What the fark is "TFC" - cypherpunks - lists.cpunks.org

newer
q: cryptoanalytic processor

What the fark is "TFC"

older
q: time & crypto

rysiek

3 Feb 2015 3 Feb '15

11:59 p.m.

Hi there, my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. PLZ2ENLIGHTEN KTHXBAI. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Attachments:

signature.asc (application/pgp-signature — 931 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Mirimir

4 Feb 4 Feb

1:20 a.m.

On 02/03/2015 04:59 PM, rysiek wrote:

Hi there,

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.

PLZ2ENLIGHTEN KTHXBAI.

My best guess is "traffic-flow confidentiality (TFC)", as defined in "Internet Security Glossary, Version 2" (IETF Network Working Group RFC 4949) http://tools.ietf.org/html/rfc4949.

Reply

Sign in to reply online Use email software

Tom Ritter

1:52 a.m.

On 3 February 2015 at 17:59, rysiek wrote:

Hi there,

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.

TCB is usually Trusted Computing Base. Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.) -tom

Reply

Sign in to reply online Use email software

Markus Ottela

4:39 a.m.

Dingdingding. And we have a winner: Tinfoil Chat it is. Though I liked Gutmann's answer the most. On 04.02.2015 03:52, Tom Ritter wrote:

On 3 February 2015 at 17:59, rysiek wrote:

...
Hi there,

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. TCB is usually Trusted Computing Base.

Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.)

-tom

Reply

Sign in to reply online Use email software

rysiek

10:58 a.m.

Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze:

Dingdingding. And we have a winner: Tinfoil Chat it is.

Uhm... http://tinfoilchat.chatango.com/ https://forums.hak5.org/index.php?/topic/31131-tinfoil-chat-pidgin-otp-endpo... But okay, waded through the other thread and found: http://www.cs.helsinki.fi/u/oottela/tfc.pdf Too tired right now to read it through. Anybody else wants to have a look? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Reply

Sign in to reply online Use email software

stef

3:51 p.m.

On Wed, Feb 04, 2015 at 11:58:17AM +0100, rysiek wrote:

Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze: http://www.cs.helsinki.fi/u/oottela/tfc.pdf

i think i have to add an 8th rule: vendor applies rules against own product. ;) but seriously, the hw design with the diodes is pretty cool, however maybe i missed it but i couldnt find much focus on sidechans. also what i don't get is why pidgin, if you have the communication end behind the diodes, then what exactly does pidgin provide? but i was only skimming the doc. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

Reply

Sign in to reply online Use email software

Markus Ottela

6:46 p.m.

To summarise the general classess of side channels mentioned in Wikipedia: Power analysis should be tackled with running the TCBs on batteries. I introduced the issue of electromagnetic and acoustic leaks but it's a very complex issue and I'm not an expert dealing with them. The RxM is the only device attacker can introduce faulty data to compute on. However, no feedback is available due to the implementation thus unless pre-compromised, the hardware should not have back channel. TFC does it's best effort to overwrite and verify overwriting after key material has been used. Each of these is mentioned in white paper. More work is needed to create high-assurance physical/close proximity security but again, user is informed about the issues and the main threat is automated remote exploitation. The purpose of Pidgin is to transmit the messages. To simplify, TFC is a plugin for Pidgin that automates you doing encryption in a secure environment and typing the ciphertext to OTR encrypted Pidgin window with your keyboard. It also automates decryption of ciphertexts you receive when OTR-plugin of Pidgin decrypts the outer layer of message. So for TFC the encryption is SSL( OTR( OTP(Message)||MAC )) and for TFC-CEV you replace OTP(Message)||MAC with AES_GCM(Twofish(Salsa20(Keccak(Message)))). The pages 9 and 10 of whitepaper explains this in more detail. Please let me know if there's anything that needs to be clarified. On 04.02.2015 17:51, stef wrote:

On Wed, Feb 04, 2015 at 11:58:17AM +0100, rysiek wrote:

...
Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze: http://www.cs.helsinki.fi/u/oottela/tfc.pdf i think i have to add an 8th rule: vendor applies rules against own product. ;)

but seriously, the hw design with the diodes is pretty cool, however maybe i missed it but i couldnt find much focus on sidechans. also what i don't get is why pidgin, if you have the communication end behind the diodes, then what exactly does pidgin provide? but i was only skimming the doc.

Reply

Sign in to reply online Use email software

odinn

11:18 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Too Fucking Cool. For you. Markus Ottela:

Dingdingding. And we have a winner: Tinfoil Chat it is. Though I liked Gutmann's answer the most.

On 04.02.2015 03:52, Tom Ritter wrote:

...
On 3 February 2015 at 17:59, rysiek wrote:

...
Hi there,

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. TCB is usually Trusted Computing Base.

Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.)

-tom

- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU0gANAAoJEGxwq/inSG8CGg0IALxDXDM7Kdrp+Y0BtWu+z3V+ S2nqO+osxFLffokrgbOra/sq3okiGzUrdjZLort6H/LQPYhVMeO6uOqilm/UU51I QQJvxtq+fD/94PaGDfmEkTjo2DA4+kfHC5+6NTHG0WbkVM1bE7UJboTLDFStlMM+ SgjSZlKKaPtBiysvszpIAqeBBL4EX+xjIObnUDRCyb6vMel/HEc/riZfa4yb58H4 6O9E7v3paIeqgeHnZQRmadk+kAMkqwiBRYWSjyI75YmozTycuBUETblqo/k5PEjn U6UIMdh7O1QgbFaTZbeVMPL5ux5tGgx/dhSll3MI5KKV5nFdOAvsK/BBmEMgr/M= =56aj -----END PGP SIGNATURE-----

Reply

Sign in to reply online Use email software

Peter Gutmann

3:39 a.m.

rysiek writes:

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym.

It's Tennessee Fried Chicken (sometimes known as Tomato Fried Chicken due to the way it was served), an early, unsuccessful competitor to the more popular Kentucky Fried Chicken. HTH, HAND. Peter.

Reply

Sign in to reply online Use email software

rysiek

3:49 a.m.

Dnia środa, 4 lutego 2015 00:59:21 rysiek pisze:

Hi there,

my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.

Wait, wait. I know! It's when you see another "security" program written in C: "The Fuck, C?" -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Reply

Sign in to reply online Use email software

3515

Age (days ago)

3516

Last active (days ago)

Download

9 comments

7 participants

tags

participants (7)

Markus Ottela
Mirimir
odinn
Peter Gutmann
rysiek
stef
Tom Ritter