Friday Squid Blogging: This Unmanned Drone Footage Will Blow Your Mind

Neat video shot from a remote-operated vehicle.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on July 11, 2014 at 4:29 PM148 Comments


Vamp2 July 11, 2014 4:48 PM

The bitcoin network has increased its processing power to over 1.5 zettaFLOPS. Would this amount of computer power be a security risk, if it ever was applied to something other than hashing? Is there anything useful that can be done with hardware designed mainly to produce hashes as fast as possible?

Czerno July 11, 2014 4:58 PM

The waste of resource – energy, computing power – that this selfish, improductively speculative activity represents has me disgusted from the inception of all that bitcoin nonsense. Unless something escaped me, which I will concede is remotely possible… that bitcoin saga and the attraction it appears to exert on otherwise reasonable minds is what’s really blowing my mind !

Anura July 11, 2014 5:16 PM


Well, FLOPS isn’t a good measure for cryptography, since it all uses lookups and integer arithmetic. But let’s say that translated directly into keys tested per second, which it won’t, that’s 2^70 keys per second; 64-bit keys would be trivial, but we already considered them to be weak. At around 2^25 seconds in a year, we could brute-force a 96-bit key in one year on average. For 3DES, at 112-bits (ignoring that the space requirements for a meet-in-the-middle makes this infeasible), it would take you ten thousand years on average. For AES with a 128-bit key, it would take you a billion years on average.

The reality is that FLOPS is kind of a weird measure for the power of the bitcoin network, since it doesn’t really do floating point arithmetic. For a more realistic comparison, we should look at the hash-rate. Since hashes and block ciphers have a lot of similarities, we can do a roughly-direct comparison.

The peak is here:

The peak heashes per second is approximately 140 Quadrillion hashes per second, or about 2^57 hashes per second (give or take). So in one year, you could expect an 83-bit key to be bruce forcible. That means that the 96-bit key bruteforce time goes up to 1000 years, the 112-bit bruce force time goes 100 million years, and the 128-bit brute force time goes up to 10 trillion years.

However, there is more than just brute force time, there is the cost as well. I haven’t a clue what it costs to operate the bitcoin network, but you could be damn sure that even if it was enough to brute force a 128-bit key in a reasonable time, it wouldn’t be worth it for anything but the most sensitive of data, which is probably encrypted using 256-bit keys.

Curious July 11, 2014 5:27 PM

The government of United Kingdom has announced that they intend to create an “emergency security legislation” for maintaining data retention, this even though the European court of justice has deemed the obligatory data retention for companies to be wrong, or something to that effect.

“A recent ruling of the European Court of Justice has removed the obligation on telecoms companies to retain records of when and who their customers have called, texted and emailed.” BBC

Not only is this something that appear rushed, but I think this initiative also might have implications that aren’t fully known.

Feel free to correct me if I have ended up glossing over some important aspect or misrepresented this piece of news. 😐

Jonathan July 11, 2014 6:18 PM

Hi Bruce,

Recently, it seems your blog post titles have become more sensational. Have you hired someone to compose titles for you? Can you explain (or perhaps you have already explained elsewhere)?


bolo July 11, 2014 7:00 PM


Can’t say I’m a fan of your blog titles as of late. They keep triggering my mental “ignore this article because of its sensational title” filters and it confuses me when combined with my “Read this article because I trust Bruce Schneier” filter.

David July 11, 2014 8:01 PM

In cryptography we are used to the idea that the design of algorithms (e.g. AES, RSA)being publicly known so that anyone can perform analysis on them, look for weaknesses and find attacks.

However this does not seem to apply to entropy sources which feed random number generators which are then used to generate keys. Companies and countries like to keep the design details of entropy sources proprietary and even secret to some degree.

I would like to propose that the design of all entropy sources used in commercial products should be treated in the same way as cryptographic algorithms. Their designs should be publicly available for full analysis. The implementation details could be proprietary in a similar way that source code of implementations of AES for example might be proprietary (they might mitigate specific timing or side channel analysis attacks for example).

I would be interested in getting opinions on this observation.

Joe K July 11, 2014 8:19 PM


The waste of resource – energy, computing power – that
this selfish, improductively speculative activity represents has me
disgusted from the inception of all that bitcoin nonsense. Unless
something escaped me, which I will concede is remotely possible…

Have you considered the fact that no monetary system is instituted or
maintained without cost?

You deem bitcoin a waste of resources. To what system are you
comparing it?

Perhaps you will find this treatment of the issue interesting:

that bitcoin saga and the attraction it appears to exert
on otherwise reasonable minds is what’s really blowing my mind

Last I looked, the Bitcoin wiki here was quite comprehensive, and
filled neither with FUD nor with fanboi BS:

Anura July 11, 2014 8:33 PM

Bitcoin uses proof of work to try to verify transactions. This means you are doing a very large amount of extra work, consuming a lot of electricity, and consuming a lot of hardware just for the sake of keeping the system from failing – in terms of processing power per transaction, bitcoin blows everything completely out of the water. The main competitor would be proof of stake, in which the total number of coins, not processing power, is used to verify the transactions.

Jered July 11, 2014 9:56 PM


What’s with all the clickbait headlines? I thought the first few were a joke but it’s been continuing all week. I’m about ready to drop you from my RSS reader…

Nick P July 12, 2014 12:25 AM

@ Anura, Vamp2

The best measure for cryptographic performance is the throughput. The throughput tells you how much you get done. This might be Mbps/Gbps on a network line, hashes per second in Bitcoin, transactions per second on a secure database, and so on. That measurement tells you the real-world effect you actually care about.

Two others are overhead and delays. Overhead is basically the cryptographic protocol messages, checksums, chip area, processing time, and other things needed to make the crypto work that run in addition to everything else. By delays, I refer to the extra time it takes like initialization overhead, transmission latency, etc. An algorithm with massive throughput for network encryption might not be so great if a different key is used for each packet and key setup is horrendously slow.

So, throughput is the primary measure with the other two categories being important too, esp for time critical apps.

Wael July 12, 2014 1:32 AM


I would like to propose that the design of all entropy sources used in commercial products should be treated in the same way as cryptographic algorithms…

How do you propose the openness to look like? There are several factors that need to be thought out. Additionally, it was discussed previously on this blog that it’s not trivial to characterize and assert the “randomness” of a random number generator. Then again, implementation details can skew everything! Maybe a good thread discussion, as we may need to evaluate the effect of the “other factors”…

ismar July 12, 2014 4:22 AM

Isn’t Bruce supposed to provide a squid related post on Friday?
Would this be the first time he has not done so?

man machine July 12, 2014 4:25 AM

They are dismantling the sleeping middle class.

More and more people are becoming poor.

We are their cattle.

We are being bred for slavery.

Wael July 12, 2014 5:01 AM

Top 10 reasons:

1- He forgot his password and can’t login 🙂
2- Squid news are becoming difficult to find
3- BOFH became the new moderator! Clickity, clickity…
4- …

Hopefully he is well and kicking…

Muffin July 12, 2014 6:04 AM

“Friday Squid Blogging: This Unmanned Drone Footage Will Blow Your Mind”

Thanks, Bruce, but I think my mind’s already been blown enough by your headlines this week…

Wael July 12, 2014 6:31 AM

Regarding titles:
He must be experimenting with new book titles. I don’t care much for titles of threads so long as the content and comments are interesting. Book titles are a different matter 😉

“Read this book and be somebody” 🙂

Wael July 12, 2014 6:40 AM

@Joe K,
I noticed after I posted 🙁
Wael -2…
Geez! Two in one day!!!

If the moderator bans me, I would deserve it! But only if he bans me with a classy limerick… I need some sleep for sure, but I had a coke, a cup of tea, and a cup of Turkish coffee late at night, and I am paying the price now.

mike~acker July 12, 2014 8:55 AM

Whitelisting x.509 Certificates

suggested reading:


“Right now, every enterprise should be using certificate whitelisting to make sure the Indian Controller of Certifying Authorities are no longer trusted.”


Browsers supply your system with a large list of certificates and authorities. and you trust them implicitly if you believe in the little padlock that appears next to the https:// in the URL shown on your browser

and so you sign onto a site and the SSL certificate assures you (e.g.)

but is it?

if a fake certificate is afloat it’s possible a hacker could be showing a site that looks just like Amazon — and claims HTTPS security and authentication — while being in fact a fraud

this is why we neet to vet our x.509 certificates, — white list them if you will, i.e. mark the certificates that you have ascertained to be valid.

my recommendation is and has been : we should be able to sign x.509 certificates using pgp.

GnuPG comes built in on Linux. MSFT ought to licence or purchase PGP/Desktop from Symantec and include it with their o/s. and we should have and app off our start menus that would sign these x.509 certificates.

security is going to call for a bit more user participation. e.g. you might be able to go to your local Credit Union in order to verify the fingerprints that should be on the x.509 certificates that you want to authenticate.

but some second channel of verification is clearly warranted.

Benni July 12, 2014 9:14 AM


Nonsense. We have a clear criminal code in germany, saying that

1) für den Geheimdienst einer fremden Macht eine geheimdienstliche Tätigkeit gegen die Bundesrepublik Deutschland ausübt, die auf die Mitteilung oder Lieferung von Tatsachen, Gegenständen oder Erkenntnissen gerichtet ist, oder
2) gegenüber dem Geheimdienst einer fremden Macht oder einem seiner Mittelsmänner sich zu einer solchen Tätigkeit bereit erklärt,

wird mit Freiheitsstrafe bis zu fünf Jahren oder mit Geldstrafe bestraft,

In english this says:

who ever 1) works for a secret service of a foreign power and because of these intelligence activities collects evidence, things or intelligence for a foreign power and against the federal republic of Germany, or 2) declares his willingness to do so, gets a prison sentence up to 5 years.

This nato agreement that Fotschepot cites, is about exchanging of intelligence about other foreign powers, or enemies.

So yes, the CIA would be allowed to monitor terrorists that want to attack in germany. And it is allowed to collect all information on these terrorists.

But spying on terrorists is not an intelligence collection “against germany”. So the nato agreement does not contradict germany’s criminal code. Especially, it does not mean that BND is allowed to copy the entire de-cix IXP and to share this with NSA which then analyzes this. It also does not mean that NSA is allowed to monitor the phone of the german chancellor, since this is clearly a collection “against germany”

Like the judges at the parlamentarian NSA investigation commission said, the entire signal intelligence of the BND is against the constitution, and what the NSA does is illegal as well. The german government even would have an obligation to prevent the NSA to create buildings for their spies in germany, according to the judges.

I think former judges of germany’s highest court know more about what is lawful than some historian.

MikeA July 12, 2014 11:09 AM

Been keeping aloof from the “discussion” about the titles, but I gotta say that most of the complaints come from non-frequent (in some cases totally unknown) commentards. Perhaps Bruce is working on rolling out some form of moderation-assistant software that keys on things like “complaint about title” to cut down on the blogspam. Add to that the complaint about “no squid post” on the squid post, and I suspect a mass invasion from Trollheim.

That said, the Anura’s (intentional?) use of “bruce forcible” is the sort of thing that keeps me reading all the comments.

CallMeLateForSupper July 12, 2014 11:38 AM

“commentards”. That term is unfamilar to me.
== “commenting retards” + “retarded commenters” ? I like it!

” complaint about “no squid post” on the squid post”
Perhaps that complainer, like me, did not see the squid thing because he/she doesn’t “do” video.

Mark T July 12, 2014 11:40 AM

Brute-forcing (find a key by trying them all in succession) is not the only way to decrypt cipher text. It’s just the hardest. Anyone can do the arithmetic.

BTW – it is not known that using 256-bit keys (AES w/14 rounds) is any better than 128-bit keys (AES w/10 rounds). It just seems like it should be.

Benni July 12, 2014 11:48 AM

Shortly after the initial news came out that NSA fakes google and yahoo servers with stolen or faked certificates:

the german computer magazine C’T issued a warning that it is a security risk, when microsoft automatically updates its list of certificates without any noticing of the users, so that dubious certificates could easily get into the windows certificate list, which is thrusted by webbrowsers like internet explorer or google chrome for windows:

After reading this, I filed a bug in chromium, which then was dismissed as a “won’t fix”, with the chromium developers saying that the certificate list is “signed by Microsoft” and there would not be any break in the “chain of thrust”.

And now I see this message from google:

“On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by the National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA).

The India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Firefox is not affected because it uses its own root store that doesn’t include these certificates.

We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.”

Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.”

Now microsoft has removed the certificates in question and it turnes out that the issue affected 45 domains:

In view of this list, the advice from google looks especially funny:

“Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.”

The microsoft certificate list is used in the browser chrome. Faking of a google server is difficult, since chrome checks its certificate by different means and that was how the attack was revealed. But chrome does not have a similar check for yahoo. If that attack would not be working after all, the hackers would not have used it.

But still, google does explicitely not suggesting anyone that they should change passwords…

Thoth July 12, 2014 12:00 PM

@Nick P, Anura and Vamp2
FLOPS measurement are not the main marketing in cryptographic products especially HSMs. In fact crypto-operations per second are the measurement units.

The Thales and Safenet HSMs advertise themselves by the number of RSA operations (modulus exponential) on a 1024 bit RSA per second as their baseline specifications although the more appropriate baseline should be validated against a 2048 bit RSA in current standards.

A measurement of network throughput for cryptographic products may not be accurate due to some products being attached devices instead of network-based HSMs. Even for network-based HSMs, the speed of the network maybe due to datalinks in datacenters and do not accurately speed for the hardware speed of crypto-products.

David July 12, 2014 12:39 PM

@ Wael

  1. Commercial companies should publish the designs of their entropy sources for public analysis of their strengths and weaknesses. This could be done in the form of a paper with academic analysis.
  2. NIST should hold an entropy source competition in the same way they did for AES and SHA3 so that a publicly available design with publicly available analysis can be used by anyone.

Thank you for the link to the other posts. I will need time to read over it.

What “other factors” do you have in mind?

Czerno July 12, 2014 12:51 PM

@Joe K , re : bitcoin – waste of energy etc.

Thank you for providing relevant, useful links. I haven’t had the time yet to fully read even less meditate, just wanted to let you know I have noticed and appreciate your hints.

Dave July 12, 2014 1:29 PM

Portable version of Libressl released last night!

For those running Linux/*BSD this should be a drop-in replacement for openssl.

Alex July 12, 2014 3:08 PM

Just in case something is going wrong with this board… is there a second option?

Bruce Schneier July 12, 2014 4:43 PM

“Recently, it seems your blog post titles have become more sensational. Have you hired someone to compose titles for you? Can you explain (or perhaps you have already explained elsewhere)?”

I explained in the previous post.

Bruce Schneier July 12, 2014 4:45 PM

“Can’t say I’m a fan of your blog titles as of late. They keep triggering my mental ‘ignore this article because of its sensational title’ filters and it confuses me when combined with my ‘Read this article because I trust Bruce Schneier’ filter.”

This is an interesting reaction to the titles. It’s interesting what sorts of signals we use on the Internet to determine trustworthiness.

Bruce Schneier July 12, 2014 4:45 PM

“What’s with all the clickbait headlines? I thought the first few were a joke but it’s been continuing all week. I’m about ready to drop you from my RSS reader…”

Jokes last a week. It’s a rule from somewhere.

Bruce Schneier July 12, 2014 4:47 PM

“Isn’t Bruce supposed to provide a squid related post on Friday? Would this be the first time he has not done so?”

It is amazing me to me that someone uses the week’s squid post to assert that there is no squid post this week.

Bruce Schneier July 12, 2014 4:48 PM

“Heard a rumour that Bruce has been arrested. Can anyone verify?”

Did the rumor include any information about charges?

Bruce Schneier July 12, 2014 4:49 PM

“Just in case something is going wrong with this board… is there a second option?”

Actually, I’m curious too. What other security blogs do people read?

DB July 12, 2014 5:10 PM

@ Dave, Jacob

Great news about Libressl… of course there are a few issues still, that’s to be expected with a brand new release of something… but this release happening so soon is a good sign about our future, when the issues are all ironed out.

@ Bruce

Glad everything’s ok, most of the other security blogs I saw so far were not remotely as active as yours so I quickly got bored of them.

Since people are asking where the squid post is in reply to the squid post, can I ask where Bruce is in reply to Bruce? Or is that just going too far 🙂

Nick P July 12, 2014 5:17 PM

@ Bruce

“It is amazing me to me that someone uses the week’s squid post to assert that there is no squid post this week.”

I thought the same thing. Epic burn haha.

Wael July 12, 2014 5:26 PM

@Bruce Schneier,

It is amazing me to me that someone uses the week’s squid post to assert that there is no squid post this week.

Yea? Were you as amazed when you found out the misplaced house keys you were looking for were right in your hands?

Wael July 12, 2014 5:31 PM

@Nick P,

I thought the same thing. Epic burn haha

Stop it! I already gave myself another -1. Besides, I could have very easily wiggled out if it (instead, I admitted I made a mistake)…

Figureitout July 12, 2014 5:55 PM

Tiny Practical Idea to Avoiding Poisoned Deliveries
–This doesn’t address chip-level corruptions, merely avoiding unwanted “add-ons” and “code injections”. Also doesn’t defend against hidden backdoor in all products worldwide or some sort of physics problem. Those problems are bigger than any individual, which means you can never be 100% sure about your hardware, there’s too many tests to run these days. Doesn’t mean we won’t stop trying or get reasonably assurance…Anyway, go to a local hamfest.

If you feel like this for whatever reason; hopefully you have a back-up somewhere that you go to only in emergencies…If you can find the information to search out a hamfest in meat-space that’s best, otherwise basic OPSEC like your usual TOR browsing via liveCD in a location out of your usual routine, w/ the only identifying info ever put in the machine being location and maybe interests.

–It’s a small slice of electrical heaven, parts galore, books, old antique equipment. Importantly, you can pick up old computers that while they may be infected (likely have been), some will still be old enough to give you some assurance that the hardware can’t do much in the way of keeping a cache of neat files of all computer activity and then spilling it out on some hidden band w/ a hidden digital modulation scheme. It’d be more likely to electrically spew it out in real-time but from what I’m seeing could be shielded pretty easily and pretty well (more on that at a later time). Another [high] risk is the computer not working, for newer computers you can verify that it at least boots up there on the spot, likely have Windows more than anything else; for some older ones like what I bought today, not so much. Sometimes it’s so cheap that the risk really isn’t that great if someone just scammed you…

–Most payments are done via cash (maybe even bartering in some cases) and there’s no record of the transaction besides someone secretly filming it or satellites overhead. More likely the info will be spilled out via the web-searches you do later if you’re troubleshooting/having problems…

/Shout out to Nick P/
–In addition to a laser and a clip-board holder for soldering, I picked up 3 computers today (I have a problem, I know), w/ only one in working condition…The Compaq Armada 1571DM, this is a laptop made right w/ so many ports! DB9, VGA, IR(!), PS/2, USB, CDROM, Mic/headphone, PC card, Phone, Floppy, and something I don’t know. Has a charged battery but they didn’t have a charger! Grr, and it’s not a usual charger, this three pronged dealio. Initial BIOS bootup isn’t normal w/ at least flashing some graphics of what’s going on. Just WinXP (likely wipe and put some linux or maybe this will be my openBSD computer. Pentium MMX processor, 64 MB(!) RAM…Oh well lol. And man someone funny left some things on it though, I can’t decide if it’s Vicki, Gary, or Debbie’s computer! Having some difficulty finding info on this computer though.

Also, and here’s were the shout out comes into play (get your lips ready haha :p). Got 2 TI 499/4A computers for $10! Now I have no clue if they work yet so that’ll be a letdown if they both don’t boot up. It’s a pretty legendary computer, lot’s of people’s first personal computing experience. It was the first 16 bit PC. I believe I’ll have to hook up to an old TV to get a screen working for it, may have one. Need some of those cartridges, especially the speech synthesizer, that robot voice is too cool! Just had to rip it open and sneak a peek at the main board and it looks like it has a UV-erasable EPROM! So I closed it pretty quick so I don’t screw the ROM, most of the board is shielded but I’m sure this thing leaks RF like none other. Pretty neat layout though, intuitive.

But…here’s why I’m pinging you…guess the OS..TI BASIC!!! Have a sudden craving for some breast milk? haha :p Doesn’t sound like people enjoyed programming on it due to the “double interpretation” slowing it down too much. TI eventually gave up in the PC business after this though. 🙁

Anyway, thought you’d enjoy that. Popular w/ games too. And even Bill Cosby liked it.

Nick P July 12, 2014 6:48 PM

@ Wael

I didn’t know it was you that posted it. I was skimming through them. My bad haha.

Incredulous July 12, 2014 7:41 PM

Bruce Schneier Spotted on his own Blog!! True Crypt Authors Still Missing!!

Wael July 12, 2014 8:33 PM


What “other factors” do you have in mind?

How the RNG is used, how reviewers can be fooled, shielding, subversion, other topics that were discussed whenever “entropy” and “randomness” were brought up, etc…

Jered July 12, 2014 10:44 PM

MikeA: “Been keeping aloof from the “discussion” about the titles, but I gotta say that most of the complaints come from non-frequent (in some cases totally unknown) commentards.”

I don’t typically comment on blogs unless I have a specific thing I want to say to the author; I don’t find them conducive to conversational communication.

ismar July 13, 2014 1:14 AM

The emphasis was on Bruce rather than squid and it was deliberate. Just wanted Bruce to come out and write a few lines and tell us all was well.
Ultimately, however, we can never be 100% sure who is behind a blog but Who matters less than What is said.

CallMeLateForSupper July 13, 2014 6:02 AM

@Bruce Schneier
“Actually, I’m curious too. What other security blogs do people read??

There are others? 😉
I get my “miscreant” and “reach out” fix from B.K.

TRX July 13, 2014 6:15 AM

The Compaq Armada 1571DM, this is a laptop made right w/ so
many ports! DB9, VGA, IR(!), PS/2, USB, CDROM, Mic/headphone.
PC card, Phone, Floppy, and something I don’t know.

That sounds like my old Alienware laptop. which has all of the above, plus Firewire and double PCMCIA ports! Not to mention dedicated music player buttons, which probably did something with the original customized XP load.

Its IR window is on the side, which would seem to limit its usefulness… I never figured out what it was for. Back in the ’80s a handful of machines (not just the PC Jr) had IR ports in the front, for IR keyboards or mice, but that wouldn’t seem to be useful on the laptop. In the early oughts IR ports came back for a while, though nobody seemed to say what they would be good for. I’m guessing it was just a capability of whatever I/O chipset they used, and they added the external bits to use as a tickbox for the marketing department.

Herman July 13, 2014 6:34 AM

The IR ports were useful if you used your laptop as a media player and wanted to use a remote control with it. Of course, that only worked on Linux.

Snoop Lion July 13, 2014 6:51 AM

BadBIOS Is Real!

I’ve taken a standard PC, freeware Audacity, and manually generated both Morse Code and Binary data in a simple .wav file using 20kHz – 22kHz “sound” with some fade in/fade out to clean up ‘tics’. When played you cannot hear it (the dog goes nuts though). I then used my iPhone and a sound spectrum analyzer (free app) and monitored the inaudible frequencies.


A partition type virus combined with modem type software (but modified to use inaudible sound) could easily perform communication between PCs.

Incredulous July 13, 2014 8:25 AM

I spend my time debugging systems. I have learned that any symptom ignored eventually comes around and bites you on your ass.

A community is a system too. When something strange happens, like the appearance of those incongruous headlines, it is worth paying attention to. There is a lot of strange sh*t going down in our world. Bragging about ignoring symptoms does not impress me.

Mark T. July 13, 2014 8:58 AM

@Incredulous – are you referring to the disappearance of the Malaysian Airlines Flight or to the BS blog instability?

Figureitout July 13, 2014 9:25 AM

You can have the breast milk by yourself 🙂
–Aw, alright. It’s no fun alone. 🙁

–Yeah it’s double PCMCIA ports, they have different names like PC card, I don’t know. But there’s all kinds of adapters you can get, for instance programming a radar via an RS-232 to CANbus adapter.

It looked like this may have been the factory version of WinXP as it had an IR program but I didn’t try it yet. I want to wait on a power supply (I assume it doesn’t take straight 120VAC) instead of it crashing from no power.

For the IR, I want to use it to see why some EMSEC standards don’t allow any IR ports on a certified computer. Which must mean either leaking unacceptably or can receive injections of sort that may write somewhere bad. Another aspect of IR comms (not sure if it has transmit and receive LED’s, surely it does) was being able to set your computers back to back and send files. But it’s so much easier now just doing USB or hosted somewhere or emailed; so yeah not exactly practical today (not to mention problems w/ sunlight, and the short range).

Snoop Lion
–I guess the next step is see what the range is on the comms, does it go thru walls/doors, and how about audible shielding like sound proofing w/ foam? I swear I heard some morse code one time from a PC…I can hear those frequencies I guess or near them, I hear all kinds of crap, inductors on PCB’s, other stuff I don’t even know. Can’t wait til my hearing gets worse.

But anyway, yeah this is a nightmare for sys admins of computer labs that have rooms of PC’s like <1 ft from each other…the virus would just spread like a sound wave…

mj12 July 13, 2014 10:26 AM


This is an interesting reaction to the titles. It’s interesting what sorts of signals we use on the Internet to determine trustworthiness.

It is also interesting how are these signals developed and how someone could abuse them.

Bruce Schneier July 13, 2014 11:24 AM

“Russia created its own OS for a new military tablet which ‘uses completely open certified code which eliminates the possibility of having hidden channels for data transfer.'”

Do you think anyone will trust it enough to use it?

Skeptical July 13, 2014 12:15 PM

@Alex: Russia created its own OS for a new military tablet which “uses completely open certified code which eliminates the possibility of having hidden channels for data transfer”

At least they’re not describing it as a “disruptive innovation.” Though if they did, it would increase their chances of attracting investment from VCs in Silicon Valley.

In fact, I’m fairly certain that an entire conversation could be had between the Russian Government and some VCs in which each side used the same words to mean completely different things.

VC: “So you think this will be truly disruptive on the American market?”

Russian officer: “Incredibly disruptive, my friend, such as you have never seen before.”

VC: “Dude! So, we’re talking nuclear disruptive? Awesome! Let’s try to model some of the numbers on this spreadsheet – what do you envision as ‘ground zero’ so to speak?”

Russian officer (nervously) : “Er, no, nuclear is not in Russian intentions and we have a longstanding commitment to strategic balance with-”

VC: “Sure sure, I understand, can’t rock the boat too much without making some in mother Russia a little sick.”

Russian officer (relieved): “Yes it would be destabilizing for everyone. We envision a more targeted approach aimed at enabling access to previously denied areas.”

VC: “I see! This is something that will really tear down the barriers around the walled gardens. And then once they’re exposed-”

Russian officer: “That is closer to what I mean. You see, this circuit here-”

VC: “Dude, circuits, gates, got it already. What you’re telling me is that this thing can be shipped across protective moats and open up everything on the inside to players like you.”

Russian officer nods furiously.

VC: “So we just need to make sure this gets to the right people at the right time, am I right? This has to be a precisely coordinated campaign.”

Russian officer: “Yes, because if the opposition were to take early countermeasures-”

VC: “Down in flames! Seen it a thousand times. Missiles away, all’s well, system’s green, and then they’re shot down before they’re even close. But, honestly, the way we fund things, a few always get through. And that’s all you need if the payload is big enough, am I right?”

Russian officer: “We are interested in this area as well, if you have anything you would like to share.”

VC: “Really? Well I’ve been thinking about sharing some of my insights. For fair compensation, naturally.”

Russian officer: “Oh, naturally. You would be taken care of.”

Benni July 13, 2014 12:44 PM

You seem to have something against russia. Have you lived there actually? Or do you just watch the american propaganda on cnn which is similarly funny than the russian propaganda on russia today?

By the way, the americans have around a dozend spies working in the german government. Mostly in the ministries for defense, economy, inner politics, and development.

But for the spies in the berlin embassy, life gets a bit less relaxed since they are being observed by german agents during their daily work…..

ko July 13, 2014 12:54 PM

Astra linux is certified for Russian government use and consequently much more trustworthy than software produced by communities that NSA can infiltrate. I use it in preference to Debian or RHEL. The Russians’ threat model aligns perfectly with ours: NSA. The Russians don’t care about blackmailing us as NSA will.

Clive Robinson July 13, 2014 1:12 PM

It’s holiday season for many with their annual two weeks abroad etc.

And as normal many want to photo “the sights” like monuments and public art works to remined them of their time and to show to friends and relatives. Just don’t do it in the US near Boston… that is unless you want the FBI interviewing your neighbours and otherwise making a nuisance of themselves,

Gerard van Vooren July 13, 2014 1:15 PM

About this Russian certified OS. I don’t know. Not that I don’t trust them or not, that’s not the point. I have technical issues. They use a modified Android, which is a Java stack on a Linux kernel. By now, I have given C up to be ever trusted. Add to that the networking stack (OSI model) and the hardware.

I think I trust Russian Roulette more. At least Russian Roulette isn’t certified.

Skeptical July 13, 2014 1:23 PM

@Benni: You can insert whatever government you’d like in the dialogue. The humor is aimed more at the VCs than the Russian Government.

Does CNN cover Russia? I assumed that they would be busy covering vast expanses of the Indian Ocean until the missing Malaysian aircraft is found.

Nick P July 13, 2014 2:02 PM

Re Russian OS

It’s just like China, France, and so many others that harden a Linux/BSD OS. Firmware, drivers, kernel, and key libraries have track record of vulnerabilities so it’s not secure. It’s something they control from hardware up and with no foreign dependence so that’s the real reason they trust it.

It’s not secure unless it’s designed with an EAL6-7 development process from ground up. No NIX system on the market is like this or even could be that I’m aware of. So it’s not secure: just Android with bandaids. End of story.

sena kavote July 13, 2014 3:13 PM

Most kinds of software could have encryption naturally integrated in file save menu. For example, GIMP could have an option to save the image in encrypted form with high or medium security key lenghts. A text editor like gedit, msword or kate could have only high security option for encryption. Video encoder or video downloader like clive or youtube-dl could have more levels of security and algorithms meant for CPU, GPU and ASIC.

If the encryption option is wanted to be bit like easter egg but not quite, then it could be listed among the file formats (jpeg, gif, png, encrypted… ) . If “encrypted” is selected, then the file format is asked again to know the encoding before encrypting.

Even games can encrypt their save game files or network packets in multiplayer from client to server or in-game chat between players end-to-end via the game server. Game’s huge datafiles could be encrypted during installation. There is some reason to store as many files as possible in an encrypted form with even a symmetric key that is attached to the file, because if the file is deleted and the key gets written over, then there is some unrecognizable data for giving excuses etc.. This can be seen as a lighter option to full disk encryption or extra security for encrypted partitions.

Few encryption algorithms in a program like gimp are better to be from statically linked library functions, not some .lib or .dll, because then the attacker would have to attack more software.

name.withheld.for.obvious.reasons July 13, 2014 5:21 PM

Irrespective of the layer beyond the storage of energy (cap or battery), the problem I see rests in all hardware first. Consider the laughable secure supply chain, the number of opportunities to lay in wait on an SMBus or SPI interface from AD, Freescale, TI, or any of another dozen OEM manufacturers that have source agreements with, for example GD (generous dynamics) or SAIC and its game over. And that’s on sourced non-consumer grade platforms. I’d just sit in Taiwan and cash some payola and my work is done. Complete audits through to PCB assembly are few and far between. Best bet, discretes and low level step-wise builds.

And I believe Nick and Clive understand the rigor required to achieve what I suggest–especially outside the context of “big business/gov” shops. TEMPEST qualified “systems” are not as robust as one would believe–been there done that on a SAT platform. The stories are down right unbelievable–so is the reality. I believe ever aspect of platform and systems development needs to be reexamined. We should learn from our past, repeat what works, and get creative in proving that robust systems are both possible and practical. For decades all I’ve achieved is the ability to own the t-shirt “I’ll f(x) U up!” and “I told you…but nooo…”

Iffy July 13, 2014 5:29 PM

@Alex TrueRNG sets off all kinds of warning flags.

U.S. hardware RNG makers can be compelled to insert NSA backdoors. The BULLRUN documents reveal the NSA has the means and motivation to do that.

The vibe of the website is all wrong. It looks like a JTRIG operation aimed at individuals seeking to protect their privacy. Possibly it’s psychological subversion in the form of a product offering. Or perhaps it’s a honeypot for collecting names of people who should be targeted for special collection, just like Tails users or readers of Linux Journal.

What it would take for me to trust a hardware random number generator is complete schematics, source code, testing history, and components that can be validated in isolation. Anything inside a black box naturally fails to qualify.

Nick P July 13, 2014 5:34 PM

@ Alex

Worthwhile depends on your needs. Are you needing a large amount of random numbers per second? Are you wanting higher security over existing RNG in system? Are you worried about regular black hats or TLA-s like China/NSA?

For speed, Intel, VIA, and many others have them built in. Security and speed benefit if you use a CRNG as only need a little initial seed then plenty of numbers. If worried about TLA’s, they might subvert one of these and you’re better off hiring local EE students to build one for you following good instructions. And combine several methods too for them.

This product might be fine for boosting RNG performance. Linux RNG is decent, especially if stretched with a CRNG. Honestly, the RNG is rarely the problem when you get hacked unless you use shoddy crypto libraries.

Daniel July 13, 2014 6:25 PM

Bruce Schneier • July 12, 2014 4:49 PM

“Just in case something is going wrong with this board… is there a second option?”

Actually, I’m curious too. What other security blogs do people read?”

Honestly, your blog is the only security blog I read on a regular basis. I do read Krebs on Security from time to time; I do not read him regularly because his focus is more narrow than yours. Other than that unless you or Brian link to it I don’t read it. I don’t have time.

Clive Robinson July 13, 2014 6:44 PM

For those contemplating building their own TRNGs, we’ve discussed it before, and though it appears easy (reverse biased PN junction) it’s actually very hard and requires a lot of knowledge to get real unbiased entropy.

It’s not just the circuit it’s the components as well because Caps can be inductors and like resistors have series inductance and parallel capacitance giving them a frequency response etc. Then there is how you deal with external electrical and magnetic noise, thermostats, lighting and other equipment make. The magnitude of this in the equipment wiring can easily exceed by a decade or so the actual real entropy noise. Then there are active EM attacks as a couple of researchers at the UK Cambridge Labs found and published, even unmodulated EM carriers can take the entropy of a 32bit TRNG from a respected comercial manufacturer and reduce the entropy fom around four billion down to less than two hundred which makes a brut force search trivial… There’s a lot you need to know above and beyond most normal design requirments, and not many people are upto the job.

princeton July 13, 2014 6:57 PM

We use Quantis devices in the server. Remote devices are shipped preloaded with TRN data. In the field they request more from the server and XOR the old and new.

AnonymousBloke July 13, 2014 7:21 PM

I found this story interesting on the NSA, BND, US, Germany “double agent” situation:

Specifically, so the guy emailed the CIA to “walk in”. And he was not caught. Let us assume here he decided to use a webmail client to do this.

Then, he emailed the Russians to “walk in”. And he was caught because of this email. In fact, the way he was caught is very interesting. They intercepted his email and replied back to him posing as the Russians.

This reminds me of the old days of nations video taping the entry way of embassies.

  1. Did Germany compromise a popular, or multiple popular, email web clients?
  2. Is that capacity to stop emails and parse them before they are relayed? Say, to a prime target, such as to the Russian authorities?
  3. Was it a crypto or otherwise privacy oriented webmail client?
  4. As this catch was a success, one may consider how many other countries consider such activity as critical.

What would they do without the capacity to catch such emails?

Might they consider it important to see:

  1. what IP addresses in their country are connected to the client? During specified time ranges? And keeping indefinite logs of this?
  2. to have the capacity to mass target specific target email addresses, such as the primary tipline email address to say, the Russian authorities?
  3. to be able to profile who is sending webmail to a variety of targets, such as the Russian tipline?

Would countries be inclined to ensure they can do this even if it was highly illegal for them to do so?

And how would they go about skirting their own laws to have such a tap?

Would there be collusion with people at these companies? Maybe they have people that they hire out for such assignments? Or would they be careful to simply try and start relationships there? Maybe they would simply relay on illegal compromise?

Benni July 13, 2014 8:13 PM


Generally, BND is allowed to snoop on any communication within germany that is under 20% of the network capacity of the provider. Now the provider usually has a network capacity high enough that 20% of it is the provider’s maximum load. This gives BND the capability to search through 100% of all german communication.

And they do this. That BND makes a full take was admitted by the german government: “Hierzu fordert der BND gemäß § 2 Abs. 1 S. 3 G10 in Frage kommende Telekommunikationsdienstleister auf, an Übergabepunkten gemäß § 27 TKÜV eine vollständige Kopie der Telekommunikationen bereitzustellen.”

in english:
“For this, BND demands, according to article 2 paragraph 1, sentence 3 G10, from the telecommunication providers in question to provide a complete copy of the telecommunication data at the handover points according to article 27 TKÜV.”

the telecommunication providers in question are, according to the government all those which have a foreign bridge head. But BND also makes its full take on entirely domestic providers:

As to what communication the german BND monitors:

Well, the world’s largest internet node is called de-cix and located in Frankfurt, germany. Currently, de-cix has a maximum load of 3.4 Terrabit/s.

That the internet exchange point de-cix is among the providers that are forced to provide a copy to BND was admitted by de-cix operators to the german computer magazine C’t:

So it is no wonder that there is a strange coincidence between the maximum load of 3.5Tbit/s at the world’s largest internet node de-cix, and the NSA’s project Rampart-A, which is advertised as having a network load of “more than 3 Tbit/s”:

That is probably why the NSA and BND have founded their merger called JSA, whose sign is an NSA eagle behind a german flag:

Now we come to this russian embassy:

the provider deutsche telekom has a foreign bridge head and therefore, BND demands a full take of all communications, according to the german government.

And if you look up the provider name for the russian embassy in germany, you will find that it is “deutsche telekom”.

In one of the links above, the german government says that the technology of BND is able to decrypt email, ssl and voip “depending on the strength of the encryption”.

Der Spiegel writes that the email from this BND double agent would have been sent un-ancrypted via google mail.

So it maybe that they monitor the emails from the russian embassy.

But DER SPIEGEL also writes that the germany’s domestic service would have human contacts inside the russian embassy, thus leaving it unclear, whether the germans have found this email via a human contact or whether they intercepted it.

Actually, it would be quite likely, if their russian friends would have given them a tip here.

DER SPIEGEL says that one of the documents was about the german parliament’s NSA investigation comission. Another document would be about german investigations on a second suspected CIA agent.

Now why would the russians want to spy on an NSA investigation comission? Or what would they want with information about investigations on a suspected CIA double agent in a german ministry?

DER SPIEGEL writes that after the email from the CIA mole to the russian embassy, the germans answered from a faked russian email adress.

But why did the russians not answer his call? If they did, that would be interestinf for german services, since then, they could also throw some russian agents from german soil. But apparently, for some reason, the russian embassy did not answer the email from the CIA mole…

This makes it very likely that it was in fact the russians who just have forwarded that email to the german services, which then started their investigations.

From this point of view, their next action makes sense: They asked around at other services, if they had earlier contact with this man. The agencies who did not have contact with the mole would immediately answer a polite No. And when they ask the right agency, the mole would get noticed and react somehow, for example by deleting his email account. And so it came out that the mole was under american contract…

But well, the americans apparently have several agents placed at german authorities.

For example. the german chancellor Willy Brandt was a payed CIA agent once:

With SPIEGEL noting that: “the CIA did this with many politicians in west germany, with social democrats and christian democrats. It was cold war…”

Seems there has not much been changed since….

Nick P July 13, 2014 9:51 PM

@ Figureitout

I appreciate the mention of the hamfest. I didn’t know that term so it might help me find interesting things in the future. 🙂

So, 2 out of 3 of them work? What a steal. 😛 The ports are nice. Pentium and 64MB is adequate if you trim the fat of whatever you put on it, do Linux From Scratch, or something else like that. Always alternative OS’s like Haiku, KolibriOS, or Oberon/A2 that use little resources. Just remember it can’t connect to the Internet or have wireless on. Keep external connectors off in BIOS if possible, only turning them on when moving data into the system over CD-R’s or IR port. Must be non-DMA or read-only medium. And keep backups.

“Got 2 TI 499/4A computers for $10!”

I only did the calculators. But I did program in…

“TI BASIC!!! Have a sudden craving for some breast milk? haha :p Doesn’t sound like people enjoyed programming on it due to the “double interpretation” slowing it down too much. ”

It’s a nice start language. You can get plenty of utilities done in it. If the TI systems support calling C or assembler stuff, you should be good as you can do stuff in both languages. You should also be able to port Forth or an Oberon to that. Even Lua, perhaps, as it’s pretty easy.

And I don’t do breast milk. The beer I’m holding is much more satisfying. And cold. 🙂

@ Clive Robinson

“This might be of interest to you,”

What jumped out at you? I assumed they were working together because… they’re always working together and both are in the leaks. I’m just surprised we haven’t seen a bunch of trumped up prison sentences, esp in U.K. where I’d imagine greater police power would make it easier.

@ Princeton

Thanks for mentioning Quantis. That they’re Swiss, certified there, and used in gaming gives some assurances for them. That most of their products max out at EAL4 development process and this isn’t security evaluated at all leaves some risk there. There’s a definite risk of subversion as usual with almost any close product. There’s also risk of tampering with the device due to unknown security properties. That it’s a Swiss group in Switzerland funded by a Luxembourg firm might reduce odds of subversion by U.S. and partner countries. Might.

Figureitout July 13, 2014 10:13 PM

–BTW, I didn’t just cut my post off at the word “like”, I haven’t changed anything on my end and never had any problems posting (besides some explicit/html-wierd stuff lol). I’ll try another browser (eventually) like you suggested and well…as I’m sure you’re aware I have some issues w/ my router (and modem) and a lot of computers, even this USB stick I’m running off of now…So perhaps it’s an issue on my end, sorry can’t give a good diagnosis of what the hell is going no.

Alex RE: RNG’s (true or not)
–While I’m sure it’s handy, I wouldn’t trust a covered USB-stick. At least make them transparent, they even look cool too and you can do at least more visual verification of the stick. RE the thing could be enlightening…

So, if you really want some good “random” numbers, you need at least a shielded room. Shielded rooms are no trivial thing, there’s still particles that no one can even possibly prevent from going right thru you and the earth…If you don’t care about EM injections (in all honesty, the “game” is usually up if someone is consciously injecting signals in your circuits, at the very least you could detect it and spew out some sh*t right back).

But anyway, to be practical. Some people (ie Clive Robinson) have unrealistic expectations and think everyone has their own physically secured lab (24/7), then it’s shielded, everyone operates w/ a security-mindset from the initial shovel digging ceremony. The fact of the matter remains, anyone is more than welcome to try and guess the output of my homebrew entropy, but it’s a f*cking waste of your time. It won’t make a lot of randomness nor be converted to digital data very easily but the entropy remains. I say continue investigating w/o unrealistic building standards for the sake of learning at your own pace…

Nick P
–Well well well, so you decided to respond. I thought I “touched a nerve” or something…I guess you were too busy feeding (I’m joking again, only joking lol). Seriously, why did you not get into radio? Especially being out in “the boonies” as you’ve mentioned. Must’ve been the hardware that scared you off…Or just a person’s hobbies they like, meh.

But so far only 1/3 works…And I want documentation on the laptop so I don’t guess and end up blowing something up feeding it the wrong voltage…I’m not checking/working on those TI 499/4A’s until I’m done w/ at least a prototype of my computer too, I really have problems w/ distractions. A hobby I just discovered in myself is breathing new life into old machines, I just like it, always liked history, so I couldn’t resist those vintage computers, even if they don’t work. I just need to get my dedicated work computer (w/ external HDD I keep w/ me) set up and I’m reworking my lab which will be nice and organized (to me lol).

You should also be able to port Forth or an Oberon to that. Even Lua, perhaps, as it’s pretty easy.
–That would be cool, probably done if you’re saying it’s easy.

The beer I’m holding is much more satisfying. And cold. 🙂
–Hah, I’ve got a whiskey and beer combo going on right now. :p

Figureitout July 13, 2014 10:33 PM

RE: finding the right voltage level on an undocumented computer
–Bah, I think the best thing to do is to step thru the “standard” voltage levels (starting at 3.3V) until one operates stable if I can’t find anything. So I’ll stop crying about that, it’s a non-problem now that I think about it.

Figureitout July 14, 2014 12:01 AM

Moderator (one more thing)
–The tiny spam CAPTCHA has actually worked pretty well so far from what I’ve seen. Spammers have to resort to manual methods more so (haha they can finally see what it feels like to work). Vastly reduced the [visible] spam here…so far.

Actually, I’m curious too. What other security blogs do people read?
–Like others have said, occasionally I go to “crebs” site, but it just doesn’t compare to yours at all. The comments are generally crap and derpers offering no info or generally crappy reading and completely out of order due to the system he uses. Seriously, you use a more “procedure” system where the comments show up linearly in order, whereas he uses a “reply to reply to reply” system where you have to read everything to find the new comments. It sucks.

I say besides yours, offers a lot of quick security news but is generally software/web-focused (hence, “netsec”). I honestly don’t read a lot of sites anymore consistenly anymore as they mostly all suck, unless you consider a security site (it can be…). I search for the rest of my reading and books, experiments, and work take up most of the rest of my time.

Clive Robinson July 14, 2014 12:24 AM

@ Figureitout, Alex,

I don’t have a downer on people learning, in fact the opposite.

What I do have a downer on is people getting hurt, especialy for no good reason.

When I give advice here I have to favour the latter over the former, and assume people want to build TRNGs not for fun and learning but for a real security endevor.

Building “Secure electronic TRNGs” is harder than designing just about any other form of electronic circuit, and I see professionals get it wrong on just about every occasion. Go to the Cambridge Labs website and look up the name of the manufacture of that TRNG they fritzzed with “just a bit of RF” then consider what other security related electronics are susceptible to RF? Those TAO emmiters are suitable for one heck of a lot more than just “RADAR bugs” you see in the catalogue…

name.withheld.for.obvious.reasons July 14, 2014 1:10 AM

@ Clive Robinson

Go to the Cambridge Labs website and look up the name of the manufacture of that TRNG they fritzzed with “just a bit of RF” then consider what other security related electronics are susceptible to RF.

Over a decade ago worked with a physicist in Cambridge. Meet at a Marks and Spencer’s out of chance (must have overheard my merican accent) and had several follow up meetings. The project is one on all the IC’s wish lists and I’d written a project proposal–took three months to get them to read it. What I’d proposed was of greater scope than anticipated by others. My quest had to do with causation–the raw science–and I found a way forward. After another three months they’d realised the value of the project proposal and then exclaimed that it was of greater scope then they’d believed (duh).

I’d ask my physicist friend repeatedly if he knew of the applications, and, if he was MI6…no answer(s). My work did however catch the interest of Brian Jospheson at Cavindish. Still would like to revisit that project and my proposal, the science is just simply fascinating. And I do enjoy Cambridge, used to have over 10 book stores in the city centre. And, if you get a chance visit the Unitarian church near Regents street. Had tea and crumpets with the former director of the CIA at Kathern’s College, at the time he seemed more informed by history. Know he sounds like he’s informed by a payment system. Not brave enough to stand up in a canoe.

I so think the CIA is running Amazon. My experience with them has generated events that exceed near astronomical odds–repeatedly. My theory is that they “message thru” the place. Ha ha, my reverse psychOP is working. Where’s moose and squirrel? Brits pronounce that word so strangely–it’s tedious. Not the Brits, the word squirrel.

Wael July 14, 2014 1:14 AM

@Clive Robinson, @Mike the goat,
This link might be of interest to you 🙂
Found it by reading @sena kavote’s comment! Goats are smart, eh? Clive the goat, too? Small world!!!

Thoth July 14, 2014 1:34 AM

Re: TrueRNG
What is the algorithm they use for their randomness and their sources of randomness ? What is the circuit board design they use ? What are the firmware/software they run on ?

Lots of devices advertise their capabilities and should not be trusted at all unless they reveal their internals openly for the public to inspect at will.

Regarding the use of transparent cases for hardware should be the industrial standards due to the base reason of trust. In the age of mass surveillance, a transparent tamper evident/resistant case allows you to inspect the hardware visually but visual inspection may not be foolproof so on top of a transparent casing, a documentation of the circuit, firmware and software should be easily accessible as well. Allowing users to securely side load their firmwares (if they don’t trust the hardware manufacturers) would also be a good idea.

Clive Robinson July 14, 2014 1:35 AM

@ Nick P,

What jumped out at you? I assumed they were working together because…

Because… it takes it a step forward from assumption towards proof.

As you are aware most people take a good few knocks on the head before they see sense, whilst others will still demand proof that water is wet when they are drowning in it.

The FOI results provide a “good knock” when having discussions with those open to see sense. Sadly they are not “absolute proof” beyond any measure some around hear would demand, not that they would believe it if POTUS stood up and admitted it, they would still be demanding “more evidence” as they sink from view 😉

Clive Robinson July 14, 2014 2:07 AM

@ Wael,

On looking at the picture two things come to mind,

Firstly, I’m more cute than the goat and have a better looking beard (I’m my eyes atleast 😉

Secondly, the ghostly image in the clouds looks like the seat to a camping chemical toilet that “goatsie” might well have used.

Further, although they explain the admirable qualities –some of which I share– that made them use a goat, they did not say why they named it clive…

Clive Robinson July 14, 2014 2:54 AM

@ Name.withheld…

It’s a few years since I’ve been to Cambridge town center,I used to cycle up there to see friends, but they have moved on to other nations and for medical reasons I can’t ride my bike any more, and even though the UKs public transport is usable, the cost is I’m told the most expensive per mile than any other nations (even more expensive than “first class” on aircraft flights…). I also used to visit Oxford on a regular basis and at one point was up there most weekends, often cycling up on a Friday evening and back early on the Monday morning in the summer. Both cities were pleasing on the eye around the Uni’s and old town centers and had quirky places to see. The furthest I cycled in a day to visit friends on a regular basis was Birmingham “to grab a curry”. But as a place it had little to recomend it unless you are into “70s industrial wasteland”.

name.withheld.for.obvious.reasons July 14, 2014 6:20 AM

@ Clive Robinson

Birmingham, who’d choose to cycle to Birmingham (he asked rhetorically)? Just outside Birmingham I visited a ancient hamlet and was instantly outed by the locals. Thinking that I was the average merican the conversation was confrontational in order to hear me speak in ignorance–but alas poor York–they were surprised that I am versed in European history. It was as if they were picking a fight–having completely taking them by surprise I jumped out of the rabbit with Sir Gallahad (or was it a badger). They were so impressed that they invited me into their personal circle/relationships. A great time was had even if we could nearly see Birmingham.

Spent quite some time in England, the number of pubs in Ox-Bridge and London. Do have to say some of the most enlightened conversations included several pubs in Cambridgeshire. One, the Eagle, is a well known expat establishment. A scientist friend and myself had interesting discourses–did you know about the QE ship insurance scandal? Seems the wrong boat sank (if you had asked the Lloyds adjusters).

Besides Heffers, Gallaways was a truly British book store. I crawled them voraciously, the breath is fantastic and feeds the most ardent intellectual traveler. It was alarming to see Borders move into town–seemed to be a capitulation to the “popular” culture irrespective of how ignorant or trivial.

At one point I was introduced to the GCHQ honcho–talking about the virtue of silicon fen (or fein). Even had a friend at 10 downing suggest that I go “international”, meaning I should have a UK presence. My problem, financial expediency rarely knocks on my door and I don’t really miss its company. Can successfully avoid the intellectual capture/hypocrisy and still find something to eat.

James Woolsley used to know recent middle-east history (at least the last six hundred years) but of late seems to be orthogonal to the “group think” narrative.

Oh, and in the UK I know people understand my t-shirt:

U + 1 < 0

Princeton July 14, 2014 7:42 AM

Stop it. It is impossible for any algorithm to produce true random numbers. It doesn’t matter what HW it is executing on.

There is no such thing as a random number. There are only processes from which a properly designed extractor can produce true random numbers. And such a process DOES NOT mean an algorithm.

Clive Robinson July 14, 2014 9:14 AM

OFF Topic :

Some of you may be aware that fairly recently the European Court of Justice pretty much shot down in flames the EU data retention legislation

Well in the UK the Government is trying to rush through new legislation to cover this. Unfortunatly as is normal they are trying to piggy-back in other legislation over and above that which might be considered reasonable to maintain the status quo.

This new legislation which almost certainly end up being called DRIP and is being linked to the existing RIPA legislation and extends on it’s “extra-territorial” provisions in such a way that any individual any where in the world with communications connectivity could be the effected by the legislation.

Clive Robinson July 14, 2014 9:34 AM

Depending on who you listen to, the extra-teritorial additions to RIPA in DRIP are almost Kafkaesque in nature… Under some interpretations, all that has to be done is for an apointed person in the UK to phone up a representative of a compleatly foreign “person legal or natural” entity such as a service company and inform them in english that they have been served notice and that failure to comply carries the usuall RIPA penalties…. What is less clear is how the UK authorities would intend to enforce such stupidity in another Sovereign State…

But as there is no statute of limitations in the UK it would leave a Damaclesian sword swinging indefinately above any person within the foreign entity. I suspect that this “official terrorism” could easily be considered a “method of torture” due to the effect it could have on an individuals mental well being, also in effect “illegal imprisonment” by forcing them to not be able to travel freely even though they have commited no crime. Thus I suspect DRIP is destined to get struck down in flames as well by either the ECJ or ECHR.

Sommerlad July 14, 2014 9:51 AM

“IPT hearing on GCHQ’s TEMPORA and its use of PRISM started this morning. And this time, the hearing is public”

Tribunal hearing legal challenge over GCHQ surveillance claims

14 July 2014

“The tribunal will determine whether allegations of snooping by GCHQ are legal

A tribunal is hearing a legal challenge by civil liberty groups against the alleged use of mass surveillance programmes by UK intelligence services.”


Nick P July 14, 2014 12:46 PM

@ Figureitout

Life and work have given me plenty to do and stress on recently. I figured you might think that, so I went ahead and dropped a comment. 🙂

“Seriously, why did you not get into radio? ”

Computers, games, hacking, and hanging left no time for playing with radios.

“I’m not checking/working on those TI 499/4A’s until I’m done w/ at least a prototype of my computer too, I really have problems w/ distractions. ”

Distractions have always been my problem too. Except, it’s usually better options and life’s stresses that I’m distracted by. My work bounces all over. It’s why I always had a rather unremarkable main job doing the stuff I loved on the side as hobby or consulting. It let’s me turn down most of the crap I don’t care for.

@ Clive

Having a bit of proof makes sense. I thought we had plenty of it with Snowden leaks themselves, though. 😉

re the video

That’s hilarious. Wouldn’t surprise me if they say crap like that to themselves. Good ending, too.

Wael July 15, 2014 12:11 AM

@Clive Robinson,

This is for you (from a “limerick cutter”)

Firstly, I’m more cute than the goat and have a better looking beard…

There was an old man with a beard
Who said, “it’s just how i feared!-
Two owls and a hen
Four larks and a wren
Have all built their nests in my beard.

Clive Robinson July 15, 2014 1:02 AM

@ Wael,

Hmm very nice… but if my son gets to see it I won’t hear the last of it…

When my son was younger it used to amuse him greatly when he would put his hand behind my beard and poke a finger through in and out like the little bird in a Swiss Clock whilst saying cuckoo cuckoo. It not only amused him but his grandma as well who collects such clocks and has a house full of them, which tends to make it a bit “dawn chorus” noisy around the hour every hour there…

Figureitout July 15, 2014 1:06 AM

Clive Robinson
assume people want to build TRNGs not for fun and learning but for a real security endevor.
–Someone who posts a one-liner question is probably looking more for learning and hopefully isn’t so naive to suddenly rely on a single product for “real security” (whatever the hell that is). So, feel like spilling the beans on the damn circuit or is that another money-making secret?

Looked into that “Frequency Injection Attack on a Ring Oscillator TRNG”, aside from some of the physics and theory, which would take me a little more to get, actually most of it clicked and I could probably recreate what he did (still makes me want to pull the covers over my head). For those wondering (those few), the main concept he exploited was “injection locking”. Apparently an effect known since 1665(!), and I could almost see it in “human terms”, I thought a little about the effect that may be used to steer asteroids away from the earth using a satellite that just floats right next to it and uses its gravity to “pull” it over a long distance (intuitively, a small angle at a long distance can mean a big shift). Except this will involve more complex forces. But anyway it’s damn scary, and it made me a little mad of what he attacked, the damn power supply! Again! So who cares about the hardware or low-level software, if your power supply is being injected you’re potentially owned from power up (or you just get recurring mysterious effects), potentially even blowing fuses or ticking memory. But this was physical access to the supply and not a remote attack. But as you hinted and I know, SDR is completely changing the game.

Anyway, here’s the link to the LBTP (light blue touch paper) blog post (w/ some familiar names and an interesting read):

And the corresponding paper, not that bad of a read (ie quick and mostly painless):

I’m focused on solutions so I’ll quote a little blip about defenses at the end:

To prevent interference a device can filter injected frequencies. Voltage regulation or merely extra power supply smoothing may prevent locking, or shielding may be required for electromagnetic attacks. Devices could refuse to operate at their known vulnerable frequencies.

There was some more design ideas but they will take a few more tests. I want to see an “active defense” for an “active attack”, so I say, behind a shield spew unhealthy amounts of radiation to try and distort/couple the attacking waves; preferably in the direction of the attacker, when you’ve got critical computing to do.

There is no such thing as a random number.
–I don’t believe it either. Probably just a word we use to describe things we don’t understand. And the more surveillance, the less “random” things become.

Nick P
Computers, games, hacking, and hanging left no time for playing with radios.
–Figured, I have to do a lot of maintenance work around the house so that eats my time too…

My work bounces all over.
–Mine does too, but I really enjoy it. Just mentally draining sometimes, mostly been studying a chip, and I’m still slightly confused on the clock system…And of course problems w/ the operating voltages. It would be the best if I could just focus on my computer and get paid to do so! During the day when I’m fresher.

Speaking of secure computers, I noticed a familiar name over again at the LBTP blog on the latest comments, on a post about CHERI. Again promoting it:

Small, nimble guys like you, myself, all the other rag-tag gang operating on our own funds and time need something like a university (ultimately the most realistic and trustworthy way to go I believe) for the equipment and lab space; and of course the funds. B/c all I’m doing is using pre-existing infrastructures, potentially unsound ones…

Clive Robinson July 15, 2014 2:39 AM

@ Figureitout,

By “real security” I mean a process where if it fails real harm may happen to the process owners, or users, or those who’s details may be protected by such a process. The “real harm” including but not limited to those of tort, theft, fraud, emotional and psychological harm, loss of reputation etc.

With regards “Injection locking” yes it’s very old knowledge and widely in use (chroma circuits in colour TVs). It can also be used in clock recovery circuits and in tracking filters in weak signal recovery in radio circuits. But as you note surprisingly unknown to many engineers and technicians.

A similar attack vector is switching thresholds in circuits especialy in the likes of logic. You can advance and retard the point at which a logic gate changes state, effectivly phase modulating the signal edges. This can be used to effect metastability in logic which will cause issues in other parts of the circuit, including the extreams of “lock up” and “thermal death”.

Wael July 15, 2014 2:40 AM

@Clive Robinson,

Hmm very nice…

Thanks! But I cut it from somewhere! Was not my composition. I wouldn’t use two “beards” in the beginning and end. I would have used something like “weird”, but it got messy, so I cut it the way it was 🙂

I also cheat when I look for rhymes 😉

Clive Robinson July 15, 2014 3:12 AM

@ Wael,

Change the first line and substitute “whiskers weird” for the current “a beard” will work… not that I would say there is anything weird about my wiskers (though others might 😉

For those who have read Cryptonomican –which Bruce designed a pack of cards cipher– there is a sub plot about a man who’s wife wrote a psych paper about his beard and developed faux reasoning for sexism and mysogony with regards hirsute males in general. Then disappeared off to have an affair with a somewhat dispetic and effete person she could bully prior to launching divorce proceedings…

Clive Robinson July 15, 2014 3:27 AM

@ Figureitout,

With regards “active defence” you have to avoid being “hoist by your own petard”…

The inverse square law also works against you in that you will have many times the power at your vulnerable circuits than the distant attacker has at theirs.

Which is possibly why in the military world they have missiles that “fly up the beam” to attack the likes of radar emitters and satellite phones… I guess close in kinetic effects from a 1000Kg high order event is somewhat harder to shield against than even EMP.

Wael July 15, 2014 3:29 AM

@ Clive Robinson,

Change the first line and substitute “whiskers weird”

Noted for future reference… Not familiar with “Cryptonomican” so I can’t comment on that.

sena kavote July 15, 2014 3:09 PM

Re: true random number generators

It is not possible to make a camera that would not give some quantum-randomness in its pictures if they are not 100% white or 100% black. Every still camera that I have seen, gives some noise even in pictures taken in complete darkness, if the exposure time is long enough. Brightness of a pixel is result of a statistical sampling that has it’s margin of error just like opinion polls for example. That error margin is larger than the 1/256 accuracy that is theoretically possible with the 8 bit numbers that cameras output.

Cheaper cameras make better true random number generators than quality cameras and are “politically” / “socially” more trustworthy than super expensive special devices.

The pictures or video even in compressed form have to be yet concentrated to at least 4 times denser to get really random data. First, every byte’s order can be mixed with low quality pseudorandom mixer, then combine rows of 4 bytes to 1 byte by xor.

It is said that Linux /dev/urandom needs about 200 bits of entropy to give endless pseudorandom numbers that are good enough for security. Despite that, new entropy is used by /dev/urandom. At least Linux, don’t know about BSD. One picture can give more entropy than cryptography functions use in years.

But if /dev/urandom is used to fill empty space in a hard disk or dvd-rw, it can be bad bottleneck because it can take one core’s computing power and still use only 10% of disk io. (Why it is not using more cores and GPU’s openCL to make pseudorandom numbers?) On that use and in some special simulations that have nothing to do with security, a fast TRNG would be useful. Could we at least trade longer seeds or need to change seed more often, to pseudorandom generators that work faster? Then we could get real benefit from using the tons of entropy that cameras could provide.

Figureitout July 15, 2014 10:53 PM

Clive Robinson
–By pursuing “real security”, one already suffers from psychological/emotional harm, damage is already done. For instance, why can’t you sleep sometimes at night and why do I have a tendency to look over my shoulder at random times..?

But as you note surprisingly unknown to many engineers and technicians.
–Well, I’m sure many could work through it; just never had a reason to test that as there’s always a million other problems to think about.

You can advance and retard the point at which a logic gate changes state, effectivly phase modulating the signal edges. This can be used to effect metastability in logic which will cause issues in other parts of the circuit, including the extreams of “lock up” and “thermal death”.
–Do you have a simple way of setting up a test for that? I have a 20MHz scope at home (lame I know), so there’s a lot I can’t see. That sounds like a major issue that needs to be addressed (and I can pretty much see it).

RE: missiles
–I was going to ask if our gov’t was that psycho to actually consider launching a missile at me for jamming their signals, but I don’t need an answer to that. That’s fine, I’ll go out w/ a “boom” lol, better than living docile in a police state as there’s little to be optimistic about in my generation’s future…

Buck July 16, 2014 12:34 AM

Ahhh… How interesting it is to see (maybe even more so now – especially in light of the most recent so-called ‘leaks’), these stories that can really read differently depending on which side of ‘the aisle’ those readers will find themselves on… I now present for your perusal (be it pleasure, pain, or both)- yet another polarizing oppositional standpoint – optimized for forming one’s acceptable/agreeable/practically popular political opinions:

Islamic State leader al-Baghdadi formerly a U.S. captive (July 13, 2014)

The U.S. now has a $10 million bounty on al-Baghdadi’s head for information leading to his capture.

But the hunt is limited. When the U.S. dispensed with al-Zarqawi and his successor, it employed the full might of Joint Special Operations Command and a host of intelligence assets. Those manhunting elements have since packed up and gone home.

If those assets could not kill al-Baghdadi between 2005 and 2011, there is doubt that Iraq’s security forces, aided by limited U.S. intelligence, can find him today.

He has proven slippery.

The allies picked him up in February 2004 in Fallujah as Sunni militants were organizing a terrorist cell to seize the town. A month later, they killed four Blackwater security guards and mutilated the bodies — a harbinger of the long war that lay ahead for control of Iraq.

A Pentagon statement last week referred to Fallujah as Baghdadi’s hometown. Other sources say he is from Samarra, a town of 350,000 north of Fallujah, where he was said to preach and study Islam.

The Pentagon said authorities gave him an “unconditional release” 10 months later in December 2004 on the recommendation of what was called the Combined Review and Release Board.

Although (at least I feel), this later passage should leave little to no ambiguity as to the effectiveness of our remote recon/assault accuracy…

It added: “While Abu Du’a’s body has not yet been recovered, the airstrike effectively destroyed the building he was believed to be in.

“Five years later, the coalition believed again that it had neutralized al-Baghdadi.

In December 2010, an Iraqi general went on state-run TV to announce Abu Du’a’s arrest in Anbar province.

(Along with the clarifying quote that collapses these two somewhat-unique selectors):

The elusive al-Baghdadi, known then by his nom de guerre, Abu Du’a, would go on to become the most dominant figure in today’s radical Islamic movement.

Clive Robinson July 16, 2014 3:12 AM

@ Figureitout,

Firstly missiles, the point I was making is that in effect a kinetic attack against those pointing EM at you is about the only “active defence” solution that will make them stop…

Various governments have worked that out some time ago which is why they already have beam riding munitions that can ride down a relatively weak signal such as a portable satellite phone uplink to take out “undesirables”. Which is why OBL dumped his satellite phone, and adopted non electronic distancing solutions for his communications.

Which is why a more efective shielding defence combined with high mobility or other “distancing” technology is realy the only defence strategy that is going to work for those of less than State Level Actor resources.

And as OBL found if the distancing technology involves humans then “money and/or gonad bashing” tends to defeat this security precaution…

Clive Robinson July 16, 2014 3:45 AM

@ Figureitout,

Secondly, Metastability.

Have a look at this from an FPGA design site,

It has a link off to another page with other information. The thing is with a probability of a latchup being about 1 in 10^9 with modern CPU speeds that is about once per second, which means aditional “synchronizer” components need to be added where ever there is a danger of signals being indeterminate at a latch / register / flipflop input or other clocked element. The result is not just extra logic gate propergation slowing things down but having a clock delay as well.

If “googaling” for metastability remember to include “logic” or “latch” in your search term or you will end up with a lot of other unrelated metastability links.

Clive Robinson July 16, 2014 4:06 AM

@ Figureitout,

Oh and it you want to further prematurely turn your hair grey.. Some people think metastability is a great way to make “on chip” TRNGs…. (google for papers).

Obviously like ring oscilators, metastability RNGs are going to be susceptible to EM or modulated EM carriers if a path into the equipment and then the chip is available. Ventilation slots which work realy well as re-radiating slot antennas directly into the equipment at resonant frequencies are a good place to start as microwave generators and broadband amps in the appropriate ranges are readily available these days.

By then AM modulating the signal at some lower EM frequency a PCB trace or hookup wire is resonant at then you can get the chip input protection diodes to rectify / envelope demodulate it, so if this modulated carrier is it’s self modulated with your attack signal, the chip internals will jump to it like “fleas on a hot griddle”.

And people wonder why I don’t trust On Chip or quite a few other TRNGs…

Clive Robinson July 16, 2014 4:22 AM

@ Figureitout,

Having now induced premature decay in the follicles on your head with the likes of,

Perhaps I can indirectly help with,

–By pursuing “real security”, one already suffers from psychological/emotional harm, damage is already done. For instance, why can’t you sleep sometimes at night and why do I have a tendency to look over my shoulder at random times..?

Look up Slarti Blastfarsts response to Arther Dent’s similar question in Douglas Adam’s book (or watch the film)…. If nothing else the search for the answer will be entertaining and take your mind of things 🙂

Clive Robinson July 16, 2014 4:45 AM

@ Wael,

“You heard it first hear”

Should be the official motto of this site 😉

I gave up counting a long time ago the number of times predictions had been made by Bruce and some long term posters here, that were later found to be correct.

If you search back you will find it was posters waving red flags about SCADA systems on this site that some years later became a reality, that then showed how bad it could get with Stuxnet and friends, using techniques outlined long befor on this blog.

If you look at both the NSA and GCHQ catalogues there is nothing in them that had not been discussed on this blog long before.

Then there was discussions about if the NSA’s new facilities could concevably store all phone calls in the US, we quickly worked out the answer was yes, then some time later Ed Snowden took an employment ending sickie to Hong Kong and as they say “the rest is history”.

sena kavote July 16, 2014 7:29 AM

RE: Cell phone tracking

One related “security product” is sold on grocery stores. It is cookie jar made of metal. It may be sold with or without the cookies. It is usually more convenient to put phone in a cookie jar than take out battery.

For preventing phone’s loud bouncing against metal and for extra soundproofing and for extra emission reduction, it is best to line the jar with aluminium foil and some fabric or plastic foam.

Sound proofing should be tested by putting the phone or some other device inside while it records and while there is some noise in 100-7000 herz. You can use audacity for test noise, it is in most Linux repositories.

Clive Robinson July 16, 2014 9:00 AM

@ Sena,

You have to pick your “cookie jar” with care, many don’t have particularly good folded seams, and their lids do not have a good RF seal (screw top tea caddies tend to be better).

Whilst I do have a proper test equipment certified mobile phone jig in the lab, I also have a couple of “Home Brew” ones made from screw top aluminium cans which have a single piece formed can, which “came for free” with some mil spec desiccant units in them I ordered for some specialised rugged field equipment, you also get similar cans used to ship those big 100+ pin mil spec connectors.

The foam I’ve lined them with is the carbon loaded black “100 Ohm Foam” DIL ICs used to be kept on, that I’ve mentioned a few times in the past. It works almost as well as the much more expensive rigid foam you find in RF anechoic chambers and cells used for EMC testing. I’ve replaced the top O ring seal with the inner of soft foam coax with the center conductor removed but the braid left on which makes a good RF gasget.

name.withheld.for.obvious.reasons July 16, 2014 2:28 PM

Seeing that we are living in the [dis]information age, congress has managed to add insult and injury to the citizen again! The Cable-Satellite Public Affairs Network broadcast house of representative electronic votes on a small tally board during sessions. Information provided by the tally board is limited (you couldn’t fit or scroll rapidly through a congressional roster of 435 members). Today, instead of providing more congressional voting information, the network now provides less. The only tally is for the number of yeas and nays. I could think of a 100 metrics that could be tracked during each vote (means, deviations, periodic data at the party/member level).


Buck July 16, 2014 10:50 PM


Don’t knock it till you try it… Simple password (bonus points if it’s in Google search rainbow tables) reuse across multiple non-mission-critical accounts can provide for plenty of false trails & time wasters for those who are simply not afforded the privilege of “minding one’s own business” (disclaimer: this advice is valid only for the PI and SK level attackers… The TLA’s [and their foreign equivalents] will have probably already captured all relevant networked credentials 😉

At least they don’t try to tout the terrible advice of using a ‘password manager’ as we’ve heard from so many (presumably) monetary (or datatary?) interests in the past…

Though, this study makes me somewhat uncomfortable if I ponder too long on how they could have arrived at their hypothesis… Hopefully it’s just another case of ‘multiple discovery’… Surely a corporation as benevolent as Microsoft could never abuse any potential privileged positions for pure password-based research proposals! 😉
(Their own employees [ex|in]cluded..?)

Figureitout July 16, 2014 11:52 PM

Clive Robinson
in effect a kinetic attack against those pointing EM at you is about the only “active defence” solution that will make them stop…
–Ok…not that active…christ. I’ll move on now b/c there’s no point continuing on that tangent.

RE: “Tell me about Metastability”
–Read that link all the way, pretty good. Haven’t gone thru all the links yet. Man, I don’t need another obsession that drives me crazy; but ‘what the hell’, this really irritates me. I’ll be checking my computer for clean signals and if I get some unstable crap I’m going to freak out.

I could follow a lot of it, but some of it I need time to read more and in a lab w/ an oscilloscope, chips, etc. One thing I’ll note, which is a very “humanized” viewpoint of looking at the problem, is that the signals looked like what a weak rope pushed together looks like, did it not? And the “solution” is to pull the rope from each end, rendering a “clean signal” or a stronger rope. Not sure if that has any relevance whatsoever in electronics/physics yet, but if it did that would be exciting…

I’ll take some main quotes that are easiest to remember:

Metastability caused havoc in synchronous systems. It is caused by the unstable equilibrium state for example when a pair of cross coupled CMOS inverters are
stuck at mid-voltages. It is impossible to determine how long such a state persists. Unfortunately, due to the complexities in today’s systems, it is not possible for the designer to avoid this type of situation.

The now widely held belief is that it is impossible to design such a circuit. Indeed, ALL claimed metastable free circuits have been proven not to be. Usually the only thing achieved by complex circuits that try and deal with all sorts of special cases, is that they obscure the metastable mode during analysis. The best way to deal with
the metastable problem (the synchronization of an asynchronous signal feeding into and affecting a synchronous system) is to synchronize the signal with a multi stage synchronizer, comprizing of no more than 2 or more flipflops, connected as a shift register, and clocked by the clock of the destination domain.

–Not cool. I don’t believe it, well…maybe. Means anytime some little blip pops up I’ll freak out; maybe for reasons I can’t ever do anything about…

Unfortunately, simulation is NOT sufficient proof of metastable free behavior. For a good example of someone who has fooled themself (and the patent office) see 4,999,528 . Spice does not have infinite precision, and the problems of rounding and convergence are well known.

–Agreed, I’m wary of all simulation. Of course w/o it there’d be a lot of wasted time. But…if your computer is infected…alright fill in the rest of the story…

/********************Silly Mode On********************/
–I did, uh start to read one link “in the link”, on what started off as “Buridan’s Principle”. Ok..looks normal…first page: “Buridan’s Ass”–uhh…what? Oh donkey, ok…


The problem of Buridan’s Ass, named after the fourteenth century French philosopher Jean Buridan, states that an ass placed equidistant between two bales of hay must starve to death because it has no reason to choose one bale over the other.

–Dude…I can’t read this w/o laughing. Too many messed up images in my head. Just frickin’ say donkey!


The key assumption in this argument is continuity: the ass’s position at a later time is a continuous function of its initial position.

–WTH, just frickin’ say donkey! I can’t read this damn paper, and they said it was good.


Buridan’s ass starves because it cannot make the discrete decision of which pile of hay to eat, a decision based upon an initial position having a continuous range of values, within the bounded length of time before it starves.

–Alright, one more mention of ass and I’m done…

Later in paper: 2. Can asses really starve? 3. Other asses 4. Flying asses 5. Computer asses–Alright some other time, frickin’…ass! lol

/********************Silly Mode Off********************/

RE: FPGA Implementation of Metastability-Based True Random Number Generator
–Didn’t read this all the way thru, but most of it. Just going to take what I found the most enlightening in the least space possible.

Although the principle of a metastability-based TRNG is simple, it is not easy to achieve high quality of randomness. Any kind of unbalance in circuit will lead to biasing of output; e.g., the output Q might be biased if there is a skew in Clk signal. Dispersion of circuit elements may also lead to the bias of output, if it involves the difference in drivestrengths of two NAND gates. Even if the circuit is perfectly balanced, the output might be affected by the previous out-put, which may remain as a small voltage difference of in-ternal nodes after initialization (i.e., the period of Clk=0).For these reasons, metastability-based TRNGs have been regarded as unreliable and difficult for practical applications[11].

The distance between two slices might affect the quality and throughput of an LUT latch. There is a possibility that longer wires may collect larger noise and consequently gen-
erate larger entropy. Meanwhile, there are many drawbacks to a large distance between slices. Long wires should be avoided because they consume more interconnect resources.
A long wire also incurs heavier capacitive load, which naturally leads to a larger time constant and a smaller throughput. The entropy of a latch may decrease, since the skew
tends to increase according to the length of wire. Such pros and cons have to be examined quantitatively with experiments.

–Did they consider RF injections in the “longer wire” decision…?
–Had some criticisms of RO’s (ring oscillators).

RE: Slartibartfast’s quote
–Bah, why did you do this to me?! Making me look up silly things, grr! Typical British humor. 😛

Here it is:

ARTHUR: You know all this explains a lot of things. All through my life I’ve had this strange, unaccountable feeling that something was going on in the world… and no one would tell me what it was.

No, that’s just perfectly normal paranoia, everyone in the universe has that.

Scene 5, oh the website even has your name lol:

Benni July 17, 2014 12:17 PM

The german secretservice BND has bought dropbox:

There is a wikileaks page which shows deutsche Telekom to be the provider of the german secret service BND.

Furthermore, Germany’s g10 law says that BND is allowed to copy 20% of the “network capacity” from german providers. For example, at the world’s largest internet node de-cix, 20% of the “network capacity” is the current maximum load.

That BND indeed makes a full take of all german providers was admitted by the german government in this answer to a parlamentarian: : “Hierzu fordert der BND gemäß § 2 Abs. 1 S. 3 G10 in Frage kommende Telekommunikationsdienstleister auf, an Übergabepunkten gemäß § 27 TKÜV eine vollständige Kopie der Telekommunikationen bereitzustellen.” in english:
“For this, BND demands, according to article 2 paragraph 1, sentence 3 G10, from the telecommunication providers in question to provide a complete copy of the telecommunication data at the handover points according to article 27 TKÜV.”

The “telecommunication providers in question” are those which have a foreign bridgehead, or some connection abroad. The list from the german network authority says that Deutsche Telekom is such a provider with a foreign bridgehead.

So, yes, if dropbox is now hosted by a german provider, your data does not get to the NSA first.

Instead you are guaranteed by german g10 law that your data will, according to the german government, be completely copied for analysis by folks from the german secret service BND. Please note that they do not even need an individual search warrant for your account. With G10 law, BND can simply copy it all, assumed that 20% of the providers network capacity is its current maximum load….

Benni July 17, 2014 12:30 PM

No it gets even better:

“The deal with Deutsche Telekom is a significant step into Europe with a key operators, yet Leibowitz added that while several countries in central and eastern Europe would be covered by the deal, its home market of Germany is not included.”

So only dropbox users in countries at eastern europe are hosted by Deutsche Telekom, do I understand this right?

Seems that BND just discovered a new way to spy on Ukraine and Russia then…..

Thomas_H July 17, 2014 12:34 PM

@ Anura:

“Bruce Schneier has some fun… You won’t believe the outrage!”

On Bruce’s Blog, headlines crack you!

Benni July 17, 2014 1:04 PM

This interview of snowden shows why closed source is bad:

He says that there is a culture at NSA to share pictures of woman that were intercepted by NSA without the woman knowing this.

This is the typical description of a bad closed source approach.

What they should do instead:

They should make a poll which are the top 10000 attractive photos. And then they should share them with the public in an open source approach.

Clive Robinson July 17, 2014 1:36 PM

OFF Topic :
Breaking news, Malaysia Airlines has lost another aircraft, from Amsterdam to the Malaysian capital. It has come down over the Ukraine with what is reported as a loss of all persons on board.

It is being speculated that the aircraft has been shot down using a Russian surface to air missile system. US Pres Obama is reported to have spent a considerable period of time on the phone to Russian Pres Putin. A number of diplomatic/political persons are calling for much stricter sanctions against Russia, even though it’s not currently verified is if the aircraft was shot down and if so by which side.

If previous Russian International incidents are anything to go by we can expect to see an increase in illegal cyber activities emminating from Russia and Russian supporting areas, against various organisations. It will be interesting to see what China and Germany and other middle/eastern European nations with strong trading (of necessity) relations with Russia do with regards sanctions.

Gerard van Vooren July 17, 2014 3:15 PM

@ Benni

Demonstrate against the NSA … on Facebook???

Sorry, not me.

@ Clive Robinson

It is all over the news here in the Netherlands. A real tragedy.

Benni July 17, 2014 3:34 PM

No, they are putting the locations where they meet on facebook

But do not bother, its Marketplace Griesheim, Germany, every saturday. 3 pm.

They march to the NSA Dagger Complex. Be sure to bring a large camera, flash, or video. Drones are also funny, and camouflage, in order to hide before the shy spies. If spies come out of their fenced hiding, be sure to document everything, car numbers, names and so on. this regularly pisses them off…

Nick P July 17, 2014 6:26 PM

A 4-8GB memory chip that also has 128 processing cores

Adjuvant posted an article here about Venray putting a RISC processor on 3-layer memory silicon. The advantages were massive parallel architecture, lower power consumption, and 100-200x lower cost. I pulled it up again to find that the company has been selling products to the HPC community. Their offering was a DIMM with 128 cores and 4GB memory for around $30k. They claim performance comparable to over $1 mil worth of Xeon’s.

People investigating cheap, simple chips should consider using their I.P. I think Clive’s “prison” idea of tons of mediated cores could be effectively implemented this way, as well. Reading their site also led me to another innovative, memory-based processor: the Automata Processor.

Many approaches to secure system construction essentially break the system into interacting state machines whose states are analyzed to ensure security. Most protocol engines are also state machines internally. The Automata processor natively runs many state machines in parallel on a large amount of incoming data. Each machine can also match on more than one state. Given importance of state machines in INFOSEC, this architecture might gave serious use there either as the foundational building block or a coprocessor for functions easily modeled as a state machine.

In other news, the Novena open laptop exceeded its Kickstarter goal and is supposed to be done within a year. They’ll have a board, a desktop, and a laptop with quad-core ARM. The PCB and OS source will be open.

Buck July 17, 2014 11:42 PM

FedEx Indicted for Distributing Controlled Drugs Online (July 17, 2014)

FedEx, operator of the world’s largest cargo airline, said last year that an indictment or prosecution in the case would threaten a basic tenet of its shipping business — not opening packages.

Yeah, sure… >;) It’s not like that cat has already been let out of its bag or anything!

CallMeLateForSupper July 18, 2014 8:52 AM

“So only dropbox users in countries at eastern europe are hosted by Deutsche Telekom, do I understand this right?”

Your post is the full extent of my reading on this matter, so admitedly I am commenting amost “from the dark”. That said, nothing in the quote excludes the possibility that there exists a separate deal, one that does cover Germany. Many past statements by TLAs, politicians, you-name-it, contrasted with truths that emerged later, show us the importance of listening/reading carefully and giving equal attention to what is said and what is not said.

Nick P July 18, 2014 12:32 PM

I find it interesting that, in addition to typewriters, the German authorities plan to “audit” their smartphones. That they think a COTS smartphone can be trusted at all says plenty about their INFOSEC capabilities. That they think they can audit it despite having no access to plenty of what’s in the device says even more. I expect the German efforts on NSA-resistant communications to fail miserably until knowledgeable people explain high assurance INFOSEC to them.

Another thing in the same article was that German authorities really wanted Snowden to come to Germany to testify. They also said he had no grounds for asylum and would have to be extradited shortly after stepping off a plane in Germany. Is that request and likely response some kind of joke? I’m seriously wonder whether Germany intends to squeeze some information out of him, then hand him over to U.S. as a gift to increase odds of joining Five Eyes partnership.

Benni, your thoughts that latter point?

Buck July 18, 2014 2:59 PM

@Nick P (kinda… was gonna post most of this anyways 😉

Apparently Siemens can’t even be arsed to account for a widely publically known vulnerability in their control systems that are exported around the world… Presumably, the BND would let the appropriate ‘fixes’ be applied for domestic-bound Deutsch machines, and if this is indeed the case – the NSA would obviously be well informed about any possible attack spaces… It’s starting to become quite evident that the Germans aren’t as up in arms as they try to make themselves appear. Actually, I’m beginning to suspect that this present DE/US row is simply more theatre meant solely for the entertainment of people like us :-\

Critical industrial control systems remain vulnerable to Heartbleed exploits

More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.

Though, I do somewhat appreciate the good possible odds of ‘that latter point’ being right on target… ;.)..

AnonymousBloke July 21, 2014 3:07 PM


I can not say much on your comments, as that gets into areas I am very unfamiliar with. (The BND, how it operates, and so on.)

“Hacker” friends (comp sec professionals) I have known have told me quite a number of horror stories over the years, and I have seen Germany come up on my Slashdot/Boingboing/Ars radar quite a bit over the years…

I do know in that area, counterintelligence, there can be a lot of disinformation: information kept very closely secret, programs kept very secret.

If I recall Germany is not part of the “five eyes”, which sounds really stupid, diplmatically, and in general. And I do recall the US intel refused to sign a “we won’t spy on you” treaty, which also stinks to high heaven….

BUT, otoh, also good to see maybe they have such treaties and actually really obey them, but who knows with people…

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.