OPSEC For Activists, Because Encryption Is No Guarantee

Nicola Hahn writes: "In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that "there's no scenario in which we don't want really strong encryption."

Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto's network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.

The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It's called Operational Security (OPSEC), a topic that hasn't received much coverage — but it should.

Semantic games

[diamondmagic]

So it would appear that POTUS is now towing a line advocated by none other than whistler-blower Snowden who asserted [8] that “properly implemented strong crypto systems are one of the few things that you can rely on.”

Only there’s a problem with this narrative and its promise of salvation: When your threat profile entails a funded outfit like the NSA, cyber security is largely a placebo.

How many pointless articles could be avoided if authors and editors understood the difference between a necessary condition and a sufficient condition? Of course comsec is not a solution per se, Ulbricht can tell you all about that! (And how many more pointless discussions could be avoided if everyone knew "per se" = "by itself".)

Re:Semantic games

[Defenestrar]

You've got a good point, but the implementation of said conditions have a different intrinsic suspicion. Discussions on encryption will only get you put on the NSA watchlist along with everyone else. Conversations about OPSEC may get you a little bit more. For example - getting revealed as someone who sends encrypted messages to your friends is either in that category of nerdy or slightly suspicious. Getting revealed as someone who passes parcels to others via dead drops will probably get your door kicked in by the DEA shortly followed by a long line of other three letter groups.

PS - I'm not sure if I'll ever be able to use the word "intrinsic" without thinking of eating leprechauns or quantum mechanics. Does anyone else have this problem?

Re:Semantic games

[gstoddart]

You want to play 'semantic games'?

When 'opsec' is outlawed, only outlaws will have opsec.

In other words: if you're employing opsec, you will be construed as a terrorist, and the NSA et al will use even more secret laws to fuck you over even more.

There is no scenario in this security paranoid world in which being secretive about your actions isn't red flags.

Which is precisely why these 'intelligence' outfits need to have much shorter leashes. Quite possibly suspended from trees high enough to keep their feet off the ground.

In this opsec boils down to "if you have nothing to hide you have nothing to fear", and the fucking fascists have won. It is now illegal to make it difficult for the government to spy on you when it wishes to.

Re:Semantic games

[PvtVoid]

(And how many more pointless discussions could be avoided if everyone knew "per se" = "by itself".)

Not to mention that the phrase is toe the line.

Re:Semantic games

[rtb61]

Problem with your analysis, damned if you do, damned if you do not. Many of the activities of the three letter US agencies have become largely criminal with gross and purposeful misinterpretations of the law and this not in pursuit of justice but in the pursuit of the psychopathic ego of many out of control 'agents' or upon the direct orders of political or corporate appointees. So doing nothing is no more or less effective at getting you door kicked in, being threatened with real and impending death for any reason imaginable including not obeying orders fast enough, a barking dog, happening to have some item in your hand at the time, any item. Then you and all other people in residence at the time being physically assaulted, really assaulted, not grab you hands put them behind your back and being handcuffed but thrown to the ground kicked and jumped on, a bought of "stop resisting' with more blows to the head and then of course your home trashed and your stuff stolen. Then if they hate you ludicrous bail conditions the ensure you remain in jail for years during an hugely purposefully extended trial and the inevitably had sucker you have been in jail for years, plead guilty and you will released with time server ha ha ha.

Basically you are attempting to defend yourself against really lazy and self serving types who in reality wont be bothered with the real leg work, the real reports or any real effort.

Besides it can be hugely fun. Be overtly covert, make a big show of analogue person to person communications. Don't be lazy yourself, do everything you can person to person, the more the merrier and the more wasted spy vs spy efforts. In the whole spy vs spy vs the rest of us, being overt, exposing your efforts, being more public about your activities, serves to protect you and will inevitably expose their spy vs spy efforts to the ridicule and derision it so often rightly deserves.

Re:Semantic games

[al0ha]

Actually you mean "per se" == "by itself" don't you?....

A lot of pointless discussions could be avoided if everyone knew = is an assignment operator and == is a relational operator.

Re:Semantic games

The ironic thing is that OPSEC is a must for any business organization. You can have data at rest protection, and data in transit, but without protection against the VoIP spoofer demanding access or else he will get people fired, this does work. I've worked at a company where the head security guy got fired because he challenged a muckety-muck PHB who was tailgating (trying to get past a door into a sensitive area from the outside of the building without badging in), and this fear caused people to not challenge anything... if it was someone who knew what they were doing, they could just claim to be someone higher up, and the company was theirs.

OPSEC isn't just reserved to TLAs and the military... organizations need at as well.

As for protesters and activists... you can't get most of the 20 something crowd interested in anything other than iPhones and beard oil, so things like keeping the ranks clean of trolls and goofballs are not even something they think about. Handing them an OPSEC guide would be like handing a duck an iPad... there would be curiosity, then it gets pooped on.

Re:Semantic games

[diamondmagic]

Oh boy, forgive me for not appending [sic], too.

Not necessarially opposed to grammatical errors, just the nonsense that it causes. Like this one up here ^

Re:Semantic games

Besides it can be hugely fun. Be overtly covert, make a big show of analogue person to person communications. Don't be lazy yourself, do everything you can person to person, the more the merrier and the more wasted spy vs spy efforts. In the whole spy vs spy vs the rest of us, being overt, exposing your efforts, being more public about your activities, serves to protect you and will inevitably expose their spy vs spy efforts to the ridicule and derision it so often rightly deserves.

Back in the day, I always thought that was the best part of Chanology. Untrained civilians got to cosplay spy vs. spy against a reasonably competent adversary mired in 1960s thinking. The cult had money and manpower, but was by definition unable to update its playbook because its playbook came directly from the mouth of Hubbard and to update it was heresy. Anons had phenomenally better communications but zero training/experience in countersurveillance beyond what they could learn in a few weeks. By building on what was learned during the cult's first attack on the Internet (the a.r.s. battles of the early/mid 90s), this time around, the 'net had enough people to change the general public's perception of the cult from merely "that weird hollywood cult" to "not just merely weird, but something that is dangerous and which should be shunned." Best part is, nobody really got hurt except for the cult's revenue stream.

Re:Semantic games

[Z00L00K]

Opsec is just a procedure you apply.

Invent one procedure that works only for your closed group, it shall only be known to all of you. What the procedures and patterns you have within your closed group will have to be seen as normal variations that to the casual observer don't look outside the ordinary.

A certain variation on how the clothing is worn might be your way of signaling to your group a certain message - or be part of the message when you casually meet.

Of course

[ShieldW0lf]

If I'm the only one who can unlock your encrypted communications, then it's in my best interest to have everyone encrypt their communications, because then, I'll be the only one with total situation awareness.

It won't be in any of your interests, of course, because you'll be handing me my advantage on a silver platter... but you're all far too shortsighted to pay attention to such things.

Of course Obama and the NSA want you all using strong encryption. Stupid of you to give them what they want, though.

Re:Sigh...

[MobSwatter]

Mkay, and that has nothing to do with a predictable species living in networked habitrails.

Test your security with false information

[hamjudo]

In the days of brick and mortar spying, the people being spied on would send messages that included false meeting times and locations. For example, in a town with underground utilities, announce a meeting to take place in a rarely used manhole. If the manhole cover is disturbed, then you know that the communication channel has been compromised. No math is required.

The high tech equivalent would be to mention a network resource where access can be monitored. When the network resource is accessed, you know there is a problem.

Re:Test your security with false information

[viperidaenz]

When access to that network resource is being monitored, you don't know there's a problem.

OPSEC

[nsaspook]

Old school.

http://radicalsurvivalism.com/...
http://www.outofregs.com/postI...

Opsec?

[viperidaenz]

It's called know what you're doing and don't be stupid.

OPSEC

[Onuma]

Loose lips sink ships. If it is talked about, someone will sooner or later overhear it.

You are correct.

Snowden confirmed our suspicions. And for that he lost his livelihood and his home. And in return for his sacrifice we....have done nothing.

We benefited from his revelations, and then we let him rot. We can't even be arsed into signing an online petition to help him out.

Given how we reward whistle blowers, I am surprised we have any at all.

Re: You are correct.

[Hevel-Varik]

I believe in dealing with terror with overwhelming violence and am not normally sympathetic to idealogical subversion but this is different. Regardless of how powerful and all knowing you feel the NSA needs to be, I cannot relate to any argument that they should know and store absolutely everything I ever say or write over any wire or store on any computer because of needing 'information dominance' while at the same time I SHOULD HAVE ABSOLUTELY NO FUCKING IDEA THAT THAT IS THE CASE. That's not government of the people by the people. The people need to now that the people know everything about the people, even if you believe the people need know everything about the people for the safety of the people. I don't sympathise at all with the if .... the terrorists have won but in this case, Snowden is a national here and I do hope that one day a President and hopefully a hardliner pardons him a gives him some type of reward.

Uninteresting

[AndyCanfield]

The article misses one partial solution: be uninteresting. I've got a bank account in a non-US bank. It's got several hundred dollars in it. Nobody's going to bother to steal that. I've got a password I use all over the Internet, including Slashdot, but you can't do anything with it but post stupid comments. My bank password was a different one. I look just like a million other Amerians living overseas, and that is my ultimate protection. Of course, the cheaper hard disks get, the more data the NSA can store, so the protection is only partial. But for now it is a factor. Of 200 million Americans, how many are worth tracking?

Re:Uninteresting

Every American is tracked, in case they choose to have a political life in the future. The same is true of just about every developed country today to varying extents. Your best choice is to emigrate to a Rule Of Law state and keep a low profile.

In America you can be violently attacked and/or robbed blind and have your life ruined by police/politicians/bureaucrats for any reason or none at all. In Australia and New Zealand everything is monitored, same as the US, but you still have civil recourse even if you're an obnoxious shit. I really hope that doesn't change.

Some Real Advice

[linuxrocks123]

- It is technically possible to air-gap the machine you use to access your email, by copying the email over from an insecure computer to the air-gapped machine.
- TAILS is great, but they probably at least try to break it since it's popular. Will they succeed? Maybe. So use an OpenBSD live CD, it's more secure anyway. Or get creative: use Whonix. The FBI's pedestrian attempt at drive-by malware would have fallen flat on its face with an adversary using Whonix.
- Firejail. Google it. Won't protect you against local kernel privilege escalation attacks, though.

Yes, contingency planning is good. Yes, single points of failure are bad. But you can get very, very good communication security if you really try.

Re:Some Real Advice

" It is technically possible to air-gap the machine you use to access your email, by copying the email over from an insecure computer to the air-gapped machine."

Serial port. Slow as hell but ZModem doesn't inject nasty malware.

Re:Some Real Advice

[linuxrocks123]

I was thinking flash drive or possibly optical disk ... couldn't there theoretically be an exploitable buffer overflow in ZModem?

Re:Some Real Advice

[Burz]

- Firejail. Google it. Won't protect you against local kernel privilege escalation attacks, though.

Yes, contingency planning is good. Yes, single points of failure are bad. But you can get very, very good communication security if you really try.

Qubes OS should protect you against privilege escalation *and* VM breakout attacks where sandboxes like 'Firejail' do not. Its a hardened hypervisor-based desktop OS that isolates elements like graphics and network IO from each other using a system's IOMMU if necessary. Its single-user, and all security is implemented using the hypervisor.

Qubes is put out by white-hat hacker group Invisible Things Lab who switched their focus when they saw the need to do something about endpoint security. Their philosophy is to use the strongest means possible for isolation short of airgapping as a way to manage the complexity (large attack surface) of the personal computing environment; The security models of monolithic OS kernels

A bonus of isolating all the risky activities away from the graphics system is exposition: The windowing system becomes a reliable means to represent security context using window-frame colors and domain labels assigned by the user to the various VM domains.

Re:Some Real Advice

[Burz]

"The traditional security model of monolithic OS kernels" ...have been abandoned because they don't work against external threats. Of course, that doesn't prevent you from using traditional security within a Qubes VM.

(Sorry. Finishing sentence from previous post :) )

Re:Some Real Advice

[Burz]

Due to risks like BadUSB, or even attacks using the filesystem itself, those methods carry risk of exploiting the air-gapped system.

IMO, its actually better to use an isolating OS like Qubes because it uses a simplified and hardened protocol for data transfer between domains. Even copy-and-paste between domains has been hardened. It can isolate USB controllers and external disks at the hardware level using the IOMMU/VT-d feature in newer chipsets.

Re:Some Real Advice

[linuxrocks123]

Bugs in the filesystem driver, yes, but those are probably pretty rare I'd think. BadUSB, not really. That attack works by emulating a keyboard/mouse HID controller. If you plug your USB drive in and all of a sudden your computer starts typing things and moving the mouse on its own, you would notice immediately. Also it typically requires special hardware; a rooted box couldn't just take a real USB drive and turn it into a HID controller.

Re:Some Real Advice

[Burz]

You've got the wrong impression of BadUSB as impersonating a HID certainly isn't required. USB is fundamentally insecure in a number of ways...

https://www.blackhat.com/prese...

http://media.blackhat.com/bh-d...

https://srlabs.de/blog/wp-cont...

When the USB drivers themselves can be attacked with malformed protocol data there is a fairly direct channel to gaining access to the whole system. Also a USB drive controller can make itself look like an internal drive, meaning that DMA (yes, USB supports DMA) restrictions get lifted and then you have a hole in security similar to Firewire.

As for filesystem attacks being 'rare', that's only because other attacks (esp. remote) have offered so much opportunity to attackers. If an attacker wants an offline mode of exploitation then filesystems -- being complex data formats themselves -- then filesystems are a wide-open field of opportunity.

Re:Some Real Advice

[linuxrocks123]

StackExchange says you're wrong about USB having DMA: http://security.stackexchange....

In any case, BadUSB would require reprogramming the actual device, so I still don't think it is a practical attack vector in this scenario. Moreover, if you're really paranoid, you can use write-once CD-Rs instead of USB devices.

QubesOS is an interesting idea, but it's more complicated and therefore more likely to have bugs than airgapping a machine. You're assuming there are no bugs in Xen, for instance.

As for filesystem bugs, this code has been around for 20 years or more. There are bugs everywhere, but I think especially popular Linux filesystem drivers are likely pretty solid. But go ahead and just dd the file to the optical disk directly and don't use a filesystem if it makes you feel better.

Re:Some Real Advice

[Burz]

If the USB host controller firmware or any of the USB drivers available to the system are exploited, then malware delivered by the USB device may get use of the DMA channel between the host controller and RAM (if not simply gain root access). And calling customization of a device impractical is, I think, leaning a bit towards denial -- many hobbyists can do this now. Familiarity with common controller types used in consumer devices is also rising.

Its probably safer to bet security on a chokepoint like Xen hypervisor (which uses microkernel architecture and is only 1MB) than to use portable USB devices between air gapped machines. With the latter, any / all of the USB drivers plus a good chunk of the OS represent the attack surface.

The air gap user is relying on a riot of very disparate components, mostly authored by people who treat security as a mere buzzword.

If Internet security improves, we'll likely see more USB-based attacks in the wild. Sneaker-net may have high latency but its still a network.

Re:Some Real Advice

[linuxrocks123]

Burz,

I'm not saying it's impossible to customize a USB device. I'm saying rooting a machine to the point that it can customize an arbitrary USB key plugged in by the legitimate operator of the machine is impractical. You're also invoking speculative, unknown attacks against the USB host driver and firmware, which I will see you with my previously invoked unknown, speculative attacks against Xen. Also, you completely ignored my suggestion of using an optical disk if you are concerned about USB.

Safest way I can think of using airgapped machines right now for encrypted email:

1. Copy received email from networked machine C to write-once optical disk.
2. Decrypt received email on airgapped machine A.
3. Compose reply on different airgapped machine B, encrypt reply.
4. Copy encrypted reply to write-once optical disk.
5. Send encrypted reply from networked machine.

This involves three physical computers, but none has to be recent or expensive. Airgapped machine A has no ability to send information to C or B, and airgapped machine B is never touched by any devices from the outside world, and also never needs to know any secret keys, since all you need to encrypt an email message is the recipient's public key. Theoretically you could type such a key in by hand, but in any case it's a once-per-recipient transfer.

I would argue using USB sticks in this scenario gives only a very slight reduction in security, but write-many optical disks would be a practical approach if you're scared of USB. I will say that compiling out obscure and unused USB kernel drivers is a good move, as is disabling USB kernel module autoloading.

Re:Some Real Advice

[Burz]

I'm saying rooting a machine to the point that it can customize an arbitrary USB key plugged in by the legitimate operator of the machine is impractical.

Except that privilege escalation attacks against these multi-decade-old systems appear year after year. A well-funded state attacker (OP is about activists, after all) would certainly have some at their disposal.

Which gets back to the premise that monolithic kernels enforcing user privs is an outmoded form of security. Re-purpose the kernels as feature sets under an isolating hypervisor and security begins to look realistic.

Re: CD-R, lets assume I use an optical disk to move a quantity of email messages from a networked/untrusted machine to an airgapped one (both conventional architecture). If I export as .eml files, I have to archive them before burning them. So, over and above the risk from nasty email attachments, there is the risk the untrusted machine could use malformed email or archive format to perform an exploit. If you think that's far-fetched, consider how much more complex email and archive formats are compared to the .lnk files that were recently discovered as an NSA exploit.

Even so, the untrusted networked system could take a chance that you have automounting enabled or that you will inadvertently do something to mount a volume... it could write a malformed filesystem to the disc anyway.

Once an air-gapped system is compromised, it can alter the hard drive firmware to store passwords and keys in a format/cipher readable by the attacker who can later break-in to the premises and steal/confiscate the computer. In a Qubes non-networked vm, there is no out-of-band way to communicate or store info, and a compromised vm wouldn't have access to the disc encryption password in any case.

What you described #s 1-5 sounds much more complicated than using email in Qubes. And presumably this covers only email for one type of role (work, personal, etc); Covering all the roles means using many additional computers and burning many discs, and each role needs its own disc encryption passphrase.

If the email domain is untrusted, then create an untrusted Qubes vm for it. I could even create one vm for each role, plus one archival non-networked vm to store info, and even if the archival vm were compromised there's nothing it can really do except try to erase the data in that one vm. Securely copying between the vms is point-and-click (easier, in fact, than between user sandboxes on a regular system) or scriptable... one only needs to consider how risky the source and formats are to the destination vm. If there is a need to sanitize the info, its easy to do so in a Disposable vm (right now Qubes can sanitize pdf files, and other formats are expected). The only unintuitive caveat in such a virtualized setup is that sensitive asymmetric encryption (operations that use the private key) has to occur while untrusted VMs are not running in order to avoid side-channel attacks.

Re:Some Real Advice

[linuxrocks123]

Except that privilege escalation attacks against these multi-decade-old systems appear year after year. A well-funded state attacker (OP is about activists, after all) would certainly have some at their disposal.

All code has bugs. Xen has bugs. Qubes has bugs. And yes, OSes have bugs, although Linux local privilege escalation bugs are not an everyday occurrence, and OpenBSD bugs are very rare. You can't handwave a 0-day privilege escalation vulnerability into existence and claim that there are no 0-day privilege escalation vulnerabilities in Xen.

Re: CD-R, lets assume I use an optical disk to move a quantity of email messages from a networked/untrusted machine to an airgapped one (both conventional architecture). If I export as .eml files, I have to archive them before burning them. So, over and above the risk from nasty email attachments, there is the risk the untrusted machine could use malformed email or archive format to perform an exploit. If you think that's far-fetched, consider how much more complex email and archive formats are compared to the .lnk files that were recently discovered as an NSA exploit.

tar is pretty solid, actually, but, if you don't like it, make up your own trivial archive format (it's not hard), or don't use it and follow a one-disk-per-message protocol. And don't use a filesystem. dd if=email.eml of=/dev/cdrw (approximately), then dd if=/dev/cdrom of=email.eml

Even so, the untrusted networked system could take a chance that you have automounting enabled or that you will inadvertently do something to mount a volume... it could write a malformed filesystem to the disc anyway.

User error could happen with any system. You're really stretching here.

Once an air-gapped system is compromised, it can alter the hard drive firmware to store passwords and keys in a format/cipher readable by the attacker who can later break-in to the premises and steal/confiscate the computer. In a Qubes non-networked vm, there is no out-of-band way to communicate or store info, and a compromised vm wouldn't have access to the disc encryption password in any case.

Where did I ever say any of these computers had hard discs? And of course there's an out-of-band way to store info. Just use a magical vulnerability in Xen I made up to write it to another VM's permanent storage.

What you described #s 1-5 sounds much more complicated than using email in Qubes. And presumably this covers only email for one type of role (work, personal, etc); Covering all the roles means using many additional computers and burning many discs, and each role needs its own disc encryption passphrase.

I have no idea where you're getting that disc encryption has anything to do with anything here, and, no, you could definitely use the same three computers for all your emails. If you find burning discs to be too cumbersome, use floppy disc drivers or Zip drives or something, but it's really not that bad, especially if you don't bother to fixate.

This whole notion you have that "the operating system is insecure so let's put another layer on top of it" is just silly. If you make Xen your operating system, then Xen is your operating system. If you want a secure operating system with no privilege escalation, then that's what you need. Using a hypervisor doesn't magically make security vulnerabilities go away. There have and will be attacks against Xen, against Qubes, and against any other complex pieces of software you create. You want a secure OS, then you need a dead-simple OS written with security in mind. True security comes from simplicity, not complexity.

The one thing I think you're right about is that modern OSes are too complex to provide extreme levels of security. OpenBSD is the best, but even it is a quite complex piece of software. A braindead-simple POSIX-like OS kernel prizing secur

Re:Some Real Advice

[Burz]

Indeed, all code has bugs. Its a question of who/what is using the least amount of code necessary to provide a security mechanism. That's what reducing the attack surface is really about.

From a security standpoint, Qubes would by definition have very few-to-no additional bugs above what exist in Xen. OTOH, as I have implied, a Linux or Windows kernel + supporting libraries and also the firmware for USB controllers and NICs are immense compared to Xen plus a couple Qubes drivers (there is more to Qubes code, but only a small bit is critical to security).

I'm just pointing out that air-gapping does rely on the good behavior of an awful lot of code at its security perimeters. And it is TWO or more perimeters, not one, because you are putting some faith in the networked machine(s) being well-behaved as well.

Even so, the untrusted networked system could take a chance that you have automounting enabled or that you will inadvertently do something to mount a volume... it could write a malformed filesystem to the disc anyway.

User error could happen with any system. You're really stretching here.

And why should a user be burdened with a detail like controlling automount behavior? Its exactly the kind of thing you see in the papers when people are hacked. And it raises the question of how much of a tireless control freak you have to be to make a security schema work.

Its much safer to have a core domain that simply doesn't mount any extra volumes and is cut off from the network. One can quickly dispatch a disposable vm to look at the contents of a drive or copy something.

Once an air-gapped system is compromised, it can alter the hard drive firmware to store passwords and keys in a format/cipher readable by the attacker who can later break-in to the premises and steal/confiscate the computer. In a Qubes non-networked vm, there is no out-of-band way to communicate or store info, and a compromised vm wouldn't have access to the disc encryption password in any case.

Where did I ever say any of these computers had hard discs?

LOL! OK you 'win' that one. Let's do without mass storage...

What you described #s 1-5 sounds much more complicated than using email in Qubes. And presumably this covers only email for one type of role (work, personal, etc); Covering all the roles means using many additional computers and burning many discs, and each role needs its own disc encryption passphrase.

This whole notion you have that "the operating system is insecure so let's put another layer on top of it" is just silly. If you make Xen your operating system, then Xen is your operating system.

As I pointed out, Xen is tiny. Its not being layered on top of anything.

Hypervisors vary in their security focus; Most are designed to re-purpose a CPU security mechanism as a way to conveniently maximize hardware usage or run alternative OSes. They don't care much about security, especially on the desktop where they focus on convenience alone. They expose graphics, audio, clipboard, etc. in ways that practically define the category of vm-breakout exploits.

Xen cares very much about security on the server, and Qubes adds what is necessary to extend that to the desktop by properly virtualizing the graphics subsystem along with everything else, for example.

True security comes from simplicity, not complexity.

I agree -- However, functionality comes from complexity. So the solution becomes using simple security mechanisms to manage the de-privileged complexity.

It has been fun arguing over two different isolation mechanisms. Air-gapping is not often discussed in detail, and it would be nice to see sites like /. carry more posts about all of the above.

Re:Adhoc one time pad encryption

[pepty]

So then you just have to send copies of your one time pads to everyone you want to have conversations with. What could go wrong?

Ugh

[Rinikusu]

It's bad enough you gotta bunch of guys out there who read too much goddamned Tom Clancy and use military/police-esque terms for everything whilst wearing their size XXXXXL tactical camo pants, but do we really want to start throwing around terms like OPSEC? Goodie, you know a new term/acronym; you're still not a badass.

Re:Adhoc one time pad encryption

[bickerdyke]

You have a key that is far larger than the data you are encrypting, you never reuse parts of the key. The key is random garbage not generated by the computer, but sampled, e.g. random video mashes together or random noise audio mashed together. You transfer the private key by trusted method,

If you have a trusted communication method you could use the same method to send the actual message. (Exception being when you have a trusted channel once in a while)

Next is that video and audio are far too regular to count as reliable source of randomness. Have a look what work went into defining the entropy sources for the Linux pseudo random number generator. Things you thought should be more than random over a large stretch of time showed to be surprisingly predictable.

Such A Nice Bootlicker

...you are.

Here's a gem: You night to FIGHT for freedom. The government and their mohammedic friends are hell-bent on implementing Mohammedic Security (total surveillance, torture, kidnapping etc) here.

There is NOTHING WRONG with using TOR and turning off the NSA Beacon as much as possible. As long as you dont conspire to harm anybody else, that is.

And yeah, I get regular black helos, C130 overflights and the odd three-strange-persons visits in the train. When I was in Atlanta they once showed me about 50% of the USAF C130 flight after some internet posting.

I am defending Germanic Freedoms, including the Freedom Of Our Women and those crypto-Mohammedics can Go Fuck Themselves.

Open source USB and hard drive firmware

[gast0n7]

What does the future look like for open-source USB and hard drive firmware, and the ability to update our own? Something open-source router firmware?

Not having a mobile phone is suspicious...

[Richard+Kirk]

Any pattern in the way you behave can be used against you. If you are not emitting a mobile phone signal, then you are suspicious. If you have an iPhone, and the logs suggest you regularly take the batteries out, then you are very suspicious. A modern spy would carry a mobile phone - not the latest security recommended one, but something dull - and would tweet and post pictures of what they are eating and listening to just to get the right watch profile. You would have to leave the phone behind when you want to do Spy Things, but you could leave it in the locker at the swimming pool, or something plausible like that. If you have to send crypto messages over this phone, keep the message very short, and plausible.

I don't think there are many real spies here on Slashdot, but there are probably people who would like to keep their data secure in a way that does not attract attention to themselves. Perhaps we should all use encryption whether we need it or not, so those that need it will no longer stand out.

Re:Not having a mobile phone is suspicious...

[Bob+the+Super+Hamste]

Personally if we really wanted to mess with them set up a bunch of disposable e-mail addresses over the course of a week using open WiFi connections with a computer running ToR and then periodically e-mail random data attachments back and forth. Hell I've done this for shits and giggles, when I am at the bank send off some random data since I can connect the Starbucks WiFi across the parking lot, at the used book store connect to McDonalds WiFi next door. Poisson the well make their mining of data useless and make them waste resources trying to decrypt output from /dev/random. The e-mail address are just first names of people in groups (the Beatles, the 12 apostles, Metallica, the US senate judiciary committee, etc) with random letter/number combination passwords. After a couple of months stop using those e-mails and then after a bit create a new set of accounts but a different number of them rinse and repeat. Being a white male with US citizenship, born in the US and residing in the US offers a lot of protection to do this but I wouldn't recommend anyone with a suspicious* background to do this.



* By suspicious I mean someone who might have ties to any protest organization, be a naturalized citizen, have visited any strange countries, be a minority, committed a crime other than a traffic/parking ticket, or any other group the government may want to target or would be ignored by the news media. Basically it would be similar to driving while black, or the opposite of being a young white girl who gets murdered or put on trial in a foreign country. I hate to say it but it is sadly true that the general population would't care about your plight if you could be painted as an undesireable.