Venona not all decrypted?
-BEGIN PGP SIGNED MESSAGE- I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Cheers, RAH -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ0GSo8UCGwxmWcHhAQEPmQf9H03En5RvvUKqjtjHGvhSnUvPx5sUk2OV FCqYs/3hLv2NxWeK63/zxwOv2cyQ4H0XRCi3+rV1NCcScecLSYYudQ+64ZqMFXju ywPzSVUcZwPFYeYiz2ddpUTdadWCLexeKvhjN2hlFs4jUbEsguzjbOHC22yWUo2k IeC5+E4TM2sKEz22KKpPtGPFuZENoTgHGoRvQRgFRaR6wTjeOgs0dIBNOXf7VXVQ hrzCBmompgO25qRKDKETF28b2vtaVNeUeMUyPKAwyd0ivqqg4DX2YAqanOdmyOfe JzsbFW6I43jxvT+jcxOI3AlOu+KujXSUAu1OxXUTVfXvRsjF7oDTWw== =1U1P -END PGP SIGNATURE- -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On Tue, 4 Oct 2005, Steve Furlong wrote: On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. Don't do it! That acts as an antenna and only increases the damage! -- Invoking the supernatural can explain anything, and hence explains nothing. - University of Utah bioengineering professor Gregory Clark
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) compile your own client and examine sources if you have this particular brand of paranoia(I do) change to an OS which makes this easy ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Troll Mode off: :) Tyler Durden wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) .. BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. -- There are no bad teachers, only defective children.
Re: Venona not all decrypted?
At 16:20 2005-10-03 -0400, R.A. Hettinga wrote: I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Here's my understanding of how Venona worked, and why budget would be a problem. I could be completely off base, though. The OTPs were only very occasionally misused, by being used more than once. So the breaks occurred when two separate messages, or possibly fragments of messages, were combined in such a way as to cancel out the OTP, then the resulting running-key cipher was solved to yield the two messages. I don't think that the NSA had access to the pads themselves, except after having recovered the messages (and hence the pad for those messages). So there really isn't likelihood that that pad would be reused even more times. To detect that a pad has been reused, you basically have to line up two ciphertexts at the right places, combine them appropriately, and run a statistical test on the result to see if it shows significant bias. This is an O(n^2.m) problem, where n is the number of units to be tested (maybe whole messages, maybe pages of OTP, maybe at the character level? Who knows?) and m represents enough text to reliably detect a collision. There was a very large amount of intercepted data, and it's presumably all stored on tapes somewhere, so that n^2 factor probably involves actually mounting tapes and stuff. But in a way, you're right; it should, with today's technology, be possible to just read all the tapes once onto a big RAID, and set the cluster to work for a year or two. Greg. Greg RoseINTERNET: [EMAIL PROTECTED] Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766 5775 Morehouse Drivehttp://people.qualcomm.com/ggr/ San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C