Schneier on Security

Clive Robinson • December 21, 2019 7:44 AM

@ SpaceLifeForm, Anders, S2PRNASAP,

And, over, and over, and over again, and again, it’s either RU, NK, CH.

You left the fourth “one at a time, US Cyber-existential threat” off of the list Iran.

It still amazes me just how many fall for the “Chins, Iran, North Korea, Russia” bleatings of the US government, and how it usually nicely coincides who who’s at the top of the US State Dept or executives 5h1t list.

The fact that nearly all US cyber-intrusion firms fall into line with it should be a warning to people about who they “front” for.

The sad thing is that as it’s been going on for solong it’s become a self-fulfilling issue. After all if you were a cyber-crook looking for a little cover, what better place to look like you are coming from than one of the four…

Comments on this blog about this US 5h1t list issue, are now half a decade or more old, and only now other places are starting to pick up on it…

Clive Robinson • December 21, 2019 8:40 AM

@ Thoth, Bruce, the Usual Suspects, and most importantly everyone else,

Perfect secrecy crypto …. or snake oil ???

I’ve just started reading my way through the paper this morning as the weather is truly appaling in London today (flood warnings all over the place).

The first problem is the paper does not read as though it is written by or for cryptographers, but physics researchers (which might be because it was written for Nature’s audience).

The system looks like a Quantum Key Distribution system (QKD) very similar to the 1984 Giles Brassard and Charlrs Bennet (BB84) paper.

BUT and it realy is a big but, it also has a lot in common with the “Thermal Noise in Resistors” crypto system of Laszlo Kish of Texas A&M University. Which caused quite a stir back in 2005, Which @Bruce commented on,

https://www.schneier.com/blog/archives/2005/12/totally_secure.html

One issue with the Kish device if memory serves was that you could build the equivalent of a bridge circuit with a loop of the transmission line and by using sensitive test equipment determin the two different noise signals in use as they moved up/down the transmission line.

This new system uses a broadly similar idea in that both Alice and Bob generate a “noise” source and send simultanioisly to each other and use the result as a One Time Pad keystream. The guarentee the papers authors offer that Eve can not form a loop or other directional coupler measurment is the “Quantum unclonability” of photons.

They also talk about both Alice and Bobs systems having to be in thermal equalibrium and this would generally raise a quite large red flag as well.

There is also quite a few other “aproach with caution” ideas in there not least of which is the use of “Chaos Effect” which is not random thus has doubtful entropy properties. But appears to being used for “perfect forward secrecy”.

I suggest people actually download and read the paper through two or three times. The first just to “set the scene” in your head at a 20,000ft level, then again to get a bit closer making notes as you go, and repeat untill you think you’ve got a grip on it.

Because… Part of the problem is “naming conventions in different fields of endevor”, you realy need to get a grip on the physics view as well as the cryptography view with respect to what the actual words and phrases mean.

However if their claim is valid, and at the moment whilst I see a lot of potential red flag issues, I don’t see anything yet that would make me say “Broken and here’s why” which I normally get very quickly with snake oil. It will be a “better mouse trap”.

Currently the best “distance holder” as well as “practical for use” Quantum Key Distribution system is a Chinese Satellite which uses pairs of cloned Q-Bits that get split appart with one stream sent to one site and the othervsent to the other site.

Put simply it’s only in deep space where individual photons travel any kind of distance without issue. On earth you can go from several million Q-Bits a second to virtually none in just a hundred or so killometres of fiber optic cable due to several effects that get lumped together under “transmission linr attenuation”. Which makes current Quantum Key Distribution impractical for usage in other than a few specialised cases.

If the authors are correct then in some ways it’s going to be “game over” for several groups of people. Not least is the “Faux Going Dark” protagonists. So keep your eyes open as that’s a prize a lot of people would chearfully commit murder to posses and control.

Anyway time for a very late brunch (it is nearly time for tea) and read another paragraph or three and give them a serious mulling over.

Clive Robinson • December 21, 2019 3:03 PM

@ Thoth, ALL,

I hereby present everyone a seasonal greeting.

And very nice it looks too especially with the Dickensian “Ghost of Christmas past” raising it’s spector. Oh and a lovely golden key for the front door 😉

To you and every one else, I hope you’ve got your seasonal shopping in and are depending on which side of the world you are enjoying the seasonal weather[1] and shortest or longest day.

To all an enjoyable time, and remember what ever it is “Everything in moderation, even moderation” B-)

[1] In London we currently have the traditional 21st Century seasonal “Flood warnings” which we are told year after year by our politicos, are not caused by Al Gore’s hockey Stick 😉

Clive Robinson • December 22, 2019 5:36 AM

@ Thoth,

It would be rather interesting to see how it can be applied in the Castle model.

Well two Castle spring to mind at this time of year, the first is the mythical story of “Good King Wenceslas” in Bohemia legging it out on the Feast of Steven (26th Dec or 2nd Day of Xmas) to take food and other gifts to those snowed in in his domain.

Then not so far from there we have Bram Stoker’s Gothic horror romance novel “Dracula” a story almost as ageless as the vampire. His Castle was in the depths of Transylvania, but he left fot 1800’d London seaking the life blood and much else from the main protaganist’s fiancee, giving rise to epic proportions of gore, lust, passion, mesmerisum and psychobable… as befitting the literary tastes of the time.

Because of this in security work various types of devices for attaching to data cables to extract information and the like are known as “Vampire Taps”.

Oh a third real one was castle building crazy “Mad” King Ludwick II of Bavaria[1]… He had built many “fairy tale Castles” and infrastructure and buildings as well as being a patron of the arts including Wagner. The famous castles are at Neuschwanstein and Hohenschwangau (yeh don’t try to pronounce them unless you’ve got a sore throat). Whilst his political enemies called him mad, it was unlikely he was, thus his mysterious death just a day after being captured by them, makes many think “assasination”.

[1] The sad joke of Ludwig’s Castles is that he like his grandfather was right, Bavaria was an unknown and to some backward place. Ludwig’s spending of his own money on infrastructure, architecture and the arts brought Bavaria into the light of a more modern world. It provided thousands with work or secondary income and shifted the economy forward from agrarian. The revenue earnt from tourism just to see his creations even shortly after his death has paid for his Castles many times over. But not just the Castles, for other works as well, they have been an important source of income for Bavaria ever since, that has made the modern Bavaria. Thus Ludwig’s dreams though initially expensive were actually a very sound investment and not mad at all. Maybe that is why Disney stole his ideas for their theme park castle and logo.

Clive Robinson • December 22, 2019 12:43 PM

@ Anders, ALL,

So “self signed certs” on most CISCO OS versions in use blow up because CISCO’s software did not alow valid dates after the end of 2019…

And we only get told by CISCO of their little “Y2K equivalent issue” in the middle of December 2019… Shall we call it CISCO-Y2K02?

Well there goes the IS Dept Xmas hols, oh and any “Xmas Bonus” will have to be diverted to paying external CA’s because CISCO say it’s “security best practice” which actually it’s not, it’s at best “convenience at a price”. For various business continuity reasons and one or two potential backdoor issues that must delight certain people[1].

@ Thoth,

To late to add “CISCO’s little Y2K02 prezzie” under the tree?

[1] What you get back from an “External CA” is a plaintext they have hashed and signed with their CA “private key”. As you have no idea of how the External CA selected the primes for it’s private key you have a large unknown that can have been “backdoored”. Which gives a vulnerability point that could be exploited.

But also from a business perspective, self signed certificates are fully under the organisations control. An External CA is certainly not. Thus if the Extetnal CA revokes your certs there is little you can do about it except take a potential time hit to move to another Extetnal CA.

But don’t forget from an end user perspective all an External CA cert realy means is that the External CA got payed without doing any chrcking. And to be a CA in the first place they persuaded/bullied web browser developers etc that their PubKey should be added to the default cert list in the software… So no legal comeback if the External CA is into shady business or likewise those they sign certs for…

Oh and remember even if not into shady practice Extetnal CA’s are not exactly the most secure of businesses as history has repratedly demonstrated (or is it plausable deniability?). In the past, External CA organisations systems including their cert issue and revocation systems have come under the control of unknown third parties. Alowing all sorts of nasties to happen.

Clive Robinson • December 22, 2019 8:37 PM

@ Anders,

With regards ToToK backdoored chat app, I kind of suspected something serious was up with it because the pulling from the “walled gardens” eas almost simultaneously done.

I also remember reading the published reports from ex MIL/NSA staff that had effectively been “loaned out” by the USG IC as part of Project Raven supposadly to do anti-terrorism. Basically they were saying their job was not spying on terrorists lots of people in many countries including journalists etc.

I’d not put the two stories together because there was not a link between them in the public domain that I was aware of.

But appart from that, I am totally unsurprised by it, it is after all a type of game play that started about a century ago with the first machine ciphers. And we have well deserved sayings about “examining equine dentition”.

It realy comes back to my point about messaging Apps and the OS on the device they run on, none of them are secure. Because the security end point is in effect non-existent…

Clive Robinson • December 23, 2019 9:57 AM

@ Thoth,

Need better EM shielding.

Definitely and low pass filter components etc etc…

As for the article, there’s a famous last words line at the end there,

If you’re already capable of making computers from scavenged parts you’re one step ahead of most of the world.

Which is a bit like saying “it does not look like it’s going to rain today” moments befor a Cat 5 Hurricane relandscapes the house and gardens from “art deco” to “gothic pile”…

Clive Robinson • December 23, 2019 2:37 PM

@ Anders, SpaceLifeForm, ALL,

BTW, the New Year bring us another “present” from Intel

Yup the BIOS is gone, long live the BIOS… And people sound surprised when they hear Rissia’s President Putin still uses MS WinXP on I presume a decade or more old hardware with a BIOS inside, and I’m guessing no “Over the Air Interfaces” like WiFi, Bluetooth or god alone knows what else over and above the obvious in built cameras or microphones.

@Nick P and myself[1] used to talk about when you should set the cut of date for hardware, I argued for pre 2000 he argued for pre 2005. It has been a busy decade and a half or so where the PC changed from “Computer to assist you, that you controled”, to “Spy to assist them, that you had no control over” (pick your choice of data thief).

So the “lock down/out” of ownership continues with you the user becoming more and more the involuntary data source. With no rights over what you create and privacy rapidly becoming something you leave behind around the time you leave the womb, and you don’t get back even when they have nailed the lid down…

The good news is if you are carefull you still can have some privacy like “Winston Smith, writing his journal in the out of sight alcove”[2]. However you have to be careful, especially who you trust and how, and build in deniability. We call it “Good fieldcraft” or OpSec and if used carefully still works the way it did upto the end of the cold war. It started going wrong because to many people for politicsl and profit reasons made the mistake of thinking technology could replace the old hard won skills. Whilst it could on the covert observation side on home ground –but only if undetected or unprepared for– it could not realy replace the hard won skills of agent-handler field craft. Thus “Knowledge and Preparedness” are the real armaments of defence.

Remember it was terrorists that turned electronic observations against those hunting them and In the process proved to the world what had actually been known but not talked about in the corridors of power since the 1950’s. That is “attribution is hard” at the best of times but darn near impossible when the potential target of observation takes just a few precautions to play games with both SigInt and ElInt, and why at the end of the day HumInt is what is needed, with more often than not “boots on the ground”.

And it’s “boots on the ground” where things go wrong for those using technology to observe as Facebook and others have found. If you don’t have the human based resources to observe other humans then they will win. Not just at “Fake News” and the alleged “Election Manipulation”, but also at covertly organising themselves against technically resource rich but human resource limited authoritarian entities like governments and their guard labour.

Thus the real “gift of the season” is being given the information by which you can take back your privacy, and in the main it is not by “new technology” but “old fieldcraft” where you use your adversaries weaknesses against them to defeat their strengths against you.

[1] Nick P and others who used to be regulars, if you are still reading along, solstice seasons greatings to you all, and “keep the faith” on ICTsec and privacy.

[2] He was the main protagonist in George Orwell’s book “1984” written during and just after World War II, where Orwell predicted much of the distopian things we now have around us. Including televisions that spy on us, the need to have continuous distant wars that can neither be won nor lost, thereby control the home population and give excuses for government failings. As well as the likes of “Managment Speak” where words have a different meaning and they can be used to segregate groups of people on the basic notion of “Divide and conquer”.

Clive Robinson • December 24, 2019 12:56 PM

@ JonKnowsNothing,

Per Wikipedia the distance records are

Impressive to say the least, when you consider 5280ft is a mile and 3281ft is a kilometre. Especialy when you consider even the shortest is longer than most soldiers can manage with a standard infantryman rifle. With that sort of range and mass potential why bother with sending up a quadcopter 😉

Infact a quick thought suggests if you dry the pumpkin a bit then fill it with a liquid hydrocarbon and a rag. With a payload weighing in at around gallon of gas or moonshine[1] you could have a very interesting fully natural fully renewable and also 100% green –alright orange– ammunition 😉

[1] I wonder how many other readers when students used to buy a mellon and inject it with a goodly quantity of “grain alcohol” over a week or so to make a very boozy party piece 0:)

Clive Robinson • December 26, 2019 8:35 AM

@ Wael,

No need to gesture about like an idiot; just talk to one’s self like someone who escaped from a nearby asylum 😉

Well, remember for a satellite to see thus read a persons lips, they would have to be looking upwards towards the direction of orbit, so facing towards the West…

So it would be more like praying than being fresh out of the “big white house”.

Clive Robinson • December 26, 2019 2:10 PM

@ BS PM BS,

Orbits have a circular path so one doesn’t have to look directly up.

I’ve discussed this in the past with @Wael, all orbits, including thrown objects follow an eliptical path. A circular path is basically a limiting case where the focus points coincide.

As for “looking up” you are talking about “horizon distance” which depends on many things but any obstruction above the same hight as the lips of the person standing normally to the plane of their horizon requires “upwards”. But further the shortest path is directly above ie at the normal point in the plane of their horizon. It’s also the point with least disfavourable optical charecteristics.

As for “The big white house” it’s an euphemism from the 1960’s or earlier that was a common expression often used as a threat[1] where I lived (due to Victorian lunatic asylums being built “out of London” to the South West. It was used much in the way “funny farm”, “rubber room” or “men in white coats” for state run mental institutions where people were dumped[1] and more often than not mistreated if not actively abused (involuntary electro shock therapy, labotomies, sterilization, sexual abuse etc).

Some such places had in earlier times been long term sanatoriums for polio or TB –usually recognisable by the balconies– and the like and were thus painted white on the outside and that awful shade of “hospital green” on the inside. Some were purpose built in the Victorian era and so old that rather than have “hot and cold running water” they had “hot and cold running roaches”.

[1] It was often used on misbehaving children and certainly adolescent girls when their behaviour was not what was expected. It’s why sometimes when I hear XXX is destined for “The White house” that I might smile ironicaly[3].

[2] Untill the early 1950’s English law alowed unmaried women who were nolonger virgins for what ever reason to be locked up indefinitely. Thus any complaints by a girl about being sexually abused would often end up with her in such an institution whilst the man would still be an upstanding citizen etc. etc. Also those that tried to commit suicide be they male or female were “criminally insane” tried, convicted and locked up in “locked wards” next to what we would now call psychopaths rather than be given the help they needed.

[3] Speaking of “The” White House as they say in “The” USA or 1600 Pennsylvania Ave did you know there are actually two of them? “SE” is an appartment block with 77 residences, “NW” is the old Presidential Palace the British gutted with fire, and it takes over 570 gallons of white paint to keep the scorch marks hidden…

Clive Robinson • December 27, 2019 1:18 AM

@ SpaceLifeForm, Sed Contra,

How are you really xmiting?

I’ve mentioned how back when the TAO catalog got tallked about on this blog.

There are two methods one inconsequential and the other slightly more consequential.

You can look up the “pith ball experiment” where you spin a charged pithball and it radiates an EM field at the frequency of rotation. Due to the low frequency of rotation the wavelength (speed of light / rotation rate) is vast compared to the pithball path, therefore it is a very ineficient radiator, and likewise the low charge movment per cycle of movment the signal radiated is very very small…

Less inconsequential is the movment of conductors or dialectrics in a wave field. It distorts the wavefield proportional to the movment and therefore modulates the field. This can be picked up at a distance if you know what you are looking for.

One way to move a wire with respect to the field is to do it physically that is put a couple of halfwave radiators of the field frequency on either end of a boom about 1/10th of a wavelength appart and spin it. The result is for several tens if not hundreds or more of metres a radio receiver will pick up a phase modulated signal at the rate of spin.

Obviously this is not mechanically practical in most cases though it has been tried with various things including reflectors that most of us have either seen or heard about made realy famous with 1970’s Disco, and the infamous “mirror ball” or it’s later 80/90’s green light laser image projectors, but some two hundred years or so before that with the predecesors of frensel lenses in light houses[1].

Whilst some reflector or waveguide antennas still rotate for centimetric radar and above the modern trend at lower frequencies is towards phased array antennas where the equivalent of the mechanical rotation is synthesized by changing the characteristics of radiators the simplest of which is the halfwave dipole.

If you make a dipole antenna and change it’s center impedence with an electronic device such as a FET or PIN diode it modulates the EM field around it. Whilst the transistor/diode changes the “real impeadence” or resistance of the antenna which absorbs some of the EM energy the use of variable inductance or capacitance changes the “imaginary impeadence” or reactance, in effect moving the antenna impedence at any given frequency by changing the resonant frequency of the antenna. Thus making it work like a “reactance modulator”.

A capacitor can be made with very very fine foil or ribbon, and work exceptionaly well as a microphone. The “Great Seal Bug” as used by the Russian’s against the US diplomatic premises in Moscow is an example of combining a foil microphone with an antenna to cause changes to an “illuminating” EM signal.

The inventor of the Great Seal Bug was Leon Theremin who in 1928 patented an electronic musical device now called the Theremin, that worked in a similar way in that it contained an oscilator that had it’s resonant components exposed to the environment, and the musician could by simply “waving their hands around” change the output of the oscillator. I guess the most famous example in terms of people hearing it is the start of the Beach Boys Good Vibrations.

But as I’ve also mentioned you can use the WiFi signals going through peoples homes to actually see their movments through brick walls and the like. With sufficient clarity after significant processing to see not just hands waving around but fingers typing…

A thought that makes some people want to hide in a hole in the ground[2] to do their typing

[1] A short history of which can be read at,

https://uslhs.org/lens-use-prior-fresnel

[2] The military like many other bureaucratic organisations don’t like calling things what the are because it might scare people which would never do. So a hole in the ground becomes a “bunker” and what is in effect a room surounded by metal like a jail cell on steroids as a “SCIF” for “Sensitive Compartmented Information Facility”. Which sounds oh so much better than a sound proof tank with metal door lined with rubber and soft padding, which lets face it sounds like something you would find in a lunatic asylum for people to bounce around in all day. In the electronics industry we are a little more honest with “RF Cage” or “Anechoic Chamber” or “TEM cell” which is essentially a “horn antenna” with an RF absorbing load where the open end would normally be (also jokingly known by some as a half Madonna).

Clive Robinson • January 2, 2020 12:41 PM

@ name.withheld…,

I think you meant to say that the U.S. is plagued with a level of magical thinking that dooms us all.

I’m not sure “thinking” is the right word “reacting” might be better.

Certain words, phrases or statments, cause a reaction below the concious mind. It’s like a tiger growl, that causes the monkey brain to send you from sitting on the ground to balancing at the top of a tree in from “zero to nothing” that is less time than your concious mind can think tiger let alone danger.

It’s a learned response from a very early age, unlearning it, is a thoughtfull process of self re-education. It’s especially hard when nobody around you want’s you to. But we know that from alcoholics and smokers who give up, it can be done dispite peer presure.

But it’s actually worse than an addiction, because for some giving up on faux notions, means giving up on their employment, thus income, thus car, home, food on the table, etc because they “don’t conform” any longer. Worse still as history shows non conforming can get you sanctioned in worse ways as some believe that examples have to be made to keep othets in line.

This recent nonsense with the profits from Edward Snowden’s book, is further proof if any were needed that the ideas behind “divine right” being expressed as “might is right” through “guard labour” actually shows that our alledged betters are actually worse than petulant kinder school children. Who have been caught doing things they know they should not have been, punishing the messenger rather than mend their wrongdoing. It’s actually a form of risible impotence and thus not something that they should paraded about so publically, much to the embarrassment of onlookers.

Clive Robinson • January 5, 2020 6:08 AM

@ Wesley Parish,

The US got away with the invasion of Iraq largely because it’s still got the world’s only blue-water navy.

The days of surface navys for high level warfare are over, they are just to easy to find as they have absolutly nowhere to hide from modern satellites, and missiles though expensive are getting cheaper by the day, as are long range cruise missiles and even drones. All of which have a much greater operational range than fighter aircraft from carrier groups.

Whilst such antiquated systems still work against second and third world countries (the US targets of choice) they don’t if the target of choice gets properly supported by one of many first world nations or super powers. We saw the start of this in 1950 and the 70’s and several conflicts since.

The future of high level naval warfare will be “attricion” or “siege” via unmaned deep water submersible weapons platforms, that can be stealthily deployed in advance in or near key points then at a push of a button and an ELF signal they become active. Whilst not requiring AI it would be a very cheap component to add to improve the platforms capabilities.

If nukes could be made sufficiently stable, then important harbours and ports would be destroyed in hours, few first world nations can survive the loss of cargo carrying capacity that civillian maratime vessels provide, because they don’t have either the food, fuel or raw materials for more than a very short period of time.

The way to fight a modern war is not to wast your time on setpiece action against their armed forces, but go straight for the soft underbelly of their civillian population. It’s what “sanctions” are a first step of, then you go for key infrastructure.

Unless you are empire building, only reason to have a military these days is to try to prevent your civilian population being attacked, this is especially true of first world nations where the populations are overly dense. Third world nations have an advantage in that their populations tend to be much more dispersed and self sufficient, if they have a mind to fight back well Afghanistan might give people a few clues as to what thst means.

But there is also another type of insidious warfare that can be seen in operation. Back in the 60s through 90s nations would supply weapons and resources to the freedom fighters / terrosists operating in their enemies country or those of it’s allies. This has moved on, what you do is use resources to generate large numbers of refugees that then flee towards your real target.

The rather dumb US ambassador to the EU who is currently in trouble, kind of gave the game away when he told senior Europeans his job was to destroy them. It’s fairly clear that one of the usefull side effects for the US is all the ME refugees trying to flood into Europe, which you can see reflectrd in Turkey’s actions and threats. The EU is thus thoroughly devided on the refugee issue, and in effect wasting resources and oportunities by fighting internally.

The sad fact is there is only one known way to stop refugees, and that is make your country effectively “certain death” or similar for them, thus they will mostly try to go somewhere else which is less dangerous. In short unless you are considerably more ruthless than those driving them out of their home countries they will force their way in.

Now whilst I can recognize this intellectually, the actual reality absolutly horrifies me, but it would appear to be both US and Russian policy to stop / destroy Europe any way they can, preferably via the hands of others.

Clive Robinson • January 5, 2020 8:18 PM

@ Wesley Parish,

Ahh piracy…

One of the older ways to attack a civilian population. Henry VIII’s daughter “Good Queen Bess” knew a few things about using piracy as a weapon of state craft.

On paper the English fleet should have not had a snow ball in hells chance against the Spanish.

But handing out licences to be “highwaymen of the seas” did a lot for ship development.

Yup piracy is a good way to attack a civilian population that is dependent on maritime trading. It’s one of the reasons that under Queen Victoria Britain had one of the most powerful fleets in the world. But Empires very quickly start to cost more than you get out of them, as does the communications to administer them (why Britain developed flying boats between the world wars).

Fleets of ships are expensive especially when you don’t know if you need them or not (look at the run up to the Falklands war). Thus Britain cut back it’s navy and tried to go hi-tec… So we still don’t have working two aircraft carriers and six destroyers…

Which in many ways is actually a good thing because it’s causing a serious rethink about what we want a navy for.

Submarines are for now one way to go, but they are realy denizens of the deep as they are like ships easy to find in costal and shallow waters, with the disadvantage of being slow in comparison.

Whilst ships can be made that will do sixty knots (~110kph) there are a lot of compromises but they are still easy targets for air based weapons platforms. Big guns are now gone except for blowing holes in the coast of third world countries, missile systems though expensive does mean that a ship can stay out of aircraft range and still do significant damage.

But for civilian as opposed to government piracy, fast manoverable but small weapons platforms are the way to go unless you are looking to take prisoners. Thus 10 small highly manoverable ships will give greater area coverage and faster response time than a single large ship, as well as being less easy to attack, but have shorter mission times between resupply thus need vulnerable resupply ships. It’s easy to see why the equation is quite difficult to get right as well as be “mission ready” in many more scenarios than even half a decade ago.