StaleCoffee: Xcott: StaleCoffee: The training data required to crack SSH passwords by keystroke was pretty ridiculous.Not really: Song et al discovered that you don't need training data from the user you're surveilling. A lot of people touch-type the same basic way, and timing data from one user is still useful for speeding up a password search from another user.As with dictionary attacks, no amount of data is ridiculous if you can collect it yourself, off-line, in advance, and use it over and over."We pick a character pair and ask the user to type this pair 30-40 times, returning to the home row each time between repetitions. For each user, we repeat this for many possible pairs (142 pairs, in our experiments) and gather data on inter-keystroke timings for each pair. We collected the latency of each character pair measurement and computed the mean value and standard deviation."The training data wasn't universally applied between users either. They had better results between certain users than others.I'm not saying it isn't possible, I'm saying it's a lot more effort than something like sneaking a hidden camera in or out, since you'd have to sneak out the audio recordings anyway. Unless you're going to be on the spot analyzing that in your head. It's ridiculous the way killing James Bond with sharks is ridiculous. Yeah they'll farking eat him but it's faster to just shoot him in the face without talking about it.
Miss Alexandra: They still watch you from satellites, though....I don't know how true this is, but I've read somewhere that the real reason for banning lead paint was so walls could be seen through. Not sure of the veracity but it's something to think about.
Miss Alexandra: I don't know how true this is, but I've read somewhere that the real reason for banning lead paint was so walls could be seen through. Not sure of the veracity but it's something to think about.
Xcott: Encryption pads are never reused, except when some dimwit did reuse them.
Xcott: Typewriter ribbons present a security weakness and opportunity for surveillance even though, by official policy, they are supposed to be burned.
dittybopper: Xcott: dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.Yes, and the simple countermeasure to fingerprint detection is to wear gloves. That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.Certainly, but we're talking about *PROFESSIONALS* here, not two-bit low level criminals with poor impulse control.Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer? Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it." Countermeasures are effectively a non-issue. It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.Actually, you can make this completely moot by simply doing your typing in a secure facility. Which is where you were going to store the documents anyway.Again, we're discussing people for whom security isn't some afterthought, but a way of life, and they are guarding secrets that you have no clue how tightly they are held. I've been inside that world.For very limited distribution, highly sensitive documents, where you can't afford to have them leaked, typing them directly onto paper instead of into a computer, where some nosy sysadmin might grab them, or some disgruntled worker might snarf on to a thumb drive . That way the only real copy is paper, and paper is harder to sneak out of a secure facility than electronic data on something as small as a thumb drive or a microSD card.How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?Plus, with paper, if you take the only copy, it's ...
real_headhoncho: All this means is a boom in the spy tech industry,Decoder rings for all!
yet_another_wumpus: So was Snowden. So was Manning. Security is hard: screw up once and it is over. Attacking is easy, a .001 average means you got what you wanted.
StaleCoffee: Actually, how would you grab the training data without filming it or installing a keylogger in the first place?
StaleCoffee: I'm not saying it isn't possible, I'm saying it's a lot more effort than something like sneaking a hidden camera in or out, since you'd have to sneak out the audio recordings anyway.
Xcott: Encryption pads are never reused, except when some dimwit did reuse them
gfid: Xcott: Encryption pads are never reused, except when some dimwit did reuse themWhich is why the weakest part of most security systems is the dimwits that use them and within any organization you're going to have at least a few dimwits and in a large organization you're going to have a lot of dimwits.
dittybopper: Yeah, but manual, paper OTPs are about as foolproof a solution as you are going to find. The rules are simple, and when followed, they *WORK*.
dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads: No data remanence issues.
NFA: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads: No data remanence issues.Not true, the written text is captured on the manual typewriters ribbon.
Xcott: dittybopper: Yeah, but manual, paper OTPs are about as foolproof a solution as you are going to find. The rules are simple, and when followed, they *WORK*.That's not what "foolproof" means. OTPs are actually the opposite of foolproof: they fail catastrophically when people cut a few corners or make a few mistakes, and the onerous key requirements actually encourage those mistakes.OTPs are fragile in the sense that if someone ever cuts a corner and reuses a pad, anyone who intercepts your transmissions can immediately detect the reuse, and it's not that hard to extract the messages in full when this happens. It's hard to express just how embarrassingly bad this is by modern standards: a cipher should never fail this dramatically when a key is misused or used past its mandated lifetime.On top of this, the OTP requires that key material be written down and stored in two different places, which again is pretty awful security by modern standards, or even 1970s standards. You should only need a key or passphrase that you can memorize---you should never have to write down a key---and you shouldn't have to share it with anyone, even the person with whom you are communicating. The only reason to use an OTP is that the encryption method is theoretically unbreakable if all practical matters are ignored. But you only needed that theoretical unbreakability 40-50 years ago, before people figured out how to make reliably strong cipher algorithms. And when you factor in the practical matters, it's a real D- of a cipher.This is why cryptographers are conditioned to hear "one-time pad" and think "crackpot." If you're writing cryptographic software and you want to guarantee that people will declare it snake oil, use the phrase "one-time pad" in the marketing copy.
ccundiff: //How can I be the first?
dv-ous: My dad emailed me a link to this story a few minutes before it went green.Sadly, his source was the Daily Caller. So now I has a sad.
dittybopper: To the best of me knowledge, I was the first one to publish the idea of using 10-sided dice to generate OTPs, and as you can see I've also experimented with other manual methods of encryption.
Xcott: dittybopper: There is a reason that numbers stations still exist, and why those stations still transmit their messages using one time pads: Because when used properly (especially avoiding the use of a computer), they are forever safe.Yes, except for the part where you have to write the key down on lots of paper, keep it somewhere, and give a copy of that paper to someone else. And repeat this process for each person with which you need to communicate.
Xcott: dittybopper: To the best of me knowledge, I was the first one to publish the idea of using 10-sided dice to generate OTPs, and as you can see I've also experimented with other manual methods of encryption.I forgot to add: I can't tell from the photo, but do those dice have sharp edges?A lot of dice are injection molded and then tumbled to smooth their edges, and you should not be using them to generate cryptographically secure random data. Dice are less uniform than people think---casinos are really the only ones who obsess about exacting quality standards in dice, and really they only care about D6s.
dittybopper: You get around that by *PHYSICALLY* transferring the pads.
Xcott: dittybopper: You get around that by *PHYSICALLY* transferring the pads.Of course you physically transfer the pads. They're on paper. How does that "get around" interception?
dittybopper: Despite what you may have read, OTPs don't have to be perfectly mathematically random. They just have to be random enough in a non-deterministic way. In other words, if you roll a sequence like 77324, there can't be a way to mathematically derive that the next number is going to be 5, for example.
dittybopper: Also, you'd have to contend with the fact that any statistical anomaly in any one particular die is going to be submerged by the fact that there are 4 other dice being rolled
dittybopper: Physical access to the pads is a much, much, *MUCH* more difficult issue that slapping a keylogger or a trojan on the computer of an adversary. Think of all the places you can hide something the size of a pack of cigarettes in your house. A package that size could hold a *LOT* of OTPs, even ones done by a conventional manual typewriter.
dittybopper: Now think about how long it would take to physically search your home thoroughly, find them, open them up, photograph them, and replace them such that the tamper-evident packaging isn't disturbed. Do you think it's practical for anyone, even a government, to do that without leaving some sign that they did it?
Xcott: In contrast, you could use a modern cipher, which doesn't require you to share your decryption key with anyone, or store it anywhere, written or otherwise, even if you want to communicate securely with a network of 2,000 separate people. In exchange for that far more acceptable level of security, the cipher is no longer theoretically perfectly secure: it will only be unbreakable for the lifetime of the universe, rather than forever. Boo hiss.
Xcott: dittybopper: [enigma]Seriously? We can't trust ciphers like 128-bit AES because the Enigma was broken in the 40s?Comparing the Enigma machine to AES is silly. Enigma was invented long before cryptography was put on any scientific footing, and its design was mostly ad-hoc. It's utterly unlike modern ciphers in terms of the actual scientific and mathematical knowledge used in their design.Also, the Enigma's design was pretty vulnerable to brute force even in its time. The proper part of the enigma, the time-varying part, only had 17576*60 keys. The only factor that complicated this was a static plug-board that was slapped on just to increase the key size, and this was cracked precisely because it was an ad-hoc addition. Pointing to Enigma to argue that we shouldn't trust modern block ciphers is like pointing to a WWI biplane to prove that spaceflight is impossible.
Xcott: "Even a government"? "Tamper-evident packaging?" So the theory here is that US intelligence agencies can bug the whole world, crack modern cipher algorithms and brute-force 128-bit keys with computers that operate with completely different laws of physics, come into your house and install key-loggers that make any use of computers suspect; but they totally can't get past your string-and-aluminum-foil trick?
dittybopper: Think of all the places you can hide something the size of a pack of cigarettes in your house.
dittybopper: It's an analogy.
Xcott: dittybopper: Despite what you may have read, OTPs don't have to be perfectly mathematically random. They just have to be random enough in a non-deterministic way. In other words, if you roll a sequence like 77324, there can't be a way to mathematically derive that the next number is going to be 5, for example.Wow, that's ... really, really, really false.By definition, perfect secrecy requires that the a priori plaintext distribution equals the a posteriori distribution. That's an absolute requirement, and if you don't meet that, then there's really no point in putting up with all the other crap to use the cipher.This means that it's not sufficient for the pad to be "random enough in a non-deterministic way." It has to have a specific kind of distribution that makes the plaintext and ciphertext independent. A uniform distribution achieves this, and an arbitrary non-uniform distribution does not.If you want a simple example, here is a OTP-encrypted text (mod 26) where the pad is severely biased toward Z (90%) but it's still "non-deterministally random":"WFENAHLYOUHAVEISAKAMMEREVERYTHINGLOOMSLIKLANADL"You're telling me that nobody can deduce what this says because the noise, while slight, is non-deterministic? Har har, nobody will ever read my message because they can't prove what I said with 100% certainty! But wait, no, this is trivial to read. In fact, with a biased pad, certain plaintext values become more likely and certain values less likely. This violates perfect secrecy.You may argue that a small bias, like 1-2%, doesn't make much of a difference. But then, your messages are no longer "forever safe." They are now vulnerable to the same impractical brute force analysis that you get with any other cipher.
dittybopper: Even when you detect a statistical anomaly, it won't really help you decipher the messages, because again, it's non-deterministic.
dittybopper: Of course, there is no way to really know for sure:
dittybopper: Interestingly enough, a couple pages actually failed, but taken as an entire group (250 groups per page, 15 pages worth, or 18,750 numbers), they were within the expected values for a random series (confidence 95%).
Want the rest of the Farking story? Try
More threads. More community. More Farking.
Sign up for the Fark NotNewsletter!
Links are submitted by members of the Fark community.
When community members submit a link, they also write a custom headline for the story.
Other Farkers comment on the links. This is the number of comments. Click here to read them.
You need to create an account to submit links or post comments.
Click here to submit a link.
Also on Fark
Submit a Link »
Copyright © 1999 - 2017 Fark, Inc | Last updated: Sep 23 2017 11:07:39
Runtime: 0.430 sec (430 ms)