Let's start with these as they are of great importance and often fall behind with updates.
Even if these routers have updates available, when will they be applied? Looking at myself - I can't remember if I have ever checked for an update for my current router, which is three years old. Once I installed dd-wrt on a router, but did I ever install an update? I believe not. If I forgot about this, and don't do this on a regular basis, how about the people nextdoor, colleagues, family who don't know that a router is a computer in itself and can be updated?
If a nation were like a computer programming project, we would write tests to continually ensure its correct operation. One test would be to ensure that voters, not the government, are in control of their own nation.
What kind of test would make sure it is so? Maybe successfully voting a new party in power, one that has never before been on top?
Maybe this is the test. It has just started to run. Wait and see what comes out.
For those who wonder what this prize is about, a quote from the linked article. The question is who proposed him and if he makes a real chance.
Members of the European Parliament are officially nominating fugitive US leaker Edward Snowden for a prize celebrating freedom of thought, a parliamentary representative said Wednesday.
Snowden is a candidate for the European Parliament’s Sakharov Prize for Freedom of Thought, named after Soviet scientist and dissident Andrei Sakharov, which honors people or organizations for their work in the defense of human rights and freedom of thought.
This shit is evidence that this country has *already* been taken over (from within and without)
Isn't it time we, the American Citizens, take back our own country from those fuckers ?
How much longer should we let those fuckers to ruin our country ?
How much longer do we want to be fooled by those fuckers ?
How much longer can our country last, under those fuckers ?
So what are you waiting for? You tell others what to do, and do nothing yourself. That's not going to motivate anybody. (Disclaimer: I am not a US citizen)
So why has nobody fixed this in the past six years? Thanks to Snowden it's back in the spotlight, and now it seems like action is being taken. That's his legacy. I thank him for that.
I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.
No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.
They would make a good start by setting up and funding an organisation outside of US jurisdiction, so completely independent of Google. If that organisation would create this new encryption software, protocol or standard, that would be a good sign to the rest of the world about Google intentions.
LOL. You're using the remnants of an old, once excellent and popular blog, that's still very web 1.0.
There's no point in upgrading the software when they've already lost much of the user-base, and the quality of articles and comments are now so low. They're just riding it out to take in as much income as possible before it completely implodes.
I'm glad we can't edit posts. This is how it should be here and it should stay that way.
Creative people don't use JPEGs for work, and rather than PNG I'm sure they use PSD or some other layered file format.
They don't? I think about 90% of the web's images are JPEG. PNG is great for replacing non animated GIF. For lossless images it can be used, but it will be 10x the size of JPEG, and that is still not acceptable. Isn't JPEG with maximum quality lossless as well? Even that is less than half the filesize of a similar PNG.
Think about this: what is better - a 6400 dpi high quality JPEG, or a 1600 dpi lossless PNG, both similar in size?
Is there any particular reason why people don't strengthen AES (or any other symmetric encryption) by just reencrypting 1000 times? Perhaps interleaving each encryption with encrypting with the first 1, then 2 etc. It would make next to no difference for the end user, who's going to decrypt just once, but I imagine it would add a lot more time to the cracking of the encrypted data than increasing the size of the key.
It seems that encrypting the file multiple times with the same key is not safe, and tends to expose the flaws in the encryption method. It will be less secure. Hashing the password with a random key multiple times (like keepass uses 5000 rounds), and then using that string to encrypt the file, however should work. I'm not an expert on this matter, just repeat what someone else replied me when asking the same question.
You do, but if you're that worried, there's always truecrypt and keepassx. If you keep the database in a truecrypt encrypted partition, the NSA can't get at that with any reasonable period of time. You can also ditch the keepassx and just store it as plain text in the encrypted partition, but that's not very convenient.
Can you be sure that Truecrypt has no backdoors? If so, how?
I cannot thank you enough for making all this information public, and for giving up your normal life to inform us. I hope that one time you will be recognized by the UN, EU and most hopefully for you the US, so you can return to your own country without being prosecuted.
To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.
There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.
I use Keepass. It has an option encryption rounds. I thought this meant the encryption is applied 5000 times:
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.
Same as the porn industrie fighting for freedom of speech. If I remember correctly, I once read that you can measure the freedom of speech in a country by looking at the pornography made and consumed there. To be honest, this comparison seems to be losing value, in my eyes at least.
So, are you disgusted by the *volume* of USA porn, or by the *quality* of the porn?
I'm not disgusted. For me, quality and fun have an inverse relationship in porn, and the fun (but not funny) porn is not easily found in a porn-world that is dominated by money.
I recommend a "zero time pad" : if you want it secret, don't put it on a computer.
I disagree. A computer may be a lot safer than... what else do you propose? But never connect it to the internet, so remove wifi and ethernet from the hardware, and I think you're good. Install a linux distro that you can trust, use usb-sticks to transmit files, use Truecrypt etc, and what are you going to do on that computer anyway? Just wondering for myself what I would be doing on a computer like that....
Or.... has it come this far that the NSA has manufacturers build in 3G chips that we don't know of?
I couldn't care less if Assange or Snowden are nice guys. That's completely irrelevant for the matter if they're sweet little cherubs or like to fuck sheep on their spare time. Nobody does what they did by being that nice guy everybody wants to have a beer with.
The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.
Same as the porn industrie fighting for freedom of speech. If I remember correctly, I once read that you can measure the freedom of speech in a country by looking at the pornography made and consumed there. To be honest, this comparison seems to be losing value, in my eyes at least.
All these free/secure Facebook and Twitter are great, but who is going to use it? How do you connect to eachother if nobody you know uses it or wants to use it?
No, that's not sufficient. Encrypted data still exposes metadata: Who, when, where. And that's under the generous assumption that the encryption actually does what it promises to do.
And today we know it doesn't. Does codename Bullrun ring any bells? (Hint: Snowden, NSA)
Slashdot Mirror
Let's start with these as they are of great importance and often fall behind with updates.
Even if these routers have updates available, when will they be applied? Looking at myself - I can't remember if I have ever checked for an update for my current router, which is three years old. Once I installed dd-wrt on a router, but did I ever install an update? I believe not. If I forgot about this, and don't do this on a regular basis, how about the people nextdoor, colleagues, family who don't know that a router is a computer in itself and can be updated?
If a nation were like a computer programming project, we would write tests to continually ensure its correct operation. One test would be to ensure that voters, not the government, are in control of their own nation.
What kind of test would make sure it is so? Maybe successfully voting a new party in power, one that has never before been on top?
Maybe this is the test. It has just started to run. Wait and see what comes out.
Land where Freedom will not be tolerated.
The server was in France, and the the admin is being prosecuted in Ireland.
Those are minor details in the war on freedom.
For those who wonder what this prize is about, a quote from the linked article. The question is who proposed him and if he makes a real chance.
Members of the European Parliament are officially nominating fugitive US leaker Edward Snowden for a prize celebrating freedom of thought, a parliamentary representative said Wednesday.
Snowden is a candidate for the European Parliament’s Sakharov Prize for Freedom of Thought, named after Soviet scientist and dissident Andrei Sakharov, which honors people or organizations for their work in the defense of human rights and freedom of thought.
More info about past winners on Wikipedia.
This shit is evidence that this country has *already* been taken over (from within and without)
Isn't it time we, the American Citizens, take back our own country from those fuckers ?
How much longer should we let those fuckers to ruin our country ?
How much longer do we want to be fooled by those fuckers ?
How much longer can our country last, under those fuckers ?
So what are you waiting for? You tell others what to do, and do nothing yourself. That's not going to motivate anybody.
(Disclaimer: I am not a US citizen)
Except that this came to light back in 2007.
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
So why has nobody fixed this in the past six years? Thanks to Snowden it's back in the spotlight, and now it seems like action is being taken. That's his legacy. I thank him for that.
This has been going on FOREVER... There is always a better mouse trap .. or cheese ;-)
Limburg Cheese Encryption - smells so bad that even the NSA runs away
I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.
No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.
They would make a good start by setting up and funding an organisation outside of US jurisdiction, so completely independent of Google. If that organisation would create this new encryption software, protocol or standard, that would be a good sign to the rest of the world about Google intentions.
LOL. You're using the remnants of an old, once excellent and popular blog, that's still very web 1.0.
There's no point in upgrading the software when they've already lost much of the user-base, and the quality of articles and comments are now so low. They're just riding it out to take in as much income as possible before it completely implodes.
I'm glad we can't edit posts. This is how it should be here and it should stay that way.
And yet what are we doing about it? Nothing. Ergo, it is accepted.
No, we just haven't figured out how to handle this in such a way that it sorts any effect without distroying our lives.
Unless Google is going to devise a crypto system they don't have any access to the keys, this is meaningless.
Because when those government agencies can walk in the door with a secret warrant and demand the keys, there is nothing Google can do.
They could setup an independent organisation, funded by them, outside US jurisdiction, like in Iceland, and work from there.
Creative people don't use JPEGs for work, and rather than PNG I'm sure they use PSD or some other layered file format.
They don't? I think about 90% of the web's images are JPEG. PNG is great for replacing non animated GIF. For lossless images it can be used, but it will be 10x the size of JPEG, and that is still not acceptable. Isn't JPEG with maximum quality lossless as well? Even that is less than half the filesize of a similar PNG.
Think about this: what is better - a 6400 dpi high quality JPEG, or a 1600 dpi lossless PNG, both similar in size?
Is there any particular reason why people don't strengthen AES (or any other symmetric encryption) by just reencrypting 1000 times? Perhaps interleaving each encryption with encrypting with the first 1, then 2 etc. It would make next to no difference for the end user, who's going to decrypt just once, but I imagine it would add a lot more time to the cracking of the encrypted data than increasing the size of the key.
It seems that encrypting the file multiple times with the same key is not safe, and tends to expose the flaws in the encryption method. It will be less secure. Hashing the password with a random key multiple times (like keepass uses 5000 rounds), and then using that string to encrypt the file, however should work. I'm not an expert on this matter, just repeat what someone else replied me when asking the same question.
You do, but if you're that worried, there's always truecrypt and keepassx. If you keep the database in a truecrypt encrypted partition, the NSA can't get at that with any reasonable period of time. You can also ditch the keepassx and just store it as plain text in the encrypted partition, but that's not very convenient.
Can you be sure that Truecrypt has no backdoors? If so, how?
Fortunately there is an effective counter-measure:
http://www.dwheeler.com/trusting-trust/
So you compile the code using two different compilers. How can you be sure that both other compilers don't have a parent compiler that is infected?
They meant to say "cum resistant". Lord knows there's a place for it.
Yeah it rings a bell, something with "goat", haven't seen it in a while here though...
I cannot thank you enough for making all this information public, and for giving up your normal life to inform us. I hope that one time you will be recognized by the UN, EU and most hopefully for you the US, so you can return to your own country without being prosecuted.
...says the Anonymous Coward.
Yeah right - says the NSA...
Thanks for the explanation!
To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.
There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.
I use Keepass. It has an option encryption rounds. I thought this meant the encryption is applied 5000 times:
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.
Same as the porn industrie fighting for freedom of speech. If I remember correctly, I once read that you can measure the freedom of speech in a country by looking at the pornography made and consumed there. To be honest, this comparison seems to be losing value, in my eyes at least.
So, are you disgusted by the *volume* of USA porn, or by the *quality* of the porn?
I'm not disgusted. For me, quality and fun have an inverse relationship in porn, and the fun (but not funny) porn is not easily found in a porn-world that is dominated by money.
I recommend a "zero time pad" : if you want it secret, don't put it on a computer.
I disagree. A computer may be a lot safer than... what else do you propose? But never connect it to the internet, so remove wifi and ethernet from the hardware, and I think you're good. Install a linux distro that you can trust, use usb-sticks to transmit files, use Truecrypt etc, and what are you going to do on that computer anyway? Just wondering for myself what I would be doing on a computer like that....
Or.... has it come this far that the NSA has manufacturers build in 3G chips that we don't know of?
I couldn't care less if Assange or Snowden are nice guys. That's completely irrelevant for the matter if they're sweet little cherubs or like to fuck sheep on their spare time. Nobody does what they did by being that nice guy everybody wants to have a beer with.
The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.
Same as the porn industrie fighting for freedom of speech. If I remember correctly, I once read that you can measure the freedom of speech in a country by looking at the pornography made and consumed there. To be honest, this comparison seems to be losing value, in my eyes at least.
There is also a KickStarter for software called Trsst that's a secure, distributed replacement for Twitter.
All these free/secure Facebook and Twitter are great, but who is going to use it? How do you connect to eachother if nobody you know uses it or wants to use it?
No, that's not sufficient. Encrypted data still exposes metadata: Who, when, where. And that's under the generous assumption that the encryption actually does what it promises to do.
And today we know it doesn't. Does codename Bullrun ring any bells? (Hint: Snowden, NSA)