OCTADE |
mail  files  register  groups  login |
1 |
<v0aguk$27o8c$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=247&group=sci.crypt#247
copy link Newsgroups: sci.cryptHello!
Various governments around the world - including the US and EU - want
to have backdoors in encryption technology.
Is there anything known how FOSS developers will deal with that?
Especially if they are enforced to implement backdoors.
--
kind regards
Marco
Spam und Werbung bitte an
1713948269ichwillgesperrtwerden@nirvana.admins.ws
<v0bmt0$2gfl0$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=248&group=sci.crypt#248
copy link Newsgroups: sci.cryptOn 4/24/2024 1:47 AM, Marco Moock wrote:
> Hello!
>
> Various governments around the world - including the US and EU - want
> to have backdoors in encryption technology.
>
> Is there anything known how FOSS developers will deal with that?
>
> Especially if they are enforced to implement backdoors.
>
>
Is there a backdoor to HMAC?
<v0boae$2gr87$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=249&group=sci.crypt#249
copy link Newsgroups: sci.cryptOn 4/24/2024 12:34 PM, Chris M. Thomasson wrote:
> On 4/24/2024 1:47 AM, Marco Moock wrote:
>> Hello!
>>
>> Various governments around the world - including the US and EU - want
>> to have backdoors in encryption technology.
>>
>> Is there anything known how FOSS developers will deal with that?
>>
>> Especially if they are enforced to implement backdoors.
>>
>>
>
> Is there a backdoor to HMAC?
Dr. Spoooooooofs a Lot?
<v0idv5$2cfp9$1@i2pn2.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=255&group=sci.crypt#255
copy link Newsgroups: sci.cryptMarco Moock wrote:
> Hello!
>
> Various governments around the world - including the US and EU - want
> to have backdoors in encryption technology.
>
> Is there anything known how FOSS developers will deal with that?
>
> Especially if they are enforced to implement backdoors.
>
>
If I would be forced, which I doubt, I would comment the code
with something like this:
// backdoor begins here
backdoor code
// backdoor ends here
and put in the README how to exchange that code with proper one.
HTH
--
Regards
Stefan
<v0l3ih$2fjdh$1@i2pn2.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=259&group=sci.crypt#259
copy link Newsgroups: sci.cryptRich wrote:
> Stefan Claas <pollux@tilde.club> wrote:
> > If I would be forced, which I doubt, I would comment the code with
> > something like this:
> >
> > // backdoor begins here
> >
> > backdoor code
> >
> > // backdoor ends here
> >
> > and put in the README how to exchange that code with proper one.
>
> Likely would not work well. Such forcing would likely also be
> accompanied by a gag order preventing you from admitting the backdoor
> even exists and so such comments and readme text would be a likely gag
> order violation that would land you in jail.
Well, I gues this may only apply to big FOSS projects, where they can
force teams, or an individual team member, but not the millions of FOSS
programmers out there.
Another option for folks, living in West-Eurasia, might be to handle
over the correct code to people in BRICS countries and publish it there.
We should also not forget that Democrats (back then Senator Biden),
in the U.S., started the Crypto War ...
--
Regards
Stefan
<v0mc1l$18cqm$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=266&group=sci.crypt#266
copy link Newsgroups: sci.cryptOn 4/28/2024 2:06 AM, Stefan Claas wrote:
> Rich wrote:
>
>> Stefan Claas <pollux@tilde.club> wrote:
>
>>> If I would be forced, which I doubt, I would comment the code with
>>> something like this:
>>>
>>> // backdoor begins here
>>>
>>> backdoor code
>>>
>>> // backdoor ends here
>>>
>>> and put in the README how to exchange that code with proper one.
>>
>> Likely would not work well. Such forcing would likely also be
>> accompanied by a gag order preventing you from admitting the backdoor
>> even exists and so such comments and readme text would be a likely gag
>> order violation that would land you in jail.
>
> Well, I gues this may only apply to big FOSS projects, where they can
> force teams, or an individual team member, but not the millions of FOSS
> programmers out there.
>
> Another option for folks, living in West-Eurasia, might be to handle
> over the correct code to people in BRICS countries and publish it there.
>
> We should also not forget that Democrats (back then Senator Biden),
> in the U.S., started the Crypto War ...
>
Think if an algorithm A that is published for anyone to implement. Not
raw code, but the algorithm itself. A standard, like HMAC or something.
There "might" be a backdoor in the algorithm itself, however its very,
VERY, very... hard to find. This is why I asked about HMAC having a
backdoor by default. Something that dr. spoofs a lot can take advantage
of. Rich said probably not, wrt the algorithm itself...
<v0ombk$2juq5$2@i2pn2.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=268&group=sci.crypt#268
copy link Newsgroups: sci.cryptChris M. Thomasson wrote:
> On 4/28/2024 2:06 AM, Stefan Claas wrote:
> > Rich wrote:
> >
> >> Stefan Claas <pollux@tilde.club> wrote:
> >
> >>> If I would be forced, which I doubt, I would comment the code with
> >>> something like this:
> >>>
> >>> // backdoor begins here
> >>>
> >>> backdoor code
> >>>
> >>> // backdoor ends here
> >>>
> >>> and put in the README how to exchange that code with proper one.
> >>
> >> Likely would not work well. Such forcing would likely also be
> >> accompanied by a gag order preventing you from admitting the backdoor
> >> even exists and so such comments and readme text would be a likely gag
> >> order violation that would land you in jail.
> >
> > Well, I gues this may only apply to big FOSS projects, where they can
> > force teams, or an individual team member, but not the millions of FOSS
> > programmers out there.
> >
> > Another option for folks, living in West-Eurasia, might be to handle
> > over the correct code to people in BRICS countries and publish it there.
> >
> > We should also not forget that Democrats (back then Senator Biden),
> > in the U.S., started the Crypto War ...
> >
>
> Think if an algorithm A that is published for anyone to implement. Not
> raw code, but the algorithm itself. A standard, like HMAC or something.
> There "might" be a backdoor in the algorithm itself, however its very,
> VERY, very... hard to find. This is why I asked about HMAC having a
> backdoor by default. Something that dr. spoofs a lot can take advantage
> of. Rich said probably not, wrt the algorithm itself...
But would a published algorithm not been more peer reviewed than later
a lot of code implementations, from various people?
--
Regards
Stefan
<v0ovva$1uq4v$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=269&group=sci.crypt#269
copy link Newsgroups: sci.cryptOn 4/29/2024 10:45 AM, Stefan Claas wrote:
> Chris M. Thomasson wrote:
>
>> On 4/28/2024 2:06 AM, Stefan Claas wrote:
>>> Rich wrote:
>>>
>>>> Stefan Claas <pollux@tilde.club> wrote:
>>>
>>>>> If I would be forced, which I doubt, I would comment the code with
>>>>> something like this:
>>>>>
>>>>> // backdoor begins here
>>>>>
>>>>> backdoor code
>>>>>
>>>>> // backdoor ends here
>>>>>
>>>>> and put in the README how to exchange that code with proper one.
>>>>
>>>> Likely would not work well. Such forcing would likely also be
>>>> accompanied by a gag order preventing you from admitting the backdoor
>>>> even exists and so such comments and readme text would be a likely gag
>>>> order violation that would land you in jail.
>>>
>>> Well, I gues this may only apply to big FOSS projects, where they can
>>> force teams, or an individual team member, but not the millions of FOSS
>>> programmers out there.
>>>
>>> Another option for folks, living in West-Eurasia, might be to handle
>>> over the correct code to people in BRICS countries and publish it there.
>>>
>>> We should also not forget that Democrats (back then Senator Biden),
>>> in the U.S., started the Crypto War ...
>>>
>>
>> Think if an algorithm A that is published for anyone to implement. Not
>> raw code, but the algorithm itself. A standard, like HMAC or something.
>> There "might" be a backdoor in the algorithm itself, however its very,
>> VERY, very... hard to find. This is why I asked about HMAC having a
>> backdoor by default. Something that dr. spoofs a lot can take advantage
>> of. Rich said probably not, wrt the algorithm itself...
>
> But would a published algorithm not been more peer reviewed than later
> a lot of code implementations, from various people?
>
I hope so! I ask this question about HMAC because my experimental
encryption uses it.
<v0p02b$1uq4v$2@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=270&group=sci.crypt#270
copy link Newsgroups: sci.cryptOn 4/29/2024 1:29 PM, Chris M. Thomasson wrote:
> On 4/29/2024 10:45 AM, Stefan Claas wrote:
[...]
> I hope so! I ask this question about HMAC because my experimental
> encryption uses it.
>
> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=409075759deda6c624863f74354fbf7e2acc9a01e6e9cc37c544a4c45a306137211c8f704c1b9a367dae45792768e627e4d19b3ac6a1a6116bc7a72efc6c37e05e55cce00350a31b0f1347bd1342534ba75c9b2bd7
I updated my site to use HTTPS. So, I need to alter my link code to
include https://*
sorry about that shit!
;^o
<20240507182057.2cb21b12@fedora>
copy midhttps://news.octade.net/USENET/article-flat.php?id=284&group=sci.crypt#284
copy link Newsgroups: sci.cryptBackdoors.
When people use PRIVATE ENCRYPTION BEFORE any messaging enters a public
channel.......
.......backdoors are the least of their worries!
<v1hjbm$1nrp$2@solani.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=286&group=sci.crypt#286
copy link Newsgroups: sci.cryptAm 07.05.2024 18:20 Uhr schrieb Edward Teach:
> Backdoors.
>
> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
> public channel.......
>
> ......backdoors are the least of their worries!
Isn't enough. There is a time when that message is unencrypted (e.g.
when entering it to the crypto application). The operating system can
then read the cleartext. If the backdoor is in the OS, X11 etc., it
still works here.
<v1hkoo$f7le$2@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=287&group=sci.crypt#287
copy link Newsgroups: sci.cryptOn 5/8/2024 9:27 PM, Marco Moock wrote:
> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>
>> Backdoors.
>>
>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>> public channel.......
>>
>> ......backdoors are the least of their worries!
>
> Isn't enough. There is a time when that message is unencrypted (e.g.
> when entering it to the crypto application). The operating system can
> then read the cleartext. If the backdoor is in the OS, X11 etc., it
> still works here.
>
Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
Encrypt a message on a clean thumb drive. Take out the clean disk with a
single file on it. Destroy the computer... Exit the clean room. This
disk contains an encrypted file.
Is it safe?
<v1i596$gs31$1@i2pn2.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=288&group=sci.crypt#288
copy link Newsgroups: sci.cryptChris M. Thomasson wrote:
> On 5/8/2024 9:27 PM, Marco Moock wrote:
> > Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
> >
> >> Backdoors.
> >>
> >> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
> >> public channel.......
> >>
> >> ......backdoors are the least of their worries!
> >
> > Isn't enough. There is a time when that message is unencrypted (e.g.
> > when entering it to the crypto application). The operating system can
> > then read the cleartext. If the backdoor is in the OS, X11 etc., it
> > still works here.
> >
>
> Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
>
> Encrypt a message on a clean thumb drive. Take out the clean disk with a
> single file on it. Destroy the computer... Exit the clean room. This
> disk contains an encrypted file.
>
> Is it safe?
To expensive I would say. Better use secure pencil and paper ciphers.
BTW. You can also purchase Faraday equipment, relatively cheap and use
a second offline mini notebook with it. I purchased such things from
China[1] and the U.S.[2]
[2] https://mosequipment.com/
--
Regards
Stefan
<v1j801$r5kr$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=289&group=sci.crypt#289
copy link Newsgroups: sci.cryptOn 5/9/2024 2:33 AM, Stefan Claas wrote:
> Chris M. Thomasson wrote:
>
>> On 5/8/2024 9:27 PM, Marco Moock wrote:
>>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>>>
>>>> Backdoors.
>>>>
>>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>>>> public channel.......
>>>>
>>>> ......backdoors are the least of their worries!
>>>
>>> Isn't enough. There is a time when that message is unencrypted (e.g.
>>> when entering it to the crypto application). The operating system can
>>> then read the cleartext. If the backdoor is in the OS, X11 etc., it
>>> still works here.
>>>
>>
>> Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
>>
>> Encrypt a message on a clean thumb drive. Take out the clean disk with a
>> single file on it. Destroy the computer... Exit the clean room. This
>> disk contains an encrypted file.
>>
>> Is it safe?
>
> To expensive I would say. Better use secure pencil and paper ciphers.
>
> BTW. You can also purchase Faraday equipment, relatively cheap and use
> a second offline mini notebook with it. I purchased such things from
> China[1] and the U.S.[2]
>
> [1] <https://www.bing.com/shop?q=emf+rf+shielding+nickel+copper+fabric+from+china&FORM=SHOPPA&originIGUID=56F802844E0A485EBC37D87DA405CAC0>
>
> [2] https://mosequipment.com/
There are some interesting meta materials that can be used for a cloak:
<v1js2u$vcvr$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=291&group=sci.crypt#291
copy link Newsgroups: sci.cryptOn 5/9/2024 3:15 PM, Rich wrote:
> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>> On 5/8/2024 9:27 PM, Marco Moock wrote:
>>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>>>
>>>> Backdoors.
>>>>
>>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>>>> public channel.......
>>>>
>>>> ......backdoors are the least of their worries!
>>>
>>> Isn't enough. There is a time when that message is unencrypted (e.g.
>>> when entering it to the crypto application). The operating system can
>>> then read the cleartext. If the backdoor is in the OS, X11 etc., it
>>> still works here.
>>>
>>
>> Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
>>
>> Encrypt a message on a clean thumb drive.
>
> Where did you obtain the thumb drive?
>
> Did you build it, from the ground up, or did you bring it into the
> clean-room after purchase from a vendor?
>
> If you purchased from a vendor, then how do you know said vendor did
> not include a hardware backdoor on that thumb drive?
>
>> Take out the clean disk with a
>> single file on it. Destroy the computer...
>
> How did the computer get into the clean room? How are you sure that no
> hardware on the computer has a backdoor, or that no software running on
> the computer has a backdoor?
>
>> Exit the clean room. This disk contains an encrypted file.
>>
>> Is it safe?
>
> The answer depends upon whether the thumbdrive and/or the computer used
> in the clean room contained a hardware or software back door.
Hopefully, the thumbdrive is clean. If there even is such a thing...
;^o
<v1lehq$upd4$1@paganini.bofh.team>
copy midhttps://news.octade.net/USENET/article-flat.php?id=292&group=sci.crypt#292
copy link Newsgroups: sci.cryptCri-Cri wrote:
> On Thu, 9 May 2024 22:15:01 -0000 (UTC), Rich wrote:
>
>> How did the computer get into the clean room? How are you sure that
>> no hardware on the computer has a backdoor, or that no software
>> running on the computer has a backdoor?
>
> And even more problematic: electrons are constantly recycled, who can
> tell where they've been prior to entering the room?
>
You make sure to power the room with a.c., so no new electrons enter.
But better check on the copper that was used for the initial
construction.
--
*********** To reply by e-mail, make w single in address **************
<v1lhfa$kt12$1@i2pn2.org>
copy midhttps://news.octade.net/USENET/article-flat.php?id=293&group=sci.crypt#293
copy link Newsgroups: sci.cryptChris M. Thomasson wrote:
> On 5/9/2024 3:15 PM, Rich wrote:
> > The answer depends upon whether the thumbdrive and/or the computer used
> > in the clean room contained a hardware or software back door.
>
> Hopefully, the thumbdrive is clean. If there even is such a thing...
Why not use a 3.5 inch disk drive and 3.5 inch disks? Still available
at Amazon and I think the content written on 3.5 inch disk can be easily
examined with a disk editor. And they are loud, so you can hear the read/write
process. :-)
--
Regards
Stefan
<v1liqe$1f3d9$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=295&group=sci.crypt#295
copy link Newsgroups: sci.cryptOn 10/05/2024 17:19, Stefan Claas wrote:
> Chris M. Thomasson wrote:
>
>> On 5/9/2024 3:15 PM, Rich wrote:
>
>>> The answer depends upon whether the thumbdrive and/or the computer used
>>> in the clean room contained a hardware or software back door.
>>
>> Hopefully, the thumbdrive is clean. If there even is such a thing...
>
> Why not use a 3.5 inch disk drive and 3.5 inch disks? Still available
> at Amazon and I think the content written on 3.5 inch disk can be easily
> examined with a disk editor. And they are loud, so you can hear the read/write
> process. :-)
>
Write-once CDs are also good.
Peter Fairbrother
<v1lvjr$1i0qk$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=296&group=sci.crypt#296
copy link Newsgroups: sci.cryptOn 5/9/2024 3:15 PM, Rich wrote:
> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>> On 5/8/2024 9:27 PM, Marco Moock wrote:
>>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>>>
>>>> Backdoors.
>>>>
>>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>>>> public channel.......
>>>>
>>>> ......backdoors are the least of their worries!
>>>
>>> Isn't enough. There is a time when that message is unencrypted (e.g.
>>> when entering it to the crypto application). The operating system can
>>> then read the cleartext. If the backdoor is in the OS, X11 etc., it
>>> still works here.
>>>
>>
>> Go to a 100% "clean room", cloaked, cannot receive and/or send anything...
>>
>> Encrypt a message on a clean thumb drive.
>
> Where did you obtain the thumb drive?
>
> Did you build it, from the ground up, or did you bring it into the
> clean-room after purchase from a vendor?
>
> If you purchased from a vendor, then how do you know said vendor did
> not include a hardware backdoor on that thumb drive?
>
>> Take out the clean disk with a
>> single file on it. Destroy the computer...
>
> How did the computer get into the clean room? How are you sure that no
> hardware on the computer has a backdoor, or that no software running on
> the computer has a backdoor?
The computer would have to be clean. However, once its in the room, it
cannot communicate with the outside world, and gets utterly destroyed
after the encryption process. Turned into ashes.
Humm... Damn.
>
>> Exit the clean room. This disk contains an encrypted file.
>>
>> Is it safe?
>
> The answer depends upon whether the thumbdrive and/or the computer used
> in the clean room contained a hardware or software back door.
<v1n3ou$1t2tk$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=297&group=sci.crypt#297
copy link Newsgroups: sci.cryptOn 5/10/2024 9:49 PM, Rich wrote:
> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>>
>> So, is there a way to use a clean room, a clean computer and a clean
>> medium to store the encrypted file? Assuming clean means clean... ;^o
>
> If you assume that "clean means clean" as to the computer hardware then
> you don't necessarily need a "clean room" [1]. You just need the
> hardware and software you are using at the time to be clean (as in free
> of backdoors).
>
> If they are free of backdoors at the time you are using them then your
> actions on them disappear into history unrecorded (beyond whatever
> outputs you intentionally made a record of).
>
>
>
> [1] If you are being surveiled sufficient that some agency is
> monitoring the RF emissions from your computer, at the same time you
> encrypt whatever it is you are encrypting, with sufficient detail to
> know what you are up to, then you likely have much bigger problems well
> beyond whether Acme Corp installed a backdoor into your computer.
>
> Plus keep in mind that "clean room" usually refers to particulate
> contaminants, the phrase you likely are looking for is "Faraday cage".
Right. I would hope a skiff would be okay...?
<v1n3rh$1t2tk$2@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=298&group=sci.crypt#298
copy link Newsgroups: sci.cryptOn 5/10/2024 11:38 PM, Chris M. Thomasson wrote:
> On 5/10/2024 9:49 PM, Rich wrote:
>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
[...]
>> [1] If you are being surveiled sufficient that some agency is
>> monitoring the RF emissions from your computer, at the same time you
>> encrypt whatever it is you are encrypting, with sufficient detail to
>> know what you are up to, then you likely have much bigger problems well
>> beyond whether Acme Corp installed a backdoor into your computer.
>>
>> Plus keep in mind that "clean room" usually refers to particulate
>> contaminants, the phrase you likely are looking for is "Faraday cage".
>
> Right. I would hope a skiff would be okay...?
Damn it! SCIF shit... ;^o
<20240605200221.1dab014b@fedora>
copy midhttps://news.octade.net/USENET/article-flat.php?id=304&group=sci.crypt#304
copy link Newsgroups: sci.cryptOn Fri, 10 May 2024 13:21:15 -0700
"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:
> On 5/9/2024 3:15 PM, Rich wrote:
> > Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
> >> On 5/8/2024 9:27 PM, Marco Moock wrote:
> >>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
> >>>
> >>>> Backdoors.
> >>>>
> >>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
> >>>> public channel.......
> >>>>
> >>>> ......backdoors are the least of their worries!
> >>>
> >>> Isn't enough. There is a time when that message is unencrypted
> >>> (e.g. when entering it to the crypto application). The operating
> >>> system can then read the cleartext. If the backdoor is in the OS,
> >>> X11 etc., it still works here.
> >>>
> >>
> >> Go to a 100% "clean room", cloaked, cannot receive and/or send
> >> anything...
> >>
> >> Encrypt a message on a clean thumb drive.
> >
> > Where did you obtain the thumb drive?
> >
> > Did you build it, from the ground up, or did you bring it into the
> > clean-room after purchase from a vendor?
> >
> > If you purchased from a vendor, then how do you know said vendor did
> > not include a hardware backdoor on that thumb drive?
> >
> >> Take out the clean disk with a
> >> single file on it. Destroy the computer...
> >
> > How did the computer get into the clean room? How are you sure
> > that no hardware on the computer has a backdoor, or that no
> > software running on the computer has a backdoor?
>
> The computer would have to be clean. However, once its in the room,
> it cannot communicate with the outside world, and gets utterly
> destroyed after the encryption process. Turned into ashes.
>
> Humm... Damn.
>
>
> >
> >> Exit the clean room. This disk contains an encrypted file.
> >>
> >> Is it safe?
> >
> > The answer depends upon whether the thumbdrive and/or the computer
> > used in the clean room contained a hardware or software back door.
>
Sorry I started this thread......in my world "private encryption" only
needs to be private for twenty-four hours.....maybe less!!!
After that.......it doesn't matter who knows.................
<v3qjn3$14dl8$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=305&group=sci.crypt#305
copy link Newsgroups: sci.cryptOn 05/06/2024 20:02, Edward Teach wrote:
> On Fri, 10 May 2024 13:21:15 -0700
> "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:
>
>> On 5/9/2024 3:15 PM, Rich wrote:
>>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>>>> On 5/8/2024 9:27 PM, Marco Moock wrote:
>>>>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>>>>>
>>>>>> Backdoors.
>>>>>>
>>>>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>>>>>> public channel.......
>>>>>>
>>>>>> ......backdoors are the least of their worries!
>>>>>
>>>>> Isn't enough. There is a time when that message is unencrypted
>>>>> (e.g. when entering it to the crypto application). The operating
>>>>> system can then read the cleartext. If the backdoor is in the OS,
>>>>> X11 etc., it still works here.
>>>>>
>>>>
>>>> Go to a 100% "clean room", cloaked, cannot receive and/or send
>>>> anything...
The magic word is "air-gapped".
Plus "Faraday caged". Though a faraday cage can transmit magnetic
fields, so "magnetically shielded". And the power supply can transmit
info, so "internally powered". And to stop remote
over-the-shoulder-surfing, "opaque". "Soundproof", of course. Und so weiter.
>>>> Encrypt a message on a clean thumb drive.
A writable CD is better, less places to put a hardware back door. A
blowtorch works well for later secure deletion of the CD. For those who
might object to the fumes, you could print out the ciphertext as a
series of QR type codes on paper, then burn them.
However even then a backdoor might reveal the key in the ciphertext in
eg padding, nonces, through limiting possible key selections etc. etc;
perhaps in encrypted form so only the unintended recipient can read it,
and to make it look random as good ciphertext should look and thus
harder to detect.
That might sound complicated but if you know which encryption algorithms
are to be used and have hardware or software access to the computer
before the encryption is done it is fairly straightforward to implement.
>
> Sorry I started this thread......in my world "private encryption" only
> needs to be private for twenty-four hours.....maybe less!!!
>
> After that.......it doesn't matter who knows.................
For the rest of us mortals (or perhaps more importantly, for our
clients), it can be a matter of life and death, for a lifetime.
100% security is very very very hard, often impossible. Yet security is
still a Boolean (tenth law).
Peter Fairbrother
<v4odcd$fg4j$1@dont-email.me>
copy midhttps://news.octade.net/USENET/article-flat.php?id=315&group=sci.crypt#315
copy link Newsgroups: sci.cryptOn 6/5/2024 12:02 PM, Edward Teach wrote:
> On Fri, 10 May 2024 13:21:15 -0700
> "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:
>
>> On 5/9/2024 3:15 PM, Rich wrote:
>>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>>>> On 5/8/2024 9:27 PM, Marco Moock wrote:
>>>>> Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
>>>>>
>>>>>> Backdoors.
>>>>>>
>>>>>> When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
>>>>>> public channel.......
>>>>>>
>>>>>> ......backdoors are the least of their worries!
>>>>>
>>>>> Isn't enough. There is a time when that message is unencrypted
>>>>> (e.g. when entering it to the crypto application). The operating
>>>>> system can then read the cleartext. If the backdoor is in the OS,
>>>>> X11 etc., it still works here.
>>>>>
>>>>
>>>> Go to a 100% "clean room", cloaked, cannot receive and/or send
>>>> anything...
>>>>
>>>> Encrypt a message on a clean thumb drive.
>>>
>>> Where did you obtain the thumb drive?
>>>
>>> Did you build it, from the ground up, or did you bring it into the
>>> clean-room after purchase from a vendor?
>>>
>>> If you purchased from a vendor, then how do you know said vendor did
>>> not include a hardware backdoor on that thumb drive?
>>>
>>>> Take out the clean disk with a
>>>> single file on it. Destroy the computer...
>>>
>>> How did the computer get into the clean room? How are you sure
>>> that no hardware on the computer has a backdoor, or that no
>>> software running on the computer has a backdoor?
>>
>> The computer would have to be clean. However, once its in the room,
>> it cannot communicate with the outside world, and gets utterly
>> destroyed after the encryption process. Turned into ashes.
>>
>> Humm... Damn.
>>
>>
>>>
>>>> Exit the clean room. This disk contains an encrypted file.
>>>>
>>>> Is it safe?
>>>
>>> The answer depends upon whether the thumbdrive and/or the computer
>>> used in the clean room contained a hardware or software back door.
>>
>
> Sorry I started this thread......in my world "private encryption" only
> needs to be private for twenty-four hours.....maybe less!!!
>
> After that.......it doesn't matter who knows.................
>
1 |