If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Republic)   Russia switching back to typewriters to avoid NSA spying   (therepublic.com) divider line 145
    More: Amusing, NSA, kremlin, President Vladimir Putin, federal protective service, Izvestia, NSA surveillance  
•       •       •

5563 clicks; posted to Main » on 12 Jul 2013 at 12:28 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



145 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | » | Last | Show all
 
2013-07-12 01:32:40 PM

legion_of_doo: watch out Buttle! the Russians hate terrorist scum like you.


My name is Tuttle! There has been a mistake!

/we don't make mistakes, Citizen.
 
2013-07-12 01:34:20 PM
"Comrade, I believe my typewriter has been bugged"

i36.photobucket.com
 
2013-07-12 01:39:57 PM
Not to worry, the drones are watching you type through the windows.
 
2013-07-12 01:41:42 PM

rumpelstiltskin: StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.

The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


For a manual typewriter, they *DON'T* travel a different distance:  It's essentially the same:

i40.tinypic.com

See how the type bars are arranged in a semi-circle?  That's so that they all travel the distance from their resting positions until they hit the platen.  Any minor difference in distance that *MIGHT* be useful is going to be completely swallowed up by the natural timing variations of the person typing.

Now, ball-type electric typewriters do indeed have a unique signature:  The ball moves the correct character in to line and then strikes the platen, then returns.  And because it's all done at the close of an electrical switch (the keys), the timing is *ALWAYS* the same.  So you can do it for those.

But again, you've got to have a sensitive microphone actually *IN* the typewriter, or at a bare minimum in the same room, and you have to have some way of getting that data outside of a secured facility.
 
2013-07-12 01:41:50 PM

vpb: Actually, they are switching back to typewriters to avoid leaks.

The idea that they didn't know that the NSA was spying on them is cute, considering that the NSA was created specifically to spy on them back during the cold war.


Yes they did. The order is simply part of a yearly renewal.
 
2013-07-12 01:43:54 PM
I like the comment in the article describing how it took two years for the Russians to respond to a request about where to get Russian propaganda about their space program.
 
2013-07-12 01:45:54 PM

Harry Freakstorm: fanbladesaresharp

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads: No data remanence issues.

They can tell exactly what you're typing by just hearing you type

No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?

I used to know when the editor was finished with his copy because his typing sped up and sounded 'happier'. Yeah. there is a 'happy' sound to typing. Also, he made fewer spelling errors at the end of his copy.
tappity tap tap tap...tappitytappitytappitytappitytap, zip. "Freakstorm! Proof this and get it down to composing!"

(Editing) It was an knight to remember at the balllpark last nighte. Mike ^m^antle, the power hitter for the Mud Sliders stepped up the the plate with the bases loadede "It's true," I thought to myself as I sat in the stands watching, "Great moments are made ^I like penises^."


Eh. I'd say he was in a good mood, or at least a better one. I can get on a roll if I have an idea or good thought going, and smoke coming from my fingers might be an indication. My keys, old or new do not make much use for anyone unless you were sitting right next to me, and I have an intense look on my face and zone out. I'd say body language means more than trying to make sense of clicks and taps (unless it's morse code or something).
 
2013-07-12 01:48:48 PM
Welcome to Mother Russia where the typewriters type you!

/Dont think I have that quite right
 
2013-07-12 01:49:40 PM

rumpelstiltskin: StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.

The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


We also have computers that can analyze sound. We don't need someone's ear on it directly anymore.
 
2013-07-12 01:57:33 PM

dittybopper: naz-drala: wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?

Yeah, 'cause that's worked *SO* well for them.


All modern computers have Wi-Fi built in and it's a biatch to rip out - they often build the antenna into the screen. Then there's the issue of how to print.
 
2013-07-12 02:02:58 PM
Just write all your files in cursive. No one under the age of 50 will be able to read it.
 
2013-07-12 02:07:03 PM
This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.
 
2013-07-12 02:13:26 PM

vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.


I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.
 
2013-07-12 02:20:27 PM

rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.
 
2013-07-12 02:20:50 PM
Ah ha, the whole Snowden fiasco was just a conspiracy by 3M to sell more whiteout.
 
2013-07-12 02:25:18 PM

Xcott: rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.

The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.


Color me skeptical that you could ever make it work consistently.  After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.  Hell, even natural variation would throw it all out of whack, given the right circumstances.

It's one of those "we could do this, if all the conditions were *JUST* right" kind of things.
 
2013-07-12 02:25:23 PM
nsarchive.files.wordpress.com
 
2013-07-12 02:26:15 PM
I wonder if Russia is having the same problem as the USA with an aging population with rotting brains electing retards into government positions?
 
2013-07-12 02:35:59 PM

Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]


That's cold war tech. The NSA has satellites that use lasers that shine on the windows of your building to track the vibrations of everything you write
 
2013-07-12 02:36:20 PM

StaleCoffee: While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking.


No, it isn't.  That's just what humanities majors call this stuff when writing "cyberpunk" novels and role playing game sourcebooks.  In fact, nobody has called anything "phreaking" since people actually did phreaking.

For an excellent demonstration of EM analysis, check out Markus Kuhn's paper on Soft Tempest (IH 1998), where he demonstrates how to capture the picture on a CRT monitor from its emissions.  Later, he demonstrated that you can do this without EM:  because CRT monitors draw an image one pixel at a time, simply aiming a telescope and a photmultiplier tube at the monitor glare on your walls and sampling it at the right rate can be used to reconstruct your monitor display at a distance.
 
2013-07-12 02:41:46 PM
imageshack.us
 
2013-07-12 02:44:44 PM
We have some old typewriters to sell Russia, pay no attention to the attached antenna.
 
2013-07-12 02:46:22 PM

dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.


Yes, and the simple countermeasure to fingerprint detection is to wear gloves.  That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.

Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer?  Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it."  Countermeasures are effectively a non-issue.  It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.
 
2013-07-12 02:47:01 PM

dittybopper: It's one of those "we could do this, if all the conditions were *JUST* right" kind of things.


I'm not a scientologist, but it seems like any method for intercepting traffic that can be affected by coffee intake can't be very reliable.
 
2013-07-12 02:47:32 PM
static.guim.co.uk
 
2013-07-12 02:48:16 PM
//How can I be the first?
 
2013-07-12 02:59:59 PM
Can type.


www.undertheradarmag.com
 
2013-07-12 03:17:20 PM

Xcott: StaleCoffee: While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking.

No, it isn't.  That's just what humanities majors call this stuff when writing "cyberpunk" novels and role playing game sourcebooks.  In fact, nobody has called anything "phreaking" since people actually did phreaking.

For an excellent demonstration of EM analysis, check out Markus Kuhn's paper on Soft Tempest (IH 1998), where he demonstrates how to capture the picture on a CRT monitor from its emissions.  Later, he demonstrated that you can do this without EM:  because CRT monitors draw an image one pixel at a time, simply aiming a telescope and a photmultiplier tube at the monitor glare on your walls and sampling it at the right rate can be used to reconstruct your monitor display at a distance.


Cryptonomicon was a work of fiction but it wasn't steampunk or an RPG sourcebook. Yeah, you can just use the word eavesdropping instead but if the phrase offends you then I personally apologize for its use in this brave new out of band world.
 
2013-07-12 03:17:50 PM
How about not connecting vital computers to the frelling Internet?
 
2013-07-12 03:27:59 PM
Did they un-invent the scanner and the camera while they were at it?
 
2013-07-12 03:30:20 PM

Xcott: rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.

The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.


The training data required to crack SSH passwords by keystroke was pretty ridiculous. Not impossible but if you have that much access to someone typing it's not likely that avenue of attack is going to be in your first ten choices. I'm not intimately familiar with it, so you may be better informed than I, but I honestly do not recall that ever being one of the real security issues with SSH.
 
2013-07-12 03:33:19 PM

MythDragon: Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]

That's cold war tech. The NSA has satellites that use lasers that shine on the windows of your building to track the vibrations of everything you write


That's why I always turn my amp up to 11 and blast Slayer when I hold my clandestine meetings.

cdn-usa.gagbay.com
 
2013-07-12 03:36:11 PM

tricycleracer: Didn't spy agencies used to read characters off of discarded ribbons?


Yes they did use to do that IIRC. But I think that they caught on quick about that and burned them. I remember hearing they were easier to get for industrial espionage. Because a lot of companies just never thought about it.
 
2013-07-12 03:37:47 PM

fanbladesaresharp: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?


The only sound I remember is the k'CHUNK when I'd press a key down and it and the three keys to either
side would go down and stay stuck in the downward position.
 
2013-07-12 03:41:42 PM

HAMMERTOE: Silly. Computers are capable of more than 12,000,000 different colors. That's enough for a single color to correspond to a whole word, rather than a single letter. Imagine a picture, comprised of only the green part of the spectrum (2,000,000+ possibilities). Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.

 
2013-07-12 03:50:08 PM
Xcott: dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.

Yes, and the simple countermeasure to fingerprint detection is to wear gloves.  That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.

Certainly, but we're talking about *PROFESSIONALS* here, not two-bit low level criminals with poor impulse control.

Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer?  Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it."  Countermeasures are effectively a non-issue.  It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.

Actually, you can make this completely moot by simply doing your typing in a secure facility.  Which is where you were going to store the documents anyway.

Again, we're discussing people for whom security isn't some afterthought, but a way of life, and they are guarding secrets that you have no clue how tightly they are held.  I've been inside that world.

For very limited distribution, highly sensitive documents, where you can't afford to have them leaked, typing them directly onto paper instead of into a computer, where some nosy sysadmin might grab them, or some disgruntled worker might snarf on to a thumb drive .  That way the only real copy is paper, and paper is harder to sneak out of a secure facility than electronic data on something as small as a thumb drive or a microSD card.

How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?

Plus, with paper, if you take the only copy, it's going to be noticed that it's missing at some point.  You can steal electronic data without physically removing it.  Of course, there are audit trails that make that harder to do unnoticed, but if you've got superuser access, there are ways around that if you are smart, or, failing that, if you don't care if they find out by the next quarterly data audit because you'll be in another country by then.
 
2013-07-12 03:50:50 PM

groppet: tricycleracer: Didn't spy agencies used to read characters off of discarded ribbons?

Yes they did use to do that IIRC. But I think that they caught on quick about that and burned them. I remember hearing they were easier to get for industrial espionage. Because a lot of companies just never thought about it.


Ribbons went into burn bags when they were used up.
 
2013-07-12 03:57:36 PM

StaleCoffee: The training data required to crack SSH passwords by keystroke was pretty ridiculous.


Not really:  Song et al discovered that you don't need training data from the user you're surveilling.  A lot of people touch-type the same basic way, and timing data from one user is still useful for speeding up a password search from another user.

As with dictionary attacks, no amount of data is ridiculous if you can collect it yourself, off-line, in advance, and use it over and over.
 
2013-07-12 03:58:48 PM

dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.


I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.
 
2013-07-12 04:01:34 PM

digitalrain: HAMMERTOE: Silly. Computers are capable of more than 12,000,000 different colors. That's enough for a single color to correspond to a whole word, rather than a single letter. Imagine a picture, comprised of only the green part of the spectrum (2,000,000+ possibilities). Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.


Essentially, that's a code.  Codes are very susceptible to the same sort of analysis as monoalphabetic ciphers, though of course the frequencies of the individual words are much smaller.  It's been done since the Middle Ages.  Cryptanalysis of codes was a mature science in WWI, nearly 100 years ago.

Words, like letters, have their own unique frequencies in natural language, and this can be used to cryptanalyze a communication where whole words are replaced instead of individual letters.

Also, the idea of it sitting on a server somewhere for "on demand" retrieval doesn't get around the fact that when you place it on the server, you're transmitting it, and when you retrieve it, it's also being transmitted.  Both times it's vulnerable to interception.   Unless the server is essentially in the same building as both the creator and the intended recipient, it's vulnerable to being snarfed up.
 
2013-07-12 04:04:35 PM

Thelyphthoric: dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.

I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.


I use them to transmit voice, data (both computerized and via Morse) over HF frequencies to others.

I can do so with near 100% reliability within a 300 mile radius of my home location to similarly equipped stations, and with very good, but not perfect, reliability for thousands of miles.
 
2013-07-12 04:12:38 PM

dittybopper: Ribbons went into burn bags when they were used up.


So did one-time pads.  And yet, Venona was still a real thing that happened.

dittybopper: Actually, you can make this completely moot by simply doing your typing in a secure facility.


Well, one of the points of emissions analysis, including timing attacks, power analysis attacks, and acoustic emanation attacks, is to increase the surveillance toolbox for those situations.  An attacker might not be able to sneak a camera into a facility, but he might be able to make an audio recording or monitor power fluctuations.  An attacker might not be able to get malware onto a computer, but he might be able to get it onto a nearby computer.

But yes, you can make all this completely moot simply by achieving an ideal level of security that prevents all attacks.
 
2013-07-12 04:13:56 PM

dittybopper: How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?


To answer my own question, you can photograph them, but that also takes time, and of course you need to smuggle the camera in and out of the facility, which admittedly is easier than it was in the old days, with film cameras.
 
2013-07-12 04:15:52 PM

dittybopper: Thelyphthoric: dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.

I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.

I use them to transmit voice, data (both computerized and via Morse) over HF frequencies to others.

I can do so with near 100% reliability within a 300 mile radius of my home location to similarly equipped stations, and with very good, but not perfect, reliability for thousands of miles.


I've been reading your posts here today and remember many discussions in the past where I was fascinated by your knowledge.

/That said, please don't hurt me, I don't know nuttin.
 
2013-07-12 04:16:18 PM

Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.


The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.

Had they actually gone into burn bags after their single use, Venona wouldn't have been possible.

/They're called *ONE*TIME* pads for a reason.
 
2013-07-12 04:27:09 PM

Triumph: dittybopper: naz-drala: wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?

Yeah, 'cause that's worked *SO* well for them.

All modern computers have Wi-Fi built in and it's a biatch to rip out - they often build the antenna into the screen. Then there's the issue of how to print.


do you know what Tempest is? you should probably read this

That is of course the most basic information. If you have seen the movie "Enemy of the State", then you remember the copper mesh cage that Gene Hackman's character built around his equipment. The purpose of that shielding is to prevent EM radiation from entering or escaping thereby preventing remote capture of data from TEMPEST, WiFi, etc. As dittybopper can confirm I am sure... most "secure" facilities are shielded against EM monitoring, so unless you intend on using a wired bug (not wise), or a laser bug (not likely as secure rooms never have a direct window to the outside to prevent laser vibration monitoring), you have to rely on physical access to the site.
 
2013-07-12 04:27:27 PM

HAMMERTOE: Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.


The NSA would miss your encrypted messages if you just put an image header at the front of them??

What, because they'll look at the 50 uncompressed bitmap images of complete randomness you posted online and say, "oh, those are probably just family photos?"

The point of steganography is to make a message look like an everyday thing, not an alarmingly conspicuous thing.  Typically people hide messages in images by twiddling a few pixels in a "natural" image---but it turns out that it's wickedly difficult to do even this without ultimately risking detection.
 
2013-07-12 04:35:40 PM

dittybopper: Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.

The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.

Had they actually gone into burn bags after their single use, Venona wouldn't have been possible.

/They're called *ONE*TIME* pads for a reason.


ding.ding.ding.

It's amazing how lazy people can get even securing documents sometimes.
 
2013-07-12 04:41:48 PM

StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.


yah, that was in the movie Sneakers
 
2013-07-12 04:43:23 PM

dittybopper: Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.

The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.


[thats-the-joke.jpg]

Encryption pads are never reused, except when some dimwit did reuse them.  Just like confidential information is never allowed to reside unencrypted on a laptop that gets stolen at the airport, and just like all AOL search query information has to be deleted after 1 month and never put up on a web server for a grad student at Carnegie Mellon.

Typewriter ribbons present a security weakness and opportunity for surveillance even though, by official policy, they are supposed to be burned.
 
Displayed 50 of 145 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report