Hi there, my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. PLZ2ENLIGHTEN KTHXBAI. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
On 02/03/2015 04:59 PM, rysiek wrote:
Hi there,
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.
PLZ2ENLIGHTEN KTHXBAI.
My best guess is "traffic-flow confidentiality (TFC)", as defined in "Internet Security Glossary, Version 2" (IETF Network Working Group RFC 4949) <http://tools.ietf.org/html/rfc4949>.
On 3 February 2015 at 17:59, rysiek <rysiek@hackerspace.pl> wrote:
Hi there,
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.
TCB is usually Trusted Computing Base. Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.) -tom
Dingdingding. And we have a winner: Tinfoil Chat it is. Though I liked Gutmann's answer the most. On 04.02.2015 03:52, Tom Ritter wrote:
On 3 February 2015 at 17:59, rysiek <rysiek@hackerspace.pl> wrote:
Hi there,
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. TCB is usually Trusted Computing Base.
Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.)
-tom
Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze:
Dingdingding. And we have a winner: Tinfoil Chat it is.
Uhm... http://tinfoilchat.chatango.com/ https://forums.hak5.org/index.php?/topic/31131-tinfoil-chat-pidgin-otp-endpo... But okay, waded through the other thread and found: http://www.cs.helsinki.fi/u/oottela/tfc.pdf Too tired right now to read it through. Anybody else wants to have a look? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
On Wed, Feb 04, 2015 at 11:58:17AM +0100, rysiek wrote:
Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze: http://www.cs.helsinki.fi/u/oottela/tfc.pdf
i think i have to add an 8th rule: vendor applies rules against own product. ;) but seriously, the hw design with the diodes is pretty cool, however maybe i missed it but i couldnt find much focus on sidechans. also what i don't get is why pidgin, if you have the communication end behind the diodes, then what exactly does pidgin provide? but i was only skimming the doc. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
To summarise the general classess of side channels mentioned in Wikipedia: Power analysis should be tackled with running the TCBs on batteries. I introduced the issue of electromagnetic and acoustic leaks but it's a very complex issue and I'm not an expert dealing with them. The RxM is the only device attacker can introduce faulty data to compute on. However, no feedback is available due to the implementation thus unless pre-compromised, the hardware should not have back channel. TFC does it's best effort to overwrite and verify overwriting after key material has been used. Each of these is mentioned in white paper. More work is needed to create high-assurance physical/close proximity security but again, user is informed about the issues and the main threat is automated remote exploitation. The purpose of Pidgin is to transmit the messages. To simplify, TFC is a plugin for Pidgin that automates you doing encryption in a secure environment and typing the ciphertext to OTR encrypted Pidgin window with your keyboard. It also automates decryption of ciphertexts you receive when OTR-plugin of Pidgin decrypts the outer layer of message. So for TFC the encryption is SSL( OTR( OTP(Message)||MAC )) and for TFC-CEV you replace OTP(Message)||MAC with AES_GCM(Twofish(Salsa20(Keccak(Message)))). The pages 9 and 10 of whitepaper explains this in more detail. Please let me know if there's anything that needs to be clarified. On 04.02.2015 17:51, stef wrote:
On Wed, Feb 04, 2015 at 11:58:17AM +0100, rysiek wrote:
Dnia środa, 4 lutego 2015 06:39:48 Markus Ottela pisze: http://www.cs.helsinki.fi/u/oottela/tfc.pdf i think i have to add an 8th rule: vendor applies rules against own product. ;)
but seriously, the hw design with the diodes is pretty cool, however maybe i missed it but i couldnt find much focus on sidechans. also what i don't get is why pidgin, if you have the communication end behind the diodes, then what exactly does pidgin provide? but i was only skimming the doc.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Too Fucking Cool. For you. Markus Ottela:
Dingdingding. And we have a winner: Tinfoil Chat it is. Though I liked Gutmann's answer the most.
On 04.02.2015 03:52, Tom Ritter wrote:
On 3 February 2015 at 17:59, rysiek <rysiek@hackerspace.pl> wrote:
Hi there,
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it. TCB is usually Trusted Computing Base.
Some searching indicates TFC may be Traffic Flow Confidentiality. (Or less likely, TinFoil Chat, which appears to be some random chat app plugin for encrypted messaging.)
-tom
- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU0gANAAoJEGxwq/inSG8CGg0IALxDXDM7Kdrp+Y0BtWu+z3V+ S2nqO+osxFLffokrgbOra/sq3okiGzUrdjZLort6H/LQPYhVMeO6uOqilm/UU51I QQJvxtq+fD/94PaGDfmEkTjo2DA4+kfHC5+6NTHG0WbkVM1bE7UJboTLDFStlMM+ SgjSZlKKaPtBiysvszpIAqeBBL4EX+xjIObnUDRCyb6vMel/HEc/riZfa4yb58H4 6O9E7v3paIeqgeHnZQRmadk+kAMkqwiBRYWSjyI75YmozTycuBUETblqo/k5PEjn U6UIMdh7O1QgbFaTZbeVMPL5ux5tGgx/dhSll3MI5KKV5nFdOAvsK/BBmEMgr/M= =56aj -----END PGP SIGNATURE-----
rysiek <rysiek@hackerspace.pl> writes:
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym.
It's Tennessee Fried Chicken (sometimes known as Tomato Fried Chicken due to the way it was served), an early, unsuccessful competitor to the more popular Kentucky Fried Chicken. HTH, HAND. Peter.
Dnia środa, 4 lutego 2015 00:59:21 rysiek pisze:
Hi there,
my brain is fried and I can't get any sane result in my attempts to decipher the "TFC" acronym. And "TCB", that shows up around it.
Wait, wait. I know! It's when you see another "security" program written in C: "The Fuck, C?" -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
participants (7)
-
Markus Ottela -
Mirimir -
odinn -
Peter Gutmann -
rysiek -
stef -
Tom Ritter