[liberationtech] How to remain secure against NSA surveillance
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance How to remain secure against NSA surveillance The NSA has huge capabilities – and if it wants in to your computer, it's in. With that in mind, here are five ways to stay safe Bruce Schneier theguardian.com, Thursday 5 September 2013 20.06 BST A patron works on his laptop during the Tech Crunch Disrupt conference in San Francisco, California, September 11. 'Trust the math. Encryption is your friend. That's how you can remain secure even in the face of the NSA.' Photograph: Beck Diefenbach/Reuters Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves. For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn't part of today's story – it was in process well before I showed up – but everything I read confirms what the Guardian is reporting. At this point, I feel I can provide some advice for keeping secure against such an adversary. The primary way the NSA eavesdrops on internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly. Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other partners around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn't have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on. That's an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. Interesting can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis. The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence. The Systems Intelligence Directorate is in charge of data collection, and the resources it devotes to this is staggering. I read status report after status report about these programs, discussing capabilities, operational details, planned upgrades, and so on. Each individual problem – recovering electronic signals from fiber, keeping up with the terabyte streams as they go by, filtering out the interesting stuff – has its own group dedicated to solving it. Its reach is global. The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability. The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you're running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won't detect them, and you'd have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period. The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there's a lot of bad cryptography out there. If it finds an internet connection protected by MS-CHAP, for example, that's easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world. As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories
Re: [liberationtech] NYTimes and Guardian on NSA
On 05/09/13 21:10, Richard Brooks wrote: There is a massive difference between cryptanalysis and decade-long, well-funded, and top-secret program to subtly weaken international cryptographic protocols and sabotage industry implementations. Their job is to collect information for the military. That their work is top-secret should be obvious. That they try to weaken the crypto not used by the military and US gov. should also be taken as a given. You missed his point. subtly weaken international cryptographic protocols and sabotage industry implementations would be like selling vehicles / buildings / food with a secret back-channel to the US government to hijack / self-destruct / poison the eventual consumer, during peacetime, and to allies. The NSA does not have a mission to do anything it wants, and you have a fundamental misunderstanding of the world, and ethics, if you think that it does, or that it should. I'm not necessarily in favor of the NSA doing this, I just find some of the shocked outrage silly. It should be obvious that the cryptanalysis people work at breaking codes. (Spying on domestic communications, on the other hand, used to be strictly forbidden for good reasons. Among other things, you do not want intelligence and counter-intelligence to be friends.) (Keeping long-term records of domestic communications, is another thing that you do not want the intelligence service doing. Their are too many temptations for abuse.) -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] The US government has betrayed the Internet. We need to take it back
- Forwarded message from John S. Quarterman jsqna...@quarterman.com - Date: Fri, 06 Sep 2013 06:47:26 -0400 From: John S. Quarterman jsqna...@quarterman.com To: s...@circlenet.us, John S. Quarterman j...@quarterman.com, na...@nanog.org Subject: Re: The US government has betrayed the Internet. We need to take it back On 2013-09-06 05:57, Roland Dobbins wrote: There are no purely technical solutions to social ills. Schneier of all people should know this. Schneier does know this, and explicitly said this. -jsq http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations. Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country. Generations from now, when people look back on these early decades of the internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose. Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground. Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy. To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Eccentric Authentication again
Hello all, I've written two new blog entries on eccentric authentication. The protocol that uses client certificates and a local CA to distribute public keys between strangers in a secure way. I hunbly believe it is the most user friendly way to do cryptography correctly. End users don't see the crypto at all. Please read in this order: http://eccentric-authentication.org/blog/2013/08/31/the-holy-grail-of-cryptography.html http://eccentric-authentication.org/blog/2013/09/05/a-subversive-idea.html I'd love to hear comments, remarks, improvements. Feel free to play with the demo. Regards, Guido. PS, it needs Tor or others to protect against traffic analysis. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals
Apologies if you are receiving this mail more than once... Please disseminate by friends, colleagues, researchers, students, etc. Thanks a lot! ** WorldCIST'14 The 2014 World Conference on Information Systems and Technologies April 15 - 18, Madeira Island, Portugal http://www.aisti.eu/worldcist14/ ** The 2014 World Conference on Information Systems and Technologies (WorldCIST'14: http://www.aisti.eu/worldcist14) is a global forum for researchers and practitioners to present and discuss the most recent innovations, trends, results, experiences and concerns in the several perspectives of Information Systems and Technologies. We are pleased to invite you to submit your papers to WorldCISTI'14. All submissions will be reviewed on the basis of relevance, originality, importance and clarity. THEMES Submitted papers should be related with one or more of the main themes proposed for the Conference: A) Information and Knowledge Management (IKM); B) Organizational Models and Information Systems (OMIS); C) Intelligent and Decision Support Systems (IDSS); D) Software Systems, Architectures, Applications and Tools (SSAAT); E) Computer Networks, Mobility and Pervasive Systems (CNMPS); F) Human-Computer Interaction (HCI); G) Health Informatics (HIS); H) Information Technologies in Education (ITE). TYPES OF SUBMISSIONS AND DECISIONS Four types of papers can be submitted: Full paper: Finished or consolidated RD works, to be included in one of the Conference themes. These papers are assigned a 10-page limit. Short paper: Ongoing works with relevant preliminary results, open to discussion. These papers are assigned a 7-page limit. Poster paper: Initial work with relevant ideas, open to discussion. These papers are assigned to a 4-page limit. Company paper: Companies' papers that show practical experience, R D, tools, etc., focused on some topics of the conference. These papers are assigned to a 4-page limit. Submitted papers must comply with the format of Advances in Intelligent Systems and Computing Series (see Instructions for Authors at Springer Website or download a DOC example) be written in English, must not have been published before, not be under review for any other conference or publication and not include any information leading to the authors identification. Therefore, the authors names, affiliations and bibliographic references should not be included in the version for evaluation by the Program Committee. This information should only be included in the camera-ready version, saved in Word or Latex format and also in PDF format. These files must be accompanied by the Consent to Publication form filled out, in a ZIP file, and uploaded at the conference management system. All papers will be subjected to a double-blind review by at least two members of the Program Committee. Based on Program Committee evaluation, a paper can be rejected or accepted by the Conference Chairs. In the later case, it can be accepted as the type originally submitted or as another type. Thus, full papers can be accepted as short papers or poster papers only. Similarly, short papers can be accepted as poster papers only. In these cases, the authors will be allowed to maintain the original number of pages in the camera-ready version. The authors of accepted poster papers must also build and print a poster to be exhibited during the Conference. This poster must follow an A1 or A2 vertical format. The Conference includes Work Sessions where these posters are presented and orally discussed, with a 5 minute limit per poster. The authors of accepted full papers will have 15 minutes to present their work in a Conference Work Session; approximately 5 minutes of discussion will follow each presentation. The authors of accepted short papers and company papers will have 11 minutes to present their work in a Conference Work Session; approximately 4 minutes of discussion will follow each presentation. PUBLICATION AND INDEXING To ensure that a full paper, short paper, poster paper or company paper is published in the Proceedings, at least one of the authors must be fully registered by the 24th of January 2014, and the paper must comply with the suggested layout and page-limit. Additionally, all recommended changes must be addressed by the authors before they submit the camera-ready version. No more than one paper per registration will be published in the Conference Proceedings. An extra fee must be paid for publication of additional papers, with a maximum of one additional paper per registration. Full and short papers will be published in Proceedings by Springer, in Advances in Intelligent Systems and Computing Series. Poster and company papers will be
Re: [liberationtech] NYTimes and Guardian on NSA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/09/13 21:10, Richard Brooks wrote: There is a massive difference between cryptanalysis and decade-long, well-funded, and top-secret program to subtly weaken international cryptographic protocols and sabotage industry implementations. Their job is to collect information for the military. That their work is top-secret should be obvious. That they try to weaken the crypto not used by the military and US gov. should also be taken as a given. They have two jobs: to monitor foreign communication, and to secure domestic communication against foreign monitoring. http://www.nsa.gov/about/mission/ The argument for trusting NSA/NIST crypto standards has historically been that weak crypto would make the first job easier but the second job harder. We now have to re-examine that argument and ask whether the NSA has been gambling with the security of US commercial, government and military data (up to top secret level - the highest level that relies on NSA/NIST-published standards) in order to further its surveillance mission. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSKemfAAoJEBEET9GfxSfMEOIH/0UEKnJkh+nL2gC2hNRp+N8S hrQeBqLL5oBy2zBbgunXVTlTBA/3YFAmbqdXwnTlGeO9Oypns0cxap3P8bzBKxVr V0jAWpe8edzZ47RyaKEI25op7K8pJnRHKPBgVIoUk8x0j6QkqJ+yV/C59in3u2e1 DPSJvddH408yo57qge90zh55OLM/FQKFnRM3U2fUnOAQrWkYkRqAsDDfh1XPYwaY G0Lyuv/NRuJDoUgqIl8IXuB4ZBNxth72u0iSvoSD1q7npVU/vzkLttEwtb/4fSxc J/wzGayX+9+zti3VrqGuW9HA7ya6ZYln7TN7ZYXU4CHLz4RuOlkUD9ac5xJzUl4= =cPKX -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals
This is a fraudulent/fake conference being promoted via spam. I recommend permanently blacklisting the sender. ---rsk -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Iranian users vs. FB new policy
It was helpful :) Thanks, A On 5 September 2013 06:26, Jillian C. York jilliancy...@gmail.com wrote: Individuals on the SDN list can be searched here: http://sdnsearch.ofac.treas.gov/default.aspx On Tue, Sep 3, 2013 at 11:45 AM, Amin Sabeti aminsab...@gmail.comwrote: Then can we say FB can block the Iran's Supreme Leader page or the Rouhani one? Sent from my iPhone On 3 Sep 2013, at 18:50, Collin Anderson col...@averysmallbird.com wrote: No, this is clearly covered by General License D for Iran and the 'personal communications' exemptions in other sanctions regimes -- it's a nice find, but I suspect it targets individuals designated under the SDN list. On Tue, Sep 3, 2013 at 12:55 PM, Amin Sabeti aminsab...@gmail.comwrote: Hi, I was reading the new FB policy and this part was interesting for me as an Iranian: *Special Provisions Applicable to Users Outside the United States.* We made clear that you are not allowed to use Facebook if you are prohibited from receiving products or services from the United States. Regarding this article, Facebook can block and remove all users from Iran. Am I right? I think this article is a bit tricky. What do you think guys? Amin -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- *Note: *I am slowly extricating myself from Gmail. Please change your address books to: jilliancy...@riseup.net or jill...@eff.org. US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
Hello Shava, You wrote: ...the president essentially struck down posse comitatus in May, they won't know what you are talking about... I don't know what you are talking about either, but I am curious. Could you send a link or two. Thanks -- Matt Johnson On Thu, Sep 5, 2013 at 5:00 PM, Shava Nerad shav...@gmail.com wrote: Part of the tone is also adopted in order to wake the sleeping baby anti-intellectual giants either side of the pond. The smart magazines can publish smart crypto articles, but mass market newspapers have to bring their audiences along, even the Times and Guardian. Very few stories even bother to explain what the NSA does or what its function in government is, which actually rather stuns me, because I find that when I ask the general public that question I find that most of them don't know what the NSA does for the government. Most of them assume it works for the executive branch, but for the DOJ as part of the whole civilian/State/FBI sort of DHS bits, because those lines are so muddied. (And yes, I am conflating Justice and State on purpose there because it's been done in conversation with The (Wo)Man on the Street.). People don't know basic civics. At all. If you tell them they should be upset because the military is conducting domestic surveillance, they look at you like what? East Germany? you say. Stasi? you say. Blank looks. No history. Those who do not learn from history, etc. If you tell them that they should be upset because the president essentially struck down posse comitatus in May, they won't know what you are talking about, but if you say, Basically, if a local SWAT team decides they need backup in some kind of emergency situation and they can't get hold of the governor to call for National Guard? They can call a local military airbase for an airstrike if they want to. Then the people will decide you are cold stoned mad and a total tin hat. Sherman? you say. And if they're from the south, they might go off in a rant, but they still won't relate it to current affairs or do anything. But that is literally what the law says in the US now. That's a bit beyond elementary civics, but it's a bit beyond what the press is reporting on here too. Because the press doesn't really have much literacy in elementary civics or history either. They seem to be drawing mostly on marcom majors these days. This is what the attention economy has done to us. Our culture is a deep, nutrient rich ocean, full of wonders and cthonic monsters that can eat us. And we all surf. Nothing below the surf-ace is important anymore. Yay. SN On Sep 5, 2013 3:31 PM, Richard Brooks r...@acm.org wrote: Latest articles: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?emc=edit_na_20130905_r=0pagewanted=print http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security I find most of this (if not all) silly. They seem shocked that the NSA does cryptanalysis. It would be nice if the newspapers had people with some knowledge of the domain writing articles. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals
Done. Sender was indeed a spammer and has been removed from list and permanently blacklisted. On Fri, Sep 6, 2013 at 8:05 AM, Rich Kulawiec r...@gsp.org wrote: This is a fraudulent/fake conference being promoted via spam. I recommend permanently blacklisting the sender. ---rsk -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
On Fri, Sep 6, 2013 at 7:18 PM, Michael Rogers mich...@briarproject.org wrote: Yes, that anecdote often accompanied the argument that NSA wouldn't risk peddling weak crypto. Clearly the balance of priorities within the agency has shifted since DES. I don't see any evidence of said shift in priorities. NSA supported escrowed encryption in the 90's, and the alleged subversion of standards is most likely similar to escrowed encryption, but at the algorithmic level [1], where an adversary gaining access to key escrow requires computational / cryptanalysis effort that's equivalent to breaking the cryptosystem in question. [1] https://en.wikipedia.org/wiki/Dual_EC_DRBG -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommend consultant to discuss pen test?
On Fri, Sep 6, 2013 at 8:03 AM, Tom O winterfi...@gmail.com wrote: Posting a news article without context or response from Veracode is weak. That was just a reminder for a topic that has already been discussed on this list. My main intention was to provide an example (in the form of a post similar to yours) for Jonathan Wilkes' remark wrt. affected reputation. Chris Wysopal stated the static crypto checks were run to check if the API's were implemented correctly, not implementation of custom keygen. I am sure there are after-the-fact excuses. Since you didn't provide a reference, I assume that this specific excuse if not something worthy of attention. Veracode's report is here, if you are interested: https://blog.crypto.cat/wp-content/uploads/2013/02/Cryptocat_Attestation_Veracode_20130222_final.pdf Looking at the code is indeed not mentioned in the report, so it's all fine, I guess — just make sure something like that is in the next contract. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They have two jobs: to monitor foreign communication, and to secure domestic communication against foreign monitoring. http://www.nsa.gov/about/mission/ The argument for trusting NSA/NIST crypto standards has historically been that weak crypto would make the first job easier but the second job harder. We now have to re-examine that argument and ask whether the NSA has been gambling with the security of US commercial, government and military data (up to top secret level - the highest level that relies on NSA/NIST-published standards) in order to further its surveillance mission. That has always been an inherent conflict. It is, however, difficult to decouple the cryptography and cryptanalysis expertise. Interestingly, with the DES standard there were some changes introduced by NSA that were thought at the time to be backdoors, since they were never justified. Many years later, the community realized that these changes made some obscure attacks less likely. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIp7mMACgkQEwFPdUjsHjAkCACg6eajrd6sSr2Gz3aw0Q8dJQ2y fmoAoNHILC4gjgQV9tS4d/QRg1KupU3g =lr8i -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] getting past that first turtle
On 09/06/2013 12:26 PM, Maxim Kammerer wrote: On Sat, Aug 31, 2013 at 2:08 AM, Jonathan Wilkes jancs...@yahoo.com wrote: For example, if it turns out that Bitcoin has a backdoor in it, a lot of people (some on this list) would take a big reputation hit. That's most certainly not what would happen in that case. People will just find excuses — see e.g. people defending Veracode after it failed to detect basic incompetence in Cryptocat code. You're shifting the argument so that it suits what you want to say. The proper comparison with my imagined Bitcoin scenario in this case would be to Cryptocat and its dev, not Veracode. The core developer of Cryptocat as well as the software itself has most certainly taken a reputation hit. But I have no doubt that in my imagined scenario many companies who promote and market Bitcoin wouldn't take much of a reputation hit. Human affairs are a complex thing. -Jonathan The reason is that those who are most equipped to affect someone's reputation are also those most likely to have professional relationships with affected people / companies. The thread continued from [1] clearly illustrates that — there is no lack of people who can professionally criticize Veracode's failure, yet they carefully avoid that. Reputation might suffer, of course, but you would not be aware of that from laymen discussions. [1] https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009774.html -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Random number generation being influenced - rumors
On Fri, Sep 06, 2013 at 10:45:46AM -0700, Joe Szilagyi wrote: Does anyone put any stock into the rumors floating lately that the government may have influenced Intel and/or AMD into altering in subtle ways that CPUs handle random number generation? I keep seeing this possible FUD floating around in comments here and there on other articles. I agree with some of your premises, but disagree with the conclusion you seem to be drawing. Yes, it's just a fear of uncertainty. We do not have evidence, nor even a claim based on knowledge, that HWRNG backdooring has occurred. However, I claim that the fear is well founded and should be taken into account by all threat models. HWRNG is a nearly-uniquely difficult security problem to crack. By definition it is impossible to prove that a black-box HWRNG is safe. This is different from the security properties of a blackbox AES or MODMUL accelerator, which can be demonstrated to conform to a known specification. If your AES instructions don't do AES, then testing against a software implementation will show it! The AES logic unit will have a hard time leaking the AES keybits since there's nowhere nondeterministic to put them. etc. By contrast, a properly functioning HWRNG cannot be tested in a way that distinguishes it from the output of a stream cipher seeded with a backdoor key. And there's no way to test the behavior of HWRNG on an ongoing basis; even if you had a test to run, it might switch to stream cipher mode under the covers. This is not to say that RdRand is completely unusable. Putting RdRand entropy into a software pool implementation like /dev/urandom (or preferably, a higher-assurance multipool design like Fortuna) is a cheap way to prevent a putative backdoor from compromising your system state. Now, there is a way that we can learn that a backdoor was included; if someone does a tear-down of a HWRNG and finds circuitry that has no purpose other than being a backdoor, that would be conclusive. AFAIK nobody has tried that experiment. Weighing towards distrusting HWRNG we have the fact that NSA is reported (yesterday) to have intentionally backdoored Dual_EC_DRBG, and to have spent significant amounts of money to backdoor chip implementations, with enough success that they brag about it in administrative summaries. So, I put a lot of credence in distrusting HWRNG black box implementations. But unfortunately we need a lot more reliable entropy. A fully open source, nothing up my sleeve hardware entropy source would be a huge improvement. -andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommend consultant to discuss pen test?
I wasn't going to post the twitter stream relating to this. You can look it up. Veracode was questioned and Chris responded rather quickly. Most were fine with Veracodes response. **disclaimer - I have no affiliation with Veracode and have not used their services. I do know some members in their team though and have found them to be very competent operators. On Saturday, September 7, 2013, Maxim Kammerer wrote: On Fri, Sep 6, 2013 at 8:03 AM, Tom O winterfi...@gmail.comjavascript:; wrote: Posting a news article without context or response from Veracode is weak. That was just a reminder for a topic that has already been discussed on this list. My main intention was to provide an example (in the form of a post similar to yours) for Jonathan Wilkes' remark wrt. affected reputation. Chris Wysopal stated the static crypto checks were run to check if the API's were implemented correctly, not implementation of custom keygen. I am sure there are after-the-fact excuses. Since you didn't provide a reference, I assume that this specific excuse if not something worthy of attention. Veracode's report is here, if you are interested: https://blog.crypto.cat/wp-content/uploads/2013/02/Cryptocat_Attestation_Veracode_20130222_final.pdf Looking at the code is indeed not mentioned in the report, so it's all fine, I guess — just make sure something like that is in the next contract. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu javascript:;. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Random number generation being influenced - rumors
The NYT article doesn't explicitly say they've backdoored hardware RNGs, but it separately says they've backdoored hardware somehow and and are recovering keys somehow: By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by exploiting security flaws, according to the documents. [...] N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it. How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. Sure, the Key Recovery Service might sometimes involve hacking into companies’ computer servers. But, if they're in the business of inserting hardware backdoors, going after RNGs seems like one of the most obvious things to do because they could use those backdoors passively without risk of being caught. There is a lengthy ongoing discussion right now between Theodore Ts'o (maintainer of Linux's /dev/random) and David Johnston (designer of Intel's RDRAND) about using RDRAND directly vs mixing it into Linux's entropy pool: https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J Here are a few highlights: David Johnston: I've examined my own RNG with electron microscopes and picoprobes. So I and a number of test engineers know full well that the design hasn't been subverted. For security critical systems, having multiple entropy sources is a good defense against a single source being subverted. But if an Intel processor were to be subverted, there are better things to attack, like the microcode or memory protection or caches. [...] I understand that I'm in the privileged position of being able to understand and examine my own design, where most people cannot. What I would like is for people to stop presenting the straw-man argument that the government leant on someone, so they must have subverted my RNG design. I would like (and we've made this argument to the kernel developers) that there should be a policy option so people can choose to benefit from the hardware they paid for and choose to trust, or can decide to be more conservative and require the kernel to mix more sources. Theodore Ts'o: I never said that the NSA had definitely subverted your design. Just that it is prudent and responsible to acknowledge that they might have done so, and so we need to make sure the Linux kernel is robust against that kind of failure. And remember, the random driver is generic code. Even if Intel is clean, maybe AMD, TI, or Qualcomm were successfully leaned on by the US Government, and their chips are dirty. We don't know, and we can't know. As far as making it be an option to the user, I fail to see the benefit. If you can't trust the kernel because the attacker can read arbitrary kernel memory, you're doomed anyway. But unlike the proprietary intel chip, at least it's possible to audit the kernel to look for security breaches. [...] If I were the NSA, I'd much rather compromise RDRAND, and then try to convince people that it's safer and faster to just use the raw RDRAND when creating session keys for IPSEC and GPG and VPN's. You wouldn't need to get compromised code into the target machines, other getting out a meme out to developers that using the output of RDRAND directly as a session key was somehow best practice. Wouldn't that be much easier than introducing a vulnerability into the page table handling, especially if the goal is to do bulk data collection, dragnet-style? -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/09/13 19:25, Maxim Kammerer wrote: I don't see any evidence of said shift in priorities. NSA supported escrowed encryption in the 90's, and the alleged subversion of standards is most likely similar to escrowed encryption, but at the algorithmic level [1], where an adversary gaining access to key escrow requires computational / cryptanalysis effort that's equivalent to breaking the cryptosystem in question. [1] https://en.wikipedia.org/wiki/Dual_EC_DRBG Depends on what you mean by breaking the cryptosystem. Cracking all instances of the Dual EC DRBG takes equivalent effort to cracking a single instance of a backdoor-free elliptic curve cryptosystem. http://rump2007.cr.yp.to/15-shumow.pdf So the analogy with key escrow is a bit strained. With key escrow, the adversary has to crack every key individually, whereas with a backdoor the adversary only has to crack a single key to compromise all users. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSKlLAAAoJEBEET9GfxSfMr9cH/10ZDmMVU+izR62V3KgcKHOT dJ+HwF0gkJ0FxeBd2xVA47XHbU3Shnni23XdJhS9l7YPlQdSGt07nu3O1srYALYg a4vt/OCbkREov9F92OpAEsmkTFw0b2eE4+AwTjU5cJ6KnZ2zm7Fr312Z4m5D4SKQ h2YNNzXimFCQ4GtTZvelqd7gYfpY7P6TFZWVz5uPqLAaX444Fo8ZsH6u6F4vlJMa /gxDPjXS+5yPHHeYvsHjiiRBBcBYM4SfkmM2emuuOVOdmQOWmD4zRdHjXR82kYca ZXpZnzXcfqZ5uma5n4tYXuexs+hjt88KCZQ5uBxwE8JMCxn0uyszsWHuazzrf6k= =SzwW -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] getting past that first turtle
On Sat, Aug 31, 2013 at 2:08 AM, Jonathan Wilkes jancs...@yahoo.com wrote: For example, if it turns out that Bitcoin has a backdoor in it, a lot of people (some on this list) would take a big reputation hit. That's most certainly not what would happen in that case. People will just find excuses — see e.g. people defending Veracode after it failed to detect basic incompetence in Cryptocat code. The reason is that those who are most equipped to affect someone's reputation are also those most likely to have professional relationships with affected people / companies. The thread continued from [1] clearly illustrates that — there is no lack of people who can professionally criticize Veracode's failure, yet they carefully avoid that. Reputation might suffer, of course, but you would not be aware of that from laymen discussions. [1] https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009774.html -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] a free, unlimited, encrypted content sharing app
Dear members of the Liberation Technology, I contact you as the co-founder of ]ansamb[. ]ansamb[ is a Reunion Island (France) based startup that designed a massively distributed architecture for content sharing from computer to computer in a full encrypted, unlimited and free maner. The first product of ]ansamb[ is Places. Places is an open-source framework that runs on top of the ]ansamb[ architecture that lets users to create multiple virtual shared spaces named “places”. For TechCrunch Disrupt @SFO 2013 (this monday!), Places framework is first released (the alpha) with two applications for emailing and filesharing. Using Place by ]ansamb[, a user is able to share an message or its all hard drive with friends. All private, all secure, all free. With ]ansamb[ and from now on, filesharing is FREE, UNLIMITED and PRIVATE… as long as the user have a computer and an Internet connection. Please visit www.ansamb.com and particularly http://www.ansamb.com/about-us.html to have a deeper idea of our vision. A short video that describe Places by ]ansamb[ is available here : https://www.facebook.com/photo.php?v=1388783941351493l=342686668131697786 You can follow us on Twitter @PlacesByAnsamb and on Facebook at https://www.facebook.com/places.ansamb We will open the alpha test within the next days and hope you to join us to build the Internet we want to live in! Best regards The ]ansamb[ team -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] a free, unlimited, encrypted content sharing app
On Fri, Sep 06, 2013 at 08:59:26PM -0700, cont...@ansamb.com wrote: I contact you as the co-founder of ]ansamb[. ]ansamb[ is a Reunion Island (France) based startup that designed a massively distributed architecture for content sharing from computer to computer in a full encrypted, unlimited and free maner. The first product of ]ansamb[ is Places. Places is an open-source framework If it's open source, where is the source code? Using Place by ]ansamb[, a user is able to share an message or its all hard drive with friends. All private, all secure, all free. Also please provide design documents for how you plan to keep it private and secure. -andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] a free, unlimited, encrypted content sharing app
On 09/07/2013 12:51 AM, Andy Isaacson wrote: Also please provide design documents for how you plan to keep it private and secure. -andy Defining terms also helps a lot. Define encrypted -- what protocols are you using? Is Places based on established technology or new research? Do you offer perfect forward secrecy, and if so, how are you defining *that*? Why should people trust a cloud-based system rather than keeping files encrypted on a USB stick? Why should people trust *your* cloud-based system, rather than someone like Least Authority? If it's free, what's your business model? I like and use lots of closed-source software, and am totally okay with being pitched on new stuff. ~But~ a lot of these companies coming out seem to target an interesting market: people who know enough to be interested in security, but don't know enough about security that they overlook the total absence of details. This is a market that nearly every company targets, so I'm not trying to single Ansamb out, but in an arena that is so marked by bad providers, transparency is a serious asset. ~Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts are my own, not my employer's. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
