- cypherpunks - lists.cpunks.org

Intelligence agency subversions and clandestine, illicit programs; lack of popular outrage [was Re: PRISM]
by coderman 18 Oct '13

18 Oct '13

On Wed, Oct 2, 2013 at 1:52 AM, <catsandd0gz.dinosaursandwh0res(a)hushmail.com> wrote: > Is anyone else super mad? if you're not mad as hell about PRISM, UPSTREAM, BULLRUN, FLYING PIG, XKEYSCORE, FOXACID, EgotisticalGiraffe, QUICKANT, QuantunInsert, FRUGAL SHOT, MOTHMONSTER, MULLENIZE, ERRORONEOUSINGENUITY, FINKDIFFERENT, GREATEXPECTATIONS, VALIDATOR, RAKE, PEDDLE, PACKETCHEAP, BEACH HEAD, FERRET CANON, PINWALE, MARINA, TRAFFICTHIEF, REMATION, LACONIC, ENDUE, MANASSAS, DANCINGOASIS, SPINNERET, MOONLIGHTPATH, ... and all the other myriad "exceptionally controlled information", then you're beyond reason and redemption... ... let's not take a show of hands ;P ---- P.S. the new cypherpunks list has dropped the cypherpunks(a)al-qaeda.net for a more benign and powers that be submissive cypherpunks(a)cpunks.org ... perhaps it does get past a few more filters? ... --- fwd: Subject: Snowden sets OPSEC record straight To: cpunks <cypherpunks(a)cpunks.org> Date: Thu, 17 Oct 2013 21:13:38 -0700 it doesn't get much more definitive than this retort.. : """ [Snowden] felt confident that he had kept the documents secure from Chinese spies, and that the N.S.A. knew he had done so. His last target while working as an agency contractor was China... adding that he had had "access to every target, every active operation mounted by the N.S.A. against the Chinese. Full lists of them," he said. "If that was compromised," he went on, "N.S.A. would have set the table on fire from slamming it so many times in denouncing the damage it had caused. Yet N.S.A. has not offered a single example of damage from the leaks. They haven't said boo about it except "we think," "maybe", "have to assume" from anonymous and former officials. Not "China is going dark." Not "the Chinese military has shut us out." """ there is a clear thoughtfulness, moral reasoning, and conscientiousness repeatedly demonstrated by Snowden in these events. it is now obvious that history will exonerate him fully. ... the distance between current reactionary retribution and that future absolution appears to be a bit of a distance, however... hopefully not too long. --- http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-file= s-to-russia.html?_r=3D0&pagewanted=3Dprint October 17, 2013 Snowden Says He Took No Secret Files to Russia By JAMES RISEN WASHINGTON - Edward J. Snowden, the former National Security Agency contractor, said in an extensive interview this month that he did not take any secret N.S.A. documents with him to Russia when he fled there in June, assuring that Russian intelligence officials could not get access to them. Mr. Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself. He did not take the files to Russia because it wouldn't serve the public interest," he said. "What would be the unique value of personally carrying another copy of the materials onward?" he added. He also asserted that he was able to protect the documents from China's spies because he was familiar with that nation's intelligence abilities, saying that as an N.S.A. contractor he had targeted Chinese operations and had taught a course on Chinese cybercounterintelligence. "There's a zero percent chance the Russians or Chinese have received any documents," he said. American intelligence officials have expressed grave concern that the files might have fallen into the hands of foreign intelligence services, but Mr. Snowden said he believed that the N.S.A. knew he had not cooperated with the Russians or the Chinese. He said he was publicly revealing that he no longer had any agency documents to explain why he was confident that Russia had not gained access to them. He had been reluctant to disclose that information previously, he said, for fear of exposing the journalists to greater scrutiny. In a wide-ranging interview over several days in the last week, Mr. Snowden offered detailed responses to accusations that have been leveled against him by American officials and other critics, provided new insights into why he became disillusioned with the N.S.A. and decided to disclose the documents, and talked about the international debate over surveillance that resulted from the revelations. The interview took place through encrypted online communications. Mr. Snowden, 30, has been praised by privacy advocates and assailed by government officials as a traitor who has caused irreparable harm, and he is facing charges under the Espionage Act for leaking the N.S.A. documents to the news media. In the interview, he said he believed he was a whistle-blower who was acting in the nation's best interests by revealing information about the N.S.A.s surveillance dragnet and huge collections of communications data, including that of Americans. He argued that he had helped American national security by prompting a badly needed public debate about the scope of the intelligence effort. The secret continuance of these programs represents a far greater danger than their disclosure," he said. He added that he had been more concerned that Americans had not been told about the N.S.A.s reach than he was about any specific surveillance operation. So long as there's broad support amongst a people, it can be argued there's a level of legitimacy even to the most invasive and morally wrong program, as it was an informed and willing decision," he said. However, programs that are implemented in secret, out of public oversight, lack that legitimacy, and that's a problem. It also represents a dangerous normalization of governing in the dark, where decisions with enormous public impact occur without any public input. Mr. Snowden said he had never considered defecting while in Hong Kong, nor in Russia, where he has been permitted to stay for one year. He said he felt confident that he had kept the documents secure from Chinese spies, and that the N.S.A. knew he had done so. His last target while working as an agency contractor was China, he said, adding that he had had access to every target, every active operation mounted by the N.S.A. against the Chinese. Full lists of them, he said. If that was compromised, he went on, N.S.A. would have set the table on fire from slamming it so many times in denouncing the damage it had caused. Yet N.S.A. has not offered a single example of damage from the leaks. They havent said boo about it except we think, maybe, have to assume from anonymous and former officials. Not China is going dark. Not the Chinese military has shut us out. An N.S.A. spokeswoman did not respond Thursday to a request for comment on Mr. Snowden's assertions. Mr. Snowden said his decision to leak N.S.A. documents developed gradually, dating back at least to his time working as a technician in the Geneva station of the C.I.A. His experiences there, Mr. Snowden said, fed his doubts about the intelligence community, while also convincing him that working through the chain of command would only lead to retribution. He disputed an account in The New York Times last week reporting that a derogatory comment placed in his personnel evaluation while he was in Geneva was a result of suspicions that he was trying to break in to classified files to which he was not authorized to have access. (The C.I.A. later took issue with the description of why he had been reprimanded.) Mr. Snowden said the comment was placed in his file by a senior manager seeking to punish him for trying to warn the C.I.A. about a computer vulnerability. Mr. Snowden said that in 2008 and 2009, he was working in Geneva as a telecommunications information systems officer, handling everything from information technology and computer networks to maintenance of the heating and air-conditioning systems. He began pushing for a promotion, but got into what he termed a petty e-mail spat in which he questioned a senior manager's judgment. Several months later, Mr. Snowden said, he was writing his annual self-evaluation when he discovered flaws in the software of the C.I.A.s personnel Web applications that would make them vulnerable to hacking. He warned his supervisor, he said, but his boss advised him to drop the matter and not rock the boat. After a technical team also brushed him off, he said, his boss finally agreed to allow him to test the system to prove that it was flawed. He did so by adding some code and text in a nonmalicious manner=94 to his evaluation document that showed that the vulnerability existed, he said. His immediate supervisor signed off on it and sent it through the system, but a more senior manager the man Mr. Snowden had challenged earlier was furious and filed a critical comment in Mr. Snowden's personnel file, he said. He said he had considered filing a complaint with the C.I.A.=92s inspector general about what he considered to be a reprisal, adding that he could not recall whether he had done so or a supervisor had talked him out of it. A C.I.A. spokesman declined to comment on Mr. Snowden's account of the episode or whether he had filed a complaint. But the incident, Mr. Snowden said, convinced him that trying to work through the system would only lead to punishment. He said he knew of others who suffered reprisals for what they had exposed, including Thomas A. Drake, who was prosecuted for disclosing N.S.A. contracting abuses to The Baltimore Sun. (He met with Mr. Snowden in Moscow last week to present an award to him for his actions.) And he knew other N.S.A. employees who had gotten into trouble for embarrassing a senior official in an e-mail chain that included a line, referring to the Chinese Army, that said, Is this the P.L.A. or the N.S.A.? Mr. Snowden added that inside the spy agency theres a lot of dissent palpable with some, even. But he said that people were kept in line through fear and a false image of patriotism, which he described as obedience to authority. He said he believed that if he tried to question the N.S.A.s surveillance operations as an insider, his efforts would have been buried forever, and he would have been discredited and ruined.=94 He said that the system does not work, adding that you have to report wrongdoing to those most responsible for it. Mr. Snowden said he finally decided to act when he discovered a copy of a classified 2009 inspector generals report on the N.S.A.s warrantless wiretapping program during the Bush administration. He said he found the document through a dirty word search, which he described as an effort by a systems administrator to check a computer system for things that should not be there in order to delete them and sanitize the system. "It was too highly classified to be where it was," he said of the report. He opened the document to make certain that it did not belong there, and after he saw what it revealed, curiosity prevailed, he said. After reading about the program, which skirted the existing surveillance laws, he concluded that it had been illegal, he said. =93If the highest officials in government can break the law without fearing punishment or even any repercussions at all, he said, secret powers become tremendously dangerous. He would not say exactly when he read the report, or discuss the timing of his subsequent actions to collect N.S.A. documents in order to leak them. But he said that reading the report helped crystallize his decision. You cant read something like that and not realize what it means for all of these systems we have," he said. Mr. Snowden said that the impact of his decision to disclose information about the N.S.A. had been bigger than he had anticipated. He added that he did not control what the journalists who had the documents wrote about. He said that he handed over the documents to them because he wanted his own bias divorced from the decision-making of publication, and that technical solutions were in place to ensure the work of the journalists couldn't be interfered with." Mr. Snowden declined to provide details about his living conditions in Moscow, except to say that he was not under Russian government control and was free to move around.

1 0

[RISKS] Risks Digest 27.55
by RISKS List Owner 18 Oct '13

18 Oct '13

RISKS-LIST: Risks-Forum Digest Thursday 17 October 2013 Volume 27 : Issue 55 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.55.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: GPS map leads to border crossing and shooting (Scott Nicol) "The shutdown gets real for science and high tech" (Robert X. Cringely via Gene Wirchenko) "How federal cronies built -- and botched -- Healthcare.gov" (Serdar Yegulalp via Gene Wirchenko) Health care exchange still plagued by problems (Kelly Kennedy via Monty Solomon) How applying to college just got a lot harder (David Strom via Gabe Goldberg) Food Stamp Debit Cards Failing To Work In 17 States (Monty Solomon) Majority of Brits fail to back up their important data (Monty Solomon) "Web sites tracking users using fonts, Belgian researchers find" (Candice So via Gene Wirchenko) Smart meter deployments to double market revenue of wireless modules (Bob Frankston) "Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk via Gene Wirchenko) Re: "We can't let the Internet become Balkanized" (Sam Steingold) Re: Founding Fathers (Richard A. O'Keefe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 17 Oct 2013 15:18:58 -0400 From: Scott Nicol <scott.nicol(a)gmail.com> Subject: GPS map leads to border crossing and shooting A 16-year old boy from a small town in eastern Ontario stole a car, picked up his girlfriend and headed east. A few police chases and stolen cars later they ended up in Sherbrooke Quebec, where they stole another car. Not far from Sherbrooke is the US border, which they promptly crashed through and were shot at. http://www.ottawasun.com/2013/10/15/ontario-runaways-nabbed-in-maine http://www.ottawasun.com/2013/10/16/wrong-turn-at-border-maine-cops-probe-o… Speculation as to why the kids entered the US points towards a GPS map routing. Apparently they were headed for the Maritimes, which are the eastern-most provinces of Canada. If you go to google maps and ask for a routing from Sherbrooke, QC to St John, NB, all of the options go through the US. There is a small yellow banner at the top of the directions that reads "This route crosses through the United States". http://goo.gl/maps/n5b0I On an android phone the warning is in small print with a yellow triangle to the left of it. This is the same yellow triangle you see when maps warns about tolls on a route. Once you enter navigation there appears to be no warning at all. If you're on the run you probably won't notice the warning regardless. But even if you aren't on the run, it's easy enough to just click "navigate" and then any warning disappears. ------------------------------ Date: Tue, 15 Oct 2013 13:33:48 -0700 From: Gene Wirchenko <genew(a)telus.net> Subject: "The shutdown gets real for science and high tech" (Robert X. Cringely) Robert X. Cringely | InfoWorld, 14 Oct 2013 Think the shutdown only hits panda cams and national parks? Hardly -- scientific research will feel impact for years to come http://www.infoworld.com/t/cringely/the-shutdown-gets-real-science-and-high… ------------------------------ Date: Tue, 15 Oct 2013 13:31:23 -0700 From: Gene Wirchenko <genew(a)telus.net> Subject: "How federal cronies built -- and botched -- Healthcare.gov" (Serdar Yegulalp) Serdar Yegulalp | InfoWorld, 14 Oct 2013 Many contractors for Healthcare.gov site seem to have been picked based on past government work rather than IT expertise http://www.infoworld.com/t/e-government/how-federal-cronies-built-and-botch… ------------------------------ Date: Wed, 16 Oct 2013 23:35:41 -0400 From: Monty Solomon <monty(a)roscom.com> Subject: Health care exchange still plagued by problems (Kelly Kennedy) Kelly Kennedy, *USA Today*, 16 Oct 2013 http://www.usatoday.com/story/news/nation/2013/10/16/exchanges-two-weeks-in… Cloud devs: We could have saved buggy HealthCare.gov Christina Farr, VentureBeat Oct 14 2013 http://venturebeat.com/2013/10/14/cloud-devs-we-could-have-saved-buggy-heal… Why healthcare.gov has so many problems Steven Bellovin, Special to CNN, 15 Oct 2013 http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/ ------------------------------ Date: Tue, 15 Oct 2013 16:31:09 -0400 From: Gabe Goldberg <gabe(a)gabegold.com> Subject: How applying to college just got a lot harder (David Strom) New software version flawed. Imagine! - - ------ Original Message -------- Date: Tue, 15 Oct 2013 07:43:45 -0500 From: David Strom <david(a)strom.com> Subject: David Strom's Web Informant: How applying to college just got a lot harder To: webinformant(a)list.webinformant.tv Web Informant, 15 Oct 2013 We've all heard the stories about a broken website that was overwhelmed with visitors and was inadequately tested. But unless you have a high school senior in your home, you may not have heard about another website besides the much-flogged HealthCare.gov (that I and many others wrote about). I am talking about the common application website for college admissions. About 500 out of the nation's several thousand colleges and universities support this site, which allows them to eliminate paper student admissions applications. The idea dates back to when I was applying for college, when a common paper-based application was put in use. Later it went digital. Trouble is, the latest version of the common app is seriously broken and has prevented many kids from applying to the colleges of their choice. Given the high stakes involved, it is a serious problem. The best press coverage about the breakdown has been from Nancy Griesemer in examiner.com <http://examiner.com> where she lists work-arounds for the students and chronicles the troubles of CommonApp, as it is known, has gone through since they did a major overhaul this past summer. "The implementation has been terrible," one college admissions IT director told me. "Applicants have had difficulties in creating and completing their application, school officials have had problems in submitting transcripts and recommendations, and major changes in how the information is delivered to colleges have happened without sufficient time for schools to adapt and test their systems. We needed more lead time." This director isn't alone: many college admissions officers vented their frustrations at their annual meeting last month in Toronto, where some said they couldn't get satisfactory answers from the CommonApp staff. There were lots of things that should have been caught before being implemented. For example, a payment processor routine that takes two days to send a confirmation receipt, so many kids are paying multiple times. Or a signature page that is so well hidden that students didn't find it to sign their apps. As a result, their apps are never delivered to the college. Or those all-important student essays turn into gibberish under some circumstances, due to a faulty text import routine. Supposedly, these issues are being fixed literally right now. It makes the HealthCare.gov site look like a well-run place. The CommonApp processes more than a million applications a year, and is the only application method for about 300 schools. If you are applying early decision to one of these, you are in a tough situation as the decision deadlines are approaching. Some 50 others are using another online process called the Universal College App, including most recently Princeton. This process hasn't been plagued with problems. It is hard enough for high school seniors to figure out the college game without having to become unwitting software UI and QC testers. CommonApp needs to fix its code fast, and be more transparent about its problems in the future. Your comments are always welcome: http://strom.wordpress.com/2013/10/15/college/ [See also http://www.nytimes.com/2013/10/13/education/online-application-woes-make-st… Noted by Monty Solomon. PGN] ------------------------------ Date: Wed, 16 Oct 2013 23:32:13 -0400 From: Monty Solomon <monty(a)roscom.com> Subject: Food Stamp Debit Cards Failing To Work In 17 States Walmart, Xerox Point Fingers, The Associated Press, 12 Oct 2013 People in Ohio, Michigan and 15 other states found themselves temporarily unable to use their food stamp debit-style cards on Saturday, after a routine test of backup systems by vendor Xerox Corp. resulted in a system failure. Xerox announced late in the evening that access has been restored for users in the 17 states affected by the outage, hours after the first problems were reported. ... http://www.huffingtonpost.com/2013/10/12/food-stamp-debit-cards_n_4090647.h… Walmart, Xerox Point Fingers After Food Stamp Card Glitch Leads To Wild Shopping Spree, Reuters, 14 Oct 2013 updated 16 Oct 2013 http://www.huffingtonpost.com/2013/10/15/walmart-xerox_n_4099207.html [See also "Food stamp recipients flood Louisiana Wal-Marts after EBT glitch" Jessica Chasmar, *The Washington Times*, 14 Oct 2013 http://www.washingtontimes.com/news/2013/oct/14/food-stamp-recipients-flood… Noted by Gene Wirchenko. PGN] ------------------------------ Date: Wed, 16 Oct 2013 23:26:27 -0400 From: Monty Solomon <monty(a)roscom.com> Subject: Majority of Brits fail to back up their important data Computer Business Review, 4 Oct 2013 Tons of individuals admitted to not storing an additional copy of digital files. The majority of individuals in the UK do not back up their data, leaving themselves vulnerable to loss of important files and digital photographs. A new research commissioned by digital storage firm WD revealed that many of Brits admitted to not storing an additional copy of digital files, with most of them saying they simply are not concerned or were unaware of how it could be done. ... http://www.cbronline.com/news/tech/hardware/storage/majority-of-brits-fail-… ------------------------------ Date: Tue, 15 Oct 2013 13:44:04 -0700 From: Gene Wirchenko <genew(a)telus.net> Subject: "Web sites tracking users using fonts, Belgian researchers find" (Candice So) Candice So, *IT Business*, 11 Oct 2013 Web sites tracking users using fonts, Belgian researchers find http://www.itbusiness.ca/news/44120/44120 ------------------------------ Date: October 16, 2013 at 6:02:53 PM PDT From: "Bob Frankston" <Bob19-0501(a)bobf.frankston.com> Subject: Smart meter deployments to double market revenue of wireless modules [from Dewayne Hendricks via Dave Farber's IP] I can't help but worry when I read a quote like ``The preference for wireless [cellular] communication modules over wired technology is also owed to their incredibly secured network.'' Trusting the cellular network to be secure (whatever that means) is a problem in itself -- not only are there issues with the cellular protocols but what happens once the bits get past the towers? Depending on perimeter security is risky in that there is no protection once there is a breach. Of course the motivation is clear as the article states -- the cellular carriers stand to make a lot of money by charging for using their network. Even if one doesn't depend on cellular there is the cost and complexity of maintaining a parallel network. All that protects content are protocols and encryption. There is nothing magic about RF bits -- any approach that can be used for wireless bits can be used for bits over IP. Not only would using existing connectivity be far simpler and provide us with immediate benefits, the protocols would also offer the potential for users to have access to the data for their own use such as managing the power usage within their homes. Bob Frankston Smart meter deployments to double market revenue of wireless modules By Esme Vos Oct 16 2013 < http://www.muniwireless.com/2013/10/16/smart-meter-deployments-double-marke… > An increase in smart meter deployments will see the global market for wireless communication modules approximately double in value over the coming years, jumping from $532m in 2012 to $1.3 billion in 2020, at a compound annual growth rate (CAGR) of 12 percent, according to a new report from research and consulting firm GlobalData. The company's latest report states that North America, currently the dominant player in the market for global wireless communication modules for smart meters, will be a key driver behind the leap, with its own market revenue expected to climb steadily from $379m in 2012 to $433.7m in 2020. Europe will also continue to account for a considerable share of the global market, thanks to a significant number of pilot-scale projects getting underway across the region. The uptake of wireless communication modules in the UK, Denmark and Ireland in particular looks promising, according to GlobalData, and these countries are predicted to occupy an even larger share of Europe's wireless smart meter communication market by the end of 2020. Cellular and Radio Frequency (RF) communication modules are the two key technologies used in smart meters for two-way data transmission. RF modules account for an 85 percent share of the North American market, thanks to their low cost, high bandwidth and efficient performance in industrial areas. Ginni Hima Bindu, GlobalData's Analyst covering Smart Grid, says: ``The preference for wireless communication modules over wired technology is also owed to their incredibly secured network, and as a result, we expect to see an increased take-up of wireless technology for smart meter deployments across North America, the UK and Japan, which will continue to drive the market over the forecast period.'' However, while the outlook for the wireless communication modules market is largely positive, a number of challenges remain that may prevent any further growth in global revenue. ``The problem of coverage is one of the major restraints of the market for cellular communication modules,'' says Bindu. ``For an indoor electric meter, GPRS technology provides just 80--85 percent coverage, if the electric meter, or other grid device, is not moved accordingly.'' ... Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/> ------------------------------ Date: Thu, 17 Oct 2013 14:04:51 -0700 From: Gene Wirchenko <genew(a)telus.net> Subject: "Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk) Jeremy Kirk, InfoWorld, 17 Oct 2013 A famed iPhone jailbreak software developer says Apple could easily decrypt iMessages, despite the company's claims http://www.infoworld.com/d/security/apples-claim-of-unbreakable-imessage-en… ------------------------------ Date: Thu, 17 Oct 2013 14:13:44 -0400 From: Sam Steingold <sds(a)gnu.org> Subject: Re: "We can't let the Internet become Balkanized" (Sascha Meinrath) I keep wondering what is wrong with what NSA is doing. They are a spy agency. They have been created to spy on everyone in the world, whether a declared enemy or a professed "ally" (alliances do shift, so not spying on an ally is a liability no nation can afford). They "subverted the secure Internet protocols by inserting backdoors"? You mean the Internet servers run on closed-source software? Or pre-compiled binaries from open-source vendors which NSA compromised? Well, as a "netizen", I am delighted that those insecure practices will now cease. If an inept government bureaucracy could do that, I am sure it is being routinely done by the criminals and terrorists all over the world. So, now we at least have a chance to see this fixed. They spied on US citizens, thus violating their "foreign intelligence" charter? Yeah, this is no good. I would have felt much better if the same surveillance were conducted by the FBI, not the NSA. I actually welcome this scandal because it should bring home to people the fact that we have lost "the expectation of privacy" battle. Yes, we can legislate away the US government's ability to do surveillance - but how do you make sure that China/Russia/Iran will not do it? Sam Steingold (http://sds.podval.org/) ------------------------------ Date: Thu, 17 Oct 2013 18:33:20 +1300 From: "Richard A. O'Keefe" <ok(a)cs.otago.ac.nz> Subject: Re: Founding Fathers (Robinson, RISKS-27.51) In Risks 27.51 (http://catless.ncl.ac.uk/Risks/27.51.html#subj2) Paul Robinson stated or implied that 1. The US is exceptional in having a right to bear arms. 2. (The US founding fathers having been no dummies.) 3. Women habitually went armed in Wyoming. 4. Wyoming was the first state to give women the vote. 5. 2 caused 1, which enabled 3 which caused 4. Ad 1: The right to bear arms is in the British Bill of Rights, 1689. And that did not create the right, but reaffirmed it as an ancient right. It's noteworthy that the Bill of Rights affirms this as a right of *individual* self-defence. Ad 2: They certainly weren't. There are two caveats in the Bill of Rights which the framers of the second amendment carefully removed. However, the second amendment is famously difficult to interpret, and a case can be made that the people whose right to bear arms was affirmed was those who would have been called on to serve in the militia, namely (free, non-Amerind) men. Ad 3: That's an empirical question I have no evidence on. It's not clear that more women were armed in Wyoming than in say Arizona, where women didn't get the vote until 1912, or Texas, where they didn't get it until 1918. Ad 4: This is certainly false. Women in New Jersey had the right to vote since 1776. When Wyoming women got the vote, it was not a state. Women in Pitcairn Island got the vote in 1838, 31 years before women in Wyoming, and they had neither the protection of the US constitution nor the danger of rattlesnakes. Ad 5: If women having guns got them the vote, it would be difficult to understand how women with guns could ever _lose_ the vote. Yet they did. New Jersey: women got the right to vote in 1776, did vote from 1787, LOST the vote in 1807. Utah: women got the vote in 1870, and LOST the vote in 1887. Territory of Washington: women got the vote in 1883, and LOST the vote in 1887. Ohio: women got the vote in 1917 and LOST it later that year. We would also expect that countries that limited the right to bear arms would extend the vote to women later. Now the 1918 constitution of the USSR says (Article 2, paragraph 19): For the purpose of defending the victory of the great peasants' and workers' revolution, the Russian Socialist Federated Soviet Republic recognizes the duty of all citizens of the Republic to come to the defence of their socialist fatherland, and it therefore introduces universal military training. The honor of defending the revolution with arms is accorded only to the workers, and the non-working elements are charged with the performance of other military duties. This actually sounds a lot like the 2nd amendment, except for the restriction to "the workers". However, article 23 makes it clear that this has nothing to do with defence *from* the state: Being guided by the interests of the working class as a whole, the Russian Socialist Federated Soviet Republic deprives all individuals and groups of rights which could be utilized by them to the detriment of the socialist revolution. So you could carry a gun in the army, but not shoot a tax collector. Yet the USSR gave women the vote before Michigan or Oklahoma or South Dakota or Texas! Did women in Texas have no guns? My source for these dates is http://www.nzhistory.net.nz/politics/womens-suffrage/world-suffrage-timeline which cites C. Daley and M. Nolan (eds), Suffrage and beyond: international feminist perspectives, Auckland University Press, Auckland, 1994. The RISK? The truth is out there, but so is a whole lot of self-serving wishful thinking. (For example, the Pill had no detectable effect on birth rates in English-speaking countries, contra the popular mythology.) ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request(a)csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request(a)csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe(a)csl.sri.com or risks-unsubscribe(a)csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall(a)newcastle.ac.uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks(a)CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.55 ************************

1 0

Re: [Cryptography] /dev/random is not robust
by Eugen Leitl 18 Oct '13

18 Oct '13

----- Forwarded message from Theodore Ts'o <tytso(a)mit.edu> ----- Date: Thu, 17 Oct 2013 09:08:00 -0400 From: Theodore Ts'o <tytso(a)mit.edu> To: Adam Back <adam(a)cypherspace.org> Cc: Jerry Leichter <leichter(a)lrw.com>, Sandy Harris <sandyinchina(a)gmail.com>, Cryptography <cryptography(a)metzdowd.com> Subject: Re: [Cryptography] /dev/random is not robust Message-ID: <20131017130800.GE11932(a)thunk.org> User-Agent: Mutt/1.5.21 (2010-09-15) On Thu, Oct 17, 2013 at 02:32:57PM +0200, Adam Back wrote: > > Yarrow, and the replacement Fortuna try to address this problem by > accumulating entropy and adding it in bigger lumps.. ... and Linux's /dev/random driver does this. Post July 2012, most of the entropy is gathered via a per-CPU (to a avoid cache line bouncing effects and so it can be lockless) entropy pool, where we sample the high resolution cycle counter (or whatever the highest granularity clock / memory refresh control register / etc. we have access to on the archtecture) and the interrupted IP, and mix that into the per-CPU fast mix pool on every interrupt. We do *not* use an entropy estimator for this interrupt fast mix pool. Instead, we sample Every 64 interrupts, we transfer entropy from the fast mix pool to the input pool, and we credit the input pool with a single bit of entropy. (There is very likely much more than a single bit of entropy that has gotten accumulated during those 64 interrupts, but out of an abundance of caution, we're using a very conservative estimate for administrative concerns.) In both the pre and post July 2012 designs, using a Yarrow-like approach, we only transfer entropy from the input pool to the output pool when there is sufficient entropy estimated to be in the input pool so that we can do a "catastrophic ressed". The "/dev/random is not robust paper" assumed that the attacker could control the interrupt timings such that estimate of entropy in the input pool was incorrect, and thus the catastrophic reseed aspect of the design could be bypassed. I've already discussed why I don't believe that the assumption that the attacker could control the interrupt timings to such an extent is not realistic, and analysis of the entropy estimator (as used in the pre-July 2012 design) showed that in fact, it was quite good. But in the post July 2012 design, we no longer use an interrupt estimator for the interrupt fast mix pool. We abandoned it for efficiency concerns, since we wanted to make the cpu count on the global interrupt fast path as low overhead as possible; instead, we traded this off by a brute force quantity argument --- if we can collect the timing for every single interrupt we're much better off than collecting it only for some interrupts, especially when in the old design (which involved CPU cache line bouncing and potential lock contention) device driver authors were disabling the entropy collection more often than not. So in the new design, we aren't using an dynamic entropy estimator --- instead, we're assuming that after collecting the timings for 64 interrupts, we've collecting a single bit of entropy, which is really a static entropy measure. Could this be spoofed if the attacker has control of the interrupt timings of the system? Sure, but if the attacker has that level of control on the system, then then pretty much all generators would be seriously compromised as well. The only way the paper could show that their proposed generator was "robust" was based on the assumption that it would be possible for the attacker to control the entropy inputs in such a way that entropy estimator would be spoofed, but the attacker might still not know some of the bits of the entropy inputs. After all, if the attacker knows all of the bits, then by definition all generators would be screwed. However, what has not been demonstrated in the paper is a real life scenario where the attacker would have that level of control over the entropy inputs --- enough that entrpoy estimators would be fooled, but not enough control that their constuction could be considered robust. Regards, - Ted _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

[12] cryptologic processing
by brian carroll 18 Oct '13

18 Oct '13

--- overview --- when cryptography is removed from a computer-only context, the boundaries in which it could be modeled to function within would expand into a wider realm of considerations that otherwise may never be questioned, and thus exist limited in that computational domain, confined in a given threshold of interpretation. thus, to exit the ideological constraint of 'knowing' a particular approach, and then eventually to reenter the computer context with perhaps a wider range of consideration for what might be possible... i think one of the most evident assumptions about computer cryptography as it exists is the role of mathematics (if not algebraic,) in defining the model if not paradigm for computer encryption. this could be a false view due to a naive outsider observer of these technological events, though it allows consideration of the involved issues nonetheless, however accurate. the case has been made that [signs] are used in language and mathematics, and that this is the basis for code that is used to program software, and it is tied into equations, algorithms of mathematics yet also software that models a cryptographic process, to encrypt and decrypt information. and so it has been questioned - how are these signs themselves modeled in terms of their truth, or has this not occurred and potentially ungrounded 'data' and beliefs are the default, as this relates to language, observation, and relations that are the basis for this cryptographic exchange. thus a question of [code] could be removed from consideration of the truth of the symbols and signs used in these interactions, their foundation, if they are actually accounted for in their truth, grounded or ungrounded, as this relates to issues of security, secrecy, privacy, and so on. and so a default condition seemingly exists, where this code itself, programming, and software/hardware solutions could potentially be ungrounded, if they are operating within frameworks and context of partial-truth (pT), versus a model that is empirical grounded, not just in terms of the mathematics as 1=1, further on to account for 1=truth. which seems to be missing in all such equations, as representations can be detached from their accounting. and so the bulletproof ideology could exist that mathematics equals strong code, on the basis of 'belief in mathematics' that could tend towards the ideological. yet in this way, functions beyond proof and other dynamics may rely on a theorized capacity and theorized security framework that itself is the weakness, as pT=/T, as this structuralizes a basis for exploitation. [code] ---> mathematics so it is to question a prevailing condition or potential assumption that the simple act of representing reality can be equated with reality itself as a belief system, that becomes faith based, or based on personal trust issues as a security model. the more esoteric the mathematic equations or code, perhaps the more secure, if it were not involving rigor, though that appears opposite the nature of the discipline or its practicioners and developers, in that a community overviews and oversees development of the crypto and its security and integrity is also a basis for their own. [code] ---> mathematics == security so a presumption could exist that the involvement or role of mathematics in cryptography is how it establishes its security. and this text is to call this fundamental or foundational notion into question. is it really true? another way of evaluating this condition is that 1=1 would be the basis for establishing security. and mathematically it could represent 'truth' via this correspondence or pattern matching of [signs]. and yet in an ungrounded condition, pattern matching of [sign]=[sign] can equate with 'truth' via its representation, yet not its actuality beyond the signage itself, thereby [1]=[1] could remain variable and only in a context of pseudo-truth by default. if ["sign"] is not accounted for in a shared empirical model. it is just language then, communication at a given surface-level interpretation. there is the missing dimension of philosophy that validates the truth it potentially involves. it is not just about signs -- their truth must accounted for beyond this immediate level of calculation. it involves and requires more consideration and evaluation. [code] ---> mathematics != security in other words it is to propose that 'truth' is not by default within the signs used to represent a situation, because they can be ungrounded and function as if literature - describing a situation, though it involves variability by default. an issue of relativistic observation and how the data that is modeled is accounted for, removed of error or reliant upon it, and thus the gap between what is real and what is represented is at issue. it would seem to involve 'pattern matching' as a concept, the basis for the ability to establish 1=1 correlations in terms of number and its processing via symbols and other signs that map into the world and manipulate these relations and frameworks. and thus as stated, this A=A consideration is of the domain of establishing truth via logical reasoning, and thus a realm of thinking about concepts and ideas is involved, underneath the establishing of these mathematical models and processes. the ideas involved in these relations, as they become formalized. there is incoherence at this level, as currently the ideology of binarism make this connection an issue of shared belief in an approach, versus its truth beyond a given boundary. [code] ---> mathematics (concepts) so it is to question what is going on at a more fundamental, foundational level prior to this cryptographic modeling of information, such that What If the concepts themselves are ungrounded in some way, such that variables or representative signs or equations may not be by default /empirical/ and instead could exist in domains of relativistic skew, distortion, and bias in hidden ways that could also be exploited or subverted. thus while the [signs] may be operational, are they actually grounded in truth or some belief system that equates with truth, because it is assumed to exist in the signage and not beyond it. in the manipulations not what is referenced. [code] ---> mathematics ('concepts') thus to consider the deeper truth involved in such conceptualization, and this relates number to letter in terms of its use as signage, as both of these can function as language systems that are in ways integrated, yet assumed to be differentiated at the level of mathematics and, say, writing a novel or short-story fiction as this is believed different than novel algorithms and exploratory equations and theoretical proofs. what if the mathematical viewpoint is ungrounded or relativistic, for instance, or that the literature could be more objective than equations filled with numbers ultimately, the mathesis involved appears to not differentiate a model of empirical truth in terms of A=A equivalence, from either math or language in that both could be evaluated in this same context from the beginning. a shared modeling in other words, potentially. so the alphanumeric code could be integrated at a substructural level to the [signage] that differentiates the mathematic and linguistic, yet this could also be a false perspective or inaccurate belief and mistaken assumption- perhaps they are one system so where this is going is to consider a particular existing viewpoint and interpretative framework for crypto, especially as defined by computers and peripherals, that establishes a fixed idea about what it is and involves and yet may involve these hidden boundaries that are also warped or biased towards certain interactions or investigations and can disallow others [code] ---> mathematics (algebra) an example is if considering a given approach to crypto involves algebraic functions as a paradigm as this relates to computation. this approach then becomes the context for evaluation and mediation of representative [signs] that may also be bounded in their interpretation in this way, due to the delineation between mathematical and linguistic data. the "algebra" may only be conceptualized and believed to function at the unit of [signs] and their manipulation as signs, and not involve algebraic computations within the [signage] itself, potentially, in terms of subsign units. this is to attempt to convey that a boundary condition could be upheld that views and models language as inviolable in terms of certain existing rules such that a [word] is viewed as a unit, and not considered in its inherent variability in terms of this same potential algebraic functioning. in that the math is the math and the language is the linguistics, and the math is doing things to the language based on particular established relations and boundaries about what these relations and how they are believed to function based on convention if not ideological views and understanding. it is very abstract and perhaps inaccurate as stated here, yet seeks to ask- to what extent is the information viewed passive, inert, and non-meaningful, as this relates to its transformation (encryption) and reconstitution (decryption). where is the boundary for this transmutative relation and dynamics: is it inherently what mathematics does to language, from an outside-in approach, such that mathematics acts upon the [signs], or might it potentially involve accessing an inherent mathematical structure within language itself, and thus a different boundary or relation could allow the language itself to be the basis for the algorithms and equations, or to bridge across these in a different, more integrated and meaningful way. it makes little sense without visualizing it, yet email flintworks this era of devolving infrastructure and tools involve make it difficult to convey in the given medium, thus limiting what can be easily accurately shared and in what ways- forcing the perspective for signage, and thus relationships [code] ---> mathematics (geometry) likewise, if cryptographic operations involved a geometric modeling of data this could also apply to how the content of the encryption scheme then is evaluated and processed. and again, an issue of boundaries. how are the [signs] considered in terms of the language or messaging involved. is this an outside operation of geometry that transforms 'information' which is measured by units of words and sentence structures and their formatting, or may it potentially involve more than this, such that beyond this limit, a subsign geometric structure could exist and be connected to, and become a basis for this transformational processing. thus the 'truth' of the signs as these relate in across the conventional line separating mathematics and linguistics, in terms of a shared patterning that involves both domains. [code] == (mathematic & linguistic) so if considering the issue of boundaries and representation, and how logic establishes these structures of observation and perception and modeling, that perhaps code itself, in its truth, involves a more fluid interaction in these domains than the traditional viewpoint can acknowledge, as this relates to the concepts involved and how they are approached. for instance computation or equations or algorithms, how data is processed, encrypted in terms of pattern matching (A=A), this could span a model of both code as a mathematic and linguistic structure, given 3-value and N-value logic. in this way, the [sign] itself could not only have a mathematic operation that is transforming it from the outside or external boundary, and instead this processing could occur inside, and consist of its own equations, based upon inherent calculative dimensions of its symbolic or sign-based linguistic structuring (as language). in other words, a [word] could have calculative and computational potential built-into it, in terms of its patterning and yet if the word is not allowed to be evaluated beyond its whole conception, the subsign structuring may be by default off-limits or made inaccessible. this is to include smaller units than the word as sign, to include even more basically letters, whereby for example the letter [Z] may only be evaluated in terms of its being 'z' and not its components or ~various structural relations with other letters, such as S|Z or N/Z or numbers: Z|5 and Z-2. though of course there is more to it than this, because the same structure can be taken apart and evaluated in its individual components: -/_ or > and <, etc [code] ---> pattern matching so the idea is that programming itself is based within code and issues of how it is modeled and how it represents the world, and it is to question if this is actually truly grounded or based in an ideological belief system. and so it is assumed there is partial grounding, in some ways, though a realm of error or a gap exists between what is modeled and what exists (pT=/T) and this includes the conceptualization of code itself as signage likewise, the default boundaries of this code could effect how it is both managed and processed, within what parameters. and thus the heavy reliance on mathematics as if the basis for this strength, yet the same potential as a weakness if it too is ungrounded or only partially so, in terms of the potential for exploits based on these errored notions and beliefs. (A=B) the cryptographic consideration in this scenario then, of how signs are processed and conceived of, as units to be transformed by equations, as if the basis for objectivity, yet not accounting for this in logic itself (T) beyond the level of the [signage], such that pattern matching of signs is believed of direct equivalence with truth itself, thus 1=1 is truth, yet not taking into account what this potentially represents, in its truth and perhaps this is the issue with language and observation as a context for the mathematic, and how internal processing of a person is externalized and thus ungrounded views and beliefs can be made structural and equated with [signs] via shared assumptions and viewpoints, that because they are shared and agreed upon, are themselves believed to be true. binary logic and ideology are what allows this perception as a default condition, yet it can be and likely is ungrounded and based within relativism, automatically, or in other words, occupies a framework in pseudo-truth that continually is expanded upon via endless viewpoints that together in their inaction with other such views, even as agreed upon and confirmed as shared observation, tends towards nothingness (0) as a perspective instead of towards truth (1) [code] ---> (signs/symbols) thus it is to consider the code in terms of this issue of signage and of boundaries, as it involves interpretation beyond these, to what they are referencing, where their truth can be accounted for, in its accuracy as a model or representation. ungrounded relativism has no need of this extra step, and in this way mathematics can freely function as if writing.. thus the vital issue of error-checking and correction of code at the level of signs used to represent ideas and concepts (mathematics, crypto models) as this exists beyond equations and algorithms and into a realm of ideas, how truth is evaluated, and the requirement of this in terms of security all of this to establish and allow a conceptualization that follows, that considers programming and code for cryptography in what may be perceived as an off-limits consideration- that of typography. --- crypto.typologic --- in the same way that crypto is conceptualized to be related to mathematics, it is also proposed typography has connected structural relevance to this crypto~graphic inquiry [crypto] ---> [mathematics] in other words, in the linguistic context that also establish and define approaches to cryptologic systems and their cryptographic conventions, it is to consider the boundaries separating their interactions... [crypto] ---> [linguistics] in other words, what if at the level of representation within code itself there is a boundary or limit or threshold condition upheld by convention that is itself arbitrary, a forced perspective even, and that it could be holding back other options and perspectives for the questioning involved... for instance, encryption that involves algebraic and geometric operations and functions, as these may be bound to mathematical transformation of signage, yet at a certain bounded condition, outside or upon the sign itself or at its periphery, versus within it, in terms of its subsign dynamics or subsign meaning [crypto] ---> [mathematics] --> [signage] this approach is essentially to consider the relation between mathematics and language, in a context of linguistics, whereby a calculus could exist that bridges the distance between what is traditionally viewed as the objective (A=A) and the subjective (A=B) as this corresponds with numbers and letters, here in a context of signs and symbols or various patterning [crypto] ---> [math/linguistics] ---> [signage] what if, for instance, the context for evaluation of data, pre-encryption, was based in a combined A=A boundary established by *mathesis*, such that the signs evaluated and transformed had this larger dimensionality involved in the initial consideration, versus bounding of the linguistic within the mathematic, potentially, as a set(subset) relation: mathematic(language) in this way, equations could be limited, skewed, or bounded by a particular relativistic interpretation that may assume accuracy due to shared views yet be based upon or rely upon mistaken assumptions while believed true, even while signs themselves may exist or persist beyond these boundaries and be accounted for otherwise, yet not evaluated due to being off-limits [crypto] ---> [geometry/algebra] ---> [signage] thus the consideration of signs and collections of signage within crypto communications and messaging could exist in a calculative context, yet this could involve both mathematic -and- linguistic computations, by default, yet in terms of software evaluations may bias a mathematic approach to establishing equations and algorithms in terms of numbers and not letters due to convention and an inherited mindset for what parameters exist and how computation takes place, at the level of pattern recognition of signs yet not of the underlying truth these signs map to and reference, and in this disconnection, the potential for a representational short-circuiting between what is represented and calculated and what is actually real, true. and thus ungrounded observation and computation, as this leads to relations and crypto exchange that is insecure by design, versus a model that is empirically grounded and error-corrected and constant under evaluation in terms of its truth, including that of its content, the signs it involves [crypto] ---> [linguistic] ---> [signage] it is in this conflicted condition that the linguistic evaluation of signs can establish a foundation for truth via the de|con-struction of signs into their more elemental armatures. and this evaluation can occur in terms of various structures, such as nouns or verbs, or sentence tree diagrams, or hundreds of other approaches to evaluate how language is structured and how this maps into meaning and its verification of some perceived truth, though this could still be at the level of pattern matching of signs, and not of actual knowledge itself. such that a boundary may exist for mimicry-based AI versus intuitive computations that are based on a comprehensive model of grounded empirical knowledge, due to this gap and approach to computation, say reliance on binary approaches and constraints to force viewpoint, etc [crypto] ---> linguistic (algebraic/geometric) so all of this background text is required to establish a given framework to evaluate a pending alternative conceptualization that considers and recontextualizes cryptology within a computational context of linguistics, yet potentially in a territory beyond existing perspective that involves subsign computations that are not mapped into traditional adjective/noun and other existing models, yet can likewise potentially be interconnected with them in various structural entanglements, as patterns collide, form, and mutate based upon relations and dynamics of sign-al processing. in other words: why not have algebraic and geometric functions and ~various operations within the signage itself, instead of at a protected boundary that limits such computation to a realm of numeracy, for instance. why not run an algorithm that transforms or relates or transforms subsign units, whether letters or words or sentence or paragraphs or all of these together (in terms of nested superset-set-subset dynamics), such that the [signage] is itself transformed, encrypted, versus a secondary wrapper or envelope or container that "represents" this encryption of plain-text interior content one approach to this, of a vast innumerable many, would be to evaluate the typographic condition of code itself, as a basis for what is and what can be ~programmed, in what terms and parameters, based on how tools function and how the cryptologic and cryptographic situation is conceptualized... [crypto] ---> [typography] ---> [signage] in other words the geometry of signs themselves, letters as with numbers (though to focus on only the former as the primary example) have within their patterning an implicit structure that graphically relates to other alphanumeric characters, and thus the unit of measure, whether individual letter or their combination into words, can become a basis for evaluating these relational dynamics in terms of shared dimensionality, the shared scaffolding of logic connection that pre-exists other evaluations else informs it and can provide additional framework to map onto considerations whereby letters and numbers themselves are entangled in their connectedness and likeness and unlikeness as patterns, and this is inherently ~variable such that a letter such as 'y' may relate to the letter 'v' in one context whereas if rotated may relate to the letter 'h'. this transformation is inherent in all letters and their combination. such that letters alone may have properties, though so too words, via ambigrams or other evaluations. yet the question goes further than this, and into a realm of abstraction that is perhaps approximate to moving from a question of typography from an interpretation of fonts and font styles, to that of abstract patterning that may no longer be legible as a decipherable language, due to the potential to break apart each letter into subsign units, say a capital letter L into components: | _ and in this way, how might [code] and geometric calculation exist in such a transmutational context of alphanumerics that break the model of literacy or go beyond its existing boundary, into other realms of interpretation. such that the ascender and descender, mean line, baseline and median, and arms, spans,bowls, shoulders, counters, and terminals become graphic units that are potentially computational, if they are standardized and aligned. and this is what the HIOX model of alphanumerics opens up and allows yet it could go to a much higher level of resolution given the details of language and how these sign systems exist across all language, potentially, mapping into a master symbol that reverse engineers all language in a single view in this way, from [code] to [mastercode] if not many relativistic codes into a shared framework of a grounded empirical model that is based within and references the same evaluation of (paradoxical) truth in its pattern matching. this is ancient stuff, the ideas involved formatting civilization The Orphic Trilogy, Cabaret, GiGi Π Ω δ

1 0

Re: [Cryptography] /dev/random is not robust
by Eugen Leitl 18 Oct '13

18 Oct '13

----- Forwarded message from Jerry Leichter <leichter(a)lrw.com> ----- Date: Thu, 17 Oct 2013 13:53:11 -0400 From: Jerry Leichter <leichter(a)lrw.com> To: Kent Borg <kentborg(a)borg.org> Cc: tytso(a)mit.edu, cryptography(a)metzdowd.com Subject: Re: [Cryptography] /dev/random is not robust Message-Id: <5D9D1764-5578-42A4-BBB1-4586B5F167D3(a)lrw.com> X-Mailer: Apple Mail (2.1510) On Oct 17, 2013, at 1:05 PM, Kent Borg <kentborg(a)borg.org> wrote: > But is this something that /dev/urandom might do better? Should blocking be added to /dev/urandom immediately after boot until some reasonable threshold has been reached at least once? Or on first boot are common distributions restoring a bad seed file and /dev/random can't tell? Arrgh, I am starting to think that the RNG is the wrong place to fix it. > > Should RNGs attempt to detect uninitialized states and refuse to run? One answer to this question appears in the FIPS standards for RNG's. At times, they've required a continuous on-line test of the numbers being generated, with automatic shutdown if the test fail. These requirements almost certainly came from the hardware background of the FIPS standards. For hardware, certain failure modes - stuck at 0/stuck at 1 are the most obvious; short cycles due to some internal oscillation may be another - are extremely common, and worth checking for. For software-based deterministic PRNG's, such tests are mainly irrelevant - code doesn't develop such failures in the field. As the FIPS standards were adjusted for a more software-based world, the requirement for on-line testing was dropped. Looking through some old messages on the subject here on the Cryptography list, I found one from Francois Grieu back in July of 2010: > The Smart Card industry uses True RNG a lot. There, a common line of > thought is to use: > - a hardware RNG, which raw output (perhaps biased) is directly > accessible for testing purposes (only), so that the software can check > it in depth at startup and from time to time to ascertain that it is at > least generating a fair amount of entropy > - followed by appropriate post-processing in hardware (so as to gather > entropy at all time), acting as a mixer/debiaser:; e.g. something LFSR-based > - followed by a crude software test (e.g. no bit stuck) > - optionally followed by software postprocessing (the subject is > debated; this software has to be proven to not include weakness, and the > hardware + crude software test is certified to eliminate such weakness, > so why bother, some say) > > There is a standard, known as AIS31, on evaluating True RNG, which > de-facto enforces the first three steps > <https://www.bsi.bund.de/cae/servlet/contentblob/478130/publicationFile/3027…> > which references > <https://www.bsi.bund.de/cae/servlet/contentblob/478152/publicationFile/3027…> More recently, David Johnston, who I gather was involved in the design of the Intel on-chip RNG, commented in a response to a question about malfunctions going undetected: > That's what BIST is for. It's a FIPS and SP800-90 requirement. Of course, with generators like the Linux /dev/random, we're in some intermediate state, with hardware components that could fail feeding data into software components. My own view on this is that there's no point in testing the output of a deterministic PRNG, but the moment you start getting information from the outside world, you should be validating it. You can never prove that a data stream is random, but you can cheaply spot some common kinds of deviation from randomness - and if you're in a position to "pay" more (in computation/memory) you can spot many others. You have no hope of spotting a sophisticated *attack*, and even spotting code bugs that destroy randomness can be hard, but it's hard to come up with an example of an actual real-world hardware failure that would slip through. So you might as well do the testing. -- Jerry _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

Re: [Cryptography] /dev/random has issues
by Eugen Leitl 18 Oct '13

18 Oct '13

----- Forwarded message from John Denker <jsd(a)av8n.com> ----- Date: Thu, 17 Oct 2013 09:12:48 -0700 From: John Denker <jsd(a)av8n.com> CC: Cryptography <cryptography(a)metzdowd.com> Subject: Re: [Cryptography] /dev/random has issues Message-ID: <52600C80.3050407(a)av8n.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Here is an experiment you can do, if you have a Linux system: cat /proc/sys/kernel/random/entropy_avail I predict that it is likely to be a smallish number, less than 192 bits, not enough to cut a PGP key. This seems to conflict with the stated purpose of having /dev/random, and with the purpose of having buffers within the device. On 10/17/2013 06:08 AM, Theodore Ts'o wrote: > using a Yarrow-like approach, I find the current version of /dev/random to be partly yarrow-like and partly not. It is yarrow-like in the sense that it performs updates in batches, with a substantial minimum batch-size. It is non-yarrow-like in that it presents far too much load on the upstream source of entropy. ================= On 10/13/2013 05:03 PM, Jerry Leichter wrote: > Hundreds of eyeballs may have been on the Linux code, but we still > ended up fielding a system with a completely crippled RNG and not > noticing for months. I'm not at all convinced that hundreds of eyeballs have ever looked at the source code for Linux /dev/random. In any case, a small number of careful eyeballs would be far more valuable than a huge number of cursory eyeballs. Suppose we provide /dev/random with a good source of entropy, including (!) a reliable estimate of the amount of entropy (hint: turbid). Even then, it is not at all obvious that the current version of the Linux /dev/random is a good custodian of the entropy it is given. I noticed this when working on the upcoming new version of turbid. It contains a subsystem that feeds entropy into /dev/random. I didn't want to look at /dev/random at all, but eventually I had to, because I couldn't figure out a way to feed it entropy without huge amounts of waste. AFAICT that isn't possible in the current version, although this is a fixable problem. A non-exhaustive list of questions and issues -- some quite deep and some quite superficial -- can be found at http://www.av8n.com/turbid/paper/devrandom.htm I have a prototype ("alpha") version of random.c that addresses most of these issues. If there are any misunderstandings about what /dev/random is doing, it would be good to clear them up sooner rather than later. ===================================== A word about the article by Dodis et al. claiming that /dev/random is "not robust". IMHO that is a red herring. It raises issues that have little direct importance. For one thing, there is no consensus that their definition of "robust" is relevant in a practical engineering sense. Perhaps more importantly, we must object to the assertions about «how hard (or, perhaps, impossible?) it is to design a sound entropy estimation procedure». It is a truism in many fields, including sculpture as well as programming, that it is easy to do things wrong and hard to do things right. However, that does not mean that things /cannot/ be done right. In particular, it is definitely *not* impossible to implement an entropy estimator based on the second law of thermodynamics, which is far more reliable than several other assumptions that form the basis of modern cryptography. Such a thing requires effort and depth of understanding and attention to detail, but it can be done. Hint: turbid. The existence of unimportant issues should not blind us to more-important issues. _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

2 1

[cryptography] Vernam, Mauborgne, Friedman: The One-Time Pad and the Index of Coincidence
by Eugen Leitl 18 Oct '13

18 Oct '13

----- Forwarded message from John Young <jya(a)pipeline.com> ----- Date: Thu, 17 Oct 2013 16:22:35 -0400 From: John Young <jya(a)pipeline.com> To: cryptography(a)randombit.net, cypherpunks(a)cpunks.org, cryptome(a)freelists.org Subject: [cryptography] Vernam, Mauborgne, Friedman: The One-Time Pad and the Index of Coincidence X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Message-ID: <E1VWu4z-0004yQ-3B(a)elasmtp-junco.atl.sa.earthlink.net> Steven Bellovin Talk at NSA History Conference today: Vernam, Mauborgne, Friedman: The One-Time Pad and the Index of Coincidence <https://www.cs.columbia.edu/%7Esmb/talks/VernamMauborgneFriedman.pdf>https://www.cs.columbia.edu/~smb/talks/VernamMauborgneFriedman.pdf _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

1 0

Vernam, Mauborgne, Friedman: The One-Time Pad and the Index of Coincidence
by John Young 18 Oct '13

18 Oct '13

Steven Bellovin Talk at NSA History Conference today: Vernam, Mauborgne, Friedman: The One-Time Pad and the Index of Coincidence <https://www.cs.columbia.edu/%7Esmb/talks/VernamMauborgneFriedman.pdf>https://www.cs.columbia.edu/~smb/talks/VernamMauborgneFriedman.pdf

1 0

beware of potential Lavabit honeypot
by Eugen Leitl 18 Oct '13

18 Oct '13

See thread on http://www.reddit.com/r/privacy/comments/1okv6c/fbinsa_have_set_up_a_honeyp…

1 0

NSA's key role in targeted killings
by Eugen Leitl 17 Oct '13

17 Oct '13

http://www.washingtonpost.com/world/national-security/documents-reveal-nsas… Documents reveal NSA’s extensive involvement in targeted killing program Video: In June, President Obama said the NSA’s programs “help us prevent terrorist attacks.” By Greg Miller, Julie Tate and Barton Gellman, Thursday, October 17, 2:07 AM E-mail the writers It was an innocuous e-mail, one of millions sent every day by spouses with updates on the situation at home. But this one was of particular interest to the National Security Agency and contained clues that put the sender’s husband in the crosshairs of a CIA drone. Days later, Hassan Ghul — an associate of Osama bin Laden who provided a critical piece of intelligence that helped the CIA find the al-Qaeda leader — was killed by a drone strike in Pakistan’s tribal belt. The U.S. government has never publicly acknowledged killing Ghul. But documents provided to The Washington Post by former NSA contractor Edward Snowden confirm his demise in October 2012 and reveal the agency’s extensive involvement in the targeted killing program that has served as a centerpiece of President Obama’s counterterrorism strategy. An al-Qaeda operative who had a knack for surfacing at dramatic moments in the post-Sept. 11 story line, Ghul was an emissary to Iraq for the terrorist group at the height of that war. He was captured in 2004 and helped expose bin Laden’s courier network before spending two years at a secret CIA prison. Then, in 2006, the United States delivered him to his native Pakistan, where he was released and returned to the al-Qaeda fold. But beyond filling in gaps about Ghul, the documents provide the most detailed account of the intricate collaboration between the CIA and the NSA in the drone campaign. The Post is withholding many details about those missions, at the request of U.S. intelligence officials who cited potential damage to ongoing operations and national security. The NSA is “focused on discovering and developing intelligence about valid foreign intelligence targets,” an NSA spokeswoman said in a statement provided to The Post on Wednesday, adding that the agency’s operations “protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction.” In the search for targets, the NSA has draped a surveillance blanket over dozens of square miles of northwest Pakistan. In Ghul’s case, the agency deployed an arsenal of cyber-espionage tools, secretly seizing control of laptops, siphoning audio files and other messages, and tracking radio transmissions to determine where Ghul might “bed down.” The e-mail from Ghul’s wife “about her current living conditions” contained enough detail to confirm the coordinates of that household, according to a document summarizing the mission. “This information enabled a capture/kill operation against an individual believed to be Hassan Ghul on October 1,” it said. The file is part of a collection of records in the Snowden trove that make clear that the drone campaign — often depicted as the CIA’s exclusive domain — relies heavily on the NSA’s ability to vacuum up enormous quantities of e-mail, phone calls and other fragments of signals intelligence, or SIGINT. To handle the expanding workload, the NSA created a secret unit known as the Counter-Terrorism Mission Aligned Cell, or CT MAC, to concentrate the agency’s vast resources on hard-to-find terrorism targets. The unit spent a year tracking Ghul and his courier network, tunneling into an array of systems and devices, before he was killed. Without those penetrations, the document concluded, “this opportunity would not have been possible.” At a time when the NSA is facing intense criticism for gathering data on Americans, the drone files may bolster the agency’s case that its resources are focused on fighting terrorism and supporting U.S. operations overseas. “Ours is a noble cause,” NSA Director Keith B. Alexander said during a public event last month. “Our job is to defend this nation and to protect our civil liberties and privacy.” The documents do not explain how the Ghul e-mail was obtained or whether it was intercepted using legal authorities that have emerged as a source of controversy in recent months and enable the NSA to compel technology giants including Microsoft and Google to turn over information about their users. Nor is there a reference to another NSA program facing scrutiny after Snowden’s leaks, its metadata collection of numbers dialed by nearly every person in the United States. To the contrary, the records indicate that the agency depends heavily on highly targeted network penetrations to gather information that wouldn’t otherwise be trapped in surveillance nets that it has set at key Internet gateways. The new documents are self-congratulatory in tone, drafted to tout the NSA’s counterterrorism capabilities. One is titled “CT MAC Hassan Gul Success.” The files make no mention of other agencies’ roles in a drone program that escalated dramatically in 2009 and 2010 before tapering off in recent years. Even so, former CIA officials said the files are an accurate reflection of the NSA’s contribution to finding targets in a campaign that has killed more than 3,000 people, including thousands of alleged militants and hundreds of civilians, in Pakistan, according to independent surveys. The officials said the agency has assigned senior analysts to the CIA’s Counterterrorism Center, and deployed others to work alongside CIA counterparts at almost every major U.S. embassy or military base overseas. “NSA threw the kitchen sink at the FATA,” said a former U.S. intelligence official with experience in Afghanistan and Pakistan, referring to the Federally Administered Tribal Areas, the region in northwest Pakistan where al-Qaeda’s leadership is based. NSA employees rarely ventured beyond the security gates of the U.S. Embassy in Islamabad, officials said. Surveillance operations that required placing a device or sensor near an al-Qaeda compound were handled by the CIA’s Information Operations Center, which specializes in high-tech devices and “close-in” surveillance work. “But if you wanted huge coverage of the FATA, NSA had 10 times the manpower, 20 times the budget and 100 times the brainpower,” the former intelligence official said, comparing the surveillance resources of the NSA to the smaller capabilities of the agency's IOC. The two agencies are the largest in the U.S. intelligence community, with budgets last year of $14.7 billion for the CIA and $10.8 billion for the NSA. “We provided the map,” the former official said, “and they just filled in the pieces.” In broad terms, the NSA relies on increasingly sophisticated versions of online attacks that are well-known among security experts. Many rely on software implants developed by the agency’s Tailored Access Operations division with code-names such as UNITEDRAKE and VALIDATOR. In other cases, the agency runs “man-in-the-middle” attacks in which it positions itself unnoticed midstream between computers communicating with one another, diverting files for real-time alerts and longer-term analysis in data repositories. Through these and other tactics, the NSA is able to extract vast quantities of digital information, including audio files, imagery and keystroke logs. The operations amount to silent raids on suspected safe houses and often are carried out by experts sitting behind desks thousands of miles from their targets. The reach of the NSA’s Tailored Access Operations division extends far beyond Pakistan. Other documents describe efforts to tunnel into systems used by al-Qaeda affiliates in Yemen and Africa, each breach exposing other corridors. An operation against a suspected facilitator for al-Qaeda’s branch in Yemen led to a trove of files that could be used to “help NSA map out the movement of terrorists and aspiring extremists between Yemen, Syria, Turkey, Egypt, Libya and Iran,” according to the documents. “This may enable NSA to better flag the movement of these individuals” to allied security services that “can put individuals on no-fly lists or monitor them once in country.” A single penetration yielded 90 encrypted al-Qaeda documents, 16 encryption keys, 30 unencrypted messages as well as “thousands” of chat logs, according to an inventory described in one of the Snowden documents. The operations are so easy, in some cases, that the NSA is able to start downloading data in less time than it takes the targeted machine to boot up. Last year, a user account on a social media Web site provided an instant portal to an al-Qaeda operative’s hard drive. “Within minutes, we successfully exploited the target,” the document said. The hunt for Ghul followed a more elaborate path. Ghul, who is listed in other documents as Mustafa Haji Muhammad Khan, had surfaced on U.S. radar as early as 2003, when an al-Qaeda detainee disclosed that Ghul escorted one of the intended hijackers to a Pakistani safe house a year before the Sept. 11, 2001, attacks. A trusted facilitator and courier, Ghul was dispatched to Iraq in 2003 to deliver a message to Abu Musab al-Zarqawi, the al-Qaeda firebrand who angered the network’s leaders in Pakistan by launching attacks that often slaughtered innocent Muslims. When Ghul made another attempt to enter Iraq in 2004, he was detained by Kurdish authorities in an operation directed by the CIA. Almost immediately, Ghul provided a piece of intelligence that would prove more consequential than he may have anticipated: He disclosed that bin Laden relied on a trusted courier known as al-Kuwaiti. The ripples from that revelation wouldn’t subside for years. The CIA went on to determine the true identity of al-Kuwaiti and followed him to a heavily fortified compound in Abbottabad, Pakistan, where bin Laden was killed in 2011. Because of the courier tip, Ghul became an unwitting figure in the contentious debate over CIA interrogation measures. He was held at a CIA black site in Eastern Europe, according to declassified Justice Department memos, where he was slapped and subjected to stress positions and sleep deprivation to break his will. Defenders of the interrogation program have cited Ghul’s courier disclosure as evidence that the agency’s interrogation program was crucial to getting bin Laden. But others, including former CIA operatives directly involved in Ghul’s case, said that he identified the courier while he was being interrogated by Kurdish authorities, who posed questions scripted by CIA analysts in the background. The debate resurfaced amid the release of the movie “Zero Dark Thirty” last year, in which a detainee’s slip after a brutal interrogation sequence is depicted as a breakthrough in the bin Laden hunt. Ghul’s case also has been explored in detail in a 6,000-page investigation of the CIA interrogation program by the Senate Intelligence Committee that has yet to be released. Sen. Dianne Feinstein (D-Calif.), the chairman of the panel, sought to settle the Ghul debate in a statement last year that alluded to his role but didn’t mention him by name. “The CIA detainee who provided the most significant information about the courier provided the information prior to being subjected to coercive interrogation techniques,” Feinstein said in the statement, which was signed by Sen. Carl Levin (D-Mich.). The George W. Bush administration’s decision to close the secret CIA prisons in 2006 set off a scramble to place prisoners whom the agency did not regard as dangerous or valuable enough to transfer to Guantanamo Bay. Ghul was not among the original 14 high-value CIA detainees sent to the U.S. installation in Cuba. Instead, he was turned over to the CIA’s counterpart in Pakistan, with ostensible assurances that he would remain in custody. A year later, Ghul was released. There was no public explanation from Pakistani authorities. CIA officials have noted that Ghul had ties to Lashkar-e-Taiba, a militant group supported by Pakistan’s intelligence service. By 2007, he had returned to al-Qaeda’s stronghold in Waziristan. In 2011, the Treasury Department named Ghul a target of U.S. counterterrorism sanctions. Since his release, the department said, he had helped al-Qaeda reestablish logistics networks, enabling al-Qaeda to move people and money in and out of the country. The NSA document described Ghul as al-Qaeda’s chief of military operations and detailed a broad surveillance effort to find him. “The most critical piece” came with a discovery that “provided a vector” for compounds used by Ghul, the document said. After months of investigation, and surveillance by CIA drones, the e-mail from his wife erased any remaining doubt. Even after Ghul was killed in Mir Ali, the NSA’s role in the drone strike wasn’t done. Although the attack was aimed at “an individual believed to be” the correct target, the outcome wasn’t certain until later when, “through SIGINT, it was confirmed that Hassan Ghul was in fact killed.”

1 0