Domain: gurus.com
Stories and comments across the archive that link to gurus.com.
Comments · 17
-
Re:New Hardware Found.....
Right. Because there are no small ISPs, no mailing list owners, nobody else that could have a small number of employees, but a large number of email recipients.
Apparently you seem to think that you need an employee for every 10 emails that pass through your system on a regular basis. Perhaps you should go and tell Randy Cassingham that he needs to hire another 12,000 employees to help send to the subscribers on his mailing lists. -
Why bother?
I really don't mind if the NSA spies on me. I don't have anything to hide. I'm not quite saying "if you're not a criminal, you don't have anything to hide," but honestly, I've sent enough passwords in cleartext, opened enough VNC ports, run enough unpatched systems, voiced enough subversive opinions in public, logged in on enough computers outside my control (including some that I know are being watched), sent my social security number to enough places, that if someone really wanted to steal my identity or my information there's nothing valuable.
Part of that is because I'm a student, so I don't have a credit account or so forth. But I'll treat my bank account with as much care as I treat a couple of other secure items; I'll maintain my prepaid phone so that I lose at most about $30, not $20000, if my phone gets stolen or "hacked", etc.
If I get a job that requires secrets, I know how to keep those safe. I've written and used a ciphersaber for personal data, I use SSH for shell connections, I've tried my hand at Diffie-Hellman - and I'm smart enough to use professional products for AES and the like if necessary. But as of right now, I really don't care if you stick Carnivore on my router. Half of what you'll see is flash games, Wikipedia, and Xbox Live, and most of the rest I'll tell you if you ask nicely. -
Smaller, simpler alternatives to PGP/GPG....
These alternatives have been proven to be secure, likely just as secure as the 'big boys' like PGP and GPG.
Enjoy!
Tiny Encryption Algorithm
Pure Crypto Project
CipherSaber (CAUTION: uses RSA's 'cracked' RC4 algorithm)
-
Re:You're going to pay somewhere
It's 25 today, it's $25 tomorrow. Fortunately, you can just use VoIP and strong crypto and avoid problems.
The world is changing. The government can't control your electronic communications. They still have the power to tell you "do not walk on grass", but YOU have the power to do whatever you want online.
Use Freenet. Use GPG. Use OpenBSD. YOU are in control, not them. Don't pay their taxes. If they want you to use something easily traceable, they should pay YOU!
Take a look here:
http://ciphersaber.gurus.com/
You will always have encryption if you learn the contents of this page. Nobody can ever take it away. Think about that power. -
Re:YAY! Lets watch out mouths now!
Two words: strong encryption.
And another reason. My friend recently got death threats from people living in his Residence Hall. There were lots of details exchanged between the friends like where to get the automatic weapons, and when to kill the guy. Guess what. Those AIM logs are in the court documents.
Solution? Every morning, email (encrypted with your favorite public key algorithm [gpg'd]) a random 512-bit key to your co-conspirators. Then encrypt all AIM messages that day with that key (you can roll your own RC4 implementation [see this]). At the end of the day, shred(1) the key. Now nobody has any record of the conversation, AND you're legally in the clear. You don't know the key, so you can't turn it over.
Don't brush this off as paranoid. People know what you say on AIM. They won't if you encrypt it.
(AIM for Windows' built-in encryption is useless, BTW. All of the Windows people on my buddy list have the same key....) -
That's why we have crypto!
That's why I'll continue to encrypt all important (and unimportant!) conversations. For email I always use GPG (regardless of how important the message is). For VoIP, if I ever use it, I'll be sure to send the voice data through encrypted channels. Frankly, there's no excuse for not encrypting everything. Let them make laws; beat them with the tech.
And when they outlaw the tech, remember that you can learn how to write encryption software yourself. See Ciphersaber. There you'll learn to write your very own crypto code, and you'll remember how to do it again. I did it a few months ago and could still code something decent up :)
So don't worry about this. Just encrypt, and when encryption becomes illegal send lots of random data (netcat /dev/urandom) to your friends :) That will never be illegal, and encrypted data is the same as random data without the key! -
Cool, but it needs a net connection
Stealing and modifying some RC4 code, I made a self-contained Javascript/PHP CipherSaber encoder/decoder.
Boring I know, but at least it can create self-decrypting HTML files where the ciphertext and decryption code is all self-contained. With such output, any* JS-enabled browser can decrypt the file without a net connection. Here's a sample (use password "test" and 1 loop). This idea can be modified to fit almost any encryption scheme; RC4 just seemed like a good mix of security and extreme ease of implementation at the time.
* This is almost guaranteed NOT to work on Safari in Mac OSX. It works on recent Firebird builds under Windows XP and RedHat 9 (and probably other things as well). -
Remember Ciphersaber!
Be sure to look at the Ciphersaber site (and do a Google search) for information on cheap, readily available crypto. Of course, the SA government could always block the site....
-
Re:RSA Wars
Luke: I want to be a RSA Knight like my father!
Schneier: You might, but first you must learn. And build your own CipherSaber. -
Re:RSA Wars
Luke: I want to be a RSA Knight like my father!
Schneier: You might, but first you must learn. And build your own CipherSaber. -
It'd be difficult, but...
What about ciphersaber?
-
Re:Cool
... and every current or potential programmer ought to learn to implement CipherSaber from memory, for much the same reasons--especially now that recent events have made governments and citizens more hostile to privacy.
-
Remember CipherSaberSorry I slept too late and didn't get this in until the wastelands of the later articles, but...
Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber home page.
In George Lucas' Star Wars trilogy, Jedi Knights were expected to make their own light sabers. The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become
impossible to suppress.
So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom. -
Two weaknesses + fixes
The first weakness is that it is easy to poison the repositories with pads with false names. The pad names should be made self-verifying by using a hash of the entire pad as a name (e.g. md5).
The second problem is that the keyspace is too small. The obvious solution would be to encrypt the data. This way the "URL" for the information would be the names of pads to XOR plus the encryption passphrase. The encryption format should have no headers and be indistinguishable from random data without the passphrase. A good candidate would be CipherSaber.
The system's biggest advantage is that it ridiculously simple and uses existing tools. This makes it very transparent.
---- -
Re:??? How come so many doubt it ???
Brute force is still the best published, practical attack against DES- other attacks require ridiculous volumes of known or chosen plaintext. Some people suspect the NSA can do better, partly because they're known to have changed the S-boxes after IBM developed the algorithm (though this could have been merely to defend against their early discoveries of differential cryptanalysis- they didn't seem to realize DES would be published, after all), but AFAIK there's no real confirmation of this. I feel a little more comfortable with RC4, though, especially since I can carry it around in my head so it can never be effectively suppressed.
-
Re:...
Be sure it came straight out of your arcfour CipherSaber or something, and not from some off-the-shelf file encryptor that uses recognizable headers....
-
Good thing that we have ciphersaber.
Go check out CipherSaber. If crypto is outlawed, we'll just have to write our own crypto software from memory
:-)