cypherpunks
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
September 2013
- 75 participants
- 292 discussions
----- Forwarded message from John Gilmore <gnu(a)toad.com> -----
Date: Wed, 11 Sep 2013 13:20:13 -0700
From: John Gilmore <gnu(a)toad.com>
To: Grégory Alvarez <gregory(a)alvarez-garcia.com>
Cc: cryptography(a)metzdowd.com
Subject: Re: [Cryptography] Laws and cryptography
> ... the Wassenaar Arrangement clearly says that
> material, software and technology need an authorization to be exported /
> published.
>
> What is actually the status of the law about cryptography and publishing
> new algorithms ? Is the cryptographer that publish a paper without
> governmental authorization an outlaw
There is a tension between fundamental freedoms and crypto controls.
Often fundamental freedoms win (as they should). The Wassenaar
Arrangement is a private agreement among a bunch of governments -- it
is not a treaty -- and has no legal force at all. What matters are
the statutes in your own country, and how they are interpreted.
I don't know of any cryptographers who have been punished under crypto
export controls, anywhere in the world, for publishing papers about
encryption. So invent your own cryptosystem if you want, write about
it, and publish!
Human-written software was considered to be different from
human-written papers for a while; in the US it took three court cases
(Bernstein v. US being the first winner) to sort this out. In the
1990s, Europe did not control freely published ("mass-market and
public-domain") software, and by 2000 that was true in the US also.
Unless you want to find and pay a lawyer with relevant expertise, the
best way to get a more-or-less definitive answer for your particular
country is to look in Bert-Jaap Koops' "Crypto Law Survey". He has
been maintaining it for decades, and actually did his PhD thesis on
global regulations about encryption. See:
http://cryptolaw.org/
> The department of the ministry of defense that handle this regulation
> can't answer if publishing a cryptographic algorithm needs an
> authorization.
Can't answer, or won't? In the United States, both the NSA and the
agencies responsible for the export controls (State Department and
Commerce Department) have been known to lie to the public,
unofficially, about what is actually allowed. Their tendency is to
talk you into assuming that you have no rights, even if the law is
clear that you do. Or they will tie you up in knots over how you
might be able to comply with finicky regulations, without ever telling
you that you are exempt from those regulations. We even caught them
lying officially once or twice (e.g. refusing export of Kerberos
authentication software on the bogus theory that someone, someday,
might adapt it to do encryption).
John
_______________________________________________
The cryptography mailing list
cryptography(a)metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
1
0
typo collage by Laslo Moholy-Nagy, 1922
http://www.flickr.com/photos/thebadboy/4305933173/lightbox/
http://www.corbisimages.com/stock-photo/rights-managed/42-22071693/early-wo…
jasper johns alphanumerics
http://2.bp.blogspot.com/-UgXFTByzbvE/TdPUi819VRI/AAAAAAAAAZE/4SR-NseLDQk/s…
http://www.slowmuse.com/2012/06/11/honing-in-on-johns-smee-style/
http://www.sfgate.com/art/article/Jasper-Johns-review-SFMOMA-s-broad-stroke…
http://www.lost-painters.nl/wp-content/uploads/2012/04/Jasper-Johns-Gray-Nu…
http://www.google.com/imgres?start=131&safe=off&client=firefox-a&hs=Icg&rls…
http://www.google.com/imgres?start=133&safe=off&client=firefox-a&hs=NI1&rls…
http://www.google.com/imgres?start=159&safe=off&client=firefox-a&hs=NI1&rls…
http://www.pinterest.com/macotok/jasper-johns/
http://www.pinterest.com/digbydo/johns-jasper/
#note on quantum correlation-- discovered in first image search query for
Jasper Johns examples...
transparent ziplock with acid written on it, yellow letters inside, by Ray
Geary (?)
http://vapidforever.com/wp-content/uploads/2013/03/Acid-241x300.jpg
https://www.google.com/search?q=jasper+johns+alphabet&safe=off&client=firef…
1
0
// disclaimer: half of what i say here is false (right), though may yield
some ideas... //
there appears to be huge intangibility involved in cryptography, belonging
both to highly advanced mathematics and its mediation in designs of
advanced technology, as if betting at the limits of what can be known - in
extreme territories and with potentially massively powerful tools where the
ideas, hypotheses are tested. and yet failure may not be readily known,
even by the cryptologists- if peer-review and mathematical and security
advances are compartmentalized (deep state capacity versus everyday
society) or oppositional capabilities, perhaps some 'unknowns' have been
solved for some time and are the basis for breaking existing codes and
creating others. again, a naive person like myself may think this is what
p=np and calculating largest prime numbers are about, those those only a
small sample of a different security-driven secret landscape of ideas,
techniques, and technologies that may be nowhere near public or even
private discourse in day to day civilization; again, this assumption based
on an otherness or differing capacity for crypto beyond existing technology
and public encryption standards.
strong on mathematics, strong on technology- yet what about strong on ideas
as the basis for the code? what about the secret communication dimension,
not just Bell Theorem signal and noise, also Saussure and others with basic
models of communication - have these assumptions become dogmatic and
assumed solid when instead they are ready and ripe for exploits based on
misconceived notions, like a social viewpoint that is accepted and
unquestioned yet inaccurate or even to a degree untrue, then allowing a
false viewpoint or perspective to become standard, able to be exploited
from the start due to not fixing the errors, and so on... those being
errors in thinking, in conceptualization, in assumptions of 'what code is'
and where it begins and ends, and the issue of its conceptualization and
especially ~understanding or meaning. utility is a much hated word though
in an infrastructural sense perhaps relevant, and likewise: purpose.
this is where i contend that "code" that is assumed 'true' by its very
nature of transmission is insecure by the assumption that this viewpoint is
actually shared in a model of trust that grounds to truth removed of
errors, versus partial truth or even a fiction that establishes an
illusion, behind the security mask of encrypted communications. and is that
level of auditing going on with the messaging, what is transmitted- and
where does the code actually end-- is the model of encryption
-simplistically- only an issue of creating a container to send data within,
thus in some sense providing security and cover for hidden conversations,
and thus like a brown paper bag that goes from point A to point B and
blocks any attempts at intercepting the contents (say anti-magnetic,
un-x-rayable, etc), and is it a binary data model that scrambles the
contents within this container to an indecipherable format, related to
particular cryptographic equations, and via key exchange or other means,
can be decrypted and the message taken out of the brown bag when confirmed
to safely arrive at point B. and should someone gain access to the bag,
they may only be able to investigate its outside, and if advanced enough
perhaps the bag would degrade or disintegrate over time or by any attempts
to access what is on the inside of the temporary security container.
a horribly uninformed guess of the dynamics perhaps, though issues of mass
or targeted surveillance of encrypted data (say by NSA or the local police
force, in a terror-allowed extra-judicial surveying getting around the
bureaucratic blind-eye syndrome, not everything dealt within the courts
these days if ever it was) - then perhaps the brown bag is actually
instead, via the capacity for decryption and key-escrow scenarios- a
transparent ziplock pouch containing the message that is meant to be secret
and thus the data is accessible both at its origin, along its route of
transfer, at its destination, and in any storage capacity, potentially. And
perhaps that information could even be stored off-site in some database-
perhaps the ideal model for the security state, just like the fantasy of
electronic health records-- who could feasibly do a better job of this than
a ubiquitous surveillance state- what would the ur database of secrecy be,
would it be a data warehouse in some desert or underground mine somewhere,
with all the hidden information of peoples private lives, chock full of
lies, betrayals, indictable offenses, then to be queried should *any*
citizen step out of line, in any political context- to call upon electronic
blackmail or other data to shape, sculpt the future state via such
exploitative information operations? is that not the fear at least, about
unrestricted data gathering and loss of trust for where the boundaries are,
the law no longer seemingly protecting citizens or held as a hypocritical
Damocles sword above each individual, should they question the state,
bureaucracy, its authority and various representatives, public though
especially privately connected, advantaged, as if now you are on the wrong
side- no chair for you when the music stops.
it just seems like so much is riding on the infallibility of a model that
has obvious weaknesses, in particular the serialization and digital mantra
of long numbers and calculation in a particular ~style of computation, as
if somehow the peak of intellect, while seriously flawed both in its
thinking (rendering a too simple worldview as binary ideology) and its
technical limitations (leading to abysmal computing for human beings,
though great for dumb and powerful machines). Try to eek artificial
intelligence out of a concept that is not grounded firstly in truth,
inaccurate models detaching quickly from human values- humans serving the
machines, trading life for the toxic necropolis though also a structural
idiocy built upon the falsehood, unstable, which is why the ideology must
be 'absolute' and basically monopolize options- the barrier of the binary
is keeping people away from understanding and being able to shape
technology, its obfuscation and abstraction far away from 'thinking code'
that was once the goal, so everyone could program a computer and instead,
only a professional class can do it, and it is so horrendous in terms of
implementation at scale that devices are basically hobbled together in a
mish-mash of oftentimes conflicting code, if not having such design issues
as the basis for exploitation, for weakening software to disallow any brown
bag or secure website to possibly exist, though held within a context that
ideologically presumes and declares the brown bag scenario is the default
situation, versus the transparent ziplock bag, whether cellphone data kept
from the manufacturer who monitors it for statistics and advertising, to
others, including government, or home computers that are like ant farms
these days in terms of potential exploits, like a plague environment where
quarantine is likely not even possible anymore, especially with TEMPEST or
keyloggers or NFC or whatnot. cancer is not only devastating the
populations, there is a cancer of ideological code, a virus-like contagion
that has overtaken technology and is best, most iconomically represented by
the binary digits of 'digital ideology' as if progress in some backwards
mind-washed and societally-engineered global cesspool.
100101101001000001101010100110010101000101011100
What is that stream of data exiting or entering my computer? -thinks the
naive person to themselves- is it my bank records being pinged remotely by
the local magistrate to use against me in an extortion scheme or to frame
me and cause my downfall? At some level, this is the universal currency of
computation today for those who can use and "program" the devices to do
things, though of course it is reliant on computer architecture, processor
design, transistors themselves and if 2-values are the approach, that
establishes a structure that influences everything within its functional
domain, as a kind of superset operation 2(everything).
Thus, an issue like "literacy" in a very limited context may be if you have
foundational knowledge and can understand and comprehend the situation
involved, (in contrast to omniscience as a basis for literacy.) Those who
have this 'binary computation' literacy then are able to program computers
to do things via software and hardware designs, and particular systems:
e.g. a security model that becomes crypto technology, via customized
hardware and software development. And that likely is based on certain
assumptions about how things work, yet within a particular (binary)
framework as the overall, largest, or overriding assumption. A situation
like qbits or spintronics potentially upsets the model or analog
computation (if not 3-value or N-value) best suited for artificial
intelligence in that 'grey area' is vital -- retaining "unknowns" or
"neutral" states -- as part of the consideration of IDEAS within a
computational and analytic context, versus forcing an answer, most
especially if this is premature or even inelegant and in its lowlier
determinism, degrades the question in achieving its answer, dumbing things
down.
For people to succeed in society they have to become binary machines, think
like on/off switches, a quick way to success if taking on machine values
and reinforcing them, and in this way the binarist has found their religion
in a false absolutist framework that has also killed though within the
educational system, universities in particular, where ungrounded viewpoints
of subjective relativism (a=b) enable an authority to determine truth, thus
trump any errant thinking, and allow the machine to proceed on its
political path, via its own antihuman values, much of this supported by tax
dollars, loans, and lifetimes of tithing-- to gain what exactly- "the
correct viewpoint of a person who can function in the machine, as the
machine, become the machine, extend its principality".
For those not literate enough to program and much less to design crypto
systems in that context, the binary code itself is the encryption- the
opaque wall that is impenetrable, a mystery behind which all truth in
society is either captured or missing, held outside of, and thus
delegitimated by its absence (~nothingness). In this way, the existential
no-exist crisis, everything reliant on a computational system and approach
that has disenfranchised humanity, yet people are told and sold on the
faith in corrupted technology (and corrupt ideas) that the whole mess
actually works and there is a hidden purity in it all, behind the code you
cannot understand nor fathom. That it is actually beautiful and not
horrendous and a terror, "you just do not and cannot understand", unless
indoctrinated, made literate. And most everything keeps that from happening
for certain people on the outs with those running the exploitative power
game, which is also part of the 'idea'. In that limiting access, segmenting
populations of those who can and those who cannot, then is active political
science as computer science and its development. This leading to the online
webwork and network culture of today which is more a global junk drawer
than anything else, civilization turned into foolish wasteland, the trinket
icons for social media most like those thingamajigs put in the safe zone of
a baby crib for the enforced society of mass adolescence, by DESIGN.
So for one of these fools, myself, for me the binary code is a form of
encryption (or perhaps encoding with an incapacity to decode) that carries
with the mystery of perfectly hidden communication, that only few, masters
of this realm, can deal with to the degree of breaking actual cryptography
that is further embedded in this modeling of data in what seemingly amounts
to electric charge and magnetism as this is moved around and stored within
circuits, on an individual local level and as it relates to vast global
networks and congregations of such data in what are likely only
"pseudo-empirical" models, not dealing with _absolute truth and instead
reliant upon a shorter quicker route that estimates what truth is using the
same binary ideology, which tends towards reliance on ~subjective
mathematics; subjective in the sense of A=B whereas objective would be A=A,
relations involving like and unlike.
Plato enabled the questioning of paradox, accounting for it, whereas
Aristotle apparently deny its existence- and this more like Aristotle's
world. Both could be correct if delving into it, modeling it, figuring out
how the relativism fits into a shared model of truth- it could be an issue
such as allowing for time that favors one view over another, for instance.
And yet if assuming 'everything was known and figured out' and thus
"absolute truth" could be determined, after all the facts are in, then an
A=A approach may be valid as an unrealized hypothetical, a model of truth
that is highly accurate towards truth (95% +unknowns/errors) that is then
essentially "truth" yet remains contingent, based on falsification or new
data that tests and challenges the model, further solidifying or tweaking
or undermining it. This is the assumption of the binary 1, absolute truth,
and in contrast 0 as falsity. As if a daily encounter people can categorize
their experiences within. That is, as an idea, as an ideology-- yet
throughouly in the bed of relativism, without grounding in a larger
error-correcting empirical truth, and instead reliant on the local
individual skews and warping and distortion of uncorrected observations,
shared and unshared, as a basis for 'infallible' assumptions and
presumption of truth as an easily accessible, decidable condition- a choice
as it were. A right even, for an individual to determine what will be their
specific reality on a given day. Flip-flop circuitry, today it is true
tomorrow false and in two weeks truth again. No sliding scale of the
N-value analog of looping probability (.1 then .8) nor 3-value grey days in
the neutral or unknown middle zone (1-N-0) -- instead, like 'the only
correct answers on standardized exams" in the indoctrination system to
brain wash humans into machine ideology for pre-programmed, exploitable
functioning, there is always a right answer available, and someone has it
and will move ahead and those who question or think differently are
challenging the machine, breaking the ideological coherence, and must be
removed as if defective transistors, part of the corporate state business
model of mass manufacturing human components into a living global computer
based on machine values.
And what is proposed is that an assumption exists in cryptographic models
that involves this issue where, most basically, the assumption that A=A is
itself not accurate in the least, including at the computational or
hardware level, its architecture, as this then evolves into software, which
"ideas" then both are born of and born within what likely are
'inaccuracies' of thought, of consideration about IDEAS themselves that are
the basis for the code and the secret communication. A lot of assumptions
could be wrong, including at the level of messaging which crypto may assume
is A=A by default, of shared grounded interpretation when instead it is
most likely A=B by default, a question, a very grey-area of consideration
-- how do you even know what the encrypted code is, where the crypto begins
and ends-- and it seems to be that 'the crypto algorithm' is this device
that delineates : here is the crypto. And for the uninitiated and
illiterate (in this realm) it becomes a situation not only of seeing the
binary code as a wall of mystery and actual oppression, a limit or boundary
or threshold behind or beyond which is an inaccessible realm that has the
capacity lost in another realm, the potential for action, for ideas, held
in the hands and minds of others, then to be faced with a stream of numbers
and repeatedly told of their security and really- infallibility- as a
security model, because of the length of the string or the size of the
prime numbers being computed. As if entirely about numbers, truth and
ideas, and not about logic and truth firstly or in relation to these,
foundationally.
And so from the outside it seems some of those who actually believe such
things must either be very naive "thinkers" and have no real philosophical
sensibility -- that is, in the realm of ideas or models of actual human
communication -- or they are lying and bullshitting and are fully aware of
the exploitation. Perhaps there is a hidden social aspect for humans
involved, implicit understanding and awareness of these limitations, though
for others it seems like the classic crooked salesman situation, crowds
gathered round for the miracle cure which is a ripoff. Intelligence wise
this is a sure thing, the deception- though the scale has gone from a
public context into a no rules private context where seemingly anything
goes within a given networked boundary- which perhaps is the setup,
allowing the petri dish to populate its ecosystem, observe and categorize
the dynamics, and so on. And thus, implicit in this suspension of
disbelief, the grey area appears in the paradoxical nature of the
situation- there is and is not security, it is contingent on varying
factors and can ebb and flow day to day. And yet at some juncture this is
already well into the application or implementation of crypto models and
assumptions-- say people are walking around with encrypted access badges
and it leads to biometric and other parallel security technologies to make
a physical security situation as robust as it can be in terms of verifying
identification.
Yet even then the well known issue of intention, the person moving from one
point to another could have ulterior motives and that access granted them
is actually an issue of insecurity due to duplicity, or who knows, with
counter intelligence it could be triplicity and fake messaging or whatnot
that is moved as information. And so that depth and issues of trust. And
then in an online, remote connection scenario, software is mediated the
locked doors and verification, yet the same issue remains of trust between
sender and receiver or the relation of those communicating via secure
exchange. And here is the question again- how can it be verified that Alice
is not Edward and Bob is not Nancy or is that irrelevant and a 'social
issue' of security and not involved in the cryptographic model.
For instance, assume there is an Edward and Bob who are exchanging a
message and it is in a biased pronoun perspective (subjective) of "history"
that warps and skews human existence to only oneside of the ledger at some
interpretative level, where inaccuracies or falsities could persist in the
data itself.
Edward ----> ("history") ----> Bob
If Bob receives the encrypted information and "decrypts" it, presumably Bob
would then have "history" on his side and the exchange would be successful,
the crypto would have worked, and it could be assumed the data is TRUE by
default of its transmission; the code is some fancy algorithm (brown bag)
that moves the intended information from one point to another in a
protected, secure way.
(history) Edward <===> Bob (history)
Yet what if Bob is actually Nancy in drag... what if the identity of sender
and receiver are unshared in some relativistic aspect that remains
unaccounted for in the general model of trust- easily equated with a sender
or receiver who is lying or an impersonator, etc. Or, an ungrounded
observation assumed universal and the basis for shared empiricism...
(history) Edward <===> Nancy (history)
The reasoning or thinking person may evaluate inaccuracies or flaws within
the 'message' or 'ideas' and discern or deliberate from that context, which
could still involve 'encrypted data' as it relates to actual truth in the
model of shared exchange. For Nancy or a human being, "herstory" may
balance the biasing of the male perspective where relevant as a shared
framework, and thus there could be 'both truth and falsity' in the message,
or shared and unshared POVs. This is proposed a potential weakness in terms
of security, because the 'secret writing' does not end with the data
transmission...
(T) Edward <===> Nancy (T/F) --------> his|her-story
Now perhaps there is implicit understanding between Edward and Nancy about
these dynamics, so a kind of autocorrect could occur via observation, such
that a human view could emerge from both a male and female accounting of
the story- yet it also may not and lead to diverging interpretations, one
biased only to male evaluation in an extreme version, and thus the female
structurally subordinate yet functioning within that realm by ideological
compliance. Institutional politics seems to occupy this realm by default,
attempting to engineer a solution while not dealing with the corrupt code
involved, or false ideas allowed to persist.
So assume this split in interpretation is not to do with sex or gender
issues and instead it is just about an unshared idea, where a model could
exist that the data exchanged in a secure way is actually A=A when instead
it is A=B, and what that dynamic establishes in terms of corrupting
assumptions of trust. In a scenario of ungrounded relativistic observation,
there could be 'N' such security problems for any variance in the ideas
themselves. Hidden readings belonging to other levels of secret writing and
hidden communication-- and this is all about meaning and language itself as
the primordial code of ideas, not mathematical concepts as the meaning,
value, and worth of the exchange, presumably.
Thus the double-agent problem could be:
(T/F) <===> (T/F)
And depending on how those doubles interact, it could be sharing like or
unlike lies or sharing truth or unshared truth. And that is before any
ambiguity or grey area would be modeled where a question may exist,
unknowns, in what is being communicated- which is usually the norm for
exchange of information in that people are not omniscient and not capable
of thinking through every last detail of a communication due to
boundedness, though computers may have more potential ability for this-- in
plain text. Like newspapers headlines related to other headlines in a
categorical model.
(T/N/F) <===> (T/N/F)
In the above example, the middle or 3rd value could either function as
'unknown' and thus not involve determination of what the meaning is of the
message or *some aspect of it* which could remain unintelligible or ~vague,
in some way or dimension, else it could involve an N-value approach that
slides across from truth to falsity depending on probability of
understanding, whereby 'truth' and 'falsity' are never actually attained
(impossible, I say, this absolute knowing) in the basic data model, and
there is always already an implicit realm of error and misunderstanding and
non-awareness inherent in the "secure exchange" via these shared relations
that is part of the condition of serial language based on non-empirically
grounded signs today. In other words: most all language and communication
exists in this gray area (N) from the start, even within computers, and the
binary framework (1,0) and truth and falsity in an absolute framework are a
fiction; and in this way-- a security problem in each and every exchange in
terms of the actual accounting for the truth in the secure exchange, its
validity and its role in establishing shared observation when this is more
unlikely than likely, if there are unstable shifting conditions for
observation (observers moving goalposts, etc).
So in a security model of relational exchange it would appear required to
account for ambiguity from the start, such that any exchange exists in an
insecure condition *as language* which itself can be further encrypted or
encoded and depending on the observers may or may not be shared as a
viewpoint. This is the realm of linguists as thinkers of ideas, the
potential for language as code, that extreme threshold of intelligibility
that can *appear* and actually *be* that garbled mess of signs and symbols
and numbers and yet remain intelligible as language, as hidden or secret
communication.
Observer.1 (N) <===> Observer.2 (N)
This is to attempt to convey the idea that while 'binary code' and
encryption could transmit an idea between observers, that there is still
the issue of viewpoint, understanding and analysis- the meaning of the data
in the exchange, as this relates to secure communication. Perhaps it only
applies in a textual exchange format, yet the encryption itself may go
further than PGP or SSL and the issue of data integrity seemingly may not
even relate to the issue of 'truth' of the data itself, which in some
instances may be required though in others, it would seem to imply either a
shared empiricism must exist that error-corrects false views and thus
enables 'truth' to co-exist via remote connections, and perhaps involve
shared dictionaries or keys-- which tends towards truth-- or that it could
be wrongly assumed that this is a shared condition else asymmetrical, and
those dynamics could be involved.
The reason it may be relevant, especially in an untrusted context, is that
the 'officially' decrypted code may not be the actual hidden message, it
may be the self-evident signage of successfully contained and delivered
'security content' yet its meaning may remain ambiguous until further
analyzed, which could be done successfully or not, and may or may not be
time dependent upon having the window or keys to decipher its hidden
meaning, thus long term storage may not be an issue if it quickly degrades,
the originating context evaporates with which to contextualize it, make
sense of it, etc.
In other words, the 'official communication' could be a false perspective
and the double or *surveiller* may access the decrypted headline and
interpret at that level of binary correlation and categorization in its
rough global-model, yet the actual intelligence may not be surface level,
it may still be encrypted within that content-- and here is the idea: like
the fiction of the binary string being some intellectual stronghold that
transports the valued information, it is instead that that decrypted string
or gibberish data when made into plain text is not verifiably the
"decrypted code" which could still exist in plain language without a
computer algorithm determining its structure (instead it is ~ideas
themselves, their truth) and that this could even involve raw crypto code
itself (guessing hash data) that could carry within it decipherable yet
hidden meaning. e.g.
A SENTENCE COULD HAVE ANOTHER HIDDEN MEANING WITHIN IT.
The signage (letters, words, punctuation) does not readily move to a A=A
scenario in certain chaotic environments where meaning is unshared. It
could be variable, unstable, collapse if falsified or the hypothesis is
known inaccurate or false- thus A=B that it tends towards the grey-area or
even falsity. The sign itself, say a [word], could be ambiguous, it may not
translate across cultural differences as a concept or may exist in various
zoned definitions, say word processing software or written word or spoken
word, or may be a typo (world). They are potentials, possibilities, and if
not having the key, it may be missed or details that cannot be comprehended
given an unshared understanding or inaccuracies in viewpoint or reasoning
process. Say, if forcing things to a biased perspective and thus there is
data loss in attempting to access the meaning, because it does not readily
fit into the same conceptual framework. Issues of language. Yet further
there is an entire realm of language missing from this that is moreso that
of code and encrypted communication: symbolism.
If for instance a PGP encrypted communication was shared between observers
1 and 2 and so it streamed through computer processors and across networks
as digital bits and a string of abstracted encrypted information that
arrives at its destination; and for all that trouble the "officially"
decrypted message is a word that can be written in different directions,
and thus is either the same or has different meaning; say [ton] and [not]
else, [wow] and [wow] or [mom], else the ever classic anagram [santa] and
[satan]. This kind of 'word permutations' are similar to calculus in that
they transform the situation from one scenario into another, and this is
mentioned in Plato in regards to mirroring and language, that that is when
the meaning of language is unlocked and understanding begins.
This is the most basic first step into this realm, though the idea is that
signs have mutability, yet there can also be a symbolic aspect that is
inherent in all language (categorization, archetypes, say a tree in
relation to other trees as it models the 'concept' of what a tree is); and
so images and objects can function as language and be used in
communication, such as a barber pole or sign for bread outside a bakery via
the image of bread. Symbol dictionaries are the place to look for this type
of rich cultural information which dates back to the beginning of
civilization and involves the esoteric and mystical realm, in addition to
that of theology and philosophy, essentially metaphysics which can veer
straight into the occult or the core of the world's religious institutions.
so entire languages or systems of communication are already establishes for
millennia and tied into present-day language and sign and symbol systems
that potentially could be referenced in a 'decrypted communication' that
remains encrypted in this context; and it directly parallels the [infinity]
x [infinity] x [infinity] ... {N} approach, because each letter or word or
idea could potentially map into another unknown context, unless having the
capacity to decipher this non-linear, multi-linear ecology of ideas in
their various empirical frameworks-- if accessible to the observer. It is
not a serial string that suddenly is decrypted and becomes A=A by the magic
of cryptography and instead becomes a question of assuming 'the answer' is
the most immediate signage encounter upon 'official decryption' versus what
may be an extended hidden communication that is the foundation and basis
for human language and communication throughout its development of culture,
and that this is not a serial string of signs (say, greatest idea is
largest prime number!) and instead about the interconnected logic of
symbolism as it identifies truth, and those who shared this empiricism and
understanding communicate within it, and those who do not may have the
signage, and potentially the keys, yet may not be able to see it because of
an unshared model of truth (theirs: pseudo-truth) that degrades the
interpretation via the action of seeking to determine meaning.
Imagine the decrypted official message, post-binary, post crazy code, is
the plaintext word:
rotor
And somehow the hidden key indicates to twist this 180 degrees, such that:
jo+oj
In this arbitrary example, given pre-existing library of meaning or
contextual interpretation (say, contingent meaning based on temporary
shared keys) that this is referencing the song _these boots are made for
walkin'. Such that perhaps the two letters j somehow reference this as
pictographs and then there is additional content related to the potential
signs/symbols of that fragment as a linked cryptogram. The plaintext rotor
may be embedded in a larger decrypted document yet be distinguished by a
secret shared key that opens up or unlocks its potential meaning; in that
it may or may not be "accurate" or true, though if grounded as a shared
viewpoint it could tend towards 1 or absolute truth in that finite
micro-perspective that may identify or share some critical data. If
considering that each word in this email could carry some potential for
decryption of hidden information, not only is each letter and word a
potential variable, their combination and connections both inside and
outside this text are also relevant thus instead of a binary string of ones
and zeroes and their abstraction as an indication of the intangibility of
accessing the cryptic code, instead it is the empty set and that question
that stand in for the self-evident (yet potentially wrong) signage saying:
the decrypted code is here, read the serial message: this is a secret,
shhhh....
Do you see the absurdity of assuming encryption occupies only an obfuscated
realm when in a context of philosophy, truth, ideas, logic, and mathematics
involved in those questions versus what are by comparison computational
trivialities in terms of "intelligence" as it exists in the realm of ideas
versus vacuum packed into a clean-room context of science, technology, and
technocrats with a ruling agenda? It is really laughable, in that there is
real idiocy involved in assuming an idea is simply true or decrypted as a
sign of a language system and that there are clear boundaries between these
security concepts. I doubt humans do this though apparently a great many in
the population are ideological adherents and enforce this viewpoint, have
taken over entire institutions, in particular the education system itself,
government, health care, and are determining by this false perspective
binary mindset the future of humanity, which is not only in decline, it is
that of the earth turned into an open air concentration camp and yet given
tools to communicate about it (ziplock bags) that would lead to their
further persecution for being revealed an enemy of the rogue terror state
via gilliam Brazil-like error-nightmares that can never be recovered from,
bad components must die, only the ideologically pure will survive, who like
in the Matrix now use humans as batteries to keep their machine running,
"evolving".
A related aspect involving Plato is that there are original ideas,
fundamental concepts, and then there are "copies". And it seems very
relevant to issues of code, programming, cryptography and security,
including with hardware development (knock-off chips, secret instructions,
etc). Issues of verification of A=A that can be lost via mutations or loss
of oversight or control or unshared goals, ideas, as part of the process.
So that seems to describe some of the politics involved, where an idea can
start out in truth (A=A) yet move towards another viewpoint or further into
pseudo-truth (pT) over time, such that A=>B (or, A=B). This is like a
once-secure crypto approach that is subverted somehow, either known (A=B)
and thus invalidated for its security or believed secure (pT=T) and thus in
that error there is a loss in security; in that *subjectivity* as it were,
that unaccounted for ambivalence or the impossibility of determining its
truth via accounting.
Yet what is even more readily evident in "popular crypto" appears to be the
issue of 'copies of copies' which is the internet model of software
distribution, whereby the issue of the first copy had a close relation to
the original, such that A1=A2 may be nearly indistinguishable, whereas
through the reiterative process of 'copying the copy', (such that A2 =>
A3...A300+) then also involves erosion of the original within the realm of
the copies, whereby A2 is closer to B than A1, and A300 is no longer
recognizably the same, cannot function as an imposter, and is a
self-evident degradation of the original idea (A=B), "unlike". It does not
pass, the camouflage of the mimicry broken; just repeating signs (code)
without "understanding" then has entropic loss of intelligibility as a
consequence.
And thus at the level of signage, a key could be known and repeated,
attempted to be used, yet if it is ungrounded, shallow, disconnected, the
observer would stay on the outside of the conversation, surface
interaction, versus entering into a shared realm of awareness. The hidden
communication could be right in front of a person and they may never know
it. That is, in terms of ideas. How to encrypt a phone call or video the
same way probably relies on existing concepts tied into binary data
transmission, though still even in those domains the same issues of subtext
and accessibility apply. Grounding, ungrounded truth, verification.
So this is to presume that cryptography has innate connection to
conceptualization, modeling of the relations, exchange, in a context of
security and shared data. And yet in some ways this language viewpoint
inverts the signal/noise approach, in that the secret writing may instead
occur in the noise and not within the signal as is presumed of 'decrypted
message' via a software solution, at least formally, from a naive view. In
that there could be many needle-in-haystack scenarios inherent in ordinary
language transmission that effectively function as encrypted information or
messaging as part of ordinary communication processes. And you could have
your optic nerve tapped by neuroscientists who are reading your brainwaves
and seeing what you see, seeing the keys and considerations, yet if the
empirical model of truth is unshared or errors are relied upon, that split
fractures and limits interpretation, making it potentially inaccessible in
that it functions in a different paradigm of consideration, outside the
framework of evaluation-- in the realm of ideas, not of ideological
determinism to validate a too simple model that becomes a method of
behavioral command and control.
This conceptual code, beyond the sign, into the sign, between the signs,
appears absent in the thinking and ideas of crypto as computation, though
in terms of its calculus-like ~mathesis (mathematics of language, language
of mathematics) based in logical reasoning, this infrasign, intra-sign and
symbolic question go into the deep core of culture at its earliest and its
most recent era where the same model of truth has been relied upon and
extended, in the realm of ideas, and thus de|con-struction and other
approaches -- hell, triple loop, salchow, flip and lutz in skating is
itself language, or the arrangement of flowers, or the color and details of
clothing ensembles-- and that these domains can be secretly written/read,
parsed for hidden meaning in day to day interactions and this is also and
perhaps more prominently the realm of crypto-communiations, if not
preceding its technological development because the mathematics are
different; what if every number of the largest prime was a bounded infinity
and each related to the next in sequence, what computer can deal with that?
none. The conceit is that today's crypto is that strong, whereas the
"ideas" of this crypto is indeed that strong, just not the technology to
communicate it. The ideas are the protection, as they are encoded or hidden
in others, requiring thinking yet also competence, not mere mimicry, not
just stand-ins or copies or clones seeking to exploit via subversion or
controlling a domain- such as: the classic "x" marks the treasure,
therefore everyone is at x, yet that is not the real x, it is actually x',
and so on, because it is symbolic, goes beyond the sign=sign as truth when
instead it is a question relying upon shared verification, validation,
testing, rigor-- security.
An example of the difference would be a coin toss, a binarist having
modeled the issue to only allow heads or tails, when there is a slight
probabilistic chance it could land on its edge under certain conditions,
and thus paradoxically be 'both' heads and tails or indeterminate, and thus
an issue also of time is involved. So even though the probability may be
hypothetically 0.00001 that it lands on its edge, say the coin toss lands
between thick blades of grass on the soccer field, and thus requires a
follow-on toss, that instead this ambiguity can be removed from the binary
model, made irrelevant, as with 'unknowns'. That is only amplified when
dealing with a realm that more closely occupies this edge-condition day to
day, issue to issue, then forcing it to goals on one side or the other
(1,0) when instead it is likely in a gradient between them (N), either as
3-values (unknown) or the bounded scale, sampling a resolution up to
infinity between them, for any given evaluation of truth, in an empirical
framework. Relativism, the ideological beast, ignores this and goes binary
to allow 'super large prime numbers' to exist as ideological viewpoints,
irrespective and ignoring their falsifiability, that is the essential
corruption of the rigged game that ends with killing off humanity.
Whereas if you are in outer space, there is no horizon and you flip the
coin, presumably it is going to keep spinning and spinning until friction
eventually slows it down though perhaps outside influence will motivate it
(ionic wind or hot-cold difference from sun) and perhaps that will keep it
going and going and going... and yet even if it were to stop spinning
someplace so remote as to have no place to 'land', no horizon to tell what
side is UP, how without this frame of reference would the coin toss be
determined in its sidedness. Seemingly it would involve being pulled toward
the nearest gravitational source and if habitable and surviving reentry,
say on a dead moon, it may finally land in some dusty realm, highly
unlikely on its edge, though perhaps removed of its identifiable sides or
not, yet at that point, it would be determined-- this is the result of that
long ago flip of probability minus immediate gravity. The weightlessness of
not knowing, of having questions, not enough variables to model an idea
fully, and taking that time _before deciding what is true, is that realm of
the neutral observer, and of a method of analysis requiring of hypothesis,
not reliant upon the quick answers a false-theoretical framework provides,
such that for universal or enigmatic situations the first choice would
instead be absolute "truth" or "falsity" in the binary mindset, further
constructing and building the false perspective of ungrounded relativism. A
trillion quadrillion zillion coin tosses true and false-- that is what we
can do! -- Yet what if most of those evaluations are inaccurate, hollow,
even destructive for the ideas they are mediating, to the point that it
subverts "truth" and replaces it with a fake realm of false choices and
corrupt relations as the status quo. Perhaps more time need be given to let
the coin spin for each and every question, instead of seeking to determine
its outcome in a too simple model of reality.
s8b
23x
d0s
The code snippet above could have as much or more "computational
complexity" than the largest prime number, in terms of its cryptographic
potential, if instead of evaluating a single message or correct answer that
there could be a novel's worth of meaning. This is the 'universe in a grain
of sand' approach, more like that of scrying where set theory universes
could be nested within others, and these ecologically connected inside and
linked outside the matrix, crypto patterns that are bounded N-variable
relations that offer an interpretative open range of decipherment, yet like
a random number generator, do not necessarily hold intention or
intelligible structure by default of their 'random' creation. Enigma RNG,
like a slot machine with symbols that tally, except these could instead be
TLAs or gap substitutions or mutated or phased dynamics, or various
movements etched, all of it libraried such that patterns could be revealed
that are insightful and map to existing other frameworks-- in that like
archetypes and tarot (applied symbolism) or especially crystal balls,
something is revealed momentarily and this may not be connected to another
via obvious key exchange- instead it could exist via SAD and quantum
correlations, the entanglement of a shared resonant instance that pops out
like a constellations or its key revealed this way, accessing a noosphere
like collective consciousness where truth actually does determine reality
and in this surrender to the weather-like dynamics of this ephemeral
condition, its magic- what is grounded can be made accessible this way,
revealed.
A computer may be able to parse or frame small aspects, yet to decipher or
read or make sense of it, more would need be involved, shared
consciousness, to consider the questions that may arise that could weight
certain variables over others in a given moment, and then transform the
context and provide a path down another previously unseen interpretation as
a result, only to have the wave function collapse and the idea disappear
from view, safely stored in its state of mystery. That is, more of the
realm of "information" as ideas existing outside the brain, in the
atmosphere, accessible by others, and not just about brains in skulls and
neurons blipping as if all language and knowledge can be flattened to a
graph or visualized by modern-era phrenologists with dangerous beliefs.
This is more than parallel worlds model of relation, entanglement inherent
in shared ideas if the 'original' is pinged by distributed others, then how
accurate the relation with the idea and with others as a basis for trust
and security. In binary worldview everything occurs in the same set theory
universe (U1) yet this is a false POV, whereas in a paradoxical logic
approach, the shared universe (U) is born from their integration and
structural interconnection of all relative universes (U1, U2, U3 ... U^N)
that are grounded in truth, removed of error, and thus modeled and related
to and through via shared perspective; archetypes, language, communication,
shared identity, trust, value, exchange, information as current and
currency, onward to hidden civilization, cosmic lineage, secret order.
The crypto-bomb is that, as with set theory, there can be hierarchic nested
relations within a conceptualization of code and secret communication such
that issues of apparent and vaunted 'peak complexity' that declare
cryptographic integrity today (transparent ziplock as if brown bag) are
themselves quite simplistic and rudimentary in comparison to the
mathematics involved in this other phenomenally and incomparably more
intense "intellectual" evaluation -- involving ideas themselves in the
security model -- in that, take for instance the Kryptos enigma (
http://en.wikipedia.org/wiki/Kryptos) -- it is very impressive such a
sculpture exists and a single message can be deciphered that is said to
explain its various grid of letters. So its hidden patterns must be
accessible via the established conventions that indicate a correct way to
go about and solve the puzzle. Yet what if there is more than one puzzle or
that 'intention' may exist beyond the quote unquote author (finite person
versus cosmic intelligence) and that like a RNG those same letters could
carry other meaning that is potentially relevant in a given instance or
could be referenced or a shared or unshared key could decrypt.
This is more the Hunter S. Thompson-Timothy Leary key exchange approach to
cryptography, psychodelicode perhaps, akin to cloud-code, observing the sky
for recognizable patterns of meaning or significance, consciousness as
divining rod, tuning into N-variables depending on individual or shared
literacy, all about language in its symbolic, mathematical, logical
foundation in terms of patterning, constellations of ideas, building from
truth (A:A), finding it, locating it, securing it, yet with time it could
move, change shape, and so trying to grasp what is there if it is there,
the grounded moving toward sanity, ungrounded fast tracked to madness and
extreme anguish. one time pad of mind, else post-it notes and micro-cut
security shredder to consider the calculus, the math is already witin the
alphanumeric structure, HIOX of the spinning horizontal letters and
vertical, twisting around to reveal themselves the same while others
mutate, letters, words, sentences, texts, ideas this way, stories, beliefs.
back to into logic, circuitry, matter, energy, this information. Crypt code
in context, WYSINWYG. It is a question with potentially many correct
answers depending on viewpoint, frame of reference, quantum versus
classical dynamics, methodology, thought, belief. Sequencing alphabet,
tabulating uppercase, lowercase cut in half along middle line, mirroring.
Chess move patterns, anything mapped onto its structure as a potential
interpretive device. Fractal code, within the noise, more and more
structure reveals itself, likely more information in that potential
framework than computational power on the order of magnitude of today's
crypto breaking claims (death of universe). Can you map all the information
in Kryptos, its potential relational meaning, via machine translation, how
many series of encyclopedia would be needed to explain the data mining of
deep significance of random connections in their associational relevance--
who decides what is true, how is it weighted probabilistically, especially
if the code functions as oracle? That is, what is true within it is true,
however so. How to access it, how much is there- can mathematicians figure
out and model such a scenario of bounded infinities within infinities in
seemingly arbitrary noise, looking, searching for structure, relational,
value? And what if that is tapped as a shared reference, a small part of
it, say a 2x2 grid of letters via coordinates-- is not this détournement also
cryptographic. That is, its apparent noise containing meaning, given
perspective- if it were to exist, and who is to say it does or does not-
how is that decided-- by a binary algorithm that tests against its own
conventions and modeling? Or perhaps are the machines blind in such a
context if the map does not represent the territory. Of course it's black
and white! -- said the grey to the gray.
Randomness, noise, entropy, "structure"-- why the dogma that a binary code
must determine this, why not a messy fragment with structure, or even a
landscape or topography or bryce-3D model as data set, is it a
deterministic view based on unique numbers, primes- what if each bit was
effectively larger than the largest prime, and there are infinite bits? The
issue of infallibility, infallible perspective or one correct shared
viewpoint as presumption versus the cosmically difficult work of
establishing this through hard-fought and hard-won hypothesis, including
blood and agony- to arrive at _tentative and contingent models versus
faith-based mathematics and belief systems functioning as techno-religion
and crypto-theology, yet fundamentally flawed in terms of the ideas
invovled at the level of the propositions, the dogma ear-shattering as if
loudspeakers given official viewpoints over and over everyone is supposed
to conform to, believe, "trust the technologists- trust the code" when this
is exactly opposite the idea, trust truth- verify everything first, stay
vigilant, check and error correct eternally. Instead that is process
hacked, subverted, errors standardized-- so what is trust in such a shared
environment- perhaps crypto is not so limited in terms of ideas that may
use the technology as its carrier wave yet exist otherwise, as a kind of
poetry of a people, a living truth that is shared, versus an inaccurate,
flawed, and genuinely stupid worldview to sustain due to its basis in
corruption. Does the transparent ziplock bag really surprise anyone
operating in this environment? What if that is the assumption all along
(presumably) and the crypto is occurring outside the 'official' lines,
beyond the perspective of unshared observer, exploiters...
The question of the question involves a critical detail related to what is
rational, a rational versus irrational approach. Inconceivable, perhaps is
the meaning of the latter though i tend to think that irrational may not
really exist as a concept in terms of thinking, because like a circuit, if
cause is involved, likely there is a direct connect to the path some event
is occurring on, and it is a matter of perspective, if another person can
understand it (rational, reasonable) or not ("irrational" yet still likely
rational in some sense for the other person). This idea of paradox and
crypto may be believed just an issue of some sign-based leetspeak where it
appears the sign remains its original referent in a modified form, in that
the letter S becomes 5 yet still functions as the letter S. A narrow
consideration of this would evaluate it only in terms of the original, thus
the 5=S, and essentially A=A. Though a paradoxical view could extend this
into a question, what if 5 means something via kabbalah or numerology that
substitutes for the letter E because it is the 5th letter of the alphabet,
and thus E=S and onward into oblivion. That moves quickly into symbolism,
mapping of numbers and letters onto other events and each variable could
have multiple definitions or references and together function much like
Chinese characters (ideographs). With alphanumerics (26 letters and 10
numbers) of 16 segment and 7 segment electronic displays, it is basically
its own mastercode-base that makes every aligned text into its shared
universe (U) of a global Kryptos document, any given combination running
into infinity given perspective, conceptual scaffolding, shared libraries.
It is not surface, not a foil or ploy though it could be if a deception to
establish barriers. And so how is the person without the key to know where
to enter and how to interpret, and even if they have the key and the
'official plaintext' how do they know where the encryption begins and
ends-- unless to assume software and hardware crypto defines the 'side',
that there is no edge to land on, it can only be the simplest view...
albeit wrong. And to either constantly be wrong in interpretation or run
into limits, much like binarization in reverse, though paradox in its
place. A wall of chaos, unintelligible communication- even with keys, even
with decodes, one time in one context may vanish like a raindrop into the
ground to be recycled elsewhere, it no longer exists the same, the field
has changed or not, the truth has transformed, time has passed, the coin
still spins eternally until it stops.
What if their stopped time is the wrong view, built upon a warped, skewed,
distorted framework. Trying to relate from that relativism into another
could cause it to be torn apart, any structural connections would bring
down their weakened connections and constructions -- yes go ahead, copy it,
use it, make assumptions and join the conversation... and it will be
entropy in action once the bending takes hold, crushing at the false views,
the lies and deceptions unable to reason or continue the charade,
collapsing upon themselves via unbearable pressures, the difference
continually falling, falsity unable to be sustained, geologic events in the
lives of peoples nervous systems, psychically torn apart, unable to cope,
adapt, continue. Brutal involution, fracturing, implosion, insane weakening
via intolerable stresses, shattered into fragments the schizoid imposters
moving straight toward the extreme each and every variance from their false
modeling. A false universe torn apart piece by piece, bit by bit, the
psychological impact of losing total control due to serving fundamentally
wrong ideas and beliefs. To know and realize that there is only nothingness
to embrace as the remaining option, the void, emptiness, hopelessness,
death, that that is the future of such activity.
What is worse than trying to kill off the human race? -- failing to do so
and having to deal with the consequences.
#half of what i write here is false (right)
---
holographic context, multiperspectival, unexpected, psychic blips,
assumption of freudian slip as conventional tell, mystical code, inversion:
signal is noise; noise is signal, error and anomaly, question of time, x=y
as false POV, pT=T is security exploit
binary decrypt => reveal? [official plaintext] : + [secret1] [secret2] ...
[secretN]
SPECIAL SYMBOLS TEST: [∞] [∞] [∞] <== infinity ??
ATTACHMENT TEST: capture.9!f
1
0
----- Forwarded message from Joseph Lorenzo Hall <joe(a)cdt.org> -----
Date: Wed, 11 Sep 2013 13:27:42 -0400
From: Joseph Lorenzo Hall <joe(a)cdt.org>
To: liberationtech <liberationtech(a)lists.stanford.edu>
CC: Eugen Leitl <eugen(a)leitl.org>
Subject: Re: [liberationtech] iPhone5S Fingerprint and 5th amendment
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
On 9/11/13 12:08 PM, Eugen Leitl wrote:
> On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:
>
>> Similarly, any other sort of one-way algorithm that prevents you from
>> reconstructing a valid input from the stored data is not going to work.
>
> Typical fingerprint matching uses classification, recognizing and
> encoding multiple features into a vector. You could use a one-way
> hash on that vector. This is likely subject to a precompiled hash
> lookup table attack, as the number of all possible fingerprints,
> quantized via a classification vector is not that large.
There's a good deal of existing research out there on using symmeteric
hashes -- a hash that can accept discrete inputs in arbitrary order and
always calculate to the same value -- for secure biometric template
storage and matching.
Here is a paper I point people to that many of you will find absolutely
fascinating (although it's been some years so do check citations
pointing to this for further work):
Sergey Tulyakov, Faisal Farooq, Praveer Mansukhani, & Venu Govindaraju.
(2007). Symmetric hash functions for secure fingerprint biometric
systems. Pattern Recognition Letters, 28(16), 2427–2436. Retrieved from
http://www.researchgate.net/publication/222570842_Symmetric_hash_functions_…
--
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe(a)cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
1
0
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but
didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?
From
http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-rest…
But internal memos leaked by a former N.S.A. contractor, Edward Snowden,
> suggest that the N.S.A. generated one of the random number generators used
> in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard<http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications…>— which contains a back door for the N.S.A. In publishing the standard,
> N.I.S.T. acknowledged “contributions” from N.S.A., but not primary
> authorship.
>
R
3
3
11 Sep '13
----- Forwarded message from Max Kington <mkington(a)webhanger.com> -----
Date: Wed, 11 Sep 2013 18:14:42 +0100
From: Max Kington <mkington(a)webhanger.com>
To: Eugen Leitl <eugen(a)leitl.org>
Cc: cypherpunks(a)al-qaeda.net, cryptography(a)randombit.net, Cryptography List <cryptography(a)metzdowd.com>
Subject: Re: [Cryptography] SPDZ, a practical protocol for Multi-Party Computation
On 11 Sep 2013 18:01, "Eugen Leitl" <eugen(a)leitl.org> wrote:
>
>
>
http://www.mathbulletin.com/research/Breakthrough_in_cryptography_could_res…
>
> Breakthrough in cryptography could result in more secure computing
> (9/10/2013)
>
> Tags: computer science, research, security, cryptography
>
> Nigel Smart, Professor of Cryptology
>
> New research to be presented at the 18th European Symposium on Research in
> Computer Security (ESORICS 2013) this week could result in a sea change in
> how to secure computations.
>
> The collaborative work between the University of Bristol and Aarhus
> University (Denmark) will be presented by Bristol PhD student Peter Scholl
> from the Department of Computer Science.
>
> The paper, entitled 'Practical covertly secure MPC for dishonest majority
-
> or: Breaking the SPDZ limits', builds upon earlier joint work between
Bristol
> and Aarhus and fills in the missing pieces of the jigsaw from the groups
> prior work that was presented at the CRYPTO conference in Santa Barbara
last
> year.
>
> The SPDZ protocol (pronounced "Speedz") is a co-development between
Bristol
> and Aarhus and provides the fastest protocol known to implement a
theoretical
> idea called "Multi-Party Computation".
>
> The idea behind Multi-Party Computation is that it should enable two or
more
> people to compute any function of their choosing on their secret inputs,
> without revealing their inputs to either party. One example is an
election,
> voters want their vote to be counted but they do not want their vote made
> public.
>
> The protocol developed by the universities turns Multi-Party Computation
from
> a theoretical tool into a practical reality. Using the SPDZ protocol the
team
> can now compute complex functions in a secure manner, enabling possible
> applications in the finance, drugs and chemical industries where
computation
> often needs to be performed on secret data.
>
> Nigel Smart, Professor of Cryptology in the University of Bristol's
> Department of Computer Science and leader on the project, said: "We have
> demonstrated our protocol to various groups and organisations across the
> world, and everyone is impressed by how fast we can actually perform
secure
> computations.
>
> "Only a few years ago such a theoretical idea becoming reality was
considered
> Alice in Wonderland style over ambitious hope. However, we in Bristol
> realised around five years ago that a number of advances in different
areas
> would enable the pipe dream to be achieved. It is great that we have been
> able to demonstrate our foresight was correct."
>
> The University of Bristol is now starting to consider commercialising the
> protocol via a company Dyadic Security Limited, co-founded by Professor
Smart
> and Professor Yehuda Lindell from Bar-Ilan University in Israel.
A colleague is looking into this venture. I gave him a synopsis of their
additions to SPDZ. There is a white paper describing their technology at
their website which talks about the other two related protocols, Yao and
Tiny-OT.
One interesting use that occurred to me was the ability to split the two
nodes in their implementation across jurisdictions. Especially those who
are unlikely to ever collaborate. That giving you an advantage over a
typical HSM which could live in a jurisdiction that could be seized.
The wp and associated bibliography is available at
http://www.dyadicsec.com/SiteAssets/resources1/DyadicWhitePaper.pdf
Max
>
> Note: This story has been adapted from a news release issued by the
> University of Bristol
>
> _______________________________________________
> The cryptography mailing list
> cryptography(a)metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
1
0
11 Sep '13
----- Forwarded message from Phillip Hallam-Baker <hallam(a)gmail.com> -----
Date: Wed, 11 Sep 2013 12:11:52 -0400
From: Phillip Hallam-Baker <hallam(a)gmail.com>
To: "cryptography(a)metzdowd.com" <cryptography(a)metzdowd.com>
Subject: [Cryptography] Defenses against pervasive versus targeted intercept
I have spent most of yesterday writing up much of the traffic on the list
so far in the form of an Internet Draft.
I am now at the section on controls and it occurs to me that the controls
relevant to preventing PRISM-like pervasive intercept capabilities are not
necessarily restricted to controls that protect against targeted intercept.
The problem I have with PRISM is that it is a group of people whose
politics I probably find repellent performing a dragnet search that may
later be used for McCarthyite/Hooverite inquisitions. So I am much more
concerned about the pervasive part than the ability to perform targeted
attacks on a few individuals who have come to notice. If the NSA wanted my
help intercepting Al Zawahiri's private emails then sign me up. My problem
is that they are intercepting far too much an lying about what they are
doing.
Let us imagine for the sake of argument that the NSA has cracked 1024 bit
RSA using some behemoth computer at a cost of roughly $1 million per key
and taking a day to do so. Given such a capability it would be logical for
them to attack high traffic/high priority 1024 bit keys. I have not looked
into the dates when the 2048 bit roll out began (seems to me we have been
talking about it ten years) but that might be consistent with that 2010
date.
If people are using plain TLS without perfect forward secrecy, that crack
gives the NSA access to potentially millions of messages an hour. If the
web browsers are all using PFS then the best they can do is one message a
day.
PFS provides security even when the public keys used in the conversation
are compromised before the conversation takes place. It does not prevent
attack but it reduces the capacity of the attacker.
Similar arguments can be made for other less-than-perfect key exchange
schemes. It is not necessary for a key exchange scheme to be absolutely
secure against all possible attack for it to be considered PRISM-Proof.
So the key distribution scheme I am looking at does have potential points
of compromise because I want it to be something millions could use rather
than just a few thousand geeks who will install but never use. But the
objective is to make those points of compromise uneconomic to exploit on
the scale of PRISM.
The NSA should have accepted court oversight of their activities. If they
had strictly limited their use of the cryptanalytic capabilities then the
existence would not have been known to low level grunts like Snowden and we
probably would not have found out.
Use of techniques like PFS restores balance.
--
Website: http://hallambaker.com/
_______________________________________________
The cryptography mailing list
cryptography(a)metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
1
0
----- Forwarded message from Billy Gray <wgray(a)zetetic.net> -----
Date: Tue, 10 Sep 2013 14:32:02 -0400
From: Billy Gray <wgray(a)zetetic.net>
To: Aaron Lux <a(a)aaronlux.com>
Cc: Guardian Dev <guardian-dev(a)lists.mayfirst.org>
Subject: Re: [guardian-dev] pgp, nsa, rsa
Do you guys follow Matthew Green? Great stuff:
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fi…
I think he does a good job of breaking down what's in these recent reports.
It's a good thing to send to people who read the NY Times report and think
that all crypto is now broken (like a friend of mine asked me at NWC
yesterday).
And then there was this:
http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-take…
One more question: any of y'all used libTomCrypt? We have an experimental
implementation of it in SQLCipher. Open-source alternatives to OpenSSL
could use some love. DJB's NaCl is neat, too. Curious if you guys are leery
of relying so heavily on OpenSSL, given the above.
http://libtom.org/?page=features&newsitems=5&whatfile=crypt
http://nacl.cr.yp.to
Cheers,
Billy
On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux <a(a)aaronlux.com> wrote:
> NSA’s mission includes deciphering enciphered communications is not a
> secret, and is not news*. I am concerned the nytimes.com article will
> have the effect of causing the public to lose trust in all encryption
> including open-source algorithms. Hopefully people realize reviewing
> source code for encryption algorithms** is much more relaxing than
> reading the NY Times.
>
>
> * nsa.gov states that its mission includes leading “the U.S. Government
> in cryptology … in order to gain a decision advantage for the Nation and
> our allies.”
>
> ** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and
>
> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar…
>
> > Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN.
> > This is a secret document.
> >
> > Cheers,
> > Michael
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev(a)lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org
> Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net
>
> You are subscribed as: wgray(a)zetetic.net
>
--
Team Zetetic
http://zetetic.net
_______________________________________________
Guardian-dev mailing list
Post: Guardian-dev(a)lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe
Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org
Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org
You are subscribed as: eugen(a)leitl.org
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
3
2
----- Forwarded message from Lunar <lunar(a)torproject.org> -----
Date: Wed, 11 Sep 2013 17:21:30 +0200
From: Lunar <lunar(a)torproject.org>
To: tor-news(a)lists.torproject.org, tor-talk(a)lists.torproject.org
Subject: [tor-talk] Tor Weekly News — September, 11th 2013
User-Agent: Mutt/1.5.21 (2010-09-15)
Reply-To: tor-talk(a)lists.torproject.org
========================================================================
Tor Weekly News September 11th, 2013
========================================================================
Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter
that covers what is happening in the taut Tor community.
tor 0.2.4.17-rc is out
----------------------
There are now confirmations [1] that the sudden influx of Tor clients
which started mid-August [2] is indeed coming from a botnet. “I guess
all that work we’ve been doing on scalability was a good idea,” wrote
Roger Dingledine in a blog post about “how to handle millions of
new Tor clients” [3].
On September 5th, Roger Dingledine announced the release of the third
release candidate for the tor 0.2.4 series [4]. This is an emergency
release “to help us tolerate the massive influx of users: 0.2.4 clients
using the new (faster and safer) ‘NTor’ circuit-level handshakes now
effectively jump the queue compared to the 0.2.3 clients using ‘TAP’
handshakes” [5].
It also contains several minor bugfixes and some new status messages for
better monitoring of the current situation.
Roger asked relay operators to upgrade to 0.2.4.17-rc [6]: “the more
relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be
for 0.2.4 users, despite the huge circuit overload that the network is
seeing.”
For relays running Debian or Ubuntu, upgrading to the development branch
can be done using the Tor project’s package repository [7]. New versions
of the beta branch of the Tor Browser Bundle are also available [8]
since September 6th. The next Tails release, scheduled for September
19th [9] will also contain tor 0.2.4.17-rc [10].
Hopefully, this will be the last release candidate. What looks missing
at this point to declare the 0.2.4.x series stable is simply enough time
to finish the release notes.
[1] http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-…
[2] https://lists.torproject.org/pipermail/tor-talk/2013-September/029822.html
[3] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
[4] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
[5] https://bugs.torproject.org/9574
[6] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
[7] https://www.torproject.org/docs/debian.html.en#development
[8] https://blog.torproject.org/blog/new-tor-02417-rc-packages
[9] https://mailman.boum.org/pipermail/tails-dev/2013-September/003622.html
[10] https://mailman.boum.org/pipermail/tails-dev/2013-September/003621.html
The future of Tor cryptography
------------------------------
After the last round of revelations from Edward Snowden, described as
“explosive” by Bruce Schneier [11], several threads started on the
tor-talk mailing list to discuss Tor cryptography.
A lot of what has been written is speculative at this point. But some
have raised concerns [12] about 1024 bit Diffie–Hellman key
exchange [13]. This has already been addressed with the introduction of
the “ntor” handshake [14] in 0.2.4 and Nick Mathewson encourages
everybody to upgrade [15].
Another thread [16] prompted Nick to summarize [17] his views on the
future of Tor cryptography. Regarding public keys, “with Tor 0.2.4,
forward secrecy uses 256-bit ECC, which is certainly better, but
RSA-1024 is still used in some places for signatures. I want to fix all
that in 0.2.5 — see proposal 220 [18], and George Kadianakis’ draft
hidden service improvements [19,20], and so forth.” Regarding symmetric
keys, Nick wrote: “We’re using AES128. I’m hoping to move to XSalsa20 or
something like it.” In response to a query, Nick clarifies that he
doesn’t think AES is broken: only hard to implement right, and only
provided in TLS in concert with modes that are somewhat (GCM) or
fairly (CBC) problematic.
The effort to design better cryptography for the Tor protocols is not
new. More than a year ago, Nick Mathewson presented proposal 202 [21]
outlining two possible new relay encryption protocols for Tor cells.
Nick mentioned that he’s waiting for a promising paper to get finished
here before implementation.
A third question was raised [22] regarding the trust in algorithms
certified by the US NIST [23]. Nick’s speculations put aside, he also
emphasized that several NIST algorithms were “hard to implement
correctly” [24].
Nick also plans to change more algorithms [25]: “Over the 0.2.5 series,
I want to move even more things (including hidden services) to
curve25519 and its allies for public key crypto. I also want to add more
hard-to-implement-wrong protocols to our mix: Salsa20 is looking like a
much better choice to me than AES nowadays, for instance.”
Nick concluded one of his emails with the words: “these are interesting
times for crypto”, which sounds like a good way to put it.
[11] https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
[12] https://lists.torproject.org/pipermail/tor-talk/2013-September/029917.html
[13] https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
[14] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-nt…
[15] https://lists.torproject.org/pipermail/tor-talk/2013-September/029930.html
[16] https://lists.torproject.org/pipermail/tor-talk/2013-September/029927.html
[17] https://lists.torproject.org/pipermail/tor-talk/2013-September/029941.html
[18] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/220-ec…
[19] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
[20] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
[21] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/202-im…
[22] https://lists.torproject.org/pipermail/tor-talk/2013-September/029933.html
[23] https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
[24] https://lists.torproject.org/pipermail/tor-talk/2013-September/029937.html
[25] https://lists.torproject.org/pipermail/tor-talk/2013-September/029929.html
Toward a better performance measurement tool
--------------------------------------------
“I just finished […] sketching out the requirements and a software
design for a new Torperf implementation“ announced Karsten Loesing [26]
on the tor-dev mailing list.
The report begins with: “Four years ago, we presented a simple tool to
measure performance of the Tor network. This tool, called Torperf,
requests static files of three different sizes over the Tor network and
logs timestamps of various request substeps. These data turned out to be
quite useful to observe user-perceived network performance over
time [27]. However, static file downloads are not the typical use case
of a user browsing the web using Tor, so absolute numbers are not very
meaningful. Also, Torperf consists of a bunch of shell scripts which
makes it neither very user-friendly to set up and run, nor extensible to
cover new use cases.”
The specification lays out the various requirements for the new tool,
and details several experiments like visiting high profile websites with
an automated graphical web browser, downloading static files, crafting a
canonical web page, measuring hidden service performance, and checking
on upload capacity.
Karsten added “neither the requirements nor the software design are set
in stone, and the implementation, well, does not exist yet. Plenty of
options for giving feedback and helping out, and most parts don’t even
require specific experience with hacking on Tor. Just in case somebody’s
looking for an introductory Tor project to hack on.”
Saytha already wrote that this was enough material to get the
implementation started [28]. The project needs enough work that anyone
interested should get involved. Feel free to join him!
[26] https://lists.torproject.org/pipermail/tor-dev/2013-September/005386.html
[27] https://metrics.torproject.org/performance.html
[28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005388.html
More monthly status reports for August 2013
-------------------------------------------
The wave of regular monthly reports from Tor project members continued
this week with Sukhbir Singh [29], Matt Pagan [30], Ximin Luo [31],
mrphs [32], Pearl Crescent [33], Andrew Lewman [34], Mike Perry [35],
Kelley Misata [36], Nick Mathewson [37], Jason Tsai [38], Tails [39],
Aaron [40], and Damian Johnson [41].
[29] https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.ht…
[30] https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.ht…
[31] https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.ht…
[32] https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.ht…
[33] https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.ht…
[34] https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.ht…
[35] https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.ht…
[36] https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.ht…
[37] https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.ht…
[38] https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.ht…
[39] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.ht…
[40] https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.ht…
[41] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.ht…
Miscellaneous news
------------------
Not all new Tor users are computer programs! According to their latest
report [42], Tails is now booted twice as much as it was six months ago
(from 100,865 to 190,521 connections to the security feed).
[42] https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.ht…
Thanks to Frenn vun der Enn [43] for setting up a new mirror [44] of the
Tor project website.
[43] http://enn.lu/
[44] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.ht…
With the Google Summer of Code ending in two weeks, the students have
sent their penultimate reports: Kostas Jakeliunas for the
Searchable metrics archive [45], Johannes Fürmann for EvilGenius [46],
Hareesan for the Steganography Browser Extension [47], and
Cristian-Matei Toader for Tor capabilities [48].
[45] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
[46] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
[47] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
[48] https://lists.torproject.org/pipermail/tor-dev/2013-September/005412.html
Damian Johnson announced [49] that he had completed the rewrite of
DocTor in Python [50], “a service that pulls hourly consensus
information and checks it for a host of issues (directory authority
outages, expiring certificates, etc). In the case of a problem it
notifies tor-consensus-health@ [51], and we in turn give the authority
operator a heads up.”
[49] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.ht…
[50] https://gitweb.torproject.org/doctor.git
[51] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
Matt Pagan has migrated [52] several Frequently-Asked Questions from the
wiki to the official Tor website [53]. This should enable more users to
find the answers they need!
[52] https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor?view=revision&revision=26…
[53] https://www.torproject.org/docs/faq.html
In his previous call for help to collect more statistics [54], addressed
to bridge operators, George Kadianakis forgot to mention that an extra
line with “ExtORPort 6669” needed to be added to the tor configuration
file [55]. Make sure you do have it if you are running a bridge on the
tor master branch.
[54] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
[55] https://lists.torproject.org/pipermail/tor-relays/2013-September/002691.html
For the upgrade of tor to the 0.2.4.x series in Tails, a tester spotted
a regression while “playing with an ISO built from experimental, thanks
to our Jenkins autobuilder” [56]. This marks a significant milestone in
the work on automated builds [57] done by several members of the
Tails team in the course of the last year!
[56] https://mailman.boum.org/pipermail/tails-dev/2013-September/003617.html
[57] https://labs.riseup.net/code/issues/5324
Tails’ next “low-hanging fruit” session will be on September 21st at
08:00 UTC [58]. Mark the date if you want to get involved!
[58] https://mailman.boum.org/pipermail/tails-dev/2013-September/003566.html
David Fifield gave some tips on how to setup a test infrastructure [59]
for flash proxy [60].
[59] https://lists.torproject.org/pipermail/tor-dev/2013-September/005402.html
[60] https://crypto.stanford.edu/flashproxy/
Marek Majkowski reported [61] on how one can use his fluxcapacitor
tool [62] to get a test Tor network started with Chutney [63] ready in
only 6.5 seconds. A vast improvement over the 5 minutes he initially had
to wait [64]!
[61] https://lists.torproject.org/pipermail/tor-dev/2013-September/005403.html
[62] https://github.com/majek/fluxcapacitor.git
[63] https://gitweb.torproject.org/chutney.git
[64] https://lists.torproject.org/pipermail/tor-dev/2013-September/005413.html
Eugen Leitl drew attention [65] to a new research paper which aims to
analyze the content and popularity of Hidden Services by Alex Biryukov,
Ivan Pustogarov, and Ralf-Philipp Weinmann from the University of
Luxembourg [66].
[65] https://lists.torproject.org/pipermail/tor-talk/2013-September/029856.html
[66] http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Tor Help Desk roundup
---------------------
The Tor help desk had a number of emails this week asking about the
recent stories in the New York Times, the Guardian, and ProPublica
regarding NSA’s cryptographic capabilities. Some users asked whether
there was a backdoor in Tor. Others asked if Tor’s crypto was broken.
There is absolutely no backdoor in Tor. Tor project members have been
vocal in the past about how tremendously irresponsible it would be to
backdoor our users [67]. As it is a frequently-asked question, users
have been encouraged to read how the project would respond to
institutional pressure [68].
The Tor project does not have any more facts about NSA’s cryptanalysis
capabilities than what has been published in newspapers. Even if there
is no actual evidence that Tor encryption is actually broken, the idea
is to remain on the safe side by using more trusted algorithms for the
Tor protocols. See above for a more detailed write-up.
[67] https://blog.torproject.org/blog/calea-2-and-tor
[68] http://www.torproject.org/docs/faq.html.en#Backdoor
Help the Tor community!
-----------------------
Tor is about protecting everyone’s freedom and privacy. There are many
ways to help [69] but getting involved in such a busy community can be
daunting. Here’s a selection of tasks on which one could get started:
Get tor to log the source of control port connections [70]. It would
help in developing controller applications or libraries (like Stem [71])
to know which program is responsible for a given access to the control
facilities of the tor daemon. Knowledge required: C programming, basic
understanding of network sockets.
Diagnose what is currently wrong with Tor Cloud images [72]. Tor
Cloud [73] is an easy way to deploy bridges and it looks like the
automatic upgrade procedure caused problems. Let’s make these virtual
machines useful again for censored users. Knowledge required: basic
understanding of Ubuntu system administration.
[69] https://www.torproject.org/getinvolved/volunteer.html.en
[70] https://bugs.torproject.org/9698
[71] https://stem.torproject.org/
[72] https://lists.torproject.org/pipermail/tor-dev/2013-September/005417.html
[73] https://cloud.torproject.org/
Upcoming events
---------------
Sep 29 | Colin at the Winnipeg Cryptoparty
| Winnipeg, Manitoba, Canada
| http://wiki.skullspace.ca/index.php/CryptoParty
|
Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV
| Berlin, Germany
| https://www.openitp.org/openitp/circumvention-tech-summit.html
|
Oct 09-10 | Andrew speaking at Secure Poland 2013
| Warszawa, Poland
| http://www.secure.edu.pl/
This issue of Tor Weekly News has been assembled by Lunar, dope457,
mttp, malaparte, harmony, Karsten Loesing, and Nick Mathewson.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [74], write down your
name and subscribe to the team mailing list [75] if you want to
get involved!
[74] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[75] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
--
tor-talk mailing list - tor-talk(a)lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
1
0
very naive question here :
Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
J.
8
8