[19500] in cryptography@c2.net mail archive
[coderman@gmail.com: Re: [dave@farber.net: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Tue Jan 3 13:43:58 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 2 Jan 2006 13:09:32 +0100
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--fLJKTAF0IhbUgwnF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
----- Forwarded message from coderman <coderman@gmail.com> -----
=46rom: coderman <coderman@gmail.com>
Date: Sun, 1 Jan 2006 18:53:13 -0800
To: "J.A. Terranson" <measl@mfn.org>
Cc: Tyler Durden <camera_lumina@hotmail.com>, jya@cryptome.net,
cypherpunks@jfet.org
Subject: Re: [dave@farber.net: [IP] more on AP Story Justice Dept.
Probing Domestic Spyin
On 1/1/06, J.A. Terranson <measl@mfn.org> wrote:
> (1) We are describing encryptedmessage sent over the public internet -
> granted, it's in "pieces", yet it's still sent into the public cloud;
yeah, follow tcp stream in ethereal is a good example of how trivial
it is to recreate a session of communication given an archive of its
component datagrams.
> (2) These various pieces are all "record" communications as far as
> NSA/Echelon is concerned, and therefore we should expect that they will
> draw significant attention - and end up in permanent archives;
right. hence my fetish for one time pads for key exchange and
previous comment about quantum computers / fast GNFS / etc. they are
up to 8 qubits, only a few thousand more to go. ;)
> (3) Since all off the pieces have been stored - including both the
> encrypted messagetexts and the decryptors, what is to prevent a
> time-faking attack against this message? After all, if you have all the
> parts, you can just "reinstantiate" the network as it was was the messages
> were originally sent.
this is particular to the method TD mentioned i think...
i am assuming the following:
- the operating system is installed on a loop-aes volume so that
integrity of the kernel, libraries and utilities is protected via
passphrase.
- the one time pads are stored encrypted in a similar manner so that
access to them requires external keys (like the gpg encrypted keys
used for loop-aes volumes)
- the passphrase used to authenticate a user for access to the pads is
coupled with external storage (usb) of the keys used to access the
pads.
to recover the plaintext communication from the encrypted datagrams
the attacker would need to obtain the encrypted pad, the keys on
external storage (usb), and the passphrase to access the keys.
> (4) For any form of time-destruction messaging to really work, the keying
> information would have to be tied to a physical <something> that cannot be
> reclaimed, and which decays at a fixed, known, and closely approximatable
> rate (a radiodecay probably doesn't meet this criteria);
>
> Every time-sensitive auto-destructing system Ive seen discussed here fails
> these weaknesses.
this doesn't provide time destruction so i assume this is in reference
to Tyler's description. you could couple the user authentication with
a physically hardened token of some sort for access to the pads but
even this would require manual destruction.
do they make physically hardened authentication tokens with timed self
destruction built in?
----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--fLJKTAF0IhbUgwnF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDuRf8dbAkQ4sp9r4RAhUpAJsGki3t1Yer7nFVubUsg67QZbOpPQCfdgUR
9DHNP+t6HmKTAT+iI1qwjC8=
=6Yma
-----END PGP SIGNATURE-----
--fLJKTAF0IhbUgwnF--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
