Re: The Statism Meme
At 2:39 PM -0800 2/4/03, André Esteves wrote: >in Northern Italy they live close to Switzerland... What more can be said... >A car, a suitcase and a weekend in Geneva with a numbered account. I'd go to St. Moritz. It's closer, has better skiing, and the Swiss banks have discovered branch banking. :-) - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
password based key-wrap (Re: The Crypto Gardening Guide and Planting Tips)
Peter lists applied crypto problem in his "Crypto Gardening Guide" at: http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt One of the problems from the "Problems that Need Solving" section is: > * A key wrap function where the wrapping key is derived from a > password. The requirements for this are subtly different from a > straight symmetric key wrap in that the threat model is rather > different. For example a symmetric key wrap may use HMAC to ensure > non-malleability, but for password-based key wrap this makes a > dictionary attack rather easier (throw passwords at the HMAC, > sidestepping the encrypted key altogether). There exists a (ad-hoc) > design that has rather limited non-malleability in order to avoid > potential dictionary attacks. I may not be fully understanding the problem spec: you want to encrypt (wrap) a randomly generated key (a per message session key for example) with a key derived from a password. What would be wrong with using PBKDF2 (from PKCS #5 / RFC2898) as the key derivation function to give you defense against dictionary attack. (Allows choice of number of iterations to "stretch" the password, allows a salt to frustrate precomputation.) Why do you care about non-malleability of the key-wrap function? If you do want non-malleability of th ekey-wrap function, isn't encrypt and MAC a standard way to do this? Then you would need two keys, and I presume it would make sense to derive them (using KDF2 from IEEE P1363a) a start key: sk = KDF2( password, salt, iterations ) ek = KDF( sk, specialization1 ) mk = KDF( sk, specialization2 ) and then AES in CBC mode with random IV encrypting with ek, with appended HMAC with key mk. That leaves the comment: > but for password-based key wrap this makes a dictionary attack > rather easier (throw passwords at the HMAC, sidestepping the > encrypted key altogether). but in this case the attacker could take his pick with no significant advantage of either method: - brute force passwords to get sk, derive ek from sk, decrypt the wrapped key and use some knowledge about the plaintext encrypted with the wrapped key to tell if the write password was chosen; or - brute force passwords to get sk, derive mk from sk, and see if the MAC is valid MAC of the ciphertext (presuming encrypt and then MAC) Or is the problem that the above ensemble is ad-hoc (though using standardised constructs). Or just that the ensemble is ad-hoc and so everyone will be forced to re-invent minor variations of it, with varying degrees of security. Adam
Re: Two Finalists Are Selected for the Void at Ground Zero
At 12:50 AM -0800 2/6/03, John Young wrote: >Vinoly's and Schwartz's design for a symbolic aircraft stabbed into both >towers is gutsily disrespectful of towering architecture as a flag waver >begging for assault. I kind of like the idea of 5 towers arranged in a semicircle. The middle tower would be the tallest with the two on either side getting shorter the further they are from the center. The bulge of the semicircle would point ESE, basically toward Afghanistan and Saudi Arabia. The whole idea seems to me to sum up a common New York attitude. :-) Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Congressmen in need of composting: Manzanar fine with him
Holy sh*t is this guy stupid. Racist too. I guess anyone who doesn't look/sound/think like this MF is "they". Better round up those blacks while we're at it. -TD "And if I were to have him shot I'D be the one to go to jail!" (Paraphrase of Mr Burns...) From: "Major Variola (ret)" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: Congressmen in need of composting: Manzanar fine with him Date: Thu, 06 Feb 2003 11:26:20 -0800 HIGH POINT, N.C. - A congressman who heads a homeland security subcommittee said on a radio call-in program that he agreed with the internment of Japanese-Americans during World War II. http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030206/ap_on_re_us/congressman_prison_camps_7 Why don't they stop pretending and call it Fatherland Security Agency? t _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Congressmen in need of composting: Manzanar fine with him
HIGH POINT, N.C. - A congressman who heads a homeland security subcommittee said on a radio call-in program that he agreed with the internment of Japanese-Americans during World War II. http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030206/ap_on_re_us/congressman_prison_camps_7 Why don't they stop pretending and call it Fatherland Security Agency?
Re: A secure government
at Thursday, February 06, 2003 4:48 PM, Chris Ball <[EMAIL PROTECTED]> was seen to say: > Another point is that ``normal'' constables aren't able to action the > request; they have to be approved by the Chief Constable of a police > force, or the head of a relevant Government department. The full text > of the Act is available at: at least in theory. It was only a massive public "FaxYourMP" campaign that aborted the attempt to extend the "people able to authorise" list for interception to the head of any local government department (and a few other groups). I have no reason to believe that a similar paper would not have extended authority to demand keys right down to the dogcatcher general too :)
Re: A secure government
At 12:03 AM 2/6/03 -0800, Tim May wrote: >On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: >> The view I get fed all the time is that crypto is, on the whole, in >> the hands of >> the terrorists, the anti-patriots, the paedophiles, et al. > >Correct. > >> That it is a bad >> thing. > >We don't think so. > Mr Robinson: we understand the Bill of Rights applies to some unsavory types too. Do you think this is a bad thing? See you in Manzanar, baby.
Balancing Reason and Emotion in Twin Towers Void
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, folks, we might as well call it "New York, DC", now. As we slouch toward the triumph of theocratic decoration in lower Manhattan, the expropriation and mere ceremonialization of the birthplace of modern finance continues apace. "Social" Darwinism, indeed. I suppose, at this point, the THINK proposal, with its final solution for the extermination of commerce from the site -- completing the expropriation that created the WTC in the first place some 50 years ago -- a design which includes, as John Young notes, a PoMo "quotation" of an air-crash in the upper stories of a PoMo "quotation" of the original twin towers, is the most obscene of the two. So, now that we've "voted" about valuable commercial real-estate, boys and girls, we've given you two politically correct choices left. Take your pick: Leni Reiffenstahl does Stonehenge, or Noam Chomsky mugs Bucky Fuller and calls it art. For myself, I'm completely shameless. Sell the site and let the market decide. That, indeed, would be "World Trade". Cheers, RAH - http://www.nytimes.com/2003/02/06/arts/design/06DESI.html?th=&pagewant ed=print&position=top February 6, 2003 Balancing Reason and Emotion in Twin Towers Void By HERBERT MUSCHAMP Taken together as a kind of shotgun diptych, the two designs chosen as finalists by the Lower Manhattan Development Corporation illustrate the confusion of a nation torn between the conflicting impulses of war and peace. Daniel Libeskind's project for the World Trade Center site is a startlingly aggressive tour de force, a war memorial to a looming conflict that has scarcely begun. The Think team's proposal, on the other hand, offers an image of peacetime aspirations so idealistic as to seem nearly unrealizable. While no pacifist, as a modern-day New Yorker I would like to think my way to a place beyond armed combat. The Think project accomplishes this. As I observed in an appraisal last week, the design - by the architects Frederic Schwartz, Rafael Viqoly, Ken Smith and Shigeru Ban - is an act of metamorphosis. It transforms our collective memories of the twin towers into a soaring affirmation of American values. The Think project calls for two frameworks of steel lattice in approximately the same locations as the original towers, but without touching their footprints. The new towers would form the infrastructure for a vertically organized complex of cultural and educational buildings designed by different architects. New York could only gain from the restoration of the image of the twin towers to the skyline. Students of civilization will not be offended by the thought that a tragedy of global proportions has given birth to an occasion for civic self-regard. That is how cities have been responding to acts of terror and destruction for at least 4,000 years. Destruction is not a path anyone would choose to get to art, but it is well-trod path. Compared with Think's proposal, Mr. Libeskind's design looks stunted. Had the competition been intended to capture the fractured state of shock felt soon after 9/11, this plan would probably deserve first place. But why, after all, should a large piece of Manhattan be permanently dedicated to an artistic representation of enemy assault? It is an astonishingly tasteless idea. It has produced a predictably kitsch result. Mr. Libeskind's Berlin-based firm, Studio Daniel Libeskind, has not produced an abstract geometric composition. It is an emotionally manipulative exercise in visual codes. A concrete pit is equated with the Constitution. A skyscraper tops off at 1,776 feet. As at Abu Simbel, the Egyptian temple, the play of sunlight is used to give a cosmic slant to worldly history. A promenade of heroes confers quasi-military status on uniformed personnel. Even in peacetime that design would appear demagogic. As this nation prepares to send troops into battle, the design's message seems even more loaded. Unintentionally, the plan embodies the Orwellian condition America's detractors accuse us of embracing: perpetual war for perpetual peace. Yet Mr. Libeskind's design has proved surprisingly popular. Its admirers include many culturally informed New Yorkers. With its jagged skyline and sunken ground plane, the project does make a graphically powerful first impression. Formally, at least, it represents the furthest possible extreme from the six insipid designs released by the development corporation in July. The contrast is surely part of the appeal of Mr. Libeskind's design. Those who rejected the earlier designs because of their blandness cannot accuse Mr. Libeskind's concept of wanting to fade into the background of Lower Manhattan. Isn't his design precisely what some of us were seeking? A vision that did not attempt to bury the trauma of 9/11 in sweet images of strolling shoppers and Art Deco spires? And yet the longer I study Mr. Libeskind's design, the more it comes to resemble the blandest of all th
Two Finalists Are Selected for the Void at Ground Zero
Putting the hideousness of what they both look like aside,how are they going to get fire union approval? Don't tell me they still don't need it! Shame Gaudi's rocket couldn't get up or even a bigger version of that big Stalin era hotel in Moscow.That would slot right into Gotham IMO. I also don't see any provision for observation platforms/chopper evac area's.Lightning cant strike twice?
Re: A secure government
>> On 6 Feb 2003, Peter Fairbrother <[EMAIL PROTECTED]> said: >> Unfortuately, this is not true in the UK - the penalty for >> non-decryption of encrypted files on request by an LEA (even >> if you don't have the key!) is a jail term. > b) Plod would have to prove you have the key, and refused to give > it, before you got convicted. Kinda hard to do. Amusingly, this requirement was only added *after* activists e-mailed the Home Secretary, Jack Straw, with mail encrypted to random public keys; making the point that unless he could decrypt all of them if asked, he'd be looking at a jail term. An RMS article from _The Guardian_ gives more details about the bill: < http://www.stallman.org/knock.html > Another point is that ``normal'' constables aren't able to action the request; they have to be approved by the Chief Constable of a police force, or the head of a relevant Government department. The full text of the Act is available at: < http://www.fipr.org/rip/ripa2000.htm > - Chris. -- $a="printf.net"; Chris Ball | chris@void.$a | www.$a | finger: chris@$a | "The obvious mathematical breakthrough would be development of an easy | way to factor large prime numbers." -- Bill Gates, _The Road Ahead_.
Re: A secure government
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother <[EMAIL PROTECTED]> was seen to say: > David Howe wrote: > a) it's not law yet, and may never become law. It's an Act of > Parliament, but it's two-and-a-bit years old and still isn't in > force. No signs of that happening either, except a few platitudes > about "later". Indeed - and the more FaxYourMP can do to keep that ever coming into force the better :) > b) Plod would have to prove you have the key, and refused to give it, > before you got convicted. Kinda hard to do. Not true - they have to prove you *had* the key at some point in the past. having lost the key isn't a defense > c) you already know this!!! probably - it was an oversimplification of a complex legal situation. the law *is* on the books, and as far as I can see, all that is stopping the first part of it coming into force is the desire of the HO to add a shopping list of new people to the list already defined in the act. I am assuming that the part we are discussing here is "held up in the queue" until the bits before it come into effect.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
at Thursday, February 06, 2003 2:34 PM, Tyler Durden <[EMAIL PROTECTED]> was seen to say: > I've got a question... > >> If you actually care about the NSA or KGB doing a low-level >> magnetic scan to recover data from your disk drives, >> you need to be using an encrypted file system, period, no questions. > > OK...so I don't know a LOT about how PCs work, so here's a dumb > question. > > Will this work for -everything- that could go on a drive? (In other > words, if I set up an encrypted disk, will web caches, cookies, and > all of the other 'trivial' junk be encrypted without really slowing > down the PC?) Provided the drive is mounted, yes. and there is no "without slowing down the pc" - obviously it *will* cost CPU time (you are doing crypto on each virtual disk sector on the fly), but it shouldn't impact on bandwidth unless you have a really slow pc. Virtual drives occupy a drive letter like a normal drive. most (including pgpdisk) have to be "mounted" while windows is already running - ie, there is nothing at that disk letter until you run a program and type a password. Some (like DriveCrypt Pluspack) allow the boot volume to be a virtual volume and be mounted *before* windows starts running. Easiest way to find out what you can and can't do is download Scramdisk or E4M, and play :)
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)
On Thu, 6 Feb 2003, Tyler Durden wrote: > Will this work for -everything- that could go on a drive? (In other words, > if I set up an encrypted disk, will web caches, cookies, and all of the > other 'trivial' junk be encrypted without really slowing down the PC?) Depends on how well you build the encryptor. If you put a box between the board and the disk which has lots of static ram you can pretty much make speed a non-issue. > The reason I ask is that's it's very easy to imagine that, say, FedGroup X > wants to take out some outspoken or otherwise questionable person by > secretly introducing some kiddie porn or whatnot onto the drive. 15 minutes > later they burst through the door and grab the PC. > If I buy PGP off the shelf, will it make the ENTIRE drive encrypted? (And > will I wait half an hour for "Hard Drinkin' Lincoln" to download?) PGP is file based. It would be hard to push data onto a drive, but it's pretty easy to eavesdrop. Usuall targets do stupid things, much easier to take advantage of that. A web search on "encrypted disk" will get you some software based tools. Patience, persitsence, truth, Dr. mike
Re: A secure government
On Thu, Feb 06, 2003 at 12:03:07AM -0800, Tim May wrote: > I thought everyone knew that .mil and .gov sites are on the public side > of the Net. Most sensitive sites are forbidden to have a direct > connection to the public Net. True. What's more, when I wrote about this last (a few weeks or months ago), I could find no verifiable instance of classified material leaking via the Web. Seems not to have happened, scares over "terrorist hax0rs" during budget time notwithstanding. -Declan
Re: A secure government
David Howe wrote: >> No, the various provisions of the Constitution, flawed though it is, >> make it clear that there is no "prove that you are not guilty" >> provision (unless you're a Jap, or the government wants your land, or >> someone says that you are disrespectful of colored people). > Unfortuately, this is not true in the UK - the penalty for > non-decryption of encrypted files on request by an LEA (even if you > don't have the key!) is a jail term. Dave, a) it's not law yet, and may never become law. It's an Act of Parliament, but it's two-and-a-bit years old and still isn't in force. No signs of that happening either, except a few platitudes about "later". b) Plod would have to prove you have the key, and refused to give it, before you got convicted. Kinda hard to do. c) you already know this!!! -- Peter Fairbrother
Re: A secure government
- Original Message - From: "Tim May" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 06, 2003 3:03 AM Subject: Re: A secure government > On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: > > > > > The view I get fed all the time is that crypto is, on the whole, in > > the hands of > > the terrorists, the anti-patriots, the paedophiles, et al. > > Correct. Then which one of these groups does the federal government fall under, when they use crypto? In the feds opinion, of course. Or do they believe that their use of crypto is the only wholesome one? -p
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
I've got a question... If you actually care about the NSA or KGB doing a low-level magnetic scan to recover data from your disk drives, you need to be using an encrypted file system, period, no questions. OK...so I don't know a LOT about how PCs work, so here's a dumb question. Will this work for -everything- that could go on a drive? (In other words, if I set up an encrypted disk, will web caches, cookies, and all of the other 'trivial' junk be encrypted without really slowing down the PC?) The reason I ask is that's it's very easy to imagine that, say, FedGroup X wants to take out some outspoken or otherwise questionable person by secretly introducing some kiddie porn or whatnot onto the drive. 15 minutes later they burst through the door and grab the PC. If I buy PGP off the shelf, will it make the ENTIRE drive encrypted? (And will I wait half an hour for "Hard Drinkin' Lincoln" to download?) -TD _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: A secure government
at Thursday, February 06, 2003 11:21 AM, Pete Capelli > Then which one of these groups does the federal government fall > under, when they use crypto? In the feds opinion, of course. Or do > they believe that their use of crypto is the only wholesome one? Terrorism of course, using their own definition - they use force or the threat of force to achieve their political aims :)
Re: A secure government
> No, the various provisions of the Constitution, flawed though it is, > make it clear that there is no "prove that you are not guilty" > provision (unless you're a Jap, or the government wants your land, or > someone says that you are disrespectful of colored people). Unfortuately, this is not true in the UK - the penalty for non-decryption of encrypted files on request by an LEA (even if you don't have the key!) is a jail term.
Re: [IP] Open Source TCPA driver and white papers (fwd)
On Thu, 6 Feb 2003, Anonymous via the Cypherpunks Tonga Remailer wrote: > I think you may have been mislead by the slant of paper. > > Quoting from the paper: > > http://www.research.ibm.com/gsal/tcpa/why_tcpa.pdf > > you will see: > > | The TCPA chip is not particularly suited to DRM. While it does have > | the ability to report signed PCR information, and this information > | could be used to prevent playback unless a trusted operating system > | and application were in use, this type of scheme would be a > | nightmare for content providers to manage. Any change to the BIOS, > | the operating system, or the application would change the reported > | values. How could content providers recognize which reported PCR > | values were good, given the myriad platforms, operating system > | versions, and frequent software patches? > > which clearly admits that the IBM TPM does implement the full set of > TCPA functionality as specified in the openly published TCPA spec, and > for the purposes of our discussion specifically as you see it does > implement the remote attestation feature. They can say all they want in a white paper. I was looking at the source code. That can only query the tpm chip. The chip itself contains no rom, you can't jump into it. In order to meet the requirement of tcpa it needs a secure execution region, and the IBM TPM simply doesn't have it. > (Though the author makes some unimaginative claims that it is "not > suited for DRM" because of upgrades may make that difficult to manage. > Any sane software architecture built on top of this tech can easily > tackle that "problem".) And any hacker can bypass it, which is what the guys at IBM are saying. > I'd think the more likely reason they want to downplay that TCPA is a > DRM enabling technology is because it's bad publicity for a hardware > manufacturer. I doubt it. If they could do what RIAA wants they could make a lot of money. Morals come second to money. Patience, persistence, truth, Dr. mike
Re: [IP] Open Source TCPA driver and white papers (fwd)
Mike Rosing wrote: > > - secure boot > > - sealing > > - remote attestation > > It does *not* do these parts. I think you may have been mislead by the slant of paper. Quoting from the paper: http://www.research.ibm.com/gsal/tcpa/why_tcpa.pdf you will see: | The TCPA chip is not particularly suited to DRM. While it does have | the ability to report signed PCR information, and this information | could be used to prevent playback unless a trusted operating system | and application were in use, this type of scheme would be a | nightmare for content providers to manage. Any change to the BIOS, | the operating system, or the application would change the reported | values. How could content providers recognize which reported PCR | values were good, given the myriad platforms, operating system | versions, and frequent software patches? which clearly admits that the IBM TPM does implement the full set of TCPA functionality as specified in the openly published TCPA spec, and for the purposes of our discussion specifically as you see it does implement the remote attestation feature. (Though the author makes some unimaginative claims that it is "not suited for DRM" because of upgrades may make that difficult to manage. Any sane software architecture built on top of this tech can easily tackle that "problem".) > That's why IBM wants the TPM != TCPA to be loud and clear. That's > why the RIAA can't expect it to solve their "problem". I'd think the more likely reason they want to downplay that TCPA is a DRM enabling technology is because it's bad publicity for a hardware manufacturer.
Baptista on Dud queries swamp US Internet Root servers
there's a revolution going on - enjoy. http://www.theregister.co.uk/content/6/29185.html Dud queries swamp US Internet Root servers By Joe Baptista Posted: 05/02/2003 at 09:47 GMT Broken queries are swamping US Internet servers with unnecessary traffic. A detailed analysis of 152 million messages received on Oct. 4, 2002 by one of the root servers in California showed that only 2 per cent of the queries were legitimate. The Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Supercomputer Center (SDSC) which conducted the research is trying to understand why the roots get so many broken queries from Internet service providers. DNS root servers provide a critical service to Internet users by mapping text host names to numeric Internet Protocol (IP) addresses. The 13 roots are operated by a mix of volunteers and U.S. government agencies. The U.S. Department of Commerce is the agency responsible for managing the root system which serves most Internet users. "If the system were functioning properly, it seems that a single source should need to send no more than 1,000 or so queries to a root name server in a 24-hour period," said CAIDA researcher Duane Wessels. "Yet we see millions of broken queries from certain sources." CAIDA researchers speculate that 70 per cent of the bad requests are due to misconfigured packet filters, firewalls, or other security mechanisms intended to restrict network traffic. Twelve per cent of the illegitimate traffic however could not be explained and was for nonexistent top-level domains, such as ".elvis", ".corp" and "localhost". .elvis is alive and well and living in an Alternative Root Universe CAIDAs results are no surprise to Bradley Thornton, a root server operator at PacificRoot and director of the Top Level Domain Association, an organization of domain operators. He operates the .corp alternative TLD for the business community. The "localhost" queries are to be expected, he says. A computer can have many names - but all computers use "localhost" on the Internet as the host name of the local loopback interface. "The localhost naming convention is an Internet standard and the localhost errors represent misconfigured DNS settings at the user or ISP level, he says. The rest of the "nonexistent" illegitimate traffic is a vote of confidence in the "inclusive namespace" (i.e. alternative TLDs) which Thornton helped pioneer. "There may only be one Internet," explains Thornton, "but we now have many namespaces and thats confusing the legacy root system." Top-level domains in the U.S. roots include country codes such as ".uk" for England, ".ca" for Canada, or ".us" for the United States, as well as generic domains such as ".com", ".net", and ".edu". There are some 300 top level domains in the US root but inclusive namespace has over 10,000 listed. Thornton thinks that inclusive namespace user activity is the cause of much of the rogue traffic. "Anytime one of our users publishes a URL from our namespace or any namespace in email or via the web that link becomes available to potentially millions of U.S. root users. When those users clicks one of our URLs a query is generated." This explains the dud traffic discovered by CAIDA, he says. In the inclusive namespace universe ".corp" is a busy top level domain and Thornton speculates that ".elvis" is alive and well and living in some unknown root system heaven. According to KC Claffy, a resident research scientist at CAIDA, traffic originating from the inclusive namespace system is likely part of the results. But Wessels, the project leader, emphasized there was not much evidence of alternative (inclusive namespace) TLDs in the data collected. Thornton disagrees: "the data clearly shows were having an effect." A TLD only needs an average of 10,000 hits in the root to show significant activity based on the CAIDA data of 3 million legitimate queries for 300 listed TLDs, he argues. "CAIDA reports that .corp got 51,000 queries and that's very significant evidence, he says. ® Joe Baptista is involved in the running of dot-god.com, the "official domain registry for web addresses ending in .god and .satan". Joe Baptista - only at www.baptista.god Mac.Independent - Get the most out of your Mac. http://mac.ind/
Re: Two Finalists Are Selected for the Void at Ground Zero
I'm currently working with Rafael Vinoly's firm, though not on the WTC project, instead a giant medical research campus outside DC for the Howard Hughes Medical Institute, a cool $500 million semi-underground facility described at hhmi.org. Vinoly's on a roll, just having won a competition for a $gadzillion Kennedy Center makeover (the firm has long got most of its work through competitions not by kissing asses at dinners and enduring rot gut confabs). Rafael's not a vanity architect, humorous about his evanescent celebrity, and says nothing's going to be built at WTC for 20 years, so fucked up is its politics (he escaped Argentina's/CIA's death squads, thinks Bush/Cheney are oily scum). The publicity is welcome, and worth far more than a piddling fee for putting up with vile NYC infighting and backstabbing going on among architectural circles, and nobody knows who is going to do the final design, but it is unlikely to be the current celebrated doofuses who are useful only to divert attention from the backroom riggery by Rockefeller's Port Authority and Silverstein's fronting for capitalistic socialism. Vinoly's and Schwartz's design for a symbolic aircraft stabbed into both towers is gutsily disrespectful of towering architecture as a flag waver begging for assault.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
If you actually care about the NSA or KGB doing a low-level magnetic scan to recover data from your disk drives, you need to be using an encrypted file system, period, no questions. There are occasional articles that pop up on the net talking about somebody's improved capability for data recovery. If you're part of a US government agency with NSA or DoD rules, that isn't necessarily required, or approved as adequate, but that's strictly an issue of their flexibility. On the other hand, if your threat model includes the Mafia, you might want to get some steel kneecaps pre-installed. It's been a long time since I've read any official regulations on this topic, and at the time they were mostly for declassifying equipment that formerly held classified data: - either use physical destruction, or - use an officially NSA-approved Big Magnet, or - use software that's been approved by your security officer for your operating environment and remember that you need to wipe memory as well. My reaction to letting any NSA-approved Big Magnets near any of *my* computers was "absolutely no way - keep them outside our TEMPEST shield so they don't bother my working disk drives.":-) And I was never convinced we'd find officially-approved disk-wiping software that would actually run on Unix as opposed to VMS and wouldn't require immense reams of paperwork to get permission for. But our building had a machine shop in the basement, so when the sysadmin after me decommissioned the VAX, she got to help sandblast the disk drives. I don't know what they did about RAM, if anything. Most sysadmins in those days had wall decorations made from the disk drive platters with nice stripes on them left by the head crash. Hers was sandblasted smooth metal :-) Our standard on AT&T 3B2 computers was to wipe memory 3 times, and there was a special program that would wipe half the RAM, relocate itself into that half, and then wipe the other half, using first 0s, then 1s, then a (fixed? random?) bit pattern.
Re: A secure government
On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: The view I get fed all the time is that crypto is, on the whole, in the hands of the terrorists, the anti-patriots, the paedophiles, et al. Correct. That it is a bad thing. We don't think so. People using it should surrender keys to the government, if you're encrypting mails then you should be viewed as having something to hide... Interfaces and usability aside, there's an air that only the "wrong" need ciphers. Most of us laugh at these kinds of proposals. History as we see it backs this up to an extent, in the fact that secrets are presented as something in the hands of the enemy to be broken as a tool of war. No, the various provisions of the Constitution, flawed though it is, make it clear that there is no "prove that you are not guilty" provision (unless you're a Jap, or the government wants your land, or someone says that you are disrespectful of colored people). I don't understand what you mean my "history...backs this up." A person writing in a private language is not compelled to translate, or even to testify. O.J. Simpson never took the stand. Bill Clinton was not sent before a firing squad. But it just seems stange to me that the government in all their paranoia haven't announced nationwide plans to start encrypting all government communications, to implement federal-, nay industrial-spanning secure infrastructures. Much of the sensitive parts of government (as opposed to the 99% which is nattering about rules and regulations) have been using AUTOVON, STU-III, and similar things for decades. In popular parlance, "scramblers." When I did some advisory work for DOD in 1979 they already had their own network of secure satellites, the DSCS (pronounced "discus") satellites. This was at least 24 years ago. In my proletarianism, maybe I'm just blind to it. Have people in sensitive positions of power actually seen an increase in taking this seriously? Is it already in such a state? The security of simple things such as .mil webpages and IP'd resources certainly doesn't convince. Or are they really not bothered, and just want to make a good headline? I thought everyone knew that .mil and .gov sites are on the public side of the Net. Most sensitive sites are forbidden to have a direct connection to the public Net. Further, if such a scheme were announced, could this conceivably introduce cryptotech as part of a mainstream process? Necessity is the mother of invention, and in such times, necessity is what people say it is and sell it as. As a safeguard against nations' security and/or economy, should we look to paranoid industries as the first step towards a secure, anonymous society? Hum, just me thinking aloud anyway. Apologies if this is in the archives.. crypto + govenment throws up a few results... --Tim May
