I don't see anything that TEXTCOMBINE is useful for with respect to
security, privacy, or liberation tech. It is not a robust entropy
extractor and I would not use it for anything.
Randomness extraction has been a research topic for 30 years. For
background reading, here are a couple
Hi José. Facebook's data policy states it only shares non-personally
identifying demographic information in aggregate with advertisers. See the
section under "Sharing With Third-Party Partners and Customers":
https://www.facebook.com/policy.php#
On Mon, Feb 27, 2017 at 7:25 AM, José María Mateos
Hi Charles. Regarding #1, there are dozens of open source projects and
companies that support end-to-end encryption for Dropbox-like storage
services. In fact, Box KeySafe already supports customer-managed keys.
Some examples that support end-to-end encryption: Boxcryptor, Mozy (now
EMC),
Hi Nick. I think codecrypt is for learning purposes only and should not be
used in practice.
I do see you have the warning "DO NOT USE this for mission-critical
things", which is good. You may want to have that as part of the actual
encrypted email body.
On Tue, Oct 4, 2016 at 8:25 AM Nick
Hello Sven. I don't understand what is going on in this poster. Have you
implemented any part of this toolset which you can share?
On Sun, Sep 25, 2016 at 7:30 AM Sven Wohlgemuth wrote:
> Dear Community on Liberation Technology,
>
> Please let me kindly ask for your attention
What is the background of the students? Do they know how to program? Do
they have experience with web apps or operating systems?
If they have some basic coding and web app background, here are some
suggestions:
- Google has a good "Web Application Exploits and Defenses" tutorial
named
Hello Miles. I think your suggestions are not practical for an ad hoc group
of sexual assault survivors. You're talking about them using PGP,
downloading open source clients, or using untested blockchain systems. I
think for a random group of people, all of these will fail in practice due
to poor
I'd use Google Apps for Nonprofits:
http://www.google.com/nonprofits/
It's simple, familiar, and the security is good enough for enterprise
businesses.
On Sun, Jul 10, 2016 at 4:56 PM Lina Srivastava
wrote:
> Hello all,
>
> A new support group for survivors of campus
Hi Nick. I'll throw out some questions:
- The Bitcoin blockchain is 40GB and growing at about 4GB a month.
Will end users have to download that much data to their clients? Or
will people be able to download a partial chain? If the latter, will
this have to rely on trusted intermediaries?
- If an
Hello Hassan. The PGP encryption feature is used only for outbound email
from Facebook. For example, password reset emails sent to you may be
encrypted.
I think in this case, submitting documentation over TLS is preferable to
attaching it in a PGP-encrypted email both for security and usability.
Hello Inna. I work at Facebook and have contacted you from my work account.
I'm not in a position to discuss the merits of the policy.
Regardless, for future reference, under Option 2 there is a set of
acceptable forms of ID that are not government issued:
Hi Libtech. Facebook added support to put a PGP public key to your
profile and optionally use it to encrypt email notifications that are
sent to you:
https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302
Special thanks to the beta testers
:
http://www.google.com/transparencyreport/saferemail/data/
On Mon, Jun 1, 2015 at 12:35 PM, Thomas Delrue tho...@epistulae.net wrote:
On 06/01/2015 01:46 PM, Steve Weis wrote:
Hi Libtech. Facebook added support to put a PGP public key to your
profile and optionally use it to encrypt email
Hello Carlo. This is about backward compatibility. WhatsApps is running on
hundreds of millions of iOS, Android, Windows, Blackberry and Nokia phones.
There are even people using it on 8 year old Java ME feature phones. It's
not feasible to simultaneously upgrade their installed apps to support
Facebook is now available as a Tor hidden service at this .onion address:
https://facebookcorewwwi.onion/
Blog post is here:
https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
--
Liberationtech is public archives are searchable on
Hello Greg. I tried out Espionage.app and it was easy to distinguish
real encrypted images from fake images via filesystem metadata. I
don't think Espionage offers any realistic notion of plausible
deniability, especially against totalitarian regimes as the webpage
claims.
This took no special
Hi Greg. The burden of proof is on Espionage to convince people that
it is safe. I can't trust it based on marketing claims alone.
There is not a sufficiently detailed design document on the website,
much less a battle-tested, peer-reviewed design. I don't see any
reference to independent
Matasano Security posted 6 sets of their crypto challenges online, which
may be of interest to anyone trying to learn more about implementing and
breaking crypto:
http://cryptopals.com/
The challenges start with basics and move through a variety of attacks.
They've provided solutions implemented
I wouldn't use any of these. InfoEncrypt is especially bad. If a
product doesn't have a link to source code, doesn't have detailed
documentation, or relies on code running on their servers, then do not
expect privacy of your messages.
Somewhat relevant, I recently gave a talk about Crypto
I'll echo Tom: It's relatively easy and a good learning exercise to pick
apart mobile apps and see what they're doing. On that note, here's some
source generated from the Wickr Android app class files using jd-gui:
http://saweis.net/files/wickr.src.zip
That doesn't include a native library that
Hello Carlo. PrivateCore is my company and ironically your libtech message
was flagged as spam in my inbox.
You are correct that today's technology reduces the trust to the CPU and,
for now, the TPM. I view that a significant improvement compared to having
to trust all components, like network
Hi Tom. Does hibernation on a Mac protect from physical memory
extraction by default or is this something yontma configures?
After a quick search, I ran across destroyfvkeyonstandby to destroy
the FileVault key on standby. Is that sufficient?
As for DMA attacks, my understanding is the latest OS
The Stanford law school posted a video of this recent Bruce Schneier NSA
talk:
https://cyberlaw.stanford.edu/multimedia/nsa-surveillance-and-what-do-about-it-bruce-schneier
On Mar 21, 2014 10:38 AM, Steve Weis stevew...@gmail.com wrote:
Bruce Schneier is speaking about NSA surveillance
As an epilogue, the Telegram client misused a non-secure random number
generator mrand48 for the keys used in their contest. A student, Thijs
Alkemade, was able to recover their keys and decrypt the contest
message transcripts:
On Apr 2, 2014 2:58 PM, Maxim Kammerer m...@dee.su wrote:
On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis stevew...@gmail.com wrote:
As an epilogue, the Telegram client misused a non-secure random number
generator mrand48 for the keys used in their contest. A student, Thijs
Alkemade, was able
On Mon, Mar 24, 2014 at 2:03 PM, David Berry dmbe...@gmail.com wrote:
Is anyone familiar with:
https://keybase.io
It looks like an interesting project and the idea of a database of public
keys is definitely a good one... or is it?
As a public key directory, the state of the art is
Bruce Schneier is speaking about NSA surveillance at the Stanford Law
School on April 14th:
http://www.law.stanford.edu/event/2014/04/15/cis-evening-event-with-bruce-schneier
Open to the public and free admission with RSVP.
--
Liberationtech is public archives are searchable on Google.
Hi Michael. Some comments inline...
On Wed, Mar 19, 2014 at 9:01 AM, Michael Powers mich...@mpowers.net wrote:
For a private message, we generate a random 256-bit key and encrypt with
AES. Then for each recipient, we use a hash of the shared ECDH secret and
the message-id to encrypt the key
I prefer a military-grade, 8192-bit, CCA-2 secure Post-It note.
They are available in packs of 100 in a variety of unhackable pastel colors.
On Sun, Mar 2, 2014 at 11:39 AM, Tony Arcieri basc...@gmail.com wrote:
And the same thing could more or less be accomplished with less than $0.10
worth
Hi Maxim. There was a man-in-the-middle attack against Telegram's
algorithm published back in December:
http://habrahabr.ru/post/206900/ (Russian)
English Google translated:
http://translate.google.com/translate?hl=ensl=ruu=http://habrahabr.ru/post/206900/
If I understand the translation of this
On Wed, Dec 18, 2013 at 9:39 AM, Maxim Kammerer m...@dee.su wrote:
I doubt very much it's due to my site — it's a free hosting, and there
is probably some malware on one of the virtual hosts on one of the IPs
in the block.
I think you answered your own question. You might have a bad neighbor
PrivateSky came up on libtech two and a half years ago:
https://mailman.stanford.edu/pipermail/liberationtech/2011-June/001925.html
At the time, it was already clear Certivox had a root key that issued
customer keys:
https://mailman.stanford.edu/pipermail/liberationtech/2011-June/001926.html
Ian Goldberg is speaking about Ibis: An Overlay Mix Network for
Microblogging today at the Stanford security seminar. The talk is 4:30pm
in the Gates building, room 463A.
http://crypto.stanford.edu/seclab/sem-12-13/goldberg.html
Abstract:
Microblogging services such as Twitter are extremely
It was an interesting talk. The gist is that they've shrunk the overhead of
the Sphinx mix net (
http://research.microsoft.com/en-us/um/people/gdane/papers/sphinx-eprint.pdf)
to 47 bytes. They've done this by removing the requirement for message
replies and using curve25519 for ECC. They've also
Take a look at github.io.
On Sep 7, 2013 5:15 AM, Moon Jones mjo...@pencil.allmail.net wrote:
Maybe it's too much. I know, people have to gain something from what they
are doing. And although hard drive space is getting cheaper by the year,
bandwidth is not the same.
I want to do some
If delivered as a regular Javascript web app, then Francisco, anyone
at Site 44, or anyone at Dropbox can steal PassLok keys and messages
anytime they want.
I do not think it's realistic to expect every single user to look at
the code before [they] execute it for every single page load. As
$ git log --pretty=format:%an drivers/char/random.c | sort | uniq | wc
The number of committers to random.c is 41.
You missed having a lame joke by just one committer.
On Thu, Aug 15, 2013 at 10:23 AM, Maxim Kammerer m...@dee.su wrote:
On Thu, Aug 15, 2013 at 7:33 PM, Doug Chamberlin
Hi Francisco. I split this off into a new thread, since it touches on some
points on why the security model for Passlok is broken.
Comments inline...
On Tue, Aug 13, 2013 at 2:54 PM, Francisco Ruiz r...@iit.edu wrote:
1. Unicode: wget returned escaped Unicode characters. Chrome saved output
Francisco, you assume that all browsers will save a static version of the
page identically. This is not the case.
I ran a test using 'wget https://passlok.site44.com' and Chrome's Save
As. The former will actually match the hash value you've posted, but the
latter does not.
I spotted at least 5
Comments inline...
On Thu, Aug 1, 2013 at 7:58 AM, Andy Isaacson a...@hexapodia.org wrote:
Then someone may force you to exhaust your
pad bits by corrupting or dropping messages in transit.
An attacker with control of your wire can deny you service. News at 11!
What cryptosystem does not
I think what you're saying was true in the past, but the game is
changing with modern hardware. There have been advances in CPU
features that make it possible to reduce the trust perimeter to just
the CPU and TPM. If I trust those two components, I can privately
compute on remote hardware, even if
Hi. I think you're slowly reinventing PGP.
Just to summarize what you have so far:
1. Alice and Bob each generate key pairs locally.
2. Both securely store their private keys.
3. Both generate hash values of their public keys.
4. Both mutually exchange public keys over an untrusted channel.
5.
DRM technologies have a flip side as privacy-preserving technology.
It's all a matter of whose data is being protected and who owns the
hardware.
We generally think of DRM in cases where the data owner is large
company and an individual owns the hardware. In this case, DRM stops
you from copying
If you assume communications are monitored and your machine is
compromised, this has some fundamental flaws:
- How do I communicate a password to Bob? Before I get a crucial bit
of information to Bob, I need to first get a crucial bit of information to Bob?
- You assumed a keylogger is installed.
I skimmed a couple files of this project. It does not inspire confidence.
In 7 lines of encryption code, they unsafely use ECB, don't
authenticate their ciphertext, don't have any comments, don't have any
testing, and have a couple WTF lines like XORing parts of the key with
itself:
It's not true that all widely used crypto implementations are open.
Even open source projects themselves depend on closed implementations.
For example, Linux, OpenSSL, GnuTLS, libgcrypt, and dm-crypt may all use
AESNI on x86, usually by default [1]. Linux now also uses a closed RdRand
[2] RNG if
Ben Adida's thesis Advances in Cryptographic Voting Systems is thorough
and well-written:
http://electionmathematics.org/em-voting-systems/rivest-student-adida-phd.pdf
Some of these ideas are implemented in Helios Voting:
http://heliosvoting.org/
https://github.com/benadida/helios-server
Note,
Registration for the Real World Crypto 2014 workshop is open (and free).
http://realworldcrypto.wordpress.com/
What:
The Real World Cryptography Workshop aims to bring together
cryptography researchers with developers implementing cryptography in
real-world systems. The main goal of the workshop
tl;dr: It depends whether you care about security or compliance.
IBE has worked in practice for enterprises who want to enforce centralized
control of encrypted messages and meet compliance regulations. These
enterprises would typically operate the private key generator, although
there are
One correction: I looked at an old Voltage email and it does download an
HTML file. However, this just has a link that posts back to a server where
you enter your password and decrypt the message. It kind of defeats the
purpose.
On Tue, Jun 25, 2013 at 12:35 PM, Steve Weis stevew...@gmail.com
:
Hi Steve, a technical (and perhaps stupid) question:
On Sat, Jun 22, 2013 at 1:49 AM, Steve Weis stevew...@gmail.com wrote:
The host H will have a trusted platform module (TPM). When H boots up, it
will measure all software state into platform control registers (PCRs) in
the TPM. See Intel
Hi Eleanor. tl;dr: Today we bootstrap from the TPM.
To have a secure channel between two processes/compartments (in this case,
the CPU of the hosted machine and the remote,
non-service-provider-controlled system), they must share a secret.
This is a good question since it's not necessarily
Hi Eleanor. I am a co-founder of PrivateCore and happy to answer questions.
I'll keep it non-commercial and focus on the technical answers for this
mailing list:
[We] were talking about secure hosting
PrivateCore's technology is currently packaged as a hypervisor, so is
targeted at environments
PM, Steve Weis stevew...@gmail.com wrote:
It's not safe.
This is their bookmarklet:
(function(){document.body.appendChild(document.createElement('script')).src='
https://encipher.it/javascripts/inject.js';})();
That loads a JavaScript file from the encipher.it site, which can be
changed
It's not safe.
This is their bookmarklet:
(function(){document.body.appendChild(document.createElement('script')).src='
https://encipher.it/javascripts/inject.js';})();
That loads a JavaScript file from the encipher.it site, which can be
changed at any time and compromise your messages without
My company is working on the problem of how to compute on untrusted
platforms. We gave a technical talk earlier in the year about
privilege escalation through physical attacks:
http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf
From a practical perspective on x86 platforms, we can
There's an upcoming Stanford security seminar on how bulk data from
captured drives and network traffic are analyzed. Thought it might of
some interest to this list.
Lessons Learned Writing High-Performance Multi-Threaded Digital
Forensic Tools for Analyzing Hard Drives and
Hi. I took a quick look while procrastinating at work and found a few
potential issues:
- What's up with this hard-coded
salthttps://bitbucket.org/scassidy/dinet/src/9f3afe465afb124367e03b63c6b63cba261e4edf/client/broadcast_client.c?at=master#cl-16
?
- Any specific reason you picked
Comments inline...
On Tue, Jun 11, 2013 at 10:47 AM, Sean Cassidy sean.a.cass...@gmail.comwrote:
- Any specific reason you picked CTR?
CTR is widely recommended. Cryptography Engineering specifically
recommends it.
The reason I ask is that this makes your IV-generation more critical than,
kind of
threats tend to be far more common than library bugs.
NK
On 2013-06-06, at 7:49 PM, Steve Weis stevew...@gmail.com wrote:
The status is:
[otr.js] hasn't been properly vetted by security researchers. Do not use in
life and death situations!
https://github.com/arlolra/otr#warning
The status is:
[otr.js] hasn't been properly vetted by security researchers. Do not use
in life and death situations!
https://github.com/arlolra/otr#warning
On Thu, Jun 6, 2013 at 3:14 PM, Anthony Papillion anth...@cajuntechie.org
wrote:
I'm thinking about working on a web app that would use
Regarding wifi-only phones, Euclid Analytics
(http://euclidanalytics.com/product/how/), has developed router add-on
software that can track consumers' mobile devices by MAC addresses.
The routers send that data back to Euclid for aggregation.
There are other companies working on similar ideas. I
To add to the list of issues here, crypto implementations on mobile devices
may be vulnerable to power analysis side-channel attacks. Attackers may be
able to measure RF signal strength to infer power consumption during crypto
operations, then derive key material. I think Cryptography Research
Hi Richard. Your grad student's experience corroborates what I've heard
from other researchers. Simple power analysis attacks are easy to conduct
against mobile devices in a lab environment.
On Mon, Apr 29, 2013 at 12:56 PM, Richard Brooks r...@acm.org wrote:
The power analysis
Hi. SafeGDocs appears to use a unsafe implementation of AES-CTR mode from
here:
http://www.movable-type.co.uk/scripts/aes.html
Two problems with this library:
- It generates a predictable CTR mode IV using time of day.
- There is apparently no authentication of the ciphertext, which in CTR
mode
A new session of Dan Boneh's free online crypto course is starting today:
https://www.coursera.org/course/crypto
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
Hi Yiorgis. The ways of asserting the authenticity of served [JavaScript]
always reduce to trusted code executing on the client. You need to trust
whatever is authenticating the served application. You can't get around it.
This approach always ends up with either trusting the service or running
Hi Yiorgis. The Crypho web page says:
No-one can access your data, either in transit or when stored — Not even
Crypho staff or the government.
Yet, you acknowledge that we are aware of the potential problems of
serving JS [Javascript], meaning it's trivial for your staff or a
government to
This is a good illustration how data in use is exposed to physical attacks
on most computing devices.
An interesting side-note is that Android phones are starting to ship with a
hardware security module (HSM), which can be used for crypto operations and
key storage. Duo Security is one company
TRESOR uses debug registers and only protects key material. It doesn't
protect the code that actually reads that key in or out of the register,
nor any of the data that is actually decrypted with the key. So, it
provides protection just for keys against passive, read-only attacks
against memory.
I see nothing online to indicate that this book is good and don't want to
spend 0.5 grams of gold to find out.
On Thu, Feb 14, 2013 at 2:11 PM, Lee Fisher blib...@gmail.com wrote:
Does anyone have any opinions about the advise in this book? Thanks.
Mega is using server-side Javascript for crypto, so you're trusting them
just like you'd trust Dropbox.
Other people have reported issues with their implementation, including
using weak randomness. I skimmed through their implementation and found
some portions that indicate they don't know what
I noticed a Stanford project for setting up browser-based, ephemeral Tor
proxies. In their words, the purpose of this project is to create many,
generally ephemeral bridge IP addresses, with the goal of outpacing a
censor's ability to block them.
The core idea is that volunteers outside a
Yes, the system is vulnerable to client enumeration if there are few
facilitators and proxies. If there are many facilitators and proxies, then
the adversary needs to discover facilitators, constantly poll them, and
compete with legitimate proxies to learn client IPs.
They won't discover every
The video of the William Binney The Government is Profiling You talk at
MIT is now online:
http://techtv.mit.edu/collections/csail/videos/21783-the-government-is-profiling-you
On Thu, Nov 15, 2012 at 10:41 AM, Steve Weis stevew...@gmail.com wrote:
There's an upcoming talk at MIT CSAIL
Dan Boneh from Stanford is organizing a Workshop on Real-World Cryptography
on January 9-11, 2013:
http://crypto.stanford.edu/RealWorldCrypto/program.php
Looks like a good lineup of speakers.
--
Unsubscribe, change to digest, or change password at:
I attended the beginning of this event and was taken aback by some bad
advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
how password managers can supposedly protect you from keyloggers and
malware:
http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s
Specifically around
I hadn't seen Tails before and don't know how baked it is as a project. I
just tried it out and found an exploitable vulnerability in their
configuration that would allow someone to compromise the system. It's a
corner case and not likely to impact many systems, but is a well known
problem. I've
For what it's worth regarding multiple passes to sanitize data:
http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
http://cs.harvard.edu/malan/publications/pet06.pdf
On Thu, Oct 4, 2012 at 5:06 PM, Seth David Schoen sch...@eff.org wrote:
I was
This paper Ignoring the Great Firewall of China is a few years old, but
at the time China was inspecting TCP packets for verboten keywords:
http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf
The blocking was easy to circumvent. The researchers were able to just
ignore TCP reset packets and the
...globally-distributed botnet of thousands of computers...
Someone could rent thousands of botnet agents for two days for a couple
hundred dollars:
http://www.zdnet.com/blog/security/study-finds-the-average-price-for-renting-a-botnet/6528
Avaaz does not have any further information about who is
81 matches
Mail list logo