[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

c4-r3kN.txt (urls)

On Sat, Dec 14, 2013 at 12:33 PM, brian carroll
<[email protected]> wrote:
> ...
>  The Future
> "Modern cryptographic equipment consists of nothing more than a 'black
> box' with powerful digital processors and advanced mathematical
> algorithms. There is not much to see, and there are definitely no
> moving parts. We realize that this is probably where our collection of
> historical cipher equipment will end. However, there are numerous
> earlier cipher machines and much of this is still undiscovered. 'New'
> old machines will, no doubt, pup-up and many side-tracks will be
> walked. Furthermore, the history of some famous cipher machines is
> still very clouded, leaving much to be researched and much to be
> discovered in the years to come.
> "On the Crypto Museum website, we have done our best to raise an
> interest in historical cipher machines and cryptology in general.
> Where possible, we will give as much background information as we can.
> Perhaps you too will eventually get contaminated with the Crypto
> Virus. If it happens, be careful as it might get under your skein.

there are variations... i am afflicted with the contagious and acute
Entropus Major virus.  and now, any crypto system of which i am not
able to see the input randomness, by precision jitters or max rate
sampled freewheelers, or even that crazy faraday'ed up leadzone with
Geiger counter she told you about at BSides,

but hide that sweet sweet river of unrelated bits behind a bytecode
block??  that's just not cool!

until then, i've "borrowed" Peter G's d20's for a bit - hope he
doesn't need to roll them any time soon.

> == random ==
> 1. if prohibition of alcohol = control of speech, as a side-effect,
> via behavioral influence, that is, sobriety;

i never considered prohibition as constraint on state of mind in public,
mainly thinking along monetary and covert economic activity angles.

but considering the public, and the multitudes of social scenes no
longer "lubricated" or under shadow of persecution, this would have a
direct and personal impact on many.

certainly a world removed from the producers and distribution
activity, which tends to monopolize the zeitgeist of the prohibition

> what is prohibition of
> crypto? control of controversial thoughts and connections, an indirect
> form of secondary censorship. Fahrenheit 451 tactics- actual crypto
> the fire.

crypto-compromise as frantic inferno is not quite right.,
the impact is almost invisible, until it is dire and potentially life-ruining.

global compromise for ever-present surveillance is crypto-HIV
 sure, you're fine now.  probably a while, no concerning symptoms.

then OMGWTFBBQ punctuated equilibrium, over-reaction,
suddenly crypto-AIDS just ate your life and shat out
 terminal-solitary-confinement and/or financial ruin.

plenty of company with all the other susceptible individuals, more than
you imaged...  equally destroyed by a silent corrupter too easy to ignore


> 2. if everything is backdoored already, essentially key escrow exists
> as the basic situation, instead of having private keys the NSA has a
> master key per standard, implementation, other. if this was inside a
> known legal framework, that perhaps would be tolerable with oversight,
> yet without oversight where tyranny takes over, then everything is
> pawned/owned by NSA who could forcibly censor without consequence as
> part of a hidden political strategy, etc.
> (all tools broken so a crypto scheme can function, leading to all
> tools remotely breakable?)

they call it "Tailored Access" and "Computer Network Exploitation" for
... when they aren't having the FBI violating domestic providers in
their NSL hole.

it's legit.

on a more serious note, regarding the assumption:
 "if everything is backdoored already, essentially key escrow exists"

NSA has stated that many of their BULLRUN techniques are incredibly
fragile.  a number of them now burned in leaks, many yet to get
stuffed. if they "did it risky"[0], perhaps feeling emboldened by the
seeming success of Dual_EC_DRBG and friends, a common key / reduction
hidden behind AES-128 rounds could be discovered, independently
confirmed, and properly attributed.

so not only can the backdoors be broken up, replacements which are
resistant to compromise will take their stead.  "everything" becomes
"much" becomes "very little" until ideally such invasive tactics are
reserved for HUMINT tasked "good ol'e detective work" with legal
bonafides judged according to public laws and applicable to all
persons on earth, not just tribal deference pointed inward.

the jury is out; there are encouraging signs... but first, back to
those raw samples!!

best regards,

0. "Some thoughts on suborning encryption chips"
A much easier approach is to simply eschew safety altogether and use a
fixed AES key that's common to all chips.
  [ED: or fixed modification to the AES-CBC-MAC compressor then masked
by the DRBG in front using "Stealthy Dopant-Level Hardware Trojans."]

But the NSA would never do something that risky. Right?