Re: On what the NSA does with its tech

[Eugen Leitl]

On Wed, Aug 04, 2004 at 04:44:58PM -0400, Jack Lloyd wrote:

> If I did my unit conversions right, such a disk would be over 30,000 miles in

Drexler's estimate for computers are coservative (purely mechanical rod
logic).

SWNT-based reversible logic (in spintronics? even utilizing nontrivial
amounts of entangled electron spins in solid state qubits for specific
codes?) could do a lot better.

So today's secrets perhaps won't be in a few decades. What else is new?
Rather, who's passphrase has 128 bits of pure entropy? Certainly not mine.
So the weakest link is elsewhere.

> diameter. So we'll probably get some advance notice - "Hey, what's that big-ass
> thing orbiting around the Moon?"

By that time the question is rather "do you think that's air you're
breathing?" 

Check out some of the stuff on http://moleculardevices.org/
you might get a surprise.

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp9Ajhh6BqCE.pgp
Description: PGP signature

Re: On what the NSA does with its tech

[Jack Lloyd]

On Wed, Aug 04, 2004 at 11:04:15AM -0700, "Hal Finney" wrote:

[...] 
> The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts.
> Now, that's a lot.  It's four times what the earth receives from the sun.
> So we have to build a disk four times the area (not volume) of the earth,
> collect that power and funnel it to our computers.  Probably we would
> scatter the computers throughout the disk, which would be mostly composed
> of solar collectors.  (Keeping the disk gravitationally stable is left
> as an exercise for the student, as is the tradeoff involved in making
> it smaller but moving it closer to the sun.)

If I did my unit conversions right, such a disk would be over 30,000 miles in
diameter. So we'll probably get some advance notice - "Hey, what's that big-ass
thing orbiting around the Moon?"

-Jack

Re: On what the NSA does with its tech

["Hal Finney"]

MV writes:
> Yes.  They can't break a 128 bit key.  That's obvious.  ("if all the
> atoms in the
> universe were computers..." goes the argument).

Not necessarily, if nanotechnology works.  128 bits is big but not
that big.

Eric Drexler, in Nanosystems, section 12.9, predicts that a nanotech
based CPU fitting in a 400 nm cube could run at 1000 MIPS and consume
60 nanowatts, performing 10^16 instructions per second per watt.

Let's design a system to break a 128 bit cipher.  Let's suppose it has
to do 2^10 instructions per test, so this is 2^138 instructions total,
or about 10^41.  Let's let it run for four months, which is 10^7 seconds,
so our necessary processing rate is 10^34 instructions per second.

This means we need 10^34 IPS / 1000 MIPS or 10^25 of Drexler's gigahertz
cubes, call it 10^25 cubic microns or 10^7 cubic meters, a cube about
220 meters on a side.

The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts.
Now, that's a lot.  It's four times what the earth receives from the sun.
So we have to build a disk four times the area (not volume) of the earth,
collect that power and funnel it to our computers.  Probably we would
scatter the computers throughout the disk, which would be mostly composed
of solar collectors.  (Keeping the disk gravitationally stable is left
as an exercise for the student, as is the tradeoff involved in making
it smaller but moving it closer to the sun.)

Fortunately, exhaustive key search is perfectly parallelizable so there
is no need for complex communications or synchronizations between the
processors.

As you can see, breaking 128 bit keys is certainly not a task which is
so impossible that it would fail even if every atom were a computer.
If we really needed to do it, it's not outside the realm of possibility
that it could be accomplished within 50 years, using nanotech and robotics
to move and reassemble asteroids into the necessary disk.

Now, 256 bit keys really are impossible, unless the whole contraption
above can be made to operate as an enormous, unified quantum computer,
in which case it could theoretically break even 256 bit keys.

512 bit keys... now those really are impossible.

Hal

Data-Driven Attacks Using HTTP Tunneling

[Poindexter]

http://www.securityfocus.com/infocus/1793

As more traffic across the Internet is coming under scrutiny and network 
administrators are making efforts to limit the traffic in and out of their networks, 
the one port that no one is willing to block en-masse is port 80. Users (and 
administrators) browse the web constantly, whether it is for work purposes or not. The 
lifeblood of a company's existence on the Internet requires a web presence in one 
fashion or another and this requires a web server, whether it is hosted by a service 
provider or located on a company's network. With every new worm, bug, or vulnerability 
found in IIS and Apache servers, network and secop administrators are trying to lock 
down these systems further at the router or firewall. To identify attacks many are 
turning to IDS and IPS.

In this article we will look at a means to bypass the access control restrictions of a 
company's router or firewall. This information is intended to provide help for those 
who are legitimately testing the security of a network (whether they are in-house 
expertise or outside consultants). This article, by no means, condones the use of this 
information for the purpose of unauthorized access to a network or a system. Finally, 
this article will provide some pointers on how to defend against this attack.

Welcome to 1984 - almost.

[Sunder]

This speaks volumes as to where intentions lie.


http://scoop.agonist.org/story/2004/8/3/84635/46365

 Justice Department attempting to remove public documents from libraries

American Library Association
July 30, 2004

CHICAGO -- The following statement has been issued by President-Elect 
Michael Gorman, representing President Carol Brey-Casiano, who is 
currently in Guatemala representing the Association:

By Anonymous in USA: Liberty Watch on Tue Aug 3rd, 2004 at 08:46:35 AM PDT
Last week, the American Library Association learned that the Department of 
Justice asked the Government Printing Office Superintendent of Documents 
to instruct depository libraries to destroy five publications the 
Department has deemed not "appropriate for external use." The Department 
of Justice has called for these five public documents, two of which are 
texts of federal statutes, to be removed from depository libraries and 
destroyed, making their content available only to those with access to a 
law office or law library.

The topics addressed in the named documents include information on how 
citizens can retrieve items that may have been confiscated by the 
government during an investigation. The documents to be removed and 
destroyed include: Civil and Criminal Forfeiture Procedure; Select 
Criminal Forfeiture Forms; Select Federal Asset Forfeiture Statutes; Asset 
forfeiture and money laundering resource directory; and Civil Asset 
Forfeiture Reform Act of 2000 (CAFRA).

ALA has submitted a Freedom of Information Act (FOIA) request for the 
withdrawn materials in order to obtain an official response from the 
Department of Justice regarding this unusual action, and why the 
Department has requested that documents that have been available to the 
public for as long as four years be removed from depository library 
collections. ALA is committed to ensuring that public documents remain 
available to the public and will do its best to bring about a satisfactory 
resolution of this matter.

Librarians should note that, according to policy 72, written authorization 
from the Superintendent of Documents is required to remove any documents. 
To this date no such written authorization in hard copy has been issued.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

IRS may use First Data info for help in finding tax evaders

[R. A. Hettinga]

The Denver Post



IRS may use First Data info for help in finding tax evaders
 By Andy Vuong
 Denver Post Staff Writer


 Wednesday, August 04, 2004 -

 A federal judge has granted the Internal Revenue Service the right to seek
information from First Data Corp. about certain credit-card transactions
the company has processed.

 The IRS wants the information as part of its crackdown on tax evaders.

 Specifically, the IRS wants information about holders of American Express,
Visa and MasterCard credit cards that were issued by or on behalf of
certain offshore financial institutions.

 The government listed more than 30 offshore jurisdictions, including
Aruba, the Bahamas, Bermuda, the Cayman Islands, Hong Kong, Singapore and
Switzerland.

 The IRS said in a court filing that it believes those account holders "may
fail, or may have failed, to comply with internal revenue laws."

 The IRS is targeting people who held such accounts between Dec. 31, 1999,
and Dec. 31, 2003.

 The government is seeking the names of the account holders, their
credit-card statements, their credit limit and information on when they
opened their accounts.

 "We haven't seen the order, but we always comply with the law," said First
Data spokeswoman Staci Busby.

 She declined to comment further about the order by U.S. District Judge
Phillip Figa, which was made Monday.

 In 2003, Greenwood Village-based First Data processed 12.2 billion payment
transactions, Busby said.

 Judges have granted so-called "John Doe" summons in five similar
situations, the IRS said in court documents.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Anonymizer outsourcing customer data?

[Anonymous via the Cypherpunks Tonga Remailer]

On Mon, 2 Aug 2004, J.A. Terranson wrote:

> Yes, this bugs me.  But the person they outsourced it *to* scares me even
> more!

They claim they have over 1 million users. Is a class action suit in 
order? Their privacy policy clearly states 

"We consider your email address to be confidential information. We will 
never rent, sell, or otherwise reveal it to any other party without prior 
consent, except under the conditions set forth in the User Agreement for 
spamming and related abuses of netiquette, or unless we are compelled to 
do so by court order."

RE: On how the NSA can be generations ahead

[Sunder]

Some interesting URL's on how this can be technologically achieved.  These 
are just from various news sources, nothing indicating one way or another 
that the boys in Ft. Meade are using any of this stuff - though DARPA is 
mentioned in the first link. :)

http://news.com.com/Sun+chips+away+at+wireless+chip+connections/2100-1006_3-5291289.html

http://www.uwtv.org/programs/displayevent.asp?rid=1844

So this gets around some of the limits of chip to chip interconnects, etc.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Re: IRS may use First Data info for help in finding tax evaders

[Gabriel Rocha]

On Aug 04 2004, R. A. Hettinga wrote:
|  The IRS said in a court filing that it believes those account holders "may
| fail, or may have failed, to comply with internal revenue laws."

Standards of proof are going way down when "may have..." is enough to
get a court order... 

Re: Al Qaeda crypto reportedly fails the test

[Major Variola (ret)]

At 10:18 PM 8/3/04 +0100, Ian Grigg wrote:

> http://www.thesmokinggun.com/archive/jihad13chap3.html

>[Moderator's Note: One wonders if the document on the "Smoking Gun"
>website is even remotely real. It is amazingly amateurish -- the sort
>of code practices that were obsolete before the Second World War.
--Perry]
> Perry M.
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]

I work(ed) for a major kiretsu soon bringing crypto to public
scanner/printer/copier
to your airport or hotel.  When I suggested that the paper that folks
write
strong passphrases on be backed by glass or metal instead of a pad of
paper,
they laughed.

One form of "crypto" I was forced to manufacture was obviously
succeptible to replay attacks if you merely leased the same model
scanner/printer/copier for a week and had a pringles' can during
transmission.  Or rev-eng the driver.
Convenience trumps security once again.

Not surprising the dinosaurs largely died out, the more I see of them.

Today I pointed out that their 802.11 blah gizmo was inside a Faraday
cage ie a locked sheet metal cabinet.  No wonder their wifi didn't work,

eh?

Not making this up...