Welcome Guest [Log In] [Register]
Welcome to Crypto. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
A projected biggest analysis centre
Topic Started: Mar 27 2012, 07:35 PM (1,080 Views)
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
But why do you need to employ messages that contain no useful informations for the recipients? Do you want to enhance the load of the computers of the Big Brothers that way? My standpoint is that that's not necessary. The volume of existing emails is IMHO huge enough in the present context.
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
It hampers traffic analysis.
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
coder
Mar 28 2012, 05:55 PM
Quote:
 
With minimal research, I found reports of at least twenty.


You had to research! Big deal :lmao:
Ah, right thread. :lol:

Yes, I did a tiny amount of research.

You seem to think that doing no research and making an incorrect statement is somehow preferable to doing a small amount of research and making a correct statement. I think otherwise.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
insecure
Mar 28 2012, 09:26 PM
It hampers traffic analysis.
I am afraid it is already difficult to motivate common users to do "something" in that direction. With my scheme the sender in all normal cases writes his emails as usual but only adds some stuffs which he actually shouldn't care much (which the opponent however must care, due to the possibility of encountering non-normal cases where the ciphertext does convey secret informations) and the recipient in all normal cases simply ignores the ciphertext. In your scheme the sender has to take care to get the encryption in all cases right, otherwise his messages wouldn't be correctly transmitted, and the same for the recipient. And you want also to have additional (bogus) communications that are otherwise not done by the partners. Thus your scheme has more difficulty of being accepted IMHO.
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
No, my scheme only requires for the functionality to be built into the client. The user wouldn't have to do anything at all (except, perhaps, optionally, to decide at installation time - i.e. once only - what percentage of idle bandwidth he is prepared to devote to the stream).

I accept, however, that my scheme would not be widely adopted even if implemented, for much the same reason that abattoirs don't need heavily reinforced cattle pens. It can only ever be, at best, a thought experiment.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
Whether the functionality is built in for the user isn't to be considered for a comparison here in my view (he may just as well also have a secretary to do all works for him). The user may be one that, say, could do some classical crypto himself. And then you'll see the difference between the two schemes.
Offline Profile Quote Post Goto Top
 
fiziwig
Elite member
[ *  *  *  *  * ]
If I wanted to evade eavesdropping I'd simply create a Yahoo email account from a computer in a public library, or via a WiFi connection at a McDonalds in an airport somewhere in the world, and then use that account to join some spam-laden low-traffic Yahoo group where I would post my encrypted messages anonymously. Not being addressed to anyone specific, the recipient is never named, and only has to check the assigned Yahoo groups periodically for new messages. It's basically a blind drop.

In fact, when I went to Yahoo groups to look for an example of a low-traffic group I found several thousand groups with cryptic names, public archives, and between 118 and 150 members. For example:

http://dir.groups.yahoo.com/dir/1600086919?st=3470
http://dir.groups.yahoo.com/group/prvvtc/?v=1&t=directory&ch=web&pub=groups&sec=dir&slk=3471

One could probably post encrypted messages to groups like that and be overlooked buried amongst all the foreign-language spam. (Or who knows, that stuff that looks like foreign-language spam might actually be secret spy messages!)

Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
fiziwig
Mar 28 2012, 10:35 PM
If I wanted to evade eavesdropping I'd simply create a Yahoo email account from a computer in a public library, or via a WiFi connection at a McDonalds...

I have a dumb question since I haven't used Yahoo. Does Yahoo know your identity when you register as a user? If yes, then it would be possible from the account number somehow thru Yahoo to obtain your identity, wouldn't it?
Offline Profile Quote Post Goto Top
 
fiziwig
Elite member
[ *  *  *  *  * ]
mok-kong shen
Mar 28 2012, 11:45 PM
fiziwig
Mar 28 2012, 10:35 PM
If I wanted to evade eavesdropping I'd simply create a Yahoo email account from a computer in a public library, or via a WiFi connection at a McDonalds...

I have a dumb question since I haven't used Yahoo. Does Yahoo know your identity when you register as a user? If yes, then it would be possible from the account number somehow thru Yahoo to obtain your identity, wouldn't it?
When you create a Yahoo mail account you can provide whatever fake information you like. The only thing they really can get is your IP address, and if you use your laptop from a public WiFi hotspot like a public library, or McDonalds or Starbucks, then they only get the IP address of the WiFi provider, and nothing that leads back to you.
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
A blind drop (such as you describe) is more practical than my idea, in the sense that you can do it right now with existing software and services.

What it doesn't do is defeat traffic analysis: it doesn't prevent Eve from knowing that someone created that account using that machine, and then used it to communicate in these ways and at these times and from these places, and is therefore probably one of a limited number of people [see Appendix B, "known associates", Appendix F, "CCTV coverage", and Appendix H, "home addresses of possible suspects"].
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
mok-kong shen
Mar 28 2012, 10:29 PM
Whether the functionality is built in for the user isn't to be considered for a comparison here in my view
In an earlier article, you said that the amount of work done by the user is significant. Now, because I point out that my scheme involves less work for the user than your scheme (e.g. you had the user typing AES keys), you are saying that the amount of work done by the user is unimportant.

I don't think you think this stuff through. I think you are just arguing for the sake of arguing, and I'm fed up of wasting time punching through your fog.

Some people confuse ignorance with stupidity, but there is all the difference in the world between the two. Ignorance is merely a lack of knowledge, and is curable by learning and thought. Stupidity is a lack of capacity to learn and think, and has no cure short of divine intervention.

I enjoy taking part in discussions where learning is happening. I don't mind whether it's my learning or somebody else's. I do not, however, enjoy discussions with people who can't teach and either can't or won't learn. And therefore I do not enjoy discussions with you.

Please change. Please demonstrate that you are capable of learning, capable of thinking, capable of expressing yourself clearly, capable of arguing cogently and consistently when right, capable of changing your mind when wrong.

Until you do so, I'm really not interested in making the considerable effort required to take you seriously.
Offline Profile Quote Post Goto Top
 
coder
NSA worthy
[ *  *  *  *  *  * ]
insecure
 
Until you do so, I'm really not interested in making the considerable effort required to take you seriously.


I can't resist it, insecure -- give the poor fellow the benefit of the doubt :lmao:
quot homines tot sententić
Offline Profile Quote Post Goto Top
 
insecure
NSA worthy
[ *  *  *  *  *  * ]
Well, yes, I know, and I have tried to do precisely that. Patience, however, has its limits.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
insecure
Mar 29 2012, 08:09 AM
Well, yes, I know, and I have tried to do precisely that. Patience, however, has its limits.
Then I am taking the liberty to ask you to kindly ignore all my posts in the future and I'll do the same to your posts.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
fiziwig
Mar 29 2012, 02:49 AM
When you create a Yahoo mail account you can provide whatever fake information you like.
I am ignorant of this. What I can't however understand is: If Yahoo checks nothing and consequently one could provide e.g. a home address on the Mars, why should it bother to demand user's personal informations at all?
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
Go to Next Page
« Previous Topic · News · Next Topic »
Add Reply