Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Display:
Secure Communications | 68 comments (68 topical, editorial, 0 hidden)
Re: Secure Communications (4.00 / 2)
Some of the most widely used encryption methods might be broken within a couple of years:

Math Advances Raise the Prospect of an Internet Security Crisis | MIT Technology Review

Alex Stamos, chief technology officer of the online security company Artemis, led a presentation describing how he and three other security researchers studied recent publications from the insular world of academic cryptopgraphy research, which covers trends in attacking common encryption schemes.

"Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years," said Stamos, referring to the two most commonly used encryption methods.

RSA and Diffie-Hellman encryption are both underpinned by a mathematical challenge known as the discrete logarithm problem. That problem is computationally difficult to solve, ensuring that encrypted data can only be decoded quickly with knowledge of the secret key used to encode it in the first place. Breaking RSA or Diffie-Hellman encryption today requires using vast computing resources for significant periods of time.

However, it is possible that algorithms able to solve the discrete logarithm problem quickly could exist. "We rely on that efficient algorithm not being found," said Jarved Samuel, a cryptographer who works for security consultancy ISEC Partners and presented alongside Stamos. "If it is found the cryptosystem is broken."

The next cryptography frontier is supposed to be  elliptic curve cryptography (ECC). The kicker?

Math Advances Raise the Prospect of an Internet Security Crisis | MIT Technology Review

The U.S. National Security Agency has for years recommended ECC as the most reliable cryptographic protection available. In 2005 the agency released a toolkit called SuiteB featuring encryption algorithms to be used to protect government information. SuiteB makes use of ECC and eschews RSA and Diffie-Hellman. A classified encryption toolkit, SuiteA, is used internally by the NSA and is also believed to be based on ECC.
by Bernard (bernard) on Fri Aug 16th, 2013 at 03:25:06 PM EST
Re: Secure Communications (none / 0)
Been thinking about this, and I am coming to the conclusion that the difficulties of one time pads are bloody well overstated.

Who here has a USBdongle from their bank? A code card? Some physical item supposed to help with the security of your ebanking needs? That item might as well be a read-once memory stick. Heck, if I am reading traffic use right, you could encode your world of warcraft account in this way with approximately the same amount of hassle as is currently expended protecting those accounts. Except this would be guaranteed to actually work against all hacking strategies short of "Break into your place, steal your hardware".

by Thomas on Fri Aug 16th, 2013 at 03:58:13 PM EST
[ Parent ]
Re: Secure Communications (none / 0)
Three requirements for One Time Pads are:

  1.  Truly Random Key
  2.  Key as long as the message
  3.  Key is never used again

Assuming the three part computer system I described above (for operational security) the only problem is the first.  Turns out it's only possible to derive an algorithm capable of computing a pseudo-random number, at some point every algorithm cycles back to the beginning. Thus, any practical implementation is not mathematically 'complete' but it doesn't really matter.  Practical systems use a pseudo-random seed value - say the current barometric pressure divided by the current temperature times the second through ninth numbers in the mantissa of the current time - fed into a Good Enough pseudo-random number generator for the key.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre
by ATinNM on Sat Aug 17th, 2013 at 11:27:16 AM EST
[ Parent ]
Re: Secure Communications (none / 0)
No. So much no.
by Colman (colman at eurotrib.com) on Sat Aug 17th, 2013 at 02:53:37 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
... take an Geiger counter. point it at a rock.  Pseudo-random number generators are for people scared of soldering wire.
by Thomas on Sat Aug 17th, 2013 at 03:00:31 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
If the NSA cracks that, they deserve a nobel for proving the simulation hypothesis.
by Thomas on Sat Aug 17th, 2013 at 03:02:27 PM EST
[ Parent ]
Re: Secure Communications (none / 0)
but the problem is even then key delivery isn't trivial. you may have generated the perfect random key, but yoy still have to get it to both ends of the chain, without it being intercepted

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Sat Aug 17th, 2013 at 09:20:30 PM EST
[ Parent ]
Re: Secure Communications (none / 0)
That's where covert and indirect methods are so useful.

You can hide information in anything - Tweets, Amazon feedback, EBay bids, blog comments, lolcat pics, videos, porn, banner ads, the time a given IP address reloads a web page.

Etc.

You don't even have to use steganography. Like email, it just happens to be convenient.

As long as you can agree a code, you can exchange your key using pretty much any traffic on the Internet.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Sat Aug 17th, 2013 at 10:18:32 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
For any common purpose key delivery is trivial. This is the electronic era - there is no reason not to make the pad very large, and at some point in time you are very, very likely to have met anyone you wish to communicate securely with in meat-space. Ebanking? pick it up when you set up your account. Corporate networks? HR can hand it over when you are hired/promoted. It isnt like you have to constantly get new keys! A single memory stick pair will cover all your traffic needs for life.. or at least until you forget to take it out of your pockets before washing.
by Thomas on Sun Aug 18th, 2013 at 07:02:57 AM EST
[ Parent ]
Re: Secure Communications (none / 0)
Sending a key over the net would be very stupid, however. The entire point is that you do not let anyone see the key twice. Which means delivery has to be physical.
by Thomas on Sun Aug 18th, 2013 at 07:04:47 AM EST
[ Parent ]
Re: Secure Communications (none / 0)
Fine, but if I deal with people all over the world, do I have to visit all of them? am I going to end up with a memory stick from every one? I'm sure it would fail on Practicality

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Mon Aug 19th, 2013 at 07:57:50 AM EST
[ Parent ]
Re: Secure Communications (none / 1)
oh, that is easy, also. Oldest known security trick will work for this.
Take USB stick. Mold a clay figure or tablet around it. Sunbake it. -it does not have to be a pretty figurine - in fact, it kind of helps if it is not, harder to copy.  Mail it. Email a photo. Have the recipient compare before smashing. But yhea, you will need a pad for everyone you want secure communications with.
by Thomas on Mon Aug 19th, 2013 at 02:19:38 PM EST
[ Parent ]
Re: Secure Communications (none / 0)
Point of this isnt that a clay figurine could not be duplicated. The point is that it would take long enough to do so with sufficient accuracy that the recipient should notice the delay.
by Thomas on Mon Aug 19th, 2013 at 02:22:35 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
I know you live in Denmark, so I am forced to assume that it has been a while since you last sent anything in the mail...

- Jake

Friends come and go. Enemies accumulate.

by JakeS (JangoSierra 'at' gmail 'dot' com) on Mon Aug 19th, 2013 at 04:28:33 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
Take USB stick. Mold a clay figure or tablet around it. Sunbake it.

This assumes that no packages are X-rayed. But a hollow metal object with an opening that looks like a mold mark might work. Insert data stick, fill remainder of cavity with a metal filled clay, solder the opening shut, grind and polish that surface and glue felt over it as a base. Just don't use a falcon.

A cast or formed metal brass or pewter decorative paper weight would do fine -- unless the authorities became suspicious of the sender or recipient, as acoustic or even more sophisticated inspection might be used. A Dremel tool would suffice to open the base in the appropriate place. If one desired to reuse the object just have a back piece that is soldered around the entire bottom edge. But this is getting to be non trivial.  

"It is not necessary to have hope in order to persevere."

by ARGeezer (ARGeezer a in a circle eurotrib daught com) on Mon Aug 19th, 2013 at 05:51:20 PM EST
[ Parent ]
Re: Secure Communications (4.00 / 2)
perhaps deep down it's a government scheme to get people using the post again to drive the price up for privatisation

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Mon Aug 19th, 2013 at 07:12:47 PM EST
[ Parent ]
Re: Secure Communications (none / 1)
The other two are also trivial - Again, assuming you do not have a strange hardon for securely encrypted video chat or life logging, a read-once memory stick covering decades of use would cost pocket change.

.. If you insist on securely locked down lifelogs (.. and the police and security might have good uses for that) it is still trivial, only now you have to actually get new keys once a month or so.

by Thomas on Sat Aug 17th, 2013 at 03:07:34 PM EST
[ Parent ]

Secure Communications | 68 comments (68 topical, 0 editorial, 0 hidden)
Display:

Top Diaries

The problems with formal education

by Frank Schnittger - Mar 11
11 comments

Speaking right: What an Taoiseach should say in Washington

by Frank Schnittger - Mar 8
3 comments

Ambushing an Taoiseach

by Frank Schnittger - Mar 6
4 comments

Net Zero Energy - March 2025

by gmoke - Mar 7

We do have the cards

by Frank Schnittger - Mar 2
1 comment

Manipulating Irishness

by Frank Schnittger - Mar 5
2 comments

Thomas Paine's Age of Reason

by gmoke - Feb 25

Recent Diaries

Crossroads, Ukraine Loses Either Way

by Oui - Mar 24
1 comment

Like a tsunami rolling ashore ...

by Oui - Mar 23

Breaking: A Christian In the Kremlin

by Oui - Mar 23
1 comment

Going Down!

by Oui - Mar 21

The Inside Job to Murder JFK [Update]

by Oui - Mar 19
1 comment

Ukraine Victory In Retreat

by Oui - Mar 19

Ceasefire Negotiations Step by Step

by Oui - Mar 18

17th of March

by Oui - Mar 17
5 comments

Ukraine Violated Human Rights in Odessa - 2014

by Oui - Mar 16

Rutte In the Apprentice Theatre

by Oui - Mar 16
4 comments

Rearming Europe Peace Through More War

by Oui - Mar 15
10 comments

Keith Kellogg Is Out

by Oui - Mar 15
5 comments

Nordic States Join Baltics Again WWII Redux

by Oui - Mar 14
7 comments

Goodbye NATO/USA, Welcome Europe's E5

by Oui - Mar 13
12 comments

Zelensky and the Terror State Ukraine

by Oui - Mar 12

EU Commissioner VDL In Full Panic Mode

by Oui - Mar 11
13 comments

The problems with formal education

by Frank Schnittger - Mar 11
11 comments

The Battle for Kiev/Kyiv

by Oui - Mar 11
16 comments

VDL At the Crossroads of Europe - Part 1

by Oui - Mar 10
9 comments

The speech Micheál Martin should make in the White House:...

by Frank Schnittger - Mar 10
4 comments

More Diaries...

Occasional Series