| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| A projected biggest analysis centre | |
|---|---|
| Tweet Topic Started: Mar 27 2012, 07:35 PM (1,079 Views) | |
| mok-kong shen | Mar 27 2012, 07:35 PM Post #1 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter |
![]() |
|
| insecure | Mar 27 2012, 09:43 PM Post #2 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I wouldn't worry about it too much. The NSA may be building the world's fastest computer, but they're Americans, so they'll put Windows on it. Give them a couple of years to clog up the registry, and it'll be no faster than your laptop. And of course it'll blue-screen as soon as they ask it to do anything important. |
![]() |
|
| mok-kong shen | Mar 28 2012, 07:24 AM Post #3 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
To overload their machines, I think there would need sufficient number of people in the world, who would take time to e.g. write "unnecessary" sentences that contain keywords like 'bomb' etc. in order to activate the automatic mechanisms that cause such emails be selected for examination. |
![]() |
|
| insecure | Mar 28 2012, 08:23 AM Post #4 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Some years ago, I had the germ of an idea for reducing the likelihood of being eavesdropped by Big Brother. I never did anything with this idea, but I think (a) it would probably work; (b) it would not require us to "bait" Big Brother with keywords. Let the universe consist of Alice, Bob, Carol, Dave, Frank, Gill, and Helen. (In other words, a large number of people, although I don't know what the minimum would be.) Eve is, of course, GCHQ, NSA, the KGB (if they're still around), Mossad, and so on. This is a two-part technique. The first part is as follows: whenever anybody in this group communicates with any other in the same group, they always encrypt their message - always, without fail. It doesn't have to be terribly strong encryption, just as long as the data looks encrypted. This applies even to messages like "Have you seen the car keys?" or "If you're at the church social, I'll return your 'Lord of the Rings'". Any old chit-chat always gets encrypted. How they encrypt is up to them. Alice might use AES when communicating with Bob, but Carol might prefer TwoFish. It really doesn't matter. The communication is then super-encrypted using a standard algorithm that everyone in the group agrees on. The second part is the (relatively) subtle bit: from time to time, any group member (or rather, their computer) will randomly select another group member, and send a "message" of arbitrary length (not so short as to be obviously an empty message, not so long as to be unwieldy) which is composed of random data (doesn't have to be binary junk; could just be alphabet soup or word stew) that is then encrypted using the algorithm typically favoured by the sender or recipient, and then super-encrypted using the algorithm that is standard for that group. Most of the time, our computers are connected to the Net, but not actually using it. (For example, looking something up in Google might take your computer half a second, but the 5 seconds you spend reading the first hit to see if it's what you wanted is 5 seconds of idle time for your network connection.) This technique uses that fact. Alice allows her computer, say, 10% of her spare bandwidth (she doesn't want the ISP to complain that she's hogging the Net). Bob allows 15%. Carol and Dave are okay with 20%. Frank and Gill allow 25%. Helen allows 50%. (Still not excessive, really.) Assuming each of them has an 8 Mbit connection, that's well over a Petabyte per year of random junk that Eve has to sift through to prove that it is random junk. And that's from just seven people. If five million people played this game as outlined above, the NSA's - sorry! Eve's projection of the world data transfer rate for 2015 would have to be doubled, making Eve's job twice as hard. If fifteen million played, it would be four times as hard. And there are well over 2,000 million Internet users at present... |
![]() |
|
| coder | Mar 28 2012, 09:03 AM Post #5 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I must be naive because I thought NSA and GCHQ are there to protect our interests and so your game would be rather counter-productive. The folk I object to are the hackers who try to disrupt our security. The TV the other night showed hordes of them in Internet cafes in Beijing, dedicated to 'striking' the West. Have you got a little game we can play to disrupt them? |
| quot homines tot sententiæ | |
![]() |
|
| insecure | Mar 28 2012, 10:48 AM Post #6 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
NSA and GCHQ should be there to protect our interests. Is it in our interests to sacrifice a large part of our freedom for a tiny gain in supposed security? NSA and GCHQ would answer 'yes'. I cannot agree with them. Once a government has your messages in its database, they can be read. In theory, there are strict controls over which officials have access to government databases. In practice, however, we know that the US Army can't even keep a smart kid out of their files, let alone a determined inside man. Let's consider the case of a perfectly ordinary man who lives in Maryland. He writes an email which happens to contain the name "Al-Qa'eda". That's not such a terribly uncommon thing for people to write - I've even used the phrase myself in this very posting - but nevertheless it could come up on a list of search hits within NSA. And the email is indeed found, and routed to an official for analysis, together with all related information available on this person, to determine whether this is a false positive or a genuine security risk. The official now has access to this guy's bank account details, all his emails, maybe his text messages, URLs visited, known associates... Now think of this: the official could easily be the subject's next-door neighbour. If I send an email to a friend of mine, it is because I want my friend to read the email. It is not because I want my government to read my email. If I wanted them to read my email, I'd copy them in. Okay, okay, wait a minute. Surely they wouldn't go to all this trouble just to bring in a police state by the back door. (Well, of course they would, but let's pretend for a minute that they don't want that.) Surely they go to all this trouble because it does some good? Well, no. Any terrorist worth his salt can easily communicate with his partners-in-crime in a totally secure way. It's trivial. In fact, it's so trivial that I would imagine almost everyone who posts to this forum already knows the technique. (I say "almost" advisedly! )Here's how he does it. He uses OTP, pure and simple. Yes, the key distribution problem is a nuisance, I agree. But so what? If the stakes are high enough, and the numbers low enough, it is possible to distribute enough keys to make it workable for a short time. Let's say he has a team of ten (inclusive). Let's assume further that they are all separated in space, and that any one of them might wish to communicate with any other. There are 10 * 9 = 90 ways to pair these people up. So they prepare 180 one-time pads (one for A to B, one for B to A, one for A to C, etc). Any one of them will have 18 of these pads - 9 for sending, nine for receiving. If they store these pads on a cheap 8GB USB pen, each pad can be well over 40MB in size. If they stick to text, that's about ten Bibles'-worth, which is a LOT of text. Easily enough to enable a few terrorists to keep in touch with each other during the planning of an operation. Okay, so not all terrorists are smart enough to use OTP. Some aren't even smart enough to use a mobile phone or email (or are smart enough not to!), which means the NSA will never catch them no matter how much eavesdropping they do. Since it is perfectly possible for terrorists to use electronic communication with complete security, the payoff of intercepting every single communication is vanishingly small (and is also very, very, illegal - the NSA does not have the right to do what they are planning to do). The cost, in terms of loss of liberty for ordinary people, is enormous. We are heading rapidly for a police state. Anything we can legally do to slow its onset is certainly worth considering. As for what you call "hackers", well, firstly they're not hackers except in the ignorant media's sense of the word. They're not doing anything clever. Hacking isn't about breaking in, but about pushing envelopes. Richard Stallman is a hacker. Linus Torvalds is a hacker. These cafe jerks are just jerks. What do we do about the jerks? Well, we tighten up our firewalls and don't download dodgy software. There's nothing you can do about a DDOS - if some clown with a botnet is determined to flood your connection, the best you can do is pull the plug and go read a book for a bit. He'll get bored eventually. And he can be caught using normal police techniques. After someone has committed a crime, it becomes reasonable to trace criminal activity back to its source (for example, tracing back IP addresses). If the crime turns out to have been committed overseas, then you simply turn the matter over to them, and let them investigate it. (If they do so with due diligence, then obviously that will have a positive effect on the relationship between the two countries. If they ignore it, that will have a negative effect. Either way, it will have an effect.) Of course, there is another approach to the jerks. Recently, a jerk from the UK (yes, we have them too) managed to access US Army computers, despite the astounding security precautions that the Army has in place... such as blank passwords, for example. No, really honestly. How did the Army react? How would you have reacted? Personally, I'd have said "Major Smith, I want the password validation routines tightened up so that they will not accept a password that does not meet certain stringent criteria, and I want all password expiry dates set to the end of next week at the latest, just as soon as the fix has been tested and approved. Action this day, Major, and report to me by tomorrow morning that this has been done." And that would be it. The US Army has a different approach. They are trying to extradite the guy for prosecution and potentially 15 years in a US prison. Yeah yeah, he shouldn't have done what he did, but that's not the point. The point is that he shouldn't have been able to do what he did. It is only because of the US Army's incompetence that his stupidity is in danger of being punished out of all proportion to the act itself. Let's stop kidding ourselves that the NSA and GCHQ can anticipate terrorist acts if only they have a big enough microphone. They can't. Nor can they stop cyberjerks in Beijing cafes from SYN-flooding Web sites. But what they can do, if we are not careful, is introduce a very, very effective police state. This should be opposed by all legal means. |
![]() |
|
| coder | Mar 28 2012, 03:12 PM Post #7 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I can't think of any 'large freedom' I have given up. I don't mind the trivial things I'm nowadays asked to do -- like giving my personal details when I want to move money about the world -- when I know they are there for good reason. I don't mind if GCHQ read my posting or my emails because I have nothing to hide. And if I have something very personal to communicate, which would embarrass me if it became public knowledge (& I can't think of anything offhand in this category) then you can be sure that I will do so in a way that it will not become public knowledge. I believe there is enough freedom and sufficient checks and balances in the Western societies in which I have lived (Australia, France, England, USA) for abuses of power by the police, GCHQ... to be publicised and put right. And that the risk of your Police State is trivial (as long as we don't vote for it like in pre-war Germany). For the rest, all strength to the arm of the authorities -- they are there to protect me and I want them to get on with it. I have also lived in iraq and Malaysia, and have been a frequent visitor to Singapore, and in these countries things are very different. But then so are the circumstances.
That's not what I said. My words were 'hackers who try to disrupt our security'. And I include in this people like Julian Assange, though I must admit to liking this newspaper quote of his:
and he should know what he's talking about! |
| quot homines tot sententiæ | |
![]() |
|
| fiziwig | Mar 28 2012, 03:26 PM Post #8 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Those agencies have many things they are dedicated to protecting. They work very hard to protect:
Once such a bureaucracy is created it becomes self-sustaining, whether it continues to have any reason to exist or not. Bureaucracies, once spawned, never go away. Ever. So when the cold war ended they had to search around for new enemies to justify their existence. Terrorism? A better enemy to pick would have been drunk drivers. For every person killed by a terrorist in the last ten years, over three hundred were killed by drunk drivers. And three times that many people die of side effects of prescription medicines every year. 90,000 last year alone! So, since these agencies have no sense of proportion whatsoever they devote millions and millions of dollars "fighting" something that causes dozens of deaths per year, (and is actually a law enforcement problem, not a military problem) and nobody talks about the things that cause hundreds of thousands of deaths like drunk drivers, prescription meds, starvation, water-borne disease that is easily preventable (now there's a war that COULD be won! The war on unclean drinking water!). Hell, the ordinary FLU kills hundreds of times more people every year than terrorists. But where do they spend all the money? On the things they can use to frighten the average moron who can't do simple arithmetic. That's how they protect their cushy and over-paid jobs; by scaring people who don't know the first thing about simple statistics and risk assessment. |
![]() |
|
| coder | Mar 28 2012, 03:56 PM Post #9 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
My goodness! this topic is really prompting some purple prose. I note that since the Twin Towers were destroyed there hasn't been another terrorist incident in the US. Which reminds me of Oscar Wilde's dictum that a cynic is a person who knows the cost of everything and the value of nothing. |
| quot homines tot sententiæ | |
![]() |
|
| insecure | Mar 28 2012, 04:41 PM Post #10 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
There have been plenty of terrorist incidents in the USA since 11 September 2001. With minimal research, I found reports of at least twenty. |
![]() |
|
| mok-kong shen | Mar 28 2012, 05:09 PM Post #11 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I have a simpler scheme, namely everyone writes emails as usual but includes also a few paragraphs that are encryptions of either (1) matters totally irrelevant to the current communication or (2) entirely random. Encryption method can be arbitrarily chosen by the sender, ranging from simple classical crypto to use of PRNGs of any (good or bad) quality to good modern block ciphers like AES, since the corresponding plaintext is not intended to be read by the recipient anyway. On the other hand, the Big Brothers have no means to determine from the outset whether in a given email the plaintext corresponding to the ciphertext is relevant for them or not and hence have to attempt to decrypt them. If there are a sufficient number of people in the world sending such bogus secret messages everyday, no super-computing centre with today's technology could ever be built to deal with them in my conviction. For the sender, the additional work involved isn't too much IMHO. For example, with an AES module, one needs only to randomly type on the keyboard a sufficient number of characters for the key and an intial value for obtining in counter mode an arbitrarily long random character sequence, which, even if successfully decrypted by the Big Brothers (which they can hardly do according to status quo), is by nature rubbish and of no value at all to them. The big problem however is how to motivate sufficient people in the world to take part in such a global action. Edited by mok-kong shen, Mar 28 2012, 05:16 PM.
|
![]() |
|
| insecure | Mar 28 2012, 05:24 PM Post #12 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
The principle behind my scheme was that any communication may or may not contain a message. Eve would have not only to intercept everything but also to decrypt everything. As you rightly say, the method of encryption is neither here nor there, but the point of super-encryption was to give all data, whether arbitrary or deliberate in nature, a homogenous characteristic, which may make it harder for Eve to guess from its external appearance whether a communication is wheat or chaff. |
![]() |
|
| mok-kong shen | Mar 28 2012, 05:45 PM Post #13 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I am afraid I don't yet fully understand your point. Anyway, in my scheme the recipient needs to do no work at all, excepting in those (rare) cases (e.g. through an agreed upon keyword in the cleartext) he is informed that there is relevant secret stuff in the ciphertext to be looked at. Since the Big Brothers don't know whether a given ciphertext contains real informations or not, they have to waste their time and energy in general (or better give up their mean goal of sneaking common people's private communications). IMHO, with a fraction of the common emails currently being sent altered in the manner I suggested, the capacity of their computers would already be exhausted.
Edited by mok-kong shen, Mar 28 2012, 05:55 PM.
|
![]() |
|
| insecure | Mar 28 2012, 05:51 PM Post #14 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
My scheme would involve no work from either the sender or the recipient - the software would handle it all. You could think of it as an infinitely long stream of mostly random data, with messages occasionally embedded therein, in such a way that the computers at each end would be able to detect and decipher the messages. Like I said at the beginning, it was just the germ of an idea, and I haven't thought it through fully as yet - specifically, I haven't thought through the mechanism by which a recipient could detect the presence of a message without Eve being able to do the same thing. Some kind of shared key will be at the heart of it, possibly via Diffie-Hellman. |
![]() |
|
| coder | Mar 28 2012, 05:55 PM Post #15 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
You had to research! Big deal
|
| quot homines tot sententiæ | |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| Go to Next Page | |
| « Previous Topic · News · Next Topic » |





![]](http://z2.ifrm.com/static/1/pip_r.png)



)

12:14 AM Jul 11