Friday Squid Blogging: Squid Poaching off the Coast of Japan

There has been an increase in squid poaching by North Korea out of Japanese territorial waters.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on December 5, 2014 at 4:10 PM91 Comments


Rex Rollman December 5, 2014 4:47 PM


I am really looking forward to reading Data and Goliath. I think I would like to buy it as an ebook but so far, everyplace I see it at is DRM-encumbered. Do you know if I can get it DRM free?

Bob S. December 5, 2014 5:54 PM

Speaking of conspiracies, did you know Windows 8 has a Checkpoint VPN built in to every install:


Also, there is a plugin for the F5 VPN which has been approved by the NIST and NSA.

Very little documentation of either.

Re: Windows 10 Technical Preview built in key logger?


“The license agreement even mentions this specifically: “we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.”

Doug December 5, 2014 6:19 PM

Device ID and Android Apps

I’ve read a little about how advertisers (and others) use the device’s unique identifier to track user accounts across various different, otherwise unrelated apps; and that they tie that information together across multiple devices with the same Google account. The Google Play store installer calls out that permission explicitly, and the app “Clueful” which analyzes installed apps for security and privacy threats also calls it out.

So other than this obvious threat of being tracked by advertisers, what other threats does installing apps which use/leak the device ID pose? I ask because I just bought a new phone. On my old one with its limited capabilities not installing some popular apps that use/leak the ID wasn’t much of a sacrifice, so I stripped down what I installed/used, and made note of apps that do this which I had already installed before I read about it being a “bad thing.”

My new phone is much more capable however, and now I am looking longingly at some of those apps. 🙂 Seriously though, AFAICS once you buy into either the Google or the Apple ecosystem, you’ve already given up a lot of privacy for the convenience and cool stuff that they offer. So what is the marginal security sacrifice of installing apps with this behavior? Is there a threat model that I’m missing here?

Thanks in advance for any comments or suggestions, and thanks to Bruce and the contributors here for the past insight and information which I have enjoyed and benefited from.

Doug (the lions are everywhere!)

Thoth December 5, 2014 6:34 PM

@Bruce Schneier
Wouldn’t Japan be pissed off if North Korea continues poaching of squids in Japanese waters ? Probably it might be a political statement from N.K. to Japan of some kind of protest and the involvement of N.K. military ??? And military fisheries ??? Ok … that’s more like a loud political statement ?

@Nick P, RobertT, Clive Robinson
I am wondering if it is possible to create a backdoor in a Smartcard IC chip or a RFID chip that has crypto-processing capabilities by the Powers That Be without compromising the marketed technical specs or maybe the NSA-ed factories reveals a lower spec range to allow space for hiding of possible backdoors ? How hard would it be to backdoor a very limited space, processing and power IC chip ?

Rex Rollman December 5, 2014 6:36 PM


I keep waiting to hear that Apple or Google has pushed a compromising software update to a user’s device at the direction of the government. All they would really need to do that would be the device’s serial number, which is easily findable, especially if the device was initially purchased with the target’s credit card.

Thoth December 5, 2014 6:53 PM

@Rex Rollman
Why trust a smartphone ? I am not surprise if Apple or Google might have pushed something down quietly or maybe the HSAs (NSA/GCHQ/BND…etc…) might have found loopholes to do that in a targetted fashion or even a mass backdoor program. Phone chipsets are not secure anyway. To top it off, it’s the device makers and carriers that control the update mechanism. Why couldn’t the HSAs find these lot of people to do the negotiation instead of Apple or Google ?

Oyez, grooming and hygiene December 5, 2014 7:16 PM

Posner’s senile. He’s degenerated into Greasy Tony Scalia’s law-as-standup shtik, just pulling Grampa nonsense out his ass like there’s no relevant law. Happily pig-ignorant of federal and state common law or the supreme law of the land. He never was firmly attached to reality, which makes him the perfect CIA stooge on the bench. Like John Donohue at Stanford said, you could look it up, “A little bit of empirical support goes a long way for him.”

Nick P December 5, 2014 8:00 PM

@ Thoth

Easily. Read the relevant links I sent you, esp any reference to RobertT or chip subversion. That gets you up to speed on a lot of the issues simultaneously. The fact is SOC’s are black boxes to the user whose synthesized, nano-meter wiring looks little like the original high-level design. Reverse engineering companies have a hard enough time determining what’s in them and what it does. The average user, IT person, or even INFOSEC expert has little chance to detect it.

The recent finding of a backdoor in a military-focused FPGA says plenty. That guy was an expert who knew what to look for. That it sold so many times before this being published reinforces my point. It’s probably still selling.

Parry Noir December 5, 2014 8:26 PM


Does anyone know of some good resources on OPSEC best practices for corporate travelers?

While on an overseas business trip, I had what I would describe as a “suspicious encounter.” Basically colleagues and I noticed the same stranger was in our vicinity at two different locations in the same evening, and what that person was doing didn’t quite fit the setting. It could be industrial espionage, or it could be nothing, but that got me thinking about good security practices for corporate travelers.

Common Sense December 6, 2014 12:59 AM

@Parry Noir
It could be industrial espionage or local intelligence or even thieves, have a local police number at hand just in case.
Do not show him you have noticed, this will give you some advantages. Think in technology terms, microphones and cameras have the size of a fly, phones are portable spying devices, no room is safe. Take care of sensitive data carrying with you, documents, laptops etc., don’t leave anything unattended or unprotected even for seconds. Avoid making public your next destination or intentions as much is possible.
You can try to read some countersurveillance techniques on web, but depending on who your adversary is you can make it worse.

Grauhut December 6, 2014 9:16 AM

@Bob S. Microsofts “Asimov” seems to be a product for the market. Even better, in this case you pay willingly for the indirectly .gov owned hard and w10 software they use to investigate you. No tax $$$ needed for bugs, drones, energy, installation and communication, .gov just has to pay for the remote tools. They could even use networked pc’s computing power like yours in a computation grid. Indirect taxation.

BoppingAround December 6, 2014 9:49 AM

[re: Android] Doug,

Personally I would flash a clean (without google crap) ROM and flavour it with a firewall (say, AFWall+) and Xposed’s XPrivacy module. The latter allows to restrict access to various data pieces on app basis. It can feed apps fake data or no data at all.


Judge argues the NSA should have unlimited access to digital data.

The article reads almost as if it’s a flamebait, and a very fat one.

Thoth December 6, 2014 10:27 AM

XPrivacy does not go deep into defense. It’s pretty much doing what most other privacy apps do. Definition of defense in depth is very fine grain control in a sandbox environment.

It is definitely hard to do all these in stock Android and even worse without rooting the device but a certain level of control can be obtained by creating containers to store stuff separately but the problem is everything’s using shared memory so if it gets infected, it’s pretty much game over.

What’s the best course is to simply build a high assurance phone from ground up (resource and time intensive). Hardware, software, firmware, OS … secure everything to at least CC EAL 6+ or higher.

Nick P December 6, 2014 10:43 AM

@ Thoth

The first market to tap is corporate market, esp the control freak companies. Comcast is one of the main ISP’s in my area. I observed the technician installing the equipment. For customer data and voice calls, he had to use a very bulky phone the company gave him. He griped that it didn’t even have more than 30 minutes of battery life. Battery life and size are the main constraints I was worried about for a secure phone. This example goes to show there are companies that might accept that so long as it’s cost effective & can integrate with their backend.

MikeA December 6, 2014 11:13 AM

1) Get a surplus Rapiscan to “screen” all the guests to your villa
2) Leak nude pix of said guests (bonus points for Senators and Supermodels)
3) Profit

Up-front capital is pretty minimal, $7995. Villa sold separately

Skeptical December 6, 2014 11:18 AM

@Parry: from a US perspective,

Obviously look at OSAC guidance as well – there will be location-specific guidance – and State Dept. briefings, advisories, and/or warnings for your destination.

Re Posner:

Here is an article by Posner on privacy (albeit a rather old one):

Posner is an undeniably bright individual, though that doesn’t immunize him from having some odd, or simply incorrect, views (nor does it immunize anyone).

After a few highly sleep-deprived weeks, I confess to only having barely skimmed it. I’d consider it worth reading if you want an economic analysis of the right to privacy (which, since in some ways it’s not an angle often emphasized in most discussions about privacy, may make the article worth perusal).

For a more brief summary of Posner’s views, Google (or DuckDuck or whatever) an op-ed of his that was published in the NY Daily News a year or so ago.

To quote the more salient parts:

There is a tendency to exaggerate the social value of privacy. I value my privacy as much as the next person, but there is a difference between what is valuable to an individual and what is valuable to society. Thirty-five years ago, when I was a law professor rather than a judge, I published an article called “The Right of Privacy,” in which I pointed out that “privacy” is really just a euphemism for concealment, for hiding specific things about ourselves from others.

We conceal aspects of our person, our conduct and our history that, if known, would make it more difficult for us to achieve our personal goals. We don’t want our arrest record to be made public; our medical history to be made public; our peccadilloes to be made public; and so on. We want to present sanitized versions of ourselves to the world. We market ourselves the way sellers of consumer products market their wares — highlighting the good, hiding the bad.

I do not argue that all concealment is bad. There is nothing wrong with concealing wealth in order to avoid being targeted by thieves or concealing embarrassing personal facts, such as a deformity or being related to a notorious criminal, that would not cause a rational person to shun us but might complicate our social and business relations.

There may even be justification for allowing the concealment of facts that might, but should not, cause a person to be shunned. Laws that place a person’s arrest (as distinct from conviction) record behind a veil of secrecy are based on a belief that prospective employers would exaggerate the significance of such a record, not realizing, for example, that arrests are often based on mistakes by witnesses or police officers, or are for trivial infractions.

Privacy-protecting laws are paternalistic; they are based on a skepticism regarding whether people can make sensible evaluations of an arrest record or other private facts that enter the public domain.

Still, a good deal of privacy just facilitates the personal counterpart of the false advertising of goods and services, and by doing so, reduces the well-being of society as a whole.

I am not suggesting that privacy laws be repealed. I don’t think that they do much harm, and they do some good, as just indicated. But I don’t think they serve the public interest as well as civil libertarians contend, and so I don’t think that such laws confer social benefits comparable to those of methods of surveillance that are effective against criminal and especially terrorist assaults.

Bear in mind that he was discussing surveillance cameras in public spaces in that op-ed, not the types of electronic surveillance that are often discussed here.

Parry Noir December 6, 2014 11:21 AM

@Rex Rollman

Thanks for the link. Will check it out.

@Common Sense

The company is not in any sensitive industries, so if anyone is trying to eavesdrop on our conversations, competitive intelligence would seem the likely motivation.

In that particular case, we knew our competitors would be meeting with the customer around the same time we did, so presumably our competitors had the same info. Our local person had a history of using a particular hotel for the team to meet up for business in the area. It’s possible that our competition had picked up on that pattern.

Nick P December 6, 2014 12:00 PM

@ Skeptical

re DOJ brochure

Thanks for the link. It’s a good summary I might give to some business travelers.

re Posner

The paper provides a more sensible treatment on the matter. The remarkable failure, though, is the lack of an analysis of the government threat to individuals. This includes everything from corruption to smashing dissidents to overreaching on certain laws. We see examples in the news every day. This kind of thing was also a major inspiration for the Fourth Amendment. One would hope a law expert and judge would understand the justifications for it.

Another problem I see is that he’s looking at it totally as an economic analysis. My tendency to hide certain things about myself had nothing to do with economics. I noticed that others would be on the attack in some way that affected my well-being or survival. I protect information or project a certain image out of necessity. A necessity dictated by others’ actions, including judges and lawmakers. Contradicts his concept of me just wanting to con others for profit.

If others want to play 100% fair and non-discriminating, then I’m game for some kind of privacy reform. Yet, they’re anything but fair, non-discriminating, or even ethical in many cases. So, privacy is necessary for both my survival and success in a society. Ironically, Posner’s own statements and actions as a judge reinforce the legal, power, and social structures that lead to my privacy being a necessity rather than a choice.

Daniel December 6, 2014 3:33 PM

FWIW, my own view is that Posner like all economic utilitarians fails to give any credence to the idea that privacy possess an intrinsic value. Posner assumes that privacy is only useful insofar as it gets the person something (whatever that something might be). Thus it follows there is an inherent contrast between why an individual might want privacy and why society as a whole should give them that privacy.

Once this assumption is faced directly Posner’s analysis is revealed to be flaccid. He’s arguing for the “naked universe” hypothesis only ironically he’s hiding it under the guise of utilitarianism. The best rebuttal to Posner is to frame privacy as a question of identity. Privacy is something that we value because it is who we are as a people. The fact that privacy may have an opportunity cost–a pedophile may go free, a fraudster may hide his loot–is just the ordinary cost inherent in the selection of any identity. No identity, not even Posner’s, is cost free. It is equally true, however, that the economic costs and benefits cannot equal the total utility of an identity to a person or culture.

In short, like all economists Posner too airily dismisses as “externalities” costs and benefits he doesn’t care to think about.

Nick P December 6, 2014 5:52 PM

Rex Computing’s NeoChip has 256 power efficient cores:

They’re aiming at exascale computing. The more interesting thing is that the founder is part of the Open Compute project. There’s talk of them open sourcing the final design, although they might still charge for it.

Additionally, Achronix Semiconductor is supposedly licensing their FPGA fabric I.P. I previously said doing a trusted hardware implementation of an FPGA would be a nice start on combating subversion in many chips. Achronix’s FPGA uses asynchronous circuitry to hit around 1.5GHz clock rate at 6 billion transistors. A project to license that FPGA and fab it at low cost for end users might be very worthwhile. Open source synthesis tools could also target it.

Oyez, jaw-droppingly awkward interpersonal skills December 6, 2014 6:15 PM

@AlanS, yes, Posner is inexplicably influential. He is like the Kim Khardashian of judicature only instead of a big ass he has a prodigious ability to never shut up. I like the tact of “a position that combines, in a curious way,” childlike trust of government repression with a conviction that government can’t provide anything that human beings actually want. It’s interesting that despite his Sheldon Cooper solipsism he’s so exquisitely susceptible to the induced mass hysteria of 9/11. He’s a corporate shyster! He’s a cringing bed-wetter! It all depends, Occam’s razor would suggest, on the autistic token economy where Rockefeller money has institutionalized him.

Nick P December 6, 2014 6:42 PM

A nice breakdown by Altera of what a design costs at each process node:

It might be cheaper now. Looking at Wikipedia’s process node pages, esp example products, will tell you what to expect out of each one. Combining the two data can tell you what process node to target with whatever budget you have.

Tim December 6, 2014 8:27 PM

@Common Sense “Avoid making public your next destination or intentions as much is possible.”

Good advice.

Another thing to try is making your next destination public sometimes and not others.

Then look for contrasts in the subliminal flow during your travels. Note the degree to which impressions are personalized vs generic.

That could give you a clue to who you are dealing with.

Nick P December 7, 2014 10:36 AM

@ Thoth

“Costs looking cheaper at most extend ?”

I don’t understand the meaning of this. Could you rephrase it?

re papers

I didn’t know that a countermeasure was developed for the hardware trojan. Nice.

Figureitout December 7, 2014 3:36 PM

Light Paper Review: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

So this paper is nearly a year old and I remember it coming out but never read it. I finally did and it was nice, smooth read. In the spirit of open source EMSEC I’ll highlight some tricks and practical insight for future designers to keep in mind.

Keep in mind I’m going to focus on EMSEC (which is mostly beginning 17 pages of paper) and not delve much into algorithms; just not my thing. Also keep in mind there were some caveats to the attack (chosen cipher text).

This attack focused on the vibration of mostly power supply components (capacitors and coils[aka inductor]).

In a nutshell, the key extraction attack relies on crafting chosen ciphertexts that cause numerical cancellations deep inside GnuPG’s modular exponentiation algorithm. This causes the special value zero to appear frequently in the innermost loop of the algorithm, where it affects control flow. A single iteration of that loop is much too fast for direct acoustic observation, but the effect is repeated and amplified over many thousands of iterations, resulting in a gross leakage effect that is discernible in the acoustic spectrum over hundreds of milliseconds.

So when I hear that I think of MITM attacks injecting these cipertexts w/in a file in transit, spam emails spoofing people so someone opens it as they note in their paper w/ Enigmail plugin to Thunderbird “an attacker can email suitably-crafted massages to the victims, wait until they reach the target computer, and observe the acoustic signature of their decryption“, maybe…making this attack less of an obstacle course and a further reaching attack.

Pointed observations:
–Signal quality and effective attack distance vary greatly, and seem to be correlated with computer’s age
–Attack can apply to GnuPG versions upt to 1.4.15 (which is dated, latest version is 2.0.26 or 2.1.0), but more troubling is side-channel mitigation added by GnuPG devs actually aided the attack by increasing amplification of innermost code loop.
–Faraday cages shielding computers need ventilation, w/ metal “honey comb” screens, which are good at attenuating EM but not so much acoustic emanations b/c of the air flow.
–Clive will like this, the paper mentions Spycatcher and mentions MI5 & GCHQ using a phone to eavesdrop on a Hagelin cipher machine in the Egyptian embassay in London by counting the clicks during the rotors’ secret-setting procedure. These are acoustic sounds, and this attack would likely work well on most older electromechanical machines (read Russian typewriters…).
–Acoustic attacks on dot-matrix computers based on sound of needles in the printing head to recover printed info.
–Power analysis by measuring voltage across a resistor in series with power supply at a “very high sampling rate”.
–Power analysis on USB port power lines, actually leaking outwards, even if ports are disabled via software or overload protection circuits.
–Power analysis of AC outlet being used to identify web pages loaded on a target machine, requiring much less bandwidth (few kHz) than other power analysis.
–Analysis of CPU operations begins by running test code on target machines. They had a program that just loops w/ x86 instructions: HLT (CPU sleep), MUL (integer multiplication), FMUL (floating-point multiplication), main memory access (force L1 & L2 cache misses), and REP NOP (short-term idle).
–Acoustic measurements to distinguish loops of different lengths.
–Acoustic emanations (in their attack) not caused by fan rotation, hard disk activity, or audio speakers; but in the power supply circuitry.
–Even the “remote brick” AC->DC laptop power adapter exhibited software-dependent acoustic leakage as well.
–I liked this, in localizing the source of the emanations, they used “Quik Freeze” non-conductive/non-flammable spray that freezes areas to -48 deg. C. After spraying one capacitor (their main suspects), acoustic signal dropped dramatically. Also, and this is bad for me personally (have a mobo which as visible leaking caps but it still works, but I did have a wierd freeze up one time when I left it on, red bar on the screen…), the electrolytic capacitor had a “bulging vent”, which is the top of it w/ little slits that has some physical leakage of electrolyte (looks like battery acid). There is some history w/ this, even some…espionage…called the “Capacitor plague”. These failing eletrolytic capacitors are common in older computers and seem to be correlated w/ more acoustic emanations.
–Between 6 machines they tested (Asus, Dell, HP, Samsung, Lenovo companies), all had distinct signatures of MUL, HLT, and MEM instructions.
–Fan slots were used for gathering acoustic emanations w/ mobile phones. Other ports (USB, Express Card slot, SD card, Ethernet port) provide points of ingress to the CPU.

Starting on page 19, they start getting into more crypto and the acoustic signatures from the crypto. Also of interest is the attack algorithm for the “chosen ciphertext” used to push out these acoustic signatures. I won’t touch on the crypto side of it as, it’s not my thing. But a problem is Enigmail automatically decrypts incoming email messages when Thunderbird displays its “new email” pop up notification. Thus this enables this chosen ciphertext attack, due to this feature.

Also the EM and acoustic noise and side channels due to software is very interesting to me, and this attack went after the GnuPG implementation of multiplication routine. They call it a mixture of a “schoolbook” multiplication routine and a recursive Karatsuba multiplication algorithm. I still struggle w/ a lot of basic algorithms so I won’t describe it, gets pretty “mathy”.

Good points and Mitigations:
–Fan exhaust can create wideband noise for microphones too close and to high of gain. EM interference from fan motors and PWM driving circuit can also disrupt acoustic leakage (even though they did mention that adding other signals actually aided their attack). For their attack, they had to wait for the fan to turn off to begin cryptanalysis. This is why I believe fans (using a pseudorandom PWM sequence driving it) and heavy foam will be strong acoustic defenders. Distort the air flow. And enclose the laptop “power bricks”; or redesign (if wanted, it will be expensive…costs again!).
–Parallel software load on CPU, they mention this may help attacker since a background load on CPU affects leakage frequency by moving it from the 35-38kHz range to the 32-35kHz range; and w/ this lower frequency a less sensitive microphone can be used in attack.
–Ciphertext randomization. “Given a cipher text c, instead of decrypting c immediately one can generate a 4096 bit random value r, compute re, and then decrypt re*c and multiply the result by r-1.
–Modulus randomization and Cipher text normalization.

Ending thoughts:
Check page 49 for their power analysis set up (pretty easy to do, sounds like). Also page 52 for “chassis potential analysis” on ports and their set ups (they really really like Brüel&Kjær microphone capsules lol).

I say separate interchangeable slots for TRNG’s using same interface (USB/PCI, serial, whatever) w/ all the different manufacturers, different algorithms (maybe even weak ones sometimes), different power levels, different times. Powering fans will be simple, you can do that w/ varying PWM loads w/ Arduino in like 2 seconds. All this entropy crap constantly distorting EM and acoustic signals. To keep it practical and not too crazy you can just rotate the modules on every boot for your ultimate secure machine. As Bruce says in AC2 (paraphrase), “this isn’t to secure your little sister from modifying your files, it’s for best attackers”.

But…this still may not matter if they already have the signature to your core CPU…in which case you need multiples of that CPU, unless each individual CPU has a distinct signature…in which case I throw my hands up for now.

Ridiculous attack, but “they only get better”.

Here’s an older article where Shamir says some things that make cryptographers a little defensive, “Cryptography is ‘becoming less important’ because of state-sponsored malware, according to one of the founding fathers of public-key encryption.”

Cryptographers like Boneh and Diffie is this talk definitely went on the defensive to dismiss that. But I think it’s the ordering that’s not right. Crypto where malware and other attacks can already see the entire lifecycle means it’s just…”security theater”. The computer and OS needs to be secure first and block those signals!

I think it’s important for big security people like Shamir to start pushing this that may be inline w/ what Bruce is pushing now which is Incident Response (IR) ie: the attackers will get in no matter what, how can we still operate when they do. Keep getting the tools cheaper and spreading knowledge so we can check our computers at home; or even better make them at home (someday…).

OT (but plays in w/ “acoustic cryptanalysis”)
Another use for RTL-SDR, someone is using the cheap dongle to reverse engineer a PS3…frickin’ crazy. He mentions the paper above having some good info, I plan on using the paper (and the dongle) to try and catch some signals I’m still getting on the audio port of PC’s at my school (gotten worse and more pronounced when inserting USB stick).

Results will probably be interesting, he’s still working on it.

Thoth December 7, 2014 6:07 PM

@Nick P
Cost of some of the chips in that PDF you supplied looks cheaper in the current years than the previous years. Lower prices for chips than many years ago. But it looks like chips with 0.5 micron and bigger are a little more expensive than a few years ago (because 2008 – 2011 is the number 5 whereas 2005 – 2007 is 6). But overall chips are getting cheaper anyway as more are in demand.

Thoth December 7, 2014 6:10 PM

@Nick P
The first link is for the Hardware Trojan Catcher (HaTCh) besides setting a definition and formalizing hardware trojans into theories. It has limited abilities for now (can’t catch all trojans) but better than nothing.

Wesley Parish December 7, 2014 6:15 PM


Judging from the excerpts quoted, Posner’s a halfwit.

To wit, homo sapiens is related to the common chimpanzee, pan troglodytes, and the bonobo, pan paniscus. As it happens, the common chimp does indeed have need of privacy: after the female comes into heat, and the males have competed, and the female has chosen, the pair not infrequently go off on a “honeymoon”, so to speak. It keeps the fractious males apart and allows the female to get the undivided attention. I don’t know if the same applies to the bonobo during “serious” mating, as most attention’s been directed to the bonobo’s habit of recreational mating.

Fast forward to that other ape, the Third Chimpanzee, homo sapiens. I do not know of a human society where the breeding couple do not have rights to privacy. This includes the right to take a piece of the common land of the community and build a house; it extends to the right to use common land to establish gardens and the like to support the children resulting from such a breeding couple. The explanation in anthropology textbooks is usually along the lines of “resolution of conflict” – if I have the undisputed rights to such-and-such, then X and Y, my competitors in the local community, will not have a clear run to use them – unless I have defaulted in a major way from my community obligations.

This can be seen in the discussions of “non-repudiation of contracts” etc, that raged during the nineties about Internet trade. Only if the system is robust enough to prevent MITM attacks, etc, will people trust it enough to use it for trade. Think of cuckoos.

None of this is rocket surgery. None of this is brain science. This is information that has been in the public domain for well over fifty years.

So if the Chicago School and the like, still persist in making such claims, one is driven to conclude they are deliberately misleading the public, in which case the Chicago School are committing academic fraud. And those who rely on them – the entire US government it appears, of both parties – are in Cloud Cuckoo land.

AlanS December 7, 2014 6:21 PM

@Skeptical and others

More recent writing: Posner on Privacy (2005).

“All that privacy means in the information context…is that people want to control what is known about them by other people. They want to conceal facts about themselves that are embarrassing or discreditable.”

Posner’s thing is that the market is everything and the market depends on information to function. So he tends to see privacy as an issue because it often involves activities he perceives as cheating or subverting the market.

Also see Posner’s Response to Comments on Privacy Posting and Gary Becker’s posting on Posner’s post.

His analysis doesn’t work in a world where information itself is the commodity and people’s presentation of self (see his comments of Goffman in the second post) are increasing the product of the information in large databases controlled by corporations and governments. There’s much more at stake than “embarrassing or discreditable” things. It’s about how much control individuals have over how they are labelled and perceived by others, represented and misrepresented by others.

Thoth December 7, 2014 6:21 PM

Cryptography is just one sub-branch of defensive computing. If you want defense in depth, I always say that cryptography is the last line of defense whereby the first line of defense must be done well for the last line to work well. Cryptography is used as a last line because enemies have breached your front door, walked to your data, gathered your data and is about to read them. If you did not do the previous defenses like tamper detection and active defensive measures properly, the encrypted data is kind of pointless. While the enemy is attacking, they might have gathered some careless information or even crypto keys and that’s pretty much game over for the encrypted data.

It is best that the last line (crypto) is never crossed or used because the usage of crypto means all your doors have already been breached and you have pretty much oping the crypto keys, the ciphers, data … they don’t go wrong and fully bring you down.

If a cryptographer says his crypto is really good, just go for his hardware, hunt down the people around him or tie him up and torture him if possible (Gitmo). Either way he’s gonna break if he relies on just his nice crypto algo.

Using geographic advantages, legal advantages, machine advantages, logic / software advantages, human and machine process control … that’s how high assurance security are designed.

AlanS December 7, 2014 7:14 PM


“…childlike trust of government repression with a conviction that government can’t provide anything that human beings actually want.”

That’s the liberal theory of society in a nutshell. See earlier post here. The role of government is to protect the conditions under which the market is possible. Richard Posner and Milton Friedman, economic freedom and punishment, the two sides of a coin. If there is a twist compared to earlier liberal thinkers, it is that the private economic realm increasingly cannibalizes government, allowing the market to emerge as a totalizing ideology.

After Foucault wrote Discipline and Punish he went on lecture about the rise of liberalism from the Physiocrats through to the Chicago School, including Posner’s ‘colleague in crime’, Gary Becker. His focus was on the emergence of techniques of power, and associated forms of surveillance, that are much more extensive and sophisticated than the ones described in D&P (this connects to post above about privacy).

Foucault was lecturing on this during 1978/79. He had no conception of the Internet, massive online databases, mobile phones, etc. and I don’t think he ever discussed electronic data and databases as they existed in the 1960s and 1970s. But he lectured extensively on practices emerging in the 18th C. where there is a change of focus from the sovereign-subject relationship, to a disciplinary relationship and then to one of government (by actual governments or others) of populations. In the latter power comes not through the one one-one spectacle, or administrations directed as individuals within bounded institutional spaces, but the decomposing of population as a unitary thing into variables that can tracked and recorded across unbounded space and used to discover regularities and desires that can be manipulated.

Nick P December 7, 2014 8:49 PM

@ Thoth

RobertT taught us individual chips get cheaper as you go into smaller process nodes. My guess on why larger nodes are getting cheaper is (a) more mature tools & expertise for those nodes; (b) discounts to keep the fabs’ sales going despite their aging tech. Chips for sub 120nm are still ridiculously expensive to develop. However, if your chip is extremely simple, you can put it on one of the oldest process nodes at closer to a few thousand (or ten thousand) for a mask. That’s in the reach of individuals.

Then, there’s always the MOSIS group fabrication system. One of the best things to ever happen to chip design.

Clive Robinson December 7, 2014 11:24 PM

@ Figureitout,

As a matter of historical interest, the first example of Quantum Crypto, was so noisy that it’s inventor used to talk about how ‘as bob’ or eve he knew Alice’s polarizer state from the noise it made… something engineers designing Quantum Crypto or placing it into service should not just remember but test for…

I’ve mentioned befor the British / Canadian Rockex “super cipher” machine which was basically an electronic OTP system for telex designed originaly by the British Diplomatic Wireless Service (DWS). Well it used relays and these have slightly different pull in and release charecteristics that not only can be heard –click to pull in clack on release– like the tick-tock of a clock but also be seen on the telex wire with an oscilloscope.

Also for those who have not read “Spy Catcher” in the first half it describes the use of telephone taps on various foreign nations “cipher rooms” to “hear” the settings of the mechanical cipher systems that remained prevelent due to the likes of Crypto AG untill the 1980s.

There have been various claims as to who started “audio TEMPEST” as with other EmSec, however the documented record appears to point to Britain (so far 😉

However as I’ve said befor TEMPEST is all about energy and bandwidth, sometimes though people think of the wrong bandwidth to limit, or don’t realise there are tricks such as sampling that enable information to move from not just high frequency high bandwidth to low, but from one energy domain to another.

I guess it’s like any other cat and mouse game, the mouse rarely makes it to old age…

Figureitout December 7, 2014 11:33 PM

I always say that cryptography is the last line of defense
–Agreed, my phrase is “Crypto wins if you beat the attackers”, assuming good crypto (which is a big assumption) which means the attacker is confronted w/ encrypted data w/ absolutely no prior knowledge of how it was created or what it is. Assuming the role of attacker here, I would be inclined to think that even the decrypted info would be a false lead-on or just a fluke decryption; this is what you want attackers to think.

Uhh, I think if anyone was brought in at gun point to Gitmo they’d likewise breakdown eventually or have permanent scars if they make it out alive and free.

BUT, I do have a bit of a bone to pick w/ people that tout pure security in just algorithms or “theoretical/mathematical security”. The “proofs”, what proof? It doesn’t prove perfect real operation of the hardware. The handwaving, the big O notation (doesn’t seem like real math, it’s just estimations that aren’t even clear or really defined). Some of the problems they have in class now (like applications) are shortest network path, and I just want to say “What about ISP’s and gov’t routing the network insecurely?”. Guaranteed shoulder shrug and some more “proofs”…My CS prof didn’t even know how to work a PDF file and barely even knows the code to what he’s trying to teach! Then give us projects on sh*t he hasn’t taught us. Worthless.

Yeah looks nice in the textbook, real world probably won’t get the details right on implementation or gets owned by same old school techniques (advanced malware #1–best defense is to remove parts needed for malware to function, even better to trap it, reverse engineer, and release it to world and the attacker just lost their secret malware (maybe…maybe even get attacked by their own malware…justice.); physical attack–keep PC w/ you always, it’s like just walking up and punching someone, you can always just be a douche at any particular time and be like “I breached your security! I’m hacker!”–No, you’re just an opportunistic douche and can likewise probably be owned easily in the exact same way; network attacks at a node just before you–no known defense from me, all the insanity of all the filters and logs doesn’t give me much confidence either, yet it’s still standing…certainly will put my mind at ease until “the big one”…; hardware that has hidden memory or radio chips and antennas in the PCB, which becomes nearly impossible to get rid of if first too small(!) or it’s all in an important chip or on top of critical bus lines; and then EMSEC attacks that take an obscene amount of OPSEC and discipine to mitigate, practically no one has a shielded room in their home nor do we cover up power consumption b/c it’s wasteful!

All of these major attack areas, they continue to kill my mind day by day, I don’t know how to defeat them totally. I can’t just give up technology and go live in a log cabin, I need to make money to live and I’m spoiled by modern amenities too much. One needs a safe place to work or your work is infected or interrupted. The workplace is probably vulnerable by at least one of those big areas.

Something else I continue struggling w/ is committing to a design, it needs to be able to transform, like a breadboard or just slots using a common bus for interoperability. So this makes development really annoying when you have to keep switching dev kits to different computers in a trice and operate in LiveCD’s and VM’s all the time. The instant you commit to a design and some fcking attacker is either getting dev info and observing weaknesses or will see it eventually. Then hit those major attack areas above when you try to do anything at all useful w/ it. Fck you, attackers, you will be defeated.

–That’s nearly what we need! Have you asked them about “secure runs” and what kind of assurances customers have and if we can be present at foundries and get chips immediately and/or observe operations etc. After much planning (I’m still using COTS chips and getting my PC’s to a certain level before getting into real hardware dev) a few “fake” runs interspersed w/ real ones will be needed to acquire some data on potential “funny business”.

Thoth December 8, 2014 12:04 AM

Cryptographers like to talk about proofs and NP proof especially. RSA, DH … are not properly NP proof (some experienced crypto guys can help on this part) and what not (those big crypto terms) and we are still using them daily.

A lot of crypto protocol are not “proof” backed like the SSH and initially the SSL was not until some crypto guys decide to sit down and generate SSL/TLS maths proof and it kinda held abit but it was a game of proving whose proof remained in the game of ratcehting mathematically complex games of games. (Having a headache now ? 😛 )

Most of the IACR ePrint papers are quite straight forward if you strip the maths thingy out. They simply love to beat around the bush the present something … no matter how simple. Some have valid maths backing though (just a warning as they can be really complex).

There is a thin fine line between practical application and highly complex big O notation, NP proof and whatever it is. I can’t say removing the maths side is fair but focusing too much on the maths but not having a thought on the practical side and losing focus is the worse thing most cryptographers are heading to. Not a good sight. NSA/GCHQ/BND probably just loves to see cryptographers wasting their time on unnecessary stuff.

Bruce Schneier’s paper on Blowfish cipher ( didn’t even need a mathematical proof of whatever at all and the legacy of Blowfish and it’s incarnation (BCRYPT) still live on in many open source (especially PHP) security modules. I am not saying we can publish/invent ciphers without some form of proof these days (due to the huge amount of known attacks on ciphers and maturity of symmetric crypto).

Figureitout December 8, 2014 1:16 AM

Clive Robinson RE: Rockex “super cipher”
–Well ok it’s hard to do any sort of info transfer that is simple enough to keep track of side channels but real enough to produce info that can be captured. Who cares if they captured the click-clack of a relay, were they competent enough to make competent OTP’s? Sounds you already answered…

RE: TEMPEST origins
–Thankfully you guys didn’t invent dentistry (seriously a dentist that studied in Britain f*cked my tooth in Belgium, I should’ve known…) or “fine cuisine” (I’ll pass on the Haggis thank you :p). For Queen and country eh? Just like the bees lol…You should be proud, your country created America too, the greatest country in the world! Aren’t you proud? You guys “gave birth” to us. And you still have a monarchy, that’s advanced democracy! I kid…

RE: mouse
–You know in “Catch me if you can” movie, what did Frank say about that mouse in the cream. “There were 2 mice Frank, which one was I?” The one that scratched so hard he churned that cream into butter and crawled out. He also ended up divorced, son became a fraud, and died in poverty…

RE: quantum article
–Read the sub title “When the deepest theory we have seems to undermine science itself, some kind of collapse looks inevitable” and I’m like “Nope”. Not reading that now. Don’t feel like collapsing my world now. Gonna go to bed lol.

–Lol, I’m not saying remove the math from crypto; never. The real math. But like you said the over-reliance to the point of absurdity that they will w/ a straight face say run the app on a x86 windows machine w/ javascript for secure crypto. U fukin wut m8?! All the crypto gets sidestepped guaranteed, no point. And what I call “false math”…big O notation…Just call it handwaving and “guesstimations” at best; waving hands like a f*cking composer hearing music in the head.

Coyne Tibbets December 8, 2014 1:40 AM

@Posner: Privacy-protecting laws are paternalistic; they are based on a skepticism regarding whether people can make sensible evaluations of an arrest record or other private facts that enter the public domain.

It is astoundingly oblivious of Posner to justifie his (and the government’s) taking of the privacy of individuals–for the paternalistic purpose of “protecting” those individuals–by asserting that laws protecting privacy would be paternalistic.

Clive Robinson December 8, 2014 3:19 AM

@ Figureitout,

With respect to the paper, it might have got you of to sleep faster 😉

As for the crypto maths, you can prove whatever you like provided you get to set the scipe and assumptions of what you are modelling.

With respect of where to start on your project, how about the logical equivalent of a configurable backplane, a “frame work”.

Figure out what you need in terms of basic functional components and their carecteristics and how to make them fully plug-n-play replacable with each other. This gives you the interface prototypes, then make them “real” and build to those.

For many reasons when I went “real” I went for a simple serial interface that worked between two micro controlers, these then converted the interface to a memory mapped block for other micro controlers to use. This ment the minimum of hardware changes if I found –as you invariably will– I had got my assumptions incorrect etc. It also makes setting up test rigs and the like easier and reduces the need for complex test instruments. Back then PCs still had working parallel ports or ISA slots you could easily incorporate into your software to make Sources, Sinks and Analysers test kit. These days you have to mangle something over USB instead and that can be mind numbingly hard work, which means scanning through the likes of Hackaday or equivalent looking for some one elses project to have done the heavy lift.

But the crucial bit is to remember when starting “a flexible easily reworked” framework makes changes less painfull and faster, which speeds development. When you have got something solid developed then go for speed or efficiency as you evolve it into a product.

v December 8, 2014 8:14 AM

Hi Bruce
I listened to this the other day and thought you might find it interesting –
“two psychology professors say current screening methods used at airports, where security agents check the behaviour of passengers for “suspicious signs”, need an urgent upgrade.
Professor Tom Ormerod from Sussex University and Coral Dando from the University of Wolverhampton, designed a new conversation-based screening method and when they tested it at international airports, including London Heathrow, they found it was 20 times more effective at catching airline passengers with false cover stories than the traditional “suspicious signs” method.”

Markus Ottela December 8, 2014 8:47 AM

Spotted this; an open source HWRNG:

I shot the mailing list an email, hopefully I learn more about the device soon. Depending on speed entropy at which is obtained, this might be a valid replacement for TFC’s current implementation, at least OTP-wise.

Thoth December 8, 2014 10:31 AM

@Markus Ottela
The current TFC HWRNG is pretty good but the only thing is the form factor in a bread board instead of a PCB board. One way is to have someone made a dedicated PCB board for the HWRNG but that has many circumstances and resources necessary to fulfill. It would be interesting if Cryptech can show their HWRNG design and specs. If the circuit can avoid microcontrollers as much as possible because they are a blackbox circuit. Transistors, resistors, switches, trimpot and the rest on vanilla PCB in plain open sight with no blackboxes are the best.

My specification of a portable TRNG dongle below:
– Transparent tamper evident case to detect tamper and visual verification.
– A slider for manual mode or auto mode of entropy generation.
– A touch button.

User would apply the dongle to the circuit and select the mode of operation. If it is manual mode, the user holds down the touch button for the random entropy to be generated and streamed directly to the target as it is being generated. On auto mode, the user touch the button once to start the random entropy generation and touch one more time to stop it.

Nick P December 8, 2014 11:02 AM

@ Figureitout

re U.S. and U.K.

“You guys “gave birth” to us. And you still have a monarchy, that’s advanced democracy! I kid…”

Reality is that they have a plutonomy that’s advanced plutonomy. And their citizens are buying the bogus monarchy system just as well as ours are buying the representational democracy con. More alike than different where it counts.

re mouse

Frank ended up doing quite well for himself. One of the few stories where crime did pay. And kept paying.


Lol. I didn’t care to ask about a secure run. There’s no such thing in the chip industry right now. It would take a lot of people involved with the ability for outsiders to check each step. I’m talking an entirely new lifecycle flow from design to mask to fab. Even licensing the ability to do it myself and getting equipment wouldn’t be cheap: the mask making tools by themselves are $5mil+. And they sure aren’t letting me see their optical correction algorithms or whatever they’re called.

Likewise, running decoy chips through isn’t going to help because you can’t verify they were tampered with. It’s a black box where individual structures are only so many atoms thick. Seven plus layers of that. Good luck. The reality is that they probably would just send a FISA warrant to MOSIS for any designs a certain person submitted, then either modify them or make a custom attack. That’s why my main solution is to use mask/fab services outside U.S. control and do it with a cover story so it’s not clearly me or security-related.

Markus Ottela December 8, 2014 11:25 AM

@ Thoth:

I finally managed to solder the whole thing on perfboard, as I also did with the data diode. I integrated the RPi voltage shifter tranceiver parts to simplify the final design a bit. Images of both devices are in the user manual (I also updated the 3D models of setups and hopefully will soon get more hardware to use as props).

I agree blackboxes are generally a bad idea. I’m wondering if there’s a way to also replace the TL082 op amps from the current TFC HWRNG design with transistors. The hold-button for entropy obtaining might risk obtaining dead spots so I’d rather users enabled the device before- and disabled it after entropy collection ends.

And now for something completely different:
I’m still a bit unsure about how to determine whether the bias of final entropy is negligible. Let’s say we have exact change of ‘p’ of sampling bit 1. We can then generate a probability distribution of each random byte multiplying the probability of each individual bit that makes the byte: For ASCII ‘n’ (1101110 BIN) the probability is pp(1-p)ppp(1-p).

IIRC Dan Boneh mentioned in the Crypto 1 course that if the probability of bias affecting a bit is lower the lifetime of the key, the bias is negligible, but I’m not sure this is always the case.

Apart from crib dragging I haven’t seen attacks against OTP. I’m assuming the attacker would need to know the bias and then calculate the probability distribution of different keys and then use them in order to try and decrypt the ciphertext and get something sensible. I’m guessing that even with relatively large bias, for a 140 char message, the 1120-bit key has too many different alternatives and it’s easier to obtain logical messages from the priori probability of each message (first message is very likely some form of greeting/weather report etc). How would a modern super-computer attack work against HWRNG with non-negligible bias, say 0.01? (I’m going to shoot this question to /r/crypto as well.)

Anura December 8, 2014 11:55 AM

There’s very little you can do to defend against a DDoS attack today, and there doesn’t look like there will be a lot you can do in the long term. Sure, there are mitigation services, if your servers are all being overloaded, you can block IPs and such (but you are SOL if they can exceed your bandwidth), you can make sure you have distributed and redundant systems to maximize your bandwidth and performance (which is not viable for your small shop), but the real problem with DDoS attacks is the ease of getting a very large botnet under your control.

It seems to me that the long term strategy for stopping DDoS attacks is the same as for anything else: make it as easy as possible for the home user to protect themselves, while making it as difficult as possible to find vulnerabilities and exploit them in a useful manner. Education is important, and I think we should make computer science a required course in high school, with decent focus put towards computer security and social engineering.

So while this doesn’t stop DDoS attacks today, it can make them significantly more costly in another decade or three.

Iain Moffat December 8, 2014 4:36 PM

@Marcus: Looking at the schematic Fig 8 in the three TL082 sections are used as follows:

U1 Pins 1,2 and 3 are a unity gain buffer – an emitter follower bipolar stage would do the job (at the expense of a DC offset, but it’s an AC coupled input anyway so no big deal). A FET source follower would probably have a higher input impedance and make a more direct replacement for the op-amp.

U1 Pins 5, 6 and 7 are a gain of 4 inverting amplifier – this is within the reach of a bipolar common emitter stage with a 4:1 ratio of collector to (unbypassed) emitter resistor values.

U2 Pins 1, 2 and 3 provide a low impedance 1/2 supply reference (virtual ground) for the other opamp, which won’t be needed if transistors are used for the unity gain buffer and x4 amplifier.

I recommend “The Art of Electronics” by Horowitz and Hill as a useful analogue electronics source to explain the above !

Hope this helps

Wael December 8, 2014 4:59 PM

@Iain Moffat,

The Art of Electronics

Oh, man! I read this book in the early 80’s. Great book, by the way!

Iain Moffat December 8, 2014 5:03 PM

@Markus: Sorry to have mis-spelled your name on the previous post. One thought as to assessing the quality of the random output would be to examine it with a spectrum analyser in the frequency domain (as any periodicity in the time domain will show as peaks or slopes in the frequency domain display). I think (Clive is less rusty at this stuff and may wish to comment) that anything other than a flat spectrum between some lower frequency limit set by the AC coupling in the analogue stages and the intended digital sampling rate requires further study.

I also notice that Q5 requires Vref which I hadn’t considered in my previous post – the cheapest replacement for U2 in this low current application would be a zener diode rated at 1/2 the nominal supply voltage.

Hope this helps


Iain Moffat December 8, 2014 5:04 PM

@Wael: the book got me through university in the early 1980s and I still use it on occasion (the only one of my textbooks I can say that for!)

Thoth December 8, 2014 5:47 PM

@Markus Otella
It is very hard to determine probability biasness over something like 8 bits or a smaller group. In binary, the split is 50:50 for {1,0}.

Make the RNG generate something like a bunch of decent size chunks to simulate messaging from 256 bits to say 16k bits and then do probability statistics over multiple collection of data.

The diehard/dieharder test would be useful but not fully definitive.

To make it simpler, convert 1s and 0s to 8 bit integers and plot them.

OTP is known as the ideal cipher if it can be implemented properly. You are right that the prediction of bits can be troublesome to handle and that’s why most intel agencies are using block and stream ciphers but it is not improbable to use OTP in messaging if the RNG is good. I am not surprise a properly implemented CSPRNG would be good enough to make the output random enough to be able to tell much of a difference. In fact, a huge ton of secure entropy generators have passed the diehard/er test and it kinda seems meaningless or am I wrong as it might still be meaningful for such tests ?

So for now, get a huge bunch of bits in 8 bit integer, plot them over a scatter graph and see how it goes. Collect and plot over multiple interval, temperature, time of day and so forth.

Markus Ottela December 8, 2014 7:35 PM

@ Thoth:
I plotted the byte distributions from collected entropy back in October:

Each bar represents byte from 00 to FF in order. What I’m curious about is, whether the probability distribution helps the attacker and if, how. I’m aware the results would be inaccurate with small sets of entropy – I was trying to simplify the example, ‘p’ would of course be the long term average bias.

@ Iain Moffat:
Huge thanks for your help! I’ll be sure to read the book.

Justin December 8, 2014 9:01 PM

@ Nick P

Your link about the “plutonomy” is terribly fascinating to me. Citigroup’s investment thesis from 2005 singles out the U.S., the U.K., Canada, and Australia—four of the Five Eyes—as “plutonomy” countries. How much more the “plutonomy” has advanced since then!

Thoth December 9, 2014 12:55 AM

@Markus Otella
Here’s my PGP Public Key:

Version: SKS 1.1.4
Comment: Hostname:


And here’s my Retroshare public key:


Markus Ottela December 9, 2014 5:58 AM

@ Thoth:
Hilarious! I’m pretty sure this is what the hackers use when they can’t use IRC to meet in the middle of the ocean. None of the “What others say about us” companies seem to exist and URLs redirect to Wikipedia. My guess is NSA has very little interest to insert implants to the rocks this hoax provides to it’s gullible clients.

Thoth December 9, 2014 8:44 PM

Entree dish (Western dining), cold dish (Chinese dining) or appetizer for people wanting to start digging into High Assurance computing.


Note that the setup is not going to meet CC EAL 7 since it is using some form of re-worked RHEL as it’s trusted base Host OS. A nice idea for COTS but not good enough for CC EAL 7.

What is needed is a fully re-worked desktop machine that runs some form of high assurance kernel (seL4) and with the machine circuitry having red/black separation (something like TFC) and trusted crypto modules (red side) for client-side attestation (crypto card in PCI mode or for lower assurance – smartcards). All in all, I probably would say it is a CC EAL 5 certification ?

Nick P December 9, 2014 8:53 PM

@ Thoth

I didn’t watch the video because I’m pretty sure it’s General Dynamics HAP. That’s RHEL + VMware + some NSA stuff for a Multiple Single Level’s of security setup. Qubes might actually be better depending on how GD implements it. The INTEGRITY PC/Workstation that ran on INTEGRITY-178B was much more interesting. These days it’s branded as Dell Consolidated Solution. Then, in Europe, there’s the Turaya Desktop that uses Turaya Security Kernel platform. They’re trying to create a Medium Assurance Security Kernel protection profile out of that.

Anyway, check your inbox in an hour. I should have something much more interesting.

Thoth December 9, 2014 9:00 PM

@Markus Otella, all

Some pseudo random thoughts on random numbers I had while pondering question on RNG which @Markus Otella had asked me specifically.

Here are some criterias on randomness:
– Time to live randomness. How fast is the RNG going to be ready to spill randomness. Some people are impatient and program RNGs to spill randomness at initialization.

  • Sustained entropy duration. How long is the entropy going to last ? Do you simply just spill a bunch of 2k bits for keygen and that’s it ? That’s usually the case 🙂 . Some people are making a constant randomness spilling machine to mask traffic and the sustained periods would probably be … forever ? But how do you quantify forever ? How do you quantify short burst of entropy generation (2k bits for RSA during smartcard keygen program …etc… ).

  • Measurement of entropy. Bits or bytes ? Bytes are more practical since the more entropy generated, the more you can measure and notice it. Bytes are easier to be transformed into human understand-able data for human intervention to study entropy.

  • Leaning to more 0s or 1s ? More 0s on left side or right side of byte ? More 1s on left side or right side of byte ? Predictable ? Patterns ?

  • Post use entropy state. After usage of RNG, would the entropy state still be predictable ? If the entropy machine is rebooted, will there be a saved state to be used later on or will the entropy be random later on ? How random will the entropy state be after you reboot the entropy machine ?

Thoth December 9, 2014 9:47 PM

@Nick P
I am also suspecting it is GD HAP. Pretty sure it is not NSA PROOF since it is part of NSA involvement. It is an old 2011 video anyway. They did mention strict NSA/SELinux setting 🙂 .

Pretty sure a ton of allied natioms would fall for it and use them in their Govt/Mil sensitive network and get owned

name.withheld.for.obvious.reasons December 10, 2014 12:10 AM

Et al,

When the senate held a committee (foreign relations chaired by senator Menedez) hearing today and they discussed the AUMF with respect to Syria…

Nowhere is there constitutional authority for a AUTHORIZATION FOR THE USE OF FORCE. This is exactly way the constitution required two things;

1.) Only congress has the authority to declare war, and;
2.) that the device of the state, that of military force, resides solely with congress unless a direct and imminent threat exist(s). (PERIOD!!!)

The framers knew that kings were all too prone to use the instruments of war for any reason (enrichment, land grabs, repression, etc.). And, they knew that the constitution had to constrain the executive and the congress when going to war. They called for not maintaining a standing army, that there are limited amount of time to fund armies, and that congress could be convened in an emergency to pass such a declaration (WWII is a good example).

It is the failure of our institutions to understand our history, our values, and the nature of any risk(s) or threat(s) to our collective security. The complete abdication of congressional responsibility for the last six months is completely criminal. Our laws and constitution mean nothing in the halls of congress or in the the house we call white.

Let’s not forget that the NSA has engaged in a global cyber-war with no declaration or authority.

Figureitout December 10, 2014 1:00 AM

Clive Robinson
–Yeah I skimmed it, and was like, “meh”, I’m not coming up w/ some revolutionary physics like that lol; there’s too much to do w/ what we “know”. At least it wasn’t some “Slartibartfast” quote…Don’t send me on those worthless chases lol!

So w/ regards me finding my components, I think you need to appreciate my mindset. Assuming when you order a part, they say “It’s all good, it’s Clive Robinson. He worked for GCHQ, he’s one of us guys.” As you know, I’m skeptical of my house being invaded, my work, and my school. And I’ve had packages show up looking like crap, like they didn’t even try to reseal them; that’s where a lot of my parts will come from. And Fry’s only carries some random Propeller chips, not Freescale, Atmel, Microchip, or TI. And my test equipment I don’t even trust, it’s a terrible mindset.

Right now I’m mostly “just hanging on” doing embedded programming, so there’s a lot of stuff I enable that I don’t fully understand to get it working. That means using IDE’s and some example code to get me up and running on how the chip works. But I can’t fully trust it…when I can’t trust that affects my thinking, and all these stupid scenarios start playing out. Instead of the chips, I bet it’d be easier to subvert the IDE’s for each manufacturer to have a function ready to drop some code in a legally mandated chunk of memory (and after hours, when people go home, they break in and put their dirty paws on your keyboard).

Also, certain chunks that I’m not really sure on for useful functionality and will have to use parts that make me nervous like…getting pixels on the damn screen! What if there’s an attack in there if I just implement the usual…And what I want for it to be actually useful and not a pain in the ass (sometimes it takes too long in Vim for coding bigger projects, I like being able to use my mouse to highlight or move places on the terminal).

All these features I want to put in, makes it less secure no doubt. So something like TAILS, or cut down Kali/Puppy Linux, something like that but running off some micros…meh, no…won’t work. But I want it to be useful for someone else besides me…And I know it’s going to have some stupid embarrassing vulnerability…

Anyway, boohoo hoo I’ll go cry in the corner some more, maybe punch a wall or three…

Nick P
–I’m probably the last person to tell about our plutocracy. And I was talking about the dad, not the son. Dad did “everything right” and died alone, son was a fraudster and got a consulting business.

–Fcking sht, fine. I don’t know…the engineers don’t even know guaranteed. Can’t even give assurance on their products…No one knows…

Thoth // Markus Ottela RE: randomness
–There was an attack on ring oscillator based HWRNG’s. Fault injection. This is like one of the creepiest things…Assuming the shield on board can repel some of it, hopefully they’ve seen this paper:

This sucks b/c you would think a good source of randomness would be collect noise w/ an antenna; maybe sometimes…

Thoth December 10, 2014 2:14 AM

Fault injection is one of those EMSEC topic. That’s why there are security standards for EMSEC protection. If your critical high assurance hardware can’t even take a beating from some EM radiation, then it isn’t that good in security for critical data and processes.

Anyway, it’s a good reminder for those hardware designers of high assurance system to do EMSEC to some degree.

Regarding chipboards, good old day of transparent design without microcontrollers that may hide hideous stuff. Here’s a simple OTP chipboard design. Get some transistors and resistors, build a few half-adder circuits (XOR circuits). Integrate the XOR circuit board with a hand designed motherboard of sorts. Integrate three SD card readers (you may need microcontroller for the I/O slot). Use a set of data diode circuits (from the TFC manual) to separate the three SD card slots from the rest of the motherboard. One SD card slot for keymats, another for input data and another for output data. You might need some RAM memory (unavoidable) to do the data processing. A switch to flip between encrypt/decrypt/erase mode. Pressure sensor detection circuits for basic tamper detection and data erasure functions. More advanced stuff is a circuit mesh fabric that wrap your entire crypto module and breaking the mesh would cause and erasure to take place. High levels of security depends on how you implement it all in a lifecycle.

name.withheld.for.obvious.reasons December 10, 2014 3:17 PM

A short essay on acts of war and the use of computers or automa to carry out kinetic acts of aggression.

1.) Tying a string to a trigger on a machine gun and then pulling the string to activate the trigger is not displacement of a human act of pulling the trigger with an actual finger.

2.) We have obfuscated the use of cyber weapons as something different than using more conventional weapons…it is not. Killing someone by drone attack is equivalent to killing someone from the cockpit, from the back of a HUMV, or by pulling the trigger of a grenade launcher standing 5 feet away.

3.) For some reason people want to excuse themselves from having pulled the trigger by some abstract claim that computerized/mechanized killing is not killing.

4.) Law is well behind the curve on this and is duplicitous in finding that drone, computerized, automated, and autonomic killing is not killing. Does anyone remember Rand Paul calling for the justification of killing a U.S. citizen on U.S. soil without due process using a drone attack (hellfire missile launched from a predator) and the justice departments eventual response?

5.) Legal scholars and defenders of the constitution are far and few between but I keep suggesting that readers consult Ronald Reagan’s legal adviser(house counsel), Bruce Fein, take on constitutional acts. He has it correct on this subject.

Thoth December 10, 2014 6:27 PM

If you tie a string to a trigger of a weapon and kill someone by pulling the string/trigger, it is still killing someone. Those people how up there with power and wealth can debate all they want and make their political statement. A life lost is a life lost. Using a UAV or some robots to kill is still an act of killing but with a different mechanism/means.

On the side of country laws, we are pretty helpless as much of the laws are manipulated by the Powers That Be. What we have built inside our brains still remain there. We still recognize good and evil. We still recognize virtue and sin. We choose to pull the trigger or not to pull the trigger and the consequences that follows the action (karma). There might be people debating the existence of virtue as a social learning thing from people around us or if virtue is in-built but we just do what we feel we should do which is the most important.

Thoth December 10, 2014 6:39 PM

Passwords and PINs are never going away. Let’s say if you plug the USB key into the computer to login, you need a password somewhere. Whether is it passwords to be keyed in on the website to pair together with a USB key or a password to authorize the USB key to sign/encrypt/verify/decrypt data. It is more of a marketing “anti-password push”. This USB key might pick up some hype abit but would probably die down pretty quickly as well just like any other hype. Passwords and PINs are universal and very easy and cheap to implement. Just setup a database, script your PHP to take in password, hash the password and dump into the database and done. For the USB key, you need to support the codes on the server side and the client side and the client must have the USB key (registered).

Will these USB keys be secure enough to withstand compromisation from the host computer ? Are these USB keys already compromised at the factory level (NXP, Freescale, Atmel, TI cryptochip processors) ?

FIDO is probably a step into the wrong direction where security should have gone. Secure code practices, high assurance designs and implementations … these are the areas that should have been the common norm long time ago but it isn’t. If the core codes are made “mathematically correct” and are designed and implemented in high assurance methods and styles, catastrophic breaches would become unlikely to happen and those password dumps wouldn’t even be there in the first place. Talk about shifting the blame/responsibility to the user via a USB key. They just don’t want to be responsible for your security. That’s their final statement.

name.withheld.for.obvious.reasons December 11, 2014 11:28 AM

10 Dec 2014 (PM Hour(s) EST): House Rules Committee Hearing, Washington DC.

During the committee hearing chaired by Pete Sessions many members claimed to be standing on principle when calling on the President to account for the change to immigration status for illegal/undocumented aliens in this country.

The congressional representatives present during the meeting continually harped on that fact that it was principle first–that they couldn’t vote to support the DHS funding that would allow the President’s unilateral action. Funny thing, since the whole of congress seems unable to act on principle and here are just a few examples:

1.) The use of the military in countries without declaration or war or the convening of congress. Congress has a constitution responsibility, and it is its highest duty, to account for the massive power of a state to exert weapons of war upon another. It is also of the highest moral obligation if these so called congressional representatives embrace their theological underpinning that says “though shall not kill”. There is no exclusion clause in the 10 commandments that allows republicans or democrats of religious believe to skirt the issue. So, the superstitious believers should call their republican representatives and ask them why they hate Jesus and God. Their killing in your name…

2.) The continual abuse of the citizenry with unlawful surveillance and data collection via general warrants. A clear abdication of and by the government, that a specific restriction of government action via the fourth amendment is completely and utterly ignored. These actions, NSA in particular and now the CIA, is not only being carried out by the government and private contractors, but continues to be ignored by those sworn to protect and uphold the U.S. Constitution.

These hypocrites that pick and chose their constitutional flavor of the day should be summarily prosecuted for treason.

Thoth December 11, 2014 7:05 PM

The president of the USA cannot be questioned practically (above the law and country) therefore he have a choice (looking at the situation that’s going on) although technically he is not above the law and country. Similarly, you cannot prosecute these Powers That Be because they are above everything. If the UN would pursue US/UK/EU for all the human rights violations and crimes that they have committed in Afghan, Iraq, Iran, Syria and so on and so forth, not only would their leaders need to have countless heads to be chopped off, they would need to die and come back again to be punished and rinse and repeat.

Such phenomena are not alien to just US/UK/EU but to every part of the world. When a person reaches the height of power and has military control in the palms of their hands (and can press the red button at will), they have nothing to fear anymore. Much of human history, power comes with military backing. The attempts to separate leaders from military to prevent abuses have been futile.

Any hope of improvement is pretty pointless because the fact is, it’s a global and human phenomena. At the height of close to absolute power or even absolute power of a nation state, they will not sit there and do nothing and would attempt in every way to seal their powers in their endeavour.

Most of these powers are sadly interrupted by bloodshed via revolts (in human history) and founding of new Governance (that ultimately leads back to the same vicious cycle). Regardless if the Government is of a secular or religious nature, it will one day end up corrupted and someone attempts to reset it and it will still inevitably end up corrupted after numerous reset.

What you are looking at is human nature. Such problems cannot merely be resolve by bloodshed nor by lobbying.

As Confucius said, it is by proper education. But even education itself have been corrupted. What is left to teach of virtues ???

Clive Robinson December 12, 2014 9:19 AM

@ Alan S,

In the UK when one Gov Dept gets a “black eye” due to a report etc, other Depts regard it as “a good day to slip out bad news”, as the press tend only to cover “the main event”.

That 6000/480 page report/summary was a “realy realy realy good day” for such “under the radar” behaviour. Thus I suspect there will be more gov excretor bobbing to the surface over the next few days…

Of course as with all “theft legitimization” legislation there will be clever lawyers using it in ways to throw the brown stuff on the wall to their clients benifit. Therefore expect to see follow on legislation where “reasonable doubt” gets trashed, thereby paving the way for even ludicrously obvious parallel construction that cannot be chalenged…

I hope those in the US like the smell of rotting banana skins, because, that’s what your legal process has become, the hollowed out remains you would expect from a banana republic….

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.