On 9/30/13 11:07 PM, Jerry Leichter wrote: > On Sep 30, 2013, at 4:16 AM, ianG <i...@iang.org> wrote:
>> But it still doesn't quite work. It seems antithetical to NSA's obsession >> with security at Suite A levels, if they are worried about the gear being >> snatched, they shouldn't have secret algorithms in them at all. > This reminds me of the signature line someone used for years: A boat in a > harbor is safe, but that's not what boats are for. In some cases you need to > communicate securely with someone who's "in harm's way", so any security > device you give him is also "in harm's way". This is hardly a new problem. > Back in WW I, code books on ships had lead covers and anyone who had access > to them had an obligation to see they were tossed overboard if the ship was > about to fall into enemy hands. Attackers tried very hard to get to the code > book before it could be tossed. > > Embassies need to be able to communicate at very high levels of security. > They are normally considered quite secure, but quiet attacks against them do > occur. (There are some interesting stories of such things in Peter Wright's > Spycatcher, which tells the story of his career in MI5. If you haven't read > it - get a copy right now.) And of course people always look at the seizure > of the US embassy in Iran. I don't know if any crypto equipment was > compromised, but it has been reported that the Iranians were able, by dint of > a huge amount of manual labor, to piece back together shredded documents. > (This lead to an upgrade of shredders not just by the State Department but in > the market at large, which came to demand cross-cut shredders, which cut the > paper into longitudinal strips, but then cut across the strips to produce > pieces no more than an inch or so long. Those probably could be re-assembled > using computerized techniques - originally developed to re-assemble old parc hm > ents like the Dead Sea Scrolls.) Just to close the circle on this: The Iranians used hundreds of carpet weavers (mostly women) to reconstruct a good portion of the shredded documents which they published (and I think continue to publish) eventually reaching 77 volumes of printed material in a series wonderfully named "Documents from the U.S. Espionage Den." They did a remarkably good job, considering: http://upload.wikimedia.org/wikipedia/commons/6/68/Espionage_den03_14.png You can see a bunch of the covers via Google Books here: http://books.google.com/books?q=editions:LCCN84193484 You could peruse the entire collection in a private (but not secret) library of which I was once a member (outside the United States of course) and I seem to remember that a London library had a good number of the books too, despite the fact that the material was still classified at the time (and I think still is?) Perhaps it would be amusing to write to the old publisher and see if one can still order the entire set: Center for the Publication of the U.S. Espionage Den's Documents P.O. Box 15815-3489 Teheran Islamic Republic of Iran Then again, you might find yourself unable to get on international flights for a time after such a request, who knows. On your speculation about crosscut shredding, you're right on the money. DARPA ran a "de-shredding challenge" in 2011. A team from San Fran ("All Your Shreds Are Belong To U.S.") won by substantially reconstructing 5 of 7 "puzzles." DARPA has since yanked the content there (or it has merely succumbed to bitrot/linkrot) but I recall it being impressive. The amount reconstructed from very high security cross-shred was eye-opening. Ah, found a mirror (on a site selling shredding services, of course): http://www.datastorageinc.com/blog/?Tag=shredding Lesson 1: Don't use line-ruled paper. Ever. Lesson 2: Burn or pulp after you shred. One imagines that substantial progress on the problem has been made since the contest. Ah, I see in writing this that there's a Wikipedia article on it too: http://en.wikipedia.org/wiki/DARPA_Shredder_Challenge_2011 Which, in turn, lists the DARPA archive: http://archive.darpa.mil/shredderchallenge/ As you might imagine, the events of 1979 caused quite a stir when it came to the security of Department of State facilities. What might surprise you, however, would be to learn that most of this work was done on improving "time to destruction" of classified material, and the means to buy that time (read: Marines) for duty officers (read: intelligence officers), and not actually improving security for diplomatic staff. Those jarheads aren't for you folks, they are for the Classified. -uni _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography