I'm actually reading this a few times to try to force all the interconnected meaning into my messed up short term memory, and I think John is saying he can help us if I can translate. On 10/12/20, Karl <gmkarl@gmail.com> wrote:
On 10/12/20, Karl <gmkarl@gmail.com> wrote:
Received this reply late.
On 10/12/20, John Young <jya@pipeline.com> wrote:
Use of any online or digital programs and/or devices for comsec/infosec should be avoided unless completely enclosed and transmitted with non-online or non-digital means. There are a number of non-onlne and non-digital means available, the first and most reliable is your brain so long as it is not contaminated with belief in online and digital prejudice now over a century in promulgaton. The principal efforts for this promulgation is computers, coding, obfuscation, propaganda, arcanity, scientism, residual astrology, confidence gaming, spouting mantras, i.e., "cypherpunks write code."
John's saying that you need to shield your communication device and write down or memorize anything you want to bring in or out of the shielded enclosure. Nothing with metal moves in or out of the shielded enclosure. He's also saying there may be minimal need for digital cryptography, maybe to a smaller audience.
https://www.google.com/search?q=cypherpunks+write+code&rlz=1C1AOHY_enUS708US708&oq=cypherpunks+write+code&aqs=chrome..69i57.5595j0j7&sourceid=chrome&ie=UTF-8 This oh so cool mantra derives from the magicial, bewitching lodestone "national security," the abiding weapon of nations governed as royalty, heirarchical, the few overlording the many with force, elections, education, faith and trivializing deriviatives of entertainment, media, chat, parties, militants, rebels, revolutionaries, independents, intellectuals, geniuses, "democracies" ruled by kingdoms of presidents, congresses, courts.
Here I think John is saying that the cypherpunks movement stems from authority itself, which anybody who _isn't_ a cypherpunk and _doesn't_ understand computers well, would likely assume.
Nonetheless, always a nonetheless apologia for top-down regimes, far more rewarding to cooperate with authorities than to defy them, more lucrative too. So backdoors in crypto, each and every version, must be inherent code, along with outpourings of assurances there are workarounds to escape the many and be one of the few. Today, that is marketed as "smart."
I think John here might be expressing frustration, it's hard to tell. John, do you think the people putting backdoors in their cryptography _want_ to? Do you trust that all these unsigned messages are actually from your friends hearts? Ask any marketing worker with goonies like us behind them: backdoors in consumer software and hardware are _bugs_ to be _squashed_: _stupid_ _errors_, not _smart_ _code_!
At 06:23 AM 10/12/2020, Stefan Claas wrote:
Karl wrote:
[...]
After finding a good candidate airgapped device, you'll want to be careful with how you use it. Remember, whenever a new vulnerability is found, trojans cover the world taking advantage of it, and then try to find a way to hide inside the corners of all the systems they find. So, any drive you put in your new device, anything you plug into it, any update you apply, could be filled with computer-measles that would find a way to trick it into giving remote control to them. Keep it isolated until you have things set up for use.
The next step after getting a reasonable airgapped device, maybe a pi zero, and ideally keeping it isolated, would be to install gnupg on it. Maybe in a forthcoming email!
GnuPG should be already installed with Linux (Raspberian OS etc.). The thing I would like ask you, how would you communicate securely with your air-gapped device?
What I did in the past was to install on the online device and offline device the free (cross-platform) software CoolTerm and I connected both devices with an FTDI USB to USB cable, so that I could do serial communications and was also able to see how many bytes (from a PGP message) was transfered.
Another approach I am currently playing with is to play with NFC tags and a reader/writer device, which can be used offline as well.
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.