Tag Archives: crypto

Bears in the MYST

0
Posted by m3t00 on 09-07-25 – 01:33:am
under design, food, rural, security, trend

NYT infographic on ursine cryptography:

NYT infographic shows how bear defeats bearproof gizmology

Where’s Jared Diamond when you need him to reaffirm your master narrative?

Old school 2.0

0
Posted by m3t00 on 09-05-14 – 07:11:pm
under digital, security

ASCII art stego web service.

(wayner)

You’ve read about it…

0
Posted by m3t00 on 09-02-26 – 02:05:am
under government, international, military, network

...and here it is, at least according to Getty Images:

the nuclear football

WASHINGTON—FEBRUARY 24: A military aide carries the nuclear football, with the nation's nuclear launch codes, through Statuary Hall as President Barack Obama arrives at the U.S. Capitol for his address to a joint session of Congress on February 24, 2009 in Washington, DC. U.S. President Barack Obama will address a joint session of the Congress at 9:01pm tonight where he plans to address the topics of the struggling U.S. economy, the budget deficit, and health care. Getty Images

Scuffed, with one of those irritating luggage locks—the first line of defense.

(cryptome)

“MD5 considered harmful”

0
Posted by m3t00 on 08-12-30 – 09:17:pm
under digital, network, security, standards

That was the name of a paper delivered today at the 25th Annual Chaos Communication Congress in Berlin (summary, PDF). The geeky trope “considered harmful” doesn’t quite convey how serious this is; the equally geeky, equally tropey “be afraid, be very afraid” might’ve been a bit better.

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Then again, “real” certs foster trust in criminal conspiracies pillars of the financial community; are spoofed certs going to, say, cost us $700 billion? If not, who cares?

Nice pic...

MD5 fauxcert diagram

...but—contrary to current fad and fancy—infographics are never worth a thousand words. (On the latter, see also: “Against Tufte, (public) note 00001,” “Electric Kool-Aid; or, Against Tufte, [public] note 00002.”)

(risks)

Obfuscated TCP

0
Posted by m3t00 on 08-07-21 – 08:55:pm
under network, security

This seems useful:

Obfuscated TCP is a backwards-compatible modification to the TCP protocol which adds opportunistic encryption. It’s designed to hamper and detect large-scale wiretapping and corruption of TCP traffic on the Internet.

TLS [Transport Layer Security] is the solution to protecting sensitive information. However, there’s room for a low setup cost protocol to protect the bulk of traffic which isn’t currently encrypted. It can’t stop a focused attack, but it can assuage untargeted, dragnet sniffing of backbones and spoofing of RST packets.

Note the nontechnical, “more technical,” and “technical” intros.

(Cryptome)

Private-public key history

0
Posted by m3t00 on 08-05-12 – 09:56:pm
under military

Steve Bellovin’s “Prehistory of Public Key Cryptography” (08-01-16) says the technique was developed several years earlier than thought—and, according to former NSA Director Bobby (Ray) Inman, "a decade earlier than Diffie and Hellman," possibly inspired by “a World War II–era paper by an unknown person at Bell Labs.”

In a talk “The Early Days in Nuclear Command and Control”, [ex-NSA high-up Jim Frazer] spoke of National Security Action Memorandum 160 (from June 6, 1962), “Permissive Links for Nuclear Weapons in NATO”. Frazer claimed that this memo—signed by President Kennedy and endorsing a memo from his science advisor, Jerome Weisner—was the basis for the invention of public key cryptography by NSA....

Weisner’s memorandum says that “this equipment...would certainly deter unauthorized use by military forces holding the weapons during periods of high tension or military combat”. In other words, non-repudiation—a classic use for public key cryptography—was important; if a bomb is used, they (or their heirs, or civilization’s heirs...) want to know who ordered it. Pending declassification of the rest of the memo, I suspect that this is the crucial seed that led to the invention of public key cryptography at NSA....

[T]he first PALs (Permissive Action Links) deployed were 5-digit mechanical combination locks. The latest versions, the Categories D and F PALs, feature 6- or 12-digit input, and an automatic “limited try” feature which disables the warhead after too many incorrect tries.

Bellovin on PALs is interesting, but Bruce G. Blair writes:

The Strategic Air Command (SAC) in Omaha quietly decided to set the “locks” to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the “secret unlock code” during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.

(But those are the letter O, not zeroes. So maybe PALs predate the distinction between “O” and “0” and “l” and “1” on a keyboard?)

More: a very interesting resource maintained by (this?) Bill Stewart, one of the more genial voices on the Cypherpunks list of yore.