Ask Slashdot: Echelon Protection? 197
An unidentified submittor had a worthy question and I want
to submit it to you all for discussion:
"How confidant should we be in private sector
encrytion as a defense against ECHELON intercepts.
The NSA probably has toys we will never hear about.
Can we really trust PGP and FreeSWAN to defend personal and corporate data from the spooks?
Should corporations begin hiring encryption experts to
defend their data stream?" Slashdot has covered
Echelon before, and in the midst of all the
recent concern from Congress one can only sit
and wonder how long it is before 'privacy' (or if you
prefer, the illusion of privacy) becomes a thing of the
past.
I can successfully brute force any key... (Score:1)
P.S. You know all the NSA guys/gals are laughing their asses off as they read this.
How to decrypt any message instantly (Score:1)
All that factoring and math stuff is just a red herring.
Privacy is already a thing of the past! (Score:1)
What happens to your name when you enter a contest? That too goes into a big databank somewhere. When you write your grocer or super-store a check you give them your name, address, telephone number (and in most cases your work number). All this ends up in the same databank, it is information the retailer sells about you!
At a minimum, Big Corporate Brother knows more about you than you would wish him to. He knows your approxamate income, he knows where you live, who you live with and wether you own or rent. He knows where you work, what you drive and where you shop. He knows your interests and your hobbies.
He knows too damned much.
NSA (Score:2)
Sigint to noise ratio (Score:5)
Think about the traffic that any sort of large sigint operation like this needs to filter through. If it took even a couple of seconds to descramble each message just to check for any red-flag words the entire system would rapidly backlog.
Want to fuck with the Echelon project? Put the words "nuclear technology transfer funding" in the subject line of all of your email and encrypt it. It could be fun
invalidate the results (Score:1)
(Almost) Uninformed Tired CFS Rambling (Score:1)
It doesn't appear that CFS will quite do what you're looking for... Poking through the CFS documentation (what I can make out at the moment, being rather tired), I take it that you presently need to enter your password when starting each shell, before being able to access files under the CFS-mounted region.
The clearing of passwords on suspend is not presently supported as best I know (If apmd lets you have a script to run before a suspend, that would help... but you'd have to be careful about what happens to open files), and I'm not sure if you can just put in your password on boot (as opposed to each login). This is something you could figure out by playing around with it a bit, though.
Of somewhat more concern, it appears (from-what-I-can-make-out) that CFS may not work with the GNU linker (something about not supporting holes in files, though later it says that such holes are supported but filled with garbage... I'm tired, damnit!).
It sounds like you could quite safely start a small directory tree under
I hope this is at least slightly parsable and usable (though not necessarily in that order).
Re:The /. effect (Score:1)
For the truly concerned (read: paranoid)... (Score:1)
Just for the sake of it, I created a 4DOS batch routine a while ago which automatically encrypts/encodes/compresses the file through a ridiculous number of steps. The companion batch routine, which unpacked the beast, was stored on a floppy...
I used more than fifteen archivers, several of which had their own crude internal encryption schemes, PGP plus two encryption programs, a uuencoder, and two steganography utilities, all variously arranged, with, of course, PGP, 2048+, at the beginning and end...
The loose theory was, so many different things were used-- and of them, so many obscure-- that even if someone actually found the file, they wouldn't know what the hell to do with it...
...or if they were like me, and they did, they'd be frustrated as hell going through all the steps to undo it all.
--YDeO
"It's not down on any map;
true places never are." --Melville
Fundamental mathematical mistake... (Score:1)
In the interests of averting a lecture that would prove to be a HUGE digression, let me just make 2 points here:
1) If you eliminate ANY key choices (say, based on the fact that you think they are uncomfortably close to the "beginning" of they key space), you have just shrunk the space of possible keys & weakened your cryptosystem!!!
2) Depending on the crypto scheme you are using, applying multiple "encryptions" could easilly weaken your security. There are SOME cryptosystems where doing so can be provably more secure (DES, for instance), but my point is that this is not something you should be doing unless you fully understand what you are messing with...
Re:Sigint to noise ratio (Score:1)
better yet...setup a server in china that
throws all emails away. Have a few differnt
people start emailing it with streams of random
data. have them call a phone there which
connects to a tape recorder with a looped
tape in it...have it send random tones made
to sound like an encrypted message yet
in actuality random.
scare the shit out of them that some new
encryption scheme exists thatthey don't know about
and looks like random data
Re:NSA/classifying (Score:2)
Well they can always do "The right thing"
and immediatly distribute as many copies as
they can as widely as they can and get copies
(electronic and otherwise) into as many hands
as they can before the NSA has a chance to stop
them.
Sure it will bring legal wrath down on them
and if they patent then they don't care about
doing the "right thing" anyway...hell they
half deserve it...their intention was to keep
it to themselves legally so they could make
money...and instead the NSA said no..we are just
going to keep it to ourselves and forbid you
to use it openly.
almost fitting but...the NSA shouldn't be allowed to keep secrets. They are the greater evil
So what about crypto file systems, anyway? (Score:1)
There is something notable missing from all of these pages: simple, easy-to-follow instructions on how to install and effectively (and securely!) use a file system like this.
From the dearth of documentation, I get the feeling that this has only ever been attempted by file-system gurus, which means that I wouldn't even want to consider attempting it, because reformatting my disk and reinstalling the system is not something I look forward to.
Here is what I would like to end up with:
Is this dream even remotely realizable?
Basically, the situation I want to protect against is simply that of the laptop being stolen while I'm away from the keyboard -- whether it is powered on at the time, or powered off.
The problem here is that the usual crypto-heads are the types who use ssh and pgp and are already used to having to perform nontrivial system-administration tasks to get things up and running, and who don't mind wading through a command-line alphabet soup to do simple tasks, all day long. What we need is someone who is both a crypto-head, and who understands that their agenda is best served by taking the time to make this software be drool-proof.
It doesn't matter how good the math is if no real users are actually using it. Crypto is only effective if widely deployed. If not, those few who use crypto stand out for targetting.
Re:So what about crypto file systems, anyway? (Score:1)
Where? I haven't found it.
Then you believe in security through obscurity. Security through obscurity doesn't work. Repeat it until you believe it.
Then you believe that software is made more powerful by being obscure enough that only a vanishingly tiny minority of potential users are able to use it. You believe that software that is used by a thousand people is, for that reason, more powerful than software that is used by a million people.
You are wrong.
The more people who use crypto, the more effective cryptography will be for everybody. If one has to even understand what ``NFS'' is in order to install a package like this, then it's still too hard.
That's why PGP and S/MIME are still so marginal that they can be completely discounted: only gurus use them, because they aren't so completely transparent that you don't even know that they're there until they have something to warn you about.
Designing easy-to-use interfaces for crypto is one of the hardest UI tasks there is -- I know, I've tried. But, if you believe in cryptography at all, it's also one of the most important.
Re:I can successfully brute force any key... (Score:1)
double encryption should NEVER lower the strength of encryption. That would mean the encryption is insecure. OTOH, it doesn't have to increase the strenght.
In the case of DES, there is a known attack on double encryption that makes double encryption equal to single. Tripple DES (where you encrypt with DES three times) is more secure. Typical implimentations of tripple DES only use two keys, so you only have two keys to break. Not all tripple DES uses only two keys, some use three. There are also several different ways to apply this. (Typical is to encrypt with key A, decrypet with key B, and then encrypt with key A. Not the only possibal one)
Please, before you comment on issues of encryption you owe it to everyone to read Bruce Schinder's work Applied Cryptography
Crypto references & bibliography (Score:1)
Another interesting paper is "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, by H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. Neumann, R. Rivest, J. Schiller, and B. Schneier.
An interesting bibliography [counterpane.com] is on Bruce Schneier's Counterpane site. [counterpane.com]
That wouldn't be the first electronic computer . . (Score:2)
Re:Sigint to noise ratio (Score:1)
Another Question, or two... (Score:2)
I have never had an interest in crypto, or even used it. I never thought I had anything worth hiding... But that hasn't stoped me from occasionally pondering the theory of it.
Ok, I guess I understand a bit more that "it just takes the right password to decript a message." But basically, key management is the bigest risk I would see, isn't it? Because your "secret key" or whatever is kept somewhere on your computer, and it takes the right key to decript something. So, if your key is say 128 bit, it would take some serious horse power to crack it, BUT, wouldn't it be way easier for someone to crack into your system and steal your key, then just crack the password for the key? To me, stronger and stronger encription seems pointless if this is all it would take to break it.
Also, I guess since I am getting older (and lazier), I wouldn't mind trying some pgp or gpg thing just for the heck of it, but a nice GUI front end, and maybe a Netscape Mail Plugin for it would be nice. Is there such a thing, a full GUI front end for pgp or gpg that is gpl and generates keys, incripts mail for easy sending, key management, and everything? the only thing I found is gpgp and that seems to be only key management. So, is there anyone who has done such a thing, or am I just going to have to spend 15 minutes reading the docs, and not have a good mail plugin, and realize that my less technical friends will never be able to read anything I would send them encripted. I guess it's not a big consern, because like I said, I don't think I have anything to hide, but I guess if it was an easy thing to do, I might just consider playing around with it.
Re:Another Question, or two... (Score:1)
You say, "wouldn't it be way easier for someone to crack into your system and steal your key?" Well, then use crypto to prevent people from cracking your system. Shut down services that aren't needed, and only allow ssh logins.
--Alex
Re:Open Source... (Score:1)
There seems to be a repeated effort to convince people that an all powerful NSA will thwart any attempts to insure privacy. I guess the hope is that people won't bother to use what is easily and in many cases freely available thus making the prediction true by default. If people want to wallow in their cynicism, that is their privilege. I think the efforts to evesdrop promiscuously are doomed and the listeners know it. It is mainly a question of how long they can get away with their claims to "pay no attention to the man behind the curtain..." (quoting from the Wizard of Oz)
Re:A bit paranoid, aren't we? (Score:1)
You don't need anything higher than 40-bit encryption to protect your computer, since you don't have anything worthy of stealing
Oh really? Whats the value of a credit card number? 2-5 thousand dollar credit limit, and the number is good for a couple of years. Someone could spend a few $$$ on computers and crack it in a few days with 40 bit encryption, then move on to someone else's card number. The initial money spend on computers would be got back in a matter of weeks. Plus, I would have to deal with the hassle of convincing the card company that it wasn't really me.
It really is no harder for me to use 128bit encryption instead of 40 bits. If it is worth encrypting, it is worth encrypting well.
Re:NSA/classifying (Score:1)
either option implies that they have methods of breaking most crypto software out their b/c otherwise they wouldn't care.
That is both very nifty from a mathematical point of view and interesting from a political point of view
Open Source... (Score:1)
Re:So what about crypto file systems, anyway? (Score:1)
Too much current crypto uses iron doors to secure houses with tissue-paper walls anyway. Crypto does not just need a better UI, it needs to be integrated into the system from the very beginning. Unfortunately it is already too late for Linux (and unix in general), security cannot be added as an afterthought or it will never work as well as it should. If security is not a part of the foundation then the structure built will never be as strong as you think it is...
Re:P != NP (Score:1)
Suppose I prove P=NP by giving a Turing machine that factors a number of n digits in A(6)n^2 steps (where A(6) is Ackerman function of 6), how do you use it to factor a 2048 bit number in a reasonable time?
(Actually, I have a proof for the existence of such a machine, but the margin is too
Probably not assymetric (Score:1)
To the gui above: PGP is not a assymmetric scipher. It's a program that uses one(You probably knew this(You just expressed yourself poorly)).
Just a phew notes. (Score:1)
It doesn't take any energy to move something. I guess that if one calculated the maximal number of times that elecron could be moved at the speed of light and divided this with the number of times this operation could be done in parallell. Then chose a reasonabe time. Then chose a risc factor like 10^-100 and said that only the risc factor times the key space could be seached in this time you get a key size to fit your req's.
A one-time pad can be cracked! Even though the method for this whould be a joke for longer messages. Here goes: Use traffic analysis to figure out possible topics for the message. Use a dictionary attack to get all possible messages that confirm to the message lenght. Then filter out anything that doesn't confirm to the possible topics. Of course this can't tell the difference between "I HATE You!" and "I LOVE You!", but this would unscramble with old fashion psychosocial-analysis. |=8)
Fundamental mathematical mistake...Again! (Score:1)
Point: Cryptosystems that are vorse than "groups" are already crap repeat or no repeat.
Here's how to choose a sufficent key size: Choose a risc-faktor(1k year). Ok now make sure that now one can search 1/10^100th of all the keys within that time. If someone can search 7e12keys a year and that doubles every 18monts you figure it out.
jes but their spe d en cr e a ses e x (Score:1)
It whould only be 10^18 3 years from now...
6: 10^16
9: 10^14
12: 10^12
15: 10^10
...
??
a few points to consider... (Score:1)
a) If you send your key over the Internet (or
phone lines), then it's completely
compromised (in case of symmetrical
encryption), because Echelon will get a copy
of the key as well... In case of PGP, if
you transmit one half of the key, this might
also give them something to work on to find
out the other half.
Remember: It's also no use to send a new
key encrypted with an old one (that was
transmitted electronically before).
b) You won't get around having your email
snooped by them, but we could all make
their lives a hell of a lot more difficult
if everyone were to encrypt everything they
send over the Internet. Even if they have
the keys, or if they can crack it easily -
they will have to decrypt your message to
be sure, that you don't do anything
forbidden. And if everyone would do that,
they would certainly spend a good deal of
CPU time just trying to decrypt rubbish.
c) If you want a good protection for your data,
use a good encryption program, and then do
something with the data, that isn't covered
by any program, e.g. put a certain amount
of random junk into your message (at places
and using blocksizes that the recipient
knows, like: add 1937 bytes of random junk
at the beginning of the file, and then
another 7 bytes of random junk after every
234 bytes of encrypted data plus 1234 bytes
of random junk at the end.
Using that info, the recipient can easily
restore the encrypted file and then decrypt
it.
Another way would be to swap blocks in the
received file, e.g. swap the first two bytes
then the next 2*2 bytes, then the next 2*4
bytes of encrypted data.
As long you tell the recipient in person,
what to do with the file, you should be
fairly safe (again, if you transmit the
information on how to descramble the files,
everything might very well be in vain, since
that mail/phone call/fax/... is as likely
intercepted, that your precious (or useless
but still encrypted) data is.
Let's put it this way, the worst part of the NSA is, that they either
- in spite of having an undoubtedly HUGE budget,
couldn't prevent China from getting the USs'
nuclear secrets, or (even worse)
- might even have China let them have
knowingly (willingly even?)...
What the NSA can/can't do (Score:1)
On the other hand, some of the worlds best and brightest rigorously pursue very public encryption research, and provide some indication of how difficult cracking an encryption scheme can be.
Today's systems rely upon difficult mathematical functions and permutations for which, in over 2000 years of research (in some cases), shortcuts have yet to be found. Whether the NSA, in the space of 50 years or so, could break these riddles is, indeed, an open question. But I have my doubts. I think they tend to rely heavily upon people NOT using encryption.
Kythe
(Remove "x"'s from
Re:128-bit keys (Score:1)
So let's assume that the government has a hypercluster of computers that are a billion billion times faster, en masse, than the ENTIRE
distributed.net.
It would still take them 1e20/1e18=100 years to break _ONE_ 128 bit key.
--- snip ---
That's only true if they don't know about any analysis techniques or weaknesses in the algorithm that we don't. I don't think that's a safe assumption.
---
Re:doubt ->Re:Strong Cyrpto would protect you. (Score:1)
-Chris
Re:Strong Cyrpto would protect you. (Score:1)
IPSEC & microsoft (Score:1)
syslog: IPSec Policy agent started successfully.
applog: Failed to obtain Kerberos server credentials for ISAKMP/Oakley service. Kerberos authentication will not function. The most likely reason for this is lack of domain membership.
applog: The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions. All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encyption. Generally, this is benign. ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption. This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption. If this is the case, please contact your network administrator.
I sure am glad I'm moving to a job that involves a Linux based company. M$ is limiting local subnet negotiations because of export restrictions? Big Brother is alive and well. Little Brother lives just outside Redmond.
Re:128-bit keys (Score:1)
The GREYs are merely observing. It's a lot like a big undergrad anthropology project. Rabbits are actual remote controlled, self-replicating monitoring devices DIRECTLy under their control...
or maybe I just need to up my dosage...
Re:How to decrypt any message instantly (Score:1)
An AC wrote:
Which is, of course, why PGP users shouldn't use the "encrypt to self" option if they are operating in a hostile environment.
If the sender is using a public key crypto system and encrypts the session key with only the recipient's public key (and not their own) then you're going to have to find and torture the recipient.
Re:Making grepping more difficult (Score:1)
Re:Making grepping more difficult (Score:2)
Even....you......unassisted........to.read....fai
Um, CmdrTaco, the preview screen strips the tags out of the comment field of the form, so if you submit from there you lose all your formatting. Sorry it made a junk post
Only a thought... (Score:2)
Traffic analysis, tempest, conventional espionage... I see no reason why they would even bother trying to decrypt anything. Unless your security methodology makes the encryption absolutely necessary to crack to obtain the information required... it's kinda pointless to bother with decryption.
--
Re:Privacy is already a thing of the past! (Score:1)
Sounds like the system is working.
It's not like the AG is in on the conspiracy...
Re:P != NP (Score:5)
In case you didn't know, P ?= NP is probably the biggest unproven assumption in theoretical computer science today. Although it is widely believed to be true, noone has succeeded in proving it.
Furthermore, your definition for class NP is wrong (your definition instead most closely applies to a different class often called RP); NP is most easily described in the following way: if you are given a solution, you can verify that it is indeed a true solution in polynomial time.
In addition, your definition for polynomial time is wrong! Polynomial is time n^k where n is the size of the problem, and k is a constant; not k^n which rather would be exponential time (class EXP). For exponential time, it has been proven that EXP = NEXP; i.e. that nondeterminism buys you nothing when you have exponential time to play with (because you can simply enumerate all the possibilities and try them all.)
Now, public-key cryptography (but not traditional cryptography) relies on the assumption that P != UP, where UP is the class of problems solvable in polynomial time on something called a unambiguous nondeterministic Turing machine; UP is a subset of NP and a superset of P. The assumption P != UP is actually stronger than P != NP.
It is widely believed that P != UP != NP, but neither has been proven.
Reference: Papadimitriou, Christos H.: Computational Complexity, Addison-Wesley, ISBN 0-201-53082-1. Excellent book.
A bit paranoid, aren't we? (Score:1)
The only form of electronic espionage being done over the internet from inside the US is that of smuggling high-level secrets out of the country (ie. nuclear warhead data). In those situations, the US government clearly was unable to intercept the data, despite it being taken without heavy encryption. In my honest opinion, Echelon is a lot of FUD.
The only practical uses of complex encryption areby corporations transmitting valuable or sensative information over the internet, and, of course, government research labs. You don't need anything higher than 40-bit encryption to protect your computer, since you don't have anything worthy of stealing (if you do, you're either a corporation or you're holding something illegal).
The US government is not the threat here, folks. Nor is it any other government trying to steal the data of the people. The only threat is from inter-governmental espionage resulting in the proliferation of advanced nuclear weapons systems (ie. Chinese/Russian spies dating from the late 1930's).
Re:128-bit keys (Score:1)
Re:a few points to consider... (Score:1)
Let's not try to blame everything on the NSA. Actually, they are the most harmless of the bunch. They don't have field operatives with guns and itchy trigger fingers.
I think way too many of you believe everything you see in the movies....
Re:128-bit keys (Score:1)
>Recent calculations by astronomers say that the universe is about 10e12 years old.
Don't you mean that the universe is 12x10^9 years old?
"M-x spook" and "X-NSA:" ain't gonna cut it (Score:1)
The NSA was selling topic identification in 1994 that sounds better than today's state of the art. See Bruce Schneier's note inside this linked article [deja.com].
And I'm not willing to bet my life they haven't maintained their light-years-ahead headstart in breaking crypto (don't forget, these guys' predecessor had COLOSSUS with 56k I/O during WWII), and can read all our PGP messages.
If I ever really have to hide something as I send it over the 'net, I'm gonna use steganography (layer 1) to hide the image of a handwritten note (layer 2, make 'em use OCR) that's in a dead non-Latin-alphabet language (layer 3) written in a mirror (layer 4) inside a PGP-encrypted (layer 5) Pamela Anderson pic.
Well, maybe not. But I at least feel very confident that would be safe. I trust and use PGP, but I'm always uncomfortably aware that NSA has some very very smart people.
Re:Another Question, or two... (Score:1)
Re:doubt ->Re:Strong Cyrpto would protect you. (Score:1)
As for elliptic curve cryptography, this is a relatively new type of public key crypto. These algorithms are thought to be more resitant to cryptanalysis than RSA, which is used in PGP.
Specificaly index calculus discrete logarithm attacks will not work. Also, they tend to be faster and require smaller key sizes than comparable public key cyphers like RSA.
Reference: Applied Cryptography Vol2
Strong Cyrpto would protect you. (Score:2)
Re:If they could crack it... (Score:1)
So...don't post anything securely on Usenet or any other archived public place that you don't want people reading in ten years (in case a security hole is revealed at a later date).
W
PS - It'll be fun to go back say in 2010 and crack all those PGP'd messages from 1995 and see what people were saying on Usenet and in other public places when they thought it was "safe"...
W
-------------------
Re:128-bit keys (Score:1)
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
Re:Strong Cyrpto would protect you. (Score:1)
An article in Business Week (May 31, 1999), of all places, has the following to say about Echelon:
I'm assuming they're talking about asymmetric ciphers here. However, if these numbers are to be believed, it does seem to imply that 1024-bit keys are on the verge of being vulnerable to attacks currently used in Echelon. So strong-er encryption (namely longer keys, as suggested above) would be advisable for anyone worried about Echelon. :) Do it before they get their hands on a Beowulf cluster. Of Crays.
Hmm, I wonder why the U.S. government has banned the export of strong encryption... 8)
Output of M-x spook (for the Echelon folks):
South Africa Clinton supercomputer kibo Legion of Doom PLO Serbiancracking terrorist colonel [Hello to all my fans in domestic
surveillance] North Korea Ft. Meade fissionable ammunition
-W-
Corporate cryptographers (Score:1)
OTOH I have personally worked for [another large business services firm] with tons of extremely sensitive info on clients. We're talking billion-dollar deals on a daily basis, market-moving deals too. Naturally they take client security to paranoid lengths; yet they're completely clueless when it comes to IT security (eg: straight win95 as standard, no intrusion detection whatsoever, not even a formal written RFC-site security handbook - style security policy.) They just happened to be based in the US ... (I'm in Europe.) Of course it would be pure paranoia to suspect that they might be deliberately allowing all this sensitive commercial info to whizz around the net in plain text to make it easy for ECHELON to intercept ...
Echelon Bait -- Easy to Counter (Score:1)
Flag Message If
(~ [keywords])
Unless
(~ ([keyword]\s*[keyword]){3+})
(or something like that). The point is, it should be fairly easy to auto check a message to see if it contains a string of keywords in a row.
Better to randomly distribute keywords throughout your text, methinks.
Also, correct me if I'm wrong, but this whole discussion centers around traffic going out of the country, right? There's (to my knowledge) no real way for the NSA to monitor every single internet pipe in the country (and the backbones are far too busy to sniff--can we really build a terabit sniffer?)
david.
Re:128-bit keys (Score:1)
Work Factor (Score:1)
If the NSA or other TLA is seriously interested in what you are doing, PGP is not going to help. Not because they have cracked PGP, but because there are many other easier ways to get the information.
FreeS/wan and Linux 2.2 (Score:1)
Does anyone know of an alternate that doesn't force you to use ancient kernels?
-Doviende
"The value of a man resides in what he gives,
and not in what he is capable of receiving."
Sneakers... (Score:1)
Know ye not that ye are Gods???
Re:nothing to fear, except fear itself (Score:1)
Check out
Generating Hard Instances of Lattice Problems M. Ajtai. ECCC on line Tech reports TR96-007 [uni-trier.de] http://www.eccc.uni-trier.de/eccc/ [uni-trier.de]
of course I'm not say the system proposed is pratical at the moment.
Won't happen w/out better software (Score:1)
Funny thing. I use a mailer called Voodoo that makes transparent use of PGP very easy. It uses some standard (or at least I thought it was a real standard) called PGP/MIME. Once you get Voodoo set up, day to day use is effortless. I had great plans for switching over all of my email communications, at least among close friends, to PGP encrypted.
Know what I found out? Most emailers don't support PGP very well at all. You have to manually save the message to a file, run it through PGP, and read it. Not hard, but not nearly as easy as reading a "regular" email message.
My friends weren't using Amigas, so they couldn't run Voodoo. Stuck with elm, pine, etc. They eventually got sufficiently annoyed with all my PGP messages that I was asked to stop. They were happy with encryption, but didn't have the tools to make it easy. So now I just use PGP for "secret" stuff. Kinda defeats the whole purpose, no?
I don't think that widespread casual use of PGP is going to happen anytime soon, unless better email readers start to become more common.
Re:I can successfully brute force any key... (Score:1)
Re:How to decrypt any message instantly (Score:1)
Actual (well, paraphrased) conversation I overheard:
Parent: So, this PGP key you made for me, what's the chances of it being broken?
Child: Universe will die of heat-death first. Only real chance anyone would have is to get the passphrase.
Parent: So, if the NSA held my life for your passphrase?
Child: Oh, I'd give it to them... Parent sighs right now. I haven't done anything that would justify that... yet. Mutterings of 'paranoia'
Re:So what about crypto file systems, anyway? (Score:1)
Hopefully, a similar product will be come from them for Un*x type OSes soon.
FreeSWAN installfest Saturday 6/12/99, SFO (Score:1)
One time pads. (Score:2)
And you may not even have to transfer the whole pad if you can both (again, by secure channel) agree on some commonly available text to serve as the one time pad (which has the advantage to looking innocuous if you're subjected to physical search.)
Consider that pressings (from the same master) of, say, a music CD would make a great ~650 Mb worth of one-time pad.
A somewhat paranoid view of things (Score:2)
Secondly, if one looks at the top 10 supercomputers in the world, they will notice that around 3 of them are of the "classified" category. Combined, these three supercomputers provide more power than the top computer which is at Sandia. Some of these have been in operation for at least 2-3 years. It has also been acknowledged that dedicated systems with custom-designed chips are able to crack DES, etc, at much higher rates than conventional technology - DeepCrack or whatever by EFF is a good example, and that only cost them $100k-200k. Imagine what an intelligence agency with a multi-billion dollar budget can do. So I wouldn't rely on distributed.net to be the benchmark in crypto cracking.
Finally, there is the matter of limited manpower. Yes, the NSA's weak point would probably have to be their inability to focus on *everybody* cause they just don't have the resources to do so, however, the nature of Echelon lends itself to more economic interests as well as national security ones. Thus, there has been concern that corporations which donate mucho $$ to the current administration might be slipped occasional interceptions of their competition. Given the willingness of our current administration to cater to the Chinese government, I'm not sure they wouldn't hold back against our own national companies. But unless you're some major multinational corp w/ some big competitors sitting around, I wouldn't be too worried.
So for the most part, I must agree with the rest of the posts that one need not be too concerned with NSA intercepting their transmissions - even if they did, the odds of it being used for malaligned purposes is very slim. While the NSA might possess the technology (and the money), there are many other factors which appear to work in our favor.
Re:FreeS/wan and Linux 2.2 (Score:1)
128-bit keys (Score:1)
Distributed Net is undoubtedly the fastest computer on the planet, even assuming that the NSA has some pretty state of the art stuff.
At this rate, it would take Distributed Net over 10e20 years to break a 128 bit RC5 key.
Recent calculations by astronomers say that the universe is about 10e12 years old.
FreeSwan is just IPSEC for Linux (Score:2)
Those of us in the US owe a tremendous debt to the people in the free worls who are doing this. We can't help, but we can test and report. If you want to help, or just see what's going on, go to the FreeSwan site at http://www.xs4all.nl/~freeswan
Echelon and Freeswan (Score:3)
High level encryption, 128 bit symmetrical keys and 1024 bit public-private keys, would take more computational power to crack than presently exists on the planet. Check out how long Distributed.net has been working on a 64 bit key.
The problem with all this is traffic analysis. Even though they can't read the messages, they can tell a LOT about things just by keeping track of who's talking to whom.
So just by keeping track of who is sending encoded messages to whom, they can find out a lot.
The real power of FreeSwan, and especially IPSEC, won't be seen until it operates as a standard, and everybody uses it. Then Echelon disappears into history, along with all the other police states that have plagued us recently.
Re:Some Issues in This Regard (Score:1)
http://www.heise.de/tp/english/inhalt/te/2898/1
-----------
Giant US software manufacturer Lotus has been
lowering the profile of information about how
they have installed an NSA-only trapdoor into e-mail and conference systems used by many European governments,
including the German Ministry of Defence, the
French Ministry of Education and Research and the
Ministry of Education in Latvia.
----------------
Re:doubt ->Re:Strong Cyrpto would protect you. (Score:1)
If you are referring to the Engima machine, you are completely wrong. The US wasn't involved with the deciphering project until 1942, for a start. And although the Polish had discovered how to crack Engima ciphered messages from 1932, it was not until very late in the war that the British were able to regularly decode a large number of intercepted messages. Alan Turing was the chief designer of the 'Bronze Goddesses', which helped calculate the keys used with the Enigma machine.
And do not forget that the Germans also had 'Secret Writer' (known to the Allies as 'Fish') which was far more difficult to decipher than Enigma, and led to the creation of the first electronic computer, 'Colossus', built by a Cambridge mathematics professor and a Post Office engineer. Colossus didn't start working on ciphered messages until 1943.
I would not consider this 'early in WWII', and the US contribution to the effort came quite late, compared to the Polish and British, who had been working in various forms since the early 1930s, and set up Bletchley Park as a central location for cryptography work.
And a big part of the reason why Enigma ciphers were broken was not the fault of the code itself, but the poor training and laziness of the operators who often used insecure keys and 'known' words.
As you will have heard people say before, security is as strong as it's weakest link. Often you will find than lazy or poorly trained humans will be a weaker link than anything else. Why have a fantastic cipher if the user is going to enter their passphrase via cleartext telnet?
Re:That wouldn't be the first electronic computer (Score:1)
Re:You seem to know :) Re:doubt -> (Score:1)
The Americans became involved in Bletchley fairly late (around 1942 IIRC), and I dare say clever people from other Allied sides were involved as well at some stage.
Re:Open Source... (Score:1)
The open source part comes from making sure your encryption is pretty darn strong (and not just trusting some one else) -- not in preventing interception.
NSA (and UK & AUS equivalents) has gobs more money and dedicated circuits to use in decrypting messages -- but they aren't light years ahead of everyone else. So I believe estimates as to how long it would take to decrypt an x-bit encrypted messages using xxx method under todays technology are probably good ball park estimates.
For people who don't fear the government (Score:2)
Then they came for the Jews and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist.
They they came for the Catholics and I didn't speak up because I was a Protestant.
Then they came for me, and by that time there was no one left to speak up.
Martin Niemoeller
For people who are having difficulty relating to this, here is a modernized version:
First they came for the fourth amendment, and I did not speak out, because I didn't deal drugs.
Then they came for the fifth amendment, and I was silent because I owned no property involved in crimes.
Then they came for the sixth amendment, and I did not protest because I was innocent.
Then they came for the second amendment, and I said nothing because I didn't like guns.
And then they at last came for the first amendment, and I could say nothing at all.
Unknown
Think about it, OK?
Kaa
Some Issues in This Regard (Score:1)
Second: Open source ones must be closely scrutinized. Consider that it took 10 years for anyone to find a problem in the key generator in Kerberos IV. (Lodin and Dole at COAST, 94?) Everyone assumed that it was safe because it was open and many people had surveyed the code. Lodin and Dole could break the session keys in ~1 second on a Sparc 5.
This should be a dilbert cartoon... (Score:2)
G-Man 1: I finally got into Foo, Inc.'s email...
G-Man 2: Ohhh, Ohhh, what does it say...
G-Man 1: Quick, wake the President this says they are going work on improving their customer satisfaction and ultilize syngeries between units of their company to beat their competitors...
Talent at the NSA (Score:3)
Somehow, I doubt that the most talented people end up working for the NSA. How many intellectuals could bare to work in secrecy? It would be as if Shakespeare never showed anyone else his works, never had them performed, and burned them upon his death. It seems pretty unlikely that any creative person could work in such an environment...
... but I suppose there's always a chance...
Re:Sneakers... (Score:1)
Re:NSA teams up with M$! (Score:1)
Did you say frees/wan on 2.2? (Score:1)
From http://www.xs4all .nl/~freeswan/freeswan_trees/freeswan-1.00/INSTALL [xs4all.nl]:
Has this changed? I've been interested in trying it out, but the fact that "2.0.36 only!" is plastered all over the site and documentation kept me from looking at it more than cursorily. I wound up using tunnelvision for now, which is probably equally as difficult to intercept (and a fsck-load easier to set up, from the look of the freeswan docs!) although not necessarily as strong in terms of authentication.
If so, what's the lowdown on getting it to work in a 2.2 kernel environment?
Echelon traditions on the net (Score:2)
------
Chet Blodack, Yoyodyne University |
argyle@mindspring.com |
"You are in a maze of twisty tunnnels" |
libya soviet nuclear encryption Reagan warhead money secret israel china |
oil submarine NSA CIA FBI KGB MI6 IRA Basque communist russia |
The idea was that if everyone put Echelon keywords in their email, the Echeleon system would flag way too many emails and make the system unworkable. Now that the vast majority of people on the net have no idea what a
Anyone else remember doing this? Any other good sig files?
Re:So what about crypto file systems, anyway? (Score:1)
no problem right now
I am using CFS for quite a while now.
Hm, I don't think it's too complicated, (ok, maybe it took me some time to make it work
after installing the daemon with an init.d script you can mount crypted filesystems. It's straight forward.
i would suggest not to do this during startup, as you would immediatly reveal that you have crypted data.
If you think about crypting your whole filesystems, that might be possible, but you would lose LOTS of performance. Just create a directory for your sensitive data.
Then, inside your favorite Windowmanager, you may have two icons, that let you attach and detach the crypted directory
hm...about reentering the passphrase after suspension...
I personally would add a line to my log-watcher (something like "SWATCH" or "WOTS") that looks after apmd's messages to syslog. if a "resumed after suspend" (dont know the exact text and my notebook is at home
I think the power of such software relies on the fact, that it is NOT stuffed into a corset of GUI and foolproof(impossible) usage.
if you need help, send mail.
nuts
p.s.
Has anybody here experience with sfs ?
Steganographic FS
-----
Re:Conspiracy Theory (Score:1)
Ok, that is plain paranoia, right.
NSA is government so it's acronym should probably stand for 'Not So Advanced'.
Huh? I hear you say "US Army is government so it's acronym [...] stands for 'Not so Advanced' ".
And that's plain wrong.
If you're concerned about them, thats not paranoid. Being concerned is, IMHO, our duty, and we should give the average users a slight idea about whats going on.
I am surprised that ppl, that are not so much into computers and stuff know almost NOTHING about NSA, crypto and so on. You almost never hear anything about that on TV, Newspapers...
I am concerned, not paranoid. There's a difference.
nuts
-----
Re:So what about crypto file systems, anyway? (Score:1)
No, that's not my point.
I just don't want anybody to see AT THE FIRST GLANCE, that there's something crypted.
Ok, you are right when someone takes a closer look, that doesnt help.
But if you have to enter the key all the time you
reboot your machine, you must always unlock the
crypted fs. Ain't i right?
The more people who use crypto, the more effective cryptography will be for everybody. If one has to even understand what ``NFS'' is in order to install a package like this, then it's still too hard.
You are right. Maybe RedHat or Suse will add it to
their distributions. Then it will come correctly set up. Oh, wait, it seems RedHat has included it already: http://www.replay.com/redhat/cfs.html
That's why PGP and S/MIME are still so marginal that they can be completely discounted: only gurus use them, because they aren't so completely transparent that you don't even know that they're there until they have something to warn you about.
Try KDE's kmail. Or read Pine's documentation on how to embed pgp.
But it will always be the users part to understand what he does, why there are public/secret keys and so on. I think it can never get fully transparent.
I've written a PGP-GUI too, 2 years ago. The problem is, a user always has to worry with his keyrings manually, there are some points that cannot be automated.
Re:So what about crypto file systems, anyway? (Score:1)
There is a short howto, for setting up cfs:
ftp://ftp.research.att.com/dist/mab/cfs.notes.m
----
RSA, NSA diffrent things (Score:1)
project that had, (and still has) the capability to tap any and all communications. RSA, who's name stands for the people who founded the company and figured out public key cryptography
the NSA would have no reason to try and keep any cryptography "off the shelves" so to speck, because they aren't a for profit company. While they couldn't forcibly get someone not to post there ideas, there's nothing stopping them from buying them off...
---------------
Chad Okere
Re:I can successfully brute force any key... (Score:1)
((m xor b) xor b) = x, so b is your key.
if (((m xor b) xor c)) = y, then you might be tempted to think that you'd need to use (((y xor c) xor b) to find x. but you could also use (y xor (b xor c)) as well, and if you were searching the entire keyspace, you might find (b xor c) first... but I assume that the stuff there talking about is nothing like xor encription...
If you used two keys of diffrent lengh though, it would be more difficult, especaly ones that don't "resonate" for instance if you used a 64-bit key, and a 128 bit key, it would be the same as using one 128-bit key, just make sure they arn't both factors of any small number...
---------------
Chad Okere
Public Key's and who knew about them when... (Score:1)
---------------
Chad Okere
Re:128-bit keys (Score:1)
---------------
Chad Okere
Re:For the truly concerned (read: paranoid)... (Score:1)
besides, I'm sure the NSA knows about every encryption system, from RSA to delmoi's wacky ass 8-bit xor encryptor
---------------
Chad Okere
nothing to fear, except fear itself (Score:3)
I think most conspiracies are just that. While symmetrical algorithms are breakable by brute force, there is very little else you can do. The field symmetric encryption has enough study that many cryptographers would be willing to risk their life on such methods. Choosing a long enough key will make brute force impossible (considering the amount of energy required to move a single electron that many times the distance of one nanometer).
Asymmetrical encryption is a different matter. RSA (used by PGP and SSL) has the largest amount of study, so it is often trusted more than Elliptical, or some of the newer matrix based asymmetrical algorithms. RSA's breakability depends on the ability to factor large numbers. Over the years new factoring methods such as quadratic sleeve factoring have been invented that make RSA weaker and weaker. In general you need N*N number of bits to be as secure as symmetrical algorithm. Improvements to factoring have been incremental and not ground breaking and many people they will never go beyond ~O(sqrt(N)).
But there are practical reasons why you shouldn't be afraid of the government snooping on you. First, you are most likely boring. Unless you work for a foreign government, or you are involved in the weapons industry the RSA probably doesn't care about you. Even if you use PGP to trade child pron, the RSA has bigger problems to worry about. If they RSA had some magically decryption algorithm, there is so much information out there, that they cannot dedicate hardware to decrypting messages unless they believe it is a matter of national security. Most, if not all, of the information they collect is in plain-text form. If everyone used PKZIP to encode their messages, this would be probably require more processing power than they could handle to scan the data.
Local officals are a million times more likely to just raid your house and use "find" rather than try to tape your phone line. In fact I've never heard of a single case where local officals have tapped a modem-line and decrypted a message. It's much easier, cheaper, and faster to go straight to the source.
Bottom line is using PGP with any length key is probably safe. Use keys >2048 bit keys if you are selling nuclear weapons.
Worry about directed surveillance (Score:3)
What worries the ones who are paid to worry about things like this is directed surveillance. If the echelon filters pick up something and it gets you onto a watch list, then any messages from/to you get collected and analyzed by a human. At that point they can determine whether you are just some snot-nosed college brat using PGP for fun or whether you should be monitored more closely.
The watch lists can probably number around 100,000 to 300,000 targets, with AI-like knowledge engines flagging only the most interesting changes to the watch list for humans to review. I understand there is a much fought over pecking order within the ranks of echelon/NSA analysts to get their filter to be on one of the higher tier alerts when they think their project is important. Each target gets a dossier opened on them and stored in a big case management database [remember INSLAW?], with various bits of info and analysis added as necessary.
Directed surveillance of embassies, terrorist communication channels, high ranking political types, and business leaders is the highest tier of alerts, producing reports of activity every day. Lesser tiers cover suspected drug activity, crackpot political fringe groups, key players in telecoms operators and military suppliers, and business and entertainment movers and shakers.
On the back end, post-event analysis of collected material can often reveal a bunch of information to analysts and law enforcement liasons, giving them all kinds of leads. [did anyone notice how the gay navyman on AOL just happened to have the exact same name as a convicted terrorist? coincidence, or the result of a very deep analysis of stored material?]
I'm too lazy to log out to AC, I figure someone [them!] grabs the
the AntiCypher
P.S. I especially like the people who go through tons of iterations just to hide something, is what you do so important that it needs hiding?
Re:NSA/classifying (Score:2)
Re:NSA (Score:2)
This brings up an intersting and related point.. How do we best discurage/save smart people from working for the NSA? We need to explain to people with an interest in number theory and algorithms research that they really do not want to spend their lives keeping secrets. It's hard enough to not be able to talk to people because they can't understand you.. I can not imagine not being allowed to talk to them.. Communication is a part of being human.
Re:128-bit keys (Score:2)
distributed.net.
It would still take them 1e20/1e18=100 years to break _ONE_ 128 bit key.
2099: "Well, Fred, it took a hundred years, but we finally decoded the message! And those pesky Slashdotters thought they were so smart."
"What does it say, Bill?"
"It's printing out now... M... A... K... E... space... M... O... N... E... Y... space... F... A... S... T... space..."
Re:Sigint to noise ratio (Score:2)
When the letter instituting this policy was finally released under FOIA, I placed a copy up on the wall next to my desk.
The NSA is not concerned about message traffic volume, this remains a red herring despite the growth of the internet. Parallelism works fine in this application, and traditional budgetary issues simply do not apply. Think about it.