Keith Irwin April 15, 2016 4:51 PM

One news story is that the Burr-Feinstein Bill’s text was official released this week. I was looking through it and it occurred to me that it not only requires that future encryption software be backdoored, it effectively requires that past encryption software already have been backdoored.

As a result, if this bill were to pass, it would open up a new extortion attack against any companies which have previously offered non-backdoored encryption. Here’s what it looks like:

1) Choose a company which provides any existing encryption products which don’t have backdoor and will host data for you in some form. Good choices might be Apple, Google, or Microsoft. For Microsoft you can use their BitLocker product to encrypt things. For Apple or Google, you can just use OpenSSL’s command line to do the encrypting. There are likely some other companies that would work, but those are the first which come to mind.
2) Find a co-conspirator who is willing to sue you.
3) Create some key piece of information which is relevant to the potential court case.
4) Choose an amount of money which is quite large, but is within the potential budget of the company. We’re going to get a court order which would force them to spend this much money, so it should be large enough that they’ll want to avoid spending that much, but no so large that they can argue that it’s impossible.
5) Do some calculations to figure out how many bits of encryption you would need to encrypt something with for it to cost the target amount of money to break the encryption via brute force. I was lazy and used a Google Doc’s spreadsheet someone else had created but they seem to have taken it down (although I’m not sure their numbers were correct because I’m not sure they account for the efficiency of doing this with GPUs instead of CPUs). Assuming their figures were correct, then 86 bits would be the correct answer for $10 million.
6) Choose an encryption function which uses more bits than that. So let’s go with 128-bit AES for this example.
7) Encrypt the key piece of information with it.
8) Make a second file which contains notes about what algorithm is used and contains all but your target number of bits of the key. So in this case, 128-86 yields 42, so we put the first 42 bits of the key in the file.
9) On the storage provided by your target company, store the encrypted data and the unencrypted second file.
10) Ensure that all other copies of the data and the key have been completely and utterly destroyed, but keep references to its existence.
11) Proceed with the lawsuit and have your co-conspirator find out about the file in discovery.
12) Have them obtain a court order requiring the target company render technical assistance. Now, to comply with the court order, they must spend approximately $10 million dollars to brute force the remaining bits of the key.
13) Offer to have talks about settling the lawsuit, but only if the company is also involved in those talks.
14) Hint that this could all go away for a much smaller amount, like only $100,000 especially if the target company were willing to pay.
15) Once they pay up, drop the lawsuit thus vacating the court order.

I.M. Spartacus April 15, 2016 4:54 PM

Infowars reports: Now out of committee and ready for a vote is the, “Compliance with Court Orders Act” which requires “the provision of data in an intelligible format to a government pursuant to a court order, and for other purposes.” The bill does not define “other purposes.”

Sponsored by Burr and Feinstein, Dem and Rep.

It shall too pass in the dark of night on a voice vote, without debate like all the rest.

No wonder Americans distrust “establishment” politicians. This law was written to appease the LEO and Defense lobby, not the majority of Americans.

Who? April 15, 2016 5:50 PM

Microsoft plays Apple’s game too. The sell their customers security and privacy to governments around the world for nothing while making their customers base believe their rights are safe:

Will Microsoft send an email to each customer whose privacy is being invaded by the Windows telemetry patches?

BlackBerry plays a similar game with governments around the world (being the Royal Canadian Mounted Police just an example), but they missed the key point that they must convince their customers both are on the same side:

A bit late now to convince customers they are playing on the same side.

An old history, at most confirming a few known details about how BBM security is broken.

Apple, BlackBerry and Microsoft sell security. OpenBSD does security. There is a big difference.

SoWhatDidYouExpect April 15, 2016 6:16 PM

From SlashDot:

US Anti-Encryption Law Is So ‘Braindead’ It Will Outlaw File Compression

From the posting:

Bruce Schneier, the writer of the books on modern cryptography, said the bill would make most of what the NSA does illegal, unless no such agency is willing to backdoor its own encrypted communications. “This is the most braindead piece of legislation I’ve ever seen,” Schneier told The Register.

Dan3264 April 15, 2016 7:13 PM

@Keith Irwin,
I would prefer to sue the NSA for collecting to much of my personal information. To check if that was the case, The court would have to order the NSA to deliver their entire database to me unobfuscated and unencrypted. Remember that “No person or entity is above the law” 🙂

sans-culottes April 15, 2016 7:31 PM

Braindead! Good to see our leading public intellectuals call a spade a spade. FBI spoonfeeds that senile crispie Feinstein with laws that start from total bullshit: No One Is Above the Law (except of course looting bankers, CIA torturers, JSOC war criminals, criminal aggressors and their lawyers, corrupt defence procurement officials, perjured prosecutors, FBI murderers, ecocidal BP oilmen, and insider-trading legislators, as long as they play ball.) This mafiya state is panicking, trying to clamp down with everything they’ve got before they lose the driblets of their legitimacy. When rigged party conventions discredit the last fairy tale of America’s fake democracy, the populace is going to put their heads on sticks. Dibs on Feinstein’s polished skull, which will make an elegant goblet for my ceremonial libations.

CarpetCat April 15, 2016 9:09 PM

Well after a post like that, I must say the rumours whisper that one should Avoid cleveland in the summertime…

Jonathan Wilson April 15, 2016 11:07 PM

Looks like the FBI may be in possession of an un-patches exploit in the popular Firefox web browser:

I personally think the FBI, NSA, CIA, DEA, ATF and all the other government agencies should NOT be allowed to obtain unpatched flaws in software products for the purpose of keeping them secret and unpatched just so its easier for said government agencies to catch “bad guys”…

Clive Robinson April 16, 2016 3:50 AM

The zombie that denies it’s name

Why neoliberalism never wastes a crisis to sink it’s vampire teeth into the body of society. Which in turn gives “The fool his forum” to be used as a puppet for the disenfranchised to become yet further disenfranchised by the “rent seeking” neoliberalists,

It makes an interesting if scary read, and should make people pause for thought.

Ralph April 16, 2016 4:41 AM

Can anyone recommend a good offshore web host? I have a small personal site where recently some important video content was removed due to a Hollywood DMCA takedown. I’ve never dealt with this type of thing before.

It was just some short video content I made in school that happened to contain copyrighted music. The visuals were all mine, but the audio was not. My bad, I know. The takedown removed a small portion of the total videos I’d uploaded to a video sharing site (like DailyMotion/Vimeo/YouTube), from which I was embedding them onto my own site.

To reduce the risk of further DMCA takedowns, I’d like to move everything to an offshore non-USA shared server. Note, however, that I don’t think I can publish any of this content anonymously. Can anyone recommend any good countries or hosts?

Also, I’d ideally like to re-publish the video content that was taken down, but am not sure how bad this idea would be. On one hand I don’t want to get sued, but on the other hand I doubt they’d ever notice. Hollywood has both humans and automated bots that crawl through popular video sites like DailyMotion/Vimeo/YouTube to file DMCA takedowns; but if I no longer host videos on those sites and instead use an offshore shared server, my guess is there would be less scrutiny. My site barely gets any traffic and I don’t promote it online. What do you think, should I re-publish or leave it down?

Finally, I’m sure there are other precautions I’ll need to take now that DMCA is part of my site’s threat model. Like renaming video filenames to sound innocuous, scrubbing the video metadata, and blocking search spiders from indexing. That’s all I can think of right now, am I missing anything?

Thanks in advance for any tips you can share.

Brammer April 16, 2016 6:35 AM

@ Clive Robinson

Thanks for the link – This is a brilliant, well-written piece.

“Perhaps the most dangerous impact of neoliberalism is not the economic crises it has caused, but the political crisis. As the domain of the state is reduced, our ability to change the course of our lives through voting also contracts. Instead, neoliberal theory asserts, people can exercise choice through spending. But some have more to spend than others: in the great consumer or shareholder democracy, votes are not equally distributed.”

Explains a lot.

ianf April 16, 2016 6:37 AM

@ Ralph, since your “site barely gets any traffic and you do not promote it online,” the multi-layer obstacles to content discovery that you envision seem both an overkill and probably ineffective anyway… as you can never assume that a DMCA-bounty-hunting robot will obey restrictions in robots.txt file.

Besides, you don’t want to mess with offshore/ outside legal reach of 5eyes judiciary/ web hosts, because they are either unreliable, or in suspect places; and/or hosting other offensive matter—thus probably already attracting attention from “non-Hohollywoodsy” branches of your govt. If the latter, any hosting charges payments from you may lead to you ending up on all sorts of watch lists, etc. I.e. the remedy is worse than the illness.

As for your videos with the copyrighted soundtrack (I assume integral to the movie rather than having been added afterwards), you can post them sans the sound, and then have an unadvertised/ never publicly linked to versions of them under slightly different names that you then tell whoever needs to be told about it (e.g. I use a convention of naming public files with a “.htm” suffix; private, yet still 644 ones ending up in “.HTML,” and any zuper-zecret variants branded “.HtmL” – which Apache & Unix will gladly distinguish between. Just make sure not to inadvertently overwrite one version with another ;-))

Thomas April 16, 2016 7:29 AM


What about respecting copyright laws instead?

I try, I just others would too.
Infinite terms, criminalising civil offences, prohibiting resale, denying ‘fair use’, replacing ownership with leasing, DRM, DCMA, … the list goes on.

de La Boetie April 16, 2016 7:55 AM

@Thomas – quite agree. The EFF site is quite strong on the many abuses of the DMCA and its asymmetric effects. What’s more, there have been court cases which verify that the content industry is over-reaching and abusing the situation, but I recall that fair-use case that took I think 9 years of fighting to get recognition (but not redress).

I’ve been on the end of automated music bots flagging (and temporarily taking down) a video with a music track that I had paid good money to be able to distribute royalty free. To this day, it’s blocked in Germany for no good reason.

The important thing is the lack of redress for this stuff, I get no compensation for the unilateral take-down of the material, nor the time I spend rectifying it. It’s inherently an unjust situation, like many of the big-corporate rent-seeking bent-legal system assaults.

Which leaves, as you indicate, attempting to find ways of obtaining justice for yourself, not to operate illegally.

Clive Robinson April 16, 2016 8:52 AM

@ Who?,

What about respecting copyright laws instead?

Have you ever sung, hummed or whistled “Happy Birthday”?

Have you evere filmed / videoed a place with pictures on the wall?

Or have you turned on a radio where more than one person can hear it?

All of these are regarded or where regarded as breaches of copyright, either by individual copyright holders or by organisations representing copyright holders.

It is virtually impossible to hold a social function or make any kind of recording in normal life without breaching somebodies copyright.

Which is why there is “fair use” stipulations in copyright law (or there used to be) however “rent seeking” individuals and worse organisations see no reason for any kind of fair use at any time for any reason. The organisations often submit “DMCA takedown notices” without actually having any rights, knowing full well that the likes of Alphabet will “remove first” and “hardly listen later”.

There are occurances where well known entertainment organisations have “licenced” another persons creative work, then issued a take down on the person they have licenced from…

I am personally aware of one rent seeking organisation, refusing to accept that a radio station had written and signed licences directly from artists, and started taking court action against the station. The licences allowed the radio station to play the artists work for what was the purpose of providing the artist with a platform to develop a market in another nation. The rent seeking organisation only stopped when one of the artists counter sued, because none of the artists had any contractual arangment with the organisation, thus had not received royalty payments from them… Thus when faced with an action for fraudulent misrepresentation the organisation backed off…

Copyright, like patent legislation is a high stakes poker game, it does not matter if you have a winning hand if the opposition can keep raising the stakes till you have no money to match so have to fold…

The Blue Light of Heartfelt Gratitude April 16, 2016 9:28 AM

It’s that time again in Boston! Be sure to give a cheery smile and wave to our heroic men in blue – especially those unsung heroes of the Massachusetts State Police who helped murder key Boston Marathon defense witness Ibragim Todashev.

Someday soon they will be justly famed.

Who? April 16, 2016 9:28 AM

@ Thomas, de La Boetie, Clive Robinson

Please, do not misunderstand me. Undoubtedly DMCA can be, and sometimes is, abused. I am not saying copyright laws and patent legislation cannot be misused by lawyers. We all know examples about people being sued because they made a backup copy of their legally adquired CDs, or patent legislation being misapplied by corporations like Apple that right now are able to own concepts like the “touch screen” (not a given touch screen technology, the “touch” concept itself) or the “rounded corners” on any device.

What I am saying is that on a personal work it is easier not using music or images coming from copyrighted works without authorization (except when they are a part of the original recording). There is no need to do it. There are sources where music available under more permissive terms can be downloaded and freely used in our own creations.

Who? April 16, 2016 9:36 AM

@ ?

There was a work in progress years ago:

However, who cares about the operating system that runs on a phone when the protocols, services and even SIMs themselves are so compromised?

Phones will never be a trusted platform. They are under the control of corporations and governments.

r April 16, 2016 9:36 AM


OpenBSD fone: NetBSD supports a dizzying array of chipsets, obsd was originally forked from them. If you’re from the united States they (obsd) will not allow you to submit things related to encryption but you could still work on the bootloader for any prospective arm/MIPS/Intel(in the case of the sexy Asus zenphone) platform. Have a look at notes on and please select your hardware carefully. Considering that droid 2s and 3s are now reasonably outdated and cyanogen compatible I have found myself very recently tempted to buy bulk and start supplanting their firmware for “micropc” reasons.

I hadn’t considered obsd, but considering replicant’s goal I can name 3 areas of work: boot loader, drivers… and wistfully a port of f2fs for longevity of any device.

albert April 16, 2016 10:23 AM

We have a -legal- system, not a -justice- system. The copyright system can function as a protection for the artist, but ‘legal’ = money. Technically (and legally), copyrighted music cannot be performed or reproduced from recordings in public without royalty payments. Royalty companies, like ASCAP, BMI, and SESAC, aggressively seek out bars, restaurants, and stores and demand payments, and have batteries of lawyers ready to sue. Movie companies are the most aggressive.

‘Fair use’ is something that content producers hate, and they are doing anything they can, including bogus lawsuits, to reduce it. But in many of the cases I read about, the defendants are guilty, because they don’t understand fair use. Examples of fair use: “…commentary, search engines, criticism, parody, news reporting, research, and scholarship….” (!wiki “fair use”) Many individuals don’t understand what ‘satire’ is, but content producing companies damned well do, and sue anyway. If only we had a way to screen out bogus lawsuits….

Posting online, without permission, any copyrighted material is illegal, unless it’s legitimate ‘fair use’.

If your video is so precious to you, I suggest finding someone to compose a sound track for it. Be sure to get a copyright agreement with your composer 🙂 Don’t forget the proper copyright notices. Who knows, perhaps someday, -you- will be sending out DMCA notices!

I know of an Irish folksinger and songwriter who performed his own songs and public domain songs in a bar. The bar was sued, and he won the case, but only after much grief. If we can’t shortstop bogus lawsuits, at least let’s make the plaintiff pay legal fees and court costs.

. .. . .. — ….

Ralph April 16, 2016 10:35 AM

@ianf, all

“the multi-layer obstacles to content discovery that you envision seem both an overkill and probably ineffective anyway… as you can never assume that a DMCA-bounty-hunting robot will obey restrictions in robots.txt file.”

Okay, but my main defenses would be 1. no longer hosting the content on popular DMCA “honeypot” media sites like DailyMotion/Vimeo/YouTube and 2. having the content on an offshore server where there are no DMCA laws. I think that’s a big reduction in the level of potential scrutiny compared to how I’ve been hosting things until now. Better than continuing to host on DailyMotion/Vimeo/YouTube and a US shared server, right?

“you don’t want to mess with offshore […] web hosts, because they are either unreliable, or in suspect places; and/or hosting other offensive matter—thus probably already attracting attention from “non-Hollywoodsy” branches of your govt. […] any hosting charges payments from you may lead to you ending up on all sorts of watch lists, etc.”

Are regular hosts in Switzerland/Sweden/Norway/Iceland/Eastern Europe actually “suspicious”? I’d be very surprised. Besides, my content isn’t political or controversial (other than the copyright issue) and the remaining videos that didn’t get taken down haven’t had any DMCA claims against them so far. I have no problem paying for hosting anonymously, but the content itself isn’t anonymous.

“As for your videos with the copyrighted soundtrack (I assume integral to the movie rather than having been added afterwards)”


“you can post them sans the sound, and then have an unadvertised/ never publicly linked to versions of them under slightly different names”

Yes, I can do this for the content that was taken down recently… but I wish I didn’t have to.

Thanks for the input.

Again, for others, my questions are:
– Can anyone recommend any good offshore countries or hosts?
– How bad is the idea of re-publishing the content that was taken down? Should I leave it down?

Facebook Creates World’s Largest SuperPAC April 16, 2016 1:09 PM

Mark politics drive the mass votes:
“I hear them calling for blocking FREE EXPRESSION, for slowing immigration, for reducing trade, and in some cases, even for CUTTING ACCESS TO THE INTERNET.”
For a developer’s conference, the comments were unprecedented—a signal that the 31-year-old billionaire is quite willing to publicly mix politics and business.

Mark’s latest shameless ironies are
1) He recently brown-nosed Top Red Chinese communist, authoritarian, repressive leaders who drastic restrict access to Internet and free speech. Many disappear or are put in jail. Facebook if allowed into China would be required to assist in gathering ‘crimes’ of FREE EXPRESSION.
2) Facebooks own Internet is highly restricted CUTTING ACCESS TO THE INTERNET.

Corporate Mass Surveillance Set To Bias Voters
Marks essentially told his employees to follow his talking points if they want their careers to advance.

CallMeLateForSupper April 16, 2016 2:19 PM

@Cive re: Neoliberism article in Guadrian

+1 (or 2 if both of my hands are allowed to vote)

I aborted writing a post about it here early this morning because linking the politics to security – this is Schneier On Security, after all – wound up requiring too many words. Glad you posted this heads-up for edification of @all,

CallMeLateForSupper April 16, 2016 2:45 PM

… and “Guadrian” should have been “The Guardian”.

not_a_spook April 16, 2016 2:54 PM

@Clive Robinson

I find your commentary to be informative and enlightening. Hence, I am grateful of the opportunity to broaden your perceptions of the article you posted earlier. One glaring flaw is that the author conflates the economic prescriptions of John Maynard Keynes with Ludwig von Mises and Frederich Hayek. Their economic theories are widely divergent and if they both qualify as “neoliberalism” then neoliberalism is so broad as to be virtually meaningless.

Bytopia April 16, 2016 3:23 PM

re: Facebook v. Trump
“Consensus politics”, that’s a nice name.

“Guadrian” will suffice too. Not “Gaurdian” but close, if you catch my drift. 🙂

Wael April 16, 2016 3:56 PM


this is Schneier On Security, after all

Pregnant hint received…

Re: (sigh):

And “Cive” should be “Clive”
And (dag-nabbit) should beeee … Oh, that’s deliberate 🙂

Daniel April 16, 2016 4:46 PM


Thanks for that link. I agree and disagree with it. I agree with him insofar that neoliberalism was a deliberate attempt to preshrank society and that to a large degree this reshaping has been implemented. I disagree with him that nothing has come to replace it. Something has come to replace and it has a name. But I am not going to say that name because I have been toying with writing a book about it….

ghost_of_upton_sinclair April 16, 2016 5:10 PM

Neoliberalism’s triumph also reflects the failure of the left. When laissez-faire economics led to catastrophe in 1929, Keynes devised a comprehensive economic theory to replace it. When Keynesian demand management hit the buffers in the 70s, there was an alternative ready. But when neoliberalism fell apart in 2008 there was … nothing. This is why the zombie walks.

Nick P April 16, 2016 5:14 PM

The murky history of moderation and how it’s shaping the future of free speech

I can’t recommend this article enough. Sent it to Bruce in email as he writes great essays on the intersection of tech, law, and societies’ cultures. His explorations into the topic, esp accountability or openness tradeoffs, might be pretty interesting. The article itself shows history, techniques, challenges, current status, and future directions of professional moderation. Great write-up with many perspectives and case studies.

Yall enjoy! 🙂

Clive Robinson April 16, 2016 6:06 PM

@ Albert,

You might find this of interest,

Basically the same lawyers who got “Happy Birthday” put in the public domain unencumbered by a “Rent Seeker” –except for one very specific arangment– are now going after a couple of other rent seekers who claim copyright on “we shall overcome” from the sixties despite abundant evidence it was in public usage significantly prior to WWI.

Anura April 16, 2016 6:16 PM

@Clive Robinson

The problem with neoliberalism is that it is based on one giant fallacy. That fallacy is that a free market ensures that everyone pays and is paid the correct value for goods, services, and labor. Basically, they learn Microeconomics 101, are shown the graph for supply and demand, and they say “Look, without government interference, the prices will be correct! And it applies to wages, too! Oh, and if you force this price then look! Unemployment!” It is likely that they are confusing market value with intrinsic value, which are very different concepts.

The Price of Goods and Services

The problem with basing your concepts off of supply and demand is that supply and demand simply tells you what the a given product will cost in the current market. The market is not static; if other prices change, then the supply and demand curves for your product changes as well. The same is true if wages change, competitors change, and so on and so forth. In order to understand where those prices come from, in order to understand what the meaning of value is, you have to look beyond that.

Now, in a highly competitive market, profit tends toward zero. This doesn’t mean that they will reach zero, just that they will head in that direction. This is visible today; most types of businesses have profit margins of a few percent. Some go as high as 20%, maybe 50%, maybe 100%. It all depends on competition. So if we assume competitive markets, which most would agree is ideal, then the prices of goods and services are primarily determined by the cost of production. So while a business does look at supply and demand to determine how to price their product, in a competitive market the competition will lower prices to capture more market share as long as they are still making reasonable profits, and they can’t price below cost.

So what is the cost of a production? The cost of production is the sum of the cost of labor and rent going all the way down the supply chain. The cost of labor is the compensation for the employees, and the rent is the money paid to the owners of capital that exceed the costs of maintaining that capital, whether as profits for business owners, payments for the use of land, interest on loans, etc. The other question is, well, what determines these prices? For the current market, supply and demand. But what determines supply and demand? The bargaining power of the actors involved.

The Cost of Labor

When an individual job seeker looks for a job, their pay will be determined by supply and demand. The alternatives that a job seeker has determines how much they can get paid. So the bargaining power of a worker is determined by their skills and their alternatives. Now, this isn’t to say that as long as everyone is skilled, everyone will have high paying jobs because they will have a lot of alternatives. This is because of the other side: the more candidates an employer has to choose from, the more wages get pushed down.

There are certain jobs that have to be filled. There needs to be someone stocking shelves, there needs to be people manning cash registers. No matter how skilled your workforce is, some of those people will have to work those jobs. A problem then gets introduced. Instead of an individual choosing between a low paying job and a high paying job, often they will find their choice between only several different low paying jobs. They can’t choose not to work, because they won’t be able to meet their necessities. They are then trapped into taking a job that can barely fulfill their needs.

On top of that, there are systematic ways that wages can be pushed down. By outsourcing and improving technology, businesses can reduce labor costs and employment, increasing profits. Ideally, this would lead to higher domestic wages, so more people can consume more or work fewer hours, but because of supply and demand it tends to actually push wages down and rent on capital up, unless another force works to push wages up. This can even cause a feedback loop, where wages are pushed down, lowering demand for goods and services, lowering demand for labor, further pushing down wages. If a group of actors gets particularly powerful, they can conspire to crash the economy, pushing wages down over the entire economy for the sake of higher profits.

When an individual is forced to accept a job for less than it is worth to them, simply because they won’t be able to meet their necessities, so that others can benefit financially from their labor (either through profits or lower prices for goods and services, or a combination thereof), then they are what are known as a wage slave.

The cost of Capital

The bargaining power of those that hold capital is also determined by supply and demand, which is also determined by alternatives. Take the owner of an iron ore mine. What he can charge is dependent on the cost of labor, refinement, and the alternatives. How much are others charging for mining their ore? What is the cost of recycled iron? Are there other materials a manufacturer can use instead of iron?

In some cases, there are no real alternative products, such as with petroleum. While there are alternatives to fossil fuels for producing gasoline, it just cannot scale to the same levels as petroleum. In this case, we see other problems introduced, such as price fixing, cartels, and oligopolies that result in lower competition and higher profit margins.

So what does it all mean?

If you are saying prices are ideal, you are basically saying that the distribution of bargaining power across all actors in the economy is ideal. Neoliberals have clung so strongly to individualism, that they have seemingly decided that the distribution of bargaining power doesn’t matter. Collectivists, on the other hand, should see that outcomes for all of society are ideal when bargaining power is as even as possible.

Consumers have more bargaining power when they have more competition, and when they exercise democratic control over the economy, as they do when they pass product safety regulations or anti-trust laws, or (on a smaller scale) when they run consumer cooperatives. Consumer cooperatives are ideal for industries where there isn’t a lot of competition, such as utilities. On top of all of that, instead of relying on the private sector, consumers can turn to the public sector to provide services when it will provide better outcomes.

Workers have more bargaining power when they have more alternatives, form unions, or exercise democratic controls themselves as they do with minimum wage laws, or (on a smaller scale) when they run workers cooperatives. Alternatively (or in addition to), a basic income can be implemented that ensures that not working is a viable alternative. This prevents the conditions for my definition of wage slavery to be satisfied in the first place.

Mike Barno April 16, 2016 7:04 PM

@Nick P,

That Verge article on moderation is very long, and doesn’t provide quick simple answers, but it gives a thorough review of decades of approaches ranging from unmoderated freedom through ad-hoc manual efforts to systematic attempts to automate identification of troublesome content. Discussion of differing cultural contexts shows why knee-jerk simple solutions may not be appropriate. I too would be interested in Bruce’s commentary.

USA Data-Mining Warrants Force Silence April 16, 2016 8:18 PM

“Microsoft alleged in a lawsuit against the U.S. government that the Department Of Justice is routinely issuing warrants for users’ data, which are followed by an eternal gag order that prevents the company from reporting the “breech” to its customers, forever. Microsoft noted that this is happening with more frequency. Perhaps what is the most disconcerting is what is not happening.
The government is certainly not limiting its warrant/gag order combination to Microsoft users alone; AWS, IBM, Google, Dropbox, Facebook, Box, et al…where are your protestations? It seems odd that only Microsoft is complaining about this obvious abuse of power when there is little doubt it is occurring elsewhere. This leads one to wonder just how often it’s happening, and what else is happening that we are not aware of yet.”

Looks like the new EU data protection laws are worthless.,1-3243.html

tyr April 16, 2016 8:22 PM


Major economic theories were invented to make
tabloid astrology seem creditable by comparison.

Their worst problem is they all are based on a
world of scarcity that disappeared with the age
of machines and technology. When you hear the
same theories that haven’t changed in 300 years
used to describe “the economy” you know something
is quite nastily askew in the overall system.

Ralph April 16, 2016 8:37 PM

@albert: “I suggest finding someone to compose a sound track for it.”

As a student, I didn’t have money or time for that when I made the video content. It’s a good idea but too late now… even with a composer the lyrics would still be copyrighted. But thanks for your suggestion.

Dan3264 April 16, 2016 9:36 PM

I am not sure, but I think the proposed law also outlaws any non-reversible computation. By definition, such computation loses information. The consequences are clearly ridiculous. “From now on, You are not allowed to use logic gates such as: AND, OR, IMPLIES, NAND, XOR, XNOR, NOR, NONIMPLIES, CONVERSE IMPLIES, and CONVERSE NON-IMPLICATION in your circuits. You should move to NOT, CNOT, CCNOT(Toffoli gate), CSWAP(Fredkin gate) and other reversible gates. Remember that you can be prosecuted for removing a single bit of entropy from the input to your circuit.”

Nick P April 16, 2016 9:38 PM

@ Mike Barno

“That Verge article on moderation is very long, and doesn’t provide quick simple answers, but it gives a thorough review of decades of approaches ranging from unmoderated freedom through ad-hoc manual efforts to systematic attempts to automate identification of troublesome content. Discussion of differing cultural contexts shows why knee-jerk simple solutions may not be appropriate.”

That’s exactly what I liked about it. Very worth the time it took to read it.

Dan3264 April 16, 2016 9:47 PM

@Clive Robinson,

Copyright, like patent legislation is a high stakes poker game, it does not matter if you have a winning hand if the opposition can keep raising the stakes till you have no money to match so have to fold…

It does not matter if the opposition has a valid hand. As long as the objects in their hand vaguely resemble cards(Sticking with poker metaphors), they are fine 🙁
(or “:)”, depending on your point of view)

Come and get it while it's hot! April 16, 2016 10:27 PM

… and “Guadrian” should have been “The Guardian”.

Nope, you should know it’s the Grauniad.

Daniel April 16, 2016 10:46 PM

@Nick P

That article you posted regarding moderation once again convinces me that Facebook and Google are intrinsically antidemocratic. The fundamental problem with the internet today as a medium is that there is no “public square”. Any democratic action is dependent upon the goodwill of the corporations on whose website one posts.

If I want I can go down to my local public park and stand with a sign that says “legalize pedophilia” and although certain to get me hassled there is no legal way to stop me. But these days no one hangs out in the park because there is no wifi there and so there is no one to see my hypothetical sign. Instead, everyone is on the internet and if I were to take my sign there…well, good luck finding a place that would host it.

Why is this important? Because democracies can only operate when there is a feedback loop between citizens and their representatives. If something can’t be said, it can’t be heard; and if it can’t be heard it can’t be acted upon. So if the corporations control the medium they control the message and the message will be tailored to their needs, and not the needs of democracy.

Hamid April 17, 2016 4:40 AM

Can we have limits on the length as well as number of posts per one Squid please Bruce

Clive Robinson April 17, 2016 6:03 AM

@ Dan3264,

It does not matter if the opposition has a valid hand

Or for that matter where they get them from…

It comes back to the old “might is right” argument…

It is sometimes of interest to consider some of the difference between the US legal system and the UK legal system from which it supposedly gets it’s legitimacy…

For instance,

US – Each party bears their own costs.
UK – Losing party pays winners costs.

US – Alows punitive damages.
UK – Alows only demonstrable damages.

Each of these differences are supposedly there to “serve justice” and level the playing field and redress the “equity of arms” issue.

In practice they do the opposite, allowing the system to be gamed one way or another. Thus a little thought shows that the whole process of justice is flawed. Further there is no way to stop it being gamed, a flaw that is both known to and,close to the hearts of both politicians and lawyers on the make. The question then arises as to the difference between “justice being ‘seen’ to be done” and “show trials”.

Unfortunatly as people in the US are starting to wake up to, the flaws in the justice system, go beyond just rightfull or wrongfull conviction. Due to corporate jails, sentencing is also being gamed, via kickbacks punative jail sentances are increasing, but the most important component, the rehabilitation process is being eliminated. Which whilst vastly increasing profits for the corporations actually harms society far worse.

One aspect of this that is comming through is that the US is now developing a much stronger cast/class system than the majority of nations that do acknowledge they have a problem cast/class system.

One aspect of this is the increase in “Guard Labour” class who’s main reason for existence appears to be the enforce the “rent seeking” economic model. When you look at the level of increasing resources devoted to this class and those who profit off of it, and what they will do to increase that profit in any way they can, it’s unsuprising that the justice system remains broken and gameable.

Clive Robinson April 17, 2016 6:46 AM

@ Hamid,

Can we have limits on the length as well as number of posts per one Squid please Bruce.

Both suggestions are problematic.

Limiting the number of posts, puts limits on the number of new topics that can be brought forth in a timely fashion. Thus important breaking security news would get blocked. It would also take this blog back to past times when other threads would get de-railed by Off Topic comments. So the problems you perceive on the squid page would only come up on all the other threads potentialy to their detriment.

Now I can not speak for others, but I would prefere to have the other threads free from chaotic, free for all, off topic commenting and have it all in one place on the squid page, I feel it encorages a more harmonious community. Look at it as being like a crypto or other conference where you have specific discussions and rump sessions, where the squid page is in effect a rump session of adhoc presentations and discussions.

That is those who want just the normal single topic threads get those in a nice civil way, and know and can thus avoid the more unstructured squid rump threads. Likewise those who like the unstructured squid rump threads, have a place to be unstructured, and thus are less tempted to bring chaotic behaviour to the normal single topic threads and thus they remain more structured.

There is also the question of the length of threads, keeping them short will make it impossible to discuss topics in depth with reasoned argument, thus you will end up with the shallowness of “sound bites” and glib whitisisms.

Whilst I can apreciate a long comment that an individual does not find relevant or already knows can be distracting, this blog attracts a lot of very diverse readers at all levels thus the longer posts are atractive to some.

You can see this in the fact that the shorter comments rarely get mentioned in future times, where as the more indepth longer technical comments get brought up again as people think about them days, weeks and even years later. This is often because the longer posts were well ahead of their time, and events have started to catch up with them thus providing the test results by which they are verified, refined, modified and their aplicability, associativity and scope judged.

Dan3264 April 17, 2016 7:21 AM

@Clive Robinson,
Based on what you said about the differences between the US and UK systems(I don’t really know UK law), I think the methods the UK is using are clearly a better choice. I like the “Give patent trolls a risk of losing money” way of thinking. The book “Free Culture” by Lawrence Lessig was very informative. It does not cover some of the legal issues described on this thread, but it is very relevant to copyright law.

CIA something SAY something April 17, 2016 9:22 AM

CIA go data crazy and have got the fever bad (big swinging dicks competition with the NSA?):

SOFT ROBOTS THAT can grasp delicate objects, computer algorithms designed to spot an “insider threat,” and artificial intelligence that will sift through large data sets — these are just a few of the technologies being pursued by companies with investment from In-Q-Tel, the CIA’s venture capital firm, according to a document obtained by The Intercept.

Yet among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant.

Those four firms, which provide unique tools to mine data from platforms such as Twitter, presented at a February “CEO Summit” in San Jose sponsored by the fund, along with other In-Q-Tel portfolio companies.

The investments appear to reflect the CIA’s increasing focus on monitoring social media. Last September, David Cohen, the CIA’s second-highest ranking official, spoke at length at Cornell University about a litany of challenges stemming from the new media landscape. The Islamic State’s “sophisticated use of Twitter and other social media platforms is a perfect example of the malign use of these technologies,” he said.

& your bus audio belongs to US:

When you ride on buses or trains in many parts of the United States, what you say could be recorded. Get on a New Jersey Transit light rail train in Hoboken or Jersey City, for example, and you might notice an inconspicuous sign that says “video and audio systems in use.”

A lot of riders are not happy about it.

“Yeah I don’t like that,” says Michael Dolan of Bayonne, N.J. “I don’t want conversations being picked up because it’s too Orwellian for me. It reeks of Big Brother.”

New Jersey’s public transit system is just the latest to add audio and video surveillance on some of its trains. Other agencies have been quietly recording their passengers for years, but critics say that’s an invasion of privacy.

America, take back your country already. It’s been overrun. Understand the game in play is everybody, everything profiled/recorded/categorized.

Wael April 17, 2016 9:42 AM

@Clive Robinson,

but the most important component, the rehabilitation process is being eliminated. Which whilst vastly increasing profits for the corporations actually harms society far worse.

Rehabilitated? It’s just a made up word

Surveillance State April 17, 2016 10:26 AM

If we take the summary of NSA capabilities from

The NSA can access personal email, chat, and web browsing history.

The NSA tracks the numbers of both parties on phone calls, their locations, as well as time and duration of the call.

The NSA can monitor text messages.

The NSA can monitor the data in smartphone applications.

The NSA can crack cellphone encryption codes.

The NSA can identify individuals’ friends, companions, and social networks.

The NSA monitors financial transactions.

The NSA monitors credit card purchases.

The NSA intercepts troves of personal webcam video from innocent people.

The NSA is working to crack all types of sophisticated computer encryption.

The NSA monitors communications between online gamers.

The NSA can set up fake Internet cafes to spy on unsuspecting users.

The NSA can remotely access computers by setting up a fake wireless connection.

The NSA can use radio waves to hack computers that aren’t connected to the internet.

The NSA can set up fake social networking profiles on LinkedIn for spying purposes.

The NSA undermines secure networks [Tor] by diverting users to non-secure channels.

The NSA can intercept phone calls by setting up fake mobile telephony base stations.

The NSA can install a fake SIM card in a cell phone to secretly control it.

The NSA can physically intercept packages, open them, and alter electronic devices.

The NSA makes a USB thumb drive that provides a wireless backdoor into the host computer.

The NSA can set up stations on rooftops to monitor local cell phone communications.

The NSA spies on text messages in China and can hack Chinese cell phones.

The NSA spies on foreign leaders’ cell phones.

The NSA intercepts meeting notes from foreign dignitaries.

The NSA has hacked into the United Nations’ video conferencing system.

The NSA can spy on ambassadors within embassies.

The NSA can track hotel reservations to monitor lodging arrangements.

The NSA can track communications within media organizations.

The NSA can tap transoceanic fiber-optic cables.

The NSA can intercept communications between aircraft and airports.

We can surmise that pretty well everything is broken that requires the Internet, electronic devices and communication of any kind, credit cards, financial transactions, public places where there are cameras including buses and trains. Plus, every other freak agency is attempting to do the same or worse.

What’s a civil libertarian to do who has lost their f**king patience? After all, clearly these systems will be in place for decades or potentially never dismantled:

  1. Use cash for everything.
  2. Abandon cellphones completely or only them used for totally innocuous purposes. Should be turned off in sitting in a Faraday cage (tinfoil will do) when not in use – never carried as the virtual trackers/recorders they are.
  3. Never use the internet for anything other than anonymous browsing – preferably with open-source software, virtualized environments and multiple layers of encryption e.g. VPNs, Tor etc. TAILS would be best when possible from random computers.
  4. No real name policy for anything in any virtual places.
  5. No discussion of anything personal or nefarious over networks, ever.
  6. Destroy anything with IoT capability in the home and refuse to partake in the madness.
  7. Never attach webcams to computers. Cover over inbuilt cameras and physically disconnect mics where possible. Have computers completely shut down when not in use.
  8. Abandon email, messaging platforms etc completely. Learn to talk to people again in person, without electronic gadgets of any kind in play. For those distant, briefly use comm tools to set up a rendezvous in person.
  9. Be aware of likelihood of future biometric databases (like the illegal FBI one being put together) being used to track your ass everywhere there is cameras and tools carrying latest tech gadgets (the 99%).
  10. Avoid highly populated areas if you care about point 9.
  11. Avoid use of GPS in vehicles or GPS tracking systems with newer models. Be aware of license-plate scanning that is happening everywhere with mobile and fixed units.
  12. Avoid talking about anything personal/nefarious on public transportation.
  13. Assume anything the Orwellian freaks don’t already have e.g. fingerprints, DNA and other things will be forced from the general populace over time with flimsier and flimsier pretexts. Resist all efforts to have your shit harvested.
  14. Don’t use libraries – buy books you are interested in with cash from second hand bookstores.
  15. Don’t be a chump. Don’t ever trust a 3rd party with any of your data where possible – particularly co-conspirators like Facebook, Micro$shaft, Apple, Google, Twitter, Linked-In and the rest. They are surveillance capitalists and their basic business model is owning your personal data and selling it.
  16. Understand that all physical letters are scanned for sender/receiver. Avoid where possible.
  17. Don’t store anything personal on home computers attached to hostile networks & encrypt everything of value on detached media with block level encryption.
  18. Most importantly, stop trusting the government or their agencies or representatives in any shape or form. The financial and political systems are completely broken and corrupted. Don’t support it in any fashion and learn to vote independent or for those truly progressive representatives e.g. social democrats. Smash the plutocracy.
  19. Make your digital footprint as small as possible and keep the freaks in dark wherever possible. They want to own you and have power over you, so do something about it; or willingly be a bitch who lives under their thumb. Your choice.
  20. Read widely – particularly censored materials – and understand a totalitarian police state is completely incompatible with the “life, liberty and pursuit of justice” propaganda fairytale you are told every day of your lives. Influence your circle of friends and family with unapproved messages since only when they wake up en masse can the fascist yoke be thrown off.

As Senator Church feared in ’75, the tyranny has already arrived:

“If a dictator ever took over, the NSA could enable it to impose a total tyranny, and there would be no way to fight back.”

“That capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.”

“I don’t want to see this country ever go across the bridge,” Senator Church said. “I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return.”

Dennis Cous April 17, 2016 10:52 AM

@ Anura,

“Workers have more bargaining power when they have more alternatives, form unions, or exercise democratic controls themselves as they do with minimum wage laws, or (on a smaller scale) when they run workers cooperatives.”

In Greece, the Goverment itself is a well-run workers cooperative, which as we all know is not working out very well for its investors, and as a result arguably not working well for its participants. Getting everyone a “fair share” of the pie can sometimes get out of hand, against which I don’t protest, but democracy is in essence mob-run, which as some may call “family.” In any type of society with mob-like behaviors, “bargaining” power can be quite unorthodox which leads to instability, which the ruling class loathe. Thus, it is impossible to maintain a geniunely benevolent “unionized” cooperative because it can and will be infiltrated by those with non-benevolent intents.

Dennis Cous April 17, 2016 11:31 AM

@ Clive Robinson

“The invisible doctrine of the invisible hand is promoted by invisible backers.”-linked article

Interesting quote, I half-read the article, as I too fell for the clickbait, among others. The invibisiblity of the hand is conspicuous to not only the author but also several random people on the internet, as the consensus is indeed it’s invisible. Thus, it can only be studied thru observations, of its effects. It was said that it is preferable to own nothing and control everything, as rent-seekers are bound by the laws of common ground. So, we’ve only read half the story.

Clive Robinson April 17, 2016 12:43 PM

@ Dan3264,

By definition, such computation loses information. The consequences are clearly ridiculous.

They are, but they are also worse than you indicate with reversible logic… There are obviously psychopathic legislators who belive quite mistakenly that man can legislate against the laws of nature as we currently understand them.

Thus it takes us back to the notion that you can legislate Pi to be three or a King can command the tide to stop coming in…

In this case they are trying to legislate against the laws of thermodynamics, that require the universe and all that’s in it to go from a higher ordered temprature/energy to a lower disordered temprature/energy untill equilibrium is reached.

Therefor no device no mater how good can be 100% efficient. The loss of energy is also a loss of information as,it moves from “ordered” to “disordered” (coherent to incoherent…

Thus the people who drafted this nonsense are demanding by writ of man every machine be one of “perpetual motion”, which most –but not all– of us learn at school somewhere between the ages of 7 and 11 is impossible.

The obvious “polite” realisations are, that either Fraudstein has not the reasoning ability of a child, or she has through dementia regressed back to a point in early childhood…

As for the “impolite” realisations, you would have to ask “If not the polite realisations, then what price does it take for Fraudstein to debase herself that much?”…

As others have asked “What have the ‘Hoover Boys’ got on her or her family?”

Figureitout April 17, 2016 1:33 PM

Surveillance State RE: what you wanna do (opsec essentially)
–Well first off, it’s not just NSA, it’s quite a lot of private individuals as well. Attacks could be coming from all angles all the time and get misattributed.

1) Yes do it, not possible always though. When you take a girl out to a nice dinner and pay cash, you look like mafia/sketchy a bit, just do…Also risk of physical robbery, so carry only what you need.
2) You can do something like just leave it outside your shielded personal office, based off a recent project I’m doing (visualizing audio, other stuff too like modifying your voice (voice changers, pretty cool stuff) and generating square/saw/sine waves from 0 -~21000 Hz), something like an apple computer can pick up quite a bit of audio in a say, 30ft radius, and do further signal processing/filtering on it. Apple computers I haven’t done (don’t own one), but snipping the mic and speakers is straight forward if this is a concern (any PC’s in your secure office need those snipped unless your livelihood depends on it).
3) Not possible anymore, you put yourself at a great disadvantage financially ignoring the internet. Have separate identities you use, for whatever freaky stuff you’re into, and your professional image.
4) For professional image, you need to use your real name. Also is good practice to see how well you can authenticate yourself online.
5) Yeah, but people gonna people eh? Secrets leak out everywhere, people gotta tell someone…
6) You could have completely separate connections if you have the money (maybe 3-4 completely separate lines w/ all different providers (which are probably owned by what will eventually be 1 providers…))
7) Good OPSEC practices, also uses less power, so good for environment.
8) Lol, do you work at all? That’s impossible. Email is pretty reliable if you look into it (protocols are disgusting, but somehow they work).
9) I wouldn’t worry about biometrics, we’re all screwed here. We leak bio evidence everywhere (do you wipe your fingerprints and pick up your hairs everywhere you go? You can’t live like that.). They’ll be in databases too, it’s a 2-way street.
10) However it’s good to blend in the noise on occasion too.
11) Yeah this is a trouble spot, as older cars free of all the surveillance and security breaking features (I discovered you could hold down the unlock button on a wireless key on quite a few makes/models and it rolls your windows down of a turned off car, some when you hold lock button it rolls them back up, sets up perfect crime for stealing w/o smashing windows or shimming the locks) continue to decay and break down. You can still ride a GPS-free bike pretty far, and much harder to spot via satellite.
13) These systems will all fail and be useless over time, just watch lol. I suppose maybe some useful medical research could be done but if databases get compromised and evidence swapped in and out, can no longer trust the data.
14) That’s really sad, I suppose you could sign up for library card w/ fake ID or swap ID’s w/ someone, just creepy library records are collected now, and surprised libraries don’t resist it (or lose the records, “whoopsie”).
15) Deleted my facebook (lost contact w/ a lot of my friends, forever…people should consider that). Only have linkedin for employment purposes, I get emails from real recruiters for jobs and I like that. All the info on my resume is in a million other places, so my residence, phone number, email address, etc.
16) People send drugs in the mail and get away w/ it all the time lol. They can’t open/scan everything, or at least cover the letter w/ scribbles. It’s another useful comms/authentication path.
17) Sounds nice in theory, lots of work is going to be unencrypted until you’re done w/ it. Sometimes I do unplug ethernet on my university computers though when I’m working on school project. On some of them, they do VMware sessions so everyday it gets restored to a default image.
18) Everyone is self-interested, so of course it’s bs when they talk about being a “public servant” lol, they just working for themselves on the public dime.
19) Yeah, some of them have severe mental issues/delusions of grandeur. Turns out a lot of these people are real cowards in real life though, so confront them in real life and they’ll get knocked down a notch or 2. And thanks to so many attack tools able to blast thru defenses, they’re vulnerable to the same thing (OPM incident being the big LOL, it is kinda embarrassing when your country gets owned like that though).

I’d say doing a lot of these things is a big OPSEC step forward, but OPSEC is in itself a major time-suck, you can get in situation where you’re protecting nothing of value, instead of creating value (which can be stolen), choice is yours.

I’m on the next step (well, digital security, which is more fun I guess than OTP’s on burnable paper) which is looking into customized embedded solutions and isolated systems. Flashing custom bootloaders via high voltage methods that only get overwritten w/ the key. Or not having a bootloader and writing to first spot of memory, either way you want to control the first code or nearly the first code that loads up on startup. These are still very usable and a pretty good step to securing things. You could basically build something like a small device w/ good amounts of ram/rom, a hex keypad and LCD screen (to prevent a lot of keylogging and screen capture); very unlikely it’ll get hacked. Or it’d be way more effort than it’s worth, which is a win.

Next step is getting deeper into electrical/computer design, like your own CPU’s, protocols, etc. It gets rough real quick though, and what do you do if nasty hacks work but screw up your design?

Nick P April 17, 2016 1:38 PM

@ All

Spontanous formation of wires from carbon nanotubes via Tesla Coils (Video)

Cool stuff with potential applications in future. Lot more details to work out before they get there.

@ Clive

Thought you might enjoy something different in CPU design. I stumbled onto this Prolog CPU today. It’s an interesting design that tries to be more like a normal CPU doing stuff in software with key modification to improve Prolog performance. I haven’t seen logic programming hardware since the Japs failed to deliver it in Fifth Generation project and the Americans’ careers mostly ended too. Haha.

I stash it away in case it has some useful nuggets of information. Area of application being the re-emergence of logic languages for data-mining we see in modern IT along with FPGA-accelerated, Big Data. Minimal modifications to an ultra-fast CPU like OpenPOWER might help in such work or OLAP processing at least. Of them, Datomic is the most interesting in terms of what people are actually getting done and how.

Justin April 17, 2016 1:49 PM

Haven’t posted lately, but some bad news.

Apparently, McCormick & Company‘s spice mill (10901 Gilroy Rd, Hunt Valley, MD 21031) is under fumigation by the Baltimore County Fire Department. The fumes are incredibly noxious, and I am sick to my stomach and have a nasty headache the next day after walking up to the front door and noticing the sign warning of the fumigation.

As usual, the local fireboys couldn’t find girlfriends, so they became lgbt and developed an irrational hatred for sugar and spice and all things nice. I’m thinking the whole building needs to be demolished and rebuilt up to modern code, but someone has to PAY for it, of couse. Mucho dinero.

I don’t want the smell or taste of that stuff in my food, not to mention it’s no doubt a known carcinogen.

Exactly what kind of pests are we importing into our country in our spices, anyway? And isn’t there a less noxious fumigant, like, say, phosgene or something like that?

Edward "Brill" Lyle April 17, 2016 2:38 PM

Some life security tips.

Milk, not meat.

1) First, what is your objective? If you wish to be an invisible nobody, and you are not really a nobody, then whom should you learn from? What will this make you? Start from the roots, and carefully consider what seeds you are planting, because you will get what you plant.

2) There are quite a number of types of people who do or who have lived their lives in disguise. Who are they? Well, you are talking about: “like a spy”, especially the deep cover variety who lives in a foreign land; “like an deep cover undercover agent”; “like someone in the witness protection program”; “like someone who lives in a criminal conspiracy”, ala, mafia, and so on; “like a superhero with an alternate identity”; “like an underground resistance leader”; “like a grifter, an confidence artist”; like a Pretender. Like someone who can be and is many people, but is really none of them.

3) Your worst enemy is your own self. Living in such a manner most surely is not easy, not whatsoever. You first must learn “how to learn”. You must learn deep psychology which works, because you will be using psychology on your own self to master your own self. If you do not master your own self, you will fail. Human beings are always indirect, both in their external communications — and worse, in their internal communications. Effectively, you certainly can say this does mean everything you think is true, is a lie.

4) Consider your predicament this way: if you need some serious internal surgery performed, who do you go to? Who would you trust to cut you open and, say, remove your bloated appendix wracking you with pain? Would you do this your own self without even so much as bothering to find well qualified books on the matter? Or, for that matter, finding as much video of such things as you could?

Would you just go in there, having read some crap on the internet with as much plausible sourcing as what you could get on ufo sites? Or would you be sincere and honest about your rigorous standards?

And if you were wise, would you choose someone in their first year of medical school to do this? Would you cross the border to save some bucks, and get this done? Or would you seek out someone with seasoned credentials of actually having done this? Time and time again. Without failure?

So, why do people attempt extremely sophisticated security goals with the worst of standards for their own selves?

Having zero practical experience, they read some badly sourced material from other dreamers who have zero real world experience, and poof! They consider themselves seasoned veterans with decades of extremely compressed training and experience.

Do not be that person.

Don’t play out the hero in “Brazil”, who ends up at the end on the torturing table. Have higher real world ambitions for your self, then taking a path sure to lead you to a truly dreadful end game.

JohnT April 17, 2016 3:58 PM

@Clive Robinson

mentioned Happy Birthday being copyrighted.

Another amazing copyright claim is to “We shall overcome.” There is a current lawsuit on it. See post by David Post on the Volokh Conspiracy.

Edward "Brill" Lyle April 17, 2016 4:24 PM

So, the best way to explain the dual, daunting problem of the conspiracy survivalist [spies, undercover agents, amateur individualists concerned for their security], or the anti-conspiracy analyst [counter-terrorism or counter-intelligence] is indirectly.

Where the foremost rule is you are a very related species. And unless you are the head or near the head, you either are looking for a conspiracy to protect you, already belong to one, want to start one… and are concerned about preventing control from them.

So, conspiracies, like with the world of microbes, especially a very certain type… are groupings. They are invisible. They are not well understood.

There are many things in the world which we are just beginning to understand. One category of these types are of the microbe variety who operate invisibly, collectively, and with incredible control of the vast hosts they inhabit.

Some good reminders, or new information:

But, you may read such things and be deceived, that “this is all well known”, and “Science [with a capital “S”], is all up and ahead of the curve”. That there are no such microbes which do the same to actual human beings. Even though, we already have plenty of evidence that certainly is not true.

Think of it this way. What will the understanding be five hundred years from now, of what we know now? A thousand? Ten thousand?

Look back, and compare. What was human understanding five hundred years ago? A thousand? Ten thousand?

Or, consider it this way: there very well could be thousands of types of ‘as yet not understood microbes’ who control human beings in ways we have observed they may control insects and smaller animals, as noted on those lists.

Now, consider, individually, a person is one very easy to see giant, in comparison, with enormous consciousness. And our life, in comparison, to the life of a microbe, is incomparable, in terms of length.

However, we, while having a very easy to see form, are also effectively made up, ultimately of enormous numbers of smaller components. And, those smaller components, have smaller lifespans. We are not a blood cell, nor a brain cell. We are a vast conglomeration of countless forms of cells all working together, and likewise, our lifespan and consciousness vastly exceeds that of the very, very tiny “sum of our parts”.

Summa? One must put together ingredients to bake a cake. It takes time and thought to work out clues. And not all “have wisdom”. 😉

Larry April 17, 2016 7:40 PM

@Hamid, @Clive, @Bruce

Adding a sequential number to each post’ heading would make easier finding one’s place, say, after reading all posts on Saturday morning and returning later, Sunday evening, to read the later posts.

Clive Robinson April 17, 2016 9:04 PM

@ Larry,

Adding a sequential number to each post’ heading would make easier finding one’s place,

As far as I can tell all posts do have a unique number appended in their “title” URL [1] (the one for your post being #c6721954 ). But it would perhaps be simpler to remember the time/date as a place holder the “title” URL is displayed as on the topic/subject thread page.

I like some other readers usually read the newcomments.html page, where all the posts get displayed in the order they were submitted. Which means I only need to remember the time or posters handle to quickly ‘find’ my way down to where I last finished reading.

[1] The post “title” URL gets displayed as the date in the topic/subject thread page, but as the topic page name in the newcomments.html page, but is actually the same URL with the same unique post number.

Edward "Brill" Lyle April 17, 2016 9:08 PM

This is an interesting story.

This guy cons a lot of people in the US Government, and appears as “ex-CIA” as an intelligence expert on Fox News over a hundred times through the years.

Kind of reminds me of this case, last year.


I checked out those sites. That is crazy stuff. Invasive species remains a major problem, even today. More global commerce, more chances foreign species find themselves in environments where they do not find the same checks and balances they had before. So, they over run the new environment.

@Surveillance State, @other folks concerned about security in a totalitarian state

There is no anonymity. If you are a dissident in a totalitarian nation, they will spend unimaginable resources to catch you. This is because you are the worst threat of all. You are the enemy of the state.

If you have zero dissident footprint, keep it that way. Work to change things from the inside.

If you have dissident footprint? Well, the deeper that is, the higher the chances are you are already caught. And just not brought in yet.

The major problem with dissidents in totalitarian nations is their very dissidence requires them to spread it as wide and far as they can, and to deepen it among their peers as deeply as they can.

All of this is like a worsening virus cold. You sneeze all the more, cough all the more. And are all the easier to find.

All the security precautions in the world won’t stop you from being as loud as you possibly can about your dissidence. And that absolutely singles you out and makes you easy to catch.

If you were a dissident and want to remove the danger, you literally have to change your identity and drop all of your past life ties. Even if you simply make a showing of dropping your old beliefs, this is exactly how totalitarian powers will see you. In fact, they will suspect you of faking your change even if it was genuine.

Wael April 17, 2016 9:09 PM

@Clive Robinson,

This is a long article but worth the read …

Fascinating article. Not as long as the one @Nick P posted recently. Need to think a bit about it.

What are you doing up at 3:00 AM. Hopefully not a pain thing!

Nick P April 17, 2016 10:34 PM

@ Wael

“Not as long as the one @Nick P posted recently.”

Yeah, but the concepts in that one have affected you and I personally. So it seemed important. Unlike quantum whatever. 😛 I still plan to look at Clive’s link.

Wael April 17, 2016 10:40 PM

@Nick P,

Yeah, but the concepts in that one have affected you and I personally.

I started it, but it was too long. It was just a story after a strory… At least say what concepts personally affected ‘”you and I”!

Clive Robinson April 17, 2016 11:15 PM

@ Wael,

What are you doing up at 3:00 AM. Hopefully not a pain thing!

Not exactly, it’s a ‘dry air’ issue, which is it’s own special pain in the… I’m not at home and where I am, like all hospitals has the heating to high and thus the humidity to low. So you either drink lots before sleep and wake up to go reduce the resulting bladder preasure, or go dry and wake up coughing and have a drink… So “damed if you do, damed if you don’t”, whilst it is “most definitely a pain” it’s not the sort a pill or potion can reduce.

@ Nick P,

Unlike quantum whatever.

It’s about “the crypto root of all evil”, “true entropy” and how you get it from quantum systems (it’s actually a lot lot harder than most people think, and many commercial Q-TRNGs are shall we say “tempremental” and become easily biased thus predictable).

I often think we need a book with a title such as “The recognition, care and feeding of the exotic TRNG beast”, subtitled “and how to spot the more common chameleon RNG” 😉

The article author, is an authorative researcher in quantum computing (his 2013 book is readable, unlike many others in the subject ;-). Oh and he is one of sixteen researchers who has just received a nice fat bundle of cash from the US DoD to do “unclasified” research “in areas of interest” to them.

Wael April 17, 2016 11:26 PM

@Clive Robinson,

So “damed if you do, damed if you don’t”

You could carry one of these around! Just make sure it has no internet connections…

Wael April 18, 2016 12:23 AM

@Clive Robinson, @Nick P,

The article author, is an authorative researcher in quantum computing (his 2013 book is readable, unlike many others in the subject 😉

Very informal, sense of humor… Looks like a good book to read. All it took is one click

Clive Robinson April 18, 2016 1:52 AM

@ Wael,

You could carry one of these around! Just make sure it has no internet connections…

I Note you are a fast mover… From SanD to Brooklyn in a couple of mouse clicks. There was me thinking you were at home in Death Valley watching the stars go by 🙂

Wael April 18, 2016 2:27 AM

@Clive Robinson,

I Note you are a fast mover…

goddamit, Clive! Not only can you read between the lines, but you also read between mouse clicks? That’s scary, and perhaps it’s why I sent the Broklyn location 😉

I change my location so I don’t “leak” too much info on my whereabouts 😉

There are also Fake Location apps for android 😉

I’m not in Death Valley! I’m driving distance from there. It can take 2 hours or 8 😉

Thoth April 18, 2016 2:35 AM


“9) I wouldn’t worry about biometrics, we’re all screwed here. We leak bio evidence everywhere (do you wipe your fingerprints and pick up your hairs everywhere you go? You can’t live like that.). They’ll be in databases too, it’s a 2-way street.”

I have been very vocal agaimst biometric security here. The weaknesses ranges from comparing biometrics to storage and transferring. Biometrics are easily harvested thus making it a very poor authenticatiom mechansim weaker than a 4 digit pin protected with a tamper resistant hardware with hardware counter and lockouts.

“15) Deleted my facebook (lost contact w/ a lot of my friends, forever…people should consider that). Only have linkedin for employment purposes, I get emails from real recruiters for jobs and I like that. All the info on my resume is in a million other places, so my residence, phone number, email address, etc.”

I don’t have WhatsApp, Twitter, Facebook, Instagtram, LinkedIn …etc… That results in people finding me a difficult person to contact until I force them to use a phone call, SMS or email which after much struggle, they will eventually swallow it and live with my weird and somewhat paranoid habits. I don’t use company required Micro$oft Lync or Outlook as I only use open source Thunderbird email client or a phone call/SMS away too.

OTP on flammable paper are very useful since most electronics are blackbox unless you build your own transistors and the lightweight and ease of executing OTP calculations. The problem it brings is the keymat distribution and discipline in not using same keymat again.

Wael April 18, 2016 2:59 AM


unless you build your own transistors…

There is paranoia, then there is Paranoia (with a capital ‘p’)! Build your own transistors? You might as well start from scratch and mine your own copper, silicon, carbon, … But you still can subverted! Build your own blast furnace while you’re at it. The books that tell you how to do it? Geeeez! Can’t trust ’em either because maaaaybeeee NIST weakened the schematics too.

My advice is that you mine some Uranium and deplete it. Then build a DU-hat. The tinfoil hat you’re wearing aint cutting it, chief!

OTP on flammable paper are very useful…

There is technology that can read your OTP flammable paper from 23,000 miles away, too. Boogie boogie, chief… Boogie boogie.

ianf April 18, 2016 4:06 AM

OT: John Naughton in The Guardian asks about Emperor Zuckerberg’s new clothes and concludes “Facebook can not rule for ever, no matter how many ‘new’ services the website provides.”

Consider yourself enlightened:

Signaling System Seven (SS7) Network Allows Hacking of Any Phone April 18, 2016 5:55 AM

The SS7 mobile network independent from the little GPS chip in your phone, knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That of course, is not controlled by any one customer.

Criminals have proven they can get into SS7

Hackers can hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank.
Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation. And that’s immensely troubling.
Nohl told us the SS7 flaw is a significant risk mostly to political leaders and business executives whose private communications could be of high value to hackers. The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies — -including ours — and they don’t necessarily want that hole plugged.

Clive Robinson April 18, 2016 6:36 AM

For some reason, today appears to be one for “Grauniad” links…

Oh and the paper twitchers have my sympathy as the cover price has today shot up to 2GBP/day that’s the price of a NYC extra large,skinny latta with the trimings (gets you a cup of tea if you are lucky in those US Coffee shops in London).

But spare a thought to those rank and file that make it all work…

One such is one of the online moderators,

I’ve been asked in the past why I don’t have my own blog, well that article gives you one clue. As I’ve said before it’s hard enough work finding the stories and puting your own mark on them in a consistant way. Then there is maintaining the site it’s software, hardware, domain name, certificates and more all before that “dred job” of “moderation”… It’s not a job I would want as it can require a delicacy of touch, that my cattle stealing kilt wearing ancestors had no time for (there is a family story about one of my relatives who was a clan chief, kicking his son to death, for the crime of being soft… His actual crime was whilst out on a raid they stopped for the night in several feet of snow, and the father caught his son making a pillow out of snow…).

Clive Robinson April 18, 2016 7:02 AM

@ Wael,

Do you remember the conversation we had about it being “hotter than a snakes belly in a wheel rut”?

As for star gazing, I suspect from,

There is technology that can read your OTP flammable paper from 23,000 miles away, too.

That some of those stars you watch might be geostationary…

As for “reading between the lines” I can see between the pixels of an LCD… Or atleast I used to when I used to design custom ones 😉

Clive Robinson April 18, 2016 8:02 AM

@ Thoth,

The problem it [OTP] brings is the keymat distribution and discipline in not using same keymat again.

There are three distinct problems with OTP KeyMat reuse.

The first and hardest problem to solve is KeyGen issues. If you only generate small quantities of KeyMat then the chances are you will not run into KeyGen reuse issues. Unless that is your TRNG is not (a real prob with some Quantum and Thermal Noise TRNGs due to “circuit drift” etc). Back in the 90’s the “reuse” issue came up with some high volume KeyMat users. There are various solutions, the most obvious is to use a very very long period stream generator (CS-DPRNG) and “jump it” or “mix it” with the output of one or more TRNGs. Thus the “known” determanistic nature of the CS-DPRNG would give you certain guarantees that even if the TRNG drifted and became biased you would still not get reuse issues of more than a few charecters. It also had the advantage of getting very high volumes of KeyMat made quickly and efficiently with minimal human intervention, thus reducing human agent security leaks (which is the biggest OTP security issue generaly).

The second issue is not implementing KeyMan steps properly such that handeling, destruction after use and audit functions are lax. A big risk in this is having more than two copies of a pad. One way this happens is a requirment to keep broadcasts minimal for various reasons, and thus OTPs get used for “Fleet Broadcasting” from the home station for general/group traffic. Thus you end up with as many copies of the pad as there are outstations in the group to get the general / administrative traffic. It’s very bad practice, but it does happen in organisations that either don’t know any better or disregard the advice of those that do.

The third issue is human agent security violations, be they accidental or deliberate. A human usable pad is ridiculously easy to copy, if precautions are not taken to reduce the risk, likewise not destroying used KeyMat is ridiculously simple if significant precautions are not taken. The UK DWS used to first encrypt using either Typex or Sigba then super encrypt with a One Time Tape system called Rockex developed by University of Toronto Prof “Pat” Bayly over a period of time. To prevent accidental disclosure the tapes were not just a different colour, they also had a slicer blade on the output of the tape reader, and the tape was non-standard so could not be used in any non Rockex tape reader…

Astute readers may be wondering “why double encrypt”, well there are many reasons but the OTP/T reuse is one of them. But OTP/T are actually not “content secure”. The OTP security proof is simply “all messages are equiprobable” not “content secure”, thus if there are issues with your KeyGen as the Russians did then traffic becomes readable. That is it does not take a computer that long to compare multiple examples of OTP traffic and slide them by looking at the Index Of Coincidence generated, thus finding reuse because of the statistical issues of “plaintext”. If however you “flatten the statistics” of the plaintext by various methods the IOC issue does not occure. Thus as any good encryption system will flaten the,statistics you might as well use it.

As for the other issues, some of them are EmSec and some reduce the chance of a security leak, as the two encryption stages are carried out by different people. Then there is preventing “traffic analysis”, the super encryptor can just run generating “line traffic” irrespective of if there is “message traffic” being put into it or not. Thus an interceptor just gets one almost endless stream of line traffic and has no idea if or where any message traffic might be in it.

Thoth April 18, 2016 8:13 AM

@Clive Robinson, all
A declassified 1970s DOD security document which is still relevant to these day. There is so many things that can go wrong from simply looking at the given diagram. SOmething that is very prominent in the diagram showing the vulnerabilities that @Clive Robinson have been mentioning for a long time is energy related vulnerabilities which the picture shows a ton of Radiation problems along the system.

Too bad most Common Criteria and FIPS 140 validation for Cryptographic Modules simply put energy problems as a plus point bonus for those who implement security against energy emissions and not something mandatory. FIPS 140 version 3 (upcoming revision) is suppose to add more stringent protection requires against energy emission vulnerabilities which would be a long way before finalization of a proper standard and whether it can stand up against the rigours of modern energy emission vulnerability is unknown.


Wael April 18, 2016 11:57 AM

@Clive Robinson,

Do you remember the conversation we had about it being “hotter than a snakes belly in a wheel rut”?

I do remember one of them, which is likely the referenced conversation. It was back in 2012. This is the other one; a more recent mention in 2016

That some of those stars you watch might be geostationary

That’s the meaning! With super advanced lenses. Not to mention that the pen, pad, or desk used to write the OTP can be intercepted as well, and that’s ignoring the possibility the pen is an IoT subverted pen 😉

r April 18, 2016 12:36 PM

@Alien Jerky,

Astonishingly, the cows enjoy much less freedom than terrorists, they are also both tagged and tracked from the very moment of birth and they’re still 70% more dangerous.

I wonder how much more dangerous they are post-mortem?

r April 18, 2016 12:39 PM

@Alien Jerky,

Any figures on the profitability of marketing these two dangerous entities to the public?

Edward "Brill" Lyle April 18, 2016 1:02 PM

@Signaling System Seven (SS7) Network Allows Hacking of Any Phone

None of the major details should be news to anyone:

  • yes, your text and communication is in the plaintext to the isps
  • yes, you not only have gps information, but you commmunicate with cell towers (this would be how they know your location)
  • yes, this is legally open to governments and illegally open to governments, who have not only many vulnerability “farms” (defense contracting, light! No clearance needed, just sign some nda), but they will tend to have their own inhouse team. As well as more sophisticated hackers connections who have no affliations with more mainstream farms.

Take note, the Lookout team found this. Okay. And they state they “do this work at night”. Computer security speak: their company is too shallow minded to have a full fledged research team focusing solely on finding security vulnerabilities. So, they ask them to do this kind of work “off hours”.

Not that lookout is bad, not that they have bad researchers. But, their approach to forcing their workers to doing such work only on off hours shows poor management and vision.

That does not give them the time necessary to do such work. So, they won’t have the tools and experience they need, because they are not doing that as their full time job.

Your typical high end researcher will work on a system extremely long hours, every day, and have months to do it.

Hopefully, the originators of that contract have other firms also employed to perform an analysis.

The larger messages in the article are also true, with some variance:

  • yes, everything is hackable, bar none

When I browse through this site’s comments, for instance, I often see some very sophisticated schemes for encryption and privacy employed. My take is always one that regardless of how well you defend your system, if a powerful adversary (nation state, usually) wants to get at you? They most certainly will.

There will always be some chink in the armor. Cracking encryption, never attempted. Bypassing encryption by finding security vulnerabilities in the library, yes.

Vulnerabilities in implementation — always going to be some.

Fact is experienced resources are extremely hard to come by. So, most systems out there will never have been looked at by anyone with experience finding security vulnerabilities. It very often is not even in the game plan. This can especially be true with smaller outfits and plenty of open source projects.

(Larger organizations will have app sec teams. These are going to be invariably poorly resourced and underpersoned. Very often the team members will be largely tool monkeys with very poor experience in actually finding vulnerabilities.)

Intelligence and covert law enforcement intelligence, wise, the real danger is what is off the books. At least with even the secret courts, there have been some kind of hoops, some accountability, some lawyers signing off on. Some liability.

The idea that there is nothing completely off the books even ignoring that whole mess is entirely unrealistic and naive.

Which means that whole “secret court” morass ends up just being a really effective cover deepener for those manner of groups.

And that is just talking domestic.

Other nations targeting foreign nations (such as where the US is foreign to them), have no such gloves to wear.

Positive of all of this: cell phones have also provided individuals with a lot of security they did not have before. There are aspects such as ‘now everyone is carrying a quick access camera they often use’, which helps in many dangerous situations, including with astray law enforcement. And more direct matters, such as the incredible visibility this gives for serious criminal cases.

That both helps the real guilty party get caught, and can help the innocent not be wrongly interned.

What you do not see is something like the “Person of Interest”/Daemon model. Which is must watch and read for anyone interested in these issues. Fiction, but good ideas, and some realities behind those fiction. Further, of such quality, you can expect it to predict the future in some aspects, as good science fiction often does.

One current reality is, in sophisticated targeted attacks, absolutely your phone can be turned covertly against you to be as a bug and tracking device. Less sophisticated, someone buys malware trojan to do this and manually or by social engineering gets it on your phone.

More sophisticated, they code it custom and high quality. And they use a sophisticated zero day vulnerability to do it.

That door is surely open, both for proximity attacks (wifi, nfc, rfid, bluetooth, gsm/phone protocol/frequency), and remote.

Anywhere someone can get MITM, either between you and the tower, or upstream on the ISP, they can get executable code to run easily enough on your system. Even without extremely difficult to find security vulnerabilities.

Userland constraints? Very low hanging fruit, and will be for a long time. So, being able to get root will be easy done deal, widely accessible.

Too many processes at play, too complex, to have all potential root vulnerabilities discovered and patched.

r April 18, 2016 1:25 PM


Very, very funny. I didn’t see this coming.

“The government has utterly failed to satisfy its burden to demonstrate that Apple’s assistance in this case is necessary,”

“The government has made no showing that it has exhausted alternative means for extracting data from the iPhone at issue here, either by making a serious attempt to obtain the passcode from the individual defendant who set it in the first place … or by consulting other government agencies and third parties known to the government.”

Slime Mold with Mustard April 18, 2016 5:47 PM

Anyone having a good day or otherwise feeling optimistic can fix that by perusing either the summary or the original article: Science is broken. Very badly broken. “Another study of cancer research found that only 11 percent of preclinical cancer research could be reproduced”.

I think of this as a security issue because we base so much policy on what we take to be truth. We spend billions, we literally bet lives.

If you look over the US National Institutes of Health budget, you’ll find it reflects political concerns, not the morbidity or mortality of diseases. Consider – in the US, about 40 thousand women die of breast cancer annually , and about 51 thousand people perish from colo-rectal cancer. Breast cancer research is receives more than twice the funding of colo-rectal cancer studies. But then, when was the last time you saw a politician asked to explain their position on bloody poopers’ issues?

Politics damages science beyond government. Trendy topics bring funding and publicity to universities, while draining resources – money and talent, from less sexy projects.

I have witnessed outright deliberate fraud in medical research at an Ivy League school.

The Journal of Irreproducible Results is supposed to be a satire magazine, not the standard in the field.


Clive Robinson April 18, 2016 6:08 PM

@ Thoth,

A declassified 1970s DOD security document which is still relevant to this day.

It’s interesting to note that the diagram only shows “radiation” and “crosstalk” (TEMPEST) not “susceptibility” to external signals (EmSec – Active Fault Injection).

Dirk Praet April 18, 2016 6:39 PM

@ CallMeLateForSupper

Another news organ takes up the SS7 story.

It would seem that the congressman working with the guys from 60 Minutes, Re. Ted Lieu (D-Calif.), has called for a congressional investigation into the SS7 flaws by the House Oversight and Government Reform Committee.

And I pledge 5€ for the defense fund of whomever comes up with positive proof of having hacked that evil hag’s phone.

Nick P April 18, 2016 9:05 PM

@ Clive Robinson, Wael

Just finished the quantum randomness piece. Got a slightly larger headache as expected. It was kind of interesting and brought new protocols to my attention. Yet, it was also kind of bullshit. The author goes through several pages before admitting what jumped out immediately at me: the protocol for proving stuff about randomness and producing randomness depends on randomness as the start. That’s begging the question fallacy. The author also didn’t seem to know that PRNG’s existed as they keep questioning whether the game could extend the entropy algorithmically. Well, of course…

The game itself is an oversimplification of quantum mechanics with know knoweldge of what powers those mechanics. Stating a skeptic doesn’t need faith to trust their model is… inaccurate. The end result is that they recommend turning a seed into a long sequence of random-looking enough and indecipherable information. That’s been my definition of randomness all along with others arguing about philosophy. Good they found it after a very long trip down an off-beaten path. 🙂

Far as randomness, I still think the BitBabbler design is the best one to talk about. They similarly use physics. Except they use well-understood physics… I think is well understood physics… about basic types of noise that show up in what amounts at a macro scale with discrete components. They use noise sources that are barely effected by the environment. They feed those together. Digital components sample them periodically. They ran tons of them for a long time with all sorts of tests showing it looked indistinguishable from randomness (my qualification).

Now, the question is how good is this? Are the physics of the electrons hard enough to measure at an individual level without physical compromise that we can trust the randomness they introduce? Or any other sources of noise? Does the measurement itself impact its quality like it might with quantum stuff? What about ease of implementation to maintain the properties of the model? What about end-user verification of these with common tooling?

I think classic physics tapping into noise as BitBabbler and a few homebrew TRNG’s do is a better option than quantum. It should be easier and cheaper to do across the board with… critically… far fewer surprises turning up down the road thanks to brilliant physicists with no regard for the impact of their work on our INFOSEC duties. 😉

Donald April 18, 2016 10:47 PM

@ Clive Robinson, “Then there is maintaining the site it’s software, hardware, domain name, certificates and more all before that “dred job” of “moderation”… It’s not a job I would want as it can require a delicacy of touch, that my cattle stealing kilt wearing ancestors had no time for”

On top of Bruce being the prime factor, this blog has its perks which draw a certain audience. Whether it’s that authentic web look (give and take a few social media buttons), comments section’s commenters, or links and books, there’s some intriguing mystery to it. I’m obviously not a cryptographer nor security engineer, but I had the honor of meeting Bruce once in the past which is how I came to found this blog. I’ve noticed that most of the usual commenters here are connected to Bruce in some way, whether it is casual admiration, past acquantaince, co-worker, employee, worked on project(s), or read his book, etc. The blog itself is simple enough yet it has all the basics and works rather efficiently as a knowledge base of sorts with search and index. It’s kind of interesting.

Wael April 18, 2016 10:58 PM

@Nick P, @Clive Robinson,

Yet, it was also kind of bullshit.

My assessment as well.

Now, the question is how good is this?

The real question is this: given a large sequence of purported random numbers:

  • How can we be assured they are really random (unpredictable)
  • How can one be sure there is no backdoor in the RNG (lack of certain knowledge that someone else possesses)

He goes more into depth in the book. Finished 3%, but lost interest shortly into it. This is strange because he has a good style of writing; very informal, uses words you wouldn’t expect to see in a text book on the subject. But in fairness, he admits the book is a collection of some lectures he gave at the university of Waterloo. He starts with taking about logic (first order logic) — the kind we “use” in our discussions. He talks about how to formulate tautologically valid statements… Then he goes into set theory – the foundation of mathematics. Then I noticed he talks about Philosophy, Turing, Frege, Church, Cohen, Cantor, Gödel, Relativity, … and the limit of knowledge and how it affects ‘randomness’. He talks about free will and other subjects that usually come up when we discuss security on this blog. And all this to prepare for presenting his view of quantum mechanics as a “generalized probability theory.”

It’s a readable book. Like any other book, I take what appeals to my reasoning and intellect (if I have any) and leave the rest. I’m not sure when I’ll get a chance to read the rest. Maybe if I’m bored somewhere. @Clive Robinson was correct when he said “read the first and last page, you won’t miss much”…

Back to your initial statement. It’s all BS polished with some fancy words and topics, and to some extent, he admits that! Lol It still hasn’t changed my view on randomness.

Nick P April 18, 2016 11:40 PM

@ Wael

You didnt tell me what you thought of the analog, classical solution. Seems like win across the board to just leverage several types of noise.

Figureitout April 19, 2016 12:19 AM

–Think the QA issues w/ making your own transistors outweigh buying them…I’m using mcu’s until I can’t trust them anymore, or they fail otherwise too often.

Wael April 19, 2016 12:43 AM

@Nick P,

You didnt tell me what you thought of the analog…

Because it was a contentious topic in the past…

The TRNG source has to be a separate component from your device. It almost needs to be air gapped. “Almost” because it may need to sample electromagnetic fields. If I were to design a TRNG, I would do it with a network of sensors connected in tandem and parallel. Suppose you have 7 ‘sensors’, I would use the output of one to decide which sensor to eliminate, the output of another to decide the connection type between a few other sensors. The effect is the connections are also ‘random’. Root sensors that decide the initial stage will have to be air gapped. Something along these lines is where I would go. I would also have more than one feedback loop that cross the D/A and A/D boundaries. Then I would run it through some ‘validation’ tests with a statistician or a specialized domain-expert mathematician. And I’ll keep it confidential too. Call it “Randomness through Ambiguous”. And we all know how well “Security through Obscurity” works.

The link you had looks ok. No two transistors or semiconductor devices are identical, and the noise they produce falls within a probabilistic range. The issue is what @Clive Robinson described earlier about the transition from analog to digital, which is the reason I would use the feedback loops.

For a simpler implementation (or in addition) look at this link and search for “random”. It may give you some ideas 🙂

Herman April 19, 2016 12:54 AM

What the RCMP memo also shows, is that if you want to avoid detection, first dial 911, to turn the ISMI catcher off, then make your call, possibly using another phone.

Clive Robinson April 19, 2016 4:03 AM

@ Herman,

What is not mentioned in the article, and is possibly of more interest to readers on this blog, is the technological rat race.

The authorities get what they consider a “game changer” technology, you would then think that they have a choice on how much they use it… Only they don’t.

The reason is the choice is not upto them but others who have the equipment as well. Thus though the RMCP might decide to use it sparingly and for important cases, across the border the Sherif of Ploddunk uses it in just about every case and his deputies chat about it in the “dunnie-king-doh-nut” which the local crime lowlifes also use. Thus the technology ceases to be secret very quickly, and as such info has value, it quickly makes it up the crime tree to the capo or whatever.

At which point the secret becomes a barganing chip, which is what we have seen here. A pushy lawyer gets his game on and ratchets it up bit by bit. Then somebody in government has to make a political choice on what to do, see the technology die the death of a thousand cuts, or let the perps plee out to lesser charges and be back on the street within a year or two at the most.

Either way the damage is done and the technology gets known about and thus people dig and dig, and reasonably quickly more and more information comes out, untill the very expensive technology becomes of low value… In much the same way as zero day exploits devalue as you use them.

The thing is these very simple stingrays actually do more damage than good, and I’m not talking about emergancy calls. The fact that they don’t realy replace a cell tower only a small part of the air interface, means they will get known as well, which means that even if a donut munching deputy does not flap their gums, the use of such devices will get out.

The information thus will land in the hands of those with the technological skills to investigate and research… They will charecterise such devices and find ways they can be detected or worked around. And as such info has value it will end up with the criminals.

As is the way with such things a technological war starts, we have seen this with the military with ECM to ECCM to ECCCM etc at each step the technology becomes an order or two more expensive and ever closer to “the bleeding edge”. Whilst the military can afford the cost escalation and can have kit sitting unused, the police can not.

At the end of the day certain criminals will always be able to outspend the police. The only limit is if the criminals can not buy the technology they need to build the anti/counter systems. The technology manufactures are also in a rat race amongst each other which means that the old Mil Only technology filtering down has been turned on it’s head with comnercial technology taking the lead and at some point being repurposed into Mil Tech. Thus some criminals can afford beter tech than the police, what they need to get to turn it from a bucket of bits to working systems is appropriate brains. As the war with malware has shown there is no shortage of brains prepared to “walk on the dark side” where individual renumeration is going to be much much higher short term. Even on the “light side” we can see that with crowd source funding technology can be built and put into production by just a handful of smart twenty somethings who get to reap the rewards. This allied with the bubble bursting on Unicorns must be making some VC’s and shareholders start to think.

The police however get to find that their expensive tech toys now only work against the stupid and those that did not get the memo…

Which means that the LEOs have to start thinking back to more passive traditional techniques and how to make them work for them more efficiently. Unfortunately this means that there will be what many politicos hate, “more manpower on the books” that they have to find the funds for.

Some smarter cops have realised this and they are now entering a new barganing game with a different bunch of crooks, the legislators who are also politicians. The police are pointing out that cutbacks don’t deliver on “hard on crime” and if politicos want to make their promises to electors then both the police and judiciary need new legislation, which makes their job of racking up convictions easier…

Only as citizens we should be ultra concerned about “making convictions easier” as the process will be abused as much as possible due to the human failing, and “Justice will become a show not a reality”. And those with money will buy their justice at the expense of those who can not meet the entry price (which is 99% of the population).

Dirk Praet April 19, 2016 5:46 AM

@ Clive, @ Wael, @ Nick P.


Did any of you see this one passing by on El Reg: adding “Canary Numbers” to random number generators. “Canary numbers have lower statistical quality than the raw numbers and they are more susceptible to changes in operating conditions. For this reason, monitoring canary numbers can be used for an early-warning failure detection, since the statistical quality of the canary numbers drops before the failure affects the raw numbers in a significant way.”

Curious April 19, 2016 6:10 AM

I wonder, if you were to partially dismantle your phone or laptop at a border into US, would law enforcement still be compelled to do a search?

Clive Robinson April 19, 2016 6:30 AM

@ Wael, Nick P,

The TRNG source has to be a separate component from your device. It almost needs to be air gapped.

It’s a little more complicated than that. It needs to be energy gapped except through one highly controled one way channel. For simplicities sake it needs to be a “black box” with only a single output and no inputs. The output being a logical signal of some type that contains the hard won entropy in a usable state.

The reality is a “box in a box” type design the outer box designed to reflect or ground out all energy from attempts to influence the inner workings. The inner box designed to constrain all energy generated by the TRNG. Between the two boxes broadband absorbing material and mediation of the entropy channel from inside the inner box to outside the outer box.

The reality is that you don’t get energy out without putting energy in at some point in time. Whilst it might be desirable to do this by using internal storage that is charged when disconnected from the TRNG the practical realities of life say the TRNG is externaly powered and thus available for use at all times. Thus the second mediated channel is the power input.

The use of power also means there is a third channel that has to be mediated. All devices suffer the conctraints of the laws of nature, of which the most fundemental are those of thermodynamics, which means nothing is 100% efficient, and thus there is wasted energy that needs to be removed from the TRNG and the mediating and absorbing between the inner and outer boxes.

The trick is therefore to stop any other undesired channels and remove any information from the three required channels that might reveal any functioning of the TRNG or cause it to change it’s functioning, whilst still getting the desired entropy signal out.

That is the minimum model by which you have to work to protect the TRNG. Turning it into a specification becomes a lot more interesting, but it follows a fairly logical series of steps as does the subsiquent design.

However you have to design the TRNG first. Obviously you need some source of entropy, however in most cases the signals are very small and contain very little real entropy and are very susceptable to all kinds of environmental and other issues including aging.

A real issue with this is that the source of energy to drive the entropy source can significantly effect it in many less than obvious ways, as can the circuit used to detect the output of the entropy source. This usually needs state of the art analogue design. Likewise the systems to control the sources environment.

Luckily TRNG’s are not unique in these requirments thus a study of the design of instrumentation amps and XTAL frequency standards will give you much of what you need to know (but not all).

The next issue that arises is how to get the best from your entropy source. The first thing you need to know is that there are three forms of noise signal all mixed up as well as the bias issues. The three noise signals are,

1, Real entropy.
2, False entropy.
3, Determanistic noise.

What you are after is the real entropy, the question is not just how do you extract it from the other two but how do you get best advantage for it. Determanistic noise in theory is fairly easy to remove, you simply generate an in phase inverse signal and sum it out. Whilst this can be done it is a far from perfect operation in practice and tends to increase the false entropy signal.

The problem with false entropy is determining what percentage it is of the total entropy signal. If it’s close to 100% then you don’t have a TRNG just a noise generator that “may be predictable to others”.

You can actually build and test a simple system that shows this. Take two frequency stable squarewave signals that have little or no harmonic relationship. Drive the clock input of a Dtype latch with one and the D input with the other and observe the Q output on an oscilloscope. When the scope timebase is set so that individual squarewaves can be seen the signal looks very random. It’s actually not, if you dial the timebase of the scope down you will see that the widths of the square waves follow a sinusoidal pattern at the difference frequency between the two oscilators. You can actually see the same result using a piece of graphpaper and a pencil and drawing the waves in by hand.

The obvious conclusion is that though there is a lot of random looking switching at the output there is in fact little or no real entropy in the signal it’s all fully determanistic. Which you can show by using a second Dtype latch and putting one of the squarewaves through an adjustable delay circuit and taking it’s inverse output and putting it as well as the original output into an XOR gate. By adjusting the delay, you get the output of the XOR gate to give a continuous logic level…

Thus if an enemy can pickup the radiation from both oscilators they can sync up to them and reproduce your false entropy signal…

Now consider what you would see on the scope with the original Dtype latch if you phase modulated one of the two squarewaves with a signal unknown to you? The result will not show the same sinusoidal bunching of signals at low time base settings. Which might make you think you have got real entropy. The problem is you have not, but you don’t know it. However if your enemy knows what that phase modulation signal is, it’s game over and you do not even know it.

This is one of the issues with all “ring oscilator” RNGs built into CPU chips which appears to be the way everybody is going these days… It does not matter what you do afterwards in terms of hashing etc it remains fully determanistic to your attacker, because there is no “real entropy” just “false entropy”….

Which is why some of us think a carefully designed CS-DRNG might be a far better way to go.

For instance consider AES256-CTR it’s fully determanistic, but can an enemy actually attack it?

In the ordinary case they would need to know the AES key and the register Initial Value (IV). But due to the predictable incrementing of the counter an attacker may be able to get the key from a side channel attack and then get synchronised to the output. However what happens when the register is actually steped irregularly, say from adding the output of another crypto algorithm?

Take the BBS generator it has certain benificial attributes what if that was used to decide how much of an increment to add to the register used to drive the AES256 algorithm (say via another CTR mode algorithm)?

At some point even if an enemy does get the AES256-CTR key via a side channel, it does them little good because the register state can not be predicted.

CS-RNGs is an area which has not had as much work done on it as other areas, I personaly think it could do with more. Because analogue TRNGs are both flaky and fragile, which makes them difficult to design to work reliably. It’s the same reason analogue filters have been largly replaced with digital filters. However unlike analogue filters, analogue TRNG’s are almost impossible to test in anything aproaching a practical way. Thus detecting inuse failure is not realy an option unlike CS-RNGs.

ianf April 19, 2016 7:30 AM

@ 2-finger swipe “The solution is: scroll down.

No, it isn’t; it is precisely that which is THE problem. What @Hamid would like, what we all would love to have, is an ability to jump over (perhaps, theoretically, collapse—as were this an outliner) any comment in any thread that’s of no interest to us personally, and/or seems to be going on forever. And for such items to stay folded in.

    That is, unless what @Hamid envisioned was for this Bruce’s blog to s-o-m-e-h-o-w pipe in directly to his brain ONLY the posts that HE finds of interest, and suppress all the others. ?HOW? Hamid has the details, inquire within.

@ Larry – when done reading for the day, just click the date-anchor and open up the post in its thread. The next day, it will render in black (=read item) on the LIFO-order page… there’s your clue to how far back you’ve read previously. (@ Clive: your “unique number” url-add-on’s proper name is granular anchor).

@ Alien Jerkycows are actually a more potent threat to our personal society that terrorism.

Also responsible—and that’s not a joke—for bovine methane emissions, hence their saturation of in the atmosphere (contributes a lot to global warming).

@ Curious – were you to cross US border with a partially dismantled phone or laptop (thinking “that will make it impossible for the Man to search it”), you’d risk attracting undue attention and in-depth questioning why you are importing these electronic subassemblies into the country. So you’d better have a plausible cause at the ready: “I am bringing it in for repairs @ so-and-so outlet,” here produce the address & email trail. Remember: those people are BORED STIFF by their badly paid security-theatrical jobs, so you’d be like entertainment to them, and all in the name of DEFENDING THE REALM.

For a sample of what you could expect, watch any episode of the countless “Border Security” reality-TV shows (the Australian is the most gut-wrenching one), where rejects from police academies, etc. get to play Almighty towards travelers barely awake after grueling 10-hr flights.

Bob Paddock April 19, 2016 7:47 AM

@Wael @Nick P, @Clive Robinson,

“The real question is this: given a large sequence of purported random numbers…”

“The Princeton Engineering Anomalies Research (PEAR) Lab was founded in 1979 by Robert G. Jahn, a professor of aerospace engineering and Dean of the School of Engineering and Applied Science at Princeton University. The lab’s objective was to study the ability of consciousness to influence physical processes. The lab was managed by Brenda Dunne, a developmental psychologist trained at the University of Chicago, and had a full-time staff of half a dozen scientists as well as numerous interns and visiting researchers.

During its 28-year history, the lab worked to study and understand the anomalous impact that the mind seemed to have on physical devices, including electronic random event generators (REGs). Research was also conducted into remote perception, the ability of a person to perceive information that should be inaccessible through the standard senses.”

See their books “Consciousness and the Source of Reality”, “Quirks of the Quantum Mind” and “Margins of Reality: The Role of Consciousness in the Physical World”. PEAR accumulated billions of bits of data from the REGs of many types and found the same outcomes over 28 years of study.

When PEAR was shutdown due to funding, International Consciousness Research Laboratories (ICRL) started up to continue the work.

Quantum based device may be open to unexpected influences (by the classical trained), such as those studied by the PEAR.

I spent a fascinating evening with Bob Jahn and Brenda Dunne. Bob Jahn is Emeritus Professor of Aerospace Sciences and Dean Emeritus of the School of Engineering and Applied Sciences of Princeton University. He was founder and director of PEAR from its inception in 1979 until its closing in 2007, with Brenda serving as its laboratory manager. Bob is now Chairman of ICRL and Brenda serves as its President.

Bob and Brenda over 28 years investigated PSI from an engineering point of view. That is, the primary subject of their human/machine experiments was not the human, but the machine. This shift in emphasis required different experimental designs based on the accumulation of very large databases from a relatively small group of human operators, manipulation of physical variables rather than psychological ones, and data processing and statistical techniques drawn from engineering practice.

PEAR experiments involved many different types of Random Event Generators. For our discussion here I assume the REG is based on the decay of a radioactive element. It is impossible to know when a radioactive particle will be emitted from a mass. The unpredictably of this emission form a random event that is coupled into a logic system to record such events.

Lets assume we have a simple apparatus of three bins in which a collection of balls can accumulate. The bin on the left is called the ‘low-side’, middle bin the ‘baseline’ and the bin on the right is called the ‘high-side’.

The Random Event Generator determines which of the three bins the balls will fall into. Over a long enough period of time, without any outside influences, the three bins will accumulate the same number of balls.

Now the fascinating part to me is that untrained operators (that is people that claim no special abilities of any kind) can influence which bin gets the most balls. It gets even more interesting that the device can be influenced remotely from the present, past or future; Dean Radin work on Presentiment and ‘Entangled Minds’ is a good starting place along that path… Time and distance are a construction of our current physical understanding of the world, however they are not a requirement of Nature. In their studies they did determine that this is a wave-based phenomenon and not particle based.

What I found strangest of all (as if this all isn’t strange enough) is that the influence on the devices were gender specific. Males who could see the device had the best outcomes of getting the balls to fall into the bins of their choosing. Females regardless of their choice tended to have the balls fall into the ‘high’ bin. Bonded couples (that is dating or married heterosexual couples) had a seven fold increase in the balls falling into the bin of their choosing. Pairs of males or pairs of females had no better outcomes than an individual operator of the same gender.

Now what is a good TRNG/TREG free from any of those influences?

The Psyleron REG-1, a True Random Number/Event Generator, based on extrapolated quantum tunneling, has been around since 2005 and is the current Standard in Parapsychology. Any insights on it, or better yet design/schematics that improve on it?

Justin April 19, 2016 10:40 AM

@ Edward “Brill” Lyle

Shut up already. You’re out of your jurisdiction and your posts read like a roll of toilet paper. Let’s not shit ourselves. It’s just another civil matter. Throw in some charges of premeditated murder in the first degree, committed by poison for good measure, and call it a day. Maryland doesn’t have a death penalty any more, but no problem. Get the U.S. Department of State involved and call it treason. Lawyers aplenty for that.

More to come, but you’ll just have to wait for it.

Wael April 19, 2016 11:19 AM

@Bob Paddock,

One thing I like about astute members of this distinguished blog is book recommendation…

See their books “Consciousness and the Source of Reality”, “Quirks of the Quantum Mind” and “Margins of Reality: The Role of Consciousness in the Physical World”. PEAR accumulated billions of bits of data from the REGs of many types and found the same outcomes over 28 years of study.

One, two, three! And just like that, $30.00 was gone. Please don’t send “free PDF links” if they exist…

Three books, 30 dollars, $10.00 a click. Not bad at all for 1100 pages 🙂

The Psyleron REG-1, a True Random Number/Event Generator, based on extrapolated quantum tunneling, has been around since 2005 and is the current Standard in Parapsychology. Any insights on it, or better yet design/schematics that improve on it?

I’ll have to defer my reply until I get a sense of what the books talk about…

I took a course in speed reading. Then I got Reader’s Digest on microfilm. By
the time I got the machine set up, I was done. — Steven Wright

Wael April 19, 2016 11:45 AM

@Dirk Praet, @Nick P, @Clive Robinson,

Did any of you see this one passing by on El Reg: adding “Canary Numbers”…

I did now 🙂 The correlation between the canary and the high entropy output needs to be high, otherwise the canary thing won’t be a good indicator. Canaries can be ‘manipulated’ to hide tampering evidence, in which case the snitching-canary will be an Our man in Havana sort of reporter. Snitches get stitches, you know 🙂

I haven’t read the entire paper, though. They may have covered the bird’s health and ‘integrity’ 🙂

Bob Paddock April 19, 2016 11:49 AM


If you are in to books and want to “see how deep the Rabbit Hole goes” add:

“The Holographic Universe: The Revolutionary Theory of Reality” by Michael Talbot. Considered the Classic of the subject, from long ago. Freely available at archive dot org.

As well as a related work published last spring “Holographic Sub-Quantum Mind” by Louis Malklaka. For full disclosure I was involved in the discussions, years ago, that lead to the creation of the book, I receive no compensation from its sale. Consider this a biased recommendation.

To keeping up with all this crap I recommend Photoreading by Dr. Paul Scheele.

Clive Robinson April 19, 2016 12:01 PM

@ Dirk Praet, Nick P, Wael and others.

Did any of you see this one passing by on El Reg: adding “Canary Numbers” to random number generators.

No I didn’t, and I also missed your post earlier. I’ve just downloaded the paper and read it.

From my point of view there is nothing in there that I’ve not been doing one way or another for a couple of decades. And if you hunt back on this blog you will find that one of my biggest gripes aboit TRNG’s especialy the Intel chip based one is lack of access to the raw output of the noise source (search for “magic pixie dust” to find some of them).

Back in 2000 at an event in Upsals University Stockholm funded by the EU I talked about this problem and solutions.

The one I had picked on was based on a “wagon wheel” generator. Basicaly you have an XTAL oscilator driving a Dtype (after dividing down) the other input to the Dtype is from a free running voltage controled oscilator, driven by the output from a transistor based noise source.

The bit stream was put through a shift register, where two bit’s were compared via an XOR gate. If the bits differed the Q output was clocked as being a debiased random bit into a microcomputer chip that packaged eight such bits up and sent them out as an RS232 word.

Two counters were incremented one by a count of unbiased bits the other by the biased bits. When the unbiased count reached 256 the biased count was read. This ratio gave one test. Also the output of the VCO was “frequency counted” and this was checked against a thermal sensor of ambient tempreture. These gave two other tests, along with other measures of the power supply lines (both AC mains in and DC out). Further the microcontroler put the eight bit random words into three shift registers of differing length that acted like lowpass filters these were checked as well.

A later version used the TRNG output to change things in an ARC1024 stream cipher. The cipher was run as fast as posible in the non interupt (normal) mode of the microcontroler, all the other functions ran within interupts. When a host sent through a “request” for data this again would be done from within an interupt and would output 32bytes of random bits. This way the state of the ARC1024 Sarray would be unknown and due to the interupts adding further non determanism difficult at best to track.

These days with more powerfull microprocessors I would do the raw checking differently but not much else other than put an FT232 in to convert the RS232 to USB (it also acts as a primitive guard against USB attacks on the microcontroler).

So with this post and my earlier, you have most of what you need to know to make your own TRNG 😉

CallMeLateForSupper April 19, 2016 12:11 PM

“[…] Lieu […] has called for a congressional investigation into the SS7 flaws […]”

This is good. Fitting, at least. Whether or not the effort dies aborning, or shortly after, remains to be seen. I am not optimistic. Any investigation will take months to initiate, months to conclude and months to air proposed solutions. Turning proposals into action probably can’t happen before cell phones have become museum exhibits, because there is no single chain of command to Signaling System. One truth that I experienced repeatedly during two of my three professional lives is: diverse responsibility is no responsibility.

“I pledge 5€ for the defense fund of whomever comes up with positive proof of having hacked that evil hag’s phone.”

That’s the spirit! Pure grassroots involvement. I suggest that an efforet to turn the Signaling System hack into a fully functioning Maker project would precipitate the needed public debate on this issue.

From the end of the Fortune article:

“The CTIA, the U.S. wireless industry trade group, said […] ‘We continue to maintain security as a top industry priority.'”

Gee… I feel so much better now. Will every cell phone junkie get five years of free credit reporting?

Dan3264 April 19, 2016 12:13 PM

I do not think that the advocates for encryption are explaining encryption in the right way. The proper way to explain the need for encryption to lawmakers is this:

“Imagine that the President is from the opposite political party as you. The President is friends with the director of the NSA and has a lot of influence. Imagine that the President wants to secretly spy on his enemies (that means you). Thanks to laws weakening encryption(and the secret courts), he is able to do exactly that. He would be able to read all your texts, listen to all your phone calls, monitor what you do online, and so much more. He would be able to do that undetected. This would provide a huge advantage to the other party. Given the political tensions recently, do you know any politician who wouldn’t do that given the chance to do so undectectably? Do you want it to be possible to do that? That is a consequence of weakening encryption and allowing secret courts.”

Wael April 19, 2016 12:22 PM

@Bob Paddock,

If you are in to books and want to “see how deep the Rabbit Hole goes” add:

I’ll add them to my queue, thanks for the referral biased or otherwise.

To keeping up with all this crap I recommend Photoreading by Dr. Paul Scheele.

The only media available was paper. Are you aware of similar eBooks? The kindle or Apple eBooks only had the Italian version, and I’m not going to learn Italian to read the book.

Justin April 19, 2016 12:27 PM

What does anybody know about helium?

It’s dirt cheap right now and they fill balloons with it by the dozen at every dollar store in the world. Helium is generated naturally deep in the earth when alpha particles, emitted by the radioactive decay of uranium, thermalize and recombine with free electrons. It doesn’t come out of the ground in such large quantities and become so cheaply available on the market except as a by-product when large quantities of uranium are actually being mined.

Present levels of peaceful production of nuclear energy only require small quantities of uranium.

My firm conclusion, as well as that of others out and about on the streets, is that Iran is mining and enriching large quantities of uranium in flagrant violation of the “deal.”

Bob Paddock April 19, 2016 12:33 PM


Photoreading is actually a complete course by Learning Strategies in Minnesota. The book is only a small part of it. The course is available electronically and physically as well as a three day seminar a couple of times a year. I don’t know know of just the book in eBook format.

Wael April 19, 2016 12:35 PM


The proper way to explain the need for encryption to lawmakers is this:

No, no, no… That’s nothing close to a proper way! This is the proper way:

Hold your hand up and wiggle your fingers. Then ask the lawmaker: What do you think this is? After he[1] says I don’t know, do the following: stop wiggling your finger, flip him the “birdie” — you know, the middle phinger — and say: it’s this, encrypted.

[1] It’s not advisable you do this with a she, unless you are also a she, or you’ll get in a whole load of trouble. You have been “cautioned”.

Wael April 19, 2016 12:59 PM

@Bob Paddock,

The course is available electronically and physically as well

Does it work? I’ll get the 3-dvd set if that’s the case.

Bob Paddock April 19, 2016 1:33 PM


“Does it work?”

It helps. I’m not done with the course yet to say I’ve reached the peak of what they claim. This company has been around for about 30 years, unlike many of the other ‘speed reading’ courses.

CallMeLateForSupper April 19, 2016 1:48 PM

Apparently the volume of complaints about long checkout waits finally reached critical mass, rousing VISA from its usual counting house posture. VISA says it is improving the performance of the chips on its EMV cards.

If memory serves, the more secure chip & PIN was nixed in U.S. in favor of chip & signature, because the Lords of EMV sagely divined that customers were tired of PINs and were old hands at using signature cards. Mustn’t disrupt the “shopping experience”, doncha know. So much for that idea.

“New technology for chip cards to speed checkout times”

Nick p April 19, 2016 3:21 PM

@ Wael

I studied PEAR’s work with fascination a long time ago. You didnt need to buy books as there’s plenty of free summaries online of the experiments. The ctitical issues imho were the lack of peer review for the circuitry and especially malice. Scientists suck at detecging bullshit as magician pranks show.

Anyway, here’s a critique with data:

Here’s references from Radin:

Edward "Brill" Lyle April 19, 2016 3:35 PM


@ Edward “Brill” Lyle

Shut up already. You’re out of your jurisdiction and your posts read like a roll of toilet paper. Let’s not shit ourselves. It’s just another civil matter. Throw in some charges of premeditated murder in the first degree, committed by poison for good measure, and call it a day. Maryland doesn’t have a death penalty any more, but no problem. Get the U.S. Department of State involved and call it treason. Lawyers aplenty for that.

More to come, but you’ll just have to wait for it.


Rawr! cat claws. U are sending at me.

Word of advice, your delusional incoherency and out of context hostility is symptomatic of a serious problem.

Okay, I will play.

So, your posts are implying, not stating upfront, and specifically, that someone or some group is assassinating government employees through things like ordinary, everyday problems?

Like, someone might go and assassinate someone by installing lead pipes, or putting in asbestos insulation? And that this is some kind of systematic assassination program happening in the US, even against government employees? Worse, not worried about innocent casualities? And doing it in government buildings?

I don’t even see plausible plot material there for a good work of fiction.

Means may be there? Very theoretical and far fetched. Motive????

Means, you are talking about wild science fiction and fantasy level of plots. Where, in history, has anything ever like that been done before?

And who do you think is behind such dastardly, far fetched plots? China? Russia? Maybe Iran?

Closest to that I can think of is maybe the umbrella gun with the preferoated bb filled with sarin. Which is so incredibly famous, partly because it is so incredibly bizarre. Can barely compare with some poisonings Russia has performed. But, same class.

And that class of attacks does involve producing symptoms and leaving behind forensic clues that make a message. That point right to the government behind it. No proof. But clearly they meant to “send a message”. In the way the Mafia does it.

Anyway, why do such a mass attack? For cover? When a government could do something like, an improved version of the umbrella gun that shot something that “makes it look like natural causes” and leaves no forensic evidence?

(For instance, a super thin and so sharp needle shot from a silent minituare device which was coated with certain poison from the animal world. Where the needles not only do not leave a hole, because it is made of such strong material and is so thin, but dissolve in the fatty tissue of the victim? One could have such a thing in something the size of a watch, and it could hold many such ‘ammo’, quite easily. And have quite a range of effective distance.)

But, yeah.

As for “my jurisdiction”?? I hope you do not mean that literally, putting me into your far fetched conspiracy theories. Hate to burst your bubble, but I am a simple science fiction writer who does have some level of success. Enough to live on, anyway.

I take your deep hostility as a compliment.

I want my work to be either loved or hated. Just ‘meh meh’, is never what I aim for.

Wael April 19, 2016 4:12 PM

@Nick P,

You didnt need to buy books as there’s plenty of free summaries online of the experiments.

Too late. I don’t want summaries — I go straight to the source. I ain’t no pervert, but I like to drink straight from the cow’s ahem, so to speak — the stacked Russian breed, no less.

The ctitical issues imho were the lack of peer review for the circuitry and especially malice.

Often true.

Scientists suck at detecging bullshit as magician pranks show…

I met a few that were extremely intelligent but had no common sense whatsoever, that’s number one. Number two, some of them need to calibrate their equipment 🙂

Anyway, here’s a critique with data:

Thanks for the links! I’ll read them, but only after I read the books. It’s better to formulate an independent opinion before reading others’ “understanding” of the work. The subject sounds very spooky, though.

Dan3264 April 19, 2016 4:22 PM

I mean that the people who understand technology (very few lawmakers ever have, Benjamin Franklin is a notable exception) should show the lawmakers the size of the Pandora’s Box they are opening. The Burr-Feinstein Bill has ridiculous consequences (earlier in this squid post I joked that it might outlaw non-reversible logic; it might). To the lawmakers, these requests seem totally reasonable. Their requests only become ridiculous when you look at them from the point of view of the people who understand technology. They mistakenly believe that it would be easy to design a system that is secure to everyone except law enforcement(although making such a system might be possible, it would take years to develop, and would probably be insecure). They believe they can do so because they don’t look at all the details, even at the legislative level(Which governments get to do this? Only the US? Other governments might have a problem with that…). Unfortunately, this is unlikely to change.

Nick P April 19, 2016 5:19 PM

@ Wael

Recently forwarded Malvino and some other links to some amateurs online who needed introductory stuff. Already paid off on main intention of getting those links. Had to dig them out of here as the local collection was lost during a reinstall. The old thread had me rediscover more than analog books as there was all kinds of discussion on there. You made one comment along the lines that studying electronic engineering would reveal or make me reconsider something about the data diodes I always talk about. I can’t recall if I ignored or answered that quip. So, I just had to break out Malvino again to try to guess what the hell you were talking about. 🙂

Here’s the guess after 10-20 min or so of skimming chapters:

  1. Data diodes are certified to a security policy that says they transmit data one-way only with nothing leaking backwards. They typically cut off the receiver line on one and the transmit line on another. The logical design implies sender knows nothing about the receiver and vice versa with no effects on each other past specific transfers.
  2. Actual diodes and transistors, not sure about resistors, operate by essentially forcing electrons to move or not move across certain thresholds. When they do, there’s a majority movement that represents the real value you are working with but also often “minority” movements that go in other directions. With diodes and transistors, these include detectable movements that go backwards from the “receiver” circuitry into the “transmitter.”

So, the logical and security model says the “transmit” line can’t receive and “receive” line can’t transmit. Yet, physics of it says both components are transmitting and receiving at the same time if we’re talking movement of electrons. A suitably modified component might either (a) detect and amplify electrons moving backward to try to sense something about other end or (b) inject backward movement that analog, not digital, parts of subverted connectors pick up, or (c) do either of these with EMSEC-type effects due to materials used in conjunction with diodes or transistors.

The data diodes have to use either some kind of filter or isolation circuits in combo with the copper connections or optocouplers/optodiodes to eliminate the backchanneling. Hence, why the EAL7 diodes almost always use fiber connections with optocouplers or something similar. Interesting enough, the Network Pump is still somewhat accurate in that it is a one-way device with ACK’s allowed backward: mostly forward data with some data moving backward. Still not a fully accurate model but it turns out data diodes start more like network pumps on electrical level. Then, have to be modified and shielded to remove or minimize such couplings.

Did I hit the nail in the head or were you talking about something entirely different?

ianf April 19, 2016 6:03 PM

@ Justin
              could you clarify for me just this single subtopic’s point:

your firm conclusion “… is that Iran is mining and enriching large quantities of uranium in flagrant violation of the “deal.”

Mining own yellowcake? Assuming “enriching” what they’ve gotten elsewhere is true, once they amass those “vast quantities” of quality isotope density material, what exactly DO YOU IMAGINE they’ll be able to do with it?

We both know that it has a.  v.e.r.y.  l.i.m.i.t.e.d.  application potential; moreover dependent on delivery vehicles that they’re unlikely to acquire any time soon. Presumably they know it too; and also figured out by now that, if ever they as much as stray away from purely rhetorical sabre-rattling, they’ll be facing both Israel AND Saudi Arabia (strange times make strange bedfellows). Netanyahu already preventively delivered his “I told you so.”

    BTW, there’s an Israeli atomic U-boat stationed permanently in the Indian Ocean for just this purpose… yet I am pretty sure that it won’t ever need to execute any retaliatory doomsday options. FYI, this is fiction, but well worth your time (and, Wael, it’s only 8 bucks; cheap).

r April 19, 2016 6:21 PM


Not to be funny, but Iran is currently full of suitcase class business men… And delivery is only a taxi or one way plane ticket away.

Why go big, when you can go small?

xer0xer April 19, 2016 6:26 PM

Dutch encrypted communication service using blackberrys taken down

sorry in Dutch, use google translate if you wish.

Dutch police took down several servers running encrypted communication services. For what I understand of the story this was a business selling blackberry’s with PGP software installed on them. The source story says tat an alleged 19.000 ‘criminals’ were using the service. Now users of the BBs are served with a warning that the police took down the servers and are investigating the data on them.

My question is that there are in my opinion legit uses for this kind of services. think business people, politicians and so on.

Looks like Dutch government is rapidly enforcing a new, not even published yet, law/policy against encryption.

ianf April 19, 2016 6:58 PM

@ Ralph’s main defenses would be:

1. no longer hosting the content on popular DMCA “honeypot” media sites like DailyMotion/ Vimeo/ YouTube and

That’s absence, not defense.

2. having the content on an offshore server where there are no DMCA laws.

Offshore = same as offshore tax havens, etc., i.e. places of dubious reputation, where the law may not care much about piddly web hotels. Which otherwise may be hosting stuff that you don’t want to get mixed with, even by IP-osmosis.

Are regular hosts in Switzerland/ Sweden/ Norway/ Iceland/ Eastern Europe actually “suspicious”?

Not the hosts that are suspect, but your presence there that may awaken suspicions. Regular hosts in regular places like that are not “offshore,” and, even though the DMCA formally may not apply, they are bound to follow the spirit of anti-piracy laws etc. Upon reception of a cease-and-desist letter from an American lawyer, the Pirate Bay’s founders once replied with an written invitation for him to perform an impossible sexual act in himself… but in the end they went down with prison time and $M-sized fines. So don’t bank on it. You want “offshore,” you need to look for it in places like Venezuela, Laos, Vietnam.

Besides, my content isn’t political or controversial (other than the copyright issue)

Doesn’t matter. If you’re a DMCA sleuth, any takedown gets counted in as any other, and raises the remuneration. Or did you really think that the transgressive nature of your videos would first be evaluated for quality?

I have no problem paying for hosting anonymously

Tell me how you envision repeatedly paying for (faraway) offshore hosting anonymously, maybe I can learn something from you.

@ not_a_spook finds Clive Robinson’s commentary to be informative and enlightening.

    Do not ever massage his ego! He’ll get all puffy and resume posting 7k-parables with historical asides in response to straight Yes/No questions.

@ rrrrrrIran is currently full of suitcase class business men

WTF does that mean… speak en clair, not in riddles.

Dirk Praet April 19, 2016 7:50 PM

@ NSA fanboys

FISC judge Thomas Hogan “extremely concerned” by surveillance excesses at FBI, NSA.

@ CallMeLateForSupper

Whether or not the effort dies aborning, or shortly after, remains to be seen. I am not optimistic.

Neither am I. There’s even a fair chance such a commission would actually see this as a good thing since it allows LE to snoop on world plus dog. The NOBUS myth they’re still being fed by LE/IC remains very persistent among the technically illiterate. And in the end, Congress will do what’s good for Congress and its corporate sponsors, not for the public at large. Just look where that Saudi Arabia bill is going. Several Republicans are now stalling and POTUS has already said he will veto it if it passes. Who gives a flying f*ck about the families of 9/11 victims if “national security interests” are at stake?

@ Clive

The one I had picked on was based on a “wagon wheel” generator … So with this post and my earlier, you have most of what you need to know to make your own TRNG

I am as usual completely speechless 😎

@ xer0xer

Dutch encrypted communication service using blackberrys taken down

There’s several PGP/Blackberry resellers and service providers in the Netherlands, but it seems that the raided company is Ennetcom. They have an office in Nijmegen and their OpenPGP solution looks like they are a GhostPGP reseller. in Zwolle are offering similar services, so it is reasonable to assume they will be hit too in the days to come.

The obvious take-away here is that The Netherlands are no longer a safe place for any such services. EU PGP/Blackberry afficionados may still witch to TopPGP, based in Bucharest, Romania.

Thoth April 19, 2016 8:28 PM

NYPD and Manhattan Distict Attorney’s attempt to launch of hashtag campaign on Twitter to encourage more anti-encryption and anti-personal security took a dive in an unexpected direction. Prominent security experts took the hashtag campaign into their own game and turned an anti-encryption/anti-personal security campaign into a pro-encryption/pro-personal security campaign.


Wael April 19, 2016 8:32 PM

@Nick P,

You made one comment along the lines that studying electronic engineering would reveal or make me reconsider […] So, I just had to break out Malvino again to try to guess what the hell you were talking about. 🙂

Refresh my memory with a link! I forgot to take “the medicine this morning. Generally speaking, I was highlighting a mode of thinking. Wasn’t necessarily referring to the intricate electrical and solid state aspects. Wanted you to see how a complex domain such as solid state device physics can be simplified with the appropriate models that make it easy to design things like a radio frequency amplifier, a radar detector, or a remote control. Can we do the same for security (C-v-P)?

Here’s the guess after 10-20 min or so of skimming chapters:

Fine with me, let’s go by hunches and guesses. As good as anything else 🙂

1. Data diodes are certified to a security policy that says they transmit data one-way only with nothing leaking backwards. They typically cut off the receiver line on one and the transmit line on another. The logical design implies sender knows nothing about the receiver and vice versa with no effects on each other past specific transfers.?

Need an example.

2. Actual diodes and transistors, not sure about resistors, operate by essentially forcing electrons to move …

Correct, resistors are excluded. You are talking about drift and diffusion in a PN junction. BJTs and FETs operate using different principles. In a diode, for example, there is leakage current.

So, the logical and security model says the “transmit” line can’t receive and “receive” line can’t transmit.

That could be one meaning. Under this definition, both receive and transmit lines are ‘data diodes’ connected in opposite directions. There still needs to be a more granular definition of a data diode, because unlike electrons, not all data are equal. Perhaps it helps to think of a ‘control signal diode’, ‘executable binary diode’, ‘meta-data diode’, ‘information diode’.

Yet, physics of it says both components are transmitting and receiving at the same time if we’re talking movement of electrons…

When designing with an ideal model, one must ignore the physics details. Focus on the the major aspects. When the model fails, then more physical factors need to be accounted for. That also implies there are several models of one component that suit different needs. A transistor ideal model in the digital world is a switch; an on/off switch. In the analog world, that’s not a working model. The hybrid Pi or Ebers-Moll models are examples of analog models. There are different models depending on the applications, frequency,…

A suitably modified component might […] Did I hit the nail in the head or were you talking about something entirely different?

You did. The only thing is to differentiate between the characteristics of an ideal model and the real world behavior. One starts with the model, then refines it until it meets the needs, if you go to the old discussions, you may have a different perspective.

Thoth April 19, 2016 8:48 PM

@xer0xer, Dirk Praet
It is a shame that Netherlands caved in to the US Global Warhawk campaign to push it’s influence further. It is a mockery to the “civilized Western World” where freedom of expression, privacy and such that the rest of the “uncivilized World” does not respect. Now, ironically, an authoritarian country I live in (Singapore) gives you more freedom to sell, transact, explore, research, communicate, consume and develop Cryptography, Privacy and Personal Security and in a very ironic twist, an authoritarian country I live in encourages the use and attempts to promote it. Although I would be very cautious to say that this quiet and peace to develop, sell, transact, communicate, research and consume Cryptographic products and other personal security and privacy products feels like an uneasy silence and peace that maybe broken at any moment at the whims of the local Echelons ruling this tiny island state.

The current best approach to using products that are aiding privacy, personal security and cryptography is to shun close sourced systems as much as possible and go for the open source stuff (and verify and load them yourself).

I am currently working on a smart card-based open source file encryptor as my side project. It is still not ready yet but there are documents I have written in the “doc” folder if anyone wants to review through the specifications I wrote. The specifications are an initial draft.

The smart card file encryptor is envisioned to support a plain smart card without onboard secure pinpads or smart cards that have the luxury to embed a secure pinpad on the card body itself and also provides cryptographic key deniability by allowing any decryption (even if the wrong key is fed) to look somewhat plausible due to no usage of explicit checksuming. The file encryptor is also envisioned to support text display in the even that a highly sensitive content should not be displayed on the paired smartphone or computer but on the secure display embedded on a smart card with display technology on the card body for displaying sensitive contents.


Wael April 19, 2016 9:01 PM


…it’s only 8 bucks; cheap

The nice response, since I’ve been too sarcastic with you of late:

Price never stopped me from getting what I want. If I like it and I have the money, I get it. Prices aside, the subject of the book is the important factor. Not sure I’m interested in this topic, though. I prefer real world or science fiction — time travel (Millennium is good), The old X-Files (not the new season piece of crap), Star trek, Space 1999, The invisible man, The 6 Million dollar man, the bionic woman, and physics documentaries.

The usual response I reserve for the likes of you:

What’s up with the book recommendations! Are we bartering mangoes and tomatoes today?

I’m Just kidding, don’t take it seriously 😉

Nick P April 19, 2016 9:06 PM

@ Wael

“Refresh my memory with a link! ”

Might have been this comment. I couldn’t be sure what you were quipping about but you referenced a data diode in an analog conversation with a play on the analog term. So, I looked into it out of curiosity given non-ideal effects I recalled reading about.

“Need an example.”

All data diodes work the same at the logical level. There’s systems A and B (or network B if broadcast). There’s one or more devices used to create a network link between A and B. That link is unidirectional by design, usually HW but SW in weaker versions. A can send data to B but can’t so much as get acknowlegements back. Usually sent over a UDP-like protocol with ECC tech. B has no way to communicate with A. This implies that A doesn’t know anything about the status of B except maybe whether the link is plugged in. Maybe not even that. B knows nothing about A except that it temporarily possessed specific pieces of data that B is receiving and that A has power since B is receiving data from it. Hence, they basically know nothing about each other with one just broadcasting data to the other one-way.

Strongest implementations are electromagnetically-sheilded devices that enforce one-way flow between two fiber-optic cables connected to it. These include Tenix and Fox data diodes. Homebrew included one-way Ethernet and serial cables (eg Tinfoil Chat). The analog effects mean they aren’t really one-way. How important that is depends on implementation details.

“Correct, resistors are excluded. You are talking about drift and diffusion in a PN junction. BJTs and FETs operate using different principles. In a diode, for example, there is leakage current.”


“That could be one meaning. Under this definition, both receive and transmit lines are ‘data diodes’ connected in opposite directions. ”

A data diode is a physical link with receive disabled on one end and send on the other. Somehow. So, there should be no link coming from receiver to sender in terms of physical, transmission capability. It should cut off somewhere.

“When designing with an ideal model, one must ignore the physics details.”

This is usually true. The physics details, esp EMSEC, just screw up diodes in practice enough that they’re part of the security requirements. They usually just address it separately from logical design but the EE’s still address it. That’s why I thought you were poking fun at my seemingly-inaccurate model of data diodes with a bit of analog truth. Ok, so it was me coming up with that shit on my own using your book then. Damned, over-active brain haha.

“Can we do the same for security (C-v-P)?”

We can do it for the security systems, designs, models, and so on. I still don’t think CvP metaphor is adequate given what I’ve learned in that time. The crux of my design is that, by default, it forces information to flow a certain way with built-in checks or compartmentalization. The crux of the prison model is a combination of crippling, resource-oriented POLA with constant inspections to see if something is evil. The lack of an evil bit has caused prior, inspection-based methods to fail due to creative attackers. A few decades of INFOSEC papers suggest one is easier to get right, efficient, and already prototyped w/ Linux/BSD support. What’s left of the Prison concept is monitoring HW or SW for the known unknowns and unknown unknowns. Yet, most of the security comes from the other style of mechanisms.

Wael April 19, 2016 9:36 PM

@Nick P,

That’s why I thought you were poking fun at my seemingly-inaccurate model of data diodes with a bit of analog truth.

Wasn’t my intention. Wouldn’t spend 2+ years to poke fun! The intention was to develop a model or a new way of thinking. Together.

Nick P April 19, 2016 9:55 PM

@ Wael

It was one conversation, Wael, not 2 years. If you’re talking CvP stuff, then yeah we spent a lot of time trying to figure things out together. Now, the question is, “What’s the next model or set of models (more likely) that captures functionality and security requirements for HW/SW-architectures that we need? And how best to build them?” I’m still up for that discussion although I’m in a diminished capacity.

Wael April 20, 2016 12:06 AM

@Nick P,

“What’s the next model or set of models (more likely) that captures functionality and security requirements for HW/SW-architectures that we need?

This is a reformatted summary of where we left off, with items that are now clear, removed. Watch me subtly drag @ianf into this 😉

High-level summary: Castles vs Prisons Aka C-v-P


  • Define what you mean when you say you want to develop a “Secure” system
  • Identify where security weaknesses arise (Concept, architecture, implementation, etc … (Womb-to-Tomb security, Soup-to-Nuts security, or a Inception-to-Decommission security)
  • Know your weaknesses
  • Know your weapons (the ongoing joke was the ever expanding Arsenal)
  • Know your enemy and the tools they use, but when designing your system, don’t wear an attackers’s hat. Generally speaking (meaning there are exceptions, and using exceptions as pillars isn’t the best design philosophy), you could be a very accomplished black hat but a lousy security designer. The reasons were given earlier, the idea was to defend against classes of attacks, rather than instances of attacks.
  • Know what principles of security need to be adopted for a system to achieve the defined security characteristics (confidentiality, integrity, availability — at the highest level of thinking.) But also target other “Security” issues, for example adware, etc…
  • So rather than saying the following:



  • Lets increase the key size
  • Drop passwords and use “Biometrics”
  • Use 2fa or mfa (Two factor authentication and Multi factor authentication)
  • I am proposing we come up with a Model that implements the security principles we know. For the purpose of enumerating, and not necessarily exhausting them, here is the list of some security principles / rules of thumbs / axiomatic truths:

    1. Least Privilege
    2. Least Authority
    3. Check at the gate
    4. Default deny
    5. Trust no one
    6. Fail hard
    7. Fail fast
    8. Fail safe
    9. Segregation of roles
    10. Separation of duties
    11. Even if you have to trust, do verify
    12. Reduction of the surface of attack
    13. Expansion of search space
    14. Defense in depth (an old one and not sufficient! Nowadays attacks are mounted in depth, width, and height)
    15. Avoid being a target (Defense through Absence is an instance of that class)
    16. Keep tight lips, eyes and ears wide open (comes from the security definition)

    The general idea is:

    1. Define the ideal Models than construct a security ecosystem
    2. Model->Pattern->Principle->Security level desired is achieved
    3. Verify through Pen testing, data flow diagrams and threat modeling
    4. Complement with OPSEC and user / design manuals

    Using models isn’t a new thing. We use models and approximations all the time. Analogies are also meant to clarify an unknown concept to some audience with a known concept. For example, water flowing through pipes is often used to clarify electricity flowing in wires. Transformations from one domain to another is also another tool that sometimes simplifies calculations or aids in visualizing some aspect of a system under consideration. An example is transformation from time domain to frequency domain or vice-versa. These concepts are used in various fields.
    The models that were discussed previously were the Castle and the Prison. These are their initial characteristics:

    Castle: Serves to protect objects on the inside from events on the outside
Prison: Serves to keep objects inside the prison from leaving without due process.

    The objects above operate on data assets or “information”. This information can be data or keys. At the highest level, a Castle is a model of intrusion prevention and detection; a Prison is a model of data leakage prevention and detection. These two models can be used as building blocks to achieve certain system security characteristics — but they aren’t sufficient to represent the concepts, principles and branches of security (authentication, authorization, accountability, etc…) Other constructs are needed.

    In addition to the rudimentary “acting on data objects” the Prison can actually act on the components rather than the simple data objects. A CPU, a memory range, a controller, … can also be “imprisoned”, and that’s what I find novel from a conscious design perspective, even if such implementations were used or proposed in the past. How to imprison components (maybe an FPGA implementation) and why is a discussion that took place in the past without reaching a satisfactory conclusion. There are a few concepts that were also proposed: The Warden, probabilistic security, voting mechanismsamong a few other related rules of thumbs, factual axioms, and “security principles” that weren’t clearly defined or exhaustively listed.

    Data diode: What principle(s) does it represent? You previously spoke of a highway, the data diode is a special highway type model.
    Castle: What principles does it encompass? Is it a simple model or a compound one? What un-dividable models can it be decomposed into?
    Prison: What principles does it encompass? Is it a simple model or a compound one? What un-dividable models can it be decomposed into?

    I’m still up for that discussion although I’m in a diminished capacity.

    Excellent! I guess I caught you at a state where your internal Flip-flop is set. Don’t reset it again, or the next limerick is going to be a most nasty one! Get off this diminished capacity, and think positively (-178)

    In reality, though, even if we don’t continue this discussion… how do we bring it to a graceful conclusion??? Yes! We learned a lot from it.

    Thoth April 20, 2016 3:19 AM

    @Nick P, Wael, Clive Robinson
    Maybe an additional model called “Data Flow” can be added thus making it Castles-Prison-DataFlow. Data diode would be under the Data Flow model although Data Diode can be listed as Castle since it’s primary goal is to prevent data exflitration.

    ianf April 20, 2016 3:27 AM



      (Other than that, I apologize for perhaps sowing an impression that you were stingy, or—worse—so dirt poor, that you had to be careful with buying books… we’ve been there once before with your C.H.I.P./ RasPi investments. That wasn’t my intention; only you recently wrote of purchasing 3 x $10 Kindles – so mine WAS cheaper ;‍-‍)‍)

    Clive Robinson April 20, 2016 4:02 AM

    @ Wael, Nick P,

    Castle: Serves to protect objects on the inside from events on the outside, Prison: Serves to keep objects inside the prison from leaving without due process.

    It’s a bit more subtle and complex than that.

    The fundemental point is that a General Purpose “Turing” Computer (GPC) can not demonstrate it is not as it should be. That is it can not reliably show it has been attacked and subverted in some way, and importantly nor can it. There is a fundemental mathmatical basis for this observation.

    Also when you consider bubbling up attacks you can see that all code signing loading etc can be quite easily defeated, even memory tagging etc can be attacked. And the more esoteric defences based on a hidden secret such as “memory encryption” only work so far as bubbling up attacks by definition are below such hiding. It’s only when care is taken to segregate the secret that some but not all bubbling up attacks can be stopped (in a nutshell the FBI wanted Apple to make a bubling up attack on the memory of the SB phone).

    Thus the second point of note becomes clear enforced segregation is a requirment to protect secrets that other mechanisms are built on.

    The third point of note is that for malware to work in most cases it needs extra resources both GPC cycles and memory. If you can deny it both then it can not get a toe hold let alone become established and functioning.

    The idea behind the prison architecture was to address these points. The fundemental design point being segregation. The GPC is put in a minimal environment, and given only sufficient resources to carry out very simple tasks. Control of the memory resource was to be done via a simplified MMU. Control of GPC cycles by monitoring execution signitures of the simple tasks.

    Which brings up the question of what controls the MMU and signiture checking?

    Well it can not as in the ordinary “castle” approach be the GPC because it can lie to it’s self, so it would serve no purpose. Thus control comes from outside the prison “cell” the CPU is in. Now it’s important to note that although a Turing compleate computer is a state machine, not all state machines are Turing compleate computers. Simple state machines without memory in the control loop can have all states known and thus behave only in certain predefined ways and are thus incapable of having their basic function altered. Thus using simple state machines to control the resources of the cell the GPC is in. Importantly such state machines can also act as an issolation component, that is as a mediated choke point between two GPCs thus you can have a supervising GPC issolated from the GPC in the cell (think of it like the warden in Bentham’s Panoptican). The human equivalent theses days would be a guard that is remote from the cell watching it via CCTV and giving orders to a trustee –the state machine– through a pager or other one way message system. Or you could think of it as a Drone and Pilot.

    The “castle” system is the old “porous security perimeter” security model, which we know does not work for networks, so why we think it should work for computers I do not know. You have just a GPC a very large amount of memory and the GPC controles access to it via an MMU it controls which means that the only security is the “CPU Ring” priveledge levels, that can in no way stop any bubbling up attack… Or any other attack once inside a sufficiently trusted priveledge level. Such attacks also have just about all the resources they want and home users have been found with many tens and sometimes hundreds of malware infections one their PCs, which tends to show how ineffective the castle model can be.

    The prison model has other benifits, such that it alows effective division of labour, between those who can code securely and the vast bulk of coders who can not. Those who can get to write the tasklets that run in the cells, those who can not get to “script” the secure tasklets together.

    Obviously as sofar described the prison system sounds slow and inefficient. Well if you only had one cell then yes it would be. The thing is castle GPCs are very inefficient as well they require vast amounts of silicon real estate that is organised in a quite inefficient way… Take task switching on one, not only do you waste hundreds of cycles in the GPC you also stall out the caching mechanisms used to get around the inefficient real estate issues.

    The GPCs in the prison cells can be very very small RISC based CPUs and in many respects little more than 8bit CPU complexity you would find in the 8051 etc. You can get upwards of two thousand of these in the same area used in the CISC CPUs of some modern PCs. Further with small tasklets the small RISC CPUs can have the memory required on chip directly adjacent, thus neither caching or task switching is required. It’s difficult to say without actually designing a chip just what the performance differences would be, but it’s fairly certain less electrical power would be required thus overall systems would show considerable improvment (think about Current smart phones v business desktop PCs of a couple of years ago).

    However the security of the basic prison system is not all it could be, and it can be improved fairly simply in a number of ways. One of which is that the statemachine halts the GPC and checks the contents of it’s memory and registers. If the tasklets are written in a particular way this can be done very quickly and effectively and would only occupy a small percentage of the actual run time. This has a double advantage because the GPC in the cell has no notion of time outside the cell thus many time based side channels it could use for covert communications are broken by the search process.

    Any way to reword your original statment,

    Castle: Serves to protect objects on the inside from events on the outside but not in any effective way from each other.

    Prison: Serves to keep objects inside the prison well segregated from each other, or from leaving or having contact with outside objects without due process. Further the objects are watched for aberrant behaviour and regularly searched for subversion etc.

    Wael April 20, 2016 4:47 AM


    Other than that, I apologize for perhaps sowing an impression that you were stingy, or—worse—so dirt poor.

    I know it’s not what you meant. Besides, nothing wrong or degrading about being dirt poor! Apology not required,

    Clive Robinson April 20, 2016 7:39 AM

    Stepen fry thoughts on jacking off

    As some of you might know Stephen Fry is a UK personality known to many and like his old friend Douglas Adams known to be a bit more than just a techno-nerd. In fact his love of technology was at one point known to have been greater than his kove of man.

    But, he has found that freedom only happens in empty places, as bold adventures sally forth beyond the “here be dragons” to discover new places not just in the world but mind as well.

    Unfortunately the hamster wheel turns, and as was once observed “behind every horse a trail of 541t is to be found”, soon others follow to set down their mark and with them the plaugue of samness and gaudy advertising, and the preasure to conform.

    Thus Stephan is saying good by to some of his old haunts of FaceCrook and Twitfer, and is harking back to older ways, and encoraging others to do likewise.

    Personaly, I think he is a little behind the curve as some readers here will no doubt concure.

    Wael April 20, 2016 8:39 AM

    @Clive Robinson,

    Stepen fry thoughts on jacking off

    It’s “jacking out”. The other expression has a slightly different meaning related to blindness.

    ianf April 20, 2016 9:52 AM

    I forgot to add this to

    my comment to @Ralph’s “no objection to be paying for hosting anonymously.

      Tell me how you envision repeatedly paying for (faraway) offshore hosting anonymously, maybe I can learn something from you.

    Short of sending cash, physical bills through the (unregistered—security through obscurity) mail, I don’t think there exist any legal means to do that sans paper or digital trail any more. All in the name of staving off terrorist financing post 2001/9/11. I even had difficulty with depositing ~€1000 over-the-counter into a local (EU) bank account of another person. It was accepted after some ho-humming presumably because it was a isolated large deposit in that person’s account.

    As for sending funds abroad – unless you present an invoice/ equiv., hence no anonymity, #fuggedaboutit. The sums in question do not matter… in fact, the smaller the amount, the higher the risk of being flagged [by bank-transcending authorities] as a suspicious transaction & dealt with accordingly (here’s an example from constantly civil forfeiture-greedy USA.)

      Hell, sending funds though banks aside, I can’t even get mail-order booksellers to deliver a book to a designated recipient without a trace back to me. I keep telling them—the small/ specialized/ expensive, usually one-woman-outlets—that the fact that I’m buying a book from them, and paying for it by credit card, NEED NOT BE SHARED with the addressee – IF THAT’S WHAT THE PAYEE DESIRES. They understand the concept, but don’t seem to be able to do it, or at least guarantee that they won’t fuck it up at the p&p stage.

    Perhaps now you understand why I’m not wholly optimistic for the prospects of anon payments.

    Wael April 20, 2016 11:19 AM

    @Clive Robinson,

    Any way to reword your original statment,

    Good distinction. Prisons inside a castle host can take care of it.


    Maybe an additional model called “Data Flow”

    A data diod connects other ‘ideal models’. But what security principles does it represent?

    Nick P April 20, 2016 12:57 PM

    @ Thoth

    Funny thing is there’s all kinds of models like that in the literature. Wael wants some informal, super framework for the whole field. One set of models to rule them all. Plan to attempt it eventually.

    @ Wael

    Unidirectional info flow. That’s the model. Useful for broadcasts, software distribution, and logging to name two examples.

    Jim April 20, 2016 6:16 PM

    Chinese Security Tech sentenced to Death, 31 One Others Caught Up in Spy Row

    The case actually happened in 2011. Just now made public.

    States he was doing this for ten years. So, since the US-China cyberwar thing really was heating up.

    As this was online agent management, probably they withheld the case for so long, to try and do some counter-intelligence. Replacing the agents with Chinese counter-intelligence officers.

    After all, China knows the value of publishing such a sentence. It puts a bit of a damper, I would imagine, on recruitment and digital walkins.

    So, they left that door open to perform such counterintelligence at a very high cost.

    Jim April 20, 2016 7:41 PM

    FBI’s PRISM slurping is ‘unconstitutional’ – and America’s secret spy court is OK with that How about an appeal? Nope

    Hogan disagreed with that assessment however, saying that there was no statutory requirement that PRISM data only be used for foreign intelligence, and that the US government was required to retain any data that may be evidence of a crime.

    As the article makes clear, “data which may be evidence of a crime” includes all of your data.

    All of everybody’s data.

    Never know. Maybe there is some evidence of a crime hidden deep in your facebook posts.

    Thoth April 20, 2016 8:16 PM

    @Clive Robinson, Nick P
    I was thinking how to simulate a Prison style bunch of 8 bit CPUs with a trusted MMU and some central command CPU. Maybe the use of a FPGA like Xilinx or Altera to simulate a bunch of 8 bit CPUs with MMUs would be more practical in real-life ?

    Jim April 20, 2016 8:21 PM

    @Clive Robinson

    re: ‘jacking out’ of social media & internet socialization (which the author goes so far as to propose)

    It is not for everyone to make friends, create and sustain and build relationships, and then drop all ties.

    Or to be comfortable with not letting really anyone know anything substantial about you.

    He might as well advise people to go and live on top of an abandoned ivory tower in the desert.

    That would be much easier for anyone to actually do.

    Anura April 20, 2016 11:09 PM

    So, let’s say you get a new credit card with the same card number as the old card. What is the best way of disposing of it? Well, I have done some research, and I’ve come up with this:

    Step 1) You will need to destroy the magnetic strip. This can be done using a degausser. I recommend a hard drive degausser to ensure complete destuction of the magstrip data. You can get these on for a few thousand dollars.

    Step 2) The magstip is a thin piece of material, and can actually be scraped off with a flat head screwdriver. Hold the credit card with vice grips, and hold the front against a flat surface while you scrape off the magstrip. Set the scrapings aside.

    Step 3) The magstrip is only one part, but your card has the number printed on it. This is embossed, so just sanding won’t working. You should take a drill and drill out each number. Add the drill shavings to your pile of scrapings.

    Step 4) Now, this doesn’t take care of the chip on your card, if you have one. Regardless of whether you have a chip card or not, you should take a grinding wheel and grind the rest of the credit card to dust, and add the dust to your pile of shavings.

    Step 5) Place all the shavings/dust/scrapings in a metal bowl and heat until melted. Let it cool, and discard in the trash.

    Step 6) Call your credit card company and report your new card as stolen. They will issue you a new credit card with different numbers. Repeat steps 1-5 with the credit card you reported as stolen.

    Anything I’m missing?

    ianf April 21, 2016 1:00 AM

    […] “Step 5) Place all the [discarded credit card’s] shavings/ dust/ scrapings in a metal bowl and heat until melted. Let it cool, and discard in the trash.

    Surely you are joking, Mr. Anura. An overkill by a magnitude. Because any state-level adversaries looking for your CC data would not require the physical object at all. And the criminals would not bother with expired cards, let alone attempt to revive punched-through, cut up and/or burned plastic. Or were you talking science-fiction?

    Anura April 21, 2016 1:43 AM

    Just one order of magnitude of overkill? OK, let me revise Step 5.

    Step 5) Place all the shavings/dust/scrapings in a metal bowl and heat until melted. Stir until it has been thoroughly mixed. Remove from heat, and let plastic cool and harden. Grind into a fine powder. Take each grain of powder and discard each one in trash cans in different cities throughout the world.

    Thoth April 21, 2016 5:17 AM

    Regarding destroying a smart card, for the magnetic strip by degaussing, shaving off and then melting the magstrip is fine.

    For the smart card IC chip, any sharp punching tool or a drill bit aimed into the center of the metal contact and then driven / drilled through the metal contact would have destroyed it in a fashion that passes any sorts of Government standards for destroying IC chips due to the fact that most smart card ICs are only 5mm by 3mm in size. A drill bit or a sharp tool capable of creating a hole of at least 3mm would have passed the US Government requires for IC chips to be in a minimum of 2mm by 2mm fragment to consider proper destruction. If paranoid, a drill bit of 5mm or more can be used.

    Modern payment cards are rather problematic sporting multiple IC chips besides the main contact chip. Some payment cards may include a wireless RF chip for NFC payments that are link and now there are other types of chip cards that include E-Ink display and even onboard buttons on the payment card for the use of combining One-Time Password/PIN functions usually for authentication keyfobs onto their payment cards and other functions.

    Cards with biometric fingerprint sensors embedded on them (Zwipe), E-Ink capable cards (Coin, Swyp, Plastc, Stratos, BrilliantTS Card) all have multiple chips on them. You would effectively need to peel open all the plastic skin and then drill down or grind every IC chip to destroy them. Although these cards are not widely used and not officially issued by financial corporations and banks, it might one day become a reality and we have to live with cards with multiple chips and have to take the time, peel each of them and destroy them carefully.


    Clive Robinson April 21, 2016 7:45 AM

    @ Anura,

    You may be going a little overboard on destroying the magnetic stripe 😉

    Whilst it would be a good start by degaussing if you have the time and equipment it is not always possible to do so… and actually it may not be realy necessary to do it, or for that matter the rest of your mechanical attacks.

    The last time I checked a few years ago the magnetic strip did not like heat very much, and simply holding the card up at a shallow angle with the mag stripe down and run it over the tip of a flame from a cheap pocket gas cigarette lighter appeard to be sufficient to render it unreadable (likewsise hard drive platters). WARRNING do not breath the fumes they are very likely to be carcinogenic at the very least.

    I’m not sure how a smartcard chip would behave to similar heat treatment, but the chances are it will not survive if you can get the heat to the point it has burnt off the first layer of metallization on the chip…

    At which point you are still left with the plastic card. Back in the mag stripe only days they tended to be made as a laminate of a white plastic stock with a transparent laminate with reverse printed design on sandwiched either side of the stock. Which produced a durable card capable of surviving being in a back trouser pocket with assorted coins, keys and other similar destructive devices. I’m not certain how the newer “smart cards” especially those with NFC coils have been put together, thus the actual materials may well be different these days where embosing is to be avoided.

    In some cases which you might have noticed these laminates,do not burn that readily (or atleast I have when chucking them on the fire). Even though the stock may melt. So you may need a bit more in the way of “fire power” to destroy it sufficiently due to the way the numbers get embossed with a metallized gold finish etc on older cards, though I do have a current card in my pocket that appears to have been laser etched rather than embossed.

    I guess at some point I’m going to have to run the experiment of “emergancy card destruction” again…

    @ Thoth,

    Your posts suggest you play with smart cards rather more than the rest of us, do you have any links to info on the durability of cards?

    I’m guessing that the cards used to access HSMs etc are designed to more exacting standards than consumer account cards?

    CallMeLateForSupper April 21, 2016 7:50 AM

    Semms that Britain is thae latest nation that breaks PGP encryption.

    “Officers from the National Crime Agency, which led the investigation into the smuggling, breached the PGP (pretty good privacy) encryption software installed on multiple BlackBerry phones used by the group to intercept messages as the trafficking took place. The UK is only the third country in the world, after Canada and the Netherlands, to have publicly said its law enforcers have been able to breach the PGP programme for encrypting data.”

    I suspect that app/device leaks give the game away.

    Makes me fantasize about taking out full-page ads in LA Times and NY Times: “Folks, you don’t buy your meat from a deli cum live bait shop, so why do you place ultimate trust in an eToy and freakin’ app?!

    “Gang found guilty of UK’s largest known gun-smuggling operation”

    Figureitout April 21, 2016 8:31 AM

    –Sounds like a waste of time when the new card could be compromised on your next purchase w/ a hacked website or payment terminal… What’s wrong w/ scissors and dropping bits in trashcans scattered thru out your day? Less cancer fumes. If someone’s willing to dig thru garbage to get pieces of a dead card they have a pretty sick infatuation w/ you…they’re definitely sniffing your undies at that point lol.

    Clive Robinson
    –Looks good, besides uploading firmware over BLE lol…not a feature I really want, do like FRDM board and leave space to add RF if you want it…without looking at board schematic I see an antenna, maybe BLE one? Take xacto knife to that I suppose would be good enough, if range is like 1-2ft w/o antenna I can live w/ it.

    I’m looking at this, and how I can add password functionality like in TSB:

    ianf April 21, 2016 8:34 AM

    Wrote Thoth: […] [a] type of multi-chip card that includes E-Ink display and even onboard buttons for the use of combining One-Time Password/ PIN functions…

    What brand of card is it, and is it actually deployed in the real? It seems to me that a refillable payments card with rudimentary keyboard and display (for verification PINputs & up-to-date saldo) would be a perfect and near-anonymous OFFLINE traveler’s plastic. Use it freely as a debit card everywhere, fill with designated electronic cash from ATMs and/or over a bank counter. Or maybe there are some security or other angles that I’ve neglected.

    ianf April 21, 2016 9:22 AM

    @ Jim, go ahead, pay for your offshore video content with/ through the Darkweb, make the day for the G-wo/man on duty.

    I thought you spoke of repeat periodic renewals to the host’s default bank account, not such involving extra-circular activities by the recipient for the sake of some piddly dollars. Which is what the Bitcoin method amounts to, the exchange for real money to maintain those servers. But what’s in it for the service provider, why should a web host suddenly treat you differently just so you can play with virtual currency?

      For that, there’s no need for Bitcoin. Try the Western Union – may not be present everywhere, and in places the payee (though not the recipient) can be anonymous. But it also requires parallel telephone notifications, and a degree of involvement by the receiver. Plus the transfer costs quite a bit (it’s been a time since I last used it, so my intel may be out of date). Still game?

    Wael April 21, 2016 9:57 AM

    @Anura, @Clive Robinson, @ianf,

    What is the best way of disposing of it

    You guys are way too complex. Simplicity is Virtue. Ask yourself one question: will it blend?

    Clive Robinson April 21, 2016 12:25 PM

    @ Wael,

    Ask yourself one question: will it blend?

    You might as well ask : will it nuke?

    Most kitchens have both a blender and a microwave, but when “the man” comes aknocking you are rarely in the kitchen and the Feds have a habbit of kicking the “power off” switch synced to blowing the doors off etc. As for when we are not at home you have no kitchen to boogie in either…

    Oh old question : What goes from green to red at the touch of a switch?

    Old answer : Kermit in a blender…

    Just one of the few printable jokes I swapped with Terry Pratchet at one time or another…

    Anura April 21, 2016 1:09 PM


    Okay. given that, I’ve determined that the only solution is to (temporarily) raise the temperature of Earth to the Hagedorn temperature to ensure the complete destruction of everything that can be used to determine your credit card number.

    Jim April 21, 2016 2:11 PM


    I have no practical experience in that area. (I do have practical experience in ‘dark web'(Tor) type of technology. But, do not use Tor, and have zero reason for using anything that can’t be found on the regular internet.)

    I do not trust Tor. “Roger Dingledine”, really? That strikes you as a real name?

    So my post was a question.

    I would think, however, that to really figure out how to do this, you have to consider multiple chains of events that would lead up to the wanted, end result. An web host serving your content but your real name never touched.

    One way is to consider as simply a buyer and seller situation. Buyer -> money means -> Seller -> served content.

    But, there are limited options in the money means for assured anonymity.

    There are other ways from point a to b, and in those other ways, there are sufficient weaknesses that assured anonymity can be obtained. At least, by theory.

    Second route.

    buyer -> server equipment bought -> IP bought and registered -> served content

    Third route

    buyer-> fabricated identity -> anyway they choose -> served content

    Where fabricated identity means they have fabricated a false identity with adequate supporting paperwork.

    Clive Robinson April 21, 2016 2:44 PM

    @ Figureitout,

    I’m looking at this, and how I can add password functionality

    The first question springs to mind “Why?” as it kind of defines the level of protection you need for it.

    For instance if you just want to discorage casual abusers, you could embed a “magic word” in a loop at the top of main that if matched sets a flag and drops into the code proper.

    If however you want to securely store a changable password in memory then you are looking at a lot of code…

    But it will possibly not get you what you want due to JTAG support at the chip level, that can fairly easily bypass opti-boot or any other code you load.

    Wael April 21, 2016 3:11 PM

    @Clive Robinson,

    You might as well ask : will it nuke?

    Right on, gangsta! Not a question I’d want to ask! Partially because I don’t want to think about the next two questions!

    Oh old question : What goes from green to red at the touch of a switch?

    Who on this blog is likely to be exposed to the elements at a nice resort in Gitmo?

    What goes from silent to screaming at the touch of a switch, in the aforementioned location?

    Nick P April 21, 2016 4:36 PM

    re Mastermind

    Eyes Everywhere was a good read with a nice cliffhanger as usual. One more episode to go. The recent one shows not just how fantastic and crazy the Le Roux operation was. I think it also reminds us how full of shit the terrorist debates are where the law stays focused on one off events and civilian surveillance while Le Roux has military-trained soldiers and equipment killing people for a decade. Like in my movie plot, the military and their gear are a much greater threat over time than most terrorists.

    Plus, his cheap ass could’ve donated more to GPG, Truecrypt, Tor, OpenBSD, and so on. A high-assurance system usually costs $15-30 million to do from scratch. He could’ve financed that in one year with over $100 million left over. Let security researchers do the maintenance and patches from there while integrating regular software with it. But no…

    Thoth April 21, 2016 7:32 PM

    @ianf, Clive Robinsom
    These are novelty smart cards and each of them cost hundreds of US dollars and some carry subscription fees for maintenance. These are the cutting edge stuff and not in huge distribution. Some are not even launched yet and are still in crowdfunding phases but have workable prototypes on hand. What these E-ink enabled cards show us is the possibilities available although I do predict it would be another 2 to 4 years before they become popular and widely distributed in the industry.

    What I read about is these E-ink smart cards have a self-contained battery (some are re-chargeable) with a life span expected to be around 3 to 5 years before the battery runs out for those that cannot be recharged and replaced.

    I got into smart cards as a hobby while tryimg to figure out what sort of smart card the Thales HSM was using and surprisingly it was a off-the-shelf Gemalto made smart card (same as any other payment cards) with the exceptiom that the smart card applet software loaded is not the EMV payment type but a specially crafted software with non-standard APDU commands (smart card commands). So a HSM smart card token is like any other COTS smartcard (e.g. Gemalto, Infineon, NXP…) with a different set of software and commands.

    I became interested in smart cards since the only affordable civilian security technology you can buy is smart card. Buying HSM for a hobby to research would destroy my wallet and also these HSMs are heavy to carry around. Thus, the only practical security technology available out there is smart card. TPMs are more limited in capability and does not support a user chosen Secure Execution Environment whereas a smart card allows loading applets and make efforts to segregate the applets and other interesting security features to allow secure execution and use and slips into your wallet nicely.

    Thoth April 21, 2016 8:05 PM

    @Clive Robinson
    Most conventional smart cards have a life expectancy of 10 to 15 years according to most chip makers’ brochures. How it was determined is by the wear and tear on the Flash/EEPROM memory. Before buying any card, the seller should have brochures on the chip specs which will mention life expectancy of chip measured by the Flash/EEPROM memory storage write cycles (usually 10 to 15 years). For those whom are very conservative with the permanent memory usage while writing the software (i.e. I try not to use permanent storage unless needed and sparingly) the card maybe expected to last even longer.

    Regarding NFC interface cards, there are 2 major modes. The older version would have a main smart card chip and then another NFC chip to control NFC functions. The main smart card chip may communicate with the NFC but in some cases noth chips are standalones.

    The recent models of chips include what is called a dual interface chip which is a smart card chip not only capable of contact mode but also has an NFC mode bajed onto the same chip and also a very tiny NFC antenna built into the outer metal layers of the IC chip connected to the internal NFC processor block on the IC chip.

    One example of dual interface capable of operating without an external antenna coil and relying on the IC chip’s internal antenna built onto the metal layers is a developer smart card I am currently using to write my programs and do testing for my smart card projects. It does not have any external antenna and solely relies on the IC chip internal antenna. The drawback is if the wireless card reader is smartphone or lousy quality it has a rather awkward rate of success (especially if you encase your smartphone with those bump protection casing luke I do).

    Nick P April 21, 2016 8:40 PM

    @ especially Bruce, Clive, Wael, Dirk, and Thoth

    I was expecting to loose an hour reading a 150 page interview. I didn’t expect to even find one that good because I didn’t know it existed. Yet, I just found this 2012 interview with Dr Schell to be truly mind-altering in what I think of history of our field, where successes were, and where blame came from. It was unbelievably insightful and worth the time you can carve out to read it.

    I’ll give just a few surprises to not spoil too many:

    1. Schell was a radar guy with no interest in security, not really computers, never heard of Ware Report at time, didn’t want to build stuff, and had no use for researchers. Did spot the fact that turning a key and inputing a target into a computer didn’t mean his people were in control of where that nuke went.
    2. Save a few, nobody in military including NSA could understand that there was a threat to computers via malicious insiders. Despite Cold War spy fervor, they couldn’t comprehend it and wanted nothing to do with “COMPUSEC.” This was all the Russians thought about but didn’t care about hackers.
    3. Burroughs brilliant architecture and Schell’s work didn’t really develop in parallel. Burroughs architects were involved in his early work, inspired part of MULTICS security (maybe), and combined with Schell’s subversive activity were reason Intel has protection mechanisms in x86. It wouldn’t have otherwise. So, Burroughs lives on in better parts of x86. 😉
    4. I thought Anderson of Anderson Report showed up out of thin air as an administrator with Schell and others inventing INFOSEC. Turns out, Anderson was a Burroughs guy who did the first pentests on government systems, worked against subversion, and architected INFOSEC for whole NSA. All before any of that was conceived or invented to any real degree. He then showed Schell how to do that stuff as a mentor and consulted on future activities. Mind blown.
    5. SCOMP, the first secure system, wasn’t actually commissioned by the government or funded. Schell, always fighting with them, actually played accounting tricks making them think he was buying computer parts, printer paper, and shit. Eventually was auditied. On the side, managed to produce something whose tech would end up in security kernels and x86 for a tenth of IBM’s failed Future Systems project. Least they scavenged the AS/400 out of the pieces of that.

    6. Black Forest organization shows industry outside of tech wasn’t as stupid as I thought. Matter of fact, like Schell, they predicted exactly what would happen to the emerging high-assurance industry and why they’d be paying for shit instead. Stuff I never wrote because it seemed like conspiracy nut stuff was actually in their predictions and happened. Mind blown twice. Bruce might have some commentary on them as it wouldn’t surprise me if they asked for his opinion at some point.

    Just a few major revelations in that interview. Here’s a follow up which is actually where I found the PDF. It cites Schneier on Security in one of its claims. All in all, one hell of a night with reading like this and feeling a bit more motivation seeing how Schell kicked all kinds of ass trying to force security out of government/military that wanted nothing to do with it. He was actually one of our first underdog stories in INFOSEC whose project (eg Orange Book & evaluations) became the big dog briefly. Good story!

    Wael April 21, 2016 10:23 PM

    Yet, I just found this 2012 interview with Dr Schell to be truly mind-altering…

    Sounds interesting. In my queue…

    TLA: Come again?
    Nick P: Ummm 150 pages in one hour, baby! Sustained speed too, dawg!

    TLA: Now let’s see… Our “metadata” and telemetry probes say differently, vato! It says you spent an average of 16 minutes on each page. That’s a little off from your claimed 24 seconds a page! Wanna try a slower speed?

    So are you gonna tell me how to read this fast, or should I let the TLA snitch-rat-bastard-spook loose?

    Nick P April 21, 2016 10:32 PM

    @ Wael

    Actually, I take it back: it could’ve been anywhere from 1 to 3 hours since I dont recall when I started. Plus lost track of time due to such fascinating details. Already told you the speed reading tricks, though. They saved me probably 10-20 pages here as most were worth reading.

    Wael April 21, 2016 10:44 PM

    @Nick P,

    Actually, I take it back: it could’ve been anywhere from 1 to 3 hours since I dont recall when I started.

    That’s more like it. Good timing… I’m done with 1 of 3; “Margins of reality”… I’ll interweave this one in between.

    Ralph April 22, 2016 12:08 AM


    Offshore = same as offshore tax havens, etc., i.e. places of dubious reputation, where the law may not care much about piddly web hotels. Which otherwise may be hosting stuff that you don’t want to get mixed with, even by IP-osmosis. … Regular hosts in regular places like that are not “offshore,” and, even though the DMCA formally may not apply, they are bound to follow the spirit of anti-piracy laws etc. … You want “offshore,” you need to look for it in places like Venezuela, Laos, Vietnam.

    I’m having a hard time seeing how these risks could apply equally to everyone. Sure, if you’re blatantly breaking the law on a large scale like the Pirate Bay guys were, you’re going to get noticed and harassed by the authorities. But if you’re not that big and not that bad, I’d imagine the odds of getting noticed at all are much lower.

    Let’s say grandma Jane wants to host the website for her small local bakery store with a company in [offshore country X] (ie. Switzerland/Sweden/Norway/Iceland/Eastern Europe or Venezuela/Laos/Vietnam) because it would cost less than hosting in the US. Her business is doing nothing remotely illegal whatsoever. What’s the risk for her in hosting offshore? Are you saying she could be associated with other dubious sites on the same server even though she’s done nothing wrong? Would you tell her not to do it even though it would save her money?

    In another example, let’s say John is a rookie comedian who posts videos to YouTube for friends and prospective employers to see. He’s small-time: for all the videos collectively, the play count increases by only 0 to 5 hits per week. Some of them contain copyrighted content, but they’re parodies. YouTube removes some of the parody videos due to robo-DMCA notices. John is disappointed and wants to reduce the likelihood of further DMCA on his remaining videos. He could delete the copyrighted parts, but it would ruin the jokes. He could password-protect the videos, but it would seriously limit the audience. He’s considering removing them all from YouTube and uploading elsewhere where DMCA robots aren’t so active. What would you tell him to do? Host in Venezuela/Laos/Vietnam? Host in the US but not on YouTube? Some other option?

    Tell me how you envision repeatedly paying for (faraway) offshore hosting anonymously, maybe I can learn something from you.

    Ok, forget about anonymous payment, it doesn’t matter. I don’t know why I mentioned it. As stated before, my content isn’t anonymous, it relates to me, so paying anonymously wouldn’t make a difference.

    Figureitout April 22, 2016 12:16 AM

    Clive Robinson
    –Want to emulate like encrypting harddisks a bit, where you have a password before jumping to OS, then another password. But yeah it’d be easier and may be better to have password in main instead (I’m then thinking how it checks password, probably best checking whole pw in one go than character by character (which I’m doing in a school project lol)), w/ any info that’s needs some protection encrypted separately. For another day.

    Yes I’m just looking to discourage casual abusers in this case, there’s some pretty basic countermeasures/evasive actions that kill the game/fun for the more dickish bastards. I’d be pissed but it’s not the end of the world if my $20 kit logging intruders/wildlife alike goes missing.

    BTW not too sure 328p’s have JTAG, but you can try 🙂 The JTAGICE3’s are pretty nice for debugging though.

    Clive Robinson April 22, 2016 12:19 AM

    @ Nick P,

    … Schell kicked all kinds of ass trying to force security out of government/military that wanted nothing to do with it.

    He was not the only one to find that the MIC had no interest in real security (their sole purpose appears to be to sell snake oil at the highest of prices, and deliberatly cripple/sabotage it such that lucrative “cost pluss” and “rework” makes the profit many times greater).

    You might want to read up on Gordon Welchman. He was the one who organised Bletchly, from an ad hoc group of scientists and cryptographers into an almost industrial operation as well as independently thinking up the bombe system and arriving at it’s major improvment the diagonal board.

    Gordon ended up in the US post war and recognised that military comms was at best a joke, and more a serious liability, and realised much that needed changing. But found the MIC wanted none of it for various incestuous reasons. However he persevered and arguably was the father of secure military networks that are still very much in use and also some “failed experiment” we now call the Internet.

    He desperatly wanted to correct the mistakes the MIC were making as he saw that lives very much depended on reliable communications. So decided that as part of the Bletchly story was out he would try and correct the mistaken beliefs[1] that many people had about Bletchley and Ultra. As well as make public the problems he saw with communications, which his then employer initialy encouraged.

    Unfortunatly he was unaware of what had happened in the UK over the head of MI5 and the fact many concluded he was a Russian mole[2]. The fall out from this was Maggie Thatcher’s “blood lust” over anything to do with leaking what she regarded as official secrets, past or present.

    So when Gordon Welchman wrote his book, he was not expecting any real complaint from either the UK or US authorities. However he had several parts,to the original book, one of which was his thoughts on where the MIC was going wrong with communicatuons. Which involved revealing much about traffic analysis and his own thoughts on it and how it pertained to the way communications should be organised.

    Although technical knowledge of traffic analysis prevention etc was effectively in the public domain, those at the top of GCHQ decided, that perhaps some IC’s in other countries had not joined the dots together. Thus talking about the nontechnical or operational aspects of traffic analysis might have a remote posibility of making their job just a little bit harder… Thus Maggie Thatcher got another bee in her mad house of a brain and her blood lust was further heated.

    The result was considerable push back via the NSA and “secret agreements” between the UK and US[3]. The veinal and dishonest behaviour from GCHQ’s leadership and the resulting NSA/FBI actions gave rise to considerable stress which almost certainly shortened Gordon’s life.

    Whilst you can still get copies of his book, Gordon took out the section on the MIC’s failings in communications technology and direction out of all later editions[4]. So it only appeared in the first edition, and it’s a bit of a rarity as only something like four thousand were sold. Whilst some of the technological failings Gordon identified have subsequently been fixed over the interveening three decades, the underlying “inbred behaviour” of the MIC is still causing many of the failings we see today, and thus a major burden on the public purse.

    In part the behaviour towards Gordon Welchman is the reason that traffic analysis only became a subject of academic interest in the 21st century. Likewise it might also be the reason why the likes of TOR don’t use protection measures against it that have been known about for the better part of eight decades…

    [1] Put simply, the alies never actually broke the basic Enigma Cipher, they broke the “indicator systems” that the Germans invented to communicate the individual message keys from station to station by exploiting the weaknesses / failings of the opperators and the “Prussian” formality of the communications. But this was only possible due to the real secret “traffic analysis” and all that went behind it.

    [2] You can read one man’s thoughts on the mole in the book “Spycatcher” and look up the fuss and extreames Maggie Thatcher went to, to stop it getting published.

    [3] Most people were unaware of BRUSA which gave rise to the “Special Arrangement” that laid the foundations of what we call the Five Eyes. But it was the most public of the many secret agreements, some of which are still secret. The one Gordon got hit with was an agreement the US it’s self broke many times, which was that the US would not reveal or alow to be revealed information the British still regarded as secret. As the arangment it’s self was kept secret it’s difficult to know how he could have been aware of it or it’s consequences. A point not lost on quite a few these days over the Patriot Act, Executive Orders and their secret interpretations that never get challenged in secret courts…

    [4] Gordon decided to replace the future of communications section with a historical technical description of the bombes and diagonal board, which is perhaps more inkeeping with the rest of the book.

    [5] Whilst information about Gordon Welchman and the real successes of Bletchley are still slowley coming out, there is one recent book you can get with what much that is currently known in it, including a more uptodate technical description of the bombes,

      Joel Greenberg’s “Gordon Welchman : Blechly Park’s Architect of Ultra Intelligence”, Frontline Books London, ISBN 978-1-84832-752-8

    Clive Robinson April 22, 2016 12:28 AM

    @ Ralph,

    But if you’re not that big and not that bad, I’d imagine the odds of getting noticed at all are much lower.

    Wrong way of looking at the problem.

    Look at the way tax authorities etc work, they go after those who can least defend themselves in what are effect “show trials” to scare and demonize, whilst the real serious offenders with major legal muscle are left alone. Because in almost all cases they will win in court, or make any win by the authorities pyric at best.

    Wael April 22, 2016 12:55 AM

    @Nick P,

    I took a break after 40 pages, just about when they decided to take a break. Funny thing is I had some common interests with him, like Electromagnetics, antennas, etc…

    Good paper. I thought I would find it on YouTube because my eyes are hurting… but found a PKI talk instead.

    Wael April 22, 2016 2:14 AM


    probably best checking whole pw in one go than character by character

    That’s correct! Do you know how or why?

    Anura April 22, 2016 3:16 AM

    @Figureitout, Wael

    I’m not sure what is meant by testing it in one go rather than character by character, because generally speaking you kind of have to compare one character at a time (or one byte of the hash at a time). Anyway, the correct way to securely test equality of passwords is to hash using a secure password hash and compare the hashes using a function that won’t branch or change execution time depending on the data:

    func is_equal(byte[] a, byte[] b)
            returns bool
        byte cmp = 0
        for int i = 0 until max(len(a),len(b))
            cmp |= a[i]^b[i];
        end for
        return (cmp == 0);
    end func

    Anura April 22, 2016 3:49 AM

    One thing I should note, make sure your compiler doesn’t try to be smart and exit early (there are some things like this, zero-and-free, etc. that should really built-in, guaranteed secure functions for any programming language).

    Clive Robinson April 22, 2016 3:53 AM

    @ Anura, Wael,

    are talking about a resource limited microcontroler, the loader of which will hardly ever be used.

    So unless the appropriate algorithms are needed else where in the code they will due to their code complexity and size blow much needed resources out the water.

    @ Figureitout,

    I’m then thinking how it checks password, probably best checking whole pw in one go than character by character

    You can actually do both…

    Create a circular buffer of an appropriate length (say sixteen bytes to keep code down).

    Each time a charecter is entered call a sub that compares the buffer to the password –backwards– if it matches the password then return success, if not return fail.

    This way it does not matter how much startup crap gets on the serial line, only the last charecters get checked.

    The downside is it makes password guessing easier (see arguments about how to select lotto numbers to give best chance of getting a four number match to see why).

    As an algorithm it’s very simple, and the circular buffer / compare code will almost certainly get used for other things, so is not wasted resources.

    Wael April 22, 2016 4:17 AM

    @Anura, @Figureitout, @Clive Robinson,

    function that won’t branch or change execution time

    Right. Otherwise you leak timing information that will help an attacker guess the password (assuming it’s a password); sent over a remote connection, for example.

    Sending a hash doesn’t fix everything, still! Hashes can be replayed even when a password isn’t known. Remember something similar called Pass the Hash?

    Wael April 22, 2016 4:25 AM

    @Anura, @Figureitout, @Clive Robinson,

    cmp |= a[i]^b[i];

    Given that the programming language may have short circuit evaluation, the loop may terminate (gets short circuited) when the output is guaranteed to be ‘1’, do you think this algorithm leaks information?

    Anura April 22, 2016 4:46 AM


    That’s not about language features, it’s about compiler optimization. Short circuit evaluations in languages is usually defined only for boolean (not bitwise) operators, and is about guaranteeing code will not execute. For example, “if (a != null && a.method())” in C# is guaranteed to not attempt to call method if a is null and thus throw a null reference exception, because it would have failed the first condition. When it comes to bitwise operators, the only thing languages guarantee is the result.

    Compile that code in a shared library, containing other stuff like your own implementation of zero_memory, and compile with -O0, and you should be fine.

    Clive Robinson April 22, 2016 5:40 AM

    @ Wael,

    Given that the programming language may have short circuit evaluation, the loop may terminate

    Yup such is the joy of optimizing compilers.

    Which is why you should force it to do on a byte by byte basis.

    That said as far as I know, compilers are not smart enough to short out comparing a circular buffer with a linear buffer.

    Another trick is to do a “mask, test and compare” on each byte as it gets written into the buffer.

    The mask strips the parity and other bits, to get to a known state (and you can do auto-parity detection as well at this point, if you get the user to type in two consecutive charecters or known string first such as “AT” to get a wakeup prompt).

    The test in this case being “line disipline” to do such things as do CR to LF, Ctrl-Z to nul/eof conversion, removal of other Ctrl chars or signal setting on Ctrl-C etc and even Esc-? meta char conversion. Importantly you also need to store the “last char” for several reasons. First to allow a “push back to stream”. Secondly de-duping of LF after CR-LF convertion from various terminals and emulators that send “CR,LF” not just LF. And also to store the Esc or other meta-key so it can be converted if required.

    You should also do “echo conversion” at this point depending on “duplex state”. Thus if it’s full duplex and “mask char” you send back an asterix, not the char received, half duplex or a Ctrl char send back nothing etc.

    The trick with the compare is to XOR the char with the password char and count the none zero results by simply adding to a one byte buffer / register / variable and only check it if the char just compared against is in password string position [0] (remember we are checking backwards from the nul terminator).

    Figureitout April 22, 2016 6:43 AM

    –Think I know how (in variant 68k asm, which is a requirement for us :(, if I could write C for some parts would be sweet), and the why, my paranoid mind thinks there’s some info spewing out electromagnetically checking char by char (actually over the speaker and other ports there is), even though I give no other indication of pw length or if it’s correct until entirely entered. And somone could brute-force a hex keypad pretty quickly looking for first correct char if they have a way to see that info leak (it’s f*cking hilarious if someone w/ those capabilities would spend time on this, but that’s besides the point). As far as timing attacks…yeah probably plenty in there, those are everywhere… I don’t think I’m gonna get it before next Thursday…this project’s killing me lol.

    –Here’s a chunk of my code (so a way NOT to do it ladies and gents), ugh I’d have to look at hashing in asm, but yeah that’d be better. Store the pw hash in flash so even a dump of flash wouldn’t get it immediately. Think technically it’s still physically getting compared char by char but it’s so fast, like strcmp/strncmp.

          &nbsp;&nbsp;&nbsp;&nbsp;ldx #0

    read_password: jsr read_keypad ;reads a value from keypad
        ldaa KEY_PRESSED

                  &nbsp;&nbsp;&nbsp;&nbsp;cmpa #$FF                ;checks if no key was pressed
                  &nbsp;&nbsp;&nbsp;&nbsp;beq  read_password                                               
                  &nbsp;&nbsp;&nbsp;&nbsp;staa password_entered, X
                  &nbsp;&nbsp;&nbsp;&nbsp;cpx  #4                  ;checks whether 4 characters were entered
                  &nbsp;&nbsp;&nbsp;&nbsp;bne read_password        ;keeps reading if less than 4 characters 
                                           ;were entered                
                  &nbsp;&nbsp;&nbsp;&nbsp;ldx #0                   ;reinitializes register X

    check_password: ldaa password_entered,X
        cmpa sys_password,X
        bne incorrect_password

                  &nbsp;&nbsp;&nbsp;&nbsp;cpx #4              ;have we check all 4 characters?
                  &nbsp;&nbsp;&nbsp;&nbsp;bne check_password  ;keeps checking if all 4 characters haven't
                                      ;been checked

    Clive Robinson
    –Huh, ok, don’t see why that isn’t char-by-char. Sounds clean/efficient but…But yeah making it easier to check correct pw is what I don’t want for some bastard lol.

    Thoth April 22, 2016 7:32 AM

    @Figureitout, Clive Robinson
    PIN attacks are common espeically in smart card systems and over many years a variety of defenses have been developed to protect PIN checking from attacks. The links contain some information on attacking smart cards which include attack vectors on PIN/Password and measures employed by smart card industry and developers to prevent such attacks. The relevance of these attacks in smart card are applicable to other embedded systems. Using the history of smart card security as a learning example is a nice starting point.


    Bob Paddock April 22, 2016 8:10 AM

    If using the language C and “exit early” or having to compile with “… -O0…” are issues that is a sure sign that ‘volatile’ is missing from places that it needs to be.

    I see this error in online code all of the time (ARM code shown here problem applies to all processors):

    static inline void irq_disable( void )
    asm (“cpsid i”);

    when it should be:

    static inline void irq_disable( void )
    asm volatile (“cpsid i”);

    An optimizing compiler is free to move the former anyplace it wants and usually to someplace that ends up having no effect at all. This is known as ‘code motion’. Yes turning off optimization will prevent that, usually at the expense of breaking something else or significant reduction in speed/significant increase is code size that a small micro has no space for.

    While the latter per the C Standard can not move the instruction past the sequence point.

    The ARM also has other instruction/memory/data barrier instructions to deal with forcing things to complete (or wait for them to complete wasting thousands of cycles) so that the state of the system is known to prevent race attacks.

    ianf April 22, 2016 8:16 AM

    Asks @ Wael rhetorically, but maybe not:

    Who on this blog is [MOST] likely to be exposed to the elements at a nice resort in Gitmo?

    Channelling a TLA: tell us more, tell us all about your vacation dreams (dream vacations?).

    What goes from silent to screaming at the touch of a switch, in the aforementioned location?

    What—that’s easy: a rotary power cutter applied to a steel beam (festive sparks display a bonus).

    If it was “who” you meant instead, and asked in generalizing fashion… that could constitute insidious libel of harrrrd-worrrrrking USG organizations. Because no less a trustworthy figure than General Hayden, ex. Director of CIA, stated on camera, that the practice was only ever applied to mere 3 individuals, and, anyway, it ceased in 2003, well before his time there. So there.

    Later, Wael finally decoded: “Good timing…

      On the strength of time-and-again proved theory of bad habits traveling in pairs, it can safely be concluded that, if Wael t.i.m.e.s a fellow poster’s speed of reading, then he must’ve practiced it on others, e.g. his grrrlfriends. Females reading this: consider yourselves warned (against).

    Dirk Praet April 22, 2016 8:26 AM

    @ CallMeLateForSupper

    Seems that Britain is the latest nation that breaks PGP encryption.

    I doubt PGP itself was broken. It’s more likely that LE recovered private keys from seized PGP gateway servers, then brute-forced their passphrases or used some other technique to get at them. Key escrow is and always has been a bad idea. The moment your private key is compromised, it’s game over.

    Wael April 22, 2016 9:33 AM


    Short circuit evaluations in languages is usually defined only for boolean

    You’re right. It was late at night or too early in the morning when I read this. My eyes were sore… I saw the operator as double. It looked like a logical — not bitwise operator. You buy that?

    Nick P April 22, 2016 11:17 AM

    @ Clive Robinson

    Doesn’t surprise me that they tried to minimize him. Epsecially given his insight was COMSEC: something they understood well. One reason Schell’s is interesting is he did COMPUSEC that neither IT nor COMSEC people thought had any value. I wonder if Welchman noticed anything on that end.

    @ Wael

    I considered mentioning it but wanted to let you have the lightbulb moment yourself. As I read it, I was noticing the similarities between your background and his. I figured you’d like that. Unfortunately…

    “after 40 pages”
    “my eyes are hurting”

    Those were the parts I skimmed because they were less important. You need to finish it because the Good Shit starts after 40-50 pages. One of the best revelations involves PKI, too. Actually, two of them in a way.

    (watching the video)

    And he mentions the source of one in the video. Haha. Not quite what’s in the paper, though. Only 5min in but we already see Schell’s style in action:

    Schell: “What do you mean by your product being interoperable? I mean, specifically, what does interoperability mean in this case!?”

    Salesman: “I mean… I mean… we’ll sell the product to anyone.”

    Schell: (laughs) “Unfortunately, that’s what interoperability had come to mean in this industry.”

    Always thinking ahead, that one. Except on the security models. Kind of got stuck in a security kernel rut. 😉

    Clive Robinson April 22, 2016 11:21 AM

    @ Figureitout,

    Huh, ok, don’t see why that isn’t char-by-char.

    Each time you enter a char into the ring buffer, it compares the buffer backwards against the entirety of the password string.

    So assume Pwd=[fredsmith$] is the password with the $ being the terminating null.

    When a key is pressed,

    1, Write the char into the circular buffer and inc it’s write pointer.

    2, Use a while loop looking for the null to get the length of the password string as LEN (or have this precalculated somwhere and copy it into LEN).

    3, Calculate a false base pointer for the start of the 16 byte circular buffer Cbuf[] = (Wptr – LEN) mod 16, so it goes back the same length as the password. Clear ChkSum

    4, While LEN is not zero… dec LEN, xor Cbuf[LEN] with Pwd[LEN] add result to ChkSum.

    5, Return ChkSum,

    If ChkSum = 0, then password matched otherwise failed.

    Figureitout April 22, 2016 11:32 AM

    –Oh what I meant in one go or char by char, the function would return and splash “wrong password” immediately when one wrong char is entered. So anyone could brute force the first char quickly. My code doesnt do that now but it did before. Its best to silently fail, dont display length etc etc all the best practices. This isnt going over a network either, straight to chip, so attacks to extract a pw still would be quite interesting.

    –I’ll look at those, thx.

    Clive Robinson
    –Aww, such a tame pw :p. I’ll have to mull over that algo, thx.

    Wael April 22, 2016 11:58 AM

    @Nick P,

    was noticing the similarities between your background and his. I figured you’d like that

    au contraire, the first thought that came to my mind is: where the fu*k did I go wrong 🙁 You gotta admire and respect his boss, though:

    And my boss said to him, he’s the project engineer and if you’ve got a problem, discuss it with him. And I fully support whatever it is that he says is necessary to do. Click[1]

    You need to finish it because the Good [edited freaking expletive] starts after 40-50 pages.

    Read it, I will. It’s just I have to make a living! And I have two more books left…

    [1] Click: Means he hung up the phone on the guy who was complaining to him.

    Nick P April 22, 2016 12:21 PM

    @ Wael

    re Schell

    “where the fu*k did I go wrong 🙁 ”

    I thought about that too. You could’ve invented INFOSEC or something. Instead, you were engineering systems at… somewhere… then screwing around on a blog. Of course, if I point a finger at you, a wise teacher once told me I’m pointing three back at me. Definitely on this topic. 😉

    “You gotta admire and respect his boss, though”

    The boss really impressed me. Especially in the military on a topic that everyone else thought didn’t matter. That took some backbone and good judgement.

    re video

    I kind of tuned out after a while because it went on and one. That said, it was great for at least first 20 min or so because Schell had a talent for focusing on the right things. He was worried about liability assignment, distributed decision-making, and whether endpoints running it were trustworthy. Also, interesting that he mocked the “techies” for worrying about keysizes and such when much of what they were proposing didn’t address the business needs themselves. I think that was his real talent where he spotted the problems in operational sense then followed through with whatever tech got the job done. Did that for COMSEC, control systems, MLS, and apparently attempted it for PKI.

    His recurring theme and why he didn’t think it would work is that nobody wanted liability. They had to trust each other. The devices were untrustworthy. Up to $100 billion was on the line if PKI fully failed but nobody providing it could cover that loss. Fundamental thing, here, that has little to do with tech. Interesting thing is some are suggesting Apple, with Apple Pay and lots of cash, should become a bank. As I watch PKI video, I notice that Apple is probably the only party that can meet financial obligations and pay for high-assurance tech. Potential there but I doubt they’ll see it.

    Funny enough, no insurance vendor would underwrite INFOSEC schemes with one mentioning it was due to an undisclosed loss involving a product called Windows NT. I think he expected the audience to laugh at that point but they didn’t. I did as it’s just another good part of the Windows legacy… eliminating all insurance possibilities through epic fuckups so bad nobody will give specifics. Just something I’d have assumed anyway haha.

    Note: The video connects to one by Mark MIller of capability-security fame and one on formal methods for “HA security.” I know Miller’s stuff. Gonna check out the other one as HA and security in same sentence is rare.

    Nick P April 22, 2016 3:12 PM

    @ Clive, Wael, Figureitout

    Turns out something I found in a paper actyally has a tool on Github. More important, it’s a tool for physical synthesis of cell libraries down to 45nm! Has video tutorials too it looks like. And works with [nonmanufacturable] FreePDK 45nm library that’s designed to teach people how to use these tools.

    A team with minimal funding could get the design rules from 45nm-350nm (esp 180nm) foundries, encode them in this sucker, and start cranking out free, semi-open libraries. Probably still need fab NDA’s and such for distribution but at least verifiable by many parties. Plus, people can experiment with open-source flows and simulators with those cells.

    Exciting shit to me. 🙂

    Wael April 22, 2016 6:56 PM


    finally decoded: “Good timing…”

    You read too much into it. I meant @Nick P chose the right time for a link to share.

    A team with minimal funding could get the design rules from 45nm-350nm…

    Not within my scope! Good luck with it. Forge ahead and conquer.

    Nick P April 22, 2016 7:24 PM

    @ Wael

    What!? FOSS is kind of short on analog & digital design skills. All you need to know really to do a cell library outside the software & design rules for target process. So… YOU… forge ahead and conquer! Haha.

    Figureitout April 23, 2016 12:06 AM

    Bob Paddock
    –I like compiling w/ -O0 so long as I have the memory, there’s good choices for more memory now. B/c I’m sure you guys and a lot of other people have experienced your code getting optimized out, w/ gcc-arm in my case it was critical delays. The compiler couldn’t comprehend the problem I was fixing w/ a delay. I’m not quite sure where I would need ‘volatile’ then, (can’t recall the ~3 layers of delay code verbatim, but it’s just you know, cpu_delay(# of cycles), the # cycles depending on clockspeed etc…timing calculations, fun…).

    There’s probably hardware design issues if you’re told to compile no lower than -O1 or “thar be dragons”.

    –Pretty good highlevel overviews, good reads. On attack page, being able to non-randomly modify PC is crazy scary. You basically completely own the chip at that point, and this is where you could direct the PC outside of your code completely, maybe even execute a little nugget of evil, where all the checks in the world don’t matter anymore, then hop back.

    The bit about nail polish on a pin reminded me of putting something called “conformal coating” all over a board. Just a slight irritant for attackers (and me when a board in testing dies), you have to scrap that off to start probing around. Then you’re not sure if not getting a voltage means literally no voltage or some of that coating is still there. With surface mount parts and very delicate chips, this can get real annoying real quick.

    Clive Robinson
    –Tried for a couple hours to pseudocode just to take my mind off other things like finals/projects, unsure about a few things. First not sure how to do a circular buffer, I looked up an implementation. Can do (1), and (2) (I’m presetting length to whatever customer is willing to enter on a daily basis lol). (3) is where I get lost. What’s a false base pointer? What’s Wptr? Why 16 byte, is that 16 char pw max length? What’s chksum initialized as? After that I’m good mostly.

    Nick P
    –Cool, but yeah like Wael, I can work my way around electronics, but designing a chip in this day and age…Not yet. That’s a group effort hands down, I’m CE not EE too. I helped design a product around a couple chips, not the chip itself, I programmed them but not huge amounts of code. Next project will be new territory and I’m nervous lol. I’m just unqualified and it’s dangerous. I really suck at digital (hardware) design (karnaugh maps and the like), even more so at straight analog, and I find it boring besides RF stuff. Just cutting and pasting hardware designs sounds really dangerous, curious what kinds of bugs would crop up. Who knows, maybe you get lucky?

    Did they have any chips taped out and made? Were they perfect (lol) on the first rev?

    It’s exciting maybe having more chip choices besides the same thing again and again, but I’ll just stick to what I like best and can be most effective, which is firmware, and protocols. The background knowledge needed is extensive. And the people doing this are probably not going to explain what they’re doing well for job security…

    Thoth April 23, 2016 5:17 AM

    To summarize the 2 web links I posted previously with one mentioning attack vectors and the other mentioning defensive maneuvers, just like any military strategy, the main thing is to make the enemy hard to predict you by being seemingly unpredictable. Since you have no control over the physical hardware, you can only use software defensive maneuvers. The favourite attacks on hardware (e.g. smart card) is either attempting to probe around by inducing faults and glitches, reading I/O pins and power lines or by listening into to the timing for timing attacks.

    With these in mind, redundant cycles and operations, even timing of executions per operations (passive defense) or to make your timing unpredictable to mask the actual timing (active defense) would be very useful. When comparing secret data, do not immediately break from loop (thus giving away your true timing) which could be protected by reserving a byte as a flag which you update (either a boolean or a 0xFF or 0x00 byte flag) and to make stuff even more fun, you have another false flag which you execute something random in between and then update the false flag. You don’t need to do 10 false flag operations per byte of secret data being compared. Just one or two false operations is enough to mask the timing itself.

    Put it simply, make yourself as unpredictable as possible. This is applicable to whitebox crypto for masking crypto operations to make whitebox crypto more dynamic instead of a pre-programmed static whitebox crypto.

    Clive Robinson April 23, 2016 6:39 AM

    @ Figureitout,

    reminded me of putting something called “conformal coating” all over a board. Just a slight irritant for attackers…, you have to scrap that off to start probing around.

    Take care, ordinary (non tropical) conformal coating can be a serious carcinogen, and the tropical version contains real nasties to stop mold, fungus and various we beasties living off of it…

    As for a circular buffer, it’s just a contiguous block of memory and has two pointers one read one write that when they get to the end of the memory block they go round to the begining. The reason to make the length a binary multiple is you can just keep incrementing the “offset” pointers, all you do is mask of all but the bottom bits then add to the block of memory start pointer.

    For what sounds a complicated procedure they have real advantages, the first is constant time to callculate the memory pointers, and the offset pointers are very short and you can store both for a 16byte buffer in a single byte, and some processors have high and low nibble operators to make things even faster, as well as (6800 uPs) one byte addresses in the fitst page of memory.

    There are other advantages when you are dealing with IO buffers to provide fast and slow interupts with the likes of serial devices.

    They have a venerable past and is one reason for the sometimes odd seaming unix IO model.

    Sadly as Ive said before fundementak “bag-O’bits” abstract data types such as buffers / FIFOs / LIFOs / stacks / singly & doubly linked lists / etc don’t get taught on many CS courses…

    Clive Robinson April 23, 2016 11:13 AM

    @ r,

    Circular buffer == ring buffer, right?

    Depends on who is setting the exam question, but yes.

    @ Figureitout,

    In case your grey cells are suffering,

    But the important takeaway point for the way I was abusing it is the “constant time” asspect and no branching, which you do not get with linear buffers or stacks. So when you have “Timmy time signal slurper” sticking his EM probe in where you don’t want it he learns not a lot.

    Wael April 23, 2016 2:05 PM

    @Bob Paddock,

    The Psyleron REG-1, a True Random Number/Event Generator, based on extrapolated quantum tunneling, has been around since 2005 and is the current Standard in Parapsychology. Any insights on it, or better yet design/schematics that improve on it?

    Shielding is important. It doesn’t seem from the pictures in the book that the device is adequately shielded. If the experiment is conducted in a shielded room, the results maybe more accurate. It has to be an energy gaped room. Shielded from electromagnetic radiation because the human body interacts with that diffracts, changes waves in amplitude and phase differently. Clothing has to be standard, too.

    Temperature, pressure, phase of the moon, sun flares, etc… May have an effect
    Weather conditions, cloud overcast vs. clear skies is a factor. Earth’s seismic activity, time of day, earth’s location with respect to other galactic bodies may be a factor, too

    It’s clear from measurements that some people had statistically significant deviations from others. These results were obtained from several hundred trials, so it eliminates some of the listed ambient effects — but not conclusively.

    Finding methods to reduce the effect of other ‘human factors’ such as skin resistance, Q resonance frequency of the skull, for instance, among other characteristics will add more accuracy to the measurements.

    But: to attempt to map the ‘unmeasurable’ spiritual domain to the measurable physical domain, in my opinion, is fundamentally broken. Additionally, one can extrapolate all kinds of conclusions based on any set of ‘random data’. I question the validity of the data they collected because of whats listed above. I have no problem with the analysis of the empirical data, given that the measurements purely represent what they intended to measure, and I’m not convinced thats the case.

    My belief is the project was funded not only to prove that metaphysical abilities exist because that’s the premise! The goal,is to harness these powers for other ‘usages’ and perhaps breed or genetically engineer humans with amplified abilities — science fiction movies, in other words…

    Finally, I’m not dismissing Parapsychological phenomena; I witnessed a few over the years, and some of my earlier colleagues claimed that everyone has these abilities. There were also minor incidents on this blog as @Buck, @Nick P ,@Clive Robinson can attest to… @Nick P (tell him about the “avocado story, Nick”) thinks it’s all ‘interesting coincidences” and it may very well be the case. Some things cannot be explained by the laws of ‘nature’ that we are familiar with.

    Nick P April 23, 2016 10:08 PM

    @ Wael

    “Shielding is important. It doesn’t seem from the pictures in the book that the device is adequately shielded.”

    “Temperature, pressure, phase of the moon, sun flares, etc…”

    ” because the human body interacts with that diffracts, changes waves in amplitude and phase differently. Clothing has to be standard, too.”

    You might be onto something. The experiments involve the person trying to focus hard to influence the generator. If it’s not shielded, whatever “focus” they’re putting on it might involve changes in heat or vibrations of the floor if tapping it enough. Their activity might be manipulating the TRNG’s but not in the exciting way they hoped.

    And what avocado?

    Wael April 23, 2016 10:56 PM

    @Nick P,

    but not in the exciting way they hoped.

    I say inconclusive results. Looks like possible interference from external unaccounted for signals, waves, or particles. Cosmic rays? Electrostatic force? Or perhaps Alpha particles. How about the gravitational waves recently measured? Need to “energy-gap” the test chamber. But we can’t possibly shield the chamber from alpha particles or similar extraterrestrial-originated “test-skewing factors”.

    And what avocado?

    This avocado!

    r April 23, 2016 11:06 PM


    I thought so from your description, I just figured figureitout may recognize it by the other name. If I didn’t know ring buffers are usually contiguous regions with “movable” pointers like a FIFO/entropy pool I could’ve had confused with it a circularly linked list… Especially considering the picture you just linked lol.

    You old schoolers can be tricky sometimes…

    BTW, you forgot trees. 🙂

    r April 23, 2016 11:58 PM

    @Clive, fredsmith$

    I don’t remember what terminated strings in Apple][ but I’m pretty sure you just used a dos style string terminator$

    Good way to substitute a cstr terminator, sure beats an \0.

    Is there history behind that usage in not aware of? You guys were talking about VMS the other day, so I’m asking.

    r April 24, 2016 12:13 AM

    Never mind, it’s an old basic terminator DOS imported from Apple at minimum. It nearly escaped my mind…

    Figureitout April 24, 2016 1:31 AM

    –Yeah, the links were summaries themselves, so I’d be summarizing summaries lol if I were to go over it in depth. But yeah if you do 2 false operations each time, then that pattern will leak too eventually and get filtered out. You need to randomize how many false ops you do, and then randomize where you source your entropy from…The designs will get out of hand real quick I think and be hard to get a grip what’s happening if dev moves on and didn’t comment.

    Clive Robinson
    Take care
    –Only in the state of California though right? :p Oh and birth defects too, can’t forget those. So better not have any babies there. :p But yeah it’s kinda hard to not inhale the fumes applying it. Even w/ a metal brush and xacto knife, that sh*t is hard to get off, annoying.

    Ok, but what’s the false base pointer? I’ve heard of them before too, hackaday had a good article on them: And they teach most of those data structures, just not very well (at all). It’s best to learn it on your own w/ the internet…less money too.

    And bleh, pushing/pulling to stack is way easier and intuitive…

    –I recognized it just haven’t written one before. And I’m not sure why it’s “constant time” either.

    r April 24, 2016 2:16 AM

    @figure it out,

    Constant time means it doesn’t have a side channel leak like how we heard about pgp keys via electromagnetic noise… It’s really a statement of the instruction timing… Eg it isn’t variable through a cache got or miss at worst case or in a more complex less devastating timing attack it isn’t as slow as say a memory operation as it mainly uses ‘immediate’ operands.

    Agner fog is something to look up for outdated (ppro) optimizations, (…is this a honeypot operation????, Bob paddock above is talking about volatile :))

    Add reg, reg ; fastest, ‘reg/register’
    Add reg, 0x# ; next fastest, ‘imm/immediate’
    Add reg, [mem] ; slower, vulnerable to misses ’mem/memory’

    THEN, where ‘mem’ operands are concerned timing various even more wildly when you start getting into larger looped constructs like encryption algorithms as every is pretty much timed differently.

    r April 24, 2016 2:18 AM

    I don’t have any information on timings for MIPS arm or Motorola though, just that one little piece.

    r April 24, 2016 2:35 AM

    Inc Val
    Jo loop
    Je loop

    An attacker, knowing your algorithm will be able to detect every je/Jo by how long it took for whatever activity they’re seeing emitted via ground, EMF, thermal, etc. Tighter loops like that would resist attacks via device polling resolution but as stated when you get into larger things… Take a look at the branching and operands per branch in a given loop construct specifically muls and divs; you will notice from one branch to another that they are unbalanced timings comparatively in each arm of a function. If processing was homogenous then the transform is pretty weak hence Clive’s example above: great for hardware it’s small and fast but it won’t stand up to someone with knowledge and power. OTP and substitution cyphers are the only homogenous crypto in aware of and I’m almost certain there is non constant time otp out there.

    Is it serpent or whirlpool that’s supposed to be engineered to be resistant to timing attacks like this?

    Clive Robinson April 24, 2016 8:40 AM

    @ Figureitout,

    Ok, but what’s the false base pointer?

    That be one of dem darr men frum boys question’s “us old timers” mutter curmudgeonly about (thanks @r for making me feel acient, you and @Wael appear to be doing a double act on me 😉

    Seriously though, it’s an issue that arises from “abstraction” especially in Alogol descended languages like C…

    Assembler language programers don’t have a compiler getting in the way when it comes to memory and pointer arithmetic. In asm you have to know the size in bytes of your data type. In C they try –but fail– to abstract it all away, and compilers can make it oh so much worse.

    To an asm programer memory is just bytes with pointers to bytes, they are responsible for word aligning etc and dealing with structures with different sized data types within. C programers however get mollycoddled and it all gets abstracted away thus pointer arithmetic is out of sight, out of mind and can be slower than a three legged tourtoise.

    The problem with pointer arithmetic is it can be fast and sleek, but waste heap space or it can squeeze out every last byte of heap and have a vastly increased and slow Arithmetic. An experienced asm programer writing for an embeded system will find a balance depending on the resources available.

    The important thing to note is blocks of memory and their pointers are actually down below the CPU level in the computing stack. There is a whole bunch of stuff inbetween on larger microcontrolers (MMU, Segmentation etc). They are also below the OS with the applications sitting above (esspecialy stack oriented OS’s that run on MMU less hardware).

    So you have a block of linear memory of a number of bytes that might be word aligned or not, and depending on the CPU and data type the first byte of that memory may or may not actually be the logical start of the array as the high level language programer sees it.

    It’s this high level language pointer that is the “Base Poiter” in C it would be ary[] that is the base pointer and ary[0] is the calculated pointer to the first data element.

    The important word to note is “calculated” and what it hides from you. It’s usually fair to assume that ary[] is actually a pointer, where as ary[n] may well be ary[] + (n * sizeof(type)) or worse. But n and the size of a type will be smallish integers in most cases not the normally larger size of pointers.

    But where as ary[] and ary[0] might result in the same value with a linear buffer the same is not true for a circular/ring buffer. While ary[] as the “base pointer” makes sense for the block of memory and the linear buffer, it makes no sense for the use of the circular buffer.

    A “false base pointer” is what is calculated from either the read pointer or the write pointer so that you can make sense of things with counters.

    The pwd[] array is a null terminated string which if in RAM could be used as a linear buffer thus pwd[] makes sense for both reading and writing and calculating the length of the string or the distance from the start of the string or the distance to the end of the string. Thus pwd[] is the anchor point around which the calculations revolve.

    Not so in the circular buffer usage, Cbuf[] is the start of the linear memory, and it will have a size Clen, thus be effectivly a Cbuf[] to Cbuf[Clen-1] block as far as the memory view goes. But… from the program view the read and write ptrs are calculated as Cbuf + (Wptr mod len) thus wrap around to turn the reality of the linear memory into a virtual ring that has neither begining or end just two pointers Rptr and Wptr for reading and writing respectivly. The usuall assumption is that the Wptr is in advance of the Rptr even though it’s actual value may be less due to wrapping around. This makes discovering the lengths of the used and unused portions of the circular buffer harder. Obviously if the linear buffer length is len=2^m then the ‘mod’ function becomes a simple mask function of AND 0x0F etc where the bottom m bits are set. Unlike otherways of calculating the pointer “Cbuf[] + (Wptr AND 0x0F)” always executes in the same time as there is no comparison or branching.

    The problem is then how do you compare the linear password buffer Pwd[] with the moving Cbuf Wptr. There are two ways, count backwards from Wptr and Pwd[possition of null] or calculate a false base pointer of Wptr – Pwd_len and increment up. In this case as decrementing only needs the compare to zero on the count it always runs in the same time.

    Which brings us to the check sum and the way it likewise does not leak information. The XOR function only has a zero output when the inputs are the same. Thus if you first clear CkSm and in the loop do CkSm += (Wptr[cnt] XOR Pwb[cnt]) CkSm will only be zero if the full password and circular buffer values were the same. So providing the length of the password is always less than half the minimum integer max in length (ie 127 for byte addition) then the addition has no overflow implications and executes in constant time as does the decrement of ctr and the XOR function.

    Hopefully that’s covered the basics.

    P.S. Although the algorithm executes in the same time, it can not avoid leaking the length of the password, because it will show a repeating pattern in the EM signiture and that can be counted. Though you can hide this, the extra code in a resource limited low secrecy application is probably not justified.

    r April 24, 2016 9:06 AM


    My absolute apologies for being a wanker with the old schooler comment.

    Believe me, I would take experienced and classically (double speak here) educated over some brash ignoramus like myself any day of the week.

    Nick P April 24, 2016 10:56 AM

    @ All

    One overlooked great in IT is Pieter Hintjens. He’s like the Daniel Bernstein of enterprise software: always coming up with innovative methods to improve on status quo that aim for correctness and high-speed simultaneously. His company, iMatix, cranked out one badass solution after another with ZeroMQ smashing other middleware in speed, ease-of-use, and reliability. He recently posted his final protocol design that won’t be in an RFC:

    A Protocol for Dying

    Sadly, he found out he has two lungs full of cancer. His clock is ticking. So, being an engineer, he devised the best route to a good end he can think of and published it. A tough and powerful read. So, we loose another great just as his work is having serious, mainstream impact. Always hate it when that happens. At least his protocol is helping he and his family get through it better than many.

    Anyway, here’s a tribute of some links I’ve been posting everywhere showing his and iMatix’s style of doing things since the late 80’s to early 90’s. A nice embodiment of The Right Thing philosophy that actually achieved commercial success.

    A great write-up on his theory of model-driven development and the tech that underpinned most of iMatix:

    Their website is a slide-show demonstrating their amazing work:

    Generating servers from state machines and such:

    SMT kernel for portable, multi-threaded, fast code:

    Meta-programmed, model-driven Web server (old and new)

    One of best middleware ever:

    Wael April 24, 2016 11:24 AM

    @Nick P,

    A Protocol for Dying

    Pragmatic approach. I don’t necessarily agree with everything he said, but I respect his point of view.

    We all die. Every day that passes means life is shorter by that much. Gives you a different perspective on birthday parties.

    Wael April 24, 2016 11:52 AM

    @Nick P,

    A great write-up on his theory of model-driven development and the tech that underpinned most of iMatix:

    MOP… Great write up. Guess what would you get if you apply the same (or similar) concept to security?

    ianf April 24, 2016 12:27 PM

    […] “read up on Gordon Welchman. He was the one who organised Bletchley… into an almost industrial operation, as well as independently thinking up the bombe system, and arriving at its major improvement the diagonal board.

    @ Clive,
                 well aware that, where history of cryptography is concerned, I am a mere passer-by to your seasoned herald-practitioner, never the less I beg you non plus ultra mega pardon (with French-flavoured accoutrements for added FX) not to overdo that your habit of Rule Britannia!. At least where well-documented and acknowledged genesis of cracking the Enigma and first-generation bombes are concerned: it rests squarely with Polish mathematicians. An academic trio, that, having gotten hold of an Enigma unit that Germans never knew was missing, managed to reverse-engineer, and then virtualize the principles of its operation. And then exploited it in mechanically-aided fashion. Thus the Polish intelligence was able to read encoded diplomatic dispatches already in 1932, 7 years prior to the German invasion of Poland, the outbreak of WWII (and the end of youknowho’s “Peace in our time”). You’re too old a trooper not to know all that.

    Having originally met cryptography in Scientific American, I proceeded to consume all major pop-sci works in the field (skipping the heavy duty crypto bits that’d only confuse me ;-)), beginning with The Codebreakers. Plenty of UK-centric items, too. As I recall, in no case were British cryptographers unilaterally credited with discovery of what’s effectively been dropped into their lap. With the war fast approaching, when the Poles made a present of their findings to the Brits and the French in the summer of 1939, they were initially met with incredulity and disbelief… all in the spirit of #NotInventedHere (and by mere lesser continentals to boot!) I presume, and that even before the NIH syndrome itself was invented (nor are the British known for appreciating genius even among their own: vide Alan Turing, sacrificed on the altar of Prurient Righteousness).

      The Brits are rightfully credited with refinement of wartime de-crypto, but the seeds came from alums of the well known Lwów School of Mathematics (btw. the H-bomb originally was known as the Edward Teller-Stanislaw Ulam design–another professor from there).

    PS. In 1990 I saw the original bomba (Polish spelling of bombe) in the Technical Museum of Warsaw, the size of an hefty oak armoire (before I was allowed to ogle it, there were some nervous telephone calls upstairs whether a foreigner should be let in into that glass-doored, but padlocked hall… old habits die hard). I was surprised that it survived the war. Only later was I told that, in all probability, it was a replica of a prototype built in the 60s by students of the Technical Military Academy.

    Nick P April 24, 2016 12:54 PM

    @ Wael

    ” I don’t necessarily agree with everything he said, but I respect his point of view. ”

    Same here.

    “Gives you a different perspective on birthday parties.”

    I used to joke when people asked why I don’t celebrate my birthday that it’s just one year closer to dying. Great. Before they got too awkward, I laughed, said I was kidding around, and told them I’m grateful for every day rather than one a year. Except the bad days: those could just get edited out of my existence except for the ones I learn from. 😉

    “MOP… Great write up. Guess what would you get if you apply the same (or similar) concept to security?”

    You get high assurance security I’ve been reporting on for years. 🙂 I recently did a post here on linking to five or six different approaches that use two languages (programming and/or specification) in parallel to boost assurance. Should complement for implementers my post listing UNIX alternatives along with their benefits.

    Nick P April 24, 2016 1:02 PM

    @ All

    Nice write here by NatSys Lab on fast, FSM’s for HTTP parsing. It’s rich with good stuff:

    1. First link is to an open-source tool for Web Application Firewall, DDOS prevention, and HTTP acceleration. Their specialty is apparently Gbps or 10Gbps NIDS on very cheap hardware. This is one of their tools they kindly gave away. Worth the article by itself. 🙂
    2. A paper describing how their Tempesta framework works. Tempesta is also name of above tool that implements framework.
    3. A link to Ragel state machine compiler. On same site is Colm language that’s designed specifically for robust transformations on programs and such. I posted its inspiration, TXL, here a long time ago. Good to see an update on that path of research.
    4. Their new method of encoding the FSM directly into goto’s with vector acceleration and benchmarks.

    Altogether, some great things going on at NatSys Lab. Keep an eye on them.

    r April 24, 2016 4:30 PM


    By the way: you’ve made me ultra paranoid with your point about constant time not leaking even input length. Good job expanding awareness… Pseudo, or Random exits are probably easier to implement than universally timed exits huh?

    Maybe with hardware it’s easier to give static duration function time with a watchdog?

    r April 24, 2016 6:00 PM

    Instead of padding for time what about padding execution?

    You could double the time and memory cost statically by creating a parallel (and maybe inverse) environment inside of the function.

    How did gnugp address their leakage?

    r April 24, 2016 6:44 PM


    How does one setup for this type of attack? Obviously a bare metal host is a requirement for starting off as host for the codes to attack… But I have zero EE background you can’t just dump ground to an external SDR adapter can you?

    Figureitout April 26, 2016 1:08 AM

    –I know what’s meant by constant time, just unsure why a circular buffer has constant time. And if eliminating timing/RF sidechannels (RF not being eliminated, just trying to blend in, can shield but not all of it) means the code has to go to the dogs…tough decision. Using variables (add reg, [mem]) means not using stack and keeping your data safe from overwrite, easier to debug, and better for future devs if your code is good enough to just be maintained. Otherwise you better comment well and the code’s gonna look like hacky-sack crap that requires reading it all to make changes.

    Clive Robinson
    That be one of dem darr
    –I won’t rag on people being old, don’t care (well when I get stuck behind one of you guys in traffic…jesus christ get out the way! :p), but if you have one of your “man periods”, don’t take it out on me. :p

    out of mind and can be slower than a three legged tourtoise.
    –Saw something similar first hand, calling a C function in an ISR (which only takes like a few ms…), was like someone shot the CPU w/ horse tranquilizers. I’d have to screw up my nice interrupt timing to accommodate that, nope…I don’t really care about speed until I start to notice it…

    Not sure why you use the word “false” base pointer and not just base pointer unless you’re trying to lead eavesdroppers on somewhere else besides the right trail. Searching, looks like it’s generally to keep track of stack pointer and for debugging: and if you want to write annoying malware you can obfuscate this pointer.

    Most of the rest you’re saying, I get it. Need to see it to believe it. I know my fingers and the stopwatch on my smartphone is too slow. :p And if the password is long enough, that’s fine for just the length, if signatures from the keypad leech out too, bleh. You could change up the keypad array in code and assign different keys to chars for each keypad, at least make it a bitch to get each one if you deploy like 100’s or 1000’s.

    Wael April 26, 2016 1:41 AM


    well when I get stuck behind one of you guys in traffic

    You’ll be behind alright. Was doing a 120+ the other day and got clocked at 97 😉

    Figureitout April 26, 2016 2:10 AM

    –Lol, keep driving like that and I’ll be driving past your wreck like “goddamn f*ck, causing a traffic jam”. What’d you do, give the cop a squeeze of your pumpkin a$$ to get 20mph reduced on the ticket? :p

    Clive Robinson April 26, 2016 5:25 AM

    @ Figureitout, Wael,

    What’d you do, give the cop … to get 20mph reduced on the ticket? :p

    Think on the problem a little…

    You’ve done something, wrong, sufficiently badly that the cop has pulled you. So you have caused the cop to do somethy they probably would rather not be doing, so they are going to want something in return…

    Now never having driven in the US I don’t know anything about your speed regulations other than you have some. But in the UK we have two basic levels depending on what speed you were traveling at, the first gets you the official slap on the wrist etc, the second faster speed gets you banned from driving.

    So you need to try to get your over the second speed limit down below the banned threshold…

    Now most traffic cops know that the speed limits are bogus, just some vaguely justifiable thus arbitary figure in most, but importantly not all cases. Thus he’s looking to see not if you are speeding but if you are doing it under the influance, recklessly or dangerously. If it’s any of those then there is no chance of a “plee deal”.

    However if it’s not, then if you own up to being above the first limit but a little below the banning limit and you are polite and curtious and above all taking it seriously and putting your hand up then the chances are the cop will take your admission to the basic speeding and not push for the banning speed.

    You get a slap on the wrist, he gets another tick on his work performance chart, and neither of you get serious grief out of it (unless you do it again soon).

    It’s called playing the game, minor bending of the rules gets a shake of the head, bend a little further and you get pulled back, unless you’ve pushed to breaking point, in which case you’ve made Santa’s “naughty list” for the next few years.

    Wael May 5, 2016 12:03 AM

    @Nick P,

    You need to finish it because the Good …

    Got a chance to read some more of it. Make it easy for me and tell me what you liked about it. It’s a good story, I like the methodical thinking, but I don’t see anything we don’t know now.

    Wael April 15, 2017 12:32 AM

    @Bob Paddock,

    The Princeton Engineering Anomalies Research…

    I’m starting to have second thoughts…

    Leave a comment


    Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

    Sidebar photo of Bruce Schneier by Joe MacInnis.