Re: don't use passwords as private keys (was Re: Using a password as a private key.)
You don't know you have to destroy a key file, until it is too late. Until then, it's just laying around waiting for some one to copy and crack. If you are paranoid enough to assume your opponent is going to torcher you to get your signature password, you should assume that he already has your keyfile, and is willing to torcher you to get it's password. Thus coercion and dicitonary attacks are moot points. That is, if your password is good enough. So, what's worse; guarding a high entopy password with a low entropy password, or trying to memorize a high entropy password? Harv Adam Back <aba@dcs.ex.ac.uk> wrote:
Some people have been talking about using passwords as private keys. (By using the passphrase as seed material for regenerating the private and public key).
I don't think this is a good idea.
You can't forget passphrases. You can destroy private key files.
Therefore you open yourself up to coercion, and forward secrecy is not possbile with these schemes. This means it is less secure.
The other reason it is less secure others commented on: you provide an open target for dictionary attacks. I wouldn't want to do that, even with high entropy passphrase, it loses one important line of defense: unavailability of private key file.
Adam
_________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
Harv "RedRook" (is that Harvey Rook?) writes:
You don't know you have to destroy a key file, until it is too late.
Sooo. What does this imply you should do? Destroy your key file on a regular basis :-) eg. this key: pub 2048/2E17753D 1998/10/04 Adam Back <aba@dcs.ex.ac.uk> (FS key, Oct 98) will be destroyed tomorrow ("FS" = Forward Secrecy), the key is my forward secret key for October. And this one was destroyed at the end of last month: pub 2048/xxxxxxxx 1998/09/01 Adam Back <aba@dcs.ex.ac.uk> (FS key, Nov 98) etc. This means that if someone were (say like GCHQ or ECHELON) were to be archiving my email, and later develop an interest in reading it, they would be out of luck. And I wouldn't be able to help them if I wanted to.
Until then, it's just laying around waiting for some one to copy and crack. If you are paranoid enough to assume your opponent is going to torcher you to get your signature password, you should assume that he already has your keyfile, and is willing to torcher you to get it's password.
Forward secrecy means that only the current key file is vulnerable.
Thus coercion and dicitonary attacks are moot points. That is, if your password is good enough.
Your passphrase might not be as secure as you think it is. The sound of you typing it whilst on the phone, or the RF noise emitted by the keyboard controller chip may completely or partially leak it. Adam
If you're worried about RF noise, you have to assume the CPU or disk is also radiating enough for the spooks. On the other hand, that video camera in the ceiling can watch your keystrokes, but can't watch the CPU. That's when the paranoids worry about whether the KGB is sneaking in and copying their disk drive at night, and they start getting encrypted file system software. :-)
That's why some recommend that all secret e-mail be composed and encrypted on a laptop while disconected from the AC mains, and better yet operated in an open area (a park) or a place with lots of other electrical noise (a mall). --Steve
At 3:44 PM -0800 10/31/98, John Young wrote:
Steve Schear wrote:
That's why some recommend that all secret e-mail be composed and encrypted on a laptop while disconected from the AC mains, and better yet operated in an open area (a park) or a place with lots of other electrical noise (a mall).
Not to beat an NDA horse but while we're waiting for NSA to process our FOIA request for TEMPEST docs, are there products available to shield a desktop box, or better, a laptop?
I haven't been following this FOIA request for TEMPEST docs. It seems pointless, for several reasons: 1. No doubt a lot of stuff will be classified, and FOIA can't break classification, generally. 2. The physics is what's important, not TEMPEST specs on specfific pieces of equipment the government may be using, etc. 3. Direct tests on current equipment is more important, anyway.
We're so ignorant of what's allegedly in the classified docs that we're trying to design a glass box with RF glazing materials supplied by a corp that makes it for buildings.
Why would something designed for large-scale structures like buildings be all that useful for shielding a laptop? While it _might_ be useful, there are building tradeoffs that don't apply to shielding smaller objects. Why not just go with copper, for example? Or mu-metal? Or even mesh?
It would fit over the box, keyboard and monitor, and should shield them, but leaves cables and power lines to solve, not counting how to get our hands into the keyboard. As an alternative we're looking at a reengineered CAD tablet with puck to select letters and/or words/phrases, or maybe a voice gadget. Yeh, yeh, bugs in the lamp, but one solution at a time.
I don't know who you're doing this project for, but I would approach it from a different point of view. * Laptop under battery power...no leakage through a.c. lines * inside a copper box made of, say, 10-gauge copper. All joints soldered. * viewing through a kind of viewing hood, with each eye having a couple of layers of mesh close to the eyes...this should not interfere too much with viewing the screen (some experimentation would be needed). * control of keyboard could be done in a couple of ways, e.g., -- flexibible gloves coated with conductive material (the skin depth is likely insufficient to block RF to 80 or so dB, but the combination of attenuation and limited exit diameter (at the wrists) may be sufficient -- a new external keyboard with only fiber-optic connections to the computer, and with no significant local processing, and only low voltages...I would not be surprised if a keyboard with essentially no key-varying RF emissions could be built (operating frequency can of course be very, very low, e.g., a kilohertz or less, and with low voltages, etc.) -- mouse input, if necessary, can be done with optical mice with infrared links (helped along with light pipes). No RF to speak of, though this would have to be characterized in detail.
If we get it to work, or at least credibly marketable to people more techno-stupid than we are, following the cryptography model, we figure we'll position it as an upscale decorative hot shit privacy fashion statement, an anti-spy-tech ensemble made of temperature sensitive glass to change thoughout the day or as passions wax and wane with the market and self-image.
I'll follow your business plans with interest. Not to sound like a cynic (you all know I am, though), but this kind of "crypto chic" marketing ploy seems doomed to failure. "Privacy fashion statement" indeed.
Retail price: oh, maybe, $25,000 for 100% assured RF protection ("Not Even NSA Can Snoop!) of your secret business communications and sordid affairs, give or take a few leakages that'll never be missed until the mate's PI burgles the crystal.
What more can I say?
Someone's going to suggest a copper screen sandwiched in pinstriped serge, but how do you see the monitor? Or a Frank Gehry-warped Faraday cage, or god knows what's under the NDA blanket. However, time's running out: when NSA releases those 12 TEMPEST docs next summer that 1000% percent markup on classified TEMPEST products is going down.
The market's going to be flooded with certified fakes, ours leading. The brand name's a secret but you'll see it on the ticker.
Well, I got trolled, it appears, by one of John Young's coleridged rhymes (and rimes). I wasted my time addressing what I thought 'til the end was a semi-real, if flaky, proposal to market a TEMPESTed computer. How stupid of me. I should know by now never to take John seriously. --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
At 4:38 AM -0800 11/1/98, John Young wrote:
Tim has heretofore advised on TEMPEST measures and the latest are useful, and correspond to what's available in the commercial market and what is available in mil/gov pubs -- many listed at Joel's site.
Understand that my comments are just some "common sense with a little bit of physics" estimates, not direct knowledge of how best to shield laptops. I worked inside a Faraday cage for several months--a cube about 12 feet on a side made up of two layers of fine copper mesh separated by about 2 inches. We used ordinary radios to check the seal. We entered the room with the radio on, closed the copper-gasketed door and then checked the AM and FM bands with the volume cranked up. If all was well, we didn't even get "static," just the characteristic internal/thermal/Johnson noise of the radio circuitry. (We were looking for signals from a Josephson junction in SQUID (superconducting quantum-interferometric device) that were very, very weak compared to ambient radio noise levels. We used a Princeton Applied Research 124 lock-in amplifier and a boxcar amplifier. I surmise that the effective shielding was very good. This was in 1972-3.) Later, at Intel, a lab right next to mine had a Faraday cage around it. Anyway, were I to try to shield a laptop I'd start with microwave leakage meters, a couple of t.v.s and radio (of different types and bands), and then I'd start recording signal levels of various sorts as different shielding layers and types were applied to the laptop(s). Simple lab stuff. I'd do this in preference to worrying about what some 1978 government docs had to say about the subject. TEMPEST the specs are probably a mixture of "RF shielding" tips and standards, and a mix of Van Eck radiation tuner designs.
We are working on our desktop model with a manufacturer who supplies RF-protected glass for government and industry rooms as well as for entire buildings. We figure that if we can make a workable model, we'll be able to use to demonstrate to our clients why TEMPEST protection is needed and how it can be accomplished in an elegant design manner, paralleling demonstrations used by the glass manufacturer to substantiate claims for his products.
Suggestion: Read the client's laptop when he's visiting. Then show him your stuff. (This means you've built a working Van Eck decoder, which may be too much to expect, per the above about concentrating on blocking the RF.)
One of the many things that keeps techies from getting the public's money is being unable to convince the buyer that the invention is truly desirable. Thus comes the marketer, who has skills of invention of another sort to charm the skeptical consumer that this baby has got to be a part of his/her life -- like fancy homes, medical care, insurance cars, clothing, foods, weapons, bibles, and, above all, national security.
Look, let me put this bluntly: VERY FEW PEOPLE CARE ABOUT SECURITY. Most businessmen are not even using PGP. Why will any of them pay a lot of extra money for something that makes their laptops look like gargoyles or pieces of shit? (This is for the travelling businessmen threat model. The corporate network threat model is even more problematic, as it means the corporation needs to TEMPEST-protect some large fraction of their desktop machines, with any unprotected machines being the weak links. I don't understand which threat model you're concentrating on, though.) And your next paragraphs tell me you have even less chance of sellling your product to corporate America:
So a mongerer's brew is needed to peddle these inessentials, composed of seriousness, humor, terror, lies and pretended guilelessness, the practices of anyone doing well or doing badly,
indeed, humans going about whatever they do to fill up the void.
BTW, the best technology is nearly always going to be classified, with sky high prices paid for by gullible citizens to calm their manufactured terrors (the religion model, once churches and temples now weapons and satellites; once the priest/architect hustle, now that of the the NatSec wonk/scientist), so the commercial market is only going to offer less than the best, the declassified waste products, while selling it as "The Best."
?????? Is this a diagnosed medical condition, like Tourette's? You start out communicating reasonably clearly, then, as usual, trail off into this gobbledegook. Pynchon's Syndrome? --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
At 12:26 PM -0800 11/1/98, Dave Emery wrote:
On Sun, Nov 01, 1998 at 09:53:37AM -0800, Tim May wrote:
Anyway, were I to try to shield a laptop I'd start with microwave leakage meters, a couple of t.v.s and radio (of different types and bands), and then I'd start recording signal levels of various sorts as different shielding layers and types were applied to the laptop(s). Simple lab stuff.
As someone who has actually spent hellish weeks working to suppress the RF emissions of some commericial network gear I designed - to make it pass FCC B and VDE certification - let me say this is a black art and no fun. There are sophisticated electromagnetics programs that can sometimes succeed in modeling the radiation from a computer system, but they are very expensive and inputting all the required information is painful or downright impossible (data just not available or in a usable format), so this nasty job usually gets done seat of the pants style using rules of thumb and educated guesses and hard won experiance and lots of trial and error. The job consists of attaching lossy ferrite beads, copper tape and other RF and common mode current supressing devices, shielding plastic packages with spray metallic coatings, adding ...
All good points, but there's a big difference between trying to meet FCC emissions requirements for a commercial product that has to meet cost, weight, and cosmetic requirements (e.g., a plastic case!), and the scenario of making a TEMPEST-like box for a laptop. Ferrite beads and copper tape are a lot different from a sealed box made of 10-gauge copper sheet.
Nobody does this using ordinary radios and TVs, the standard tool is a broadband spectrum analyzer or special EMC receiver with quasipeak filters and special calibrated wideband dipole antennas that have known gain and pattern characteristics. Isolating of radiating sites is often done with near field probes or sniffers attached to the spectrum analyzer that allow hot spots to be tracked to within a few cm. Often in order to get enough sensitivity one also needs special preamps, and a RF quiet site where signals from the DUT aren't drowned out by pagers and cellphones and emissions from nearby computers. A good bit of this work is done way out in the country under non-metallic fiberglass buildings that don't create reflections that confuse the measurements. And conducted as opposed to radiated noise is measured with special power line filters and cable filters...
Sure, but my point was that John Young should *at least* start with actual measurements, as opposed to putting most of the onus on a FOIA request to get TEMPEST docs declassified. If he can get spectrum analyzers and all that stuff, so much the better. --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
At last an Administration Domestic Violence provision I can support. Al Gore has just proposed that victims of domestic violence should be able to easily get new SS#. Collect a dozen. New options for privacy vis-a-vis private individuals and even the government. Protection of "victims" won't work if the new number is reported to the Big Three credit reporting bureaus. DCF
From Duncan Frissell:
: Protection of "victims" won't work if the new number is : reported to the Big Three credit reporting bureaus. ................................................... I just went to the bank I do business with this week to open a new account. They wanted my social security number, (which they actually already have on record), and during a search on her handy database, the Customer Assistance clerk informed me that there was another person in Florida using the same number. I don't presently have a credit card, so I'm not worried about losing any cash at this time. The clerk gave me a form to send to ChexSystems for a consumer report and advice to notify the Social Security dept about it. I don't really want to discuss it with them. Think it would be to my benefit to just leave it alone? <g> Probbly not. .. Blanc
At 10:47 AM 11/5/98 -0500, Petro wrote:
At 12:08 AM -0500 11/5/98, Blanc wrote:
From Duncan Frissell:
I just went to the bank I do business with this week to open a new account. They wanted my social security number, (which they actually already have on record), and during a search on her handy database, the Customer Assistance clerk informed me that there was another person in Florida using the same number.
report and advice to notify the Social Security dept about it. I don't really want to discuss it with them. Think it would be to my benefit to just leave it alone? <g> Probbly not.
If they are using your name as well, they could be damaging your credit rating.
Absolutely, and it is not limited to credit cards. It would pop up if, for example, you buy a new car. If your rating does become negatively affected, the creditor could care less about your explanation of some Joe Anonymous using your SSN. His first question would be why didn't you report it when you found out. Whatever credit you'd be applying for would get unbelievably mired in beaucracy - something you wouldn't need. Additionally, it can mushroom in other areas as well. This other person is getting credit for the number of years that you have been employed. Also, if s/he applies for SSD or SSI (disability or supplemental security income), you will be impacted upon. Some states require SSN's for driving licenses, and there's a myriad of potential problems here as well. Tax returns can potentially become a complication. And the list goes on.... All in all, you should seriously reconsider your decision of not reporting the problem. *********************************************************** Lynne L. Harrison, Esq. | "The key to life: Poughkeepsie, New York | - Get up; mailto:lharrison@dueprocess.com | - Survive; http://www.dueprocess.com | - Go to bed." *********************************************************** DISCLAIMER: I am not your attorney; you are not my client. Accordingly, the above is *NOT* legal advice.
At 12:08 AM -0500 11/5/98, Blanc wrote:
From Duncan Frissell:
: Protection of "victims" won't work if the new number is : reported to the Big Three credit reporting bureaus. ...................................................
I just went to the bank I do business with this week to open a new account. They wanted my social security number, (which they actually already have on record), and during a search on her handy database, the Customer Assistance clerk informed me that there was another person in Florida using the same number.
I don't presently have a credit card, so I'm not worried about losing any cash at this time. The clerk gave me a form to send to ChexSystems for a consumer report and advice to notify the Social Security dept about it. I don't really want to discuss it with them. Think it would be to my benefit to just leave it alone? <g> Probbly not.
If they are using your name as well, they could be damaging your credit rating. -- "To sum up: The entire structure of antitrust statutes in this country is a jumble of economic irrationality and ignorance. It is a product: (a) of a gross misinterpretation of history, and (b) of rather naïve, and certainly unrealistic, economic theories." Alan Greenspan, "Anti-trust" http://www.ecosystems.net/mgering/antitrust.html Petro::E-Commerce Adminstrator::Playboy Ent. Inc.::petro@playboy.com
At 8:06 AM -0800 11/4/98, Petro wrote:
What if, instead of trying to entirely prevent leakage, one did a combination of "redirecting" and "masking" emissions.
Keep in mind I am asking from a point of total ignorance.
To break the question down further, a tempest attack is limited by 2 things, distance from the machine (IIRC, the "level" or "strength" of RF emissions drops by the square of the distance correct?) and (possibly) the presence of other sources of RF in about the same bands.
Assuming that the signal level drops by the square of the distance, then one is far more likely to get tempested from a van outside than an airplane overhead correct? In that case, simply design one of Mr. May's brazed copper boxes so that it is open something similar to: [diagram of semi-open box elided]
Radio waves scatter...they don't just travel in pure line of sight. And even if they travelled only in line of sight, the reflections from inside the box and then into the room and then off surfaces.... Microwave ovens work by having the waves bounce around inside a box. Any significant hole or crack (up to roughly half the wavelength) would let the waves out. An open top box will not work.
The other question is how hard, given a _specific_ machine would it be to create a "RF" jammer? Sort of an active defense versus the passive defense of a Tempest sheild. build a device that measures the RF coming off a machine, and rebroadcasts the opposite (i.e. the negation) of the signal? This should, or could "flatten" the signal making it useless.
Unlikely to prevent someone from figuring out what the real signal is. It's very difficult, generally, to hide a signal with another signal. Noise won't work, because noise can be filtered or autocorrelated out. A "spoof" signal can be corrected for. And we are talking about 100 dB sorts of suppression. Mere factors of a few with fake signals and noise are meaningless on this scale. --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
On Sun, Nov 01, 1998 at 09:53:37AM -0800, Tim May wrote:
Anyway, were I to try to shield a laptop I'd start with microwave leakage meters, a couple of t.v.s and radio (of different types and bands), and then I'd start recording signal levels of various sorts as different shielding layers and types were applied to the laptop(s). Simple lab stuff.
As someone who has actually spent hellish weeks working to suppress the RF emissions of some commericial network gear I designed - to make it pass FCC B and VDE certification - let me say this is a black art and no fun. There are sophisticated electromagnetics programs that can sometimes succeed in modeling the radiation from a computer system, but they are very expensive and inputting all the required information is painful or downright impossible (data just not available or in a usable format), so this nasty job usually gets done seat of the pants style using rules of thumb and educated guesses and hard won experiance and lots of trial and error. The job consists of attaching lossy ferrite beads, copper tape and other RF and common mode current supressing devices, shielding plastic packages with spray metallic coatings, adding screws and other fasteners to bond stuff together better, changing grounding around within the box to put RF currents in places they don't get to the outside of the package, use of ICs that switch more softly, adding filters to connectors for external cables, changing layout of PC boards to better shield hot traces, changing the shape of the metal chassis to act as a better shield and ground plane and so forth. And unless one has access to the best modeling programs, predicting exactly what a given change will do is a really obscure art... Nobody does this using ordinary radios and TVs, the standard tool is a broadband spectrum analyzer or special EMC receiver with quasipeak filters and special calibrated wideband dipole antennas that have known gain and pattern characteristics. Isolating of radiating sites is often done with near field probes or sniffers attached to the spectrum analyzer that allow hot spots to be tracked to within a few cm. Often in order to get enough sensitivity one also needs special preamps, and a RF quiet site where signals from the DUT aren't drowned out by pagers and cellphones and emissions from nearby computers. A good bit of this work is done way out in the country under non-metallic fiberglass buildings that don't create reflections that confuse the measurements. And conducted as opposed to radiated noise is measured with special power line filters and cable filters... The magic of the NSA TEMPEST specs lies in exactly how much certain emissions must be suppressed to lie below useful detectablity thresholds at some reasonable distance. And much of the classified trickery resides in exactly what sorts of things have been shown to carry useable information and at what field strength that information can be extracted and under what conditions it is not usable. And because of the repetitious nature of many information bearing spurious emanations, there is some signficant emphasis on corellation and averaging out noise techniques... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
At 4:02 PM -0500 11/1/98, Tim May wrote:
All good points, but there's a big difference between trying to meet FCC emissions requirements for a commercial product that has to meet cost, weight, and cosmetic requirements (e.g., a plastic case!), and the scenario of making a TEMPEST-like box for a laptop. Ferrite beads and copper tape are a lot different from a sealed box made of 10-gauge copper sheet.
Question: What if, instead of trying to entirely prevent leakage, one did a combination of "redirecting" and "masking" emissions. Keep in mind I am asking from a point of total ignorance. To break the question down further, a tempest attack is limited by 2 things, distance from the machine (IIRC, the "level" or "strength" of RF emissions drops by the square of the distance correct?) and (possibly) the presence of other sources of RF in about the same bands. Assuming that the signal level drops by the square of the distance, then one is far more likely to get tempested from a van outside than an airplane overhead correct? In that case, simply design one of Mr. May's brazed copper boxes so that it is open something similar to: ______________ |_____ | / | | _ | | |________/ | |_____________________| Where the laptop (or even a full sized tube monitor & computer) is placed inside. The other question is how hard, given a _specific_ machine would it be to create a "RF" jammer? Sort of an active defense versus the passive defense of a Tempest sheild. build a device that measures the RF coming off a machine, and rebroadcasts the opposite (i.e. the negation) of the signal? This should, or could "flatten" the signal making it useless. Then again, I could be totally wrong. -- "To sum up: The entire structure of antitrust statutes in this country is a jumble of economic irrationality and ignorance. It is a product: (a) of a gross misinterpretation of history, and (b) of rather naïve, and certainly unrealistic, economic theories." Alan Greenspan, "Anti-trust" http://www.ecosystems.net/mgering/antitrust.html Petro::E-Commerce Adminstrator::Playboy Ent. Inc.::petro@playboy.com
Harv "RedRook" (is that Harvey Rook?) writes:
You don't know you have to destroy a key file, until it is too late.
At 02:43 PM 10/30/98 GMT, Adam Back wrote:
Sooo. What does this imply you should do? Destroy your key file on a regular basis :-) ... This means that if someone were (say like GCHQ or ECHELON) were to be archiving my email, and later develop an interest in reading it, they would be out of luck. And I wouldn't be able to help them if I wanted to. ... Forward secrecy means that only the current key file is vulnerable.
Forward secrecy for encryption keys is a really important technique; as you say, nobody can go back later and force you to reveal the key. Forward secrecy for signature keys is less useful (:-), since it means that you can't later sign a document using an old key. (Occasionally this may be bad - e.g. court cases demonstrating you signed something - but it also means nobody can forge an old signature of yours.) In any Forward Secrecy environment, it tends to help to have multiple keys, with a long-term key that's only used for signing short-term keys. The classic example is Authenticated Diffie-Hellman key exchange, with one-use session keyparts signed by your signature key (ideally with the signatures passed inside the encrypted session rather than beforehand in the clear.) One difficulty is proving that you don't have a backup copy of the keyfile, on tapes, or hidden, or printed on paper stuck in a desk drawer. Proving that _you_ didn't make a copy is usually impossible, and knowing whether somebody else has a copy of things is a problem Ollie North has dealt with (:-) ; if you're running your own PC, physically secure, then you're at least as secure as your network connections. Another issue for Kong and other systems with keys made from a passphrase and keyfile is whether to reuse either of them in a forward secrecy environment. It's sometimes convenient to use the same passphrase and change keyfiles every cycle, but that depends on your threat models.
Your passphrase might not be as secure as you think it is. The sound of you typing it whilst on the phone, or the RF noise emitted by the keyboard controller chip may completely or partially leak it.
If you're worried about RF noise, you have to assume the CPU or disk is also radiating enough for the spooks. On the other hand, that video camera in the ceiling can watch your keystrokes, but can't watch the CPU. That's when the paranoids worry about whether the KGB is sneaking in and copying their disk drive at night, and they start getting encrypted file system software. :-) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Steve Schear wrote:
That's why some recommend that all secret e-mail be composed and encrypted on a laptop while disconected from the AC mains, and better yet operated in an open area (a park) or a place with lots of other electrical noise (a mall).
Not to beat an NDA horse but while we're waiting for NSA to process our FOIA request for TEMPEST docs, are there products available to shield a desktop box, or better, a laptop? We're so ignorant of what's allegedly in the classified docs that we're trying to design a glass box with RF glazing materials supplied by a corp that makes it for buildings. It would fit over the box, keyboard and monitor, and should shield them, but leaves cables and power lines to solve, not counting how to get our hands into the keyboard. As an alternative we're looking at a reengineered CAD tablet with puck to select letters and/or words/phrases, or maybe a voice gadget. Yeh, yeh, bugs in the lamp, but one solution at a time. If we get it to work, or at least credibly marketable to people more techno-stupid than we are, following the cryptography model, we figure we'll position it as an upscale decorative hot shit privacy fashion statement, an anti-spy-tech ensemble made of temperature sensitive glass to change thoughout the day or as passions wax and wane with the market and self-image. Retail price: oh, maybe, $25,000 for 100% assured RF protection ("Not Even NSA Can Snoop!) of your secret business communications and sordid affairs, give or take a few leakages that'll never be missed until the mate's PI burgles the crystal. Someone's going to suggest a copper screen sandwiched in pinstriped serge, but how do you see the monitor? Or a Frank Gehry-warped Faraday cage, or god knows what's under the NDA blanket. However, time's running out: when NSA releases those 12 TEMPEST docs next summer that 1000% percent markup on classified TEMPEST products is going down. The market's going to be flooded with certified fakes, ours leading. The brand name's a secret but you'll see it on the ticker. Speaking of promo, we saw last night on the Free Congress site a reference to a report titled "Cyhperpunks v. Cryptocrats: The Battle Over US Encryption Standards," by Lisa S. Dean. We missed that in the past and the site only cites it without a link. Anybody know of it, and how to get it? See: http://www.freecongress.org/ctp/echelon.html
John Young <jya@pipeline.com> wrote:
Speaking of promo, we saw last night on the Free Congress site a reference to a report titled "Cyhperpunks v. Cryptocrats: The Battle Over US Encryption Standards," by Lisa S. Dean.
Have you tried e-mailing Lisa?
The rationale of the FOIA to NSA for TEMPEST docs is that due to increased public awareness of that technology, the manufacturers of classified TEMPEST products and services are chomping at the bit to sell them to a broader public market -- as with other dual-use technology like crypto. We were asked to make the FOIA by those who've gotten what they can from the many sources listed at Joel McNamara's TEMPEST site -- which show that the market is growing but is still hampered by classified restrictions: http://www.eskimo.com/~joelm/tempest.htm Yes, it's improbably that NSA will release all the docs requested but perhaps some will be shaken loose, again as with other once classified technology like crypto. In part because of rising public awareness, in part because of manufacturers' desire, in part because NSA will have developed more advanced technology. Tim has heretofore advised on TEMPEST measures and the latest are useful, and correspond to what's available in the commercial market and what is available in mil/gov pubs -- many listed at Joel's site. We are working on our desktop model with a manufacturer who supplies RF-protected glass for government and industry rooms as well as for entire buildings. We figure that if we can make a workable model, we'll be able to use to demonstrate to our clients why TEMPEST protection is needed and how it can be accomplished in an elegant design manner, paralleling demonstrations used by the glass manufacturer to substantiate claims for his products. One of the many things that keeps techies from getting the public's money is being unable to convince the buyer that the invention is truly desirable. Thus comes the marketer, who has skills of invention of another sort to charm the skeptical consumer that this baby has got to be a part of his/her life -- like fancy homes, medical care, insurance cars, clothing, foods, weapons, bibles, and, above all, national security. So a mongerer's brew is needed to peddle these inessentials, composed of seriousness, humor, terror, lies and pretended guilelessness, the practices of anyone doing well or doing badly, indeed, humans going about whatever they do to fill up the void. BTW, the best technology is nearly always going to be classified, with sky high prices paid for by gullible citizens to calm their manufactured terrors (the religion model, once churches and temples now weapons and satellites; once the priest/architect hustle, now that of the the NatSec wonk/scientist), so the commercial market is only going to offer less than the best, the declassified waste products, while selling it as "The Best." So we're seeking the crumbs from the NatSec table. And will use what we get or don't get in our marketing campaign, having learned the immortally favorite scheme: a mix of fact, fiction and fixation on getting people to trust the seller, not the always waste promise. But Tim knows that, practices that like a master, makes bundles. And I always take him seriously, believe everything he says, and admire his deadpan sense of humor more than anything else. Been threatened by him, too, if I don't, all in accord with the NatSec madness of our era.
At 08:19 PM 10/31/98 -0800, Tim May wrote:
Not to beat an NDA horse but while we're waiting for NSA to process our FOIA request for TEMPEST docs, are there products available to shield a desktop box, or better, a laptop? I haven't been following this FOIA request for TEMPEST docs. It seems
At 3:44 PM -0800 10/31/98, John Young wrote: pointless, for several reasons: 1. No doubt a lot of stuff will be classified, and FOIA can't break classification, generally.
Yup. Most of it's SECRET COMSEC or CONFIDENTIAL COMSEC. The parts I'm aware of cover making equipment not radiate, blocking radiation that does occur, and making sure signals don't leak between the red and black sides. There's presumably much more secret documentation at NSA about how to spy on stuff, and there's no way you'll get any of that.
2. The physics is what's important, not TEMPEST specs on specific pieces of equipment the government may be using, etc.
That too. TEMPEST, like other security problems, depends a lot on your threat models - you need a lot quieter equipment if there's an NSA Antenna Van parked in your driveway than if you're out in an empty field with nobody around for miles. What the equipment specs tell you is what the military thinks is adequate protection for typical threat environments, such as defense contractor office buildings or low-tech battlefields. The last time I checked, which was 8-10 years ago, there was a lot of TEMPEST-certified equipment on the market, though many of the vendors would only sell to the government and businesses working on TEMPEST-requiring government contracts. The main things on the market back then were - Room/building enclosure technology, so you could put lots of regular computer equipment in a big shielded room. This includes heavy-duty filtering of power supplies; our equipment was quite happy with it's nice clean power feeds. - Shielded minicomputers - basically stuck in rack-sized versions of room enclosures, with fiber-optic comm lines or shielded cables. - Quiet PCs, which generally had heavier metal cases, shielded cables, rather heavy keyboards, and lots of shielding in the monitors. They tended to cost about $5000 more than the equivalent non-TEMPEST PC. I don't know how the market is today, but it's probably a LOT more work to quiet and/or shield a 400MHz Pentium2 than a 4.77Mhz 8086 - higher frequency signals have shorter wavelengths, so they can leak through smaller holes, and the newer Pentiums probably put out a lot more energy above 3GHz than 8086s did, which means that centimeter-long cracks can leak signals. At the time, the rule of thumb for room shielding was that you wanted 100dB attenuation; the actual specs were more complex than that, and presumably classified. We did our routine measurements using a 450MHz transmitter, which would let us find any leaks that evolved from wear&tear on our doors or wiring mistakes on our comm or power gear (like forgetting to screw some lid on tight enough), but the TEMPEST contractors did the official complex measurements. This was a significant change from Vietnam-era shielding, which was typically copper mesh that provided 60dB attenuation Just using a regular laptop isn't enough; I've seen laptops transmit recognizable images to a television (though I was probably using AC power rather than batteries, and may or may not have had the display mode set to LCD-and-monitor.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Sun, 1 Nov 1998, Bill Stewart wrote: [...]
Just using a regular laptop isn't enough; I've seen laptops transmit recognizable images to a television (though I was probably using AC power rather than batteries, and may or may not have had the display mode set to LCD-and-monitor.)
Thanks for touching on the popuar myth that laptops radiate less than CRT's. Many laptops in fact radiate more compromising emissions than CRT's. Ross Anderson does his van Eck demos to undergrads using a laptop, because it works so much better than CRT's. -- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred.
At 5:32 PM -0800 11/1/98, Lucky Green wrote:
On Sun, 1 Nov 1998, Bill Stewart wrote: [...]
Just using a regular laptop isn't enough; I've seen laptops transmit recognizable images to a television (though I was probably using AC power rather than batteries, and may or may not have had the display mode set to LCD-and-monitor.)
Thanks for touching on the popuar myth that laptops radiate less than CRT's. Many laptops in fact radiate more compromising emissions than CRT's. Ross Anderson does his van Eck demos to undergrads using a laptop, because it works so much better than CRT's.
But laptops are certainly smaller than desktops + monitors are, and can be run off of batteries. This makes laptops better candidates for a sealed box commercial product. --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
participants (13)
-
Adam Back -
Anonymous -
Bill Stewart -
Blanc -
Dave Emery -
Duncan Frissell -
John Young -
Lucky Green -
Lynne L. Harrison -
Petro -
RedRook -
Steve Schear -
Tim May