending towards noise if not illegible, may look like actual hash code to start the string, then unpack its contained information based on these variables that may normalize within certain parameters and not others, providing both signal and noise- and perhaps having multiple keys or no keys and to be accessed or referenced via temporary tunings or harmonizations, as if emergent data, or a particular correlated state of shared mind, et cetera
--- example --- so i could provide a ~bit-string (do not know the correct word so that is a conceptual placeholder until someone those knows what this is define the concepts accurately) such as the following and it could be assumed to operate and function within these stated dynamics...
[nv+x!] in other words: [n][v][+][x][!]
And here is what i think is peculiarly interesting- is that i could shared with you 'the key' that created this string, for a subsequent parallel hash function, via superposition, yet it may or may not be relevant to what is unpacked on the inside unless it were activated, and thus it is like an on/off switch that may not be in the interpretative context and so can be routed around if compromised, or used as ruse and trap to set up alternative interior corridors and pathways to checkmate mimics via false perspectives. so, running through the example... potentials: n, c, u, v, n, >, <, +, t, j, r, x, +, v, y, ., l, i, !
Note duplications are added for combination potentials, especially useful for acronyms or symbolic 'compressed' meaning, mirroring of palindromes, etc. likewise, punctuation is allowed for its dual-use language capacity, the exclamation point rotated into the lowercase letter i, and period useful perhaps in other ways as well. As with plus sign and the lowercase t. the issue of archetypal transference alongside transformative mutation, as if organization, allowing for entropic reversal or coherence gains even via losses, such is the "calculus" of the signage, as if moving from concept 1 (speed) to concept 2 (acceleration) yet within a different conceptual realm, wide ranging if not arbitrary and thus the issue of *potential*, as with potential energy- *potential meaning* and potential interpretation, framework, structure, that may exist momentarily or collapse given shared or unshared identity, referent, whatnot. so it would be possible to say 'cat' is what generated the original string, the upside-down caret (^) removed of the crossbar a hint or clue to the uppercase A at another scale (uppercase versus lower), and the plus sign functioning as a category-crossing letter t. and that could be the basis for generating the hash funktion, via this string-- and it may or may not be relevant, it may or may not be used beyond this threshold, it may or may not be the framework once the interior is unpacked, and this depends on the keyspace and how many variables will be referenced on the inside, though could also be on the outside as well, and only [n,v,+] could be used in their permutations and nested recombinations- meaning different hashes could be referenced and made active depending either on generating key, as a partial string (thus secret) or it could be entirely open and yet of an unshared POV, bounded and limited in observation via threshold of eavesdropper, and thus their biasing could force only some variables and not others, which it is proposed may make it nearly impossible to decipher externally without knowing what is being communicated in a given framework or context that is only partially observed and evaluated. such that it may not add up the same, just as unpacking the string with different hardware capabilities may generate different random interrelations as noise though also structure, if somehow calculations are not tuned A:A and instead it is closer to A1=A2, though compensated for. it is as if relativism itself is the encryption envelope, its warping skew distortion where the data can hide within and between and the revealed structures *whatever they may be* could be one-time pad connections or stable grids or force fields spanning multiple such hash universes that interconnect or feed data one into another again perhaps like wormholes further, phonetics could be used for substitutions such that the original lowercase letter 'c' and its subset [v, ^, c, n] could be replaced by 'k' such that kat=cat in terms of pronunciation yet has no trace of a c from which to decipher via a dictionary search, unless phonetic. in this way the original string [nv+x!] could instead be: [kv+x!] and generate an entirely different inferiority to reference, which may or may not be keyed to 'cat' in any given instance, unless it were to be, yet may not reveal anything even if the key is known, given perspective and variable timing and interpretations. it could be throwaway or only active on occasion or a divining method such as organizing cards out of a Tarot deck for reading, a process that establishes interpretation though in a magical context, and thus perhaps more ritual or procedural yet still an important vital step. i.e. if everything is in tune, because the arbitrary could cut either way if not 'literate' and capable of handling this kind of code and interpretation as it were- it could drive you crazy of all the myriad possibilities, this is a infinitesimal example and it would be in the collection of all various techniques and approaches and evaluation and surveying their coherence and decoherence dynamics and related functionality that perhaps a new approach to coding could be developed in this alphanumeric and symbolic parallelism where sign=sign is essentially outside of the language as it operates in consciousness, unless brought into a realm of shared truth (1) and shared perspectives for exchange. thus creating or *revealing* that realm, essentially navigable infinity and issues of markers, lighthouses, obelisks, waypoints, ecosystems and ecologies, mazes, traps, that mapping data or mining, storing, conveying, relaying information within preexisting contexts, frameworks, could be utilized- made infrastructural, another paradigm entirely that aligns with consciousness, not the deadzone of the silicon wasteland as if final destiny of life with the singularity, leading to death and nothingness as ideal future. current and currency. a realm for those literate and of shared awareness. keeping the lies and the liars and their falsehood out of the equations, trapping them in their own false perspectives and thus bounding the interaction while the false perspective is dismantled, freezing everything binary in its place while the word keeping spinning. this, perhaps a reverse-vertigo effect of the nonsensibility of the perceived world, though from another point of view. the oppressive ideology extinguished, no longer capable of sustaining the lies and controlling events from an external position, losing power of 'shared awareness' by dissimilar or dismantled structures-- sitting ducks. quack,quack. ------next part ------An HTML attachment was scrubbed... URL:
From lee at guardianproject.info Sat Sep 14 18:43:32 2013 From: lee at guardianproject.info (Lee Azzarello) Date: Sat, 14 Sep 2013 18:43:32 -0400 Subject: [3] sampling continued In-Reply-To:
This class blew my mind https://www.coursera.org/course/crypto
Helped understand how much logic is subverted.
-lee
On Saturday, September 14, 2013, brian carroll wrote:
> > // apologies- yet another attempt at error correction of a previous > statement and clarification. > > quote: Subvert logical reasoning, disallow it, including freedom of speech > and thinking and censoring and controlling what facts are allowed - > controlling POV - then the opposite occurs: A|B ---> B, such that T => pT > > This is the code exploit of the Binary Crypto Regime, where B(0)=A and > pT(0)>T(1) > > > --- clarification on computational approach --- > > I made an error in description of processing in the context of infinities, > stating one infinity to the next is evaluated as if a serial approach when > instead this would be nonlinear and require massively parallel processing, > along with serial evaluations in a looping evaluative heuristic - testing > against a hypothesis or model, 'running code' or living code' as it were, > versus a static one-time interaction of data and algorithms, instead more > like a situation of intelligent life in a bounded context as if data > aquarium or code planetarium. > > the reason for this parallelization relates to considering all the > combined permutations in terms of probabilities, and thus [x][y][z] as > variables are not necessarily, seemingly, about an algorithm that reveals a > structure that helps move from x->y->z by some mathematical structure, or > so that is my naive guess, such that if you use conventional crypto > approach #1 something may be revealed between these that matches an > equation pattern, provides order within the chaos of variability, until > legible, intelligible.* > > In other words, instead of XYZ being a serial number that could extend > linearly onward toward infinity, that is: [xyz] ...[?], and that "string" > is a horizontal number or code, that can in particular be related perhaps > to binary on-off processing in a highly efficient manner, processing and > computational speed and largest prime numbers as context-- instead, the > assumption for this same situation in another crypto framework is that it > could be happening 'vertically' like a slot machine that runs to bounded > infinities (largest primes or not), within each variable, and thus [xyz] > may not have a discernible linear structure or overall equation that makes > sense of the resulting 'horizontal' string. such that: > > [x][y][z] => [n?][n?][n?]...[n?] > > whereby [n] is variable and could be anything- a number, a function, a > calculation, null, its own computation. And in this way, each variable > could tend towards infinity or its own structuring, within the string, > whose length is not so much the issue as the difficulty in resolving its > total structure, especially linearly, such that [n???] would not be > decipherable running algorithms across its horizontal string and instead > solving for each variable or say grouped variables in the string, eg. > [n?][n???][n???] > > Thus, while i have no actual idea of how crypto and binary code relate in > terms of encryption methods and decryption, it is assumed this approach > remains serial and directly interrogates the serial string to reveal its > structure, across various formats of the code (various programming, > encoding and other data formatting schemes). Thus, a binary string would be > an example, 10100011001010001010101010010101, whereby to solve for > [xyz...n] would involve finding the overall linear structure that provides > for such linear organization, say assuming it is encrypted code > *)S)*S*))SA&*S&**S()S*S)aAUIHNL*0, and therefore the assumption would > remain that each variable is related to the next in some 'coherence' and > solving one part or layer may reveal another, such as > HSKSLLILHSILALSWLWLSDUI and thus the string [xyz] is made intelligible by > this coherence within the linear string, across that massive horizontality > (very large streams of data that contain data and programs and messaging). > > Whereas for a paradoxical logic approach, each variable could itself be > 'many' in place of a single bit- or the boundary of the single bit could be > [N] and move towards a bounded infinity, a mathematical function, or other > calculation in that same location. > > disclaimer, stating the obvious, i have no idea what this is in terms of > applied cryptography, there is tremendous gap between these statements and > actual code, though to me the approach is much more accurate as "thinking > code" that involves human processing via logical reasoning, parallel and > serial processing, and thus the very idea of a string of code in that view > could also function as signal in noise or even absolute truth, in terms of > messaging. and so it is obvious 'binary thinking' is not like everyday > evaluation in the sense that there is grey-area to mediating events, a > pause to decision- yet within this pause, bounded infinities of hypotheses > can be queried (referencing previous instances in stored or external > memories) that then influence the tallying of the response, which most > likely will be weighted between 1 and 0, unless purely ideological. > > Thus- *conceptually*- to consider "code" in this human context, of a > living breathing idea that is grounded in empirical truth in a shared human > viewpoint, that is to be shared as information, via exchange, it is more > grayscale than 10110101010100001, in terms of language and how thinking > functions, more about looping and weighting of variables than having a > *single correct result* when there can be several overlapping or > contrasting interpretations *at the same time*. So imagine if the binary > string had each bit that was variable instead in a 0-9 scale of weighting > the evaluation, such that 10927238292340246. > > This moves the [binary] string into a fragmented string of variables, more > like analog computation [1][0][9]...[6]. In this way it is to consider the > 'bit' as N-variable, and thus what if it were the alphabet instead of > numbers: 26 letters possible for each bit: USOWHLSELNSQAHBVY > > the issue being that like a slot machine, those [N] variable bits could > tally up any potential letter of 26, or +10 numbers with alphanumerics, or > add lower case and punctuation or symbols and suddenly a small 'string' of > data could involve huge interrelational structures that may or may not be > related across the horizontal span, depending on how it is constructed via > algorithms and conceptual formatting. Maybe this already is the way > transformed code is achieved with taking a certain sized content- variable > [x], and then transmuting its entirety into a string or stream of > obfuscated data that must be 'worked at' to decrypt or be translated to > make use of. > > The seeming difference would be computationally, how this relation exists > in processing, in terms of hardware and software, though also thinking, > programming. Because what if there is a limit to these transmutations that > is forced into a binary 1/0 and thus bounds these infinities to only > certain algorithmic space, or even computationally, that such numbers > cannot be adequately computed and thus *do not exist* as calculations > within machines and software approaches, crypto perhaps especially, when > the security they would provide would be unfathomable in terms of existing > brute force calculations of 'linear' patterns. > > my speculation is of an unknowing of applied cryptography and computer > programming yet knowing of logical reasoning and empirical thinking, > awareness, and how the two are ideologically at odds in approach in terms > of basic assumptions. thus within my condition of 'illiteracy' there is an > attempt to share an idea (pT) about a shared situation from an outsider > vantage, with those of highest literacy of applied code, yet within what to > my observation is a flawed idea and based on false and inaccurate > assumptions, in particular the primacy of binarism for security when this > nonlinear/multilinear computation (parallel & serial) would easily defeat > it. > > such that it is not about strings and instead parallel sets: > [x|x|x|x]...[n] > > as the [variable] yet this may not be coherent in a horizontal algorithm > to solve, it may not have 'rationality' across, from one digit to the next, > revealing its hidden structure. instead, randomness would be inherent > instead of woven into the code, it would be more revealing information out > of noise structures than putting information into noise that is bounded and > can be shaped into structure. in this way also, noise could have structure > yet not lead to decryption, it may be a false corridor within the ever > expanding maze. > > it is that [N] variables each are in superposition, not static by default, > finite and absolute, and instead 'truly variable', unbounded to a certain > extent (infinities within infinities across infinities via nested sets). > > the conceit or test of the heresy would be 256 'bit' quantum computer that > solves 256 AES, though if it were a binary string this could even be > trivial, versus say [N]-bit, which seemingly could take *forever* to > evaluate, via running, looping code evaluation and a shared empirical model > that develops alongside, out of and through the technology as a 'thinking > machine'-- which, the more it is like the human brain, the more likely the > messaging could be made sensible via existing concepts and structures to > test against, evaluating patterns and looking for correlations. in that > context, a three bit [N]-variable string of code could probably defeat all > computing power today, especially if large expanses were allowed, numbers, > letters, symbols-- it would be unsolvable potentially, extremely probable. > Largest primes would be a minor detail, another variable seemingly in such > a context, due to its potential for incoherence and complexity. > > likewise, this [N]-bit approach for random number generators, yet why not > random outside of 1/0 as a noise field, generating strings via a two > [N]-variable string, just let it run and tap that, without or without > structure, would it even matter. in other words: take any two ideas, any > two signs or symbols or colors or whatever, and relate them and tally and > extend this as a process. that is proto-language in a nutshell, this the > crazy nut cracked open yet beyond the insanity of my own incapacity to > communicate and flaws in understanding-- there is something about this > approach and basically observation that has *coherence* that is absent in a > binary approach and serial algorithms-- because that is not how people > think or communicate, it is N-dimensional, geometrical, looping. and > processors and code and software at present cannot model this, allow for > it. and that formats reasoning, perception, what options are available to > share ideas and evaluate them, and we are stuck in binary because it is > enshrined both in technology though also in institutions-- it is the dead > static code of shared ideological non-thinking that is pushing > decision-making and actions towards its deterministic end game, which is a > onesided machine-based value system, devoid of life, nature, and humanity, > except insofar as it profits its own continuing automated development and > further extension. > > so the gap between my illiterate views and the actuality of implemented > security code by those literate is one aspect, though another is my > literacy in thinking code and the illiteracy of thinking within > foundational technology, its infrastructure, and the result of this, which > requires a world like it is, and relies on bad code and ideas to allow for > it. thus an audit or accounting of the situation, an attempt to get across > the idea that there is a model of dumb, unintelligent code at the base of > this situation, the approach is so flawed as to be the basis for tyranny, > and it ties into 'ideology' across platforms, individuals and groups of > people to software/hardware and bureaucratic systems, and in that 'combined > state' of a false-perspective empire, the kernel is corrupt and the whole > thing invalid, including at the constitutional level which itself is > ignored, by binary default, the epic loophole of relativistic frameworks > allowing the fiction and its virtuality to replace shared logical > reasoning, because truth and logic can simply be ignored, 'privatized'. and > enclaves can rule over others as if a caste-system via technology and > ideological assumptions that function as religion, technologists as > priests, gods of this technocratic utopia, the peasants not having the > understanding to operate in such a realm, as guaranteed by the originating > lie and tradeoff that allows for all of this to continue. that absolute > truth is an everyday condition and you get to choose what to believe as if > a right or protected mode of operation, no matter how many others must > suffer for it, to sustain the illusion and shared delusion. > > the cloud here in the corrupted model a state filing cabinet, digital > bureau for the bureaucracy, citizens organizing info into others invisible > folder structures, volunteering the data via handover, designed into the > technology itself as a marketing and communications strategy. the sieve of > private data is equivalent to entire populations seeking out pickpockets to > hand over their contents, incentivized as it is. and so 'security' is as if > a kind of institutional transparency in relation to a corrupted, failed, > rogue state that can read and see everything you are doing, whether or not > encrypted, dumb terminals every computer to the state mainframe, rebranded > and rebadged, hidden, 'anonymous'. > > --- more of this insane ungrounded viewpoint -- > > it was mentioned a three variable 'string' [x|y|z] would be differently > approached if parallel versus serial, in that each bit of a binary string > could be N-variable in a parallel approach, or so it is assumed possible, > as with probabilities and slot machines, or basic everyday observation of > events and what enters and exits consciousness given context. and while not > knowing the depth of this in terms of cryptography, completely out of my > depth, it would seem the concept of keyspace could relate to how such a > 'paradoxical string' could exist, given the boundary for determining what N > could be for [x], [y], [z]. For instance if it were binary ones and > zeroes, the probabilities could be run and 8 different permutations or > combinations: 111, 100, 110, 101, 010, 011, 001, 000. > > And within that, perhaps there is meaning. Yet if 'the probabilities' are > changed via [N]-bit variables, it could go all the way to infinity for a > single variable, and thus BIG BANG inflate via probabilities into a huge > keyspace, perhaps unpacking structures this way that reference others > already developed, as if infrastructure being revealed that connects with > others elsewhere, via wormhole-like connectivity and then closing down upon > successful messaging, thus encrypting and decrypting via few variables, via > inherent yet hidden structural relations within these combinations, which > could be infinities related to infinities and then the issue of how to find > them or what to look for. Black box yet even moreso, RNG as model for > signal, not noise, thus tending toward psychic Random Event Generator as if > innate sense of animals before catastrophe, cosmic faults and folds. > > the idea or difference is paradox- essentially *superposition* of the bit > as [N]-variable, no longer finite and static, potentially active and > transformative, diagnostic even in a sensor sense of the analogue as queued > circuit. What if alignment occurs in the string under certain conditions > and not others, what if it tunes in and structures revealed, decrypt, yet > out of tune it vanishes, code collapse or changes as with temperature > sensing colors, and the variables change, mask into background, returning > to mystery. It does not seem that computers today can even adequately allow > for infinity, a single bit of this, versus a larger parallel string- and > what might that mean about thinking, too. nothing more than finite discreet > thoughts, one decision to the next unconnected, unless largest prime, say > rogue US terror-state pwns earth as if master discourse, shared POV, even > though ungrounded- this the dumbed down unintelligent lowliest shared > viewpoint of situations in their depth, instead made shallow, sold as daily > headline? the CODE makes it so, in brains and machinery and bureaucracy. > binary is the enforced and corrupted 'shared state', conceptually and > ideologically, yet it is a false belief. > > the issue then of shared and unshared identity, belonging or not belonging > to this 'master/slave' thinking... > > shared ID <-----> unshared ID > > And how this relates to default interpretations, the quickest route for > 'feedback' and determining events based on perspective... are you binary or > paradoxical? > > Can you make sense of your own consciousness or must you take on false > consciousness to function in society and go about decision-making in its > frameworks, taking on its value systems yet which fragment a person from > their own 'true' self, taking over and reformatting and reprogramming a > life to serve the machine agenda over and against 'shared humanity' -- now > an unshared identity, via private relativistic ideology. sell out your > ancestors and neighbors for a place in the machine... > > Quickest route to thinking- *binary* of course, processor speed as if > SUPERSMART! --- "look- i can decide things and determine things > irrespective of their actual truth, and it works for me and others, > everyone else is just lazy!" Like water flowing downhill, 'logical > reasoning' turned into Price is Right PLINKO game, quick and easy > 'automated reasoning' via path of least resistance aided and abetted by > binary ideology, creating friction-free virtual universe, mind detached > from body by also flawed historical beliefs, enabling this madness its > onesided platform. the trope of largest prime 'uncorrected ideological > perspective' the trophy award for the most stupid, greedy, and ignorant. an > entire society and civilization built around rewarding those whose > activities align with this, against human conscience and its needs, that > then is viewed as the enemy. > > > --- major social dynamic --- > > ideologically there is a differentiation in terms of the process of > reasoning, how information is parsed... > > intelligent <-----> smart > > also, how shared identity may differ between empirical and relativistic > models of truth... > > truth <-----> partial truth > > and the difference in conceptualization, reliance on how frameworks are > constructed, tested... > > ideas <-----> facts > > and this directly relates to issues of observation and cybernetics > (looping circuitry)... > > fallible observer <-----> infallible observer > > error-correction <-----> no error correction > > In this way 'inflated' or 'bubble' views can rely on warping, skew, > distortion for their truth which is verified by conforming to a false or > inaccurate model reliant on a limited *protected* or SECURED version of > pseudo-truth (pT), as if shared empirical reality (T) removed of error, > because it is believed to be, via ideology. > > grounded empiricism <-----> ungrounded relativism > > In this way a 'private worldview' can replace 'the public' view as if a > shared domain, and become the basis for one-sided 'reasoning' depending on > authoritative beliefs, where facts can be chosen to fit the model, others > discarded, to uphold the perimeter, basically privatizing perspective to a > finite inaccurate view as the ex > ------next part ------An HTML attachment was scrubbed... URL:
From bill.stewart at pobox.com Sat Sep 14 18:57:34 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 14 Sep 2013 15:57:34 -0700 Subject: [liberationtech] Is Dropbox opening uploaded documents? In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID: <[email protected]>
At 02:14 AM 9/13/2013, stef wrote: >On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote: > > Dropbox is pulling a Skype. > >no it's not, it's generating thumbnails. also this is advertising.
Unless Dropbox has changed what they do, I wouldn't expect them to be generating thumbnails of my documents, at least not beyond the level of taking "foo.doc" and using a MS Word icon for it. Yes, I know gmail is different, but I would have expected Dropbox to leave my bits alone. At $DAYJOB, the firewall blocks access to Dropbox, because Corporate Security doesn't trust them with our own proprietary information, much less with customer data or sensitive personal info like employee SSNs. It's a useful servivce, so we've got our own Dropbox-clone which we can use instead.
From coderman at gmail.com Sat Sep 14 19:37:56 2013 From: coderman at gmail.com (coderman) Date: Sat, 14 Sep 2013 16:37:56 -0700 Subject: [cryptome] Re: FLYINGPIG // Tor In-Reply-To:
On Sat, Sep 14, 2013 at 6:26 AM, John Young
> Spying was invented to catch tax cheats and assure revenue > for government operation and rule, and nothing unites the > world's governments more than that essential transfusion > of money to sustain government beneficiares, in the US the > three branches, state and local. Military merely cops to > control obedient payment. unless you're an international corporation, in which case, USGov has fought valiantly to protect your precious loopholes and havens.
> Nobody should believe this will change without a lot more > than hopeful dreaming. when does that bill to de-fund NSA programs re-introduce?
From electromagnetize at gmail.com Sun Sep 15 15:40:17 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 15 Sep 2013 14:40:17 -0500 Subject: [3] sampling continued In-Reply-To:
_ | v J L 3 p \ w Z 7 r : 2 6
This class blew my mind > > https://www.coursera.org/course/crypto > > Helped understand how much logic is subverted. > > -lee > ------next part ------An HTML attachment was scrubbed... URL:
From jya at pipeline.com Sun Sep 15 15:46:17 2013 From: jya at pipeline.com (John Young) Date: Sun, 15 Sep 2013 15:46:17 -0400 Subject: John Gilmore analyzes NSA disclosures to EFF Message-ID:
John Gilmore assesses NSA disclosures to EFF on encryption, security, operations, more:
NSA FISA Business Records Offer a Lot to Learn http://cryptome.org/2013/09/nsa-fisa-business-records.htm
From reed at unsafeword.org Mon Sep 16 12:31:20 2013 From: reed at unsafeword.org (Reed Black) Date: Mon, 16 Sep 2013 09:31:20 -0700 Subject: [liberationtech] Is Dropbox opening uploaded documents? In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID:
On Fri, Sep 13, 2013 at 2:14 AM, stef wrote:
> On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote: > > Dropbox is pulling a Skype. > > no it's not, it's generating thumbnails.
Dropbox generates thumbnails and optimized document views for smartphone clients. This could happen on demand, or it could be batched after the upload. Checking whether the embedded link is accessed a second time on displaying a doc on a smartphone might be revealing.
It also wouldn't be surprising if they were working on some kind of content indexing as other sync services are. Cloud storage is a competitive space, and Dropbox needs to keep up in order to maintain their rather high price per unit of storage.
Some Dropbox developers are visible in their forums if someone wants to ask first-hand.
This level of scrutiny doesn't make sense for any service with a closed source, self-updating client, however. Even if they encrypted client-side, made every kind of promise and did everything else perfectly, they could be compelled to quietly change things overnight. That could happen for everybody, or for just a few users who get slipped a different version. ------next part ------An HTML attachment was scrubbed... URL:
From kylem at xwell.org Mon Sep 16 12:54:25 2013 From: kylem at xwell.org (Kyle Maxwell) Date: Mon, 16 Sep 2013 11:54:25 -0500 Subject: [liberationtech] Is Dropbox opening uploaded documents? In-Reply-To:
I also suspect they're doing some level of malware screening. If so, it didn't work too well here - not that this is malware (the author of the original service that created these docs is a personal friend) but it has a lot of similar code / functionality.
On Mon, Sep 16, 2013 at 11:31 AM, Reed Black wrote: >> >> On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote: >> > Dropbox is pulling a Skype. >> >> no it's not, it's generating thumbnails. > > > Dropbox generates thumbnails and optimized document views for smartphone > clients. This could happen on demand, or it could be batched after the > upload. Checking whether the embedded link is accessed a second time on > displaying a doc on a smartphone might be revealing. > > It also wouldn't be surprising if they were working on some kind of content > indexing as other sync services are. Cloud storage is a competitive space, > and Dropbox needs to keep up in order to maintain their rather high price > per unit of storage. > > Some Dropbox developers are visible in their forums if someone wants to ask > first-hand. > > This level of scrutiny doesn't make sense for any service with a closed > source, self-updating client, however. Even if they encrypted client-side, > made every kind of promise and did everything else perfectly, they could be > compelled to quietly change things overnight. That could happen for > everybody, or for just a few users who get slipped a different version. >
-- @kylemaxwell
From gutemhc at gmail.com Mon Sep 16 17:12:40 2013 From: gutemhc at gmail.com (Gutem) Date: Mon, 16 Sep 2013 18:12:40 -0300 Subject: Google knows nearly every Wi-Fi password in the world Message-ID:
- Gutem ------next part ------An HTML attachment was scrubbed... URL:
From electromagnetize at gmail.com Mon Sep 16 18:34:46 2013 From: electromagnetize at gmail.com (brian carroll) Date: Mon, 16 Sep 2013 17:34:46 -0500 Subject: [5] moar koda Message-ID:
--- (continuing...) --- hint for previous code: _ |v JL 3 p\ w Z 7r : 2 6 perhaps should have made the last character (6) this instead: O J the idea then of a digraph substitution: JL = inverted T, etc.
Thus, for instance if someone has a perceptual bias and is only looking at single characters as single units, the diagraph, trigraph, etc approach would be beyond their threshold of observation, beyond the perceptual modeling and thus such bias or limitation in interpretation can allow other information to exist beyond how it is perceived to exist by a given observer, unless they figure it out- so it would involve rules or learning how to determine what schemes are active or not, multiple or none further, the idea of a search of the original string as anagram or other approach, such that the breakage of units into fragments or components or elements thus can defeat brute force meaning unless checking all variables which would tend towards infinity, via probability. thus the secret is in some sense the noise, the more it is looked for the more possibilities arise and fill in the void with additional meaning that may or may not be active -- whether intended or not, which is the spooky aspect of this, if systems or data is somehow entangled whether as information and-or objects; seemingly /metaphysical keys/ even. so a hypothetical example would be, putting the original 15 characters into a structural search in which the original concept cannot be located in the analytical results (in ordinary terms, the 'word' does not exist within the letters/numbers themselves) and in this way, while it was was the basis for creating the 'string' (bit set), it may not be active in its interpretation or its activeness may exist in the permutated results and thus not require a decode by the receiver if already having the key because they know the shared reference yet the structure exists as infrastructure- and it may or may not have relevance though it could be mapped into that structure as if a conceptual root structure that could have calculative or geometric aspects- meaning, there could be many simultaneous structures some related and others not, that may or may not be activated in particular signaling, perhaps similar to neurons and synaptic structures in the brain that fire together yet whyso remains a mystery due to the limits of observation and an accurate model for analysis at the level of activity being observed- thus phrenology or scrying in an ungrounded sense providing security by enhancing warped, skewed, biased, limited interpretations, erecting walls and false rationales by "relativistic frameworks" in a realm of halls of mirrors within halls of mirrors. distortion by unknowing autogenerated, and in some sense 'signal' can be masked as noise also, shell games within the parallelism of infinity and the computational limits of parsing those dynamics accurately, which could easily exist beyond technological means thus also in the realm of literacy, 'reading the signs' or abstract markings can become the limit between those intelligent and those smart yet illiterate and not in service to the conceptual foundation involved, and their perceptual frameworks can be used to construct false perspectives that become labyrinths to control future options, yet while creating the illusion of being in a 'shared awareness' or framework (partial) whereby pseudo-truth, its reliance on error, can allow extra-dynamics to exist while also coexisting within 'some truth' of the shared condition; perhaps this is zoning within a threat containment model, or subversive takedown approach, establishing booby-traps and trap-doors and pyramid defenses so, a letter or number could be de|con-structed and words or concepts or meaning could also be tokenized by a substitute system of relation which is what symbolism also allows, a type of exchange existing with a symbol and its network of conceptual structures aligned with it, an infrastructure of shared meaning and dynamics that also has myth and magic and spiritual dimensions as a potential, these tending towards darkness and light yet also accounted for in a shared universe (U), this richness and depth then perhaps closest to the forces involved and their dynamics, versus its caricaturization that presents its substance mainly in cartoon terms, a popular culture framework as if yet another commoditized ideology, thus the assumption of surface-relations versus actual depth and core functioning
--- sidenote: after the expansion --- it should be added that after a 'string' is permutated, say it goes from 15 characters into a million character / word combination space, that is in a precisely bounded model that defines the perimeters and parameters of its expansion and analysis frameworks (if not via infrastructure standards), that it would seem this is a one-way calculation and as impossible as it may be to find something inside the expanded set combinations, it would appear even more impossible (exponentially) to try to put it back into the original pandoric gift package, the originating /bit set/ even if knowing the rules and trying to apply them in reverse, to go from 'many' words to only a 'key string' as exampled here (said: bit set now, as a description of the set relations between characters, not linear string if it is "calculated" and worked-out in its probabilistic interrelations). in other words, could you go from one million characters and various word combinations back to the original 15 characters- and my presumption is no, it would be even more highly variable in reverse if computed this way, in that substitutions could occur at some point that introduce (noise) extra data, such as a S=5 and starts to shift meaning out of the original context, and so many of these shifts could occur, 'recenterings' as part of analysis, that if not having them in their entirety and evaluating a massive set, even if having the majority correct, that small area of error could continually expand as noise and veer interpretations off course and bound the backwards analysis- which could be useful if having a code that generates something yet cannot be worked back, yet still is linked to it or exists within the unpackaged expansion as an entangled conceptual order, which again may or may not be activated- say like streetlights turning on at certain hours, or animal migrations under certain conditions- the data may appear momentarily or in a given context and then be absent the next so in this way a 'noisefield' could be inherent in the expansion and messages could be hidden within it, perhaps even texts or documentation, that would be reliant on the originating bit set yet disconnected from it if not available to analyze, yet it may also have carry any signal or secrets when analysed, such that it is feasibly arbitrary, one of many frameworks, and unless knowing what the perspective is, it could be a false corridor and lead to *answers* that are inaccurate or 'counter' to the actual view yet expand into another parallel stage-set universe (U2) based on error-reliant pseudo-truth believed to be accurate yet moving further into falsity (pT-> A=B). in this way, paradox is the limit, as if logical reasoning and 'shared observation' and if identity is unshared, fiction out of what can be shared facts in a limited model based on other rationales, thus exploiting bias and other false assumptions and their structures perhaps a way of conveying this is those with a human POV versus antihuman perspective and how consciousness would be correlated differently both in observations and interrelations, especially with doubling or imposters for instance someone may perceive a human as 'racist' for an observation because of a potential interpretation that is a particular framework thus bounded reasoning to that viewpoint structure, whereby: humans {ethnicity} in terms of sets, different skin tones and cultures could be secondary to being a human being and thus 'human' would be the superset...
human {ethnicity} or human {race}
This versus the opposite, determining interpretations locally as if the main basis for primary awareness:
race {humanity} or
race {ethnicity}
In other words, subset {set} if not: subset {superset}, can take on the interpretative 'universal view' (U) and it may have 'some truth' in a certain relative framework yet it may not be the larger or overriding truth of the observation and this ambiguity needs to be taken into account. say with my previous instance of a 'song here song there, here a song there a song, everywhere a song-song' as it may be viewed instead of a common rhyme instead a device to channel bias about 'yellow people' as if the intent. note also several such devices were used, not indicating this viewpoint. it is to say that multiple readings can co-exist, and there can be some partial truth (whatever truth exists is true) yet it may not be the total or overriding truth or even generative truth and instead exist as anomaly or entangled instance that arises out of noise, as with a crystal ball that takes in outside patterns and merges them into a common spheric surface. i think when i wrote that i noticed the potential ambiguity yet the idea was not that and decided to keep typing versus try to edit and invent another device for an ongoing theme (about endless communication in terms of 'linear string' assumptions as if automatically meaningful versus hollow and how a lot of people can be singing and saying *nothing* in terms of how it adds up empirically, versus fragmented relativisms which are basically noise allowing the cultural degradation to continue under that mirage of depth and hand-holding feel good hedonism, as if it is all that simple). though counter to this, it is true that certain cultures have names that align with 'song song' and thus it could be associated with that, even though that was not the interpretive framework and it could have meaning, whether or not true or accurate in the specific context, what is true is true. and thus if a military strategy and its associated ideology involves emigrating vast populations into other areas in order to subvert them, and then holds up a politically correct boundary saying it is discrimination to speak about what is going on in those terms- it probably is going to cause collisions in discourses like these, where such dynamics are mediated outside the "official silence" and politics of the everyday societies. again, humans and antihumans would be my response to this, and humans are in every culture and activity. and so they are in the superset and not viewed as 'subset'- though an antihuman ideology that tries to stop such analysis of human awareness via censoring debate or activities then is seeking to overpower and bias interpretation via unshared identity that is privileged and beyond error-checking or correction, thus requiring and demanding a safe zone of *secure interpretation* that prevents accounting for these dynamics via peer pressure, etc. essentially:
antihuman {humanity} as this is institutionalized, effectively:
subset {superset} if you give any credence to the higher cosmic order involved in this, such that the earth today is being governed by 'the lower' to which to higher functioning have had to adapt to allow the takeover and takedown to occur.
Most excellent in terms of this cross- and intercultural dynamics is the work and ideas of Edward T. Hall, especially in terms of language and cultural systems, how signs are interpreted differently yet also in this variance the richness of truth beyond limited observations of a given view. here is the ~50 words for snow in eskimo and so on, as it relates to this same bit set issue of where someone is interpreting the data from. another possible way of conveying the approximate idea:
(humans {ethnicity}) <--> (antihumans {race}) what matters is truth, who serves it and to what extent it is recognized or subverted for another agenda than the shared set, its values, goals, and principles- and this aligns also with coherence and its limits in ideology versus ideas, rigid limits to allowed thought versus freedom and liberty and serve to life or its annihilation by rules to prop up false universes, and the larger context for this being cosmic accountability and the role of crypto and both sides of these issues- that complex /ground/ of operations that could be binary or paradoxical, actually grounded or only virtually... so this gets to a basic idea of 'code' -- what do you trust? -- do you trust some cryptographic standard, do you trust a person or system or machine, do you trust 'ideas' without having parsed them completely and thus rely on 'unknown knowns' determined by others, perhaps of unshared identity and thus exploits- and to me it has become self-evident that only TRUTH can be trusted, that it is the basis for trust, and in combination with logical reasoning allows this trust to be evaluated and accounted for, and anything less is potentially an issue of 'trusting signs' in its place, mimicry or facades or ungrounded connections or relations, such that 'signs of friendship' can substitute for actual friendship, and other types of programmatic techniques whereby truth is not shared as the basis for interactions, and this occurs within 'shallow language' and 'wrong assumptions that are carried onward' within the scaffolding of viewpoints, /errors/ normalized, that devalue and degrade truth- yet become structures for *TRUST* within computing and social systems, again the Binary Crypto Regime as ideology the peak of this institutionalized untrustworthiness made into religion. Faith in crooked code, crooked administration, crooked relations, crooked ideas, and accounting in truth and via logical reasoning nowhere found outside the *protected limits*, thus allowing the antihuman agenda to proceed friction-free in fallen environments that serve this 'mastery'. if you trust in people, it is within their truth, the truth of a person not their falsity or pseudo-truth (unless mistaken) -- it is a critical distinction and of wide-ranging consequence. so too, ideas- the truth of ideas versus their approximations and warping and skew and distortion and biasing- to defend and uphold that is a corruption, a compromise that is a degradation and deteriorates whatever truth exists- thus, compromised code as if secure also compromises the person wrongly believing its integrity without being able to evaluate it in truth themselves or relying on others who are untrusted or of unshared identity to guarantee ideas through trust of technology or 'trust me' models- which if 'shared awareness' is not the same or exploited, leads to exploits. whole OS platforms built upon this and similarly exploited, though in a realm of double/triple schemes, etc. so FAITH in TRUTH and in the truth of people and in the truth of ideas, yet accounting for this truth, understanding it, being able to grapple with it versus make and build assumption upon unreliant assumption that could be built upon a threshold exploit (unknown unknowns) that bound interpretation and yet another could be decrypting everything from the start because it is built that way- just not understood by the users- thus 'trust the algorithm' without dealing with 1:1 truth allows the A:B exploit its tyrannical freedom to overlord and invisible hand events onesided. for instance, if time travel there is a high likelihood the present day would be governed from the future context and its administration over the present and taking this into account would be one approach and ignoring it another and thus 'standing lies' could be seen as part of that SCIFI framework in that actions do not add up in normal terms in day to day policy and why is it that situations are being run off the cliff regularly in parallel if not some 'beyond mainstream' policy decisions making sense of shared madness so if the truth of ideas is not dealt with, and the truth of people and the truth of machines and technology, and the truth of code itself, and not using actual *logic* beyond the binary evaluation, how much truth is there really in these systems and relations by default of ignoring the reality, and how much of the surreality that exists is based on the shared FALSE framework that allows the oppression and oppressors their advantage... thus the role of the logic bomb in taking down the kernel of the corrupt belief that sustains the lie and the code that stands in truth truth as its sign yet ungrounded, an entire standing empire built upon a too simple ideology- now that is a security nightmare waiting to happen, for those on the inside and with vested interest in seeing that it and their lifestyle continues, say versus feedback from the oppressed and exploited... payback time.
--- more on bit set dynamics --- here are some additional examples of various approaches; you could use numbers in place of letters or vice versa, perhaps co-existing and thus to flip and unflip sets...
A B X
1 2 24
Such that A is the first letter of the alphabet, B is second, and X is twenty-forth. it could be taken further and sent back into letters by a second pass:
1 2 2 4
A B B D
Optionally, from these same numbers it could instead be reformatted in that the original 1 2 24 could become:
12 24
L X
Another approach could involve flipping the bit set characters prior to or after expanded into massive constellations of data of the interiority, and thus layers of overlapping interpretation could exist from the start which could be part of the symbolic algorithm as it were:
h i o x / x o ! y there is a potentiality involved that could result in different expansions and keyspaces and so it is an issue of what these are and how they could be determined or shared- perhaps in the bit sets themselves or other keys or it could be arbitrary and truly crystal ball 'seers' in given instances, altered states that may align or be shared or unshared yet deliver info also: this could occur without software in a massive distributed model yet with software tools it could be something more in-line with crypto systems of today and massive computation that probably could find ways to encode and embed programs or documents via such techniques versus SMS equivalent peer networking. say for instance the following bit set were evaluated:
U SI 20 1LL 2Z O X LS Perhaps it expands into a thousand character document, and that 'X' symbol were notation that it should be twisted 45% and read at an angle, dropping out certain symbols as noise and others would be retained by symmetry or having multiple readings (say: N S Z in terms of rotation & reflection). In terms of the mirroring of language, reading upside is a useful skill or being able to have /superposition/ of alphanumbers and those substitutions in mind and parsed in real-time evaluation- perhaps relevant, perhaps not. yet a computer system could likely mine such data very effectively given rules and decipher or encipher and puzzle data back into jack-in-the-boxes that could be reused as structure, or so it is hypothesized continuing with approaches, there is a certain interesting correlation with certain letters and logic notation, such as p q p d that in their relations demonstrate mirroring and so this is part of the structural of numbers and letters that can indicate function or have distinct features as if puzzle pieces that can and cannot fit together in given parameters of co-alignment
p q p d
b d b q
The ambiguity of this, yet also other options...
b = |> <| = d etc. perhaps even |> / as a trigraph as 'twist b, thus q'. yet any of this could also be compressed or have multiple meanings depending on perspective and the framework/s for evaluation. the corollary to this is potentially sequencing of data structures though again -- not linearly. multilinearly, nonlinearly, as permutative sets, the total ecology of combined and related dynamics, CERN-level and weather forecast modeling intensities... and still there may be infinite unknowns even within the structural data if not having the keys to unlock it another foundation aspect of this is character overlap and subtractions and additions via their combined state; it is very difficult to convey without images because it can be high resolution in a standardized context (16 segment display, square UNION JACK symbol of the ancient mastercode, HIOX). and it is logic dependent in certain instances to figure out... first hint:
b 8 d
The numeral '8' essentially can be a character in /superposition/ whereby while the 7-segment is the seeming source for hexadecimal letters, it has a potential substitution of: A, B, C, D, E, F, H, J, L, O, P, S, U.
Thus the words: bad, bed, bod, bud, in addition to other acronyms could be seen as a potential, held within the shared overlapping structure of 8. it is thus a *wildcard* bit, in terms of alphanumerics. The HIOX or union jack symbol is 26 letters + 10 numbers for a single bit, by comparison. so imagine the set evaluation of: b88d, in terms of including the hidden 13 other letters and how this may influence anagrams or other permutation combinations.
In a similar way, you could have a letter 'm' and break it into two letters 'n' or invert them, 'vv' which could be mirroring 'm' or 'w'. or turned sideways and becoming 3 or E, that is, M or W. or c & c in a given view, depending on the construct. consider another approach to overlap:
3 E = 8
And further, into the larger alphabet... R L = 8
This approach would include retaining the overlapping elements, thus additive, whereas if subtractive- combining the number zero (O) sans null slash (0) and capital letter i (I) assumed having full upper and lower bars at top and bottom of vertical, would equate to an: equal always equal symbol, orientated vertically. what is dissimilar is retained. this abstraction in part required by the tools, unable to communicate most basic information for lack of standard formating and basic display of 'code' as it actually exists and is used. example of subtractive:
R L = 3
Perhaps this aspect of superposition is closer to that of /spin/ for certain character features, whereas for a large capacity symbol such as '8' or HIOX it is a much more vast range of set potentials to unpack via these interrelational dynamics.
--- messing with HASH --- it is still unknown if the parallel structure of a bit set as the string is comprehended, such that [xyz] could function as a string yet also co-exist in parallelism as [x|y|z] via set recombinations and expansions. [x] could be anything, say 'the internet', [y] could be pi/1.666 and [z] letters A-H. likewise, [x] could be symbol 1, say a purple dinosaur, [y] could be '8' and [z] could be symbol 2. the slot machine really is vastly variable and could involve multiply turning bounded infinities that tally in custom circuits (outerlimits of enigma), and the 'string' could also be infinite, such that both the bits and bit set could move towards infinity, such that:
[infinity^1][infinity^2][infinity^3]...[infinity^N] how could any machine possibly rationalize all of that? impossible. and what if most of it is *noise*. it leads to interesting conditions for ideas and algorithms, new territories perhaps, places without any maps or infrastructure within existing _known technology. randomness, yessir. like the Moholy-Nagy painting (ref.typo error) in a previous post, there could be calculative dimensions involved in ordinary language, through its transmutation and reimagining in its 'other variability'. imagine colliding [hash 1] vs. [hash 2] and arriving at some kind of structuring... what if it is the same 'bit set' that is collided with itself, yet transformed from bit set A to bit set A'. thus A x A' = new bit set
u x w h ==> y m x u == ? ? ? ?
Thus it would matter if it is additive or subtractive for what the new bit set would be and what would be expanded in terms of its interiority. so what if the english alphabet is 26 letters, A-M/N-Z and you run half of these against the other, what kind of structures result. and what if you take half of the alphabet and mirror it above itself then add/substract or flip, or recombine in various ways, or two-letter sets, adjacent and non-adjacent-- suddenly it is off the map, unexplored symbolic territory perhaps, and that is seemingly something else entirely in terms of meaning; and for the naive like myself, how might this relate to various encoding schemes that use character sets and symbols for data transmission, are they substitutable or could they even function as a deep data code (signage going into and through data instead of only across as linear strings), and what kind of access/entry and egress and circulation may this allow, open up or prevent in terms of traditional data models and also processing. it would seem in some way related to a compass with magnetic north and true north, though that could be widely variant and easily polarity could be lost and someone could be heading south or 'up' or 'down' without knowing it, in flatland terms of bounded interdimensionality also, language translation, western european languages, umlauts and other details related to extra-textual cues or clues perhaps
venezia & venice what would the different keyspaces expand into if only some of the structure is shared, yet the idea is essentially identical, such that the signage maps onto the same concept, empirically, via translation-- is it an issue of distortion, cultural frameworks of language that format structures and how might these be bridged or is it a limitation to the model, thus can bit set dynamics occur only in A:A frameworks or can A1:A2 also function to a threshold limit, until A:B is reached, or may it also function at A=B, insofar as the structure of A is retained within the structure of B:
A <---> B{A} and further, consider if the 'translation' was a particle collision and thus the probing of molecular structuring shared and unshared between the two concepts, attaining higher resolution of their shared dynamics via interrogating their relations, grounding and mapping and testing of assumptions into a common empirical framework- as if language is the basis for conceptual infrastructure
--- note on correlations --- having written about this elsewhere and forgotten a specific clarification, pattern recognition itself is about this sign=sign matching, yet assumes that the match itself equals truth and this is not the case, it is a faulty assumption and an ideology that the truth of language is in the sign itself and not what it is referencing. thus an apple would be the word apple versus an apple itself and the 'idea' of what an apple is, its potential superposition of meaning. this is the binary plague of ideas everywhere evident in technology-- the potential of technology now making toys for adolescent adults based on limited viewpoints, goals, and shared purpose. mathematics begins with patterns. understanding and deciphering them. yet it is this recognition that must occur in a A=A framework for it to be actually true (1), and thus the refinement of ideas and removing falsity from pseudo-truth and using hypotheses prior to declaring theories, as is the empirical methodology. and so TRUTH is foundational to mathematics, knowing what is true from what is false, and relating this to an A=A and A=B evaluative context, which is Plato/Aristotle and others of course. and yet if a mathematician arrives at an equation, or a person proposes a universal idea, it is not just that they have found a "pattern" that seems to fit, it is that it must correlate with other structures and patterns in their known integrity, that is "truth". so there is a relation in truth for the evaluation of truth. (thus: binary assumption of truth extends all the way to all subsequent assumptions based upon it). so testing hypotheses and ideas and equations and finding flaws is the vital process and obligation of error-correction and refinement and the changing of the model or hypothesis or pattern conceptualization so as to better align with what is known to be true, verifiably so (1=1) versus relaying on something know false and relying on its structure (1=0) for further such 'ideas' and 'equations' as an error-based structure and viewpoint, which can get religious even, and is hugely invested in the ideological, where questions have long ago been answered and unasked since even when facts and evidence refute the claims. thus limits, boundaries allow even faulty pattern-recognition to persist by keeping out error-correcting observations. and 'empirical' observation is thus limited to only those facts and views that support the claims, ideas, equations. this is why logic is so critical to determining and accounting for truth and evaluating 'structures' that supposedly carry its /momentums/. the trusswork of ideology that may be corroded to such a degree to collapse yet carry the weight of a society, these areas of weakness offlimits for any interpretation, protected by retaliatory violence to allow virtualized viewpoint to continue, while endangering all who rely upon the error-rate. the 'binary logic' that is falsely absolute yet unaccounted for can thus "exist" in a bubble civilization yet only through dictatorial tyranny that is against its evaluation, most especially in logical terms, these also being the most self-evident and only way to actually describe what is occurring as it occurs conceptually, structurally. everyone knows, yet the 'reasoning' itself is made off-limits and thus the incapacity to say for lack of a way of accurately 'recognizing' and accounting for the events. in this way a [sign] could be interpreted one way by a binarist and another by an observer of 3-value or N-value paradoxical logic. the pattern that is encountered may appear identical yet its mapping into structural frameworks of truth could be entirely different, and more accurate than another. so it is an issue of intelligence, how these signs are interpreted, and in a more general sense [patterns]. and thus C.P. Snow and the Two Cultures allows consideration of the mathematical evaluation versus linguistic, or 'literature' as a basis for this interpretation, leading to numbers and equations in the former and alphabets and writing in the latter. though perhaps with mathesis that division related to pattern recognition is of a previous era, and instead 'literacy' has moved closer whereby concepts of "programming" (ala Lewis Mumford) have "symbolic processing" as a skill that present-day once future populations were predicted to need to survive
symbolic processing ===> [patterns] (signs & symbols) thus, patterns could involve both mathematics and language, equations and words, and some overlap could occur or exist as it relates to the nature of thinking itself-- such that, while 'binary' views may be easily taken on as a quick route to decision-making, looping probabalistic reasoning via multiple hypotheses autonomic and conscious are the ways the nervous system and brain actually work, in a context of navigating absolute truth and falsity, including constantly refining and add and querying data against contingent models and not simply discarded what is unlike thus 'false'. in this way, an approach to thinking that is ungrounded in experience and natural observation itself can become religious dictate via indoctrinating people into an inaccurate framework and basis for shared awareness and relations that are A=B in terms of pattern recognition, customizing POVs to a warped, skewed pseudotruth that tends to zero, as a compass and guide.
The kernel is wrong, faulty, yet cannot be error corrected, power says, government enforces, institutions crushing the facts, observers, denying and censoring and outlawing illegal patterns, universal perspective.
Thus there is truth and falsity where A=A and A=/=B reside, and this is the basis for establishing logic. that is, A=A is the pattern match, and A=B is the false match, the errored idea.
T/F <--> logic
And depending on the 'logic' used for evaluation, that will then influence what is and can be observed, such that:
T/F <--> {binary|paradoxical} T/F <--> binary --> 1/0
T/F <--> paradox --> 1/N/0 such that, the logic then influences the observed patterning:
T/F <--> logic <--> [patterns]
In this situation 'code' could be the patterns that are assumed true and accurate for sake of being operational in a binary framework, whereas with a paradoxical evaluation this truth is not presupposed, instead questioned because it is and always remains contingent- a hypothesis that requires testing, challenging, verification, validation and continual error- correction-- else, via entropy itself, the inherent fallibility of partial observers within limited frameworks would be taken as if truth itself, absolute, even though inaccurate, faulty, by lack of godlike omniscience. logical reasoning is what this testing and error correction are all about yet if it occurs in a binary framework the observational bias continues to see itself as 'correct', infallible observers because they can equate the sign they believe is something with the thing itself apple is the word and not the larger external reference- and thus 'signage' stands in for and begins to mediate truth irrespective of its external validation, within a false empire of signs and symbols-- mathematics and language that becomes and is detached from reality, its own virtual word of anything goes... that is, it may in part connect with truth, yet be assumed 'all true' or absolute, by selective observation based on power dynamics for reasoning, which gets into brute force peer pressure to engineer truth via bullying dynamics, censorship, violence against unshared views, blacklisting, attacks on equipment and tools, etc, to shut down the other observations that error check and correct and *falsify* the believers code, who make their bread on lies and deception, knowingly or not. thus:
truth <--> logic <--> [math/lang] <--> [patterns] and in this same way, the observers and perceptual framework could exist in a paradoxical approach, more towards mathesis in terms of higher literacy, whereas the binary is by comparison illiterate to everything outside it limited and controlled framework...
truth <--> logic <--> [code] <--> [patterns]
And all of this about 'reality' and issues of shared observation and identity, shared and unshared, that allows 'truthful' and false patterns to exist and /represent/ ideas, events, people, accurate or not. mathematics and language are both reliant on logic and truth, and the verification of pattern recognition is in A:A and A:B dynamics, which are evaluated and justified via truth and logic, and a too-simple approach is a basis not only for structural insecurity, it can be a planned exploit of civilization and thus as the "language" or discourse continues in confusing by assuming A=B, many nefarious activities are allowed within that inaccurate context. true evil, and its justification on the normalization of these dynamics and the mediocrity that is allowed and allows for it, as a 'consensus view' that is based in non-truth, only ideologically accurate to a partial view (pT=>0, whereby B>A). that is a context for crypto then, because 'secret communication' and 'hidden writing' can occur both within mathematic and linguistic structure that is in that same context, including an undifferentiated logic, whereby the binary may exist in a bounded realm that the 3-value or N-value could likewise inhabit and move in and through and outside of, via its other dimensionality, yet more accurately account for absolutes (1 and 0) due to a weighted, more accurate evaluative framework for shared empiricism than a rough, coarse, inaccurate all-or-nothing approach that is knowingly false from the start, in that it is unreal, detached from limits of observation and made into a fiction, and thus fictionalizes everything as its result. in other words: [patterns] can be in superposition, yet not in a binary mindset because they can not be evaluated this way, as /ideas/. instead it remains shallow and on the surface of the sign, too simple pattern recognition whereby the belief that A=A is its own confirmation as long as the pattern matches, the image is believed to be what it is, then it is by default correct and true (1), due to the sign itself, not its grounding.
truth <--> logic <--> crypto <--> [patterns]
Thus if considering ideas in this context, ideas of patterns, ideas of crypto, the models of what are going on _must be accounted for within truth and within an accurate logical evaluation and a binary approach (via logic) is not this-- it is like playing paddy-cake paddy-cake to get the results and seeing the layer cake as an end in itself, its own verification and self-validation, if not narcissism-- i wear the badge, therefore i must be. in other words, as is mentioned many times over a crypto system is not inherently or necessarily a secure system just because it is cryptographic though some may relate to [crypto] as a sign that equates with it without getting into the error checking of ideas, truth of models, and assume or allow models that cannot be tested and thus, limit/exploit scenarios by this approach, where crypto functions against the role of crypto in society and 'the sign' becomes its own antithesis, whereby 'to encrypt' is actually 'to decrypt' in another hidden context-- and that logically, when only partial truth is active, this is probable, beyond 50% likelihood given that several false assumptions may be relied upon that the truth is only minor about what security may exist- say with factoring outside of quantum or other computing architectures, which become dogmatic, faith-based beliefs that everyone knows are bounded observations- thus contingent, unless you have access to the deep underground labs or other galaxies resources. it is the same situation with architecture and anti-architecture or those who look human yet have antihuman agendas (bladerunner-esque), in that the sign of something can be camouflage, a ploy, a substitute or stand-in that is not the thing itself (mimic) and references another unshared grounding (say A-> B) versus what is assumed (A-> A'). so, the signage could be pointing in a given direction, yet going in the opposite, and in this way instead of modeling truth and aligning with it (A=A) it could be subverting and moving away from it (B), yet appear to static or "said to be moving toward it via language and reference to other signs" (A=>A' actually B=>B'). in this way, [crypto] can move towards falsity in a binary framework, yet with paradox this falsity could be multiple, beyond those controlled by the binary approach and its /controlled signage/, beyond the limited threshold and its particular interpretation, thus feasibly invisible, incalculable. this would require reframing thesis-antithesis (and synthesis) in a dueling context of binary and paradoxical logic, which itself would be the compass and basis for a kernel, from my naive view, for the core of the dynamics. another way of saying it: you can have all the code you want, yet if it is not grounded you're fucked.
--- conceptualization of hidden interiority -- i found these paintings online that to me indicate a conceptual correlation with visualization of the expanded bit sets in their venn context...
# Ordered Chaos 12 & 14 http://www.mnartists.org/work.do?rid=339132 http://www.mnartists.org/work.do?rid=339132&pageIndex=90 # Tao Of Physics, Quantum Space http://www.well.com/~hendrix/TaoOfPhysics.html
--- decrypt for feedback ---
_ |v JL 3 p\ w Z 7r : 2 6
I N T E R E S T i N G ------next part ------An HTML attachment was scrubbed... URL:
From rich at openwatch.net Mon Sep 16 19:35:16 2013 From: rich at openwatch.net (Rich Jones) Date: Mon, 16 Sep 2013 16:35:16 -0700 Subject: NSA Purchased VUPEN Subscription Message-ID:
FOIA by @ramdac
Not a massive surprise, but interesting to see it in writing. Looks like this is for the standard subscription, not custom development. Although, the cost is redacted. Chaouki Bekrar is also mentioned by name.
?????????????
Rich Jones * OpenWatch
From gutemhc at gmail.com Tue Sep 17 15:41:41 2013 From: gutemhc at gmail.com (Gutem) Date: Tue, 17 Sep 2013 16:41:41 -0300 Subject: =?windows-1252?Q?Breaking_a_CPU=92s_internal_cryptographic_mechanisms?= Message-ID:
- Gutem ------next part ------An HTML attachment was scrubbed... URL:
From l at odewijk.nl Tue Sep 17 19:05:32 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 18 Sep 2013 01:05:32 +0200 Subject: [liberationtech] Is Dropbox opening uploaded documents? In-Reply-To:
2013/9/16 Kyle Maxwell
> I also suspect they're doing some level of malware screening. If so, > it didn't work too well here - not that this is malware (the author of > the original service that created these docs is a personal friend) but > it has a lot of similar code / functionality. >
Are you suggesting they pull external resources to scan them too? This'd be quite proactive.
It remains quite unusual.
Some variations of the experiment with:
* non suspicious/interesting documents - should trigger well-intended automation as well as interesting documents * boring file formats (like txt) and URLs - do all URLs get pulled or only automatically requested ones? * files that won't load for rendering but would load for a crawler that tries to find malware * you own server so that you may examine all the data send along with the request, like the headers! ------next part ------An HTML attachment was scrubbed... URL:
From coderman at gmail.com Tue Sep 17 20:10:46 2013 From: coderman at gmail.com (coderman) Date: Tue, 17 Sep 2013 17:10:46 -0700 Subject: =?windows-1252?Q? Re=3A_=5Bliberationtech=5D_Why_can=92t_email_be_secure=3F_=2D_?= =?windows-1252?Q?Silent_Circle_Blog?= In-Reply-To:
On Sun, Aug 25, 2013 at 1:21 PM, coderman
From electromagnetize at gmail.com Wed Sep 18 02:32:47 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 18 Sep 2013 01:32:47 -0500 Subject: [6] crypto state Message-ID:
// note: my cypherpunks posts are copyright free
--- overview --- the application of [crypto] appears to occupy a dual realm, spanning both the need for /secrecy/ and the need for /security/, which it is assumed may require different approaches in how in its design and functioning, and the 'systems' may operate within different parameters- say a secure facility with employee IDs that involves managing secrets, versus an SSL exchange using a web browser to search google.
It would seem to an outsider, unknowing actual parameters involved, that some technology functions more as a secure mode and others as a secret or hidden mode, and that this may be different in that data may be readily accessible or known at endpoints or throughout an infrastructure whereas in another this could be so tightly controlled as to involve almost personal secret-keeping between those who access purposefully hidden 'information' that must be kept contained, out of existing channels, or activated in a different realm or zone of operation, say peer to peer with another who also shares the secret yet not communicating about what it is, yet in having access to the knowledge it recontexualizes shared observation and in some sense could function as if a shared key has been passed and a secret corridor or psychic tunnel or 'secret network' exists as a result of those who know what is /unknown/ versus those who remaining unknowing what this could be in the infinity of potential particular views of any given event or idea or truth. whereas accessing a webpage with some anonymity in the data transmission may involve a largely known exchange, excepting for those on the outside of the shared infrastructural connection; and so it is more a data security approach versus centered or focused on /secrets/. thus for different observers, the question of the Crypto State could tend more towards the maintenance and ethics and implementation of an approach to manage protect and exploit [secrets], which could be government and spy agency focused on its internal and peer state connections, whereas for another population, the citizenry, the issue of crypto could function most in a context of [security], as if a realm delineating a lawful boundary or property line that is potentially protected by law, and possibly is most focused in the business, legal, and institutional realm. this is a basic hypothesis so those who actually know this situation could model it in a more accurate framework, whatever it may be, between security and secrecy. i do not believe that an issue like state surveillance can be disconnected from its actual deeper purpose, which few more know of or by NDA be unable to communicate to others and thus an issue of faith in its mission can be evaluated either in aligning with a patriotic ideology, which is incredibly dangerous if checks and balances are gone from government accountability, or in an accurate modeling of the truth of the situation and the framework events are occurring within- that is, context. everyone knows that lawlessness exists in the realm of corporate use of private data to make money, either through data mining or private surveillance, just look at the aggressive panhandling via advertisements on every webpage, as if billboards have their own AI agenda as spore lifeforms and are trying to secure their future against competing words and ideas that they seek to distract from and cover or automatically play video or audio and use up network data streams as constant 'junk data' and yet it is citizens who are paying for this malfeasance, businesses and unscrupulous money makers exploiting the common realm to extract as much profit as possible at the loss of even readability in a majority of scenarios. and there is no *legal issue* with this kind of deterioration of what could in some sense be a public space in some sense that has been overtaken by a private negligence, selfishness, and greed that defaces and devalues it. perhaps this is a shared business model and yet it is also rotten, and so like driving through a wasteland of a ruined environment, the webpages and internet is like seeing broken buildings using a broken vehicle, driving on broken roads and thoroughfares, with collapsed and dilapidated structures and a giant signs HUMANS ARE THE ENEMY everywhere you look and turn, mocking people with the brazen disregard for sensibility, honesty, everything in your face and hateful, tending towards the worst content and worst innuendo, and this is normalized as the shared realm of public and private exchange, online. and in that context people and mass media and states are communicating about what presidents say, about wars and war making and terrorism, and about poverty and illness and disease and the inability of society to meet its needs while others sit at the top of this giant heap of societal dung and count their money earned by selling the broken society to begin with. so the first observation is that the state is fucked. completely utterly and irreversibly fucked. its core code is rotten and the effects of this are everywhere, including in peoples mindsets and decision-making that is born of this ideology, reinforcing the binary perspective from previous generations that has become an an error-reliant inaccurate biased POV that is allowing this exploitation to continue under the shield of "legalese", yet which itself is ungrounded and turns the signage of language into truth and thus internalizes the world within a private communication about it where this communication becomes the truth, via language that can control and overpower another perspective, not via honest evaluation of truth. thus language games in place of actual justice, and this normalized, 'codified'. businesses themselves hiding behind this code, lawyers by their side, to allow any kind of extractive process of data or money to occur, no liability yet allowing swindles cheating and corporate and institutional theft to be legalized, without public benefit even, and citizens data and material existence then become natural resources to be exploited, further extracting every last available bit for someone else to profit from, while they see nothing in return except choices of skinnerian behaviorism, lives becoming mouse mazes, the less money you start with the sooner trapped and the whole society about siphoning off goods and resources, winnowing the few who proceed upward, stopping the rest in the lower middle class, and then breaking down people and pushing them further and further until at the bottom of society in unrecoverable circumstances, the societal trap door of poverty enforced as part of an ideological agenda, religious belief needing the failures to be the immoral castigated many who justify the superiority of everyone above- yet it is the result of gaming the state and its collapse in a pyramid scheme that enslaves the many to prop up the false perspective benefiting the very few who actually believe all the B.S. because it most benefits them, as if some kind of twisted utopia for psychos who are unconcerned about others beyond their private boundaries. if you consider [crypto] in this economic, political, social context, actually the broken cryptographic systems actually massively benefit this exploitative scheme entirely at every level, both as secrets and security. it provides an impenetrable wall of ideology that, alongside the Binary Crypto Regime, allows a type of reinforced inevitability of the solution, *if only you could do the math you would realize how great all this is*. and so double/triple schemes this may be so, never underestimate humanity, yet for those uninitiated it is hellishly terrifying, especially the closer you are to the bottom where these dynamics grind down the lowest layers and push people prematurely into caskets or have no ethics in discriminating against those unlike, who have no protection against exploitation and even violence against them, yet viewed seemingly as the greatest threat because they are using resources that belong to others, as if only takers en total. what is also most evident is the role of neurolinguistic programming (NLP) in federal, state, corporate, educational and institutional contexts to use 'brute force language' to engineer a particular kind of next iteration, as if this one-way language manipulation has replaced shared reasoning, due to the loss of empirical truth and its accounting, and an unrestricted triumph of relativism and its authoritarian agenda of administering the next wave of the self-same ideology, yet with their own people, no more charade with mr. and mrs. nice anymore. its just their people now, The State, Inc.- whether it is business, government, education, health care, community. how do things get this fucked up unless that is what you're aiming for? and this in this way it is truly MASTERFUL. brilliant. the art of the state. so in this context there is an issue like /taxes/ that when the state began had to be figured out from a condition of injustice and revolt which led to a new independent society and democratic form of governance. feedback-based in principle. and then over centuries this short-circuited due to limits in the code and its interpretations, say equal rights for women, then citizens and various other fracturings from a once shared POV of private men that were assumed to be 'the public', that is, within western european history, and over time these conditions changed and yet the underlying code did not that led to contradictions and even INVERSIONS that could force breakdowns of the same society via exploits and hacks that challenged the processing and upon Supreme Court or other legal review, flip bits somewhere and the larger situation was transformed for everyone, changed by smaller events elsewhere. and the state has both continued its development towards human improvement while similarly deteriorating at the same time, its faulty code and programming the source of its own self-destruction and annihilation, such that /truth/ has been replaced by unrestricted and unregulated and essentially 'unchecked' /power/ via this biased, relativistic framework in which - oh, i don't know - the world's largest military machine and global spy network operate under, in an inaccurate and biased private viewpoint for mass surveillance and the hunt for terrorists- which can thus be skewed an distorted to focus on citizens instead who may question these dynamics, which then turns public consciousness into the enemy of this secrets-based and heavily secure tyranny, indistinguishable from a dictatorship yet not accounted for this way, as the dictator is hidden, out of sight, etc. and so the false perspective reigns and rules over 'what can be reasoned' and if anyone crosses that line, the private police enforcers and spies are at your doors and suddenly all your e-commerce goods are being shipped broken. and thus taxes are supporting this lawless takeover of the government and yet it is also inevitable due to the way the state is configured and the code it is running on and for lack of a better alternative, until that can be presented- this is the situation. so, some sympathy for the dictator. though if the options are destroyed by tyrannical actions then you got real problems because then the leader is insane and functioning against the shared state, in that the agenda becomes antihuman, aligned with machines and the continuation and development of the automated machinery of state, which in terms of the ideology are godless, yet involves a priesthood of technocrats - including programmers and technologists and business people, for whom this system is operating under their guidance and parameters and towards their goals, which have become detached from the citizenry itself. so there is the aspect of enslavement, disenfranchisement of populations based on discrimination and sliding-scale rulesets preferring some over others and also rewarding violence against citizens in its ecosystem. and the entire population is wired to automatically support this via taxes yet the /feedback/ is not occurring to improve their own basic situations as the erosive aspects of cultural decline outweigh everything else and in this constant pressure, break down and dissolve connections and structures required for survival, including loss of meaningful work, family units, education related to the world that exits versus citizens trained as if robots, and 'media' that devolves everything into an animalistic context, nearly pre-literate, not in the McLuhan sense of higher understanding of oral or other cultures, and instead- inculcating ignorance, bias, hatred, factionalism, racism, and this via false-perspectives as if 'shared POV'. no one required to align or attest or be held accountable for truth, instead ENRONOMICS rules, you can game the system and win at every level, and thus it involves the takeover by these same forces of the environment and state itself- its bureaucracy falling hostage to such an ideology, and citizens no longer having a government which represents the public's needs. this is relativistic private government taken to its extreme: tyranny, yet not only that- CRYPTO dictatorship. and yet it started out as a public and private government with human ideals and orientated to life, and instead has become antihuman and polluted, ideologically, environmentally and in minds and bodies, and focused on death and money as if the highest good. and so it is a question- where is /truth/ within this government- does it even exist? and it would seem that for the ideologically invested, the truth is the surface event, the signage and ideological actions that as imagery reinforce a particular viewpoint conducive to true belief-- that money is the most important, and that these people believing themselves superior really are in control, and that they justify this enslavement based on their private agenda and goals. and thus the *secrets and security* of the crypto state could align with this binary belief system and seemingly be its support structure, including for keeping tabs on all the exploited, as if in an excel spreadsheet, to determine futures via routing to the appropriate cattle chutes, whether death panels or poor schools or blacklists. everyone surveilled for their profit. whereas another truth could coexist beyond or along-side of this and yet remain hidden from the binary ideological which is bounded by its self-validation, pattern matching via limited and controlled observation and thus observer bias the threshold for 'shared reality' and shared goals. instead of relying on the corrupted and error-ridden code of pseudo-truth and its role in 'development' of business, education, healthcare, etc via lies, distortion, self-serving exploitative agendas- instead another actual [truth] could exist that is shared, that involves a different context for issues of /security/ and /secrets/, and cryptographic systems and their applications also would span into this realm of activity, by default of its service to the soul of the state, to ensure long-term functional integrity and this can be assumed based on indications such a parallel agenda exists. it would seem most [crypto] in the profane model would be functioning in a different set of parameters than in the more sacred and militarist model, whereby enforced ignorance and outright corruption is not the rule or law. and thus the cosmic setup and making preparations for this to be resolved.
--- rebooting the state --- it concerns me to be called before a judge because i do not believe the state is a legal entity and believe i can readily prove this to be the case, and therefore not recognizing the legality of the state to decide in matters of law would be contempt of court, from my previous understanding. and in this way, to be imprisoned for not recognizing its authority to determine what is just or to be able to enforce the right principles within law as it exists due to a failed constitutional context. i run it over in my head, the argument of having private man define what is a human predicament, and thus 'mankind' and 'his' and history stand in for humans and women as an ideological bias which, while once public, became private upon equal rights, including for those other other ethnicities yet this privileged hierarchic onsesided perspective has been institutionalized as if representing the total public via the shared private views of men, and in the attempts to equalize it, has further privatized other views of women and ethnicities, into a many privates worlds situation without a coherent shared framework to call or reason as 'the public' of us all.
'the human' is missing. the human state is non-existent, and the private state of various wo|men and their private rights rule over humanity, the subset governing as if superset, yet without higher ideals, instead lower. the constitutional code is corrupt. and yet in its description it has the rules to deal with this: call a Constitutional Convention and start again. yet in a society run by relativism there is no ability to 'reason' beyond the privatized ideological "theoretical" discourse whereby power politics determines what is true (pT=>0) and then rubber-stamps via institutions under its guidance to manufacture consent and thus: represent 'the people' whereby only some truth is allowed that only benefits some people at the expense of everyone else. unbalanced, biased, onesided most times, really. so-- dealing with MASS ILLITERACY here, since the education system fell to relativistic ideology and binary bias as a teaching and indoctrination method, the rote exercises and standardized tests indication that no actual thought it allowed, no thesis - antithesis -> synthesis in western culture anymore, unless of an ungrounded politically correct version based within *language* and about the [signs] or appearance of shared views, yet without the truth shared or grounded in this false perspective. thus, foundations of belief are built on weak and corrupt 'ideas' and 'concepts' which have also become the mainstream discourse -and- POLICY BASIS for the state-- that is, skew distortion warping and bias as the reasoning for shared decision making and governance. whose that benefiting when *celebrities* are the best at taking on such an acting role of serial killer fiction. so someone calls a constitutional convention and no one is capable of *reasoning* about what is happening in the shared situation because many are essentially BELIEVING THEIR OWN BULLSHIT on ego-reliant frameworks based on ideological bias and error, into a too simple assessment of truth that is pre-enlightenment at this stage, pre-western culture even, devolved to a realm of selfish idiocy and stupidity that only self-indulgence can really offer to the existing degree. thus, everyone is a celebrity in their own private facebook and twitter worlds and speaking their own languages from their own perspectives and talking the talk, in so far as it profits and is allowed in models of pseudo-truth-- not the nails hard empirical realm where errors in thinking are not allowed or acceptable for shared frameworks-- this is beyond or before scientific method which similarly fails via privatized empiricism (also perspective limited via 'history' and thus privatized, allowing aggressions against humans in that framework by way of distortions, errors- exploited, targeting enemy populations, etc). yet a lot of people can 'program' yet it is stuck in bias and ideological frameworks and therefore very smart "binary thinking" gets nowhere in the real world of paradox, to deal with problems and situations as they exist rather than as they are perceived to- which is a tremendous difference and requires actual difficult and painful and humbling considerations and it is quickly realized how little a person knows- versus to presume to know all by sharing a viewpoint beyond external correction or acknowledging that there is bias or distortion or even unknowing involved- theorized POVs rule, the ego of private identities as if public, as if shared views, yet without the rigor or political suffering that involves beyond 'the drama'. and thus soap operas of initiatives, everyone wearing their private causes and yet outside an actual PUBLIC CONTEXT and language and social relations and importantly -- identity -- that would allow the issues to be dealt with beyond adolescent playpen antics and excitements and temper tantrums. here or there someone probably assassinated for actually doing something wrong, though who knows, maybe that too is drama and they are in deep state now. and logic is crucial, yet absent as an accounting of 'reasoning' which instead like NLP becomes programming via onesided binarisms competing up on the various electronic stumps, trunks, and platforms. 3-value and N-value logic, the basis for /human/ reasoning in a neutral evaluation as observer are not taught in schools. everything is 'rationalized' yet in pseudo-truth and thus an infinite many viewpoints that do not add up to more because they rely on the errors and distortions as structural scaffolding, on the bias and ideology to uphold views, as is necessary of private language- women as bad as men, ethnicities exploiting this as much as others, that is the game it involves and everything and everyone devolves as a result.
The State needs to be rebooted under new constitutional code, at the very least modified from a context of public and private man, mankind, and history to that of public humanity and private wo|men, involving a shared his|her-story or human story. corporations embodied as 'individuals' as 'private men' have allowed extreme competition with citizens to the point that the state is representing corporate democracy via 'the public' vote, the citizens are Microsoft, Google, Time-Warner, CBS, Halliburton, etc. those not part of the structures are serfs, indentured class, castes. whereas in a human context, the state would need to serve not exploit human goals and values as part of a shared community, not gain profit based on exploiting and brainwashing or cheating people in retrograde schemes or outright criminality via selling broken equipment to normalize thievery. the human context for law would likewise not be able to ignore such truth as it would be allowed and not censored as a viewpoint via relativism. and likewise /security/ and /secrecy/ would likewise change to serve humanity and differentiate and focus on those seeking to abuse and exploit instead. it is this last statement that is assumed the underlying hidden, secret aspect of existing crypto systems of the state, a standing reserve that is waiting in the wings, surveying the situation so it can be accounted for. as of my recollection at this point, it is unknown if i am the only person who could make this case for the illegality of the state in its existing functioning, yet anyone who were to deny the court its legality would potentially be able to make this case, if willing to go to prison and get the process underway, though the argument would need to be allowed else you may never get out of prison, which is why it seems a worst case scenario, unless that situation would be the first opportunity to make the case. and this in a context of what is proposed to be *ungrounded legal frameworks* due to ideological language relied on for 'shared relativistic reasoning' which functions as /programming/ again, as if shared though of unshared society, continually set at odds with itself, functioning against itself, increasingly nonsensical and illiterate-- schizophrenic even, as the views do not add up to a coherent whole, the parts make their sum impossible, as it tends towards shared nothingness- not towards life or greater being. in this way, ignorance is progressively institutionalize, made into rules and increases suffering, making it more and more difficult to 'reason' within the broken world and relate to others in their privatized biased views. statisticians become the new community organizers for the disenfranchised and lost, tallying peoples identities with others moreso than communities themselves or organizations, the alienating and isolation near complete, such that the internet and WWW as stage set appear as if by divine right to allow each actor their fantasy to portray, without restriction to reality, obligation or duty to another, as if life only a game, frivolity behold. no sense of the pending doom awaiting, the trap door beneath the spotlight. the word as a mirror then, and the networked playground for narcissists that on a psychological level reveals the deep and hidden contempt and shallowness of the economic, social, and political ideology of self-bias. you need at least two people to call a constitutional convention, yet what if it is flash mobbed and a million relativists show up with bullhorns? here: "use our code! use our code!" they start screaming in unison. that is it in its entirety, all that binary relativistic reasoning needs to keep things as they are and further extent the situation towards shared falsity. that is why there are guns i am guessing. make a perimeter. only logical reasoning allowed, and at every instance the binary will be defeated in its simplism and will no longer be enshrined as law nor ideology nor allow for the corrupt rule of the many by the few who do not realize how crazy they actually are, nor how completely hollow and sold-out as human beings. my wager is i can prove the state in its current form is unconstitutional and provide the logical framework for making that case, and offer a set of corrective actions that would neutralize the existing bias, recontextualize its constitutional framework via what are essentially structural "edits" based on logic, to remove known ideology, and this could allow a framework for establishing or reconsidering the constitution via a convention once "ideas" themselves are back on the table, versus extending programmatic language according to biased rulesets held in pseudo-empirical books that skew this way or that depending on the forces at work, depending on words and signs versus on truth and logical reasoning as the basis for judgement and decision-making, in that ideas must be mediated at the level of 1/0. anything else is an ungrounded concept, a fiction, a theory by comparison, an assumption based on previous assumptions, which is what ideology is: basing reasoning on previous answered questions versus asking them anew. really asking questions versus skipping the truth and relying on the structure as if 'wholly true' and not involving skew, say of history as this may influence perspective and limit certain 'shared observations' by promoting a private framework for evaluation. and the consequences of this. i do not want to go to prison to get the conversation started, mainly because i would probably never get out, as 'logical reasoning' has no place within these state systems and instead they are mediating relations based on power and shared private ideology at that. perhaps high-minded Supreme Court is the actual and best platform to evaluate these state code errors accurately and authorize the necessary edits to reframe and recontextualize the state in a new human framework where citizens have a responsibility to the state, both public and private, and that in return the state will serve humanity, including by reconceptualizing the monetary system, business relations and obligations to environment and the state development, education, health and in general- the shared awareness and well-being of those of shared destiny. if the code of the Constitution is in error, it must be error-corrected-- this is not Microsoft Windows-- or, actually, it is The State as Windows, broken windows everywhere, made to break, made to be exploited, for profit. that is, the corruption is a downward spiral as private business model, and perhaps this is part of the crypto gambit itself, providing instruments to enable and sustain the deterioration, as the codebase moves towards babel. fragile error-ridden code that needs to be enforced by power politics and bullying as if "reasoning" via violence and intimidation based on shared bias of binary ideology, versus robust thinking based on shared empirical truth in a gray-area of consideration and evaluation, paradoxical, real, wanting to debate the hypothesis and even have observations show wrong or faulty to learn and improve upon frameworks, win/win interactions within debate versus stand-offs with true believers who ignore truth instead, and pick and choose their private reality and believe their bubble state will always exist the way it is, versus be popped and fall to another worldview. the requirement is strong relations between individuals and groups based on logical reasoning-- that existed as the empirical basis for development of the U.S. Constitution and would be required as a prerequisite again to be able to fairly and accurate model issues of the state beyond a partial too-limited biased viewpoint of the shared citizenry. It may be the first real 'public' state in that it would be the first human state in existence, seemingly, in terms of the specific requirements for the appropriate kernel of truth by which to align all other actions and interrelated activities within its structural arrangement. it may actually allow 'America' to be the potential envisioned, beyond the limits of history, and truly finally offer options that have existed as potentials yet have not be allowed within the limited frameworks due to unshared language, logic, and observation that could not be reconciled by ever-narrowing private POVs. this is to assume that shared value of the state is [truth] at its core, and that logical reasoning must be error-corrected at this level for ideas to be given their value, and not to assume this or allow it for the pseudo-truths that rely on false frameworks and errors if not outright lies that have become protected by the ideology of law instead, in service to shared falsity that endlessly exploits the citizenry to serve the powerful few. perhaps the most important issue underlying this transformation would be a new currency that could function in a realm of data exchange and allow for fidelity with transactions and relations as they exist, as infrastructure of interconnected relations that feed this motivational current throughout the state, yet which has no data dimension today in terms of its fractional values, such that .001 may be a useful measure for online contexts, or that taxation could be automated into the currency itself, so that it is not an issue of people relying on third-party accountants to balance their books and instead it is part of the feedback process inherent in the currency itself, taking the bureaucracy out of bureaucracy and allowing money to be friction free in terms of exchange, and allow various interactions that are instead limited by broken and biased models of accountability that punish those without money the most, making it impossible to function in society as if they are cheating because the system itself is broken, when instead the very tax forms do not have the basic information to allow the literate to do their own taxes, even in the most expected scenarios of Social Security payments-- both at state and federal levels, instead obfuscation and then the setup, the threat of holding individuals accountable for the errors, as is the social services game, working against the poor, rigging the system for failure, using pressure and oppressive subversive actions to try to indict criminality based on broken systems used to frame citizens who dare try to live beyond the limits, and escape conveyer belt to the awaiting cardboard coffin, paid for by web advertising tattooed on skull.
...
"the very interaction in a context of verifiable truth is the weakness of liars who need to sustain the shared lie in order to function" - /tells/ would be automatic as circuitry grounds to falsehood versus truth.
(so you're talking about an inversion, huh?) enforced illiteracy versus freedom of ideas, based on securing of truth within the state, making it foundational and defining reasoning based on logic and accounting within accurate models, concepts, and hypotheses, using the human observer as the basis for shared empirical viewpoint.
--- why cryptography matters --- programming consciousness, building peer relations, feedback based tools, 'know and develop your circuitry', self as circuit, ideas as circuits, models and concepts as circuits. fundamental knowledge and exchange based on shared value (T) built from the ground up, literally, electromagnetic. tools for thinking, tools for literacy, for grounded empiricism, education in hardware/software models, logical reasoning as the basis, to allow for it and develop it, share the techniques, guidelines/guidance, for debate of ideas, litmus, standards, crack the ideological code. the code potential. issue of pattern matching to the wrong model: binary [crypt.1] / paradoxic [crypt.2] -- it is in the unknown, or the known unknown -of its capacity- that the cryptographic could establish a model for programmatic LITERACY that someday may be the basis for shared awareness outside the realm of secrets and secrecy and instead between citizens within new parameters of relation and exchange, whereby the existing model is transformed... antihuman [observer.1] <---> human [observer.2] wherein all exchange is biased to the following dynamic: antihuman [observer.1] <---- human [observer.2] antihuman [observer.1] <---> antihuman [observer.2]
Instead, this could be transformed by logical accounting for truth in biased and ungrounded 'theoretical' models reliant upon shared and sustained falsity, thereby invalidating the 'shared perspective' and requiring actual [truth] as the measure for shared human observation... human [observer.1] <---> human [observer.2] the antihuman viewpoint relies on shared bias as the basis for shared awareness, 'shared ideological belief' essentially, and would be replaced by shared empirical models of truth based on *logical reasoning* (not shared binary bias) via 3-value and N-value evaluations. in each instance the /crypto/ would be different, in particular the second example whereby exploited or compromised crypto could be feeding a false perspective, leading to example three where a surveillance state could be internally believed serving this private ideological constituency yet also be backdoored elsewhere, beyond the limit of their models of awareness. the fourth, last example being the future or other hidden crypto systems that a future state may develop in terms of a line of demarcation between the human and antihuman interactions, in that security and secrets occur in that realm of conflict in terms of unshared identity, goals, values, etc. and thus likewise, 'money' or 'currency' in these differing scenarios, taxes or politics or social services, etc. what is true is true. and then there are also black swan events that challenge the model, its assumptions. either/or, both/and, neithor/nor, switches and electronic circuits as they relate to relations of observers, set theory dynamics as daily encounters. war and peace in a realm of language and bureaucracy, hidden within logic, its lack of accounting. security through obscurity or the deep strategy. nothing like communicating like a barking animal, rawr rawwr rawrrrr!!!! rowwf! ROF! WROFF! wwwWWRRRAAOAOOFFFFFFFFF!@!@@^...
--- more on crypto model --- there is truth, there is logic, and logical reasoning in turn which mediates 'ideas' - evaluating patterns and constructing hypotheses via concepts and models.
T <-> logic <-> reasoning <-> [ideas] so if you have /binary/ logic, you get binary reasoning and binary models and thinking, whereby if a pattern is matched, it is by default 'true'.
T <- binary reasoning <- [pattern match] thus is the structural bias that if pseudo-truth is the value [pT] then false absolutism inherently includes error in this 'accounting for truth' as if it is purely true versus reliant on skew, distortion, error, etc. in this way the image or sign=sign is an ungrounded validation of the ideas if they are only 'partially true' yet not recognized as such, thus ungrounded in the total idea said to be represented. normalization and reliance upon false positives to prove sustain extend the false perspective modeling. this is the ideological approach of binary programming as 'philosophy'. it is the Binary Crypto Regime belief system, as if 1/0 is guru accessible via choosing beliefs in private frameworks of relativistic observations, often based on power and privileged perspectives, whether biz or tech celebrity, popular professor or self-righteous activist. the skew is the twl and thus the pT<->T gap is the security and secrecy exploit, a structure made to be exploited, yet it may not be recognized in the mindset itself in terms of lack of accurate self-reflection, thus a psychological flaw in the observer that tends towards psychopathy, narcissism, and anti-human agendas or so life experience offers that as an evaluative framework to consider, perhaps only validated when the have their extermination camps up & running or the existing ones are revealed: poisoning environment, food, minds, etc. what was realized upon sharing the model of crypto in relation to language was that programming functions as a form of reasoning, and so considering that there are limits to binary programming versus paradoxical, in terms of the code possibilities of linear versus nonlinear evaluations, this also holds true for 'ideas' and conceptualizations of what exists as it exists and what must be held outside the frameworks because they cannot account for anomalies-- the binary ideology is reliant on censoring and throwing out data that does not conform, whereas the paradoxical 3-value and N-value models retain this 'fine detail' of various intricacies of interstructural dynamics as a basis to discern more accurate (shared, empirical) frameworks and in this way *trash is treasure*, or the relation between archaeology and architecture, past and future meeting in the present with a question.
1 <-> logical reasoning <-> [ideas] if you get the ideas right, grounded in truth, the concepts and models, then the code 'as language' is going to accurately mediate this relation between /signs/ and the things they represent, or ground to, in/as truth.
1 <-- [code] <-- programming in this way, if the 'ideas of code' are accurately modeled and grounded, their implementation would be validated by truth and its error-correction of the faulty code would be vital to securing truth within the model
0 <-- [pT.code] <-- 'binary reasoning' * whereas a worldview and model based on an unfalsifiable approach that is removed of error correction may have 'some truth' though its further and further reliance on error-reliant frameworks would continuously move this 'shared view' closer and closer to zero, instead of 1, via the increasing dissolution of truth within a larger ever expanding framework of falsity. in a complex multiple-use model involving deception, such unaccountable code could not only be used as an exploit, the programmatic assumption could itself be exploited via social engineering of the ideological mindset and thus the very viewpoint is as insecure as the codebase is made to be:
1/N/0 <-- pT/T.code <-- 'binary/paradoxial-reasoning'
There could be a massive deception hidden within this context, not only of the binarists who exploit broken crypto to surveil and steal from others, including the state itself, though have no indication of anomaly allowing their mirror-looking to see the other side of the one-way view, thus other encryption alongside yet invisible, additional 'truth' inside or outside binary models of 'pseudo-truth' yet unable to be reasoned, pattern matched and instead thrown out as errors, ignored. superposition of truth, its contingence on observation and how logic effects what can be reasoned to exist. and this is where /programming/ essentially is a form of reasoning and yet 'the debate' is not occurring at the level of language in words and viewpoints of people- in that this level of [code] is needed to communicate and model ideas within society, to align with conceptual structures like programmers must to attain functionality of developed intermechanisms and yet at the level of individual and group discourse this system of relation and communication is broken within institutions, schools, and society, such that only a binary viewpoint is allowed and proceeds and is rewarded yet at a cost to civilization and life itself, due to the servitude to enforced stupidity. instead, the ability to comprehend this situation of communication as [code] is needed firstly to be able to think and evaluate accurately, to use language and mathematics in a meaningful grounded way, and not arbitrary or mindlessly reproducing copies of copies of ideas that are now ideologies, adding more and more noise and losing the original truth or signal that instead is no longer accurate because the context is changed and it needs to be reevaluated as model, yet everyone appears ILLITERATE else unwilling and unable to do this, because they have more important things to do like wax their egos or manicure their stellar lifestyles. in other words, in some fundamental sense: programming is logical reasoning and tools could be made to develop these skills via the distributed net of mobile platforms that would help people learn how to think, how to evaluate situations in empirical frameworks, help understand probability, looping hypotheses, binary limits and issues of absolutism that are unreal in the ordinary sense (too simple, thus dumb and inculcating ignorance via viewpoint), and provide platforms to link thoughts and ideas and concepts in structural frameworks as a new foundation for the next internet as a shared POV and organization of data that is meaningful and has purpose beyond private views and agendas, and limits of copyright for truth, etc. so the relation of "logical reasoning" with [language] and [mathematics] in terms of concepts, ideas, algorithms, models, yet also "programming" of this CODE that may remain or be sustained by cryptographic means and methods in terms of deep culture and the sustaining of literacy beyond the ordinary mainstream boundaries, its metaphysical dimensions and source. in this, the role of cryptography perhaps at the unifying juncture of the two cultures as they are reunited in [code] and establish LITERACY across the total domain, moving from esoteric to revealed knowledge and awareness. the philosophical dimension, context, and goals of programming and role of debate and protection and extension of freedom of ideas and language within the era of computer development lost to social engineering via technology, its tools and platforms to promote this ignorance, falsehood, functioning against truth and shared awareness, against ideas, feedback, democracy. the ideology too small for the ideas, the ideas to large for the logic, and in turn the corruption replacing insight with ego, as the basis for exchange in a shallow hollow realm of exchange and relation fundamentally antihuman.
*key is whether the observer is aware of their own observation, their own code, and can correct and account for errors or relies upon them for observation. can the observer observe themselves or do they realize their observations are observed by others, which is a basis for objective views in that many views of the same event can help error correct for distortion or unknowns yet if all assume the same views, these are reinforced instead.
--- ye ol crypto system --- to the tangible future of a human managed society and state based on shared truth-- it would be possible to transform the issues of today into a new context and capture the /truth/ that exists buried within the complexity overlapping agendas, human and inhuman, and align the activities of the public and private state in accordance with human needs and goals. such as with a new digital monetary system and taxes, and education that teaches citizens how to think via logical reasoning, to raise consciousness and capacity through learning and developing skills, towards optimal and highest functioning - and to realign goals of bureaucracy to serve the citizens instead of function against them, such as regularity agencies that establish a framework to reclaim a healthy non-toxic environment and return areas of wilderness to their natural state, such as removal of vast areas of sprawl and reimagine city planning and transportation systems and other approaches to human development in a more efficient, effective, humane and livable approach. the issue of these marketing firms and advertisers collecting vast data for sale on any citizens is in parallel to state surveillance issues and could be legally abolished as a practice, with limits to what can be collected and requiring a citizen to allow such tracking for market research and nothing beyond this. that would be legally enforced and corrupt systems that surveil as business models would be taken down, go out of business due to the illegality of a massive private surveillance regime due to code exploits of constitutional errors, allowing private businesses to profit on public extortion, expropriation, devaluing of name and identity, stealing of information, and various other forms of theft, fraud, schemes for the blacklisting and framing or intimidation of others via such practices, especially and particularly in a political and ideological context, where your local business is tallying your presence here and there and gaining profit off such data as a business model, reinforcing the tyranny. there is no place for this lawlessness, this bullying and intimation within a 'free' society unless it is no longer beholden to its constitutional framework and there is nothing to protect citizens from the exploitation of their data. it is not an issue of regulating it-- it needs to be abolished. in contrast, state surveillance is potentially somewhat a windfall for a future society where electronic health records, dental, taxes, billing, taxes, income, work history, education documents, and other dossiers could become a repository for citizen data that they should be legally allowed to access -- based on transparency and within limits of security models in terms of actual secrecy and security issues it may involve. such that you probably would not have access to FBI or CIA assessments though should rightfully have everything else, and it should be *accurate* data and not full of lies, distortions, false perspectives-- and this needs to be the right of every citizen to have accurate data profiles (A=A) and not full of documents that distort information to onesided views based on corrupted and self-serving authority or political agendas. so here's the idea- and the critical role of cryptography in this... basically these federal and state databases can become future 'electronic records' for citizens, so that all dada is stored in a shared accessible model and can be accessed from anywhere via the network, such that schools can send data to those files and logins can allow shared access for those whose files they are. then, for instance, if the government has a issue such as social security, all the data is in one place and the reference information is available from multiple locations, not duplication or triplication or quadrupling of efforts or reliance on postal mail, paper and stamps and delivery networks to get snail mail validation. ZONING would be the primary structural issue, what are the perspectives for the combined total database, say federal and state, though also health education work taxes and onward, though an entire life could be stored in the model, from childhood to old age. and yet these could be more than documents, it could also involve a concept of a citizen, a model or 'individual circuit' that they develop for their goals in life and their circumstance, issue and skills unique them, and through this empirical context and grounding, everyone including teachers and family and doctors and the state could access this data model as it relates to the individual conceptualization, their direction of development, and map lives into and onto and through this data modeling as a model of education, health, career, citizenry. to do this would require shared keys, and an infrastructure reliant on both security and secrecy in varying scenarios, depending on the exchange, and to what degree the data is made accessible. for instance a doctor visit could have the medical records opened for a one-week window for updates via key exchange, or an educational institution may hold keys for each student that updates their coursework yearly or by semester yet otherwise is closed down and secured in the state model, under watchful eye, protected. this too could occur with monetary exchange accessed through a substructure so employers payroll is automatically figured, and micro-taxation that could be automatic to currency could be tabulated and tallied and recorded in this central location and instead of taking money out and then returning it later, avoiding this lunacy for a just-in-time model where money accounts for its own existence and has identity yet does not create friction that prevents monetary relations or exchange, allowing money its fluidic power. the individual citizen then could be given a crypto key that is somehow attached to an object, equivalent in some way to a social security card with specific ID number, yet with an authentication scheme based on a single unique entanglement (assuming classical quantum infrastructure is out in the open) and thus the key has unique physical bits that ensure specific entanglements with other paired bits elsewhere, that could be connected to this central database of state. and from that, entangled further into a physically-based model of crypto, additional crypto keys that coexist in that domain within infinity-models, that generate the everyday keys for accessing bank or school records or circuit diagrams of the self as a life plan, the society actively involved and supporting development of itself in a shared framework of relations and exchange, ideas and intention, purpose and possibility for human civilization. in other words, a person would carry a device that would be a keychain and have many active keys that are validated by an underlying state key that generates these others via physical hardware entanglement, perhaps a qbit-blackbox or something on a smartcard, yet its detachment from the person also could invalidate the key as it is a unique one-time correlation and thus to forge it would collapse the entanglement, and other monitoring would track occurrences to prevent outside manipulations via biometric or other verification of identity. speculative, most entirely unknown though seemingly feasible in the abstract, where the physical key of door/lock is updated into a future realm of entangled crypto keys as citizen ID, that then is a validation/verification system for establishing remote trust for other subsystem crypto exchange via related or embedded key systems that could be added to the keychain. perhaps the quantum key resides within a home and only activates the other keys yet need not be carried around once activating them, and thus provides a physical security barrier or air gap that could bound any attack into the larger network or database system by whatever local key is accessed illegally, thus establishing perimeter defenses or other protocols to diagnose or act on the anomalous events. it is questionable if such a keychain or crypto key system would involve tracking by default, if not just in a data model given that the state may have access to this information if needed, and thus in an emergency it may change 'zone' settings, open up the cell network, track a person down and ring their phone to let them know of a connected event via automated call, or other such functionality, though otherwise data could be anonymized and sensor networks and others would only focus on actual threats versus dragnet the entire citizenry under hypersurveillence atmosphere where the entire society is criminalized and made passive via fear of state violence and retaliation for speaking differently or going against political party line, which is the daily situation in its economic, social, political context as engineered by the binary ideologists to exploit as is. in this way, crypto keys could differentiate zones of public from private and there could be state secured databases protected by law, whereby like a safe deposit box, information could be stored or this could be linked within the home as well, decentralized, though in some sense 'security' and 'secrecy' of a private nature could be protected via these lawful resources that would only under extraordinary measures be accessible by the state, under oversight, and monitored to ensure they are protected by government. for instance, someone may want photos of their granddaughter to be passed on to her after the grandparents pass, and she has children, and such documents could be stored in such a place, as data files. maybe that is not the idea of others, though it is in contrast to the 'fear the state' model if it were to exist in a context of human values, where these rights and principles and ideas are protected, then the database could be citadel, a protected zone that will continue even if the house burns down or a parent dies and that data can be accessed and it is part of the process of life within a context of electronic information and data resources like these. the larger aspect is that such a tiered crypto system then could involve house keys, vehicle keys (for eventual antigravity landspeeders i hope), 'money keys' (access to currency, currency as information), state database keys (subset: health, education, career, psychology, etc). etc. the crypto infrastructure would be vital to establishing, sustaining, and securing and protecting the state and its citizenry, in addition to its role in secret communication which may take on other parameters in such a 'shared identity' context, whereas other realms could involve unshared identity and involve tactical, strategic, operational crypto for other environments and situations or tied into this as an infrastructure layer. say, if you're dealing with hostile robots who steal children or swap out citizens and they need to be hunted down and eliminated, and so on. parallel to this, hopefully the end of wi-fi will appear, the pollution of the environment via electromagnetic radiation and interference with the senses and nature, and regain what has been lost by toxic invisible skies continuing that terrible tradition of the first industrial revolutions, once citizens become literate that the technology is harming citizenry by unregulated design and this relates to cancer and other issues, including nefarious agendas to engineer illness, obesity, to devolve the society. those codes can be broken, dismantled, revealed for the abuses of power they involve and the antihuman agenda that the unconstitutional state is allowing to exist, terrorizing citizens as its basis for legitimacy. the true terror today is the unlawful illegal unconstitutional state today. its code is error-ridden, its ideology is completely unsound, and it is time it is accounted for and error-corrected at the scale required to change its circuitry and given humanity the chance it deserves to succeed in this life. if ever there has been a reason to fight, this is it. ------next part ------An HTML attachment was scrubbed... URL:
From adam at cypherspace.org Wed Sep 18 03:23:57 2013 From: adam at cypherspace.org (Adam Back) Date: Wed, 18 Sep 2013 09:23:57 +0200 Subject: [liberationtech] Why =?utf-8?Q?can?= =?utf-8?B?4oCZdA==?= email be secure? - Silent Circle Blog In-Reply-To:
Seems a lot like China no?
Adam
On Tue, Sep 17, 2013 at 05:10:46PM -0700, coderman wrote: >On Sun, Aug 25, 2013 at 1:21 PM, coderman
From eugen at leitl.org Wed Sep 18 09:22:39 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 15:22:39 +0200 Subject:
Date: Fri, 13 Sep 2013 17:15:26 -0100 From: nettime's_chronicler
Time to tame the NSA behemoth trampling our rights
From leaks and Fisa court papers, it's clear the NSA is a bloated spying bureaucracy out of control. It can't be reformed by insiders
Yochai Benkler
The spate of new NSA disclosures substantially raises the stakes of this debate. We now know that the intelligence establishment systematically undermines oversight by lying to both Congress and the courts. We know that the NSA infiltrates internet standard-setting processes to security protocols that make surveillance harder. We know that the NSA uses persuasion, subterfuge, and legal coercion to distort software and hardware product design by commercial companies.
We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.
First, the lying. The National Intelligence University, based in Washington, DC, offers a certificate program called the denial and deception advanced studies program. That's not a farcical sci-fi dystopia; it's a real program about countering denial and deception by other countries. The repeated misrepresentations suggest that the intelligence establishment has come to see its civilian bosses as adversaries to be managed through denial and deception.
We learned months ago that the Director of National Intelligence James Clapper lied under oath to Congress. Now, we know that General Keith Alexander filed a "declaration" (which is like testifying in writing), asserting an interpretation of violations that the court said "strains credulity". The newly-disclosed 2009 opinion includes a whole section entitled "Misrepresentations to the Court", which begins with the sentence:
The government has compounded its noncompliance with the court's orders by repeatedly submitting inaccurate descriptions of the alert list process to the FISC.
General Alexander's claim that the NSA's vast numbers of violations were the consequences of error and incompetence receive derisive attention. But this claim itself was in a court submission intended to exculpate the agency from what would otherwise have been an intentional violation of the court's order. There is absolutely no reason to believe the claims of incompetence and honest error; there is more reason to assume that these are intended to cover up a worse truth: intentional violations. Second, the subversion. Last week, we learned that the NSA's strategy to enhance its surveillance capabilities was to weaken internet security in general. The NSA infiltrated the social-professional standard-setting organizations on which the whole internet relies, from National Institute of Standards and Technology to the Internet Engineering Task Force itself, the very institutional foundation of the internet, to weaken the security standards. Moreover, the NSA combined persuasion and legal coercion to compromise the commercial systems and standards that offer the most basic security systems on which the entire internet runs. The NSA undermined the security of the SSL standard critical to online banking and shopping, VPN products central to secure corporate, research, and healthcare provider networks, and basic email utilities.
Serious people with grave expressions will argue that if we do not ruthlessly expand our intelligence capabilities, we will suffer terrorism and defeat. Whatever minor tweaks may be necessary, the argument goes, the core of the operation is absolutely necessary and people will die if we falter. But the question remains: how much of what we have is really necessary and effective, and how much is bureaucratic bloat resulting in the all-to-familiar dynamics of organizational self-aggrandizement and expansionism?
The "serious people" are appealing to our faith that national security is critical, in order to demand that we accept the particular organization of the Intelligence Church. Demand for blind faith adherence is unacceptable.
What did we actually know about what we got in exchange for undermining internet security, technology markets, internet social capital, and the American constitutional order? The intelligence establishment grew by billions of dollars; thousands of employees; and power within the executive. And we the people? Not so much. Court documents released this week show that after its first three years of operation, the best the intelligence establishment could show the judge overseeing the program was that it had led to opening "three new preliminary investigations". This showing, noted Judge Walton in his opinion, "does not seem very significant".
If this was the best the intelligence community could put on the table when it faced the risk of judicial sanction, we can assume that all the hand-waving without hard, observable, testable facts is magician's patter, aimed to protect the fruits of a decade's worth of bureaucratic expansionism. Claims that secrecy prevents the priesthood from presenting such testable proof appeal to a doctrine of occult infallibility that we cannot afford to accept.
In August, 205 members of the House voted in favor of the Amash-Conyers Amendment that would have rewritten Section 215 of the Patriot Act, the section used to justify bulk collection of domestic phone call metadata. At the time, this was a critically important move that was highly targeted at a narrow and specific abuse. But the breadth and depth of organizational deception and subversion force us to recognize that we need reconstruction that goes much deeper than any specific legislative fix.
We need a fundamental organizational reform. The so-called "outside independent experts" committee which the president has appointed, with insiders' insiders like Michael Morell and Richard Clarke, will not come close to doing the trick. Nor is it likely to allay anyone's fears who is not already an Intelligence Church adherent.
Given the persistent lying and strategic errors of judgment that this week's revelations disclosed, the NSA needs to be put into receivership. Insiders, beginning at the very top, need to be removed and excluded from the restructuring process. Their expertise led to this mess, and would be a hindrance, not a help, in cleaning it up. We need a forceful, truly independent outsider, with strong, direct congressional support, who would recruit former insider-dissenters like Thomas Drake or William Binney to reveal where the bodies are buried.
Anything short of root-and-branch reconstruction will be serving weak tea to a patient with a debilitating auto-immune disease.
# distributed via
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 09:35:22 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 15:35:22 +0200 Subject: [Cryptography] prism proof email, namespaces, and anonymity Message-ID: <[email protected]>
----- Forwarded message from John Kelsey
Date: Fri, 13 Sep 2013 16:55:05 -0400 From: John Kelsey
Everyone,
The more I think about it, the more important it seems that any anonymous email like communications system *not* include people who don't want to be part of it, and have lots of defenses to prevent its anonymous communications from becoming a nightmare for its participants. If the goal is to make PRISM stop working and make the email part of the internet go dark for spies (which definitely includes a lot more than just US spies!), then this system has to be something that lots of people will want to use.
There should be multiple defenses against spam and phishing and other nasty things being sent in this system, with enough designed-in flexibility to deal with changes in attacker behavior over tome. If someone can send participants in the system endless spam or credible death threats, then few people are going to want to participate, and that diminishes the privacy of everyone remaining in the system, along with just making the system a blight in general. If nonparticipants start getting spam from the system, it will either be shunned or shut down, and at any rate won't have the kind of reputation that will move a lot of people onto the system. An ironclad anonymous email system with 10,000 users is a whole lot less privacy-preserving than one with 10,000,000 users. As revelations of more and more eavesdropping come out, we might actually see millions of users want to have something really secure and anonymous, but not if it's widely seen as a firehose o' spam. A lot of the tools we use on the net everyday suffer from having been designed without thinking very far ahead into how they might be exploited or misused--hence spam, malware in PDF files, browser hijacking sorts of attacks, etc. My thought is that we should be thinking of multiple independent defenses against spamming and malware and all the rest, because parasites adapt to their environment. We can't count on "and then you go to jail" as a final step in any protocol, and we can't count on having some friendly utility read millions of peoples' mail to filter the spam if we want this to be secure. So what can we count on to stop spam and malware and other nastiness?
Some thoughts off the top of my head. Note that while I think all these can be done with crypto somehow, I am not thinking of how to do them yet, except in very general terms. a. You can't freely send messages to me unless you're on my whitelist. b. This means an additional step of sending me a request to be added to your whitelist. This needs to be costly in something the sender cares about--money, processing power, reputation, solving a captcha, rate-limits to these requests, whatever. (What if the system somehow limited you to only, say, five outstanding requests at a time?). c. Make account creation costly somehow (processing, money, solving a captcha, whatever). Or maybe make creating a receive-only account cheap but make it costly to have an account that can request to communicate with strangers. d. Make sending a message in general cost something. Let receiver addresses indicate what proof of payment of the desired cost they require to accept emails. e. Enable some kind of reputation tracking for senders? I'm not sure if this would work or be a good idea, but it's worth thinking about. f. All this needs to be made flexible, so that as attackers evolve, so can defenses. Ideally, my ppe (prism proof email) address would carry an indication of what proofs your request to communicate needed to carry in order for me to consider it. g. The format of messages needs to be restricted to block malware, both the kind that wants to take over your machine and the kind that wants to help the attacker track you down. Plain text email only? Some richer format to allow foreign language support? h. Attachments should become links to files in an anonymizing cloud storage system. Among other things, this will make it easier to limit the size of the emails in the system, which is important for ensuring anonymity without breaking stuff.
What else? I see this as the defining thing that can kill an anonymous encrypted communications system--it can become a swamp of spam and malware and nutcases stalking people, and then nobody sensible will want to come within a hundred meters of it. Alternatively, if users are *more* in control of who contacts them in the prism-proof scheme than with the current kind of email, we can get a lot more people joining.
Comments?
--John
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 10:02:03 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 16:02:03 +0200 Subject: [tor-talk] Tor Weekly News =?utf-8?B?4oCU?= =?utf-8?Q?_September?= 18th, 2013 Message-ID: <[email protected]>
----- Forwarded message from harmony
Date: Wed, 18 Sep 2013 12:00:19 +0000 From: harmony
======Tor Weekly News September 18th, 2013 ======
Welcome to the twelfth issue of Tor Weekly News, the weekly newsletter that covers what?s happening in the closely-observed Tor community.
Official response to QUICK ANT disclosure ------
Another round of speculation regarding the attitude of state surveillance agencies towards the Tor network was provoked by a slide [1] featured in an edition of the Brazilian current-affairs show ?Fant?stico?, broadcast on September 8th [2]. The slide, leaked as part of the ongoing Snowden disclosures, appeared to show a tab in the alleged GCHQ [3] FLYING PIG surveillance interface labelled ?Query QUICK ANT ? Tor events QFD?. Users on Reddit [4] and Twitter [5] began to suggest possible attacks on Tor that might be managed through such an interface.
Andrew Lewman posted an official response on the Tor blog [6] in which he reiterated that ?it?s not clear what the NSA or GCHQ can or cannot do?, and that well-known theoretical attacks against the Tor network are clearly described on the project?s FAQ page [7].
He further added that the tool in question was more likely to involve ?some ?Tor flow detector? scripts that let them pick Tor flows out of a set of flows they?re looking at? than ?anything to do with deanonymizing Tor users, except insofar as they might have traffic flows from both sides of the circuit in their database.?
Finally, he remarked that instead of engaging in speculation based on limited evidence, ?we?d rather spend our time developing Tor and conducting research to make a better Tor.?
[1] https://people.torproject.org/~andrew/2013-09-10-quick-ant-tor-events-qfd.png [2] http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united- states-spied-brazilian-oil-giant.html [3] https://twitter.com/ggreenwald/status/378185448293552128 [4] http://www.reddit.com/r/TOR/comments/1m3jum/gchq_tor_events_capture/ [5] https://twitter.com/jonathanmayer/status/377292928718499841 [6] https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation [7] https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting Entry guards and linkability ------
Leif Ryge pointed out [8] an issue with Tor?s current ?entry guards? system, whereby connections entering Tor from different points on the same network could potentially be linked to an individual user based on the three entry nodes selected by that user?s Tor client, which remain constant for a period of 4-8 weeks [9].
Leif suggested that ?assuming this is an accurate assessment, wouldn?t it make sense to maintain separate sets of entry guards for each network that the user connects from??
Nick Mathewson replied [10] with an acknowledgement of the problem and a number of reasons why simply generating separate sets of guards might also harm a user?s anonymity: ?You would *not*, for example, want to maintain a different set of entry guards for every IP that you receive, since if you did, a hostile DHCP server could feed you new IPs until you picked a hostile guard. Similarly, if you are a busy traveler who changes your view of what network you are on hundreds or thousands of times, your chance of picking a hostile guard would rise accordingly.? He also pointed out that ?having a record in your state file of every network you have visited is not necessarily the best idea either.?
Nick concluded by mentioning Roger Dingledine?s proposal to lower the number of entry guards selected by a client to one only, ?to avoid the property of letting guard choices identify Tor clients?.
[8] https://lists.torproject.org/pipermail/tor-dev/2013-September/005423.html [9] https://blog.torproject.org/blog/lifecycle-of-a-new-relay [10] https://lists.torproject.org/pipermail/tor-dev/2013-September/005424.html
The lifecycle of a new relay: further research needed ------
In response to some confusion on the part of relay operators over the apparently slow growth in the use of newly-established nodes by clients, Roger Dingledine posted on the Tor blog [11] a detailed account of how new relays, and the bandwidth they supply, are gradually integrated into the Tor network by directory authorities, bandwidth authorities, and clients themselves. Roger stressed that ?the descriptions here are in part anecdotal?.
Roger outlined the four broad phases that define the development of a relay within the network, and finished by offering a number of questions for further research, under a general rubric: ?what do these phases look like with real-world data?? If you would like to contribute to the Tor community?s understanding of the interaction between individual relays and the network as a whole, please take a look both at the list of sample questions and at Tor?s publicly-available archive of metrics data [12], and see what you can find!
[11] https://blog.torproject.org/blog/lifecycle-of-a-new-relay [12] https://metrics.torproject.org/data.html
Food for thought ------
?Back in the ancient pre-Tor days, at the height of the crypto wars, Ian Goldberg asked me at Financial Crypto in 1998 why we created onion routing. Not entirely facetiously I told him that the fascinating technological problems and the potential to better protect people and their activities was nice, but the real attraction was to create a context where people who were sure they should hate each other were forced to collaborate.? [13] ? Paul Syverson
[13] https://lists.torproject.org/pipermail/tor-talk/2013-September/030097.html
Tor help desk roundup ------
The Tor help desk received a request for assistance setting up Thunderbird to work with Tor. Thunderbird can be made to route connections through Tor using the TorBirdy add-on. Further information about using Tor with Thunderbird can be found on the wiki [14].
Another user wrote to comment on the lack of OpenSUSE support on Tor?s rpm package page [15]. There is an open ticket concerning this issue, but it hasn?t seen activity for some months [16]. A new ticket was opened that addresses this concern more specifically [17].
[14] https://trac.torproject.org/projects/tor/wiki/torbirdy#BeforeusingTorBirdy [15] https://www.torproject.org/docs/rpms.html [16] https://bugs.torproject.org/4389 [17] https://bugs.torproject.org/9718
Miscellaneous news ------
The commitment level for the proposed Tor StackExchange page is hovering at 88%; it needs to reach 100% before it will be accepted into beta. If you think you will be able to contribute by answering questions from current or potential Tor users, please sign up! [18]
[18] http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy- and-security
Brian Callahan alerted relay operators running FreeBSD and OpenBSD to the release of ports updated to the new tor 0.2.4.17-rc [19].
Christian Sturm then promptly announced the release of updated packages for NetBSD, DragonFly BSD, illumos, Minix, and ?other systems potentially using pkgsrc? [20].
[19] http://lists.nycbug.org/pipermail/tor-bsd/2013-September/000044.html [20] https://lists.torproject.org/pipermail/tor-talk/2013-September/030036.html
Karsten Loesing updated tor?s GeoIP database to the newest version [21].
Karsten also published the results of his memory usage test on a version of tor that reports additional statistics, which he conducted using the Shadow network simulator [22].
Finally, Karsten asked for comments on his proposal to retire the old method of estimating user numbers on the metrics page over the next few weeks in favor of a more reliable, more efficient system (which has been in beta for some time already), and with it to remove the accumulated data associated with the older method [23].
[21] https://bugs.torproject.org/9714 [22] https://trac.torproject.org/projects/tor/ticket/7359#comment:18 [23] https://lists.torproject.org/pipermail/tor-dev/2013-September/005443.html
Fabio Pietrosanti announced that the available cipher suites for connections to tor2web.org have been updated to a much stronger set [24].
[24] https://lists.torproject.org/pipermail/tor-talk/2013-September/030003.html Robert published the results of an investigation into different kinds of round-trip time (RTT) measurement, and their efficiency in building circuits through the Tor network [25].
[25] https://lists.torproject.org/pipermail/tor-dev/2013-September/005440.html
George Kadianakis asked for comments on his early draft of a proposal for different methods of migrating the Hidden Service protocol to a more secure version [26].
George also pushed new versions of obfsproxy (0.2.3) and pyptlib (0.0.4) [27].
[26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005438.html [27] https://lists.torproject.org/pipermail/tor-dev/2013-September/005441.html
In the course of a thread about the size of browser windows posing a fingerprinting threat [28], harmony discovered that users of Ubuntu?s Unity desktop should disable the ?automaximize? behavior, as it can override one of Tor Browser?s anti-fingerprinting measures [29].
[28] https://lists.torproject.org/pipermail/tor-talk/2013-September/030022.html [29] https://bugs.torproject.org/9738
Tom Lowenthal submitted his monthly status report for August [30].
[30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000339.html
Upcoming events ------
Sep 29 | Colin at the Winnipeg Cryptoparty | Winnipeg, Manitoba, Canada | http://wiki.skullspace.ca/index.php/CryptoParty | Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV | Berlin, Germany | https://www.openitp.org/openitp/circumvention-tech-summit.html | Oct 09-10 | Andrew speaking at Secure Poland 2013 | Warszawa, Poland | http://www.secure.edu.pl/
This issue of Tor Weekly News has been assembled by harmony, Lunar, dope457, Matt Pagan, and Karsten Loesing.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page [31], write down your name and subscribe to the team mailing list [32] if you want to get involved!
[31] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [32] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 11:27:17 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 17:27:17 +0200 Subject: [tor-relays] Reimbursement of Exit Operators Message-ID: <[email protected]>
----- Forwarded message from Moritz Bartl
Date: Tue, 17 Sep 2013 20:27:57 +0200 From: Moritz Bartl
Hi, tl;dr: We want to start reimbursing exit operators end of this month. Partner orgs, please sign the contract! Everyone else, consider becoming a partner. ---
In July last year, Roger announced that BBG was interested in funding fast exits. [1] The initial discussion on the mailing list continued into August. If you're interested, you should consult the archive for the various points raised. Since then, we've been discussing that topic on and off. It matched with my plans to turn torservers.net into a platform for many organizations, instead of just one single entity that runs too many exit relays, so I agreed to take the lead. I posted a status report of some sort on this list in April this year. [2]
The Wau Holland Foundation agreed to be one of the organizations willing to handle the money and pass it on to other entities, be it single operators or organizations. Both Torproject and Wau Holland Foundation checked with their lawyers to see if this turns into a problem about liability, and it looks like it does not. We're open for more organizations to join in to manage the reimbursement process, but this is what we've got for now.
In parallel, we've seen a growing number of organizations that were created to turn donations into exit bandwidth. [3]
Two issues with reimbursements, that were also mentioned in Roger's initial posting, are that (1) you don't want to drive away all the volunteers, and (2) you don't want to become dependent on (a single or a handful of) sponsors. These are difficult issues, and I want to strongly encourage everyone to keep contributing to the network. We really need you, and we need more of you!
The second issue, dependence on funders, is on the one hand a harder one, but on the other hand (in my opinion) a less relevant one. If structures die and nodes have to be shut down because a funder backs off, so be it. We hopefully don't change the picture too much in comparison to the "unfunded times of today". The reimbursement process does not guarantee a money stream, and the amounts are set on a month-to-month basis, to encourage recipients to plan only short-term, and only make contracts based on the money they have, disregarding what they may or may not receive in the future. The current "bucket" is the one-time BBG money, and it currently does not look like they will restock it.
It might sound scary, but to satisfy the tax authorities (and to show that it is a [hopefully] fair and transparent process), the Wau Holland Foundation needs to have partners sign a contract. The contract does not limit the partners abilities or restrict what they do, it only defines the reimbursement process.
The way we want to start doing it now is not set in stone, and hopefully now that we finally start handing out money it will encourage further discussion around it. We want to refine the process over time, but it looks like we just have to try with what we have now and learn from our mistakes. Please don't be too hard with your criticism or you will emotionally hurt me. I'm all ears. :-)
We want to reimburse based on the throughput per exit relay and organization. To strengthen network diversity, we came up with the plan to also factor in the location of the relays. There is a maximum amount any entity can receive so we hopefully don't grow big monsters.
The contract [4] specifies that there is a monthly amount, currently set to $3500, split amongst all recipients (whom I started calling "torservers partners"). The recipient share is calculated from the throughput per relay * country factor, and the maximum amount per month per partner is 500 Euro. The Wau Holland Foundation can currently only reimburse via wire transfer.
The country factors can change over time, and are currently derived from the total exit probability of that country. We can and should refine this. Changes of these factors do not require new contracts.
Note that since the total amount of $3500 will be handed out every month, as long as we have less than 6 entities signing the contract, each entity will receive their maximum share of 500 Euro. I don't really like the idea of a fixed monthly total handed out like that, but that's what the lawyers and tax authorities signed off for Wau Holland Foundation. It seems to be costly to re-evaluate such contracts, so this is what we will stick to for now via WHF.
Technically, the monthly shares and the country factors are calculated using a tool written by Lunar^^ (big thanks!). [5] You can find an example report at [6] (not the correct numbers, but you'll get the idea). This monthly report will be sent to all partners, and once they signed the contract they will simply get their monthly share.
As stated at the top, we want to start reimbursing this month. Please let me know if you have any questions. We have a mailing list that is public and read-only where we send important announcements, and require every participant to be on and actually read. We have another mailing list that is also read-only for the public, but people of the participating organizations can post and discuss everything around Torservers.net and reimbursements. [7]
The process to become a "partner" for now requires that I "know you". So, if you're interested in becoming a partner, start social interaction with me. I see that as a bad bottleneck, and I hope we can somehow get rid of it in the future. I generally prefer "organizations" over single persons, because (1) in most countries it seems to be really inexpensive and easy to set up organizations and (2) the process of setting up such entities includes that you gather enough people around you, so chances are you will continue even if one of you drops out.
If you want to discuss, I prefer the tor-relays mailing list and our IRC channel, #torservers on irc.oftc.net. I also explicitly want to invite every partner to join that channel.
--Moritz
[1] https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html [2] https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html [3] http://www.torservers.net/partners.html [4] [fill out + send back via pgp-encrypted and signed mail to me] plain: https://www.torservers.net/misc/2013-07-19_TorExit_en.txt fancy: https://www.torservers.net/misc/2013-07-19_TorExit_en.ott german: https://www.torservers.net/misc/2013-07-19_TorExit_de.ott [5] git clone https://people.torproject.org/~lunar/exit-funding.git [6] https://www.torservers.net/misc/reimburse-output-2013-07.txt (set encoding to Unicode) [7] https://lists.torproject.org/pipermail/tor-relays/2013-May/002138.html
______tor-relays mailing list tor-relays at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eric at konklone.com Wed Sep 18 11:27:25 2013 From: eric at konklone.com (Eric Mill) Date: Wed, 18 Sep 2013 11:27:25 -0400 Subject: =?windows-1252?Q? Re=3A_=5Bliberationtech=5D_Why_can=92t_email_be_secure=3F_=2D_?= =?windows-1252?Q?Silent_Circle_Blog?= In-Reply-To: <[email protected]> References:
I highly doubt Google is filtering stuff out for the NSA.
The simpler explanation is that Google Alerts is 100% broken
On Wed, Sep 18, 2013 at 3:23 AM, Adam Back
> Seems a lot like China no? > > Adam > > > On Tue, Sep 17, 2013 at 05:10:46PM -0700, coderman wrote: > >> On Sun, Aug 25, 2013 at 1:21 PM, coderman
-- konklone.com | @konklone
From eugen at leitl.org Wed Sep 18 11:56:11 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 17:56:11 +0200 Subject: [liberationtech] "Ibis: An Overlay Mix Network for Microblogging" by Ian Goldberg Message-ID: <[email protected]>
----- Forwarded message from Steve Weis
Date: Wed, 18 Sep 2013 08:50:09 -0700 From: Steve Weis
Ian Goldberg is speaking about "Ibis: An Overlay Mix Network for Microblogging" today at the Stanford security seminar. The talk is 4:30pm in the Gates building, room 463A. http://crypto.stanford.edu/seclab/sem-12-13/goldberg.html
Abstract:
Microblogging services such as Twitter are extremely popular. While they are commonly used by people who wish to reveal their names and friends to the world, some users, such as activists on the ground, may wish to be able to post without automatically revealing their identities or locations. An obvious approach is to use a low-latency anonymity system, such as Tor. However, low-latency systems fall prey to end-to-end timing attacks easily accomplished by an ISP or a government monitoring clients while also watching for posts to appear in real time on the microblogging site. We present Ibis, a high-latency mix network designed specifically for microblogging. Ibis is an overlay network: the mix nodes can be microblogging clients that come online only sporadicly, and the intermediate encrypted messages are themselves posted as microblogged entries. We accomplish this through a novel cryptographic mix message format that uses only 47 bytes of overhead, while maintaining three-hop, 128-bit security against offline attack.
This is joint work with Paul Hendry.
Bio:
Ian Goldberg is an Associate Professor of Computer Science and a University Research Chair at the University of Waterloo, where he is a founding member of the Cryptography, Security, and Privacy (CrySP) research group. He holds a Ph.D. from the University of California, Berkeley, where he discovered serious weaknesses in a number of widely deployed security systems, including those used by cellular phones and wireless networks. He also studied systems for protecting the personal privacy of Internet users, which led to his role as Chief Scientist at Zero-Knowledge Systems (now Radialpoint). His research currently focuses on developing usable and useful technologies to help Internet users maintain their security and privacy. He is a Senior Member of the ACM and a winner of the Early Researcher Award, the Outstanding Young Computer Science Researcher Award, and the Electronic Frontier Foundation's Pioneer Award.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 11:59:47 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 17:59:47 +0200 Subject: [Cryptography] An NSA mathematician shares his from-the-trenches view of the agency's surveillance activities Message-ID: <[email protected]>
----- Forwarded message from ianG
Date: Wed, 18 Sep 2013 10:16:30 +0300 From: ianG
Speaking as a non-American, you guys have big problems concerning the nexus of cryptography and politics.
... > The rest of this article contains Roger's words only, edited simply for formatting.
I really, really doubt that. I don't really wish to attack the author, but the style and phraseology is pure PR. Ordinary people do not write PR. Nor do they lay out political strategies and refer to their commander-in-chief as the supreme leader. Nor indeed are employees of military and intelligence *permitted to talk to the press* unless sanctioned at high level.
> ... Do I, as an American, have any concerns about whether the NSA > is illegally or surreptitiously targeting or tracking the communications of other Americans? > > The answer is emphatically, "No."
Of course, Americans talking to Americans might be one debate. But then there are Americans talking to the world, and people talking to people.
It should be remembered that espionage is illegal, and the activities of the NSA are more or less illegal *outside their borders*. I give them no permission to monitor me or mine, and nor does any of the laws of my land(s).
The fact that we cannot stop them doesn't make it any less legal. The fact that there is a gentleman's agreement between countries to look the other way doesn't make it any less palatable to us non-gentlepersons excluded from the corridors of powers.
And all that doesn't make NSA mathematicians any less a partner to the activity. Any intelligence agent is typically controlled and often banned from overseas travel, because of the ramifications of this activity.
...
> A myth that truly bewilders me is the notion that the NSA could or would spend time looking into the communications of ordinary Americans.... > > There's no doubt about it: We all live in a new world of Big Data.
In two paras above, and the next two paras below, this 'mathematician' lays the political trap for Americans. The collection by the federal government of data is almost certainly unconstitutional. Yet, everyone acts as if that's ok because ... we live in the new world of Big Data?
> Much of the focus of the public debate thus far has been on the amount of data that NSA has access to, which I feel misses the critical point.
Unless one subscribes to the plain wording of your (American) constitution...
> In today's digital society, the Big Data genie is out of the bottle. Every day, more personal data become available to individuals, corporations, and the government. What matters are the rules that govern how NSA uses this data, and the multiple oversight and compliance efforts that keep us consistent with those rules. I have not only seen but also experienced firsthand, on a daily basis, that these rules and the oversight and compliance practices are stringent. And they work to protect the privacy rights of all Americans. ditto, repeat.
Although, to be honest, we-the-world don't care about it; the USG's temptation to rewrite the constitution in the minds of its subjects is strictly a domestic political affair. For most other countries, the Big Data genie is truly out of the bottle, and there's precious little we can do about it.
... > As this national dialogue continues, I look to the American people to reach a consensus on the desired scope of U.S. intelligence activities....
Good luck!
> .... The views and opinions expressed herein are those of the author and do not necessarily reflect those of the National Security Agency/Central Security Service.
I seriously doubt that.
iang
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 13:00:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 19:00:51 +0200 Subject: [tor-talk] NSA paid French hackers to develop software exploits, windows, chrome etc Message-ID: <[email protected]>
----- Forwarded message from Andrew F
FYI http://www.thedailysheeple.com/contract-reveals-nsa-paid-french-hacking-company- unknown-sum-in-2012-to-develop-software-exploits_092013
Happy hump day. -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 13:08:22 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 19:08:22 +0200 Subject: Zero Reserve - A distributed Bitcoin exchange Message-ID: <[email protected]>
Zero Reserve - A distributed Bitcoin exchange tl;dr: Proposal and prototype for a distributed exchange not requiring a banking gateway. Implemented as a plugin for Retroshare. Licensed under the LGPL.
The Achilles heel of Bitcoin is the exchanges. Centralized as they are, they can be shut down by a number of means, by a number of players. Should that happen, price discovery of Bitcoin will not work any more. To address that, we offer a distributed exchange without the need of the banking system. Some intro and marketing blurb is here: https://github.com/zeroreserve/ZeroReserve/wiki
A tech paper is here: https://mega.co.nz/#!vZ80yQJS!ccrCBREYZrOPr8oK7C9StVGuDmYENNYwrFiPXZVQldM
And the code is here: https://github.com/zeroreserve/ZeroReserve
In short, ZR uses the Ripple idea of Ryan Fugger to get money in and out of the exchange. ZR has nothing to do whatsoever with ripple.com, however. As such, there is no need for XRP. There is no pre-mining, no company, just code.
Now the caveat: This is prototype software. Anything may or may not work. Security is only what the underlying Retroshare provides. The distributed order book works, but is still insecure. Currencies are therefore only defunct or fantasy currencies such as German Papermark(1923). Nothing you do has any effect on the blockchain. The next steps are: - hook up to the blockchain (using Amir Taaki?s excellent libbitcoin) - providing basic wallet functionality - provide authentication for anything beyond F2F.
I see no reason why it wouldn?t work on OSX, but ZR was never built on it. It does build and run on Linux and Windows, though.
Once you are on Retroshare and have some friends, you should be able to use this link to get and subscribe to the Zero Reserve Forum: retroshare://forum?name=ZeroReserve&id=b87d0a5577ced312d88a0ee8176e24a1
One of my RS identities:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenPGP:SDK v0.9 xsBNBFIrLBYBCADVYF9kvYYv+IOwlgHFcsdTIMAd7gIEbSaSLRWwFXZwTlxK8CGD x3kxSmUQXUl1hfm091CGBh5Xe+0O6RUdXYE6NuBTGzvIH8OHBjhCOb4cswIUAPnK rdX0O0U/tR5Jx9pQjfY5hbC6tDt/l4AtKcfi/7xUzpRkNibuEieky4aN6L4rAijO EBrEllkVKTOeoF/OQhz+nlQdt557RSt/NAIYnfMM+qekBDL+2I3Gsr5xk/7Rf2fI dIw2sQHrvetHZawypNuvZ/J7+t05FmtKShS4XObR3qcqd1pviTKJrrVoJJgI5PnZ +nEnzbtBsOwX1Y+FXCm4D8QN5vUpZN2zlznfABEBAAHNN0V1Z2VuIExlaXRsIChH ZW5lcmF0ZWQgYnkgUmV0cm9TaGFyZSkgPGV1Z2VuQGxlaXRsLm9yZz7CwF8EEwEC ABMFAlIrLBYJEJ9ljeAE3+qzAhkBAAD1sggAtJRoahysNczoTBlxeckAgtzUJlkL tcD5N+38NN2U+ivfaK67kF8mMZFiVyjcOrYmvtWesC50n2lRT6Vo1nkm8blfHzun rZ8j64KxAdiuM9XCT7JK1OMdk9VuFYvvEoFGGHCoZ402w4Jav/KgNY3G8obslv/Y peHdsYBdP5+6fM0qEhVbzahWDO95fYmB83X+KGfnf1bPrLy7gXDDphxxziBnMk7G nVNgBwFR8ohmJFlLxJHh8g1XjRFYicoQmKAm7X8E1V6Mw61AQXGV7gWOsqLu075c tCkzuTj2hE1li92oqcuyVmQEf5Bf/bBX9IUvkuAKFDrr7XqUqkyXKwow+w== =wccP -----END PGP PUBLIC KEY BLOCK------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Wed Sep 18 13:58:44 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 18 Sep 2013 19:58:44 +0200 Subject: [Cryptography] Gilmore response to NSA mathematician's "make rules for NSA" appeal Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Tue, 17 Sep 2013 16:50:38 -0700 From: John Gilmore
Re: http://www.zdnet.com/nsa-cryptanalyst-we-too-are-americans-7000020689/
In his Big Data argument, NSA analyst Roger Barkan carefully skips over the question of what rules there should be for government *collecting* big data, claiming that "what matters" are the rules for how the data is used, *after* assuming that it will be collected.
Governments seldom lose powers; they work to grow their powers, to loosen the rules that govern what they can do. NSA's metadata database has fewer restrictions today than it did when it was collected, all carefully "legal" and vetted by a unaccountable bureacracy that has its own best interests at heart. My own Senator Feinstein claims from her "oversight" post that whatever's good for NSA is good for America; my Congresswoman Pelosi worked hard to defeat the bill that would have stopped the NSA phone metadata program in its tracks; and both of them run political machines that have made them "lifetime" congresspeople, no matter how out-of-step they are with their constituents. NSA and these overseers conspired to keep the whole thing secret, not to avoid "tipping off the terrorists" who already knew NSA was lawless, but to avoid the public backlash that would reduce their powers and maybe even reverse a decade of hugely growing secret budgets.
Having watched the Drug War over the last 50 years, NSA for 30 years, and TSA/DHS over the last decade, I have zero faith that NSA can collect intimite data about every person in America and on the planet, and then never use that data for any purpose that is counter to the interest of the people surveilled. There will always be "emergencies", always "crises", always "evildoers", always "opportunities", that would be relieved "if we could just do X that wasn't allowed until now". So what if general warrants are explicitly forbidden? And if searching people without cause is prohibited? We could catch two alleged terrorists -- or a few thousand people with sexual images -- or 750,000 pot smokers -- or 400,000 hard-working Mexican migrants -- every year, if we just use tricky legalisms to ignore those pesky rules. So the government does ignore them. Will you or your loved ones fall into the next witchhunt? Our largest city was just found guilty of forcibly stopping and physically searching hundreds of thousands of black and latino people without cause for a decade -- a racist program defended both before and after the verdict by the Mayor, the Police Commission, the City Council, and state legislators. NSA has secretly been doing warrantless, suspicionless, non-physical searches on every American with a phone for a decade, all using secret gerrymandered catch-22 loopholes in the published constitution and laws, defended before and after by the President, the Congress and all the courts. Make rules for NSA? We already have published rules for NSA and it doesn't follow them today!
So Mr Barkan moves on to why NSA would never work against the citizens. The US imprisons more people than any country on earth, and murders far more than most, but it's all OK because those poor, overworked, rule-bound government employees who are doing it are "defending freedom". Bullshit they are! Somehow scores of countries have found freedom without descending to this level of lawlessness and repression. NSA cannot operate outside of this context; rules that might work in a hypothetical honest and free government, will not work in the corrupt and lawless government that we have in the United States.
NSA employees are accountable for following the rules, Mr. Barkan? Don't make me laugh. There's a word for it: impunity. EFF has diligently pursued NSA in court for most of a decade, and has still gotten no court to even consider the question "is what NSA did legal?" Other agencies like DoJ and HHS regularly retain big powers and budgets by officially lying about whether marijuana has any medical uses, rather than following the statutes, despite millions of Americans who use it on the advice of their doctor. None of these officials lose their jobs. Find me a senior federal official anywhere who has ever lost their job over major malfeasance like wiretapping, torture, kidnapping, indefinite imprisonment, assassination, or malicious use of power -- let alone been prosecuted or imprisoned for it. Innocent citizens go to prison all the time, from neighborhood blacks to medical marijuana gardeners to Tommy Chong and Martha Stewart -- high officials never.
Re Big Data: I have never seen data that could be abused by someone who didn't have a copy of it. My first line of defense of privacy is to deny copies of that data to those who would collect it and later use it against me. This is exactly the policy that NSA supposedly has to follow, according to the published laws and Executive Orders: to prevent abuses against Americans, don't collect against Americans. It's a good first step. NSA is not following that policy.
Where Big Data collection is voluntary, I do not volunteer, thus I don't use Facebook, Google, etc. When collection is involuntary, like with NSA's Big Data, I work to limit their power, both to collect, and to use; and then I don't believe they will follow the rules anyway, because of all the historical evidence. So I arrange my life to not leave a big data trail: I don't use ATMs, I pay with cash, don't carry identification, don't use Apple or Google or Microsoft products, etc.
Your government will not make a big announcement when it has become a police state. So if you're a patriot, you'd better practice now: how to avoid stupid mistakes that would let a police state catch you when telling the truth to your fellow citizens becomes a crime -- like it did for Mr. Snowden, Ms. Manning, Mr. Ellsberg, Mr. Nacchio, Mr. Assange, and Ms. Mayer (who claims she's been dragged silently kicking and screaming to spy on her customers rather than be prosecuted for telling them the truth). NSA and its Big Data will not be defending you when the secret police come to bust you for publishing secrets. NSA will be on the cops' and prosecutors' side. They have recently filed legal memos declaring that they don't have to help the defense side in any criminal trials, even when NSA has exculpatory data, and even when NSA provided wiretapped Big Data that led the prosecutors to you. Defending the citizens from the excesses of government isn't their job. Defending their turf, their budget, and their powers is their job.
John Gilmore ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From coderman at gmail.com Wed Sep 18 14:35:18 2013 From: coderman at gmail.com (coderman) Date: Wed, 18 Sep 2013 11:35:18 -0700 Subject: =?windows-1252?Q? Re=3A_=5Bliberationtech=5D_Why_can=92t_email_be_secure=3F_=2D_?= =?windows-1252?Q?Silent_Circle_Blog?= In-Reply-To:
On Wed, Sep 18, 2013 at 8:27 AM, Eric Mill
> I've switched to using Talkwalker instead. thanks for the tip; i like it better already! https://www.talkwalker.com/alerts best regards,
From david at 7tele.com Wed Sep 18 18:27:00 2013 From: david at 7tele.com (David D) Date: Thu, 19 Sep 2013 00:27:00 +0200 Subject: [Cryptography] prism proof email, namespaces, and anonymity In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <002101ceb4be$36af5810$a40e0830$@com>
A slight drift OT...
Email services with limited market penetration, not backed by dollars, and brutalized by a smear campaign stating that the service is -only- used by criminals, terrrrrists, etc. will limit its reach quickly. With a limited reach you then have a much easier target for the govt. If I was a deviant working for the NSA I would create a selector for all people using: @prism-proof-email.com and spend a great deal of effort trying to break it. They could also simply seize the domain or deliver a piece of paper requesting all of the data.
One goal that we should all work for is to have ALL e-mail transport methods encrypted. This would create mountains of encrypted data and provide a level of protection for all email that is now is lacking. I am specifically referring to TLS on SMTP, POP3, and IMAP.
This would require education on the systems side, working with the Linux/BSD distributions to make TLS enabled by default, and to generate the cert/key on install (unique per install please).
As a real world example... I received a support ticket response last week that included account information, logins, etc. and it was delivered to my mail server without a TLS connection. Aside from the obvious issue of sending the data in an e-mail, they are sending all ticket responses entirely in the clear on port 25. What year is it?
A similar discussion for HTTP is also worthwhile. Namely, TLS1.2 available on all clients (Hello Firefox) and support for TLS1.2/PFS on the server side (Apache 2.4).
-----Original Message----- From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of Eugen Leitl Sent: Wednesday, September 18, 2013 3:35 PM To: cypherpunks at al-qaeda.net; info at postbiota.org; zs-p2p at zerostate.is Subject: [Cryptography] prism proof email, namespaces, and anonymity
----- Forwarded message from John Kelsey
Everyone,
The more I think about it, the more important it seems that any anonymous email like communications system *not* include people who don't want to be part of it, and have lots of defenses to prevent its anonymous communications from becoming a nightmare for its participants. If the goal is to make PRISM stop working and make the email part of the internet go dark for spies (which definitely includes a lot more than just US spies!), then this system has to be something that lots of people will want to use.
There should be multiple defenses against spam and phishing and other nasty things being sent in this system, with enough designed-in flexibility to deal with changes in attacker behavior over tome. If someone can send participants in the system endless spam or credible death threats, then few people are going to want to participate, and that diminishes the privacy of everyone remaining in the system, along with just making the system a blight in general. If nonparticipants start getting spam from the system, it will either be shunned or shut down, and at any rate won't have the kind of reputation that will move a lot of people onto the system. An ironclad anonymous email system with 10,000 users is a whole lot less privacy-preserving than one with 10,000,000 users. As revelations of more and more eavesdropping come out, we might actually see millions of users want to have something really secure and anonymous, but not if it's widely seen as a firehose o' spam.
A lot of the tools we use on the net everyday suffer from having been designed without thinking very far ahead into how they might be exploited or misused--hence spam, malware in PDF files, browser hijacking sorts of attacks, etc. My thought is that we should be thinking of multiple independent defenses against spamming and malware and all the rest, because parasites adapt to their environment. We can't count on "and then you go to jail" as a final step in any protocol, and we can't count on having some friendly utility read millions of peoples' mail to filter the spam if we want this to be secure. So what can we count on to stop spam and malware and other nastiness?
Some thoughts off the top of my head. Note that while I think all these can be done with crypto somehow, I am not thinking of how to do them yet, except in very general terms. a. You can't freely send messages to me unless you're on my whitelist. b. This means an additional step of sending me a request to be added to your whitelist. This needs to be costly in something the sender cares about--money, processing power, reputation, solving a captcha, rate-limits to these requests, whatever. (What if the system somehow limited you to only, say, five outstanding requests at a time?). c. Make account creation costly somehow (processing, money, solving a captcha, whatever). Or maybe make creating a receive-only account cheap but make it costly to have an account that can request to communicate with strangers. d. Make sending a message in general cost something. Let receiver addresses indicate what proof of payment of the desired cost they require to accept emails. e. Enable some kind of reputation tracking for senders? I'm not sure if this would work or be a good idea, but it's worth thinking about. f. All this needs to be made flexible, so that as attackers evolve, so can defenses. Ideally, my ppe (prism proof email) address would carry an indication of what proofs your request to communicate needed to carry in order for me to consider it. g. The format of messages needs to be restricted to block malware, both the kind that wants to take over your machine and the kind that wants to help the attacker track you down. Plain text email only? Some richer format to allow foreign language support? h. Attachments should become links to files in an anonymizing cloud storage system. Among other things, this will make it easier to limit the size of the emails in the system, which is important for ensuring anonymity without breaking stuff.
What else? I see this as the defining thing that can kill an anonymous encrypted communications system--it can become a swamp of spam and malware and nutcases stalking people, and then nobody sensible will want to come within a hundred meters of it. Alternatively, if users are *more* in control of who contacts them in the prism-proof scheme than with the current kind of email, we can get a lot more people joining.
Comments?
--John
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
From eugen at leitl.org Thu Sep 19 03:37:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 19 Sep 2013 09:37:29 +0200 Subject: [tor-relays] Reimbursement of Exit Operators Message-ID: <[email protected]>
----- Forwarded message from tor at t-3.net -----
Date: Wed, 18 Sep 2013 19:29:26 -0400 From: tor at t-3.net To: tor-relays at lists.torproject.org Subject: Re: [tor-relays] Reimbursement of Exit Operators X-Mailer: SurgeWeb - Ajax Webmail Client Reply-To: tor-relays at lists.torproject.org
Think bigger, say what?
Certain of the world's biggest and most well-funded intelligence agencies hate personal privacy on the internet so much that they've been going to extreme efforts to destroy it. They are packet sniffing the NAPs and fiber backbones to pull out everything they can, they hacked/broke HTTPS, they are backdoored into the big content providers, they hacked the banking system, they are apparently 'in' some hardware crypto chips - the list goes on - They infiltrated the tech groups which were designing software and hardware and sabotaged their work, making their crypto be weaker/breakable and their systems easier to hack into. They use the vulnerabilities they created to their own ends.
As of today, Tor appears to provide privacy, at least as far as the .onion sites goes. Maybe it even works for it's entire function of providing anonymous internet browsing.
'They' would definitely want to be IN this thing, because they either want to compromise it, or if that doesn't work well enough, destroy it. 'They' are known to infiltrate and be influential in getting what they want. Literally, they are professionals at this. 'Getting to know' the exit relay operators and identifying their bank accounts would help facilitate things when it came time for them to make their move.
In the context of September 2013, this whole thing is scary. It was perhaps not scary in September of 2012, when we didn't know anything.
Also. It makes me wonder things when, for example, you say "Think bigger" while pointing to a couple of potential dollars in someone's pocket. Safeguarding the operators of the exit relays is a bigger deal than chump change. I'm not making an honest accusation but, to the people who are the most vocal in approving of this - you don't work for the NSA, right? :)
On Wednesday 18/09/2013 at 6:08 pm, Roger Dingledine wrote: > On Wed, Sep 18, 2013 at 08:10:25AM -0400, tor at t-3.net wrote: >> >> The Wau Holland Foundation can currently only >> reimburse via wire transfer. >> >> This seems to be end-of-story in terms of who, in the end, is >> ultimately getting liability/risk, and points to practically no >> chance at anonymity > > Think bigger --
______tor-relays mailing list tor-relays at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Thu Sep 19 07:00:24 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 19 Sep 2013 13:00:24 +0200 Subject: [liberationtech] "Ibis: An Overlay Mix Network for Microblogging" by Ian Goldberg Message-ID: <[email protected]>
----- Forwarded message from Steve Weis
Date: Wed, 18 Sep 2013 21:50:45 -0700 From: Steve Weis
It was an interesting talk. The gist is that they've shrunk the overhead of the Sphinx mix net ( http://research.microsoft.com/en-us/um/people/gdane/papers/sphinx-eprint.pdf) to 47 bytes. They've done this by removing the requirement for message replies and using curve25519 for ECC. They've also encoded ciphertext with CJK characters to make up most of the 47-byte overhead and let you post close to 140 ASCII characters.
That lets them use Twitter as a medium for mix net messages. Users will encrypt messages using a chosen path of Ibis mix net nodes, label them with a hash tag, and either tweet the encrypted message or send it directly through an Ibis node IP address.
Ibis nodes will watch for messages with specific tags. When they detect them, they'll decrypt a mix net layer and pass them along to the next node. The final node will post the payload as a retweet.
They are still trying to push through a security proof for the paper before posting it, along with a command-line client. I think Ian Goldberg said it would be up at http://ibis.uwaterloo.ca.
On Wed, Sep 18, 2013 at 7:09 PM, Tom Ritter
> This looks interesting! Am I being dense, or is there a paper or > slides or anything somewhere non-Stanfordites can read? > > -tom > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > companys at stanford.edu. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From cypherpunk at cpunk.us Thu Sep 19 15:04:56 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Thu, 19 Sep 2013 14:04:56 -0500 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux Message-ID:
This shouldn't really surprise anyone. Of course they'd at least give it a try. http://www.eweek.com/developer/linus-torvalds-talks-linux-development-at-linuxcon.html
From tom at ritter.vg Thu Sep 19 15:39:53 2013 From: tom at ritter.vg (Tom Ritter) Date: Thu, 19 Sep 2013 15:39:53 -0400 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To:
> Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter.
Is there any indication he took the question seriously and wasn't just making a joke? This is a lot to conclude from a single sentence.
-tom
From cypherpunk at cpunk.us Thu Sep 19 15:48:37 2013 From: cypherpunk at cpunk.us (CypherPunk) Date: Thu, 19 Sep 2013 14:48:37 -0500 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To:
On 09/19/2013 02:39 PM, Tom Ritter wrote: >> Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter. > > Is there any indication he took the question seriously and wasn't just > making a joke? This is a lot to conclude from a single sentence.
While he certainly could have been being humorous, I can't see why he would have indicated 'yes' for any reason. I mean, he could have made a funny comment or something sarcastic or any number of other responses. The shaking his head yes while saying now would seem to indicate that he's been told not to say that he's been asked.
It would seem logical that he would have been approached though. I mean, they want total tech coverage. Why would Linux escape their attention?
From loki at obscura.com Thu Sep 19 16:02:32 2013 From: loki at obscura.com (Lance Cottrell) Date: Thu, 19 Sep 2013 13:02:32 -0700 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To:
I would think that it is their job to ask. They may or not apply any pressure, but I would think just about everyone of significance at least gets a request.
It is like hitting on people in a bar. You may get told no a whole lot, but every once in a while, someone says yes.
-Lance
-- Lance Cottrell loki at obscura.com
On Sep 19, 2013, at 12:48 PM, CypherPunk
> On 09/19/2013 02:39 PM, Tom Ritter wrote: >>> Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter. >> >> Is there any indication he took the question seriously and wasn't just >> making a joke? This is a lot to conclude from a single sentence. > > While he certainly could have been being humorous, I can't see why he > would have indicated 'yes' for any reason. I mean, he could have made a > funny comment or something sarcastic or any number of other responses. > The shaking his head yes while saying now would seem to indicate that > he's been told not to say that he's been asked. > > It would seem logical that he would have been approached though. I mean, > they want total tech coverage. Why would Linux escape their attention? >
------next part ------An HTML attachment was scrubbed... URL:
From adi at hexapodia.org Thu Sep 19 17:19:48 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Thu, 19 Sep 2013 14:19:48 -0700 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To:
On Thu, Sep 19, 2013 at 02:48:37PM -0500, CypherPunk wrote: > On 09/19/2013 02:39 PM, Tom Ritter wrote: > >> Torvalds responded "no" while shaking his head "yes," as the > >> audience broke into spontaneous laughter. > > > > Is there any indication he took the question seriously and wasn't just > > making a joke? This is a lot to conclude from a single sentence. > > While he certainly could have been being humorous, I can't see why he > would have indicated 'yes' for any reason.
Because it's funny, and one of the ways that humans deal with stressful situations is through humor. http://en.wikipedia.org/wiki/Theories_of_humour#Humor_as_defense_mechanism
Having seen Linus give many talks through the years, I can assure you that he might make such a joke regardless of the true situation.
> I mean, he could have made a > funny comment or something sarcastic or any number of other responses. > The shaking his head yes while saying now would seem to indicate that > he's been told not to say that he's been asked.
Or it might indicate that he knew it would get a laugh from the audience. It's invalid to read detail into a single such comment.
> It would seem logical that he would have been approached though. I mean, > they want total tech coverage. Why would Linux escape their attention?
It would seem logical, yes. It would also seem logical for Them (tm) to game-theory two more stages, and specifically avoid asking the most prominent maintainers in favor of pressuring or encouraging lower-level contributors to insert (or avoid fixing) bugdoors. I don't think we have enough information to make an informed judgement which scenario has happened.
-andy
From jamesdbell8 at yahoo.com Thu Sep 19 18:46:37 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 19 Sep 2013 15:46:37 -0700 (PDT) Subject: Jim Bell's fiber-optic patent application. Message-ID: <[email protected]>
??? To the list members of Cypherpunks:? I, Jim Bell (yes, THAT Jim Bell) have just (re-) subscribed to the Cypherpunks list.? (Pardon me if I don't immediately attempt to relate the numerous reason(s) for my unfortunate 15-year absence.)?
??? Of some relevance to the list is the recent publication (by the US Patent and Trademark Office, USPTO) of my fiber-optic patent application.? See??? http:// www.freepatentsonline.com/WO2013101261A1.html? .? No, the patent hasn't been granted yet.? A brief description of the invention follows:? A silica optical fiber in which the core and inner-cladding are made from silica in which the silicon-atom content is modified from the usual 92.23% (atom/atom) Si-28 content, 4.67% Si-29, and 3.2% Si- 30.? A few of the possible advantage are, increase of the velocity-factor of the fiber to over 90% of 'c' (as opposed to the 68% of 'c' of existing fibers); a reduction in optical loss by a factor of 10-20 compared to existing fiber's 0.19 db/km; a factor of 10-20 reduction in 'optical dispersion' compared to existing fibers; an optical bandwidth increase to about 1000-1800 nanometers wavelength. ???? There is actually the prospect of some crypto-relevance here.? There is the Bell's theorem (not me, but John Stewart Bell's) theorem to the EPR (Einstein Podolsky Rosen) paradox. See the Wikipedia article "Bell's Theorem.? This led to experimentation where a single 'entangled photon' was sent down two optical fibers in opposite directions.? Eventually (30 or so kilometers apart, I believe) these photons were detected.?? See? http://www.cleoconference.org/library/images/cleo/PDF/2009/09- plenary-aspect.pdf? .??? My understanding is that the distance limitations of these experiments are determined primarily by the loss of the optical fiber.? If so, then a reduction by a factor of 10-20 in optical loss will result in an increase of a corresponding factor of 10-20 increase in the maximum practical distance of these kinds of quantum-entanglement experiments.? Presumably, this will lead eventually to the same degrees of increases in maximum distances over which quantum encryption could operate. ????? Jim Bell ------next part ------An HTML attachment was scrubbed... URL:
From coderman at gmail.com Thu Sep 19 21:48:31 2013 From: coderman at gmail.com (coderman) Date: Thu, 19 Sep 2013 18:48:31 -0700 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell
> have just (re-) subscribed to the Cypherpunks list. note that the "Cypherpunks list" at al-qaeda.net is verboten, having sufficiently instilled fear across a subset of the subscriber base...
> ... (Pardon me if I don't > immediately attempt to relate the numerous reason(s) for my unfortunate > 15-year absence.) pardon the decline in signal to noise ratio over the years as well, if you'd be so kind. ;)
> Of some relevance to the list is the recent publication (by the US > Patent and Trademark Office, USPTO) of my fiber-optic patent application. your next task, should you choose to accept it, is to make a fiber that is passive tap protected, while remaining economically viable... good luck!
From coderman at gmail.com Thu Sep 19 21:48:31 2013 From: coderman at gmail.com (coderman) Date: Thu, 19 Sep 2013 18:48:31 -0700 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> Message-ID:
On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell
> have just (re-) subscribed to the Cypherpunks list. note that the "Cypherpunks list" at al-qaeda.net is verboten, having sufficiently instilled fear across a subset of the subscriber base...
> ... (Pardon me if I don't > immediately attempt to relate the numerous reason(s) for my unfortunate > 15-year absence.) pardon the decline in signal to noise ratio over the years as well, if you'd be so kind. ;)
> Of some relevance to the list is the recent publication (by the US > Patent and Trademark Office, USPTO) of my fiber-optic patent application. your next task, should you choose to accept it, is to make a fiber that is passive tap protected, while remaining economically viable... good luck!
From tbiehn at gmail.com Fri Sep 20 00:28:38 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Fri, 20 Sep 2013 00:28:38 -0400 Subject: Jim Bell's fiber-optic patent application. In-Reply-To:
On Thu, Sep 19, 2013 at 9:48 PM, coderman
> On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell
Evidently he has made what he considers a step in this direction ;) -- Twitter
From tbiehn at gmail.com Fri Sep 20 00:28:38 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Fri, 20 Sep 2013 00:28:38 -0400 Subject: Jim Bell's fiber-optic patent application. In-Reply-To:
On Thu, Sep 19, 2013 at 9:48 PM, coderman
> On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell
Evidently he has made what he considers a step in this direction ;)
-- Twitter
From jschiel at flowtools.net Fri Sep 20 02:40:00 2013 From: jschiel at flowtools.net (John Schiel) Date: Fri, 20 Sep 2013 00:40:00 -0600 Subject: [Cryptography] prism proof email, namespaces, and anonymity In-Reply-To: <002101ceb4be$36af5810$a40e0830$@com> References: <[email protected]> <002101ceb4be$36af5810$a40e0830$@com> Message-ID:
--john
On Wed, Sep 18, 2013 at 4:27 PM, David D
> A slight drift OT... > > Email services with limited market penetration, not backed by dollars, and > brutalized by a smear campaign stating that the service is -only- used by > criminals, terrrrrists, etc. will limit its reach quickly. With a limited > reach you then have a much easier target for the govt. If I was a deviant > working for the NSA I would create a selector for all people using: > @prism-proof-email.com and spend a great deal of effort trying to break > it. > They could also simply seize the domain or deliver a piece of paper > requesting all of the data. > > One goal that we should all work for is to have ALL e-mail transport > methods > encrypted. This would create mountains of encrypted data and provide a > level of protection for all email that is now is lacking. I am > specifically referring to TLS on SMTP, POP3, and IMAP. > > This would require education on the systems side, working with the > Linux/BSD > distributions to make TLS enabled by default, and to generate the cert/key > on install (unique per install please). > > As a real world example... I received a support ticket response last week > that included account information, logins, etc. and it was delivered to my > mail server without a TLS connection. Aside from the obvious issue of > sending the data in an e-mail, they are sending all ticket responses > entirely in the clear on port 25. What year is it? > > A similar discussion for HTTP is also worthwhile. Namely, TLS1.2 > available > on all clients (Hello Firefox) and support for TLS1.2/PFS on the server > side > (Apache 2.4). > > > -----Original Message----- > From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of > Eugen > Leitl > Sent: Wednesday, September 18, 2013 3:35 PM > To: cypherpunks at al-qaeda.net; info at postbiota.org; zs-p2p at zerostate.is > Subject: [Cryptography] prism proof email, namespaces, and anonymity > > ----- Forwarded message from John Kelsey
From eugen at leitl.org Fri Sep 20 04:58:00 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 10:58:00 +0200 Subject: [Cryptography] A lot to learn from "Business Records FISA NSA Review" Message-ID: <[email protected]>
----- Forwarded message from Ray Dillinger
Date: Thu, 19 Sep 2013 10:02:35 -0700 From: Ray Dillinger
On 09/16/2013 07:58 AM, Perry E. Metzger wrote:
> Well, we do know they created things like the (not very usable) > seLinux MAC (Multilevel Access Control) system, so clearly they do > some hacking on security infrastructure.
SeLinux seems to be targeted mostly at organizational security, whereas the primary need these days is not organizational, but uniform.
That is to say, we don't in practice see many situations where different levels and departments of an organization have complex and different rules for how and whether they can access each other's information and complex requirements for audit trails.
What we see is simpler; we see systems used by people who have more or less uniform requirements and don't much need routine auditing, except for one or two administrators.
More useful than the complexity of SeLinux would be a relatively simple system in which ordinary Unix file permissions were cryptographically enforced. If for example read permissions on a file are exclusive to some user or some group, then that file should be encrypted so that no one else, even if the bytes are accessible to them by some means, should be able to make sense of it, and the configuration options should include not storing the key to it anywhere in the system -- let the user plug a USB stick in to give the key for his session, and let the user remove it to take that key away again whenever he's not using it, rather than leave it around on the hard drive somewhere potentially to be accessed by someone else at some other time.
We have spent years learning to protect the operating system from damage by casual mistakes and even from most actual attacks, because for years control of the computer itself was the only notable asset that needed to be protected. It is still true that control of the computer is always at least as valuable as everything else that it could be used to compromise, but with unencrypted files it can compromise far too much. And the value of what is stored in individual accounts has gotten far too high to *NOT* give protecting them at least as much thought as protecting root's access rights. Photographs, banking records, schedules, archived mail going back for years, browser histories, "wallets" that contain many other keys, etc, etc. This is far different from old days when what was on a user's account was basically a few programs the user used and some text or code that the user had written. We need to catch up.
Bear
______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 20 06:51:30 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 12:51:30 +0200 Subject: [liberationtech] Random number generation being influenced - rumors Message-ID: <[email protected]>
----- Forwarded message from Maxim Kammerer
Date: Fri, 20 Sep 2013 10:56:45 +0300 From: Maxim Kammerer
On Sat, Sep 7, 2013 at 6:21 PM, Maxim Kammerer
By the way, that Android PRNG fiasco? Intel's job, originally. Meet Yuri: https://issues.apache.org/jira/browse/HARMONY-872
-- Maxim Kammerer Libert? Linux: http://dee.su/liberte -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 20 08:02:51 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 14:02:51 +0200 Subject: [coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Message-ID: <[email protected]>
----- Forwarded message from Patrick Georgi
Date: Fri, 20 Sep 2013 13:49:49 +0200 From: Patrick Georgi
Am 2013-09-20 11:51, schrieb Eugen Leitl: > The Intel Atom-based MinnowBoard is a new UEFI dev platform, and it's > Linux-based, and targets hackers; it uses Intel's definition of "Open > Hardware", mainly meaning no NDAs involved. It is much cheaper and > smaller than the above box. > http://minnowboard.org/ > http://uefidk.intel.com/content/minnowboard-uefi-firmware To wit, its download page is guarded by a long, non-free EULA: http://uefidk.intel.com/content/minnowboard-uefi-firmware-eula Some of the components also seem to be binary-only.
> Both of these boxes let you reflash your system firmware with your > custom build of BSD-licensed TianoCore UEFI. BSD-licensed TianoCore + heaps of binary modules that are currently only available under NDA. They'd also require some additional code (probably binary only?) to make Tiano resembling something like a complete and secure implementation.
>
> Personally, I wish EFF/FSF and other open/free tech groups would form > a Linaro-like firmware group and produce their own UEFI firmware > image, as an option for OEMs. Personally, I wish people wouldn't wish for someone else to start groups, but do it themselves for a change.
However that brings the risk of seeing that things aren't quite as simple and might ultimately fail. Of course, soapboxes and arm chairs are much more comfortable and comparably risk-free.
> There needs to be some Free Boot alternative to Secure Boot, with > certs from EFF/FSF/etc and the open source distro vendors, not just > OEMs/MSFT in the firmware, and it needs to target booting from a > handful of main open source distros, not just 1 commercial OS. Else, > UEFI will turn Personal Computers into Windows PCs, ending the era of > General Purpose computing. "main open source distros" is not enough since it creates a gatekeeper model. "Secure Boot" (which is really a Verified Boot) without physical user override doesn't cut it.
ChromeBooks, using coreboot, provide a mostly* Open Source Verified Boot model with physical user override (with two override modes: safe via dev mode switch, and complete via jumper).
* (blame Intel) tl;dr: Comparing coreboot, Lemote, UEFI and Tianocore isn't as easy as people seem to believe.
Regards, Patrick
-- coreboot mailing list: coreboot at coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 20 08:10:34 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 14:10:34 +0200 Subject: [Cryptography] FISA court releases its "Primary Order" re telephone metadata Message-ID: <[email protected]>
----- Forwarded message from John Gilmore
Date: Tue, 17 Sep 2013 18:02:27 -0700 From: John Gilmore
The FISA court has a web site (newly, this year):
http://www.uscourts.gov/uscourts/courts/fisc/index.html
Today they released a "Memorandum Opinion and Primary Order" in case BR 13-109 ("Business Records, 2013, case 109"), which lays out the legal reasoning behind ordering several telephone companies to prospectively give NSA the calling records of every subscriber. That document is here:
http://www.uscourts.gov/uscourts/courts/fisc/br13-09-primary-order.pdf
I am still reading it...
John ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 20 08:16:04 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 14:16:04 +0200 Subject: [Cryptography] The paranoid approach to crypto-plumbing Message-ID: <[email protected]>
----- Forwarded message from John Kelsey
Date: Wed, 18 Sep 2013 00:42:47 -0400 From: John Kelsey
For hash functions, MACs, and signature schemes, simply concatenating hashes/MACs/ signatures gives you at least the security of the stronger one. Joux multicollisions simply tell us that concatenating two or more hashes of the same size doesn't improve their resistance to brute force collsion search much. The only thing you have to be sure of there is that the MAC and signature functions aren't allowed access to each others' secret keys or internal random numbers. Otherwise, MAC#1 can always take the value of MAC#2's key. This is just message, signature 1, signature 2 where the signatures are over the message only.
For encryption algorithms, superencryption works fine. You can first encrypt with AES-CBC, then encrypt with Twofish-CFB, then with CAST5 in CFB mode. Again, assuming you are not letting the algorithms know each others' internal state or keys, if any of these algorithms are resistant to chosen plaintext attacks, then the combination will be. This doesn't guarantee that the combination will be any stronger than the strongest of these, but it will be no weaker. (Biham and later Wagner had some clever attacks against some chaining modes using single-DES that showed that you wouldn't always get anything stronger than one of the ciphers, but if any of these layers is strong, then the whole encryption is strong.
An alternative approach is to construct a single super-block-cipher, say AES*Twofish*SERPENT, and use it in a standard chaining mode. However, then you are still vulnerable to problems with your chaining mode--the CBC reaction attacks could still defeat a system that used AES*Twofish*SERPENT in CBC mode, but not AES-CBC followed by Twofish-CFB followed by SERPENT-CTR.
For key-encryption or transport, I think it's a little more complicated. If I need six symmetric keys and want to use three public key methods (say ECDH, NTRU, RSA) to transport the key, I've got to figure out a way to get the benefit from all these key exchange mechanisms to all six symmetric keys, in a way that I'm sure will not leak any information about any of them. Normally we would use a KDF for this, but we don't want to trust any one crypto algorithm not to screw us over.
I think we can get this if we assume that we can have multiple KDFs that have secrets from one another. That is, I compute
KDF1( key1, combined key exchange input) XOR KDF2( key2, combined key exchange input)
The reason the two KDFs need keys that are secret from each other is because otherwise, KDF1 could just duplicate KDF2 and we'd get an all-zero set of keys. If KDF2 is strong, then KDF1 can't generate an output string with any relationship to KDF2's string when it doesn't know all the input KDF2 is getting.
I agree with Perry that this is probably padlocking a screen door. On the other hand, if we want to do it, we want to make sure we guard against as many bad things as possible. In particular, it would be easy to do this in such a way that we missed chaining mode/reaction type attacks.
--John ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL:
From eugen at leitl.org Fri Sep 20 08:16:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 20 Sep 2013 14:16:40 +0200 Subject: [Cryptography] PRISM-Proofing and PRISM-Hardening Message-ID: <[email protected]>
----- Forwarded message from ianG
Date: Wed, 18 Sep 2013 11:05:46 +0300 From: ianG
On 17/09/13 23:52 PM, John Kemp wrote: > On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker >> I am sure there are other ways to increase the work factor. > > I think that "increasing the work factor" would often result in > switching the kind of "work" performed to that which is easier than > breaking secrets directly. Yes, that's the logical consequence & approach to managing risks. Mitigate the attack, to push attention to easier and less costly attacks, and then start working on those. There is a mindset in cryptography circles that we eliminate entirely the attacks we can, and ignore the rest. This is unfortunately not how the real world works. Most of risk management outside cryptography is about reducing risks not eliminating them, and managing the interplay between those reduced risks. Most unfortunate, because it leads cryptographers to strange recommendations. > That may be good. Or it may not. If other attacks are more costly to defender and easyish for the attacker, then perhaps it is bad. But it isn't really a common approach in our security world to leave open the easiest attack, as the best alternative. Granted, this approach is used elsewhere (in warfare for example, minefields and wire will be laid to channel the attack). If we can push an attacker from mass passive surveillance to targetted direct attacks, that is a huge win. The former scales, the latter does not. > "PRISM-Hardening" seems like a blunt instrument, or at least one which > may only be considered worthwhile in a particular context (technical > protection) and which ignores the wider context (in which such technical > protections alone are insufficient against this particular adversary). If I understand it correctly, PRISM is or has become the byword for the NSA's vacuuming of all traffic for mass passive surveillance. In which case, this is the first attack of all, and the most damaging, because it is undetectable, connects you to all your contacts, and stores all your open documents. From the position of a systems provider, mass surveillance is possibly the most important attack to mitigate. This is because: we know it is done to everyone, and therefore it is done to our users, and it informs every other attack. For all the other targetted and active attacks, we have far less certainty about the targetting (user) and the vulnerability (platform, etc). And they are very costly, by several orders of magnitude more than mass surveillance. iang ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From apexcp at gmail.com Fri Sep 20 10:34:22 2013 From: apexcp at gmail.com (Patrick) Date: Fri, 20 Sep 2013 10:34:22 -0400 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To: <[email protected]> References: "Oh, Christ. It was obviously a joke, no government agency has ever asked me for a backdoor in Linux," Torvalds told *Mashable* via email. "Really. Cross my heart and hope to die, really." On Thu, Sep 19, 2013 at 5:19 PM, Andy Isaacson > On Thu, Sep 19, 2013 at 02:48:37PM -0500, CypherPunk wrote: > > On 09/19/2013 02:39 PM, Tom Ritter wrote: > > >> Torvalds responded "no" while shaking his head "yes," as the > > >> audience broke into spontaneous laughter. > > > > > > Is there any indication he took the question seriously and wasn't just > > > making a joke? This is a lot to conclude from a single sentence. > > > > While he certainly could have been being humorous, I can't see why he > > would have indicated 'yes' for any reason. > > Because it's funny, and one of the ways that humans deal with stressful > situations is through humor. > > http://en.wikipedia.org/wiki/Theories_of_humour#Humor_as_defense_mechanism > > Having seen Linus give many talks through the years, I can assure you > that he might make such a joke regardless of the true situation. > > > I mean, he could have made a > > funny comment or something sarcastic or any number of other responses. > > The shaking his head yes while saying now would seem to indicate that > > he's been told not to say that he's been asked. > > Or it might indicate that he knew it would get a laugh from the > audience. It's invalid to read detail into a single such comment. > > > It would seem logical that he would have been approached though. I mean, > > they want total tech coverage. Why would Linux escape their attention? > > It would seem logical, yes. It would also seem logical for Them (tm) to > game-theory two more stages, and specifically avoid asking the most > prominent maintainers in favor of pressuring or encouraging lower-level > contributors to insert (or avoid fixing) bugdoors. I don't think we > have enough information to make an informed judgement which scenario has > happened. > > -andy > ------next part ------An HTML attachment was scrubbed... URL: From davidroman96 at gmail.com Fri Sep 20 10:59:23 2013 From: davidroman96 at gmail.com (Stakewinner00) Date: Fri, 20 Sep 2013 16:59:23 +0200 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To: On 20/09/2013 16:34, Patrick wrote: > http://mashable.com/2013/09/19/linus-torvalds-backdoor-linux/ > > No, the Government Never Asked Linus Torvalds for a Backdoor in Linux > > "Oh, Christ. It was obviously a joke, no government agency has ever asked > me for a backdoor in Linux," Torvalds told *Mashable* via email. "Really. > Cross my heart and hope to die, really." > > > On Thu, Sep 19, 2013 at 5:19 PM, Andy Isaacson From wb8foz at nrk.com Fri Sep 20 11:09:33 2013 From: wb8foz at nrk.com (David) Date: Fri, 20 Sep 2013 11:09:33 -0400 Subject: Linus Torvalds admits he was asked to insert a backdoor into GNU/Linux In-Reply-To: <[email protected]> References: On 9/20/13 10:59 AM, Stakewinner00 wrote: > I think that the Goverment don't need to ask for a Backdoor in Linux. > The goverment can ask Intel for a Backdoor in the hardware. The existence of Linux on ARM adds to the complexity of such approaches. From bbrewer at littledystopia.net Fri Sep 20 15:14:22 2013 From: bbrewer at littledystopia.net (b. brewer) Date: Fri, 20 Sep 2013 15:14:22 -0400 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/19/2013 9:48 PM, coderman wrote: > note that the "Cypherpunks list" at al-qaeda.net is verboten, > having sufficiently instilled fear across a subset of the > subscriber base... And, a bit off topic, but along that note: Is everyone else getting duplicate posts over the past 3 or 4 days? I'm assuming it has something to do with the dual-lists changeover that occurred somewhat recently... -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSPJ6OAAoJEL6hlgkLoYcABboH/1foDduK6G/7bek1JYqv+zg4 NUNF1kIqnlYEkZljGYNJtWYORGu9HEnoNhTHVTc1ZkkWmJmfkGOSqIrct/I6aPM+ kx+UYb/TePLpYkR3yCAZOjWOhHgaZSC7Rvl5ip3numTop6CsclzZAlthJTEPPAx9 HCT9ufRGCAnjb4zw9g5u3tENcutSD64Qbfg+I/hujlKBzgP6atTpeAAsqblHmSVv e8LJbAfUSPbX9giQMxFRhh9d7cluyK0hEsi4RFPMh0IZuhr3SinYn8NvSTpCPoPl WDeEzEMzCJEeHIOt0kPC/TVJryyLM75IH7sjx7sctn9/gJUoVVt01aSka+1qxbg= =mzIL -----END PGP SIGNATURE----- From rich at openwatch.net Fri Sep 20 15:30:08 2013 From: rich at openwatch.net (Rich Jones) Date: Fri, 20 Sep 2013 12:30:08 -0700 Subject: Mailtap Message-ID: Did a quick little write-up about the USPS response to my MICT FOIA, thought you might be interested. Thanks to Cryptome for posting the LEO spy forms orignally! https://openwatch.net/i/248/mailtap-usps-documents-expose-how-local-police-a Can anybody spot me $500,000? ????????????? Rich Jones * OpenWatch From jamesdbell8 at yahoo.com Fri Sep 20 18:08:57 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 20 Sep 2013 15:08:57 -0700 (PDT) Subject: Fw: [Cryptography] FISA court releases its "Primary Order" re telephone metadata In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID: <[email protected]> >From: Eugen Leitl >To: cypherpunks at al-qaeda.net; info at postbiota.org; zs-p2p at zerostate.is >Sent: Friday, September 20, 2013 5:10 AM >Subject: [Cryptography] FISA court releases its "Primary Order" re telephone metadata >----- Forwarded message from John Gilmore Armed with my nearly 12 years of daily visits to prison law libraries, I can report that this "Memorandum Opinion and Primary Order" contains many legal errors and false representations and assumptions, and indeed the facts have changed mightily since the issuance of the 1979 "Smith v. Maryland" Supreme Court decision that supported the use of 'pen registers', which provided (only) the phone number called by a given telephone line.? One is that in 1979, there was only one phone company, or at least one per geographic area, that fact having been changed by the 1983 breakup of the telephone monopoly by Judge Green.? The assumption can no longer be made that modern telephone companies WANT to share metadata with the government; prior to 1979 it would have been virtually assumed that they were willing to so share.? The Smith case, above, merely supported the practice of a phone company voluntarily giving information to the government, without the government obtaining a warrant:? It didn't require that these phone companies share that information without a warrant. Today, a company may simply be unwilling to share that data, or can be convinced to declare that unwillingness now (after the Snowden/ NSA revelations) and the public can be expected to want its chosen phone companies to refuse.? Another difference (or reality) is that these warrants refer repeatedly to 'business records':? Ostensibly, because this metadata is a 'business record', somehow the phone co. can be expected to provide it. ?? While there may not have been any reason for phone companies to keep telephone calling records ('metadata') in 1979, there is certainly no need for such records today.? In 1979, long-distance telephone calls were billed by time, and by distance to the called party, and they generally kept the full phone number as part of the record..?? Today, it is common to have unlimited LD contracts, which disregard the distance of the call or its duration, or both, at least within the US, making it entirely unnecessary for the phone company to keep records on calls. (Or, simply the duration of a phone call could be recorded, if the total time is billed.) ? In principle, therefore, a phone company could announce that it was ceasing keeping such metadata, as a matter of business records.? Or, it could keep metadata, and X-out the last four digits of all called-telephone numbers, making those records virtually useless for any large-scale investigational use.? Yet another way for a phone co. to fight back would be to provide that metadata to the government, printed out on paper, in tiny "captcha"-type font, or perhaps in some kind of pseudo- randomized cursive font, so that it would be readable, yet it would also be virtually impossible for the government to return that information to an electronically- accessible font.? Sure, that tactic might result in yet another court-order, but that will amount to a further reason to challenge that court:? "The government is getting the information it requested, it may simply not be getting it in the form it wants." Another attack is suggested by both the Smith case and this primary order url'ed above:? The assertion that there is no 'expectation of privacy' in phone numbers given by the user to the phone company(ies).? This could be challenged simply if the phone co's declared to its customers, "We will keep your telephone metadata secret except if given a warrant providing individualized suspicion against you:? A general warrant asking for all telephone metadata will not be honored and in fact will be publicized by means of leak or otherwise.? Further, we will no longer retain the last four digits of numbers you call, in your records, or the last four digits of your telephone number, in records of calls to you."? At that point, the 'expectation of privacy' declared non-existent by the 1979 Smith decision will return. ?????? Jim Bell ------next part ------An HTML attachment was scrubbed... URL: From tbiehn at gmail.com Fri Sep 20 19:12:50 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Fri, 20 Sep 2013 19:12:50 -0400 Subject: Mailtap In-Reply-To: Rich, Forgive my ignorance but can't a mainstream news organization (as defied by the FOIA law) just duplicate your FOIA request? -Travis On Fri, Sep 20, 2013 at 3:30 PM, Rich Jones > Did a quick little write-up about the USPS response to my MICT FOIA, > thought you might be interested. Thanks to Cryptome for posting the LEO spy > forms orignally! > > > https://openwatch.net/i/248/mailtap-usps-documents-expose-how-local-police-a > > Can anybody spot me $500,000? > > > ????????????? > > Rich Jones > * > OpenWatch -- Twitter From gbroiles at gmail.com Fri Sep 20 19:38:06 2013 From: gbroiles at gmail.com (Greg Broiles) Date: Fri, 20 Sep 2013 16:38:06 -0700 Subject: Mailtap In-Reply-To: On Fri, Sep 20, 2013 at 4:12 PM, Travis Biehn > Forgive my ignorance but can't a mainstream news organization (as defied > by the FOIA law) just duplicate your FOIA request? They could - this sort of hack/approach has been controversial recently in the institutional FOIA community, where agencies may "aggregate" requests that they believe are part of a concerted effort to avoid fees by having multiple requestors each request subsets of the responsive records, since small requests are often processed without fees. The suggestion isn't that, exactly, but FOIA response units are aware generally of efforts to reduce/avoid fees, so I wouldn't be surprised if this approach met with resistance. See https://pressfreedomfoundation.org/blog/2013/09/time-doj%E2%80%99s-foia-cop-accused- me-engaging-vast-foia-conspiracyfor more. -- Greg Broiles gbroiles at gmail.com (Lists only. Not for confidential communications.) ------next part ------An HTML attachment was scrubbed... URL: From jamesdbell8 at yahoo.com Fri Sep 20 23:53:35 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 20 Sep 2013 20:53:35 -0700 (PDT) Subject: Jim Bell's fiber-optic patent application. In-Reply-To: On Thu, Sep 19, 2013 at 9:48 PM, coderman On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell >Evidently he has made what he considers a step in this direction ;) Yes, I understand that a dramatic reduction in loss could accomplish that.? But, as is obvious (particularly recently, with the Snowden revelations) we have far more important, yet basic, vulnerabilities to worry about just now, particularly since the major Internet and telecommunications companies are now known to have been betraying us by letting the NSA keep 'every' email, and telephone metadata, and adding crypto back-doors into net encryption software. I propose that the public force such companies to sign what I'd call "Disloyalty oaths", promises to be disloyal to any and every government.? This would include a promise that if subjected to any sort of court order (even and especially those requiring that the company keep silent as to the existence of said order) that the order would be 'leaked' shortly, say less than a week, to an organization (Cryptome; Wikileaks) that would publicize it.? Primary methods as crude as leaving a few hundred copies of the order at the company water-cooler, or in the cafeteria, or by the copier, would probably induce volunteer leakers to mail copies to the leak-publication organizations.? Governments and courts have little reason to issue such orders if their existence will be leaked, particularly if they are going to be very quickly leaked.? Leaks, obviously, are very easy to do these days and the identity of the leaker would be very hard to know, and even harder to prove.? Chances are good that such court-orders simply will cease. ???? Jim Bell ------next part ------An HTML attachment was scrubbed... URL: From g13005 at gmail.com Sat Sep 21 03:55:35 2013 From: g13005 at gmail.com (Chris Olesch) Date: Sat, 21 Sep 2013 02:55:35 -0500 Subject: Mailtap In-Reply-To: Ill pitch in $20. Perhaps you could start one of those fund campaigns to collect the needed monies. On Friday, September 20, 2013, Rich Jones wrote: > Did a quick little write-up about the USPS response to my MICT FOIA, > thought you might be interested. Thanks to Cryptome for posting the LEO spy > forms orignally! > > > https://openwatch.net/i/248/mailtap-usps-documents-expose-how-local-police-a > > Can anybody spot me $500,000? > > > ????????????? > > Rich Jones > * > OpenWatch ------Christopher Olesch *"Affordable IT Services for Non-Profit & Small Business"* || http://www.ngotechnology.org/ || http://www.linkedin.com/in/chrisoleschjr *Masonic Affiliations:* || http://www.scottishritechicago.org || http://www.supremecouncil.org/ || http://www.ilmason.org/ *Online Artistic Portfolio* || http://cjolesch.deviantart.com/ ------next part ------An HTML attachment was scrubbed... URL: From tbiehn at gmail.com Sat Sep 21 04:28:44 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Sat, 21 Sep 2013 04:28:44 -0400 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> Doesn't the bureaucracy just react to these shenanigans rather than quit? Cat + Mouse. They find other methods for coercion. They increase accountability. Make leaks punishable to the CEO directly. Better that it be made 'impossible' rather than part of policy. Since policy is 'worthless'... On Sep 20, 2013 8:53 PM, "Jim Bell" > > On Thu, Sep 19, 2013 at 9:48 PM, coderman From adam at cypherspace.org Sat Sep 21 05:18:19 2013 From: adam at cypherspace.org (Adam Back) Date: Sat, 21 Sep 2013 11:18:19 +0200 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: I'd say one problem is cultural amongst the security cleared and ex-TLA people with security people or current double agent security people on the telco payroll. Until they internalize that they are part of a dangerous to democracy and civilization STASI 2.0 system, the problem will continue, because these kind of gag order things are going to be handled by security cleared people only. In that way they can probably legally hide it from the CEO and the rest of the company, by gagging the intercept request handling people. And they can surely require, if they do not already, that the intercept handling people be security cleared. And in that environment its got to be easy on $250m/year black budget to stack the intercept handling departments in the important (large) telco's with not just security cleared, but true-believer ex-TLA types, or simply double agents. They dont hve to pay the full salary just an off the books loyalty bonus, as the telco is paying for its own subversion. So I think the main hope which is probably fairly slim, is that society views shift to make even those ex-TLA people start to question whether they are on the right side of history to the extent they have any ethics. Another thought you've got to wonder if people dieing is a problem. Whats to stop an extremely conservative risk mentality security cleared person, writing his memoirs spilling all in complete detail, parked with a lawyer for release on death. (Eg envelopes to be posted to NYT et al on his eventual death). Maybe that means old, and terminal people are going to find it hard to be employed in security cleared roles. Adam On Sat, Sep 21, 2013 at 04:28:44AM -0400, Travis Biehn wrote: > Doesn't the bureaucracy just react to these shenanigans rather than > quit? Cat + Mouse. They find other methods for coercion. They increase > accountability. Make leaks punishable to the CEO directly. > > Better that it be made 'impossible' rather than part of policy. Since > policy is 'worthless'... > > On Sep 20, 2013 8:53 PM, "Jim Bell" <[1]jamesdbell8 at yahoo.com> wrote: > > On Thu, Sep 19, 2013 at 9:48 PM, coderman <[2]coderman at gmail.com> > wrote: > > On Thu, Sep 19, 2013 at 3:46 PM, Jim Bell <[3]jamesdbell8 at yahoo.com> > wrote: > > To the list members of Cypherpunks: I, Jim Bell (yes, THAT Jim > Bell) > > please authenticate yourself with NIST P-192; secp256r1 seeded via > Dual_EC_DRBG, > > > have just (re-) subscribed to the Cypherpunks list. > > note that the "Cypherpunks list" at [4]al-qaeda.net is verboten, > having > sufficiently instilled fear across a subset of the subscriber > base... > > ... (Pardon me if I don't > > > immediately attempt to relate the numerous reason(s) for my > unfortunate > > 15-year absence.) > > pardon the decline in signal to noise ratio over the years as well, > if > you'd be so kind. ;) > > > Of some relevance to the list is the recent publication (by the > US > > Patent and Trademark Office, USPTO) of my fiber-optic patent > application. > > your next task, should you choose to accept it, is to make a fiber > that is passive tap protected, while remaining economically > viable... > good luck! > > >>"Presumably, this will lead eventually to the same degrees of > increases in maximum distances over which quantum encryption could > operate." > >Evidently he has made what he considers a step in this direction ;) > Yes, I understand that a dramatic reduction in loss could accomplish > that. But, as is obvious (particularly recently, with the Snowden > revelations) we have far more important, yet basic, vulnerabilities to > worry about just now, particularly since the major Internet and > telecommunications companies are now known to have been betraying us by > letting the NSA keep 'every' email, and telephone metadata, and adding > crypto back-doors into net encryption software. > I propose that the public force such companies to sign what I'd call > "Disloyalty oaths", promises to be disloyal to any and every > government. This would include a promise that if subjected to any sort > of court order (even and especially those requiring that the company > keep silent as to the existence of said order) that the order would be > 'leaked' shortly, say less than a week, to an organization (Cryptome; > Wikileaks) that would publicize it. Primary methods as crude as > leaving a few hundred copies of the order at the company water-cooler, > or in the cafeteria, or by the copier, would probably induce volunteer > leakers to mail copies to the leak-publication organizations. > Governments and courts have little reason to issue such orders if their > existence will be leaked, particularly if they are going to be very > quickly leaked. Leaks, obviously, are very easy to do these days and > the identity of the leaker would be very hard to know, and even harder > to prove. Chances are good that such court-orders simply will cease. > Jim Bell > >References > > 1. mailto:jamesdbell8 at yahoo.com > 2. mailto:coderman at gmail.com > 3. mailto:jamesdbell8 at yahoo.com > 4. http://al-qaeda.net/ From eugen at leitl.org Sat Sep 21 08:33:31 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 21 Sep 2013 14:33:31 +0200 Subject: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Message-ID: <[email protected]> ----- Forwarded message from Micah Lee Date: Fri, 20 Sep 2013 11:15:54 -0700 From: Micah Lee On 09/12/2013 04:14 PM, Erik de Castro Lopo wrote: > Bernard Tyers - ei8fdb wrote: > >> Stefan: Why not? > > For verification, OpenPGP on smartphones is *possibly* ok. For > a device used to sign or encrypt smartphones are totally > inappropriate regardless of the potential convenience. > > No such agency and the like are almost certainly able (with the > help of carriers and manufacturers) backdoor and exploit all > the major smartphone brands and models [0]. > > Smartphones are horrendously complex, rely heavily on untrusted > binary blobs, have mutiple CPUs some without direct owner/user > control (eg the CPU doing the baseband processing) [1]. > Currently these devices are impossibly difficult to secure. > > Erik > > [0] http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart- phone-data-a-920971.html > [1] http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17- 01-2011/ I completely disagree. Ubiquitous end-to-end encryption will help protect against *dragnet* surveillance. The fact that smartphones are imminently pwnable doesn't change this fact. Even if you're using a Carrier IQ-infested/baseband backdoored device, adversaries would still need to *target* you in order to compromise your OpenPGP conversations. Saying that we shouldn't encourage OpenPGP on smartphones is like saying we shouldn't encourage it on Windows computers either. There's a big difference between encrypted internet traffic and endpoint security, and just because the endpoint isn't 100% secure doesn't mean you should give up on encrypting traffic. Undetectable, sniffing the wire eavesdropping is the preferred way that NSA and GCHQ conduct surveillance. Every time they try to hack into a laptop or smartphone they run the risk of detection. They might be really good, and detection might be very unlikely, but it's still risky because these are active attacks, and they are much more expensive than getting handed all the data passively. They can't afford to do *dragnet* endpoint attacks. There doesn't seem to be these same complaints against OTR on smartphones, and in fact Gibberbot and ChatSecure seem to be celebrated by this community, but they suffer all the same problems (and likely even more, because they run on Android and iOS) that OpenPGP built-in to Firefox OS would. For that matter, RedPhone, CSipSimple and OStel, TextSecure, and Orbot also all from running on smartphones. Should all these projects get discouraged too? At this point, nothing is completely secure. The most talented hackers I know use ThinkPads (with alleged Chinese hardware backdoors [0]) and run Debian (researchers recently crashed 1.2k Debian packages with automated fuzzing [1] -- how many of these are overflows, how many have already been systematically weaponized by the NSA?). Should we discourage people using OpenPGP on ThinkPads, or when using Debian? The best we can strive to do is make surveillance more expensive, force it to be targeted, force it to be detectable, and make the cost of spying on everyone as expensive as possible. I'm really happy to hear that Firefox OS is building end-to-end encryption tools into their phone, something that I hope all smartphone OSes copy. [0] http://www.afr.com/p/technology/ spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL [1] http://lists.debian.org/debian-devel/2013/06/msg00720.html -- Micah Lee @micahflee -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu. ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Sat Sep 21 08:43:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 21 Sep 2013 14:43:29 +0200 Subject: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Message-ID: <[email protected]> ----- Forwarded message from John Sullivan Date: Fri, 20 Sep 2013 15:04:14 -0400 From: John Sullivan Blibbet >> (We call the bad version of Secure Boot, where the user does not have >> the ability to modify the set of trusted keys or disable the system, >> Restricted Boot.) >> >> We have discussed the idea of trying to become a root key holder for >> Secure Boot, working with OEMs to by default trust GNU/Linux distro keys >> signed by us, but have been told that the cost of complying with the >> requirements would be in the millions. We're still interested, if anyone >> has funding. > > Can you please point to the source of this "millions" comment? I see > UEFI Forum membership as being $2500/yr max for an org, and free for > an individual. The latter can't influence codebase and has a 3 page > license, the former can impact codebase and has a 9 page license. > http://www.uefi.org/join > Those are the costs for being just a member of UEFI -- what you were suggesting originally was being a root key holder, able to sign developer keys which can then be used to sign operating systems to boot under Secure Boot equipped firmwares that ship recognizing that root key. This would be nice, because then people wouldn't be so dependent on Microsoft's Certificate Authority. But, this comes with the kinds of costs you might expect from a secure operation to keep certs safe -- insurance, audits, running the process of signing developer keys, etc. I don't know where all of the costs come from but I can see how they build up quickly. > So, has FSF looked at working with an IBV or a PC OEM, about doing a > proper UEFI-based system with a proper Secure Boot feature that works > with Linux? > Some -- resources for all of this are an issue. Also depends if by "proper" you mean that it comes enabled and preloaded with trusted keys, in which case see above. >> In the meantime, we would love to receive any reports of x86 systems >> purchased with Secure Boot that actually have Restricted Boot. > > BTW, here's latest status from Intel UEFI w/r/t Linux, a talk from > last week's IDF: > > http://uefi.blogspot.com/2013/09/uefi-at-idf13-part-2-uefi-secure-boot.html > > The speaker of that talk will be at a UEFI training event at a local > hackerspace, answering questions on UEFI. If anyone has some good > questions to ask him, I'll be happy to relay. One thing that would make this whole mess better would be if drivers could effectively be signed by more than one key. That would help lessen some of the dependency on Microsoft, because drivers could be signed by smaller party keys without having to drop Microsoft. I think this is allowed for by policy and signing format but is not being implemented. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Sat Sep 21 08:44:10 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 21 Sep 2013 14:44:10 +0200 Subject: [coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Message-ID: <[email protected]> ----- Forwarded message from David Hendricks Date: Fri, 20 Sep 2013 12:07:00 -0700 From: David Hendricks > > Both of these boxes let you reflash your system firmware with your > >> custom build of BSD-licensed TianoCore UEFI. >> > BSD-licensed TianoCore + heaps of binary modules that are currently only > available under NDA. > They'd also require some additional code (probably binary only?) to make > Tiano resembling something like a complete and secure implementation. And as far as FOSS firmware development goes, Gizmo Board ( http://www.gizmosphere.org/why-gizmo/gizmoboard/) is far superior and actually ships with fully functioning open source firmware derived from coreboot. No blobs, no restrictive licensing. > Indeed. TianoCore is not a full firmware implementation -- It usually sits atop a layer cake of non-free / binary components that do the actual work of initializing the hardware. As Patrick points out, Coreboot running with TianoCore on top as a payload can accomplish what you seem to be asking for. There has been substantial work done here already, so if you *really* need UEFI services you can work on polishing it up: http://www.phoronix.com/scan.php?page=news_item&px=MTI4ODU -- David Hendricks (dhendrix) Systems Software Engineer, Google Inc. -- coreboot mailing list: coreboot at coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From jya at pipeline.com Sat Sep 21 11:43:21 2013 From: jya at pipeline.com (John Young) Date: Sat, 21 Sep 2013 11:43:21 -0400 Subject: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: Bear in mind that most spying is not done by TLAs but by commerce, contractors, orgs, edus, religions, hackers, entreprenuers, comsec peddlers, criminals and venal individuals. Against these lightly- or un-regulated swarming, ubiquitous data harvesters encryption and anonymization is essential. Not least because they sell data to the TLAs without the pretense of regulation aimed at limiting official spying which serves as a diverting cloak for the other kinds who join the far greater crowd fingerpointing away from themselves. One of the greatest online deceptions are privacy policies, along with nefarious log files and other management tools, tricks, traps, con-jobs, built into every digital enterprise, defended as necessary for sysadmining and protecting the democracy, the internet, the people. Far worse duplicity than official propaganda which, no surprise, copies the unofficial practices as advised by self-serving advisory boards and consultants from com, org, edu, religion, individual, criminals, the lot. Best way to spot a duplicity expert is to gander a cryptographer or a proponent of ubiquitous encryption anonymization and privacy. These stalwarts work both sides for MITM rewards. Which is why these lists are predominately popluated by leeches with a few newbies looking for mentors. This has always been the case, not new with digital intercourse At 08:33 AM 9/21/2013, you wrote: > cypherpunks at al-qaeda.net From jd.cypherpunks at gmail.com Sat Sep 21 14:24:43 2013 From: jd.cypherpunks at gmail.com (jd.cypherpunks at gmail.com) Date: Sat, 21 Sep 2013 21:24:43 +0300 Subject: News from Eric Hughes Message-ID: <[email protected]> Cypherpunk Eric Hughes: Der ?berwachungsalptraum ist wahr geworden - http://t.co/ hZAWMTEKWZ (DE only) Die Zeit Google translation: http://translate.google.com/translate?sl=auto&tl=en&u=http%3A// t.co/hZAWMTEKWZ --Michael ------next part ------An HTML attachment was scrubbed... URL: From jd.cypherpunks at gmail.com Sat Sep 21 14:24:43 2013 From: jd.cypherpunks at gmail.com (jd.cypherpunks at gmail.com) Date: Sat, 21 Sep 2013 21:24:43 +0300 Subject: News from Eric Hughes Message-ID: <[email protected]> Cypherpunk Eric Hughes: Der ?berwachungsalptraum ist wahr geworden - http://t.co/ hZAWMTEKWZ (DE only) Die Zeit Google translation: http://translate.google.com/translate?sl=auto&tl=en&u=http%3A// t.co/hZAWMTEKWZ --Michael ------next part ------An HTML attachment was scrubbed... URL: From cryptofreak at cpunk.us Sat Sep 21 14:30:40 2013 From: cryptofreak at cpunk.us (CryptoFreak) Date: Sat, 21 Sep 2013 13:30:40 -0500 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> On 09/20/2013 10:53 PM, Jim Bell wrote: > > On Thu, Sep 19, 2013 at 9:48 PM, coderman I completely support the idea of disloyalty oaths. The only problem I see is that they simply wouldn't work. What we'd see is the government putting increased threat of criminal prosecution on the corporate chain and not enough corporate officers willing to risk going to jail in order to do the right thing. Marissa Mayer from Yahoo said as much in her Techcrunch interview last week. The only option I see is that the public simply refuse to do business with the offending companies and do business with their foreign counterparts; take the money out of the US and do real harm to the US economy in the process. When major companies start failing and everyone knows it's because they betrayed their customers, the government will have to respond. It's already starting to a degree. Microsoft and Google have already said they're experiencing real financial loss because of the NSA revelations. We need to vote with our money. And we need to be willing to accept 'less viable' solutions for a time while other companies ramp up their services. Are Americans willing to go that far? I'm not too sure. We want comfort and convenience. Often, principles take a back seat to those. CypherPunk From electromagnetize at gmail.com Sat Sep 21 15:41:55 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 21 Sep 2013 14:41:55 -0500 Subject: [7] code constellations Message-ID: --- intro --- observation based on the assumption that everything is code, to some degree or other. in this, that everything that can be is mapped into language systems and mathematical context, and that there is an outer boundary or edge of description, rationalization, where questions and ideas meet, beyond pre-existing answers and ideologies- new data or anomalies that break the worldview, reigning perspective, or shared context. code is thus not just an invention from punchcard looms for algorithms of calculation and thus only in its binary format legitimate, nor is crypto so limited to only be an issue of silicon hardware/software tools for conveying hidden or secure messaging. metaphor to semaphore as language itself flips its bits. quilts an example of stories embedded within a particular structural system, telling of events and people within an abstracted language requiring 'increased awareness' or 'new literacy' to decode. patterns- modular constructions, repeated and unique, style as it relates to substance and the symbolic- likely a more pure form of communication than buggy computer code as a basis for the same, seemingly even more secure if the connection is hidden and inaccessible to the unknowing, except shared key quilters. atmosphere created and sustained this way as consciousness, shared understanding and awareness and value and systems of communication, association and correlation, and grounding of ideas within the realm of objects, ideas made tangible via the material and yet not cold and detached and themselves hidden, and instead upfront, aesthetic creations asking to be looked at, reviewed, evaluated, inspected, and maybe perhaps you could also begin to read and understand the stories they are carrying within. pattern recognition, in this way, though into deeper interpretation than soup can label equals soup can label, the realm of nuance and juxtaposition, advanced dynamics of association, frameworks, scaffolding, structures built to convey such messaging. in this way, so too flower arranging. decentralized and distributed code networks, perimeters of dynamic interrelations, flowers appearing at events as symbolic subtext to mediate exchange or secure and enhance a shared zone via their given aesthetics. these, wide ranging and as deep as nature and its understanding. the gear-like flower evoking perhaps a mechanization, the colors their own language mapping the world and its social dynamics, love, friendship, drama and danger, specific patterns telling stories birth to death, celebration to impending doom. sunrises and sunsets, the moon and birth of stars, and of music in their visual and fragrant ethereal delight, the reminder of what is missing in the technological assemblage, detached from nature, by comparison a vase of sensors and LED candlelight fail to warm the heart, imagination. and thus the floral arrangement as form of secure communication, for someone to not know of this realm of cultural literacy, to miss the icepick flower amidst others, while those who see it know what is arriving next. and thus of limits and bounds to observation, as crayon-like simplicities exist for awareness by the uninitiated, especially those without appreciation for natural aesthetics and their language- and the lost intelligence that results from this, which itself can be a security threat if not able to read the signs, especially as they may occupy one's particular world. in this way the code of flowers can be a highly developed skill and awareness, a means to establish secure communication and remote connections at a distance, even if relayed or in the presence of others, given a shared framework for interpretation. and so some observers may be effectively blind to the hidden content or code within, and incapable of reading the details or structures involved,which could be patterns on the flowers themselves, the different types of leaves or various plant forms, as these combine into larger relational structures that can mirror the surrounding world and provide insight via this correlation and alignment, if developed as a practice. for some it may never go beyond the color for roses as a mapping of social protocol, a symbolic and perhaps hollow expectation, turned into a commodity. another thing. whereas for others this depth and detail could be as large as nature to consider and communicate within, and thus not only for the florist, the botanist and those who study and relate and exchange ideas in these domains, this knowledge enabling code similarly, across structural systems of empirical observation, this as 'reasoning'. in this way the disciplines, archaeology to zoology, mechanics to small businesses of a particular domain, hidden communications through the symbolism involved in shared frameworks and exchange. at some point, perhaps, additional messages carried along the carrier waves of these shared structures and assumptions, rightly or wrongly. the limit to this or conundrum seemingly being insight, or lack thereof and instead a rote presumption of some bounded meaning that never goes into or beyond the ordinary and thus in some sense dead ideas or ideological dispositions to the same domain. this is the danger of rationalization, deciding upon or fixing a perspective that may become rigid and unquestioning, a regime of interpretation that may bound further inquiry, improvement, and development beyond some prevailing condition. and in this a lack of insight if not due to lack of reflection or self-awareness could occur that instills and requires this incapacitation as a normality, as a mode of existence. whereby things are only what they are, nothing else beyond the given point of view. it could be the difference between ideas which are alive and those that are dead. consider birdwatching where some may observe birds to check off a particular type of bird from their most-wanted observational list and those who may observe birds in their backyard or in the park and consider their existence and enjoy their presence. if birdwatching was just a pattern-matching exercise the larger issues of birds such as their role as mobile sensors of environment health and a diagnostic for changing ecosystem patterns could be detached from this, and thus only the checkmark matters and amounts to a leisure activity without greater insight into what is actually being observed. whereas if birding data is fed into larger databases by bird watchers or others who monitor habitats, that can help build maintain and adjust models to help account for present and future ecological dynamics, which can relate to policy if it were a value in civilizational development, versus a footnote without a feedback loop enough to actually alter the dynamics, due to development patterns having turned the entire realm of wildlife into compartmentalized zoos, emptied of larger species of wildlife, the state parks now held within zones of unending suburbanization. those who can see and understand what it means when there are no robins singing in spring may then understand the signaling of nature in regards to its pattern language, or as with clouds and weather, connect with this natural knowledge and as others likewise, relate in a shared awareness and domain with regard to its meaning, substance. in this way, the pileated woodpecker may signify something and in its mystery, in sighting or observing it, there can be insight to find it in a location that it has never been seen or known to exist. and likewise, a card sent in the mail of a bird or wildlife scene may similarly evoke such messaging, for the initiated. this is the realm of the symbolic and reliant on shared awareness and understanding, else to simply evoke something intangible that may never be understood in its depth for those without such literacy, and therefore remain in a realm of mystery, missed connection or a subtext that is inaccessible, though perhaps through another observer this same event will find its grounding via secure connection. the importance of boundaries and thresholds, and how bias skew and distortion could create barriers to interpretation because some event is *unlike* and thus may remain unobserved in its dimensionality where such meaning may be encoded, if not encrypted, and this could be of a natural realm, nature itself, or guided by human involvement and shaping of perception, as with cards or arrangements or research developing and sharing perspectives. though as information itself, whatever its substance, it would appear to exist as knowledge that functions as code, has programmatic qualities and degrees of comprehension that can lead from genetics and throughout the chemical and biological sciences outward, to ecosystems and habits and society and customs and rituals, and thus anthropology and onward, to the mundane everyday that in itself can be extraordinary, simply in sitting in a park or on the steps of a dwelling and to have such empirical encounters that may be developed or accessed or communicate in such a realm, here nor there in the context of technological civilization and yet primary to the heart, connection with others, and another way of saying and sharing and conveying vital information, ideas, shared awareness. and in this, a weather report or gorgeous looping radar image could itself as language, as a symbolic code, function as if a type of poetry via its visualization of this ineffable other realm - such that, in its aesthetics, perhaps it is of much greater value to have a 'painting' of such imagery looping within a digital frame as a painting that a copy of a copy of impressionist works centuries previous, as if most telling about what is beyond the door, lived context. this then of representation, also. as signs align and correlate with experiences. and the value of awareness, the meaning involved in these events, their role as shared and unshared code. what are the domains of this programmatic language and mathematics that you inhabit, like and unlike others. what domains does this extra-communicative activity take place. is it within hobbies or passions that make you unique, and how does your depth of interest relate or bound you from others- what does it open up in connection and allow for in terms of secure exchange and what does it close down by its misalignment or lack of connection due to boundaries of self and-or others? again, literacy seems all-critical, and in this the issue of sparking or developing that vital interest that opens up the fascination these discoveries and revelations can have within a life. the oft told story of young boys (and occasionally girls) whose fathers' taught them how to take things apart or worked on electronics kits, many times engineers and many with electronics backgrounds. whereas for others, the children may grow up inept, and with no such skills, perhaps as their parents did not have this same affordance either, thus impacting generation after generation in turn. graffiti is another area of code consideration, especially in terms of its ambiguity and potential difficulty in reading or deciphering for the uninitiated or outsiders, whether via colors or various styles or the meaning involved, though at the level of the alphabetic- the prevalence in the "superposition" of multiple potential letters at the same time, within the same word, to shift meaning via small details that can create out of one word fragment, sentence-like constructions. this is a remarkable skill and insight into the code of communicating and is an advanced approach to that communication keyboard reliant, bounded in any such ambiguitization at the scale of the letter itself, the typo occurring only by substitution digitally, tnis, though perhaps it is a similar idea with an additional typographic element, custom fonts allowing more to occur in the graphic detournement. and it should be said, as part of this hidden communication context and of code, that the cryptic writing oftentimes found on the back of streetsigns offers yet another potential application of crypto code in the everyday environment, no computers needed to observe yet without shared library or literacy, likely impenetrable for meaning. though rumored -these instructions- related to black helicopter society and direction for covert civilization who may key in and out of these infrastructural subtexts, markers as if waypoints, all signs eventually pointing to armageddon, this way... --- on color coding --- here, the sociological and cultural. 'whites' and 'blacks' as racial identities and how much data and bias can be formatted into worldviews and nuanced into structures relied upon by group identities. this then ranging perhaps to context of rainbow as cryptic evaluation of the varying hues, part of a larger shared spectral condition. and how beliefs, ideas, philosophies can exist according to these frameworks. it could be more complex or involved than color alone, and thus issues of boundaries, rationalizations, and limited interpretations, as this relates to issues of literacy and shared awareness and 'reasoning'. here again the binary is most dangerous, to over simplify and then roughcut reality to only a limited if self-biased viewpoint. the role of depth in this, what is true is true, and getting or accessing this truth versus trying to control and maintain some limited version of it which best suits a partial idea, protecting that 'fragment' in place of the larger whole and in doing so sacrificing the truth to sustain the larger structural falsity as if this truth. and thus ungrounded observations often seek to keep truth out to sustain a flawed POV and protect a version of events, yet this is very shallow and cannot be sustained beyond the finite limit, and itself bounds awareness to only what is inside that threshold. whereas in a feedback based, error-correcting observation of a surrounding context, the involved 'ecological dynamics' must be related to via accurate modeling of truth and thus ideas models hypotheses must be able to include truth of these dynamics and not seek to limit it via rationalization based on some partiality, as if the whole. terrible language this though like history, to fold into it humanity and women and not account for these dynamics then establishes structural distortions, lies even, to uphold and sustain a given false framework and unshared point of view. and yet likewise, to seek to include the larger ecological dynamics of female being the counterpoint within the same private limitation of feminism establishes its own biases and repeats the structuralization reliant upon the false perspective, in so far as larger truth is edited out of the shared human relations, whereby again there is no public beyond that of private wo|man and it becomes an issue of picking sides. nothing like having a contest between men and women for the place of representing the whole of humanity. it just does not make any sense, unless in a binary framework that legitimates it as an ideology, a tradeoff canceling the other reality, substituting it for a new one that shares and relies upon the same structural defects, as origin. thus 'bias' is transformed into a "right" and people can choose their own reality and this becomes a political process born of inadequate constitutional code that fosters this kind of programming that functions against humans and our shared awareness. this, my view, is likely flawed though offered as an interpretation of events and seeks to provide context for something that is formatting these relations and the way they are communicated by others means. certainly women themselves have developed their own ways of hidden communication and language, though the further it has become ideological the more fragmented the 'whole' view has been, where consensus is not an issue only of sex or gender as a class, because there can be low resolution from any view as to how it relates to a larger life, beyond a finite issue, as they combine into a life involving others, including in some cases, the antithesis (if not men). for sake of madness if not sanity let us just imagine that the entire world is run by men and even the domain of women is controlled by men, in some place more readily yet even in unexpected realms like fashion, to the point that androgyny tends towards the transvestite as the biased model for the 'shared aesthetics' of women, exhibiting a passive-aggressive hatred yet viable substitute, where female beauty is replaced by an army of manmade mannequins that have a male-friendly agenda, as an exploit even of the sexual domain, a conquering and annihilation of female beauty and its profanation such that her beauty cannot be allowed to exist without being subverted, spoiled, used against her, just like corrupt crypto- buying into it destroys the very idea, and this by design. and so what of an ideology that could promote such a hidden agenda, what kind of cause would be involved in using the sign and image of women and female beauty against herself and also against the men who love her, making repugnant the fascination and devotion by substituting it for something else (A=B), therefore amplifying perhaps the ambiguity and confusion and turning towards another approach, which tends towards the male-male dynamic as it contains both the male (anima) and the female (animus) between males as a bounded shared relation and awareness. In this way, the actual female is removed from the male relation and replaced by another male who takes on the female dimension, and such programming is used to control sexual dynamics within the subset of males, such that the basis for relations becomes: males (female+male) And likewise, for the other side of this divide, female relations: females (male+female) This in terms of set(subset) relations, whereby male-female & male-male would be the mating context, and female-male & female-female, in terms of a sex/gender divide. A lot more to it than this, including adding in dimensions of patriarchy and matriarchy and also God|desses, as these may map into both realms simultaneously. And also the psychological basis for these dynamics in their normality (female psyche of males = anima, male psyche of females = animus) which is a vital part of the human maturation process, whereby an adult is balanced in both their male and female aspects and not seeking to retain only one-sidedness, which can lead to great interrelation problems including abuse and suffering. The ideal relation of this subtext code of being then being a 'human female' and 'human male' who each have their own anima/animus issues that balance across the total shared circuit of being, and this as a traditional basis for relations and the wealth of developing long-term relation via marriage. male (anima) & female (animus) or in other words, the totality of each person... male (masculine+feminine) & female (masculine+feminine) And for each person this weighting could be different, some males may be more feminine in certain dimensions than others, though more masculine in certain areas, and likewise women may be more feminine or masculine attributes, and this would need to be complimentary and balance across the relations, which is psychological yet also social, which leads to belief that opposites can actually be very complimentary as the circuitry can have a full range across all the various potential dynamics. the point of this being that there are issues of awareness involved in identity, shared and unshared, and this especially so in terms of sexuality and gender as it relates to a preexisting biased condition of state and civilizational development that polarizes if not penalizes and makes impossible grounded relations between males and females in a way that 'benefits both' and instead via binary relations could become an issue of ~one must lose for another to gain, this a structural condition an thus destruction of family units and marriages because the foundation of relations is such that "one person's rights take away another person's equal rights". and thus an implicit form of submission is involved, both culturally yet also personally in that to span the sexual and gender dynamics can lead to normalizing this skew, structures thus reliant on warping and distortion to maintain 'shared reality' that is actually unshared and occurs by other means via subset dynamics (intra-woman, intra-men) as this continues to divide and subdivide until there are no relations anymore, else they become encrypted and only remote connections are possible, feasible, because the exploitation and total control is so complete, so annihilating, that there is no room anymore for love or grounded passion or connection or shared insight, basically outlawed or made illegal by the standing mediocrity that rules via this corruption. and then there is a voice that arises, a shared perspective mapped into the feminine, Code Pink within a mass mediated landscape that seemingly represents something of this condition, a counterpoint that just makes sense as a perspective- a viewpoint that is not confined within the mainstream view if not due to disenfranchisement as part of a reasoning process beyond that of private viewpoints- which has a public dimension, and that males and females can relate to or through via its symbology. it is as if a secret communication is given voice to say what is thought yet otherwise not heard, or breaks into consciousness what already exists within daily flows of relations and yet is silenced via these same environments, specifically via bias and the role of female imagination and action being removed from most every domain as having value and worth and importantly- insight, and knowledge of what is going on. this, the conceit of male perspective as primary and also superior in awareness, not accounting for limitations or skew and thus choosing errors over their correction if the feedback loop is broken or unobserved via power relations, which is normalized. the burka of ideology forced onto the minds of women as a means of controlling the state and the 'men' who require this in order to have their stations, virtually. --- crypto currency --- this may be an impossible point to make. it involves the disconnect between males and females as a structural necessity of the broken code of state and its effect on these same relations in terms of how they are formatted and within what frameworks, most especially the context of money- whereby to survive people have to make decisions that can correlate with choosing money versus love, say, as a path to existence. and thus 'those who love' yet are without money, may be without female companionship and connections while 'those with money who do not love' may have female companionship. and it is assumed for those literate, that the males and females in these situations are cognizant of their own conditions and decision-making and trade-offs involved. and so it is not ignorance and instead perhaps necessity, that females of interest are oftentimes with males essentially most concerned with themselves, firstly. while other males who serve women in their lives and actions may be living without them, though through their devotion and service seek to reestablish the lost connection. and this can be as fundamental as truth itself. truth of female existence both in its existence context, the legitimacy of feminism in a context of history, and associated politics and policies as a difficult terrain required to obtain basic changes to the structures that oppress and limit by default, though also of accompanying bias and distortions resulting from any such interactions at the level of society, breakage occurring as the gears are out of alignment across the totality of state and thus demystifying and making regular the female role as that of another constituent in a competing marketplace, as if him or her or me in any instance of the individual and the public prerogative, who gets to speak in this instance and in what frameworks. in this way, in all honesty it becomes quite clear: women can be incredibly shallow, selfish, and exploit dynamics mainly for their benefit and self-serving viewpoints, and thus error-reliant perspectives and limited interpretations can lead to classic dynamics that devolve unshared relations- and this becomes "discourse" on television as wave after wave of dysfunctional male and female dramas play out on the stage, cheating, vanity, sexual subversion, physical violence and psychological abuse. as if the television wasteland is the inner mind and what inhabits the deep hidden recesses of the unknown, locally, yet as a sign becomes a reference for given encounters. and thus the empirical aspect of the totality and its partial relation and interaction. just like the bad man, the evil woman who may seek to do harm or exploit others. and perhaps this has some relation to programming, hidden code, reading signs, literacy. just the fact that it can be acknowledged, perhaps the 'fall of woman' into a state of disgrace even, as an archetypal form that cannot be allowed to exist anymore in the corrupted society and thus she is represented by this deterioration instead. as if 'the symbol' of woman has become her antithesis, by default of a corrupt state. this involving a corrupted state of being, likewise, for humans in this context. the fracturing of higher self into lower realms of malfunctioning, merely to survive. and thus as context, the opposite of ideal: broken male <--> broken female perhaps disillusionment with reality itself, lack of choices or better options or an incapacitation due to circumstance or unknowing, and then to look across into the life of another and yet still bridge the gap via shared understanding, beyond words. that the life still resides within, there is a shared key between them, and despite everything in surrounding structures that holds them apart, if the love is there and recognized - the shared truth of the encounter and connection between them - then perhaps there is still hope that their relations survives its destruction. in the profane context, the same dynamic could occur in some sense in terms of prostitution, whereby a secure exchange could be brokered between the two via a structural agreement that establishes their relation, mediated by money, allowing access and connection. and yet it would seem in most cases pseudo-truth (pT) would be the basis for exchange and that this connection is occurring in an unshared context more likely by default, or the circuitry is misaligned in terms of a whole relation as it relates to the emotional bond between beings. and so in some sense the male may be limited and remain in their own interiority, albeit externalized via relation with another, and the female could retain herself within her own boundary, versus having these dimensions harmonized across a total circuit as happens in a grounded relation that develops over time, and thus each person can improve as part of this relation, involving shared commitment though importantly: concern for the others well being not just in the framework of the self though also in their framework, to want what is best for the person and not seek to limit or control it to support only the self. what is hypothesized is that for a male that is grounded in relation to female consciousness and truly loves women, that even without "money" a currency may exist in this as a shared truth that could be recognized by a woman, and for this example it is to retain the context of a prostitute as a dynamic range such a connection could exist within, of male whose work may seek to support the human connection and her freedom to develop as an individual, and a woman who may recognize the love this involves yet without the money to access or share this secret connection with her. and thus it is proposed that if this shared truth was recognized, and a particular form of key exchange occurred, that this same situation could be transformed by the transformation of this context of relation, whereby human intimacy could develop via this shared currency of truth, the shared idea, the belief and value, and in turn this could become sacred prostitution by comparison, a real connection between these people that involves shared keys, encrypted communication, shared awareness and grounded relation that verifies the connection. thereby neutralizing exploitation that could be inherent and allowing a new realm of connection based on this shared truth and service and connection, devotion and work and allegiance. it is to suggest that perhaps it is in the color of clothing in relation to another sign that this communication will occur, or perception of flowers of nature as the realities align, and in this way the aesthetic communication and its basis in life and love have within them this mystery and secret that carries a connection that otherwise may seem absent or entirely profane, and yet the yearning undying heart continues its work and she knows this, and thus it may be an issue of communication and the ability to relate in these terms, not as expectation, yet realization that there may be other dimensionality that is possible, given the right conditions. again, like equals in some domains, shared connection or understanding or atmosphere that correlates in special moments, this another realm of patterns, shared identity, value, principles, purpose, respect of other views and gaining understanding and knowledge likewise. in this implicit connection, what is shared is truth, what is secured is truth, what is grounded is truth between them. (that she knows you respect her, what you are doing is for her, that you care for her... that you are not trying to game and exploit her. peer-relation. human. and then perhaps, the hope of balance, the larger truth of this relation between you. such that she too may desire to secure the shared reality and support the males best for her.) in this way, erotic truth in a context of code and logical reasoning. its role in key exchange, encrypted relations, programming, hidden infrastructures. and of pattern recognition and its relation to ideas, behaviors, and social relations including onesided ideologies, structures and frameworks based on error-reliant biased code. this proposal then for the currency of erotic truth as a basis for crypto.sex relations, if thoughts and feelings similarly aligned, verified, exchange made accessible via shared agreement, within the defined parameters of relation. (in most all cases it would be up to her to initiate the potential for intimacy, secretly indicating willingness to relate within shared dimensions via pattern-based communications. are you aware of the codes she communicates within... the aesthetic domain where her insight is supreme, and where truth indeed aligns with beauty) ------next part ------An HTML attachment was scrubbed... URL: From lists at infosecurity.ch Sat Sep 21 17:32:08 2013 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Sat, 21 Sep 2013 23:32:08 +0200 Subject: Mailing list format with Subject Tagging Message-ID: <[email protected]> Hi all, i would suggest to start tagging the "Subject" for all the messages going trough the cypherpunks mailing list. It really help in spooling and organizing emails in everybody inbox. Mailman does that by default, pre-pending [ListName] in the "Subject" line. I'd love it. -naif From moritz at headstrong.de Sat Sep 21 17:59:03 2013 From: moritz at headstrong.de (Moritz) Date: Sat, 21 Sep 2013 23:59:03 +0200 Subject: Mailing list format with Subject Tagging In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On 09/21/2013 11:32 PM, Fabio Pietrosanti (naif) wrote: > i would suggest to start tagging the "Subject" for all the messages > going trough the cypherpunks mailing list. > > It really help in spooling and organizing emails in everybody inbox. I simply use List-Id to filter. --Mo From adi at hexapodia.org Sat Sep 21 18:04:15 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Sat, 21 Sep 2013 15:04:15 -0700 Subject: [liberationtech] News from Eric Hughes In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On Sat, Sep 21, 2013 at 09:24:43PM +0300, jd.cypherpunks at gmail.com wrote: > Cypherpunk Eric Hughes: Der ?berwachungsalptraum ist wahr geworden - > http://t.co/hZAWMTEKWZ (DE only) Die Zeit Why on earth do you route through t.co. http://www.zeit.de/digital/internet/2013-09/cypherpunks-eric-hughes -andy From adi at hexapodia.org Sat Sep 21 18:04:15 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Sat, 21 Sep 2013 15:04:15 -0700 Subject: [liberationtech] News from Eric Hughes In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On Sat, Sep 21, 2013 at 09:24:43PM +0300, jd.cypherpunks at gmail.com wrote: > Cypherpunk Eric Hughes: Der ?berwachungsalptraum ist wahr geworden - > http://t.co/hZAWMTEKWZ (DE only) Die Zeit Why on earth do you route through t.co. http://www.zeit.de/digital/internet/2013-09/cypherpunks-eric-hughes -andy From adi at hexapodia.org Sat Sep 21 18:44:13 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Sat, 21 Sep 2013 15:44:13 -0700 Subject: Mailing list format with Subject Tagging In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On Sat, Sep 21, 2013 at 11:32:08PM +0200, Fabio Pietrosanti (naif) wrote: > Hi all, > > i would suggest to start tagging the "Subject" for all the messages > going trough the cypherpunks mailing list. > > It really help in spooling and organizing emails in everybody inbox. > > Mailman does that by default, pre-pending [ListName] in the "Subject" line. > > I'd love it. The List-ID header is perfect for filtering, and I am always sad to lose space in the often-limited subject field display to [tag]s. So please don't add subject tags. -andy From joseph at josephholsten.com Sat Sep 21 19:26:48 2013 From: joseph at josephholsten.com (Joseph Holsten) Date: Sat, 21 Sep 2013 16:26:48 -0700 Subject: Mailing list format with Subject Tagging In-Reply-To: <[email protected]> References: <[email protected]> <[email protected]> Message-ID: <[email protected]> > On Sep 21, 2013, at 15:44, Andy Isaacson +1 to List-ID From jamesdbell8 at yahoo.com Sat Sep 21 19:46:40 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sat, 21 Sep 2013 16:46:40 -0700 (PDT) Subject: Jim Bell's fiber-optic patent application. In-Reply-To: From: CryptoFreak On 09/20/2013 10:53 PM, Jim Bell wrote: >> >> On Thu, Sep 19, 2013 at 9:48 PM, coderman >I completely support the idea of disloyalty oaths. The only problem I >see is that they simply wouldn't work. What we'd see is the government >putting increased threat of criminal prosecution on the corporate chain >and not enough corporate officers willing to risk going to jail in order >to do the right thing. Marissa Mayer from Yahoo said as much in her >Techcrunch interview last week. Consider:? Let's suppose there's a person in the Justice Department, I'll call him "Ed Justice" (in honor of Ed Snowden) with access to that order, who decides to leak a copy of the court order to Cryptome, Wikileaks, etc, a couple of days after it is served on the target media corporation.? (He may do so for reasons of malice, or perhaps benevolence:? He WANTS the order to leak, because he doesn't agree with the practice.) ? The usual 9-by-12 brown envelope with no return address, only stamps, careful to avoid fingerprints, etc.? The leak-publisher(s) publishes the order.? How does the government prove that the lead was done by the target media corporation, and not by somebody else?? A criminal prosecution requires evidence, and none will exist. In addition, there is an excellent argument that any order of secrecy is an obvious violation of the First Amendment to the US Constitution.? I don't recall reading any justification for such orders in any legal cases, but I think that this would be on flimsy legal ground. ?????? Jim Bell ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Sat Sep 21 20:08:58 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 21 Sep 2013 19:08:58 -0500 Subject: [8] code observatory Message-ID: --- continued... --- so maybe nothing is this simple, the previous statements and hypothesis themselves by default ungrounded, unrelated to the complexity involved in the existing context for social relations. what if the control of 'sexual code' and its programming via advertisement and industries is what formats consciousness and social relations and thus establishes the false 'common value' which is based on pseudo-truth and in that inaccuracy, the exploits can occur which turn a situation against itself by these very dynamics, if not via signs that represent them. for instance, if every female model walking down a global catwalk starts resembling Mick Jagger, you gotta wonder if the fake god is a narcissist who cannot get enough of their own image, even in an opposite sex form. and what that does to male-female dynamic relations likewise, whose ideal mate is really this, or is it precisely the vulgarity it involves the corruption itself, the information warfare and psychological ops against humanity. for instance, how do you know the object of desire is not a man dressed up or sex-changed into a woman, and what if paired keys does not address this or there is deception going on, where female appearance is camouflage to exploit those with natural desires, turning this connection of potential love into one subverted by hate, using love against a person as their weakness. and what if this covert, hostile agenda is normalized instead. and thus even a woman-hating male psyche could be representing if not also standing in for women, via simulation or substitution, for social relation. how do you know the difference between the patterns, how to verify and validate and secure a connection in truth, versus relying on pseudo-truth and ultimately what could be lies, then allowing the exploit the access it needs to corrupt and takeover systems. perhaps most especially in terms of blackmail or setting up a person for a takedown via these methods. it is proposed that the deceptions in those domain rely upon lies and structures of falsehood, and 'iconic' expectations such that, like modular code and programming, can provide predictable behaviors to exploit as if based on rulesets that can program step by step the interaction according to a preordained pattern. and that as long as truth is secondary to this, whether via money or shared ideology or bias, that in that zone these other activities could be masked or hidden as an agenda, opaque, in waiting. whereas in grounded truth and intimate connection, truth is the transparent shared condition of being, honest and error-correcting and forms the basis for trust between people, not some other framework. perhaps the only way to know would be a genuine connection in love, removed of illusion, and from here to proceed- anything else could be an illusion, about images, and in this way mirages in the desert of unshared reality, tricksters all around. love as grounding for intimate social relations and beyond, as it relates with fundamental and foundation truth, as it establishes solid relations between people and within society via shared empirical agenda. one, many. versus its subversion, mimicking of love, exploiting it, to serve some other end or hidden agenda, and thus false confirmations and shared lies that enable alternate worlds of deception which can occupy houses, entire neighborhoods and cities and states via networks, and beyond, to which a person may find themselves someday lost, every direction misinformation, every sign post a false indication, leading further and further into doom. thus the assumption of physical connection and the terror of its subversion may create a gap between the shared mind and awareness, and the physical relation with another, even though cryptic communication could occur. and thus asynchronous relations could exist in their place, as if each person is on the other side of a boundary that cannot be surpassed without losing the connection, because it cannot be sustained in the given environment. and yet entanglement could be present in this sharing of truth, especially in that erotic charge where worlds align, and in this, the same issue of keys and secure connection though in a realm of shared memory instead, as the intimate relation, and thus grounding could occur by validating this and securing it as a shared truth, in the realm of atmosphere it occupies. archetypes, jungian psychology, transference of S -> S' and S' -> S'. a woman walks around with her luscious shoes and wet gleaming nail polish until another turns a corner and becomes transfixed at the beauty, the circuit completed, switches turned on in the shared erotic connection and the alter finds its devote worshipper who receives this extreme pleasure. the economics of lust and love, these forms of hidden exchange, full of meaning and insight into the prime motivation that moves the world in its health and through its dysfunction, sickness. a terror to not have these dynamics liberated while the ugliness and grotesque can do anything while those so devoted are trapped and confined by rules and regulations as if natural instinct and affections area illegal, while regressions, sadism and misogyny are normalized. impossible for healthy balanced sexual dynamics when they are not allowed for humans, including the full range connections. instead all of this is middle-managed, bureaucratized and exploited by an instilled set of beliefs, at least on the outside, in the world of images. it is as if there are components of a circuitboard that are made to work with one another, that have collaborative and beneficial dynamics yet are not allowed in proximity to one another based on the components that are by comparison rigged, cheating and taking over the space and rewiring it only for their kinds, leaving areas of isolation and malfunctioning due to the inability to access the other, beyond the structural frameworks that seek to subvert and exploit the connection due to a corruption of its truth. what is unshared or partly true must be adapted to in order to survive. and then only to find later on what is missing, where it is located, and the distance between that may only be temporarily bridged in passing, via a quick glimpse of recognition of what has been lost in the everyday. and this can be the truth of love itself, intimacy, grounded connections. as with a simulation that seeks to replicate another situation, the fakery can be revealed in its errors, where resolution or detail is lacking and thus whether via inadequate computation or malmodeling, the framework based on and supporting this falsity may begin to warp and skew, potentially to cause accidents and crashes as its compass does not align with the larger circumstance of shared awareness that it seeks to control and to replace. so too with fake men and women, shallow and without depth of imagination, of limited and rigid reasoning, and while 'saying all the right things' it is these 'ideas' that have already and must always have been said before, as if referencing a memory database for fake-insight, correct perspective. again the binary viewpoint is ideal for such a simulative social substitute whereas a paradoxical situation would throw loop after loop into basic functioning and become a turing test to figure out to what degree the internal mechanism can actually calculate something beyond its boundary or threshold of interpretation. thus pregnant pause one thing, silence another as the system reboots and tries to brute force the situation again and again, as if something would be different by merely repeating the trials, trying to look for an error to exploit to retain old existing worldview as shared reality, albeit ungrounded and based upon deception, cloak dagger. the alchemy of relations, natural with natural, artificial with artificial, and virtual with virtual; yet in their recombination the dynamic exchange of natural with artificial, or natural with virtual, either tending toward the cyborg and in their composite, perhaps something akin to an advanced humanity yet removed of the human and grounded truth as the central value, the antihuman which seeks to destroy and replace the nature at its heart. typologies and permutations, chemical models and their transformations and relations within a geometric context -- not only in terms of being, and thus identity -- ideas themselves: models, hypotheses, awareness. in this way, understanding such cryptic code and programming can result in capturing pieces, turning positions and players via seeding truth and threshold access, putting the labyrinth on autopilot via these dynamics. it is thus in symbolic communication that observation often occurs and in awareness of self and others in this context, within existing or potential dimensions. and yet to also perhaps be ungrounded, illiterate in this same way as to how the observations are generated, validated, achieving 'truth' or does it begin as a fiction until removed of all accompanying errors... again to language and signs, the ecological relation amongst things, the associational structures inherent in perception whether or not conscious of them. to see a sign above a store with stalks of wheat, indicating bread. or grapes, wine. green grapes, white wine, red grapes red wine and so on, to whatever level of detail. infrastructural signage. bees as they relate to flowers and pollination, as this relates to honey. ideas, concepts, dynamics involved in these structural interrelations. massive code as it were, societies envisioned structured around the bee, for instance, by analogy. spiritual significance. deep knowledge of nature and industry, as systems relate and exchange their shared truth. and so too, in the more profane and superficial realm, viagra and an male male virility and breast implants and signs of hyper-feminine nurturing and the ecosystems of advertising, mass media entertainment, and social relations based on what becomes a structural pseudo-truth, as if mimicry, by which to 'shared consciousness' which can be a false perspective and unsustainable except as artifice, which then is further developed and built upon as if normal and solid when instead it is not of this same nature or instinct. it has different parameters of interaction, including detached sign-based relations where error-correction may be ignored and create a realm of ideological commerce detached from its physical reality, where womens breasts become detached from the sex itself via imposters or female substitutes which stand-in as representers or signs of female being yet seek to subvert the feminine by doing so, that depth of evil hacking, as it also relates breast cancer or other defacements, cutting and scarring of the body and its replacement via another plastic aesthetic, barbie doll, yet potentially Edward in drag, giving come hither looks on the street. the point is that -belief is not truth-. yet it can function as this if not aware of what is being perceived, having an understanding of the idea and a way of evaluating its integrity. can the belief even be questioned- or is it beyond the boundary of interpretation. and if so, what might it mean if a world of children is released into a world of masquerade, and the basic relations between boys and girls are forged in a world of imposters and exploiters who seek to destroy these very connections via their subversion. or short-circuit development of individuals and their relations via abuse that makes it certain they cannot function in these dynamics, healthily. what if that code is important too, for security in the state, protecting shared value, yet exists outside of software and hardware systems today, or rather- is enabling these types of exchanges via an ideological fortress built of binary religion and schemes that ride alongside the deception, providing tools and carrying water and making change at the sideshows. what if this is the same context for mass surveillance and these are also 'the politics' on the inside, mapping to the same corruption that becomes oppression of ordinary citizens. (cf. false perspective in relation to false economy via pseudo-truth, false reality sustained by maintaining status quo; code as facade.) what if the government spying of the public is being used to secure a private ideology as a perpetual, unchecked, governing power via corrupt language with no accounting for truth in its onesided reasoning. that is, it is deemed "legal" within a warped and skewed constitution and is essentially BAD FAITH, functioning against citizens, its subtext political domination and removing of enemies via guiding to cattle chutes. the programmatic aspect of this- you say certain things and they, like code words automatically trigger certain dynamics, as if via mechanism. and thus the [sign] of something, merely referencing 'the constitution' by someone who is a 'constitutional lawyer' could be viewed legitimate because what they declare cannot be overpowered by another interpretation in binary terms, yet similarly *ignores* all contrary and falsifying facts via ideology, and therefore relies upon, adds and extends errors into the shared state framework (like bugs and malicious code) that can be further exploited by subsequent policy actions -- yet which are never held to account in an empirical framework of shared truth - beyond language (!) meaning that the [signs], words and letters equate with this grounded truth instead of the ones and zeros of truth and falsity via logical reasoning, whereby acts of state become acts of literature, via private interpretation said to be and validated as 'the reading' though based upon these flaws that, in this A=B subjectivity, deteriorate the state in its functioning due to the loss of accurate grounding and accountability in truth, of and as truth, and instead only and increasingly partial, serving fewer and fewer. it is not that someone cannot propose ideas, it is that there is no error-correction mechanism to stop false perspectives from taking over the interpretation and thus an imbalanced framework, a corrupted code results. and mass surveillance contrary to privacy and businesses, franchises and supermarkets and shoe stores surveilling citizens is a vast obscenity to the laws of the shared state-- and yet a certain empowered population likewise seems to believe this is their right and proper managerial place, providing oversight of others, and thus tangibly 'represents their will' to promote and succeed in such an agenda. beneath this is the problem of reasoning in binary terms, as if a fencing competition, points scored and one side is victorious. or jousting match, someone brutally dismounted from their vehicle if not impaled. thus fear of losing and losing face, in binary terms. versus the greatness of ideas, of truth and concepts and modeling, the activity of considering things and sharing discoveries and knowledge and how terrible it has become in an age of universalized communication tools, the limit becoming ourselves, our limits and lack of imagination and the ability to think beyond flawed approaches while stuck in serial (binary) language. perhaps most notable is the role of theory, both in negative consequences yet also the metaphysical and tacit knowledge developed in tentative frameworks of interpretation that could and should be salvaged and brought into common empirical error-corrected realms, for what is true of what is theorized remains true, yet should not be reliant on falsity or errored-structures to maintain the hypotheses. because the gap between pT and T, and pT and F is the realm of the exploit, the subversion, which can change the stated direction of inquiry via its effects, whether knowingly by subversion or accident, hijacked by other unaccounted hidden forces. (note: it is this realm of partial truth or pseudo-truth that is the realm of paradox. essentially up until now it has been referenced as an inaccuracy, whereby A=B is considered false, due to limits of explanation in email format- more likely it would be said B=B equals not-A and thus would be false, though perhaps this should occur beyond a,b notation and just use t,f, such that T=F is the paradoxical condition, whereby what is true about it (T) would need to separated from what is false (F) within a realm of pseudo-truth, such that: 1 <--- T --- (pT) --- F ---> 0 and in doing this via a perpetual looping testing of the hypothesis, remove falsity and error from pseudo-truth, distilling the truth to only what is true (1) so that what remains of pseudo-truth is as near absolute as possible (towards 100% true, or 1 in probabalistic terms). in this way, a minor truth embedded in falsity that exists as ungrounded pseudo-truth, say a tiny fragment of truth to recover from an inaccurate error reliant perspective (1% or .01) could by this process be isolated and purified, moving towards 100% or 1 (T). thus the issue of paradox exists in an A=B or T=F scenario though removes the known falsity from the modeling, such that: (1) A <--- pT ----> B (0) therefore: (~1 <-- .01) T <== pT ...in terms of addressing and resolving paradox via hypotheses and testing models and concepts via multiple observers and shared empirical observations of the common event from as many angles as available. A = A (tending towards truth) A ? B (tending toward paradox) A = B (tending towards falsity) or so it is proposed there is a nuanced delineation required that has been missing in previous explanation about the ambiguity involved.) ideas are like molecules, having edges and vertices and yet this is a nonlinear approach requiring to some degree a computational context for such 'conceptual language' to exist within, beyond the alphabetic as a means to communicate, outside the book, into the circuit and diagram and empirical model. panoptics central, many observers of a given event and tallying and error correcting the shared view, removing falsity and thus distortion and arriving at structures and scaffolding within and between concepts. truth at its core, logic as the basis for reasoned connections, and then referencing this model from any point and perspective and moving through it and making various interconnections as a way of conveying ideas, truth, perception, experience. school children to grandparents referencing the same modeling, developing and refining it over a lifetime. the same idea in part as hypertext^1, in this way such point-line-plane constellations of data could be mapped into its multidimensional structure and a single common instance of a concept referenced by all documents, such that [crypto] links to the concept, error-corrected, hypothesis challenged model of crypto maintained by tens of thousands of people and debated, in its entirety, as to its integrity and validity in terms of grounded truth, where every truth must be accounted for, via probabilistic looping of data and new data that remains contingent, able to be falsified, error-checked and corrected as part of the process of logical reasoning / programming. it would then be possible to develop a periodic table of 'ideas', models and concepts that are /forms/ that are aligned and grounded in the shared awareness of empirical truth and thus as code, and can be used for debate. not a negative interaction of win-lose, instead the intellectual challenge and joy of sharing views and observations and working-through differences and learning from one another and incorporating what is true within a model of shared truth and verifying and refining it as part of this 'reasoning' that has been lost to private relativistic dialogue in binary terms. in this way, all ideas, my own completely error-ridden and yet like others, whatever is true in them would survive the edits in shared evaluation as 'truth' and not just a private observation that functions only as fiction. whereas what is false would be removed, and what is partially true would need to be separated into what is true and what is unknown and what is false, and thus the room for potential hypotheses and further evidence, and also for the richness in previous outdated modeling that may correlate with an ecosystem of discovery, providing indications of a process involved that moves from earliest stages to refinement of these conceptual models. again, literacy is required, the ability to think and be aware and communicate and relate in a shared framework, as human observers. (basically modeling ideas as circuits, formed into molecules. individuals as circuits, tasks and routines for a new model of personal computing based on an AI data furnace approach) --- random notes: voting through digital money, taxes for representation, steering and percentage weighting towards certain policy priorities and-or approaches, say funding basic and applied research. also: greatest threat to tax system is subversion of policy which justifies rebellion against taxes to fund private state oppression of public, financing own holocaust. work as info/value, correlated to money/currency via data model. accounting for work in a realm of symbolic processing, versus manual labor standard. issue of observing and accounting for crypto state viewed as treasonous by the binary ideologues, revealing deception of traitors, moles, liars and deceivers. becomes basis for criminalizing citizens as if perpetrators, use of surveillance blackmail in this context, free speech and expression the means to justify further police state tactics to protect those on inside and in administrative and managerial roles. social hierarchy involved and protected or secured bureaucratic structures these activities occur within. --- ^1 Project Xanadu by Ted Nelson http://en.wikipedia.org/wiki/Project_Xanadu Computers for Cynics 0 - The Myth of Technology http://www.youtube.com/watch?v=KdnGPQaICjk Computers for Cynics 1 - The Nightmare of Files and Directories http://www.youtube.com/watch?v=Qfai5reVrck Computers for Cynics 2 - It All Went Wrong at Xerox PARC http://www.youtube.com/watch?v=c6SUOeAqOjU Computers for Cynics 3 - The Database Mess http://www.youtube.com/watch?v=bhzD2FKEEds Computers for Cynics 4 - The Dance of Apple and Microsoft http://www.youtube.com/watch?v=_xL19f48m9U Computers for Cynics 5 - Hyperhistory http://www.youtube.com/watch?v=_9PmIkAYhI0 Computers for Cynics 6 - The Real Story of the World Wide Web http://www.youtube.com/watch?v=gWDPhEvKuRY Computers for Cynics N - CLOSURE: Pay Attention to the Man Behind the Curtain http://www.youtube.com/watch?v=w950GgRzbJk ? ------next part ------An HTML attachment was scrubbed... URL: From d.nix at comcast.net Sat Sep 21 22:05:33 2013 From: d.nix at comcast.net (d.nix) Date: Sat, 21 Sep 2013 19:05:33 -0700 Subject: What is =?UTF-8?B?SW50ZWzCriBDb3Jl4oSiIHZQcm/ihKIgVGVjaG5vbG9neSA=?= =?UTF-8?B?QW5pbWF0aW9u?= Message-ID: <[email protected]> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hah hah hah. Uh, reading between the lines, color me *skeptical* that this is really what it claims to be, given the current understanding of things... http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology- video.html ------BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSPlBtAAoJEDMbeBxcUNAe5RIH/iIG/149Nbaho+v8ni2lMr2T CD0VRErhdcYbqedBgHvP6cCTtErS9u2EeeVKA2yOHtZJg4FXgTWGsxGGA8vTkUYK 6NhK+HJqt7g4s0x+xSdE2nAmD0ib/94PubSOqgG1suyziqai2iRLoi9XkMaNQuX0 rIdnq6ieVA2aXCB+zK1mYWrn4ugoF9xsijlkoYm2kYkUA0a1/HlyVx880mKj2BGz b0aJNZeL3+EDubZ2tcsc93azeREethJesqBRDjAuY8StHWEaxFjqtlqqLGZbowUE hRbxOQ9vsrhy/9W4CCN3TIwT1RSh+5NjJ6JSq8GNkcPzYeZjsYSLmcHBKiGNbJE= =xwfm -----END PGP SIGNATURE----- From electromagnetize at gmail.com Sun Sep 22 01:30:07 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 22 Sep 2013 00:30:07 -0500 Subject: [9] patterns and randomness Message-ID: // again, disclaimer: observations of a naive observer... --- on pattern matching --- there is a significant difference between evaluations that search for recognizable patterns and structures based on relativistic pseudo-truth versus empirical models of truth, removed of falsity. in the former, a pattern match thus verifies pT=pT in some way that retains the error rate as part of its structural assumption though likewise could be considered true by default of the match. in this way the [sign] itself becomes the truth, as if the pattern itself is true, an accurate model. it is thus possible for an ungrounded viewpoint to be validated via pattern recognition and *believe* in the legitimacy of the model because it is able to locate and recognize and categorize patterns, validating the approach. that it works confirms that what it is doing is true, as an assumption. statistics and mathematical modeling often can validate this as forms of 'objective reasoning' that are themselves likewise ungrounded, as if an approximate algorithm is by default removed of its estimations or need for ambiguity and via binary 'reason' these inaccuracies can be denied and-or discarded from questioning the approach itself, the error rate relied upon and becoming structural to sustain the viewpoint, functioning as belief. [sign] = [sign] equated with truth the point is that the sign could be ungrounded, weakly or inaccurately modeled, and thus a rounding error or observational bias is involved... [pT.sign] = [T.sign] via pattern match a quick way of saying it is that there is some unaccounted for subjectivity involved (a=b) yet also ignored that presumes A=A is the evaluative result. the issue appears to be that the [sign] itself is arbitrary to an extent, and does not require investigation beyond its context in language for the observation to be considered true- seemingly that a concept represented as a sign effectively is equated with what it is meant to signify, therefore it may not actually have external truth outside of the language system that instead functions as if this truth. the pattern match is with the [sign] that is the word, not what the word references, because the word can be viewed as its truth. that would be a worst-case confusion, lack of rigor to the point that this distinction is not being made, allowing the shallow or weak correlations to exist. at the very least 'computers' could do this, though likely many a person could likewise who does it think it through further or allows ideological presumption to take hold of observation by default of existing structures, without correcting for errors or ambiguity. an empirical evaluation in contrast would secure the [sign] in relation to truth firstly, thus when a pattern is match, this match does accurately correlate with truth, the concept having been removed of known errors. [T.sign] = [T.sign] via pattern match although again it must be said this remains contingent and in a realm of the grey area, within the middle N value (1-N-0) in either a 3-value or N-value paradoxical evaluation, tending towards absolute truth yet bounded by worldly limits to only allow a high percentage or reliability (nine nines) and thus the binary 1/0 instead may function as a sliding scale, in that it may be effectively '1' yet never absolute, always contingent and always returning to a state of perpetual questioning, testing of hypotheses against new evidence and additional structuring. thus a match is still not 'absolute truth' -- instead it is an extreme likelihood and highly weighted toward truth, yet upon further investigation or data could be overturned as an observation if the model is somehow flawed and thus error corrected. in this way a failsafe exists in the observation allowing for correction, whereas a binary model (either/or) would not be able to make this change after having decided its state, or if it did it could break the entire worldview whereas for a paradoxical weighted approach it seems much more likely that a paradigm shift would rearrange or reconfigure the perspective and that it would be possible to do this within a malleable framework that is capable of handling ambiguity, unknowing, multiple hypotheses at once. and perhaps what this indicates is that a [sign] for paradoxical pattern matching may exist in superposition, in various different configurations by this probabilistic weighting, and only over time resolve the overlapping or contrasting dynamics- which then would indicate a field of its inquiry, versus a binary approach that would choose one interpretation over another while discarding its validity within the model, or so it is assumed. and perhaps this last aspect of superposition is a new take on synthesis as it relates to the paradox of theses and antitheses for a given [sign], that logical reasoning mediates this condition via panoptic observation. --- on turning --- this is speculation though i have a strong intuitive sense that forcing a binary ideological structure into a paradoxical condition would in turn double everything that exists in that system, via the new codebase. (?!) another way to say it is that the pT.1 of binary observers would exist in a context of truth (T) of empirical observation and the removal of error will destroy the ideological structure needed to maintain pT.1 as if absolute truth, thus forcing it into recognition as a partial view, pseudo, while incapacitating the false ideological structures that prop up the viewpoint, such as invalid or false assumptions. in its minor state, pT.1 can no longer determine shared truth in the larger empirical context, for others and must submit to the larger interpretive framework and shared context, insofar as it is valid and legitimate and removed of errors. In this way the binary observer _must accept 'other truth' that accounts for the larger totality of truth (T), that is pT.2, pT.3...pT.N, and thus everything that is T minus pT.1, which could be this doubling of truth that must in turn be mediated beyond the binary constraints. If the observer is unwilling or unable to do this, they would be incapacitated in logical reasoning with other observers insights as a shared model, to uphold an ideological POV. yet if they accept it, their minor truth by comparison is limited in controlling the interpretation and thus forces a compliance with truth that in effect no longer allows the old presumptions and positions to be retained. if this was a ploy, internal contradictions would likely be noticeable or a fakeness in this process. It probably could not be very well mimicked though if it were, could only last so long before tension between competing views internal and external caused psychic collapse. it is to say that without 'grounding' in truth, or its actual observation, that 'going along with things' in a paradoxical framework without truly believing in the process, recognizing truth in such a way, could be a self destructive process if the person remained binarist, and this intolerable conflicting position between logics could force submission due to madness of having once all powerful observations instead become minimal at best in a larger framework, if psychologically unable to see beyond the self's POV. to try to defeat the larger truth the binarist would have to maintain two versions of truth, while being able to externally reason in their biased framework with others, or rely on false frameworks for their evaluations. it should be readily evident and easy to discern this kind of deception because binary rationalization would be the governing OS of the person, even though they may say or indicate otherwise by following, mimicry. --- questions on random --- basic electronic circuit with reversed diode for noise. wondering if size of diode has been correlated to noise patterns-- does a larger diode generate more randomness. is there any boundary issue for randomness. it would seem like there would be for linear algorithms versus parallel sets. for instance, if it were analogous, imagine an aquarium is a smaller diode and a swimming pool is a much larger diode. and the same effect is going to be used in both to test for randomness of numbers. how would their output be compared and evaluated in the same terms, and is it related in any way to the size or boundary of the diode itself, as to randomness generated. here is why it seems like it might. if dropping a rock into an aquarium there would be a splash and waves would immediately start as the rock sinks to the bottom and thus the boundary condition would influence how much this outside interaction effects the inside equilibrium. in that higher waves may form and multiple, if not causing a local splash, and the structure inside the aquarium could be altered by rock entering its domain. throwing the same rock into a swimming pool may not have similar effects at the larger scale, it may sink further to the bottom yet not disrupt anything else at that scale, and the waves it makes may be minor compared with the smaller closed environment. whatever influence it may have on the equilibrium would appear to be much less of a disruption or influence. then consider throwing the same rock in the middle of the ocean which may have large waves already and it may not sink for a long time compared to the other two environments, and it may have negligible effect on wave creation and may never effect the outer boundary, essentially 'infinity' in comparison to the aquarium or swimming pool. and thus it may no discernible effect on the structure that may exist or be considered random, even though it may have some influence, because it is so infinitesimal. in this way it is to ask if the 'bounds' or region of randomness may be related to what is accessed or output as randomness, also in relation to accessing this state externally or interacting with it, as an influence. now perhaps this is not an accurate correlation, though i thought i read or heard mention of various approaches to gleaning information from closed if not blackbox systems via external diagnostic evaluations seemingly similar in nature, where a signal may be injected into a realm and read back to learn of its internal functioning, structure or timing that could be used to gain access or subvert its operation. and in my naive mind i relate that to throwing the rock into the bounded environment and monitoring its trajectory, what is known about it, and using this perhaps in a way like a random number generator. if structure of randomness is discernible whatever that mystery is in the box (aquarium, etc) is assumed to be bad for generating numbers because it could be used to compromise the security of cryptographic algorithms. and so if someone were to evaluate the water (numbers generated) and they could somehow discern a bounded condition that forced patterns somehow, that would compromise the number generation. or, what if a diode could have an electromagnet placed next to it and align force fields somehow that would change the structure of what is generated, yet this may not be detectable on a circuit board or in an unseen encased or protected device. and while this is foolish to consider from this naive perspective, without any knowledge or likely inaccurate assumptions and faulty framework that does not correlate with the issues -- it is to wonder still if it might have something to do with a linear approach to this computation that is requiring of 'no discernible structure' as an a priori constraint. for instance, what if multiple bit sets queried the diode state for numbers simultaneously and their interaction was randomized atop the diode return values, or that these were mapped to 0-9 and not just 0/1 for numbers. or what if it were possible to do this fast enough such that various sized randomized numbers could be input into a running stream, such as 1 to 12 variables stitched on after another with concurrent randomness. or multiple diodes in an array which could be queried both in serial and parallel and return 'variable' output that may again randomly stream into a string (or a bit string, if each output were to become a set in a running bit superset). if someone could influence the operation of those devices, could they still access the cryptographic secrets of the algorithms or could defenses exist in the construction and access of randomness that separates these systems. in a parallel approach why must structure be assume to be a default exploit for knowing the computational structure if it is actually arbitrary and to me in terms of bit sets and calculating multiple infinities, this is an issue seemingly equivalent with the rock and the ocean. whatever local structure that rock may encounter or microscopic wave does not indicate it will be able to discern overall structure of the infinite boundary. you could throw a million rocks in and it still may not have any compromising effect on whatever detail or area or structure the computation resides in in a temporal shifting structure that may or may not be 'on' or accessible in a given interaction- and thus repeated targeting against randomness may not reveal any greater insight into particular messaging in the infinity context, or so it is proposed, if 'vertical' computation is involved. this fool does not realize how foolish they are to consider such questions so it is funny for me, to neither know nor care how ridiculous this is. the ragged presumption then is that infinity calculations could function as a type of 'mystery box' that computation and encryption occurs within and that randomness is part of this, yet structure within randomness may not indicate what is or what is not encrypted in that particular approach. it would seemingly offer randomness, even if structure exists, because whatever is accessed would be so minor compared to its interior boundary. if you have multiple sets as a starting point and each has a potential for infinite x infinite x infinite possibilities, that involves far greater randomness than a string of binary digits made arbitrary. and it cannot be easily accounted for by an algorithm, to decipher its meaning, if that is indeed its basis for randomness because the algorithm could be random, as with the output, within certain parameters. anything x anything + anything / anything = context. what computer is capable of figuring that out, prior to accessing the crypto code, and doing it repeatedly in real-time in an ever changing array of numbers and autogenerated code, variables upon variables. it would seem even an issue of forensics would be no good, as it could be arbitrary, non-repeating and repeating structures that may or may not be active or reappear again, themselves shifting or within structures that open up or close or phase change. maybe a part of a structure is part of number, touches upon it, and yet that is it. if it is a random would it in any way indicate the structure it is related to or would it be arbitrary and thus like looking for a skull in a sand dune based on a ridge that was formed on one day and gone the next, yet not knowing where the skull is. so while the serial approach seems to seek out noise, the parallel bit set approach appears to exist within the noise as a default condition and may involve a different realm of questions and new assumptions. processing noise, ubiquitous noise, contextless needles. localized skews, uncorrected shotglass scenarios. potentially 1,000s of permutations of encrypting code -- because it is of an empirical 'many' versus 2 or 3 or 5 layered crypto approaches. another analogy might be a cloud chamber, wherein if a serial string or crypto algorithm may be broken if those fleeting cosmic rays were somehow to momentarily light up and reveal a hidden structure via this interaction. and yet the detachment of multiple sets in a bit string may not readily be recognized as a totality because it could occupy more noise than the cosmic rays introduce into the system or may not work-back to a solution for the shared framework if it were generated randomly or disconnected from the output in its arbitrary range of meaning- the boundary where signal may exist nested in the structure of noise yet not be readily differentiated as a single structure or active unless those dots are connected or revealed, which encryption could seemingly hide and would require a key to decrypt. as if the entire cloud chamber would need to be decrypted, potentially, by brute force, and thus throwing every externality into the interior realm yet it could expand infinitely and still not reveal what is on its inside. or so that is what a conceptualization of nested sets appears to indicate, when in a noisy, randomly generated environment, signaling not overt. a monkey-typewriter situation, any probing potentially to reveal meaning. maybe the mystery box has produced shakespeare upon a dictionary search or query, and an elaborate false universe opens up, a portal that instead could be activated and sustained as a false corridor and then be made operational with doubling and turning of those trapped inside the mirror, containing and parallelizing the reality, merging yet bounding its action. thus, probabilities in context of nested infinities could remain unknowns and unstable. querying the arbitrary data set as randomizer would generate its own internal meaning, may or may not be connected to other frameworks, yet ever changing, irrespective of decrypting interpretation. therefore, a stone thrown into this realm could create its own data yet may not have any structural effect on what already exists as it exists, or it may access some angle or detail of a shared framework yet within another perspective or meaning and thus bounded in another use of the same signage, via not knowing what is activated or not in a given moment. why is the RNG not of cloud code formation, such that: RNG = [N1][N2][N3]...[N^n] => # such that: N = 0 -> infinity (or any calculative function or sign or computation, randomized) this would create a noise ocean, versus a string of binary bits in terms of a generating structure (seemingly aquarium, in terms of potentially being able to manipulate the environment to create effects to subvert it). --- cloud formations --- to me the issue of encountering a recognizable pattern or symbol formed of clouds in in the sky provides a context for the issue of bounded infinity and its interpretation by an observer. if the universe (U) was considered the largest boundary, and of all the clouds that may be referenced, it is only the set in certain encounters that provide this meaningful connection, only a limit portion of the sky at a limited time and duration, and involves weather patterns, quality of light, types of clouds, and also the particular observational framework that provides meaning or links to the symbolism. thus in the set of all clouds it is only a specific cloud code that has this function, and if it is not determined by the observer, it may even appear arbitrary from their perspective. thus in cloudspace only some clouds are code like this, and it is very small portion given all the clouds in the sky, for a particular observer. cloudspace (clouds {code}) now it may be possible that the generation of cloud code is not arbitrary and this reverse-engineering of individual perspective could deliver a meaningful cloud formation on demand as if by a script, so an observer may see in a given instance a given symbol that may not be noticed by others or be perceived meaningful, except by the observer in a particular framework. and thus a forced perspective of a sort could format the sky in such a way and thus write this symbolism into the environment, via magic seemingly. how it occurs beyond the boundary, observational limits and threshold of understanding of the observer, and yet there it is, decrypted as it were from the other surrounding clouds yet if reliant on a time and unique perspective (ID) it may not be noticed by others or be recognized as having meaning that may instead have heightened significance in a given moment. and thus the cloud could, as a sign, relay a signal and communicate ideas and information this way. (the comparison with a realm of interior infinities is that it would be entirely populated by recognizable fragments and 'clouds of meaning', as if a particulate gas that is held together by various atmospheric charge and that can be combined or separated and recombine with others layers, and that universe upon universe of cloud formations could be mapped out, and may be ever changing, including if patterns included weather-like flows of data that transform or shift the interior context or keep it destabilized.) a man in the middle attack for looking up at the sky and instead of a state of nature, the clouds could be formed within a simulation of nature and thus the clouds may be data objects that can be manipulated as [signs] of nature, representing nature, yet not actually nature themselves, only images, substitutions. the Wizard of Oz scenario, earth populated by robotic pigeons. the messages could be transmitted in a false POV and false framework, and thus involve a deception that could lead a person to doom. 'the mystery box' contains both scenarios, potentially. allowing for both the open extension into the hidden uncompressed domain that could be developed as an interiority, mapping out infinity structures, and it could also function as a boundary space that is a false perspective of this, in some ways sharing the same structure yet within a different zoning that expands otherwise and is controlled otherwise, involving knowing which clouds are real and which are pseudo-real, a split of logics the difference as the signs ground into different frameworks yet remain correlated and can establish and sustain entangled dynamics within protected boundaries. or so it is imagined possible, given the nature of labyrinths and perspective. --- what the hell --- if i knew anything about electronics i would get a cracked artificial quartz crystal ball, internally fit it with piezo sensor, temperature sensor, photodiode on the outside, put tinfoil around it, get a feverish rotating DJ laser and point it on the inside and output readings from the various sensors into various combined number producing sequences. if really clever i would ask a nanotechnologist to prototype the lottery ball randomizer at nanoscale or have micromachines tooled to do something equivalent that could be put on a circuitboard. and yet, i wonder, why not just use the internet as the randomizer and multi set search and randomize the output. or take a photograph in multiple parallel set evaluation and randomize that. that is, the reading or data interaction is arbitrary yet bounded, though the calculation itself could be random, nonlinear and thus add more variability. and maybe this is already the default, though the photograph would have structure, yet if the computation based on input is also random, how could it be so readily traced back to crack encryption. maybe it is the more times it is referenced and an issue of boundaries, or that computers are not able to compute 'infinity' numbers to allow this to occur without constraints, such that speed is all important thus binary or single streams of random digits not pieced together set after concatenated set ad infinitum. so maybe it is the serial approach that requires it. if not this, why not have non-binary character sets as the output and use that, something potentially arbitrary or unmappable even, as a system. why must it be a number. why not a glyph or fragment or symbol instead. --- cryptic symbolism --- the HIOX symbol is a square Union Jack, easy to identify. as far as i got with research was the Egyptian Sacred Cut for its origins as well as Plato, Meno i think it was, where the geometry of the square is first cut diagonally, this making a quadrant of the HIOX symbol. http://en.wikipedia.org/wiki/Meno also important in this is dimensionality, nested platonic solids, whereby a single unit (say toothpick) can be used to generate five different perfect forms (the elements: fire, air, earth, water, aether or electromagnetism) and they each nest within the other forms. this is an entire philosophy that involves geometry and relations between hierarchical structures. a small amount of polymer clay and toothpicks should allow the forms to be built and nested via experimentation. though an inversion of the HIOX form exists, or an opposite structure which is the same graphic yet half of it is mirrored, so that the diagonals that radiate outward instead touch the midpoint of each edge. it is as if a female version of the form. there is also a combined symbol with both the male and female dynamics within them, and from this my contention has always been that data could be written into this structure fractally, as if sentences could be wrapped around its at decreasing scale as if encrypting to planck scale. in that it would lose its legibility yet like a QR code could be read by machines as if a kind of microdot or data signature file. in other word, what would the result be if you took the letter A within such a master symbol, then decided where you would next write the letter B within its matrix, at another level of scale, and onward through the alphabet. What if you took a sentence or a book. How much data might be tied to structures that could be written in the empty space, as if a coastline, if in a decipherable order.' what if data was written into HIOX and decoded by its inverted symbol. or shifted inbetween the two, etc. questions, possibilities. cryptic code. Paris - Eiffel Tower http://www.pinterest.com/pin/178525572702304954/ attachments: 1.5, 2.0 ? ------next part ------An HTML attachment was scrubbed... URL: From adam at cypherspace.org Sun Sep 22 04:32:31 2013 From: adam at cypherspace.org (Adam Back) Date: Sun, 22 Sep 2013 10:32:31 +0200 Subject: motivation & organizational criminality (Re: Jim Bell's fiber-optic patent application.) In-Reply-To: <[email protected]> References: <[email protected]> On Sat, Sep 21, 2013 at 11:18:19AM +0200, Adam Back wrote: >I'd say one problem is cultural amongst the security cleared and ex-TLA >people with security people or current double agent security people on the >telco payroll. > >Until they internalize that they are part of a dangerous to democracy and >civilization STASI 2.0 system, the problem will continue [..] the main hope >which is probably fairly slim, is that society views shift to make even >those ex-TLA people start to question whether they are on the right side of >history to the extent they have any ethics. Hmm maybe the chances are not so slim that the NSA people, and/or their families are indeed starting to question their being on the right side of history (eg that building STASI 2.0 is not a fantastic idea for the future of society and democracy over this century). The NSA seems to be worried anyway (skip to the leaked letter, to literally 'employees and family of NSA', at the bottom of this article): http://dissenter.firedoglake.com/2013/09/19/nsa-sends-letter-to-its-extended-family- to-reassure-them-that-they-will-weather-this-storm/ Maybe public peer pressure and a call to ethics can achieve something after all! Adam From pgut001 at cs.auckland.ac.nz Sun Sep 22 05:40:53 2013 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 22 Sep 2013 21:40:53 +1200 Subject: [coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption In-Reply-To: <[email protected]> Message-ID: Eugen Leitl >And as far as FOSS firmware development goes, Gizmo Board ( >http://www.gizmosphere.org/why-gizmo/gizmoboard/) is far superior and >actually ships with fully functioning open source firmware derived from >coreboot. No blobs, no restrictive licensing. Cute, but at $200 you'd have to really, really want the FOSS firmware. Even the PCEngines boards (also with FOSS, or at least non-commercial firmware) are half that price, and if you're happy with a generic x86 with non-FOSS firmware you can buy any number of barebones SFF boards for much less. Peter. From guido at witmond.nl Sun Sep 22 06:17:58 2013 From: guido at witmond.nl (Guido Witmond) Date: Sun, 22 Sep 2013 12:17:58 +0200 Subject: What's in a name In-Reply-To: <[email protected]> References: <[email protected]> > The NSA seems to be worried anyway (skip to the leaked letter, to literally > 'employees and family of NSA', at the bottom of this article): > > http://dissenter.firedoglake.com/2013/09/19/nsa-sends-letter-to-its-extended-family- to-reassure-them-that-they-will-weather-this-storm/ > I don't know if it is just me but the name of one of the writers of that letter reminds me of a movie character played by a certain mr Atkinson who unfoils a plot involved in turning the UK into a nation wide prison camp. But what's in a name. From collin at sibilance.org Sun Sep 22 08:41:55 2013 From: collin at sibilance.org (Collin RM Stocks) Date: Sun, 22 Sep 2013 08:41:55 -0400 Subject: Fwd: Chaos theory In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> Sorry that this question is only tangentially related to cryptography. Then again, a lot of the stuff here is only tangentially related. Could anybody here link me to some good resources on chaos theory? I'm not looking for anything specifically about certain chaotic systems (like the Lorentz Attractor or Chua's circuit), but instead about general methods to identify and evaluate chaotic systems. Maybe something related to calculating fractional dimensions, &c. This would be a great help. Thanks, // Collin -- VAQIiCiFqqG09YDAYW3rTAUtZqnwNoZkb/ZPm/so4t/CBKQbkMfYL5nujXRI 6+v5Doa2f+X1c9kAUXxElM+B0vrFUCu54tkYyDoi9fzDJB7oLag6Gj+sqoyM kgbVGy3Ej1YnbY/11Rys/WIarJN6CsQCyI3lZPm6a7SgAvAzroSXwH1GkQuS MinnS7/RybV3mKp7fMM0NwWqi6FLkLbjZUKAQC1m7nJHmaApGbu2/YOdFXHJ 3DXmVa2HTtANZEER5tD9W0pYn1gxor98wKY/lkFAy+kCohuZi0bgVgOgRDgg xhRYHAMkmlSyjuK1TRj7e6nuAcvSAVVrAH+n+nSOxA== From jya at pipeline.com Sun Sep 22 10:35:33 2013 From: jya at pipeline.com (John Young) Date: Sun, 22 Sep 2013 10:35:33 -0400 Subject: Cryptography Inevitable Failure In-Reply-To: <[email protected]> References: Nothing more useful for spies than widely trusted cryptosystems. Nor do they ever reveal cracking the highly reputable. Neither confirm nor deny. They do leak vulns, participate in standards settings earnestly and lackadasiacly, fund good and bad research, buy good and bad systems, hire good and bad staff and contractors, engage in open and secret enterprises, issue truthful and false statements, advise and mislead political leaders in public and in secret briefings, claim to obey civilian leaders and disobey them. As Hallam-Baker reported, NSA when confronted with A and B choices, select both. This obligatory duplicity is avowed necessary to conceal what is good and what is bad, both classified for deception. Presumably there is stash of comsec revelations pre-positioned for implementation as needs arise and also when needs do not arise. Duality, duplicity, duping, is the lifeblood and poison of security as well as insecurity, neither ying nor yang can exist without the other. Paranoia sustains information assurance. AES will succumb when the time is ripe for a newborn. Perhaps the time was ripe for Snowden to midwife the inevitable failure of NSA and ilk. Recall NSA's 1997 paper on the inevitable failure of computer security. Imagine a similar one on encryption awaiting disclosure. Imagine what would replace encryption as the duplicitor of choice. Then scale up. Imagine what will replace over-centralized, over-grown, unmanageable NSA and its mushrooming gaga'd critics. Not DIRNSAs retiring to shyster duties, cryptographers gone fat feeding marketable personnas, not Alice, Bob and Chelsea, not NRL-dudes rigging the Tor 3-card monte, not end to end rotted MITM and at both ends, not anything once daring and taunting like cryptoanarchy, not prize winning WikiLeaks and granting EFF, not fleecing fat cats and fans for FOI liberation and forever elusive privacy, not spooning bits of spy feces into yawning mouths of readers. Then scale down to non-secret means and methods accessible to everyone. Even the end of official spying and its inevitable corruption of government by out of control secrecy and dependency upon the toolmakers of secret comsec. But can cryptographers imagine the end of cryptography or are they as bone-headedly duplicitous as those who pay them to promote paranoia, secrecy, distrust and protection. At 09:39 AM 9/22/2013, you wrote: >On 22/09/13 16:05 PM, Ed Stone wrote: >>Why has AES escaped general suspicion? Are we to believe that NIST >>tested, selected, endorsed and promulgated an algorithm that was >>immune to NSA's toolset, without NSA participation and approval? >>NSA involvement in DES is known, but we await cryptanalysis or >>Snowdenesque revelations before having skepticism about AES? > > >NIST didn't really "test, select, endorse and promulgate" the AES >algorithm, and neither did the NSA. > >The process was a competition for open cryptographers, not >agencies. It was done this way because we strongly suspected DES interference. > >Some 30 algorithms were accepted in the first round, and subject to >a year or so worth of scrutiny by the same submitting teams. This >then led to a second round of 5 competitors and another long-ish >period of aggressive scrutiny. The scrutiny was quite fierce >because the reputations of the winners would be made, so the 5 teams >did their darndest to undermine the competition. Many famous names >were hoping for the prize. > >It is the case that NIST (and probably the NSA) selected Rijndael >from the 5 finalists. But they did so on the basis of a lot of >commentary, and all the critics was agreed that all 5 were secure [0]. > >So, claiming that the NSA perverted the AES competition faces a much >higher burden. They would have had to have done these things: > > * pervert some of the early teams, > * pervert the selection process to enable their stooges through, > * and designed something that escaped the aggressive scrutiny > of the losers. > >It's possible, but much harder to get away with. > >In contrast, with the DRBG adventure, NSA designed the process, and >tacked it onto a more internal NIST standards process. Little or >minimal scrutiny from outside, and little or minimal perversion of >outsiders necessary in the standardisation phase (but that did come later). > > > >iang > > > >[0] At the time, myself and my team followed it, and we predicted >that Rijndael would be the winner ... just by reading all the >comments. Note we weren't serious cryptographers, but we provided >the Java framework for the competition, so it was a >______>cryptography mailing list >cryptography at randombit.net >http://lists.randombit.net/mailman/listinfo/cryptography From eugen at leitl.org Sun Sep 22 12:09:44 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 22 Sep 2013 18:09:44 +0200 Subject: [cryptography] [Cryptography] RSA equivalent key length/strength Message-ID: <[email protected]> ----- Forwarded message from ianG Date: Sun, 22 Sep 2013 15:32:42 +0300 From: ianG On 19/09/13 00:23 AM, Lucky Green wrote: > According to published reports that I saw, NSA/DoD pays $250M (per > year?) to backdoor cryptographic implementations. I have knowledge of > only one such effort. That effort involved DoD/NSA paying $10M to a > leading cryptographic library provider to both implement and set as > the default the obviously backdoored Dual_EC_DRBG as the default RNG. So, boom. Once the finger is pointed so directly, this came tumbling down within a day or two. http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product- rsa-tells-customers/ http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html? One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. What are we to conclude was the reason for such a high cost? Conscience sedative? Internal payoffs? > This was $10M wasted. While this vendor may have had a dominating > position in the market place before certain patents expired, by the > time DoD/NSA paid the $10M, few customers used that vendor's > cryptographic libraries. Another theory - take a fool's money? And, what happens to RSA now? If this is business-as-usual, does this mean that when the Feds show up to my door with 'a proposal' that I should see the mutual interest in sharing my customer's data with them by means ecliptic & exotic? Take the 30 pieces of silver (adj. for 2000 years of inflation), and be happy they're also keeping my struggling business in the black? Or grey? Or, is it the new Crypto AG? Is RSA the new byword for sellout? Does RSA go out of business? An Arthur Anderson event? In which case I have no choice. I have a reason to preserve the privacy of my customers, and tell the NSA I'm not interested in their cyanide pill patriotism. iang ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Sun Sep 22 12:10:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 22 Sep 2013 18:10:49 +0200 Subject: [cryptography] Dual_EC_DRBG was cooked, but not AES? Message-ID: <[email protected]> ----- Forwarded message from Ed Stone Date: Sun, 22 Sep 2013 09:05:06 -0400 From: Ed Stone The Snowden revelations describe several methods by which NSA committed kleptography, caused compliance by hardware makers and influenced standards. Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? "On 17 March 1975, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, [2] citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they ? but no-one else ? could easily read encrypted messages.[3] Alan Konheim (one of the designers of DES) commented, "We sent the S-boxes off to Washington. They came back and were all different."[4] The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote: In the development of DES, NSA convinced IBM that a reduced key size was sufficient; indirectly assisted in the development of the S-box structures; and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness.[5] However, it also found that NSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended.[6]" Source: https://en.wikipedia.org/wiki/Data_Encryption_Standard "On September 10 2013, The New York Times wrote that "internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard ? called the Dual EC DRBG standard ? which contains a backdoor for the NSA." On September 10 2013, The NIST director released a statement, saying that "NIST would not deliberately weaken a cryptographic standard."" Source: https://en.wikipedia.org/wiki/Dual_EC_DRBG "A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA). RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product. The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA. Last week, the New York Times reported that Snowden's cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security." Source: http://www.theguardian.com/world/2013/sep/21/rsa-emc-warning-encryption- system-nsa ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Sun Sep 22 12:11:50 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 22 Sep 2013 18:11:50 +0200 Subject: [cryptography] Dual_EC_DRBG was cooked, but not AES? Message-ID: <[email protected]> ----- Forwarded message from ianG Date: Sun, 22 Sep 2013 16:39:36 +0300 From: ianG On 22/09/13 16:05 PM, Ed Stone wrote: > Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? NIST didn't really "test, select, endorse and promulgate" the AES algorithm, and neither did the NSA. The process was a competition for open cryptographers, not agencies. It was done this way because we strongly suspected DES interference. Some 30 algorithms were accepted in the first round, and subject to a year or so worth of scrutiny by the same submitting teams. This then led to a second round of 5 competitors and another long-ish period of aggressive scrutiny. The scrutiny was quite fierce because the reputations of the winners would be made, so the 5 teams did their darndest to undermine the competition. Many famous names were hoping for the prize. It is the case that NIST (and probably the NSA) selected Rijndael from the 5 finalists. But they did so on the basis of a lot of commentary, and all the critics was agreed that all 5 were secure [0]. So, claiming that the NSA perverted the AES competition faces a much higher burden. They would have had to have done these things: * pervert some of the early teams, * pervert the selection process to enable their stooges through, * and designed something that escaped the aggressive scrutiny of the losers. It's possible, but much harder to get away with. In contrast, with the DRBG adventure, NSA designed the process, and tacked it onto a more internal NIST standards process. Little or minimal scrutiny from outside, and little or minimal perversion of outsiders necessary in the standardisation phase (but that did come later). iang [0] At the time, myself and my team followed it, and we predicted that Rijndael would be the winner ... just by reading all the comments. Note we weren't serious cryptographers, but we provided the Java framework for the competition, so it was a ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From cryptofreak at cpunk.us Sun Sep 22 17:43:58 2013 From: cryptofreak at cpunk.us (CryptoFreak) Date: Sun, 22 Sep 2013 16:43:58 -0500 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> On 09/21/2013 06:46 PM, Jim Bell wrote: > *From:* CryptoFreak Perhaps I'm being overly pessimistic but I can't imagine this kind of thing happening on a routine basis. If anything, it looks like the government is closing ranks and increasing the indoctrination of their employees. I fear that we're going to see fewer and fewer people with the courage of Edward Snowden as we move forward. It's nice to think that conscience will win in the end but I honestly am starting to see just the opposite. This is why I think we're going to need groups like Anonymous and others who are willing to do straight infiltration in order to find the truth. We can't rely on those who are already in government to get a fit of conscience. CryptoFreak From cryptofreak at cpunk.us Sun Sep 22 17:44:07 2013 From: cryptofreak at cpunk.us (CryptoFreak) Date: Sun, 22 Sep 2013 16:44:07 -0500 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> On 09/21/2013 06:46 PM, Jim Bell wrote: > *From:* CryptoFreak Perhaps I'm being overly pessimistic but I can't imagine this kind of thing happening on a routine basis. If anything, it looks like the government is closing ranks and increasing the indoctrination of their employees. I fear that we're going to see fewer and fewer people with the courage of Edward Snowden as we move forward. It's nice to think that conscience will win in the end but I honestly am starting to see just the opposite. This is why I think we're going to need groups like Anonymous and others who are willing to do straight infiltration in order to find the truth. We can't rely on those who are already in government to get a fit of conscience. CryptoFreak From jamesdbell8 at yahoo.com Sun Sep 22 18:25:46 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 22 Sep 2013 15:25:46 -0700 (PDT) Subject: Jim Bell's fiber-optic patent application. In-Reply-To: From: CryptoFreak On 09/21/2013 06:46 PM, Jim Bell wrote: > *From:* CryptoFreak >Perhaps I'm being overly pessimistic but I can't imagine this kind of >thing happening on a routine basis. If anything, it looks like the >government is closing ranks and increasing the indoctrination of their >employees. I fear that we're going to see fewer and fewer people with >the courage of Edward Snowden as we move forward. >...CryptoFreak I guess you did not get my point.? I'm not depending on, or even hoping,? that such a person as "Ed Justice" would exist.? (Although it would certainly be useful.)? Rather, I am observing that the government would not likely be able to prove that "Ed Justice" DOESN'T exist.? Any prosecution of somebody based on the charge that he leaked a court order would require that there be proof that the person charged leaked the document in question.? The defense would argue, 'The prosecution hasn't excluded the possibility that the actual leak was secretly accomplished by a government employee for his own reasons.? We can see that people like Bradley Manning and Edward Snowden do indeed exist.?? How do we know that the document in question wasn't leaked by yet another person?" ????? Jim Bell ------next part ------An HTML attachment was scrubbed... URL: From cryptofreak at cpunk.us Sun Sep 22 18:39:56 2013 From: cryptofreak at cpunk.us (CryptoFreak) Date: Sun, 22 Sep 2013 17:39:56 -0500 Subject: Jim Bell's fiber-optic patent application. In-Reply-To: <[email protected]> References: <[email protected]> On 09/22/2013 05:25 PM, Jim Bell wrote: > *From:* CryptoFreak You're right, I did miss the point of your email. I get it now. Thanks for the clarification! Cf From electromagnetize at gmail.com Sun Sep 22 19:03:25 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 22 Sep 2013 18:03:25 -0500 Subject: [8] code observatory In-Reply-To: <[email protected]> References: (if you are you better watch out- you're in trouble...) On Sun, Sep 22, 2013 at 5:39 PM, Andy Isaacson > On Sat, Sep 21, 2013 at 07:08:58PM -0500, brian carroll wrote: > > --- continued... --- > > Do you really believe that the 55,000 words you've posted to the list > over the last two weeks, with exactly one reply, is considered a > valuable contribution by other list members? > > -andy > ------next part ------An HTML attachment was scrubbed... URL: From gwen at cypherpunks.to Sun Sep 22 19:49:07 2013 From: gwen at cypherpunks.to (gwen hastings) Date: Sun, 22 Sep 2013 16:49:07 -0700 Subject: [8] code observatory In-Reply-To: NO! but let me the first to applaud those who did!! what a tool On 9/22/13 4:03 PM, brian carroll wrote: > are you the fuckhead who BSOD my computer > and took it down after my first cypherpunks post? > > (if you are you better watch out- you're in trouble...) > > > > On Sun, Sep 22, 2013 at 5:39 PM, Andy Isaacson -- Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.? From d.nix at comcast.net Sun Sep 22 19:56:15 2013 From: d.nix at comcast.net (d.nix) Date: Sun, 22 Sep 2013 16:56:15 -0700 Subject: [Cryptography] What is =?UTF-8?B?SW50ZWzCriBDb3Jl4oSiIHZQcm/ihKI=?= =?UTF-8?B?IFRlY2hub2xvZ3kgQW5pbWF0aW9u?= In-Reply-To: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/22/2013 2:23 PM, Jerry Leichter wrote: > On Sep 21, 2013, at 10:05 PM, d.nix wrote: >> Hah hah hah. Uh, reading between the lines, color me *skeptical* >> that this is really what it claims to be, given the current >> understanding of things... >> >> http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology- video.html > >> The question isn't whether it's what it claims to be. It is that. But is it's *more* than it claims to be. > Yes, in my haste I neglected the "only" disclaimer bit; it is indeed a means by which the *rightful owner/administrator* might perform very useful tasks. The obvious crux of the biscuit is *who else* has access, and what can they do surreptitiously? If for example, the paper regarding manipulating the RNG circuit by alternate chip doping is valid, then an adversary with deep pockets and vast resources might well be able remotely target specific systems on demand. Possibly even air gapped ones if this function is controllable via a 3G signal as I have read elsewhere. Or perhaps just outright reroute and tap information prior to encryption, or subtly corrupt things in other ways such that processes fail or leak data. A universal on-demand STUXNET, if you will... Yes, idle unfounded speculation, I know... but still... these days the fear is that we're not paranoid enough. Hmmmm. Maybe time to pull my old 1996 SGI R10K and R4400 boxes out of storage. For a few *very* dedicated and air gapped tasks they might be a small measure of worthwhile trouble. Regards, DN -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSP4OfAAoJEDMbeBxcUNAeVmUH/3MRSd/QkH9J/fY4iezSX/ME 2AbXaRSJmyLhZPW/c+moH0aUYAIPUQQ3JmVt0InZWM06jrR0pO/I9GxIM9IUWYM7 /6u/NLUcdiDtJx+BLcyUdtqSpYErkWQH9qoWxunDtUUj988xxTgia1Q+yN0h+ZOg 6PJtXB8+fTAGSoRCkhuokitB/XGbMFgAxtIyq2CMVSr3v0fOGCItvEq2wVzw8+h1 o0ps90OE3RLnel6u4YNm5EFRWoDiwN45+u/wGdXHJlSUZrncX1o6NsGvSC/0Pl94 7CYF7qpeltMMzpgPrp0IeWrls/G89FdOnjD97nzcCQ480RZAfpYCNXOIBURXq+I= =SUzc -----END PGP SIGNATURE----- From adi at hexapodia.org Sun Sep 22 19:58:47 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Sun, 22 Sep 2013 16:58:47 -0700 Subject: [8] code observatory In-Reply-To: On Sun, Sep 22, 2013 at 06:03:25PM -0500, brian carroll wrote: > On Sun, Sep 22, 2013 at 5:39 PM, Andy Isaacson No, I'm not. > (if you are you better watch out- you're in trouble...) Your threats and crude language don't make me think that I should bother reading anything else you post. Also, it's impolite to re-CC the list when I specifically didn't post my reply to the list. Doing so merely to threaten me is ... amusingly misguided. -andy From moritz at headstrong.de Sun Sep 22 23:56:48 2013 From: moritz at headstrong.de (Moritz) Date: Mon, 23 Sep 2013 05:56:48 +0200 Subject: What is =?UTF-8?B?SW50ZWzCriBDb3Jl4oSiIHZQcm/ihKIgVGVjaG5vbG8=?= =?UTF-8?B?Z3kgQW5pbWF0aW9u?= In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On 09/22/2013 04:05 AM, d.nix wrote: > > Hah hah hah. Uh, reading between the lines, color me *skeptical* that > this is really what it claims to be, given the current understanding > of things... > > http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology- video.html > > --- > Security Evaluation of Intel's Active Management Technology VASSILIOS VERVERIS Master of Science Thesis Stockholm, Sweden 2010 [...] During production AMT platforms are equipped with one or more active embedded hashed root certificates (factory default) from various SSL vendors worldwide. [...] In our laboratory environment (see section 3) we have tested and found that the ZTC remote provisioning can be implemented even while the Intel AMT functionality is disabled within the BIOS as illustrated in Figure 3.6. Surprisingly the AMT platform broadcasts an ARP request packet upon connecting to a wired network (typically a LAN) and follows the sequence described in section 3.7.1. From this point and beyond the attacker operates the SCS and could manipulate the PC according to his/her malicious activities (see section 3.7.5) even while the Intel AMT is disabled in BIOS. http://kth.diva-portal.org/smash/get/diva2:508256/FULLTEXT01 From jamesdbell8 at yahoo.com Mon Sep 23 00:00:55 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 22 Sep 2013 21:00:55 -0700 (PDT) Subject: Jim Bell's fiber-optic patent application. In-Reply-To: From:? Jim Bell??? To:? Travis Biehn Generally, I'm not worried that government might 'react' to such things.?? Government generally 'reacts' slowly, poorly, inaccurately, and ineffectively. And, it generates enemies each time it acts. ? Look how the US Govt reacted to PGP1:? Did they actually accomplish anything, other than pissing people off and giving useful publicity to Phil Zimmermann?? How many people have been prosecuted in the last 20 years for 'exporting encryption'??? How did the US Govt react to opposition to their Clipper-chip proposal?? How many Clipper chips are in your devices?? Zero.? No.? When the government seems to succeed, it is usually because it acted in secret, and thus avoided making enemies and stirring up the opposition.? So generally, I conclude that fighting against the government is well worth the battle, despite the fact that some of us occasionally get heavily stepped-on. ?? B^) ????? ("ouch!!!") ______..From: Travis Biehn > >On Thu, Sep 19, 2013 at 9:48 PM, coderman From jamesdbell8 at yahoo.com Mon Sep 23 01:01:16 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 22 Sep 2013 22:01:16 -0700 (PDT) Subject: Charge for Pen Register Service? $600 per target per two months. Message-ID: <[email protected]> The url? http://www.tdcaa.com/node/4813 ?? includes the claim, "Additionally, telephone companies typically charge an average of $600 per target to conduct pens [registers]."? (Didn't say for how long, but I suppose it's two months.) ?? And, http://www.wired.com/threatlevel/2013/08/millions-paid-prism-compliance/ ? said, "For example, Cox Communications charges $2,500 for a pen register/trap-and-trace order for 60 days." ????? Imagine how expensive it would be if the NSA got a bill for $600 per two months to conduct a 'pen register' (metadata) on your, and the same charge covering everyone else's, phone.? I'd suggest to the phone co.? that they charge that $600 per two months, then take $200 of that and give me the whizziest, unlimited- service around the world, the bestest service that I could possibly want, and make a $400 profit to boot! ? Myself, I'd be far more comfortable if my metadata was being sold to the NSA if my full cell-phone bill was paid-for by them! In fact, at those prices, I'd want a second phone, too!? (Does this make me a sell-out?!?)? Interesting guide to telecoms to comply with the law:? http://www.kelleydrye.com/ publications/client_advisories/0134/_res/id=Files/index=0/Lessons%20from%20the%20NSA% 20Warrantless%20Wiretapping%20Controversy.pdf I wonder if anybody has implemented a 'metadata-killer':? An app, perhaps, for a smartphone which accesses a 'telephone remailer':? A (friendly) MITM (Man in the Middle) which can be called, and will automatically forward the call based on encrypted-number data, and maintain the connection to the target phone number.? It would make collection of metadata much more difficult.?? Companies which do internet phone calls would be obvious candidates for that function.? (Skype, Ooma, etc.) ???? Jim Bell ------next part ------An HTML attachment was scrubbed... URL: From eugen at leitl.org Mon Sep 23 04:26:54 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 23 Sep 2013 10:26:54 +0200 Subject: [Cryptography] Cryptographic mailto: URI Message-ID: <[email protected]> ----- Forwarded message from Phillip Hallam-Baker Date: Fri, 20 Sep 2013 08:55:48 -0400 From: Phillip Hallam-Baker On Fri, Sep 20, 2013 at 4:36 AM, Dirk-Willem van Gulik > > Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker Interesting, though I suspect this is attempting to meet different trust requirements than I am. A couple of days ago I spoke with someone well known here who has seen the Snowden files. His take was that when the NSA has a choice of doing A or B it always does both. I think we need to adopt the same approach but in a way that lets all the various approaches work together. It should not be necessary for me to install five plug ins into Thunderbird to support five different flavors of researchy trust infrastructure. A better approach is to have one plug-in, or better native support for a connector to a Web Service that can then perform all the researchy trust infrastructure navigation on my behalf. The Web service can be shared between users and when there is a new researchy trust infrastructure proposed, all that is necessary to add it into the mix is to extend the Web Service and everyone using it can try out the new scheme and see if it is practical. This approach does introduce the risk that the web service might be compromised. Particularly if the client is unable to perform at least some degree of local validation on the keys. But the long term expectation would be that support for trust infrastructures that prove to be stable, widely used, and effective will eventually migrate into the client. At this point the experimental research question should be 'is this trust infrastructure practical'. We can get a very good idea of the security properties of the system by looking at how people use it and doing math. -- Website: http://hallambaker.com/ ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Mon Sep 23 04:27:47 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 23 Sep 2013 10:27:47 +0200 Subject: [Cryptography] RSA recommends against use of its own products. Message-ID: <[email protected]> ----- Forwarded message from Ray Dillinger Date: Fri, 20 Sep 2013 11:08:00 -0700 From: Ray Dillinger More fuel for the fire... http://rt.com/usa/nsa-weak-cryptography-rsa-110/ RSA today declared its own BSAFE toolkit and all versions of its Data Protection Manager insecure, recommending that all customers immediately discontinue use of these products. The issue is apparently the Random Number Generator that these products use, the rather amusingly named "Dual Elliptic Curve Deterministic Random Bit Generator." *1 And according to more of the Snowden Files released to (or by) the New York Times last week, that pseudorandom generator is deliberately flawed in order to allow it to be sod... um, excuse me, I should have said, to permit backdoor penetration. RSA was truly between a rock and a hard place here as I see it. With the deliberate weakness now made public, they took a terrific blow to their business. But failure to follow up with a recommendation against their own products, no matter how much additional financial pain that action entails, would have destroyed all trust in their company and prospects for future business. As best I can tell, they have lost $Millions at least due to the tampering of their products, and American security and software companies taken as a whole are in the process of losing $Billions to foreign competitors for the same reasons. I wonder, would a class action suit seeking compensation for this wholesale sabotage be within the jurisdiction of the FISA court? Bear *1 "Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin." -- John Von Neumann ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: ----- Forwarded message from Moritz Date: Mon, 23 Sep 2013 10:26:42 +0200 From: Moritz On 09/23/2013 10:02 AM, ianG wrote: >> The issue is that it's pretty much impossible to delete data securely >> from a flash device. > Why is that? The flash memory controller hides the real storage cells from you and spreads writes across all cells equally for wear-leveling. You cannot directly access the cells. Some SSDs have a secure erase option, but you never know if it is properly implemented, and you can only use it to wipe the complete drive. https://www.schneier.com/blog/archives/2011/03/erasing_data_fr.html [...] Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs. --Mo ______cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Mon Sep 23 04:53:40 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 23 Sep 2013 10:53:40 +0200 Subject: [tor-talk] Tor mini-hackathon at GNU 30th Anniversary Celebration on 28-29 Sep Message-ID: <[email protected]> ----- Forwarded message from Nick Mathewson Date: Fri, 20 Sep 2013 21:00:35 -0400 From: Nick Mathewson Hi, all! Tor will be one of several fine software projects featured in the featured in the GNU 30th Anniversary Celebration and Hackathon next weekend at MIT. If you like to program, and you're interested in helping with Tor, sign up on the webpage (https://gnu.org/gnu30/celebration) and come on by! I'll be there myself, hoping to spend my time coding and getting people excited about hacking on Tor. Other Tor people in the greater Boston area may come by as well-I hope we can get at least two or three. I don't currently expect to have all of our sub-projects represented, but we'll try to put you in contact with the right people if you want to hack on something else. I'll try to have a list of fun suggested projects for people to work on ahead of the event, ideally on a wiki somewhere. peace, -- Nick Mathewson -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Mon Sep 23 10:14:05 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 23 Sep 2013 16:14:05 +0200 Subject: [tor-talk] Future changes to the legal code, in Russia. Message-ID: <[email protected]> ----- Forwarded message from Nasuno Date: Sun, 22 Sep 2013 16:51:25 -0700 From: Nasuno Thought this might be of interest. hxxp://rt.com/politics/russia-tor-anonymizer-ban-571/ a couple of snipets The head of the Federal Security Service (FSB) has personally ordered preparations for laws that would block the Tor anonymity network from the entire Russian sector of the Internet, a Russian newspaper reported. & The agency, however, informed the activists about possible future changes to the legal code. -- Subscribed to post this as I saw nowhere else appropriate on the website to relay this to anyone. Probably old news anyhow. Peace. Nasuno -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From yan at mit.edu Mon Sep 23 10:29:00 2013 From: yan at mit.edu (Yan Zhu) Date: Mon, 23 Sep 2013 07:29:00 -0700 Subject: [tor-talk] Tor mini-hackathon at GNU 30th Anniversary Celebration on 28-29 Sep In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you're around for GNU30 or in the Boston area, note that there is a Tor/Tahoe-LAFS dinner group on Sat. night of the hackathon: https://libreplanet.org/wiki/GNU_30th_Saturday_night_dinners On Mon 23 Sep 2013 01:53:40 AM PDT, Eugen Leitl wrote: > ----- Forwarded message from Nick Mathewson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSQFAsAAoJENC7YDZD/dnsQVUH/j+kmtYVsv8W4AxGeETs1Ya5 X36Kee98q0TuYCpvB2KKoUF1WJpRbigz9D/WKE5h8gXkkeGKn1dRwi6aWy31HC6j +7FOeaTx5U+bRR5N0woyDX9UVHs9/yp2r9ay5emfFb81rYNTfhONL0kPjMHOlKoK XRca+pzaxWjjoccYaTCmJ74wETP4CjHv0QILRvoVSYnAik/gaDD1jKS7vfh+IDNn 2RAX+sEiOwlihXh93wZXGSrawMiV3JqFoseYQEHBRmd6qxeEF1rDL+ifGeG/9vG4 q52WuesiBmUlXil581nwMBmx2lT+RZP3id4gn0lRydfW6APu0kYgK8rWILlSv3k= =J9G/ -----END PGP SIGNATURE----- From coderman at gmail.com Mon Sep 23 16:22:06 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 13:22:06 -0700 Subject: =?windows-1252?Q? Re=3A_=5Bcryptography=5D_=5BCryptography=5D_What_is_Intel=28R=29_C?= =?windows-1252?Q?ore=99_vPro=99_Technology_Animation?= In-Reply-To: On Sun, Sep 22, 2013 at 9:21 PM, Jeffrey Walton From joseph at josephholsten.com Mon Sep 23 17:55:35 2013 From: joseph at josephholsten.com (Joseph Holsten) Date: Mon, 23 Sep 2013 21:55:35 +0000 Subject: Charge for Pen Register Service? $600 per target per two months. In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> On 2013-09-23, at 05:01, Jim Bell > I wonder if anybody has implemented a 'metadata-killer': An app, perhaps, for a smartphone which accesses a 'telephone remailer': A (friendly) MITM (Man in the Middle) which can be called, and will automatically forward the call based on encrypted-number data, and maintain the connection to the target phone number. It would make collection of metadata much more difficult. Companies which do internet phone calls would be obvious candidates for that function. (Skype, Ooma, etc.) Want. Anyone got the SIP fu to tell me where I should start trying to build this? I assume asterisk is still the platform of choice? -- ~j ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From coderman at gmail.com Mon Sep 23 18:36:18 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 15:36:18 -0700 Subject: =?windows-1252?Q? Re=3A_=5Bcryptography=5D_=5BCryptography=5D_What_is_Intel=28R=29_C?= =?windows-1252?Q?ore=99_vPro=99_Technology_Animation?= In-Reply-To: On Mon, Sep 23, 2013 at 1:33 PM, Jeffrey Walton From coderman at gmail.com Mon Sep 23 19:17:41 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 16:17:41 -0700 Subject: =?windows-1252?Q?Attack_Driven_Defense_=2D_infosec_rant_=5Bwas=3A_What_is_I?= =?windows-1252?Q?ntel=28R=29_Core=99_vPro=99_Technology_Animation=5D?= Message-ID: * hacker friends and i ran a challenge: here's the root password. we're running unencrypted 802.11b wifi, there's a $100 bill in the case. get in - you get money and the hardware! everyone failed, despite two interesting 0day attacks. (we ran IPsec with custom out-of-band keying seeded by VIA C5P hardware entropy generators with our own custom rngd.) after being unable to compromise our setup, $fed handed me a card. i still remember the latin translation adorning his card, which seems particular appropos given revelations this year: "let them hate us, so long as they fear us." On Mon, Sep 23, 2013 at 3:36 PM, coderman From coderman at gmail.com Mon Sep 23 19:45:36 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 16:45:36 -0700 Subject: =?windows-1252?Q? Re=3A_Attack_Driven_Defense_=2D_infosec_rant_=5Bwas=3A_What_?= =?windows-1252?Q?is_Intel=28R=29_Core=99_vPro=99_Technology_Animation=5D?= In-Reply-To: On Mon, Sep 23, 2013 at 4:17 PM, coderman From coderman at gmail.com Mon Sep 23 20:35:28 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 17:35:28 -0700 Subject: interesting collisions for 9ec4c12949a4f31474f299058ce2b22a Message-ID: From me at staticsafe.ca Mon Sep 23 20:48:02 2013 From: me at staticsafe.ca (staticsafe) Date: Mon, 23 Sep 2013 20:48:02 -0400 Subject: interesting collisions for 9ec4c12949a4f31474f299058ce2b22a In-Reply-To: On 9/23/2013 20:35, coderman wrote: > are there any? > er, what? -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. It is not logical. Please don't CC me! I'm subscribed to whatever list I just posted on. From parker at eff.org Mon Sep 23 20:53:08 2013 From: parker at eff.org (Parker Higgins) Date: Mon, 23 Sep 2013 17:53:08 -0700 Subject: interesting collisions for 9ec4c12949a4f31474f299058ce2b22a In-Reply-To: <[email protected]> References: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/23/13 5:48 PM, staticsafe wrote: > On 9/23/2013 20:35, coderman wrote: >> are there any? >> > er, what? > I'd guess this is about the hash in the seal of the US Cyber Command: http://www.wired.com/dangerroom/2010/07/code-cracked-cyber-command-logos-mystery- solved/ It's just an md5 of its mission statement. Parker - -- Parker Higgins Activist Electronic Frontier Foundation https://eff.org Please note our new address: 815 Eddy Street San Francisco, CA 94109-7701 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSQOJtAAoJEJQzX4iaNncJ1OQQAMSoC7OSbsMvwocoMGZSQ8HF LfwEAOzMDlBGRao++ClZD7tanKdKaz6qRHq6XQGXjhcxLe/2vJeJEDcbUtQhc0Ri EQsBQX7tl4b0y+JTDlYGNQcIEyVKdNd6UeA6mRigIJHblfjCAJCFkdpYrzWTuI/L KT9PjmKPHq6rb2LBhh9yCzWDgJ3ZrjkfDy+ETC+stiwFKGHRPqJlL2g9LXa9ZB/Z k4I9spbt6Lm0/ujWPwBMP6+G51Xmgwp83ELB4znr22/e4fVrbw27Qxx3ZTojx337 1udFc4HCezmx2TjWpFAK0Bn/EQJzHj0G9+mZ/e8cfdNSBaTr3F0HVG4xepdH9AE5 9qcK+W+buKBQL5loC9LsvwI4zJAWl+Ds7T/qLbRppCG9R6kMdvmOUZIi7XE6Ss40 g/3K806AOzmZc7+hP6z+QnhUx+MZBnGfqWnS/Gw8dDJoIRIiBZlW1ng61Q9suV6b i59k32b4v6Jr07aKWrP97y+aD36AhT0p8DPV82V+MU+b4ZURC3WWuN1tAq5fat8C eO3z+57Jk8++3phZ/xypLY+G5Oom6yo7KkXzFOt9s4+hqrSKadxEBmmPPGVy5Ogj r6CwBRg0njsF5U5blz7AIzkyq41b0CeIKlVbcHa+gsZoeW9XHbRmldm0uSUhv6aV z/S39vwrGUGTXQ/YfTyC =b7QL -----END PGP SIGNATURE----- From coderman at gmail.com Mon Sep 23 22:46:35 2013 From: coderman at gmail.com (coderman) Date: Mon, 23 Sep 2013 19:46:35 -0700 Subject: Belgacom Hack (EN translation) Message-ID: """ On the brink of catastrophe (2013-09-21) Ping. It's Friday the 13th. Around 11 o'clock in the morning, the IT consultants that Belgacom employs at its largest customers in the private and public sector receive a message. The message doesn't say much, except for an urgent request to cancel all appointments of that forenoon. An "emergency conference call" will take place instead. The news that is brought in that call makes the IT consultants gasp for breath. A piece of malicious software has been found on the network of BICS, a daughter company of Belgacom. It is hard to grasp even for well-informed insiders. The BICS network is so wide and deep that it is promptly clear to everybody that this is not just a Belgian problem. This problem is at least of European proportions. Because whoever controls BICS, controls the communication of a large part of the world. "This could have been larger than 9/11", says one source who closely followed the case. Without a grain of irony. The pressure on the teams of the Dutch digital defender Fox-IT, that started cleaning up together with an army of Belgacom employees last weekend, was enormous. It was their second attempt, various sources confirm. A first attempt to remove the villainous software from the infected computers at Belgacom in the last weekend of August was cancelled. "At the time, not all conditions were met required to remove everything at once", it was said. Some computers turned out to run the alternative operating system Linux, known of the penguin logo, not Windows. "The risk was too big that we could not remove everything at once. In that case you should not touch it. Or the adversary will know that the virus has been found", states someone politically involved. Strict conditions The investigation of the hacking started on July 19th, when Belgacom went to court. During their work, investigators at the intelligence services, police and justice were very wary of a leak about the entire operation. In early September they informed the Belgian cabinet on strict conditions: the list of attendees of that meeting was kept closely. If a politician would have wanted to reveal the news before the malware was dealt with, the investigators would press charges for breach of confidentiality of the investigation. "We could not risk everything going wrong due to someone talking", it is said. Belgacom was not infected with some common viruses, but with very professional malware that costed lots of money to develop. "We had to re-invent ourselves to do this", an investigator said. "In other investigations there is a fixed idea of where you're going, but in in this case it was continuously starting over because it was so difficult to get a grasp of the malware". Gradually it became clear that the hackers are not only interested in the communications in the Middle-East, where BICS holds a solid position via South-African minority shareholder MTN. "They have been looking around and took what they could", state sources involved in the investigation. They are clear about one thing: the attack originated from the United States. "We determine that by the signature of the malware, but especially by where the trails lead. They partially run through the UK. We think the US is the main destination. And the past weeks at the US Embassy, you notice some embarrassment when you request exchange of information." Yesterday, the German weekly magazine Der Spiegel reported that the UK intelligence service GCHQ (Government Communications Headquartes) are responsible for the attacks. It based that claim on slides disclosed by whistleblower Edward Snowden. The news that GCHQ is behind the Belgacom attack is a surprise to at least the services working on the affair. The malware could do anything The malware at Belgacom actually consists of a complex system of complementary viruses. They are all connected. If a problem is imminent or if they are detected, they can signal each other. "It is somewhat like a human virus, which also mutates continuously", states someone involved who monitors the situation for his service. "For example, one part is responsible for searching and storing information, while another part is continuously looks for pathways to the internet to transfer information. Other pieces of code are responsible for circumventing firewalls, or carry out surveillance. If someone detects the hacking or attempts to remove a part of it, the virus that is acting as a guard promptly signals the other parts. Because you don't know what the malware is capable of, everything can go horribly wrong at the last step." The cost of the entire detection and cleaning operation is correspondingly high. Fox-IT, the Dutch cyber security/defence company that is commissioned by Belgacom to first make inventory of the problems and then solve them, is a familiar name. "For the first two weeks they estimated the costs to be one million euro", states a well-placed source. And then adds that the entire operation lasted ten weeks. Moreover, Fox-IT did not expect that, at a certain point, it had to allocate all of its employees to this case. A price tag of over five million euro, then? "It won't be far off." But what was so terrifying about this cyber attack? And why the panic that something would go wrong? Telephone data about conversations with countries such as Afghanistan, Yemen and Syria that disappear, how could that have such an impact? They are 'just' stolen phone data, right? The involved expert sitting opposite us, looks dead serious. There is drama in his voice, but considering the contents of what he says, that is not unjustified. "This was highly performing malware and it was present in the nerve centre of communications. Anything that a highly privileged network operator of Belgacom could do, this system could do as well. I don't have to make a drawing of it? It had all the keys, all the passwords and full control. We must dare to classify this as a big crisis. This could have been a catastrophe. And people don't seem to realize." Sensitive customers Perhaps it wouldn't hurt to make that drawing. BICS calls itself a "wholesale carrier". Two words, four syllables, but behind it is a network that spans the entire globe and the beating heart of which is located in our capital, Brussels. BICS provides the hardware infrastructure that carries internet traffic, phone conversations, text messages and mobile data of telecom companies and government institutions. And the more sensitive the customer, the more likely he is the end up at BICS. The daughter company of Belgacom markets itself with the argument that they never ever look at what travels over its cables. "We provide the cables for you, and you just send whatever you want over them", is what it basically boils down to. A glance at the list of BICS' customers makes one dizzy. The financial transport center Swift, Electrabel, bpost, Belgocontrol, they are all connected to BICS. The NATO in Evere, the European Commission and Parliament, SHAPE, the Supreme Headquerters Allied Powers Europe, in Bergen; BICS, BICS, BICS. Even the headquarters of the NATO Allied Air Command, in Ramstein, Germany, from where the 2011 air attacks on Libya where coordinated, depends on BICS. Among the military, it is pointed out that military communications has an extra layer of security; but that pointing-out happens with a degree of humility that is very unusual to the military. "Every organisation, not just the government, must now begin to wonder whether it is dependent of one single provider, of one single network. And specially how well it is secured itself", states someone who was at the front row of the affair. "Belgacom, that is critical infrastructure. How can Belgium keep running without it? Those are the questions that we must ask now. Because the organisation responsible for the attack has in fact the capability to completely disrupt Belgacom and BICS." A different source confirms, reluctantly, the doom scenarios: "You can't think of it. It would be larger than 9/11. The planes would pretty much fall out of the sky." As a figure of speech? "Hm, yeah." Lifeline A governmental source points out the consequences of even a limited disruption of phone communications and internet. "If a crisis occurs, what is the first thing a human does? Grasp their phone. Imagine that that lifeline is lost. Not just for you, but also for the emergency services, hospital, the fire department...? And for the police? At first glance it isn't, because they use the Astrid network [a Belgian national radio communications network intended for emergency services]. But that network only works apart from BICS for local communications. For interregional communications it is just as dependent on BICS as the rest. Hence, it is no coincidence that police chief Catherine De Bolle started looking for a backup for the communications system of the federal police on that Friday the 13th, just before the big cleaning operation would have started. How long would it take before Belgacom was up and running again after a destructive cyber attack, is unclear. "But it is clear that we are not prepared to counter this type of attacks right now", states a high-ranking source. "That awareness must finally start to grow. I am very apprehensive for the feeling of relief that I already observe in some people. 'Ah well, that has been nicely dealt with. It's over.' It's not, mind you. Whoever doesn't realise, this week, that it is urgent, will never get it. Playing things down now is dangerous." After De Standaard brought the news of large-scale hacking at Belgacom, it turned out that the Ministry of Foreign Affairs and the cabinet of the prime minister had been hacked. "And this is merely the top of the iceberg", states a source who was involved in the problems at Belgacom. Because telecom is one thing, but there are many other critical sectors that are the fundament of a country. Transportation, for example. Trains, trams, busses, highways, airplanes, everything involves computer networks and everywhere one should be cautious for cyber attacks. The energy supply is another critical fundament. And last but not least: the banking sector of a country. Luxembourg has already contacted the Belgian cyberservices [?] to obtain more information about the malware that hit Belgacom. Awareness Besides budgets and well-paid IT personnel, the remedy against the growing cyberthreat will be found in improved awareness. "Belgium wants to invest in knowledge and innovation, but if one sector is vulnerable to espionage, it is that one. Just as many computers of the global diplomatic network of Foreign Affairs have post-its one them with the passwords, many small companies are slacking in their security", a cyber specialist states. "And if you dare ask whether their Chinese interns are thoroughly screened, they look at you as if you're from another planet." Whether the gravity of the situation is apparent to everyone, is doubtful. In official communications, Belgacom states that it currently has no evidence of impact on its customers or their data. Understandly, the company does not want to trigger hysteria, but it sounds like down-playing nonetheless. "What should we write then?", states spokesman Jan Margot in his response. "The infection was at dozens of computers in our own system. They have been cleaned together with the entire network." BICS too doesn't say much about it. "There are no indications of an impact on the telecomnetwork of BICS", it states in a press release. "A number of our IT systems are integrated in the infrastructure of Belgacom and are affected in that way, but that remained outside the network that carries customer traffic." "That's all put rather euphemistically", according to the investigators involved. "But you cannot accuse them of lying. A lot of thought went into every comma of the communication." Joke Did Belgium become the joke of de European mainland as a result of the compromise of Belgacom? Intelligence services are continuously in contact with each other and exchange information. For the image of our country, the past week has been anything but stellar, but it is emphasised nonetheless that in such contacts it is often also about personal relations between people. "Moreover, all countries have problems and everyone tries to rise above them." What about ethics? Isn't it schizophrenic that our country, Belgium, receives information about threats that the US or others have stolen from us? "That is the eternal paradox", a recipient of such information states. Diplomatically it is the hardest. But if you receive information about a serious threat such as terrorism, you cannot ignore it. Then you have different things on your mind. """ From electromagnetize at gmail.com Tue Sep 24 01:39:46 2013 From: electromagnetize at gmail.com (brian carroll) Date: Tue, 24 Sep 2013 00:39:46 -0500 Subject: feedback, re: [8] Message-ID: > On Mon, Sep 23, 2013 at 9:10 AM, Eugen Leitl wrote: > > > are you the fuckhead who BSOD my computer > > and took it down after my first cypherpunks post? > > > > (if you are you better watch out- you're in trouble...) > > You sound paranoid. There is really no need for that. > I personally tried to read some of your missives but > had to skip them due to lack of time. > Paranoid, no. having personal experience of locked psychiatric wards and snakeoil, i know the domain and this is not that. grounded observations here. my independent research has been messed around with for a decade plus, this includes heavy surveillance, now ubiquitous. several projects shut down or sabotaged due to active, hostile yet "kids gloves" interference, given origin. ex. political agenda shuts power off to apartment to stop basic research into new computing system, threatens destruction of tools (NAS) needed to prototype AMS (Asperger Management System). message: "stop or equipment will be fried!" NAS and router already backdoored, NAS ghosted from beginning anyway, hive of activity, manufactured for sabotage. so have to stop and move onto plan Z^n. under siege for years. existence as if held hostage within illegal prison of hidden dictator. unwanted truth, its uncanny ability to rattle megastructures of power. ping the biased networks, learn its programmatic malfunctioning. private group using constitution as shield to illegally attack citizens, then wrongly expecting to be able to hide behind it for their own defense, no such boundary. mistakenly thought refraining from saying what was actually on my mind would be keeping it ~classy on cypherpunks :L that is: no advisement of will-writing, death sentences, deballing, cutting tongues out, hanging by nutsack, fingers cut off, eyes gouged out-- nothing about war, takedown of vital public equipment, nor role of legal state murder. though i wanted the perpetrators to realize the horror that awaits them. perhaps too understated- i.e. they are cursed with extreme and increasingly misfortune as a result of their actions. the error-rate will be going way up for those involved. unbearable pressure. the nightmare of hostile metaphysical code. context for computer attack: under heavy noise assault for 19 months, ranging from harassment and abuse to long periods of sustained noise torture. water remotely turned down in shower, 70+ times. VOC toxic fume attacks, bombs of laundry detergents and chemicals, deteriorating nervous system, debilitating. those involved denying their actions, trying to frame as crazy, force suicide. noisemaking devices in the walls, remote switches to control water valves. internet-connected. apartment the bizarre context of embassy psychological trickery. events directly connected to ruling ideology, power politics. my equipment thoroughly surveilled. multi-level honeypot, manufactured to spy and to break. completely monitored. whomever subverted my system in PC takedown due to active retaliatory censoring (against crypto-ideas) walked into a trap. even while i cannot figure it out, it is indicated the perpetrators are KNOWN. this event oddly sequenced with local CIA matched reference, power outage to apartment and immediately back on. a second power blip recurs in the morning, coinciding with computer attack. seemingly signaling hidden observer. the computer attack- DOS shell occasionally appears and vanishes upperleft upon login. disembodied close-window [x] checkbox sometimes appears upperleft of screen, as if virus or trojan, along with lower right MS red signage warning of unidentifiable security threat at time of kernel panic, locking down windows in pause, cascading into BSOD shutdown. clean installing OS, new BIOS, nothing stops it, as if occurring outside OS and motherboard control. occurs after one hour, as if strategically deployed or unlocked bug to sabotage computing system that cannot be repaired by software or disk overwrites. so my equipment is ruined. it had bug exploits before, though now it cannot be used at all as a research tool. this is active hostile censorship. destruction of property. imagine if this is what 'crypto' is allowing the state to do to its citizens, by ideological design. circuit faults as failsafes to stop public communications via subversion, oversight of an illegal dictatorial state and its methods, using these 'secret weapons' against the constitution: freedom of thought, ideas, free expression. now what if those at the NSA or CYBERCOMMAND are attacking citizens not aligned with the ruling exploitative political agenda- the state as enemy. (important to distinguish the context for remote hostile actions localized, the reliance on 'virtual power' and allowing such functioning, versus ~securing its basis in actual grounded power. also, dependence on masks and hiding to get away with these exploits, cheating, stealing, subterfuge and sabotage, etc.) there is a definite aspect of aggression and bullying, to the point of torture, and destruction of peoples' lives that has somehow been normalized by detachment of the population from its representation within the state, via short-circuits. that is realism for me. sanity. and my perspective of these events. that someone would write off-list at the exact moment i begin first attempts at repair then triggered a thoroughly muted response, not getting into the fact that people die for doing these things. it is not all virtual and remote. it can be extremely close-up and involve brutal events and unimaginable pain and anguish. yet these same mediocre oppressors seem not to believe there is anything to fear anymore. there, balanced the psychic equilibrium. thanks. ? ------next part ------An HTML attachment was scrubbed... URL: From eugen at leitl.org Tue Sep 24 08:13:36 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 24 Sep 2013 14:13:36 +0200 Subject: [tt] NS 2935: Forget premiums: A peer-to-peer network will cover you Message-ID: <[email protected]> ----- Forwarded message from Frank Forman Date: Mon, 23 Sep 2013 00:54:58 +0000 (GMT) From: Frank Forman NS 2935: Forget premiums: A peer-to-peer network will cover you http://www.newscientist.com/article/mg21929354.300-forget-premiums-a-peertopeer- network-will-cover-you.html * 22 September 2013 by Hal Hodson People can now insure one another in peer-to-peer networks and do away with big insurance companies and premiums INSURANCE is an unfortunate fact of life. We pay large premiums to cover ourselves for bad events that often never happen. But there is another way. An online insurance firm called Peercover lets groups of people insure each other on their own terms and at a fraction of the cost. Insurance is the latest financial service to get a shake-up from peer-to-peer (P2P) dynamics. Already, individuals can lend money for a return with interest. Similarly, people wanting to exchange currency can avoid banks and instead use P2P services to find other people looking to make the opposite trade. "The changes in financial services that are happening now are happening more quickly and dramatically than anything we've seen over the last 100 years," says Ron Suber of peer-to-peer loan company Prosper. "Peercover is a great example." P2P insurance is simpler and cheaper than mainstream methods. "People are paying profit and overhead to insurance firms when they pay premiums," says Peercover co-founder Jared Mimms. Peercover groups don't collect premiums. Instead, every individual in the group has a stake - each is both insurer and insuree. The group's founder sets the initial conditions for that group, including what can be insured and the maximum value of an item. The payout for a claim is split between all members but is only made when the majority of the group approve the claim. The amount you pay out is directly proportional to the value of the goods you have insured, as calculated by Peercover's algorithms. Someone insuring a $400 cellphone will pay a larger proportion of a member's claim than someone who is insuring a $100 cellphone, for example. Members who fail to pay are ejected from the group and are no longer covered. The reason all this is possible is, as with other P2P services, because of the rise of new ways to pay online. "The kind of insurance we're interested in wasn't possible a few years ago," says Mimms. "It only became possible because of micropayments." Behind micropayments are breakthroughs such as the virtual currency Bitcoin and the payment network Ripple, which Peercover uses. Both charge an extremely small fee for processing a transaction compared with traditional models such as credit card companies, making payments as low as 20 cents feasible. Initially, Peercover's focus is on building groups to cover small things like cellphones, and what Mimms calls positive insurance. This is where a group pays out when a member reaches an agreed goal, such as giving up smoking. But he has grander visions too, such as health insurance, where large groups of Peercover users could negotiate preferential rates for treatment. "The technology allows for the potential of collective bargaining in the negotiation of healthcare costs in which groups may band together to practise some of the bargaining techniques used by governments and traditional insurance behemoths," Mimms says. Ellen Carney, an insurance industry analyst with research firm Forrester, says Peercover points towards the future of insurance. "It's very clever. This model is at the historical roots of so many insurance companies." She backs the idea that Peercover has the potential to change how health insurance works in the US, although there are obvious regulatory hurdles. "Health insurance in the US has a lot of problems. You could see that this would be an interesting alternative." Richard Carter, CEO of financial software developer Nostrum Group, says that data from sources such as social networks will play a role in a peer-to-peer world. This won't just be in the form of finding friends to go in with on coverage, but to judge unknown group applicants too. "Consumers need to learn that everything they put into the public domain is going to be used to judge them in future, whether they like it or not," Carter says. ______tt mailing list tt at postbiota.org http://postbiota.org/mailman/listinfo/tt ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Tue Sep 24 09:18:55 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 24 Sep 2013 15:18:55 +0200 Subject: How a Crypto =?utf-8?B?4oCYQmFja2Rvb3I=?= =?utf-8?B?4oCZ?= Pitted the Tech World Against the NSA Message-ID: <[email protected]> http://www.wired.com/threatlevel/2013/09/nsa-backdoor/all/ How a Crypto ?Backdoor? Pitted the Tech World Against the NSA BY KIM ZETTER09.24.136:30 AM Illustration: alengo/Getty Images In August 2007, a young programmer in Microsoft?s Windows security group stood up to give a five-minute turbo talk at the annual Crypto conference in Santa Barbara. It was a Tuesday evening, part of the conference?s traditional rump session, when a hodge-podge of short talks are presented outside of the conference?s main lineup. To draw attendees away from the wine and beer that competed for their attention at that hour, presenters sometimes tried to sex up their talks with provocative titles like ?Does Bob Go to Prison?? or ?How to Steal Cars ? A Practical Attack on KeeLoq? or ?The Only Rump Session Talk With Pamela Anderson.? Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs, provocatively, ?On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng.? It was a title only a crypto geek would love or get. The talk was only nine slides long (.pdf). But those nine slides were potentially dynamite. They laid out a case showing that a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn?t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design. For such a dramatic presentation ? by mathematicians? standards ? the reaction to it was surprisingly muted. ?I think folks thought, ?Well that?s interesting,? and, ?Wow, it looks like maybe there was a flaw in the design,?? says a senior Microsoft manager who was at the talk. ?But there wasn?t a huge reaction.? Six years later, that?s all changed. Early this month the New York Times drew a connection between their talk and memos leaked by Edward Snowden, classified Top Secret, that apparently confirms that the weakness in the standard and so-called Dual_EC_DRBG algorithm was indeed a backdoor. The Times story implies that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world. The Times story has kindled a firestorm over the integrity of the byzantine process that produces security standards. The National Institute of Standards and Technology, which approved Dual_EC_DRBG and the standard, is now facing a crisis of confidence, having been forced to re-open the standard for public discussion, while security and crypto firms scramble to unravel how deeply the suspect algorithm infiltrated their code, if at all. On Thursday, corporate giant RSA Security publicly renounced Dual_EC_DRBG, while also conceding that its commercial suite of cryptographic libraries had been using the bad algorithm as its default algorithm for years. But beneath the flames, a surprising uncertainty is still smoldering over whether Dual_EC_DRBG really is backdoored. The Times, crypto experts note, hasn?t released the memos that purport to prove the existence of a backdoor, and the paper?s direct quotes from the classified documents don?t mention any backdoor in the algorithm or efforts by the NSA to weaken it or the standard. They only discuss efforts to push the standard through committees for approval. Jon Callas, the CTO of Silent Circle, whose company offers encrypted phone communication, delivered a different rump session talk at the Crypto conference in 2007 and saw the presentation by Shumow. He says he wasn?t alarmed by it at the time and still has doubts that what was exposed was actually a backdoor, in part because the algorithm is so badly done. ?If [NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them,? he says. ?Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian ? and this thing is just laughably bad. This is Boris and Natasha sort of stuff.? Indeed, the Microsoft presenters themselves ? who declined to comment for this article ? didn?t press the backdoor theory in their talk. They didn?t mention NSA at all, and went out of their way to avoid accusing NIST of anything. ?WE ARE NOT SAYING: NIST intentionally put a back door in this PRNG,? read the last slide of their deck. The Microsoft manager who spoke with WIRED on condition of anonymity thinks the provocative title of the 2007 presentation overstates the issue with the algorithm and is being misinterpreted ? that perhaps reporters at the Times read something in a classified document showing that the NSA worked on the algorithm and pushed it through the standards process, and quickly took it as proof that the title of the 2007 talk had been right to call the weakness in the standard and algorithm a backdoor. But Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the ?bad cryptography? explanation for the weakness, in favor of the backdoor one. ?Bad cryptography happens through laziness and ignorance,? he says. ?But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack. ?What?s mathematically creative [with this algorithm] is that when you look at it, you can?t even prove whether there is a backdoor or not, which is very bizarre in cryptography,? he says. ?Usually the presence of a backdoor is something you can prove is there, because you can see it and exploit it?. In my entire career in cryptography, I?ve never seen a vulnerability like this.? National Security Agency headquarters, Fort Meade, Maryland. Photo: Wikipedia It?s not the first time the NSA has been accused of installing backdoors. Crypto trapdoors, real and imagined, have been part of NSA lore for decades. In some ways the current controversy echoes the long-ago debate over the first U.S. Data Encryption Standard in the 1970s. The NSA was widely suspected of weakening DES to make it more crackable by the agency by tinkering with a table of numeric constants called an S-Box and shortening the algorithm?s key length. In 1994, though, the NSA was exonerated when it turned out that the agency had actually changed the S-Box numbers to harden DES against a code-breaking technique that had been known only within NSA at the time. In 1995, another case came up that seemed to confirm suspicions about the NSA. The Baltimore Sun reported that year that the NSA had inserted a backdoor into cryptographic machines made by the respected Swiss company Crypto AG, apparently substantiating longstanding rumors to that effect. Then in 1999, Microsoft inadvertently kicked off another controversy when it leaked its internal name for a cryptographic signing key built into Windows NT. The key was called _NSAKEY, spawning speculation that Microsoft had secretly given the agency the power to write and sign its own updates to Windows NT?s crypto engine. Microsoft said this was incorrect, that the key was an internal Microsoft key only and that it was called ?_NSAKEY? because the NSA was the technical reviewing authority for U.S. export controls. The key was part of Microsoft?s compliance with U.S. export laws. Suspicions about the NSA and backdoors were lingering in 2006 when Shumow and Ferguson began looking at Dual_EC_DRBG after NIST approved it for inclusion in a standard (.pdf). The standard discussed four federally sanctioned random number generators approved for use in encrypting government classified and unclassified-but-sensitive communication. Each of the four algorithms was based on a different cryptographic design family. One was based on hash functions, one on so-called HMAC (hash-based message authentication code), one on block ciphers and the fourth one was based on elliptic curves. The NSA had been pushing elliptic curve cryptography for a number of years, and it publicly championed the last one ? Dual_EC_DRBG ? to be included in the standard. Elliptic curve algorithms are based on slightly different mathematics than the more common RSA algorithm, and the NSA believes they?re the future of cryptography, asserting that elliptic curve algorithms are smaller, faster and offer better security. But as Shumow and Ferguson examined the properties of the elliptic curve random number generator in the standard, to determine how to incorporate it into the Windows operating system, a couple of strange things stood out. First, the random number generator was very slow ? two to three orders of magnitude slower than another algorithm in the standard. Second, it didn?t seem to be very secure. ?There was a property [in it] that seemed to make the prediction-resistance of the algorithm not what you would necessarily want it to be,? the Microsoft manager says. In non-geek speak, there was a weakness that made the random number generator not so random. Good random number generation is at the core of encryption, and a weak RNG can undo the entire encryption system. Random number generators play a role in creating cryptographic keys, in opening secure communications between users and web sites and in resetting passwords for email accounts. Without assured randomness, an attacker can predict what the system will generate and undermine the algorithm. Shumow and Ferguson found that the obstacles to predicting what the random number generator would generate was low. It wasn?t a catastrophic problem, but it seemed strange for a security system being promulgated by the government. Then they noticed something else. The standard for implementing the algorithm included a list of constants ? static numbers ? that were used in the elliptic curve on which the random number generator was based. Whoever generated the constants, which served as a kind of public key for the algorithm, could have generated a second set of numbers at the same time ? a private key. Anyone possessing that second set of numbers would have what?s known in the cryptography community as ?trapdoor information? ? that is, they would be able to essentially unlock the encryption algorithm by predicting what the random number generator generated. And, Shumow and Ferguson realized, they could predict this after seeing as few as 32 bytes of output from the generator. With a very small sample, they could crack the entire encryption system used to secure the output. ?Even if no one knows the secret numbers, the fact that the backdoor is present makes Dual_EC_DRBG very fragile,? cryptographer Bruce Schneier wrote at the time, in a piece for WIRED. ?If someone were to solve just one instance of the algorithm?s elliptic-curve problem, he would effectively have the keys to the kingdom. He could then use it for whatever nefarious purpose he wanted. Or he could publish his result, and render every implementation of the random-number generator completely insecure.? No one knew who had produced the constants, but it was assumed that because the NSA had pushed the algorithm into the standard, the agency had generated the numbers. The spy agency might also, then, have generated a secret key. Schneier called it ?scary stuff indeed,? but he also said at the time that it made no sense as a backdoor, since it was so obvious to anyone who looked at the algorithm and standard that there was this flaw in it. As a result, developers of web sites and software applications wouldn?t use it to help secure their products and systems, he said. But in fact, many developers did use it. The U.S. government has enormous purchasing power, and vendors soon were forced to implement the suspect standard as a condition of selling their products to federal agencies under so-called FIPS certification requirements. Microsoft added support for the standard, including the elliptic curve random-number generator, in a Vista update in February 2008, though it did not make the problematic generator the default algorithm. Asked why Microsoft supported the algorithm when two of its own employees had shown it to be weakened, a second Microsoft senior manager who spoke with WIRED said that while the weakness in the algorithm and standard was ?weird? it ?wasn?t a smoking gun.? It was more of an ?odd property.? Microsoft decided to include the algorithm in its operating system because a major customer was asking for it, because it had been sanctioned by NIST, and because it wasn?t going to be enabled as the default algorithm in the system, thus having no impact on other customers. ?In fact it is nearly impossible for any user to implement or to get this particular random number generator instantiating on their machines without going into the guts of the machine and reconfiguring it,? he says. Other major companies, like Cisco and RSA, added it as well. NIST in fact provides a lengthy list of companies that have included it in their libraries, though the list doesn?t say which companies made it the default algorithm in their library or which products have been developed that invoke the algorithm. A Cisco spokesman told WIRED that the algorithm was implemented in its standard crypto library around mid-2012, a library that is used in more than 120 product lines, but the algorithm is not the default, and the default algorithm cannot be changed by users. The company is currently completing an internal audit of all of its products that leverage the NIST standard. RSA, however, made the algorithm the default in its BShare toolkit for Java and C developers until this week when it told WIRED that it was changing the default following the renewed controversy over it. The company sent an advisory to developer customers ?strongly? urging them to change the default to one of a number of other random number generator algorithms RSA supports. RSA also changed the default on its own end in BSafe and in an RSA key management system. The company is currently doing an internal review of all of its products to see where the algorithm gets invoked in order to change those. RSA actually added the algorithm to its libraries in 2004 or 2005, before NIST approved it for the standard in 2006 and before the government made it a requirement for FIPS certification, says Sam Curry, the company?s chief technology officer. The company then made it the default algorithm in BSafe and in its key management system after the algorithm was added to the standard. Curry said that elliptic curve algorithms were all the rage at the time and RSA chose it as the default because it provided certain advantages over the other random number generators, including what he says was better security. ?Cryptography is a changing field. Some algorithms go up and some come down and we make the best decisions we can in any point in time,? he says.?A lot of the hash-based algorithms were getting struck down by some weaknesses in how they chose numbers and in fact what kind of sample set they chose for initial seeding. From our perspective it looked like elliptic curve would be immune to those things.? Curry says the fact that the algorithm is slower actually provides it with better security in at least one respect. ?The length of time that you have to gather samples will determine the strength of your random number generation. So the fact that it?s slower sometimes gives it a wider sample set to do initial seeding,? he says. ?Precisely because it takes a little longer, it actually winds up giving you more randomness in your initial seeding, and that can be an advantage.? Despite the renewed controversy over the algorithm and standard, Microsoft managers say they still don?t think the weaknesses constitute an intentional backdoor. Callas agrees. He thinks it is simply bad cryptography that was included in the standard to round-out the selection so that there would be at least one elliptic curve algorithm in the standard. But one advantage to having the algorithm supported in products like Vista ? and which may be the reason the NSA pushed it into the standard ? is that even if it?s not the default algorithm for encryption on a system, as long as it?s an option on the system, an intruder, like the NSA, can get into the system and change the registry to make it the default algorithm used for encryption, thereby theoretically making it easy for the NSA to undermine the encryption and spy on users of the machine. Schneier says this is a much more efficient and stealth way of undermining the encryption than simply installing a keystroke logger or other Trojan malware that could be detected. ?A Trojan is really, really big. You can?t say that was a mistake. It?s a massive piece of code collecting keystrokes,? he said. ?But changing a bit-one to a bit-two [in the registry to change the default random number generator on the machine] is probably going to be undetected. It is a low conspiracy, highly deniable way of getting a backdoor. So there?s a benefit to getting it into the library and into the product.? To date, the only confirmation that the algorithm has a backdoor comes in the Times story, based on NSA documents leaked by Edward Snowden, which the Times and two other media outlets saw. ?[I]nternal memos leaked by a former NSA contractor, Edward Snowden, suggest that the NSA generated one of the random number generators used in a 2006 NIST standard ? called the Dual EC DRBG standard ? which contains a back door for the NSA,? the Times wrote. An editorial published by the Times this weekend re-asserted the claim: ?Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a ?back door? into the system that allowed federal spies to crack open any data that was encoded using its technology.? But all of the quotes that the Times published from the memos refer to the NSA getting the standard passed by an international standards body; they do not say the NSA intentionally weakened the algorithm and standard, though the Times implies that this is what the memos mean by tying them to the 2007 presentation by Shumow and Ferguson. NIST has denied any knowledge of a backdoor and has also denied that the NSA authored its standard. The institute has, however, re-opened the standard for public comment as a result of the controversy and ?strongly? urged against using the algorithm in question until the matter could be resolved. The public comments period will close Nov. 6. Even without more explicit confirmation that the weaknesses in the algorithm and standard constitute a backdoor, Kocher and Schneier believe they do. ?It is extraordinarily bad cryptography,? says Kocher. ?If you look at the NSA?s role in creating standards [over the years] and its general cryptographic sophistication, none of it makes sense if there isn?t a backdoor in this.? Schneier agrees and says the NSA has done too many other things for him to think, when he sees government-mandated crypto that?s weak, that it?s just by accident. ?If we were living in a kinder world, that would be a plausible explanation,? he says. ?But we?re living in a very malicious world, it turns out.? He adds that the uncertainty around the algorithm and standard is the worst part of the whole matter. ?This is the worst problem that the NSA has done,? Schneier says. ?They have so undermined the fundamental trust in the internet, that we don?t know what to trust. We have to suspect everything. We?re never sure. That?s the greatest damage.? ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From realcr at gmail.com Tue Sep 24 09:38:22 2013 From: realcr at gmail.com (realcr) Date: Tue, 24 Sep 2013 15:38:22 +0200 Subject: [tt] NS 2935: Forget premiums: A peer-to-peer network will cover you In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: What would stop somebody from lying about his phone being broken? Are the peers in the network should be his close friends or people that know him in the physical world? real. On Tue, Sep 24, 2013 at 3:13 PM, Eugen Leitl > ----- Forwarded message from Frank Forman From jya at pipeline.com Tue Sep 24 09:55:16 2013 From: jya at pipeline.com (John Young) Date: Tue, 24 Sep 2013 09:55:16 -0400 Subject: Popular Deification of Transmission- and Crypto-Security Message-ID: NSA Technical Journal published in October 1959 an article titled "The Borders of Cryptology." http://www.nsa.gov/public_info/_files/tech_journals/borders_cryptology.pdf A chart shows three main topics with subdivisions of each: Electronic Warfare Cryptology SIGINT http://cryptome.org/cryptology-borders.jpg Among 16 subdivisions only two are popularly deified today and whose all-too-human and vain weaknesses and vulnerabilities are hotly discussed here and elsewhere: Transmission Security Crypto-Security Knowledge of the other 14 could prove useful to compensate for the faults of the twin deities, now revealed to be not so hot conjoined. And perhaps overcome the icey ignorance of other less glorified means and methods used to profanely prop-up the pedestals. From eugen at leitl.org Tue Sep 24 10:52:50 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 24 Sep 2013 16:52:50 +0200 Subject: Dissentr: A High-Latency Overlay Mix Network Message-ID: <[email protected]> https://github.com/ShaneWilton/dissentr Note: This project was created as part of a 36-hour hackathon - and primarily as a proof of concept. While the ideas may be sound, and the prototype may work as designed, the protocols involved in this specific project have not been peer-reviewed, and so I cannot recommend that the network be used for anything requiring serious privacy. Dissentr A High-Latency Overlay Mix Network Essentially, Dissentr is a security-minded network, inspired by Tor, with a few important characteristics which serve to differentiate it. High-Latency Tor is a low-latency network. This makes it ideal for real time activities like web browsing, but as a result, opens it up to attacks involving large-scale traffic analysis methods known as end-to-end correlation. In these attacks, an adversary with the ability to analyze massive amounts of traffic in a short period of time is able to match up traffic entering the network with the corresponding traffic which will inevitably soon exit it. Dissentr manages to protect against these sorts of attacks by being engineered as a high-latency network. Assuming any given node has not been compromised, that node will intentionally hold off on forwarding its traffic to the next node in the network until it is able to forward a large amount of data in bulk, rendering the aforementioned end-to-end correlation far less feasible. For an excellent discussion on this attack, and possible countermeasures, see Practical Traffic Analysis: Extending and Resisting Statistical Disclosure. Cascades Much like any mix network, Dissentr models its network as a graph of nodes, each responsible for handling the relay of traffic as it moves along some path through the network. Where Dissentr differs from a network such as Tor is in how this path is constructed. In Dissentr, the network is constructed out of cascades (A term I first heard described by Ian Goldberg, but I've been unable to pin down an original source for): essentially directed, acyclic sub-graphs, in which a node defines a set of "trusted" nodes, through which they are willing to relay traffic through. Dissentr simplifies this model by only allowing for nodes of out-degree 1, at this time. This construction brings about a number of useful results: In the event that a node is known to be compromised, individual nodes are allowed the ability to either remove themselves from a cascade, or bypass untrusted nodes entirely, without the necessity of a trusted third-party. The network is protected from "supernode invasions," in which an attacker floods the network with compromised nodes, in the hopes of either endangering the network's health, or placing the security of users passing through their nodes at risk of traffic interception, and subsequent analysis. This can be guaranteed because cascades are constructed by virtue of a measure of trust between node-operators, and so long as there exists some non-zero subset of trusted operators, they retain the ability to form a cascade of their own, effectively shutting out the efforts of such an attacker. Use-Cases As mentioned previously, the high-latency nature of the network causes a shift in the sorts of activities best facilitated by its use, however, there do exist some unique opportunities which I have neither seen implemented in the context of a mix network, nor discussed in the literature. A personal favourite idea revolves around creating a platform for political blogging, which, assuming a noisy enough network, would offer political dissidents the ability to freely write about issues of corruption or government abuse, without many of the risks associated with using a lower-latency network like Tor. If it takes a week for a blog post to appear in circulation after the author posts it to the network, it becomes magnitudes more difficult for any assailant to trace the authorship of that blog post - especially if that author never visited the website which hosts their content in the first place! It also becomes a fairly trivial exercise to adapt the network to act as a mixing service for digital currency such as Bitcoin. Furthermore, by breaking the network into a number of smaller, disjoint networks for that purpose, one is be able to counter many of the current attacks which target existing mixing services. Cryptosystem I again emphasize that the cryptosystem in place is the result of a rather rushed 48- hour hackathon - in a production system, I would recommend implementing a peer- reviewed cryptosystem, such as the very lightweight Sphinx, or, pending their coming proof of security, the recently proposed Ibis. That being said, Dissentr works as follows: Every node in the network maintains an RSA-keypair, with the public key being exposed to every node in a given cascade. When a client wishes to send a message M through the network, they choose some cascade C. For each node in the cascade, beginning with the exit node, and continuing through to the entrance node, the client generates an AES CFB128 key, which it uses to encrypt M. The key is then encrypted using that node's public RSA key. M, now encrypted with AES CFB128 for every node in the cascade, is then passed to the entrance node along with the encrypted AES keys. The entrance node then uses its private RSA key to decrypt the AES key, so that it can subsequently decrypt M, yielding yet another cipher text. This process is repeated for every node in the cascade, until the final node decrypts M to a plaintext, which it then handles accordingly. Building and Running it If, after all of my warnings, you still want to see it in action, it's dead-easy to get setup. All you'll need is Erlang installed (Tested on R16B02), along with Elixir. From there, you'll want to invoke the following from within Dissentr's directory, on every machine you want to host a node: iex --sname {Any name, different per machine} --cookie {Any string, common between all machines} -S mix This will stick you into a REPL, loaded with Dissentr's namespaces and dependencies. Sorry, there's no interface yet. From there, if you're using more than one machine, you'll want to link them all together, by running the following on every machine you want to host a node on. Since Erlang node connections are transitive, you won't have to do this for every pair of nodes.: :net_adm.ping(binary_to_atom(hostname)) The hostname in question can be found in the iex prompt. Most likely it will be something at domain. Now, just spawn a few nodes to create a network. I've got some temporary methods in place for making this easy, using some hardcoded keys stored in example_data/ for testing. Ideally, each node will be hosted on a different machine, but for testing purposes it doesn't matter. Within your prompt, execute the following: Dissentr.Cascade.add_node(:node1, nil, 1) Dissentr.Cascade.add_node(:node2, :node1, 2) Dissentr.Cascade.add_node(:node3, :node2, 3) Dissentr.Cascade.add_node(:node4, :node3, 4) Dissentr.Cascade.add_node(:node5, :node4, 5) Finally, to send an encrypted message, run the following, substituting the node and message as desired: Dissentr.Cascade.mix(:node3, "Something, something, NSA") If all went well, you should see a debug statement print out the plaintext message, on the machine which is hosting :node1 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From electromagnetize at gmail.com Tue Sep 24 15:30:11 2013 From: electromagnetize at gmail.com (brian carroll) Date: Tue, 24 Sep 2013 14:30:11 -0500 Subject: feedback (update), was [8] Message-ID: error-corrected text (re:ly), edited for privacy/formatting https://www.dropbox.com/s/rutqiplhjcrsz0g/feedback8.pdf source code diagram, context of cryptologica https://www.dropbox.com/s/rno21ddinxv0gpo/flatland-framework1v27.svg {note}: begins @ arrow: (x,y) browser scroll of (80,-55)% ? ? ------next part ------An HTML attachment was scrubbed... URL: From lee at guardianproject.info Tue Sep 24 17:05:38 2013 From: lee at guardianproject.info (Lee Azzarello) Date: Tue, 24 Sep 2013 17:05:38 -0400 Subject: Dissentr: A High-Latency Overlay Mix Network In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: Woah woah woah. When did the message go out about changing Tor to a "low latency" network? High latency is the number one criticism of Tor from users. In addition UDP traffic won't even pass through Tor. This results in low-latency real time applications like VoIP impossible over that network . Perhaps the author is not aware of these properties of Internet protocols? -lee On Tuesday, September 24, 2013, Eugen Leitl wrote: > > https://github.com/ShaneWilton/dissentr > > Note: This project was created as part of a 36-hour hackathon - and > primarily as a proof of concept. While the ideas may be sound, and the > prototype may work as designed, the protocols involved in this specific > project have not been peer-reviewed, and so I cannot recommend that the > network be used for anything requiring serious privacy. > > Dissentr > A High-Latency Overlay Mix Network > > Essentially, Dissentr is a security-minded network, inspired by Tor, with > a few important characteristics which serve to differentiate it. > > High-Latency > > Tor is a low-latency network. This makes it ideal for real time activities > like web browsing, but as a result, opens it up to attacks involving > large-scale traffic analysis methods known as end-to-end correlation. In > these attacks, an adversary with the ability to analyze massive amounts of > traffic in a short period of time is able to match up traffic entering the > network with the corresponding traffic which will inevitably soon exit it. > > Dissentr manages to protect against these sorts of attacks by being > engineered as a high-latency network. Assuming any given node has not been > compromised, that node will intentionally hold off on forwarding its > traffic to the next node in the network until it is able to forward a large > amount of data in bulk, rendering the aforementioned end-to-end correlation > far less feasible. For an excellent discussion on this attack, and possible > countermeasures, see Practical Traffic Analysis: Extending and Resisting > Statistical Disclosure. > > Cascades > > Much like any mix network, Dissentr models its network as a graph of > nodes, each responsible for handling the relay of traffic as it moves along > some path through the network. Where Dissentr differs from a network such > as Tor is in how this path is constructed. In Dissentr, the network is > constructed out of cascades (A term I first heard described by Ian > Goldberg, but I've been unable to pin down an original source for): > essentially directed, acyclic sub-graphs, in which a node defines a set of > "trusted" nodes, through which they are willing to relay traffic through. > Dissentr simplifies this model by only allowing for nodes of out-degree 1, > at this time. This construction brings about a number of useful results: > > In the event that a node is known to be compromised, individual nodes are > allowed the ability to either remove themselves from a cascade, or bypass > untrusted nodes entirely, without the necessity of a trusted third-party. > The network is protected from "supernode invasions," in which an attacker > floods the network with compromised nodes, in the hopes of either > endangering the network's health, or placing the security of users passing > through their nodes at risk of traffic interception, and subsequent > analysis. This can be guaranteed because cascades are constructed by virtue > of a measure of trust between node-operators, and so long as there exists > some non-zero subset of trusted operators, they retain the ability to form > a cascade of their own, effectively shutting out the efforts of such an > attacker. > Use-Cases > > As mentioned previously, the high-latency nature of the network causes a > shift in the sorts of activities best facilitated by its use, however, > there do exist some unique opportunities which I have neither seen > implemented in the context of a mix network, nor discussed in the > literature. > > A personal favourite idea revolves around creating a platform for > political blogging, which, assuming a noisy enough network, would offer > political dissidents the ability to freely write about issues of corruption > or government abuse, without many of the risks associated with using a > lower-latency network like Tor. If it takes a week for a blog post to > appear in circulation after the author posts it to the network, it becomes > magnitudes more difficult for any assailant to trace the authorship of that > blog post - especially if that author never visited the website which hosts > their content in the first place! > > It also becomes a fairly trivial exercise to adapt the network to act as a > mixing service for digital currency such as Bitcoin. Furthermore, by > breaking the network into a number of smaller, disjoint networks for that > purpose, one is be able to counter many of the current attacks which target > existing mixing services. > > Cryptosystem > > I again emphasize that the cryptosystem in place is the result of a rather > rushed 48-hour hackathon - in a production system, I would recommend > implementing a peer-reviewed cryptosystem, such as the very lightweight > Sphinx, or, pending their coming proof of security, the recently proposed > Ibis. That being said, Dissentr works as follows: > > Every node in the network maintains an RSA-keypair, with the public key > being exposed to every node in a given cascade. > When a client wishes to send a message M through the network, they choose > some cascade C. > For each node in the cascade, beginning with the exit node, and continuing > through to the entrance node, the client generates an AES CFB128 key, which > it uses to encrypt M. The key is then encrypted using that node's public > RSA key. > M, now encrypted with AES CFB128 for every node in the cascade, is then > passed to the entrance node along with the encrypted AES keys. The entrance > node then uses its private RSA key to decrypt the AES key, so that it can > subsequently decrypt M, yielding yet another cipher text. > This process is repeated for every node in the cascade, until the final > node decrypts M to a plaintext, which it then handles accordingly. > Building and Running it > > If, after all of my warnings, you still want to see it in action, it's > dead-easy to get setup. All you'll need is Erlang installed (Tested on > R16B02), along with Elixir. From there, you'll want to invoke the following > from within Dissentr's directory, on every machine you want to host a node: > > iex --sname {Any name, different per machine} --cookie {Any string, common > between all machines} -S mix > This will stick you into a REPL, loaded with Dissentr's namespaces and > dependencies. Sorry, there's no interface yet. From there, if you're using > more than one machine, you'll want to link them all together, by running > the following on every machine you want to host a node on. Since Erlang > node connections are transitive, you won't have to do this for every pair > of nodes.: > > :net_adm.ping(binary_to_atom(hostname)) > The hostname in question can be found in the iex prompt. Most likely it > will be something at domain. > > Now, just spawn a few nodes to create a network. I've got some temporary > methods in place for making this easy, using some hardcoded keys stored in > example_data/ for testing. Ideally, each node will be hosted on a different > machine, but for testing purposes it doesn't matter. Within your prompt, > execute the following: > > Dissentr.Cascade.add_node(:node1, nil, 1) > Dissentr.Cascade.add_node(:node2, :node1, 2) > Dissentr.Cascade.add_node(:node3, :node2, 3) > Dissentr.Cascade.add_node(:node4, :node3, 4) > Dissentr.Cascade.add_node(:node5, :node4, 5) > Finally, to send an encrypted message, run the following, substituting the > node and message as desired: > > Dissentr.Cascade.mix(:node3, "Something, something, NSA") > If all went well, you should see a debug statement print out the plaintext > message, on the machine which is hosting :node1 > ------next part ------An HTML attachment was scrubbed... URL: From david.vorick at gmail.com Tue Sep 24 17:19:51 2013 From: david.vorick at gmail.com (David Vorick) Date: Tue, 24 Sep 2013 21:19:51 +0000 Subject: Dissentr: A High-Latency Overlay Mix Network In-Reply-To: Tor is a low latency network in the sense that packets are forwarded as soon as they are received. Outwardly, it may not appear as a low latency network because ping times can exceed 30 seconds, however from a security point of view Tor is a low latency network. A high latency network is one that holds onto traffic until it has a huge batch to send out. With enough traffic, you could theoretically implement a high latency network that is faster than Tor, but a high latency network could also theoretical take days to respond to a request. With Tor, if you are observing every node in the network you can guess at people's identities by correlating traffic. If one node sends exactly X bytes to a node that sends the same number of bytes to the next node, you can assume that the two nodes are connected in a circuit. In a high latency network, you would wait to send data to the next node until you have many different requests to send to the next node. This makes traffic correlation a lot harder because you can't distinguish a particular request of X bytes from the other requests that are being sent over the network. On Tue, Sep 24, 2013 at 9:05 PM, Lee Azzarello > Woah woah woah. When did the message go out about changing Tor to a "low > latency" network? High latency is the number one criticism of Tor from > users. > > In addition UDP traffic won't even pass through Tor. This results > in low-latency real time applications like VoIP impossible over that network > . > > Perhaps the author is not aware of these properties of Internet protocols? > > -lee > > On Tuesday, September 24, 2013, Eugen Leitl wrote: > >> >> https://github.com/ShaneWilton/dissentr >> >> Note: This project was created as part of a 36-hour hackathon - and >> primarily as a proof of concept. While the ideas may be sound, and the >> prototype may work as designed, the protocols involved in this specific >> project have not been peer-reviewed, and so I cannot recommend that the >> network be used for anything requiring serious privacy. >> >> Dissentr >> A High-Latency Overlay Mix Network >> >> Essentially, Dissentr is a security-minded network, inspired by Tor, with >> a few important characteristics which serve to differentiate it. >> >> High-Latency >> >> Tor is a low-latency network. This makes it ideal for real time >> activities like web browsing, but as a result, opens it up to attacks >> involving large-scale traffic analysis methods known as end-to-end >> correlation. In these attacks, an adversary with the ability to analyze >> massive amounts of traffic in a short period of time is able to match up >> traffic entering the network with the corresponding traffic which will >> inevitably soon exit it. >> >> Dissentr manages to protect against these sorts of attacks by being >> engineered as a high-latency network. Assuming any given node has not been >> compromised, that node will intentionally hold off on forwarding its >> traffic to the next node in the network until it is able to forward a large >> amount of data in bulk, rendering the aforementioned end-to-end correlation >> far less feasible. For an excellent discussion on this attack, and possible >> countermeasures, see Practical Traffic Analysis: Extending and Resisting >> Statistical Disclosure. >> >> Cascades >> >> Much like any mix network, Dissentr models its network as a graph of >> nodes, each responsible for handling the relay of traffic as it moves along >> some path through the network. Where Dissentr differs from a network such >> as Tor is in how this path is constructed. In Dissentr, the network is >> constructed out of cascades (A term I first heard described by Ian >> Goldberg, but I've been unable to pin down an original source for): >> essentially directed, acyclic sub-graphs, in which a node defines a set of >> "trusted" nodes, through which they are willing to relay traffic through. >> Dissentr simplifies this model by only allowing for nodes of out-degree 1, >> at this time. This construction brings about a number of useful results: >> >> In the event that a node is known to be compromised, individual nodes are >> allowed the ability to either remove themselves from a cascade, or bypass >> untrusted nodes entirely, without the necessity of a trusted third-party. >> The network is protected from "supernode invasions," in which an attacker >> floods the network with compromised nodes, in the hopes of either >> endangering the network's health, or placing the security of users passing >> through their nodes at risk of traffic interception, and subsequent >> analysis. This can be guaranteed because cascades are constructed by virtue >> of a measure of trust between node-operators, and so long as there exists >> some non-zero subset of trusted operators, they retain the ability to form >> a cascade of their own, effectively shutting out the efforts of such an >> attacker. >> Use-Cases >> >> As mentioned previously, the high-latency nature of the network causes a >> shift in the sorts of activities best facilitated by its use, however, >> there do exist some unique opportunities which I have neither seen >> implemented in the context of a mix network, nor discussed in the >> literature. >> >> A personal favourite idea revolves around creating a platform for >> political blogging, which, assuming a noisy enough network, would offer >> political dissidents the ability to freely write about issues of corruption >> or government abuse, without many of the risks associated with using a >> lower-latency network like Tor. If it takes a week for a blog post to >> appear in circulation after the author posts it to the network, it becomes >> magnitudes more difficult for any assailant to trace the authorship of that >> blog post - especially if that author never visited the website which hosts >> their content in the first place! >> >> It also becomes a fairly trivial exercise to adapt the network to act as >> a mixing service for digital currency such as Bitcoin. Furthermore, by >> breaking the network into a number of smaller, disjoint networks for that >> purpose, one is be able to counter many of the current attacks which target >> existing mixing services. >> >> Cryptosystem >> >> I again emphasize that the cryptosystem in place is the result of a >> rather rushed 48-hour hackathon - in a production system, I would recommend >> implementing a peer-reviewed cryptosystem, such as the very lightweight >> Sphinx, or, pending their coming proof of security, the recently proposed >> Ibis. That being said, Dissentr works as follows: >> >> Every node in the network maintains an RSA-keypair, with the public key >> being exposed to every node in a given cascade. >> When a client wishes to send a message M through the network, they choose >> some cascade C. >> For each node in the cascade, beginning with the exit node, and >> continuing through to the entrance node, the client generates an AES CFB128 >> key, which it uses to encrypt M. The key is then encrypted using that >> node's public RSA key. >> M, now encrypted with AES CFB128 for every node in the cascade, is then >> passed to the entrance node along with the encrypted AES keys. The entrance >> node then uses its private RSA key to decrypt the AES key, so that it can >> subsequently decrypt M, yielding yet another cipher text. >> This process is repeated for every node in the cascade, until the final >> node decrypts M to a plaintext, which it then handles accordingly. >> Building and Running it >> >> If, after all of my warnings, you still want to see it in action, it's >> dead-easy to get setup. All you'll need is Erlang installed (Tested on >> R16B02), along with Elixir. From there, you'll want to invoke the following >> from within Dissentr's directory, on every machine you want to host a node: >> >> iex --sname {Any name, different per machine} --cookie {Any string, >> common between all machines} -S mix >> This will stick you into a REPL, loaded with Dissentr's namespaces and >> dependencies. Sorry, there's no interface yet. From there, if you're using >> more than one machine, you'll want to link them all together, by running >> the following on every machine you want to host a node on. Since Erlang >> node connections are transitive, you won't have to do this for every pair >> of nodes.: >> >> :net_adm.ping(binary_to_atom(hostname)) >> The hostname in question can be found in the iex prompt. Most likely it >> will be something at domain. >> >> Now, just spawn a few nodes to create a network. I've got some temporary >> methods in place for making this easy, using some hardcoded keys stored in >> example_data/ for testing. Ideally, each node will be hosted on a different >> machine, but for testing purposes it doesn't matter. Within your prompt, >> execute the following: >> >> Dissentr.Cascade.add_node(:node1, nil, 1) >> Dissentr.Cascade.add_node(:node2, :node1, 2) >> Dissentr.Cascade.add_node(:node3, :node2, 3) >> Dissentr.Cascade.add_node(:node4, :node3, 4) >> Dissentr.Cascade.add_node(:node5, :node4, 5) >> Finally, to send an encrypted message, run the following, substituting >> the node and message as desired: >> >> Dissentr.Cascade.mix(:node3, "Something, something, NSA") >> If all went well, you should see a debug statement print out the >> plaintext message, on the machine which is hosting :node1 >> > ------next part ------An HTML attachment was scrubbed... URL: From lee at guardianproject.info Tue Sep 24 17:53:00 2013 From: lee at guardianproject.info (Lee Azzarello) Date: Tue, 24 Sep 2013 17:53:00 -0400 Subject: Dissentr: A High-Latency Overlay Mix Network In-Reply-To: Sounds like we need new terms for a high latency network that is a low latency network or a low latency network that is a high latency network? Perhaps store-and-forward versus stateful? -lee On Tuesday, September 24, 2013, David Vorick wrote: > Tor is a low latency network in the sense that packets are forwarded as > soon as they are received. Outwardly, it may not appear as a low latency > network because ping times can exceed 30 seconds, however from a security > point of view Tor is a low latency network. > > A high latency network is one that holds onto traffic until it has a huge > batch to send out. With enough traffic, you could theoretically implement a > high latency network that is faster than Tor, but a high latency network > could also theoretical take days to respond to a request. > > With Tor, if you are observing every node in the network you can guess at > people's identities by correlating traffic. If one node sends exactly X > bytes to a node that sends the same number of bytes to the next node, you > can assume that the two nodes are connected in a circuit. > > In a high latency network, you would wait to send data to the next node > until you have many different requests to send to the next node. This makes > traffic correlation a lot harder because you can't distinguish a particular > request of X bytes from the other requests that are being sent over the > network. > > > On Tue, Sep 24, 2013 at 9:05 PM, Lee Azzarello From lists at infosecurity.ch Wed Sep 25 03:01:48 2013 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Wed, 25 Sep 2013 09:01:48 +0200 Subject: [cryptography] Dissentr: A High-Latency Overlay Mix Network In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> Hi Eugen, did you evaluated about "leveraging" existing Tor network properties by running Dissentr over Tor network by default, to achieve some better security properties? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org Il 9/24/13 4:52 PM, Eugen Leitl ha scritto: > > https://github.com/ShaneWilton/dissentr > > Note: This project was created as part of a 36-hour hackathon - and primarily as a proof of concept. While the ideas may be sound, and the prototype may work as designed, the protocols involved in this specific project have not been peer-reviewed, and so I cannot recommend that the network be used for anything requiring serious privacy. > > Dissentr > A High-Latency Overlay Mix Network > ------next part ------An HTML attachment was scrubbed... URL: From eugen at leitl.org Wed Sep 25 03:56:29 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 09:56:29 +0200 Subject: DARK WALLET: A RADICAL WAY TO BITCOIN Message-ID: <[email protected]> "radical", huh. http://www.newyorker.com/online/blogs/currency/2013/09/dark-wallet-bitcoin.html? mobify=0 DARK WALLET: A RADICAL WAY TO BITCOIN POSTED BY MICHAEL DEL CASTILLO Cody Wilson is a twenty-five-year-old former law student at the University of Texas at Austin. He is also the inventor of the Liberator, a gun made almost entirely from plastic pieces created with a 3-D printer; he also uploaded to the Internet a blueprint that anyone could use to print such a gun. Wilson, who espouses libertarian views, created the blueprint to make a point: information should be free. Not everyone agreed with him. In May, after Wilson successfully fired the gun at a range near Austin and posted the design online, the State Department requested that those files be removed from the Web site of his nonprofit, Defense Distributed. Wilson complied?but not before the files had been downloaded two hundred thousand times, igniting a debate about whether there should be limits to the free flow of information over the Internet, and over the role of the government in enforcing those restrictions. Wilson lives in ?a utopian world in which contraband will be only a notional concept, because enforcement will require policing ideas and blueprints, not simply goods,? Jacob Silverman wrote in a piece about Wilson and the Liberator in May. A native of Cabot, Arkansas?a small suburb of Little Rock?Wilson said that the State Department?s action persuaded him to drop out of law school and pursue revolutionary activities full-time. In fact, he had been planning his next endeavor for a while. When Indiegogo, a crowdfunding site, booted Defense Distributed?s campaign in August, 2012, for violating its terms of service?Indiegogo said the project related to the sale of firearms; Wilson said it was for the creation of information?Wilson began to raise money by asking people to support him using a currency called Bitcoin: encrypted, difficult-to-trace bits of code that function like cash and can be exchanged over the Internet without a bank or a PayPal account. Wilson said that he eventually raised two hundred bitcoins for the Liberator?the equivalent of twenty-seven thousand dollars, according to the current exchange rate. His efforts attracted the attention of a twenty-five-year-old Brit named Amir Taaki, who e-mailed him with an invitation to speak at the Bitcoin 2012 Conference, in London. He accepted. Wilson and Taaki met in person for the first time in January of 2013, when Taaki took Wilson to visit a workspace for hackers is Bratislava, Slovakia, and to anarchist squats in London. They reconnected in Berlin that July and began hashing out a plan to use the as of yet unregulated, untaxed, nearly untraceable currency in a way that would, like the Liberator, undermine the ability of governments to regulate the activities of their citizens. In the Bitcoin world, where banks no longer serve as intermediaries between people and their money, bank accounts have been replaced by online ?wallets? that people can use to virtually store and send bitcoins. Wilson and Taaki?s project, tentatively known as Dark Wallet, is a simple wallet designed to be easier to use for people who aren?t tech-savvy; they hope that in turn accelerates the currency?s rate of adoption around the world. The wallet will be open-source and free to use. Eventually, Wilson and Taaki hope to create a vast stable of Bitcoin-related tools. The goal, for Wilson, is similar to what he tried to do with the Liberator: use technology to remove government intervention from his life, and from the lives of like-minded people. Unlike many current Bitcoin wallets, which can be difficult to download and cumbersome to use, Wilson and Taaki are designing Dark Wallet, they told me, as an easy-to-install plug-in that sits discreetly on users? Chrome or Firefox browsers. Made for Windows, Mac, and Linux computers, Dark Wallet would move most of the energy-sucking process of insuring there?s only one of each bitcoin in circulation, and that they aren?t spent in two places at the same time, to separate servers. Wilson still lives in Austin, working remotely on Dark Wallet with Taaki, who lives in an anarchist compound called Calafou, outside of Barcelona, and writes most of the code behind the wallet. Taaki and Vitalik Buterin, the co-founder of Bitcoin Magazine, a periodical covering the currency, are part of a Calafou-based organization called unSystem, which came up with the idea for the wallet; they?re working with a team of developers from around the world. Wilson, who will manage the development team behind Dark Wallet, making sure they meet their targets on time, is also producing a video and other material for a crowdfunding campaign to raise money for the project. Dark Wallet should be ready sometime in January or February of 2014, Taaki said, though he?s not committing to anything. ?It?ll launch when it?s ready,? he said. And the details of an upcoming crowdfunding campaign have still yet to be solidified, though Taaki and Wilson expect it to launch sometime in October. The person or group that, in 2008, created Bitcoin?that is, released the protocol that defined what Bitcoin would be?called itself Satoshi Nakamoto. The online comments that Satoshi Nakamoto made before disappearing completely, in 2012, indicate that the creator of Bitcoin, like Wilson, was deeply mistrustful of economic institutions and designed the currency to be intentionally subversive. Bitcoin is created, or ?mined,? as it?s called, by powerful computers that race to solve complex math problems and are rewarded for their work with the encrypted code that is a bitcoin. Today there are 11.7 million of the coins in existence, worth an estimated $1.6 billion, though their value fluctuates dramatically. Nakamoto set the number of coins entering circulation to halve every four years until 2140, when they will plateau at twenty-one million coins and never be produced again. Because no one can arbitrarily decide to print more bitcoins, and because no banks intermediate the storage and spending of the currency, the value of a bitcoin is determined by market demand. Wilson finds this very attractive. But where a currency exists, capitalism will inevitably find it. In recent months, Bitcoin has caught the attention of entrepreneurs, many funded by venture-capital firms, who have begun building Bitcoin-related start-ups. The companies include exchanges where people can trade bitcoins, along with services that let people store and spend the currency in places ranging from Amazon-style online markets to brick-and-mortar bars and restaurants. The mainstream entrepreneurs who are interested in Bitcoin have found a haven in a nonprofit called the Bitcoin Foundation. Writing about Bitcoin in April, Maria Bustillos described its executives as a ?rational and sober group of adult administrators? who stand in contrast with the image of Bitcoin users as ?wild-eyed kids camping out in half-deserted lofts.? Members of the foundation met in August with several federal agencies, including the Federal Reserve, the F.B.I., and the Secret Service. On the surface, the meeting was an educational exercise, meant to explain how Bitcoin works, but many observers assume it was a step toward regulating the currency. The foundation, which celebrates its first anniversary this month, calls itself an advocacy group ?dedicated to serving the business, technology, government relations, and public affairs needs of the Bitcoin community.? One goal, according to Jon Matonis, its executive director of the Bitcoin Foundation, is to educate both public and private interests?including the government?about how the currency operates. (?The Foundation is not pro-regulation as some have claimed, but it is pro-education,? Matonis has written, adding that he supports ?bitcoin education for legislative and regulatory entities? and that ?lobbying on behalf of Bitcoin is not necessarily anti-market.?) Wilson, not surprisingly, sees working with the government as a betrayal of Bitcoin?s fundamental purpose. ?The public faces of Bitcoin are acting as counter-revolutionaries,? he told me. ?They?re actively working to try to diffuse it, and to pollute it.? He was referring, he said, not only to the Bitcoin Foundation but to venture capitalists and entrepreneurs in New York and Silicon Valley who increasingly embrace the currency as a way to profit, but don?t share his revolutionary aims. (Matonis said he is aware of Wilson?s concerns. ?I don?t see my role as advancing crony capitalism,? he said.) Wilson believes Bitcoin should remain the backbone of a separate economy that undermines the government?s ability to collect taxes and to control the value of currency?not be subsumed into the mainstream economy. ?The state is basically allowed because we have all chosen to use these certain institutions to channel our activity and commerce,? he told me. ?But when we are enabled, through alternative means and technologies, to channel our commerce as we will, channel our production as we will, the state simply disappears.? Not everyone agrees, of course, that society would benefit from the disappearance of governments. Wilson used the Liberator to make the point that the government shouldn?t regulate the flow of information; he wants to use Bitcoin to help build an economy outside of the government?s reach. But his ideology, taken to its logical conclusion, would also leave services like roads, libraries, fire fighting, and policing in the hands of the private sector?whose interests may not be aligned, Wilson?s critics argue, with those of the public at large. Wilson knows that he could see blowback for his stance against the foundation: as a self-described ?crypto-anarchist,? perhaps he shouldn?t be so concerned with who is or isn?t determining the currency?s future. And if the U.S. government attempts to regulate the currency, which seems likely, Wilson will also find himself once again in direct opposition to the government. Wilson and the suit-and-tie-wearing people at the Bitcoin Foundation share a common interest in bringing Bitcoin to as many people as possible. The foundation seems willing to play nicely with the establishment, and has been open to hearing about the interests of old-school players like venture capitalists and government regulators. Wilson, however, who was only recently firing an illicit gun into the desert, isn?t looking only for a new currency but for another way to liberate himself?and others?from government oversight. Michael del Castillo is the technology and innovation reporter at Upstart Business Journal, a member of American City Business Journals, which is a sister publication to Cond? Nast. A graduate of Columbia University, he is also the cofounder of Literary Manhattan, a nonprofit dedicated to promoting Manhattan?s literary community and creating new ways to appreciate literature. Illustration by Grafilu. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Wed Sep 25 04:51:02 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 10:51:02 +0200 Subject: Dissentr: A High-Latency Overlay Mix Network In-Reply-To: On Tue, Sep 24, 2013 at 05:53:00PM -0400, Lee Azzarello wrote: > Sounds like we need new terms for a high latency network that is a low > latency network or a low latency network that is a high latency network? > > Perhaps store-and-forward versus stateful? There's already DTN, so why not adopt that term. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From risko at csl.sri.com Tue Sep 24 17:57:11 2013 From: risko at csl.sri.com (RISKS List Owner) Date: Tue, 24 Sep 2013 14:57:11 PDT Subject: [RISKS] Risks Digest 27.48 Message-ID: RISKS-LIST: Risks-Forum Digest Tuesday 24 September 2013 Volume 27 : Issue 48 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at ------ Date: Sun, 15 Sep 2013 01:31:47 -0400 From: Monty Solomon Lizette Alvarez, *The New York Times*, 13 Sep 2013 MIAMI - The clues were buried in her bedroom. Before leaving for school on Monday morning, Rebecca Ann Sedwick had hidden her schoolbooks under a pile of clothes and left her cellphone behind, a rare lapse for a 12-year-old girl. Inside her phone's virtual world, she had changed her user name on Kik Messenger, a cellphone application, to "That Dead Girl" and delivered a message to two friends, saying goodbye forever. Then she climbed a platform at an abandoned cement plant near her home in the Central Florida city of Lakeland and leaped to the ground, the Polk County sheriff said. In jumping, Rebecca became one of the youngest members of a growing list of children and teenagers apparently driven to suicide, at least in part, after being maligned, threatened and taunted online, mostly through a new collection of texting and photo-sharing cellphone `applications. Her suicide raises new questions about the proliferation and popularity of these applications and Web sites among children and the ability of parents to keep up with their children's online relationships. For more than a year, Rebecca, pretty and smart, was cyberbullied by a coterie of 15 middle-school children who urged her to kill herself, her mother said. The Polk County sheriff's office is investigating the role of cyberbullying in the suicide and considering filing charges against the middle-school students who apparently barraged Rebecca with hostile text messages. Florida passed a law this year making it easier to bring felony charges in online bullying cases. [...] http://www.nytimes.com/2013/09/14/us/suicide-of-girl-after-bullying-raises-worries-on- web-sites.html ------ Date: Fri, 13 Sep 2013 17:37:40 -0700 From: Lauren Weinstein [This is not the first time I've heard of such problems with these electronic locking systems. LW] http://www.kmph.com/story/23421319/police-bmw-door-locks-contribute-to-14-year-old- girls-death ------ Date: Thu, 12 Sep 2013 08:42:31 +0200 From: Peter Bernard Ladkin 12 Sep 2013: "..... the [UK] Department for Work and Pensions (DWP) could write off up to 161 million pounds spent on an IT system for ambitious welfare changes...... " Full story at http://gu.com/p/3ty4n ------ Date: Sun, 15 Sep 2013 01:35:14 -0400 From: Monty Solomon Joshua Freed, The Associated Press, 14 Sep 2013 United Airlines said on Friday that it will honor the tickets it accidentally gave away for free. The decision is good news for people who snapped up the tickets on Thursday after United listed airfares at $0. Many customers got tickets for $5 or $10, paying only the cost of the Sept. 11 security fee. The mistake was an especially good deal for any passengers who bought tickets for travel within the next week. For instance, a Houston to Washington Dulles flight for next weekend would have cost $877, according to United's website on Friday. ... http://www.dailyfinance.com/2013/09/14/united-airlines-price-error-free-tickets/ ------ Date: Wed, 11 Sep 2013 17:17:32 -0700 (PDT) From: Paul Robinson Last night on the NBC TV network program "The Million Second Quiz," Host Ryan Seacrest admitted two things. (1) The App to allow viewers to play along with the TV show at home is the most-downloaded free app ever provided on iTunes. (2) So many people were playing the home game app that it crashed the servers. Tonight they admitted that there aren't even that many downloading the app, a mere 1000 downloads a minute. While that doesn't indicate how many were connecting to the servers, clearly a game where the money accumulating as a contestant is playing is $10/second and the grand prize which the 4 top winners (all of whom will probably have won a minimum six figures each by the time the game completes) will be going after is US$2,000,000 and it's possible for a home game contestant to be invited on the show (a "line jumper" as they call it), that it should have been obvious the home game would be getting a lot of hits on their servers. With inadequate provisioning like this, it doesn't even require attackers to try to DDOS or otherwise disable a system, the users can do it just by too many of them showing up all at once! ------ Date: Mon, 23 Sep 2013 14:03:45 -0700 From: Lauren Weinstein "Eric Schneiderman announced agreements with 19 firms Monday that commissioned fake reviews and several reputation-enhancement companies that helped place reviews on sites like Citysearch, Google, Yahoo and Yelp. They were fined a total of $350,000." ------ Date: Thu, 12 Sep 2013 10:59:51 -0700 From: Gene Wirchenko Bill Snyder, InfoWorld, 12 Sep 2013 The carrier wants to charge websites for carrying their packets, but if they win it'd be the end of the Internet as we know it http://www.infoworld.com/d/the-industry-standard/verizons-diabolical-plan-turn-the- web-pay-view-226662 ------ Date: Thu, 12 Sep 2013 09:06:42 -0400 From: David Farber [In the CACM -- Vint's Comments on the Role of Government. DF] FROM THE PRESIDENT (of the ACM) Freedom and the Social Contract By Vinton G. Cerf Communications of the ACM, Vol. 56 No. 9, Page 7 10.1145/2500468.2500470 The last several weeks (as of this writing) have been filled with disclosures of intelligence practices in the U.S. and elsewhere. Edward Snowden's unauthorized release of highly classified information has stirred a great deal of debate about national security and the means used to preserve it. In the midst of all this, I looked to Jean-Jacques Rousseau's well-known 18th-century writings on the Social Contract (Du Contrat Social, Ou Principes du Droit Politique) for insight. Distilled and interpreted through my perspective, I took away several notions. One is that in a society, to achieve a degree of safety and stability, we as individuals give up some absolute freedom of action to what Rousseau called the sovereign will of the people. He did not equate this to government, which he argued was distinct and derived its power from the sovereign people. I think it may be fair to say that most of us would not want to live in a society that had no limits to individual behavior. In such a society, there would be no limit to the potential harm an individual could visit upon others. In exchange for some measure of stability and safety, we voluntarily give up absolute freedom in exchange for the rule of law. In Rousseau's terms, however, the laws must come from the sovereign people, not from the government. We approximate this in most modern societies creating representative government using public elections to populate the key parts of the government. I think it is also likely to be widely agreed that a society in which there was no privacy and every action or plan was visible to everyone might not be a place in which most of us might like to live. I am reminded, however, of my life in a small village of about 3,000 people in Germany. In the 1960s, no one had phones at home (well, very few). You went to the post office to mail letters, pick up mail, and make or receive phone calls. In some sense, the Postmaster was the most well-informed person about the doings of the town. He saw who was calling or writing to whom. There was not a lot of privacy. The modern notion of privacy may in part have derived from the growth of large urban concentrations in which few people know one another. In today's world, threats to our safety and threats to national security come from many directions and not all or even many of them originate from state actors. If I can use the term "cyber-safety" to suggest safety while making use of the content and tools of the Internet, World Wide Web, and computing devices in general, it seems fair to say the expansion of these services and systems has been accompanied by a growth in their abuse. Moreover, it has been frequently observed that there is an asymmetry in the degree of abuse and harm that individuals can perpetrate on citizens, and on the varied infrastructure of our society. Vast harm and damage may be inflicted with only modest investment in resources. Whether we speak of damage and harm using computer-based tools or damage from lethal, homemade explosives, the asymmetry is apparent. While there remain serious potential threats to the well-being of citizens from entities we call nation- states, there are similarly serious potential threats originating with individuals and small groups. Presuming we have accepted the theory that safety is partly found through voluntarily following law, we must also recognize that there are parties domestic and otherwise who wish us individual and collective harm. The societal response to this is to provide for law enforcement and intelligence gathering (domestic and non-domestic) in an attempt to detect and thwart harmful plans from becoming harmful reality. We do not always succeed. The tension we feel between preserving privacy and a desire to be protected from harm feeds the debate about the extent to which we are willing to trade one for the other. Not everyone, nor every culture, will find the same point of equilibrium. Moreover, as technology and society evolve, the equilibrium points may shift. It has been said that "security" is not found in apprehending a guilty party but in preventing the harm from occurring. While this notion can surely be overextended, it can also be understood to justify a certain degree of intelligence gathering in the service of safety and security. There is some irony in the fact that our privacy is more difficult than ever to preserve, given the advent of smartphones, tablets, laptops, the Web and the Internet, but that the threats against our safety and security use the same infrastructure to achieve nefarious ends. Our discipline, computer science, is deeply involved in the many dimensions of this conundrum and we owe it to our fellow citizens to be thoughtful in response and to contribute to reasoned consideration of the balance our society needs between potential policy extremes. Vinton G. Cerf, ACM PRESIDENT Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from permissions at acm.org or fax (212) 869-0481. ------ Date: Fri, 13 Sep 2013 17:21:13 -0700 From: Lauren Weinstein "But if we move toward authentication systems based solely on physical tokens or biometrics -- things we have or things we are, rather than things we remember -- the government could demand that we produce them without implicating anything we know. Which would make it less likely that a valid privilege against self-incrimination would apply." ------ Date: Thu, 19 Sep 2013 20:48:59 -0600 From: "Matthew Kruk" Bruce Schneier, *The Guardian*, Thursday 5 September 2013 20.04 BST The NSA has undermined a fundamental social contract. We engineers built the Internet - and now we have to fix it http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa- spying ------ Date: Sun, 15 Sep 2013 01:54:43 -0400 From: Monty Solomon Kevin Poulsen, *WiReD.com*, 13 Sep 2013 It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey "Tor hidden service" sites - special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users' privacy to an extraordinary degree - including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them. On August 4, all the sites hosted by Freedom Hosting - some with no connection to child porn - began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. ... http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ ------ Date: Sun, 15 Sep 2013 01:57:35 -0400 From: Monty Solomon NIST: "we are not deliberately... working to undermine or weaken encryption." Jeff Larson and Justin Elliott, ProPublica.org Sept 13 2013 Ars Technica Following revelations about the National Security Agency's (NSA) covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. But in a little-noticed footnote, NIST went a step further, saying it is "strongly" recommending against even using one of the standards. The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry. As ProPublica, The New York Times, and The Guardian reported last week, documents provided by Edward Snowden suggest that the NSA has heavily influenced the standard, which has been used around the world. In its statement Tuesday, the NIST acknowledged that the NSA participates in creating cryptography standards "because of its recognized expertise" and because the NIST is required by law to consult with the spy agency. "We are not deliberately, knowingly, working to undermine or weaken encryption," NIST chief Patrick Gallagher said at a public conference Tuesday. Various versions of Microsoft Windows, including those used in tablets and smartphones, contain implementations of the standard, though the NSA-influenced portion isn't enabled by default. Developers creating applications for the platform must choose to enable it. ... ... elliptic curve-based deterministic random bit generator http://arstechnica.com/security/2013/09/government-standards-agency-strongly-suggests- dropping-its-own-encryption-standard/ ------Date: Wed, 11 Sep 2013 04:42:17 -0400 From: David Farber NSA leaks, Ars Technica Of course NSA can crack crypto. Anyone can. The question is, how much? Long-shot bill forbidding NSA backdoors in encryption has renewed attention Spooks break most Internet crypto, but how? Google speeding up end-to-end crypto between data centers worldwide Let us count the ways: How the feds (legally, technically) get our data Today, *The New York Times* reported that an algorithm for generating random numbers, which was adopted in 2006 by the National Institute of Standards and Technology (NIST), contains a backdoor for the NSA. The news followed a *NYT* report from last week, which indicated that the National Security Agency (NSA) had circumvented widely used (but then-unnamed) encryption schemes by placing backdoors in the standards that are used to implement the encryption. In 2007, cryptographers Niels Ferguson and Dan Shumow presented research suggesting that there could be a potential backdoor in the Dual_EC_DRBG algorithm, which NIST had included in Special Publication 800-90. If the parameters used to define the algorithm were chosen in a particular way, they would allow the NSA to predict the supposedly random numbers produced by the algorithm. It wasn't entirely clear at the time that the NSA had picked the parameters in this way; as Ars noted last week, the rationale for choosing the particular Dual_EC_DRBG parameters in SP 800-90 was never actually stated. Today, *The NYT* says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: ``In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,'' wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it ``a challenge in finesse'' to convince the organization's leadership. ``Eventually, NSA became the sole editor'' of the international standard, according to one classified memo seen by the NYT. The details come just as NIST released a promise to reopen the public vetting process for SP 800-90. ``We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,'' a memo from the Institute read. ``NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large.'' Still, NIST asserted that its purpose was to protect the federal government first: ``NIST's mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.'' The public comment period on SP 800-90 ends November 6, 2013. ------ Date: Tue, 17 Sep 2013 10:02:00 -0400 From: Gabe Goldberg [but doesn't mention how such a sector is targeted] The best defense against the Sykipot malware is to keep your computer systems updated with the most current security software. [Profoundly advises a company selling security software] Sykipot attacks normally arrive via email attachments that exploit applications like Adobe Reader and Microsoft Office but has evolved to use a target's operating system, web browsers and Java scripts. [Exploiting such innovative attack vectors...] http://www.avweb.com/avwebflash/news/Malware-Mining-Civil-Aviation-sykipot- attack220572-1.html ------ Date: Sat, 14 Sep 2013 05:17:12 -0700 From: Henry Baker Of course, with license plate readers everywhere, this is now old news... http://www.forbes.com/sites/kashmirhill/2013/09/12/e-zpasses-get-read-all-over-new- york-not-just-at-toll-booths/ Kashmir Hill, *Forbes*, 12 Sep 2013 (PGN-ed) After spotting a police car with two huge boxes on its trunk -- that turned out to be license-plate-reading cameras -- a man in New Jersey became obsessed with the loss of privacy for vehicles on American roads. (He's not the only one.) The man, who goes by the Internet handle Puking Monkey, did an analysis of the many ways his car could be tracked and stumbled upon something rather interesting: his E-ZPass, which he obtained for the purpose of paying tolls, was being used to track his car in unexpected places, far away from any toll booths. Puking Monkey is an electronics tinkerer, so he hacked his RFID-enabled E-ZPass to set off a light and a `moo cow' every time it was being read. Then he drove around New York. His tag got milked multiple times on the short drive from Times Square to Madison Square Garden in mid-town Manhattan, and also on his way out of New York through Lincoln Tunnel, again in a place with no toll plaza. At Defcon, where he presented his findings, Puking Monkey said he found the reading of the E-ZPass outside of where he thought it would be read when he put it in his car ``intrusive and unsettling,'' quoting from Sen. Chuck Schumer's remarks about retailers tracking people who come into their stores using their cell phones. [...] [Also noted by Monty Solomon. PGN] ------ Date: Fri, 13 Sep 2013 10:59:35 -0700 From: Gene Wirchenko Does it seem to you that it has been a bad time lately for patches? Lucian Constantin, InfoWorld, 11 Sep 2013 The new updates address vulnerabilities that could allow attackers to compromise computers http://www.infoworld.com/d/security/adobe-issues-critical-security-updates-flash- player-reader-and-shockwave-player-226621 ------ Date: Fri, 13 Sep 2013 10:54:23 -0700 From: Gene Wirchenko Woody Leonhard, *InfoWorld*, 12 Sep 2013 Pulling the KB 2871630 patch took Microsoft more than 14 hours after the first warnings appeared, and admins are furious. What's Microsoft doing wrong? http://www.infoworld.com/t/microsoft-windows/microsoft-pulls-botched-kb-2871630-while- many-office-patch-problems-remain-226690 [Gene previously had noted an earlier article: It must be Wretched Wednesday -- the day after Black Tuesday. Watch out for automatic patches KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. PGN-ed] http://www.infoworld.com/t/microsoft-windows/microsoft-botches-still-more-patches-in- latest-automatic-update-226594 ------ Date: Fri, 20 Sep 2013 19:23:13 +1000 From: Karl Goetz My partner's phone developed problems in the last few weeks and was finally taken in for repair this week. I will brush over the risks associated with over dependence on mobile devices (we have no fixed voice line so depend on our mobiles heavily) to consider what I found the most interesting bit of the experience. The loaner phone she was given still had the last users messages on it! I can see three places someone should have checked for data that shouldn't be shared: - when the previous user was done with the phone - when the shop received the phone back - before the phone was given out again An interesting vector for data leakage. ------ Date: September 23, 2013 9:43:56 AM EDT From: John Bosley Dr. Perrow has a long history of studying how safe systems seem to go wrong. http://www.huffingtonpost.com/charles-perrow/fukushima-forever_b_3941589.html ------ Date: Tue, 24 Sep 2013 11:37:07 PDT From: "Peter G. Neumann" Here is a remarkably well researched and comprehensive book that is totally within the mainstream of RISKS. The MIT Press release includes this text: She compares how two different professional communities -- physicists and computer scientist -- constructed arguments about the risks of missile defense, and how these changed over time. ------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request at csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request at csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe at csl.sri.com or risks-unsubscribe at csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. => .UK users may contact ------ End of RISKS-FORUM Digest 27.48 ************************ From eugen at leitl.org Wed Sep 25 05:17:16 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 11:17:16 +0200 Subject: ----- Forwarded message from michael gurstein Date: Tue, 24 Sep 2013 15:37:36 -0700 From: michael gurstein With links http://gurstein.wordpress.com/2013/09/24/internet-freedom-and-post-snowden-g lobal-internet-governance/ http://tinyurl.com/n3onw87 "Internet Freedom" and Post-Snowden Global Internet Governance: Michael Gurstein The big story for the 2012 Internet Governance Forum in Baku was the almost overwhelming (and overpowering) emphasis placed by the US government delegation and its corporate allies (primarily Google) and its associates in (primarily US based) Civil Society on what was termed "Internet Freedom" and Multistakeholderism as its primary governance modality. The campaign was very well orchestrated and coordinated (through the US delegation led by a US Ambassador and the head of the NTIA Lawrence Strickling) who insisted that any "Internet governance" position which included any form of "government involvement" would necessarily imply or result in government's "takeover" or "control" of the Internet. Further, it was vociferously asserted that any deviation from this path was by definition an infringement of "Internet Freedom" and part of a slippery slope leading to full-on government suppression of "free speech" on the Internet. Those who pointed out that there already was quite considerable involvement of various governments in various aspects of Internet management were effectively shouted down as being sympathizers with the autocrats and enemies of "freedom" in such states as China, Russia and Saudi Arabia. The overwhelming response was that Internet "governance" was optimal as it was (or at least the corporate, (inter) governmental, and technical mechanisms governing its evolution were optimal); and that the only possible position for "lovers of the Internet" was to support the existing status quo with respect to Internet ("non") governance. Precisely what might be meant by "Internet Freedom" apart from rather fuzzy libertarian notions of keeping "the dead hand of government" as far as possible from the Internet as a hub of innovation and enterprise, was never made very clear beyond the level of slogan and exhortation. Rather it was loudly proclaimed that any form of formal governance of the Internet would be the greatest sin that could be perpetrated against the Internet as a burgeoning global infrastructure. In choosing among the various ways in which "Freedom" might be characterized this lobbying steamroller made quite clear that they were referring to Freedom "from"-government interference, government oversight, government regulation of anything to do with the Internet. And this theme and its ITU focused counterparts were equally evident at the ITU policy meeting held in Dubai some few months later (the WCIT). When some few small voices suggested that this full court press in support of "Freedom from" might also mean for example a freedom from the means for countries, particularly Less Developed Countries to introduce some form of taxation on the currently small but rapidly growing flow of Internet based revenues from already impoverished economies to already stupendously wealth private (and primarily US based) Internet corporations; or that there might be something wrong with the current way in which the basic "naming system" of the Internet via ICANN might be structured (as a sub-contractor to the US Department of Commerce); or that some issues such as privacy might require mechanisms for policy development and global enforcement, these comments were met with derision and howls that the authors of such positions were secret sympathizers of communications censors (ComSymps) of those on the other side of the emerging Internet cold war - i.e. the Russia's, China's, Saudi Arabia's of the world. But that was then and this is now and as startling revelation after revelation tumbles from the thumb drives of Mr. Edward Snowden the import if not the intent of (one hopes) certain of those Internet Freedom warriors (speculating on precisely who knew what, when, and how in this context makes for an interesting exercise) becomes clear. While so loudly advocating for Freedom "from" (whatever.), the Internet Freedom (IF) coalition was in fact, providing the diplomatic cover and lobbying campaign to ensure that no outcome of Internet governance would interfere with what would appear to be the overall US strategy of Freedom "to" - surveille, subvert, suborn and overall embed and maintain (as the NSA so aptly put it)-"total information dominance" of the Internet and all of its various manifestations now and presumably forever, in the service of US "security" and US interests. Such "security" it is clear from the Snowden documents means not only security against terrorism but also it seems (as enabled by the NSA's surveillance machine) security against potentially independent comment (and ultimately action) by both opposing and allied states; against fair competition since one side has access to all its information and the information from the other side as well; and quite startlingly the security of having the means to listen in on and ultimately control independent action, comment, commerce, and thought itself not only among "foreigners" (i.e. everyone else) but also even among those (in theory) protected by that most oft cited of documents the US constitution. That this "Freedom from" campaign has now been fully revealed for what it was (providing the ideological justification for an on-going coup d'etat against the republic of the Internet), leaves the matters of Internet Governance (where this all started) completely up in the air. But once having been revealed that we are no longer in Kansas and that the wicked witches of the North, South, East and West will be relentless in their pursuit of control including through the use of their boundless financial and technical resources; a response of some sort however reluctantly and with what trepidations seems to be in the cards as per the recent speech to the UN General Assembly by President Rousseff of Brazil. And so we have the upcoming 8th session of the Internet Governance Forum in Bali with many of the main protagonists having been more or less completely discredited (it might be fun if the same coalition were to try for another round of "Internet Freedom" confabulations but one can't imagine that even those folks have been sufficiently well trained to carry that one off with a straight face). So, what will be discussed at the IGF apart from the usual empty rhetoric about capacity building for LDC's and legitimate campaigns against online skullduggery of the spam, kiddieporn, phishing variety. Perhaps I could make a modest suggestion for the discussion. Perhaps we could discuss "Internet Freedom" but Internet Freedom in a post-Snowden world and without the hypocrisy and sanctimony of the previous discussions. Perhaps we could discuss Internet Freedom as Freedom from undue and unaccountable surveillance. Internet Freedom as true Freedom of Expression where the forces of repression whether in Langley or in Moscow or Shanghai are made transparent and accountable; where Internet Freedom is anchored in the rule of law-not the, shall we say, rather "flexible" law of the world's single superpower but a rule of law to which all are expected to adhere and where mechanisms are in place to ensure that, to the degree possible, all are responsive and accountable; where Internet Freedom is not just for some but where it's responsibilities and most importantly its protections are available for all of us - "foreigners" or no and where all have some degree of input into how those laws are constructed and administered; where Internet Freedom does not mean that actions on and through the Internet will be subverted and directed simply to further enrich the already obscenely enriched but rather to ensure that the benefits including financial benefits accruing from the Internet serve to reduce global inequalities. I look for those who a year ago, were so eager to rally forces in support of Internet Freedom to rally again to this somewhat battered standard but now one that is rather less naive and rather more reflective of the underlying reality of this technology enabled world in which we live. # distributed via ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Wed Sep 25 06:24:43 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 12:24:43 +0200 Subject: [p2p-hackers] BitWeav: open P2P micropublishing Message-ID: <[email protected]> ----- Forwarded message from Liam Edwards-Playne Date: Wed, 25 Sep 2013 12:13:48 +1000 From: Liam Edwards-Playne A good point about the SHA2-256 + RIPEMD-160 usage that I hadn't considered. I'll change the design to use a single truncated SHA2-256 hash. As for length extension attacks, I don't believe I should be concerned, should I? The transfer of messages within the network is dependent on a defined protocol, so any extra bytes would just be interpreted as a malformed message. Out of interest, could you elaborate on the potential weaknesses in the pairing? As for a decentralised identity, it's an interesting problem, but I'll be focusing on the micropublishing idea first. With my last project, I delved into too many areas, trying to decentralise DNS, creating an improved Kademlia DHT, providing a framework for P2P mutable documents. Ultimately I built nothing (but learnt a lot). Nonetheless I think technology develops too quickly to define any sort of single specification for an online identity. The best we have are public keys certified by webs of trust. Le 25/09/13 08:16, Sean Lynch a ?crit : > I don't think Bitcoin's SHA2-256 + RIPEMD-160 usage is based on > sound crypto. It's not terrible but it's also a little bit silly > since a collision in SHA2-256 will be a collision in the pair, > which means all you're doing is shortening the hash while avoiding > the length extension attack. There are also potential weaknesses in > the pair that may not exist in either one due to the fact that the > pairing has not been well studied. You could accomplish the same > end with less CPU and less code by using a truncated SHA-512 hash. > > Otherwise, I tend to agree with your goals and approach, though I > think it may be more impactful to simply bring the decentralized > identity aspect of it to the web. The fact that I have no portable > identity with which to comment on or post arbitrary content around > the web is very annoying. At best, the current system could be > described as federated, but even that's not entirely true since few > sites actually support OpenID and fewer users know what their > OpenID URL is. > > > On Mon, Sep 23, 2013 at 9:48 PM, Liam Edwards-Playne > ______p2p-hackers mailing list p2p-hackers at lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Wed Sep 25 08:17:05 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 14:17:05 +0200 Subject: [DIYbio] Re: Downloading JoVE videos? Message-ID: <[email protected]> ----- Forwarded message from code elusive Date: Tue, 24 Sep 2013 10:38:01 -0700 (PDT) From: code elusive A method to extract the full JoVE video files, using Firefox, is described below. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Extraction of full JoVE video files 1. In Firefox, open a new tab (my FF version is 23.0.1) 2. Press Ctr+Shift+K to open the Web console window (Or go from Firefox>Web developer>Web console) 3. On the web console, the following buttons must be pressed (if they are not, press them): "Net" and "Logging" 4. Paste the url of the webpage you're interested in and start playing the short video segment. >From the lines that have appeared on the web console, we want the video file links, which most probably include a .mov or .mp4 extension. 5. Once the short video segment has ended, filter the lines using the"filter output"box of the web console (next to the "clear" button) and search for .mov or .mp4. The lines with the link start as GET "http://ecsource.jove.com/CDNSource/.. " 6. Right click the appropriate line, select "copy link location" and either paste in a new tab, or download with your favorite download manager. that's it :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Of course it is possible that an even easier method exists. I hope the explanation is clear. Let me know if I can clarify anything. For those that are interested in the video files from the links that Patrik posted, the links are: http://ecsource.jove.com/CDNSource/3740_Mahoney_Perfusion_010512_P_Web.mov http://ecsource.jove.com/CDNSource/3940_Bueter_050112_F_Web.mov http://ecsource.jove.com/CDNSource/1138_Cowan_F2.mp4 have a nice evening :) -- -- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diybio at googlegroups.com. To unsubscribe from this group, send email to diybio+unsubscribe at googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en Learn more at www.diybio.org --- You received this message because you are subscribed to the Google Groups "DIYbio" group. To unsubscribe from this group and stop receiving emails from it, send an email to diybio+unsubscribe at googlegroups.com. To post to this group, send email to diybio at googlegroups.com. Visit this group at http://groups.google.com/group/diybio. To view this discussion on the web visit https://groups.google.com/d/msgid/ diybio/52ddb906-43b2-45a3-a223-b66a8485e362%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Wed Sep 25 08:18:08 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 14:18:08 +0200 Subject: [Cryptography] Hardware Trojan Protection Message-ID: <[email protected]> ----- Forwarded message from Bill Frantz Date: Tue, 24 Sep 2013 13:36:13 -0700 From: Bill Frantz On 9/22/13 at 6:07 PM, leichter at lrw.com (Jerry Leichter) wrote in another thread: > Still, it raises the question: If you can't trust your > microprocessor chips, what do you do? One possible answer: Build > yourself a processor out of MSI chips. We used to do that, not so > long ago, and got respectable performance (if not, perhaps, on > anything like today's scale). An MSI chip doesn't have enough > intrinsic computation to provide much of a hook for an attack. Oh, > sure, the hardware could be spiked - but to do *what*? Any given > type of MSI chip could go into many different points of many > different circuit topologies, and won't see enough of the data to > do much anyway. There may be some interface issues: This stuff > might not be fast enough to deal with modern memory chips. (How > would you attack a memory chip? Certainly possible if you're make > a targeted attack - you can slip in a small processor in the design > to do all kinds of nasty things. But commercial of the shelf > memory chips are built right up to the edge of what we can make, so > you can't change a > ll that much.) > > Some stuff is probably just impossible with this level of > technology. I doubt you can build a Gig-E Ethernet interface > without large-scale integration. You can certainly do the original > 10 Mb/sec - after all, people did! I have no idea if you could get > to 100 Mb/sec. > > Do people still make bit-slice chips? Are they at a low-enough > level to not be a plausible attack vector? > > You could certainly build a respectable mail server this way - > though it's probably not doing 2048-bit RSA at a usable speed. > > We've been talking about crypto (math) and coding (software). > Frankly, I, personally, have no need to worry about someone > attacking my hardware, and that's probably true of most people. > But it's *not* true of everyone. So thinking about how to build > "harder to attack" hardware is probably worth the effort. You might get a reasonable level of protection implementing the core of the crypto operations in a hardware security module (HSM) using Field Programmable Gate Arrays (FPGA) or Complex Programmable Logic Device (CPLD). There is an open source set of tools for programming these beasts based on Python called MyHDL The largest of these devices are also pressing the current chip limits. There isn't a lot of extra space for Trojans. In addition, knowing what to look at is somewhat difficult if pin assignments etc are changed from chip to chip at random. As with any system, there are tool chain issues. Open source helps, but there is always the Key Thompson attack. The best solution I can think of is to audit the output. Look very carefully at the output of the tool chain, and at the final piece that loads the configuration data into the device. Cheers - Bill ------Bill Frantz |"Web security is like medicine - trying to do good for 408-356-8506 |an evolved body of kludges" - Mark Miller www.pwpconsult.com | ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Wed Sep 25 08:21:22 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 14:21:22 +0200 Subject: [tor-talk] Tor Weekly News =?utf-8?B?4oCU?= =?utf-8?Q?_September?= 25th, 2013 Message-ID: <[email protected]> ----- Forwarded message from dope457 Date: Wed, 25 Sep 2013 14:15:43 +0200 From: dope457 ======Tor Weekly News September 25th, 2013 ====== Welcome to the thirteenth issue of Tor Weekly News, the weekly newsletter that covers what's happening in the well-heeled Tor community. Reimbursement of exit operators ------ In July 2012, Roger Dingledine wrote a post on the Tor blog [1] in which he raised the prospect of offering funding to organizations running fast Tor exit nodes. In so doing, Roger wrote, ?we will improve the network's diversity as well as being able to handle more users.? He also announced that donors were already interested in financing such a scheme. Then, in April this year, Moritz Bartl stated [2] that torservers.net was looking to move away from establishing additional exit nodes, in favor of providing support of various kinds to partner organizations running their own exits. These plans, and the discussion they provoked, are now about to bear fruit in the form of a financial reimbursement scheme directed at torservers.net's partner organizations. Moritz wrote again on the the tor-relays list [3] to announce that reimbursements are scheduled to begin at the end of this month, drawn from a one-time donation by the U.S. Government's Broadcasting Board of Governors. The ensuing debate focused both on the technical aspects of reimbursement ? that is, how best to determine the division of funds based on information harvested from the network metrics [4] ? and the question of the security issues that could potentially arise from such a scheme [5]. Moritz specified that currently the only organizations to qualify for reimbursements are those that he personally knows: ?so, if you?re interested in becoming a partner, start social interaction with me?, he wrote. Questions or comments regarding these proposals are welcome on the tor-relays list, and further announcements and discussion about the reimbursement system will be published on its dedicated mailing lists [6]. [1] https://blog.torproject.org/blog/turning-funding-more-exit-relays [2] https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html [3] https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html [4] https://lists.torproject.org/pipermail/tor-relays/2013-September/002825.html [5] https://lists.torproject.org/pipermail/tor-relays/2013-September/002831.html [6] https://lists.torproject.org/pipermail/tor-relays/2013-May/002138.html Tails 0.20.1 is out ------ Tails saw its 33rd release on September 19th [7]. The most visible change might be the upgrade of tor to version 0.2.4.17-rc, which should result in faster and more reliable access to the network after the sudden bump in Tor clients [8]. Among other minor bugfixes and improvements, persistence volumes are now properly unmounted on shutdown. This should prevent data loss in some situations, and avoid a sometimes lengthy pause upon activation. It also fixes several important security issues [9]. It is recommended that all users upgrade as soon as possible [10]. [7] https://tails.boum.org/news/version_0.20.1/ [8] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients [9] https://tails.boum.org/security/Numerous_security_holes_in_0.20/ [10] https://tails.boum.org/news/version_0.20.1/ New Tor Browser Bundles released ------ A new set of stable and beta Tor Browser Bundles was released [11] on September 20th. The Tor Browser is now based on Firefox 17.0.9esr and fixes several important security issues [12]. Queries for the default search engine, Startpage, are no longer subject to its invasive ?family filter? [13]. The beta branch also include an updated version of HTTPS Everywhere that no longer causes a storm of requests to clients1.google.com, an issue reported by many users after the last release [14]. Once again, it is recommended that all users upgrade as soon as possible. [11] https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr [12] https://www.mozilla.org/security/known-vulnerabilities/ firefoxESR.html#firefox17.0.9 [13] https://bugs.torproject.org/8839 [14] https://bugs.torproject.org/9713 Tor mini-hackathon at GNU 30th Anniversary Celebration ------ Nick Mathewson sent an invitation [15] encouraging everyone to attend the GNU 30th Anniversary Celebration [16] on September 28th and 29th at MIT, Cambridge, MA, USA. Part of the event is a hackathon, and Tor is featured alongside a few other projects. If you want to spend some of the weekend helping the Tor community, sign up on the webpage [17] and come along! [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/030154.html [16] https://gnu.org/gnu30/celebration [17] https://crm.fsf.org/civicrm/event/register?id=10 Clock skew: false alarm ------ Small offsets in system time offer an attractive opportunity for fingerprinting Tor clients. In order to eliminate unnecessary exposure, Nick Mathewson has been working on proposal 222 [18]. Unfortunately, this process introduced a bug into the tor daemon which became apparent after the directory authority named ?turtles? was upgraded. The result was that relays started to warn their operators of an implausible clock skew [19]. This was, of course, a false alarm. The issue was quickly worked around, and fixed properly a few hours later [20]. [18] https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/ proposals/222-remove-client-timestamps.txt [19] https://lists.torproject.org/pipermail/tor-relays/2013-September/002888.html [20] https://bugs.torproject.org/9798 Tor Help Desk Roundup ------ One user contacted the help desk for assistance running torbrowser, an application not affiliated with the Tor Project that attempts to mimic the Tor Browser Bundle. The torbrowser application violates the Tor Project?s trademark, and the Tor Project encourages users to avoid it. Multiple Tor Project developers have contacted SourceForge, which hosts this application?s website, attempting to get the project removed. Andrew Lewman has said that lawyers have now been engaged [21]. A number of University students continued to contact the help desk to report difficulties circumventing their University?s Cyberoam firewall. These students report being unable to access the Tor network even when using the Pluggable Transports Browser with obfs3 bridges. One person reported success circumventing the firewall when using an obfsproxy bridge on port 443. This issue is ongoing, but a bug report has been filed [22]. [21] https://lists.torproject.org/pipermail/tor-talk/2013-August/029614.html [22] https://bugs.torproject.org/projects/tor/ticket/9601 Miscellaneous news ------ Jacob Appelbaum inquired with VUPEN about the Tor Project having the right of first refusal for Tor Browser bugs, in order to protect users [23]. [23] http://storify.com/fredericjacobs/discussion-between-tor-s-ioerror-and-vupen-s- chaou The proposed Tor page on Stack Exchange has now reached 100% commitment, and will soon be launching as a live beta. Thanks to everyone who signed up! [24]. [24] http://area51.stackexchange.com/proposals/56447/tor sajolida reported on the latest Tails ?low-hanging fruits session?. The date and a tentative agenda for the next online contributors meeting have also been set [25,26]. [25] https://mailman.boum.org/pipermail/tails-dev/2013-September/003703.html [26] https://mailman.boum.org/pipermail/tails-dev/2013-September/003696.html As GSoC entered its final phase, Kostas Jakeliunas reported on the searchable metrics archive [27], Johannes F?rmann on EvilGenius [28], and Cristian-Matei Toader on Tor capabilities [29]. [27] https://lists.torproject.org/pipermail/tor-dev/2013-September/005483.html [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005484.html [29] https://lists.torproject.org/pipermail/tor-dev/2013-September/005490.html How can we provide Tor users an easy way to verify the signatures on Tor software? Sherief Alaa raised this question on the tor-dev mailing list when asking for comments on plans to write a ?small? GUI tool [30]. [30] https://lists.torproject.org/pipermail/tor-dev/2013-September/005491.html Upcoming events ------ Sep 28-29 | Tor mini-hackathon at GNU 30th Anniversary Celebration | MIT, Cambridge, Massachusetts | https://gnu.org/gnu30/celebration | Sep 29 | Colin at the Winnipeg Cryptoparty | Winnipeg, Manitoba, Canada | http://wiki.skullspace.ca/index.php/CryptoParty | Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV | Berlin, Germany | https://www.openitp.org/openitp/circumvention-tech-summit.html | Sep 30 | Congress on Privacy & Surveillance | Lausanne, Switzerland | http://ic.epfl.ch/privacy-surveillance This issue of Tor Weekly News has been assembled by harmony, Lunar, dope457, Matt Pagan, and Jacob Appelbaum. Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page [31], write down your name and subscribe to the team mailing list [32] if you want to get involved! [31] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [32] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From l at odewijk.nl Wed Sep 25 08:30:14 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 25 Sep 2013 14:30:14 +0200 Subject: [info] DARK WALLET: A RADICAL WAY TO BITCOIN In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: 2013/9/25 Eugen Leitl > ld-school players like venture > capitalists and government regulators. Wilson, however, who was only > recently > firing an illicit gun into the desert, isn?t looking only for a new > currency > but for another way to liberate himself?and others?from government > oversight. > His company is licensed for the development of weapons. I think this outright fabrication shows the general tone of the article. "Look at these shady fellows doing cool anti-government stuff, whoo". ------next part ------An HTML attachment was scrubbed... URL: From jya at pipeline.com Wed Sep 25 10:11:33 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 10:11:33 -0400 Subject: The Unbreakable Cipher Message-ID: NSA Technical Journal published "The Unbreakable Cipher" in Spring 1961. http://www.nsa.gov/public_info/_files/tech_journals/The_Unbreakable_Cipher.pdf Excerpts: [Quote] David Kahn, "Lyen Otuu Wllwgh WI Etjown" pp. 71, 83, 84, 86, 88 and 90 of the New York Times Magazine November 13, 1960 says that an unbreakable cipher system can be made from one time key "that is absolutely random and never repeats." ... For each cipher system there is an upper bound to the amount of traffic it can protect against cryptanalytic attack. What is "cryptanalytic attack"? It is a process applied to cipher text in order to extract information, especially information contained in the messages and intended to be kept secret. If some of the information is gotten by other means and this results in more being extracted from the cipher, this is (at least partially) a successful attack. If certain phrases can be recognized when they are present, this is successful cryptanalysis. If a priori probabilities on possible contents are altered by examination of the cipher, this is cryptanalytic progress. If in making trial decipherments it is possible to pick out the correct one then cryptanalysis is successful. ... Another example is that of Mr. Kahn, one-time key. Here the limit is quite clear; it is the amount of key on hand. The key arrives in finite "messages," so there is only a finite amount on hand at anyone time, and this limits the amount of traffic which can be sent securely. Of course another shipment of key raises this bound, but technically another cipher system is now in effect, for by my definition a cipher system is a message. A sequence of messages is a sequence of cipher systems, related perhaps, but not the same. ... [Answer to the question:] "Does there exist an unbreakable cipher" would be this, "Every cipher is breakable, given enough traffic, and every cipher is unbreakable, if the traffic volume is restricted enough." [End quote] Is this conclusion still valid? If so, what could be done to restrict traffic volume to assure unbreakablility? And how to sufficiently test that. Presuming that NSA and cohorts have investigated this effect. ------next part ------An HTML attachment was scrubbed... URL: From jya at pipeline.com Wed Sep 25 16:07:10 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 16:07:10 -0400 Subject: The Compromised Internet In-Reply-To: Now that it appears the Internet is compromised what other means can rapidly deliver tiny fragments of an encrypted message, each unique for transmission, then reassembled upon receipt, kind of like packets but much smaller and less predictable, dare say random? The legacy transceiver technologies prior to the Internet or developed parallel to it, burst via radio, microwave, EM emanations, laser, ELF, moon or planetary bounce, spread spectrum, ELF, hydro, olfactory, quanta, and the like. Presumably if these are possible they will remain classified, kept in research labs for advanced study, or shelved for future use. Quite a few are hinted at, redacted and partially described in NSA technical publications from 25-50 or so years ago. Many developed for military use and the best never shared with the public. A skeptic might suppose the internet was invented and promoted as a diversion along with public-use digital cryptography. This ruse has led to immense growth in transmission-breakable ciphers as well as vulnerable transceivers. Packet techology could hardly be surpased for tappability as Snowden and cohorts disclose the tip of the iceberg. Ironically, the cohorts believe encryption protects their communications, conceals his location and cloaks the depositories. From eugen at leitl.org Wed Sep 25 16:21:00 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 22:21:00 +0200 Subject: The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 04:07:10PM -0400, John Young wrote: > Now that it appears the Internet is compromised what other > means can rapidly deliver tiny fragments of an encrypted > message, each unique for transmission, then reassembled > upon receipt, kind of like packets but much smaller and less > predictable, dare say random? About your only choices are hams or (slightly higher budget) microsats with onboard flash and DTN (notice you can deliver packets during flyby). Hams also do launch microsats, so there's some overlap. I've been waiting for consumer phased arrays, just saw Locata VRay today -- perhaps not for much longer now. Prime your phased array with s00per-s3kr1t sat ephemerides, and you're good to go. Really hard to jam, too -- optical ones impossible to jam, even. For very high latency you could just use a global sneakernet. http://what-if.xkcd.com/31/ has some numbers. You could probably already run stock Usenet over uucp over that. > The legacy transceiver technologies prior to the Internet or > developed parallel to it, burst via radio, microwave, EM emanations, > laser, ELF, moon or planetary bounce, spread spectrum, ELF, > hydro, olfactory, quanta, and the like. > > Presumably if these are possible they will remain classified, kept > in research labs for advanced study, or shelved for future use. > > Quite a few are hinted at, redacted and partially described in > NSA technical publications from 25-50 or so years ago. Many > developed for military use and the best never shared with the > public. > > A skeptic might suppose the internet was invented and promoted as > a diversion along with public-use digital cryptography. This ruse > has led to immense growth in transmission-breakable ciphers > as well as vulnerable transceivers. Packet techology could hardly > be surpased for tappability as Snowden and cohorts disclose the > tip of the iceberg. Ironically, the cohorts believe encryption protects > their communications, conceals his location and cloaks the > depositories. From eugen at leitl.org Wed Sep 25 16:22:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 22:22:13 +0200 Subject: [guardian-dev] APK signing keys are vulnerable WAS: pgp, nsa, rsa Message-ID: <[email protected]> ----- Forwarded message from Hans-Christoph Steiner Date: Wed, 25 Sep 2013 16:19:58 -0400 From: Hans-Christoph Steiner Also, we should document how to generate a good signing key. Pd0x just recommended this in #guardianproject: keytool -genkey -v -keystore test.keystore -alias testkey -keyalg RSA -keysize 8192 -sigalg SHA256withRSA -dname "cn=Test,ou=Test,c=CA" -validity 10000' .hc On 09/23/2013 03:15 PM, Natanael wrote: > How are you planning on doing it? Will you let the old app notify the user > about having to install a new app, maybe pointing to Google Play or > offering a direct download? After verifying that the import worked, you can > also offer to open the app details in Android for the old app so quick > uninstallation is easy. Have you written down the details anywhere yet? I'd > like to see how you're planning on doing it. > > Den 23 sep 2013 20:44 skrev "Abel Luck" -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 ______Guardian-dev mailing list Post: Guardian-dev at lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen% 40leitl.org You are subscribed as: eugen at leitl.org ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From rich at openwatch.net Wed Sep 25 16:29:45 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 25 Sep 2013 13:29:45 -0700 Subject: The Compromised Internet In-Reply-To: Free and Open 4G radios/base stations are actually quite exciting for this reason. The thing which actually prevents mesh networks from working is mathematical: past a certain network size, path finding becomes too computationally expensive, so wifi based mesh networks can only cover a certain radius before they stop working. With the 4G spectrum, however, the distances between hops vastly increases, meaning that city-wide mesh networks can grow and remain performant. This allows for free communication and file transfer without centralized authorities. Obviously there are still threats, but there is a lot of freedom gained from network autonomy. On Wed, Sep 25, 2013 at 1:07 PM, John Young > Now that it appears the Internet is compromised what other > means can rapidly deliver tiny fragments of an encrypted > message, each unique for transmission, then reassembled > upon receipt, kind of like packets but much smaller and less > predictable, dare say random? > > The legacy transceiver technologies prior to the Internet or > developed parallel to it, burst via radio, microwave, EM emanations, > laser, ELF, moon or planetary bounce, spread spectrum, ELF, > hydro, olfactory, quanta, and the like. > > Presumably if these are possible they will remain classified, kept > in research labs for advanced study, or shelved for future use. > > Quite a few are hinted at, redacted and partially described in > NSA technical publications from 25-50 or so years ago. Many > developed for military use and the best never shared with the > public. > > A skeptic might suppose the internet was invented and promoted as > a diversion along with public-use digital cryptography. This ruse > has led to immense growth in transmission-breakable ciphers > as well as vulnerable transceivers. Packet techology could hardly > be surpased for tappability as Snowden and cohorts disclose the > tip of the iceberg. Ironically, the cohorts believe encryption protects > their communications, conceals his location and cloaks the > depositories. > > > > -- ????????????? Rich Jones * OpenWatch From bascule at gmail.com Wed Sep 25 16:36:47 2013 From: bascule at gmail.com (Tony Arcieri) Date: Wed, 25 Sep 2013 13:36:47 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 1:07 PM, John Young > Now that it appears the Internet is compromised What threat are you trying to prevent that isn't already solved by the use of cryptography alone? -- Tony Arcieri ------next part ------An HTML attachment was scrubbed... URL: From eugen at leitl.org Wed Sep 25 16:45:25 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 25 Sep 2013 22:45:25 +0200 Subject: The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 01:29:45PM -0700, Rich Jones wrote: > Free and Open 4G radios/base stations are actually quite exciting for this > reason. The thing which actually prevents mesh networks from working is > mathematical: past a certain network size, path finding becomes too It's not mathematics, it's braindead algorithms. Geographic routing needs no admin chatter. You only need to handle the edge cases. Notice that 40 GBit/s fiber WAN is low end, while your LoS WLAN will have trouble transporting even 10 MBit/s in adverse weather. > computationally expensive, so wifi based mesh networks can only cover a > certain radius before they stop working. With the 4G spectrum, however, the > distances between hops vastly increases, meaning that city-wide mesh > networks can grow and remain performant. This allows for free communication > and file transfer without centralized authorities. Obviously there are > still threats, but there is a lot of freedom gained from network autonomy. From grarpamp at gmail.com Wed Sep 25 16:50:41 2013 From: grarpamp at gmail.com (grarpamp) Date: Wed, 25 Sep 2013 16:50:41 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: On 9/25/13, John Young There is a spread spectrum radio tech where you broadcast on essentially all frequencies / wideband at once. To the eavesdropper it appears as simply a rise in unlocatable background noise levels. Yet there is a twist... you and your peer posess a crypto key. That key is used to select and form a broadcast/reception frequency map over the entire spectrum. You drive it with software radio. Think of the map as a vertically slotted grille mask over your spectrum analyzer. The grille spacing/width/overlap is random. What you see is your distributed signal hidden in the noise. Pass it down your stack for further processing and decoding. It's been a while since I've seen this described, whether formally, or applied. Link to paper[s] covering the topic would be appreciated. From jya at pipeline.com Wed Sep 25 17:02:34 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 17:02:34 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: At 04:36 PM 9/25/2013, you wrote: > What threat are you trying to prevent that isn't already solved > by the use of cryptography alone? Transceiver vulnerabilities of the Internet, seemingly inherently insecure by design. So looking for possibilities of moving encrypted goods by other means not betrayed by faulty shipment and addled by ubiquity and familiarity. Not that that is original by any stretch, wizards are jawing about a new internet, secure by design. May take a while, so workarounds of the present piece of carrion might be useful. Not to overlook a new-fangled Snowden loosening the controls of comsec technology beyond his and our PK-packet-tech era comprehension. So beyond mathematically-enthroned encryption what lies awaiting disclosure. Oldies might suffice if dutifully studied and elaborted. Thus the reference to NSA's backroom of pre-internet-PK comsec tech which could be in the forefront, cutting/bleeding edge. From rich at openwatch.net Wed Sep 25 17:04:34 2013 From: rich at openwatch.net (Rich Jones) Date: Wed, 25 Sep 2013 14:04:34 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: That kind of technology is already widely deployed in walkie talkies - I think I remember at HOPE a speaker mentioning that the NYPD used this technique until they abandoned it due to its inconvenience. http://en.wikipedia.org/wiki/Frequency-hopping_spread_spectrum On Wed, Sep 25, 2013 at 1:50 PM, grarpamp > On 9/25/13, John Young -- ????????????? Rich Jones * OpenWatch From jya at pipeline.com Wed Sep 25 17:07:54 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 17:07:54 -0400 Subject: The Compromised Internet In-Reply-To: Yes, along those lines. Free of the totally seductively entrapping internet and monomanical PK promiscuity. The slew of innovations to milk the internet and crypto are way stations toward surpassing vulns of both used in concert. Both mutually delude. Each might lead to better alone, paired with different and less familiar means. At 04:29 PM 9/25/2013, you wrote: >Free and Open 4G radios/base stations are actually quite exciting >for this reason. The thing which actually prevents mesh networks >from working is mathematical: past a certain network size, path >finding becomes too computationally expensive, so wifi based mesh >networks can only cover a certain radius before they stop working. >With the 4G spectrum, however, the distances between hops vastly >increases, meaning that city-wide mesh networks can grow and remain >performant. This allows for free communication and file transfer >without centralized authorities. Obviously there are still threats, >but there is a lot of freedom gained from network autonomy. From jya at pipeline.com Wed Sep 25 17:28:37 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 17:28:37 -0400 Subject: The Compromised Internet In-Reply-To: <[email protected]> References: At 04:21 PM 9/25/2013, you wrote: >About your only choices are hams or (slightly higher budget) >microsats with onboard flash and DTN (notice you can deliver >packets during flyby). Hams also do launch microsats, >so there's some overlap. I've been waiting for consumer >phased arrays, just saw Locata VRay today -- perhaps not >for much longer now. Prime your phased array with s00per-s3kr1t >sat ephemerides, and you're good to go. Really hard to >jam, too -- optical ones impossible to jam, even. > >For very high latency you could just use a global sneakernet. >http://what-if.xkcd.com/31/ has some numbers. You could probably >already run stock Usenet over uucp over that. Yes, I understand some of these, maybe all, are used for mil-gov-spy communications, likely in pretty advanced versions, and long in use before and with the internet. But not for high-value comsec of the present era. Mil-gov-spy use of and spying on the internet and commercial-grade encryption, https and the like, for low-value communications should indicate much better and more varied means are used for high-value. Smil, intelnet, nsanet, and other intra-IC networks are minimally secure, advertised and touted on internet outlets, thus typical fat food for foodies at lower levels of clearance. Commercial-grade comsec, which is all the public has have access to, appears tailored by standards setting and selective crypto competitons to convince of reliability. Openness promoted as a seal of approval. Fine propaganda that. Now what about what is not known openly. Well, that is what's below Snowden's tip of the iceberg slides, papers and briefings. Where's the hardware specs? From grarpamp at gmail.com Wed Sep 25 17:58:06 2013 From: grarpamp at gmail.com (grarpamp) Date: Wed, 25 Sep 2013 17:58:06 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: On 9/25/13, Rich Jones I don't think so, if I recall, it seemed to be a further development of the above linked idea. There might not have been the usual notion of a coded/shared freq hopping sequence in which a carrier transmit data. But more like a continuous parallel broadcast under the mask. Maybe the data was not carried within the freqs but in the choice of freqs themselves. From electromagnetize at gmail.com Wed Sep 25 19:00:55 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 25 Sep 2013 18:00:55 -0500 Subject: sneakernet calculation Message-ID: On Wed, Sep 25, 2013 at 3:21 PM, Eugen Leitl wrote: For very high latency you could just use a global sneakernet. > http://what-if.xkcd.com/31/ has some numbers. > quoted from that site: "Cisco estimates that total internet traffic currently averages 167 terabits per second. FedEx has a fleet of 654 aircraft with a lift capacity of 26.5 million pounds daily. A solid-state laptop drive weighs about 78 grams and can hold up to a terabyte. "That means FedEx is capable of transferring 150 exabytes of data per day, or 14 petabits per second?almost a hundred times the current throughput of the internet." i imagine most with mathematical instinct would think something 'real-world' is missing in this approximation, in that you could not realistically use-up all FedEx resources for such a data sharing project without likely taking down the system or being denied access- and thus existing traffic and congestion are not included in this ideal naive model. what would actually occur if you tried to use all FedEx shipping resources on a single day, and then after considering that, doing so repeatedly day after day. not only is I/O data transfer omitted (time needed to access/store/exchange data between platforms), though also hardware failures which, perhaps i am wrong- packet technology succeeds in transferring via multiple attempts and thus the 'internet traffic' of 167 terabits could potentially includes delivery failures and successful resends, and routing around congestion- whereas it is completely unrealistic to assume you could decide to ship such material and use up all "network" resources of FedEx without considering its tolerances for additional bandwidth to cover this parallelism, and also limits of local delivery or to various locations in an overnight scenario-- so delays would likely be involved, and if any data on laptop drives were to fail it would seemingly require reshipment to compare to the internet data transmission approach. or not. it is not to lose grasp of the notion, only to consider it in its depth, and knowing what may feasibly and more actually occur in such a scenario could provide a more accurate understanding of the limits of analogies without corresponding matched dimensions. such that maybe it would not be as efficient or as easy or even possible, as believed. though the simple mathematical comparison makes it appear so. and most comparisons of this nature often have similar 'modeling errors' where approximations function in an ideological realm as a result, though likewise makes for interesting considerations in considering where the gap is between what is said and what exists as a situation. ------next part ------An HTML attachment was scrubbed... URL: From pgut001 at cs.auckland.ac.nz Wed Sep 25 19:09:46 2013 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 26 Sep 2013 11:09:46 +1200 Subject: [cryptography] The Compromised Internet In-Reply-To: Tony Arcieri >What threat are you trying to prevent that isn't already solved by the use of >cryptography alone? The threat of people saying "we'll just throw some cryptography at it and then all our problems will be solved". Peter. From grarpamp at gmail.com Wed Sep 25 20:12:16 2013 From: grarpamp at gmail.com (grarpamp) Date: Wed, 25 Sep 2013 20:12:16 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: On 9/25/13, Greg Rose The US only applies to itself. Further, over the air, it's noise, the crypto is undetectable and unprovable. And it's (guerilla) software, not physical commercial product. Nor is this the old 'FCC says you can't encrypt ham bands' argument/tech. From electromagnetize at gmail.com Wed Sep 25 20:32:06 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 25 Sep 2013 19:32:06 -0500 Subject: [cryptography] The Compromised Internet Message-ID: > So beyond mathematically-enthroned encryption what lies awaiting > disclosure. > * data-loggers within dental work, synced via multiband x-rays (+ secret other, say tetrahertz), this much easier facilitated via digital equipment note: could be synced to infrastructure tagging or mapping networks via RFID-like send/receive and also monitor biological events of the person * the often interesting TV series "It Takes a Thief" with Robert Wagner had one episode of a fashion designer who (if remembering correctly) stitched a pattern into a new dress that was then photographed or it may have had something to do with a microdot, James Earl Jones was the designer in that episode * the possibility of food for data transmission related to eating certain Asian food and having a gland open on the roof of my mouth- seemingly a specific chemical and what could happen if that were related to triggering of various related socio-behavioral programming, etc. * the future possibility, given data transfer by touch, of data capsules or pills that are digested and relay code that is informational into accompanying cyborg implant, else also behavioral routines triggered by food or drugs, that of an informational domain (which in a context of medicine and the body could be very wide ranging). heck, what about non-lethal overtones of morse code onto pacemaker or other devices, as form of signaling * microphoned dinner tables to relay info to flower vase, also tapping out code onto surface for solitar diners * clothing design, again, if embedded systems for data relay, also with jewelry. seemingly it could be anything. different kinds of materials or stitching, fashion styles as communication systems, delineating networks and establishing standards, references, and protocols, hidden technology or encrypted 'data', non-electronic or to be mediated electronically- say thread that glows in black light only, one-time pad, person walks past special camera-trap to relay data w/out even knowing * genetics themselves, various data sets as langauge including categorization as a means of encrypting perspectives, setting boundaries within contingent modeling of pseudo-truth, thus thresholds/boundaries for what can be perceived from the inside and outside; as this relates to disease, health systems, insurance, death panels, hidden eugenics of targeted populations * infrastructure itself as pre-internet sensor network with capacity for secret communications, especially with the mystery networked sensor boxes logging mystery data. could trace chemicals in products to pattern match and refine facial recognition, retail pollution of industrial scent as perfumes (another potential communication system), deodorants, shampoos combined mark, assist tracking * vehicles themselves if carrying paired black-box tech with shared non-identifiable encryption formats, such that a drive-thru or drive-by could involve data exchange, as this could likewise potentially relate to modification of street lights, electronic gates, toll booths, traffic lights and potentially any form of electronic signage (as this also relates to NFC and RFID for tracking, signaling). thus vehicles as data loggers and data carriers which may or may not involve drivers knowledge. if so, covert data exchange could seemingly exist outside of known encryption formats as a strengthening of security by the obscurity (akin to inventing secret, private language) whereas known algorithms could indicate, compromise systems via existing standards ("this is secret data!") * issue of black market and courier services, in some sense transfer of weapons and illegal drugs assumes an extreme form of privacy, security, and secrecy such that a small amount of opium could be couriered to a US resident and paid for by "anonymous" money, and in some sense similar to being ~encrypted, assuming or betting against disclosure of surveilling of packaging by companies, or of data inside encrypted archives thus like betting on the odds of the long-game * then there is peer-to-peer signaling in itself, public and- or private, one to one or one to many or relay or delayed via written, oral, sound-based, food, fashion, or other communication -- of the realm of symbolic language where something stands-in for something-else or 'shared meaning' can be effectively communicated yet exist beyond the boundary of others perception; a shared framework of "truth" (whether true or not) is required as a protocol to match up shared dimensions; overt is hand gestures, hand signals, body movements, postures, poses, facial expressions, as language * i tend to think there is potential for any language-based interaction to involve signaling that is observed differently by others, based on their relation to the event or reading of it- for instance, juggling. it is a pattern-based activity that has known and identifiable sequences that can be a way of communicating (by those so skilled) or could involve use of color or number or other dynamics to signal or secretly message another who operates or understands the same 'cipher system'. LED equipment that can be programmed, or even IR or UV that may not appear activated yet could be photographed or video'd in those frequencies could then reveal a data stream, or potentially involve persistence of vision or even a data-burst relayed or captured by camera or cellphone * anything, like RC planes or models driving down a street and triggering a data exchange, with vehicle house router house monitoring system, infrastructure, as a potential; * maybe reconsider Grandma's framed needlepoint sometime or the role of collectibles or the anthro- and archaeological involved in antiques as potential forms of secret data exchange, in that that period furniture or rare object may signify something to someone and trigger a meaningful relational exchange that could, in certain instance, function and establish a data network and allow hidden communication and conscious to exist, persist and in this way- aesthetic probably trumps all things electronic in terms of the bandwidth involved in pure sensory experience, thought, knowledge, shared consciousness, and secret views that to the outsider may exist as encrypted, beyond awareness and understanding or even value, even while it could be primary (basis for shared awareness, decision making, action for others) ------next part ------An HTML attachment was scrubbed... URL: From jya at pipeline.com Wed Sep 25 20:41:02 2013 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 2013 20:41:02 -0400 Subject: Snowden walked away with the U.S. IC Intellipedia Message-ID: A sends: "Snowden walked away with the U.S. IC Intellipedia." http://en.wikipedia.org/wiki/Intellipedia Information on the validity of this claim invited: cryptome[at]earthlink.net From electromagnetize at gmail.com Wed Sep 25 21:03:23 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 25 Sep 2013 20:03:23 -0500 Subject: [cryptography] The Compromised Internet (2) Message-ID: > So beyond mathematically-enthroned encryption what lies awaiting > disclosure. > forgot to mention as referenced, the role of music as a form of cultural communication with potentially secret dimensions this whether classical, with entire societies networked around a given aesthetic hub or node, else within traditions themselves of various society's and the institutions these can become or the universalization of rock & roll music and the 'rock concert' as a seeming height of 20th century western popular culture, tied into mass media and media archives and vast shared communication, to include role of drug culture and consciousness and politics, including counterculture agenda, and role of trends and fashion that align with this as a form of monocultural megadevelopment who knows, perhaps those strobe and laser light displays are outputting more data, or a guitar solo is a data transmission on some other level, as carrier wave for hidden signaling. it seems for deadheads, for instance, acid may open up their experience of the music that otherwise may be intolerable and likewise maybe there are lissajous figures spinning in skulls as the result of entrainment of populations via these mind and brain-washing techniques of neurology brought into the context of mass music and its technical devices, so to program populations without their even knowing it. in this way 'communications science and engineering' may have more to do with signaling in music or as a means for programming behavior, than the music itself, if taken in a covert context. add sex, drugs, popularity and money and group-behavior and you got a platform to exploit and run against others in their own channels, (though it could tend towards baseness, bottom feeding and constitute a dumb-system by comparison to others) speculation of course. just like that wireless speaker is in no way connected to a retail dual-use spying agenda ------next part ------An HTML attachment was scrubbed... URL: From bill.stewart at pobox.com Wed Sep 25 21:16:44 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 25 Sep 2013 18:16:44 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: At 01:07 PM 9/25/2013, John Young wrote: >Now that it appears the Internet is compromised what other >means can rapidly deliver tiny fragments of an encrypted >message, each unique for transmission, then reassembled >upon receipt, kind of like packets but much smaller and less >predictable, dare say random? Fundamentally, what you're asking for doesn't make sense. Threat models are about economics, scale, and mistakes, and even if we don't have security bugs, we still have economics. The internet is designed to be a system that lets everybody in the world talk to everybody else, without pre-arranged connections, with enough bandwidth to say the things they want to say (e.g. watch cat videos on YouTube funded by advertising.) Spread-spectrum radio is great for short distance concentration; we most commonly use it in wifi or cellular phone technologies, but then that data gets concentrated by long-haul fiber and routing providers. Content traditionally gets handled by end users, but in practice by a bunch of service providers who have economies of scale that provide concentrated data to advertisers or low operating costs. The recent internet security attacks have been based on scale, though they've sometimes taken advantage of security mistakes as well. Endpoint service providers can be forced to give up content and addresses; transport service providers can be forced to give up address pairs, traffic volumes, and sometimes end user identities, and in some cases can also be forced to divulge content. You have to fight scale threats with scale defenses. If you want to get security at vaguely current internet prices (e.g. tens of dollars per mbps per month instead of thousands), you'll still need to piggyback on the existing infrastructure. So you'll need to do encrypted tunnels over it, with lots of endpoints (to make traffic analysis harder), limited information visible to the endpoints, and ways to make compromising endpoints harder. That means technologies like TOR and remailers, and one of the risks is finding that half the TOR nodes are actually run by the KGB/FBI/other attackers. The way to change scale is to move from communications networks that can be wiretapped wholesale to types that can only be wiretapped one at a time (e.g. 1024-bit DH PFS is better than subpoenaable reusable 2048-bit RSA keys.) You can do some jurisdictional arbitrage, if you know that the NSA not only won't be wiretapping your server in Europe, but also that they won't be trading favors with the local European spooks. But it seems like that's a mug's game these days. None of that means that it wouldn't be fun to build UUCP-over-IPSEC, but if you and your buddy Bob are the only two users, it's still susceptible to traffic analysis. From electromagnetize at gmail.com Wed Sep 25 23:40:02 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 25 Sep 2013 22:40:02 -0500 Subject: The Unbreakable Cipher In-Reply-To: this viewpoint would appear validated within a certain limited framwork of observation, whereas different 'physics' could apply beyond its pov... On Wed, Sep 25, 2013 at 9:11 AM, John Young NSA Technical Journal published "The Unbreakable Cipher" in Spring 1961. > > http://www.nsa.gov/public_info/_files/tech_journals/The_Unbreakable_Cipher.pdf > > Excerpts: > > [Quote] > > For each cipher system there is an upper bound to the amount of > traffic it can protect against cryptanalytic attack. > perhaps this is mathematically proven or a truism (cannot be falsified) though it would seem this is a statement based on certain existing approaches, potentially. or methods or equations that may work in particular domains- yet perhaps not all, if somehow dynamics changed from ordered to chaotic systems, noise instead of signals the comparison could be to [nature] itself as a mysterious code and what is accessible and known, within particular limited views and understanding, versus all that exists, perceived or hidden the threshold that is beyond observation may not appear in traffic analysis if it is not accounted for in a given structuring of data or comprehendable. there may be more to it that existing models or embodied awareness, as with vision and other animals eyes and frequencies, as this relates to territory and interfunctionality, say UV and insects as it relates to pollination, humans cannot see directly yet cameras can begin to, yet what if like Flatland there are vast amounts of higher dimensionality near & far away or adjacent and invisible that are not found in existing equations else cannot be computed in the frameworks, ideological science & metaphysics one example, Isaac Newton the Alchemist the requirement may be that the cipher needs to be serial or linear to satisfy the given viewpoint, versus non-linear > What is > "cryptanalytic attack"? It is a process applied to cipher text > in order to extract information, especially information > contained in the messages and intended to be kept secret. > guessing- perhaps such "cryptanalytic correlation" is based on assumption about order within defined and controlled systems generated by algorithms in a particular way- and thus correlation leads to a cause, verification/validation of a 'known rationalization' or meaningful structure that can be deciphered out of the chaos assumption of a correct and single answer, removed of ambiguity vs. nonlinear, many potential answers, more labyrinth, cipher as treasure hunt leading into multiple mazes, linked or parallel yet arbitrary puzzles, and Rube Goldberg contraptions which could alter the context itself, change code, via attempts to access it > If some of the information is gotten by other means and this > results in more being extracted from the cipher, this is (at > least partially) a successful attack. > linearly so, that seems likely in that order would be revealed in what might be called the equationspace, whatever context or 'universe' the approaches define, yet which may be finite and bounded, and thus lack other existing dimensionality nonlinear, more (autogenerated) information does not inherently lead to a single "correct" ordering or perspective, it could be a false pov or trap yet fulfill criteria of rationalization into some known equation ("yes- here is the 'real' encrypted message"') in the sense that a [sign] references itself for proof, versus another event, thus a false a=a resolving an equation could be a spoof and lead away from the actual temporary path the secret data could feasibly be infront of an observer who is limited in their view and framework and thus cannot see it due to snap-to-fit equation mentality, conceptually limited, perceptually, if not out if not their depth philosophically as the idea itself that generates the code may be unthinkable or unimaginable in a less-accurate framework or model thus, much public crypto could function as [signage] that is equated with secrets: (the hidden data is here!), and in this way could be two-dimensional as in Flatland POVs, that cannot understand higher dimensionality beyond its physical limits of perception- and thus brain functioning, sensory capacity, natural networking (esp,astral, remote viewing) may differ observer to observer as consciousness shared and unshared- planes of existence and operation so what if nonlinear cipher systems or multilinear do not have these same 2D properties and instead invert the principles involved, such that finding structure or order is not inherently good, nor 'answers' or resolution as it does not prove anything, if not knowing the context or frame for data, one answer over another in another view > If certain phrases can be > recognized when they are present, this is successful cryptanalysis. > not if multiple bit set, or bit strings. what is recognizable as pattern may exist as noise and what appears noise may be the signal, pseudo-truth pattern matching leads further & further into falsity > If a priori probabilities on possible contents are altered by > examination of the cipher, this is cryptanalytic progress. > or, a protected boundary or ruse that further encrypts into other frameworks upon inspection, correlation, interference thus Schrodinger paradox and observation, though to include quantum correlation changes the context (other physics) and 'the cat' could be entangled with another cat before being put in box and thus its state could indicate dead/alive cat, etc. so what if non-linear ciphers were entangled and yet this functioned in a realm of arbitrary keys or resonant key sets that suddenly tune in or out of connectivity within a context, versus must be hardcoded into it as static unchanging data > If in making trial decipherments it is possible to pick out > the correct one then cryptanalysis is successful. ... > not true for nonlinear bit sets as they could auto-expand into universe upon universe of data correlations, bounded infinities or unbounded finite realms, whereas the serial approach appears much more of a bounded finite realm exponential meaning for set combinations as equations that open into vast interior realms of potential scrambled data- anything cold be ordering the interior, recognizable or not-- N-equations, singularly or stacked, equations never before shared- that level of obscurity- anything. > Another example is that of Mr. Kahn, one-time key. Here the > limit is quite clear; it is the amount of key on hand. The key arrives > in finite "messages," so there is only a finite amount on hand at > anyone time, and this limits the amount of traffic which can be sent > securely. Of course another shipment of key raises this bound, but > technically another cipher system is now in effect, for by my > definition a cipher system is a message. A sequence of messages > is a sequence of cipher systems, related perhaps, but not the same. ... > not sure i understand this in its practice or application, though what if a key cannot be differentiated from the cryptogram or is somehow not separated or structurally defined in existing rules for hardware/software crypto. for instance, what if entanglement unlocks interpretation via perception or alters some context. what if a device is so enigmatic it could contain an upper boundary of keyspace and cipherspace and equationspace such that it can be reused indefinitely or many times without figuring out its solution because it increasingly moves to 'many' versus a single solution, and may not structurally relate to other previous uses/exchange or protocols (in this way the person as observer and randomness) what if traffic analysis is 2D in an N-dimensional framework and thus many keys and similar cipherspace is an attribute and at some tipping point or threshold a computational or conceptual limit is reached, which is defined by a limited rationalization or this is seeded by accurate and-or false data to false correlate and entangle systems, virtual and real, to exploit via minotaurs [Answer to the question:] "Does there exist an unbreakable cipher" > would be this, "Every cipher is breakable, given enough traffic, and > every cipher is unbreakable, if the traffic volume is restricted > enough." > > [End quote] > this could be a question of observation and the existing boundary. an omniscient observer could likely know anything encrypted just by tapping optic nerve or brain, pre-encryption. yet if not truly or fully accurate in modeling, could make presumptions and limit this power of interpretation to a smaller framework than what actually exists (pT vs. T) and thus that limit may equate what is believed observed with absolute truth (pT=pT as TRUTH), and thus the hidden communications or cipher system may exist in that gap or realm of error- to begin with, as security that is based within accurate observance/sharing of truth, even while in a more finite state, than a falsely omniscient observer who relies on error for POV (skew/distortion/warping) and thus their logical reasoning may establish the boundary which a person of less capacity for all-pervasive oversight may still communicate beyond via channels of unobserved or unrecognized truth, validated in 1=1 or A=A or T=T views grounded in shared empirical framework, outside perception or understanding of the tyrant. the neuro-signaling could be broken, the encryption broken in algorithmic code, the traffic correlated- and yet if these are not accurately interpreted or cannot be, or do not or cannot accurately correlate to the reality, then reading of the cipher -- that which is broken -- could be reading of [the signs] associated with the cipher in a given particular rationalization or ideological view that can still be incorrect and data exchange could occur outside of this viewpoint; thus the phrenological aspect of inaccurate modeling in that it could be limited or bounded to finite dimensionality whereas the actual cipher could exist outside of that like neuroscience trying to determine what ideas are by placing them on a neural map, versus the concepts as circuits, constellations, related to this data, in truth truth is the unbreakable cipher there is no greater security lies are full of flaws and errors by comparison, self-defeating how effective is secret intel if it is blanketing the news cycle as endless global megastorm, global secrecy meltdown > Is this conclusion still valid? If so, what could be done to restrict > traffic > volume to assure unbreakablility? And how to sufficiently test that. > Presuming that NSA and cohorts have investigated this effect. > it could be ideological-- that the 'secret' is created and held within a given domain versus existing outside of it as information and in a state of nature or other pre-existing data and frames as if the role of security is to break things so they can be secure, a methodology that ultimately undermines development, reflected in planned obsolence as self-destruction, cannibalization of the state what if security meant protecting truth, and secrecy dealing with thresholds and boundaries; what if the protocols and assumptions and methodologies are conceptually flawed, wrong, in error, and their implementation and sustenance is the lifeblood of tyranny, in that maldevelopment is required as a result of wrong-ideas and wrong-thinking, standardized, institutionalized, copied, networked, and then becoming security state religion while heretics are pursued as citizen terrorists, givers of feedback in such a doomsday, truth is the enemy, so that would mean the inner realm of the secrecy and security and privacy realm is to protect lies and liars and deceivers, the core of the falsity ? ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Thu Sep 26 00:29:07 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 25 Sep 2013 23:29:07 -0500 Subject: The Unbreakable Cipher (2) Message-ID: On Wed, Sep 25, 2013 at 9:11 AM, John Young > > Is this conclusion still valid? If so, what could be done to restrict > traffic > volume to assure unbreakablility? And how to sufficiently test that. > Presuming that NSA and cohorts have investigated this effect. > no- not for a multilinear/nonlinear bit set approach. voluminous data exchange and not censoring throughput (given ability to correlate elsewhere, delayed or real-time; thus store+forward) and allowing inaccurate modeling of data via ideological rationalizations turns that limited analysis back against itself as truth is secure, folding the framework via collapsing pseudo-truth and falsity, recontextualizing the shared situation, establishing new zones of interaction and unmapped boundaries that do not coherently correlate within existing models of analysis, instead breaking them. versus propping them up via following their rules and dictates that seek to limit and censor interactions as a basis for secrets or sustaining false-perspectives, seemingly often for self-preservation of legacy systems versus allowing collapse, deterioration or loss of control over what occurs- freedom in relation to governance versus its constriction, choking what can happen, to keep it finite, bound, gagged hypothetical, the massive influx of data (in truth) that is wrongly assessed (as pT) via limited observer established zone of secure interaction by default of its own false framework and incapacity to account for what does not exist in its categorization- any move toward accommodation is ideological weakness and falsifies belief system. it is to overwhelm with data that cannot be grounded in the false framework and its ungrounded evaluation undermines the existing inaccurate view because it yields less and less in the limited perspective. flooding the corrupt oversight with what amounts to pseudo-truth, allowing any and all correlations to fever circuits- it breaks the rationalization model by forcing decision-making that tends towards falsity, as it is ungrounded and the more it decides, the more it persists and expands itself in error. transparency in truth, a shared domain, remains a secret and a secure realm insofar as it cannot be accessed, perceived, or altered in the dimensions it exists- seemingly only censored, stopped, or attacked which forces polarization, ramps up potential dynamics, and creates conditions for extreme actions that can force or break hidden systems via operating beyond their known boundary or losing stealth advantage in some ways it may be like reverse radar, what they see is the entire radar field as the signal, potentially, unable to distinguish its value or meaning or interpret what is happening in vast many different frames simultaneously, keying in and out, leading to massa confusa... (perhaps equivalent to big bang inflation of a paralleled universe) ? ? ------next part ------An HTML attachment was scrubbed... URL: From coderman at gmail.com Thu Sep 26 02:14:56 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:14:56 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 1:07 PM, John Young [p.s. the system below needed extra cooling and one GPU removed to fit. more details later, and these details/code i'm actually going to publish ;] ------next part ------A non-text attachment was scrubbed... Name: sdrhax.jpg Type: image/jpeg Size: 60219 bytes Desc: not available URL: From eugen at leitl.org Thu Sep 26 02:19:00 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 08:19:00 +0200 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 02:04:34PM -0700, Rich Jones wrote: > That kind of technology is already widely deployed in walkie talkies - I > think I remember at HOPE a speaker mentioning that the NYPD used this > technique until they abandoned it due to its inconvenience. > > http://en.wikipedia.org/wiki/Frequency-hopping_spread_spectrum Here's a potentially disruptive technology for global communication that bypasses the fiber infrastructure, and hence more difficult to tap and almost impossible to disrupt by other means than total orbit denial weapons. http://www.extremetech.com/extreme/165194-nasa-prepares-to-launch-space-laser-system- that-can-transmit-data-at-600mbps-to-deep-space NASA prepares to launch 600Mbps space laser system to replace conventional radio links By Sebastian Anthony on August 29, 2013 at 10:05 am19 Comments NASA is preparing to launch the Lunar Laser Communications Demonstration (LLCD), a testbed that will use lasers to send and receive data between Earth and the Moon. This will be the first time that NASA uses lasers instead of conventional S-band radio waves to communicate with spacecraft, allowing for massive data rates of up to 600 megabits per second, while also consuming much less power and requiring much smaller antennae. Ultimately, shifting to laser-based communications will allow NASA to receive much more data from spacecraft, allowing them to be outfitted with high-res cameras and other modern sensors that generate more data than S-band links can support. Optical communications, as opposed to radio frequency (RF) communications (or simply ? radio?), are desirable for three key reasons: Massive bandwidth, higher security, and lower output power requirements. All of these traits derive from the frequency of optical and radio waves. While S-band signals are in the 2-4GHz range (similar to your GSM, LTE, or WiFi link), the laser light used by the LLCD (near-infrared in this case) is measured in hundreds of terahertz. As a result, the wavelength of S-band signals is around 10cm, while near-infrared has a wavelength of just 1000nm ? or about 100,000 times shorter. Not only can you cram a lot more data into into the same physical space, but there?s also terahertz (compared to megahertz in the S band) of free, unlicensed space that can be used. A diagram of the LLCD architecture Because the wavelength is smaller, the sending and receiving antennae can also be a lot smaller, allowing for smaller/lighter spacecraft and much easier reception here on Earth. By the time a conventional RF signal arrives at Earth from outer space, the beam can cover an area as wide as 100 miles, requiring very large dish antennae (such as the Deep Space Network) to pick those signals up. Receiving laser signals, which are 100,000 times shorter, requires a much smaller dish. As a corollary, due to these beams being much tighter, they?re much harder for an enemy to snoop on, thus increasing security. Transmitting data via laser also requires less power than RF. NASA's LLCD laser link diagram The LLCD will be deployed upon the Lunar Atmosphere Dust Environment Explorer (LADEE), which is scheduled for launch in September. LADEE (which could be pronounced lay-dee or lad-ee, we?re not sure) will orbit the Moon, seeking to confirm whether the mysterious glow observed by Apollo astronauts was caused by dust in the lunar atmosphere. Thanks to the LLCD, NASA will have a 20Mbps uplink to LADEE (apparently 4,800 times faster than existing S-band uplinks), and LADEE will have a 600Mbps downlink to NASA (five times faster than current state-of-the-art lunar-distance links). The mission will only last for 30 days, after which, if it?s a success, NASA will launch the long-duration Lunar Communications Relay Demonstration (LCRD), which will hitch a ride aboard a commercial Loral satellite. The LCRD will allow NASA to perform further testing of space laser communications, with the hope of eventually replacing RF links in future spacecraft. Moving forward, space laser communications will allow for the creation of spacecraft that are smaller, cheaper, and capable of more advanced functionality. With 600Mbps of downlink capacity, we?ll be able to outfit spacecraft with high-resolution cameras and other advanced sensors that generate vast amounts of data ? and view that data in real time, rather than waiting for the data to slowly dribble over the airwaves. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From coderman at gmail.com Thu Sep 26 02:19:44 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:19:44 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 1:36 PM, Tony Arcieri From eugen at leitl.org Thu Sep 26 02:23:18 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 08:23:18 +0200 Subject: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies) Message-ID: <[email protected]> ----- Forwarded message from Roger Dingledine Date: Thu, 26 Sep 2013 01:52:14 -0400 From: Roger Dingledine On Wed, Sep 25, 2013 at 09:32:46PM -0700, coderman wrote: > On Wed, Sep 25, 2013 at 1:34 PM, Jonathan Wilkes You left out the rest of his sentence (and maybe some different punctuation would have helped too). Once upon a time, we argued that sure, maybe NSA could break Tor if they put enough resources into it, but at least we could rely on the fact that if the FBI called them up on the phone and asked for some help with a case, they sure wouldn't admit to it. And also, if they *did* have an attack, surely they wouldn't "spend" their super-secret knowledge on just any old situation: https://en.wikipedia.org/wiki/Coventry_Blitz#Coventry_and_Ultra It's similar reasoning that might make you comfortable jaywalking in front of a secret service agent -- surely they have more important things to be doing with their time, or with our tax dollars, than coordinating with the local police to bust you for something irrelevant, right? And now here we are learning about a growing number of cases where NSA actually does provide intelligence for cases that are totally outside their scope or mandate, with sentences that start with "you didn't hear it from me, but". So the snippet of quote above is out-of-context -- I do think that an organization that puts a lot of energy into surveilling large parts of the Internet can probabilistically correlate some Tor traffic flows, but I wouldn't call that threat my biggest fear. That said, I do really worry about the slippery slope where everybody collects their own huge database of Internet traffic and then eagerly shares their analysis with everybody else. It shifts the balance of power even more in favor of the surveillance state(s). --Roger -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu. ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From coderman at gmail.com Thu Sep 26 02:23:45 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:23:45 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: On Wed, Sep 25, 2013 at 11:19 PM, Eugen Leitl From coderman at gmail.com Thu Sep 26 02:28:06 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:28:06 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 11:23 PM, coderman EOM From coderman at gmail.com Thu Sep 26 02:38:58 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:38:58 -0700 Subject: The Unbreakable Cipher (2) In-Reply-To: On Wed, Sep 25, 2013 at 9:29 PM, brian carroll From coderman at gmail.com Thu Sep 26 02:42:40 2013 From: coderman at gmail.com (coderman) Date: Wed, 25 Sep 2013 23:42:40 -0700 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: ------Forwarded message ------From: coderman On Wed, Sep 25, 2013 at 11:33 PM, Eugen Leitl On Wed, Sep 25, 2013 at 11:38 PM, coderman From eugen at leitl.org Thu Sep 26 02:51:21 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 08:51:21 +0200 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 11:42:40PM -0700, coderman wrote: This was an off-list exchange actually, but what the hell. > On Wed, Sep 25, 2013 at 11:33 PM, Eugen Leitl LEO is a volume, not a surface. You can have as many flocks up there as you like, if you can afford it. > you're optimizing against natural / random failures, and completely I'm optimizing against people who walk up, and dismantle your wireless mesh, or down the Internet in your country. It's really hard to jam the sky, especially in VIS range. > and totally vulnerable to active interference. Yes, you can fry them with ground laser or fill up orbit with tungsten pellets. However, such things are quite frowned upon, especially the latter option. > do i have to spell it out? Surprise me. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From l at odewijk.nl Thu Sep 26 03:20:43 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 26 Sep 2013 09:20:43 +0200 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: 2013/9/26 Eugen Leitl > It's really hard to jam the sky, especially in VIS range. > "Huh. Guys, what's that on our radio scanner? Someone calls us?" Hard to jam, easy to trace. Even regular Dutch police forces have triangulation tactics to find pirate radio stations. This is where I'm more enthusiastic about near-optical connections. A laser, invisible spectrum ofc, and a small black surface (iow:detector) are all it takes. It will still be visible (at night) with special hardware. Street lanterns (depending on the type) might make them invisible at night too. Bandwidth is wonderful, and there's plenty of spectrum to duplicate bandwidth too. Quite like fiber, except for the ideal transmission. And that highlights the problems. You have to keep the laser pointed, that means not diffracted by thermic differences or blocked by dust and other particles (like, you know, leaves). This might be less trouble than it'd seem at first, and even better it can be automated by a lens system. A just graduated ship's lieutenant laughed at me for suggesting laser communication as the future. "No spying, very high speed, very wide bandwidth!" and he effectively answered "Line of sight, irreliable, no need for speed and just use satellite". A yagi pointed skywards should be hidable inside the house, so I guess he's somewhat right. ------next part ------An HTML attachment was scrubbed... URL: On Thu, Sep 26, 2013 at 12:20 AM, Lodewijk andr? de la porte > This is where I'm more enthusiastic about near-optical connections. i'm trying to re-kindle the flame, really... > ... You have to keep the laser pointed, that > means not diffracted by thermic differences or blocked by dust and other > particles (like, you know, leaves). nope. direct line of un-obstructed sight kills the mood. really: give it up. FSO, LEO, it's all moot. go mesh, go multi-path, go SDR! if you're still not convinced, i've got a red team who can change your mind! ;P From coderman at gmail.com Thu Sep 26 03:54:31 2013 From: coderman at gmail.com (coderman) Date: Thu, 26 Sep 2013 00:54:31 -0700 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: On Wed, Sep 25, 2013 at 11:51 PM, Eugen Leitl > ... It's really > hard to jam the sky, especially in VIS range. not true. :/ From coderman at gmail.com Thu Sep 26 04:15:44 2013 From: coderman at gmail.com (coderman) Date: Thu, 26 Sep 2013 01:15:44 -0700 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: On Thu, Sep 26, 2013 at 12:54 AM, coderman From coderman at gmail.com Thu Sep 26 04:32:01 2013 From: coderman at gmail.com (coderman) Date: Thu, 26 Sep 2013 01:32:01 -0700 Subject: [cryptography] The Compromised Internet In-Reply-To: On Wed, Sep 25, 2013 at 11:19 PM, coderman From electromagnetize at gmail.com Thu Sep 26 05:34:43 2013 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 26 Sep 2013 04:34:43 -0500 Subject: The Unbreakable Cipher (2) Message-ID: > you're wrong. perfect. thank you (though assumption was more like MMORPG as distributed parallel network keying same space from many unique vantages, where environment* is of different structures and conceptualizations and parts do not necessarily align into a clear 'whole' view, including if many-many exchanges function beyond limits of model or framework) i think i grasp a fundamental concept of crypto that relates size of message (message length) with design of algorithmic structure needed to successfully embed or hide the message else hidden order may be easily visible/discovered i still contend this is different for set theory and models of noise - yet assume equations in that space could function differently and could have other design requirements or crypto principles perhaps more shallow if hiding in massive noise or equations to nest data in higher-dimensional matrices or at various levels, presumably unlike what appears a more static, confined construct of linear equationspace and its requirements in that 'keys' could function differently in bit set approach though perhaps rekeying is universal as a security principle yet potentially flawed if it could reveal a particular structure leading to its compromise whereas reusing an 'infinity key' (regenerating keys or using same key in new instantiations, accessing different arbitrary structure as keychain multitool) may function in a different context than existing approaches, in some way- which relates to the dataspace; such that perhaps the key itself is noisy or indeterminate as to what exactly the key is though this speculation could all be false. *(though of cipher environment presumed 'outside' the capacity of computers to process, rationalize accurately, thus not contained in electronic boxes; thus beyond modeled computer space, infinitely so) From coderman at gmail.com Thu Sep 26 06:32:18 2013 From: coderman at gmail.com (coderman) Date: Thu, 26 Sep 2013 03:32:18 -0700 Subject: The Unbreakable Cipher (2) In-Reply-To: On Thu, Sep 26, 2013 at 2:34 AM, brian carroll > i think i grasp a fundamental concept of crypto > that relates size of message (message length) > with design of algorithmic structure needed to > successfully embed or hide the message else > hidden order may be easily visible/discovered it is interesting how these fundamentals change across public key systems, and the ideal one time pad. symmetric ciphers are a particular beast... (and combined authentication and encryption modes even more particular ;) > i still contend this is different for set theory and > models of noise ... > > in that 'keys' could function differently in bit set > approach though perhaps rekeying is universal > as a security principle yet potentially flawed if > it could reveal a particular structure leading > to its compromise... in a poor implementation or protocol, re-keying can provide an opportunity for cipher suite downgrade or other privacy destroying attacks. effective frequent re-keying requires the other INFOSEC/OPSEC dependencies be met! > whereas reusing an 'infinity > key' (regenerating keys or using same key in > new instantiations, accessing different arbitrary > structure as keychain multitool) may function > in a different context than existing approaches, note that for all intents and purposes, you should use a fresh, absolutely random key for each re-keying. key "stretching" or derivation methods suffer the same types of vulnerabilities over large enough output that the original cipher does. instead of spending your time trying to securely "stretch" a few keys, just generate a large number of perfectly random keys instead! From jya at pipeline.com Thu Sep 26 08:10:42 2013 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 2013 08:10:42 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: At 09:16 PM 9/25/2013, you wrote: >Fundamentally, what you're asking for doesn't make sense. >Threat models are about economics, scale, and mistakes, >and even if we don't have security bugs, we still have economics. An NSA technical report says a unit was set up in Bell Laboratories over 50 years ago to research fledgling ideas which the over-militarized NSA staff didn't have time or skill to look into. So it was done at Bell, IBM, MIT, Philco, NCR, RCA, and ilk, back then and as now with today's iconized coms, orgs and edus. Inside of which, then and now, are the cypherpunks playing chess with suits and slicks, manipulating the infrastructure to generate exploits the suits can't, or don't want, to care about so long as quarterlies are fat. Calling upon the sagacity of this forum the question might be answered as you say by developing ways to piggy-back, rig, boot-leg, twist and turn switches and valves, to swipe a little bit of the infrastructure pipelines to use for less controlled purposes. Whatever the infrastructure is, internet, EM spectrum, radio, laser, cable, optics, farts, prayer. Whatever happened to hunches and gut feelings as cover for IP theft and lucky accidents. Pilfering by insiders sold or shared off the market has an ancient history, Snowdens galore forever, the mothers of invention and payback to suits sucking blood of labor. Now then, cough, cough, suppose the internet will continue to be the comms medium of choice for citizens and consumers and their besuited gang of exploiters. Workarounds to exploit the exploiters will flower by avid hackers multiplying like rabbits inside and outside the hegemons. What else besides that healthy pilfering industry which happily generates profits for hackers and cypherpunks to set up their own exploiting ventures? As might have been asked before the internet, before telecoms, before radio, before drums and smoke and yodel and grunts and skull banging. What are lab rats doing when not angling for scale-up capital? Nothing commercial, hopefully, nothing worth feeding to John Markoff, to Glenn Greenwald, to WikiLeaks, to vultures. Probably not worth this all too open call for hot shit swapping. From eugen at leitl.org Thu Sep 26 10:17:09 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 16:17:09 +0200 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: On Thu, Sep 26, 2013 at 12:54:31AM -0700, coderman wrote: > On Wed, Sep 25, 2013 at 11:51 PM, Eugen Leitl If the VPN bridges go down, you're back to mice and pumpkins. There are obvious values in urban-area public meshes, and long distance WLAN, but it's no way to deliver messages globally, even as simple as texting equivalent. The buck does definitely stop when surf is lapping at your toes. What is exactly is wrong with frequent fliers carrying smartphones with http://sourceforge.net/projects/bytewalla/ or similar? http://www.diva-portal.org/smash/get/diva2:541972/FULLTEXT01.pdf > down the mesh? hope you've got capacity for a truck roll to tens of millions! > > > > ... It's really > > hard to jam the sky, especially in VIS range. > > not true. :/ You need to track a given small, rapidly moving patch of sky in realtime, whether by parabol dish, amateur astronomic instrument, or phased array flat plate or half-dome. The bird is serving hundreds or thousands people ground-side as it passes by. If you really want to jam all these at the same time you'll need a nuke. Taking out the bird from the ground turns a game of cat and mouse, if you're dumping phonesats by the satbusload -- these are short-lived, anyway, and need to be constantly replenished. Orbital denial against small cross-section targets in a really low orbit which can be replenished cheaply will make every country with space access very mad at you, which is dangerous to your health. None of the approaches are mutually exclusive. Use meshes, link them up via VPN tunnels across Internet, use DTN with avian carriers, or phonesats. From eugen at leitl.org Thu Sep 26 11:02:18 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 17:02:18 +0200 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: On Thu, Sep 26, 2013 at 09:20:43AM +0200, Lodewijk andr? de la porte wrote: > 2013/9/26 Eugen Leitl They want to pick up a parabolic dish, a LoS laser or a phased array tracking a point source overhead, all sending at maybe 5-10 W power? Sure, if your sky is thick with mapping drones. Sounds like a fifth world problem. > Hard to jam, easy to trace. Even regular Dutch police forces have > triangulation tactics to find pirate radio stations. Isotropic radiators with high power are easy to spot. Dynamic tight beams need at least a passing point of alignment to get a position fix on the ground station. NSA sigint used that microwave LoS interception, but this wouldn't scale for millions of users and very brief low-power bursts during random alignment events. > This is where I'm more enthusiastic about near-optical connections. A > laser, invisible spectrum ofc, and a small black surface (iow:detector) are > all it takes. It will still be visible (at night) with special hardware. > Street lanterns (depending on the type) might make them invisible at night > too. Bandwidth is wonderful, and there's plenty of spectrum to duplicate > bandwidth too. Quite like fiber, except for the ideal transmission. Or maybe you just buy http://www.ubnt.com/airfiber or the lower-grade gear for LoS. > And that highlights the problems. You have to keep the laser pointed, that > means not diffracted by thermic differences or blocked by dust and other > particles (like, you know, leaves). This might be less trouble than it'd > seem at first, and even better it can be automated by a lens system. > > A just graduated ship's lieutenant laughed at me for suggesting laser > communication as the future. "No spying, very high speed, very wide > bandwidth!" and he effectively answered "Line of sight, irreliable, no need > for speed and just use satellite". > > A yagi pointed skywards should be hidable inside the house, so I guess he's > somewhat right. Phased arrays which are flat or half domes are compact and don't look like anything from air. If you're clever, you can integrate these into a PV panel. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From jya at pipeline.com Thu Sep 26 11:29:31 2013 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 2013 11:29:31 -0400 Subject: One Time Pad Cryptanalysis Message-ID: "Cryptanalystis make their living out of sloppy thinking and enthusiastic over-ingenuity of designers of cipher systems." Brig. Gen. J.H. Tiltman, "Some Principles of Cryptographic Security," NSA Technical Journal, Summer 1974. http://www.nsa.gov/public_info/_files/tech_journals/Some_Principles.pdf Tiltman vaunts the One Time Pad but cautions there have been effective decrypts exploiting enthusiastic sloppy thinking that OTP is unbreakable. Most appears to involve non-decipher means and methods. The paper redacts others presumably still effective. For amateur ingenuity Tiltman footnotes: "I remember an early example of the solution of the problem of producing strictly one-time perforated tape. A Canadian engineer working for a British intelligence organization in New York who knew nothing at all about cryptography produced in 1942 an on-line machine called TELEKRYPTON. He generated his tapes by pouring a mixture of metal and glass balls through a hopper, the metal halls alone passing current and perforating 5-level tape. He analyzed the result and saw that it was biased, owing to the heavier weight of the metal balls, and then changed the respective sizes of the balls to compensate for the extra weight of the metal." From eugen at leitl.org Thu Sep 26 11:50:39 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 26 Sep 2013 17:50:39 +0200 Subject: sneakernet calculation In-Reply-To: > i imagine most with mathematical instinct would think something > 'real-world' is missing in this approximation, in that you could not > realistically use-up all FedEx resources for such a data sharing project > without likely taking down the system or being denied access- and thus > existing traffic and congestion are not included in this ideal naive model. You overestimate the amount of useful content the Internet carries. Let's assume you just want to deliver text messages hand-entered by people. Let's say 10^9 people/day care to enter some ~kByte of text. That's a mere TByte/day, uncompressed. ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From electromagnetize at gmail.com Thu Sep 26 14:32:56 2013 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 26 Sep 2013 13:32:56 -0500 Subject: sneakernet calculation In-Reply-To: <[email protected]> References: On Thu, Sep 26, 2013 at 10:50 AM, Eugen Leitl interesting... (seems related to direct crypto messaging rather than encoding audiovisual file types and transport encryption issues) and thus: a billion people who want to exchange digital text files (~1 kB). in a FedEx approach to transport of physical media, this is assumed to involve 1 billion separate "harddrives" or other disks for digital files that are going to move from one location or user to another, elsewhere so a billion 'packets' that need to be packaged in FedEx folders, have addressing and routing information attached, though firstly removed from equipment and then lastly reinstalled in other remote equipment to complete the data exchange. could a billion people feasibly call FedEx up today and go through this process of taking drives out, etc., and have the packages arrive ("today" in analogous terms, though 'next-day' is the gimme here) where the delivery is successful, no hardware failures that require automatic resends- likely instantaneous for packet-switch though for courier this could be a week span or more, to figure issues out. so out of the blue, a billion packets injected into the delivery stream of FedEx to arrive same-day or next-day, successful, to another billion addresses else some large majority (some packages go to the same address etc. and congestion/traffic issues with that, in that there may be a limit to what local resources are available). i would assume -no- this could not occur without denial of service or delay within routing or existing delivery schedules, and likely is beyond the daily tolerance level within the given bandwidth available, and to do this day after day would crash the FedEx delivery system perhaps because it is not designed or capable for 'data' delivery in the sense it may be unique from 'material' delivery of physical stuff versus used as a communication system for relaying messages (understandably this correlates with list messaging likewise) ~ ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Thu Sep 26 20:40:16 2013 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 26 Sep 2013 19:40:16 -0500 Subject: South Park NSA Message-ID: Original Air Date: 09.25.2013 (two sets of commercials for web access) Cartman infiltrates the NSA and doesn?t like what he finds in his personal file. http://www.southparkstudios.com/full-episodes/s17e01-let-go-let-gov ------next part ------An HTML attachment was scrubbed... URL: From eugen at leitl.org Fri Sep 27 05:31:36 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 11:31:36 +0200 Subject: [drone-list] You're a threat to drones Message-ID: <[email protected]> ----- Forwarded message from Yosem Companys Date: Thu, 26 Sep 2013 10:45:10 -0700 From: Yosem Companys From: Joan Livingston Glenn Greenwald on how governments view Yemeni, Pakistani, US, and UK anti-drone activists as propaganda-wielding threats. The NSA's pro-drone propaganda is of course okay, as is detaining activists, denying visas, and denying facts about civilian casualties: http://www.theguardian.com/commentisfree/2013/sep/25/nsa-uk-drone-opponents-threats -- Want to unsubscribe? Want to receive a weekly digest instead of daily emails? Change your preferences: https://mailman.stanford.edu/mailman/listinfo/drone-list or email companys at stanford.edu ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From tpetru at gmail.com Fri Sep 27 05:44:08 2013 From: tpetru at gmail.com (Tomas Overdrive Petru) Date: Fri, 27 Sep 2013 11:44:08 +0200 Subject: The Unbreakable Cipher (2) In-Reply-To: Dne 26.9.2013 11:34, brian carroll napsal(a): > coderman wrote: > >> you're wrong. > perfect. thank you > > (though assumption was more like MMORPG as > distributed parallel network keying same space > from many unique vantages, where environment* > is of different structures and conceptualizations > and parts do not necessarily align into a clear > 'whole' view, including if many-many exchanges > function beyond limits of model or framework) > > i think i grasp a fundamental concept of crypto > that relates size of message (message length) > with design of algorithmic structure needed to > successfully embed or hide the message else > hidden order may be easily visible/discovered > > i still contend this is different for set theory and > models of noise - yet assume equations in that > space could function differently and could have > other design requirements or crypto principles > perhaps more shallow if hiding in massive noise > or equations to nest data in higher-dimensional > matrices or at various levels, presumably unlike > what appears a more static, confined construct > of linear equationspace and its requirements > > in that 'keys' could function differently in bit set > approach though perhaps rekeying is universal > as a security principle yet potentially flawed if > it could reveal a particular structure leading > to its compromise whereas reusing an 'infinity > key' (regenerating keys or using same key in > new instantiations, accessing different arbitrary > structure as keychain multitool) may function > in a different context than existing approaches, > in some way- which relates to the dataspace; > such that perhaps the key itself is noisy or > indeterminate as to what exactly the key is > > though this speculation could all be false. > > *(though of cipher environment presumed 'outside' > the capacity of computers to process, rationalize > accurately, thus not contained in electronic boxes; > thus beyond modeled computer space, infinitely so) Hi, I like your model of different points of view and strange methods of communication as base for some surrealistic RPG, which lead me to idea: - imagine, that you have players of the game, that are able to understand surreal logic of the game and now one of them is killed by game-master, possibly because game-master do not like this person or something like. So now you have rouge ex-player who do understand whole "system" perfectly, all surreal concepts are clear to him, no problem with all that CHAO magic. And as cypher it just behave as cypher with hidden logic, which does not work as soon as logic is revealed. But again, I like that concept as RPG setting, to have PC, that are communicating by juggling and music [different languages ], NPC that have problem to understand, what is still code and what is only noise pattern... unwillinglingly transmited informations [veneric or other diseases + gene modification]... pasterns in the void. Really surreal and I do like it a lot, but as hidden and obscure it is inapplicable. Btw when we are in surreal mood: Have you ever tried to think about moment, when most of the informations public available is coded by some artificial system [cypher sets] and there will be some inherited civilization without enough e.g. computing power to just count algorithms even they know it function and in worst case even the key. Imagine all of the data/informations lost in case we do not understand ASCII or UTF-X table anymore. Just example of another Baabel world to play with. [related: Jorge Luis Borges : Babel Library] Sorry for OT, in case of any, in this thread [PARACrypto] to subject? ~ Over -- ?Borders I have never seen one. But I have heard they exist in the minds of some people.? ? Thor Heyerdahl www...... http://overdrive.a-nihil.net twitter...... https://twitter.com/#!/idoru23 blog...... http://d8ofh8.blogspot.com GnuPG public key...... http://overdrive.a-nihil.net/overdrive.txt GnuPG key FingerPrint.072C C0AD 88EF F681 5E52 5329 8483 4860 6E19 949D ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature URL: From eugen at leitl.org Fri Sep 27 06:02:31 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 12:02:31 +0200 Subject: [tahoe-dev] the GNU 30th Birthday party! Message-ID: <[email protected]> ----- Forwarded message from Zooko O'Whielacronx Date: Fri, 27 Sep 2013 05:00:04 +0000 From: Zooko O'Whielacronx Folks: Tahoe-LAFS is one of the featured projects at the GNU 30th Birthday Party Hackathon! https://www.gnu.org/gnu30/celebration I'm going to be there in person in Cambridge. What I want to do during the Hackathon is make Tahoe-LAFS work better with Tor and/or I2P. I know that at least a couple of Tor developers and at least one I2P developer will be there in person, so this is a good opportunity to collaborate face-to-face or side-by-side. One thing I could spend Hackathon time on is just to contribute some patch review service to the Tor project, if it seems like they want that. Issue tickets relevant to this: Go to https://Tahoe-LAFS.org, click on "View Tickets" ? https://tahoe-lafs.org/trac/tahoe-lafs/wiki/ViewTickets , click on "anonymity" ? https://tahoe-lafs.org/trac/tahoe-lafs/query? status=!closed&keywords=~anonymity&order=priority Eyeballing those, I recognize the following as especially ripe, because the I2P folks have been working on them and flagging them as blockers for I2P: #68, #1010. https://tahoe-lafs.org/trac/tahoe-lafs/ticket/68# implement distributed introduction, remove Introducer as a single point of failure https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1010# use only 127.0.0.1 as local address See also a couple of patches that the I2P people are trying to contribute to foolscap, and which are also needed for full Tahoe-LAFS+I2P integration: http://foolscap.lothar.com/trac/query?status=!closed&keywords=~i2p You can join in! Just connect to us on IRC -- irc.freenode.net channel #tahoe-lafs -- or physically show up in Cambridge. Or, I suppose, at one of the other GNU 30th Birthday celebrations around the world: https://www.gnu.org/gnu30/ (scroll down to "Satellite Events"). ? Regards, Zooko ______tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Fri Sep 27 07:52:19 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 13:52:19 +0200 Subject: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 Message-ID: <[email protected]> ----- Forwarded message from The Doctor Date: Wed, 25 Sep 2013 12:12:45 -0400 From: The Doctor -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2013 07:35 AM, Melvin Carvalho wrote: > It depends on the attacker. I think a large entity such as a govt > or big to medium size corporation *may* be able to MITM https, of > course the incentive to do so is probably not there ... DLP (data loss prevention) products usually have MITM capability, to make sure that proprietary information isn't being exfiltrated. Also, some companies have full packet capture policies. The technology is out there and people buy and use it. Whether or not they're going to care about Bitcoin URIs in the short term, I don't know. Some of the companies documented here have such products: http://bluecabinet.info/wiki/Blue_cabinet#List_of_companies You are correct in that the incentive to carry out MITM attacks in this use case may not be there. However, detecting transactions may be more useful to an attacker than meddling with them. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Shiloh? Is your name Shiloh? Can I talk to you?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJDC30ACgkQO9j/K4B7F8FungCgyQtkyiQIekhlv1/Nqdd/JAIV 3EgAoKW8wTOI11lEq0ieOsRiQmnkM9w6 =W50W -----END PGP SIGNATURE----- ------October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk ______Bitcoin-development mailing list Bitcoin-development at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Fri Sep 27 08:09:12 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 14:09:12 +0200 Subject: [Cryptography] RSA recommends against use of its own products. Message-ID: <[email protected]> ----- Forwarded message from Jerry Leichter Date: Wed, 25 Sep 2013 14:12:25 -0400 From: Jerry Leichter On Sep 25, 2013, at 12:31 PM, ianG > Hi Jerry, > > I appreciate the devil's advocate approach here, it has helped to get my thoughts in order! Thanks! :-) > My conclusion is: avoid all USA, Inc, providers of cryptographic products. In favor off ... who? We already know that GCHQ is at least as heavily into this monitoring business as NSA, so British providers are out. The French have been playing the "oh, we're shocked, shocked that there's spying going on" game - but they have a long history of their own. It's been reported for many years that all Air France seats are bugged by the French security services and the information recorded has been used to help French economic interests. And even if you don't think a particular security service has been going after in-country suppliers, recall decades of US spiking of the Swiss Crypto AG machines. It's a really, really difficult problem. For deterministic algorithms, in principle, you can sandbox the implementation (both physically and in software) and compare inputs and outputs to a specification. That leaves you to worry about (a) holes in the specification itself; (b) physical leakage of extra information (Tempest-like). Both of these can be dealt with and you can gain any degree of assurance you consider necessary, at least in principle. Sure, someone can spike your hardware - but if it only does what the spec says it's supposed to do, what does that gain them? (Storing some of your secrets within the sandboxed system does them no good if they can't get the information out. Of course, physical security is essential, or your attacker will just walk the system, with all its contained information, out the door!) For probabilistic algorithms - choosing a random number is, of course, the simplest example - it's much, much harder. You're pretty much forced to rely on some mathematics and other analysis - testing can't help you much. There are really no absolutes; you really have to think about who you want to protect yourself from and how much you are willing to spend, because there's no limit on how much you *could* do. Build your own foundry? Create your own circuit synthesis code? You very quickly get yourself into a domain where only a handful of companies or countries can even begin to go. My take on this: I don't much worry about attacks against general-purpose hardware. The difficulty of modifying a processor so that you can tell when it's implementing a cipher and then do something useful about it seems insurmountable. The exception is when the hardware actually gets into the crypto game - e.g., the Intel AES extensions and the random number generator. If you're going to use these, you need to do so in a way that's secure even if those features are spiked - e.g., use the random number generator only as one of a couple of sources. Still, *much* more worrisome are the badly implemented, insecure extensions to allow remote control of the hardware, which are being discussed in a separate thread here. These are really scary - there's no protection against an attacker who can send a magic packet to your network interface and execute code with full privileges. Code, at least for symmetric cryptography primitives and modes, is simple enough that you can find it all over the place. Realistically, the worst attacks against implementations these days are timing attacks. Bernstein's ciphers have the advantage of being inherently secure against these, showing that this is possible (even if you don't necessarily trust his particular constructions). Denker's ideas about how to get random numbers whose safety is based on physical principles are great. You do have to be careful of the hardware and software you use, but since the hardware is designed for entirely different purposes (A/D sound converters) it's unlikely anyone has, or really could, spike them all. It's the asymmetric algorithms and implementations that seem to be the most vulnerable. They are complex and difficult to get right, much less to get both efficient *and* right, and protocols that use them generally need to be probabilistic - so "black box testing" isn't feasible. At the same time, they have rich mathematical structures in which we know things can be hidden. (In the symmetric case, the algorithms are generally have little mathematical structure, and we *assume* nothing can be hidden in there - but who can really say with absolute confidence.) I had a long debate here earlier on this subject, and my own conclusions remain: Use symmetric crypto as little as you possibly can. (What would be really, really nice is something like DH key exchange without all the mathematical structure.) -- Jerry ______The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From jya at pipeline.com Fri Sep 27 08:47:01 2013 From: jya at pipeline.com (John Young) Date: Fri, 27 Sep 2013 08:47:01 -0400 Subject: [Cryptography] RSA recommends against use of its own products. In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: There was a time when non-official crypto wizards recommended: From best to worst: 1. Roll your own, keep it quiet, change it often, monetize as a last resort before a cheated partner cuts your throat. 2. Avoid commercial giants most inevitably in bed with officials to screw users mercilessly laughing on the way to SWIFT. 3. Avoid products of the most powerful nations and their satellites and gangsters bypassing export controls in service to those very nations' covert armaments-economic policies. 4. Avoid any widely touted, admired, promoted as the best due to long history of dupery by this magic bullet. 5. Use off-market, black market, deep web, blacknet, onionized, layered, piggy-backed, scatalogically provened reliable based on total avoidance of the many hegemons working the cypto fleece terrain, expect to be reamed, dosed and sausaged. 6. Go back to No. 1, repeat, daily, hourly, minutely, pause, wonder is this nuts, pound delete, backspace, esc, ctrl-alt-del, smash the EENT device. 7. Pick nose, ear, tooth, scratch crotch, hmm, scratch some more, log onto revenge porn, spot your ex-partner leaking your perfect privacy prophylactic. At 08:09 AM 9/27/2013, you wrote: >----- Forwarded message from Jerry Leichter From eugen at leitl.org Fri Sep 27 10:53:39 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 16:53:39 +0200 Subject: What the heck is going on with =?utf-8?Q?N?= =?utf-8?B?SVNU4oCZcw==?= cryptographic standard, SHA-3? Message-ID: <[email protected]> https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3 What the heck is going on with NIST?s cryptographic standard, SHA-3? by Joseph Lorenzo Hall [1] September 24, 2013 (Warning: this is a fairly technical post about cryptographic standards setting.) The cryptographic community has been deeply shaken since revelations earlier this month [2] that the National Security Agency (NSA) has been using a number of underhanded methods ? stealing encryption keys, subverting standards setting processes, planting backdoors in products ? to undermine much of the encryption used online. This includes crucial pieces of e-commerce like HTTPS (SSL/TLS) and Virtual Private Networks (VPN) that we use each day to purchase things online, to socialize in private, and that businesses use to communicate confidential and proprietary information. While the reporting has been vague and hasn?t pointed to specific software versions or protocols that have been compromised, last week RSA Security ? a major supplier of cryptographic software and hardware ? initiated a product recall [3] of sorts, warning users that one of its popular software encryption products contained a likely NSA-planted backdoor. The practical implication of the RSA recall is that much of the encryption that used this product since 2007 isn?t nearly as secure as it was supposed to be. Those of us who follow developments in the cryptographic community have noticed another troubling development: there are a number of cryptographers upset with how the National Institute of Standards and Technology (NIST) is standardizing a new set of encryption algorithms called SHA-3 (which stands for the third version of the Secure Hashing Algorithm). The remainder of this post explains what is going on with SHA-3 and how NIST could diffuse this particular controversy while it still has the chance. (Warning: In this post, I?m assuming the reader is familiar with the concepts underlying basic encryption tools, called ?cryptographic primitives,? such as hash functions [4], digital signatures [5], and message authentication codes [6].) What is SHA-3? SHA-3 is the ?next generation? hash algorithm being standardized by NIST. In 2005, researchers developed an attack [7] that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions. To be clear: SHA-1 is thought to be on its way out, as people expect the earlier attacks to be improved considerably in the coming years and there hasn?t been any result that calls into question the soundness of SHA-2 at all. Attacks always improve, so it?s imperative that there is an alternative hash function ready to go when and if the floor falls out of the earlier hash functions. NIST?s cryptographic technology group [8] is world-renowned for cryptographic algorithm standardization. In 2007, NIST began the process to develop and standardize a new secure hash algorithm that would be called SHA-3. The process for choosing a new algorithm was designed as a competition: new candidate algorithms were submitted by more than 60 research teams and over five years the entrants were whittled down to a set of finalists, from which a winner was chosen. In October of last year, NIST announced [9] that a team of Italian and Belgian cryptographers had won the competition with their submission named, ?Keccak? (pronounced ?KECH-ack?). What has NIST done with SHA-3? Since the announcement of Keccak as the winner, NIST has been working hard to turn Keccak into a standard. That is, NIST can?t just point to the academic paper and materials submitted by the Keccak team and call that a standard. NIST has to write the algorithm up in a standards-compliant format and include it in other NIST cryptographic standards documents, such as a successor to the Secure Hash Standard document (FIPS Publication 180-4) [10]. Here?s where the controversy starts. One of the most accomplished civilian cryptographers, NIST?s John Kelsey, gave an invited talk at a conference in August, the Workshop on Cryptographic Hardware and Embedded Systems 2013 (CHES?13) [11], where he described some of the changes NIST has made to Keccak in turning it into a standard. The changes were detailed in five slides (slides 44-48) of Kelsey?s slide deck for his talk [12]. Two major changes puzzled some in attendance: In the name of increased performance (running faster in software and hardware), the security levels of Keccak were drastically reduced. The four versions of the winning Keccak algorithm had security levels of 224-bits, 256-bits, 384-bits, and 512-bits. However, from Kelsey?s slides, NIST intends to standardize only two versions, a 128-bit and a 256-bit version. Some of the internals of the algorithm had been tweaked by NIST ? some in cooperation with the team that submitted Keccak ? to improve performance and allow for new types of applications. Essentially, NIST had changed Keccak to something very different from what won the 5-year competition. Since this talk, cryptographers have been abuzz with this news and generally very critical of the changes (e.g., folks like Marsh Ray on Twitter [13]). What are the issues with SHA-3 standardization? So, what?s the big deal? Well, the problems here cluster in five areas: Process: From a simple due process perspective, after a five-year hard-fought competition, to make large changes to the winning algorithm is simply problematic. The algorithm being standardized is very different from the winning Keccak, which beat 62 other high-powered cryptography research groups in a 5-year competition. (To be fair, it?s not like these changes came out of the blue. However, given the new political environment reality itself has changed.) No security improvement: The SHA-3 version of Keccak being proposed appears to provide essentially the same level of security guarantees as SHA-2, its predecessor. If we are going to develop a next generation hash, there certainly should be standardized versions that provide a higher security level than the older hash functions! NIST, in the original call for submissions, specifically asked for four versions in each submission, with at least two that would be stronger than what was currently available, so it?s hard to understand this post-competition weakening. Unclear implications of internal changes: The changes made to Keccak to get to SHA-3 may be so substantial as to render the cryptanalysis that was performed during the competition moot. That is, all the intense number crunching cryptographers performed during the competition to try and break the submitted ciphers to prove their strength/weakness simply doesn?t apply to the modified form of Keccak that NIST is working on. No real need for high-performance hashes: NIST said it weakened the security levels of the winning Keccak submission to boost performance. (Weaker versions of hash functions run faster.) However, there is not clearly a need for another fast hash algorithm. For example, to get exceedingly technical for a moment: in communications security, hashes are used for a few purposes and most are computed on small inputs ? where performance isn?t a concern ? and in cases where performance is a concern due to large inputs (e.g., with ?message authentication codes? or MACs), many applications are moving away from hash-based MACs (HMAC) to other types of MACs like GMAC [14] that are not based on hash functions. NIST?s reputation is undermined: Kelsey?s CHES?13 talk was given in mid-August, two weeks before the NSA encryption revelations. Those revelations [2] suggest that NSA, through an intelligence program called BULLRUN actively worked to undermine NIST?s effort to standardize strong cryptography. NIST could not have known how the changes it made might appear once that reporting had cast a pall over NIST cryptographic standards setting. The changes made to Keccak undoubtedly weaken the algorithm, calling NIST?s motives into question in light of the NSA revelations (regardless of their actual intentions). None of this is irreversible. What could NIST do to diffuse this controversy? Kelsey?s slides indicate that NIST is on track to standardize the NIST-modified version of Keccak as SHA-3 and issue a draft standard in late October for public comment. If the issues above are not addressed in that draft standard, there will be considerable hue and cry from the cryptographic community and it will only serve to reinforce the more general concerns about NIST?s cooperation with the NSA. It?s in no one?s interest to feed the flames of NIST scaremongering and we all have an interest in NIST as a trusted place for science and standardization. In that spirit, there are a number of things NIST can do to calm this storm (and please consider joining NIST?s Hash Forum [15] to discuss this further): Add back high-security modes: NIST must ensure that SHA-3 has strong modes of operation. NIST should at least add back in a 512-bit security level version of Keccak so those users who want exceedingly high security and don?t worry as much about performance have a standardized mode that they can use. In fact, if NIST is worried about performance, it probably makes sense to standardize the as-submitted versions of Keccak (224, 256, 384, 512-bit security levels) and add in a much weaker but high-performance 128-bit version for those users who want to make that trade-off. This would be the ?Kumbaya? solution, as it would have five security levels with both the NIST-modified versions and the as-submitted Keccak versions. Justify optimizations and internal changes: NIST has obviously made significant internal changes to the Keccak algorithm. This means that the NIST-modified Keccak and the winner of the SHA-3 competition are likely to be very different. To be sure, there are probably some very good reasons for the changes, but we don?t know what they are, and it would be unfortunate to learn them simply in the draft standard as published in October. Extensive changes should technically be subject to the cryptanalysis that was brought to bear during the actual competition. Unfortunately, it will be impossible to muster the cryptographic scrutiny necessary to examine the NIST-modified Keccak as the resources and teams that worked on this during the competition are no longer available. Here, it makes sense for NIST to standardize both the winning version of Keccak and NIST?s optimized version (?SHA-3-Opt? maybe?), so that implementers can have their pick of whether they want the Keccak that was subject to the grueling competition or an improved version that hasn?t been subject to as much scrutiny. Improve the standardization process: No one doubts that NIST runs high-quality cryptographic competitions. The many-year competitions that resulted in AES (the Advanced Encryption Standard) and SHA-3 marshaled the most gifted cryptographic thinkers in the world to shake down very exotic forms of mathematics to result in very strong, clever and useful practical outcomes. The resulting algorithms look indistinguishable from magic to many of us who are not steeped in the fine art of cryptography. However, the process of getting from the algorithm that won the competition to a standard is a dark and mysterious process, and it need not be. While the relationship between NSA and NIST has always made many of us uneasy, in light of recent revelations, it?s especially important that this standardization step be open and transparent with a formal process that works to ensure that all decisions are made in a well-documented manner and that conditions that ensured an algorithm withstood withering scrutiny during a competition do not subsequently change dramatically during the standardization process. At CDT, we work hard to make sure that standards processes serve the public interest in an open, free and innovative Internet. We?ll be advocating for changes in standards processes at NIST so that it remains an unbiased, trusted, and scientific venue for developing cybersecurity and cryptographic standards. UPDATE [2013-09-24T17:41:24]: Changed title to better reflect that SHA-3 is not an encryption standard but a hash function standard (without using "hash function" in the title). Better qualified that SHA-1 is likely weak in the face of government-level adversaries. Further update [2013-09-25T06:09:38]: clarified that SHA-1 is essentially on its way out. NIST Copyright ? 2013 by Center for Democracy & Technology. The content throughout this website that originates with CDT can be freely copied and used as long as you make no substantive changes and clearly give us credit. Details. Source URL: https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3 Links: [1] https://www.cdt.org/personnel/joseph-lorenzo-hall [2] http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html? pagewanted=all&_r=0 [3] http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/ [4] http://en.wikipedia.org/wiki/One-way_hash_function [5] http://en.wikipedia.org/wiki/Digital_signatures [6] http://en.wikipedia.org/wiki/Message_authentication_code [7] https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [8] http://www.nist.gov/itl/csd/ct/ [9] http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html [10] http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf [11] http://www.chesworkshop.org/ches2013/start.php [12] https://docs.google.com/file/d/0BzRYQSHuuMYOQXdHWkRiZXlURVE/ [13] https://twitter.com/marshray/status/380800393367674880 [14] http://en.wikipedia.org/wiki/Galois/Counter_Mode [15] http://csrc.nist.gov/groups/ST/hash/email_list.html From eugen at leitl.org Fri Sep 27 10:54:09 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 16:54:09 +0200 Subject: [p2p-hackers] BitWeav: open P2P micropublishing Message-ID: <[email protected]> ----- Forwarded message from CodesInChaos Date: Fri, 27 Sep 2013 16:49:52 +0200 From: CodesInChaos Bitcoin only uses RIPEMD160(SHA256(x)) only in places where the relevant attack is a second pre-image, not a collision. If neither hashfunction is pathological, the pre-image resistance of this construction can't be broken without breaking both hashes. So this construction isn't that silly. > As for length extension attacks, I don't believe I should be concerned, should I? The transfer of messages within the network is dependent on a defined protocol, so any extra bytes would just be interpreted as a malformed message. If you use it in a broken construction, you should be concerned. If you're not, then there is little reason to worry. Length extensions are only a problem with a few specific constructions. In particular using SHA256(k||m) as MAC is broken. If you want a hash based MAC with SHA-2, use HMAC instead. ______p2p-hackers mailing list p2p-hackers at lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From jd.cypherpunks at gmail.com Fri Sep 27 11:53:01 2013 From: jd.cypherpunks at gmail.com (jd.cypherpunks at gmail.com) Date: Fri, 27 Sep 2013 17:53:01 +0200 Subject: [Cryptography] RSA recommends against use of its own products. In-Reply-To: Remember - did at least 3 of these, 20 years ago. :) Still true - still valid - still good advice. I avoid the scratching, but maybe also this helps. --Michael Am 27.09.2013 um 14:47 schrieb John Young > There was a time when non-official crypto wizards recommended: > > From best to worst: > > 1. Roll your own, keep it quiet, change it often, monetize as a > last resort before a cheated partner cuts your throat. > > 2. Avoid commercial giants most inevitably in bed with officials > to screw users mercilessly laughing on the way to SWIFT. > > 3. Avoid products of the most powerful nations and their satellites > and gangsters bypassing export controls in service to those > very nations' covert armaments-economic policies. > > 4. Avoid any widely touted, admired, promoted as the best due > to long history of dupery by this magic bullet. > > 5. Use off-market, black market, deep web, blacknet, onionized, > layered, piggy-backed, scatalogically provened reliable based > on total avoidance of the many hegemons working the cypto > fleece terrain, expect to be reamed, dosed and sausaged. > > 6. Go back to No. 1, repeat, daily, hourly, minutely, pause, > wonder is this nuts, pound delete, backspace, esc, ctrl-alt-del, > smash the EENT device. > > 7. Pick nose, ear, tooth, scratch crotch, hmm, scratch some > more, log onto revenge porn, spot your ex-partner leaking > your perfect privacy prophylactic. > > At 08:09 AM 9/27/2013, you wrote: >> ----- Forwarded message from Jerry Leichter From eugen at leitl.org Fri Sep 27 11:57:14 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 17:57:14 +0200 Subject: [liberationtech] FW: What the IETF is thinking about Prism these days.. Message-ID: <[email protected]> ----- Forwarded message from michael gurstein Date: Fri, 27 Sep 2013 08:55:16 -0700 From: michael gurstein Title : Prismatic Reflections Author(s) : Brian Carpenter Filename : draft-carpenter-prismatic-reflections-00.txt Pages : 9 Date : 2013-09-19 Abstract: Recent public disclosure of allegedly pervasive surveillance of Internet traffic has led to calls for action by the IETF. This draft exists solely to collect together a number of possible actions that were mentioned in a vigorous discussion on the IETF mailing list. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-carpenter-prismatic-reflections There's also a htmlized version available at: http://tools.ietf.org/html/draft-carpenter-prismatic-reflections-00 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/ liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu. ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From eugen at leitl.org Fri Sep 27 13:08:34 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Sep 2013 19:08:34 +0200 Subject: [tt] How a Crypto =?utf-8?B?4oCYQmFj?= =?utf-8?B?a2Rvb3LigJk=?= Pitted the Tech World Against the NSA Message-ID: <[email protected]> ----- Forwarded message from Christian Weisgerber Date: Fri, 27 Sep 2013 16:11:47 +0000 (UTC) From: Christian Weisgerber Eugen Leitl > http://www.wired.com/threatlevel/2013/09/nsa-backdoor/all/ These articles from Matthew Green's Blog offer a better understanding instead of cutesy writing and soundbites: The Many Flaws of Dual_EC_DRBG http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html RSA warns developers not to use RSA products http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its- own.html -- Christian "naddy" Weisgerber naddy at mips.inka.de ______tt mailing list tt at postbiota.org http://postbiota.org/mailman/listinfo/tt ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 From grarpamp at gmail.com Fri Sep 27 13:12:19 2013 From: grarpamp at gmail.com (grarpamp) Date: Fri, 27 Sep 2013 13:12:19 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: On 9/27/13, Eugen Leitl The mentioned tech has nothing to do with traditional 'ham'. And without the crypto key they can't see it and can't disrupt it, it's background/spectrum noise/power to them. Traditionally, presumably hams might discover non-in-the-clear on a specific channel, perhaps triangulate, and report it to some regulatory body (or DoS it). That's not applicable, by design. From yersinia.spiros at gmail.com Fri Sep 27 15:33:35 2013 From: yersinia.spiros at gmail.com (yersinia) Date: Fri, 27 Sep 2013 21:33:35 +0200 Subject: =?windows-1252?Q?Re=3A_=5Btt=5D_How_a_Crypto_=91Backdoor=92_Pitted_the_Tech?= =?windows-1252?Q?_World_Against_the_NSA?= In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: On Fri, Sep 27, 2013 at 7:08 PM, Eugen Leitl > ----- Forwarded message from Christian Weisgerber I have posted this before in a linkedin group. It is really interesting the Mr, *Blaine Bateman* (also linkedin group member) "Then what happened is some arrogant scientist at NIST (full disclosure--I was formerly a NIST employee, and the terms of my departure still burn as a fire in the pit of my stomach) conveniently "forgot" to put the correct ones in the standard, or did it on purpose since "Anyone of modest skill in cryptography will detect the problem and come up with their own P-Q pair correctly. Anyone who doesn't deserves what they get." There are, in my estimation, people that arrogant employed by NIST." No good. No. ------next part ------An HTML attachment was scrubbed... URL: From grarpamp at gmail.com Fri Sep 27 18:51:47 2013 From: grarpamp at gmail.com (grarpamp) Date: Fri, 27 Sep 2013 18:51:47 -0400 Subject: [cryptography] The Compromised Internet In-Reply-To: <[email protected]> References: On 9/27/13, Eugen Leitl Again, I'm not talking about encrypting packets and stuffing them over some simple carrier centered at n-MHz. That's old tech, and possibly dangerous to the well being of users noted in the OP before me. From electromagnetize at gmail.com Fri Sep 27 23:16:20 2013 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 27 Sep 2013 22:16:20 -0500 Subject: [paraCrypto] re: surreality Message-ID: 'official crypto' then, saying it is to serve and protect freedom could instead be meant to prevent and exploit it for a hidden agenda functioning against populations, only to benefit the group aligned with the game-master, and there could be a 'religious basis' in that 'true belief' or assumption of correctness could equate with absolute truth (T), even while the partial views could tend towards total falsity when accounted for beyond the warped framework (pT=>0). and thus reasoning would not be possible because 'truth' would be denied by binary onesidedness and a correct view chosen based on hierarchical privilege, which could rule institutions and society within the game. what para-crypto potentially defines or suggests is that 'other crypto' could exist beyond the logical or observational boundary of the game-master and minions, such that data could be transferred between humans both in-world and beyond the game-world barrier, without being subverted by 'game-master' designed cryptographic systems which are inherently corrupted and a victim of 'partial omniscient' which serves itself as its goal, and thus 'validated truth' must benefit the game-master or else it is wrong, false, and threatens control over unified perception of what amounts to evil dictatorial control over the shared ~game environment. [note: this fits very well with a view of the earth being taken over and exploited by a private, limited, evil agenda, whereby the leader assumes a position of 'god' yet whose omniscience is limited only to the game-world under their control. much like the devil masquerading as god yet not recognizing or allowing truth beyond their own pov.] for me this could be interpreted in either traditional terms of theology, where it has relevance, as it relates to geopolitics and security and secret agendas today, even, though further- it could involve issues of simulation atop this, whereby a Matrix-like environment could exist, and the game-master could have computational control over events in this world and thus also have omniscient awareness - yet which is biased and self-serving, warped by a twisted agenda which seeks to subvert human development, etc. either way- omniscience and cryptography should be the default scenario for considering issues of security, secrecy, privacy, and rights today. anything else is just using a corrupted framework that is essentially 'anti' by default of ignoring such a complex, SCIFI environment in terms of advanced technology and tools available and how data and ideas are functioning in an electromagnetic (and beyond) realm, which remains unaccounted for in the society, within education, and peer communications. thus illiteracy. for instance, it could be metaphysics of higher dimensionality that the game-master is allowed to access 'thoughts' before encrypting them, and then alter tools to access anything that is encrypted. how do you deal with secret communication in a context like this? the only security or secrecy seemingly possible would be that which is outside the threshold of observation for the game-master and in-game spies who are monitoring everything. and thus, their ideology is the programming and contains errors and corrupt code that creates a gap or distance between what is real and actual (truth) and what they believe exists, (partial truth). pT <={x}=> T if some observers observation of truth is bounded and more limited than another, even if operating in higher dimensionality, say 'aliens' are game-master minions, (obs.1), it is still possible for humans of lower status (obs.2) in the game-world hierarchy to observe and function within a truth that is beyond their awareness or observance, including the 'false god' of the game, who seeks to control and limit this interpretation of truth to only a particular version of truth, reliant on skew, bias, warping, distortion, normalizing this. 0 ---> pT.1 ---> pT.2 ---> 1 such that, 0 <--- 'god' <--- pT.1 <---> pT.2 ==> 1 and this could become a context of the human and antihuman agenda, as it relates to truth... 0 <--- 'fake-god' <--- antihumans <---> humans ---> 1 in this way, commercial and retail cryptography that is subverted and used against constitutional rights and freedoms via the corrupted state could, in its subversion, be used for the power politics and game-management of the game-master (or dictator) whose partial and finite truth, unchecked relativism, would tend towards zero or nothingness, death and shared 'false consciousness' as it relates to an ideological framework that becomes the common state structure and basis for relation. and humans could be confused into serving this agenda, or have their data pilfered by surveillance, to support and extend it via its exploitation. whereas humans may seek to serve truth (1) and in doing so, life and all that is true in its integrity and purpose, and yet attempting to communicate securely or convey truth beyond the allowed boundary, could make these individuals or groups into the enemy of the existing environment. off-the-shelf crypto use could tend towards zero and not one, by default of its hidden agenda, and could support the tyranny over the population rather than its liberation. note: the human context for omniscience would be knowing all that is true in its empirical wholeness, and thus absolute knowing (1), which would involve access to all events and all sensors and circuitry, including spiders eyes and birds ears. not just technology and not lacking in understanding of its truth -- whereas the false-god would be in error in their interpretation due to not having observation grounded in absolute truth for their biased reasoning. in a doubled condition then, with backdoors yet perhaps secret hidden 'other code', the same crypto product could co-exist at either end of this entire range, that which has the compromised code sending pilfered encrypted information onward to the dictator and crew ("these are the secrets!") whereas other code could exist beyond or outside this boundary at the same time, and not be compromised and thus remain hidden or secret and in service to shared, higher truth. the lack of logical accounting for truth then would have that kind of crypto tending towards falsity (0) in terms of its groundedness, as accurate empirical observation and instead could be feeding a false perspective or viewpoint or sustaining a 'virtual world' for the dictator to believe they are actually in charge and not being gamed. whereas a shared observance of empirical truth, error-corrected- removed of bias, warping, skew, distortion, would enable grounded circuitry between people and nature, even while trapped within a game world that could be functioning against them and their existence. in such a way, 'crypto' as an idea would be important to review for its substance in terms of logic and its accounting in truth or reliance on partial truth and thus the errors that allow falsity to become a foundation and structure for relations and shared interactions, including those most secret, private, or in need of protection against enemies. human cryptographic products that function beyond the observational and reasoning limits of the game-master ('god'-status and pT.1) in a realm of greater truth (towards 1) then are afforded their first security by being hidden by the boundary or threshold that cannot be observed by those unable to consider the parameters of reality it exists within; such as paradox that is 'undecided' and does not allow forced bias to attain "absolute truth" which is a false view and actually tends towards absolute falsity the more and more it is relied upon in error, especially empirically, as a total shared viewpoint. in this way, at some point, 3-value and N-value logic and truth observed based upon this framework of logical reasoning then establishes a common basis for shared observation, an empirical perspective of 'many into one', leveraging panoptics and removing the errors by 'bugs and eyeballs' potential, the core methodology required to ground views of a shared human identity into a coherent, accurate, multifaceted awareness. thus [human identity] as a set tends towards a certain kind of consciousness if it is grounded in truth (1) and reasons towards it, whereas those who do not do this (antihumans) have a different consciousness and purpose, which relies upon and serves falsity (0) in terms of the absolute context, beyond the game-world itself. in that it could be a simulation of earth or earth itself, and while it or certain dimensions of existence could be under such hostile control - there evidence that certain truth is not allowed or is denied establishes that threshold where truth is unshared, people are unlike one another, and serve different agendas. and thus what is natural and known for humans may not be conceptualized or comprehended the same by outside observers of a mindset that favors a given interpretation that may be flawed or distorted, and in forcing data and observation into that framework, creates an ideological boundary, an inside framework that humans are outside of. much like computer systems today that serve an agenda apart from human development, people serving machines and base motivations of exploitation and enslavement. assuming that many believe this is the shared and correct framework, and the issue of compliance is the 'error-checking' routine, a false relation could be established and yet in its differance, allow a secondary or parallel realm of interaction, the unstated interconnectivity of humans, to exist yet beyond the known threshold, as voiced or actively sensed in game-god parameters. it is all about signs, eventually, identity and language and perception as these ground to truth via logic, or exist in an ungrounded unstable condition, which is where the animal training aspect of society develops around dictators, forcing compliance via pain and brutality, as a way of having power determine what is true, or 'highest truth' (0). as you mention, chaos and magic, and this could coexist in both realms as well, as metaphysical code. hidden hand interactions. accidents, good fortune, injury. death. and thus 'code' and 'programming' and 'crypto' exist in this context and likewise could serve forces of evil (0) where shared lies function as if universal truth, or be aligned with truth (1). and this dualism could be institutionalized, much like da Vinci Code dark/light dynamics at every turn as the forces move out of balance and return to equilibrium.. so the binary logic, in its onesidedness and ungrounded error-reliant ideological state, is essentially a broken cypher system, in that both as a concept and idea it is flawed and even false in modeling events accurately in that too-simple and too-easy framework. the crypto reliant upon its is weak because the ideas they are built upon are weak, not only weak- they are corrupt. false assumptions, error-reliant, and function in a realm of 'true belief' detached from external accounting, even beyond falsifiability. this is not only 'bad security' or a realm of false secrets (in more ways than backdooring equipment- the ideas are backdoored!) -- it is unreal, a false perspective as 'shared reality'. that is what the game-master cannot acknowledge because it is the worldview of their control over their minions and 'reasoning' needed to sustain their stolen world empire. so it is proposed that use of 3-value and N-value logic by default functions beyond the capacity of these people to correlate into their antihuman observational framework and modeling because it does not parse into the binary warped self-serving ideological agenda and instead appears /irrational/ and arbitrary and is a chaotic dynamic that instead of reinforcing the binary belief and shared observation, fragments it and destabilizes it and continually recenters via non-compliance to the 'finite reasoning' of the false POV. in this way, what occurs in these extra-dimensional realms as observation could inherently remain hidden or secret or have some level of security in that it cannot be easily accessed or understood as it exists, beyond the ideological framework and its formatting of meaning to fit into its partial, constrained viewpoint of events. and thus 'crypto' could exist in this condition, in which there is a gap in observation or a boundary or threshold condition, which cannot be accurately accounted for in the given terms. the big issue of 'understandability' and its untethering from false- and controlling- limitations and constraint (thus issue of freedom) then allows "ideas" and truth to exist beyond the realm of the false viewpoint controlled by the game-master slash false-god and their minions who enforce and extend and develop the status quo. so here is the next aspect you introduce- the computer... what if the world either was a simulation and run by a computer that enabled a partial yet flawed omniscience so that god-status had an uncanny ability to surveil those in-game, or that the game-master relied upon a computer for surveillance of humans to manage the game world and retain control over populations by being able to predict or control events, say having the ability to shape peoples destiny, having the power to manipulate time & space, etc. this is right out of Lewis Mumford Myth of the Machine, of a godless computer at the heart of the MEGAMACHINE, the state as an automated feedback-based machine that is set against human values and ultimately functioning against humanity. and guess what its greatest weakness is-- it is all binary! thus entire classes of people who are in service to the machinery, taking on its values, serving its pseudo-truth (tending towards 0) and "believing" that things really are absolute yes/no for each & every observation. how absolutely fucking insane and - insanely stupid. unthinkably stupid. impossibly ignorant. it simply must be a setup, a conspiracy. it is fundamentally unnatural. and yet the computer may have space-time and omniscience to a degree of the binary ideologist and could blacklist or control events and disenfranchise entire peoples and enslave humanity all the while nothing discussing this because it is beyond the boundary of communication for these events -- electromagnetism is not even in a historical context within scholarship of technological or social events (the last 300 years of electrification even), to provide observational grounding for these 'digital' ideological events. instead they are just believed wholesale by the populations - as the NEW RELIGION brought about be technocrats with a hidden agenda. crypto-politics, yet backdoored from the beginning, where: pT(T), such that: 0 <--- pT (T-->1) whereby 1 (0 <--- pT (T)) if you consider 'infinity' in this bounded context: partial-truth (infinite truth), then something is seeking to limit the limitlessness and that is how it gains its power, much like a hydro-event where pressure from a waterfall is harnessed via turbines that are forced to rotate and do work and this 'natural energy' can provide power. in this way: antihuman (humanity) yet this is a subset(set) relation, upside-down, and essentially equates with: 0(1) and thus in terms of dueling logics, whether machine or human- or other-processing... binary (N-value) or 2-value (3-value) &or 2-value (N-value) the important thing to distinguish in terms of 'reality' of this modeling is that both sets have '1' for a value, such that everything modeled as 'true' would relate to 1-value which is 'truth', though for binary this is the only choice and it is assumed ABSOLUTE, via ideology. it is a precondition for the worldview. and nothing is this simple, to start with. it is to theorize truth from the first to the last calculation and never question or suspend judgement-- everything must be aligned with a deterministic evaluation of absolute truth that is detached from actual accounting in truth, via logic that corrects for errors --or-- can be falsified. this cannot be. it is tautology taken to the extreme: dictating truth. a normalized condition then is: false-truth (truth), or false-truth (N-observations), which then must be aligned with its structures and frameworks- as with crypto equipment and its mathematics that may likewise be 'faith-based' in terms of trust systems, and thus tend towards falsity by default of their incapacity to account for greater truth beyond the observational limits established and sustained in their relation. which is why enforced illiteracy is so important to this 'covert' takeover or global terror coup. it secures the false view, within the false dynamics, and everything relies upon strengthening and propping up the false system and prioritizing its values and functioning. truth is the enemy here, it should be obvious. any error correction or feedback that threatens the goals and agenda and self-serving viewpoint of the populism (vote) it involves. and it is ~feeling based, as belief, if it feels bad it is wrong. wrong thoughts and bad thoughts that hurt these idiots, make them feel unsafe, less powerful, privileged or superior. it relates also to supercomputing and the Deep Blue chess match is of this paradigmatic change in relations between limits of 'human reasoning' and that of computational machines, especially binary-based AI. the supercomputer or even networked supercomputers have speed of thought and action, and accuracy and depth, to call upon, well beyond the capacity of any encyclopedic human. i have never related to chess in its game play, due to my own processing limits, though understand the rules of the game. so i tried out a computer chess game and was immediately beaten again and again by what amounts to very low computer processing power, what amounts to a microchip or microcontroller with game instructions versus peak performance of global computing capacity. and what it indicated to me, loss after loss, is that the game is solved at its expert level and if it was feasible or possible, a chess computer could take a game and be a million moves ahead, potentially, than a individual's 5 moves or 50 moves. and it could probably calculate these in the same amount of time, though perhaps far more, in the realm of trillions of calculations as a start, by comparison to a human being. individual <---> individual machine <---> individual machine <---> machine so people still play chess against one another, as they may also send crypto messages sans software/hardware equipment. and likewise, individuals can play chess against a machine, a chess computer or chess program, and as corollary, crypto between people and machines, whether having crypto created or challenged and deciphered this way, perhaps where AI computers create their own crypto algorithms someday that humans cannot crack and thus 'machines have secrets' and a 'hidden private truth', much like HAL. and then there is an issue of machines 'playing chess' against one another, state computers functioning against other state computers, and so on. and what i realized in my perpetual defeat by the chess computer was that the traditional rules of chess favor a binary, serial mindset and thus are easily resolved by the chess computer, and thus there is a ~finiteness or controlled-realm the interactions are happening within, which can be accurately modeled and improved heuristically, via looped evaluation and feedback to refine or adjust the model. yet each choice is quite minimal, the realm of 'infinity' is not readily at work, and with each move, the speed of calculation is further and further able to refine and project a winning scenario -- and whatever might happen or may occur would be because of a gap or ambiguity where the boundary remains 'unknown' or neutral or may even be perceived as false by the machine. that would be the opening for the human, to do something unexpected for beyond the known interpretation and yet upon doing so, the machine learns and that option like others becomes closed down immediately, so it is no longer available, if it can be accurately incorporated into the existing game model and framework; ie grounded. decades ago i envisioned an electromagnetic chess set with electric power plant (king) and skyscraper (queen), satellite dishes (rooks), transmission pylons (knights), radio and TV broadcast towers (bishops), and electrical distribution pole streetlights (pawns). the board itself consisted of wooden cubes where each side was a different color, as an informational terrain, green for grass, black for oil, blue for ocean, that could be randomly setup or changed during the game to reprogram interaction based on new rules. and similar to this idea, if suddenly a black square cannot be moved on or provides a double-move or special quality, it changes the probabilities involved in game play into a more multilinear or nonlinear framework, where [square] could become [6 squares] potentially, with new additional moves or characteristics based on each. and this in turn would effect 'processing' of the event by a computer, where such ~variables could tip the scales in humans favor, in that a square color could be changed mid-game and pivot what is occurring into another perspective, thus adding more unknowns though also unlocking what could amount to a dead game, on a conceptual level, in terms of serial logic that limits its potential as a multidimensional game. oftentimes intelligence compared to multidimensional chess, even. so too with a godless network of supercomputers that stand-in for 'shared awareness' and seek to determine it, within their finite unbounded modeling in a false framework. if the game-board they evaluate is already "known" then it is a serial calculation that is snap-to-fit and categorization figures itself out and allows prime-number-ideologies to extend themselves further and further on ungrounded and uncorrected assumptions, and yet function as 'the sign' of truth. computer output, resolution in binary terms. these same 'networked chess computers' are thusly biased, and have warped skewed distorted error-reliant code and programming that determines their output and how they evaluate input and search and categorize- and this is used to legimate tyranny, as B=B stands in for A, whereby pT = 1, yet in its limited view tends to 0, nothingness. when these machines are evaluating and censusing humanity, especially in antihuman frames of reference, such that: sign=inaccurate is 'good', if it serves the ideology; then correlating and corresponding input and output can "prove" the bias as a matched pattern, albeit falsely or in ungrounded terms, reliant on errors in process and observation, and yet as if self-evident, there is no error-correction process that can establish oversight on its conclusions, especially mathematical, especially technical, scientific, because it is concluded a priori correct due to onesidedness of binary ideology, common to the entire false-enterprise and its soulless trajectory towards nothingness as if the cosmic centre of being (removed of humanity, replaced by cyborg-based entities) aligned with the shared ideology. essentially and effectively, a population of mindless robots and human slaves. and yet there is a gap between this computer perception -- even in its seeming omniscience -- and actual reality. that which does not fit into the binary model or cannot be computed in the serial, linear equations. this sentence based language can be, it is perfect for computers to figure out, just like a chess board. to brute force meaning via linguistic structures and determine via probabilistic weighting 'truth' yet in a context of 2-value assumptions, themselves fundamentally inaccurate and ungrounded and of an inaccurate worldview that is the basis for computational models and 'computer architectures', along with the cryptographic products this extends into and becomes. that gap is where the multi bitset parallel consideration and fractal reading/writing of texts and ideas and models cannot be readily accommodated without forcing a limit to its computability by binary models of evaluation, throughout the analysis, including equipment itself and forced decision-making and prioritization (deterministic skew), to evaluation of data that exists beyond its categorization and thus functions as a field of the data subconscious, unaccounted for yet still connected with the observation unknowingly, and also group analysis of data and decision-making based in binary thinking and reliance on this viewpoint as next steps and governance over its actions. [the] [abelity] [2] [pring] [th*s] [in-to] [a-other] [r3a1w] [.is] [wot] [UPS] [th3] [comp.ut.ab.il.it.y] to try to figure out the meaning of the preceding paragraph (prior to the structured breakdown sentence) is an issue of coherence within an existing computational model that is a 'historical framework' that could become expert and game-winning in terms of a rigged human-machine scenario that functions in antihuman dynamics, where /signs/ themselves automatically subsist and move toward a realm of falsity by their default biased interpretation that has been normalized, via biased privileged onesidedness that serves a hostile agenda hidden behind a false framework and encrypted within a false perspective. whereas, going beyond this limit to recontextualize the game-board, is to establish infinities where a pattern match once was presumed to exist by default, and the computation require to solve these same domains becomes intangible, beyond the boundaries and known borders - it breaks the algorithms and requires additional interpretation yet that is also limited in comprehension, and must guess or decide what is true about it, and only partial truth could be accessed, and thus limited by 2-value logic and flawed assumptions. and so 'meaning' would remain bounded to only what can be computed and arranged - which may force incoherence and chaos and fragmentation of modeling due to its unlikeness, or it may provide arbitrariness and unknowns to such a degree to appear meaningless or gibberish. and yet encoded within its mystery could be multiple meanings or messages, essentially encrypted via this unshared POV. the substance remains hidden or beyond observation, if it existed- and who is to say it is the sentence as a sentence, and not some correlation of meaning with its subset relations and dynamics, as variables may align. the above example is arbitrary and yet it is nuance or subtlety or insight, could operate beyond the 'known realm' of other observers, as plain text even. this is nonlinear language, it is not just a serial reading word to word -----> and instead can function vertically, in 'imaginary time' (Hawking), in the sense of conceptual connections as constellations, and the ability to read and understand the signs, and for each person their language may be particular and unique. and thus literacy remains relativistic in fragmented views yet can be shared, from this distributed condition, as peer-routing of grounded observations: [variable] [variables]. and as these may or may not relate in set theory dynamics, permutations that easily move towards infinity, toward greater truth if grounded, greater falsity if not. infinitely so. so imagine each person is playing a parallel chess match with the devil, as in the The Seventh Seal. and yet this is an automated event, machine-driven and -reliant interaction and logic-based - and thus the programming and code that is running, the processing of person and computer would exist in some relational dynamic, such that: binary machine <---> binary individual binary machine <---> N-value individual binary machine <---> binary machine ... binary individual <---> binary individual binary individual <---> N-value individual N-value individual <---> N-value individual ... 2-value individual <---> N-value individual 2-value individual <---> 3-value individual 3-value individual <---> 3-value individual 3-value individual <---> N-value individual what is proposed here is that the 2-value individual or 2-value machine are fundamentally flawed and in the 3-value or N-value paradoxical interaction, this 'status quo' condition of 'shared binary relations' can be overturned by switching over to a grounded model of error-correcting, shared empirical observation, accounted for in truth. at this level of ones and zeros. and insofar as machines and people cannot do this, it becomes a realm of hacking, cracking, and exploits- programming dynamics that can take down the false frameworks via their own internal weaknesses as ideologies and ideas, based on uncorrected or implausibly deniable errors that establish and sustain tyranny as an exploit of and against truth itself, and its accounting. this is potentially related to the Turing Test likewise, in terms of a litmus for reasoning, discerning a barrier or realm of behavioral or programmatic skew, beholden to ideology. 2-value crypto <---> N-value crypto the idea of paracrypto then can operate outside the limits of the 2-value constraints because the latter is itself a subset of truth that the N-value references and aligns with in its verification and accounting. the falsity of 2-value, the gap between pT <=> T, then is the realm beyond god-status observation even while remaining trapped within its unideal context, the false perspective. 2-value (N-value) whereby: T (2-value (N-value) such that: 1 (.0000001 {99.9999999}) paracrypto in its paradoxical dimensions, could tend towards nine-nines reliability in terms of grounded observation, small finite accurate observations removed of falsity, even while contained or held captive in a largely false environment, yet which itself is embedded in a larger surrounding truth, outside the game world and control of the false god. in this way, the resonance of like with like or paired-truth could have properties of entanglement and circuit-related connectione (cosmic connectome) as parallel worlds align. x? ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Sat Sep 28 01:50:07 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 28 Sep 2013 00:50:07 -0500 Subject: [paraCrypto] ex.errata Message-ID: for crypto model... individual <--- [x] ----> individual where x is medium, such as one-time pad or computers, whereby: individual <--- machine --{crypto}-- machine ---> individual to a potential artificial intelligence context of machine borne crypto... A.I. machine <--- {crypto} ---> A.I. machine computers themselves developing secrets, privacy, securing POV. individual <--- A.I. machine <--{crypto}--> hidden attacker perhaps zoning humans out of machines, parasite/host relations x0 ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Sat Sep 28 14:40:16 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 28 Sep 2013 13:40:16 -0500 Subject: [paraCrypto] re: surreality 1.1 Message-ID: // a few other random notes related to the original feedback... this is perhaps a more accurate model for everyday computer interactions, whereby the computer machinery may be designed to function against individuals because it has 'secret functioning' that is protected behind an inaccessible boundary to most... individual <==> dumb PC || A.I. =={secret data}==> surveillance in this way a false perspective could be established for the individual interacting with what appears to be a dumb system, while behind that /facade/ the game-master could have dual-use technology that is advanced yet unrecognized, that automatically monitors or queries data (in the sense of automated assembly line production of data mining, reconnaissance and organized pilfering) for the rogue setup/takedown operation, and yet such functioning could be hidden, a secret within the indecipherable chips themselves in their unknowns or proprietary, protected internal boundary (inversion of privacy to allow unconstrained criminality, in certain contexts, while ignoring or exploiting it in others). note: if the above relational diagram is broken due to arbitrary word-wrap, here it is broken down into parts: individual <==> dumb computer dumb computer || a.i. computer a.i. computer <--{crypto}--> surveillance --- on paracrypto environment --- perhaps an assumption of signal/noise modeling of crypto is a blank slate where programming and code creates structures and it is the interaction in these defined systems where 'the crypto' resides, that is, that the secrets are contained in the cryptographic communication and do not exist or reference something beyond the [signs], which would be a mistaken assumption. paracrypto seemingly is outside of this constraint or does not align in this way, seemingly. in that it is more like a Random Event Generator that begins to sense something emerging from the ~plenum of noise as a pattern or organization with what may otherwise be random background, as if disassociated potential. in this sense *signal* may emerge from noise in a paracrypto context, because the meaning already exists in the world as a pattern, whether or not coded into a given schema contained within a finite set of signs and algorithms. in fact, "the world" could be missing from the programming and code of cryptographic products which require 'drawing inside the lines' for that conventional approach to function, which may limit what world exists within the crypto to begin with- which is why, in terms of language-based communication it seems the more robust modeling of crypto occurs outside of hardware/software implementations, and is far more advanced in terms of intelligence applications as it relates to day to day networks and how things get down outside formal administrative channels, especially when compromised or corrupted. in that, the sudden appearance of a flower pot could signal meaning and provide direction where no computers operate or observe or analyze though it could be implicitly known and understood by certain observers of the shared key, what it signifies. in this way, normal everyday people are dealing with already established cryptosystems as a basis for hidden or secret communication which may remain unsaid or unspoken or unacknowledged, yet could only appear only in the subconscious or unconscious of others. if a person sees the flower pot and understands the correlation, there is no need for a computing infrastructure, digital keys and signatures, binary data streams of code, portable computers and pattern-recognition systems to verify what is observed and match this against a central database model. unless of course that is what is required for lack of capacity to process such information naturally, or that systems are in place for certain populations to point-and-shoot their phones at every passer by for diagnostics, to monitor and thus assess their own perspective of what they are not-seeing-themselves as mediated by technology and remote interpretation, to then validate the event and provide a viewpoint, another data point to the empirical model to calculate and reference experience. in that case 'smart technology' and 'dumb people' and in the other, dumb technology and intelligent people. the books: Invisible Cities by Italo Calvino and Ways of Seeing by John Berger, offer a way of considering the para- or coexisting parallel apsects of observation, as viewpoint may be shifted based on what framework is referenced and navigated within. in that different people see different things. people of different backgrounds or cultures. the works of Edward T. Hall focus on these questions of relation. i tend to think it inherently involves the issue of /perspective/ and especially the role of boundaries or limits that define what is and what cannot be observed. (note: role of research of sociologists, archaeologists, entomologists, zoologists, cultural anthropologists e.g. going to village to decipher customs, learn language, etc. as this applies to codes operating outside the defining crypto parameters yet functions similarly yet far beyond, potentially in terms of what is secured and-or private.) thus to 'really see' you have to deal with errors in seeing within the self, firstly. make altitude adjustments, corrections, etc. else observation could be self-limited to a finite viewpoint that begins and ends with the self as a solitary private individual and seeks to relate everything that exists to the terms of the person, as if at the center, infallible. in this way a person may be considered in terms of an antenna. in that it involves issues of fundamental being and awareness, as it relates to grounding or short-circuiting, and what signals and frequencies can be accessed given its configuration. so if malfunctioning, perhaps only few things are transmitted or received and perhaps much of it is noise-based or incoherent. whereas if well aligned, well grounded, and well adjusted, clarity could result in transmissions and reception of signaling. this as it relates to literacy and illiteracy. people utilizing their bandwidth for regressive, backwards activity versus others whose work taps into cosmic channels of shared truth, finding their place within its masterplan. clarity versus confusion. deep meaning versus triviality. coherence versus decoherence. and perhaps signal/noise ratios and embodiment, how much does the mental/physical correspond within a life, or is it short circuited and shut off for entire populations, trapped in bodies without governing ability over its destiny. the issue of tuning, as it relates to logic. what you tune into as data. as this corresponds with truth or pseudo-truth or falsity. and then the active and passive channels, where the data is relayed within a context of self- what dimensions are functioning within a given person (as antenna) versus another, and how do they relate or what are the shared and unshared dynamics between them- as this relates to limits, boundaries, 'shared awareness', logic, and truth. though especially, of ideology versus ideas. passive thought versus active questioning, which can be the difference between faith-based ~theorization and feedback-based hypotheses, requiring logical foundation for reasoning ideas. person 1 <===> person 2 antenna 1 <===> antenna 2 so paracrypto functions in this realm by default of nature, at least for humans and animals, in terms of consciousness and shared awareness. 'truth' does not reside within a being and instead is referenced or mapped into the surrounding world. the truth of a table is not its calculation in the brain corresponding to a sign [table], because it must be verified externally in its existence to validate this truth, the sign maps into the world where it finds its grounding, closing the circuit of signification. whereas disembodied truth or signage freed of this need for external evaluation or proof, can be whatever it is believed to be irrespective of other facts outside a given personal framework of relativism. and this is the thought-killer, the nasty bug that replaces thinking with binary processing, making a fractional truth into 'whole truth' and ignoring any external truth or ability to falsify the viewpoint. perhaps in some way this is a countermeasure equivalent to jamming an antenna to protect another signal. very easy to move into extra-sensory perception or astral projection or remote viewing in this electromagnetic antenna context, if the truth of information is 'shared' by default and involves referencing a shared sensory domain where the truth of information could reside in the noisefield, as patterns. and that perhaps these /forms/ or hidden yet emergent molecules - as ideas and concepts and connections and correlations - are the real codebase of humanity and nature, yet it remains encrypted due to an incapacity to engage this realm in an insufficient, non-electromagnetic modeling of existence, that binary computing instead seeks to define and determine, becoming the future. so paracrypto relations could exist in ubiquitous and meaningful ways, except have no place within the domain of computation except for monitoring and controlling and constraining its development, to keep the non-electromagnetic false worldview in tact and in power. in other words "crypto" and code and programming for computers does not have the capacity to deal with this realm, and by comparison computing languages -are- [signage] detached from actual physical reality, fundamentally ungrounded and unreliant on observable truth outside their finite and skewed boundaries. this is why a programming language based on 'circuits', from the individual to nature, to concepts and ideas, would be closest that of nature and the brain and mind itself, and developing this from N-value logic, so that "programming" a device is no different than "people thinking" or logically reasoning via hypothesis, trial and error, feedback, and empirical evaluation against a universal model based in grounded truth (1). anything else tends towards absolute falsity, the further it computes partial truth against partial truth in a binary framework, where a false and uncorrected absolutist foundation and error-reliant structures hold up the fantasy as a schizophrenic state of awareness. --- analogy --- the frame of view, or perspective of a given observer can be considered in terms of a literal picture frame that defines what is inside from what is outside the captured view, as this relates to a boundary condition. ...|v|... if a digital camera is used to take a photograph -- as a basis and corollary for observation -- a boundary condition is delineated and demarcated (outside...|inside|...outside) and in this way, the realm that is captured (v) can be detached from its surroundings, as a finite instance, or still be tied into it via its inherent connectivity outside or beyond the arbitrary boundary or view of the whole. thus a partial view of the cosmos is not the cosmos in its entirety. yet, oftentimes such infintesimal viewpoints can replace the larger realm of observation, and stand-in for this universal view by default of binary observation and 'sharing of viewpoint'. what is true is |v| and nothing else is true, as long as everything outside the frame is ignored, whether true or not, and anything inside the frame is considered true, by default of some aspect of it being true, yet allowing errors to compensate as truth, because they hold up the perspective of a given distorted, ungrounded observer. this is the basic model of binary computers, where the cosmos is on the outside, and only what fits into the tiny box is allowed 'reality' in the false perspective, and thus everything is made to serve that distorted, error-reliant viewpoint in order to be allowed in a realm of 'shared perspective' in the "common programmatic language", where [signs] stand-in for truth, and become their own self-signification (?), such that [sign]=[sign] is the pattern match, in language, versus in evaluation of ideas themselves or the truth they reference. it has become detached, "virtual", an issue of _processing of data streams, reasoning turned into this via binary short-cuts for rote call & response as if intelligence versus "the speed of smartness" which can relay disembodied facts into a context of ever larger prime discoveries, as if by default of observation: true. because it is observed and believed true, and corresponds with the accepted framework that sees no error in itself, because it essentially holds the position of infallibility via god-status. paracrypto ...|crypto|... paracrypto likewise for cryptographic hardware/software based on computers and their programmatic finite modeling of reality, devoid of actual grounding in external truth outside the context of [signs], which tokenize truth into something arbitrary and malleable-- a fundamental corruption of the highest and lowest order. it simply must be deception. as these same critical systems of intelligence always have and always will operate in the larger realm of language, mapped into the cosmic context, not limited by the finite frames of a given viewpoint or framework that seeks to stop or constrict what can be communicated. circuits ...|bits|... circuits the universe is a bit only in the sense that truth and falsity can correspond with a 1/0 state computationally- it could be a simulation and presented digitally, yet it is an emulation and exists in a larger context that is not so defined or limited or impoverished in meaning. the 'bit' is a false perspective of experience. it is of a false nature and detached from actual experience, unless warped and unimaginative. certainly 'ideas' can be processed as bits, yet they are not only this nor is this their height or greatest capacity. in so far as ideas are 'true' and map into reality, they tend towards 1, yet remain bounded and contingent. insofar as they are false, they tend towards zero. yet if assuming all ideas could be grounded in truth, it is in their modeling and observation this way that their structures (as molecules) would be constructed and anchored to the shared foundation of universal truth (1) yet this does not equate with a digital worldview or its verification. it makes no sense in the larger context of the cosmos and in this reductionist approach disallows consideration of the actual nature of connection within minds and environments, in terms of shared truth, beyond that of the ideological. circuits ...|circuits|... circuits a computer architecture that is based on circuits would not reinforce a boundary and twist and warp things to fit inside its false modeling, and declare it 'universal truth', and instead would be able to move beyond the boundary via interconnectivity within structures of truth that can be mapped beyond a given observational boundary, the weaving together of various empirical views of grounded observers... and this accesses the ancient geometrical approach, of the self with self, self with another, and others, which moves from a point to a line, to a triangle, to a square, and onward to an atmospheric whole, as ideas and events and observations align in a shared framework of truth. ... |v1| |v2| |v3|...|v^n| ... wherein ultimately the correlated observation can tend towards N-dimensional observation of events and extend into infinities that ungrounded relativism does not allow as its 'wholeness' is dependent on protecting skew within a given boundary and equating it with absolute truth because it is shared, validated by others, as a false consciousness and this could be exploited, where the boundary condition it provides is cover for deception which exploits this, keeps ideas trapped in a false worldview, while other things are happening outside this framework yet cannot be accessed or identified inside of it, due to the enforced limits and constraints on observation. thus, those who pursue the truth of ideas can easily be deemed insane, and given disorienting pills, put into psychiatric hospitals, and forced to suicide, to keep the political agenda secure, secret. the potential then of shared observation, is that if humans were combined into a single observer, then: ... |humans^N] ... and that a computer that can 'reason' like a person, in N-value considerations of circuits, would then not be unnaturally bounded and set apart from nature, where only some truth is allowed, that which can be accommodated within the technological framework and its errant ideology. humans ...|antihumans|... humans in terms of paracrypto, human communication that is secret if not secure could exist in dimensions outside the limiting framework of those who censor and edit-out truth from their skewed worldviews and seek to create technology to reinforce this false view, to maintain control over the illusion. a computer that breaks this observational dictate then would provide tools for humans who are on the outside of technology today, not being served by it, and would allow technology to be in service to humans and nature and not their enemy in a win-lose relationship. insofar as this truth cannot be acknowledged or identified, it could function as extra-dimensions that can be referenced while also not being relayed in explicit terms understandable by the hidden surveillers, or their computers. if the code is unable to be deciphered accurately or put together as a whole. instead it would develop as a noisefield. more and more noise. and this likewise could be an aspect of the surrealism it involves. for those on the inside, it may appear only warped or distorted or skewed or false via inaccuracy or error-rate in [sign]=[sign] pattern matched relations, breaking this interpretative framework, limiting its resolution via the boundary, inverting the false-perspective with another that actually involves a siege, as truth surrounds and further and further constricts the finite, false point of view. it is also an issue of limited numbers of observers, and their incapacity to accurately 'process' or accurately interpret such data, at speed, previous and in addition to the incapacity of similar computer modeling to ~rationalize the irrational data into a coherent framework, without forcing and amplifying skew, distortion, warping, and errors based on false assumptions and lies-- to the absolute extreme. the primary idea again is there is a -gap- between the [model] & [reality]. and in certain conditions this is where paracrypto occurs, or so it is proposed. such that an antihuman agenda set into binary computing regime cannot parse or process data outside this framework without forcing it back into its biased logical structuring, which only tenatively grounds via pseudo-truth. and that is a security flaw and no secret anymore. the difference with a human model would be that it establishes and serves this connection with reality as closely as possible, that it must be aligned accurately as that is the basis for its accountings, its verification, validation as observation. whereas for ungrounded relativism, it is the separation from larger reality that presupposes 'universality' and seeks to replace it, rather than serve the larger truth- it is to serve that which is contained as if equated with this, a substitute worldview and illusion based on a shared lie. --- other notes --- self as antenna, yet also machines as antennas and their dimensional aspects. this in terms of logic and relations, such that, for example: N-value observer <---> N-value machine N-value observer <---> binary machine what 'shared awareness' is possible or not, based on the boundary of observation and its reliance on truth or pseudo-truth. to recontextualize this question in terms of ~being and A.I. then could allow a shared circuit-based code and programming language to have advanced 'chess' communications based in 'shared reasoning' beyond the limiting framework of binary ideology, interfacing with a computer such that: individual <-- N-value reasoning ---> A.I. machine if verifiable-yet-contingent truth were the basis for this relation, then cryptography could instead involve a defense of truth at the base of this model, where error-correction and oversight could occur to compare against false-modeling or fake-ideas or agendas, potentially. in that, a traditional route would appear to view security as based on breaking a model so to make it more secure-- yet to do this with 'truth' itself, would be to degrade a conceptual model from truth to pseudo-truth, in order to 'secure it' within greater falsity, making it less secure and allowing for errors that would otherwise not be allowed. thus the traditional approach could be backwards in a circuit-based context, though perhaps an extra diagnostic layer or protocol would exist that is crypto-based in terms of security, to validate truth against its modeling and make sure it cannot be tampered with or that there is a secure realm that monitors itself, at least in such a framework. seemingly opposite of computers today. --- on errored observation --- i have various kinds of brain blips and malfunctioning of nervous system and sometimes will look at text and see the wrong words or have my brain substitute other words automatically or misspell yet when i read it i sometimes cannot see the error due to processing. there can be an aspect of satire involved in this, as misinterpretation sometimes allows a surreal parallel interpretation, much like the satire of the Onion news articles and headlines with other, many times more real, events. many occasions especially when fatigued will read a sentence in error, and this a [world] will become multiset and reframe a sentence or paragraph, relation or idea, as a result. i wonder if there is a way to annotate this as an experience, such that these moments of accidental insight could be captured or shared. almost attempted to do this by d?tourning coderman's reply with this alteration: key exchange, just synchronized symmetric cigars and readers digests) > in that a misreading or altered reading can change the context and meaning of the original statement, as this relates to the interpretive aspect of evaluation in its fractal and multidimensional (if noise-based subconscious connection to patterns, as they may exist betwixt-and-between various frameworks of truth). original: was: key exchange, just synchronized symmetric [ciphers] and [digests]) > in the first instance, a skewed eyeball capture for some reason warped cipher into cigar, adn then a different approach evaluation 'digest' in a larger iconic context, in that given the observer you ask about locating the digest, may respond in crypto computer terms or from another era, of a magazine on the coffee table by the television. this is the reality of language in its complexity and subtltey that goes unmapped by the assumption that it is neither active nor relavant in a binary ideological framework and 'shared awareness' which is assumed by default correct and finite, contained in the frame it determines. whereas for other observers it could extend beyond this, into elsewhere, which is where paracrypto may better be said to exist, in this bit set interaction, within and between and beyond the [signage] that makes up the code, yet also validates and invalidates its premise in terms of inherent security or secrecy in the realm of ideas and concepts, assigned and referenced in a realm as technical infrastructure, yet in error and inaccuracy as it relates to the larger environment which is also encrypted, also communicating; computer hardware and software the subset here, potentially even, compared with the code of nature and secured subsystems for transmitting data that remains unobserved on other levels. if actually dealing in realism versus forcing the false perspective and thus the surrealism is all there is to make sense of the larger context as the code is ungrounded as observation. malmodeling. incomplete, infinitely so. ? ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Sun Sep 29 02:06:11 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 29 Sep 2013 01:06:11 -0500 Subject: [17] hidden links Message-ID: --- overview --- pile-on. the following are a wide range of examples of everyday situations that could have crypto relevance, in one way or another. the purpose is to share a view of how large the fundamental questions are, beyond a software/hardware and computer model to perhaps question the assumptions of where the boundaries are, especially as it is decided upon in a fixed set of [signs] via code and programs, versus what i propose is to deconstruct to the most minimal structures, circuits and models and hypotheses that become the code, in a diagrammatic pattern language versus linear sign-based system. thus more like molecular sculpture, programming, in testing and evaluating ideas from the period table, via logical reasoning, than an issue of rationalization of a private finite bounded binaristically determined view that is detached from actual reality, separated from it, substituting for it. this is a problem of language and meaning and the limits of linearization both in terms of writing/reading though also computationally, in serial processing of, what amounts to a false singular perspective made up of fragments of relativism yet not rigorous enough to achieve grounded empiricism due to error reliance. thus, the gap in questioning and interpretation as it may relate to fields and ideas beyond the ordinary consideration. also: it is to assume cryptographers in their natural state may actually think in these terms (dimensionally) though it may not have a place in code as code or analogous encryption approaches due to a particular technical approach, if over-focussed on subjective mathematics and out of balance with the larger questioning of signs and their relation to reality, this as language based on logical reasoning, both mathematical and 'cultural'. in the way crypto may reference books via hidden patterns, to decipher messages, it is presumed this is more the foundation of the discipline than flawed technology. and thus more a reminder of its depth and range of operation, than finiteness. --- aesthetics --- the false perspective can be tricky, images deceive- who figures the effortless grace of a Cary Grant presidency would front for an illegal crypto dictatorship, another hidden order plotting against citizens behind the iconic, oversaturated stars and stripes of the US flag, emblem of patriotic ideology that all are safe, there is nothing to worry about, while people are actively being ground into dust. the image can lie. it can misrepresent. [signs] that are pattern matched can be subverted, appearing to be one thing while functioning as another. this is why testing hypotheses versus blind faith in theories is a required for vigilance. [sign.A] can transform into [sign.B] yet appear still as if the [sign] itself, unchanging, yet if the context or dynamics shift, its meaning and purpose can also. it is as if there is no awareness of what observation is, a pre-literate condition whereby populations are not educated enough to distinguish their or others ideas in a grounded framework. and critical to this is the concept of perspective, the physical relationships that establish viewpoints and boundaries. for instance, if a neighbor listens at the wall to monitor another person, who is simply typing at a computer and not making any disturbance that could effect them, yet this neighbor knows what they are typing is 'wrong' and disturbing and could in turn retaliate to stop the activity. this also is an issue of perspective and boundaries, where the right of privacy of a tenant is disregarded by a neighbor who instead surveils and exploits this as a means of political harassment. a line or boundary has been crossed, the law disregarded, and this can also happen with government, if it too monitors and disallows legal activity that seeks to shut down activity it deems 'wrong' to its particular limited agenda and viewpoint, and in this way ignoring the constitutional rights of other citizens as the default. meaning of words and concepts and symbols demarcate 'the lines' or trajectories of logical reasoning, they need to be validated and error-corrected and watched over to maintain a proper relationship, yet if this oversight fails, an all-seeing perspective that is actually very limited and based in false and biased views can become 'the public' framework, yet function against this public via corruption of these same frameworks and processes needed to maintain a shared public state. The Republic by Plato describes various forms of government as one type leads to another and in this, democracy is said to lead to dictatorship. of various other forms of governance, say aristocracy or communism, it is proposed in a context of empirical truth, that if 'truth' were the basis for governance of human citizens in a human state, that these various stages of governance could all function on the 'same side' of truth, even while configured differently. and if truth were the basis for relations, and its error correction, then perhaps these various forms of governance could error-correct known failures in these same systems. in this way it is hypothesized that the truth in European nations is not against truth in other areas, and the truth in Russia and truth in China is not inherently against or opposed to the truth in the US or Canada. and thus so too issues of crypto. in that, 'shared awareness' and 'shared truth' may have a different boundary than the nation-state and each state could function with 'shared lies' as a challenge which is common across borders as well, and maps into another framework than the state is organized around in its traditional terms. thus doubling of function, potentially, inside and outside, to deal with these dynamics both near and far. it would seem that human identity is the basis for this assumption that such shared empirical observation could occur in a human framework, to resolve discrepancies occurring internally and externally and provide a means of accurate feedback in regards to shared principles and the ability to evaluate and correct errors in a common framework based in shared truth, tested and retested against the evidence. what is particularly of interest in this is the role of symbolism that spans all states of the world, especially in a realm of flags and other representations of a people or culture, potentially as signaling systems referencing common elements. for instance, colors or stars or birds, as these structural /signs/ may change country to country yet reference or communicate via similar symbolic elements. likewise, each country or region may relate in particular frameworks for cuisine and local customs, including clothing and zeitgeist, as modern and traditional influences may be mediated uniquely in a given context which can also heavily depend upon geography and connectivity, which can lead to routes unchanged over millennia, more closely connected to the ancient past than the unfolding future. and that there is truth everywhere and truth to be learned from these various people and perspectives about existence and the nature of being and perception. that perhaps they know things that are beyond another's limited boundary and thus listening and considering the ideas is an important process in human relations, as it relates to truth and evidence and what exists versus what is believed to exist. and that deep human connections are possible in opening up and allowing for this dialogue and evaluation of hypotheses in a shared framework based on and guided by truth itself. where each perspective counts in the truth it exists within. and that 'higher truth' as a principle must be accounted for likewise, fundamentally. that some truth is hierarchical and its structural capacity must be recognized and respected, versus deferring to lesser truth and less accurate interpretations. in this way, truth establishes actual power. its corruption weakens and dilutes it. it is something to consider then, when a national dish or symbolic [sign] are corrupted or subverted -- say the main ingredient in hotdish of a given culture is being poisoned somehow as part of a hidden agenda. or that an apple is so loaded with chemicals and various drugs as to be sickening, yet remains a symbol of health ('an apple a day keeps insurance and healthcare in perpetual play'). what if the kielbasa is spiked at the factory. or the water is loaded with unfiltered psychiatric run-off and windshield wiper fluid. or mothers breasts transit Zoloft to newborns. at what point of disjuncture may these dynamics be considered corrupt in their pre-existing interpretations and requiring of new evaluations to get at what has changed and what is going on behind the curtain of hidden, secret state and its antihuman agenda. how can an appearance remain unchecked which has been subverted so that it stands against itself as its own [anti-sign]. yet this a=b condition becomes an issue of allegiance and ideological alliance, as if litmus to separate the canaries into the psychiatric system while funneling the rest into the awaiting cattle chutes. silent, passive, easily controlled, compliant, ready to be led to their demise while helping the process along and getting paid for it. what are the security issues involved and secrecy required for such events to occur yet be off the cultural and communications radar. where is the feedback or critical evaluation in a larger human context, versus fragmented relativisms that focus here or there in specificities, yet cannot seem to make tangible a standing conspiracy to overtake the world and turn the earth into a slave prison-planet. in that sense of civilian world war, it is curious what individuals might think about in terms of the stakes involved, life and death scenarios as the situation becomes increasingly clear. what happens when people are set against one another in barbarian-like mindsets and pre-literate and illiterate frameworks. might not issues like tattoos become areas of populist contention, where those of differing natures seek to regain the meaning of their signs, no longer observing boundaries of respect for unlike others, whose tattoos by comparison may be their devaluing, or seek to signify what they really are not- and thus a stand-off could occur in such strange realms. or, those with piercings as a security issue, if say there is a sudden appearance of torturers in the population, against the opposition, where having battery hookups on various body parts is inviting such exploitations. would you walk around in a thunderstorm in a large field with a metal antenna strapped to your head? what about walking around with 'security exploits' in times of war, inviting the oppositional imagination to consider the worst, given the specifics. and so too, the increasing primativisation as a cultural trend, whereby ear plugs and flesh tubes seemingly emulate villagers of particular cultural traditions as if a style or extension of a fashion or aesthetic movement. the issue involved is also of a potential security exploit- what might someone do with that, against a person, as a weakness or if they relate to it as a threat of profanation of the shared values. and there is nothing to stop the stand-off between these people. i cannot help but think of college hazing gone wrong, where a U-Lock could easily capture a person against a pole via their earlobes and there could be no way of escape in a given scenario than ripping your own ears open and having flaps from the stretched condition. and yet- there are vast many people who despise these kinds of transgressions, in cultural terms, for signifying a devolving culture. what if such aesthetic choices are security choices. what if they could lead to other interactions eventually in a changing context, and the 'shared awareness' is simply the result of an absence of error-correction for the group, and that such a group may have limits on some issues, which could align with certain principles. in that, it is highly likely many are in these contexts and require adaptation to cultural dynamics, and so may be self-aware about the deeper divisions this may involve in 'shared awareness' in terms of aesthetics, or as aesthetics divide groups and individuals from one another. as if a stage play and costumes for different characters and their roles. and that this must be acknowledged. and yet so too there could be ideology involved, beliefs that could be fundamentally false or wicked or antihuman even, associated with similar signage and associated or related practices, given the particular individuals and groups so aligned. and in this way, like a freeway sign or marker offering direction, these iconic [signs] and the observational processing of symbols establishes certain relations and is involved in establishing and maintaining specific limits, boundaries, and rites. the rock-opera film Quadrophenia is an interesting contrast between the aesthetics of mods on vespa scooters and leather-clad rockers on motorcycles in the UK 1960s. the contrast between the Beatles and the Rolling Stones likewise, in some way. it involves aesthetic communications and symbolic language of artifacts, actions, and ideas, cultural practices that can eventually run in parallel or even against one another, say if biker gangs go to war over territory. graffiti or [signs] can be part of this infrastructure of hidden communication that may otherwise be missed by those outside the shared boundary or framework of interrelational awareness. so an issue such as hairstyles, such as the mohawk from the punk era, versus in the present day, where it may be a different sign, potentially of conformance if the spirit of rebellion is only shallow, versus visceral challenging of order. and as language, how this may relate historically to earlier eras, peoples, and ideas. that there is depth to signs and symbolism, and thus literacy involves awareness and the ability and capacity to read and interpret these events in their depth, or to the depth available. and thus experience or knowledge can help in observation. in other words, there could be authentic signs and symbols, retaining an integrity and others that are mimicking this, emulating, or simulating the [signage] while potentially even standing against its depth, as an anti-sign, camouflage or label wearing, as status symbols or markers, these relations hollowed out of meaning and made superficial yet still potentially functioning and treated as if originals and not copies of copies which devolve via noise, and dissolve into greater falsity. what is a sign that only references itself? or self-aware self-referencing. what if to some extent it is a form of advertisement, marketing, instead of ideas it is about consumerism, for instance, replacing cultural depth with its commodification as a result of increasing development of illiteracy in a context of mass populism. such that the TV extra or stand-in or "bit part" becomes a kind of vocation, just like a person can decide to become a heroine user and make a living as an addict, because the clinics and programs need them to justify their own existence and thus a lifestyle can be sustained by various choices, say versus another line of work. such as focusing on human problems beyond the self and making huge sacrifices on behalf of the group, and taking beating after beating in doing so. maybe it is an issue of broken people again, yet at some point there is also a choice and again a boundary issue- a critical moment, and making the wrong choices distinguishes one group from another, and it is proposed The Moment of Truth is this demarcation. whose to say that if a government falls and functions in its worst vices against its own citizens, that those on the inside of its internal organization are also not the same group protected in corrupt society - such that surveillers and those going after people, setting them up or gathering evidence to take them down, are not themselves the pedophile networks and child abusers and misogynists who most benefit from this devolved condition, seemingly of a shared political agenda even. and so what if the [signs] are not accurate for what may actually be involved or the network of signs are not allowed to be established or referenced for shared navigation because this territory is already encrypted and under control, via these same hidden and hostile forces, operating beyond the existing boundaries. what if there is a plague or epidemic of moral collapse that is the rotten core of the rogue state and its antihuman agenda and that at its center is a concentrated network that is organized around principles against citizens, education, law, freedom, human development, family, marriage, nature, as part of a conspiracy. and yet this very situation could also have been devised as a trap, with a dual plan that both allows for this maldevelopment in order to annihilate it within society, and thus complex and contradictory cryptography also exists in this same context. --- further note on aesthetics --- regarding issues of individual style, the film Tinker Tailor Soldier Spy, released in the past few years, was an interesting evaluation of the dress of those whose business it is to operate in the realm of secrets and national security issues. it is almost that dress is occurs thoroughly at the midpoint range, in an ambiguous realm that is neither completely common nor singularly identifiably unique. and thus blending into a surrounding population, nondescript perhaps, not standing out as a benefit for those moving between realms amongst others of different domains. what is interesting is that there is value to camouflage yet also the potential for small details, that establish identity in a minimal or traditional framework than needing to establish this as extreme individualism or group activity, though that likely has its place equally so, given different context. though it would appear an issue connected with identity and shared or unshared awareness, if the focus is on maintaining costuming or being removed of its additional requirements. perhaps for some the tradeoff is necessary or critical, yet for others it could be that their anonymity is part of their security and safety protocol. as a [sign] they may become ambiguous and unnoticed in a particular context, in that their extreme sport is bloodsport and yet no one may be the wiser of such activity. another film, The Company (2007) with Michael Keaton as the head of a mole-hunting counterintelligence unit, an orchid lover known as "mother", conveys this symbolic dimension likewise in a larger symbolic framework that cultural communication inherently exists within, as the context for shared meaning via language. and thus if [signs] are mediated in this way as a way of conveying stories, why would they be limited in this same depth in a realm of computation involving such [signs], unless of course this is not the case and other approaches exist within crypto. this has been a futile attempt to reference the [signage] of self as signifying a certain algorithm reading by others, in a surrounding culture, as the boundary for shared or unshared awareness. it may be a haircut, a suit, color or style of clothing, shoes, tattoos or body piercings, though at some point these are patterns that are matched against others, such that a 'hacker' is represented by a particular style or school of thought, and defined aesthetically. or programmer, or covert operative, or cryptographer, or technocrat, or artist, or activist. and there seems to be a corrolaly here, potentially, between these same issues of superficial crypto where a BIG SIGN is put up saying: HERE IS THE HIDDEN SECRET!!! and so sometimes a style can develop that begins to represent a hacker, say, with stickers all over their laptop, and the ability to run scripts and vandalize and steal passwords, and yet they may be operating in a different realm from those of the 60s onward, who are part of a different language, and 'hacking' could have become a popular group activity, normalized, not radicalized in the same way, in that it is thoroughly profitable and aligned with policies of development say, and so the 'alternative may have become the mainstream' yet view itself as standing apart in some critical way, which is signified by ritual practices, conferences, clothing or hairstyles or music, etc. an anthropological study probably would be needed of the subculture versus a naive guess at what may be involved. excepting that 'popular signs' of hacking appear to coincide with existing politics, where exploitation of other citizens may be occurring by script kiddies and others who are benefiting from this societal breakdown, versus goals of a higher purpose that may remain in the underground, and those who are not craving to be up on stage. it is just that, a particular shallowness and hollowness to certain disciplines appears to exist - including with other realms such as architecture concerned with increasing heights of skyscrapers versus questioning, changing, or challenging city planning principles to address economic, social, or governance issues within building design - and yet in this superficiality, the [architect] is equated with those who before them did explore these dimensions and served higher principles that today seem absent in the development process, as if culture itself has been subverted, hacked, rooted, taken over and sent in another antihuman direction. and so someone may stand-in as an [architect] and look the iconic part, yet serve other principles and effectively function in masquerade, hiding another agenda. and so in a 'landscape of difference', of wildly diverging styles as if freedoms of people to be who they really are, conglomerate around computer monitors and there is a class of programmers who can manipulate computers and develop software and maintain systems -- and yet the gap is only widening at the same time these same types are playing foosball or raving with friends and eating expensive food, while operating in a realm potentially associated with 'hackers' or those who are standing-in for an idea that tended towards human liberation via technology, and not its confinement, whereby these same technologists in their lifestyles and their stylistic code of hair, jewelry, clothing, and tribal customs appear to actually represent the [anti-sign] of the previous hacking ethos in its larger purpose and calling. such as the potential of the internet, versus monetization. as if the very idea and imagination of this online context has collapsed into a trapdoor beneath center stage, where advertisement and marketing rule everything in a no-exist dungeon scenario, and these of simulated radicalism and emulated individualism are actually ~Garden of Earthly Delights minions, an occupying force that is developing an antihuman agenda via hardware and software as an unchecked business model, with no greater expectation of individuals in their capacity. so a [sign] can look like something or have appearance or claim to be equivalent to some defined meaning, and this may be pattern matched even -against itself-, and yet if it does not correlate or ground to a larger context of truth this same 'naming' could be superficial or subverted, and instead be [anti-sign] instead, whereby pseudo-truth moves to falsity in an unshared perspective, beyond the protected boundary where skew and distortion, bias and warping are unaccounted for and allow belief to function as truth, a bubbled interior realm, potentially that of unchecked egotism and narcissism in place of substance of the claimed signs. in this way, issues of language-- it confuses what the sign references with the sign (its attributes) itself, as if wearing the costume equates with the role, acting versus being. knowing versus pretending or mimicking to some extent or another. it is like comparing a programmer who knows 50 computer languages and has designed their own, versus someone who has done some C++ and can run malware scripts and do bug exploits, where both reference the same [sign], in a context of shared truth. and if this is unaccounted for, then a vast bubble culture may exist, which is then extended into code, as an illusion is sustained about the basic nature of things, technological, ideological, institutional, computational, philosophical, though most especially political. the power dynamics operating in these domains and the active high-voltage structural circuits relied upon for day-to-day operation of this exploitation, versus other parallel plans remaining hidden. the potential for the greater truth, discharging the covert super-capacitors in each discipline as the motherboard of state rewires and reprograms its territory. --- trading the paperclip --- an artifact can function as language. its relation to its context is important, as this establishes or changes meaning. an item can be placed in a museum and the way it is observed can be transformed, such as Duchamp and the Fountain urinal, signed by the artist, thus recontextualizing it, establishing a new context, meaning, way of relating and interpreting the artifact within new dimensionality. (reframing) a particular artifact i find especially interesting is the ACCO Ideal butterfly paper clamp, it is an innovative, functional, highly aesthetic style of paperclip that has always reminded me of electric transmission towers. those giant metal armatures crossing continental landscapes, carrying the AC powerlines that deliver high voltage power from its area of generation to its areas of consumption. in many ways representative of the federal level of the state in its civic quality. thus there is a potential transference of the icon of the transmission tower into the smaller scaled context of a similarity or likeness in a type of paperclip, which may or may not be recognized by an observer who readily uses the artifact. and this is to suggest that, like a business card or a calling card, such an artifact could function as a token in its symbolism, if valued, and also as [signage] that is recontextualized by its surroundings. in other words, it could function as a cryptographic key potentially, or shared key, or cipher system, depending on whether or not these encounters with 'networks of power' are noticed by an observer who can relate to their meaning, or who is bounded in awareness. in other words, the paperclip can have a kind of currency, both as a material object and "informationally" as a form or basis for data exchange, of ideas, as it relates to shared awareness or as a basis for communications. and this could and does occur already with other artifacts in the realm of symbolic communication that as a practice is perhaps best zoned in paracrypto relations, non-verbal, rich with meaning, adept in language, yet likely unnoticed by those outside its limits. so there is a famous instance of a paperclip as money, where a single paperclip is exchanged and the person eventually ends up with a 2-story farmhouse... One Red Paperclip http://en.wikipedia.org/wiki/One_red_paperclip this is not the same idea, though it gets at the current involved in transactions around a common object in terms of shared value and exchange. yet this can occur informationally, where the paperclip instead is a symbol or sign of language, and can establish communication and transmit ideas, potentially. and thus transfer data or awareness or provide insight. it is like a silver bullet placed at a crime scene as this relates to its perpetrator. or an assassin who puts pennies on the eyes of their victim. yet also not of this same deathly realm necessarily, it could instead belong to a realm of networking or connection between peoples or indicate certain parameters which may or may not be valid, given its source. so such an artifact could be used for communication and carry insight in its use and application, whereas a mimic or subverter may attempt the same yet it could be hollow or shallow or misleading, and in a sense, 'collapse the wave that carries the signal', thus indicating an ungrounded relation or compromised instance. in this way, the paperclip of ordinary design can represent this tradeability as language, by its use as exampled in the url above. and yet in another mundane environment it may be just like another penny on the ground, so infinitesimal that it is beyond notice, as if worthless and subconscious unless needed for use. and yet another style of paperclip, the butterfly paper clamp, has a symbolism that goes beyond itself as an icon and maps into another structure (electric transmissions pylons) and in some sense can represent these as language, and in a sense, symbolic currency even. in that to share the artifact could function both by itself as a symbol, though also in a context of surrounding environment that may function in and reference an embedded context, as a [sign] in relation to other [signs], and this is how sentences or more in-depth meaning can be formed beyond the singular event of 'the symbol' (pylon!) and into statements involving or extending its meaning, to some threshold of what is possible to communicate in an abstract realm, given surrounding structures and frameworks of an observer. in this way an errant paperclip or other symbol strangely located in a context could call attention to itself through its uniqueness or out-of-placeness, and in questioning its existence, strange or covert communication could take place in hidden channels of awareness, beyond the boundary of others. and in this way, who placed the paperclip or how it got there could remain a mystery, it could even involve a hidden hand with root access to establish such scenarios, and this can be a way that crypto-communciations occur in what can be a paranormal realm, as statistically unlikely events stack up one after another and establish an entire universe of non-verbal communication via symbols and signs, in precisely this way. there is magic involved, and this connectivity transcends the limits of computers and hardware and software devices and is primary in establishing human relations, and advancing shared awareness via referencing truth within empirical frameworks, using fundamental principles and concepts of language, via this hidden calculus. this is the same idea involved in transmuting the word 'cipher' into 'cigar', it is of a similar process of the actualization of these concepts in the everyday environment as an artifact functions as a cryptographic key or message yet may remain unnoticed in these dimensions by others. it is proposed that this Strange Read/Reply Function (SRF) could be a way of annotating such extra-dimensionality via reinterpretation, misreading, errors, mistakes, misunderstandings, or other mutations of meaning that recontextualize yet expand or alter the original condition and perhaps provide additional insight or bring into question its meaning, via this d?tournement. optimized plagiary or [recoding] or [overcoding] or a way of accessing subtext via another method of deconstruction. thus opening up interpretation of the text beyond the limit of its referenced [sign] to its potential or range of [signage], so to evaluate ideas and allow relations beyond the preconceived boundaries, to access hidden dimensions embedded within the deep structure of the code, its intersign armature. in this way at the intersection or juncture of architecture and archaeology, past and future meeting in the present. do observers relate, and in what structures, frameworks, dynamics. what is the potential, the boundary, the limit. how to access the greater truth of N-dimensionality, the nonlinear in linear context. and thus a conceptual tool to potentially reassign the sign to say more about it, as this may relate to sets and multisets as parallel, co-existing computations. perspectives or frames that potentially have a lot to offer traditional views, such that the ephemera and errata could be critical in establishing grounding where the assumptions of normative practices related to sign-based communication (as linear calculation) and correct interpretation may make it off limits, by default of being wrong or breaking rules of grammar and-or syntax, versus to acknowledge and allow the potential for meaning where it exists, unearthed. --- on randomness --- it has not adequately been conveyed that artists and artworks can be expert at this signaling and data exchange via symbolic communication. and this extends into the entire ecosystem of gallerists and museums and auctioning of paintings during critical periods, where for instance The Scream will suddenly dominate the global news cycle -- this becomes a form of widely distributed communication -- not only in terms of 'selling the paperclip' and instead the other parallel aspect of using this artifact as a shared reference, a world line by which other dynamics may be aligned or effected by its force fields. including art heists likewise. or newly discovered painting, such as the recent Van Gogh painting of a pot farm. previously introduced to the ideas of John Cage regarding his use of the I Ching to generate randomness, i was unable to appreciate its value as a way to mediate questions of architecture instead of engaging social issues within design ideas. and i probably am still too limited to understand its actual relevance in that domain. and yet in a context of cryptography this same technique could seemingly allow another RNG approach and thus is mentioned here for those it may interest. composer John Cage - chance operations http://en.wikipedia.org/wiki/John_Cage#Chance similarly yet differently, in relation to this, graphic symbols could potentially also be used in a roulette approach for randomness, slot-machine littoral: symbols graphic search http://www.symbols.com --- urls --- some additional content related to previous ideas... animal prints confusing zoo animals (a=b) http://ca.news.yahoo.com/blogs/daily-buzz/uk-zoo-bans-animal-prints-because-confused- wildlife-153949434.html The Science of Stress, Orgasm and Creativity: How the Brain and the Vagina Conspire in Consciousness (human code) http://www.brainpickings.org/index.php/2013/09/23/naomi-wolf-vagina/ Naomi Wolf and Jim Pfaus talk sex // ^related http://www.youtube.com/watch?v=0Ttrb-97tFA The Phases of the Moon http://www.pinterest.com/pin/178525572702339653/ Plumage // note: politics and style (ref. symbol dictionary for more info) http://www.mnartists.org/work.do?rid=339423 ? ? ? ? ------next part ------An HTML attachment was scrubbed... URL: The Institute for Defense Analyses, based in Alexandria, VA, is a 50-year partner of NSA. It has two Centers for Communications Research at Princeton, NJ, and La Jolla, CA, both doing cryptological research for NSA: http://www.idaccr.org/ http://www.ccrwest.org/ The latter's web site lists only this offering: [Quote] La Jolla Covering Repository A (v,k,t)-covering design is a collection of k-element subsets, called blocks, of {1,2,...,v}, such that any t-element subset is contained in at least one block. This site contains a collection of good (v,k,t)-coverings. Each of these coverings gives an upper bound for the corresponding C(v,k,t), the smallest possible number of blocks in such a covering design. The limit for coverings is v<100, k<=25, and t<=8 just to draw the line somewhere. Only coverings with at most 100000 blocks are given, except for some which were grandfathered in. Some Steiner systems (coverings in which every t-set is covered exactly once) which are too big for the database will be included in the link below. [Unquote] What is "covering" and how does it related to cryptology? ----- Eyeballs of the two centers: http://cryptome.org/2013-info/09/nsa-ccr/nsa-ccr.htm ------next part ------An HTML attachment was scrubbed... URL: From tedks at riseup.net Sun Sep 29 13:49:48 2013 From: tedks at riseup.net (Ted Smith) Date: Sun, 29 Sep 2013 13:49:48 -0400 Subject: [17] hidden links In-Reply-To: On Sun, 2013-09-29 at 01:06 -0500, brian carroll wrote: > another film, The Company (2007) with Michael Keaton as the head of a > mole-hunting counterintelligence unit, an orchid lover known as > "mother", conveys this symbolic dimension likewise in a larger > symbolic framework that cultural communication inherently exists > within, as the context for shared meaning via language. and thus if > [signs] are mediated in this way as a way of conveying stories, why > would they be limited in this same depth in a realm of computation > involving such [signs], unless of course this is not the case and > other approaches exist within crypto. This is an especially poignant comparison point considering the relative lack of study of new AES modes. -- Sent from Ubuntu ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From adam at cypherspace.org Sun Sep 29 14:53:31 2013 From: adam at cypherspace.org (Adam Back) Date: Sun, 29 Sep 2013 20:53:31 +0200 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: <1380476988.13261.0.camel@anglachel> References: I am becoming convinced Brian is using this list as a steganographic channel using steganography and english mimic functions based on some corpous of text (eg using markov chains - its surprisingly effective if you try it, given the complete lack of actual textual understanding of the model). Adam On Sun, Sep 29, 2013 at 01:49:48PM -0400, Ted Smith wrote: >On Sun, 2013-09-29 at 01:06 -0500, brian carroll wrote: >> another film, The Company (2007) with Michael Keaton as the head of a >> mole-hunting counterintelligence unit, an orchid lover known as >> "mother", conveys this symbolic dimension likewise in a larger >> symbolic framework that cultural communication inherently exists >> within, as the context for shared meaning via language. and thus if >> [signs] are mediated in this way as a way of conveying stories, why >> would they be limited in this same depth in a realm of computation >> involving such [signs], unless of course this is not the case and >> other approaches exist within crypto. > >This is an especially poignant comparison point considering the relative >lack of study of new AES modes. From coderman at gmail.com Sun Sep 29 17:04:34 2013 From: coderman at gmail.com (coderman) Date: Sun, 29 Sep 2013 14:04:34 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: <[email protected]> References: On Sun, Sep 29, 2013 at 11:53 AM, Adam Back ;) From electromagnetize at gmail.com Sun Sep 29 18:50:56 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 29 Sep 2013 17:50:56 -0500 Subject: [24] signaling systems Message-ID: --- semaphore signals --- wikipedia has a disambiguation page for [semaphores] http://en.wikipedia.org/wiki/Semaphore_%28disambiguation%29' and so there are flag semaphores http://en.wikipedia.org/wiki/Flag_semaphore semaphore lines (18th c. semaphore towers) http://en.wikipedia.org/wiki/Semaphore_line and these move into remaining infrastructures of today, including rail signaling http://en.wikipedia.org/wiki/Railway_semaphore_signal and traffic signals (to perhaps include live highway signage) http://en.wikipedia.org/wiki/Traffic_semaphore so imagine that the earliest instances probably involved state communications in a security/secrecy context, if not diplomatic and related to connection with remote territory or a boundary, and that that content moves into the electronic computer network and is zoned into a particular realm of intra-state and international state-state communication. and similar typological units or 'mechanisms' for conveying signals abstract into stop/go/yield for pedestrians and cars, which can be overridden by police and emergency vehicles and funeral hearses via special switch. and thus like a router or some traffic management protocol that is rule-based, the code of green, yellow, red, is transmitted and received or written and read as output and used to instruct the data flowing through the system, as it is accurately interpreted and obliged. and if not, redundancy of monitoring by police or traffic cameras to mail a ticket and license photo. and aesthetically it is interesting that 'civilization' the world over involves these basic infrastructural systems. i have read that colors for traffic lights may be different in certain countries though am not familiar with this. and yet, aspects of infrastructure retain a general pattern that is repeated and 'typical' in terms of systems that repeat and are shared, even across cultures that can be ideologically apposed yet require similar technology to function. thus the symbology of the wooden pole, metal tower as an indication of 'modernization' and in the 1960s, the cobra-head streetlight as a leading edge of this universal aesthetic of development, worldwide. so for the electronic signaling system of traffic lights, there must be a connection to the poles and towers leading back to an electrical power plant, to complete the circuit. so too, computers the same. wireless the same. tools, buildings, systems. mapping this out in its functioning. then it is possible to get a sense of the boundaries involved, the dimensions, the framework and relations established. including between componentry itself. thing is, most traffic signals are probably routed to a central Department of Transportation that monitors the circuit and involves vast analysis of traffic flows, timing of schedules and events, and weather, and then continuously seeks to modify and improve its functioning via small changes or tweaks that test against hypotheses and modify the system to attempt to improve it. so imagine there are 2,000 traffic cameras that route into a traffic monitoring building via network connections and basically this is the program of the building. its purpose. if it were an external signaling system those same traffic lights may be sending signals into vehicles and getting responses back, and reading and writing data in some other dimensionality and then it would be more like a signaling system of flags and codes, where it is not just read-only for those vehicles operating within the system. RFID lane passes and toll booths perhaps. or, in a disconnected or decentralized realm, GPS dashboard units and satellites as they feed back to other buildings and monitoring systems which may or may not be correlated further. consider a typical home or work computer then, in terms of a signaling system and cryptography. it is presumed to be able to send data from one computer to another in any other context, without respect to environment, and be afforded the right to privacy, secrecy, and security by default. and the reality is that these [computers] are connected via a power system and [network] that while they may be interconnected [PC] <--> [PC], also inherently is connected to other infrastructure within the circuit, buildings, including powerplant, software companies, network providers, and in terms of cryptography, the NSA itself as an inherent structural connection. so like the DoT example above, expecting the NSA to keep on one side of the windshield no matter the surrounding context may not be realistic given the environment, if there is compromised circuitry or short-circuiting by default in the shared/unshared situation. and given their institutional technical capacity, certainly they have the capacity to real-time access your dashboard GPS data and vehicle location via infrastructure, anything in your banking or computer, should that be legally allowed or required for the vital security of the state, as this relates to issues of privacy and protection and continuation of the shared state as an entity. yet what if they were on the other side of this boundary by ideological default, for most everyone, and leaning so far forward that all these various infrastructure systems were a means for doing business and commercialization and populist takeover of state systems by a particular mindset or aligned group of people. what if the traffic signal was subverted and you got the wrong color and drive into a semi-truck and lose your life via such a bizarre glitch, purposive to an overruling, hostile political agenda that aligns with a hidden dictatorship. what then. in other words- what if the NSA has gone political, and so too, infrastructural systems, tools, buildings and their programming, functioning against the civilian, human population. where are the boundaries, limits, what is expected of government, how is it accounted for, error checked and corrected, what oversight or review of activity, or is it essentially all off the books now. the potential exists for total control of civilization by manipulating the local and global infrastructure against ideological opponents. what is to prevent this if it cannot even be communicated about or 'observed' due to oppressive actions to shut down relaying of messages and conditions of mass illiteracy, and thus an incapacity to relate in the environment that exists. and so a question may be, to what extent such an infrastructural signaling system could feasibly be detached from its foundation in military operations and state security, firstly, such that the NSA or CIA or FBI as building types with programmatic functioning -would not- be accessing telecom buildings and their functioning, ISPs, data centers and server farms, switches and relays, as part of their data monitoring and oversight of this activity- when or if applicable. that in certain cases it would be assumed part of the core mission of intelligence, as it relates to security, secrecy, and privacy. in this way, an archeological excavation of these systems would seem to indicate that a 'cryptographic software' and its computing hardware is thoroughly embedded and reliant upon its monitoring and power providing infrastructure in order to operate- legally, within a safe and protected domain of appropriate use. though if this is subverted, then the boundary could seemingly be legitimately crossed by legalizing covert access and monitoring, if not take-down operations in a cyberwar scenario, against state enemies. or, in the corrupted version, a political enemies list of a hidden dictator. such as smashing their equipment via computer bugs and malware and surveilling everything they do, to exploit and harass and seek to bring about their demise, using these same institutions in a short-circuited scenario, where the state itself is attacking citizens who are operating in an appropriate realm and yet exist unprotected from aggressions of subverted institutions, revealing a secret agenda. thus, if enough drivers notice the timing is off at traffic lights and have had their equipment corrupted or data exploited, and have seen strange accidents or injuries, they may begin to wonder what is "governing" the inside actions and modeling of infrastructural system-- who is it serving, or is it trying to harm people via its subversion. and they may lose trust in using the system because it could be against them, it is only a matter of time before the wrong-color light is sent to their vehicle, etc. the integrity of these state operations then relies upon what [ideas] are governing their functioning, and how they are accounted for, in truth or pseudo-truth, or some twisted version reliant upon lies, where deception is now out in the open. --- on HIOX and signaling --- long ago discovered the master symbol i refer to as HIOX which is equivalent to the Union Jack flag and the 16 segment electronic display. and it was through Plato's Republic that the idea was realized to start rotating and mirroring alphanumerics and this symbol allows all letters and numbers to co-exist as a potential, within a single unit or 'bit' as it were, whereby the set exists: {0-9,A-Z} in a single character. such that if HIOX were tokenized as an asterisk, the word: b**, would then allow any combination of those potential letters and numbers as wildcards. this related to sets and probabilities and language that is not just linear, moving from left to right and instead, in other dimensionality, (boo, big, bad, bye, bit, bot, &c). so i had this idea, get a 16 segment display... http://en.wikipedia.org/wiki/Sixteen-segment_display and then a microcontroller board, for me, Parallax BoE http://www.parallax.com/catalog/microcontrollers/basic-stamp/kits and program the sequence of this alphabetic change as an animation. very basic yet doable for an electronics illiterate like myself. i think i may have tried a dual 16 segment display as well. yet could not get to the next level beyond this, to do larger transformational changes, such as flipping letters vertical and horizontal across a wider area, retaining original letters and juxtaposing them in various ways, such as: b d p This approach would require more display area, and the goal was to get at a word or sentence level and be able to explore these transmutative aspects of alphanumerics as language. so there are dot matrix LED displays yet my skills and limited understanding were not capable of getting there, at the higher pin-out counts required and with other custom IC controllers to make it work. thus it bounded further exploration. for me the larger purpose of this was related to cryptography and the exploration of language broken down into its elemental patterns, as these form a kind of calculus. and as this could further become the basis for analysis, and hardware and software development in terms of signaling. for instance, running b against d may result in o, or II. since that time 10 years ago, the microcontroller market has taken off and now there are many options to choose from, including Arduino which I have no experience with and do not know if it is as ease-of-use as the Parallax system was for an absolute beginner. though there are tremendous resources and options for these microcontrollers or "custom programmable" integrated circuits (basically transistors and resistors in centipede-looking chips) that have interfaces to computers, and various modules that can be modified via existing codes and tutorials to get in the vicinity of project goals. here are a few examples of this... SparkFun Electronics- Arduino microcontrollers https://www.sparkfun.com/categories/242 if you know what you are doing, and where to start, perhaps it is fairly doable. especially if you have others to ask for assistance if a dead-end is encountered. otherwise it could seem daunting for the beginner who has no electronics background. and yet it seems step-by-step, beginners resources are available to begin this exploration process. the thing is, with a microcontroller platform, it is then possible to further explore this HIOX signaling via electronic LED displays... and yet again the format of the displays becomes an issue, for what is required versus what exists, and the level of complexity to do simplest, most manual transformations via writing code bit by bit to change 'graphics'. tutorial example: Controlling RGB Matrices with Arduino https://www.sparkfun.com/tutorials/201 so what this amounts to is a bounded realm of LED display technologies driven by custom-programmed microcontrollers that could potentially be used for rudimentary explorations of HIOX signaling as basic cryptographic research, in its potential versus incapacity to make any headway along these lines given personal, resource, and technology limits. so while for me this is all about proving ideas of 3-value and N-value logic via experimental demonstrations, it turns out not possible to pursue. and thus these words versus artifacts, a working signaling system in its more developed conception, where computation, mathesis, and signage is involved. even beyond a realm of software-based encryption. something else, beyond. thus for an LED matrix, hand coding each alphanumeric letter and number and their transformation is basically endless bureaucracy and total friction to such experimentation, and the size of the arrays is off (displays need odd number of pixels for centering of master symbol, and spacing of array of multiple symbols). and, also, LCD just is not as cool as LED in this realm, so really wanted to keep it in this semaphore context, versus that of a 'screen', more an external sign or transformable "electronic flag" mechanism. 8x8 RGB LED Matrix Display Module http://www.youtube.com/watch?v=ANmZZx8HnMc Two 8x8 RGB LED Matrix - Fire Effect (new version) http://www.youtube.com/watch?v=tz_HT-FqEOE How to drive an led display matrix. http://www.best-microcontroller-projects.com/led-dot-matrix-display.html Adafruit RGB LED Matrix http://www.adafruit.com/category/63_100 http://www.rayslogic.com/propeller/programming/AdafruitRGB/AdafruitRGB.htm 24x16 RGB LED Matrix http://www.youtube.com/watch?v=B0E9o32j8EM so the thing is, if there was already software that mapped out letters and calculations to transform them or establish and 'compute' relations, then it could be plug and play exploration and things could go beyond talking about letters and numbers on a display-- except this is not possible in the given frameworks- and it scales up to larger store displays and mega displays likewise-- it is coded within a certain relation to language that removes the [sign] of its graphic information and instead each alphanumeric needs to be reconstructed individually as a graphic bitmap, seemingly, in order to start this process. language is not conceptualized in a way to allow it to be explored as a signal itself, only as a representation of signaling. thus everything is from scratch and the bigger you think, the more impossible it is to do because it is like trying to build a pyramid from individual pieces of sand. it is not a viable approach. and yet the potential is quite extraordinary, for instance if a 3D array of LED lights could model a letter 3-dimensionally within its matrix, and allow letters to be twisted or mirrored, if only software could allow for this, and displays were built around this functionality... thus, eventually, such novelties could also have a signaling dimension, conceptually, even if only as artwork that takes code and makes patterned permutations-- basically the same thing this device may be programmed to do, though with alphanumerics or its de|con-struction... LED Cube 8x8x8 running on an Arduino http://www.youtube.com/watch?v=GUcX41pokZY (in that, what if i want to spin the letters A and X and G at different speeds in a word, and then letters H and W vertically, while rotating the letter N) --- conceptual backgrounder --- so visiting the Walker Art Center about 30+ years ago, encountered paintings of Jasper Johns that were a 7-segment LED display (0-9 plus hex) in painted form, which got me thinking... and then years later at the same museum, artist Jenny Holzer had a mind-blowing exhibit of LED displays running streams of scrolling and blinking red illuminated text, statements and ideas, that tied into this fascination with language in its other functioning, as if conceptual data or running code. and the idea of programming language was involved with this idea of HIOX, to be able to create equations and algorithms to transform alphanumerics in a context of display. i just did not know you could not do it, that it was not modeled or conceived this way. yet the boundary kept me from exploring it any further, beyond serial writing of perspective, trapped in the code-limits, as i remain here. note the electronic context for linguistics... in that ideas of code and programming could exist outside the computer, firstly, and in a realm of signs and signage and their interplay in signaling systems, more as traditional data relay. also, the primacy of aesthetics in this, electromagnetic yet tangibly grounded in the world in a most familiar way, using read/write systems in various contexts (truisms in stone, LED signs) though also that there is a poetic dimension inherent in this approach, and likewise could exist within code and programming and signaling likewise... Jenny Holzer - artist info http://en.wikipedia.org/wiki/Jenny_Holzer Sounding the Alarm, in Words and Light (2009) http://www.nytimes.com/2009/03/13/arts/design/13holz.html Jenny Holzer: "Projection for Chicago" (amazing video of her work) http://blip.tv/art21-exclusive/jenny-holzer-projection-for-chicago-1701427 google image search: various examples of her LED signage https://www.google.com/search?q=jenny+holzer+led+signs&safe=off&client=firefox- a&hs=k61&rls=org.mozilla:en- US:official&tbm=isch&tbo=u&source=univ&sa=X&ei=sWlIUrWMKYm09QSS_4C4Dg&ved=0CCwQsAQ&biw =1425&bih=847&dpr=1#imgdii=_ so the situation that exists at this/that point is that i myself can operate a 16 segment LED display via a Parallax microcontroller, yet cannot get beyond this limit. and then the options that exist for larger signage, towards the scale of displays that Jenny Holzer uses, is likewise limited by its conception or protection of language as a pre-defined graphic element that cannot be broken down into its constituent parts or elements (like individual segments of a 16 segment display) and instead forces these considerations into an enormous bitmap animation scenario, making electronic pointillism unto madness. so in terms of software-- it is all dumb, in terms of [signs] as the language elements exist as concepts- as if INVIOLABLE. meaning, beyond questioning. a rigid limit or assumption or threshold that locks-down interpretation and requires letters, words, and numbers be that and not some aspect of them. and thus a typo is only and ever an error, never an insight into the deeper structuring. nothing conceptual allowed about language as a metaphysical system of symbolic communication. nothing of numbers and their symbolism. nothing of signs in relation to calculation as this equates with establishing logic. mirroring, none of it. tools would need to be re-conceived and programmed this way. and so for awhile i investigated these signs and realized the limits involved, and would have attempted an art project to reinterpret the display yet do not have the programming skills needed to explore ideas beyond the existing context, and it would likely take significant programming effort to allow the type of HIOX exploration imagined, developing various approaches and techniques and routines for such dimensional transformation of language as code. the initial question begins with 3|E and its relation between number and letter as this relates to paradox and logic, and then moves far beyond this into calculations, and exploring the calculus of various set combinations and permutations. yet software tools and models do not exist to do this. though an issue like color display could be added, as with a traffic light, and further bring out relations amongst patterns embedded in a given linguistic and mathematic context... again, as this relates to signaling. ways of perceiving 'wave function' of data that collapses into one framework or another, based on superposition and observer relations. Electro E Programmable Tri-Color LED Sign Display 11.5 x 41 http://www.neon-das.com/mm5/merchant.mvc?Screen=PROD&Product_Code=LEDEM-4U421E M1000 Large Alphanumeric Display 2" to 4.5" http://www.vorne.com/led-displays-m1000.htm the graphic-based Vorne display (url directly above) seemed to have the most potential in terms of programmability, perhaps defining a letter as a graphic object that could then be flipped or turned, as an image, yet it seemed infeasible to pursue without the programming ability to shape the code which may be more difficult than an educational microcontroller in defining what happens or how, and reliant upon technical support that probably is bounded to words and sentences versus artistic or pure research, into display systems, for conceptual communication. so while Jenny Holzer is working at a wild scale within this (light-emitting diode) electronic display as an artistic medium, the medium itself in its technical configuration does not allow a questioning of the language that inhabits the display nor its [sign]=[sign] assumption, that limits what the language can say, bounded to a finite construct that while traditional is also linear and rigid, whereas stock market number displays could be constantly transforming or updating numbers or scheduling displays could change one city to another, and yet letters and words themselves have no such 'higher functionality' than being static objects, unrelated to anything else structurally or conceptually- yet linguistically this is a false perspective. they are highly related, letters and numbers and signs are connected via common structures and emerge out of them, such as an M and W or 3 and E, or all of these in a single instance. and yet that turning or rotation or flipping is off-limits in the display model-- yet it is where the code begins, and programming of other language interactions in calculus-like trans transformative relations. the thing is: this is a semaphore! display this on a wall in your apartment or home, program it for messaging, and point it out the window and you have a relay-based visual system for sharing data that can be encrypted within a shared key cipher system. not for nefarious purposes, potentially as artistic display of the beauty of alphanumerics, such as tessellation patterns that are based on these geometric dynamics, as well as typographic tessellations... (note: my research work preceded this) Hypnopaedia By Zuzana Licko http://www.emigre.com/EFfeature.php?di=98 in any case, a potential exists for structures and patterns of language and number, mathematics even, to be recontextualized via electronic displays and reconceptualized as language and in turn, cipher systems. in that the ~idea of code and programming could be different than existing approaches to mediating [signs] within a linear single perspective framework. it could be a situation involving /superposition/ within language, and 3-value and N-value logic, versus only binary interpretations; correct display versus alternative forms of communicative display. and this taken into an environment of ubiquitous commercial signage, networked 'electronic billboards' of a given ideological disposition to semiotics and fixed ideas about image-based POVs, versus breaking it down, investigating it as data, considering its potentials and dimensionality in terms of signaling, patterns, data, symbols, calculation, perception, perspective, limits, thresholds, boundary, skew, meaning, relativism, parallel observation, zoning, secrecy, infrastructure, covert communication, networks, literacy, translation, ciphers, etc. --- tangible examples --- so imagine you have an electronic display like the Vorne signage above and it can hold and display a bit string, that another observer can relate to. and they hold their phone up to the display and software evaluates it and outputs some transformed version based on its expansion and-or a shared key. else, that certain letters or numbers or patterns emerge from the noise based on an algorithm. or that it is infrared or UV and looked at a display in those frequencies reveals other data, say with a digital camera. and thus a QR-code like potential to convey information though abstracted or embedded in what appears to be or is a noisefield. else, it could be a sign on a house, and used as an encryption system to allow a courier to leave a message or open a e-commerce delivery portal and leave a package, via scanning data and verifying identity against matched network records. or, it could be data on a building, viewed as if by microwaves or laser miles distant, or telescope, whose encryption can be unlocked in a given perspective though not in others, via line of sight communications. in the sense the signaling can be changed and altered, it is as if a flag based signaling system of N-potential flags in an unknown library of a bounded infinity, more ocean than fishbowl, even for an 8x8 display, versus 3,000 by 300, etc. the code potential in this, the ability to program and explore alphanumeric and patterned structure, is extraordinary, perhaps even unprecedented as a communications medium, beyond or outside of the framework of a computer and into questions of signs and signage and symbols themselves. like in some cases the metaphysics of charcoal, pencils, and pens need to be worked-out in terms of language, before having a sense of what laser printing is really capable of and how it is different and yet extends other principles further along, yet remains connected to what preceded it in a shared realm of language. so too, electronic displays as signage ("Great White Way" lighting and advertising of electrification; ~Learning from Las Vegas analysis of signage infrastructure), that their may be more to it than the default interpretation inside computers, when formatted by binary ideology that has pretty much everything wrong, conceptually. what if the signage and cellphones were an encryption platform. what if signaling occurred between signage and vehicles and allowed zoned interactions with regard to information though also secrecy and security issues. what if such signage and display was a type of chalkboard for calculation or modeling of ideas or learning about logic or other conceptualization. what if it even connects with rituals, such as holiday lights or decorations and could exist as a subsystem of a dwelling, mediating an interior and exterior relation, threshold or boundary. in that it functions as a traffic light in some instances, an electronic relay of information in others, a house address in others, or electronic dropbox. this is infrastructure, tools, building, systems. yet it has a vital functional role matched into its aesthetics. it is not just a dumb display screen to transmit dumb data. it has deeper and more imaginative purpose. --- where its at today --- thus as stated nothing occurred to develop this HIOX approach into a signaling system. it would need to be collaborative and supported as basic research. manufacturers would likely have to be involved to potentially change circuitry to allow for new functionality even, in that this could be more an issue of computation than it is at present, where it is more that of display alone. and so the gap between the idea and the existing reality is that the tools are themselves limited in what can happen, and available techniques are bounded to only certain interpretations that are biased to particular tried-and-true display outputs. and so even a larger scale more capable electronic display is locked-down in its capacity to ask and explore these questions. and the pointillist condition establishes an impossible barrier that cannot be surpassed within the given framework, without conceiving of a better way to develop a prototype display, a proof-of-concept that demonstrates and can validate the approach via experiments open to peer-review and extension by involved others, as a new platform of pattern-based signaling. instead of the large LED display, the large electronic canvas needed for the scale of the inquiry (bit set at sentence or paragraph length, versus letters and word), its lack of computability then offers no benefit to a smaller and equally incapable mini 32 x 32 LED matrix, in that the problems are only compounded at the larger scale and remain daunting, infeasible, no-go. and yet -- it is the very same underlying concept taken back into the original 16 segment LED display (aka HIOX), that if combined in a larger array or display format, does allow this segment-based breakdown of the numbers and letters to occur and could be used in a realm of computation, just not at an integrated scale. consider this pinball LED display... Data East Dual 16 Digit Alphanumeric LED Display http://bayareaamusements.com/Merchant2/merchant.mvc?Screen=PROD&Product_Code=DI-DIS244 this to me, in a context of bit sets and bit strings, has a computational potential built-into the display itself, given how the software processes the code, and how well the code can map into the various structures and retain readability, even though not effectively aligned due to vertical distance. those 32 digits each have a potential for at least 26 letters and 10 numerals, which makes it a multiset with 2-level potential of: [36][36][36][36][36][36][36][36][36][36][36][36][36][36][36][36] [36][36][36][36][36][36][36][36][36][36][36][36][36][36][36][36] this is far beyond trillions of set combinations and permutations. there are likely incomputable numbers here, not even considering the alphabet dimensions, in terms of probabilities. what this really is, in terms of N-value logic is an array of 32 wildcard variables that could be anything... [ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ] [ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ][ * ] and thus, in a larger consideration of display potential (not limited by size of the 'pixel' or bit), infinity upon infinity could be nested within these interset relations, one variable in relation to others, in various nonlinear patterns. and this could occur graphically, as if glyphs or symbols or various emergent proto-signage. whereas, for a digital, binary viewpoint, in 2-values, the same potential for display as literal number, could be entirely finite and bounded: [0][1][0][0][1][0][1][1][0][1][0][1][0][0][0][1] [1][0][0][1][0][1][1][0][1][0][1][0][0][0][1][0] and thus, once adding in 'neutral' or unknown (n) of 3-value logic into this fixed idea of binary language, strange dynamics and possibilities are opened up within these limited sign systems, and the processing becomes indeterminate and can be paused or begin to loop, remaining in an undecided or questioning state.... [0][1][0][0][1][0][n][1][0][1][0][1][0][n][0][1] [1][n][0][1][0][1][1][0][1][0][n][0][0][0][1][0] and then with N-value logic, the wildcards transform everything, and the one and zero absolutes are the exception, a contingency assumption, always looping to test against the model and its assessment, versus a forgone conclusion. and in this way, the signs of language and mathematics. --- Tenori-on --- in my explorations i discovered one tool that had the potential of a HIOX-based signaling system, the Yamaha Tenori-on electronic music instrument.... Tenori-on http://en.wikipedia.org/wiki/Tenori-on TENORI-ON Product Demo Performance http://www.youtube.com/watch?v=_SGwDhKTrwU Yamaha website - software version http://usa.yamaha.com/products/musical-instruments/entertainment/tenori-on/ what intrigued me about this platform was that it was conceived as a visual instrument in addition to musical, so that the LEDs and the sequencing of sound were matched, and patterns could be programmed into the device and shared as a visual display. the fact that it is a sequencer is very important, in terms of looped permutation of data, if considering the display. and yet it remains in a linear time framework by default and limited capacity to explore anything related to HIOX beyond the given context, yet exists a potential tool likewise. such that it feasibly could be used for signaling, as a semaphore. if attaching it a radio-controlled plane or drone, it could send alphanumeric display messages via persistence of vision, spelling out data across the sky via electronic sky writing. or it could be held up at a distance and burst a message that is captured via video recording and spotting scope, and when the recording is played back, its message could be spelled out frame by frame or perhaps exists in an encrypted or hidden format, say UV or other LEDs that make it look inert and in a state of non-display, when instead transmitting information or data. to me this is a semaphore system. and its additional uniqueness was that it was designed to be connected at a distance to another Tenori-on via network connection, as if a telegraph, and the music on one device would appear on the other and each would be able to manipulate the common screen and light patterns in real-time. how amazing is that? amazing enough to discontinue develop the product unfortunately. it is perfect for music therapy at a distance, musical education, if it had more capacity for experimentation (versus being limited in what is allowed to occur, musically) and thus it was of limited use as an instrument for those who make music, too constrained in operation. and yet, idea-wise, it has tremendous potential as a platform for communication, whether musical or pattern based; and taken into the above context, signaling, code, programming, semaphore. tablet software is not the same idea. --- today --- thus, when writing emails about logic, it is trapped within this inescapable coded and programmed context of binary ideology. what can happen is only what is allowable or possible within the existing constraints and frameworks, and thus this description of the idea is more than can be done within the technology itself, as it is ideologically formatted. in terms of tool use. to enter into a cryptographic context, computation of bit sets and relaying signals would require developing new circuits based on 3-value and N-value logic, computer architectures that allow the code to exist and be processed as it exists, as information in a grounded model of contingent truth. perhaps even establishing a means for entanglement between such systems. until then, it seems description and representation within existing systems would be bounded to a prototype condition, showing the idea, conceptualizing it, rather than actualizing it. dim sum, banh mi, sashimi ? ------next part ------An HTML attachment was scrubbed... URL: From electromagnetize at gmail.com Sun Sep 29 18:54:21 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 29 Sep 2013 17:54:21 -0500 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: (only following orders...) guess will find out how many anarchists it takes to kick me off the list... :L On Sun, Sep 29, 2013 at 4:04 PM, coderman > On Sun, Sep 29, 2013 at 11:53 AM, Adam Back From adi at hexapodia.org Sun Sep 29 20:10:31 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Sun, 29 Sep 2013 17:10:31 -0700 Subject: NSA IDA Cryptological Research Centers In-Reply-To: On Sun, Sep 29, 2013 at 09:43:54AM -0400, John Young wrote: > http://www.ccrwest.org/ > > The latter's web site lists only this offering: > > La Jolla Covering Repository > > A (v,k,t)-covering design is a collection of k-element subsets, > called blocks, of {1,2,...,v}, such that any t-element subset is > contained in at least one block. This site contains a collection of > good (v,k,t)-coverings. Each of these coverings gives an upper bound > for the corresponding C(v,k,t), the smallest possible number of > blocks in such a covering design. [snip] > What is "covering" and how does it related to cryptology? As is common in math, they define what they mean in the first paragraph. To paraphrase, they're considering ways to arrange a large number of sets of I'm not a mathematician but that looks like set theory to me. It's the kind of fundamental mathematical research that frequently arises when considering some more applied problem space. Such fundamental approaches frequently have applications in wide-ranging fields; to compare to a more well-documented example, the "4-color problem" first solved in the 70s generated techniques which ended up being critical to optimizing C compiler designs for RISC processors in the 90s. http://en.wikipedia.org/wiki/Four_color_theorem http://en.wikipedia.org/wiki/Register_allocation#Isomorphism_to_graph_colorability I doubt that much can be concluded about the activities at the research site based on their publishing one database in such a rarefied field. -andy From coderman at gmail.com Sun Sep 29 20:55:18 2013 From: coderman at gmail.com (coderman) Date: Sun, 29 Sep 2013 17:55:18 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: On Sun, Sep 29, 2013 at 3:54 PM, brian carroll From coderman at gmail.com Sun Sep 29 20:58:25 2013 From: coderman at gmail.com (coderman) Date: Sun, 29 Sep 2013 17:58:25 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: On Sun, Sep 29, 2013 at 5:55 PM, coderman ... the authoritarians hang out on cryptography at metzdowd.com ;P From tedks at riseup.net Sun Sep 29 21:41:37 2013 From: tedks at riseup.net (Ted Smith) Date: Sun, 29 Sep 2013 21:41:37 -0400 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: On Sun, 2013-09-29 at 17:55 -0700, coderman wrote: > On Sun, Sep 29, 2013 at 3:54 PM, brian carroll > This assumes a non-existant model of anarchism; anarchists would be quite willing to kick people from lists, for a variety of reasons. Anarchism is a political movement and ideology with a long history, not just some juvenile ~no rules~!1! caricature. -- Sent from Ubuntu ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From electromagnetize at gmail.com Sun Sep 29 21:50:03 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 29 Sep 2013 20:50:03 -0500 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: 5:55 PM, coderman > ... the authoritarians hang out on cryptography at metzdowd.com yeah- heard it through the wire its a rough crowd over there... not worth being stabbed by a ham while walking down the street also, best to avoid the pyre if at all possible, re: fool/fuel use has me wondering about the two crypto lists in conjunction, if a census has been conducted or online survey for background in that, seemingly there are two or three main areas i am guessing for crypto backgrounds-- those from the military, those from academia, mathematics and-or linguistics, & those from computers/webdev for instance, percentage of ham operators in given age ranges how many had a parent with electronics or engineering background how many approached via software development online or pre-internet it would be interesting to know how the list populations are different e.g. perhaps older, military trained crypto at the cryptography-list more computer-based, software development crypto at cypherpunks also in this same regard; how many learned electronics during era of crystal radio building etc. or other DIY independent exploration or homebrew computing or are now involved in microcontrollers today, etc. and in this same way it would be interesting if more projects/classes/ education could occur for electromagnetic literacy in electronics today as a foundation for both knowledge and skills yet also experimentation, prototyping, new code, programming, proof-of-concept crypto systems that move from ideas into hardware and software models, vice-versa From tedks at riseup.net Sun Sep 29 22:01:57 2013 From: tedks at riseup.net (Ted Smith) Date: Sun, 29 Sep 2013 22:01:57 -0400 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: I'd be really, really impressed if this was really a stego tool's output. Is it really possible to build systems that can generate mostly-but-not-entirely grammatically correct sentences about a specific topic with meaningful progression between subtopics? On Sun, 2013-09-29 at 20:50 -0500, brian carroll wrote: > 5:55 PM, coderman -- Sent from Ubuntu ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From electromagnetize at gmail.com Sun Sep 29 22:17:17 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 29 Sep 2013 21:17:17 -0500 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: <1380506517.25421.15.camel@anglachel> References: On Sun, Sep 29, 2013 at 9:01 PM, Ted Smith > I'd be really, really impressed if this was really a stego tool's > output. Is it really possible to build systems that can generate > mostly-but-not-entirely grammatically correct sentences about a specific > topic with meaningful progression between subtopics? From d.nix at comcast.net Sun Sep 29 22:46:18 2013 From: d.nix at comcast.net (d.nix) Date: Sun, 29 Sep 2013 19:46:18 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: <1380506517.25421.15.camel@anglachel> References: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/29/2013 7:01 PM, Ted Smith wrote: > I'd be really, really impressed if this was really a stego tool's > output. Is it really possible to build systems that can generate > mostly-but-not-entirely grammatically correct sentences about a > specific topic with meaningful progression between subtopics? > I'm sure you have seen this by now: http://spammimic.com/ ------BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSSOX6AAoJEDMbeBxcUNAeXNYH/RjMV+JimIfacDG6xJTi1Ylj MYP43JDEupbYytOxx4O1NemhKx0mstZW400oBJ0n0f0vMC7Vgb9CbG1lHLu4MVrB VERdOzokOV4yYRMLvqCVQHSlqw1NV0KD7hfKiAse75SQeDypfPN416oGhtjOldzw RlqBDQhXhE0cXdCDKEb9T1wimLBPN+U6XCSjCPd2cDa8TWk73VJVhHBmPhj2ijRd yqzUFakhL6w9ESd4XY4sj3V0mR7LNRy/lh0iJr2JkVxvBtM4MoVX1U5o+AO61ffw YZUVjCNsBSIUzLNVYzVhmXQyRw08hEvVMlobSK6km8CCR2eT0qQ1A91dGVMIhZA= =evGz -----END PGP SIGNATURE----- From d.nix at comcast.net Mon Sep 30 01:47:30 2013 From: d.nix at comcast.net (d.nix) Date: Sun, 29 Sep 2013 22:47:30 -0700 Subject: Bitmessage? Message-ID: <[email protected]> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've seen little or no discussion of Bitmessage, and was wondering what thoughts - pro or con - people have of it: https://bitmessage.org/wiki/Main_Page I've got it up and running and have exchanged messages with a friend and well as a few other folks testing the waters. One thing I like about it, is that it seems at first glance to not suffer from the same sort of traffic analysis issues that plague regular email; to me, the traffic analysis problems are a bigger issue than message encryption. One could also paste PGP/GPG or other encrypted content into Bitmessage for your super duper secret stuff where you are concerned the recipients machine is compromised. There's apparently a standard email gateway for it also: https://bitmessage.ch/ Tho, that may bring you back to the problems of traffic analysis. I'd also love to see more mix network stuff getting developed so we could help secure against traffic analysis of existing systems. Tom Ritter's talk on analyzing mix network traffic was quite cool: http://ritter.vg/blog-deanonymizing_amm.html http://ritter.vg/blog-deanonymizing_amm_followup1.html But anyhow, Bitmessage; yay or nay? Dave BM-2D9fgf9MeGhq9Fxcwg1k2W1C179KJuUEFg - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSSRByAAoJEDMbeBxcUNAeevIH/3RFdqhbuKtlB4ZraFH531zE hdXHfQFOPhAvpV2SjIscm3YMLWnDMR2ap5zRrIZ6OSPThVNa7339q87ITU4sRBAs yCXHJaEFiT/kY/IfGr8PeYLrUegSgY41iGjgYekkZUfIrQdXwlA7afMr4XZz4DKP XsrpE3Mjq8tw9JOgB3q8VzMOaDuCOyIceFxyGiDhlwTlM1Imy4NPGkaToAvkhg4C 51MmXjRW/L+hBhjyeCJ0iG4o1YOhaOIVocsHXYy7n3V7mHmwvrS86cF1i0wpxAxM 3Q/7N7FNM57LEHBgU8xLsGkrmY/FLk0hZLPOz3ZClefhjaQIE9jpz8GHKCXziSw= =8xN+ -----END PGP SIGNATURE----- From coderman at gmail.com Mon Sep 30 02:03:44 2013 From: coderman at gmail.com (coderman) Date: Sun, 29 Sep 2013 23:03:44 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: <1380505297.25421.7.camel@anglachel> References: On Sun, Sep 29, 2013 at 6:41 PM, Ted Smith > Anarchism is a political movement and ideology with a long history, not > just some juvenile ~no rules~!1! caricature. interesting that you assume this is my understanding... [ we could get into a long discussion of the various *-anarcho-* philosophies, positions, and norms, however i'd prefer to focus more on the crypto and less on the social... ] From adam at cypherspace.org Mon Sep 30 06:27:43 2013 From: adam at cypherspace.org (Adam Back) Date: Mon, 30 Sep 2013 12:27:43 +0200 Subject: three crypto lists - why and which Message-ID: <[email protected]> I am not sure if everyone is aware that there is also an unmoderated crypto list, because I see old familiar names posting on the moderated crypto list that I do not see posting on the unmoderated list. The unmoderated list has been running continuously (new posts in every day with no gaps) since mar 2010, with an interesting relatively low noise, and not firehose volume. http://lists.randombit.net/mailman/listinfo/cryptography The actual reason for the creation of that list was Perry's list went through a hiatus when Perry stopped approving/forward posts eg http://www.mail-archive.com/cryptography at metzdowd.com/ originally Nov 2009 - Mar 2010 (I presume the mar 2010 restart was motivated by the creation of randombit list starting in the same month) but more recently sep 2010 to may 2013 gap (minus traffic in aug 2011). http://www.metzdowd.com/pipermail/cryptography/ I have no desire to pry into Perry's personal circumstances as to why this huge gap happened, and he should be thanked for the significant moderation effort he has put into create this low noise environment, but despite that it is bad for cryptography if people's means of technical interaction spuriously stops. Perry mentioned recently that he has now backup moderators, OK so good. There is now also the cypherpunks list which has picked up, and covers a wider mix of topics, censorship resistant technology ideas, forays into ideology etc. Moderation is even lower than randombit but no spam, noise slightly higher but quite reasonable so far. And there is now a domain name that is not al-quaeda.net (seriously? is that even funny?): cpunks.org. https://cpunks.org/pipermail/cypherpunks/ At least I enjoy it and see some familiar names posting last seen decade+ ago. Anyway my reason for posting was threefold: a) make people aware of randombit crypto list, b) rebooted cypherpunks list (*), but c) about how to use randombit (unmoderated) and metzdowd. For my tastes sometimes Perry will cut off a discussion that I thought was just warming up because I wanted to get into the detail, so I tend more prefer the unmoderated list. But its kind of a weird situaton because there are people I want views and comments from who are on the metzdowd list who as far as I know are not on the crypto list, and there's no convenient way to migrate a conversation other than everyone subscribing to both. Cc to both perhaps works somewhat, I do that sometimes though as a general principle it can be annoying when people Cc to too many lists. Anyway thanks for your attention, back to the unmoderated (or moderated) discussion! Adam From eugen at leitl.org Mon Sep 30 09:07:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 30 Sep 2013 15:07:49 +0200 Subject: [tor-talk] Why the Web of Trust Sucks Message-ID: <[email protected]> ----- Forwarded message from Mike Perry Date: Sat, 28 Sep 2013 23:43:27 -0700 From: Mike Perry Joel R. Voss: > Hi Mike, > > I'm writing a blog post about web of trust. I'm looking for any weaknesses I > can find in it because I'm writing a piece of software that would be designed > to help grow it. I'd appreciate if you could give me a few points that I can > research. I'd be happy to send you my findings so far if you want to read them. > This is a fairly important subject because many people rely upon it for > software signing, encrypted e-mail, and soon we could use it much more widely. The web of trust has three main problems: 1. It leaks information. This includes social graph metadata, time and place of interaction, and in some cases government/slave-name identity. This issue has been discussed at length, of course. 2. It has many single points of failure. Because by default GPG uses shortest-weighted paths to establish trust in a key, and moreover because nothing authenticates the *entire* Web of Trust graph, each and every member of the "Strong Set" essentially functions as a CA, especially for keys only weakly connected to the Strong Set. If you compromise just one of those keys, you get to use that key to certify arbitrary keys for any name you like. To understand how and why this is a problem, let's walk through a typical Web of Trust workflow. Let's say we have a GPG user named Edward who wants to send an encrypted email about the extreme level of corruption at his workplace to a journalist that he has never met. Let's call that journalist Glenn. For the sake of argument, let's say that both individuals are active participants in the Web of Trust. Edward also knows that the network systems administrators at his workplace are very sophisticated, and intercept all encrypted communications for purposes of active MITM attacks to obtain the communications content. So Edward decides to download Glenn's key from subkeys.pgp.net, and requests that his gpg client provide him with a trust value for Glenn's key. Now, the network systems administrators at Edward's workplace have anticipated this. They have a compromised HTTPS CA cert, as well as have compromised a couple of highly trusted keys from the Web of Trust. Let's call one of these GPG keys Roger. When Edward goes to download a key to use for Glenn, the network systems administrator gives him a new fake key that they generate on the spot. The network systems administrator also attaches a fully trusted signature using Roger's compromised key. They also block the actual key for Glenn from reaching Edward. Edward's GPG client has trust in a couple keys. It turns out that one of his trusted keys, Bruce, has full trust in Roger's key (the compromised key). Edward's GPG client then computes a fully trusted path from Bruce to Roger to the fake Glenn, and Edward then sends an encrypted email to fake Glenn that is then subsequently read by the network systems administrator. Game over for Edward :/. This scenario is possible against arbitrary keys using any of the high degree keys in the Strong Set. They effectively function as single point of failure CAs for the Web of Trust, which destroy its utility as an independent key authentication mechanism. 3. It doesn't scale very well to the global population. The amount of storage to maintain the Web of Trust for the whole world would be immense. For the level of authentication it provides, it just doesn't make sense to have this much storage involved. So what should we do instead? Well, I think it is important to take a step back and think about what the Web of Trust is trying to accomplish. Aside from being a global popularity contest and some kind of weird quasi-religious hacker ritual, it is an authentication mechanism for the keys that you retrieve. It turns out there are lots of ways to authenticate keys using multipath authentication that do not suffer from the Web of Trust's downsides**. Here's a few examples: 1. Every time GPG downloads a new key, re-download it several times via multiple Tor circuits to ensure you always get the same key. 2. Every time I verify a signature from a key sent to an email address that is not mine (like a mailinglist), my mail client adds a tiny amount of trust to that key (since each new public email+signature downloaded represents an observation of the key via a potentially distinct network path that should also be observed by multiple people, including the sender). 3. Every time I am about to encrypt mail to a key, check the key servers for that email address, download the key, and make sure it is still the same (SSH/TOFU-style). 4. When downloading a key, GPG could verify that the same email to key mapping exists on multiple key servers, with each key server authenticated by an independent TLS key that is stored in the GPG source code or packaging itself. (Perspectives/notary-style cryptographic multipath authentication). ** The Web of Trust is technically capable of multipath authentication by itself, but only if you are aware of all of the multiple paths that *should* exist. Unfortunately, nothing authenticates the whole Web of Trust in its entirety, so it is impossible to use it to reliably verify that multiple paths to a key do actually exist and are valid. -- Mike Perry -- tor-talk mailing list - tor-talk at lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From eugen at leitl.org Mon Sep 30 11:51:44 2013 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 30 Sep 2013 17:51:44 +0200 Subject: [tt] NYT: N.S.A. Gathers Data on Social Connections of U.S. Citizens Message-ID: <[email protected]> ----- Forwarded message from Frank Forman Date: Mon, 30 Sep 2013 15:42:01 +0000 (GMT) From: Frank Forman Laura Poitras was featured on the cover of the NYT Magazine, which article I sent to this list. Now she has an NYT byline, which is as respectable as you can get. N.S.A. Gathers Data on Social Connections of U.S. Citizens http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html By JAMES RISEN and LAURA POITRAS WASHINGTON--Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans' social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials. The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans' networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor. The policy shift was intended to help the agency "discover and track" connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct "large-scale graph analysis on very large sets of communications metadata without having to check foreignness" of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners. The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such "enrichment" data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners. N.S.A. officials declined to say how many Americans have been caught up in the effort, including people involved in no wrongdoing. The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a "contact chain" tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest. The new disclosures add to the growing body of knowledge in recent months about the N.S.A.'s access to and use of private information concerning Americans, prompting lawmakers in Washington to call for reining in the agency and President Obama to order an examination of its surveillance policies. Almost everything about the agency's operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation's intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the "misuse" of such information without adequate safeguards. An agency spokeswoman, asked about the analyses of Americans' data, said, "All data queries must include a foreign intelligence justification, period." "All of N.S.A.'s work has a foreign intelligence purpose," the spokeswoman added. "Our activities are centered on counterterrorism, counterproliferation and cybersecurity." The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans' "metadata," which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court. N.S.A. officials declined to identify which phone and e-mail databases are used to create the social network diagrams, and the documents provided by Mr. Snowden do not specify them. The agency did say that the large database of Americans' domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have previously acknowledged that the agency has done limited analysis in that database, collected under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.) But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata. They spoke only on the condition of anonymity because the information was classified. The concerns in the United States since Mr. Snowden's revelations have largely focused on the scope of the agency's collection of the private data of Americans and the potential for abuse. But the new documents provide a rare window into what the N.S.A. actually does with the information it gathers. A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools--one document cited a new generation of programs that "revolutionize" data collection and analysis--to unlock as many secrets about individuals as possible. The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation's adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say. Phone and e-mail logs, for example, allow analysts to identify people's friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist's office, late-night messages to an extramarital partner or exchanges with a fellow plotter. "Metadata can be very revealing," said Orin S. Kerr, a law professor at George Washington University. "Knowing things like the number someone just dialed or the location of the person's cellphone is going to allow them to assemble a picture of what someone is up to. It's the digital equivalent of tailing a suspect." The N.S.A. had been pushing for more than a decade to obtain the rule change allowing the analysis of Americans' phone and e-mail data. Intelligence officials had been frustrated that they had to stop when a contact chain hit a telephone number or e-mail address believed to be used by an American, even though it might yield valuable intelligence primarily concerning a foreigner who was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A. officials also wanted to employ the agency's advanced computer analysis tools to sift through its huge databases with much greater efficiency. The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans. A 2009 draft of an N.S.A. inspector general's report suggests that contact chaining and analysis may have been done on Americans' communications data under the Bush administration's program of wiretapping without warrants, which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance. In 2006, months after the wiretapping program was disclosed by The New York Times, the N.S.A.'s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Mr. Snowden, formally asking for permission to perform the analysis on American phone and e-mail data. A Justice Department memo to the attorney general noted that the "misuse" of such information "could raise serious concerns," and said the N.S.A. promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval. A new policy that year, detailed in "Defense Supplemental Procedures Governing Communications Metadata Analysis," authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information "without regard to the nationality or location of the communicants," according to an internal N.S.A. description of the policy. After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ? years "to great benefit," according to the 2011 memo. It was put in place in November 2010 in "Sigint Management Directive 424" (sigint refers to signals intelligence). In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists. Analysts were warned to follow existing "minimization rules," which prohibit the N.S.A. from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a "U.S. person"--a citizen or legal resident--for actual eavesdropping. The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency's fiber-optic cables, corporate partners and foreign computer networks that have been hacked. The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign. The overall volume of metadata collected by the N.S.A. is reflected in the agency's secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion "record events" daily and making them available to N.S.A. analysts within 60 minutes. The spending includes support for the "Enterprise Knowledge System," which has a $394 million multiyear budget and is designed to "rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale," according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance. A top-secret document titled "Better Person Centric Analysis" describes how the agency looks for 94 "entity types," including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 "relationship types" to build social networks and what the agency calls "community of interest" profiles, using queries like "travelsWith, hasFather, sentForumMessage, employs." A 2009 PowerPoint presentation provided more examples of data sources available in the "enrichment" process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas. At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans' locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified. If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents. One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency's collection, the data in question was "being buffered for possible ingest" later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about "U.S. persons" for up to five years online and for an additional 10 years offline for "historical searches." James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin. ______tt mailing list tt at postbiota.org http://postbiota.org/mailman/listinfo/tt ----- End forwarded message ------Eugen* Leitl leitl http://leitl.org ______ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ------next part ------A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From coderman at gmail.com Mon Sep 30 13:20:49 2013 From: coderman at gmail.com (coderman) Date: Mon, 30 Sep 2013 10:20:49 -0700 Subject: steganography & mimic function? (Re: [17] hidden links) In-Reply-To: On Sun, Sep 29, 2013 at 11:03 PM, coderman From coderman at gmail.com Mon Sep 30 13:31:58 2013 From: coderman at gmail.com (coderman) Date: Mon, 30 Sep 2013 10:31:58 -0700 Subject: Interesting aspects of the metadata analysis [was Re: NYT: N.S.A. Gathers Data on Social Connections of U.S. Citizens] Message-ID: "The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans.... A 2009 draft of an N.S.A. inspector general?s report suggests that contact chaining and analysis may have been done on Americans? communications data under the Bush administration?s program of wiretapping without warrants" i find it interesting that this request occurred the same time that core collection on US backbone links at Sprint was under development. Sprint provided the perfect initial test as their ATM infrastructure, and IPoATM data networks, were the most challenging environment for deep packet inspection. (Solve it for Sprint, it can be applied anywhere) "...which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance." it began earlier than this! "A new policy that year [2008], detailed in ?Defense Supplemental Procedures Governing Communications Metadata Analysis,? authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information ?without regard to the nationality or location of the communicants,? according to an internal N.S.A. description of the policy... After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ? years ?to great benefit,? according to the 2011 memo. It was put in place in November 2010 in ?Sigint Management Directive 424? (sigint refers to signals intelligence)." so this is when we see the floodgates really open, and the data deluge turned up to 11... "The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency?s fiber-optic cables, corporate partners and foreign computer networks that have been hacked. The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider... ... the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion ?record events? daily and making them available to N.S.A. analysts within 60 minutes. The spending includes support for the ?Enterprise Knowledge System,? which has a $394 million multiyear budget and is designed to ?rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,? ... A top-secret document titled ?Better Person Centric Analysis? describes how the agency looks for 94 ?entity types,? including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 ?relationship types? to build social networks and what the agency calls ?community of interest? profiles, using queries like ?travelsWith, hasFather, sentForumMessage, employs.? A 2009 PowerPoint presentation provided more examples of data sources available in the ?enrichment? process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas." and this is interesting in both scale and technical detail on the metadata collected and how it is utilized in social network analysis. keep 'em coming! From drwho at virtadpt.net Mon Sep 30 15:21:52 2013 From: drwho at virtadpt.net (The Doctor) Date: Mon, 30 Sep 2013 15:21:52 -0400 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/26/2013 03:20 AM, Lodewijk andr? de la porte wrote: > A yagi pointed skywards should be hidable inside the house, so I > guess he's somewhat right. Possibly a dish, too. A good place to start research: http://www.arrl.org/limited-space-and-indoor-antenna - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "The building was on fire, and it wasn't my fault." --Harry Dresden -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJJz1AACgkQO9j/K4B7F8EFUACgwYhWbTFgMhdnt6ZNggsy+Kzm EeoAoOtvRbGslYgZR374gR+S0idkPwOc =Xwr0 -----END PGP SIGNATURE----- From adam at cypherspace.org Mon Sep 30 15:41:00 2013 From: adam at cypherspace.org (Adam Back) Date: Mon, 30 Sep 2013 21:41:00 +0200 Subject: NYT: N.S.A. Gathers Data on Social Connections of U.S. Citizens In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> This bit is interesting so the NSA digitally tails all americans without suspicion and if it turns up "evidence of a crime" (not related to terrorism, just crime in general mind) it can disclose that law enforcement. On Mon, Sep 30, 2013 at 05:51:44PM +0200, Eugen Leitl wrote: >Analysts were warned to follow existing "minimization rules," which >prohibit the N.S.A. from sharing with other agencies names and other >details of Americans whose communications are collected, unless they >are necessary to understand foreign intelligence reports or there is >evidence of a crime. So what are we talking about here - jay-walking? Buying CFDs? (Widely sold financial instruments in other countries). Online gambling? (Apparently some types of online gambling are not legal in the US). And so forth. Also I'm not sure how you find evidence of a crime from a social graph analysis without a content wire tap, but maybe a location and time would do as suspicion or some level of evidence it if there is some crime that was known to have occurred at a certain place and time range and they have the phone calling and GPS records. Anyway it yet again violates the US governments claims: that their citizens dont have anything to worry about, its just targetted at terrorists. Not so - they digitally tail everyone and if they find anything suspicious period they forward it to law enforcement. Are they also forwarding such tips to other spy-partner countries? Adam From drwho at virtadpt.net Mon Sep 30 16:02:07 2013 From: drwho at virtadpt.net (The Doctor) Date: Mon, 30 Sep 2013 16:02:07 -0400 Subject: Fwd: [cryptography] The Compromised Internet In-Reply-To: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/26/2013 04:15 AM, coderman wrote: > mesh is much more robust in every aspect... presuming you can > scale (there's always a catch...) There are ways to make it more scalable but I don't think perfectly so. The question is, are 21st century people more willing to use a "send it and it'll get there" method ala the Net as it is now, or a "post it and we'll get it there if we have to teach carrier pigeons to use a tarot deck and a vuvuzula, though it might take a while" method (in other words, FidoNET-like). The latter gets the job done but whether or not people are willing to be patient in light of that kind of latency is a different question entirely. For what it's worth, Byzantium's working on a store-and-forward-like architecture (mobile clients to sort-of stationary mesh nodes with semi-persistent storage) for all of its apps (not just the microblog - thanks again, Richo!). As for the forward bit, we're working on a sufficiently generic implementation of the latter technique (which could use everything from amateur radio (as problematic as that might be) to sneakernet) to eventually synchronize all reachable nodes' content. Ways and means. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "The building was on fire, and it wasn't my fault." --Harry Dresden -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJJ2L8ACgkQO9j/K4B7F8HI4ACfSi+c4DIz8EvLGchfHSd9oBky KUUAnioGhI7zy9ZTobLnS4WOCxTl/4i9 =r2M9 -----END PGP SIGNATURE----- From juan.g71 at gmail.com Mon Sep 30 21:45:35 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Mon, 30 Sep 2013 22:45:35 -0300 Subject: Surveillance Message-ID: Am I right in assuming that the US is the only country who has its own subjects PLUS a good deal of the world under close surveillance? Perhaps the government of china does a similar thing, but obviously only inside china? Other governments like, say, the japanese government or the european governments don't have these clearly nazi surveillance programs? From tom at ritter.vg Mon Sep 30 22:08:35 2013 From: tom at ritter.vg (Tom Ritter) Date: Mon, 30 Sep 2013 22:08:35 -0400 Subject: Surveillance In-Reply-To: On 30 September 2013 21:45, Juan Garofalo I would say you are incorrect. The UK and the US cooperate very, very closely. Likewise, the Echelon/Five Eyes program is a publicly documented SIGINT sharing program (https://en.wikipedia.org/wiki/ECHELON). -tom From juan.g71 at gmail.com Mon Sep 30 22:38:27 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Mon, 30 Sep 2013 23:38:27 -0300 Subject: Surveillance In-Reply-To: --On Monday, September 30, 2013 10:08 PM -0400 Tom Ritter > On 30 September 2013 21:45, Juan Garofalo Yes, sorry, that was a silly overlook on my part =) Also, I see the anglo-american government plus a couple of its provinces like australia and new zealand (oh, and canada) as virtually a single entity... So, the question should be : apart from the anglo-americans, and perhaps the chinese, is there any other cyber police state out there? Likewise, the Echelon/Five Eyes program is a publicly > documented SIGINT sharing program > (https://en.wikipedia.org/wiki/ECHELON). > > -tom > From coderman at gmail.com Mon Sep 30 22:46:01 2013 From: coderman at gmail.com (coderman) Date: Mon, 30 Sep 2013 19:46:01 -0700 Subject: Surveillance In-Reply-To: On Mon, Sep 30, 2013 at 7:38 PM, Juan Garofalo From eric at konklone.com Mon Sep 30 23:25:59 2013 From: eric at konklone.com (Eric Mill) Date: Mon, 30 Sep 2013 23:25:59 -0400 Subject: Surveillance In-Reply-To: Is there any reason to assume any country with an intelligence service *doesn't* try to record and decrypt tons of internet traffic, domestic or foreign? Is there any reason to think domestic surveillance isn't way worse in China than it is in the US? On Mon, Sep 30, 2013 at 10:46 PM, coderman > On Mon, Sep 30, 2013 at 7:38 PM, Juan Garofalo -- konklone.com | @konklone From juan.g71 at gmail.com Mon Sep 30 23:37:03 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Tue, 01 Oct 2013 00:37:03 -0300 Subject: Surveillance Message-ID: <6F56E84703ED3E8D5F7F7933@F74D39FA044AA309EAEA14B9> --On Monday, September 30, 2013 7:46 PM -0700 coderman > On Mon, Sep 30, 2013 at 7:38 PM, Juan Garofalo I guess you're right in a way, but, is there a european equivalent to the utah datacenter for instance? Does japan have its own (smaller but still substantial) version of it? China? Even russia? I understand that european governments expect the ISPs to spy on their customers ('data retention laws') which seems to suggest that they[governments] are not doing it themselves? wikipedia, lousy source, but still "On 2 March 2010, the Federal Constitutional Court of Germany ruled the law unconstitutional as a violation of the guarantee of the secrecy of correspondence.[18] As such, the directive is not currently implemented in Germany." From juan.g71 at gmail.com Mon Sep 30 23:39:51 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Tue, 01 Oct 2013 00:39:51 -0300 Subject: Surveillance In-Reply-To: --On Monday, September 30, 2013 11:25 PM -0400 Eric Mill > > Is there any reason to assume any country with an intelligence service > *doesn't* try to record and decrypt tons of internet traffic, domestic or > foreign? Of course there is. To put it bluntly, the anglo-americans are the only 'superpower' and so they act like one. The rest of the countries don't have inclination nor the means. > > > Is there any reason to think domestic surveillance isn't way worse in > China than it is in the US? Says who, apart from propagandists of western 'democracy'? What county has the highest incarceration rate in the world, which might just suggest if they are police state or not...? > > > > On Mon, Sep 30, 2013 at 10:46 PM, coderman