Re: Real-world quantum cryptography
On Wed, 2004-04-21 at 21:49, Steve Furlong wrote: http://www.quantenkryptographie.at/ Gah. That's what I get for trying to do a Hettinga -- he beats me to it. OK, Bob, you got me this time. grin
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself. Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
Morlock Elloi wrote: The extreme ease of use of internet wiretapping and lack of accountability is not a good situation to create. False. It is the best possible situation cpunk-wise I can imagine. No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
The extreme ease of use of internet wiretapping and lack of accountability is not a good situation to create. False. It is the best possible situation cpunk-wise I can imagine. It effectively deals away with bs artists (those who *argue* against this or that) and empowers mathematics. If one is so fucking stupid, lazy or both not to encrypt, anonymize and practice other safe-sex approaches then let's hope that whatever broad wiretapping results in will also have slight (but measurable) pressure in factoring those out from the gene pool. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25ยข http://photos.yahoo.com/ph/print_splash
Re: Real-world quantum cryptography
At 10:31 PM -0400 4/21/04, Steve Furlong wrote: OK, Bob, you got me this time. grin To paraphrase a surgeon in the cartoons this morning, your awe is thanks enough... ;-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? Amen. It's like expecting a worldwide ban on finance. Been tried. Doesn't work. :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
Eugen Leitl wrote: On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself. Are you truly expecting a worldwide ban on encryption? No. Just one on using crypto in america to avoid the feds listening in - currently this is legal, but adds an additional penalty if you are convicted of something *and* the feds decide you used crypto as well. How do you prove somebody is using encryption on a steganographic channel? obviously you don't - but I doubt you could conveniently find a steganographic channel convincing enough to pass muster and yet fast enough to handle VoIP traffic. Besides, it could easily devolve into a your-word-against-theirs argument, after you have already spent some time in jail waiting to get to trial (or at least the threat of this). Martha already found out how the FBI can bend the rules if they want to make an example of you.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
R. A. Hettinga wrote: At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? It's like expecting a worldwide ban on finance. Been tried. Doesn't work. There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. That it doesn't apply outside the US is fine if you are in the netherlands, not so hot if you, your isp, or some branch of your ISP is in the states.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 4:32 PM +0100 4/22/04, Dave Howe wrote: There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. Carl Ellison tells the story about how, with the advent of the longbow, all these peasants had to get absolution from their local priests for killing knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, repeat. Needless to say, the impedance mismatch between reality and dogma resolved itself. The economics of networks outweighs the economics of intellectual property law. That, too, will resolve itself, just like Clipper did. As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. The internet and Moore's law accelerates cryptographic, and thus financial, progress. More stuff cheaper. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RE: Sniper rifle implants tracking chip
Although I am sure it could be built, this is actually a piece of art/social commentary that was featured on The Next Big Thing on NPR http://www.nextbigthing.org/archive/episode.html?04092004 The artist's website is at http://www.jakobboeskov.com/ . Several countries were very interested in it when he exhibited it at China's International Police Expo. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, April 17, 2004 2:44 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Sniper rifle implants tracking chip I wonder if this site was put up for April 1st. http://www.backfire.dk/EMPIRENORTH/newsite/products_en001.htm also see their homeland security alert product http://www.backfire.dk/EMPIRENORTH/newsite/products_en002.htm
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Of course, the solved-crimes statistics doesn't care about this subtle difference. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn.But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? Amen. It's like expecting a worldwide ban on finance. Been tried. Doesn't work. But the goal isn't to ban it; just marginalize it enough to be able to tar it as a terrorist action. True, there is no worldwide ban on finance. But there is the delightful 'know your customer' law.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. I don't agree, though I'm tempted to. What have nominally been called religious and/or race wars throughout history have almost always had at their core economics, or at least in the western world. It's easy to see how finance might be the underlying reason for lots of nominally non-crypto communications. Your statement is arguably true as t--infinity. However, I'd bet there are short-term applications for crypto that really matter and yet have no real relationship to $$$ (for instance, what if there was widespread communications and crypto in Nazi Germany...would the holocaust have happened?) -TD From: R. A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push Date: Thu, 22 Apr 2004 12:43:51 -0400 At 4:32 PM +0100 4/22/04, Dave Howe wrote: There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. Carl Ellison tells the story about how, with the advent of the longbow, all these peasants had to get absolution from their local priests for killing knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, repeat. Needless to say, the impedance mismatch between reality and dogma resolved itself. The economics of networks outweighs the economics of intellectual property law. That, too, will resolve itself, just like Clipper did. As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. The internet and Moore's law accelerates cryptographic, and thus financial, progress. More stuff cheaper. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _ Lose those love handles! MSN Fitness shows you two moves to slim your waist. http://fitness.msn.com/articles/feeds/article.aspx?dept=exercisearticle=et_pv_030104_lovehandles
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 2004-04-22 at 14:53, Major Variola (ret) wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. The first thing that popped into my mind is a USB key with a small cake of potassium permanganate affixed to the flash chip and a rupturable bladder filled with glycerin on top. In case of problem, squeeze to rupture the bladder and throw it somewhere. If outside and near weeds, it'll be very hard to find before the misture does its exothermic thing. That mixture will ignite thermite... should be able to do a number on a flash chip pretty well. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not Never Forget: It's Only 1's and 0's! SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 4:00 PM -0400 4/22/04, Pete Capelli wrote: But the goal isn't to ban it; just marginalize it enough to be able to tar it as a terrorist action. True, there is no worldwide ban on finance. But there is the delightful 'know your customer' law. That's just a monster in the closet. Fact is, the more people are able to hack insecure networks, the stronger the crypto gets. At some point, we converge to instantaneous transactions, and that means stuff like blind signatures. Anything else costs too much. When we're at bearer transactions, we don't have audit trails anymore... Right? :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, Apr 22, 2004 at 11:53:07AM -0700, Major Variola (ret) wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Smallish lithium battery has enough oomph to heat a NiCr filament (or charge an electrolyte capacitor to vaporize a thin filament) to detonate a pellet of lead azide or similiar. It will blow a hole in glass, or reliably destroy a flash chip, while being fairly safe when not held in hand (or embedded in a bulky enough case). This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. If you're just running a P2P which encrypts relay traffick, and a CFS hosting your warez and kiddie porn which needs interactive passphrase input to mount any forensics type people will only wind up with a glob of useless bits. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
United States Patent: 6,721,423
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1Sect2=HITOFFd=PALLp=1u=/netahtml/srchnum.htmr=1f=Gl=50s1=6721423.WKU.OS=PN/6721423RS=PN/6721423 ( 1 of 1 ) United States Patent 6,721,423 Anderson , et al. April 13, 2004 Lost cost countermeasures against compromising electromagnetic computer emanations Abstract A set of methods is specified whereby software reduces compromising electromagnetic emanations of computers that could otherwise allow eavesdroppers to reconstruct sensitive processed data using periodic averaging techniques. Fonts for screen display of text are low-pass filtered to attenuate those spectral components that radiate most strongly, without significantly affecting the readability of the text, while the character glyphs displayed are chosen at random from sets that are visually equivalent but that radiate differently. Keyboard microcontroller scan loops are also furnished with random variations that hinder reconstruction of the signal emanated by a keyboard. Drivers for hard disks and other mass-storage devices ensure that the read head is never parked over confidential data longer than necessary. Inventors: Anderson; Ross J. (10 Water End, Wrestlingworth, Sandy, Bedfordshire, GB SG29 2HA); Kuhn; Markus Guenther (Schlehenweg 9, Uttenreuth, DE D-91080) Appl. No.: 238560 Filed: January 28, 1999 Current U.S. Class: 380/252; 380/268; 380/210; 380/54 Intern'l Class: H04L 009/00 Field of Search: 380/205,210,268,287,22,1,252,54 713/190,189 References Cited [Referenced By] U.S. Patent Documents 3770269 Nov., 1973 Elder 463/18. 4203102 May., 1980 Hydes 345/467. 4695904 Sep., 1987 Shinyagaito et al. 5379343 Jan., 1995 Grube et al. 5530390 Jun., 1996 Russell 327/164. 5726538 Mar., 1998 Jackson et al. 315/370. 5894517 Apr., 1999 Hutchison et al. 380/268. Other References van Eck, Electromagnetic Radiation for Video Display Units: An Eavesdropping Risk? Computers and Technology 4 (1985) 269-286. Primary Examiner: Barron; Gilberto Assistant Examiner: Gurshman; G Claims What is claimed is: 1. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emissions generated by that system, in which the display is altered using character fonts that compose each displayed graphic character using more than two pixel amplitudes in order to reduce the electromagnetic emissions in video-signal frequencies that are radiated or conducted to potential eavesdropper receiver positions particularly well. 2. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emissions generated by said video-display system comprising: generating several character fonts consisting of pixel images of glyphs; each of said fonts providing a glyph image for each graphic character of a supported character set, said character set being common across all generated fonts; each of said glyph images differing slightly in style, size, position and quantization noise from glyph images that represent the same character in the other generated fonts responsive to monitored emission measurements and subject to a trade-off that keeps the differences in visual appearance at a minimum and that maximizes the differences in electromagnetic emissions in video-signal frequencies that are radiated or conducted to a potential eavesdropper receiver, and a mechanism to alter said video display by randomly choosing among said fonts for each newly displayed instance of a character. 3. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emission generated by said video-display system comprising: generating character fonts consisting of grey-level pixel images of glyphs; filtering said generated character fonts in a horizontal direction responsive to monitored emission measurements and a signal-energy to display-quality trade-off, and altering said video display by using character fonts that compose displayed characters using more than two pixel amplitudes for reducing the electromagnetic emissions in video-signal frequencies that are radiated or conducted to a potential eavesdropper receiver. Description TECHNICAL FIELD This invention is related to the protection of confidential computer data against eavesdroppers who try to reconstruct it from the electromagnetic emanations generated by computers. BACKGROUND OF THE INVENTION It has been known to military organizations since at least the early 1960s that computers generate electromagnetic radiation which not only interferes with radio reception, but which also makes information about the processed data available to a remote radio receiver (see for example Peter Wright: Spycatcher--The Candid Autobiography of a Senior Intelligence Officer. William Heinemann Australia, 1987, ISBN 0-85561-098-0). Known as compromising emanation or Tempest radiation, this electromagnetic broadcast of
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 22 Apr 2004, Major Variola (ret) wrote: However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. Or not - if you weren't who they thought and there really was nothing more than the gay porn. If you give them a believable but fake one, it will damage innocents or true members of your association. Innocents could be a good cannon fodder that can bring a lot of backslash and alienation aganst the goons, stripping them from public support. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. You are one of the few who are familiar with it. Are there any decent implementations for Linux/BSD/NT? Some time ago I was looking around for something (not necessarily stego, standard single-layer encrypted filesystem would be enough) for removable media, and would like to share them between machines running several operation systems. Didn't manage to find anything usable. The requirements are security, stability, and portability (at least read-only) between platforms. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. There are magnesium rods on the camping market, sold as firestarters for very bad weather. Very high temperature of burning, with proper mechanical configuration (card strapped between two such rods?) could be enough to melt the chip. Maybe could be used together with some kind of break-and-shake chemical ignition even for eg. the USB drives. Their casings typically have considerable amount of space (few mm, enough for a Mg strip) over the chip that carries the data themselves. Which reminds me there are toilets designed for burning the waste using propane burners or electrical heating elements. Could be possible to use them as a basis for the ultimate document shredder, if combined together with a standard lower-security one, within $2000 total.