Slashdot Mirror

Christ, just look at shit like this. If it were satire, it would be too implausible to be funny, but that's reality.

And the school's justification is that they have to consider every potential threat to avoid school shooting/bombing.
Yeah right.
Again a perfect exemple of over-reaction.

How many school bombing have ever happened in the decade before this kind of "Ban-Children-Drawing-Bombs" madness started to be enforce?
I bet you that in the developed world, its near zero. (In developing countries with still active conflicts the situation is different).
How many autistic kids (aka "special needs" in this article) are out there? a lot (a dozen per 1000 according to some estimate).
But better hurt the hundreds kids by teaching them that they should never try to make pictures because sometimes adults will react weirdly to them, than have the risk of keeping so many school bombing per decade (hint: probably zero).

Why can't little Johnny code? Because we suspended him for planning out a game where you shot alien space ships with guns. The Horror!

But one of the alien's name was an anagram of the school principal's name! That's a clear proof that little Johnny was planning to "go Columbine Massacre" on his school!
We must suspend him, and buy 10x more metal detectors for schools!

Huh... what's this thing called "catharsis" that you keep mentionning ? I can't hear you over the sound of the monney that lobbyist got from metal detector manufacturer.

So what key words will alert security agencies?

@ seems to be all you need.

Here's direct link Ted's post. The most interesting points are (if I understand them correctly):

1. The insecurity discussed in the paper is about how quickly the Linux entropy pool recovers from a compromised state. I.e. imagine that somebody somehow gains full read access to your computer's memory, and reads your randomness pool (but kindly does not read all your private keys etc.), but then loses that access at some later pool. How long does it take until the entropy pool has recovered enough entropy to be usable again? I think in most cases one would already have lost at the time an attacker gained full read access to your system, and wouldn't worry much about what happens after that. So this is a pretty irrelevant issue.

2. The paper relies on the assumption that Linux stops collecting new entropy once it thinks the pool is sufficiently random. That hasn't been the case for quite some time - it now continues to mix in new entropy no matter how random it thinks the pool is.

I would not be very worried about this. And I think all the suggestions that people use hardware RNGs *instead* of /dev/random are misguided. While hardware RNGs are good in theory, and make a good input into /dev/random, they are, unlike the Linux source code, difficult to verify.

Here's direct link Ted's post. The most interesting points are (if I understand them correctly):

1. The insecurity discussed in the paper is about how quickly the Linux entropy pool recovers from a compromised state. I.e. imagine that somebody somehow gains full read access to your computer's memory, and reads your randomness pool (but kindly does not read all your private keys etc.), but then loses that access at some later pool. How long does it take until the entropy pool has recovered enough entropy to be usable again? I think in most cases one would already have lost at the time an attacker gained full read access to your system, and wouldn't worry much about what happens after that. So this is a pretty irrelevant issue.

2. The paper relies on the assumption that Linux stops collecting new entropy once it thinks the pool is sufficiently random. That hasn't been the case for quite some time - it now continues to mix in new entropy no matter how random it thinks the pool is.

I would not be very worried about this. And I think all the suggestions that people use hardware RNGs *instead* of /dev/random are misguided. While hardware RNGs are good in theory, and make a good input into /dev/random, they are, unlike the Linux source code, difficult to verify.

If you are gonna do that, might as well link to the comment:

https://www.schneier.com/blog/archives/2013/10/insecurities_in.html#c1909001

has some thoughts on the study and the subject:
https://www.schneier.com/blog/archives/2013/10/insecurities_in.html

C'mon, guys, if you'd have done your attack trees, you'd know that the guy who empties the waste basket can install a keylogger for a day for much less cost than it would take to break your 4096 bit PGP key.

I suppose this story does highlight some changing costs on the nodes, though - if physical penetration is becoming more prevalent, then either the cost of hiring somebody to do it is falling (due to massive unemployment, perhaps?) or the costs of other attacks are rising.

> This is actually something *very* new.

Is it? How long has your phone had a camera?

2008: http://gizmodo.com/5092582/digital-photos-act-as-unique-fingerprints-in-finding-criminals-with-digital-cameras

2006: https://www.schneier.com/blog/archives/2006/04/digital_cameras.html

Doesn't seem very new, most phones have pictures they took already on them, those that don't, its not terribly hard to make them snap photos usually. In fact, other malware apps have been developed to do exactly that:

http://www.dailymail.co.uk/sciencetech/article-2211108/Could-phones-camera-secretly-taking-pictures-right-Hackers-use-lens-steal-private-data--build-3D-model-home.html

Not all encryption is broken. As Bruce Schneier says - trust the math(s).

As Bruce Shneier says - Don't trust electronic voting. Use paper.

Only a handful of mathematicians would trust that.

Paper ballots with independents actually conducting the election taking ballots and counting them, etc, with overseers from all political parties welcome to watch the entire proceedings, from start to finish.

Simple and transparent.

No, even the mathematicians wouldn't trust it. See Bruce Schneier's 2006 essay that explains why.

Use paper ballots. Period.

However, crypto can still add value - it can go a long way towards preventing fraud and errors even in a paper ballot election. Scantegrity is an open-source system, invented by Rivest (the "R" in RSA), Chaum, and other researchers, that helps secure a paper ballot election by supplying each voter with a simple verification code that can be written down. The codes in no way compromise the anonymity of the voters, and cannot be used to determine what vote was cast. But they can be used by individual voters to verify that their votes have been counted correctly, and by election officials to verify that ballots have not been tampered with and that the results have been tallied correctly. The overhead cost of the system is low.

Scantegrity has been used successfully in two real elections - municipal elections in the Takoma Park, Maryland in the U.S. But so far it doesn't seem to be catching on very much. I guess it doesn't quite suit the needs of the big money electronic voting industry.

This is not about monitoring anymore, probably never was

...giving the agency opportunity to launch prepared attacks against their systems

They are actively attacking Tor nodes and clients, be or not outside US, being used for criminal activities or just someone worried about his own privacy.

This is not about defending against terrorists, they are attacking the US citizens that dares to try to have some privacy. Along with foreing citizens worried about the same.

And they are not just forcing everyone to be unsafe, they are too, so others (foreing countries, private companies wanting to get rid of competitors, hacking groups, old-style criminal organizations, even terrorist groups) can use the same tools/backdoors/exploits as them, being either provided by leaks (not just Snowdens unknown predecessors, there are a lot of private companies with high security clearance with access to all of that that could have their own agenda (Snowden worked for one of them), or just plain hacking (like yesterday's Adobe one that could had leaked where Acrobat or Flash have NSA backdoors).

I suppose that you mean economically harmful for US corporations, having competition is definately not what is capitalism about.

Is not just monitoring. Your lack of security will be used against you. If you have something critical enough in another country, you probably have a logical bomb running on your infrastructure. Stuxnet is an obsolete example by now.

But even without logical bombs, information means control, if they have all your information they could control you, or your population. If your country don't lick the boots of the USA overlords, they could spill secrets about your government that could put it in trouble, or make the population revolt. Even just stealing money of banks of enough people could trigger that revolt. And the killer secret could be just a grandmother telling in facebook to her contacts that she saw certain politic in a place where he shouldn't be. And the revolt will be pretty useful to put a puppet in power, is not that we didn't see that in the past years, and how well it went for the local population, during and after all got "solved".

In this scenario won't be surprised if most still independent countries just close ties with US and US companies, puts protective monitoring in all communications and restrict what can access citizens and foreigners. Probably the ones that in a year still didn't do it are not truly independent.

But don't worry; it's just metadata

Metadata Equals Surveillance

He says he's encrypting everything, these days

Precisely, because encryption still works, regardless of what the media has convinced you.

He doesn't trust vpns

Please, please read the articles more carefully; you are missing what is actually being said due to the amount of hysteria that was whipped up. Here is what he actually said:

TAO also hacks into computers to recover long-term keys. So if you're running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. .....How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."....
I have five pieces of advice:...
2) Encrypt your communications. Use TLS. Use IPsec

Schneier is SPECIFICALLY recommending the use of VPN and HTTPS to protect yourself, and this recommendation was made a whopping 3 weeks ago. It would be awfully strange for a crypto expert to recommend the use of a broken technology, especially one as paranoid as Schneier. The "risk" hes identifying is that, as has ALWAYS been the case, adversaries do not attack encryption head on; they look for side-channels or ways of recovering the keys so that they do not have to brute force, and in this case the NSA apparently relies on trying to hack the endpoint and recover the VPN keys (the "shared secret" he references) for high-value targets.

He thinks RC4 has been cracked.

I dont believe he ever said that. This says "dont panic yet, but start to move away from RC4".

He is no where near as complacent as you are.

Im not "complacent", im just not ready to buy some rubbish speculation that "all VPNs" are vulnerable even though the relevant encryption algos havent been cracked yet and schneier is recommending we use IPSEC (probably the most widely used VPN tech out there).

That the software that manage it will be open source could mitigate some of the problems (lower odds of software backdoors pass unnoticed for much time), but as you can embed backdoors directy in hardware, that won't be a protection in all cases.

They are doing more than spying, they are using it to attack (or plant future attacks) critical infrastructure. Stuxnet was just the first public example.

"We" is a lot of people, some that could be respectful, some that not. Also forced the maker of your locks to be able to be opened with a clip to make things easier for us, knowing that no "proper" thief would never figure that. And planted a few hidden bombs just in case we think that you are misbehaving.

Did we mention that we have to pay private prisons if we don't keep them nearly full? Is not that you would have to worry about that

Up to a month ago such a comment would've been modded to -1 because historically, NSA had helped improve the security of encryption standards.

Schneier has been speculating about the possibility of an NSA planted backdoor in Dual_EC_DRBG since 2007. Which by the way took me a few attempts to find again since there are many hits if you search for NSA backdoor on his site.

As Schneier has said, the revelations about recent NSA activity has completely evaporated the goodwill NSA earned in the cryptographic community from back then.

Goodwill might be an exaggeration. Learning that NSA had improved security of DES did reduce the distrust in NSA, but it did not eliminate it. The first evidence of the Dual_EC_DRBG probably brought that distrust back to the previous level. By now I guess the trust in NSA is at an absolute low. (If it got any lower you would start trusting anything from the NSA not to be trustworthy.)

Up to a month ago such a comment would've been modded to -1 because historically, NSA had helped improve the security of encryption standards.

Schneier has been speculating about the possibility of an NSA planted backdoor in Dual_EC_DRBG since 2007. Which by the way took me a few attempts to find again since there are many hits if you search for NSA backdoor on his site.

As Schneier has said, the revelations about recent NSA activity has completely evaporated the goodwill NSA earned in the cryptographic community from back then.

Goodwill might be an exaggeration. Learning that NSA had improved security of DES did reduce the distrust in NSA, but it did not eliminate it. The first evidence of the Dual_EC_DRBG probably brought that distrust back to the previous level. By now I guess the trust in NSA is at an absolute low. (If it got any lower you would start trusting anything from the NSA not to be trustworthy.)

Up to a month ago such a comment would've been modded to -1 because historically, NSA had helped improve the security of encryption standards. As Schneier has said, the revelations about recent NSA activity has completely evaporated the goodwill NSA earned in the cryptographic community from back then.

So is ok that US does it to all the world because other countries maybe doing it?

Even if the other countries, at most, and the ones that does it, does mostly in their own population or internal connections (and for those, how many started shortly after the arab spring? if some external power is social engineering a revolution is better to be aware of it). US not only does that on all the world, their citizens and all the foreing ones that are within their reach (and not just the ones that are connecting in that moment with US servers), but also is getting ready to fire cyberattacks on critical structure.

They are shitting, pissing, and puking in the pool. They don't just they spy, force manufacturers to put backdoors in their products and plant logical timebombs in all other countries critical infrastructure, but they are forcing other countries to protect themselves. If over that, those governments does their own quote of surveillance, is anyway a small drop in the ocean that the US is doing.

Bruce Schneier once again hit the nail on the head: The Four Horsemen of the Information Apocalypse. "Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four."

Our main criticism of IPsec is its complexity. IPsec contains too many options and too much flexibility; there are often several ways of doing the same or similar things. This is a typical committee effect. Committees are notorious for adding features, options, and additional flexibility to satisfy various factions within the committee. As we all know, this additional complexity and bloat is seriously detrimental to a normal (functional) standard. However, it has a devastating effect on a security standard.

(my emphasis).

Bruce Schneier talked about DRBG being a probable backdoor back in 2007.

Worth quoting: https://www.schneier.com/blog/archives/2005/09/fingerprint-loc.html

But Drummond said "no free for all", which is what that would be.

Only by one specific definition. Obviously the government does not think it is a free for all or they would not have been pushing for additional access ala CALEA II.

When did Google fool you?

http://www.theatlanticwire.com/technology/2013/06/new-and-improved-facebook-and-google-statements-prism-still-have-some-holes/66024/

Why use TrueCrypt instead of mainstream encryption with a long key length?
https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html

If you're really paranoid (no offense), you can encrypt with every known algorithm in series. Then only one of them has to actually work.

I'll take the last one first; although it's counter-intuitive, encrypting with every known algorithm doesn't actually increase security all that much. One of the main reasons is that as long as the algorithms used are known, an analyst can use the predilections of the various algorithms against the series, actually decreasing the number of possible outcomes. Of course, to do this the attacker would actually have to have some level of cryptanalysis training, but we're talking NSA here. They'll identify and use these tricks if they think it's worthwhile.

As for the first, one of the things that TrueCrypt (which is pretty bog standard mainstream encryption, and it uses only known and tested algorithms -- it's the implementation we're questioning here) provides that baked-in solutions usually don't, is plausible deniability. TrueCrypt allows you to encrypt data into the slack space of an already encrypted archive, thus allowing you not only to have two sets of data depending on the passphrase used, but to easily overwrite one set by modifying the other.

This means that if you're forced to give up your password at, say, the border, you can give the original password; they'll decrypt the archive, and if any data inside the encrypted image is modified, byebye secondary encrypted dataset. This means that you can protect not only against forced release of data, but also against modification (which can also be done with a hash check, but any fiddling will lose access to the original data).

Of course, anyone suspecting such a setup may write something to the inner archive to wipe your outer archive if it exists, just to prevent you from moving that data in the first place, but that's about as far as they can go.

If, for example, Miranda had been transporting a truecrypt archive on his thumb drive, had memorized the password to the Snowden files (or not even been given it) and then had a scrap of paper with the password to his more benign data on him, the confiscated USB drive would have shown absolutely nothing. IF he ever got the drive back with the data intact, he'd still have all the Snowden data (providing the password came through some other channel -- which wouldn't be difficult).

Since the TSA is now allowed to lie https://www.schneier.com/blog/archives/2013/09/the_tsa_is_lega.html , bbviously so can the NSA spooks.

A farm of computers, eh? How big is it? Here's an article from Schneier that discusses the physical limitations of computation relative to brute force attacks for private keys:

https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

To put it simply, brute force attacks are about trying every possible combination in a counter. Just to run a counter through 256 bits, You're going to need all the power of the sun for 32 years or more, or a supernova. Take your pick. That doesn't include power for any other useful computation. And then of course, there is time. How much time do you have?

The computer scientists of the world who believe in freedom will be happy to put the kibosh on on any code that permits side-attacks on encryption software. That is where the weakness is more likely to be, not the encryption algorithms.

Now I could be completely wrong about this, but based on the best available information I have, I don't think anyone is capable of brute force attacks against strong encryption except for poorly implemented crypto or really weak passwords.

I think that depends on what keeps you up at night.

In one of the earlier stories today there was a post making all sorts of claims about compromised software, bad actors, and pointing to this paper: A Cryptographic Evaluation of IPsec. I wonder if anyone bothered to read it?

IPsec was a great disappointment to us. Given the quality of the people that worked on it and the time that was spent on it, we expected a much better result. We are not alone in this opinion; from various discussions with the people involved, we learned that virtually nobody is satised with the process or the result. The development of IPsec seems to have been burdened by the committee process that it was forced to use, and it shows in the results. Even with all the serious critisisms that we have on IPsec, it is probably the best IP security protocol available at the moment. We have looked at other, functionally similar, protocols in the past (including PPTP [SM98, SM99]) in much the same manner as we have looked at IPsec. None of these protocols come anywhere near their target, but the others manage to miss the mark by a wider margin than IPsec.

I even saw calls for the equivalent of mole hunts in the opens source software world. What could possibly go wrong?

Criminals, vandals, and spies have been targeting computers for a very long time. Various types of security problems have been known for 40 years or more, yet they either persist or are reimplemented in interesting new ways with new systems. People make a lot of mistakes in writing software, and managing their systems and sites, and yet the internet overall works reasonably well. Of course it still has boatloads of problems, including both security and privacy issues.

Frankly I think you have much more to worry about from unpatched buggy software, poor configuration, unmonitored logs, lack of firewalls, crackers or vandals, and the usual problems sites have than from a US national intelligence agency. That is assuming you and 10 of your closes friends from Afghanistan aren't planning to plant bombs in shopping malls, or try to steal the blueprints for the new antitank missiles. Something to keep in mind is that their resources are limited, and they have more important things to do unless you make yourself important for them to look at. If you make yourself important for them to look, a "secure" computer won't stop them. You should probably worry more about ordinary criminal hackers, vandals, and automated probe / hack attacks.

I believe you can trust OpenBSD totally but it lacks many of the features and much of the convenience of the main Linux distros. It is rock solid and utterly secure though, and the man pages are actually better than any Linux distro I've ever seen.

Three points:

1) See the above discussion: you cannot trust anything that you did not create and compile yourself. With a compiler you wrote yourself. On a machine you created yourself from the ground up, that is not connected to any network in any way. OpenBSD does not make any difference if your compiler or toolchain is compromised.

2) Speaking of which, I cannot but note that OpenBSD had a little kerfuffle a while back, about a backdoot planted by the FBI in the OS? (Source 1) (Source 2). I am willing to bet that (a) it's perfectly possible (though not likely), (b) if it was done, it was not by the FBI and (c) that the dev @openbsd.org are, right now, taking another long and hard look at the incriminated code.

3) Finally OpenBSD lacking features and convenience? Care to support that statement? I have a couple of computers running OpenBSD here, and they are just as nice - or even nicer - to use than any Linux. Besides, you don't choose OpenBSD for convenience - you use it for its security. Period.

The possibly bigger problem is that no matter what OS you use you can't trust SSL's broken certificate system either because the public certificate authorities are corruptible. And before someone says create your own CA, sure, for internal sites, but you can't do that for someone else's website.

This goes way beyond a simple question of OpenSSL certificates - think OpenSSH and VPN security being compromised, and you will have a small idea of the sh*tstorm brewing right now.

Simply put, if the NSA thinks that a particular encryption method is vulnerable, you should be paying attention very closely and likely be shifting to something else.

And Bruce Schneier is saying that since the NSA is encouraging you to use elliptic curve encryption, that's an indication that you shouldn't use it.

So don't use what they recommend, and don't use what they don't recommend. Makes the choice easy, doesn't it?

Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks. [theguardian.com]

I didn't see any such recommendation in the linked article. However, there is a comment in this article in which he does make such a statement. Schneier seems to have reversed himself on advocating the use of elliptic-curve ciphers.

He elaborated (slightly) in a blog comment

>"You recommended to 'Prefer symmetric cryptography over public-key cryptography.' Can you elaborate on why?"
> It is more likely that the NSA has some fundamental mathematical advance in breaking public-key algorithms than symmetric algorithms.

http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#comments

I think his reasoning is that the NSA is more likely to have a clever hack for elliptic curve crypto which is why they've been pushing it - the ideal situation for the NSA is that everyone uses crypto that the NSA but nobody else can break.

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

Without ssl to protect you, none of these are going to help.

Some flaws with your argument and proposal:

1. 1) Windows 8 install will not overwrite the *whole* contents of your disk, only the parts that will be written to during the installation process - that's only as much as the OS needs for its system files. The rest of the disk content will remain untouched.
2. 2) You can always configure your disk wipe tool so that the last passes over the disk will write non random content - e.g. only zeros or ones, and random writes will only be used with preceding intermediate passes. So the disk will end up guaranteed holding non-random, non-incriminating content.
3. 3) The probability of random data creating incriminating stuff you refer to is so negligible that you suffer from larger risk of being hit and killed by a meteorite falling from the sky during the next minute. That is considering that there has only been a single recorded case in human history of a person being killed by a meteorite, and, coming from a 1677 italian manuscript, it cannot be considered a verified fact. In other words, you have much more probable risks to worry about than that.

Statistically speaking, you almost certainly lost more of your lifetime only by thinking about that risk just now, than lost to the actual risk. Please, read this article so that you're more rational about thinking about your risks.

That would be quite a turnabout for this particular author since he has personally eviscerated the very idea that you are espousing: That profiling passengers by any simple means would ever work.

http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html

However, it isn't true that almost all Muslims are out to blow up airplanes. In fact, almost none of them are. Post 9/11, weâ(TM)ve had 2 Muslim terrorists on U.S airplanes: the shoe bomber and the underwear bomber. If you assume 0.8% (thatâ(TM)s one estimate of the percentage of Muslim Americans) of the 630 million annual airplane fliers are Muslim and triple it to account for others who look Semitic, then the chances any profiled flier will be a Muslim terrorist is 1 in 80 million. Add the 19 9/11 terrorists -- arguably a singular event -- that number drops to 1 in 8 million. Either way, because the number of actual terrorists is so low, almost everyone selected by the profile will be innocent. This is called the "base rate fallacy," and dooms any type of broad terrorist profiling, including the TSAâ(TM)s behavioral profiling.

"US Customs agents now have free reign to search through all the photos of your personal life, emails to your friends and family, all the e-books you have purchased, and your entire music library."
https://www.aclunc.org/issues/technology/blog/the_privacy_of_your_laptop_at_international_borders.shtml makes interesting reading, or http://www.schneier.com/blog/archives/2008/05/crossing_border.html

It's been done already:

For half a century, Crypto AG, a Swiss company located in Zug, has sold to more than 100 countries the encryption machines their officials rely upon to exchange their most sensitive economic, diplomatic and military messages. Crypto AG was founded in 1952 by the legendary (Russian born) Swedish cryptographer Boris Hagelin. During World War II, Hagelin sold 140,000 of his machine to the US Army.

"In the meantime, the Crypto AG has built up long standing cooperative relations with customers in 130 countries," states a prospectus of the company. The home page of the company Web site says, "Crypto AG is the preferred top-security partner for civilian and military authorities worldwide. Security is our business and will always remain our business."

And for all those years, US eavesdroppers could read these messages without the least difficulty. A decade after the end of WWII, the NSA, also known as No Such Agency, had rigged the Crypto AG machines in various ways according to the targeted countries. It is probably no exaggeration to state that this 20th century version of the "Trojan horse" is quite likely the greatest sting in modern history.

http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html

Missing the point 2: Is not just watching what they are doing in foreing countries, is attack too, active attacks, the surveillance gives them just base data to infiltrate, corrupt, extort, steal IP, or incite unrest. It will hurt all world population, maybe less to american people, maybe more, but other countries must defend themselves against this after US started the fire.

I see people bring up the "Trusting Trust" story all the time, but nobody mentions one of the ways to counter it: http://www.schneier.com/blog/archives/2006/01/countering_trus.html

Will be. They will still be collecting everyone's information, but as with less staff could be less secure, and an external intrusion there will mean that even more people with bad intentions will be able to access your information, or get 0day vulnerabilities right from the source, or use the backdoored (by them) systems in all the world to do a test drive of the attack the NSA is preparing.

Point to you. I would reply that, perhaps I'm being too optimistic, but I'd like to think that such occurrences would serve to further discredit the NSA, making it more likely that such information gathering and intentional security breaches (backdooring being essentially that) would be curtailed. So, short run, sucks, but long run, better.

The idea being, people who can't be trusted with security, should have security taken away from them.

Will be. They will still be collecting everyone's information, but as with less staff could be less secure, and an external intrusion there will mean that even more people with bad intentions will be able to access your information, or get 0day vulnerabilities right from the source, or use the backdoored (by them) systems in all the world to do a test drive of the attack the NSA is preparing.

Snowden knows what he's doing:

https://www.schneier.com/blog/archives/2013/07/snowdens_dead_m.html

I do hope he has a duress system as well as a "defuse" system that can be activated by trusted friends.

There are also uses of random numbers outside cryptography.I came across this: http://en.wikipedia.org/wiki/Mersenne_twister [wikipedia.org] which is good for some uses, but bad for cryptography.

Pet peeve of mine, but people often casually use MT as an example of a "golden" PRNG when it is really the first (1997) "popular example" for generating extremely long period uniform distributions using a generalized LFSR-like technique. Unfortunatly with simplicity come certain flaws. The biggest flaw is that it takes many iterations for a seeded initial state to get to a state that is really random. For user that aren't simulating huge universe-sized things (or need an extremely large non repeating, but uniform distribution PRNG), this isn't really the best tradeoff. If you have to throw away the first million numbers to sample a few thousand, that isn't the best efficiency ratio.

Fortunatly, most things get improved over time. For example, the "WELL" PRNG (2004) claims to have a faster state randomization time and is probably suited more to the needs of people wanting a default off-the-shelf PRNG for medium sized simulation purposes (e.g, the average scientist that doesn't spend time researching the properties of PRNGs for their simulations). Sadly, WELL isn't more popular since it is a better default PRNG for nearly all uses.

If your needs are more cryptographic based, DRBGs (deterministic random bit generators) are designed to resist identification of the current state (I've heard that it only takes observing 624 iterations to identify MT19937's state vector) and to reasonably stretch any existing true-random sources. NIST has some reasonably good standardized examples of these EXCEPT for Dual_EC_DRBG which paranoid folks should probably avoid...

This is exactly how the PS3 got thoroughly 0wned. I'm curious what the problem with SecureRandom is.

http://www.schneier.com/blog/archives/2013/08/lavabit_e-mail.html

Last para:

"When the small companies can no longer operate, it's another step in the consolidation of the surveillance society."

Game. Set. Match.

True, after April 2014, any Windows XP machine still connected to the Internet is likely to get hacked to pieces through the inevitable forever-day vulnerability. But some prepaid carriers are still selling entry-level devices that ship with Android 2.3, and people who aren't geeks will find it hard to root and CM some of these devices.

then they *have to* look into that.

Why? Because people are excessively paranoid about an almost nonexistent threat? Because of some misguided rule somewhere? I believe this needs to stop.

Have we become nothing more than paranoid cowards who watch everyone else's moves just because there is a 0.000000000000001% chance that they could be terrorists?

Yes, we have. Not just out of paranoia, but because of the imbalance of our perceived risk. Schneier explains it well.