Slashdot Mirror
NSA Approves First 802.11b Product for Secret Data
joehoya writes "I realize this is a couple of days old, but the National Security Agency recently certified the Harris Corp's Secnet-11 as the first 802.11b system permitted to carry US SECRET level data. See press release. The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN. Unfortunately, you and I won't be able to buy them, as they are only available to organizations with an NSA COMSEC account."
By the time we can buy them, the encrypted brain implants would be the hottest thing. Start looking in the military surplus bins in 2020.
Gorkman
Or, in English (and not marketdroidspeak) you can have perfectly secure communications over existing 802.11 as long as you encrypt at the protocol level rather than the hardware (link? I need to study my OSI seven layer network burrito) level. So why do we care about this anyway?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I think it would be best for national security if we made the NSA crypto algorithm Open Source. The military could benefit greatly from the vast experience and dedication of the Open Source developer community. With their steadfastness, courage, and discipline they could be a great aid in these of needs where we face numerous international threats.
Only when we harness the power available in the Open Source developer community can be achieve fully secure e-mail communications.
Wearing pants should always be optional.
When will someone take one apart and find out its a and figures out how rip the firmware out of it for use in standard cards?
My potato gun was confiscated by the United Nations. They said I wasn't allowed to have weapons of mash destruction.
I wasn't able to find this in the press release. Does anyone know if the encryption algorithm would be public key based, or would it be DEC or something like that?
Atheism is a religion to the same extent that not collecting stamps is a hobby.
That should be nsa.GOV, not nsa.MIL.
would it be DEC or something like that?
You should be ashamed of yourself. Saying cusswords like those in a public forum!
Yeah then dnetc could brute force hack the crypto....
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
When will someone take one apart and find out its a Cisco card and makes a firmware upgrade for other cards?
My potato gun was confiscated by the United Nations. They said I wasn't allowed to have weapons of mash destruction.
I hope that at some point technology like this makes it out to the hands of the average consumer. It's good to see that at least someone is trying to make wireless access more secure. It would be nice to be able to pick up a secure wireless product at some point, and use it out of the box without worries of it being insecure.
But until then, there's always VPN or SSH tunnels. And as an added bonus, you can impliment SSH tunnels for free. (even for web and other traffic... not just SSH data)
-Through the server, over the router, off the firewall... Nothing but 'Net!
... Bruce Schneier has said this over and over again - it will be a cold day in hell before a proprietary cryptographic algorithm is going to be nearly as scrutinized as a publically available one. I don't see that the algorithm the NSA's using has been disclosed (in the article), and I doubt it will be. Granted, the NSA has probably more cryptographers on staff than anyone else, but that is no guarantee for the quality of the algorithm they are using. This way they may be potentially running on borrowed time until someone figures out a way to attack it...
'A lie if repeated often enough, becomes the truth.' - Goebbels
When will someone take one apart and find out its a and figures out how rip the firmware out of it for use in standard cards?
You took my 2nd step!
1. Fumble blindly for a new crypto ALG
2. ???
3. Profit!
- One of them gets detected with a pringles can across the street from an NSA office
- That same cantenna manages to sniff enough packets to crack the keys
My money is on Friday, November 22, 2002--
nsa.gov maybe instead? and not nsa.mil?
who is fooling who here? None of the OSes (only Windows versions) it works with are certified for TOP SECRET data.... guess its pretty useless till someone does the linux port eh?
-jon
you and I won't be able to buy them
While you're correct that most citizens (including Slashdot editors, I'd guess!) won't be able to buy these babies, please remember that a large portion of Slashdot's readership is in IT, some of us in positions where we may, in fact, purchase equipment through an NSA COMSEC account. Industries and corporations deemed "essential to the National Security" under conditions set forth in the NPHG Protection Act have been given this priveledge since its passage in 1973, in response to the Viet-nam War. I work at a major corn distributor (food being an essential supply during potential siege or embargo, and breakfast being the most important meal of the day), and I can tell you that I hope to have my hands on these sometime this month, before Christmas or President's Day at the very most. It should speed up our processes considerably to not have to be tied to "wired" networks. It's a fun time to be in IT, and this cloak-and-dagger stuff just makes it better.
Karma: Good (despite my invention of the Karma: sig)
joehoya writes "I realize this is a couple of days old..."
Hey, this is Slashdot, my friend! We post things two or even three times just to ensure that our faithful geek readership doesn't miss a beat on the latest and greatest technology news of the past 48 hours^H^H^H^H^H^H^H^Hweek^H^H^H^Hmonth^H^H^H^H^H year!
If you celebrate Xmas, befriend me (538
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
In a recent article we discussed the futility of implementing a detector detector in a network. This seems that this would be one use that would actually help as an extra layer of defense.
This is my digital signature. 10011011001
impressive stuff... from what the datasheet says this all looks to be implemented hardware on the card - but given the low-level facilities of the chipsets on consumer-grade 802.11 cards is there any reason why some bright coder can't do a similar thing in driverspace?
"ClipperNet 11 is an innovative new product that allows us to provide our civilian customers with the advantages of secure wireless communications," said an NSA spokesperson. "With Type 1 Encryption, NSANet 11 meets the Department of Defense's stringent requirements for wireless transmission of both classified and unclassified information."
When asked whether the product had any relationship with the Clipper chip proposal of the mid 1990's, the NSA declined to comment. "Er, emm ... we don't have any comment on that", said one NSA spokesperson, who was last seen leaving hastily.
"Don't worry", a Harris spokesperson said. "We would never even think of embedding any technology into our products that would make it possible for secret government agencies to read the encrypted data stream, and we would certainly never use any information gained in that way for marketing purposes. Trust us!"
Harris shares were up 2 3/4 points today.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Lieutenant Dan what happened to your legs!
I for one have had an NSA COMSEC account for 7 years. You can't make a living in the Evil Mad Scientist business without one of those (and a superfortress impervious to every form of attack except the infamous potato-in-exhaust-vent maneuver, but that's another story.) I've got three of these things already, and they're great! Just what I needed for top-secret communications with my evil minions.
using namespace slashdot;
troll::post();
Anyone want to guess what the WarChacking Symbol for this would end up being? Mabye a secure network symbol a barbed wire? Condom? gun? Handcuffs?
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
So even their spokespeople are unidentified?
If brevity is the soul of wit, then how does one explain Twitter?
Warfighter? Holy Doubleplusgood Newspeak, Batman!
Because, you know, it's important to distinguish between the warfighters and the warsitontheirassesbitchingaboutcivillibertyers.
Or maybe this is some sort of subtle dig at wardrivers. "Those bandwidth-thievin' pinkos DRIVE around with their wireless rigs! Real men use new technology for FIGHTING!"
From the Article "For more information on SecNet 11 or to place an order for the product, go to www.secnet11.com."
The More Knowledge you have the Luckier you Get- J.R. Ewing
Given the common practice of 'WarDriving' that most young people seem to be 'in to' these days, it is probable - nay, inevitable, that these wireless points will be detected by someone and posted at a site such as cryptome. The interesting question, of course, is whether the publishing of data about the presence and location of these acccess points will be considered illegal, and whether the 'War Drivers' will be arrested for detecting the signal.
One would hope so, but you never know.
Dr. Joseph Hairston
Superintendent, CCBC
Better still, don't bother with encryption at the hardware or driver level at all - do it at the application level where the algorithm can be changed without too much hassle if it is discovered to be insecure.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
-SheWhoWalksWithToesLikeCobras Please enter any 11-digit prime number to continue...
Ouch, i just found the price list. This stuff is $$$$$$$$$$$$$.
i st.html
The pc card's are $2500.
Wap's are $1000.
I think I'll stick to VPN over 802.11
Source of pricing is www.govcomm.harris.com/secure-comm/support/pricel
Lawyers, MBA's, RIAA? A jedi fears not these things!
GSA Price:
$2,495.24 USD for PCMIA Card???
$ 990.89* USD for a access point?
Wow, who needs to limit sales to public. Nobody will pay those prices.
It doesn't even work with Linux.... that's like putting tons of gold nuggets in a shack with broken windows and using a high security lock for the front door.
are the prices justified?
PC Card: $2,495.24
Wireless Bridge: $1,481.83
Access Point: $990.89
Key Fill Cable: $153.14
i'll sell them to you, no problem.
make checks payable to:
Joe Terro
NO CARRIER
if the NSA approved of something that they didn't *KNOW* they could hack into...
In the free world the media isn't government run; the government is media run.
If they have good reason at all to be that paranoid about a wired LAN, I think it won't take long for this "secure" wireless thing to come back and bite the NSA.
This space intentionally left blank.
The main NSA COMSEC Account is 880099, and its address follows:
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
---
use penis deading cremes
Isn't it about time that PCMCIA were replaced so that people have to buy new laptops etc?
(I imagine it wont be long before you won't be able to buy a MB with PCI; VLB started out as a purely graphics bus (VESA local bus) and it wasn't long before it was used for SCSI, Multi IO and probably others. Were there ever VLB NICs?
With this history it is a little surprising that manufacturers arn't producing multi-AGP boards and SCSI cards etc on AGP, eventually replacing PCI.
I know its not an exact match, and maybe theres something about the AGP standard that makes this impossible, but you get the picture;
Market saturation requires forced obsolescence and upgrade fever to achieve constant economic growth. Any stability spells doom for the market for some reason; its a self destabilising system. Any trends of economic stability as opposed to economic growth causes instability and either growth or shrinkage, thereby producing instability again.
I dunno about the commas in those sentences. Feel free to rearrange them to taste.
In the free world the media isn't government run; the government is media run.
For Immediate Release: NSA to use Navajo "Code Talkers" for 802.11b encryption. 11/12/2002 The National Security Agency ("NSA") of the United States announced that effective immeidately they would be using 'code talking' technology based on the language of the Navajo Nation to encrypt all their 802.11b links. "We feel that this is an approriate encryption for these type of links" says Hugh G. Peter Head of NSA Encryption. "Besides, it will put many unemployed Native Americans back to work". The move was immediately commended by Microsoft Corp., who pledged to use this radical new encryption system in all it's new wireless products.
My unit sets up networks in the field (I'm a Marine) and most of the work involves running a fiber backbone and running CAT5 to each and every computer in the fieldHQ (tents). We had looked into running wireless but of course the security was non-existent. Maybe now, we can spend more time training the junior Marines on real networking, not running a CAT5 drops to some officer who "has" to check his email. My platoon will be looking into this tomorrow, I can assure you.
This guy is way out there
So did the network cards have to certify that they have not smoked dope in the last 7 years?
And if they "do drugs", willthey no longer be allowed to process "secret" data?
Seriously, I've known network cards that I will swear were high on something.
If your children ever found out how lame you are, they'd murder you in your sleep
If the NSA approved of it,then they broke it and can read any transmission used by it whether encrypted or not.
Have it in the hardware makes it much harder to (1) reverse engineer and (2) isn't as succeptible to user space exploits. Imagine someone writing some software that made the encryption for some reason null...this isn't so much of a factor with hardware. DG
I just checked the NSA web site and it's /.'d ...
It's Christmas everyday with BitTorrent.
I work in the defense industry, so I have to deal with security issues on occasion. Even though they got someone to sign off on the security of the wireless transmission, it will be interesting to see how they actually implement this technology as part of a larger accreditable system.
In my experience with security organizations, they tend to overemphasize the role of physical safeguards in designating a system as "secure," especially when it comes to COMSEC. How will they feel about accrediting a system in which multiple COMSEC units can be moved outside of a secured perimeter?
"she says i'm lousy conversation. as if that's supposed to help."
OK, so you can't buy it. But can you build it?
That is the question. I don't mean to reimplement the hardware itself, but to provide equal or similar data protection between wireless points.
fair.org counterpunch.com truthout.com indymedia.org salon.com
eff.org guerrilla.net debian.org gentoo.org
This is a non-event. And secret is not a life-or-death classification level, as anything that is considered remotely important will automagically get tagged with TS + keyword.
Pedro
----
The Insomniac Coder
I wonder sometimes, after reading article about this sort of wireless security, and issues involved in it, why secure data can't just stay in phyical wires. With the post a few days back about Infrared networks being more secure, where i would think that physcial networks could work just as well makes more sense.
But progress towards a truly secure wireless network will no doubtedly continue and business drives the demand for it, with companies willing to pay top dollar for security these days.
Perhaps then home network security at this level won't be far behind
wtf?! I do hope you're trolling.
Never mind, I *know* you're trolling.
"Purchased" coders at NSA (which they aren't). Hell, the NSA being OSS advocates (which they aren't). The NSA priding themselves on taking legal measures (which is by no means their focus). The drivers' development being government-funded (which they aren't). The implication that the hardware is publicly available (and that drivers are the sole issue) (which it ain't).
Jeez. Maybe you could get away with it if you didn't go quite that far.
To get something approved for processing at the SECRET level is a moderately big deal for those who work with such data. For the outside world, it's not the last word on the quality of the system.
You can't, for example, get a Linux box approved to process SECRET information (at least, last I checked). Windows is approved, however. Yet, for the commercial user, I would say that Linux is more secure than Windows. What matters is how the system is set up. I'm kind of surprised that there's any demand for wireless networking at the SECRET level. With few exceptions, a classified box has to be physically disconnected from all other machines and operate only from hard drives with no communications software on them. There was an article on cnn.com today about a hacker who got access to sensitive but not classified information on military networks. The reason he didn't get access to classified information is because of the way it's protected.
And forget about anything at the TOP SECRET level or above. We have a room at the office that does work at the TS level. If you bring a disk in there, you can't leave with it. If you bring a hard drive in there, it can't leave the room. Once a computer goes in there, it can't leave either. Well, that's not entirely true...security chops them up into little tiny pieces, waves magnets over them, and does some other magic to make them completely clean before they can leave. They're certainly never useable again. They even destroy the monitors before removing them from the room, in case an image might be burned into them.
Anyway. People who deal with SECRET information will probably be interested in this article, and I'm sure life will go on with no change for those who don't.
Don't get me wrong, I am not one of these that ignores what MS has produced, but lets not play the "ra-ra team" bullshit anymore than necessary. I stick with what works and frankly I do not see MS as a solution for services within the Secret level of data enclaves. Of course that said, the issues still remains that there has yet to be a simple and efficient Linux desktop system that can match the ease of use for point and click. that is what the end user needs. many self proclaimed geeks fail to remember that. I hope their doctor does not take that approach if ever they are in an accident!
I doubt it, somehow. The encryption for this will most likely be Type 1 military, which is supposedly uncrackable by standard non-brute-force methods. Give or take a few years, of course - someone will find a weakness in it and be able to exploit it. And as others have said (and quoted from Schneier), a non-open, non-peer-reviewed algorithm isn't necessarily safer, even given that the NSA have enough mathematicians to carry out a full peer review with ease. That doesn't mean the NSA don't know what they're doing, of course...
That all said, security by obscurity is a perfectly valid method, and works well in combination with other methods (good encryption, good user awareness, good network policies, and so on).
Yes, IPSec is good - very good - and when used properly makes it very nearly impossible to break in to a decent network. IPSec is one step in the chain, but isn't the chain. There's many, many parts to getting a SECRET classification on a network.
Presently, IPSec on it's own doesn't get you that classification. I doubt it ever will. Likewise, these cards won't guarantee a SECRET classification, nor should they. Security is the whole, not the individual parts.
I was just tying to be funny :-)
-jon
basically just don't do it now and don't lie about it. OF course if you do, you can always claim not to know what the definition of "is" is.
I don't think it's inevitable. 802.11 is basically spread spectrum, right? This system probably keys the SS from a totally different algorithm. So it will probably look like widespread RF noise. Unless they chose to preserve some channel discovery mechanism from civilian 802.11.
They (Harris folks) have been promising that te NSA approval would occur "within a month" for over two years.
How sleepless is the egg, knowing that which throws the stone forsees the bone.
A true troll would actually post the link to goatse.cx. Wannabe.
This guy is way out there
You can use OneTimePadding (OTP) over wifi.
It is the only math proven encryption (it will never be broken).
one of the nicest things you can hope for when trying to gain access to a server is what software and version its running.
Hmm... most crackers use Netcraft to see what sites like the NSA website uses...
What you described is socialism, a very popular concept with the slashbots.
I'd hate to see people getting killed or the economy damaged just so the NSA can claim to be "hip and with it" on the wireless side of things.
SECRET information might not be as dangerous a loss as the higher level stuff, still, going wireless, to me anyway, means broadcasting...and sniffing...and recording...and analyzing...lots different from copper or fiber in a shielded, isolated, locked down environment.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
First fill out forms:
4 T
GSA-1132-4
GOV-3321-11-23
MI-33241-A
FL-31-S
Then provide your security classification and reason for needing the information and it will be provided via secure channels if approved.
I can say that I know people that work for several organisations that produce and grow huge amounts of food and the larger companies do keep different government departments informed about production and supply chain problems. That said, I really assume if you needed to know the information you challenged the AC to provide for you, then you would already have it.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
I think it' s only good for level one configurations though (no seperation of information). Even Macintoshes can be approved for SECRET processing. Woo!
Not sure about TS, not my bag.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Just an FYI, but "SECRET" is the lowest level of COMSEC and is even below "CLASSIFIED" and far, far below "COMPARTMENTALIZED".
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
Don't worry the IEEE is voting on 2 competing methods for WLAN encryption: OCB (offset code book) and CCM (I don't remember the acronym break down). CCM will most likely win since OCB wants ~100K$ per company implementing it in firmware. Both approaches use AES with 128bit key and 128bit block data. This is a big change since WEP (wired "equivalency" protocol) uses a stream cipher, RC4. There is no IV any longer that is sent with a monotonically increasing #, instead the "nonce" as it is called is AES encrypted.
Each of these methods rely on the fact that you won't be able to reverse a known packet back to its plaintext. (relying on the fact that AES is not easily reversable).
That article was complete marketing speak too. "11mbs!" the effective rate of a WLAN these days is maximally in the high 6's or 7's if you all use short preamble. With long preamble, the effective rate is in the 5's to 6's.
Hedley
If its for top secret projects why do we know about it. Isn't that kind of a security risk in its self?
Some highlights:
- The card sticks out of the computer with two antennas poking up.
- It uses an NSA encryption algorithm called BATON (from various
stuff on the Web, I get the impression that BATON is a 64-bit block
cipher with 128-bit keys that is designed for very fast operation)
- the message address is encrypted to prevent traffic analysis (this
is a big selling point against VPN technology)
- Each packet has an 80-bit IV (it's rare to learn even that much
about a Type 1 encryption system)
- Cards cost over $2500 each. That's 30 times the price of a commercial WiFi card, but cheaper
than traditional NSA encryption data products which seem to run
around $5K per node.
- "Red keys" are loaded via a special cable that connects to a data
transfer device such as the CYZ-10.
I wonder how much work it would be for someone to implement a commercial version of this using Rijndael, or AES, or something unclassified. With a larger market than the government, maybe it could be cheaper, and the development costs made up on volume...Let's face it, it's a pain to set up IPSEC on all your boxes...
I speak only for myself, not as an official representative of the U.S. Government.
g -1 75.html
I decided to write this because I often see misconceptions of military networks on slashdot.
I have been a network administrator in the U.S. Air Force for 5 years. I have administered classified networks in Asia, Europe, the Middle East and the U.S. I have worked on Air Force and Army networks.
(1) The basic levels of classification are:
Unclassified
Confidential
Secret
Top Secret
There's some gray areas between and above but those are the basics
(2) You can process classified information on almost any platform you want. Top Secret on DOS, no problem. Windows 95, every day. Linux, sure. The big restrictions come when a computer is connected to both classified and unclassified networks. In that case the machine must be trusted to differentiate between the classifications. It must make sure that only Unclass was writted to the disk you're going to carry over to the unclassified network.
(3) Classified information, once properly encrypted, is no longer classified and you can pretty much do you what you want with it (put it on your t-shirt, print it on a flag and wave it, blast it in to space, send it over the internet, whatever)
(4) Because of the above, wireless and classified are nothing new. Radios, wireless networks, satellite phones, all of the them are used to transmit classified information.
(5) Moving classified information over unclassified networks is old news and several devices already exist. Devices like the NES (Network Encryption System) and the TACLANE are used to plug in to a classified network, encrypt and encapsulate the data, then move that data over an unclassified network.
http://www.fas.org/irp/program/security/_work/k
(6) What this new device offers is conveniance. Previously to run a network over a wireless link the procedure went something like:
Connect computer/network to DTE/DCE device
Connect DTE/DCE device to crypto
Connect crypto to wireless transmission medium
These steps needed to be completed for both sides of each link. It is slow, complicated, and expensive.
(7) Why not use IPSEC? It's complicated and not NSA certified. You should be able to give crypto to a user and only explain three things to them; in, out, power. Nothing to misconfigure, either it works or it doesn't, no chance of classified spillage.
(8) Why doesn't someone with access just take this thing apart and figure out whatever? This product is likely a CCI (controlled cryptographic item). Opening CCI without certification/authorization is illegal. Besides, without disecting the chips, how much are you really going to learn?
(9) The NSA must have a back door built in, right? No. A back door built in for them would be vulnerable to anybody. I highly doubt we would move national security information over a wireless network with a back door. If you're using their encryption keys, they have a copy and can read the info anyway. If you're not using their encryption keys, then you don't have one of these devices.
(10) Isn't someone going to crack this in a week? No. NSA certified encryption is good and well tested. We still routinely send Top Secret information over 10 year old encryption devices. If they had been compromised, we wouldn't be using them. The information sent from this device is encrypted. Without the same encryption key, you can't communicate with the device. Period.
(11) What about sniffing packets and breaking the key? Go ahead and try. Encrypted information has been floating around in the air for years and years. Multimillion man armies have been sniffing and recording and trying to break for decades. They keys change often. Sure, someone might (if they were lucky) break one key in ten years, but many devices get a new key every day.
I'm sure I left some stuff out and there are faults in my knowledge and spelling. If you have any questions, post and I will try to answer them.
Not sure how much you know about COMSEC, but if anybody did manage to get their hands on one of these cards, and managed to reverse engineer it, and then it was released commercially, you can BET that that person would be in federal prison far too long to enjoy any success it might bring. (and I don't even want to think about what would happen to the rest of the people and companies in th chain).
Bottom line is that COMSEC controlled devices are NO JOKE to the NSA, military, etc. They take them very seriously and there are very strict penalties for allowing them to fall into the "wrong" hands.
"I realize this is a couple of days old, but..."
Well it has to be obsolete information then.
This makes me sick! Almost sick enough to fire up a Ku band reciever and get a hold of the plethora of Secret level data being beamed in various places on the planet... ehhh, errr... well it sounded great in my head!
To all those who excel in only one thing, Nay-saying, let it be known that this is only significant because of it being 802.11b and all the growing devices supporting that. Airwaves have been carrying steady streams of video, voice and data classified as SECRET for quite some time. This is very significant for the ability to quickly deploy COTS components like laptops and the like (assuming the crypto keying is handled as normal... blah blah blah). This CAN reduce costs significantly but then never underestimate the power of incompetence and negligence by disfunctional bureaucracies.
So next time you get drunk and do something really stupid... just say it is "UNCLASSIFIED but SENSITIVE" LOL
The vast bulk of classified data is at the SECRET or CONFIDENTIAL level. Not much goes on at the TS level except for high level plans, certain crypto, and of course, intelligence. I spent 14 years on active duty with a TS clearance and had occasion to look at TS material maybe 10 times. But at times I lived in my SECRET account.
Oh, and let's not exaggerate - the phone book is NOT classified.
The bottom line here: producing a SECRET wireless LAN is a big deal, because that's where most of the information action is.
Sean
You write:
>> With few exceptions, a classified box has to be physically disconnected from all other machines and operate only from hard drives with no communications software on them.
I think you're living in the past. The SIPRNET is an absolutely VAST network of SECRET level machines (including, in my experience, at least several terminals on every US Navy ship). NATO has an equivalent NATO SECRET network (NIDTS, aka CHRONOS). And the intel guys have INTELINK-S and -TS.
So the idea that classified machines aren't networked is incorrect. Of course, they aren't connected to the INTERNET, but they are networked.
Sean
Good post. Also on keys... many transmissions are doubly encrypted, once with a frequently changing (generally daily) key, and then again with a less frequently changed bulk encryption device.
On CCI - this is an important point. It's highly unlikely that you'll see anyone get at the hardware for the purpose of hacking it anytime soon. You don't get to handle CCI unless you have been extensively investigated and are totally trusted by the NSA. While it's possible that a spy could do this, I think it's most unlikely that anyone would take the risk of extremely harsh punishment just to release the information publicly. More likely it would be a "pay for info" arrangement.
Sean
I especially love this little tidbit:
The Grays have renegged on their abduction quota agreement, and are abducting many more people than before. Most of these are returned, after being implanted with a device which allows the grays to have total control over their thoughts and actions. Approximately 40% of Americans now carry one of these devices, which are impossible to remove without killing the host.
My primary question about this system is whether it creates a secure domain, within which everything may be sniffed and trusted, or whether communications follow the principle of minimum exposure, i.e. a connection between hosts A and B cannot be read by hosts C and D, while a broadcast packet from A can be read by B, C, and D but not by anyone else.
It's much easier to create a shared domain than it is to create a dynamic key mesh (presuming there's no pubkey stuff at work, and even then things get tricky). One shortcut is simply to provide keys to the upstream router, and let the router sniff all traffic (and experience the cost of routing traffic between endpoints). My bet is that this is what's done.
Anyone know?
--Dan
www.doxpara.com
After reading this article I did a quick search for those claiming wireless secrecy. I found this company: http://www.ne2encryption.com They were claiming perfect secrecy. I did a further search and came up with this article on Deja disputing this: http://groups.google.com/groups?q=e-cryption&hl=en &lr=&ie=UTF-8&oe=UTF-8&selm=qGdV6.90041%24Be4.2933 2830%40news3.rdc1.on.home.com&rnum=1
How many companies are claiming perfect wireless security??? I think that these type of companies are confirming peoples fears. Anyone with an IT friend could easliy help encrypt the connection using something like a vpn type connection.
Having read the briefing, this really is interesting, solidly built stuff. The whole packet is encrypted, including the source and destination MAC addresses, which defeats simple sniffer-based traffic analysis. The crypto key is copied onto the card by a separate cable, not through the host, and the host can't get a copy of the key from the card, so even if the host is hacked the proverbial beans aren't spilled. The form factor is annoying, but if you need this kind of security annoyances don't matter. Well worth the $2500 per card if you really need a bulletproof WLAN.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
I think it would be best for national security if we made Lieutenant_Dan Open Source. Slashdot could benefit greatly from the vast experience and dedication of the Open Source developer community. With their steadfastness, courage, and discipline they could be a great aid in these of needs where we face numerous international threats. Only when we harness the power available in the Open Source developer community can be achieve fully secure Lieutenant_Dan communications.
The s-boxes in DES are maximally resistant to differential cryptanalysis. However, they are weak against linear cryptanalysis..
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
The most advantageous, pre-eminent thing thou canst do is not to exhibit
nor display thyself within the limits of our galaxy, but rather depart
instantaneously whence thou even now standest and flee to yet another rotten
planet in the universe, if thou canst have the good fortune to find one.
-- Carlyle
- this post brought to you by the Automated Last Post Generator...