| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| A projected biggest analysis centre | |
|---|---|
| Tweet Topic Started: Mar 27 2012, 07:35 PM (1,080 Views) | |
| mok-kong shen | Mar 28 2012, 06:00 PM Post #16 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
But why do you need to employ messages that contain no useful informations for the recipients? Do you want to enhance the load of the computers of the Big Brothers that way? My standpoint is that that's not necessary. The volume of existing emails is IMHO huge enough in the present context. |
![]() |
|
| insecure | Mar 28 2012, 09:26 PM Post #17 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
It hampers traffic analysis. |
![]() |
|
| insecure | Mar 28 2012, 09:28 PM Post #18 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Ah, right thread. Yes, I did a tiny amount of research. You seem to think that doing no research and making an incorrect statement is somehow preferable to doing a small amount of research and making a correct statement. I think otherwise. |
![]() |
|
| mok-kong shen | Mar 28 2012, 09:53 PM Post #19 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I am afraid it is already difficult to motivate common users to do "something" in that direction. With my scheme the sender in all normal cases writes his emails as usual but only adds some stuffs which he actually shouldn't care much (which the opponent however must care, due to the possibility of encountering non-normal cases where the ciphertext does convey secret informations) and the recipient in all normal cases simply ignores the ciphertext. In your scheme the sender has to take care to get the encryption in all cases right, otherwise his messages wouldn't be correctly transmitted, and the same for the recipient. And you want also to have additional (bogus) communications that are otherwise not done by the partners. Thus your scheme has more difficulty of being accepted IMHO. |
![]() |
|
| insecure | Mar 28 2012, 10:05 PM Post #20 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
No, my scheme only requires for the functionality to be built into the client. The user wouldn't have to do anything at all (except, perhaps, optionally, to decide at installation time - i.e. once only - what percentage of idle bandwidth he is prepared to devote to the stream). I accept, however, that my scheme would not be widely adopted even if implemented, for much the same reason that abattoirs don't need heavily reinforced cattle pens. It can only ever be, at best, a thought experiment. |
![]() |
|
| mok-kong shen | Mar 28 2012, 10:29 PM Post #21 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Whether the functionality is built in for the user isn't to be considered for a comparison here in my view (he may just as well also have a secretary to do all works for him). The user may be one that, say, could do some classical crypto himself. And then you'll see the difference between the two schemes. |
![]() |
|
| fiziwig | Mar 28 2012, 10:35 PM Post #22 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
If I wanted to evade eavesdropping I'd simply create a Yahoo email account from a computer in a public library, or via a WiFi connection at a McDonalds in an airport somewhere in the world, and then use that account to join some spam-laden low-traffic Yahoo group where I would post my encrypted messages anonymously. Not being addressed to anyone specific, the recipient is never named, and only has to check the assigned Yahoo groups periodically for new messages. It's basically a blind drop. In fact, when I went to Yahoo groups to look for an example of a low-traffic group I found several thousand groups with cryptic names, public archives, and between 118 and 150 members. For example: http://dir.groups.yahoo.com/dir/1600086919?st=3470 http://dir.groups.yahoo.com/group/prvvtc/?v=1&t=directory&ch=web&pub=groups&sec=dir&slk=3471 One could probably post encrypted messages to groups like that and be overlooked buried amongst all the foreign-language spam. (Or who knows, that stuff that looks like foreign-language spam might actually be secret spy messages!) |
![]() |
|
| mok-kong shen | Mar 28 2012, 11:45 PM Post #23 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I have a dumb question since I haven't used Yahoo. Does Yahoo know your identity when you register as a user? If yes, then it would be possible from the account number somehow thru Yahoo to obtain your identity, wouldn't it? |
![]() |
|
| fiziwig | Mar 29 2012, 02:49 AM Post #24 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
When you create a Yahoo mail account you can provide whatever fake information you like. The only thing they really can get is your IP address, and if you use your laptop from a public WiFi hotspot like a public library, or McDonalds or Starbucks, then they only get the IP address of the WiFi provider, and nothing that leads back to you. |
![]() |
|
| insecure | Mar 29 2012, 03:45 AM Post #25 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
A blind drop (such as you describe) is more practical than my idea, in the sense that you can do it right now with existing software and services. What it doesn't do is defeat traffic analysis: it doesn't prevent Eve from knowing that someone created that account using that machine, and then used it to communicate in these ways and at these times and from these places, and is therefore probably one of a limited number of people [see Appendix B, "known associates", Appendix F, "CCTV coverage", and Appendix H, "home addresses of possible suspects"]. |
![]() |
|
| insecure | Mar 29 2012, 03:58 AM Post #26 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
In an earlier article, you said that the amount of work done by the user is significant. Now, because I point out that my scheme involves less work for the user than your scheme (e.g. you had the user typing AES keys), you are saying that the amount of work done by the user is unimportant. I don't think you think this stuff through. I think you are just arguing for the sake of arguing, and I'm fed up of wasting time punching through your fog. Some people confuse ignorance with stupidity, but there is all the difference in the world between the two. Ignorance is merely a lack of knowledge, and is curable by learning and thought. Stupidity is a lack of capacity to learn and think, and has no cure short of divine intervention. I enjoy taking part in discussions where learning is happening. I don't mind whether it's my learning or somebody else's. I do not, however, enjoy discussions with people who can't teach and either can't or won't learn. And therefore I do not enjoy discussions with you. Please change. Please demonstrate that you are capable of learning, capable of thinking, capable of expressing yourself clearly, capable of arguing cogently and consistently when right, capable of changing your mind when wrong. Until you do so, I'm really not interested in making the considerable effort required to take you seriously. |
![]() |
|
| coder | Mar 29 2012, 07:53 AM Post #27 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I can't resist it, insecure -- give the poor fellow the benefit of the doubt
|
| quot homines tot sententić | |
![]() |
|
| insecure | Mar 29 2012, 08:09 AM Post #28 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Well, yes, I know, and I have tried to do precisely that. Patience, however, has its limits. |
![]() |
|
| mok-kong shen | Mar 29 2012, 09:26 AM Post #29 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Then I am taking the liberty to ask you to kindly ignore all my posts in the future and I'll do the same to your posts. |
![]() |
|
| mok-kong shen | Mar 29 2012, 09:51 AM Post #30 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I am ignorant of this. What I can't however understand is: If Yahoo checks nothing and consequently one could provide e.g. a home address on the Mars, why should it bother to demand user's personal informations at all? |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| Go to Next Page | |
| « Previous Topic · News · Next Topic » |





![]](http://z2.ifrm.com/static/1/pip_r.png)



12:14 AM Jul 11