NSA Attacks on VPN, SSL, TLS, SSH, Tor
Der Spiegel released largest single day number of Snowden docs today, 666 pages, on NSA Attacks on VPN, SSL, TLS, SSH, Tor. http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-t... We offer a RAR of the 44 docs: http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar (197MB)
On Sun, Dec 28, 2014 at 3:14 PM, John Young <jya@pipeline.com> wrote:
Der Spiegel released largest single day number of Snowden docs today, 666 pages, on NSA Attacks on VPN, SSL, TLS, SSH, Tor.
http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-t...
We offer a RAR of the 44 docs:
my browser says it's 188 MB... am I being man in the middled? -Ryan C.
Related Spiegel article (hat tip to cryptoparty.is mailing list): http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet... The money quote: "Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states. Would like to own an IP hard phone with built-in ZRTP support. So far Snom 370s with TLS enabled firmware have been the next best thing. Never even heard of IM system 'CSpace' before, no mention of in the cpunk archives either. Might be standing up a MixMinion node after watching Tom Ritters talk at Defcon 21 'De-Anonymizing Alt.Anonymous.Messages' http://www.youtube.com/watch?v=_Tj6c2Ikq_E
On Sun, 28 Dec 2014 16:51:44 -0800, Seth <list@sysfu.com> wrote:
"Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
John Gilmore dug up the Cspace software (see below), and I believe this is the Trilight software/service mentioned in the NSA docs: https://www.trilightzone.org/ Return-Path: <gnu[at]new.toad.com> Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id sBV5oaCl013715; Tue, 30 Dec 2014 21:50:36 -0800 Message-Id: <201412310550.sBV5oaCl013715[at]new.toad.com> To: cryptography[at]metzdowd.com, gnu[at]toad.com Subject: "Catastrophic" for NSA: Tor+ Trilight Zone + Cspace + ZRTP on Linux Date: Tue, 30 Dec 2014 21:50:36 -0800 From: John Gilmore <gnu[at]new.toad.com> Nice to hear that there's some software that makes NSA go deaf, dumb and blind. Here is the Snowden release that mentions it (page 20): "Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" http://www.spiegel.de/media/media-35535.pdf I found cspace (http://cspace.aabdalla.com/), which was a bit obscure and hasn't seen any maintenance since 2009 or so. Its dependency ncrypt-0.6.4's source code is at Pypi and ncrypt-0.6.4 is in current Ubuntu distros. But I haven't yet found Trilight Zone. Any clues? And I haven't found a reliable, usable, simple, free software VoIP client for Linux, let alone one that uses ZRTP. Though I admit I gave up on looking about a year ago when I couldn't get anything to actually work. John
Posted the CSpace source, downloaded from the aabdalla.com site, to Github for easy browsing: http://github.com/jmcvetta/cspace On Wed Dec 31 2014 at 12:39:59 PM Seth <list@sysfu.com> wrote:
On Sun, 28 Dec 2014 16:51:44 -0800, Seth <list@sysfu.com> wrote:
"Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
John Gilmore dug up the Cspace software (see below), and I believe this is the Trilight software/service mentioned in the NSA docs: https://www.trilightzone.org/
Return-Path: <gnu[at]new.toad.com> Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id sBV5oaCl013715; Tue, 30 Dec 2014 21:50:36 -0800 Message-Id: <201412310550.sBV5oaCl013715[at]new.toad.com> To: cryptography[at]metzdowd.com, gnu[at]toad.com Subject: "Catastrophic" for NSA: Tor+ Trilight Zone + Cspace + ZRTP on Linux Date: Tue, 30 Dec 2014 21:50:36 -0800 From: John Gilmore <gnu[at]new.toad.com>
Nice to hear that there's some software that makes NSA go deaf, dumb and blind. Here is the Snowden release that mentions it (page 20):
"Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" http://www.spiegel.de/media/media-35535.pdf
I found cspace (http://cspace.aabdalla.com/), which was a bit obscure and hasn't seen any maintenance since 2009 or so. Its dependency ncrypt-0.6.4's source code is at Pypi and ncrypt-0.6.4 is in current Ubuntu distros.
But I haven't yet found Trilight Zone. Any clues?
And I haven't found a reliable, usable, simple, free software VoIP client for Linux, let alone one that uses ZRTP. Though I admit I gave up on looking about a year ago when I couldn't get anything to actually work.
John
Seth I haven't found a reliable, usable, simple, free software VoIP client for Linux This is the best I see. For most of the platforms. https://jitsi.org/Main/Download https://github.com/jitsi/jitsi
From their page:
Encrypted password storage
Password protection with a master password Encrypted Instant Messaging with Off-the-Record Messaging (OTRv4) Chat authentication with the Socialist Millionaire Protocol over *OTR* Call encryption with SRTP and *ZRTP* for XMPP and SIP Call encryption with SRTP and SDES for XMPP and SIP DNSSEC support
TLS support and certificate-based client authentication for SIP and XMPP
Dnia czwartek, 1 stycznia 2015 08:26:54 Александр pisze:
Seth
I haven't found a reliable, usable, simple, free software VoIP client for Linux
Scratch the "simple" part, and you can try to use RetroShare: http://rys.io/en/129 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
https://meet.jit.si AFAIK it's only SSL-secured, but if you set up your own meet server with a good enough TLS (with no fallbacks to bad ciphers), it might make the cut as a useful and well-engineered VoiP system. I doubt SSH is fast enough without the "High Performance" patches that were never mainlined (sadface!), but you could *try* making the meet server listen only on local ports and require participants to SSH into the server: more secure than SSL/TLS, at least! :) On 09/01/15 22:41, rysiek wrote:
Dnia czwartek, 1 stycznia 2015 08:26:54 Александр pisze:
Seth
I haven't found a reliable, usable, simple, free software VoIP client for Linux
Scratch the "simple" part, and you can try to use RetroShare: http://rys.io/en/129
For those who may be curious, I was recently sent some information on the history of CSpace. The info has been included in the README: https://github.com/jmcvetta/cspace#history Please note I have no insight into the accuracy of this history. It was provided unsolicited by a person I've never met. On Wed, Dec 31, 2014 at 12:26 PM, Seth <list@sysfu.com> wrote:
On Sun, 28 Dec 2014 16:51:44 -0800, Seth <list@sysfu.com> wrote:
"Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
John Gilmore dug up the Cspace software (see below), and I believe this is the Trilight software/service mentioned in the NSA docs: https://www.trilightzone.org/
Return-Path: <gnu[at]new.toad.com> Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id sBV5oaCl013715; Tue, 30 Dec 2014 21:50:36 -0800 Message-Id: <201412310550.sBV5oaCl013715[at]new.toad.com> To: cryptography[at]metzdowd.com, gnu[at]toad.com Subject: "Catastrophic" for NSA: Tor+ Trilight Zone + Cspace + ZRTP on Linux Date: Tue, 30 Dec 2014 21:50:36 -0800 From: John Gilmore <gnu[at]new.toad.com>
Nice to hear that there's some software that makes NSA go deaf, dumb and blind. Here is the Snowden release that mentions it (page 20):
"Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" http://www.spiegel.de/media/media-35535.pdf
I found cspace (http://cspace.aabdalla.com/), which was a bit obscure and hasn't seen any maintenance since 2009 or so. Its dependency ncrypt-0.6.4's source code is at Pypi and ncrypt-0.6.4 is in current Ubuntu distros.
But I haven't yet found Trilight Zone. Any clues?
And I haven't found a reliable, usable, simple, free software VoIP client for Linux, let alone one that uses ZRTP. Though I admit I gave up on looking about a year ago when I couldn't get anything to actually work.
John
Jason McVetta wrote:
And I haven't found a reliable, usable, simple, free software VoIP client for Linux
qtox. Text voip video file transfers. https://wiki.tox.chat/binaries#gnulinux Federated networking (description above my pay grade) As far as Trilight, it's a commercial service. Nice for businesses I guess, but why bother with openvpn when there's bitmask? -- RR "You might want to ask an expert about that - I just fiddled around with mine until it worked..."
participants (8)
-
Cathal Garvey -
Jason McVetta -
John Young -
Rayzer -
Ryan Carboni -
rysiek -
Seth -
Александр