Re: [liberationtech] WC3 and DRM

On Wed, Jul 31, 2013 at 10:48:59PM -0700, Steve Weis wrote: > I think what you're saying was true in the past, but the game is > changing with modern hardware. There have been advances in CPU > features that make it possible to reduce the trust perimeter to just > the CPU and TPM. If I trust those

Re: [liberationtech] Publishing material smuggled from bad countries

Hi Richard and Libtech, I am a journalist with WhoWhatWhy, a NYC-based nonprofit. Here is one of my articles for them in conjunction with which WikiLeaks published new Stratfor emails: http://whowhatwhy.com/2013/07/17/are-mexican-drug-lords-the-next-terrorist-targets-a-who-exclusive-series-part-i-

Re: [liberationtech] CJDNS hype

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Caleb, On 01/08/13 17:20, Caleb James DeLisle wrote: >> At this point, Alice knows that Carol is "real" in the sense that >> someone owns Carol's private key and uses it to respond to pings. >> But Alice has no way to determine whether Bob and Caro

[liberationtech] Post-doc Fellow Opportunities at the Citizen Lab

Hi Libtech, We pleased to announce two calls for post-doctoral fellows at the Citizen Lab at the Munk School od Global Affairs, University of Toronto. One for a 1 year term (starting October 1 2013) and one for a 6 month term (starting January 1 2014). For both positions we encourage applications

Re: [liberationtech] My design to implement PGP in commercial email system

*I don't see how this scheme would work with contextual based advertisements? Or maybe you are talking about a premium subscription service that does not rely on advertisements for revenue. (?)* >From OP, "The only downside of this approach is that email providers are not able to filter spam or pr

[liberationtech] Fwd: The EW Octagon: A way to test Cognitive EW

-- Forwarded message -- From: "Brock Sheets - AOC" Date: Aug 1, 2013 10:32 PM Subject: The EW Octagon: A way to test Cognitive EW To: Cc:

[liberationtech] LeastAuthority.com announces a Spy-Proof Storage Service

Dear people of liberationtech: I've read this list for a long time, and I've posted to it occasionally. I'm writing today to tell you about our press release from LeastAuthority.com. Here's the press release in HTML form: https://leastauthority.com/press_release_2013_07_30 Here is the text of it

Re: [liberationtech] Publishing material smuggled from bad countries

..on Thu, Aug 01, 2013 at 04:17:25PM -0400, Richard Brooks wrote: > Got a message from one of my contacts who wants to try > to publish information he finds important. He is from > a country ranked by Freedom House as not free. > > I'm a techie and not a reporter. Any idea as to who > might be int

[liberationtech] Publishing material smuggled from bad countries

Got a message from one of my contacts who wants to try to publish information he finds important. He is from a country ranked by Freedom House as not free. I'm a techie and not a reporter. Any idea as to who might be interested (I could contact)? The general region is Sub-Saharan Africa. -- Liber

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

On Thu, Aug 01, 2013 at 05:22:48PM +0200, Alexander Kjeldaas wrote: > On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson wrote: > > On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: > > > Since a OTP depends critically on never using the same pad to encrypt > > > multiple plaintexts, it co

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

Comments inline... On Thu, Aug 1, 2013 at 7:58 AM, Andy Isaacson wrote: >> Then someone may force you to exhaust your >> pad bits by corrupting or dropping messages in transit. > > An attacker with control of your wire can deny you service. News at 11! > What cryptosystem does not have this prop

Re: [liberationtech] NSA Xkeyscore VPN reference question

On Thu Aug 1 12:26:59 2013, Julian Oliver wrote: > > It looks very bogus to me precisely because it's so general, like aspects of > some other slides. Perhaps the slide is a "where we want to be in 5 years" > rather than "what we can do now". > > Perhaps the slide is from a pitch for more fundi

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson wrote: > On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: > > Since a OTP depends critically on never using the same pad to encrypt > > multiple plaintexts, it conversely also depends on the same pad only > > decrypting a single cipherte

[liberationtech] Rural Mesh Network Design Using MPs and NS2s

From: Later this year I will be travelling to Nepal to implement a mesh network and I am hoping that you might be able to give me a helping hand. My network will provide 14 schools with internet access and VOIP. I intend to use 3 NS2's for the basestation with a single MP or NS2 mounted at eac

Re: [liberationtech] NSA Xkeyscore VPN reference question

..on Wed, Jul 31, 2013 at 06:29:32PM -0400, h0ost wrote: > The pdf Xkeyscore document listed on the Guardian website ( > http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data > ) makes a reference on how the NSA can potentially decrypt VPN traffic > and user data. > > Is

Re: [liberationtech] NSA Xkeyscore VPN reference question

Well, we know MS CHAPv2 is totally broken... and people are probably still using it -- Tony Arcieri -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/lib

Re: [liberationtech] CJDNS hype

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael, I'm trying to keep liberationtech in the loop here, if you want to talk privately just let me know. On 08/01/2013 09:34 AM, Michael Rogers wrote: > Hi Caleb, > > Thanks a lot for the answers! Responses are inline below... > > On 25/07/1

[liberationtech] NSA Xkeyscore VPN reference question

The pdf Xkeyscore document listed on the Guardian website ( http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data ) makes a reference on how the NSA can potentially decrypt VPN traffic and user data. Is there a sense on what this could mean? Are they talking about PPTP-b

Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download

Werner Koch: > On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: > >> verification is the least secure method, to the download page? >> (You can see the design here: [3]) >> >> A: 1 in ~11 users. > > Actually [3] is the same URL as [1]. Sorry about that. [1]: www.webcitation.org/6IWk5h4E9

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: > Since a OTP depends critically on never using the same pad to encrypt > multiple plaintexts, it conversely also depends on the same pad only > decrypting a single ciphertext. If a onetime implementation implements > a decryption orac

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

On Wed, Jul 31, 2013 at 02:29:20PM -0700, Steve Weis wrote: > I don't really see a practical use case for one-time pads. You have to > assume that you can securely deliver the pad to someone in advance of > any other communications. This is the key management problem. If I want to secure a 10MB/d

Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.

On Wed, Jul 31, 2013 at 12:08:32PM -0500, Karl Fogel wrote: > interests of code simplicity, I didn't implement that, as I didn't see a > practical attack here. I still don't, but am definitely open to being > corrected about that! It's just hard for me to see an attack that > doesn't rely on havi

[liberationtech] // KillPacket: Android implementation, reference code //

Hi list, I've put together a reference Android application, following up from the earlier thread 25/02 "The 'Kill Packet' - feedback wanted". //--> KillPacket v0.1 Android tool and server side code. Proposal and refere

Re: [liberationtech] FreedomHack hackathon in DC to build tools for citizen reporters in Mexico

I'm not the organizer of this event, but I am sure it will go beyond DC-based events. I believe this is the CommunityRED kick off event and it is in DC because the founder, Shauna Dillavou, is here and she is partnering with some other DC orgs. I've let her know about libtech and hopefully she will

Re: [liberationtech] PassLok updated based on feedback from LiberationTech

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Francisco, On 30/07/13 23:09, Francisco Ruiz wrote: > 4. A revamped Key strength meter, which won't give a perfect score > until the user has appended his/her email to the Key. This is to > combat a powerful attacker (like the NSA) who might be abl

Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download

Quoth Werner Koch: > On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: > > > verification is the least secure method, to the download page? (You can > > see the design here: [3]) > > > > A: 1 in ~11 users. > > Actually [3] is the same URL as [1]. 3 should be this: [3]: http://www.webcitatio

Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download

On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: > verification is the least secure method, to the download page? (You can > see the design here: [3]) > > A: 1 in ~11 users. Actually [3] is the same URL as [1]. > standards. However, while the number of downloads didn't decrease, the > numbe