Victor Borisov posted the following on Oct 15: I read about overlooking of monitor radiation. Introder can scan the electron-beam radiation from electron-gun. He simple transmit this radiation to self electron-gun and sinchronize frequance. This method work with b/w monitor. The overlooking of color-monitor more dificult - introder will see 4 gradation of gray (all guns off, work one, two, three guns). But we can select spesial colors (red-blue or blue-green) and allways will work only one (or two) guns. In this way introder will see dark (or light) gray screen without any information!!! Is it corect? Do now present more improve overlooking system? We in the USA refer to this technology as TEMPEST, which is an acronym for Transient ElectroMagnetic Pulse Emanation STandard or Transient Electromagnetic Pulse Surveillance Technology. Victor, I have a long (58K) document about this which I'll be glad to send you, just ask. I think I got it from this list last August maybe. I haven't seen Victor's idea of adjusting screen colors before. I suspect that it would take some balancing of the colors so the combo for foreground/background would be the same strength to a close tolerance. Certainly I wouldn't trust it without confirmation from an experiment that a state-of-the-art TEMPEST device couldn't resolve any information. Victor, could your friend in the KGB arrange for such an experiment?? TEMPEST defenses considered here involve using metal cabinets and other shielding. One relatively inexpensive approach uses metallic wallpaper! Here are some references: From: szebra!novavax.nova.edu!yanek (Yanek Martinson) Subject: INFO: TEMPEST companies To: toad.com!cypherpunks Date: Wed, 16 Dec 92 20:33:10 EDT X-Mailer: Elm [version 2.1 PL1] Lindgren RF Enclosures 400 Gigh Grove Blvd. Glendale Heights, IL 60139 Contact: Wayne Martin 708-307-7200 FAX: 708-307-7571 "LT" Series Shielding System is a complete line of modular enclosures, equipment cabinets and custom enclosures available in virtually all shielding materials. The system features exclusive Double Electrically Isolated construction for maximum attenuation. All enclosures are fully tested and guaranteed. Aplication assistance available. Secure Systems & Services Div. of The R/H Factor Corp. 13990 Goldmark Dr., Ste.401 Dallas, TX 75240 Contact: Ray Helsop 214-907-9288 FAX: 214-669-9160 TEMPEST Products, Systems & Services are for Military/Industrial firms concerned with threat of information security and protection by [sic] electronic eavesdroppoing; also commercial EMI/RFI, reduced emissions products. We provide TEMPEST service and support, data encryption, F.I.S.A. Facility Information Security Assessment Studies, site planning, installation design, facility upgrades, etc. International Paper Co. Longmeadow Rd. Tuxedo, NU 10987 Contact: Larry Fahy 914-577-7247 SAF'N SHIELDED (tm) International Paper provides a unique wallcovering that prevents electromagnetic interference (EMI), wireless electronic espionage, and other forms of electromagnetic eavesdropping. The new wallcovering, a composite structure that incorporates a nonwoven mat of metallic fibers, has been TEMPEST-tested by the U.S. government and can achieve attenuation levels over 100dB. The material, which eliminates the added costs of "hardening" or adding protective shielding to individual pieces of electronic equipment, is being used both in primary applications and to upgrade facilities to higher levels of protection. It also provides a way to plug EMI leaks quickly and effectively. Unlike woven or sheet metal, which typically require gutting entire rooms, this flexible, lightweight material goes up as quickly as wallpaper. No special tools are needed, and downtime is minimal. Transaction Security, Inc. 21 Industrial Ave. Upper Saddle River, NJ 07458 Contact: O. Mark Hastings 201-573-1150 Steel TEMPEST-type enclosures for any size computer hardware. Subject: New number for Secure Systems & Services The new number for SS&S is (214) 907-9288 Also, Lindgren RF Enclosures informed me that they now have exclusive license to market International Paper Company's SAF'N SHIELDED; and they give free samples ;-)) JPW ==================================================================== Date: Mon, 28 Dec 92 11:57:49 PDT From: szebra!jplpost.Jpl.Nasa.Gov!wendtj (Jeffrey P Wendt) To: toad.com!cypherpunks Subject: TEMPEST companies I have recieved information from Veratec re: the product Safe`n'Shield, and I have to say that for an inf0 packet, they have done a great job. The folder comes with 2 sample squares of the Safe`n' Shield material, and the specs for their product are as follows: >----------------------------------------------------------- > Shielding Effectiveness of SAFE`N'SHIELDED (R) >(in dB Attenuation) >___________________________________________________________ >SAF`N'40 tm 10' x 20' x 8' Room >___________________________________________________________ > 10KHz 1MHz 50MHz 400MHz 1GHz >----------------------------------------------------------- > >100 76 53 57 62 >___________________________________________________________ >___________________________________________________________ >SAF`N'60 tm 8' x 8' x 8' Room >___________________________________________________________ > 10KHz 1MHz 50MHz 400MHz 1GHz >----------------------------------------------------------- > >100 N/T* 67 72 87 >___________________________________________________________ >___________________________________________________________ >SAF`N'80 tm 8' x 8' x 8' Room >___________________________________________________________ > 10KHz 1MHz 50MHz 400MHz 1GHz >----------------------------------------------------------- > >100 >81 100 90 90 >___________________________________________________________ In addition to some general notes and a customer list, they provide a 25 page booklet on construction techniques; both new and existing. The material is very thin, about the same weight and feel as good bond paper. The manufacturer states that this material meets the NSA 65-6 spec using this nonwoven material as the priamary shield. The material is applied just like wall paper, with comercial wallpaper glue, and from a construction point of view this stuff looks like you could do an 8x8x8 romm in a few hours. Alas, I did not recieve a price list on the material, but I am sure it will be a hell-of-a-lot cheaper that buying TEMPEST certified computers, and best of all...you don't have to register a damn thing ;-)). The address is: Veretec Long Meadow Road Tuxedo, New York 10987 (919) 577-7447 Victor Continues: Some words about DES - I spoke with one cryptoanalisyst from KGB and he sow, that for number crypto algotitm c(key, text) (key is keyLength tall) present f(key, text), that for all key1 and key2 present key with length keyLength, that c(key2, c(key1, text))==f(key, text). He also say, that now present f() for c()=des(), more f() wery like des(). That`s why for decrypting of des(k1, des(k2, ... des(kN, text) ... )) we must try 2^56 keys with spetial function. Victor seems to be saying that his friend is saying that DES is a "group" (if I remember my terms correctly), which somebody was supposed to have proven wasn't the case. Although, strictly speaking, a "group" was supposed to be f=des, where Victor just says it's "very like DES." But multiple encryptions as Victor describes are not used. Rather alternating encryptions and DEcryptions. For example triple DES dese(k1, desd(k2, dese(k3, plaintext))) where "dese" is DES encryption and "desd" is DES decryption. What does your friend in the KGB have to say about that, Victor? If triple-DES reduces to any reasonable transformation of (some) 56-bit key then it's almost as easy to break as single-DES which we now know only requires 3 hours on a $1 million specialized machine. Of more interest here, Victor, is what your KGB friend says about the IDEA cipher, RSA Public Key encryption, and the MD5 message digest, all of which are used in PGP. We would also like to know if the KGB has found any weaknesses in PGP or if they've even had occasion to try to find any. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca