Friday Squid Blogging: Stuffed Squid with Chard and Potatoes

Looks like a tasty recipe.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on July 15, 2016 at 9:16 PM • 267 Comments

Comments

rJuly 15, 2016 10:19 PM

@Joe,

Currently works for me, you had me concerned somebody ate the last serving.

rJuly 15, 2016 11:42 PM

Chances of a match vs 8-way Facial Biometrics?

"One in a trillion."

https://science.slashdot.org/story/16/07/15/2039233/do-you-have-a-living-doppelgnger

From the "everybody's favorite lizard dept"

https://news.slashdot.org/story/16/07/15/2243250/newt-gingrich-says-visiting-an-isis-or-al-qaeda-website-should-be-a-felony

Investigative Journalists and Malware Researchers bewary.

And lastly but not least:
#Brexit's finger is on the button...

https://yro.slashdot.org/story/16/07/15/1438227/uk-gov-says-new-home-sec-will-have-powers-to-ban-end-to-end-encryption

(Good luck with that)

ianfJuly 16, 2016 12:53 AM


Definitely ON TOPIC for once.

> “Looks like a tasty recipe.

It does, but let's get real, Bruce, you could have been served goat's innards stuffed with chard and cooked in thyme and not been able to distinguish that from that squid course (the meat) on taste and palate alone.

Clearly, if one is serving squid, IT HAS TO PHYSICALLY RESEMBLE squid, otherwise one might just as well serve bits of Quorn (=essentially lab-fermented mushrooms tasting v. close to meat), or even the newly announced Israeli Cultured Meat (cultured from a single cell in vitro, and thus guaranteed Kosher AND Halal; the rabbis there are nonplussed because, were this to become a commodity, it would put them out of a profitable Kashrut-certifying job). At least, when one orders Calamares in a restaurant, one is served unbroken rings of chewy meat that could but come from octopii arms with suckers.

CartmanJuly 16, 2016 9:13 AM

Good story, hard to do.

"SPIEGEL: Michael remembers thinking, this is headed towards a very bad end.
RABDOU: Someone was going to get hurt.
SPIEGEL: But then one of the women at the table, this woman Christina, pipes up. She has an offer for the man.
KHYBER: She said, you know, we're here celebrating. Why don't you have a glass of wine (laughter)?
RABDOU: It was like a switch. He could feel the difference.
SPIEGEL: All of a sudden, Michael says, the look on the man's face changed.

SPIEGEL: For a moment, they all sat there together, the stars overhead twinkling, the sound of chirping insects in the night air.
RABDOU: And then he said something just so strange - just said, can I get a hug? My wife hugged him. And then our friend hugged him. Then he said, can we have a group hug?
SPIEGEL: And so everyone got up and formed a circle around the man.

SPIEGEL: This is a professor at Michigan State University named Chris Hopwood. Chris spends his life looking at how people interact with each other. And one of the things that he looks at is called noncomplementary behavior. So the basic idea is that people naturally mirror each other.So when someone is hostile to you, you are typically hostile back. Warmth begets warmth. And breaking this pattern - say, being really warm to somebody after they've been incredibly hostile to you - that is noncomplementary behavior. And according to Hopwood, it's incredibly hard to do.
HOPWOOD: So if I am really nice to you, and you're really cold and unfriendly to me, generally speaking, either I'll try to do something to, like, appease you and make you like me so that you'll warm up. Or maybe I'll respond with coldness to you because you're being unfriendly to me. Or we'll just stop interacting.
SPIEGEL: But people do manage to sometimes behave in noncomplementary ways. And when they do, it often completely shakes up a situation - flips the script. It happens between people. But also, it can happen on a bigger level.
HOPWOOD: The reason, for example, that we admire people like Gandhi and Martin Luther King Jr. is because they were able to maintain a sort of warmth and integrity in the face of people who were being cruel to them."

http://goo.gl/4uu5Vr
From ‘Invisibilia’ podcast ‘Flip the Script’

CallMeLateForSupperJuly 16, 2016 10:13 AM

@all re: 3rd-party trackers

For many months now, DISabling trackers in PrivacyBadger played havoc with proper page rendering of certain web sites (particularly newspaper sites). The Boston Globe site won, hands down, my personal award for ugliest rendering: absence of all photos; text superimposed over text(!). I considered the messes a necessary burden to bear, a quid pro quo for my having short-stopped the embedded "gifys" from e.g. F-book and Giggle. But within the past few weeks - I don't remember exactly when - the messes disappeared. Photos appeared; text conformed to neat columns.

I checked the PrivacyBadger settings for each formerly offending site. None had changed, that I could tell. But clearly something changed. Have the tracker people figured out how to elude PrivacyBadger? Did web sites switch to 3rd-party services that don't track?

Markus OttelaJuly 16, 2016 12:01 PM

@ Nick P RE: Post from June 30

Far as other comment, I'm only resisting the smartcard stuff due to subversion and verifiability."

In my opinion smart card is a good idea when you want a more limited TCB to store keys and handle encryption in. As I discussed in the article on end point security, smart card (namely, Google's Project Vault) is not secure when the plaintext handling is made on networked computer. But storing TFC's keys on smart cards connected to TxM / RxM would add a layer of security. (Although, if the interfacing indeed sucks, then it's not going to be practical.)

"What do you mean by [The faster optocouplers that support up to 1M baud/s are more complex on the inside]?"

The schematics show how the receiving side has four pins. It would appear I need to pass current from the collector (pin 6) to pin 8 to feed current into the transistor's base when the photo diode is illuminated. I recall trying that and getting no reproduced signal. I'll see if I can find the time to reproduce the issue and ask about it. (Also, I wonder if the pin 5 needs to have common ground with pin 3.)

"I was talking about the enemy stealing the keys part."

Heh, my bad.


@ Nick P, All:

On TFC:

I finally managed to read through Dan Bernstein's (djb) papers on Salsa20 and while most of it went straight over my head, I understand the design rationale a lot better. First, it's constant time, which is great for TFC's trickle connection. My main concern was with number of rounds. My idea of the headroom was probably what he considers 12 rounds to have (reasonable headroom), when in fact there's 20, considered overkill by some reviewers. I was also kind of surprised how many reviews there were; The best attack is on eight rounds (also, djb's responses to some Salsa20 peer reviews were fun to read).

(I haven't read the papers on Poly1305-AES, but aside "just" 128-bit MACs, I don't think there's a problem, especially given the security proofs on AES.)

So with that being said, I'm going to give up maintaining OTP and cascading (CEV) versions. OTP is not unusable, but the attacks are not going to be against the ciphertext. I'm also not confident in my ability to implement Wegman-Carter MAC on Python, and the current, one-time MAC takes excessive amounts of key material. The key generation speed is in the end atrocious: Vazzana's recommendation for key sampling is 3kHz. With Von Neumann whitening, even in the optimal case only produces key material for 440 messages / hour.

Security through obesity provided by slow OTP exfiltration over covert channel is a good thing, yet it's borderline snake oil -- "only compromises n messages / day!". I think the correct direction is moving towards TxM configuration that requires no dependencies from network during installation: extract, compile and run. It's a long way, but the downsides of OTP outweighs the security through obesity.

As for CEV, the obesity of keyfile (512 bytes) is not that much larger than that of NaCl (32 bytes). I considered going with CEV style 512-bit key with HMAC-SHA512 based hash-ratchet, but that only works for PSKs, because Curve25519 shared secret is 256-bits(?). SO I'll look into that once Shor's algorithm becomes an issue. Also as djb wrote, related key attacks are thwarted when key is fed through hash function between messages, meaning I actually don't need to hide part of the key's state. The average lifetime of a single PSK is 2^128.

The next version is going to encrypt at least the keyfiles/PSKs with user defined passwords. There's nothing wrong with encrypting OTPs locally with Salsa20 (that can move to any offset in keystream in constant time), but even if keyfile integrity was verified only during start, having to compute new MAC for large keyfiles between every message probably makes it too slow to use, at least on RPi. As for CEV, where the assumption of security was "secure as long as one of primitives is secure" using multiple ciphers would be overkill. Also, considering the entropy of passwords, that will probably never reach 256 bits, let alone 4096 bits of CEV. So CEV could be used with single pass. But like I said, it's not going to be the algorithm that gets attacked, but the implementation, download, software signing keys, public signing key that gets spoofed, MITM on ECDHE, key exchange rendezvous, evil maid attack, covert channel, user stupidity...

Another issue is code quality. I simply don't have enough time to maintain three versions, especially now that focus is on improving usability, installation and writing unittests (that deal with more and more encrypted data).

---

So the current road map is probably to first get the new features (lots of usability improvements) for TFC-NaCl, out (from now on, it'll be just TFC). I'll then try to have the software split into multiple files, with the goal of having only one client, that has first-time setup that defines it's role as TxM/RxM/NH. Once that's complete, I'll re-consider adding other ciphers if there's demand.

Slime Mold with MustardJuly 16, 2016 1:06 PM

25 members of the US House of Representatives have formed the "Fourth Amendment Caucus". 12 Democrats, 13 Republicans. About 6% of the House.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"

USA Today Article.List of Members . Support them

MrCJuly 16, 2016 4:04 PM

Re: Riffle (posted by Drone):

If I understand correctly, ElGamal is irreplaceable in the shuffle step because both the proof of the shuffle and the proof an accusation isn't bogus depend on its homomorphic properties. Is that correct?

nikJuly 16, 2016 4:43 PM

I wonder Where Clive Robinson is. I hope he's doing OK. I miss his posts.
At least the other regulars are still here

HadoolJuly 16, 2016 5:18 PM

Why is nobody working on hardening the Tor Hidden Services default setup configuration, so it would make it easier to enforce 2-factor authentication, send push notifications after each login and javascript change (so it won't take days to discover a potential XSS attack or FBI exploit injection), block bots that look for vulnerabilities on the site, detect server IP address leakages and so on.

rJuly 16, 2016 5:26 PM

@Hadool,

I know right?

I've been playing with compiling libevhttp against the package to enable it to host microblogging directly, there's no real reason why it doesn't include basic hosting options for things like pgp keys and such. With that whole email discussion last week? I've been wondering if there should be a uucp revival over these types of networks to interconnect them.

Of course the solution is mixnet or freenet, but come on!

More Human Than HumanJuly 16, 2016 6:22 PM

Beelzebub's Letters to His Grandchildren

All the Things You Are Not Told About Hacking, Law Enforcement, and Spying

Number of Americans with Top Secret Clearance
https://www.google.com/#q=number+of+americans+with+top+secret+clearance

5.1 Million

1) First information you need to know.

Now, there are two sorts of groups which are spying on you political discontents. And you hackers who do not even have any strong political or religious views. One, is governmental. From just America? Of course not. Two, is corporate. In these sorts of circles, where corporations are targets of people's discontent, you will actually find far more corporate spies then governmental. From all the nations combined.

Across the past hundred and twenty years, in "the West", very often groups have more spies then they do real members.

Now, what do I mean here by "spy"? Foreign intelligence? Counterintelligence? These are few and far between in such groups. No, you are talking about cops or rent a cops. Mercenary cops. Cops as in "undercover". Knuckle draggers, but some are very smart. Some of the most profecient spies in history have been cops. Most are pretty bad. But, so are you.

2) You are way overestimating your own self.

I often see people here praising undercover while condemning everyday people. Good book to read, "You Are Not So Smart". Spying, the field you have effectively put your self in when you start to illegally hack and/or espouse potentially dangerous ideas some regime may not like, somewhere? Is a very non-empirical field. For a very long time. Until you get caught. And then, it turns out, you were already caught, from the beginning. All along.

What are you the best at? What do you lead the world in? Were you the high school football star and the smartest kid in high school? Have you conquered the top 10 or top 100 of any video game list? Have you made your self world famous in any field, spoken as a subject expert at leading conferences? Regularly dealt with international media? Because you so excelled at any one field? Much less, more then one? Any one you put your mind to?

Have you read every 'to read' book on any subject, or watched and memorized every essential video on any one subject? Where you can do that and implement what you watched, what you read, and show proven results?

For this matter, are you a script kiddy or a real global top hacker? Can you find a critical vulnerability in a major application? ;-) Can you find a critical vulnerability and write exploit code for it? Have you? How often? Can you code your own rootkit? How many languages can you write profeciently in? How many systems have you hacked? How many sensitive systems? And how?

For this matter, how much do you know about heart surgery, or brain surgery? If your closest loved one needed it, would you perform it? How books did you read on the subject, and how did you practice?

Maybe you got all your information from critical folks online who are against heart and brain surgery, and believe you are an expert...?

So it is with law enforcement and intelligence. How many memoirs have you read? How many true stories of under cover intel and LE have you read or heard or otherwise studied? And, how many years have you actually worked undercover??

No? On everything? You have read ten books on politics. Lotsa articles from obscure websites that have no demonstratable expertise or experience?

Then you are compromised.

More Human Than HumanJuly 16, 2016 6:59 PM


1) Cameron stepped down in humiliation. I had great pleasure from this. He was next to Adolph Hitler in terms of privacy and security online.

Understand, I belong to a group who sees the downfall of every enemy opposed to us. Be they the head of any nation or any national agency.

Clapper and Comey are gone soon. The real challenges are taking care of just about every Muslim majority nation, and Communist nation. Semi-Communist nations in Latin and South America are coming through.

Rogers is fine. Brennan is fine. Other five eyes intelligence leadership will be changed.

2) If your panties are in a twist because of Trump, I already said here, last year, Clinton is the next President.

Stop wasting your time.

Some elements in the FBI tried to take her down, and failed. A bit more of a hit then their good job of finding out about who sucked Bill Clinton's dick. Basically, they are scumbags who are power crazy, and set to die soon.

They are mad with their death. They are decaying grapes on the vine, cursed by God with their old age. Mere infants.

We do not age. We can look like anyone.

3) America is not the apex of all evil. Contrary to what many "westerners" and Americans think. No, that would be Communist and Islamist, or other fascist nations. They continue to hold much of the world's population.

Many Western nations, for having so much freedom and knowledge, do find themselves in worse conditions.

We are behind that, and we control the bad reactions to it.

4) I think the main failure of imagination in modern cinema and other mythology, is that while there can be super beings stronger and faster then you... there are none who truly are smarter. Those who are, are presented as villains, and jokers. Satans.

Reality is, when you live much longer then everyday folks, you learn all the ways. In this way you become invisible and most powerful.

The truth of our existence, to you, is madness.

anonyJuly 16, 2016 7:14 PM

from HN

"This library demonstrates a suite of basic cryptography from the Go standard
library. To the extent possible, it tries to hide complexity and help you avoid
common mistakes. The recommendations were chosen as a compromise between
cryptographic qualities, the Go standard lib, and my existing use cases."

https://github.com/gtank/cryptopasta

StandardJuly 16, 2016 7:30 PM

@Slime Mold with Mustard

"Support them"

Exactly.

Here are Representatives that have actually organized and put their names in support of one of our most important Constitutional rights. This is governmental behavior that is desperately in need of encouragement by the public in the current fear mongering/surveillance state environment.

Please consider sending your words of support to these Reps and additionally to your own Rep indicating you would like them to join this caucus.

How to find your Rep by zip.

Related: Fourth Amendment Caucus defeats Patriot Act expansion in Congress

More Human Than HumanJuly 16, 2016 8:41 PM

The Apocalypse


So... I am a bad guy. I got George W Bush to attack Iraq and Afghanistan as he did, because I harked on the part where Saddham tried to assassinate his dad.

And, I got Cheney, through Halliburton.

This was... Me.

No one else.


Blame them, if you wish. I made them do it.


Next... I must decimate Iran. Saudi Arabia. Russia. China.

So. Debate me.

God.

Curiouser N. CuriouserJuly 16, 2016 9:13 PM

@ More Human Than Human

So tell us more about your human suits. Do you guys still wear them when you bask on a hot rock?

@ all

Carrot2? Anybody? Bueller?

ThothJuly 16, 2016 10:02 PM

@Markus Ottela, Nick P, Clive Robinson, Figureitout
re: 30th June 2016 Post Comments

Hmmm.... Markus brought up a really old post :) (yes, anything more than 2 weeks is very old on this forum for the fact there's simply too much to read - not a bad thing).

re: Smartcards
Yes they are crap (for some of them) and I am having problems with reliability issues of a particular brand of smartcards I am working on currently coding for it (I won't talk about the brand for now until I get confirmation from my smartcard supplier). That said, the only reliable tamper resistant key storage apparently would still be smartcards. If you look at other FPGAs/SOCs/ASICs that provide tamper resistant, it's either not full tamper resistance (simply protecting the RTC clock and laying tamper detecting metal shields over "sensitive" components - a.k.a half-butts job) or they just are not accessible to mere mortals like us. Try purchasing the AIM II hardware security chip from General Dynamic/Thales and you know what I mean. The AIM II secure chip is a military use chip for manpack sets, weapon systems ... you know what I mean.

What is worse, if you look at the possibility of black bag jobs on chips, FPGAs, SOCs and the likes that are not commonly used in the market are more likely to get hit by backdoors. Smartcard/Secure Element (SC/SE) chips are the most commonly available tamper resistant secure chips out there, produced in mass production, have a bunch of decades old standards and requirements for the interfaces, security, software, hardware ...etc... of the SC/SE chip like the ISO 7816, 14443 ... ). The usage of these SC/SE are mostly financial, corporate and Government facing industry but due to the propagation by the NFC Forum, GlobalPlatforms, ETSI, GSM and other organisations writing and maintaining SC/SE standards and thanks to @Edward Snowden, more people are re-thinking how to store their cryptographic keys in tamper resistant SC/SE devices ranging from the standard smartcard/SIM card form factor to SC/SE embed inside MicroSD to devices like Ledger Blue as standalone portable Personal Security Devices. Due to the fact that SC/SE is so wide spread, backdoors can easily turn into a global issue that can come back bitting and the fact that US Government is heavily reliant on HSPD-12 directive (Smartcard/PIV directive) for using SC/SE enabled cards and badges to access computer networks and buildings, placing a NOBUS backdoor would immediately be a risk as these HSPD-12 enabled cards and badges suddenly become a vulnerability and attackers who successfully figured out the NOBUS entrance(s) would be able to clone the card's keys and enter into sensitive buildings and networks with more ease.

It is much more easier to develop for SC/SE due to standards (ISO 7816/1443/GP/JavaCard/MULTOS/NFC ...) existing than say an FPGA or even an ARM Cortex A series with TrustZone (software security) or M series with SecurCore (for tamper resistance and hardware and software security) in the raw form (i.e ARM assemblies) and there is also the NDA portion which the open standards would help buffer or make transparent.

I would be slightly hesitant to take up the NXP i.MX or other SOCs and FPGA for security centric stuff for the fact that they are less commonly available than smartcards and requires domain knowledge in a particular implementation (NXP's implementation of ARM and TrustZone on top of the NXP non-SC/SE chip's security and tamper protocols and commands) and due to them being less available than mass production SC/SE chips, I suspect that if a backdoor were to be inserted, it would be easier to get them into less commonly known chips than SC/SE (not saying SC/SE chips are immune but the implications on doing NOBUS for SC/SE is terrible). On top of that, most SC/SE chips have common size constraints across the board (3mm x 5mm physical dimension to be able to fit into card module) and that immediately translates to limitations on logical space where most SC/SE have a very fixed RAM/EEPROM size around 144KB EEPROM and 2 to 4 KB RAM although the introduction of FLASH technology on SC/SE in recent years pushes it to 1.5 MB with 12 KB RAM.

If you are suspicious of the latest FLASH technology in SC/SE, the good old RAM/EEPROM combination are still being sold in full force by all the SC/SE manufacturers and would not be going obsolete any time soon due to high demands in the current era due to the push for adoption of chip cards by the US Government.

Although I do occasionally complain about problems I face when programming my SC/SE chips using JavaCard, it's just ranting as per usual but when it comes to practical choices for security and tamper resistant key storage, I would still root for using smartcard/secure elements for the fact that are are very commonly available, have a bunch of different suppliers and chip makers (despite the fact that NXP/Infineon/IBM/STMicro are the key players and controlling hands behind the SC/SE industry), they do provide an interesting variety of architectures still (ranging from 8051 style chips used by NXP to ARM SecurCore/Cortex-M provided by also NXP/STMicro and Infineon with it's own architecture called IntegrityGuard).

re: Not maintaining CEV and OTP versions

That would be a neat choice to scale down on your focus. Salsa with 12 or 20 rounds mode would have been more than enough. You can make it easier to have a software selector to select Normal mode (12 rounds) or Paranoid mode (20 rounds). Also make sure your protocol can drop in other algorithms when needed. The ability to be agile is an asset.

re: Keying Modes

I would prefer to limit cascades to two ciphers at best for the sake of simplicity and ease of maintenance. Imagine having to debug so many cipher codes to ensure they work properly and securely. Don't have time for multiple cascade more than 2. Best bet is to just default to Serpent cipher if anything goes wrong since Serpent is the "Tank" cipher in the AES competition (built very robustly and with paranoia in mind). Besides asymmetric keying and password keying, you can put a raw hex byte symmetric keying mode.

The use case would be some shared split secrets sent over multiple trusted couriers and at the end of the day, the key custodians would merge the split secrets into the final 256 bit secret symmetric key and manually hand type the 32 bytes (in hex) into the device to seed the CSPRNG inside to kick start the deterministic crypto keying process. This would essentially create a self-synchronizing crypto state machine where the message keys would be synchronized due to the same deterministic CSPRNG state in both end points. This can be tricky because there are corner cases of de-syncing (i.e. network latency and attacks). This will also mitigate the problems of most QC cryptanalysis since it's symmetric crypto.

re: Maintaining Codebases

You can create a shared library and called libTFCCore and then expand it for the many modes and features (i.e. libTFCSymmetricKeying, libTFCGUI ...).

More Human Than HumanJuly 16, 2016 10:45 PM

@Curiouser N. Curiouser


@ More Human Than Human

So tell us more about your human suits. Do you guys still wear them when you bask on a hot rock?

Yeah, if you stand in the way of progress, I will rip your head off and drink the blood from your neck.

If modern civilization has an enemy I need to rid of, I rip their neck out with my hand and drink their blood with my jaws and tongue.


I am the one who stands between you and death.


Slime Mold with MustardJuly 16, 2016 11:18 PM

@ Standard
"Please consider sending your words..."
Hardly necessary. I do work for my worthless POS's campaign and have related my concerns, carefully couched and humorously delivered. I even have a few minutes per year with a senator. My pleas fall on nearly deaf ears. They check the polls before they check their own minds or hearts.

Elected representatives are mostly concerned with elections. Governance, and for that matter, leadership, has largely fallen to the faceless occupying mid-rise office towers.

Sorry that I could not be more optimistic.

Markus OttelaJuly 17, 2016 1:00 AM

@ Thoth:

anything more than 2 weeks is very old on this forum for the fact there's simply too much to read

Indeed, the topic threads usually explode. Also, I feel bad for disappearing from most conversations prematurely. Too little time and too much to keep up with.

You can make it easier to have a software selector to select Normal mode (12 rounds) or Paranoid mode (20 rounds).

As Bernstein explains, extra rounds have historically helped stop non-brute-force attacks. To quote him even further:

I'm comfortable with the 20 rounds of Salsa20 as being far beyond what I'm able to break. Perhaps it will turn out that, after more extensive attempts at cryptanalysis, the community is comfortable with a smaller number of rounds; I can imagine using a smaller number of rounds for the sake of speed. On the other hand, Salsa20 will still have its place as a conservative design that is fast enough for practically all applications. Presumably 16-byte keys can get away with fewer rounds than 32-byte keys. But this type of variability creates two real-world problems: First, it complicates hardware implementations; second, it seems to tempt users to reduce key sizes even in situations where the cost savings is insignificant. As above, none of these comments are meant to discourage research into higher-speed stream ciphers. Perhaps it is possible to obtain higher speed without sacrificing confidence.

I'm fairly certain that over time TFC can crank up the number of rounds, as the throughput is very small. It would appear to be trivial to do (only one variable/for loop iteration in Salsa20.c to change). Whether that's safe to do, or necessary, only time will tell. Conservative security has been the focus here, so I'm positively surprised with the headroom.

Also make sure your protocol can drop in other algorithms when needed. The ability to be agile is an asset.

The algorithms used in CEV can trivially replace Salsa20 would something disastrous happen to ARX constructions. It's cascading and handling key sets that's making the maintaining extra work.

Best bet is to just default to Serpent cipher if anything goes wrong since Serpent is the "Tank" cipher in the AES competition

The only implementation for Serpent that's available for Python is this and it's copyrighted code. The documentation states "It is written for the human reader more than for the machine and, as such, it is optimized for clarity rather than speed". I tried it back when I was considering algorithms for CEV and waiting for a written permission to use it; It was many times slower than all the other ciphers combined. So while I appreciate the good amount of security headroom of the algorithm, what's available is unusable in every way.

The use case would be some shared split secrets sent over multiple trusted couriers

The proposal is borderline security through wealth, but were there demand, I don't see why something like Shamir's secret sharing couldn't be used: The proof for information theoretical security is intriguing. The current design will be password encrypted PSKs so plaintext key data will never touch the transmission media / persistence.

"This would essentially create a self-synchronizing crypto state machine where the message keys would be synchronized due to the same deterministic CSPRNG state in both end points"

That's how forward secrecy has been working on TFC ever since TFC-CEV was first written; TFC uses hash-ratchet that derives a new key for every message. Synchronization in receiving end is done with a counter I call keyID, that tells how many times the root key has been iterated. No matter how many packets drop, it can always catch up.

This can be tricky because there are corner cases of de-syncing

There's no chance of de-syncing, but would the IM client work on UDP (instead of TCP that guarantees in-order delivery), a packet that took a slower route couldn't be decrypted as it would be first rejected because of it's expired keyID, and wouldn't Rx.py check that, the key to verify the MAC and decrypt that message wouldn't even exist any more.

Another attack here is, injecting a packet with huge keyID e.g. from server, would cause a DoS on RxM. But since TFC-messages are intended to piggy back on OTR, the attack only succeeds if someone exfiltrates OTR keys from NH and MITM attacks the session, (or if they send the packet from NH directly). This reveals attacker's capabilities in such a way I find it highly unlikely any attacker would consider it productive.. Of course a frenemy could do that for fun, but then it's just the matter of blocking them and restarting Rx.py.

You can create a shared library and called libTFCCore

Something like a library will probably form over time when I polish the code base. I'm probably going to replace some elements that scale badly with curses first. I looked into Tkinter and took some baby steps with a GUI during the spring, but felt the code and my skills weren't ready for it yet.

BurntOutJuly 17, 2016 1:20 AM

Guys, I think I may have too much security for my personal computing. It's starting to get really emotionally draining and I'm losing my motivation to keep up all these secure but probably-excessive practises. I'm thinking of scaling back my defenses in order to feel more sane. Can anyone relate to this feeling?

Let me just begin by saying that my devices are not being specifically targeted by any adversaries. Dragnet surveiled like everyone else in the world, yes, but specifically targeted, no. I'm fortunate to not have a high profile, to not have done any misdeeds, and to have few enemies. Trust me on that.

I've been using Tails for basically everything for a long time. That includes all casual web browsing, all social media, all my personal email, etc. Everything except gaming and a few programs I need for work that aren't practical on Tails. Tails has been my default, but I'm growing tired of having to reconfigure everything constantly due to the fact that it doesn't remember anything after rebooting. I've been running Tails because it routes everything over Tor, which makes me feel more private. But I could probably feel just as private on a regular, non-amnesic OS that has Tor Browser installed. I probably don't need everything going over Tor, just some stuff.

Pulling a blanket over my head and keyboard every time I type the Tails disk encryption password in order to prevent theoretical cameras from seeing my keystrokes is also becoming very tiresome. I guarantee nobody has ever secretly broken into my house to install a hidden camera aimed at my keyboard -- I'm not such a desirable target. It just seemed like a neat idea at the time because Edward Snowden did it in the Citizenfour movie, that's all. This is probably the absolute most paranoid and unnecessary thing I've been regularly doing, considering there's almost no risk of such a threat happening to me.

Carrying that damn Tails USB stick with me everywhere and never leaving it unattended is also getting tiresome. It's extremely unlikely that anyone would break into my house just to get at that stick, I probably don't need to guard it so cautiously.

I've been configuring Tor Browser's security slider on the High setting and leaving it there. On one hand, chances are slim that the browser would get exploited on that setting, but on the other hand, it makes web browsing barely tolerable. And all those sites blocked by CloudFlare captchas are getting very annoying.

There are lots more annoying things that I probably could stand to quit doing too, but those are the ones that stand out most to me right now.

I guess you could say I took on all these excessive security practises as an experiment to see what it would take to be fully locked-down in the age of bulk online surveillance. I heard about Snowden's disclosures back in 2013, felt totally shocked, and wanted to do whatever it took to reclaim my online privacy. But now it's starting to feel like I may have gone too far, taken on more security measures than necessary for me, and now I'm feeling the burn-out. It's nerve-wracking if you worry about how to avoid all the ways that corporations and governments try to watch you. I firmly believe that it's still possible to be anonymous online, but it sure is hard and it's a recipe for a nervous breakdown. Living in "operational mode" all the time is emotionally draining.

I would love to be back on a regular computer system with a regular non-Tor connection again, without having to do all sorts of unnecessary security measures. Imagine you've been eating only salads for the last three years because the doctor said you should, but you're finally so sick and tired of them that you'd love to eat nothing but steaks for the rest of your life. It's like that, but with secure computing!

Can anyone relate to this feeling? And how did you deal with it? Any other comments would also be interesting to hear.

ThothJuly 17, 2016 2:08 AM

@BurntOut
You need to define your threat model then work on it. Blanket lockdown mode isn't going to work all the time as you have just tasted the ... burn out :) .

A cascual Internet computer for gaming and casual browsing is fine. If you are writing unimportant emails, jut use the casual browsing PC. If you need to write secure emails or secure browsing, use the tails.

If you are in your own house, you do not need to pull the blanket over unless you are in a hotel or not in your own room. Any way, pulling the blanket is only useful for visual hindrances. It does not block keyboard mechanism sound or EM spectrum spying so if NSA et. al. wants in, they get in.

If you segregate your life and create a threat model, you wouldn't be burnt out :) .

Btw, Tails is not a magic bullet. It is by no means secure either because you are still running it on a conventional Intel CPU with Intel ME spying on all of us :) .

Gerard van VoorenJuly 17, 2016 2:53 AM

@ Moderator,

Can that "More Human Than Human" guy be blocked? It's obvious that either:

1) He's a mental case / on drugs or, more likely,
2) He's a troll.

Either case, the guy distracts and doesn't contribute to proper discussions.

65535July 17, 2016 3:32 AM

@ Anon10

“On Thursday, Microsoft won a surprise victory in one such legal battle against the government over access to data that is stored outside the United States.”- NYT

http://www.nytimes.com/2016/07/15/technology/microsoft-wins-appeal-on-overseas-data-searches.html?_r=1

This is a step forward. Will the US court decision be overturned or otherwise circumvented?

@ Markus Ottela

I have been following you work with TFC and congratulate you on it. I hope it comes main stream at some point.

@ Slime Mold with Mustard and Standard

‘25 members of the US House of Representatives have formed the "Fourth Amendment Caucus".’

I will support them!

@ Hadool

“Why is nobody working on hardening the Tor Hidden Services default setup configuration…”

Good question. I hope Bruce will work on this problem. I will not get into the US government funding conflict of interest thing but I would like to see more private funding of Tor.

@ Andrew

“Tablet with physical mute switches”

Sweet.

@ CallMeLateForSupper

"I checked the PrivacyBadger settings for each formerly offending site. None had changed, that I could tell. But clearly something changed. Have the tracker people figured out how to elude PrivacyBadger?"

Good question. I use PB. Anybody got an answer?

[Along those lines]

@ all

What is your current safest browser and ad-ons [Chrome, Firefox, IE/Edge, Sea monkey and so on]:

1] Best script blocker, i.e., Noscript ?
2] Best ad blocker?
3] Best User Agent spoofer i.e., Random Agent spoofer?
4] Best IP changer?
5] Best server geolocator, i.e., World IP, Flag Fox and so on?
6] What’s the status of Privacy Badger? Is there a better alternative?

What are the risks/rewards? How about the financial motivation of these “ad-on or Plug-in” coders? They must get paid some way.

I am still going with Firefox because of the separate search bar and browser bar and the about:config editor. It’s not perfect with all of the chrome junk but fair.

For those of use who have M$ clients with M$ boxes:

Do you stay with Win7/Win8 or move to Win 10?

If you stay with Win 7/Win8/Win8.1 what is the best software to avoid an unexpected up grade to Win 10?

I have had some success with Gibson’s Never10

https://www.grc.com/never10.htm

There is probably a better product. Any ideas?

[20 year old printer driver flaw in all MS products]

‘20-year-old Windows bug lets printers install malware—patch now’

“Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.” -Arstechnica

http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/

This type of thing makes Microsoft look horrible. The question is, did M$ actually fix the flaw in all machines?

Small Business has to get off the M$ bandwagon - and the sooner the better.


BurntOutJuly 17, 2016 3:39 AM

@Thoth
Thank you, those are all very good points that I needed to hear. I seriously need to work on a threat model.

Jonathan WilsonJuly 17, 2016 5:32 AM

Regarding LED bulbs, IoT lighting, planned obsolescence etc, I dont bother with all that. All of the light bulbs in my rental apartment are the ones that were in there when I moved in except for 2 that blew and got replaced with some fairly cheap Phillips compact fluros I bought at the local supermarket.

I refuse to allow the IoT stuff into my life, I prefer things I can control. The only things I have that have networking functionality are my desktop PC, my Netgear ADSL2+ modem/router/WiFi AP and my Nokia N900 smartphone (which runs Linux and doesn't have all the nasty things you get from Google or Apple that spy on you and steal all your personal data and stuff). I also have a Topfield digital recorder which has a network jack but I dont even have it plugged into the network since I have no need to (it works just fine as a recorder and playback device without being plugged in).

None of the gear I own relies on any kind of "cloud" service or central servers for its functionality and (unless standards for broadcast TV, broadband internet or cellular telephony change in ways my current gear cant work with or Canon stops making cartridges for my Canon inkjet printer) I will be able to keep using it until it fails.

rJuly 17, 2016 5:50 AM

@65535

"This type of thing makes Microsoft look horrible. The question is, did M$ actually fix the flaw in all machines?"

Also: did they really fix it?

There's 2 ways they've fixed major blowouts. One is with a spare tire, the other is with a plug kit.

I don't use them for anything other than debugging/development at this point.


@Jonathan Wilson,

Do you rent? Do you own?
Do you do your own electrical?
When CF's are legislated out due to 'green' issues and chemical content (mercury?) will you be able to resist a flattened DRM LED landscape?
Will your fellow rentors?
Will your landlords?
What if the installation becomes mandatory for the safety of your local police? (Those inter-connected lightbulbs could probably be reprogrammed to auto-sense occupants and keep track of room-to-room movement, phillips could probably include a microphone for more public safety)
What then?
It's just a matter of changing building codes.
The phillips light sockets will only work with UL listed devices, do you have a right to buy unsafe chinese bulbs?
Are you ready?

Hay nony mouseJuly 17, 2016 7:40 AM

@ Burnout; Thoth :

    If you are in your own house, you do not need to pull the blanket over unless you are in a hotel or not in your own room.

Whilst that still may be true for some, it is a rapidly changing situation for increasing numbers.

It is not just Internet of Things (IoT) it is most high end consumer goods already "dialing home". As others have pointed out here in the past, it's not just with device usage data but data on "home energy usage" sufficient to enumerate / fingerprint other "off data grid" devices and usage. Then there are the "always on" energy transducers some passive some active. Looking for WiFi and other radio signals, microphones capturing all sounds from much wider spectrum and greater sensitivity than an any human ear, cameras likewise of greater spectrum and sensitivity of human eyes, vibration / gravatometers of wide spectrum and sensitivity, temprature sensors that can detect changes of a fraction of a degree from devices and humans, so on and so on. And those passive transducers are becoming active devices working like radar / lidar and similar audio, with MIMO capabilities for millimetric or better resolution.

Trying to find an unmonitored "quiet spot" in a home is quickly becoming impossible, even with out covert intruders. We are in effect performing "DIY Black Bag Jobs" and willingly doing what George Orwell could only imagine in a dystopian nightmare.

If you doubt this have a look at the Boing Boing link about the electric light manufacturers from Cory Doctorow

ThothJuly 17, 2016 8:00 AM

@Hay nony mouse
True that IOT prevalence and rise can turn into (un)expected little NSA helpers but for @BurntOut and the rest, if I start to recommend everyone to have EMSEC protection and all that high assurance, it would be unpractical and most people wouldn't like to listen anyway.

For the benefit of not getting @BurntOut to be even more burnt out, he/she needs to take baby steps to "recover" first. First thing is to define a threat model and then start planning, implementing and other steps along the way.

High assurance don't suddenly get achieved. It needs to be gradual.

So let's start from the basics ... know yourself, know your enemy. Figure out the resource and knowledge limits of yourself and your adversaries first so you can be more efficient.

Ergo SumJuly 17, 2016 8:04 AM

@65535...

In my W8.1 box, these are the plugins in the TOR browser has:

  1. NoScript
  2. Ghostery
  3. User Agent Switcher
  4. uBlock Origin

Yes, I am aware that the TOR browser has flaws and LEOs, and probably other, can exploit/intercept my connection. But for my browsing needs, it is just fine...

Firefox also has the same plugins on my system, yes, I am aware that the TOR browser is Firefox. IE 11 has minimal addons and only used for business purposes.

Windows 8.1 has been configured with the recommended security configuration, not just Microsoft, and in addition, the security is augmented by:

  1. Antivirus, licensed
  2. Microsoft EMET, free
  3. Malwareytes Anti-Exploit, licensed
  4. WinPatrol, free
  5. WoodoShield, free

There are registry/group policy settings to prevent Crypto_whatever. There are also registry/group policy settings/scheduled tasks disabled to prevent updating to W10 and telemetry based tracking. Most, if not all "important" telemetry patches either had not been installed and/or removed. The same goes for MS Office 2013 that had been retro-fitted with telemetry as well.

Pretty much the same has been done on my W7 system that will not be updated to W10. On my W10 laptop with MS Office 2016, the telemetry similarly had been disabled security protection augmented.

And no, I don't believe that my systems are secure...

Small Business has to get off the M$ bandwagon - and the sooner the better.

The sooner applications, especially business apps, have become available on other platforms, the faster this transition will take place. Most people don't care about the OS, they care about the apps.

No, I am not talking about "similar apps with limited functionalities". I am referring to exact replacements. Take for example OpenOffice, is it exactly the same as MS Office? No, it is not. Is it suitable for most people? Yes, the chances are it is. But it looks different, acts somewhat different from MS Office. And most people don't want to learn using new apps. For that matter, most people dread the moment, when they new computer comes with the latest OS and MS Office. They'll be lost for about 4-6 weeks and then, they will love it...

JG4July 17, 2016 11:04 AM


@albert - combined with your link, the counterpunch article seems to be a damning indictment

see also, a searchable database of Hillary's emails, with corruption in plain sight:

https://wikileaks.org/clinton-emails/emailid/12102

I saw a great quip where an article asked if the FBI would have ignored a bale of marijuana sitting on your coffee table while they interviewed you about willful failure to file

http://www.counterpunch.org/2016/07/15/those-damn-emails-comeys-political-fix-unraveling/
...
In Thursday, June 7, “emergency” congressional oversight hearings, FBI Director James B. Comey was questioned about his unprecedented Tuesday press conference Statement justifying the Bureau’s mutually contradictory factual and legal conclusions from its long-pending investigation of Hillary Clinton’s “servergate” problem. Republicans under committee Chair Jason Chaffetz (R-UT) conducted a professional, informed and fair interrogation of Comey that considerably advanced the debate. Comey’s less than convincing legal justification for his decision opened as many lines of inquiry as it closed. The purpose of this article is to assess that justification in detail,
based in part on , but not limited to, Congress’ inititial inquiries.
Before going into the details, a useful introduction to the subject was provided by Trey Gowdy, (R- SC), a former federal prosecutor. He walked Comey through the false statements that Clinton told his Benghazi Committee in October. This evoked a sworn on-the-record FBI endorsement of what amounted to several counts of a potential criminal indictment of Clinton for lying under oath. Having virtually framed the indictment of Clinton for lying to Congress, Gowdy then delivered a Socratic lesson to Comey on the subject of how such “false exculpatory statements” by Clinton, along with Clinton’s pervasive and “complex scheme that was designed for the very purpose of concealing the public record” could have been used in the “servergate” case to prove her requisite criminal intent, the supposedly key element of the crime which Comey claimed he could not find.
Gowdy completed his attack on Comey’s central evasion for not indicting Clinton by instructing him that intent is rarely proven by direct evidence, such as Comey seemed to suggest was needed. “You have to do it with circumstantial evidence,” Gowdy said. Gowdy outlined in less than five minutes for Comey what the FBI was somehow unable to piece together over what Comey proudly claimed was 3 years equivalent of investigatory work.
Circumstantial evidence has been used in similar cases. In the notorious case of Jeffery Sterling, DoJ was able to imprison a CIA agent on the sole basis of circumstantial evidence amounting to no more than speaking to a reporter. The case was partially motivated by retribution for Sterling’s racial discrimination claim against the agency. Another entirely circumstantial case was made against a mid-level bureaucrat for talking with a reporter without direct proof of intent, let alone of any unlawful transfer of particular information.

This initial examination of Comey by Gowdy and other Republican committee members supports the suggestion that Comey’s formal statement denying Clinton’s criminal intent, quoted below, constitutes one of a series of “coincidental shams and deceptions deeply rooted in a corrupt political system.” This sham includes a) the extended delay and timing of what appears to have been a superficial and artificially limited investigation designed to exculpate, b) the unethical ex parte meeting between Comey’s boss and Bill Clinton at the Phoenix airport, c) AG Lynch’s refusal to recuse herself for that ethical breach, d) but instead abdicate the DoJ’s prosecutorial judgment to a political FBI Director, e) Clinton (who “believes in gestures”) making anonymous leaks that “she may decide to retain Ms. Lynch,” f) Obama’s endorsement of and North Carolina campaign stop with Clinton timed to deflect attention from the FBI’s criticism of her documented lies and “extremely careless” conduct in high office, g) unprecedented signature of non-disclosure agreement for agents on this case, and then h) the very nature of the Statement itself, both the unprecedented PR exercise of its being made public and the FBI’s straying well beyond its proper duties and expertise to make and announce the operative legal decision not to prosecute. Reciting some of these coincidences Rep. Mica observed “what’s come down, it almost looks like a choreography.”

It may be only a coincidence that Lynch was appointed attorney general by Obama very shortly after Clinton started deleting her “servergate” files in February 2015. And it may be a coincidence that Comey was appointed around the time in 2013 that Clinton’s potential crime was coming to light. But was it a coincidence that Obama failed to appoint a State Department inspector general during all four years of Clinton’s tenure as Secretary of State? Or was that beyond gross negligence in hindsight?

MrCJuly 17, 2016 11:32 AM

@66535

Re: Firefox Extensions:

Connection Blockers
-------------------

uBlock Origin - Filter-based blocker. (Better performance than any other filter-based blocker (e.g. AdBlock Plus, etc.) and no ethically dubious arrangements with certain advertisers (e.g., AdBlock Plus, Ghostery).)

uMatrix - Matrix-based blocker. Remarkable.

(I would recommend Privacy Badger as a behavior-based blocker, but I find that nothing's getting past uMatrix + uBlock origin, so it's not worth the performance cost.)

Execution Blocker
-----------------
NoScript - Blocks executable content unless specifically allowed + other goodies. There is no substitute. No other FF extension comes close. Chrome's extension API doesn't even have the functionality to make an equivalent extension. (The NoScript imitators for Chrome do not offer equivalent functionality.)

TLS-Related
-----------

HTTPS-Everywhere - Force HTTPS on as many sites as possible.

Perspectives - Detect MitM by comparing TLS certs against certs observed by notary servers. A couple of caveats: (1) What you gain in security, you lose in privacy, since you have to trust the notaries not to log which certs you inquire about. (2) This project has been losing steam for some time. The default notary list is outdated and finding working notaries is a pain. Hopefully it will hold out until Certificate Transparency is implemented in FF.

Certificate Manager - Improved GUI for managing CA certificates. Makes it quick and easy to distrust ~80% of CA certs, and retrust one if it turns out I actually need it for a site I visit regularly.

Red Jacket - Actively distrust specific intermediate CA certs (e.g. the intermediate CA cert VeriSign(Symantec) issued to the scum at BlueCoat)

Data Storage
------------

Self-Destructing Cookies - Deletes cookies and DOM storage seconds after a website's tab is closed, unless whitelisted. Clears cache if user is inactive.

BetterPrivacy - Delete Flash LSOs on exit.

Expire History By Days - Restores old FF history behavior of deleting all history older than X days.

Other
-----

CanvasBlocker - Poison canvas fingerprinting data.

RefControl - spoof referers (with whitelist option)

In regards to some of your other questions:
Check whatever user agent TOR browser is currently using and set that in about:config. (You don't need an extension.) Spoofing randomly or even statically spoofing something uncommon increases your entropy - which is exactly the opposite of what you want to do. TOR uses the string from a super-common ESR, which is exactly what you want to make yourself look like.

Under no circumstances would I touch Win10. If you're no longer satisfied with Win7, it's time to move to Linux.

The only surefire way to ensure that MS doesn't issue a patch to break your forced-update-to-Win10 preventer is to manually review patches before installing them. Switch windows update over to auto-check-but-manual-install. First, uninstall and hide any of the following already infecting your system: KB2952664, KB2976978, KB2977759, KB2990214, KB3012973, KB3015249, KB3021917, KB3022345, KB3035583, KB3044374, KB3050267, KB3064683, KB3065987, KB3065988, KB3068708, KB3072318, KB3074677, KB3075249, KB3075851, KB3075853, KB3080149, KB3081437, KB3081454, KB3081954, KB3083324, KB3083325, KB3083710, KB3083711, KB3090045, KB2922324, KB3112343, KB3112336, KB2977759, KB2976978, KB3135445, KB3135449, KB3123862, KB3138612, KB3138615, KB3150513, KB3173040. (Note that MS has a nasty habit of reissuing these patches over and over so that they get unhidden.) Now, every month, you should wait until a few days past "patch Tuesday" and then read up on every patch MS tries to push you before installing it. (AskWoody and GHacks are good sites for such research.)

(There's a few more problematic patches where you're "darned if you do, darned if you don't." KB3146449 and KB3139929 are legit security patches for IE that also include Win10 ads baked into the IE interface. I chose to block them because I don't use IE at all. KB3102810, KB3102812, and KB3050265 are legit bugfixes for windows update that also include Win10 crap. I chose to install them because the bugfixes are important ones and these patches alone can't pop up annoying notifiers or force an upgrade.)

You might also want to delete any Win10 files downloaded to:
C:\Windows\System32\GWX
$Windows.~BT
$Windows.~WS

Coin FusedJuly 17, 2016 12:56 PM

@Burntout: good post, been there, done some of that, too.

My experiment: Buy some bitcoin.

Short version: Too much hassle, get a money order at the drug store, use a fake name if they make you sign for it. No one will check.

Long version:

Turns out, due to SECURITY, most every BC website is funneled through Cloudflare, which of course is one of the most highly successful Man in the Middle SSL breakers ever created. Can CF, a US based company, be trusted? I have an opinion, you may have the same one.

You need a WALLET to buy bitcoin. Online wallets are subject to intense attack at all time. Mt. Gox lost $500,000 million dollars (yes, a half a billion dollars) worth of deposits to crackers. Others have been hit every which say. BTW: No FDIC, you are out of luck and out of coin.

SO, go to an offline wallet. I chose Multibit HD. Nice program. Which again runs through Cloudflare when you need to do stuff. hmmmmmm.

Meanwhile, actually buying bitcoin is akin to checking out gold bars from Fort Knox. They demand name, addr, ph#, email, selfies, copies of your passport, bank account numbers, passwords ....literally anything you can imagine for better: SECURITY. The thing is you are sharing your data with a business that most of the time doesn't have a physical address or even a phone number, has been in business for about a year or so and forget about verifying the ID of the guy you are chatting with. hmmmmmm.

TIME: Exchanges and dealers lie a lot about the time it takes to buy coin. "Instantly" easily morphs to "a couple hours" to “3-5 business days" to weeks and of course sometimes everything seems to disappear into the void. Because: SECURITY! It seems THEY never trust you, but are offended if you do not trust THEM. In person exchanges just vaporize, the guy never shows. Etc.

Monkey wrenches: Accounts are suspended arbitrarily. Accounts are terminated for the most trivial reasons. Just because you just through the hoops doesn't mean THEY trust you. One exchange won't let you buy a knife with BC. They are dangerous you know. No gambling either. hmmmmmm.

How I got my .110 Bitcoin:

Went to an ATM at the mall, scan my Bc QR into the ATM, scan the BACK of my drivers license, pushed some screen buttons and by the time I got home after driving 50+ miles I had about $73 worth of coin in my offline wallet. BTW the fees are OUTRAGEOUS. It was 7.5% to buy, then there is like a stock exchange for buying and selling and the difference in pricing is appalling. Buy/sell differentials ranges between 3 to 15 percent. The lower numbers are only available to those willing to bare their identity and soul to the seller.

Folks, Bitcoin is a slightly amusing technical experiment but it's not remotely close to prime time. And, BC security and privacy issues are abominable.

Buy a money order at the drugstore, you'll be ahead of the game.

ianfJuly 17, 2016 1:12 PM


@ MrC, 66535

Funny how NOTHING of that complex Windows Firefox/ browser-level hardening and snoop-proofing is needed if one uses the iOS 8.2 Brave browser (recommended by Filippo.io) on iPhone or iPad:

[…] ultra-fast web browser with ad blocking, tracking protection, and HTTPS Everywhere already integrated. No external plugins or settings to manage or configure

Must be because we iOS users basically are lazy, and have other things to do than constantly wipe Bill Gates heirs' behinds.

    [the rest moved to this more appropriate, if still OT, current squid thread]

On the subject on information-collating, then publishing, scientists needing to get paid to eat, to retain strength to collect another pack of data to collate, and so on @ some author admonishes another author, this one, that

Journal paper authors don't get a dime, not even from top tier journals like Nature or Science… in many disciplines… authors have to PAY quite hefty page charges… easily in the €1000 range/ paper [… industry-wide affliction.]

There is some truth in it, and plenty of untruths besides. The more obscure a discipline, like (say) paleoentomology, the more true—but then these v. scientists get hefty subsidies to extract dino DNA from Spielberg's Jurassic Park Foundation; the Museum of Jurassic Technology; the Creation Museum, and similar outfits, so they definitely do not starve (also the insects, descendants of their studies' objects, are plentiful AND edible!)

But it's not true, that scientific studies are any and all publishers' free to regurgitate and sell (that certainly was the case in the age when pamphlets were the primary tuppence mass medium, 1600–onwards, until the first copyright laws/ rights to profit from someone else's writings/ came about ~130 years ago). So, yes, modern scientists get remunerated in one way or another, or else they would have little incentive to do it for free, while enabling mechanical distributors of content to get paid. The commercial Trickle Down effect applies. #EndOfThisExchange.

MrCJuly 17, 2016 2:33 PM

Aside from the fact that I want nothing to do with **anyone's** ads, Brave isn't ready from prime time. It takes some admirable steps towards in-built hardening, but anything beyond that just isn't possible in its current state. So it falls far short of my current FF setup. Also, I'm not at all comfortable with Brave's extensive data collection about the user. Maybe it might be worth considering in a few years if the in-building of security/privacy features continues apace and someone forks it to remove this whole user tracking and ad-replacement nonsense.

As for Windows, MS's behavior is completely indefensible. Things have come to a juncture where the best advice is to research every single patch because MS cannot be trusted. This is not an acceptable state of affairs. It means it's time to move to Linux.

albertJuly 17, 2016 3:40 PM

@JG4,
Congress doing its job, for a change. Most folks probably don't give a RSA for Clintons email peccadillos, and some may think it's just a Republican attack.

The takeaway is sure: The system is rigged, irrespective of party.

The question is, will Hill'ry continue such practices as Prez?

Just what information was contained in those deleted files?

I expect their content was much more damning than anything we've seen so far.

. .. . .. --- ....

Hay nony mouseJuly 17, 2016 4:29 PM

More on "shortening the life of LED lights and other products",

http://www.newyorker.com/business/currency/the-l-e-d-quandary-why-theres-no-such-thing-as-built-to-last

P.S. For those that don't know "a thousand hours" of continuous service is 41 and 2/3rds days so a Mean Time To Fail (MTTF) of 10,000hours is 1year, 51 and 2/3rds days in non leap years. Availability is calculated from MTTF and Mean Time To Repair (MTTR) the shorter the MTTR or longer the MTTF the better the availability. However... if you push MTTF to far the time to get a replacment part goes up quite dramatically which has A significant effect on availability. Thus MTTF has to be balanced against a number of things one of which is the "storage" or "on hand" of the supply chain.

FigureitoutJuly 17, 2016 9:11 PM

Thoth RE: smartcards
--Yeah I'm going to probably start using SD cards at least w/ Arduino's, FAT filesystem. If a serial connection can be made w/ another arduino and send the contents of SD card out over that line (think that's very possible), then a data diode could potentially be used to either send data to the card to be transferred on from secure airgapped device or read to airgapped device. But as bunnie pointed out ( https://www.bunniestudios.com/blog/?p=3554 ) an additional MCU is used for write-leveling and can be used for MITM attacks, to report false memory size, or worse prevent any overwrites to malware on the actual memory portion of the SD card perhaps. I think this risk can be managed by just using them between airgapped PC's (to read files) and using MCU's read what files are on card, and delete any file; since there's so many and malware will need network access to transfer anything of worth. But can't really format the card from arduino, maybe other dedicated hardware can. Have to use regular PC w/ linux or windows.

Markus Ottela RE: dropping support for cascading ciphers
--Why, don't you usually use other python implementations of ciphers? Not like you're writing your own crypto, they usually provide test vectors right? Just feel like cascading ciphers is best, so much stronger. I think you can take even a bunch of weaker ciphers, individually I'd feel uneasy but chained up to 2 other ciphers, then you could repeat that chain say 2 to 3 times, almost ensuring that attacks won't be from broken crypto, so you could focus on the all too fun side channel attacks.

BurntOut
--Yes, you may not hear everyone hear say that (probably have a different definition of OPSEC), but you CANNOT stay on guard 24/7 w/o burnout, or other mental/bodily harm happening. The key is separating systems that you want to use to exchange files w/ others and doing daily browsing and depending on your work environment, your work; from systems that remain off and secured in a case locked up somewhere and you use for when you need that level of security (emergencies like recovery from attacks, creating new accounts, talking to some admin on the other side of the world securely etc.). That way you don't need to go insane covering your computer w/ a sweater when they have a FLIR device hidden in a vent or smoke alarm in the ceiling noting the fresh heat signatures on the keys and extract your password the hard way, and have the tools on the ready when you need them (move to different locations where such things aren't bugged, there's many public areas that would work so long as you don't see visible cameras). I know just using Tails isn't the extent of your security stance, also routing everything you do all the time over Tor...probably shouldn't do that for the simple fact of putting all your eggs in one basket.

You say USB stick (tsk tsk should be a CD-R or DVD-R if you're booting live which is advisable, I use a USB-CDROM converter and it works like a charm on a desktop w/ a broken CDROM).

Connect Radio to Computer w/ Easy Digi Board and Communicate Worldwide w/ Digital Radio

Another project I've been working on and finally tasted the fruits of my (small) labor, good treat for everyone who doesn't already know how to do this and wants to. All the magic is in the soundcard and the software generating audio tones, and the radio amplifying those signals for worldwide transmission.

First you need a radio, my radio is a TS130s, which is from like the 1980s and doesn't have the fancy bells and whistles of newer transceivers of today. If you have a newer/fancier radio (they're expensive), then this won't be necessary, and you could probably just do plug-n-play. For instance, my dad's ICOM radio could connection easily via a USB COM port and not need this interfacing board at all. Essentially *zero* configuration was needed in fldigi to be up and running with this, it's plug-n-play.

This is *very* radio specific, you WILL have to modify this depending on what radio you use, if that scares you (shouldn't), then don't waste your time and get a ready made solution for you (but where's the fun in that?). You need to find the microphone pinout of that radio, and you need a microphone that plugs into the radio that you don't care about (that's what I did, just cut the microphone off and split open the cable, but note that that curly wire is a major pain in the ass, and the damn wires themselves had string in them). Someone had put up a nice pinout of the microphone but that site literally just went kaput and its robot.txt file blocked internet archive, I should've made a copy of it sooner. Thankfully someone posted the manual of the radio which had a pinout of the microphone hidden on one of the pages.

Next you need (well you don't need but I HIGHLY recommend) the Easy Digi interface kit ( http://www.aracc.org/easydigi!.pdf ), they're like $10-$15 assembled on ebay. The only two lines I need from the microphone are MIC IN, and MIC GND, these are labled on the Easy Digi board. Next you need a 3.5mm mono audio jack that you can unscrew and solder wires to the "sleeve" and "tip", this goes on the "RX Audio" part of the board. It's very simple, the long part is the sleeve or GND, and the tip is the signal. Since there's a transformer you can connect the tip and sleeve to either part of the "RX audio" pins, and those go to the external speaker jack of the radio (I need the 3.5mm to 6.35mm adapter for my radio).

Next connect 2 more 3.5mm audio jacks on the end of the board (it's labled), one of these go to the speaker of your PC and the other to the microphone. I was a bit confused b/c I was getting a short between the tip and the sleeve on the audio jack, but that's because of the short from the transformer. So don't freak out about that, there's a transformer there! lol

I'm not using the serial connection on the connector, so you can do that if you want but it'll be a lot of wires coming out so you need good craftsman skills (mine are "meh"). You don't need the serial connector though, I can use the "VOX" feature of the radio which will do the switching between TX and RX for me. If your radio doesn't have a VOX then you need to manually switch or you need the serial control of that switching (it may still not work on your radio).

I would recommend using Windows unfortunately, fldigi installs very easy on it, as well as a ton of other digital radio software. I'm using fldigi, but other programs can be used of course.

Once you have fldigi installed, be sure to check the correct audio devices are connected. You need a good antenna (it's good to get an antenna switch so you can switch between a bunch), if you don't have a good antenna you won't be able to do much. Look up the PSK31 frequencies (14.07MHz as you can see in pic below is a good freq.) and look for the "mark" and "space" fork looking signal of a typical PSK31 transmission and click on it. Pretty cool reading the text being received, pretty funny that there's even backspace characters being sent, just seems weird to think about. Transmitting, there's a little button you can press (after turning on the VOX feature) and anything you type will be transmitted, but you need to turn the power down first and check your antenna w/ a SWR meter etc.

Pics:

https://postimg.org/image/xf4k9iai9/

https://postimg.org/image/ylq74jgw7/

https://postimg.org/image/l0gw0imbl/

ThothJuly 17, 2016 9:56 PM

@Figureitout, Markus Ottela
Sometimes it is nice to write your own crypto under the circunstances where you are only going to handle a small set of algorithm and for TFC's case that would simply be Salsa algorithm. The Salsa with it's ARX construct is actually prettt easy to code anyway so it should be fine. There are the NaCL library which @Markus Ottela could copy the Salsa source code if needed. I am quite wary of crypto libs hese days as I keep getting my hands burnt by them. I do rather use a simple algorithm scheme like Salsa which is a fairly simple ARX cipher as well and be done with the crypto side. For the MAC portion, I would do something different from TFC by simply doing a cipher-based MAC by simply hashing the ciphertext and then using a separate MAC key to run the hash into another Salsa instance which assuming Salsa is a secure cipher, the permutation to create a colliding instance would require a huge amount of data (huge infeasible bruteforce) or simply guessing the whole 128/256 but MAC key. This use of ciphers as MAC's engine was well established on the past and still being used in banking and finance (3DES-MAC in smartcards and HSMs with the 2 or 3 key 3DES option). Since Salsa is a stream cipher which is sensitive to key reuse, a nonce is also required for encryption and MAC. All I need to do is generate a single nonce and use the raw nonce for encryption and hash the raw nonce and use the hashed nonce as the initializing nonce for Salsa-MAC, I would essentially save myself precious space in terms of packet data and also codebase space and features.

Also, what that means is all I need to code is Salsa and put all the code quality control into a really small codebase surface to ensure assurance and quality. Using HMAC or Poly1305 methods would essentially expand the surface I have to work with if I were @Markus Ottela.

Also, that radio you have looks nice. Maybe a little project to do RF crypto and secure comms :) ?

HadoolJuly 18, 2016 12:36 AM

@65535: Yes, I hope Tor's new board of directors is actually going to take more actions than the previous board and this change of board members won't be just a publicity stunt.

I forgot to mention other features to harden Tor Hidden Services I would like to see, such as the making it easier to enforce full hard disk encryption, so you won't lose sensitive data after physical access and a feature that would make it easier to have distributed servers (like Cloudflare, Bitcoin/Ethereum and loadbalancers), so the Tor Hidden Service wouldn't go off-line after one server is down.

ThothJuly 18, 2016 1:05 AM

@Hadool
re: CF as disttributed servers

"feature that would make it easier to have distributed servers (like Cloudflare, Bitcoin/Ethereum and loadbalancers), so the Tor Hidden Service wouldn't go off-line after one server is down."

I think CF can be excluded for this one. Ethereum is fine once it gets itself back on it's feet again. CF is the best PKI-MiTM scheme in the world where people are actually willing to use it.

Markus OttelaJuly 18, 2016 1:15 AM

@ Figureitout

Why, don't you usually use other python implementations of ciphers?

Python with it's dynamic typing etc. isn't the best option for implementing ciphers. If I had to implement Serpent, it would be C-bindings to an existing, peer-reviewed library. I don't trust myself enough to get into this stuff. Although, Serpent was the only algorithm on par with AES when it comes to ease of implementation: so had I masters in math/crypto I'd consider it, but I'm practically a CS freshman. So no, not going to happen, not for a long time.

Just feel like cascading ciphers is best, so much stronger.

It is, but like Bruce said to Snowden who was recommending it, it's like building a fence and arguing whether the poles should be mile or two tall. 3DES was required at the time because, well, 40 bits was a joke. But 256 bits is more than there's mass energy of joules in the entire observable universe. CEV attempts to remove the need to risk CT-only attacks if one construction proves catastrophically weak. So far it hasn't been the case. So like I said, once the other stuff is ready, if the userbase has the need for it, I'll re-implement cascading crypto.

--so you could focus on the all too fun side channel attacks.

My guess is implementing ciphers in Python would cause more vulnerabilities (especially timing attacks in trickle connection) than cascading crypto would solve.

@ Thoth

The Salsa with it's ARX construct is actually pretty easy to code anyway so it should be fine

I'll review and reuse djb's C-implementation any time over random Python implementation, regardless of test vectors The only reason I implemented one-time MAC was because it was so trivial I understood it inside and out. That's not the case with any other cipher.

PyNaCl's library seems to work fine and I had no issues with official test vectors (that have been part of the unittests for a while). Another thing is, PyNaCl's bindings to libsodium enable the Curve25519 ECDHE, that with it's practically short keys, is the only usable public key algorithm available.

I'm not sure if I understood your hashing construction correctly, but Salsa20 isn't a a collision resistant hash function. You'd probably want to look into keyed rumba20 compression function to make a MAC from Salsa20 core (I'm not sure if it requires HMAC construction, at least SHA3 doesn't). I don't see any issues with Poly1305: it has no extra headroom either when it comes to nonce. Also I'd much rather have a group of people to develop the library with; PyCa team has more expertise than I do.

ThothJuly 18, 2016 1:59 AM

@Markus Ottela
I am referring to the Salsa used in CMAC mode (although it is usually prescribed for block ciphers). On top of that, I did mention hashing the ciphertext then passing the hash of the ciphertext to be CMAC-ed in case the cipher is not collision resistant so the worst case is the hashed message is bound to a secret key and nonce by the means of encryption and the hash acts as the collision resistant.

Link: https://en.wikipedia.org/wiki/CMAC

CuriousJuly 18, 2016 4:08 AM

"OpenSSH has user enumeration bug"
http://www.theregister.co.uk/2016/07/17/openssh_has_user_enumeration_bug/

The Register links to the following article:
http://seclists.org/fulldisclosure/2016/Jul/51 ("opensshd - user enumeration")

From the abstract:
By sending large passwords, a remote user can enumerate users on system that runs SSHD. This problem exists in most modern configuration due to the fact that it takes much longer to calculate SHA256/SHA512 hash than BLOWFISH hash.

I don't think I understand the issue I must admit. But then again I don't know much about crypto.

CuriousJuly 18, 2016 4:36 AM

So I don't know much about crypto, but I can't help but wonder if any discussion about banning end-to-end encryption are a worse of an issue that it seems atm, because if TLS connections is not ideal for providing security, what else is there for providing security for any online connections for a user?

I would like to know, what are the strategic goals that people have for implementing TLS? (The specific things they know they will achieve, when achieving a goal.)

Sancho_PJuly 18, 2016 5:13 AM

@Markus Ottela, re Vishay coupler

"It would appear I need to pass current from the collector (pin 6) to pin 8 to feed ..."
No, not sure what you are trying to do, but to use it as intended have a look at Fig. 10 of the datasheet.

"Also, I wonder if the pin 5 needs to have common ground with pin 3"
Hmm, no, it would defeat the purpose of the IC, which is to galvanically isolate the input (e.g. battery operated, sitting in the bath tube) from the output, e.g. switching 230VAC mains via a thyristor -
BUT WAIT, don't, there would be other points to consider first ...

At the input try 3V (2xAA batt) and a push button (with the resistor, see Fig. 10).
At the output connect the 5V, RL= 0,33k and a 5mm LED to Pin 5 and (5V) GND.
From there you can work on.

HadoolJuly 18, 2016 5:15 AM

@Thoth: I was actually referring the way Cloudflare manages their distributed servers, by encrypting the harddisks of their servers all over the world and making changes to the servers by pushing updates to all of them using software such as SaltStack ( https://www.youtube.com/watch?v=PapHQBQuG7w ) instead of manually changing things on the servers, one server at a time.

Ethereum was made for things such as voting and making scripts to redistribute money after crowdfunding, it isn't suited for hosting large files however.

Joe KJuly 18, 2016 6:03 AM

@ianf, re your reply to @some author

But it's not true, that scientific studies are any and all publishers' free to regurgitate and sell (that certainly was the case in the age when pamphlets were the primary tuppence mass medium, 1600–onwards, until the first copyright laws/ rights to profit from someone else's writings/ came about ~130 years ago). So, yes, modern scientists get remunerated in one way or another, or else they would have little incentive to do it for free, while enabling mechanical distributors of content to get paid. The commercial Trickle Down effect applies. #EndOfThisExchange.

The more I stare at that last sentence, the less I trust my fading powers of reading comprehension.

What do you mean? What is the "commercial Trickle Down effect"?

Is it the kind of thing one can find mention of in fine scholarly periodicals like American Banker?

Thank you in advance for tolerating my baffled curiosity.

SerenissimeJuly 18, 2016 6:08 AM

@ianf
> Must be because we iOS users basically are lazy, and have other things to do than
> constantly wipe Bill Gates heirs' behinds.

Must be because you can't. Even if you wanted to.

Hay nony mouseJuly 18, 2016 6:40 AM

@ Markus Ottela :

    It is, but like Bruce said to Snowden who was recommending it, it's like building a fence and arguing whether the poles should be mile or two tall.

Bruce, was I think either looking at the problem the wrong way, or he has been misquoted. The "length of the poles" argument is more appropriate to the number of rounds on any given cipher, not the number of types of cipher.

The "appropriate" number of rounds is an argument that Bruce has discused a few times and it is to do with safety margins and bytes/second an individual algorithm performs on a generalised abstraction of hardware. That is as has been pointed out on this blog before a "Security -v- Efficiency" argument, the more security the less efficient and vice-verser.

The problem which chained ciphers is designed to overcome, is subtly different. Most block ciphers consist of effectively identical blocks, not just in the actual ciphering rounds but in the key to round-key generation. The security is thus dependent on the fundemental strength of these base blocks. If a new attack is found against a block in one particular cipher, then the whole cipher is weakened. However if you chain two or more ciphers together where the base blocks in each cipher are radicaly different, then the security margin remains at a much higher level if a new attack is found. This is because the probability of only one of the chained ciphers being effected is quite high. Thus if both ciphers are selected such that their individual current known strength exceeds that of the system specification it will remain untill all the ciphers have been successfully broken (which can be extreamly unlikely).

The hard part is deciding which algorithms are sufficiently different such that only one not two or more algorithms are effected by a new attack. Often people select a block cipher and a stream cipher as the base blocks of each are usually (but not always) sufficiently different. For simplicity the stream cipher is often used to "whiten" the compressed plaintext prior to the block cipher and it's various modes in use.

A further major problem that rarely comes up in algorithm level crypto discussions is the issues of line-noise and data integrity. That is the assumption is that the communications channel is "reliable"... As any communications engineer can tell you that is very far from the truth, with bit error rates worse than 1:1e3 error detection and correction is essential with many block cipher modes, where a single bit error will destroy communications from that point on, unless the modes are "re-initialized". Usually the best way to deal with the raw communications errors is Forward Error Correction (FEC) and short runs on block chaining and appropriately sized resend windows.

Quite a few years ago Robert McEliece started thinking about designing crypto algorithms that included error detection and correction of errors. The idea was not popular at the time for various reasons. However he did develop an actual crypto algorithm that used randomization and error correction which he published in 1978. Various versions of McEliece's idea have been developed over the subsiquent years, but in all but one or two rare applications they have not been used. Now however, with the advent of Quantum Computing (QC) thought to be close, post "quantum" PK systems are being sought, and the random nature of McEliece's algorithm had made it a contender, however with PubKey's in the half megabit (64Kbyte) size they are far from simple replacments for RSA or Eliptic Curve systems.

65535July 18, 2016 7:37 AM

@ Ergo Sum

“In my W8.1 box, these are the plugins in the TOR browser has:
1. NoScript [check – I recommend it and use it]
2. Ghostery [check – I recommend it and use it]
3. User Agent Switcher [I used Ramdom Agent spoffer ]
4. uBlock Origin [will check it out]

“I am aware that the TOR browser has flaws and LEOs, and probably other, can exploit/intercept my connection. But for my browsing needs, it is just fine... Firefox also has the same plugins on my system, yes, I am aware that the TOR browser is Firefox."

[Good point]

"Windows 8.1 has been configured with the recommended security configuration… the security is augmented by
1. Antivirus, licensed [Use it]
2. Microsoft EMET, free [I have good success with the latest version]
3. Malwareytes Anti-Exploit, licensed [Use it on some boxes]
4. WinPatrol, free [I will check it out]
5. WoodoShield, free [I will check it out]

"There are registry/group policy settings to prevent Crypto_whatever. There are also registry/group policy settings/scheduled tasks disabled to prevent updating to W10 and telemetry based tracking. Most, if not all "important" telemetry patches either had not been installed and/or removed. The same goes for MS Office 2013 that had been retro-fitted with telemetry as well.

[I have tried some regedit tweeks and they seem to work – but some customers refuse to allow it]

"Most people don't care about the OS, they care about the apps. No, I am not talking about "similar apps with limited functionalities". I am referring to exact replacements. Take for example OpenOffice, is it exactly the same as MS Office? No, it is not. Is it suitable for most people? Yes, the chances are it is. But it looks different, acts somewhat different from MS Office. And most people don't want to learn using new apps."

[Very well stated. Open office is OK once the person learns it].

@ MrC

Your whole post is good. I recommend it to MS users.

You hit on a good point about cert notaries like Perspectives being out of date. I will check out Red Jacket. I will try out uBlock and uMatrix. All of the rest I have used.

I agree on BetterPrivacy for deleting LSO cookies on exit. I’ll check out CanvasBlocker and Refcontrol. Your comment on Tor ESR is interesting. I do concure on sticking with Win 7. Win 10 leaks too much data.

Your KB list is really good! I agree about KB3146449 and KB3139929 but I don’t recommend them for your reasons.

“As for Windows, MS's behavior is completely indefensible. Things have come to a juncture where the best advice is to research every single patch because MS cannot be trusted.”

I agree with your statement. Will M$ have management shakeup if Win 10 fails and the trickery continues?

Good advice on deleting Win10 space hogging files. I got you post book marked!


@ Haldool

“I forgot to mention other features to harden Tor Hidden Services I would like to see, such as the making it easier to enforce full hard disk encryption, so you won't lose sensitive data after physical access and a feature that would make it easier to have distributed servers (like Cloudflare, Bitcoin/Ethereum and loadbalancers), so the Tor Hidden Service wouldn't go off-line after one server is down.”

So would I. That is another project Bruce S. will have to put on his list.

@ Thoth

“CF is the best PKI-MiTM scheme in the world where people are actually willing to use it.”

Hum, So, you say don’t use Cloud Fair?


rJuly 18, 2016 9:10 AM

@Hadool,

About your servers going down...
Have you played with freenet?

Things on freenet don't necessarily have to be live or active, the system is distributed and shared.

rJuly 18, 2016 9:31 AM

@hay nony mouse,

Thanks for the historical tidbits behind FEC and McEliece.

ThothJuly 18, 2016 10:01 AM

@65535

"Hum, So, you say don’t use Cloud Fair?"

Some sort of. They have products like Keyless SSL (you hand over the session keys for your TLS connection to CloudFlare) and that was enough to make me suspicious of them.

Freezing_in_BrazilJuly 18, 2016 10:40 AM

@BurntOut

If you are using social media over TAILS, you are defeating the very purpose of it. I don't want to stir your paranoia, but since you did enter social media sites via tails, consider yourself compromised.

BurntOutJuly 18, 2016 11:54 AM

@Figureitout "you CANNOT stay on guard 24/7 w/o burnout, or other mental/bodily harm happening. The key is separating systems"

So true. Thanks for your support.

@Freezing_in_Brazil: "If you are using social media over TAILS, you are defeating the very purpose of it."

Valid point, but I was aware of that going into it. I think you're assuming I used my real identity on the sites. Even if I did, no big deal, it's better for me if social media sites don't know where I'm located.

rJuly 18, 2016 2:06 PM

@Curious,
Incase anyone hasn't responded to your question about OpenSSH, I would like to take a stab at it.

To me, without reading the paper it sounds like they're sensing users through a "computational" DoS.

Have you ever seen the mathematical hash attacks against an https? You can bog a backend down by passing hashes-to-calculate to certain things, it's much more devastating than network saturation.

Basically in this case through trial and error of random account names one may be able to detect if a random (think brute force) user name exists or not. An account that doesn't exist won't have a password so the response to an attempted login will take less time than say one with a complex password.

My question, and I'll read the paper when I'm done getting my u joints for the day is: will setting low permission extra users to 'nologin' aid in detecting and deflecting this type of timing based reflective enumeration attack? Also, certainly removing root itself and changing it to something else might help by removing a static reference point.
I'm not sure how 'PermitRootLogin' is implemented.

Anyways I hope that's accurate enough for everyone considering I haven't looked at the paper and satisfies your Curious-ity.

BlackListedJuly 18, 2016 3:10 PM

@Robert Faulcon, Jr.

Your ability to lump all cops into one group and hate them all based off of a percentage is the premise of racism itself. As well as one of the core beliefs that Hitler used to justify killing millions of Jewish/"imperfect" human beings. I hope you know you have that same state of mentality at a mass murderer.

8n2do5yJuly 18, 2016 3:17 PM

@Thoth @65535 @Coin Fused

Isn't the MITM factor of Cloud Flare the same as every other CDN? I thought they all required MITM access in order to function and block DDoS attacks. How else could it work? Not that I'm okay with it, but my understanding is that's standard practise and an inherent quality of CDNs that can't be removed.

If you know of a similar CDN that doesn't have MITM capability, I'd like to hear about it.

rJuly 18, 2016 3:27 PM

@BlackListed,

He obviously didn't read or understand the interview, not everybody can be Andy or Barney. But therein lies the problem, they were civilian not ex military. It would've been counter productive to portray a 'good old boy' like those in the rampart district.

ianfJuly 18, 2016 4:26 PM


rrrrrrrr: “I can't stand auto correct

The Artist Formerly Known As Prince:
I can't stand the rain
against my window…

r, you need to work on your prosody.

ianfJuly 18, 2016 4:47 PM


Asks @ Joe K.

What is the "commercial Trickle Down effect"?

EXECUTIVE ABSTRACT: It's a—perhaps too short a—shorthand meant to express the process of commercial science publishers paying for content in one form or another.

BACKGROUND: Recent decades' proliferation of scientific reports (oftentimes of pretty obscure dimensions of peripheral sciences, to large extent caused by "publish-or-perish" competition among scientists vying for tenure, etc.) has led to a glut of papers, which indeed cheapens their attraction further along the publication line. So nowadays most research is published in peer-reviewed departmental and discipline-specific electronic journals, run by institutions or related fora, and, apart from doctoral dissertations and the like, few such papers get to be printed on paper substrate. But those that do, and other that appear only in commercial digital media, do generate payments to its authors' institutions, if not also directly to authors. There are publishers that buy multi-year exclusive rights to all output of one or more science departments that otherwise would have to arrange for publishing stuff themselves. Individual scientists do not get rich off such arrangements, but then they didn't get to be that earlier either.

CONCLUSION: Obviously, in the age of (otherwise idiot) PDF that simulates paper on computer screen, can be formatted adequately AND generated directly by its creator, there's little need to have one's scribbled manuscript professionally set and printed as in past times. But science publishing is a wide field, and there are pockets of it where commercializers see profits ahead, and even occasionally bid over one another.

    Was this my long-form explanation long enough for you, so now you won't feel confused no mo when stumbling across an instance of "trickle down" expression out in the wild – cable back YES.

Now this. I wrote: “we iOS users basically are lazy, and have other things to do than constantly wipe Bill Gates heirs' behinds.” [=wBGhb]

@ Serenissime commented: “Must be because you can't. Even if you wanted to.

Assume we—or at least I—do not want to. You make it sound like that activity, "wBGhb," was some kind of a virtue that we, the iOS users, are missing out on. But don't elucidate, please, as I'd rather die ignorant in that regard.


@ MrC

[…] “Brave [iOS browser] isn't ready for prime time… it falls far short of my current Firefox setup. Also, I'm not at all comfortable with Brave's extensive data collection about the user.”

It's open source, isn't that usually enough of a guarantee that it does nothing user-hostile/ untoward? Or maybe you're privy to some "unattributable deep backgrounder" in this case that you can not divulge, mum's the word.

[…] “As for Windows, MS's behavior is completely indefensible. Things have come to a juncture where the best advice is to research every single patch because MS cannot be trusted. This is not an acceptable state of affairs.”

You just described—correctly by my count—the irreparable mess that is Windows >7 (=a fast-dwindling minority of all MS installs), yet you persist in ladling up lists of patches that need to be applied, for which you are lauded as were they a remedy. And maybe they are, until the next system auto update in 20 minutes, which tomorrow will require an updated list and so on… you know where it's going, nowhere fast. Funny thing though, before I modified, scaled down my (already modest) browsing needs so they could be served within iOS, I, too for a time thought the world of Firefox (MacOS). So moldable, so flexible, so extensible. Then I grew up, and decided that being a maintainer of a piece of free software that constantly "invited" my tinkering attention, while crashing at least once daily, was not exactly what I got it for. So I went back to OSX default browser Safari, and did not regret it… far more uncluttered and stable.


Sez @Curious “So I don't know much about crypto…

Neither do I, which is why I do not engage those that do in hypotheticals. But you do your thing, and I'll do mine, and maybe one day we'll find a tech. plateau with which we're both comfortable enough to appear competent.

Dirk PraetJuly 18, 2016 5:05 PM

@ ianf

“I can't stand the rain against my window…”

That's actually an Ann Peebles song. She's also known for "I'm Gonna Tear Your Playhouse Down", best cover of which is undoubtedly by Graham Parker & The Rumour on their brilliant 1977 album "Stick To Me".

Mike BarnoJuly 18, 2016 5:39 PM

@r,

"I can't stand auto correct."

So... turn it off, and accept that you may need to spend a few extra seconds verifying that you typed what you meant to communicate. If autocorrect is often substituting unwanted material, then you need to do that verifying anyhow.

Robert Faulcon Jr.July 18, 2016 5:51 PM

Wow, @Blacklisted, you've really taken to heart that idiotic Lousiana brain fart that criticism of cops is hate speech. They wildly glommed onto this cracker idea of hate speech as applied to membership in violent and corrupt organizations like US police departments. But then, when everybody's on your case for treating your negroes like livestock for slaughter, it's just so nice to be the victim for a change. Of course the core competence of police is whining. And nothing makes police whine like poking their delusional amour-propre with criminal prosecution, treating them like everybody else. But the inherent corrupting influence that turns police into animals is impunity, so it's got to go.

You're getting a bit overwrought with your holocaust fantasies, but that's PTSD for ya! So, Elie Weisel, why don't you explain to me why depriving cops of their impunity is just like herding them into the gas chambers and making lampshades from their skin?

Meanwhile, there's an interesting parallel between police impunity and military impunity, particularly in the absence of command responsibility. The hysterical domestic reaction against threats to police impunity was mirrored when the Rome Statute was adopted. The US became an international laughingstock for what was called the Hague Invasion Act, because the troops were so terrified of being held to objective legal standards like everybody else. And as cops become more like occupying armies, the outside world gets less reticent about imposing minimal legal standards here at home. So you criminal cops will be going to prison in greater numbers. Stop blubbering and take your medicine.

Dirk PraetJuly 18, 2016 7:07 PM

@ Robert Faulcon Jr., @ Blacklisted & others

Meanwhile, there's an interesting parallel between police impunity and military impunity, particularly in the absence of command responsibility.

You guys need to take it down a notch. It would be nice to have a discussion here instead of an argument, the main difference being that an argument is about who is right, and a discussion about what is right.

So here's my 5 cents from a European perspective:

1) Nobody here understands the criticism on the Black Lives Matter-movement. Any person with half a brain intuitively understands that it means "Black Lives Matter Too" and not "Only Black Lives Matter". So can we please dispense with the "All Lives Matter" nonsense, the accusations of reversed racism, the frantic denials that there is a serious problem and that even if there wqs one it's totally the victims fault ?

2) Nobody here understands why US police rules of engagement are so completely different from military rules of engagement. Combat troops applying US LEO rules in occupied territory would get court-martialed on the spot. Ask any veteran who has served in Iraq or Afghanistan.

3) Many people righteously ask themselves how on earth it is possible that almost every LEO accused of murder or manslaughter hardly ever gets indicted, let alone convicted. The answer to that is very simple: current US statutes require intent to kill or inflict harm to be proven. Reckless endangerment or negligence alone does not cut it, and the LEO will walk every time prosecution fails to establish this criterium. Which is exactly what happened today for the fourth consecutive time in a row in the Freddie Gray case. The judge, by the way, was an African American too. There was nothing he could do.

As long as 2) and 3) are not fixed, it is just a matter of time before the current cop killings and cop shootings spiral completely out of control.

rJuly 18, 2016 9:42 PM

@ianf,

I'm going to dig around a little bit, I'm not an iOS user and I'm not sure how Apple's sandboxing works but Apple's WebKit is uh... not only behind (perhaps intentionally) but patches for it and it's host OS only come in the form of blue moons.

I'll get back to you with reference points, thank you for handling us all with salad tongs to. It makes things fun.

rJuly 18, 2016 10:12 PM

@ianf, all

Be aware.

https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

The article above gets into the splintering of webkit, it's very similar to the splintering of android and a reflection on the splintering open source community as a whole. TAKE HEED, we should all be pushing and committing toward a common goal; not independent branches.

About the following, there's no date on them - but it should give you an idea about how different the code bases are for both branded and unbranded versions of webkit.

http://www.quirksmode.org/webkit_mobile.html
http://quirksmode.org/webkit.html

http://jimbergman.net/webkit-version-in-android-version/

QtWebKit, Safari, OLD Opera (current mini?), Android-webkit, Konqueror... and I'm certain that list goes on and on just like me.

rJuly 18, 2016 10:54 PM

I'm apparently wrong about iOS safari, but the above data is a good example of the splintering of webkit.

JonKnowsNothingJuly 18, 2016 11:41 PM

Apple and other companies are investigating how to block concert goers from filming and recording the concerts on their mobiles/iPhones. Apple recently applied for a patent on a blocking device that would stop the flash in a camera from working (eg you get 100% black) and it appears they plan to install this on all future iStuffs.

The complaint is that concert goers are missing out on the experience of listening/watching and spending too much time filming. Plus, when they upload the recordings and videos they violate the Copyrights of the bands and reduce the value of "official" concert CDs.

With the sea of mobiles shown in nearly every concert image, a valid issue.

BUT (there's always a but)

I am pretty sure that's NOT why these devices are now getting traction.

People have been bootlegging recordings since reel to reel was small enough you could put it in your pocket, so nothing new here.

What is new is the so-called "Ferguson Effect". Variations on the theme are that the police officers are afraid of being filmed by the public while "executing" their duties.

Well how darn convenient for them that a simple device installed on their helmets/car or other accoutrement will block the public filming them from a mobile device by sending a "DO NOT FILM ME" message to every smart phone in range.

As the intended range of the current device in development is larger than a stadium full of enthusiastic music fans, a smaller version of these devices will no doubt handle shorter distances the public uses to film activities of our Public Servants.


http://www.cnet.com/news/apples-new-patent-will-block-your-iphone-from-recording-video-at-gigs/

https://www.theguardian.com/commentisfree/2016/jul/17/musicians-concert-phone-etiquette-silicon-valley

http://money.cnn.com/2016/06/30/technology/apple-patent-stop-phone-recording/index.html

ianfJuly 18, 2016 11:52 PM


Pursuant to my previous mention of “proliferation of scientific reports… which has led to a glut of papers,” here's as good a corroboration to that as any: “One big yawn? The academics bewitched by boredom: scientists' strange fascination with a fringe academic topic” (also brings up other similarly enthralling areas for in-depth cultural studies: bullshit, coffee, masturbation). And yet that's nothing compared to, essentially, bio-tech/etc. research paper mills using the sheer volume of their sequential findings as ballast in grant application drives.

ThothJuly 19, 2016 12:17 AM

@8n2do5y
re: Spam filtering without CDN
A theoretical method is to send a small javascript ahead with a unique token (16 bytes) and a javascript hash function equivalent to some sort of BCRYPT (with acceptably high amount of rounds) to get the requestor to do proof of work (per IP address). Once they send back the correct hash, soft unblock that IP address. The server has to maintain a database of unique IP address to unique tokens. If the another webpage from the same IP address connects and the token hash have not been solved, the same unique token is issued as well. The down side is a common IP address pool which unless on top of per IP address, a per session is also required to proof-of-work authenticate.

CuriousJuly 19, 2016 1:47 AM

"Memory corruption in the ASN.1 encoder (CVE-2016-2108)"
https://www.openssl.org/news/secadv/20160503.txt (OpenSSL Security Advisory [3rd May 2016])

In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug.

However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures.

Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the
bug. (...)

Not sure what this is about, but I think it sound fairly important. Unsure if this has been reported here earlier the previous weeks.

I've never heard about "negative zeros" before. :O

Hay nony mouseJuly 19, 2016 1:54 AM

@ JonKnowsNothing :

    Apple and other companies are investigating how to block concert goers from filming and recording the concerts on their mobiles/iPhones.

Whist, it sounds vaguely altruistic in nature, it's not, that's just putting the lipstic on this pig of "rent seeking" "censorship" etc.

Copyright law works both ways, something the fat rent seekers don't realy want you knowing. It's due to "derived works", which they themselves manipulate to "embrace and extend" their hold on works long out of the original "creatives" copyright[1]. As a person operating under your own free will thus moving your smart phone in an "artistic way" to things that are of interest to you, you create a new and unique work by your choice of focus, that is it is your own "directors cut". The only copyright argument is to if your work is sufficiently original, which all to often boils down to who can spend more on the legal profession...

Whilst such "commercial considerations" are sufficiently scandalous in their own right, the real worry is what other manner of sins will hide behind it. Unfortunately it's not just "Cops beating up the wrong man" wishing to hide their sins, they are just the visible "front line" of a nascent police state.

As Stalin pointed out about elections, it's not who casts the votes but who counts them that is important it is the same with news and evidence. That is it is not who covers / records the event, it is who gets to decide what gets aired and in which forum. Most judges for instance know that the law enforcment agencies manipulate evidence in one way or another, just the latest being "Parallel Construction", but have little choice but to allow it to happen (because defendents don't have the asking price for justice).

But we ourselves know it from the perfect storms news outlets create to improve "circulation" thus advertising revenue etc, through to "Witch hunt" politicians etc getting their "brand" known thus more marketable. Whilst "Empire Building Civil Servants" have always existed few until recently thought the idea of Government agencies manipulating or inventing enemies and evidence etc was anything other than the ramblings of "conspiracy nuts" and book and film plot creators.

The reality is where there are limited resources there are vested interests trying to get a larger piece / slice of the action / pie for themselves, where the only moral or ethic is "win or die", where eating the bodies of your fallen competition is the norm. This is the modus operandi of both psychopaths and sociopaths, and we act shocked when we find out that LE / IC are playing the MIC game.

The problem is that those that run such organisations do not like their sins becoming part of the public record as it interferes with their planed career trajectories. Whilst they have in the past used technology to maintain an advantage, they have become afraid of "plebs bearing technology" and thus turning the tables on them. Which means that they are going to demand either a legislative or technological fix to "redress the balance" in their favour.

History however teaches us that such attempts end up as "arms races". Radar, gave rise to Electronic Counter Measures (ECM) which in turn gave rise to ECCM, then ECCCM. Likewise the spear got the throwing stick, then the bow, crossbow, cannon, gun etc untill science gave us the ultimate stalemate of MAD via the fussion bomb... That is the desire for control ends up impotent either by being rendered ineffectual, or so potent it dare not be used. Which ever way two things are known, firstly a lot of people and resources will be destroyed, secondly what ever the technology, as it matures, there will be new exploitable technologies becoming available. Thus we are always in "A Red Queen Race" where you have to run as fast as you can to stay where you are...

[1] As an example, I own the copyright of my words as an original work, Bruce however owns the copyright of this blog in part as an original work of his own, but also of the collection of comments as a derived work[2]. For those with long memories have a look back at the debacle that came about when the Huffington Post was sold, or further back the upset when what became AOL altered it's terms and conditions to "land grab" user content copyright in their terms of service.

[2] This idea of owning a derived work is where scientific journals try to lock in the researchers. In the past there was some justification, due to the process of taking a raw manuscript and typesetting it, adding proffessionaly produced diagrams etc into a recognisable "house style". But with the advent of "Camera ready copy" submissions this became a moot point, except for acid comment about the publishers only creative input being their copyright notice... Which created kick back hence if you know how to search you can usually find the original researchers "Pre Print" on line with few or no encumberences. Oh and obviously without the (probably) unwanted publishers "creative extras"...

ThothJuly 19, 2016 2:04 AM

@Cloudflare discussion et. al.

re: Cloudflare Keyless SSL

On top of that, they become a TLS MITM chokepoint regardless of their altruistic motives or capabilities. That means an attacker would just need to break into CF and all of a sudden, all the TLS security simply goes poof.

The usual method of preventing multiple connections from a single source, partial TCP connection detection and network inspection without decryption are still workable. If an attacker bothers to negotiate session keys, that brings the attack to a higher tier (i.e. state run) since only they have the resource to generate a ton of TLS sessions within a short time span to flood the servers.

In fact, TLS connections leak a lot about the data they carry and measuring the traffic could be useful. One example is a HTTP request that has a fix size known to the server host but somehow the TLS connection sends a request smaller than the expected size which can be flagged as suspicious.

The implication of sending session keys to CF is the same session keys used to deliver "harmless" videos and images might also be used for login portals or sensitive corporate emails.

Of course corporates, Governments and companies that have to meet various industry standards (o.e. PCI-DSS, EMV ...) for ITSec would need to purchase their own load balancers, HSMs and stuff to load balabnce TLS traffic and inspect them to keep secure the customer details and other sensitive information.

Who are the usual users of CDNs like CF ? They would likely be small enterprises, groups or individuals that want security but could not afford. They have to wish for the best either the NSA et. al. (or someone else) hacks into CF or someone in CF or even CF decides to sell them out quietly.

This is as good as putting too much risk in a single point (CF). The traditional network inspection and filtering should suffice.

If you are expecting heavy traffic, you should be well prepared in the first place and have the resources and knowledge in place to do your own load balancing, filtering and security.

ThothJuly 19, 2016 2:13 AM

@Hay nony mouse, JonKnowsNothing
re: Anti-Concert Measures FAILED

They can block an iPhone, an Android can be used (CyanongenMod - community version). They can block an Android, I can use a RaspberryPi :) .

RaspberryPi comes with camera shields and is open for development. There is nothing out there to stop someone when they really want (Advanced Persistent Threat).

You could even create your own wearable fixtures where you can easily conceal a camera module with some buffering space that streams to .... your iPhone/Android/RaspberryPi...etc... what is going to stop you.

Sometimes, altruistic motives can turn senseless and this is one of them.

Hay nony mouseJuly 19, 2016 2:25 AM

@ Curious :

    I've never heard about "negative zeros" before. :O

It's a consequence of the way we represent negative numbers in integers.

Look up "Ones complement" and "twos complement" numbers and how floating point numbers work.

Put overly simply computers only understand unsigned integers in the range zero to M-1 where M is 2^N with N being the bit width of the integer word in the computer. When we add a sign bit we use one bit of the integer (usually the MSB) to represent the sign of the number, thus the integer range gets divided by two. Thus each number (including zero) can be positive or negative depending only on the sign bit.

Fixing this up so that there is only one zero (positive) causes other issues that have strange effects on multiplication and division, and fixing that brings on other issues. But multiplication in an integer range has numbers that can not be calculated with a single operation (ie think of a decimal digit multiply, the result range is 0-99, but 9x9 is only 81)...

ThothJuly 19, 2016 5:34 AM

@Nick P, Clive Robinson, Figureitout, all

$800 CrypTech Open HSM

Uses FPGA for crypto operations (SHA2 hashing, RSA 1024/2014, ECC). It has an STM32 ARM chip to handle the rest of the function as it's CPU.

To wipe the HSM, look for the "PANIC BUTTON" on the board and trigger it :) .

I did suggest to them over email last September to use smart card as a tamper resistant key storage as I foresee the necessity but it was rejected on grounds of it not being open source (which is understandable as it's main goal of openness).

Over email, I was told a KEK would be used to protect the generated or stored keys which the KEK would be held in a battery backed (and tamper detecting) RAM. Up till now I am still wondering if the tamper detection is based on sensors and shieldings like traditional security chips or just based off software inputs or the "PANIC BUTTON" input.

It is very interesting to see where they are heading off (while attempting to keep all parts as open source as possible).

I am still concerned of the power and timing side channels of their implementations as I have not seen much documentations on that area yet.

Link:
- http://www.theregister.co.uk/2016/07/18/opensource_cryptech_board_launch/
- https://www.crowdsupply.com/cryptech/open-hardware-security-module
- https://trac.cryptech.is
- https://trac.cryptech.is/wiki/OpenCryptoChip

BlackListedJuly 19, 2016 7:41 AM

@Robert Faulcon Jr

"why don't you explain to me why depriving cops of their impunity is just like herding them into the gas chambers and making lampshades from their skin?"

That has absolutely nothing to do with the fundamental mentality of hating a group based off of a percentage of bad apples. Just saying.

"The US became an international laughingstock for what was called the Hague Invasion Act, because the troops were so terrified of being held to objective legal standards like everybody else."

Fun fact, military personnel are held to a much higher standard and ripped apart for basic speeding tickets, careers ruined, pay taken away, confided to small barracks rooms without any personal belongings. Only being allowed to go to work (escorted) and go to the chow hall (also escorted). You want to be held to those standards of accountability?

"but that's PTSD for ya!"

The assumption that I have PTSD is cool I guess. I don't, but cool man.....

You're assuming I don't agree with holding cops accountable for their actions. You're wrong, But that's cool too I guess. I have a problem with people putting a group up on the cross for the actions of a percentage.

Markus OttelaJuly 19, 2016 8:18 AM

@ Thoth:

Fair enough. Although at the point you're adding a compression function, CMAC is just extra complexity over keyed encrypt-then-MAC (or HMAC with Merkle-Damgård construction).

@ 65535:
Thanks. I wouldn't count on it but let's see what happens.

@ Sancho_P

The goal is to enable unidirectional communications over RS-232 link. This is done with two parallel optocouplers: alternating current on Tx-side blink the LEDs. On Rx side photo-transistors conduct current from external power source to Rx pin of receiving RS-232 interface.

The specs talk about RL between 1.9k and 4.1k. I wonder if 0.33k could fry the photodiode. But what confuses me more is what looks like two voltage sources on Rx side: What's the role of VO here? I'd imagine it's the voltage source's positive lead (transistor's doing the work), but the markings of pin 8 (5V) imply that's the voltage source and VO is something else.

@ Hay nony mouse

The "length of the poles" argument is more appropriate to the number of rounds on any given cipher, not the number of types of cipher.

The context he said it was the cipher is usually the strongest link in the chain.

The hard part is deciding which algorithms are sufficiently different such that only one not two or more algorithms are effected by a new attack

The way I reasoned it in TFC-CEV was I used ciphers with different internal design. Keccak is a sponge function, Twofish-CTR uses Feistel network, XSalsa add-rotate-XOR and AES-GCM was a SP-network.

Each of these are a stream cipher so for plaintext, the final keystream is XOR of all key streams. As for nonces, it was better to encrypt previous nonce with keystream from next cipher, than to prepend all nonces in front of ciphertext.

RE: Data integrity

The current revision of TFC handles integrity and authenticity with Poly1305 MAC, Galois MAC, HMAC-SHA512 and SHA3-512 MACs, each with independent keys. It's an overkill, but since TFC has very small (254-byte) plaintexts, there was no notable drop in speed.

data transmission of signed ciphertexts over serial interface could benefit from FEC: currently it only detects transmission errors with truncated SHA256 hash of packet, concatenated at the end of the packet. The detection accuracy can be tweaked by adjusting truncation (32-bits by default).

If error occurs during delivery from transmitter computer to networked computer, user will have to restart the transmission. This might be an issue when sending files, but so far the data diode has worked reliably. Unfortunately, I have no reliable data on how long the batteries of PoC design last. The original data diode design by Douglas W. Jones was powered by the receiving serial interface, but it appears to require higher voltages in the pins than most modern adapters provide, and I'm somewhat sure some serial interfaces (e.g. Raspberry Pi add-on card) doesn't utilize all 9 pins.

Once the packet reaches networked computer, it's up to TCP to make sure packets reach their destination in order. Retransmissions are possible.

But the biggest issue ensues if there's a transmission error between networked computer and receiving computer. One option would be to cache ciphertexts and allow re-transmission with a command, but if a newer packet has already arrived, per-message forward secrecy raises a replay-attack warning. So FEC could really be helpful there, and there appears to be a library for it too. I'll let you know how implementing it works.

RE McEliece: Code based crypto would be interesting, but so far the issues are (1) no usable library for Python and (2) size of public keys (that need to be manually typed into transmitter computer to ensure isolation). Curve25519 ECDHE with it's 64 hex public keys is border-line usable. Writing the 64KB public keys might take less time than a flight across the ocean, so it might have rare use cases over delivery of PSK. Who knows. I hope the post-quantum initiative by Bernstein, Lange et. al. can come up with solutions with shorter keys. Otherwise TFC will be stuck with PSKs when the time comes.

BlackListedJuly 19, 2016 8:28 AM

@Dirk Praet

"1) Nobody here understands the criticism on the Black Lives Matter-movement. Any person with half a brain intuitively understands that it means "Black Lives Matter Too" and not "Only Black Lives Matter". So can we please dispense with the "All Lives Matter" nonsense, the accusations of reversed racism, the frantic denials that there is a serious problem and that even if there was one it's totally the victims fault ?"

The US has pretty much become a "why am I not included" "I feel offended too, I want to say I was victimized." Most of the modern day populace has become mentally weak for a lack of using cuss words. Therefore they started the all lives matter thing to include themselves since they do not meet the criteria.

Also a big part of the argument is left with no one ever being willing to see it all from the other side, from a different location than their own. The untold amount of ways that you can get shot "as an officer" without ever seeing the gun.

I still have a hard time seeing the part on why half of the individuals resist or run when confronted by police. Personally I would want the situation to go through as quickly and painlessly as possible. I have nothing to hide.

"2) Nobody here understands why US police rules of engagement are so completely different from military rules of engagement. Combat troops applying US LEO rules in occupied territory would get court-martialed on the spot. Ask any veteran who has served in Iraq or Afghanistan."

A vital portion to that has to do with the fact that none of the local population based deaths are going to be held accountable as an international incident, no NATO, no other countries to hold us accountable but ourselves. (I don't like that fact I said this, but it doesn't make it any less true. Just wish it wasn't.)


(I am open to talking further if you are. Outside opinions (EU) are very valuable, they are another perspective not scene by many on this side of the "great big pond.")

Robert Faulcon Jr.July 19, 2016 8:38 AM

for @Dirk and all bewildered Europeans, US state Juche explained:

1) Yes, all lives matter is stupid. All lives matter is one more retread of boilerplate US state propaganda. It issues from the premise that human rights begin and end with non-discrimination. The US government takes this position because it wants arbitrarily draconian repression to be unquestionable as long as it is applied in a colorably impartial way. So the government riposte to cops killing a thousand innocents a year is furious propaganda hype over the occasional dead cop. This is of course completely irrational but it works because of strong social pressure to conform to a rigidly-stereotyped public response to violence.

2) and 3) are in place because the US government wants police to have impunity. Cops that can torture or kill you at will have an important role in repressing dissent, which is unpredictable to state ideology and requires unlimited decentralized discretion in violent coercion. The combination of 2) + 3) make police work irresistible for psychos, sadists, and garden-variety assholes. These deviants entrench the sick police culture.

ThothJuly 19, 2016 8:40 AM

@Markus Ottela
re: HMAC construct

It's good to use proven MAC/HMAC constructs and that's all good.

I just want to point out that SHA-2 hashing the ciphtertext then using a stream or block cipher in CMAC mode (eseentially encrypting the hashed representation of the ciphertext) is same to how HMAC operates.

Here's the pseudocode for HMAC taken from Wikipedia for simplicity:


function hmac (key, message)
...if (length(key) > blocksize) then
......key = hash(key) // keys longer than blocksize are shortened
...end if
...if (length(key) ......// keys shorter than blocksize are zero-padded (where ∥ is concatenation)
......key = key ∥ [0x00 * (blocksize - length(key))] // Where * is repetition.
...end if

...o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying hash function
...i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)

...return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where ∥ is concatenation
end function

As you can see from the above code, there is the O_KEY_PAD and I_KEY_PAD to create some form of two lookup tables that is tied to the HMAC Key via the XOR-ing to 0x5C and 0x36 constants. The lookup tables are then bound to the message by means of double hashing in the return portion of the function. The lookup tables creation is similar to stream ciphering method of mixing the stream cipher key with the internal state before XOR-ing the internal state to plaintext to create ciphertext (thus a binding procedure).

HMAC construct would likely run much faster than my Hash-then-Salsa20 method because I am using a full Salsa cipher whereas the HMAC chooses a faster approach which is using XOR functions to bind the MAC key to two state tables then double hashing.

Both of the methods (mine and HMAC) uses binding the key to the hash via some form of encryption (Salsa for my method and XOR-ing lookup tables to the key for HMAC) and the collision resistant of course comes from the use of proper cryptographic hashing.

The above information is just for knowledge as it would be useful if you are ever going to look into creating your own MAC construct in the future :) .

Robert Faulcon Jr.July 19, 2016 8:55 AM

@BL

A) Your bad-apples canard is more state brainwashing and you've swallowed it hook, line & sinker. The state puts it out to obscure the fact that when an organization has impunity, none of you can be trusted. You're not a protected group, you're a mafiya.

B) Yes, do it, policing would be greatly improved if cops were held to the much higher standards of military discipline (or even to the higher standards of a mediocre African police force.) However, US military standards are still deficient, at home and overseas. The civilized world is pressuring the US to remedy impunity for torture and wilful killing; municipal-law decriminalization of outrages to human dignity and denial of the right to trial; and reliance on a Nazi-style superior-orders defense.

Up on the cross?! Now you're not Ann Frank, you're Jesus? Get a grip on yourself.

Clive RobinsonJuly 19, 2016 8:57 AM

@ Bruce,

Apparently the FBI does not like Freedom of Information Requests and uses a system that is over 21years old to "fail to process them adequately". Which has given rise to some one taking action unde the "reasonable steps" clause of the fifty year old FOIA,

http://www.theguardian.com/politics/2016/jul/16/justice-department-freedom-of-information-computer-system

How ever, if you read towards the bottom of the article you will find that the system in use has been know to be inadiquate for many years, but is still in operational use, and as a concequence has failed FBI investigators in terror related activities, potentialy giving rise to death and injuries.

Potentialy this could give rise to future litigation by victims or their loved ones so it might be worth keeping a watching eye on.

JonKnowsNothingJuly 19, 2016 9:00 AM

@Thoth, @Hay nony mouse

re: Anti-Filming of "Anyone or Everyone" Measures FAILED

Remember when those opposed to being filmed just ripped the film out of the camera? Maybe Kodak will make a Kodachrome comeback.

https://en.wikipedia.org/wiki/Kodachrome

Corollary:

If an anti filming device becomes common and either completely blocks or blacks out images, what happens to all those CCTV images that are so popular with a certain segment of the population? Just imagine looking at thousands of hours of CCTV footage - fading to black.

  • No more paparazzi?
  • Oh look! Here are our vacation photos.. hmmm all black? Oh noes, the beach has a No Film defeat device!
  • All facial and drivers plate recognition databases go D A R K, as cars have them installed as a factory feature.
  • No more Google Street View?
  • A new form of "invisibility cloak"?

Hmmm maybe not a bad thing after all.

ThothJuly 19, 2016 9:11 AM

@JonKnowsNothing
re: Anti-Filming of "Anyone or Everyone" Measures FAILED

Technology is an enabler or a disruptor. It goes both ways. Anti-filming would make the film industry somewhat "happier" but also as you mentioned, if used against CCTVs, it renders those CCTVs ineffective. Nice thought :) .

Clive RobinsonJuly 19, 2016 9:13 AM

@ Nick P,

This might be of interest,

http://howtostayin.eu/

Whilst it is aimed at UK companies read the bit about "run from anywhere in the world"...

However, if you want to do it properly use a UK Limited Liability Partnership as a "mid point". Provided the LLP is used as a financial bridge not for profit it has very limited reporting required in the UK or else where...

BlackListedJuly 19, 2016 9:26 AM

@Robert Faulcon Jr.


"A) Your bad-apples canard is more state brainwashing and you've swallowed it hook, line & sinker. The state puts it out to obscure the fact that when an organization has impunity, none of you can be trusted. You're not a protected group, you're a mafiya."

Me, as a Cyber Security Analyst... I'm a mafia? You assume I'm a LEO? Your assumptions and personal attacks are pushing away from the point. Though this bad-apples situation has me thinking about a saying that goes along the lines of building a thousand bridges... never being known for your accomplishments, only for your downfalls.

"B) Yes, do it, policing would be greatly improved if cops were held to the much higher standards of military discipline."

Would you like for it to be fair across the board? or just have those police and military personnel held to a higher standard than the very law abiding populace. If we didn't have crime, we wouldn't need police. But then again, that's an unrealistic notion. Much like that of believing in no police related fatalities.

"Up on the cross?! Now you're not Ann Frank, you're Jesus? Get a grip on yourself."

Did I claim to be a police officer? why would I be Ann Frank, or Jesus?


Robert Faulcon Jr.July 19, 2016 10:29 AM

A) Of course we assumed you're an LEO, with that coy "I'm in the picture" business. Glad you came clean, and delighted that you're not an asshole cop. Since you're not an asshole cop, Why don't you stop whining for them? They're quite capable of doing their own whining. Do you work with them? Are you in one of the fusion centers? You have some incongruous authoritarian notions, for a free human being. Did you get them from exposure to police culture, or from your military indoctrination?

B) Fairness is neither here nor there. Personnel with responsibility for state violence have to be subjected to extraordinary disciplinary standards. That goes for domestic and international armed forces. So knock it off with the ridiculous strawman that unarmed private persons need to be treated like grunts, to be fair.

C) We don't need police. Period. Certainly not the rabid animals we're saddled with now. Police are a recent invention and could easily be made to go away - if this were a developed country.

Nick PJuly 19, 2016 10:55 AM

@ Dirk Praet

"Any person with half a brain intuitively understands that it means "Black Lives Matter Too" and not "Only Black Lives Matter". "

The reason many don't understand, outside the straight racists, that is that the black activists only talk about blacks. They fight any racism involving them but not us. They promote activities to get them ahead but not disadvantaged non-blacks of which there are many. Millions actually. They always push a narrative of how they're the victim to a white oppressor even when they're the majority, control the situation entirely, and oppress them and us. They *still* push that narrative. They also will never concede that their culture (esp thug culture in youth) or race-oriented policies contribute to negative outcomes for blacks. They stay on double standards like how black thugs are merely a product of a negative environment but won't apply that to white cops (or civilians) in violent hoods. As in, they're as full of shit and self-serving as they are telling the truth. And U.S. media are largely afraid to publish counterpoints due to what happens when they're seen as racist. The racist ones, esp right-wing, just publish the violence and riots since they get away with that.

Far as BLM, a friend who supports the movement gave this nice, short video that explains what it means with supporting data. Makes some great points that illustrate need for recognition of problem, justice for those victims, and different policing standards. Love your counterpoint of military vs police standards, too. Some of the data is questionable, though. It looks like they're mixing both the ghetto numbers and regular numbers. I'd like them seperated to see what *average* black outside a hood is facing. In the hoods, even the blacks will draw on someone that does something questionable because cost of being wrong is too high. You can't even look at people wrong over there. No surprise white cops dealing with thugs do the same. Not endorsing it so much as saying experience in hoods warps peoples' perspective and doesn't represent situation outside of them.

In any case, I posted two counterpoints on the situation on another forum to get Black responses over local (Memphis, TN) protests and sieges. One shows that BLM is terrible marketing given the audience is partly white & they're rejecting it. Suggests integrated alternative. The other responds to a black reply pushing The Narrative from my perspective as white minority in schools & locale whose admins, government, cops, managers, and so on were mostly black. Oh yeah, the White Struggle and Black Privilege are both a thing. They just don't talk about that. ;)

"Im a white moderate & Constitutioal activist fighting racism (among other things). Let me illustrate to Blacks how bad BLM is failing. I first saw police brutality with Waco attacks. I watched ATF machine gun mostly white victims with FBI burning them alive by knocking kerosene lamps into tear gas (best theory). They blamed victims. Many whites shot by SWAT teams for nothing. Vast majority of cops were OK or annoying at worst but some were vicious. Right-wing & liberal whites led lobbying efforts against "police militarization." Blacks & Latinos were dying more so also pushed hard against it with a focus on their race. Perfect opportunity for Blacks to push "Human Lives Matter" showing victims of police violence from *all* races. All would unite on this topic from different angles, even cops as bad dept's give them bad image."

"Instead, not for racial bias (wink), they create *Black* Lives Matter, focus only on Blacks getting killed, set up a narrative where they're the victims (not others or not worth effort at least), and lay siege (not protest) to I-40 that Black jobs depend on. Esp Fedex as it's last, major holdout in Memphis and operates 24/7 through Interstates and Highways. If it's not racist, then they IGNORANTLY traded an effective, integrated option for an ineffective, segregated option. Quite different from MLK that sacrificed his life fighting for *all of us*, including Memphis workers' jobs. If not racist, BLM title and priorities are just bad marketing: they need to fix it, not defend it."

"Also, BLM in Memphis against cops was unjustified. Memphis is a murder capital where most the killers are Blacks that shoot around (60+%?) Blacks + everyone else.. Cops usually arrest and try them despite facing one-percenters on daily basis. A place so bad The First 48 was forced to leave to make our image look better. Yet, cops rarely kill them. BLM, if they care about black victims, should be in the hoods of esp North and South Memphis while giving credit to MPD for not going Ferguson on the "gangsta niggas" every day. Many dirty or just asshole cops in MPD but they rarely murder Blacks in city full of Black killers and gangs. Deserve respect for that."

Two productive replies came in, one being the video. A less-productive one restated The Narrative that focus of all the organizations on blacks is because blacks are only ones experiencing systematic racism. Rest just get occasional discrimination. A "white" thing going way back. I was told to put myself "in a black person's shoes." Also, that "black" was a word only blacks can use non-offensively (double standards...). Ran that propaganda by the wrong, "white" guy...

"I start with "black" being offensive. It isnt: it's a neutral term that race members usually call themselves in person, music, and even BLM's name. Likely objection is only Blacks can say it which is same crap KKK says about white stuff. Blacks say they're Black so it's what I call them. We share culture, language, and land as people or we segregate by race. Make up your mind already. I'm for sharing."

"Next point is false narrative sets one side as aggressor & one victim. "Walk in black shoes?" I spent much of my life in mostly black areas and schools controlled by blacks. The white minority were stereotyped, excluded, given punishment differently, and beat down daily. I can't piss without looking over my shoulder since I was attacked in mid-stream so much. Blacks were mostly fine. Even in environments where they had all advantages & teachers helped both, they'd still tell us they were victims plus "disadvantaged" in school (huh?) and life. In Memphis, Ive been laughed out of jobs by blacks, served after blacks, told to stay away from their women... you name it. When I do blogs or pastebins of my experiences, black people think Im a black writer. Shocked to find out I was a white minority that lacked Black Privilege of areas I was in & suffered greatly for it."

"Activists like King (and me) fight all forms of racism. Yet, those like Jesse Jackson and recently BLM exclusively fight racism against blacks but dismiss any *systematic* racism against non-Blacks in mostly-Black areas. They dont care about us. They even reinforce lies where we didnt spend our whole life as minority in shitty schools with ostracism and violence then face job discrimination. Doesnt count if it's "white." Also nonexistent term to me given Anglos discriminated against most Euro-Americans and forced my Scott & Irish ancestors into ghettos. Let our babies die. Newspapers said all Irish are bums or thieves who should "get on boat and go back to thrir country." Couldnt vote either for a while. Forced into hard labor that killed lots of us. All sorts of shit. Sound familiar? Far as slaves, well, we killed a lot of Brits and such when they showed aggression. Maybe it's racism where there was a limit on British-on-whiteish oppression or maybe they left it at colonialism & indentured servitude just to be realistic. I'm not sure due to a mix of limited research and bad memory."

"Recently, most whites and blacks in Memphis work menial jobs in factories, stores, offices, and so on. They're treated as sub-human by bosses and customers. Blacks in many of these jobs describe they and their white colleagues as "slavin" for the bosses. A good chunk have college debt they're stuck paying on that gave them nothing in return. Like a modern day indentured servitude. We were all working these hard jobs for average of 8-10hrs while the "oppressed" blacks were fucking around on a bridge for 5. Something we'd have gotten arrested for. They're right that we don't know their experience since we're not privileged enough to have it. We got jobs and shit to do plus don't plan to disrupt one of our last, three industries that might also leave with layoffs. So I oppose the BLM sieges & black activists focus on blacks since they're *only* doing same damage done in the recent past, esp by racist mayors. They all need to rethink their approach for effectiveness, esp drawing in white moderates. Also, fight for white victims of systemic racism and brutality because we deserve liberty & justice too."

So, that's the perspective of a white minority in violent, black-controlled area. You see any of those points on the news? Probably not: they don't represent us. They even consider it racist or uneducated to think we can be victims of racism. Even though blacks think I'm black when I anonymously write my experience. I "totally understand" then (reveals white) "could never understand." It's insanity...

Note: The funnier part is when I "context-switched" in front of white, corporate people because we walked past a black crowd. I learned to speak a hybrid of AHEC and white dialects to reduce ostracism or attacks in black schools. Friends point out that I unconsciously switch to talk blacker around black people in mid-conversation. Imagine how my odds of getting a contract or highly-paid job go down just because I can't mentally kick the result of appeasing black majorities for years. Need to start a meme of "white, minority problems." ;)

Raul loungin in the Barcalounger with a PBRJuly 19, 2016 11:31 AM

@Nick P., kinda can't blame Black Lives Matter for sticking to the divide-and-conquer identity politics the government prefers. They are a-cute-ly aware that when MLK branched out to form a Poor People's Campaign for white and black alike, CIA paid me big bucks to blow the Reverend's brains out.

BlackListedJuly 19, 2016 11:56 AM

@Robert Faulcon Jr

"I'm in the picture"
as in I've been there. I've been shot at, and been in situations where I thought I was going to be shot or shot at. With the "fog of war" (a phrase, try not to think to hard about it and pick apart the word war) meaning a less than ideal circumstance to make a life altering decision. That can later be picked apart by those never put in those situations.

We do need police, no matter how you look at it. There will be crime, much like there will be fire therefore we need firefighters. Without police, there is no consequence for wrong doing that occurs on the day to day basis. the harsh reality that you can't really argue. They do in fact do more good than bad.

My question about the "fairness" was more so asking should civilian standards be raised to meet some sort of all encompassing human being rules, or should there be individual standards per groups following Military, Police, Civilian. each holding their own standard of accountability.

From the military perspective. I was held to a standard that involved living in a barracks room (because I'm not married). no liquor, nothing more than a 12 pack, no visitors of the opposite sex past 10, if there are visitors to your "home" they will be logged in/out in the duty book. White glove inspection ready living area, staff and officers can check your room at any given time without your knowing. That was my standard as a grown man who had been trusted with an M16 in another country on two separate forward deployments in the middle east.

From my now civilian perspective (now having rights) I'm happy I can just grow my beard out.... and have a dog.

"If this were a developed country"
You apparently haven't the slightest clue of what a non-developed country even starts to look like. You're probably not even grateful for the fact you can even criticize your own government without jail time. I spent time in Oman as well. Now, they're great people, super nice, and they worked well with us. But if one of their people speak badly of their leaders or political situation they receive jail time (up to around 2 years). That's a relatively "developed" country most standards.

But I'm off topic. (chalk that up to a fun fact)

rJuly 19, 2016 11:58 AM

@BlackListed,

"Me, as a Cyber Security Analyst..."

So, you're one of the 'smart' ones...

Think back to high school, did you ever hear any white kids talking about how much they wanted to kill Arabs? That's post first gulf war, if you really listened alot of their parents (from my generation spewed the same garbage). Now, post second and 911 you have the "I want to kill Muslims".

Do you know how many times I've heard that it smells like goats and stinks over there? It's the same thing as talking about French women who don't shave their armpits: is prejudicial and culturally biased.

Those same hill bully kids, and their hill bully parents think it's the coolest thing in the world for the government to give them a gun so they can shoot Muslims. Ask yourself, of that a constructive way to recruit?

But that's right, your not the UN... Most of you are a bunch of highschool kids who wanted to go shoot something.

Now, about them 'good old boys'...

Aside from minor run-ins and disagreements with police myself, whom I greatly respect and admire for the most part, I happen to actually know a few. One specifically, is a member of the KKK and he moved from Detroit to St. Louis; where he retired somewhat recently.

I'm not comfortable knowing our government's recruiting practices and the cultural deficiencies a large portion of our outlaying white populace have and putting them in charge of police work like how we put black people in charge of doling out welfare. It's irresponsible putting that much bias on the front line.

If you want to do it, if you want to defend it: go ahead. You're just a speedbump in the road of progress anyways.

We have to work to change, not resist it and we as a country have a very long way to go. But you're just some fresh cyber analyst... You haven't had a job yet in the real world (that precludes the MIC too btw) like the rest of us: you're sheltered like how you accuse us, but like a skunk you don't smell it. Most of your days in deployment are in a tin can with a radio receiver, God help us all you ever smell the roses... They really do smell like poopoo.

rJuly 19, 2016 12:03 PM

@BlackListed,

You weren't in the middle East, you were in Afghanistan.

At least, according to you.

CzernoJuly 19, 2016 12:06 PM

@Clive Robinson : no particular subject, just /such a relief/ to hear you (or at least a plausible incarnation of you at 9:13 am) are still around and kicking ! I'm sure I'm not the only one who'd started to worry about your uncharacteristic silence.

As the French poet wrote : «Un seul être vous manque et tout est dépeuplé...»

Gerard van VoorenJuly 19, 2016 12:07 PM

@ ianf,

You said that the Brexit was a revolution. I said it wasn't. What happened recently in Turkey, that could have meant a revolution, if the military only did their homework. But what happened afterwards, the cleansing of 9300 people (and counting) from their function and probably more, hat IS gonna be a "revolution", or better said, a dictatorial take-over, which sooner or later is gonna end BAD.

Meanwhile I haven't heard "our most influential EU politicians" saying a diplomatic version of "up middle-finger" towards Erdohan.

Nick PJuly 19, 2016 12:07 PM

@ Clive Robinson

First, welcome back. :) Second, that site reminds me of the "perpetual traveler" and other offshore schemes for financial independence. They used to do all that kind of stuff but more scattered about. Funny that such schemes are reappearing just to do legitimate business in EU. Haha.

@ Markus Ottela

"But storing TFC's keys on smart cards connected to TxM / RxM would add a layer of security. "

Potential there.

" I'm going to give up maintaining OTP and cascading (CEV) versions. OTP is not unusable, but the attacks are not going to be against the ciphertext."

So, my lasting contributions to TFC are conversations here on diode security, convincing you to avoid OTP's, and suppression of covert channels. I'm fine with that. :)

"I think the correct direction is moving towards TxM configuration that requires no dependencies from network during installation: extract, compile and run"

My thinking is dedicated chips for Sender and Network, optionally Receiver. In those dedicated chips or right next to them are ROM's. They have trustworthy image, initial program, and trusted boot for different one if necessary. Your scheme is simple enough, if a text or voice protocol, to implement on old silicon for human inspection. Could be microcontroller boards with ROM's in the meanwhile but long-term target is SAFE, CHERI, Hardbound, or something like that.

"Another issue is code quality. I simply don't have enough time to maintain three versions, especially now that focus is on improving usability, installation and writing unittests (that deal with more and more encrypted data)"

Good to avoid being stretched too thin.

@ Thoth

"I would prefer to limit cascades to two ciphers at best for the sake of simplicity and ease of maintenance. Imagine having to debug so many cipher codes to ensure they work properly and securely. Don't have time for multiple cascade more than 2."

I disagree. TripleSec and Truecrypt proved it's pretty much a job you do once. Past that, you keep getting benefit. One could create modules that represent different protocols with different ciphers that are all strong. Main reason I see to do that is efficiency where you need lower power or increase performance. Especially mobile or servers. Salsa20 is good for that.

"You can create a shared library and called libTFCCore and then expand it for the many modes and features (i.e. libTFCSymmetricKeying, libTFCGUI ...)."

I'd say lean on an existing, high-quality one like NaCl. There's both C and Rust projects doing this. One can avoid unnecessary work at least in the more, limited implementation.

"Quoting @Nick P. Read the link on how to build a high assurance smart card OS and use the lesson and convert it into other fields (not just building SCOS)."

It was a good link. I always enjoy re-reading it. Used it on Hacker News recently. Shows an example of doing it right plus how incremental development is necessary.

"$800 CrypTech Open HSM"

We discussed it here before. Still waiting to see them deliver an actual HSM. ;) Might be easiest at this point to use several smartcards in voter configuration controlling several FPGA's or custom ASIC accelerating bulk encryption. I still think we need an ASIC for this stuff. Good news is there's a shit-ton of academic papers on accelerating crypto on older nodes. It can be prototyped on FPGA's.

@ All


re Shenzen

Wired has an excellent documentary for free on the rapid development of electronics and innovations in Shenzhen. It's badass.

re academic papers

This trickle-down effect ianf describes is a myth. There's been several discussion on Hacker News about this topic featuring lots of academics and one guy from SAGE publisher. The consensus of the model was this:

1. Academics are all about reputation and number of citations in major journals. Many the culture of academia to do that but some corruption as there's financial incentives.

2. Taxpayers and private parties fund the research that will be published in the journals.

3. Academics, either cheap or free, do the peer review and much of the curation for those journals.

4. Publishers like Elsevier acquire the journals, copyrights of research, and so on to charge money for them. The services include some curation, improving presentation of papers, and distributing them. Profit margin is over 30% due to monopolies piling up.

5. SciHub shows efficient, massive distribution can happen for $5,000k/mo. Still costs in curation but almost nothing.

6. Academics noted that they were forced to publish in monopolistic journals and surrender copyright to keep their careers from being sacked. Some can't even access their own research without paying exhorbitant prices.

7. Taxpayers are taking massive losses because we effectively fund these publishers' profits while they lock up all the scientific knowledge we create and lock out people that might put it to use.

So, it is effectively a scam with corruption and stupidity in many aspects. Sci-Hub is a great event as suddenly many bits of knowledge, including high-assurance INFOSEC, can be had as much as needed without acquirer being in the financial 0.01%. The institutions themselves can pay... often do anyway (sighs)... pay for the curation process with distribution nearly free if distribution is non-profit. It's not for major journals so scam persists.

Doug McCune, a SAGE affiliate, had nice posts on costs and methodology starting here. That started in this excellent write-up of the overall situation with comments here.

rJuly 19, 2016 12:20 PM

Now BlackListed wants us to be grateful of our god given rights, that he's between entrusted to protect.

BlackListedJuly 19, 2016 12:33 PM

@r

I worked in self employment as a clam digger for most of my life. No law directly stating my parents or I couldn't buy me a license to harvest seafood at the age of eight. I did that/raked quahogs/sternman on a lobster boat/dove for sea urchins/snapped heads off shrimp all up until the age of about 18. Now you can classify them as not being jobs if you so choose. I didn't have a boss. But be damn sure I was getting paid, and I know what a hard days work felt like long before I stepped on the yellow foot prints, or became part of the IT field.

I get it too, middle east cannot be thrown around to encompass Afghanistan. You caught me on a typed technicality of me labeling it that.

rJuly 19, 2016 12:40 PM

You were also on a boat growing up and likely well interested in emigrant communities.

Likely not the deeply entrenched bigotry we're addressing here.

I will not blow down to you or anyone else and thank anyone short of God for my rights, I will thank you for trying to be a good example overseas and trying to help the sick and injured.

BlackListedJuly 19, 2016 12:43 PM

@r

Yes I do, I'm grateful for those who came before me and for the fact I was born into a place where I have rights. I'm grateful for the people who gave their lives laying down the foundation of this nation. I'm grateful. For someone to believe it's their god given right is absurd. Ask china how their god given rights are going, they can't answer. Not allowed.

BlackListedJuly 19, 2016 12:48 PM

@r

I was still a bit heated from the skunk and tin can comment in the post above. ^ I see things have calmed down.

ThothJuly 19, 2016 1:11 PM

@Nick P

"I disagree. TripleSec and Truecrypt proved it's pretty much a job you do once. Past that, you keep getting benefit. One could create modules that represent different protocols with different ciphers that are all strong. Main reason I see to do that is efficiency where you need lower power or increase performance. Especially mobile or servers. Salsa20 is good for that."

That's if you can comfortably squeeze three ciphers into small embedded confines (e.g. smartcard). Cryptographers like Rogaway (in one of the papers) did mention that cascading ciphers are best done odd numbers (forgotten the reason but it is in IACR). Luxury of more than 2 cascading ciphers are rare. Thinking along the line of portability of the cascading layout to make them usable not just on PC computers but also across the board on embedded devices so people don't give the excuse of not doing their due diligence whenever possible.

As I have mentioned in the past, too many crypto schemes are blind to embedded systems and now we have IoTs around us and more crypto protocols and schemes are having a ton of difficulty being implemented on confined spaces because of shortsightedness of protocol and scheme designers not considering how the future of security would progress.

As I am on the receiving end of implementing crypto schemes and protocols on smartcards, even the X.509 ceritifcate is a pain in the bottoms let alone something like cascading ciphers which is really a luxury these days where most coders simply forget how constrained it can get back when you only have a couple kilobytes of RAM and probably a couple megabytes of permanent storage.

"I'd say lean on an existing, high-quality one like NaCl. There's both C and Rust projects doing this. One can avoid unnecessary work at least in the more, limited implementation."

Yup, NaCL is one of the best crypto libs. What I meant is making all components modular so they can be dropped in. I believe the current TFCs (multiple types) are their own codes and are not made with modularity in mind hence the trouble of maintaining so many variants. If modularity were introduced, the maintenance would work without too much problem and @Markus Ottela wouldn't be stretched too thinly as there is no need to duplicate codes around different TFC variants.

"We discussed it here before. Still waiting to see them deliver an actual HSM. ;) Might be easiest at this point to use several smartcards in voter configuration controlling several FPGA's or custom ASIC accelerating bulk encryption. I still think we need an ASIC for this stuff. Good news is there's a shit-ton of academic papers on accelerating crypto on older nodes. It can be prototyped on FPGA's."

Downright easiest HSM that is mostly open and commercially viable is Ledger's bunch of products. I am in constant contact with them to get the latest information as their stuff are closest to a fully usable HSM with secure input and display. The only downside is the ST31 secure chip used contains a proprietary blob with HAL access so that we developers don't need to apply for an NDA from STMicro. Going to lay my hands on a couple of those once they start allowing pre-orders for both the Blue and Nano S.

As I have mentioned, the SC4 HSM you mentioned if equipped with my recommendations would be an alternative to Ledger's stuff with a twist which is the ability to swap smartcards which makes backdoor more irritating to occur as you have the ability to swap the cards around.

Robert Faulcon JrJuly 19, 2016 2:19 PM

@Backlisted, Now we have absolutely no idea what 'in the picture' means. Unfortunately, with all the vague explaining your cryptic utterance has lost any vestige of its original James Bond mystique.

You're out over your skis with this developed-country tirade. You've evidently eked out a lifetime of pontificating from visits to two countries, peeking out at them from inside some military fortress. You don't know what a developed country is. But you could look it up. And you don't know what an underdeveloped country is either, even though you live in one. Imprisoned for speaking badly of their leaders! For 2 years, Heavens to Betsy! Guess you never heard of Barret Brown. Or Mumia. Or Fred Hampton. Or RFK. Or Abraham Bolden. Or Eugene V. Debs. Or Julian Assange. Sincere condolences that the military treated you like a child, but that's no excuse for allowing yourself to be gulled into thinking you live in a free country.

You have no rights. Your rights are gone. Africans have more rights than you. COG has replaced your constitutional rights with secret law, your civil and political rights have been denied or suspended in bad faith, the government has refused to acknowledge your economic, social or cultural rights. If you want rights you're going to have to fight this police state for them.

BlackListedJuly 19, 2016 3:04 PM

@Robert Faulcon Jr

I do apologize for the all over the place response. I was in and out of the office, and back and forth on looking at the whole response I was replying to. the whole "fog of war" bit I intended to elaborate further on pushing it into police based situations. (in hopes you wouldn't pick the word war out of the phrase and claim the police are at war with the day to day civilian populace). From my take, I assume you do not wan the Bloods, MS13, Crips etcetera running the streets as opposed to the police.

If you prefer the wild west approach in cleaning up the streets with your own PeaceMaker, that kind of makes you Batman I guess which is cool.

What rights don't you have at this point? In this underdeveloped country is my question I guess. we could get a lot more out of this conversation if we talked about that.

Only thing I can think of is you saying this. "I want the right to a fair trial, without the fear of death." I see it, people do end up getting shot wrongfully, I'm not saying it doesn't happen. I'm not ignoring it.

We can at least agree that we need to get rid of the extremists. (in a sense of them not having their mentality, not meaning kill them off) Remove the bad cops, quickly and firmly. Charge them accordingly. At the same time, we need to get people to come together as one. From what I can see the media is profiting off selling the stories of White Cop and Black Man. Expanding the gap that was closing between the races. You never see the story on the news, or the protest on the streets when a Black Cop kills a Black Man. I'm just saying.

If you're right and in the end it's the media being controlled by the government and not by their own greedy pockets being lined by the controversial stories of Black v White. Then I tip my hat to you sir and submit to your intelligence.

@Robert Faulcon Jr

Calm down a bit please and just converse.

Robert Faulcon Jr.July 19, 2016 3:39 PM

It's not my fault the facts are upsetting your desired zen state of calm. It seems the facts about your rights upset you. Here are the facts about the legal requirements that your government fails to meet. Digest them at your leisure.

www.treatybodywebcast.org/hrctte-110-session-united-states/

www.ushrnetwork.org/sites/ushrnetwork.org/files/catrecommendations2006.pdf

http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CCPR%2FC%2FUSA%2FCO%2F4

(UN-ICCPR-Concluding-Observations-USA.pdf)

Extremist is a government scare word. Adults don't care about extremists, they care about rights.

rJuly 19, 2016 3:56 PM

@BlackListed,

It's alright we're all passionate about something the important thing is communication. I'm still waiting to get lambasted (lamb basted?) for my unfair comment about welfare.

You've got my trust you seem fairly objectional I appreciate that, I don't mean to single everyone out in my generalizations either but s***'s messed up yanno?

Dirk PraetJuly 19, 2016 8:44 PM

@ Nick P., @ Robert Faulcon Jr., @ Blacklisted

Before we continue, let's have a look at some relevant statistics: WaPo figures put the total amount of people shot and killed by police to date for 2016 at 532, of which 245 White, 131 Black, 80 Hispanic, 23 Other and 53 Unknown. Some other quick research says African Americans make up about 13% of the US population, and are responsible for about 50% of all crimes.

Now we can probably go on for several hours as to the hows and whys of black folks being proportionally over-represented in these figures, but the real elephant in the room is the total number across races, which is unparalleled anywhere in western democracies and, to put it bluntly, is a complete disgrace for any civilized society under the rule of law.

It can come as no surprise to anyone how this ongoing slaughter of civilians has eventually spawned Black Lives Matter, especially with all the very graphical and often extremely shocking footage of people being shot in their cars, in the back, while wrestled to the ground and so on. What I actually understand far less is why white folks are so silent about it, as if this were perfectly normal.

Admittedly, BLM - like any other grassroots movement - has its share of whiners, hardliners and agents provocateurs trying to hijack the agenda and would indeed benefit from reaching out more to none-black communities. But you cannot just ignore the historical background of racism and discrimination that has shaped the mindset of many BLM activists. Both their justified demands and the more BS elements are not unlike what we are seeing here in Europe with certain segments of North African immigrants.

Unfortunately, it's not any different on the other side of the spectrum. The sheer racism, bigotry, hatred, intolerance and stupidity displayed at the first day of the RNC is more reminiscent of a populist rally in Turkey or Bangladesh than that of a democratic convention trying to find intelligent and unifying solutions to the nation's many problems.

I still have a hard time seeing the part on why half of the individuals resist or run when confronted by police.

Frankly, I think it's because they're scared. And even when folk resist or run away - especially when they are unarmed and have been stopped for selling cigarettes or a broken tail light - this can never be a reason for shooting them dead. You are aware that several countries have recently issued travel advisories to their citizens to be very careful when dealing with US police officers and even avoid wearing traditional clothing? That's downright insane.

A vital portion to that has to do with the fact that none of the local population based deaths are going to be held accountable as an international incident, no NATO, no other countries to hold us accountable but ourselves.

I don't think this plays a big role. The US does not recognize the authority of the ICC and can veto any ICJ decision in the UNSC. If a US platoon decides to wipe out a small Afghan village, they can, in practice, only be held accountable by their own chain of command.

We don't need police. Period.

Only in Utopia. When I was younger, I also thought ACAB, but reality unfortunately is such that without them the only rules in effect are those of the jungle, especially in a country where every moron can buy and carry a gun. Which is not to say that over the years I too have encountered quite some perfectly useless d*ckhead LEO's and that I will in general try to avoid any interaction with them, whether or not I have something to hide.

The police is not your friend. Neither are they there to protect and serve. They are paid civil servants with a state monopoly on violence and who will only do their master's bidding, whatever that bidding is.

rJuly 19, 2016 8:45 PM

@Nick P,

"I watched ATF machine gun mostly white victims with FBI burning them alive by knocking kerosene lamps into tear gas (best theory)"

I don't think that government narrative is valid anymore, ruby ridge resulted in not only dropped charges but compensation... AND last week's thread on this round-about-robin topic found 3? other instances of "incendiary tear gas" being used on civilians.

Benefit of the doubt then, vs benefit of the doubt now?

I don't think so, now we have this "security analyst" fresh out of highschool and the lobster boat trying to be an apologist for a culture he's only seeing his friends join.

He said he still works for the military IIRC so that precludes "social work".

Clive RobinsonJuly 19, 2016 8:51 PM

@ Czerno,

I'm sure I'm not the only one who'd started to worry about your uncharacteristic silence.

Yes I'm still alive, though the quacks still don't know why ;-)

Though I'm not back to full flight readiness, I can at least flap my wings a bit.

I have little memory of the incident that started this recent clutch of problems. Basically what I remember was being taken ill at home and attempting to get myself to hospital. Then comming to in the middle of a conversation with an A&E (ER) consultant... As far as I can tell I've about 30-45 minutes of my life that I've no knowledge of and have now got some form of weird aphasia.

Apparently I was discovered collapsed and unconscious in a hospital corridor with poor vital signs and was thus rushed into resuscitation, where I started fading in and out of consciousness. I was initialy admitted as an in patient with a suspected neck and head injury, unfortunatly I also had quite significant motion sickness and could not be scaned due to starting to vomit as they slid me into the CAT scanner. Eventually I was sufficiently stable to be scanned the next day and there were no indications of broken bones etc so the troublesome neck brace came off. A "tilt table" test a few days later showed some real oddities and kicked off another attack so had to likewise be stoped mid test. Since then I've had seven other attacks of my blood preasure falling through the floor and me keeling over and then things have returned to normal for no identifiable reason... So my life has sort of resumed but I've lots of tests coming up just to add to lifes other little joys.

With regards the French saying, it comes from a famous poem taught to French school children as Shakespeare is to English school children. It is also notorious for not being able to be easily translated into other languages, thus comes up in exams. However a rather attractive French lady engineer I used to work with did translate it correctly for me a quater of a century or so ago.

ThothJuly 19, 2016 8:56 PM

@all

Opera Browser Being Sold Off to China.

Yup, literally.

Anyone still on Opera browser (mobile or desktop) would soon be under the control of the Chinese so it's about time to switch if you are concerned about this deal. I am currently test driving Vivaldi browser (yes .. it's closed source).

Current state of browser technology is none of them are secure (partly because the OS itself is insecure) and the fact that secure browsing technologies are hard to come by as most browser makers prefer to put in the bells and whistles.

Talking about secure browsing, Servo (Mozilla's Rust language made browser) supposedly could do pretty well in the rendering department but still needs more work. A note is that part of Servo is still using C/C++ that are definitely not leveraging the protection features Rust provides.

The best bet is still a microkernel and using Qubes's style of creating multiple isolated workspaces but those are not realistic as most microkernels available to the open community are still not usable and Qubes usage of Xen which is known to be very secure (and not even a separation minimal TCB hypervisor like Genode's NOVA hypervisor).

Secure and trusted computing on a single CPU ? Still many centuries away until more people wake up to the fact that security, separation and minimal TCB is a must in all designs.

Link:
- http://www.reuters.com/article/us-opera-software-m-a-china-idUSKCN0ZY0CA
- http://www.theregister.co.uk/2016/07/18/no_12bn_opera_buyout/

WaelJuly 19, 2016 9:44 PM

@Clive Robinson,

Glad to see you're alive and kicking (anything but the bucket, of course.) I had a feeling something like that happened.

I've no knowledge of and have now got some form of weird aphasia.

Good thing it didn't affect your reading and writing comprehension otherwise your words... Wait a second, can you understand me? :)

SpookyJuly 19, 2016 11:42 PM

Ditto, glad you're still with us Clive! Your posts always remind me of someone casually turning on the tap, then suddenly opening the valve full bore and twisting the handle off with a pipe wrench. But for all the verbiage, I never walk away without learning something new. Please keep it coming! And I hope you get to feeling like your old self again. :-)


Cheers,
Spooky

CuriousJuly 20, 2016 12:36 AM

Heap buffer overflow in ASN.1
"Objective Systems ASN1C generates code that contains a heap overlow vulnerability"
https://www.kb.cert.org/vuls/id/790839

ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C code that may be vulnerable to heap overflow.

Developers making use of ASN1C in their products should audit their code to determine if their application is vulnerable.

*Long list of companies sourced from a customer list from Objective Systems*


I wish I knew how common such vulnerabilities are.

CuriousJuly 20, 2016 12:41 AM

@Troth

Opera also has a separate email client. I guess that is also sold to China with the company.

I am no expert, but afaik Opera has two different browsers:
v12.18 (included email)
+ v38 (newest one, but without email)
+ email client

No idea if 12.8 is still something that is being updated. I think it is.

CuriousJuly 20, 2016 12:50 AM

Re: Police and guns

In my country, people imo seem to have been given the impression that the police didn't already have firearems, afaik they did, just not the individual patrolling police officer.

I seriously doubt the necessity of arming the police, I am inclined to think that armed police are really ONLY armed to protect *themselves*, but not the public.

And in USA, with the general populace being armed as a cultural thing, no wonder that police ends up being and keeps being imo paramilitary (presumably highly organized, not just being armed with firearms).

CuriousJuly 20, 2016 1:16 AM

To add to what I wrote just above:

I forgot to mention, that the arming of police officers in the street, is something of a novelty in my country, and I suspect this was brought about with the recent right wing political leadership.

The bomber&shooter Breivik in norway (I write norway with small letter, nothing related to Breivik though) ended up going to an island where he later was arrested. From what I have read the police had up to that point apparently been so very careful, giving me the impression that the police didn't really try protecting the public (on that island that is).

Reading an old article now, the police was criticized by the media for seemingly wasting nearly half an hour in their travel to the island, with armed police next to the island not doing anything. There is also the story about how the police did not make use of any helicopter, even though their pilots were seemingly ready and eager to help.

CuriousJuly 20, 2016 1:24 AM

@Thoth

Opera also has this tech for optimizing stuff for mobile phone users. I have no idea how common that is among other web-browsers-for-mobile-phones. Irrc, mobile phone users have their web traffic going to a server that optimizes the files used for rendering a webpage, to minimize the amount of data sent unless I am mistaken.

CuriousJuly 20, 2016 2:27 AM

What the hell is "HP extended capabilities"? (HP printer software)

HP even asks for printer registration upon install.

Clive RobinsonJuly 20, 2016 3:38 AM

@ Wael,

Wait a second, can you understand me? :)

About as much as I usually can 0:)

What happens is I think of a sentence to type, and whilst typing I will forget a meaningfull and apt word I knew just a few seconds before. I might remember what letter it started with but that's about it. The thing is that I don't forget the word, often if I plow on without it, it comes back to me a little later. A recent example is the word "confectionery", I was typing up a note up about sugar setting and lost the word so ended up putting "sweet making" instead. A little while later the word was back to normal, and as someone who has and still does confectionary in their hobby time, it's not by any means a rare usage word to me. All most odd...

@ Spooky,

Please keep it coming! And I hope you get to feeling like your old self again. :-)

You and me both.

@ tyr,

Glad to see you here again.

I'm glad to be back, it adds that bit of "normality" that keeps the old grey cells from running to fat.

Clive RobinsonJuly 20, 2016 4:12 AM

@ Curious,

I wish I knew how common such vulnerabilities are.

It's a "lost in translation" problem going from the abstract description to the practical implementation, so I would expect more "corner cases".

ASN.1 has been a pain in the rear end for quite some time and suffers from the "works in theory but in practice..." problem.

If you want to see a real nightmare of ASN.1 have a look at the ill fated and now defunct Secure Electronic Transactions (SET) specification from the last century. I had the misfortune to have a close look at it back then and the one thing I distinctly remember was that they were trying to "nail down" the "bubbles under the wall paper" without having ever picked up the paste brush. Thus having the same level of success as you would expect from an economic five year plan where the only knowledge was from a book on Marxist philosophy.

ASN.1 is a tool much like mathmatics is, but suffers from the same pitfalls. It's sometimes difficult to describe to people who don't have the requisite background knowledge, to see why here's the Wikipedia description,

    ASN.1 defines the abstract syntax of information but does not restrict the way the information is encoded. Various ASN.1 encoding rules provide the transfer syntax (a concrete representation) of the data values whose abstract syntax is described in ASN.1.

Much of the problems exist in the use of those "encoding rules" due to implicit assumptions, that may not be valid in all cases...

In effect you can end up with the same problem you get when you build a state machine, but do not specify all the states fully or correctly.

ThothJuly 20, 2016 4:48 AM

@Curious
re: Opera software suites

I consider them compromised whether it is email or desktop and mobile web browsing. The mobile proxy supplied by Opera is a loteral MITM. It sees the most famous webpages and caches them. It is a caching service.

re: Police firepower on per personnel basis

They may have concealed carry and plus their vehicles may include rifles and shotguns. US LEA are gettong more militarized. Soon you might see them running around in military used AFVs instead of police cars (most of the police APCs are not yet equipped to the teeth like their military cousins).

re: ASN.1

We need a newer and better standard thhat causes lesser memory issues due to parsing problems from abstract syntax.

CzernoJuly 20, 2016 5:18 AM

@Clive :

I find it amazing - and comforting, too - how aptly you are mastering your thought and your writing, considering the all too awful experience which you have recounted ! Hope the bulk of it is behind you now.

Re : French poet's verse. Lamartine by far is not as famous as your Shakespeare. That verse is from the poem "Le lac" which indeed all French schoolboys had learnt "par cœur", though I doubt the young generations do still learn it (or any poetry) considering the appalling state in which our school system has fallen since the early 1970s :=(

Sancho_PJuly 20, 2016 5:45 AM

@Markus Ottela, re Vishay coupler

"The goal is ..." - I see, exactly what the coupler is made for.
Speaking of the output side:
A low RL can't fry the photodiode, but a high voltage (> 15 V) between pin 8 and 7 (do not connect pin 7 if you don't have a good reason to do so) could.

A low RL (= current > 16 mA) will damage (overheat) the transistor, depends on time, see max ratings.
My suggested LED together with the 0.33k will keep the current below that limit, and you should immediately see when the the coupler is fully "triggered". Keep in mind it is an analog device, low input current will result in low output current (this is what we do not want in the "digital" world) and limit transmission speed.

VO stands for "Output Voltage" (see datasheet column "symbol"), this is the point where to connect an oscilloscope when testing the performance (switching time) of the device or to connect your next stage in the circuit.
For max performance (speed) and secrecy (!) you would skip the LED and increase RL, however at the transition from "low" to "high" the output (VO) will be pulled up by RL only.

Therefore, depending on your output capacitance (in the Fig. 10 test circuit represented by the 15 pF cap) you should avoid high RL values (slowly loading your output capacitance ...).
This invokes the next point, what is behind the coupler? Because of the analog working coupler you may need something to make the signal definitely "digital", a kind of Schmitt - trigger, in the next stage.

And try to make a picture of your coupler in action, using a strong flash, just in case the flash triggers an extra pulse ...
Have fun!

JG4July 20, 2016 6:15 AM


@Clive - Glad that you survived. As you get older, the feedback systems in your body become less robust. Two of the most critical feedback systems control blood pressure and blood glucose. I am pretty sure that sugar has serious negative health consequences. See for example,

http://opinionator.blogs.nytimes.com/2013/02/27/its-the-sugar-folks

The most profound quote that I've heard on the topic was 18 months ago when I met a nurse practitioner. When I asked what he thought of low-carb (expecting the current medical brainwashing promoted by the sugar industry) he said, "Before I went low carb, I weighed 400 pounds, my A1C was 7.9 and I was on insulin. Now I eat 30 grams a day of carbs, my A1C is 4.5 and the only medicine that I take is metformin."

I probably said before that metformin is an experimental drug for life extension, but has been a diabetes drug for nearly 80 years. Calico hired Cynthia Kenyon, who discovered that the IGF-1 gene in flatworms has a profound effect on lifespan. She doesn't eat any sugar and not much starch, since she found out what they do to gene expression, healthspan and lifespan.

I am somewhat less hypertensive and bitter than last year, but slightly more diabetic. Resilience comes from robust systems.

ThothJuly 20, 2016 7:52 AM

@all
Brazilian authorities attempts to sanction WhatsApp usage in Brazil.

It would be in the best interest for WhatsApp to fully open source it's codes and protocol so that it can wave it's hands and point to the fact that due to it's End-to-End encryption protocol (hopefully properly implemented), it could not hand over any data of sorts and even if it were to dump the whole server contents it owns, it would still not satisfy the Brazilian authorities.

In the long run, Box-in-a-Box encryption would probably be the only method of secure communication as World Governments attempt to deny End-to-End encryption (or even basic electronic privacy and security rights of individuals).

Link: http://www.theregister.co.uk/2016/07/20/whatsapp_gets_another_brazilian_from_magistrate_seeks_injunction_blocking_block_order/

Clive RobinsonJuly 20, 2016 8:07 AM

@ JG4,

It's nice to be back, this blog gives my old gray cells a run around the block as it where, and yes I do tend to the "use it or lose it" view. But not quite the "my mind is a muscle" view of the Brain Training software pushers, they go for reps not variety thus may actually do more harm.

As for sugar and other carbs, I have a book from the 1920's from a Dr who basicaly said what Dr Atkin's did fifty years later. Historicaly those of North Europeaan ancestry rarely injested even root veg starches, simple carbs came from very seasonal fruit and veg, and the occasional lucky find of honey which earned it's name of "liquid gold" if from nothing else it's scarcety value.

It's only in the last thousand years that sugar started to be more common as examination of teeth in skeletons shows. Sugar is not realy a natural substance, like wheat the plants have been cross bred in what is in effect a form of genetic engineering. Further recovering usefull amounts of sugar from plants takes industrial processing using chemicals you would want to avoid taking into your system. If you want to know more look up sugar beet extraction oh and the generation of corn syrup, it's all nasty stuff (not that non sugar sweeteners are any better). You can blaim the modern sugar perversion on the Dr of a US president who had heart troubles. He fudged the figures of various studies, and many would consider him a crook or a charleton these days. It's only now that he is dead and his sycophant acolytes are dying out as well that others dare publish contradictory but more scientificaly credible evidence. You can read more by searching for articles with "pure white and deadly" as a search string.

What people are starting to find out is that the AMA advice on type II was effectively a death sentance by enforced addiction. Put overly simply your body has reward mechanisms for sugar based on it's scarcity and it's seasonal availability. That is in times long past gorging on fruit etc in the autumn was a significant survival mechanism, thus the body developed systems to encorage this. One such involves the pleasure centers in the brain, another is the punishment system of falling blood glucose levels, acting like a ratchet to make you eat more. However if you do not eat carbs when you wake up you will tend not to feel sugar cravings all day. Thus advice from the 1930's about a light protien heavy breakfast, high fiber content but low carb broth for lunch and a limited number of carbs two hours before bed (to get serotonin effect) actually helps people with weight and type II problems. Contrary to what you often hear not all calories are equal when in food. Cooking effects carbs and your bodies ability to process them as can be seen with GI values for carrots, other foods have an almost "negative effect" in that the body expends more energy digesting them than it gets from them (it's a shame cellery etc tastes crap).

As more recent science shows, early stage type II can actually be dieted out. That is if you remove the insulin stress before significant damage then you can recover to the point where medication is nolonger required. The problem is you have to give up virtualy all processed foods to reduce sugar, starches and salt, which can make food seem purgatory rather than pleasure.

As for life extension there are various reasons touted one of which is the "hibernatory cell" idea. Basicaly the idea is as you starve your body goes into various different modes one of which is to slow down cell activity and thus reduce the oxidatory effects that cause gene damage and possibly cancer etc. The problem is that other starvation survival modes is for your body to "eat it's organs" the trick then is to find ways to trigger the desirable modes but not the undesirable modes. From some studies it appears low carb higher fat and protein is one way, if you keep your total calorific value at around 80% of that previously recomended for your sex and body type. One result is you lose the intetnal "killer fat" and your total body fat can come down to around 5% which would normaly require athletic performance of top flight athletes.

The various "longevity drugs" appear to work by causing the body to mimic some of the desirable modes. Also there is a debate about sunlight and the required amount of vitamin D. It's now well established that sunlight ages your skin and significantly so if you smoke and drink. Less well known and still an open area of research is the dietry relationship to vitamin D and carbohydrate some studies suggest that less carbs means you don't need as much vitamin D as you can better utilise it etc...

Oh and Cyclodextrin (CD) used to make powdered alcohol amongst other things, appears to have quite measurable effects on delaying Alzheimers and dementia. CD is a commonly available food adative which means that drugs companies are not interested in funding research (as no patent payback). The story of how somebody found out about the protective effect of CD is actually a very supprising one.

It's no secret that various vested interests do not want to see logevity for all as this will effect their business models. Such vested interests are those involved with pensions and retired health care provision.

I guess the real question is will we live long enough to see the benifits of longevity research, and if we do will we be in a state where we have the economic status to take advantage of them...

another_Clive_fanJuly 20, 2016 8:53 AM

Glad you are back.

BTW here are some links that might interest you:

a) Crapsules (capsule form fecal matter transfer treatment)
http://www.openbiome.org/fmtcapsules/

b) VSL#3 a prescription strength probiotic (whatever that means) that seemed to help an eighty year old plus member of my family (who opted out of crapsules for now)
http://vsl3.com/

c) finally, please, before we hear about "boiling frogs" again please consider another analogy or simile if that one has been dis-proven.
https://en.wikipedia.org/wiki/Boiling_frogs

Cheers,
another_Clive_fan

ThothJuly 20, 2016 9:13 AM

@all
Micro$h@ft is moving $kype away from it's original P2P connection to a fully cloud based centralized setup (that means more efficient tapping and control).

There is Signal for Android and iPhone but what is there for the desktop realm (Windows/Mac/Linux/BSD) ? Some might point to Pidgin with OTR but the fact that asking your friends and family members to begin with Pidgin (without OTR) is already a painful and tedious chore, let alone moving to installing OTR plugin for Pidgin and then after that manually exchanging and checking certificates.

On top of that, there are no quality service providers for video and audio chatting on Pidgin (that also meet high security standards and are open source).

Link: http://arstechnica.com/information-technology/2016/07/skype-finalizes-its-move-to-the-cloud-ignores-the-elephant-in-the-room/

rJuly 20, 2016 10:53 AM

On the fly SSL registration and renewal inside Nginx with Let's Encrypt

https://news.ycombinator.com/item?id=12128993

Hosted on github, the linked discussion talks about how this is not vanilla nginx and the larger platform it encompasses. But some people may still find the quick to deploy features nice for a small business where the TLS learning curve may be discouraging.

rJuly 20, 2016 12:53 PM

Oh what fun we'll have.

http://www.zdnet.com/article/arm-symantec-and-others-team-up-to-set-out-security-standard-for-internet-of-things/

"Now companies including ARM, Intercede, Solacia, and Symantec have developed the Open Trust Protocol (OTrP), designed to provide secure architecture and code management to protect connected devices."
"OTrP is a high-level management protocol that works with security products, such as ARM's TrustZone-based Trusted Execution Environments, which are designed to protect mobile computing devices from malicious attack."

This coming from one of the companies responsible for multiple remote facing ring0 exploits, further might I add that "TrustZone" may be designed with security in mind but ARM's engineering leeway obviously permits the introduction of major holes... (I'm looking you DRM)

It will be nice to see where this goes, but I don't have a whole lot of confidence in this adventure with Symantec at the helm and no real W^X separation in TZ.

Markus OttelaJuly 20, 2016 1:12 PM

@ Nick P

"So, my lasting contributions to TFC are conversations here on diode security, convincing you to avoid OTP's, and suppression of covert channels."

You've been a huge asset! I'm trying address the covert channels in the documentation, I hope we can discuss them extensively once everything's prepped.

"My thinking is dedicated chips for Sender and Network, optionally Receiver."

Why not receiver? It's after all the most troublesome as the window of opportunity remains open for 0-day exploits, and it can leak keys over covert channels. The networked device should be able to run Tails that in the future hopefully comes with Ricochet preinstalled. (I had a quick talk with Ricochet developer John Brooks back a year ago and he was interested. The issue was I wasn't sure how to connect NH.py to it, but now that sockets seem more or less the obvious choise, it's only the matter of implementation and agreeing on packet header to port mapping).

"Could be microcontroller boards with ROM's in the meanwhile but long-term target is SAFE, CHERI, Hardbound, or something like that."

I recall you talked about micro kernels all that. Suppose we were to rewrite the software in C and squeeze it on to micro controllers. What's the best solution with interdiction in mind? Also what are the steps user would have to take? At the moment it's building the data diodes (optionally HWRNG), buying 2-3 computers and 4 serial adapters. Then there's the prepping for each computer: removing mic, speakers, wifi/bt and covering webcams. Then it's the matter of installation (next version makes it very easy) over ethernet. What would SAFE, CHERI style setups be like once it's made as easy as possible? (How I imagine it is, user has to buy their own microcontrollers, order custom PCBs, burn in the ROM and put together the board. Is there more or less to it?)

"I'd say lean on an existing, high-quality one like NaCl"

I agree. At the moment TFC is using PyNaCl that has C-bindings to libsodium. How's the performance with dedicated chips if cascading is reimplemented?

@ Thoth

"Rogaway (in one of the papers) did mention that cascading ciphers are best done odd numbers"

I'm pretty sure that's when you're using the same cipher for all layers: Using the same key allows 3DES to fall back to DES specs (easy configurations for export regulated countries). With even number the same key would be the same as double-ROT13. With CEV, we're talking about independent algorithms, keys, nonces, and thus, independent keystreams. There, the additive keystreams most certainly do not suffer from even number of ciphers (as is the case). That's simply because for every odd number of streams I can XOR it with keystream of 0x00, and the result is keystream that's as strong as the odd number. You can't remove entropy from keystream by XORing it with keystream that was created without prior knowledge of the existing keystream.

"Luxury of more than 2 cascading ciphers are rare."

The only place I've seen cascading crypto is TrueCrypt and it's forks, where you can choose between 1-3 AES finalists.

"What I meant is making all components modular so they can be dropped in."

The cipher is trivial to change. Adding a few extras ciphers to encrypt_then_sign() function is easy. A key management environment with multiple keys is hard. You need separate key verification functions, different local key delivery system (unless you want to type 512 hex long KDKs). All that is doable but as I said earlier, usability needs more attention now.

"I believe the current TFCs (multiple types) are their own codes and are not made with modularity in mind"

There's a genuine issue of TFC programs being on a single file. @Nick P had a good suggestion about separating crypto libraries such as Keccak into different files, and in some ways that has been done; there is no Keccak Class anymore in CEV, just the CTR mode implementation over the CSPRF. The size of Twofish function is less than half of what it was... But then again, I've been the frog in the pan and should've listened to him about the water getting warmer; The size of Tx.py has ten-folded over the past three years (currently it's almost 5k LoC).

Every time I try to split the program I get cyclic import errors, I run into problems with global variables etc. I just listened to a rant of a fellow CS student about the same issues with Python.

But the version after the upcoming has to focus on modularity. After that, it's easier to add different cipher configurations etc, have only one TCB-side installation configuration where user can choose between Tx.py/Rx.py functionality, what ciphers, key(set) loading, key verification functions are imported etc.

@ Sancho_P

I think pin 7 won't be needed at all. If the collector and emitter can handle enough current to power the serial interface it should be fine.

RE VO: Great good to know. I have an age old analog oscilloscope just for this project.

"For max performance (speed) and secrecy (!) you would skip the LED and increase RL"

Everything passed through the data diode is encrypted an signed. It's the unintended antenna functionality on one data diodes Rx'side I have to be careful about. But this can be easily restricted with separate resistors in line with pin 5/6 of both optocouplers.

I tried playing with an online circuit simulator. I think this is how it's supposed to be like. (There were no photo diodes available so I replaced them with push switches. Any thoughts?)

"This invokes the next point, what is behind the coupler?"

The data diode is used between two USB-to-serial interfaces. Page 15 of the (outdated) white paper shows how well the lower CNY75 performs. I've had zero issues with 9600 baud/s transfer rates, but as file transmission is extremely slow, I'd like to move it higher if possible.

Gerard van VoorenJuly 20, 2016 1:56 PM

@ Clive Robinson,

Good to see you're back!

About ASN.1, I always thought it was about "C being a bad parser language" and that a higher level language such as Ada and now Rust could have dealt with it much better, but it seems ASN.1 has completely different problems. The question to ask is why isn't it gradually being replaced with something like Etypes, which IS properly defined when the problems of ASN.1 are well known? From a security POV it's much better to fail hard and fail fast.

That said, overall the model of Be conservative in what you send, be liberal in what you accept isn't as robust as expected and requires a lot of code for the parsers. Add extensibility and the complexity becomes rather complex ;-)

rJuly 20, 2016 1:58 PM

About the ietf draft above, the top of the document lists it as a symmetric protocol and follows up by listing RSA and ECC. Later on there's a mention of AESCBC (256b) to be keyed in underneath the pubkey wrappers.

All of this is negotiated with json, they must be pretty secure in their string handlers huh?

Why is the ietf recommending ECC if the NIST and NSA recommend against implementations? These are in some cases, resource starved devices. This just doesn't sound like a good standard to push for the interoperability of potentially ubiquitous and unobtrusive secure devices.

Thankfully, the 'agent' is to be deployed not within the TEE(TrustZone) but the REE.

Maybe they're aiming for programmability??

Clive RobinsonJuly 20, 2016 2:06 PM

@ Abother_Clive_Fan,

finally, please, before we hear about "boiling frogs" again please consider another analogy or simile if that one has been dis-proven.

Have you heard the expression "Truth is beauty and beauty is truth"... Well it's a beautiful simile therefor it must be true ;-)

But seriously what to replace it with, I guess there is some ancient politico with his "Price of peace..." etc, but it just does not quite hit the mark... After all which do you prefer some dried up tastless bit of old US gristle in a bun or a nice juicy flavoursome stew of leg of frog?

AppleiOSSecurityUpdateQuestionsJuly 20, 2016 2:10 PM

Questions about getting iOS security updates from Apple (assume non jailbroken devices):

a) how dangerous is it getting security updates from Apple on open wifi?

b) how dangerous is it getting security updates from Apple on wpa2 wifi?

c) if one could find a "willing router" would it be better to plug-in a "more trusted" router into a "less trusted, but willing" router and get device updates from the "more trusted" router?

d) for thoses with compatible Windows or macOS computers would it be better to tether the iOS devices for security updates (with or without "little snitch" for macOS users)?

On one hand it would seem that Apple's update process could make a-d equal; on the other hand I assume things can go wrong. Any input will be appreciated.

BTW, there are numerous Apple Security Updates currently available for both Windows and Apple products.

https://support.apple.com/en-us/HT201222

AppleiOSSecurityUpdateQuestionsJuly 20, 2016 2:37 PM

p.s.
Aside from potential camera issues, etc., might it be better security to perform Apple security updates on the open wifi at Apple Stores? I assume Apple would frown upon customers plugging routers into their infrastructure.

Clive RobinsonJuly 20, 2016 4:31 PM

@ Markus Ottela,

I've had zero issues with 9600 baud/s transfer rates, but as file transmission is extremely slow, I'd like to move it higher if possible.

The speed of opto-couplers is dependent on a number of things, one of which is the ability to drive the led with sufficient input current to rapidly charge and discharge the effective capacitance. The downside of an RS232 driver chip is the effective 1200 ohm series resistance. Thus you may be better off designing a pre-driver to the leds that uses an avalanche circuit. This is especialy true if you are going to turn the "diode" into a dual ouput for instrumentation etc which might be required for a number of reasons as you use higher speeds.

Nick PJuly 20, 2016 5:11 PM

@ Gerard

Be conservative in what you send, be liberal in what you accept"

Ive always done it the opposite. Receiving malicious input causes most hacks. So, putting receiving format and protocol in strsight-jacket is necessary. Whereas, I trust thaf what Im sending makes sense. Other side might not, though, so rule becomes conservative, formally-specified, safe behavior both ways.

Clive RobinsonJuly 20, 2016 5:47 PM

@ Gerard van Vooren,

The big problem with ASN.1 and C is what is not in the standards, and people not understanding the limitations of the standards.

As some know GCC requires the use of non standard optimizations to compile the likes of the Linux kernel, this should be a red flag to people that the standard is insufficient.

Further the issue of inband signaling at the data level can cause problems. The most well known inband signal is the \0 C string terminator. Further as any DB Admin will tell you there is a lot of difference between a data field that has not yet had a value asigned and one asigned a zero value. Thus the field values need to contain one value that means unasigned. The availability of both a positive and negative zero value in one's complement or the extra value in two's complement has been used by some people for the unasigned indicator... Which obviously can be problematical, and potentialy has a low level "lost in translation" issue with languages like C where the standards alow for both one's and two's complement hardware, and other differences in fundemental data types such as bit widths of integers etc.

Joe KJuly 20, 2016 6:45 PM

@ianf re academic publishing, and the trickling arts

Your long-form explanation of your preferred usage of trickle down was very clear. As was the executive abstract. Thank you for both. I now feel well informed about your intended meaning.

Having read carefully, I suspect that the ledger wherein you calculate the balance of payments between researchers' institutions and profiteers like Elsevier is missing a few entries.

For example: Are you certain you have considered the subscription costs such publishers extract from university libraries?

For another: Are you certain you have accurately weighed the nature and degree of access afforded (or not) to members of subscribing institutions? In negotiations between a university and a publisher over terms of access (eg, what can be read, by whom, and how is one allowed to read it), how much leverage do you imagine the subscribing institution has?

The cost of effectively censoring research from the public, who has paid for so much of it (and several times over, at that), have you accounted for that?

Or, sticking just to access for institutionally affiliated researchers: How would you know, exactly, whether their institutions have sufficient leverage in negotiations with a publisher like Elsevier to obtain adequate access to the relevant literature for, say, a researcher literate in text-mining who aims to create public databases of the facts described in scientific papers (whether paywalled or not)?

I have in mind examples like the irrepressible Peter Murray-Rust.

Be advised that his blog (linked just above) is an apparent goldmine of arguments against your expressed view. Since you seem to be a thoughtful sort of person, I would like to imagine that this suggestion alone would launch you into a deadly passionate search of the strongest arguments therein worthy of your contestation.

But I'm afraid I am prone to overestimate other people's interest in topics that interest myself. (Also, I have noticed that there exist, apparently, people who express themselves on the internet and who occasionally hold opinions and pursue interests not identical to my own, and who demonstrate little persistence in seeking strong arguments contrary to their own opinion. This must cease!.)

And so, against that, I have attempted (ineptly, hastily) to compile a short list of items to start you off. I cannot claim to have picked (or be equipped to pick, even) the Best Of, but them's the breaks. Maybe one of the items listed will spark some cogitation, in spite of it all.

The format is:

teaser quotation

NB: In the list below the last item is included not for its strength of argument, but for its immediate relevance to the "universal economic truth" flavor of the assertion of yours (that is, ianf's) that "The commercial Trickle Down effect applies" to #scholpub.

[at 0:02:45]

There is basic scientific data that belongs to the human race. And that is things like the melting points of compounds, genome data, things of that sort. And that cannot be copyrighted or owned by patent.

[…]

[at 0:03:25]

PDF is one of the greatest destroyers of information developed in the
scientific arena.

And Mike Kay of XSLT and Saxon came up with this lovely statement:

Q: "Could you tell me how we convert PDF into XML?"

A: "Converting PDF into XML is like converting hamburgers into cows."

So, can we get away from PDF and go to something semantic?

There are probably about 10 million such preparations reported in the scholarly literature. There is an overwhelming value in using textmining to extract the reactions. In Richard Whitby's Dial-a-molecule project (EPSRC) the UK chemistry community identified the critical need to text-mine the literature.

So why don't we?

Is it too costly to deploy?

No.

Will it cause undue load on publisher servers?

No, if we behave in a responsible manner.

Does it break confidentiality?

No – all the material is "in the public domain" (i.e. there are no secrets)

Is it irresponsible to let "ordinary people" do this?

No.

Then let's start!

NO!!!!

BECAUSE THE PUBLISHERS EXPRESSLY FORBID US TO DO TEXTMINING

But Universities pay about 5--10 Billion USD per year as subscriptions for journals. Surely this gives us the right to textmine the content we subscribe to?

This post – which is long, but necessary – recounts my attempts to obtain permission to text-mine content published in Elsevier's journals. (If you wish to trust my account the simple answer is – I have got nowhere and I am increasingly worried about Elsevier's Sciverse as a monopolistic walled garden. If you don't trust this judgement read the details).
Has any library ever publicly challenged the terms of use [on mining] set by publishers? I haven't seen any. But I'd be grateful to know public cases, and what happened. My current view is that publishers set conditions and that libraries accept them verbatim, which, unfortunately, means that they don't have a track record of fighting for text-mining or other freedoms.
In the time between trying to content-mine PDF (yes, more later), I thought about the tragedy of the academic commons. We have 10,000,000,000 USD (count the zeros) or mainly public money and student fees to "buy" the #scholpub we produce. That's a sizable market. It's not as large as many, but quite enough to run competently and for the benefit of everyone. Including the #scholarlypoor.

But we don't. #scholpub is the most inefficient "market" in the world. (No, perhaps arms procurement is worse.) I'll analyse more in a later post. Hint, here's the answer to my question:

"What's the difference between Elsevier and British Gas (or Central Trains, or Scottish Power or umpteen more)?"

Answer: There is no regulator for #scholpub.

AnuraJuly 20, 2016 6:49 PM

@Clive Robinson

C# handles the unassigned issue nicely with nullable value types. Essentially, nullable is just a wrapper that stores a bool saying whether it is null next to the actual value, with some syntactic sugar taking advantage of language features.

int? x = null;
x = 0;

In many languages there are Maybe types, which offer similar constructs for having empty variable states (but designed in such a way so the type system forces you to check if the value is empty first - usually called Nothing). Both Maybe and Nullable can be implemented in languages like C++, just without some of the syntactic sugar that C# has.

Markus OttelaJuly 20, 2016 7:49 PM

@ Nick P, Thoth et. al.

I've been thinking about what Whitfield Diffie said in some conference panel about MACs providing cryptographic deniabilty, but that such claims would be inapplicable in court. One reason for that might be that the court has good faith the user hasn't gone through the trouble of forging them: If creating log files is trivial, deniability is easier.

Another issue is that if user decides to keep a copy of the original private DH value, it can be binded with recipient's public key, the neutral XMPP-server might have a log of. The keys can be used to generate symmetric keys that can then decrypt ciphertexts of conversation, again logged by the. OTR can help but it's just another layer the keys of which must be logged.

If at some point communication is transferred over P2P services such as Ricochet, it would remove any third party as a witness. Were TFC then to provide functionality that allows user to type and forge log files on TxM/RxM, and automatically create ciphertexts on NH given any pair of public and private DH values, it could make log files less credible evidence. Any thoughts?

rJuly 20, 2016 8:06 PM

I'm calling it, Clive is back!

"As some know GCC requires the use of non standard optimizations to compile the likes of the Linux kernel,"

@Clive,

Any recommendations for finding examples of what you're speaking of or will strict c99 enforcement be sufficient?

"Further the issue of inband signaling at the data level can cause problems. The most well known inband signal is the \0 C string terminator. Further as any DB Admin will tell you there is a lot of difference between a data field that has not yet had a value asigned and one asigned a zero value. Thus the field values need to contain one value that means unasigned. The availability of both a positive and negative zero value in one's complement or the extra value in two's complement has been used by some people for the unasigned indicator... Which obviously can be problematical, and potentialy has a low level "lost in translation" issue with languages like C where the standards alow for both one's and two's complement hardware, and other differences in fundemental data types such as bit widths of integers etc."

Ah the nuances of multiplatform low level codings.

I always had my strings macro emitted from bstr, cstr and dstr for **cough** compatibility reasons. :)

You're going to get us into a (ahem) heap of trouble.

rJuly 20, 2016 8:14 PM

@BlackListed,

Where's my little 8-4 monday-friday buddy?

If you can, and feel like humoring me get my email from @Bruce or a moderator if you can. (I don't think the moderators have the ability to see email addresses though.)

Pretty please, with sugar on top.

FigureitoutJuly 20, 2016 8:38 PM

Thoth
--Obligatory "don't write your own crypto" but some of us will still try it anyway lol, "can't tell me what to do". Of course never for projects used by anyone other than ourselves.

I'm wondering, for salsa20, if the core is all I need for a nice hash function that would be a simple addition, like an XTEA or RC4 type function. Full on implementation would take a minute.

Glad you like the radio hookup, well I couldn't legally do crypto on ham bands, rightly so b/c companies would simply take over those bands and they'd all go to sh*t. BUT, there's no explicit rule that OTP's can't be exchanged, bonus points for using ham lingo. :p So long as it's legible, I'm fine w/ it b/c I like hearing funny things or weird conversations (hams used to use SSTV to send dirty pics to each other lol...), but others for sure won't appreciate it if they find out bands are being used like that, so I'd stay mobile if you go down that path so some random won't track you down, b/c someone seriously might if they get pissed enough (still rare or unlikely though)...

The point is, say you suffer an attack and can't trust any of your internet connections to signal to others your intentions to recover from a suspected attack, you could just go get free wifi somewhere or sim card (still pretty heavy risk of eavesdropping), but what if you can't trust that either? Who's prepared to start receiving PSK31 after launching an attack (that's an easy one, there's other modes), very few to no one. Some of the newer SDR's coming out can receive a lot but you'd need an array of them (and that's just in one location, you need it all over the globe to be sure to capture). Just up's the ante.

RE: $800 hsm
--Don't have cash to spend now but would appreciate a review here. That seems cheap though, eh? Has an ATtiny on board too, not sure what for. Hope they can deliver something good.

BurntOut
Thanks for your support.
--No prob, we're all in this together, stay frosty.

Markus Ottela
--Got it. Well a lot of your code looks pretty C-ish, so that should be a fairly straight forward port if you're thinking that, but all the "imports", that's where SHTF I think...not sure how much code you're really importing there.

JG4July 20, 2016 9:32 PM


“Um, bad news: Pixelating or blurring doesn’t actually work to hide text”
http://fusion.net/story/327387/pixelating-and-blurring-text-doesnt-work/
http://cseweb.ucsd.edu/~saul/papers/pets16-redact.pdf
[Fusion] (original). “We conclude that hidden Markov models allow near-perfect recovery of text redacted by mosaicing or blurring for many common fonts and parameter settings, and that mosaicing and blurring are not effective choices for textual document redaction.” Oopsie.

How to test your VPN to see if your IP address is leaking [Another Word for It].
http://tm.durusau.net/?p=70465

ThothJuly 20, 2016 11:06 PM

@Markus Ottela, Nick P, Clive Robinson, Figureitout

re: MAC providing cryptographic deniability

In fact, many protocols have attempted deniability by using some form of shared symmetric keying (including keyed MACs which are symmetric). You now have another person to point fingers at (you and the other guy whom you talked to) but in reality, would you want to implicate the other guy (supposedly the other guy is someone you care about or is too important to be implicated) ?

I will touch on it further down below ....

re: Keeping XMPP or chat ephemeral private keys

This sounds more like integrity issue. It's like saying what happens if I use another camera to take a photo of a secure chat screen. For the human side, you have to trust the other guy that he doesn't get shoulder-surfed or he doesn't intend to take photos of sensitive chat messages and information. On the technical side, you really have to consider the fact that the implementation is trustworthy or not. If the secure chat is running off a common environment instead of a hardened environment (SEE environment, Data Diodes, Data Guards, Smartcards ...etc...) then there is very little for you to trust that environment is going to provide the security assumptions that the protocol assumes.

re: Chatting over P2P to remove witnesses

That is rather ambiguous on what you mean by removing witnesses. If you mean witnesses of ciphertext, the P2P traffic would not be as immune in anyway assuming the adversary can see the entire global network traffic (safe for internal LAN assuming no backdoors ... who knows ...).

re: Forging logs and evidences + MAC providing cryptographic deniability

I think the best method I prefer is to simply lose the cryptographic keys. I think judges are getting less easily bought into the idea of "forging logs and hidden volumes". Thus, my GroggyBox file encryption format (I currently working on smartcard implementation) takes into account of destroying keys and splitting key shares.
If you want to forge an evidence, you have to be very convincing. Usually if you are caught with certain "incriminating data", the judges would already have their crosshairs on you and are ready to sentence you and looking from non-US justice systems (including justice systems with very poor human rights records), the judges and judicial systems would not be all too friendly to give you a chance to defend your rights. The best course of action in my opinion would be to destroy the keys (via destroying the key shares or even the whole key in a tamper resistant confine) so as to deny further information from your adversaries.

An example is Truecrypt's hidden volume or any other sort of "Rubberhose Filesystem" for that matter. You can create false trails and "innocent data" but this really depends on the skill of the person creating the falsifying the evidences and false trails. How many people would have the care for the tiniest details or the capability to falsify logs, create hidden volumes and all sorts of smokescreen ? I wouldn't be much convinced that many could even do so or bother to do so.

Creating false trails would be very painful and time consuming and can be very hard to do and execute correctly because all it needs is some self-incriminating false trails and the smoke would be cleared. This would mean lesser people are willing to take up such risky actions and the pay off can be varying. Most people would simply encrypt the data and just hope they don't spill their PIN or passwords to the decryption keys under duress and torture.

It is said that @Edward Snowden randomized the encryption key(s) to the leaked documents in a bid to not be able to decrypt them even if he's under duress by the FSB/KGB or NSA et. al if it were ever to come to that point. Similarly, the best way to destroy encrypted documents is to forget the keys thus if you were to split a secret key, losing any key shares would prevent the recovery (as long as it upsets the quorum of key shares). At the end of the day, if your adversary decides to torture, sentence or execute you, they would by all means do so anyway even if you faithfully decrypt the data for them.

The only road left ahead I feel that is currently viable is some form of Mutually Assured Destruction in terms of they don't get the key/data if they were to try and destroy you and similarly if they do destroy you, they would also not get the key/data. You do get a chance to lose the keys (including destroy them).

So, back to falsifying evidences, hidden volumes and what not. It sounds plausible if the person is skilled enough to manipulate evidences which is not the case and thus cannot be used widely and gain acceptance easily for high robust security. It is best to not have any log in the first place or at least encrypting the logs and sensitive data with split keys.

For my GroggyBox file format, it recognizes two keys which is a user supplied key (USK) and a hardware key (HK). To re-create the master key, the USK would be used as the encryption key to encrypt the HK and the resulting ciphertext would be the master key (MK). The reason I use encryption function to generate the MK is due to the fact that smartcards and secure chips have some side-channel protection for the encryption algorithm which can be leveraged. The MK is used as a KEK to decrypt a header for the DEK. The HK cannot be further split secret share but the USK (controlled by the user/s) can be put under any sort of key derivation or splitting scheme as the user prefers and sees fit.

Since the HK is held within a secure chip (smartcard) as it's tamper resistant key storage and also to provide tamper resistant and side-channel resistant computation via it's internal programmable SEE environment, there is a duress PIN which can be keyed in to reset the key slot holding the HK or upon entering the wrong PIN for a threshold number of time, it would also wipe the HK from the key slot. The final version of the USK (after combining secret shares and password derivation or whatever the user does), this is the portion where the user can play the role of "deniability" via the virtue of secret sharing and only knowing his share (which he/she can preferably also claim to have forgotten). Under duress, there are multiple options for the user(s) to choose under duress and all of them would lead to some form of losing a portion of the key (thus denying decryption).

ThothJuly 20, 2016 11:19 PM

@Figureitout

re: Hash function.

"I'm wondering, for salsa20, if the core is all I need for a nice hash function that would be a simple "

That is some sort of "Sponge" function used in hashes like Blake/2. I remember the sponge function for Blake/2 uses some sort of stream cipher function inspired by Salsa20 if I did not remember wrongly. It has to be one way function as well by the way. The sponge function is for compressing the arbitrary length of data you might input into the Blake/2 hash. You should take a look at the Blake/2 (version 1 and 2) hash as it's said to be rather compact and fast.

re: Radio bands

Use a common band (e.g. 802.11) as long as it doesn't screw with your WiFi. Just like any camouflage techniques, don't try to use an obvious band and always stick to something commonly available and use it to send your encrypted messages. You can implement your own protocol instead of WiFi. In fact, a more advanced scheme to prevent interruption with your WiFi would be multi-band strategy of randomly alternating between sending legit WiFi and personal proprietary RF protocol. This will really confuse the heck out of whoever listening in and due to the random transmission, this will make it very unpredictable. Also, use the usual store-and-forward strategy to make the transmissions more compact.

re: $800 HSM

The ATtiny is used to control the tamper circuit on the board. You noticed the "PANIC BUTTON" printed on the board with a button for pressing ? That's what it's suppose to handle.

rJuly 20, 2016 11:36 PM

@Thoth,

I've been curious about purchasing a smart card for no specific reason, do you have any recommendations?

price/features/your outlook on manufacturer

Thanks in advance.

The sim card idea you had the other day was good imb.

Markus OttelaJuly 20, 2016 11:57 PM

@Thoth: "many protocols have attempted deniability by using some form of shared symmetric keying"

Yes, at least Signal-protocol and and OTR are doing that.

"but in reality, would you want to implicate the other guy"

No I don't want to implicate a friend, but a friend is someone who doesn't get you in trouble for e.g. political ideas you write about either. This is for scenarios where your friends are turned into informants, or when someone infiltrates your network. If Alice is turned into informant and she has a log file about Bob attending a protest, Alice isn't going to get into trouble for delivering something because Bob might not have actually written it. The point is to be able to have defence where Bob can say Alice is a douche and has fabricated logs for whatever reason.

"This sounds more like integrity issue."

The point is, non-informant Alice might give into pressure from emerging police state, and she might want to implicate Bob. To do that she could prove authenticity of symmetric keys by storing a ECDHE private key, that together with Bob's public ECDHE key can produce the symmetric key, that can then decrypt packets from Bob.

It doesn't have to do with integrity or shoulder surfing. I'm analyzing this from the point of view of fully implemented TFC (as generally we're familar with limitations of other E2EE tools).


"the P2P traffic would not be as immune in anyway assuming the adversary can see the entire global network traffic"

You have a point there. But FVEY's not the only threat model out there. Co-operating LEAs from smaller nations might be able to request log files from server, but not break Tor.

"I think the best method I prefer is to simply lose the cryptographic keys."

That's the default behaviour. As long as Alice and Bob are in the same team, there's no problem. Deniability is for when things go bad. This was some powerful stuff.

"If you want to forge an evidence, you have to be very convincing."

As long as the log files look identical to real ones and it generates the output of NH and message log of Ricochet ciphertexts, it should be more likely that messages are a fabrication. (The largest issue might be Alice taking a video of chatting environment.)

Also, it's not the one who's having deniability who needs to fabricate evidence, it's the impostor/turncoat who has to.

"The best course of action in my opinion would be to destroy the keys"

You can't force the impostor/turncoat to destroy their keys.

"You can create false trails and "innocent data""

It doesn't help if adversary gets all the things they need:

Public key of Bob (verified by neutral XMPP-server)
Private key of Alice (verified by being able to generate symmetric key that
decrypts ciphertexts from Bob)
Incriminating ciphertexts (verified by neutral XMPP-server)

"I wouldn't be much convinced that many could even do so or bother to forge logs."

If Alice doesn't bother doing that, then there's no problem. It's when she bothers. It's when you need to be able to say "she must have bothered because I'm innocent".
If it's easy to bother, the judge might believe you.

"It is said that @Edward Snowden randomized the encryption key(s) to the leaked documents in a bid to not be able to decrypt them"

He most likely used the good old-fashioned strong passphrase, Yubikey (as shown in Citizenfour) and whatever he learned in CIA about how to cope with torture and interrogation. There's no magical crypto dust he knows. He most likely gave the Yubikey to Laura or smashed it before flight, so he didn't know the passphrase for the files he didn't take to Russia.

"At the end of the day, if your adversary decides to torture, sentence or execute you, they would by all means do so anyway even if you faithfully decrypt the data for them."

That's indeed an issue. But it's simply outside the threat model. There's only so much technology can do.

"Mutually Assured Destruction in terms of they don't get the key/data if they were to try"

Smart cards could help there and I think here only: If you deliver a smart card for the recipient that holds a pre-shared symmetric key (and that rewrites keys after every message), a turncoat couldn't prove ciphertexts belong to you because they aren't able to access used keys that can decrypt XMPP-server's messages.

"It is best to not have any log in the first place"

Again, this is the default behaviour. But Alice doesn't have to tell Bob she's logging the messages. And it's completely beside the point.

ThothJuly 21, 2016 12:47 AM

@r, Markus Ottela

re: Smart Card purchase

Online Shop:
- http://www.smartcardfocus.com (Best bet to getting it)
- http://en.cryptoshop.com/products/smartcards.html (May require export control permit :S)
- http://store.acs.com.hk (From Hong Kong)
- http://www.usmartcards.co.uk/products/
- https://www.smartcardstore.co.uk
- http://www.smartcardsource.com
- http://www.ftsafe.com (From China - I am using this for development).

Regarding Feitian, email them (http://www.ftsafe.com/about/Contact_Us) for more direct purchase. Here is the catalogue of the JavaCard that Feitian provides (https://docs.google.com/spreadsheets/d/10s3dA_qGvWMajv8RhCWa00x-h-1Dx6SdF9rEKN-1RIg/edit?usp=sharing). Do note that they maybe abit slow when replying to your emails :) and you need to constantly hound them. Also, ask them for specific features (i.e. RSA-2048_SHA-256-PKCS1.5) and make sure they tell you it is ready before you use them as the catalogue list may not be very accurate (despite it was given to me by them).

To learn programming JavaCard, look for JavaCard 2.2.2 and JavaCard 3.0.4 tutorials and use an IDE (i.e. Netbeans). Do note that smartcard features like TRNG and Crypto are highly subjective and most IDEs using virtual smartcards for testing only provide PRNG (not TRNG) and supports key sizes of 128 bits only unless you use an actual smart card that can handle TRNG and 256 bit AES (most high end cards can do so).

Furthermore, for the JC 2.2.2 API (https://www.win.tue.nl/pinpasjc/docs/apis/jc222/index.html) and JC 3.0.4 API (http://www.javafind.net/library/111/javacard_specifications-3_0_4-RR/classic/api_classic/index.html?overview-summary.html). JC 3.0.4 enabled cards can handle bigger RSA key sizes (4096 bit) although the card and the Card OS must be able to handle them. Don't just take the API for the fact because the actual card and Card OS has the liberty to implement without many features. And also, never use dynamic linking (it doesn't work due to security) and be very wise on handling your RAM and EEPROM/FLASH space as they can run out very quickly and easily :) .

re: Backstabbed, turn coats and pressured peers

Well, your logs must be able to look real and for the symmetric nature of keyed MAC, yes it can be used against either sides. Either way, if both sides can reproduce the MACs and signatures, both sides would be held under suspicion.

re: Log prevention

Besides using smartcards to store the symmetric key and disable exporting of key, I have decided (sometime ago) to venture into Ledger Blue security device which is essentially a smart card chip hooked up to a touch screen (via an STM32 MCU) and I am thinking if the chat application only exist in the secure device so that integrity of execution (i.e. no logging allowed) can be preserved. Of course it is not a panacea for someone deciding to use a visual capture or recording from another device but the secure execution within a tamper resistant environment would be highly desired so that you essentially prevent undesired actions from happening as much as possible. Then for the transmission, you can use Data Diode setup as usual for TFC and the Ledger Blue hardware has USB connectivity which means the RPi would be used to route over USB connection the encrypted messages to the Blue and the RPi would get it's connectivity from the attached laptop via the Data Diode setup. This prevents logical attacks but not physical recording via an external visual recording device.

Clive RobinsonJuly 21, 2016 1:52 AM

@ Anura,

Not having dug into C# (a bit like "consorting with the enemy ;-) I don't know how it stores the data at a lower level on any given platform.

One of the most commonly known low level data problems is Big -v- Little endian. That is what is the byte order of ints larger than a single address location, and how do you send them across a communications network. "Back when I wore a younger mans clothes" this was a serious problem with data transfers between Spark / 68K / IAx86 platforms. By and large the problems got resolved with the likes of "network order" and disparat platforms becoming niche then non existant.

Now you ask the newer generation of programers about Big -v- Little and what the implications are, you are unlikely to get much more than a blank look in many cases. Whilst many can atleast tell you what a sign bit is, few can tell you when and where you might use ones and twos complement or why using only positive integers and a negation bit might be more appropriate and why. For these types of problem the IEEE has some standards for data types.

But where do you go with more complex data types which need structures, the meta data of which is mired by platform dependencies?

As I've said before, the problem with holding a programmers hand is that whilst they learn to walk, they do it badly and they rarely learn to jump or dance. Thus their creativity is at best inhibited, at worst they code in bugs that those who are creative can waltz through. Hence we get the problem of them "not knowing not to run with scissors", whereby they are unknowingly a danger not just to themselves but all those around them...

There was a time when sufficient programmers wrote assembly code in bare metal programing. They learnt the hard way about the meta data issues. These days many "embedded programmers have never seen assembler code up close because they are writing code in *nix environments thus C or higher level languages are used.

They need to learn that compilers have real limitations with even quite simple data types and that the assumptions they make and get away with at one abstraction can cause serious security flaws that are easily exploitable at lower levels of abstraction...


ThothJuly 21, 2016 1:54 AM

@Markus Ottela
I think it all boils down to whether you can really trust the other party and as you said, a friend might break under pressure. Technical solutions can only delay and inconvenience adversaries and try to get users to find it harder to not conform to proper behaviours when using security systems.

That said, I thought it would be best to broadcast the MAC keys after use onto the P2P network. Sounds suicidal but hey, now everyone on the P2P network knows the MAC key to a particular message so everyone is equally a suspect. This spreads the blame to everyone using the particular P2P chat. And for the broadcast method, all uses would broadcast and relay (@Clive Robinson's fleet broadcast tactic) to everyone else the MAC keys to make tracing the origin of the user who broadcast a particular MAC key for a particular message much harder.

The MAC key generation for per-message MAC-ing should be robust in a way that knowing an individual message's MAC key would not compromise the security of the system and also provides plausibility that it was designed for. One way is to have a root MAC key and a negotiated session counter. Using some mixing methods, mix the root MAC key to an incremented session message counter and then strongly hash the result for the current message's MAC key for usage and after that broadcast.

ThothJuly 21, 2016 2:58 AM

@r

re: price/features/your outlook on manufacturer/smartcards

Ops ... I missed that part but I did add in additional details to partially fulfill that.

When you think of smartcards, it's simply a CPU with limited RAM and storage (EEPROM/ROM/FLASH) with the first (and probably second) metal layers (from the top) of the IC chip being used as a metal shield to detect probing and intrusion (physically). The ARM SecuCore type of smartcard chips contains an MPU so you can have hardware level virtualizing of memory and segregation but that being said, it is a requirement for multi-application smartcards to support memory protection and virtualization (by software or hardware means).

The chip (we shall call it an SE), would have other tamper detection and reaction mechanisms like power analysis and glitching attacks (software or hardware detection). Some cards may not contain crypto functions or are not re-programmable so you have to take note of them. For the crypto protection, proprietary static whitebox crypto are the preferred of the day and they are licensed from CRI (a.k.a Rambus) and when you look at the data sheet for the chips, they should have a DPA protection logo and mentioning about licensing from CRI people.

There are many ways to program a smartcard (.NET cards, BASICCards, JavaCards, MULTOS cards ...) but the most common and market leader is definitely the JavaCard as they are the earliest in this market. Note that the word Java in JavaCard only denotes that it uses a subset of the Java syntax but the functions can differ very vastly. One example is you are usually not able to access integers (because of legacy 16 bit cards) and your own primitve data types are byte, array and short.

There are international standards like ISO-7816 (Contact) and ISO-14443 (NFC/Contactless) standards governing the construction of the chip, the features, the pin outs, the logical protocol and such. The GlobalPlatform (GP) standards are concerned with the logical level (OS/VM of the card, card crypto and secure channels ...).

Most GP compliant cards (JavaCard + GP, MULTOS + GP ...) contain a Secure Channel Protocol (SCP) between the card and the host (Server/Desktop ...) and it is purely up to the discretion of the card manufacturer to implement the SCPs or not and you might end up wanting to create your own logical secure protocol because the SCPs may not be to your liking in the security it gives (AES-128 on rare occassions or mostly 2 Key 3DES for legacy cards). You need to read on the SCP (v1, 2, 3, 11) section of the GP documentation for smartcard SCP protocols. I had to write my own SCP for my own projects for the fact I want my protocol to be more robust than the standard SCP offerings and also in the case the card manufacturer decides not to include the GP SCP protocols for some reason, I want mine to work securely out of the box across multiple card platforms on applet software.

My current protocol for my own SCP is simply asymmetric (via either DHE-KEX or RSA-KEX) and then use the usual AES-256-encrypt-then-HMAC-SHA256 construct that most are familiar with but the problem is the max packet size is 256 bytes of payload with 5 bytes mandatory header (261 bytes total per packet). Some cards restrict only 70+ bytes payload and total off with only 80+ bytes packet size inclusive of the 5 bytes mandatory header so you need to design your protocol carefully. There is command-chaining (you chain packets) but again that's if your card manufacturer included that feature. So, if you are buying a card, ask them about the APDU packet protocol max packet size and if command chaining is enabled. One thing about command-chaining is it may interfere if you are using your own SCP protocol you brewed yourself so you need to know the target card platform you are after and the details first. I prefer to not enable or even touch command chaining and manually chain my own packets all done via my packet header and state machine control.

Talking about state machine control, it can be a blessing or a curse and I have been bitten so many times while coding a simple state machine because the codes gets squeezed and messy even in the IDE as you are allowed only 1 code package per applet as you find space for more codes. My APDU protocol words by implementing a stateful state machine by setting aside 2 bytes in RAM space for Major State byte and Minor State byte. Everytime you call a function that requires more than 1 trip of packet exchange, it updates the state machine by placing the Major State and Minor State into the correct state and always go about checking the state machine for corruption (easier said than done :) ).

Let's use an example of uploading a 4096 bit RSA private modulus to the card. If the payload is 256 bytes, a 4096 bit is 512 bytes and it takes 2 round trip over an unencrypted and unauthenticated channel. For an encrypted + authenticated channel, it takes 3 round trips assuming the payload is 200 bytes of encrypted content with 56 bytes for nonces and MAC codes. Assuming now I am trying to transfer 512 bytes of 4096 bit RSA private modulus over a 200 byte payload secure channel, I do make 3 round trips. In the card, I can setup a state machine with say, Major State (0xA1) and Minor State (0x00). Everytime I finish a round trip, I incremenet the Minor State (0x01, 0x02 ...) and so I can keep track of how much private modulus keymat I have transferred (from the card's standpoint). State machines are very useful too for helping you to lock out bogus or illegal protocol calls (i.e. when you are transferring private key half way, you receive a command to use the half transferred private key and the state machine allows you to lock out the bad/illegal command).

Also, due to the limited space, do not try your own encryption algorithm unless it's a must. You are likely not going to find enough space to maneuver anyway. For the use of PIN codes to secure your applet, just use the PIN code API that JavaCard supplies (for JavaCard platforms) because anything fanciful would not be worth it. Note that the PIN API already have PIN glitching prevention mechanisms.

Due to the limited amount of write you can perform on the EEPROM/FLASH memory and the slower speed, try to put as much into the RAM as possible (find a card with the biggest RAM if you are uncomfortable with having too little RAM to work with for your projects). I am using the Feitian's A22CR Infineon card which only gives me 2KB RAM to work with and it's a challenge as I am trying to look for optimization everytime.

If you have ephemeral secret keys (RSA or AES/DES), use the key slots creation and set it to transient memory type key slots that stores the keys in the RAM so that once power is removed, the keys would be wiped from the RAM (zeroize over the memory cells that once contained the keys upon card tearing/resetting to ensure destruction) automatically as part of it's card booting procedures.

You would need to use the GPPro program (open sourced) to load your applet onto your GP complaint smartcard (https://github.com/martinpaljak/GlobalPlatformPro#globalplatform-from-openkms).

The well known default card programming key called the GP keyset key (2 Key 3DES key bytes) is (0x404142434445464748494A4B4C4D4E4F) which you use to authenticate to the card manager (a.k.a the ISD security domain) inside the card to program your applet. Do you notice the pattern in the key :P ?

Because the above is the well known default key specified openly in the GP's standards, it can be put online freely. After that, once you have loaded your program and enter into real life usage, remember to "lock the card" by rekeying the GP keys to another 2 Key 3DES key (and no you cannot choose another stronger algorithm and have to live with it as it's a standard).

Do note that if you ever expose your GP keys, do not panic as the key is very limited in capability. Reading the secret keys of an applet is not allowed (no such function) and all the GP key generally allows is for rekeying, loading and deleting applets because of how the GP compliant cards handle security. The card manager domain (for loading aplets, rekeying the ISD domain only and deleting applets) and your other applets (treated as other domains) cannot talk to each other in the Card's VM without explicit permissioning over it's internal RPC thus theoretically denying possibility of exflitrating secret keys between each other's domain including the card manager domain. You can read from GP standards on how different domains interact with each other, inter-domain security and applet firewalls.

By the way, the card manager is not a "root" like in UNIX systems as the GP standard does not recognize such thing as a "root" domain and all domains are treated equally and transparently with equal privileges and protection.

Overall, read alot and program alot (using actual smartcards instead of IDE's virtual cards).

rJuly 21, 2016 7:32 AM

Clive says we give the new kids on the block safety scissors.

Go forth and be free upon the world.

RELEASE the type safe languages! Hahaha

BlackListedJuly 21, 2016 7:41 AM

@r

Got caught up yesterday with meetings & a random rootkit issue. (Thin Clients make my life much easier)

Where would you like to pick up in our conversation? When on of us has the others email I can fill in the blanks of confusion with my career line.

And I agree, S*** is really F***** up.

@Dirk Praet,

I would like to see those same statistics based of location and population density as well as the overall living situations of the residence. Once that would be identified, visit the police training and SoPs. These incidents I wouldn't say are isolated, but there has to be a sort of algorithm that could be devised to then back track though and look for other locations where police brutality would most likely occur.

Where I live I have examples like last night, on my drive home where I see police pulled over on the side of the road helping an old lady change a tire. I don't believe the training in good old Maine is quite up to par with most other states, which defeats half of what I wrote above. I would like to visit the possibility of looking into each individual officers history that preformed acts of absurd and unjust violence to any civilian. There may also be an underlying PTSD based situation. Each officer, much like military personnel have their own story and line of events that lead them up to that wrong choice. I don't believe any of them raised their right hand assuming that would be the choice they make on day. (Similar to when I swore in, never thinking I would be quite as excited as I was to finally EAS.)

@Bruce & or @Moderator,

Pass along my email to r if you don't mind.
Much appreciated.


Clive RobinsonJuly 21, 2016 8:26 AM

@ r,

Clive says we give the new kids on the block safety scissors.

ERr no Clive is saying that they don't know what they are doing is dangerous...

My personal view is not to let them run free till they have learned how to behave safely.

A BIG difference.

rJuly 21, 2016 8:51 AM

@BlackListed,

It's not really about that, it's more I feel like I'm eating Wael's best recipe of humble pie and would like to explain my position and angst with a little more accuracy. Trust me I'm alot more civil p2p than p2p.

BlackListedJuly 21, 2016 9:52 AM

@r

I manage to end up jumping the gun so to speak most times in a sense of me combating the wrong thing in a conversation.

Person: "police brutality is bad"
Me: "NOT ALL POLICE ARE BAD!"

(Hot headed me ignores the initial point of conversation, making a separate discussion that solves nothing.)

That's where I'm at. I tend to fight the wrong battles. *high five*

ianfJuly 21, 2016 10:04 AM


Asks rrrrrrrr: “WTF, who the hell is softbank?”

They them shady yakuza-backed crime conglomerate that needed a ready outlet for their ever growing fortunes, and so here found an investment opportunity. Which ARM owners/sellers accepted in the course of due diligence, found nothing to remark upon that the buyers' HQ, doubling as a satellite launch pad, is housed in a hollowed-out volcano with a movable roof, to get all the sunlight without public scrutiny. There's been a couple documentary films made about them in the past, deviously masqueraded as Sunday family outing spy movies; try “Goldfinger” for a start, but don't then wave it all away as just so much boom! boom! entertainment.


@ JonKnowsNothing [… indeed, and may I hereby congratulate you on that endearing bit of self-depreciating honesty]:

[…] “What is new is the so-called "Ferguson Effect". Variations on the theme are that the police officers are afraid of being filmed by the public while "executing" their duties.”

The violent Ferguson anti-violence riots happened 2 years ago, and led a St. Louis police chief to speculate on such an "effect" as a ready explanation for the ensuing increase in predominantly black-on-black homicides there: the idea that, the more the police are criticized and "rioted against," the more self-reputation-preserving they become, which in turn creates a policing vacuum into which the murderers "move in."
            Now JKN posits that, partly as a result of that, the combined Police departments of the US have gotten their brains together, analyzed the problem, and decided upon a technical solution to prevent future police killings(?) from ever being video-recorded. That, and already gotten Apple Inc. to research implementing this filtering straight into their camera firmware—just as e.g. Xerox long has routines in place to prevent truthful duplication of dollar bills. First Apple, then the umpteen Android phones manufacturers will follow suit… clever. And all in so short a time-space. I never knew any bureaucracy to move THAT fast, but, thanks to JonKnowsNothing, I've now been straightened out.


@ Gerard van Vooren can't get it out of his head that, in the wee hours of post-referendum 25th of June, and well before Cameron's own announcement, I reached for this "coming-revolutionary" simile:

[…] Cameron just voted himself out into oblivion… what is bound to happen now, is a kind of Tory Leninist revolution (=a consequence of yesterday's bourgeois / February 1917/ Kerensky's one BY ANALOGY)

… which, despite my later elucidation, and factual validations of (so far), kept growing in his recollection to these "straw bale" proportions:

You said that the Brexit was a revolution. I said it wasn't

Actually I said something else, but let's drop it, or next I'll be saddled with support for something or other. Way to go, GvV, way to go.

ianfJuly 21, 2016 10:08 AM


@ Wael welcomes the sudden reappearance of Clive Robinson by congratulating him on "not kicking the bucket."

It goes without saying that, no matter how small, vandalism should not be hailed. But let us for a moment forget the down-market choice of a vessel, where a silver buckle from (Egyptian-owned btw) Harrods would be more appropriate. Either way, it was sort of a preview of coming distractions.

But there's also a companion "bucket list," which, apparently in [t]his case, consists chiefly of recurrent posting of verbose electronic and life-lessons knowhow in this forum. Clive, wouldn't it be high time for you to write that Clivebot for when you are no more? Just have the bot scan the forum for trigger words, then use own past postings here as a back-end DB for new submissions cleverly reassembled from regurgitated fragments. I know you could do this, and nobody here would dare to make fuss over it later.

    (@ Spooky concurs … but for all the verbiage, he never walks away without learning something new from you.)


Moreover, Clive, while others now go gaga in prose over your renewed lease of presence, I found an outlet in poetry in your absence


@ Clive himself: […] “a rather attractive French lady engineer translated this French saying correctly for me a quarter of a century or so ago.

I just KNEW it; that, when C. reappears, attractive French lady engineers won't be far behind (even if, nowadays, and of "Balzac'ian" age, she'd probably be rather cross with then "rather" modifier… if not outright make a fuss over the "lady engineer." That's what that 20-something male chauvinist pig James Watson called 10 years older, sophisticated French-kissing "lady scientist" Rosalind Franklin once. Then gave in the meantime deceased her the full Kremlinological treatment in his Nobel lecture). Digression over, we no-lady-engineers-in-tow minions have to make do with mechanical translation. QED, and “where have all femmengineers gone?


Later, […] “One of the most commonly known low level data problems is Big -v- Little endian.”

@ Wael, Clive is playing your song, and you're asleep. Or whatever (… on 2nd thoughts, I'd rather not know what).

ianfJuly 21, 2016 10:18 AM


@ Joe K,
               your 6kB response to my pretty short explanation is daunting, but, bar for one topic to which I'll return separately, falls outside the scope of my interests. Suffice it to say that, rather than use "commercial trickle down" in regard to academic publishing, I ought to have made it "trickle up," because that's what the field of that now looks like. But what I said wasn't a myth, merely tainted by experience outdated by 25 years to a decade in the past.

Once I was the entire dissertation publishing outlet of a large university's linguistic and literary departments (in the employ of said U.) At that time, early 90s, there was no question of who owned the copyright of any oeuvre. Commercial publishers were interested mainly in selected high-profile signature works (post-Sovietology a bonus), plus annual hefty compilations/ reference volumes—which they paid for, then delivered maybe 10 contractual copies of it to the U., and sold the rest dearly to other acad. institutions (I only worked on one such, a conference papers compilation of trends in urban crime prevention, which I'm told sold like cupcakes).

Reading about your "skirmishes" with publishers over text-mining reminds me of a scholar, who couldn't get a grant to visit the Hoover Institute in California that houses important wartime archives. So he submitted some proposal with a flippant thesis to a conference nearby, was accepted for its novelty value, then given a travel grant FROM ANOTHER grants pile. Whereupon he promptly delivered the ha-ha paper, then spent the next week by researching the Hoover I. data that he was looking for (mainly comparing hand-written and edited versions of a "final, uncensored" manuscript that's been published in several differing editions). He slept in a cubicle of an absent colleague, and got a book out of it.

ObLitEvidence: Russian literary scholar Elif Batuman cooks up a theory of Leo Tolstoy having been murdered, so she gets a travel grant for investigation in Russia. Then, the perfidy of it, she writes about it. No joke.

    By that analogy, it seems to me that, if you ask for permissions, you won't get them. I don't know what is involved, but, since the stakeholders can't prevent your access to the data, do it any which way you can, only don't call it "mined." If they object, have "parallel-constructed" hand notes at the ready, then let them argue in court for their exclusive hold over by that, by the public originally paid for, data (I know it sounds naïve, so I'll stop now).


Lastly, the trickle down I spoke of need not have taken pecuniary forms. Universities strike deals with publishers for below-costs 300+ press runs of doctoral dissertations that are then used for exchanges with other unis. In return these publishers get to put out stuff that wouldn't otherwise get disseminated at all. Etc. Not a rosy picture, but not entirely bleak either. I can only supply anecdotal corroboration to that.

On the strength of a published letter to a journal's editor, I suddenly was sent a book for a review IF I thought it warranted attention, no expectations, nor remuneration given. Fine, I pass. Then another book, and several more. Finally I review one of them, call it needlessly convoluted and too wordy by far to be of use, me speciality.

Then the trickle-down(?) manifests itself: someone adds me to a list of recipients of twice-annual hefty scholarly volumes in that field, where I am at most an autodidact, have no title or affiliation, although I am a long-time participant in two scholarly Listserver fora (mostly dormant now that most participants have become professors, or moved on). My only connection with that imprint of a major publisher, is that two online remarks of methodological nature of mine are now a footnote in one of the papers there (the volumes sell for £45 / $64 hardback or £22 / $35 paperback at Blackwells, I'd never have bought them myself). This has been going on since 2002, with no feedback nor input from me whatsoever. I ought to gift my by now sizable collection to a nearby academic library, though I suspect they already have their own copies, and, as the works are not in high demand, might refuse to take mine (sad but true… current generations do not share my once-veneration of physical books, and they may be right in that). [4kB text]

רJuly 21, 2016 10:42 AM

@Blacklisted

Your bucolic state has more comprehensive training than you think. Your state police י Williams got sent on a junket to learn Israeli techniques for counterinsurgency - you know, torture, empty-the-clip, occupation and disappearance. He came back babbling about suicide bombers and riot control. He's very excited to play anti-terror soldier boy. They already knew how to run a pedophile trafficking ring, another key Israeli state security skill that comes in handy when you want to blackmail VIPs. So how plugged in are you - you know who Demers handed it off to?

BlackListedJuly 21, 2016 11:20 AM

Soooo like..... one guy has a higher level of training? That isn't applicable in a police like situation. I don't understand to intent of your comment fully. I do apologize.

Nick PJuly 21, 2016 11:47 AM

@ Dirk Praet

"Now we can probably go on for several hours as to the hows and whys of black folks being proportionally over-represented in these figures"

""It can come as no surprise to anyone how this ongoing slaughter of civilians has eventually spawned Black Lives Matter"

You kind of just did that thing they do in these debates. That police murdered a specific number of black people at certain ratio directly implies something like Black Lives Matter to counter them being victims, them protesting with major disruption to whites (and Blacks), & get change on the other side. Yet, them committing a higher percentage of the murders... often in same areas... cannot lead to protests, required changes on their part, a higher level of action by police against blacks, and so on. If anything, BLM people are more apologetic for those folks with justifications for why we shouldn't be so hard on them. Both SJW activity and reverse racism often start with double standards. So, I allow none for BLM or protestors in general. Either these stats directly imply action against specific races is necessary or they imply problems we counter with policy changes for *all* races. I lean toward second.

"Admittedly, BLM - like any other grassroots movement - has its share of whiners, hardliners and agents provocateurs trying to hijack the agenda and would indeed benefit from reaching out more to none-black communities. But you cannot just ignore the historical background of racism and discrimination that has shaped the mindset of many BLM activists."

You're missing it. We know it's there. It's just part of a bigger problem that's solved at the cop angle (police reform) for *all races* instead of just for blacks. It's a habit of black activists to only focus on the black angle of about anything that affects them, similarly or disproportionately, because they really don't care about any other race. There's also usually political (votes) or financial (lawsuits, books) angles where key figures in the movement stand to gain from what's going on as well. Alternatively, some activists fight for everyone promoting reforms that work for everyone. As a commenter upstream noted, one of the best, black activists doing that united lower classes and races so powerfully that they straight-up murdered him to prevent further success. Imagine how routine that strategy couldn't have been if most black protestors were applying it from then on. Be too obvious and we'd get incremental progress on many fronts.

Far as BLM, an example of why they need to stop focusing on one race is found here. My pal, Jason Garrick Shirtz, included that one in an online debate with a BLM supporter. Points out that Natives are being murdered the most & it isn't even reported in media! I mean, seriously, did you know it was that bad? He learned it from local natives at his college with a specific example there. Presumably, no "activists" are getting campaign benefits, lawsuit money, or Facebook likes protecting *them*.

BLM protestors ignore it because (a) it's outside their narrative of White-vs-Black oppression and (b) they only care about Black victims. Same reason they ignore systematic oppression, beat downs, rapes, and murders of whites in areas almost totally controlled and populated by Blacks. They, like Jason's opponent did, usually try to point out the Black aspect is just what those protestors focus on. Yet, focusing on one group while ignoring damage to others is kind of what the oppressive whites were doing in first place, right? And it's extra-racist when you can fight for all victims without extra effort but conciously choose to ignore all but one type. ;)

So, they need to quit applying all the double standards. They want everyone to get equal treatment in terms of rights & opportunities plus equal risk in terms of police or sentencing. There are legal reforms they can push that apply to all with examples of victims from all races. There's strategies on police side known to reduce number of abuses they commit that they can push for that are race-neutral. There is even one race getting murdered more often with no support from anyone, including BLM protestors. There's all kinds of potential for unification in both civil rights and reforming LEO's. Instead, they want us to think about black people's lives, black's murders, the few LEO's doing that, and ignore environmental variables like how much is in hood with tons of black-on-everyone-else murders. And our local Blacks are suddenly all concerned about being murdered by cops reading all the BLM stuff despite the fact it rarely happens by cops and *often* happens by Black thugs. Yet, we need to ignore civil liberties and total reforms to focus on Blacks [not] getting murdered by cops, get cops to think about Black's lives more, and so on.

How do I not see it as racist non-sense that implies Blacks and a narrative matter more than people in general or (in local case) actual reality for Blacks? It is racist even if I see how they might have *started* at the BLM angle. That they continue to try to force focus only on Blacks and benefits only for Blacks instead of raising baseline to help all victims shows they're racists. They'll spend 30+ min arguing they should only help blacks instead of 5min helping Natives or Whites facing similar issues shows they're racists. There's truths in their movement but their reaction is racist. That's why it can't get White support in America. It also shouldn't since they don't care about Whites at all. We Whites who care should only support movements and reforms that treat all people as equal in their intended goals. BLM isn't among them.

ianfJuly 21, 2016 3:20 PM


@ Dirk Praet Re: Black Lives Matter

Though I've read tons about the subject in recent weeks, I can't really say that I understand what is the source of present recriminations, finger pointing, and what looks like counter-counter-counter-backlash in one direction or another. Honest. I no longer recognize voices of some net.acquainted Americans whom I thought balanced and sane in the past, nor really dare to call their spade a spade.

    Only they all are white, I do not know any other (one black-avatar assistant US official with whom I once had a giving uncontroversial exchange deleted all her tweets afterward… she did that by default, apparently didn't want to leave future "text-mineable" traces laying around. Respect.)

Because… WTF do I know. I live in a quiet community, where the only violent excesses that I hear about are occasional acts of burning cars in the suburbs (which as often as not may have to do with insurance fraud), and the usual drunken football yobs exercising their vocal cords and fists fully well knowing that there isn't an opposing force that could defeat them (until the day when one more pissed than usual yob gets hold of an AK47, and opens up serial fire on the others—after which, when he sobers up, he gets to study in seclusion on my dime until the end of his days).

So, as regards race relations in the USA, I choose to sit back and observe. I harbour no doubts about the grand causes of the acrimony between whites and blacks, but also am wary of serving up conclusions. The nearest that I can write under is that collectively the USA is one sick puppy of a country. Because there are behavioral and social-contract trends there that are beyond my capacity to fathom.

Last week the BBC News ran a segment on the Texan branch of (new) Black Panthers, who preach arming themselves up in accordance with the rights in the constitution, then (this being Texas, and them being citizens) LEGALLY parading with those lock-and-loaded guns in front of everybody (the police advisedly keep away in the background), to show the state of their preparedness. Is that madness? Or The American Way… I can't be the judge of that other than guns don't kill people.

Anyway, to add embers to the pyre, I came across this particularly disturbing report of what can only be termed White Trumps Black Attrition Wars.

How does a 12-year-old boy with a toy gun on a playground get shot to death on-camera by the police without anyone getting charged?”


Reading it, I was reminded of a scene in the Serge Gainsbourg biopic, of the 10yo Jewish Ginzburg boy in Nazi-occupied Paris, who (acc. to his autobiography) used to walk the streets playing an Indian hunting les Boches with a real, if unloaded, revolver in hand. Mind you, that was double cinematographic fiction, but by analogy, I can barely think the boy Serge would have lasted a day walking the real "streets of Philadelphia" in today's looks-like-a-gun-lets-see-whos-faster America.

ianfJuly 21, 2016 4:00 PM


      (I'm working off the backlog)

@ Rebecca Hadron of July 14, 2016 11:24 PM – are you still with us, or should I skip composing a reply?

Others in line:

Wesley Parish • July 16, 2016 5:38 AM
some author • July 16, 2016 7:13 AM
Shachar • July 16, 2016 11:12 PM
Hay nony mouse • July 17, 2016 2:45 AM
Sergeant Woods • July 17, 2016 8:54 AM

Holler if you'd rather… er, not.

WaelJuly 21, 2016 4:35 PM

@r,

best recipe of humble pie and would like to explain my position and angst with a little more accuracy.

Get used to it.

WaelJuly 21, 2016 4:40 PM

@ianf,

Clive is playing your song, and you're asleep

That's just.. jealousy. Me making a gesture of playing the violin as I read your post -- meaning I am playing a sob song.

FigureitoutJuly 21, 2016 7:42 PM

Thoth RE: terms
--Yeah I'm just using the terminology djb used, he specified a hash function originally but people got confused, so I liked the joke on the core page "salsa20_word_specification".

RE: using wifi bands
Can't get very far using wifi bands w/o huge amounts of power, that'd just be like using a yagi to a far away AP. You can connect to some repeaters via internet or vice versa so the actual comms path gets pretty crazy. What I'm saying is to skip that and transmit directly from your home worldwide on a preferably airgapped pc, typically uses much more power. Why would I go back to a super common band and use a knock off of wifi, when you need a radio hooked up to appropriate software to decode digital radio protocols? Really nothing too out there, all proven and done and there's a ton of protocols (that legally you need to publish, so generic OTPs is the best way to encode your transmissions and fly under the radar easy w/o any trouble, that's true for just about anything, anything could be a code...).

RE: attiny
--I see it now. Well if I were on the team I know where I'd be working, looks like it has some important parts (liked the joke of "C-4" in this pic): http://pasteboard.co/ekZOgKMR7.png Kind of goes from large to small left to right lol, FPGA which needs heavy toolchain help (yay I've worked w/ Artix 7, know that a tiny bit), ARM chip which takes a bit of time to get into, just worked w/ cortex M0, not M4; and I've definitely worked w/ ATtiny and you feel most in control of it compared to a large ARM chip or FPGA.

alnicoJuly 21, 2016 7:54 PM

Can someone explain md5 collision. Mainly as I understand, it is easy to create a pair of files of the same length that collide, but this is quite a different problem when for a given file (that's meaningful or an executable that runs) to create a second file of the same size that collides and let's say performs a malicious action. Am I misunderstanding that there's a difference in these scenarios.

ianfJuly 21, 2016 10:01 PM


      Got it
                breathing
                standing up
                gesturing
                playing 🎻
                reading
                writing
                concurrently
                attaboy (grrrl)

WaelJuly 22, 2016 1:20 AM

@ianf,

No! You play the jelousy tune; I play the sob tune. As someone told me once: cry me a river, build a bridge and get over it ;)

ianfJuly 22, 2016 3:53 AM


Wael, you must be mistaking me for someone else. Because why should I be jealous at all? Seems a case of cultural displacement… tiny violin meaning something entirely different, and much more pleasant, over here. Also keep in mind that I can carry a tune tutto solo sans accoutrements that was in French.

Clive RobinsonJuly 22, 2016 4:09 AM

@ Wael,

As someone told me once: cry me a river, build a bridge and get over it

Perhaps in ianf's case we could also add "Once you've crossed over to the other side, burn your bridges so you can't come back to haunt us".

ianfJuly 22, 2016 4:15 AM


THIS JUST IN: Edward Snowden designs phone case to show when data is being monitored

    Snowden and co-designer Andrew ‘Bunnie’ Huang’s ‘introspection engine’ knows when a cellular, Wi-Fi or Bluetooth connection is being used to share data

Go wild, 'possums: http://gu.com/p/4p5x2

Sancho_PJuly 22, 2016 4:27 AM

@Markus Ottela, re Vishay coupler

"There were no photo diodes available so I ..."
The simulation you try is for educational purpose, you'd need e.g. a SPICE simulator (and 3-6 month learning on it, depending on your time and electronic skills).
However, as you do not have the internals of the USB to serial converter any such detailed simulation is pointless.
Better to go the "trial and error" path on perfboard (probably a long way for high speed).
As a data diode, without short checksum, feedback and retry, your aim is at extremely high data reliability, bit by bit (?).

Are your USB converters fit for that (which exactly?) high speed job, e.g.
would it work without the optocoupler?
Can you still buy identical converters or was it a Chinese one time shot?
Did you see what @Clive Robinson hinted at the LED's and current?
- Do you really need the converters?

Is your equipment (e.g. oscilloscope + probes bandwidth) fit for the job?
Is there any commercial solution available to do exactly what you want?
- What do you want, exactly?

"... converts TTL level signals of RPi to RS232 ..." (page 14) ???
??? But TTL on RPi is fine, I'm a bit confused now, USB, TTL ...
(I'm on iPad only, far away from home right now, will read more when I'm back, probably I didn't understand your roadmap?)

"... the (outdated) white paper ..." reminds me to "Agile Software Development" :-)
(Sorry, old fart, more questions than answers - but fun!)

ianfJuly 22, 2016 8:23 AM


From YOU NEED TO READ THIS DEPT.:

America's broken digital copyright law is about to be challenged in court

by Cory Doctorow in Los Angeles – admittedly long and boring, but important to know never the less. Choice cuts (there are more!):

[by overturning the disputed portions of the DMCA, Matthew Green, a heavyweight in security circles, whose research includes audits of OpenSSL and Truecrypt, hopes to be able to] investigate the security of industrial-grade encryption devices used to secure cryptographic keys for purposes such as processing credit card or ATM transactions. […] He wants to investigate the security of medical devices; toll collection systems; industrial firewalls and virtual private network devices; and wireless communications systems that connect vehicles to one another and to the surrounding infrastructure. Lurking flaws in these devices pose a serious threat to the economy and hundreds of millions of people who rely on them every day, so we really want people like Green to be able to independently validate their quality (the bad guys who want to abuse those devices don’t ask for permission to investigate their flaws, after all). […]

https://www.theguardian.com/technology/2016/jul/21/digital-millennium-copyright-act-eff-supreme-court

JG4July 22, 2016 8:47 AM


http://www.nakedcapitalism.com/2016/07/links-72216.html
...
Big Brother is Watching You Watch

Edward Snowden’s New Research Aims to Keep Smartphones From Betraying Their Owners Reader Supported News (furzy)

http://readersupportednews.org/news-section2/318-66/38133-edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their-owners

Facebook’s Giant Internet-Beaming Drone Finally Takes Flight Wired (resilc)

http://www.wired.com/2016/07/facebooks-giant-internet-beaming-drone-finally-takes-flight/

Spotify is now selling your information to advertisers engadget

https://www.engadget.com/2016/07/21/spotify-is-now-selling-your-information-to-advertisers/

rJuly 22, 2016 9:24 AM

@alnico,

"Can someone explain md5 collision. Mainly as I understand, it is easy to create a pair of files of the same length that collide, but this is quite a different problem when for a given file (that's meaningful or an executable that runs) to create a second file of the same size that collides and let's say performs a malicious action. Am I misunderstanding that there's a difference in these scenarios."

MD5 collision is not "easy" as in McDonalds. It is easy as in "we have the tools", but the next question is: do you have the resources?

Now, I'm not saying it's impossible to game MD5 - it is more doable now than ever.

To be able to game MD5 and other hash algorithms you need to understand their 'internal state machine' as they are not mere checksums or parity checks.

The papers I've seen about MD5 collision conclude what you post above, that it is easiest to game the internal state machine of hash algo's by keeping track of their internal state and leaving a very specific not-random but-random-looking blob to correct the difference towards the end of the "loop". These state machines are based on a procedure that tracks a file from the begining to end, so the "least different" "most game-able" spot is the last chunk of said file. These blobs correct the difference, a payload being included in such a file would push the difference in the internal state even further away from being 'predictable'.

I certainly don't discount the ability of some people as not being able to have say a 6/8ths match, drop a payload at the near end (7/8ths for instance) and the corrective values in the final 8th. There is no real reason once someone is capable of creating these 'corrective' blocks that payloads and alternative data streams can't be constructed to be placed earlier in the file.

One good thing, colliding one hash is reasonably possible: but technically colliding two at once say MD5 and SHA256 should be next to impossible.

Me personally, assuming some webserver hadn't been compromised - on the topic of downloading ISOs - any file which has two different hashes from two different routines should be secure against attacks. The question with the NSA recommending against ECC and with GPG 2.1 using it, I would trust dual-non-ECC-signed hashes over a single .asc+.key.

Anyone want to pick that apart? :)

(I'm actually uncertain as to how .asc is implemented as a detached signature)


@FigureItOut,

"so generic OTPs is the best way to encode your transmissions and fly under the radar easy w/o any trouble, that's true for just about anything, anything could be a code...)."

You still have the whole carrier signal problem, (I'm just saying).

Doesn't stuff like that show up as transmission spikes? Incoherent or not??

rJuly 22, 2016 9:30 AM

@alnico,

Actually, thinking about it now.

Probably relying on dual hashes as I stated above (MD5 + SHA256?) is likely very dangerous as you wouldn't have to collide the internal state at the same position within the file.

ianfJuly 22, 2016 11:14 AM


Waste of public money to 3D-print a finger that easily could be chopped off the already-deceased corpse/ murder victim. There were instructions how to in the first episode of the serial "24" with Jack Bauer.

TedJuly 22, 2016 11:16 AM

Aikido "is a modern Japanese martial art developed by Morihei Ueshiba as a synthesis of his martial studies, philosophy, and religious beliefs. Aikido is often translated as "the way of unifying (with) life energy" or as "the way of harmonious spirit." Ueshiba's goal was to create an art that practitioners could use to defend themselves while also protecting their attacker from injury”

The Art of Peace by Morihei Ueshiba

Aikido stories:

After testing today sensei said, "today I saw your true self." Any ideas what sensei meant by that statement? Well, I like the explanation that Frank Hreha sensei used to give. It goes something like this:

Question: What do you get when you squeeze an orange?
Answer: You get what's inside the orange!

CuriousJuly 22, 2016 3:25 PM

Off topic: (Goofing around on youtube)

I think I made sense of this thing known as √-1. It sort of makes sense to be, with it being an imaginary and reflexive quadrant of sorts inside a circle.

CuriousJuly 22, 2016 3:45 PM

@BlackListed

Hm, weapons are generally weapons (dangerous) still I think, so I think you are screwed over there anyway. (I am a European btw.)

I am inclined to think that pistols are worse than some semi-automatic (non-automatic) assault rifle in close quarters combat (you can even carry one pistol in each hand), and it is easier for concealment with pistols.

One thing I haven't thought about, is whether or not rifle munition is traditionally more powerful than a pistol at close range.

I guess a ban on automatic weapons put a limit on the potential amount of shots pr. some short period of time, but perhaps only relative to some situation in which the opponent has automatic weapons that can spray bullets in the opposite direction again.

I guess the appeal of an AR-15 semi-automatic rifle is that, just like an militarized assault rifle, you can probably fire more accurately out to 300m with it (or some such), beyond the range of a pistol, and perhaps more importantly, you would have a magazine with lots of rounds in it. And in some firefight against people with rifles, having only a pistol to defend yourself with, would put you at a disadvantage outdoor I would think.

Both pistols and rifles would be terrible things for different reasons I guess.

CuriousJuly 22, 2016 3:53 PM

To add to what I wrote:

I guess an AR-15 is a carbine. An assault rifle with a shorter barrel, maybe making it more easily wielded in close quarters combat. I guess hunting rifles are traditionally fairly long barreled weapons, incl. shotguns.

rJuly 22, 2016 9:58 PM

@BlackListed,

I think it's dumb, it's just moving the goal post.

The article even alludes to it only being a small band aid to a problem it wont even really address.

I feel bad for the people of Massachusetts, but whatever they vote let them try it.

If it ends up working out in 20 years, maybe we should examine it for the rest of the country. In the meantime I think it's one of those "in the moment" things.

Ted Kaczynski made glue out of horse hooves, no legislation is going to stop the crazies - it will just stop the good well behaved people.

The IRA turned trucks into artillery, are they going to ban pindle hitches and gasoline?

I'll admit, any statics we have of guns vs murder could eventually reach a near 1:1 ratio but right now it's likely that less than 1% of all guns are involved in a crime.

It's sad really, we've got a long way to go and nobody wants to actually address the real problems: mental health and emotional well being.

W/E

But who wants to spend money educating the poor?
Lifting them up?
Medicating the schizophrenic?
Identifying the depressed and suicidal?
The homicidal?

Murder makes the world go round, they're just going to keep alienating and adulterating the civil identity. It's inescapable.

When somebody dies it shakes things up - it stimulates the economy. Morticians, Police, Ambulances, Hospitals - they've all got their hands in the first cookie jar first. Then you have Unions, Food Service, Gasoline and whatever other trickle down expense you can think of getting part of the redistributed value of a dead body.

When somebody dies there's money to be made, we definately shouldn't be listening to anyone even remotely involved with the initial moments of death as to their recommendations: it's a conflict of interest (they're all getting paid).

(This could be misconstrued, please be careful it is not an attack but a question.)
What are cops going to do? Shoot the mentally ill? Shoot the minorities? Shoot the loud mouths like me? And when people start thinking that something might actually be wrong what then? Shoot the protesters who object? Oh, nvm instead of inventing trails of evidence maybe we can just invent evidence... They are influenced by Russia! They're all spies and AGIPOPSTARS. We could keep dismissing them too... There's nothing wrong with my lawn.
(This could be misconstrued, please be careful it is not an attack but a question.)

It's a thin line we walk, trust. Especially in the face of wanton fabrication.

But that's alright, we've always got the survey lance - to poke and prod your every niche.

To wit: I think at times "eavesdropping" and "wiretapping" should be legal. The mental health lady down the road has threatened thus far to burn down 3 of our houses... Now the neighbor across the street from her has gotten herself into a survey lance escalatewar (not later).

They are both now video taping each other and anyone caught in between.

You will never stop the crazies... That is until you actually start to deal with the crazies.

(Let's try this for a response instead of the disorganized bs on the other tab.)

rJuly 22, 2016 10:09 PM

@All,

Woops, I meant to say "should be legal at times" with respect to eavesdropping and wiretapping.

There should be a reasonable fear of harm or damage.

For evidentiary purposes instead of a gd childish "he said she said" kind've never-goes-anywhere complaint.

It should be definately legal to attempt to or actually record someone who has threatened you or your property especially where multiple witnesses are concerned.

It could lead to A) convictions, B) committals and C) less major crimes (arson, murder, assault).

rJuly 22, 2016 10:35 PM

@BlackListed,

Oh, and not to get all adversarial again but I realized something else while waiting for the page to load.

Do you know what else you grew up with? It wasn't a boss, it was most definately a job regardless of any child labor laws or "family run business" exemptions...

Did your parents even find needles in your playground?
Did you ever get hassled or beat up by gang members after mowing lawns?

You were what'd you call it... shoveling for clams?
They were selling dope for theirs.

You work for wallstreet or more directly the fishing industry, some of the children over here work for bolivia. Who's fault is that?

It certainly isn't mine, I don't buy coke and I don't run the border or the floor of congress.

What would you have done had Green Peace or PETA made clams in your state as illegal to harvest as they are in mine?

Get your facts straight next time you pull a gun on somebody you think is dangerous because your marginalize them from the society you paint in your head.

Like we tried to do for Nicaragua, try giving them something else meaningful to do first then see what they do with it.

Don't spend your time wondering why people are voting with bullets when this problem didn't appear over night, the funniest thing...

The last time someone rented a u-haul it was to blow up the OKCB, now look at france - you still feel safe around u-hauls?

You can't just legislate problems away, government has to be more inclusive not participatory. Sometimes you will have to leave a seat empty, but please - always make sure you have enough seats for everyone and don't lock the doors because a couple of them might be late.

I like McCain too, but throwing a fit because an invitation isn't accepted is silly. Put up a placeholder and send them a "sorry you couldn't make it". If you really valued their input - you would've put the meeting on hold or found a suitable like minded replacement.

Funny, I was committing felonies at your age doing the same thing you did with clams except I wasn't selling them. We were harvesting them for self-consumption.

Location, Location, Location, it's a 4d thing.

Markus OttelaJuly 22, 2016 10:53 PM

@ Sancho_P

"Better to go the "trial and error" path on perfboard"

I guess you're right. I'll get back to you guys on this when I get the tools back from buddies.

"Are your USB converters fit for that (which exactly?) high speed job, e.g. would it work without the optocoupler? Can you still buy identical converters or was it a Chinese one time shot?"

I tried some chinese converters and they were crappy (couldn't handle RS232 voltage levels). The one I'm using is by Aten, a ~$40 device that is built to the standard and can handle 115200 baud at +-6V levels.

"Do you really need the converters?"

Me, not necessarily; I've a laptop that has an RS232 port but if users are going to buy the TCBs it's likely they have to be netbooks (that barely come with USB ports, let alone serial).

"Is your equipment (e.g. oscilloscope + probes bandwidth) fit for the job?"

I think it samples up to 60MHz. Nothing fancy but fast enough for the job. I can probably get my hands on a signal generator that would make it easier. The physics lab of uni most likely has better equipment but I haven't looked into it.

"Is there any commercial solution available to do exactly what you want?"

The onces that are are far superior (EAL7+ rated etc.) but my guess is the price for one is between $10k..100k. I'm aiming to have the data diode cost below $30, (the current PoC is about $10).

"What do you want, exactly?"

I want fast unidirectional data transmission between two computers over serial interface to prevent data exfiltration with malware from separated TCB.

"But TTL on RPi is fine, I'm a bit confused now, USB, TTL"

I tried a USB-to-TTL converter and it works just fine at 115200 baud/s when connected to GPIO. But for some reason I couldn't get any data through with one or two optocouplers. I recall my scope measured weird noise coming from Tx pin of the adapter (testing with endless stream of single byte) that didn't seem to bother the normal connection.

FigureitoutJuly 23, 2016 12:43 AM

r
--What, the carrier signal being a path for a missile to follow the path down and land w/in 6 meters of you? Yeah...if you have that in your threat model and you a) use a smartphone irresponsibly or b) transmit something like 100W or more; you're an idiot and you're probably going to die.

Do you live your life thinking a missile is about to land on you? I mean I've thought of random attacks quite a bit b/c mental illness is unpredictable, both active shooters (we had "an active shooter" at our school, turned out to be a guy w/ a f*cking oboe in his trunk...there was swat teams everywhere and 2 helicopters flying over head), and random bombs, but never really a missile headed straight for me.

Yes of course you will be able to detect that energy, these are little MCU radios, these are "real radios". It's all open protocols, legal, anyone can receive but who do you know that can receive that right now? But blending in w/ the traffic wouldn't be that hard. By blending in, you truly go undetected b/c it's impossible to actually analyze all the data being created, and that data gets old and forgotten.

rJuly 23, 2016 1:04 AM

@FigureItOut,

No, I don't worry about ICBMs.

I don't worry about random ones either, I think all this fear about crazy people with guns is silly... I'm not scared of random attacks with guns I'm scared of people like the IRA who are much more maligned and organized.

The funny thing about the word 'random', is it's actually pretty dismissive.
Do you think any of these deaths are random?
Random is an accident, your breaks go out - literally no reason at all - do you know how dis-accurate that statement actually is?

You had your ABS light on for months, maybe your relay was going out... maybe there was a short in the wire... you still got behind the wheel of potentially failing equipment, that's random to you?

A crazy ass immigrant living in France, who'd already been cited for road rage once... decided he'd go AWOL from decency and mow down 70+ people with a commercial vehicle.

Random?
RANDOM?
or PSEUDO and you just don't accept it?

Okay, I hate giving out freebies: We have a heroin epidemic.

Take away our guns, what's to stop someone from buying tranquilizer guns and darts?

You don't have to have "instakills" to be lethal or dangerous.

Addressing the "weapons of today" doesn't stop the "attacks of tomorrow".

It just broadcasts to everyone your lack of vision and imagination, it's a uh... HARD FAIL and a BAD FAIL.

Well, maybe the "hard fail" is only my opinion. It could be a 'soft fail with a bad failure mode'.

I don't know.

So what will we do tomorrow?
Transquilizer guns and darts will be illegal, but heroin junkies can already get needles.
So now we have someone building PVC and ETHER tranq guns for unarmored and unprepared civilian "softies" out of ad hoc'd insulin dependent waste and heroin.

But that aint shit, because a 'weapon of mass destruction' is anything over 3/4oz of munition.

And people still want to take away one of the few ways we actually have of protecting ourselves for the 20 minutes we have to wait for the police to show up.

Don't get mad if I didn't thank you.

rJuly 23, 2016 1:12 AM

@FigureItOut

Actually, while I'm not sure the accuracy of depth required for an embolism.

Possession of Heroin may not even be a requirement.

rJuly 23, 2016 1:17 AM

@FigureItOut,

"but never really a missile headed straight for me."

Not yet, but it wasn't me talking about missles.

When you think of a missle do you think of a rocket?
Or a missle?
Because a missle can be any number of things.

rJuly 23, 2016 1:25 AM

@FigureItOut,

Also, "straight for me" as you say is also problematic.

Only lasers travel in straight lines (not so, gravity yadda yadda thanks), many things including molotovs are actually arcs.

rJuly 23, 2016 1:32 AM

@FigureItOut,

So yeah, worry about something weighing 20lbs that only a human could wield. I'll keep worrying about things like drones, spores, hollowed out canes, "plumbers" with propane cpvc and clear+orange or purple+clear and whatever else they have in their [tool]box of tricks.

Or members of the french resistance millwrights club, building "bikes" to fight the nazi's.

The only way to disarm a population, is to a) remove their teeth and b) send them back to the stone-age (education wise).

Did I forget to mention removing their arms?

rJuly 23, 2016 1:42 AM

@FigureItOut,

BUY THE WAY,

If nobody's tried that plumber ruse @ a company it's probably a great idea considering
a) insider threat plugs toilet,
b) we have cellsitesimulator outside
c) plumber pulls up
d) man with toolbox has knives, explosives (propane, maybe map/acetylene, maybe chloroform instead of cpvc primer, etc)

I dare your security to 'sniff' check the primer.
Dare you.

rJuly 23, 2016 1:51 AM

@FigureItOut,

Clive mentioned previously that PTFE is used for something...

Not to mention maybe a wet saw to replace the tile that snapped along with the urinal.

Plumbers also sometimes have fiber optic cameras.

Is this usually handled inhouse?

rJuly 23, 2016 2:01 AM

@FigureItOut,

I dare you to start putting cameras in bathrooms, let's see how that goes over when the women at the office find out huh?

ianfJuly 23, 2016 2:57 AM


@ rrrrrrrr, you lost me somewhere inside your multithreaded argument, but this bit piqued my interest:

members of the french resistance millwrights club, building "bikes" to fight the nazis

?WHAT? Maquis-built "bikes." Explain. Cough up a link.

The only way to disarm a population, is to a) remove their teeth and b) send them back to the stone-age (education wise).

Right, because the pre-comprehensive-education Stone Age, and then a toothless such, was especially bucolic, all-around Arcadia really.

rJuly 23, 2016 7:53 AM

@ianf,

Actually, that question is probably for someone of a much finer grained reality than I. I heard rumors or something years ago that they built weapons or shotguns out of bicycle parts. So a kind've fuzzy accusation, that specifically requires someone who deals in considerably less speculation probably someone like Clive.

As for the neanderthal reference, I thought you would've picked up on 'removing their arms'.

rJuly 23, 2016 8:03 AM

@ianf,

What triggered the "@home worrying about missiles" was my question about carrier lock. But as per Clive and Thoth's comments on the new squid it really is a valid concern whether they are ESPs(small wifi chips) or not.

The question relates back to a couple weeks ago at least concerning 'broadcast "garbage"' like using trash with bad checksums and low power to communicate.

Thoth's scenario is a reasonable example but any mesh network would be met with running every civilians pockets.

ianfJuly 23, 2016 4:09 PM


@ rrrrrrrr

Bicycles are made from welded-seam pipes, good for torsion and stretching, bad for explosive pressure present in shotguns—for that one needs drawn/ extruded/ rolled/ hardened steel pipes. Then again, what do I know… the WWII British Sten submachine gun apparently was designed for ease of repair even in less than high-industry conditions (a lathe, a grinder, and hardening ability—a black smithy and a bucket of water—for the bullet return spring were enough to replicate them behind enemy lines… though such copies' quality and thus dependence in the field varied).

    I've seen a picture of a French 4–, if not 6–person square-seating arrangement bicycle built for recurring regional food festival duty (complete with table top between "bikers"). So theoretically in wartime the Maquis could have modified bikes for secret delivery of ordinance contraband or whatever.

There was a film of how a group of French fishermen has hidden a hefty flamethrower inside a 8-10m sail boom(?) then approached coastline German patrol boats and set them afire in one swift instant… but I'm not sure how true that was (and it only worked a couple of times till les Boches put too and too twogether – after which the crew had to flee to the UK).

[confirming it] requires someone like Clive.

You mean Clive-The-Almighty? Wouldn't that be piling too much of a burden on a single, if Boundless, Intellect? Especially as, on the subject of surreptitious wartime iron-mongering, what's wrong with this someone?

EXHIBIT A: armored car, Copenhagen underground, 1945.

EXHIBIT B: armored car Warsaw uprising, 1944

… both built up on Ford truck chassis, have seen limited use, were abandoned due to running out of gas, now in museums in respective city. There apparently were a couple of internally armored Peugeot camions during the walkover liberation of Paris.

As for the neanderthal reference, I thought you would've picked up on 'removing their arms'.

You advocated chopping off Neanderthals' upper extremities??????

rJuly 23, 2016 5:08 PM

@ianf,

or their arms, e.g. implementations of armament.

It wasn't so much a recommendation as much as it was an observation on the futility of denying Lucy and others the right to object through the utility and application of ingenuity.

You can take their guns, but just try to take their arms. I think you'll find it's better to target their minds and free time.

Anon10July 23, 2016 6:32 PM

@ianf

I thought the police should have handled the Tamir Rice situation differently, but I always thought the media made too much of the his age and that it was a toy gun. A 12-year-old boy is certainly capable of firing and aiming a real handgun. If a 12-year old has a real handgun, I don't see why the police should react any differently than to an adult brandishing a firearm. Some of these "toy" airsoft guns are designed to look very similar to real guns. With the orange cap removed, I doubt the average person would be able to tell the difference between the toy gun and the real one without holding them.

rJuly 23, 2016 8:06 PM

@Anon10,

Because chances are, a 12yr old doesn't know the first thing about tactics or strategy.

You're kidding right?
right???

So treat him like the Dallas Sniper?
Like a real man?

Treat him to a nice big helping of cold hard reality.

That'll solve the problem.

Anon10July 23, 2016 9:59 PM

@r

You're the one who has to be kidding. Many, maybe most mass shooters, never had any military training in tactics and strategy.

rJuly 23, 2016 10:11 PM

@Anon10,

So that's your strategy?

No more cops vs robbers, no more cowboys vs indians...

If he's got a gun he's fair game.
Pfft, his parents should've probably aborted him anyways huh?

rJuly 23, 2016 10:18 PM

@Anon10,

Come to think of it, I KNOW EXACTLY WHAT TAMIR DID WRONG...

He wasn't wearing orange.

Yanno, I hope you never take your kid out hunting...

I hope you never let him go out into the woods alone.

That's where the real story is, the real tragedy...

You're okay with it because it isn't your kid.

You know about the girl on the bus with the bubble gun?

She's a terrorist don't yanno.

http://www.nydailynews.com/news/national/pennsylvania-5-year-old-suspended-bubble-gun-terrorist-threat-article-1.1243635

Who's the terrorist now?
These kids are just imagining themselves in your world.
YOUR WORLD.
Don't blame them, blame the adults - every last one of them.

Anon10July 23, 2016 11:34 PM

@r

Here's a few ideas:

1) if you want your kid to have a toy gun, buy one that actually looks like a toy instead of a replica of a real gun.
2) tell your kid not to remove the orange cap that would identify the gun as an airsoft gun.

rJuly 23, 2016 11:43 PM

@Anon10,

I knew you would say that.
I was waiting for it.

I'm not in charge of unbridled capitalism, I'm not in charge of the injection molding facilities that think that's okay.

I'm also not on the board of said companies, stamping such products with their seal of approval to sell to the public.

You're right, I am in charge of my self.
And I am in charge of my child.

Who's in charge of you?

--------

Listen,

I'm not from gd detroit, I'm from flint.

You remember when the one 6 year old shot the other ?

http://www.nytimes.com/2000/03/01/us/boy-6-accused-in-classmate-s-killing.html

I knew her family, everybody I grew up with KNEW her family too.

You want to talk about mass shootings?

Let's talk about renditions, let's talk about war crimes, let's talk about war mongering,

Let's talk about fear mongering.

Let's talk about drone killings, smart bombs, laser guided weapons and indirect fire.

Let's talk about going to war over a facsimile.

Let's talk about weapons that don't exist.

Let's talk about things that never exist.

Let's talk about destabilizing whole countries, let's talk about beheading.

Let's talk about how most white people wont even go into downtown.

I used to deliver pizzas on the north side, I was the only delivery driver at 5 stores other than cottage in that would delivery to the north end.

Sometimes we got shot, most everyone carried.

A couple of us have died, but we had a job to do.

A SHIT JOB.
30,000 miles on your car in 6 months and people don't even tip.
You get a nickle, that's what you get - a person standing there waiting for you to hand them back 25 cents.

BUT WE DO IT, AND WE KEEP DOING IT BECAUSE IT PUTS BREAD ON THE TABLE.

Let's talk about how white people move out.

Let's talk about how white people who are quite considerably more paranoid than me sick the cops on an East Indian grandfather in Alabama.

http://www.nbcnews.com/news/asian-america/indian-grandfather-paralyzed-after-encounter-alabama-police-n305081

Let's talk about how they over-reacted.

Let's talk about how they broke his back.

Let's talk about how white people move on.

Let's talk about how white people are in complete denial.

Let's talk shit about people we don't even know.

You wonder why Wael can't find a movie to paint a good pictures of Arabic Muslims?

Cuz your ass wouldn't buy it.

Whatever circular you get is circular, it makes you do circles.

You make me do circles, people like you tie me up in knots.

You make me sick to my stomach.

You don't give a flying rats ass until it's your kid, in your school.

YOUR BACKYARD.

That's the tragedy.

YEAH, BLM IS PROBABLY RACIST.

I DON'T BLAME THEM ONE BIT.

AS FOR ALM?

"That's the sound of the chain gang."

Drivin them spikes down real hard into what was once the land of the free.

Driving them stakes right through our collective heart.

Or was it just some lie they tell children while we raise them with their right hand over their heart swearing to god?

"I pledge allegience, to the flag, of the ununited mess that's america. and to some republic, that I can't stand, 'some nation' wonders god. where liberty and justice are stalled."

Keep being spooked, you're gonna be so nervous when the fourth of july comes you'll look like you was raised in the hood boy.

Duckin and shit.

You're an embarassment.

Stand up, be a man - your momma ever teach your right from wrong?

Did your dad?

OH THAT'S RIGHT, THERE'S A FUNNY LITTLE THING CALLED PERSPECTIVE.

Maybe you're right, maybe I'm the one that doesn't have it.

So the boy needed to probably get spanked, had his gun taken away.

NOT HIS LIFE.

But I'm imbalanced right? Because I actually believe shooting a boy with a toy gun is sincerely outrageous. I could fill a supersoaker up with hydrochloric acid and f*** you up something fierce. How about some customized paint balls? 50 yards you're as blind as a bat runnin for cover and still don't know wtf hit you.

Let me know when what I'm saying hits you.

Wouldn't make a damn bit of difference though, you already can't see the trees.

One of these days, that attitude is going to bring something home with you.

I feel bad for you son,
I feel bad for your son.

Indivisable,
Liberty,
Justice,

Aesop's fables for adults.

A 12 year old kid with a fake handgun has you justifying shooting to kill off the get, you just wait...

You've got me scared for my life just hearing you think.

No beanbags, no netgun, no stungun, no taser - just right to the lethal force.

They didn't even beat him first, that's a first.

And you don't think police need a better script? better choices? better training?

Drones can't get here fast enough.

I think all cops should carry flexible periscopes, they don't weigh that much and harbor freight sells the infrared ones cheap as dirt.

You're telling me we can't miniaturize that?

More than it already is?

It's too much work to save lives giving them REAL TOOLS?

"If you only have a hammer, you tend to see every problem as a nail."

"I wish they would've handled it better."

Howzat?

Shot the witnesses too???
Shutdown the media outlets?

Because the only other way that statement could've been interpreted, is you really do believe it's unfortunate.

That's the smell of shame, don't get defensive - take it all in.

I have to leave this site, some of you guys are alright by me...

Really.

Others, well...

I just don't know.

@Anon10,
F*** YOU AND YOUR JUSTIFIABLE HOMICIDE.
Man up, If that's really how you feel about 12yr olds and guns.
Shoot first, let's see how the chips fall when it's just you and not some union between you and a jury.

You wouldn't want me on your jury, I wouldn't have shot him.

Anon10July 24, 2016 12:06 AM

@r

I don't understand most of what you just wrote, so I'll just end with Tamir Rice was 67 inches and 195lbs. He looked a lot closer to 20 than he did to 12, so the police could have logically assumed he was an adult.

rJuly 24, 2016 12:17 AM

You forgot he was black.

White kid in the forest 67 inches 195lbs, you heard him folks.

Better information, better tools, better decisions.

WaelJuly 24, 2016 1:18 AM

@r,

I guess I haven't learned a thing. :)

It's wise to keep quiet. Saying things comes with a cost, and unless you are willing to pay the price, you should remain silent. However, wrong is wrong -- no matter who does it. You are using pseudonym; you don't have much to worry about.

You wonder why [...] can't find a movie to paint a good pictures of Arabic Muslims?

Actually, I understand but don't want to open a can of worms on an off-topic subject. All you have to do is watch what Noam Chomsky says on the matter. The guy is pushing 90 years of age, and his mental capacity is still intact!

Incidentally, "Arabic" is a language and "Arabs" are people.

WaelJuly 24, 2016 1:35 AM

@Clive Robinson,

burn your bridges so you can't come back to haunt us

Totally unnecessary! Once a bridge is crossed (over a river), there is no coming back, at least to this miserable world!

@ianf,

you must be mistaking me for someone else...

Oh, man! Must I spell out everything?

<construction <completeJuly 24, 2016 10:41 AM

@r • July 23, 2016 11:43 PM

Please compose posts to include paragraphs.

Anon10July 28, 2016 7:37 PM

@r

I never saw any evidence that the officer's decision to shoot was influenced by race.

ianfJuly 30, 2016 5:12 AM


Reworded for clarity:
                                 […] “If a [black teenager carries what seems to be a toy gun], @Anon10 doesn't see why the police should react any differently than to an adult brandishing a real firearm. ” [like, say, perhaps, first deploying common sense? The default police behaviour here otherwise being shooting down on sight any "gun-carrier" just-in-case to avert the risk of being shot at themselves].

Let me subject you to this truly paradigm-shattering mental exercise on how to change that default from one day to the other:

    A new country-wide police procedure is enacted: any policeman (AND his immediate superior/ detail commander) who shots a civilian outside of veritably life-threatening situations automatically gets indicted, loses pay for 3 months, then 6 months, etc, plus one year of his/her pension.

    The cockiness of police and the number of minorities killed "in preventive defense" by Blue Meanies goes down overnight. Simple, innit?

    Of course, that could never work in the USA, where policemen afraid to draw their guns first would feel emasculated, castrated really. Oooooh, eunuchs in uniforms, smashing.


Later @ Anon10 “never saw any evidence that the officer's decision to shoot was influenced by race..”

A very acute observation. Think the only civil way to confirm or deny the thesis of skin color bias would be to put up an ad in the local papers asking for valid- license volunteers for a live-ammo reënactment of said shooting, first with white, then with black likewise volunteer targets. Advertise, then count the number of responses, then call it off. We could even get a couple of TV stations to sponsor the event.

PS. spare me your further deliberations on how Americans, and so their police, are so different from Europeans, if not outright as human beings, that they depend on selective culling practices of uppity ethnics, so that their Masters be able to enjoy life in Law & Order.


@ Wael
            comes out as invertebrates non-fancier, doesn't “want to open a can of worms…. [It's enough to] watch what Noam Chomsky says on the matter.

Glad you've found a guru, could have picked worse than Chomsky, a sharp analytical mind, if chiefly usable in yadda-yadda-yadda theoretical frameworks.


Later, “Oh, man! Must I spell out everything?

No, no, I'd rather not know what you and Clive have cooked up—ignorance is bliss—and I thank you for being so considerate. At the same time I must however express regret over [Scott Ferguson: all-caps alert] WHERE WERE YOU WHEN I WAS SERIOUSLY WORRIED I WAS ADOPTED (first kidnapped?) BY ALIENS.

Anon10July 30, 2016 10:58 PM

@ianf

black teenager carries what seems to be a toy gun
Except, this is factually false. If you've ever looked at many of the airsoft guns, you know that they look like real guns if you've removed the orange cap(which Tamir did). Absent, actually being able to hold the gun, I doubt you would be able to tell that one was a toy.

FigureitoutJuly 31, 2016 12:03 AM

r
--Hopefully you've had enough time to calm down and enunciate what you're trying to say better. Having experienced my (hopefully never again) bout w/ what I believe to be some kind of mental illness (hope it's gone but you can have genetic predispositions...) I feel as if you're experiencing some heavy stress.

If you have something to say again say it or please don't make a bunch of messed up allegations involving me when they're false. Thanks.

rJuly 31, 2016 7:31 AM

@FigureItOut,

"If you have something to say again say it or please don't make a bunch of messed up allegations involving me when they're false. Thanks."

I can't find what you are alluding too, link please?

So far, I can only think of @BlackListed, and @Scott "SFITCS" Ferguson.

And maybe I had a little fun with @Bumble Bee by saying John McAffee enjoyed his time in the psychotropics.

I know I'm excitable, my apologies.

Are you a cop? Do my beliefs offend you? Is it you are ex-military and struggling with depression?

FigureitoutJuly 31, 2016 10:18 AM

r
--This: https://www.schneier.com/blog/archives/2016/07/friday_squid_bl_535.html#c6729013 , you know the part about me trying to put cameras in women's toilets (why that was even relevant is beyond me too). I'd prefer you to not have my name in statements like that. Plus you can generally just walk into businesses pretty freely and open fire if you want, no need to be a plumber or anything like that to plant a bomb.

Not a LEO, I don't really care your beliefs so long as they aren't a threat to me. Depression runs in my family (grandpa got the "shock" treatment) but I don't really have an issue w/ it anymore and the drugs don't work anyway.

And that's all I could think of, of the "carrier signal problem" you mentioned. We've talked about in the past how someone w/ a satellite phone, a missile was able to find and lock on to somehow to some signal and follow that down to the operator. Also if missiles are indiscriminately sent to signals, then could someone subvert that by placing transmitters near targets they want blown up?

There's a difference in civilian computer/comms security, and military type, where guns and bombs are actual threats and not FUD. Some digital modes, an audio signal can be recovered below the noise floor. If you don't have a receiver and the proper software it will just look like noise.

rJuly 31, 2016 10:56 AM

@FigureItOut,

I understand, the point about the woman's bathroom was about stopping attacks by de-plumbers.

As I stated, good luck - that's one type of glue[primer] I wouldn't sniff. ;)

But I still don't think you're really looking at the civilian attack surface when you dismissively assume warzones are strictly military, I am truly concerned with the miniturization automation and dissemination of technology and technology products. Right now we have people manufacturing guns with portable automated mills and distributed step-by-step documentation, it's one small step for man but a GIANT step for mankind. Are you prepared for the maligned to pick up both distributed engineering and fabrication as opposed to pitchforks and torches?

**I really do believe you and others are missing the obvious here when it comes to GPS triangulation, spotting and quite frankly what can be made out of effectively "bicycle parts".**

I'll leave out the details for your imagination, as I said I was trying to illustrate a method of discouraging bathroom saboteurs. But you did prove that not too many bathroom's are safe.

rJuly 31, 2016 11:02 AM

@FigureItOut,

Wait, you thought I was advocating camera's in toilets not generalized bathroom cams?

Was that another freudianslip on your behalf? Like missles vs mortars ???

rJuly 31, 2016 11:12 AM

You said missiles, you meant rockets - I FEAR MISSILES (not high tech military but low-tech IRA).

I said camera's in bathrooms (to protect against plumbing attacks (see above)), you respond that I accused you of wanting to put camera's in toilets?

Let's get wiki out:

In ordinary British-English usage predating guided weapons, a missile is "any thrown object", such as objects thrown at players by rowdy spectators at a sporting event.[1]

A powered, guided munition that travels through the air or space known as a missile (or guided missile).
A powered, unguided munition is known as a rocket.
Unpowered munitions not fired from a gun are called bombs whether guided or not; unpowered, guided munitions are known as guided bombs or smart bombs.
Munitions that are fired from a gun are known as projectiles whether guided or not. If explosive, they are known more specifically as shells or mortar bombs.
Powered munitions that travel through water are called torpedoes (an older usage includes fixed torpedoes, which might today be called mines).
Hand grenades are not usually classed as missiles.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.