If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Republic)   Russia switching back to typewriters to avoid NSA spying   (therepublic.com) divider line 145
    More: Amusing, NSA, kremlin, President Vladimir Putin, federal protective service, Izvestia, NSA surveillance  
•       •       •

5564 clicks; posted to Main » on 12 Jul 2013 at 12:28 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



145 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-07-12 11:24:38 AM
Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.
 
vpb [TotalFark]
2013-07-12 11:30:52 AM
Actually, they are switching back to typewriters to avoid leaks.

The idea that they didn't know that the NSA was spying on them is cute, considering that the NSA was created specifically to spy on them back during the cold war.
 
2013-07-12 11:49:32 AM

vpb: Actually, they are switching back to typewriters to avoid leaks.

The idea that they didn't know that the NSA was spying on them is cute, considering that the NSA was created specifically to spy on them back during the cold war.


So very much this.   I used to do that sort of thing, as my Nom du Fark implies.

And yeah, it's so that if you need to make just one or two copies of a document for security reasons, if you do it on a typewriter you don't have to worry that the file was deleted properly, etc.
 
2013-07-12 12:02:11 PM
i236.photobucket.com

Challenge accepted.
 
2013-07-12 12:21:25 PM
I'm sure the real reason is that they can't afford electricity.
 
2013-07-12 12:30:37 PM
Didn't spy agencies used to read characters off of discarded ribbons?
 
2013-07-12 12:32:58 PM
Behold their new untappable phone:

i144.photobucket.com
 
2013-07-12 12:33:01 PM

dittybopper: No data remanence issues.


As long as you take the spent ribbon with you and burn it.
 
2013-07-12 12:34:10 PM

vpb: Actually, they are switching back to typewriters to avoid leaks.

The idea that they didn't know that the NSA was spying on them is cute, considering that the NSA was created specifically to spy on them back during the cold war.


The Soviets had a big problem when much of their secret stuff was hard-copy. It seems there was always a toilet paper shortage, particularly in East Germany and Berlin. So....

Some of the most valuable intelligence gathered against the Soviets was fished out of the sewers in Berlin.
 
2013-07-12 12:34:21 PM

dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.


They can tell exactly what you're typing by just hearing you type
 
2013-07-12 12:34:34 PM
Because that totally kept all the secrets in the USSR when it was all on papers, right?
 
2013-07-12 12:34:45 PM
watch out Buttle! the Russians hate terrorist scum like you.
 
2013-07-12 12:35:23 PM

James!: I'm sure the real reason is that they can't afford electricity.


You know before computers, everyone used electric typewriters.
 
2013-07-12 12:37:08 PM

rev. dave: James!: I'm sure the real reason is that they can't afford electricity.

You know before computers, everyone used electric typewriters.


It's a joke, grandpa.
 
2013-07-12 12:39:06 PM
wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?
 
2013-07-12 12:40:14 PM

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type


The use the Cone of Silence in the Kremlin
 
2013-07-12 12:40:46 PM

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type


I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.
 
2013-07-12 12:40:54 PM
no problem. we'll just tap into the copiers again.
 
2013-07-12 12:42:58 PM
My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.
 
2013-07-12 12:43:11 PM

Lawnchair: dittybopper: No data remanence issues.

As long as you take the spent ribbon with you and burn it.


And the platen. Destroy it too. Unless you're using one of those unreadable kind invented by a Russian serf during the Battle of Borodino.

Surely, Sherman my dear boy, you've heard of...the Platen Karataev.
 
2013-07-12 12:44:20 PM

gfid: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

The use the Cone of Silence in the Kremlin


Or AK-47 as they call it
 
2013-07-12 12:44:37 PM

Lawnchair: dittybopper: No data remanence issues.

As long as you take the spent ribbon with you and burn it.


Spent Ribbon is the name of my U2 tribute band.
 
2013-07-12 12:47:46 PM
www2.bc.edu

Ultrafiche making a comeback!
 
2013-07-12 12:49:44 PM

zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.


Snopes.
 
2013-07-12 12:50:52 PM

zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.


Monitor this b*tches:

www.photo-dictionary.com
 
2013-07-12 12:51:22 PM

rev. dave: James!: I'm sure the real reason is that they can't afford electricity.

You know before computers, everyone used electric typewriters.


Or manual typewriters. Shiatloads of college students did that into what, the 60s at least? If there's a low-budget solution, college-students will find it.
 
2013-07-12 12:51:31 PM
They can probably listen to a typewriter and tell what is being typed on it by listening to the different sounds of the key presses.  If they can do it with computer keyboards that can do it with typewriters.
 
2013-07-12 12:54:46 PM
images.tvrage.com
 
2013-07-12 12:56:20 PM

Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]


cuboidal.org
 
2013-07-12 12:56:51 PM

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type


Every key has a distinct tone.  Like a piano.
 
2013-07-12 12:56:52 PM
My dad emailed me a link to this story a few minutes before it went green.

Sadly, his source was the Daily Caller. So now I has a sad.
 
2013-07-12 12:57:29 PM
Also, the USA Today story points out that they bought 20 typewriters, and it's mostly to integrate with departments that never went digital in the first place.
 
2013-07-12 12:57:33 PM

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type


No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?
 
2013-07-12 12:58:09 PM

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type


1. I doubt that.  Too much variation in the strike of a single character with a manual typewriter based upon how you hit the key.  You might be able to do it with electric typewriters, but I suspect that you need to put the microphone actually *IN* the typewriter for it to work.  Recording the sound from across the room isn't going to

2. Even *IF* you can, you need access to the room where the document is being typed.  Bugging a SCIF (or it's Russian equivalent) is a neat trick if you can manage it, which you almost certainly can't.  Even if you put a bug in a typewriter, those sorts of areas are specifically designed to block electromagnetic radiation from leaking out, so a wireless bug isn't going to work, and a wired one would be too easily found.


In fact, the Russians were able to bug IBM Selectric typewriters used by US Embassy personnel back in the 1970's, so rest assured, they probably know what is necessary to secure them.
 
2013-07-12 12:59:22 PM

whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.


While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.
 
2013-07-12 01:03:30 PM

Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]


The countermeasure for that is simple:  Place some hard material behind the piece of paper being written on.  Like a piece of plastic or sheet metal.  Or just remove the paper and *THEN* write on it with it being on a hard surface.
 
2013-07-12 01:03:45 PM
encrypted-tbn1.gstatic.com
 
2013-07-12 01:10:06 PM
To avoid NSA spying I only communicate via homeopathic quartz crystals. They're unhackable because Big Pharma won't allow the government believe in them. It's either that or use the Smellogram.
 
2013-07-12 01:10:22 PM

dv-ous: Also, the USA Today story points out that they bought 20 typewriters, and it's mostly to integrate with departments that never went digital in the first place.


Yeah, kinda boring.

Lets just make something up so we can get our article written!
 
2013-07-12 01:11:57 PM
fanbladesaresharp

FullMetalPanda: dittybopper
: Actually makes sense, and it's why I use a manual typewriter to make one time pads: No data remanence issues.

They can tell exactly what you're typing by just hearing you type

No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?


I used to know when the editor was finished with his copy because his typing sped up and sounded 'happier'. Yeah. there is a 'happy' sound to typing. Also, he made fewer spelling errors at the end of his copy.
tappity tap tap tap...tappitytappitytappitytappitytap, zip. "Freakstorm! Proof this and get it down to composing!"

(Editing) It was an knight to remember at the balllpark last nighte. Mike ^m^antle, the power hitter for the Mud Sliders stepped up the the plate with the bases loadede "It's true," I thought to myself as I sat in the stands watching, "Great moments are made ^I like penises^."
 
2013-07-12 01:13:31 PM
3.bp.blogspot.com
 
2013-07-12 01:13:46 PM
Silly. Computers are capable of more than 12,000,000 different colors. That's enough for a single color to correspond to a whole word, rather than a single letter. Imagine a picture, comprised of only the green part of the spectrum (2,000,000+ possibilities). Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.
 
2013-07-12 01:14:20 PM

dittybopper: Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]

The countermeasure for that is simple:  Place some hard material behind the piece of paper being written on.  Like a piece of plastic or sheet metal.  Or just remove the paper and *THEN* write on it with it being on a hard surface.


Somebody please cut off this guy's johnson.
 
2013-07-12 01:18:00 PM

Lawnchair: dittybopper: No data remanence issues.

As long as you take the spent ribbon with you and burn it.


You don't even really have to do that, necessarily.

If it's a well-worn cloth ribbon, I doubt they'd get anything from it, but again that requires physical access, and it's a hell of a lot harder to smuggle a typewriter ribbon out of a secure area than, say, a thumb drive.

In any case, destroying a typewriter ribbon is a lot cheaper and easier than destroying a hard drive.

Again, this is a good, low-tech solution to what has become a significant high-tech headache.  If you only need to create 1, 2, or 3 copies of a document for security reasons,  it's better to do it on a typewriter because it doesn't leave those documents lying around on a computer system for the Bradley Manning's and Edward Snowden's of the world to find.
 
2013-07-12 01:21:29 PM

dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.


Speaking of which, when are you going to send me that 3 megabyte file you promised me in 1997?
 
2013-07-12 01:24:24 PM

Xcott: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

Speaking of which, when are you going to send me that 3 megabyte file you promised me in 1997?


upload.wikimedia.org

I told you once.
 
2013-07-12 01:25:52 PM

dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.


You've been able to recover what has been typed from old typewriter ribbons fairly reliably for a long time.  You don't think the NSA handled this problem a few generations ago?

/ Didn't mean this to be snarky.
//  Pissy mood.
 
2013-07-12 01:27:16 PM

hork_monkey: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

You've been able to recover what has been typed from old typewriter ribbons fairly reliably for a long time.  You don't think the NSA handled this problem a few generations ago?

/ Didn't mean this to be snarky.
//  Pissy mood.


OK, now get access to those ribbons.

/Even pissier.
//And I used to work for the NSA.
///Typewriter ribbons aren't their bailiwick.  That's the CIA.
 
2013-07-12 01:27:43 PM

StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.


The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.
 
2013-07-12 01:30:26 PM

naz-drala: wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?


Yeah, 'cause that's worked *SO* well for them.
 
2013-07-12 01:32:40 PM

legion_of_doo: watch out Buttle! the Russians hate terrorist scum like you.


My name is Tuttle! There has been a mistake!

/we don't make mistakes, Citizen.
 
2013-07-12 01:34:20 PM
"Comrade, I believe my typewriter has been bugged"

i36.photobucket.com
 
2013-07-12 01:39:57 PM
Not to worry, the drones are watching you type through the windows.
 
2013-07-12 01:41:42 PM

rumpelstiltskin: StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.

The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


For a manual typewriter, they *DON'T* travel a different distance:  It's essentially the same:

i40.tinypic.com

See how the type bars are arranged in a semi-circle?  That's so that they all travel the distance from their resting positions until they hit the platen.  Any minor difference in distance that *MIGHT* be useful is going to be completely swallowed up by the natural timing variations of the person typing.

Now, ball-type electric typewriters do indeed have a unique signature:  The ball moves the correct character in to line and then strikes the platen, then returns.  And because it's all done at the close of an electrical switch (the keys), the timing is *ALWAYS* the same.  So you can do it for those.

But again, you've got to have a sensitive microphone actually *IN* the typewriter, or at a bare minimum in the same room, and you have to have some way of getting that data outside of a secured facility.
 
2013-07-12 01:41:50 PM

vpb: Actually, they are switching back to typewriters to avoid leaks.

The idea that they didn't know that the NSA was spying on them is cute, considering that the NSA was created specifically to spy on them back during the cold war.


Yes they did. The order is simply part of a yearly renewal.
 
2013-07-12 01:43:54 PM
I like the comment in the article describing how it took two years for the Russians to respond to a request about where to get Russian propaganda about their space program.
 
2013-07-12 01:45:54 PM

Harry Freakstorm: fanbladesaresharp

FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads: No data remanence issues.

They can tell exactly what you're typing by just hearing you type

No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?

I used to know when the editor was finished with his copy because his typing sped up and sounded 'happier'. Yeah. there is a 'happy' sound to typing. Also, he made fewer spelling errors at the end of his copy.
tappity tap tap tap...tappitytappitytappitytappitytap, zip. "Freakstorm! Proof this and get it down to composing!"

(Editing) It was an knight to remember at the balllpark last nighte. Mike ^m^antle, the power hitter for the Mud Sliders stepped up the the plate with the bases loadede "It's true," I thought to myself as I sat in the stands watching, "Great moments are made ^I like penises^."


Eh. I'd say he was in a good mood, or at least a better one. I can get on a roll if I have an idea or good thought going, and smoke coming from my fingers might be an indication. My keys, old or new do not make much use for anyone unless you were sitting right next to me, and I have an intense look on my face and zone out. I'd say body language means more than trying to make sense of clicks and taps (unless it's morse code or something).
 
2013-07-12 01:48:48 PM
Welcome to Mother Russia where the typewriters type you!

/Dont think I have that quite right
 
2013-07-12 01:49:40 PM

rumpelstiltskin: StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.

The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


We also have computers that can analyze sound. We don't need someone's ear on it directly anymore.
 
2013-07-12 01:57:33 PM

dittybopper: naz-drala: wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?

Yeah, 'cause that's worked *SO* well for them.


All modern computers have Wi-Fi built in and it's a biatch to rip out - they often build the antenna into the screen. Then there's the issue of how to print.
 
2013-07-12 02:02:58 PM
Just write all your files in cursive. No one under the age of 50 will be able to read it.
 
2013-07-12 02:07:03 PM
This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.
 
2013-07-12 02:13:26 PM

vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.


I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.
 
2013-07-12 02:20:27 PM

rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.


The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.
 
2013-07-12 02:20:50 PM
Ah ha, the whole Snowden fiasco was just a conspiracy by 3M to sell more whiteout.
 
2013-07-12 02:25:18 PM

Xcott: rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.

The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.


Color me skeptical that you could ever make it work consistently.  After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.  Hell, even natural variation would throw it all out of whack, given the right circumstances.

It's one of those "we could do this, if all the conditions were *JUST* right" kind of things.
 
2013-07-12 02:25:23 PM
nsarchive.files.wordpress.com
 
2013-07-12 02:26:15 PM
I wonder if Russia is having the same problem as the USA with an aging population with rotting brains electing retards into government positions?
 
2013-07-12 02:35:59 PM

Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]


That's cold war tech. The NSA has satellites that use lasers that shine on the windows of your building to track the vibrations of everything you write
 
2013-07-12 02:36:20 PM

StaleCoffee: While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking.


No, it isn't.  That's just what humanities majors call this stuff when writing "cyberpunk" novels and role playing game sourcebooks.  In fact, nobody has called anything "phreaking" since people actually did phreaking.

For an excellent demonstration of EM analysis, check out Markus Kuhn's paper on Soft Tempest (IH 1998), where he demonstrates how to capture the picture on a CRT monitor from its emissions.  Later, he demonstrated that you can do this without EM:  because CRT monitors draw an image one pixel at a time, simply aiming a telescope and a photmultiplier tube at the monitor glare on your walls and sampling it at the right rate can be used to reconstruct your monitor display at a distance.
 
2013-07-12 02:41:46 PM
imageshack.us
 
2013-07-12 02:44:44 PM
We have some old typewriters to sell Russia, pay no attention to the attached antenna.
 
2013-07-12 02:46:22 PM

dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.


Yes, and the simple countermeasure to fingerprint detection is to wear gloves.  That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.

Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer?  Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it."  Countermeasures are effectively a non-issue.  It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.
 
2013-07-12 02:47:01 PM

dittybopper: It's one of those "we could do this, if all the conditions were *JUST* right" kind of things.


I'm not a scientologist, but it seems like any method for intercepting traffic that can be affected by coffee intake can't be very reliable.
 
2013-07-12 02:47:32 PM
static.guim.co.uk
 
2013-07-12 02:48:16 PM
//How can I be the first?
 
2013-07-12 02:59:59 PM
Can type.


www.undertheradarmag.com
 
2013-07-12 03:17:20 PM

Xcott: StaleCoffee: While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking.

No, it isn't.  That's just what humanities majors call this stuff when writing "cyberpunk" novels and role playing game sourcebooks.  In fact, nobody has called anything "phreaking" since people actually did phreaking.

For an excellent demonstration of EM analysis, check out Markus Kuhn's paper on Soft Tempest (IH 1998), where he demonstrates how to capture the picture on a CRT monitor from its emissions.  Later, he demonstrated that you can do this without EM:  because CRT monitors draw an image one pixel at a time, simply aiming a telescope and a photmultiplier tube at the monitor glare on your walls and sampling it at the right rate can be used to reconstruct your monitor display at a distance.


Cryptonomicon was a work of fiction but it wasn't steampunk or an RPG sourcebook. Yeah, you can just use the word eavesdropping instead but if the phrase offends you then I personally apologize for its use in this brave new out of band world.
 
2013-07-12 03:17:50 PM
How about not connecting vital computers to the frelling Internet?
 
2013-07-12 03:27:59 PM
Did they un-invent the scanner and the camera while they were at it?
 
2013-07-12 03:30:20 PM

Xcott: rumpelstiltskin: The keystroke analysis could be based on the idea that every hammer travels a different distance from its resting point to the point of impact, and then returns the same distance. That doesn't seem trivial to analyze when someone is typing quickly; you have three sounds for each key, and you need to sort them all out. But it definitely doesn't seem impossible.

The keystroke analysis papers I've read are instead based on the slight difference in time between keypresses.  For example, when you type "derp", the time between 'e' and 'r' is consistently different than the time between 'r' and 'p'.  This fact was used to catch passwords on earlier versions of SSH, because in some circumstances your encrypted keypresses would pass over a network one at a time, and the inter-key timing could be used to prioritize the guesses needed to brute-force your password.  This technique can also track key presses from an audio recording.


The training data required to crack SSH passwords by keystroke was pretty ridiculous. Not impossible but if you have that much access to someone typing it's not likely that avenue of attack is going to be in your first ten choices. I'm not intimately familiar with it, so you may be better informed than I, but I honestly do not recall that ever being one of the real security issues with SSH.
 
2013-07-12 03:33:19 PM

MythDragon: Gunny Highway: Psycoholic_Slag: zenobia: My dad tells a story from the Space Race where NASA scientists were trying to come up with a pen that writes in zero gravity. The Russians used a pencil.

Monitor this b*tches:

[www.photo-dictionary.com image 700x466]

[cuboidal.org image 358x200]

That's cold war tech. The NSA has satellites that use lasers that shine on the windows of your building to track the vibrations of everything you write


That's why I always turn my amp up to 11 and blast Slayer when I hold my clandestine meetings.

cdn-usa.gagbay.com
 
2013-07-12 03:36:11 PM

tricycleracer: Didn't spy agencies used to read characters off of discarded ribbons?


Yes they did use to do that IIRC. But I think that they caught on quick about that and burned them. I remember hearing they were easier to get for industrial espionage. Because a lot of companies just never thought about it.
 
2013-07-12 03:37:47 PM

fanbladesaresharp: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

No, not on your smart phone listening to the touch tone beeps. Older than that. Way older. It was this device that had things called "Keys" with levers and all kinds of metal-y looking stuff. Besides, is there anyone alive that actually knows how to "listen" to keys on an old mechanical, non electrified typewriter?


The only sound I remember is the k'CHUNK when I'd press a key down and it and the three keys to either
side would go down and stay stuck in the downward position.
 
2013-07-12 03:41:42 PM

HAMMERTOE: Silly. Computers are capable of more than 12,000,000 different colors. That's enough for a single color to correspond to a whole word, rather than a single letter. Imagine a picture, comprised of only the green part of the spectrum (2,000,000+ possibilities). Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.

 
2013-07-12 03:50:08 PM
Xcott: dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.

Yes, and the simple countermeasure to fingerprint detection is to wear gloves.  That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.

Certainly, but we're talking about *PROFESSIONALS* here, not two-bit low level criminals with poor impulse control.

Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer?  Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it."  Countermeasures are effectively a non-issue.  It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.

Actually, you can make this completely moot by simply doing your typing in a secure facility.  Which is where you were going to store the documents anyway.

Again, we're discussing people for whom security isn't some afterthought, but a way of life, and they are guarding secrets that you have no clue how tightly they are held.  I've been inside that world.

For very limited distribution, highly sensitive documents, where you can't afford to have them leaked, typing them directly onto paper instead of into a computer, where some nosy sysadmin might grab them, or some disgruntled worker might snarf on to a thumb drive .  That way the only real copy is paper, and paper is harder to sneak out of a secure facility than electronic data on something as small as a thumb drive or a microSD card.

How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?

Plus, with paper, if you take the only copy, it's going to be noticed that it's missing at some point.  You can steal electronic data without physically removing it.  Of course, there are audit trails that make that harder to do unnoticed, but if you've got superuser access, there are ways around that if you are smart, or, failing that, if you don't care if they find out by the next quarterly data audit because you'll be in another country by then.
 
2013-07-12 03:50:50 PM

groppet: tricycleracer: Didn't spy agencies used to read characters off of discarded ribbons?

Yes they did use to do that IIRC. But I think that they caught on quick about that and burned them. I remember hearing they were easier to get for industrial espionage. Because a lot of companies just never thought about it.


Ribbons went into burn bags when they were used up.
 
2013-07-12 03:57:36 PM

StaleCoffee: The training data required to crack SSH passwords by keystroke was pretty ridiculous.


Not really:  Song et al discovered that you don't need training data from the user you're surveilling.  A lot of people touch-type the same basic way, and timing data from one user is still useful for speeding up a password search from another user.

As with dictionary attacks, no amount of data is ridiculous if you can collect it yourself, off-line, in advance, and use it over and over.
 
2013-07-12 03:58:48 PM

dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.


I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.
 
2013-07-12 04:01:34 PM

digitalrain: HAMMERTOE: Silly. Computers are capable of more than 12,000,000 different colors. That's enough for a single color to correspond to a whole word, rather than a single letter. Imagine a picture, comprised of only the green part of the spectrum (2,000,000+ possibilities). Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.


Essentially, that's a code.  Codes are very susceptible to the same sort of analysis as monoalphabetic ciphers, though of course the frequencies of the individual words are much smaller.  It's been done since the Middle Ages.  Cryptanalysis of codes was a mature science in WWI, nearly 100 years ago.

Words, like letters, have their own unique frequencies in natural language, and this can be used to cryptanalyze a communication where whole words are replaced instead of individual letters.

Also, the idea of it sitting on a server somewhere for "on demand" retrieval doesn't get around the fact that when you place it on the server, you're transmitting it, and when you retrieve it, it's also being transmitted.  Both times it's vulnerable to interception.   Unless the server is essentially in the same building as both the creator and the intended recipient, it's vulnerable to being snarfed up.
 
2013-07-12 04:04:35 PM

Thelyphthoric: dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.

I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.


I use them to transmit voice, data (both computerized and via Morse) over HF frequencies to others.

I can do so with near 100% reliability within a 300 mile radius of my home location to similarly equipped stations, and with very good, but not perfect, reliability for thousands of miles.
 
2013-07-12 04:12:38 PM

dittybopper: Ribbons went into burn bags when they were used up.


So did one-time pads.  And yet, Venona was still a real thing that happened.

dittybopper: Actually, you can make this completely moot by simply doing your typing in a secure facility.


Well, one of the points of emissions analysis, including timing attacks, power analysis attacks, and acoustic emanation attacks, is to increase the surveillance toolbox for those situations.  An attacker might not be able to sneak a camera into a facility, but he might be able to make an audio recording or monitor power fluctuations.  An attacker might not be able to get malware onto a computer, but he might be able to get it onto a nearby computer.

But yes, you can make all this completely moot simply by achieving an ideal level of security that prevents all attacks.
 
2013-07-12 04:13:56 PM

dittybopper: How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?


To answer my own question, you can photograph them, but that also takes time, and of course you need to smuggle the camera in and out of the facility, which admittedly is easier than it was in the old days, with film cameras.
 
2013-07-12 04:15:52 PM

dittybopper: Thelyphthoric: dittybopper: vygramul: This sounds suspiciously like the excuse-making for why the Soviets used vacuum tubes.

I still use vacuum tubes.  Ain't nothing wrong with them, for certain applications.  EMP-resistant RF front ends and high power transmitters being two of them.

I use them as well, but mostly because all-tube amps make my guitars sound nicer than them digital approximations.  I doubt that's helpful in this conversation though - even the NSA doesn't care about my stored effect presets.

I use them to transmit voice, data (both computerized and via Morse) over HF frequencies to others.

I can do so with near 100% reliability within a 300 mile radius of my home location to similarly equipped stations, and with very good, but not perfect, reliability for thousands of miles.


I've been reading your posts here today and remember many discussions in the past where I was fascinated by your knowledge.

/That said, please don't hurt me, I don't know nuttin.
 
2013-07-12 04:16:18 PM

Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.


The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.

Had they actually gone into burn bags after their single use, Venona wouldn't have been possible.

/They're called *ONE*TIME* pads for a reason.
 
2013-07-12 04:27:09 PM

Triumph: dittybopper: naz-drala: wouldn't it be easier to just use a computer not connected to any networks and with the USB ports cemented up like the DoD?

Yeah, 'cause that's worked *SO* well for them.

All modern computers have Wi-Fi built in and it's a biatch to rip out - they often build the antenna into the screen. Then there's the issue of how to print.


do you know what Tempest is? you should probably read this

That is of course the most basic information. If you have seen the movie "Enemy of the State", then you remember the copper mesh cage that Gene Hackman's character built around his equipment. The purpose of that shielding is to prevent EM radiation from entering or escaping thereby preventing remote capture of data from TEMPEST, WiFi, etc. As dittybopper can confirm I am sure... most "secure" facilities are shielded against EM monitoring, so unless you intend on using a wired bug (not wise), or a laser bug (not likely as secure rooms never have a direct window to the outside to prevent laser vibration monitoring), you have to rely on physical access to the site.
 
2013-07-12 04:27:27 PM

HAMMERTOE: Now imagine a picture that looks like nothing more than green "snow", similar to an old-style TV not tuned to a particular station. That one picture could contain an entire Stephen King novel. And, it doesn't even have to be sent anywhere, merely posted to an obscure server somewhere, for "on-demand" access. Hell, imgur or tumblr could be an espionage forum. And the NSA would be none the wiser.


The NSA would miss your encrypted messages if you just put an image header at the front of them??

What, because they'll look at the 50 uncompressed bitmap images of complete randomness you posted online and say, "oh, those are probably just family photos?"

The point of steganography is to make a message look like an everyday thing, not an alarmingly conspicuous thing.  Typically people hide messages in images by twiddling a few pixels in a "natural" image---but it turns out that it's wickedly difficult to do even this without ultimately risking detection.
 
2013-07-12 04:35:40 PM

dittybopper: Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.

The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.

Had they actually gone into burn bags after their single use, Venona wouldn't have been possible.

/They're called *ONE*TIME* pads for a reason.


ding.ding.ding.

It's amazing how lazy people can get even securing documents sometimes.
 
2013-07-12 04:41:48 PM

StaleCoffee: whither_apophis: FullMetalPanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

They can tell exactly what you're typing by just hearing you type

I think it was in "Spycatcher" he talked about listening to typewriters to try and pick out the unique sounds of each key. Also on electric typewriters give off EM radiation that can be analyzed as well.

While the keystroke analysis sounds kind of absurd, grabbing the em radiation is called Van Eck phreaking. I have never got around to building an eckbox to try it but the have been proof of concepts done to make it a real security issue.


yah, that was in the movie Sneakers
 
2013-07-12 04:43:23 PM

dittybopper: Xcott: dittybopper: Ribbons went into burn bags when they were used up.

So did one-time pads.  And yet, Venona was still a real thing that happened.

The pads that were used for the messages broken in the Venona program didn't:  They were re-used, which is how those messages were broken.


[thats-the-joke.jpg]

Encryption pads are never reused, except when some dimwit did reuse them.  Just like confidential information is never allowed to reside unencrypted on a laptop that gets stolen at the airport, and just like all AOL search query information has to be deleted after 1 month and never put up on a web server for a grad student at Carnegie Mellon.

Typewriter ribbons present a security weakness and opportunity for surveillance even though, by official policy, they are supposed to be burned.
 
2013-07-12 05:00:22 PM
All this means is a boom in the spy tech industry,

Decoder rings for all!
 
2013-07-12 05:01:25 PM

Xcott: StaleCoffee: The training data required to crack SSH passwords by keystroke was pretty ridiculous.

Not really:  Song et al discovered that you don't need training data from the user you're surveilling.  A lot of people touch-type the same basic way, and timing data from one user is still useful for speeding up a password search from another user.

As with dictionary attacks, no amount of data is ridiculous if you can collect it yourself, off-line, in advance, and use it over and over.


"We pick a character pair and ask the user to type this pair 30-40 times, returning to the home row each time between repetitions. For each user, we repeat this for many possible pairs (142 pairs, in our experiments) and gather data on inter-keystroke timings for each pair. We collected the latency of each character pair measurement and computed the mean value and standard deviation."

The training data wasn't universally applied between users either. They had better results between certain users than others.

I'm not saying it isn't possible, I'm saying it's a lot more effort than something like sneaking a hidden camera in or out, since you'd have to sneak out the audio recordings anyway. Unless you're going to be on the spot analyzing that in your head. It's ridiculous the way killing James Bond with sharks is ridiculous. Yeah they'll farking eat him but it's faster to just shoot him in the face without talking about it.
 
2013-07-12 05:02:25 PM
I seriously doubt these guys were ever REALLY a super power. More like a super hyped paper tiger.
 
2013-07-12 05:06:46 PM
They still watch you from satellites, though....

I don't know how true this is, but I've read somewhere that the real reason for banning lead paint was so walls could be seen through.  Not sure of the veracity but it's something to think about.
 
2013-07-12 05:10:04 PM

StaleCoffee: Xcott: StaleCoffee: The training data required to crack SSH passwords by keystroke was pretty ridiculous.

Not really:  Song et al discovered that you don't need training data from the user you're surveilling.  A lot of people touch-type the same basic way, and timing data from one user is still useful for speeding up a password search from another user.

As with dictionary attacks, no amount of data is ridiculous if you can collect it yourself, off-line, in advance, and use it over and over.

"We pick a character pair and ask the user to type this pair 30-40 times, returning to the home row each time between repetitions. For each user, we repeat this for many possible pairs (142 pairs, in our experiments) and gather data on inter-keystroke timings for each pair. We collected the latency of each character pair measurement and computed the mean value and standard deviation."

The training data wasn't universally applied between users either. They had better results between certain users than others.

I'm not saying it isn't possible, I'm saying it's a lot more effort than something like sneaking a hidden camera in or out, since you'd have to sneak out the audio recordings anyway. Unless you're going to be on the spot analyzing that in your head. It's ridiculous the way killing James Bond with sharks is ridiculous. Yeah they'll farking eat him but it's faster to just shoot him in the face without talking about it.


Actually, how would you grab the training data without filming it or installing a keylogger in the first place? Assuming it's on a PC rather than a typewriter. But if you have a keylogger on the machine then you already have passwords. Yes, you could conceivably crack new passwords later from training data and while that's a long game, the kind of machines most people would have access to for that aren't for the kind of people you would run a long game against like that.

Is there another way to retrieve training data that doesn't require key value logging like that?
 
2013-07-12 05:13:26 PM

Miss Alexandra: They still watch you from satellites, though....

I don't know how true this is, but I've read somewhere that the real reason for banning lead paint was so walls could be seen through.  Not sure of the veracity but it's something to think about.


Can satellites see through walls now? If that's true then it won't be long before Xhamster as a sat up there.
 
2013-07-12 05:24:55 PM

Miss Alexandra: I don't know how true this is, but I've read somewhere that the real reason for banning lead paint was so walls could be seen through. Not sure of the veracity but it's something to think about.


Ok, let's think about it. The health risks of lead are well documented. Lead paint isn't thick enough to block anything.

You're right, it's probably an NSA plot.
 
2013-07-12 05:41:32 PM

Xcott: Encryption pads are never reused, except when some dimwit did reuse them.


I don't think the Soviets were being dimwits, necessarily.  It seems that they tried to 'stretch' their limited OTP generation capability during the extremely chaotic beginning of WWII for them by reusing a relatively small number of pad pages.

Don't forget that Venona managed to decode only something like 1 to 3% of the total amount of Soviet traffic that the US intercepted, and it took years to get much of it (though some was decoded quickly).

Back then, they may have believed that they could safely re-use the pads, if they did it in a limited way.  They used code-names for people, organizations, and projects, and they may have decided that the slight risk was acceptable.

We have something they didn't have:  A historical example of why it's a very bad idea, the revelations about the Venona Project.

One time pads were relatively new in 1941, having been invented back around 1920 or so.  Today, we know better.
 
2013-07-12 05:50:20 PM

Xcott: Typewriter ribbons present a security weakness and opportunity for surveillance even though, by official policy, they are supposed to be burned.


I've got an old Olivetti Lettera 32 manual typewriter.  It's got a cloth ribbon that is at least 30 years old.  It's been reused numerous times, so much so that I doubt that you could pull any useful information off of it.  Each part of that ribbon has been hit by so many different letters and numbers that I can't see how any amount of analysis could possibly pull any intelligence off of it.

Cloth ribbons are fundamentally different than the plastic ribbons used by later typewriters:  Plastic ribbons can be read by eye easily, and they can't really be re-used over and over again like a cloth ribbon.

In any case, it's a relatively minor thing to toss a ribbon into a fire and install a new one.  It's not even all that expensive:   Ribbons for my typewriter can be had for about $8 a piece.
 
2013-07-12 05:52:41 PM

dittybopper: Xcott: dittybopper: Color me skeptical that you could ever make it work consistently. After all, the most simple countermeasure would be to just type slowly in an even rhythm, or to consciously vary the timing.

Yes, and the simple countermeasure to fingerprint detection is to wear gloves.  That's why fingerprints never helped convict a criminal---because everyone just started wearing gloves all the time starting in 1892.

Certainly, but we're talking about *PROFESSIONALS* here, not two-bit low level criminals with poor impulse control.

Seriously, how many people do you expect to suddenly decide to type slowly in an even rhythm to prevent timing attacks on their computer?  Even people aware of the need for that kind of countermeasure are going to try that for 30 seconds and say "fark it."  Countermeasures are effectively a non-issue.  It's like pointing out that you can defeat speaker identification by talking like Meatball all the time---great, but nobody does that, and nobody's going to do that.

Actually, you can make this completely moot by simply doing your typing in a secure facility.  Which is where you were going to store the documents anyway.

Again, we're discussing people for whom security isn't some afterthought, but a way of life, and they are guarding secrets that you have no clue how tightly they are held.  I've been inside that world.

For very limited distribution, highly sensitive documents, where you can't afford to have them leaked, typing them directly onto paper instead of into a computer, where some nosy sysadmin might grab them, or some disgruntled worker might snarf on to a thumb drive .  That way the only real copy is paper, and paper is harder to sneak out of a secure facility than electronic data on something as small as a thumb drive or a microSD card.

How many typewritten documents do you think you could sneak past the guards that are there specifically to prevent that sort of thing?

Plus, with paper, if you take the only copy, it's ...


Type at a constant rate of characters, lol.  I can see the want ads now.  Wanted: typist who can't type and can't learn.  Must have no credit issues and be able to hold a top secret/TSC clearance.  Do you really think that the Russians bothered to bug the noise IBM selectrics made in an insecure location?

I think the big question is, are they storing plaintext or cipher text in the file drawers.  Ciphertext would be a pain, but vastly more secure than anything the NSA uses.  Any camera will let you put as many hardcopies you want on a SDHC (and the camera is only barely larger.  Smart installations will shoot you for the SDHC as soon as the camera).  It might be slightly less clunky, but I'm sure that the Russians will be far more to the point if they have to put everything in hardcopy to a manual typewriter instead of thousands of slides of power point.  You could send the NSA some ciphertext, but the whole point of the place is they are already getting tons of that anyway, what they need are the keys and the plaintext.

"Again, we're discussing people for whom security isn't some afterthought, but a way of life, and they are guarding secrets that you have no clue how tightly they are held.  I've been inside that world." - Dittybopper

So was Snowden.  So was Manning.  Security is hard: screw up once and it is over.   Attacking is easy, a .001 average means you got what you wanted.

Fullmetalpanda: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

Note that if you are copying a sufficiently slow source of random data (i.e. you get the next character after you typed the last one) it is next to impossible to determine the keypress.  Typing ciphertext is going to brutal to descramble (all errors won't be recovered and will really screw up decryption attempts.  Will be utterly useless for codebreaking).  Type cleartext and I bet you will never manage to get the rhythm off enough after doing it for awhile.

Hitlersbrain:I seriously doubt these guys were ever REALLY a super power. More like a super hyped paper tiger.
They have had the most effective space program from the 1950s to 2013, with a small break when they lost their vision of simple craft with the N1 (i.e. when we went to the moon).  They also have had the bomb (including Sakharov's H-bomb) for a good long time (conquering Nazi Germany helps bring in a few spoils).  US spy agencies had to lie their tounges black over their conventional firepower, because they really weren't in a position to invade anybody outside the Iron Curtain.  They also managed to do all this starting from a mideval kingdom in the early twentieth century that was invaded twice during the whole process; the Romanov in charge of the Army didn't care that he only had "two weeks" worth of bullets before WWI (note that all sides assumed they would shoot about 1% of what they actually used) because "things would be decided with lance and saber as always".  Makes you wonder how far we would be ahead if we were the ones who tried communism.
 
2013-07-12 05:55:14 PM

real_headhoncho: All this means is a boom in the spy tech industry,

Decoder rings for all!


Meh.  I'd rather use manually generated one time pads:

i55.tinypic.com

(OTP with the dice I used to make it)

Or, if absolute secrecy isn't required, then a strip cipher:

img31.imageshack.us

BTW, you can get pretty good security from a strip cipher similar to this, if you use a large enough number of strips, and use dice and Scrabble tiles to generate the strips and the keys (ie., strip order), especially for relatively low amounts of traffic.
 
2013-07-12 06:00:35 PM

yet_another_wumpus: So was Snowden.  So was Manning.  Security is hard: screw up once and it is over.   Attacking is easy, a .001 average means you got what you wanted.


That's precisely my point:  Using typewriters instead of computers makes it harder for a Snowden or a Manning to get as many documents, or documents as sensitive.

Both had essentially unlimited access to a metric farkton of classified data.  Putting stuff on paper locked in a SCIF, it having never been electronic in nature, limits the possibility of exposure compared to purely electronic documents, but it doesn't completely remove the danger.  It just makes it harder.
 
2013-07-12 06:07:23 PM

StaleCoffee: Actually, how would you grab the training data without filming it or installing a keylogger in the first place?


I told you:  Song et al observed that you can use training data from one user to help brute-force another user's typing, because there are common timing patterns among touch typists.  It's not as good as having data from the target, but it still helps.

So you don't need to install a keylogger on the target's computer to collect his data; you just collect a mountain of training data from your own subjects.  You develop a universal background model for touch-typing behavior.  Then you use that model to spy on each of your targets, or to analyze sound recordings of touch typing by whomever.

StaleCoffee: I'm not saying it isn't possible, I'm saying it's a lot more effort than something like sneaking a hidden camera in or out, since you'd have to sneak out the audio recordings anyway.


Sneaking a camera in or out requires physical access to the target's location.  Keystroke timing can be accomplished remotely, for example by monitoring the timing of packets in an encrypted stream, or somehow gaining audio access such as the sound of typing in a phone call or video chat session.
 
2013-07-12 06:09:02 PM

Xcott: Encryption pads are never reused, except when some dimwit did reuse them


Which is why the weakest part of most security systems is the dimwits that use them and within any organization you're going to have at least a few dimwits and in a large organization you're going to have a lot of dimwits.
 
2013-07-12 06:20:40 PM

gfid: Xcott: Encryption pads are never reused, except when some dimwit did reuse them

Which is why the weakest part of most security systems is the dimwits that use them and within any organization you're going to have at least a few dimwits and in a large organization you're going to have a lot of dimwits.


Yeah, but manual, paper OTPs are about as foolproof a solution as you are going to find.  The rules are simple, and when followed, they *WORK*.

But if you can't get someone to follow the simple rules (use pad once, then destroy as soon as you encrypt or decrypt), then they aren't going to follow the rules for any other system.

The thing is, though, if they fail to destroy a pad or pads, and they are discovered, that only lets whoever found them break the messages encrypted with those pads.  It doesn't provide a general way into the system like revealing a key for a non-OTP system.

For example, this pad page is compromised:
i55.tinypic.com

But the fact that page 704 is compromised doesn't help anyone decrypt messages I might send using page 705, or 703, or 710, or any other page in that pad.  In other words, there isn't a general solution to the one time pad, where a single piece of information can be used to compromise the whole system.

That's why Venona isn't as damaging as it could have been to the Soviets.  We could only decrypt the messages that used the same pad pages.
 
2013-07-12 08:09:52 PM
Meh.

img143.imageshack.us
 
2013-07-12 08:11:24 PM

dittybopper: Yeah, but manual, paper OTPs are about as foolproof a solution as you are going to find. The rules are simple, and when followed, they *WORK*.


That's not what "foolproof" means.  OTPs are actually the opposite of foolproof:  they fail catastrophically when people cut a few corners or make a few mistakes, and the onerous key requirements actually encourage those mistakes.

OTPs are fragile in the sense that if someone ever cuts a corner and reuses a pad, anyone who intercepts your transmissions can immediately detect the reuse, and it's not that hard to extract the messages in full when this happens.  It's hard to express just how embarrassingly bad this is by modern standards:  a cipher should never fail this dramatically when a key is misused or used past its mandated lifetime.

On top of this, the OTP requires that key material be written down and stored in two different places, which again is pretty awful security by modern standards, or even 1970s standards.  You should only need a key or passphrase that you can memorize---you should never have to write down a key---and you shouldn't have to share it with anyone, even the person with whom you are communicating. 

The only reason to use an OTP is that the encryption method is theoretically unbreakable if all practical matters are ignored.  But you only needed that theoretical unbreakability 40-50 years ago, before people figured out how to make reliably strong cipher algorithms.  And when you factor in the practical matters, it's a real D- of a cipher.

This is why cryptographers are conditioned to hear "one-time pad" and think "crackpot."  If you're writing cryptographic software and you want to guarantee that people will declare it snake oil, use the phrase "one-time pad" in the marketing copy.
 
2013-07-12 09:19:27 PM
now we have to back to stealing their carbons
 
NFA [TotalFark]
2013-07-12 09:53:51 PM

dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.


Not true, the written text is captured on the manual typewriters ribbon.
 
2013-07-12 10:51:42 PM

NFA: dittybopper: Actually makes sense, and it's why I use a manual typewriter to make one time pads:  No data remanence issues.

Not true, the written text is captured on the manual typewriters ribbon.


You really should read the entire thread before posting.
 
2013-07-12 11:05:51 PM

Xcott: dittybopper: Yeah, but manual, paper OTPs are about as foolproof a solution as you are going to find. The rules are simple, and when followed, they *WORK*.

That's not what "foolproof" means.  OTPs are actually the opposite of foolproof:  they fail catastrophically when people cut a few corners or make a few mistakes, and the onerous key requirements actually encourage those mistakes.

OTPs are fragile in the sense that if someone ever cuts a corner and reuses a pad, anyone who intercepts your transmissions can immediately detect the reuse, and it's not that hard to extract the messages in full when this happens.  It's hard to express just how embarrassingly bad this is by modern standards:  a cipher should never fail this dramatically when a key is misused or used past its mandated lifetime.

On top of this, the OTP requires that key material be written down and stored in two different places, which again is pretty awful security by modern standards, or even 1970s standards.  You should only need a key or passphrase that you can memorize---you should never have to write down a key---and you shouldn't have to share it with anyone, even the person with whom you are communicating. 

The only reason to use an OTP is that the encryption method is theoretically unbreakable if all practical matters are ignored.  But you only needed that theoretical unbreakability 40-50 years ago, before people figured out how to make reliably strong cipher algorithms.  And when you factor in the practical matters, it's a real D- of a cipher.

This is why cryptographers are conditioned to hear "one-time pad" and think "crackpot."  If you're writing cryptographic software and you want to guarantee that people will declare it snake oil, use the phrase "one-time pad" in the marketing copy.


I'm a former Signals Intelligence professional (go ahead and google 'ditty bopper').

Since I've been out of that business, it's been a bit of a serious hobby for me. To the best of me knowledge, I was the first one to publish the idea of using 10-sided dice to generate OTPs, and as you can see I've also experimented with other manual methods of encryption.

There is a reason that numbers stations still exist, and why those stations still transmit their messages using one time pads: Because when used properly (especially avoiding the use of a computer), they are forever safe.

Think about that: No one needs higher security than spies, and what do they use? OTPs.
 
2013-07-12 11:24:44 PM

ccundiff: //How can I be the first?


Exactly!  First thing I thought of.
 
2013-07-12 11:24:57 PM

dv-ous: My dad emailed me a link to this story a few minutes before it went green.

Sadly, his source was the Daily Caller. So now I has a sad.


dang what a deal, now i am sad again too.
 
2013-07-13 12:04:07 AM
dittybopper: There is a reason that numbers stations still exist, and why those stations still transmit their messages using one time pads: Because when used properly (especially avoiding the use of a computer), they are forever safe.

Yes, except for the part where you have to write the key down on lots of paper, keep it somewhere, and give a copy of that paper to someone else.  And repeat this process for each person with which you need to communicate.

In exchange for that embarrassingly bad security, you get a theoretically unbreakable cipher---theoretically unbreakable under the questionable assumption that nobody can intercept and record the key material. 

In contrast, you could use a modern cipher, which doesn't require you to share your decryption key with anyone, or store it anywhere, written or otherwise, even if you want to communicate securely with a network of 2,000 separate people.  In exchange for that far more acceptable level of security, the cipher is no longer theoretically perfectly secure:  it will only be unbreakable for the lifetime of the universe, rather than forever.  Boo hiss. 

Of course, your adversary could find a way to invent a nondeterministic computer to brute-force all 128-bit keys in an eyeblink, or solve the Elliptic Curve discrete log problem or find a flaw in AES.  So to prevent those very real possibilities, let's instead use a 100-year-old cryptosystem that could only be broken by a dude with impossible sci-fi technology like lockpicks and a camera.
 
2013-07-13 12:13:07 AM

dittybopper: To the best of me knowledge, I was the first one to publish the idea of using 10-sided dice to generate OTPs, and as you can see I've also experimented with other manual methods of encryption.


I forgot to add:  I can't tell from the photo, but do those dice have sharp edges?

A lot of dice are injection molded and then tumbled to smooth their edges, and you should not be using them to generate cryptographically secure random data.  Dice are less uniform than people think---casinos are really the only ones who obsess about exacting quality standards in dice, and really they only care about D6s.

But again, the main security risk of a OTP is not some analyst finding a tiny bias in your dice, but simply intercepting and scanning the key material after you necessarily write it down and give a copy to someone else.
 
dsh
2013-07-13 07:25:27 AM
I didn't even know they upgraded to typewriters, last i saw they were using hi-tec pencil and paper.
 
2013-07-13 08:56:36 AM
Yeah, about that...

i86.photobucket.com

/old skool spyin' FTW!
 
2013-07-13 09:16:49 AM

Xcott: dittybopper: There is a reason that numbers stations still exist, and why those stations still transmit their messages using one time pads: Because when used properly (especially avoiding the use of a computer), they are forever safe.

Yes, except for the part where you have to write the key down on lots of paper, keep it somewhere, and give a copy of that paper to someone else.  And repeat this process for each person with which you need to communicate.


That's a feature, not a bug.  

In exchange for that embarrassingly bad security, you get a theoretically unbreakable cipher---theoretically unbreakable under the questionable assumption that nobody can intercept and record the key material.

You get around that by *PHYSICALLY* transferring the pads.

If you and I are communicating, meeting once every 6 months or so to exchange pads, or even through a dead drop, or even through the mail, is not a significant burden.

It's a trivial exercise to make a tamper-evident package around the pads so that you can tell if they've been compromised.  If they have, you've got two choices:  Don't use them, or use them to send deliberately misleading messages.


In contrast, you could use a modern cipher, which doesn't require you to share your decryption key with anyone, or store it anywhere, written or otherwise, even if you want to communicate securely with a network of 2,000 separate people.  In exchange for that far more acceptable level of security, themisleading  cipher is no longer theoretically perfectly secure:  it will only be unbreakable for the lifetime of the universe, rather than forever.  Boo hiss. 

Of course, your adversary could find a way to invent a nondeterministic computer to brute-force all 128-bit keys in an eyeblink, or solve the Elliptic Curve discrete log problem or find a flaw in AES.  So to prevent those very real possibilities, let's instead use a 100-year-old cryptosystem that could only be broken by a dude with impossible sci-fi technology like lockpicks and a camera.


Or they could put a keylogger and/or trojan on your computer, and just read whatever it is you send before it gets encrypted.  Which is the simple way to do it, and needless to say, isn't as computationally intensive as trying to crack modern computerized ciphers.

You can't put a keylogger or a trojan on a pencil.  In order to spy on someone using an OTP, you need *PHYSICAL* access, which is much harder than infecting the computer of the person you wish to spy on.
 
2013-07-13 10:46:31 AM

Xcott: dittybopper: To the best of me knowledge, I was the first one to publish the idea of using 10-sided dice to generate OTPs, and as you can see I've also experimented with other manual methods of encryption.

I forgot to add:  I can't tell from the photo, but do those dice have sharp edges?

A lot of dice are injection molded and then tumbled to smooth their edges, and you should not be using them to generate cryptographically secure random data.  Dice are less uniform than people think---casinos are really the only ones who obsess about exacting quality standards in dice, and really they only care about D6s.


This is where I can tell that you've gotten your information about cryptography from non-professional sources.

Despite what you may have read, OTPs don't have to be perfectly mathematically random.  They just have to be random enough in a non-deterministic way.  In other words, if you roll a sequence like 77324, there can't be a way to mathematically derive that the next number is going to be 5, for example.

You can have pads with significant statistical anomalies in them, but because they are non-deterministic, you can't use those anomalies to break an OTP cryptographically.   Soviet OTPs captured in the 1950's from spies had some serious statistical anomalies, but they weren't of any use to the cryptanalysts.

Also, you'd have to contend with the fact that any statistical anomaly in any one particular die is going to be submerged by the fact that there are 4 other dice being rolled (I roll 5 at a time to generate a single "group"), and there is no way to determine what the order is.  Did a 7 come up in the 3rd position of a group because Die A, which has a slight bias towards 7 was in the 3rd position  during that particular roll, or was it Die B, C, D, or E?  No way to derive that information, even if you actually have the pad itself to analyze.

But again, the main security risk of a OTP is not some analyst finding a tiny bias in your dice, but simply intercepting and scanning the key material after you necessarily write it down and give a copy to someone else.


This isn't a big deal.  Physical custody of something the size of a matchbook is relatively easy to maintain securely.  You just keep it on your person.

For the pads you aren't using, you can secure them in tamper evident packaging.  So long as you can tell that the pads have been interfered with in some way, security is maintained.  In fact, it might actually work to your advantage:  If you know the pads have been tampered with, you can send false information.  Opaque, tamper-evident packaging is relatively easy to make.  I like aluminum foil and superglue.  It's opaque visually and to any kind of electromagnetic radiation they might try to use to read it, it's simple, and it's available.

Here is how it might work:  A pad might be, say, 10 pages.  Each pad is wrapped securely in aluminum foil and glued shut with a bit of thread sticking out so you can open them easily.  You use a paint marker to make some marks along the seams so you can tell if the pad has been opened by other means.

The pad that you are currently can either stay on your person, if you live in a jurisdiction like the United States, or, if necessary, a nice hidden place in your home.

The point being, in order to copy the pads, any potential cryptanalyst needs *PHYSICAL* access to them.  That's hard to do undetected.  Not impossible, but you can make it so hard that it's just not practical.

With computerized cryptography, you don't need physical access to the machine.  Unless it's a stand-alone computer, any potential adversary can side-step computationally intensive cryptanalysis by simply putting a keylogger on that computer and reading the plaintext at their leisure.

In fact, that's why computers should *NEVER* be used when the ultimate in security is required.  In fact, a guy I know wrote a paper about that very thing, why OTPs and computers are a very bad mix, from a security standpoint.

I'm not saying that OTPs are the be-all, end-all of cryptography.  For most communications, you don't need the security that OTPs provide.  Hell, I don't even use them, I just experiment with them, because I don't have an actual *NEED* for that much security.  From a convenience standpoint, if I were to need a method to communicate with someone (and to keep the encryption offline to prevent keyloggers or trojans from being a security issue), I'd use a wheel/strip cipher.  Secure enough, very easy to use, and because you never have to write down the plaintext, computer intrusions aren't a problem.

But, if you need the ultimate in security, there really is literally nothing better than an OTP, and it can be implemented without any modern technology.
 
2013-07-13 10:51:48 AM
I should point out again that I'm a crypto-weenie going back at least 30 years, I've been in the signals intelligence business, and I'm also a senior programmer/analyst, so I'm up on all the latest computer security stuff.
 
2013-07-13 11:21:22 AM

dittybopper: You get around that by *PHYSICALLY* transferring the pads.


Of course you physically transfer the pads.  They're on paper.  How does that "get around" interception?

I remind you that an adversary can intercept those pads any time before they are used.  They are not limited to intercepting at the moment of handoff.  Hand them off in person, use a tamper-evident package and a masonic handshake; none of that stops someone from photographing them after they wind up in a recipient's house or hotel room or wherever else he has to take them or may leave them by mistake.  And no, that's not a "feature," it's a vulnerability that no other cipher has.

The OTP has theoretically perfect security if there are no key issues, but it also has theoretically worst-case key issues,  and key issues are far more important to security than a theoretical difference between a quadrillion years and infinity years to crack the cipher.  There's a reason why the federal government went nuts trying to tamp down the spread of public-key cryptography and modern block ciphers, going so far as to classify strong crypto as munitions under export control law; but at the same time they didn't give two craps whether you and some dude in Finland communicated with "perfect secrecy" using a typewriter and slightly malformed children's toys.

Or they could put a keylogger and/or trojan on your computer, and just read whatever it is you send before it gets encrypted.

If you're that paranoid, use a computer disconnected from the network booting from a live CD.  Move the ciphertext with a flash drive---or if you're utterly paranoid, print the ciphertext and OCR it.
 
2013-07-13 12:32:59 PM

Xcott: dittybopper: You get around that by *PHYSICALLY* transferring the pads.

Of course you physically transfer the pads.  They're on paper.  How does that "get around" interception?


It's pretty simple.  If Alice physically hands the pads to Bob, how is Eve going to get access to them?

I remind you that an adversary can intercept those pads any time before they are used. They are not limited to intercepting at the moment of handoff.  Hand them off in person, use a tamper-evident package and a masonic handshake; none of that stops someone from photographing them after they wind up in a recipient's house or hotel room or wherever else he has to take them or may leave them by mistake.  And no, that's not a "feature," it's a vulnerability that no other cipher has.

Physical access to the pads is a much, much, *MUCH* more difficult issue that slapping a keylogger or a trojan on the computer of an adversary.  Think of all the places you can hide something the size of a pack of cigarettes in your house.  A package that size could hold a *LOT* of OTPs, even ones done by a conventional manual typewriter.

Be creative.  Right in front of me, within arms reach, I've got several electronic devices that I could open with a screwdriver and hide the pads within.

Now think about how long it would take to physically search your home thoroughly, find them, open them up, photograph them, and replace them such that the tamper-evident packaging isn't disturbed.  Do you think it's practical for anyone, even a government, to do that without leaving some sign that they did it?

This is why secret agents still use manual one time pads.  When actual physical access is required in order to copy the pads, you can arrange the circumstances so that if they manage to gain physical access, you will know about, and can take the appropriate steps.

The OTP has theoretically perfect security if there are no key issues, but it also has theoretically worst-case key issues,  and key issues are far more important to security than a theoretical difference between a quadrillion years and infinity years to crack the cipher.  There's a reason why the federal government went nuts trying to tamp down the spread of public-key cryptography and modern block ciphers, going so far as to classify strong crypto as munitions under export control law; but at the same time they didn't give two craps whether you and some dude in Finland communicated with "perfect secrecy" using a typewriter and slightly malformed children's toys.

That's because realistically, they know there isn't anything they can do about it.

Strong crypto software itself can be classified as munitions, but the algorithms themselves can't be.   That's how Phil ZImmerman got around that problem with the exportation of PGP:  He published in book form, and it then enjoyed First Amendment protections.  That's why you can post the plans for building bombs, machine guns, and all manner of weaponry without falling afoul of export control laws about munitions.

Let's say I design some new super-missile that's better than anything anyone else has.  I could publish the precise plans for it and not run afoul of any laws.

Or they could put a keylogger and/or trojan on your computer, and just read whatever it is you send before it gets encrypted.

If you're that paranoid, use a computer disconnected from the network booting from a live CD.  Move the ciphertext with a flash drive---or if you're utterly paranoid, print the ciphertext and OCR it.


What about the plaintext?  Hell, if they can gain physical access to snatch pads, why can't they do so to install a keylogger on your offline machine?  Hell, why couldn't they install something in it to transmit that data to a receiver a short distance away?  Or just go ahead and listen for the unique radiation that your machine unintentionally generates?
It's a hell of a lot easier to enter a house, find the computers, and surreptitiously install software in them undetected than it is to toss the entire house looking for something small that could be hidden in practically *ANYTHING* with a volume bigger than, say, 5 or 10 cubic inches (and that could be split up among multiple locations), open up the packaging, photograph the individual pads, and then replace them undetected.

I should point out that's an old pad, btw:  I've experimented further, and I've found that if you glue 3 of the edges for the pages along with half the edge of the 4th edge, you can easily remove each page by tearing it off, but it prevents people from effectively being able to copy the pages underneath without it being detected.
 
2013-07-13 12:35:21 PM

dittybopper: Despite what you may have read, OTPs don't have to be perfectly mathematically random.  They just have to be random enough in a non-deterministic way.  In other words, if you roll a sequence like 77324, there can't be a way to mathematically derive that the next number is going to be 5, for example.


Wow, that's ... really, really, really false.

By definition, perfect secrecy requires that the a priori plaintext distribution equals the a posteriori distribution.  That's an absolute requirement, and if you don't meet that, then there's really no point in putting up with all the other crap to use the cipher.

This means that it's not sufficient for the pad to be "random enough in a non-deterministic way."  It has to have a specific kind of distribution that makes the plaintext and ciphertext independent.  A uniform distribution achieves this, and an arbitrary non-uniform distribution does not.

If you want a simple example, here is a OTP-encrypted text (mod 26) where the pad is severely biased toward Z (90%) but it's still "non-deterministally random":

"WFENAHLYOUHAVEISAKAMMEREVERYTHINGLOOMSLIKLANADL"

You're telling me that nobody can deduce what this says because the noise, while slight, is non-deterministic?   Har har, nobody will ever read my message because they can't prove what I said with 100% certainty!  But wait, no, this is trivial to read.  In fact, with a biased pad, certain plaintext values become more likely and certain values less likely.  This violates perfect secrecy.

You may argue that a small bias, like 1-2%, doesn't make much of a difference.  But then, your messages are no longer "forever safe."  They are now vulnerable to the same impractical brute force analysis that you get with any other cipher.

dittybopper: Also, you'd have to contend with the fact that any statistical anomaly in any one particular die is going to be submerged by the fact that there are 4 other dice being rolled


Unless, of course, the dice are from the same set, and have the same mold and the same oblateness on the 4-5 axis.  Have you ever subjected your dice to the stack test?

I mean, think about it:  these are literally children's toys.  You are attempting to achieve the ultimate in security by using children's toys.  Board games have no insanely precise requirements for dice output uniformity, so there is zero reason for a manufacturer to obsess over something like that.  Half of the time they throw the friggin' things into a rock tumbler to make them smooth and shiny.

/Nothing you can't find in an undergrad crypto textbook
//I recommend Trappe and Washington, or Stinson but only 1st ed.
 
2013-07-13 12:55:34 PM

dittybopper: Physical access to the pads is a much, much, *MUCH* more difficult issue that slapping a keylogger or a trojan on the computer of an adversary.  Think of all the places you can hide something the size of a pack of cigarettes in your house.  A package that size could hold a *LOT* of OTPs, even ones done by a conventional manual typewriter.


I don't think you're thinking this all the way through.  If you are operating under the paranoid assumption that an attacker will break into your house to install a key logger on your computer, then it doesn't matter how well you can hide a thing in your house.  The hypothetical spook can simply install a camera in your house and just see you take it out of its hiding place.  Especially considering that the onerous nature of OTP encryption requires that you spend a lot of time with them.  You're not gonna whip that sucker out for 3 seconds.

And again, you have to rely on not just you, but you and the recipient being equally clever and meticulous and .  This is one reason why it makes slightly more sense for a spy to use a OTP:  the recipient is a high-security facility, so you really only have one copy of the key in the wild.

dittybopper: Now think about how long it would take to physically search your home thoroughly, find them, open them up, photograph them, and replace them such that the tamper-evident packaging isn't disturbed.  Do you think it's practical for anyone, even a government, to do that without leaving some sign that they did it?


"Even a government"?  "Tamper-evident packaging?"  So the theory here is that US intelligence agencies can bug the whole world, crack modern cipher algorithms and brute-force 128-bit keys with computers that operate with completely different laws of physics, come into your house and install key-loggers that make any use of computers suspect; but they totally can't get past your string-and-aluminum-foil trick?
 
2013-07-13 01:48:17 PM
Xcott, you seem to think that copying physical keys is as simple as copying computerized keys.  It's *NOT*.  It's a much harder prospect.

But the real clue as to how I know you really don't know what you're talking about is this:

Xcott: In contrast, you could use a modern cipher, which doesn't require you to share your decryption key with anyone, or store it anywhere, written or otherwise, even if you want to communicate securely with a network of 2,000 separate people.  In exchange for that far more acceptable level of security, the cipher is no longer theoretically perfectly secure:  it will only be unbreakable for the lifetime of the universe, rather than forever.  Boo hiss.


You are assuming a brute-force attack.

You know who else assumed their data was safe from a brute force attack?

upload.wikimedia.org

And that was a safe assumption:  Back then, even with the wiring of the Enigma machines compromised, it would have taken thousands of years to step through all the possibilities in a brute-force attack to recover a single day's key settings.  Even *WITH* massively parallel operations.

But that's not how Enigma was broken.  The Germans knew that in theory it was possible to break Enigma*, but all they could imagine was a brute force attack, and they didn't think even the Allies had the ability to do that in a timely manner.
They were wrong.

Hell, according to brute force analysis, a simple strip cipher like the M-138 that uses, say, 25 out of 100 available strips for any given key would have 2.82x1050 possible keys (100*99*98*97...*76*75).  If you could brute force test a trillion of those keys a second, it would take 8.95x1031years to brute force those keys.  The Universe is only 1.38x1010years old.

But the attack on strip ciphers doesn't rely on brute force, so the use of brute force itself as some sort of measure of how it's security is misleading.

This is true of all ciphers that don't use random keys as long as the message itself.

Neither you nor I know if the NSA has developed a method to break any of the modern, "secure" computerized algorithms, and as I pointed out numerous times, because computers are a security *NIGHTMARE*, as I can attest to, they may not have to actually be able to break it in order to read what you are saying anyway.   The open literature on the subject is just that:  Open.

Neither you nor I know what is possible for the NSA, GCHQ, FAPSI, 3rd Department GSD, or any of the others, are capable of.  We can guess, but those are just that: Guesses based upon supposition, that may be valid when made, but not necessarily true 5 or 10 years later.

Manual OTP systems, when the keys are generated, secured, and destroyed properly (and it's not hard to do that) are immune from any kind of cryptanalysis forever.  The main problems are with maintaining the security of the keys, but unless you send messages with the frequency of a hyperactive twitter addict, you really don't need the amount of keys you think you need.

And as I pointed out, it's overkill for most applications.  I don't care that my bank doesn't use it.  Hell, I set up an SFTP process to transfer sensitive medical patient data at my work to an offsite medical system, and I'm not all that concerned that someone might break it and learn that Mary Jane Rottencrotch has chlamydia.  I picked a large key size, and it's secure enough for that application.

But, imagine a case where the people listening to you have, for all intents and purposes, unlimited resources.  *THAT* is when you might want to use an OTP, especially if the concern is that a message from 20 years ago might come back to bite you in the ass with serious consequences.


*Admiral Doenitz was particularly wary:  He rightly was skeptical of the security claims, especially after the Tarafal Bay incident.  Unfortunately for him, the resulting investigation by Eberhardt Maertens into the possibility that their communications security was compromised was slip-shod.
 
2013-07-13 03:08:50 PM
dittybopper:  [enigma]

Seriously?  We can't trust ciphers like 128-bit AES because the Enigma was broken in the 40s?

Comparing the Enigma machine to AES is silly.  Enigma was invented long before cryptography was put on any scientific footing, and its design was mostly ad-hoc.  It's utterly unlike modern ciphers in terms of the actual scientific and mathematical knowledge used in their design.

Also, the Enigma's design was pretty vulnerable to brute force even in its time.  The proper part of the enigma, the time-varying part, only had 17576*60 keys.  The only factor that complicated this was a static plug-board that was slapped on just to increase the key size, and this was cracked precisely because it was an ad-hoc addition. 

Pointing to Enigma to argue that we shouldn't trust modern block ciphers is like pointing to a WWI biplane to prove that spaceflight is impossible.
 
2013-07-13 03:46:13 PM

Xcott: dittybopper:  [enigma]

Seriously?  We can't trust ciphers like 128-bit AES because the Enigma was broken in the 40s?

Comparing the Enigma machine to AES is silly.  Enigma was invented long before cryptography was put on any scientific footing, and its design was mostly ad-hoc.  It's utterly unlike modern ciphers in terms of the actual scientific and mathematical knowledge used in their design.

Also, the Enigma's design was pretty vulnerable to brute force even in its time.  The proper part of the enigma, the time-varying part, only had 17576*60 keys.  The only factor that complicated this was a static plug-board that was slapped on just to increase the key size, and this was cracked precisely because it was an ad-hoc addition. 

Pointing to Enigma to argue that we shouldn't trust modern block ciphers is like pointing to a WWI biplane to prove that spaceflight is impossible.


It's an analogy.

It's more like saying that a WWI biplane built in 1918 might *JUST* be vulnerable to a fighter built in 1938.

An encryption standard that was invented just 20 years ago *MIGHT* be vulnerable today, but neither you nor I *KNOW* that.

The difference, however, is that I know that I don't know whether there is a valid attack against it that's classified, and you seem to be certain that it isn't.
 
2013-07-13 03:59:13 PM

Xcott: "Even a government"?  "Tamper-evident packaging?"  So the theory here is that US intelligence agencies can bug the whole world, crack modern cipher algorithms and brute-force 128-bit keys with computers that operate with completely different laws of physics, come into your house and install key-loggers that make any use of computers suspect; but they totally can't get past your string-and-aluminum-foil trick?


Actually, they *CAN* bug the whole world (that used to be part of my job), they *MAY* be able to crack modern cipher algorithms.  They almost certainly can't brute-force it.  They can install key-loggers and other software remotely (if they can do it to Iran, why not to you?)

They *CAN* get past the string and aluminum foil trick, but not in a way that is completely undetectable, and *THAT* is the real security:  Recognizing that you can't completely secure everything, but engineering it so that if they do breech the security, you can detect it relatively easily.

A one time pad that is compromised is a dangerous thing, unless you recognize that it's been compromised, then it's no danger at all.
 
2013-07-13 04:11:52 PM

dittybopper: Think of all the places you can hide something the size of a pack of cigarettes in your house.


I forgot to add:  the number of unique hiding places in your house may seem daunting, but it's a laughably small number in cryptographic terms.  How many hiding places do you actually think you have in your house?  2**128?  A trillion trillion trillion?  Just a trillion trillion?  A million?  A thousand?

If you have a million different hiding places in your house, that's at best a 20-bit key.  You're taking your perfect ideal unbreakable pad (well, at least as perfect as the toy factory in China made your dice) and protecting it with a 20-bit key.  Because 128-bit strong encryption is not secure enough, you're protecting your secrets with a 20-bit hiding place.

And that's assuming you actually have a well-defined set of a million distinct hiding places and choose each possible hiding place with equal likelihood, which you don't.  A hiding place doesn't even qualify as a key; using a hiding place for crypto security violates Kerckhoffs's criterion at a basic level.

Back in the 1990s, there was a crypto crackpot who tried to promote a one-time-paddish cryptosystem where the pad was taken from a music CD bought at the store.  His idea was that you and he would buy the same CD, presumably with cash, and the CD title would be the secret key.  We had a hard time convincing him that this didn't meet the mathematical requirements for a one-time pad, in part because he was convinced the keyspace was "enormous."  In reality, the keyspace was the number of CDs he could find in a store near both your home and his, which is probably in the 10s of thousands range---or 14-bit key.

All this because he was paranoid, and thought that the US government would read his messages if he used any proper cipher---and that, instead, he would be perfectly secure forever if he used some rinky-dink idea he slapped together.
 
2013-07-13 04:22:58 PM

dittybopper: It's an analogy.


Yes, but it's a bad analogy.  You're taking an ad-hoc cipher invented before there was much science to cipher design, during a time when ciphers were routinely broken shortly after their publication because people didn't know what they were doing.  You are comparing this to block ciphers developed after Shannon, after the Luby-Rackoff result and the Merkle-Damgard architecture, after linear and differential cryptanalysis and random oracle models and elliptic curves and a general explosion in understanding of how cryptosystems work.

You're essentially comparing a pre-science and a post-science technology.  My analogy to biplanes is also a bad one, because people actually understood some aerodynamics when they built them.  A better example might be pointing to a collapsing yurt to prove that skyscrapers are unsafe.
 
2013-07-13 04:54:02 PM

Xcott: dittybopper: Despite what you may have read, OTPs don't have to be perfectly mathematically random.  They just have to be random enough in a non-deterministic way.  In other words, if you roll a sequence like 77324, there can't be a way to mathematically derive that the next number is going to be 5, for example.

Wow, that's ... really, really, really false.

By definition, perfect secrecy requires that the a priori plaintext distribution equals the a posteriori distribution.  That's an absolute requirement, and if you don't meet that, then there's really no point in putting up with all the other crap to use the cipher.

This means that it's not sufficient for the pad to be "random enough in a non-deterministic way."  It has to have a specific kind of distribution that makes the plaintext and ciphertext independent.  A uniform distribution achieves this, and an arbitrary non-uniform distribution does not.

If you want a simple example, here is a OTP-encrypted text (mod 26) where the pad is severely biased toward Z (90%) but it's still "non-deterministally random":

"WFENAHLYOUHAVEISAKAMMEREVERYTHINGLOOMSLIKLANADL"

You're telling me that nobody can deduce what this says because the noise, while slight, is non-deterministic?   Har har, nobody will ever read my message because they can't prove what I said with 100% certainty!  But wait, no, this is trivial to read.  In fact, with a biased pad, certain plaintext values become more likely and certain values less likely.  This violates perfect secrecy.

You may argue that a small bias, like 1-2%, doesn't make much of a difference.  But then, your messages are no longer "forever safe."  They are now vulnerable to the same impractical brute force analysis that you get with any other cipher.


OK, I posted an example of a pad using the same dice that are in the picture.

It consists of 5 number groups, 5 groups to a line, for 10 lines.  That's 250 numbers.  You would expect to find, based on purely even numbers, about 25 of each individual number, give or take.

The distribution is approximately what one would expect:

0 28 
1 24
2 32
3 26
4 25
5 20
6 26
7 16 
8 18
9 29

Of course, there is no way to really know for sure:

www.random.org

That's funny, because it's true.

Thing is, though, even if there is some small amount of bias, it would take really, really large amounts of traffic in order to become apparent.

Even when you detect a statistical anomaly, it won't really help you decipher the messages, because again, it's non-deterministic.  You simply can't determine what the next key number will be based upon the previous ones.  That's *REQUIRED*.
 
2013-07-13 05:39:51 PM

dittybopper: Even when you detect a statistical anomaly, it won't really help you decipher the messages, because again, it's non-deterministic.


Again, this is wrong.  Mathematically, provably, demonstrably, trivially wrong.

What you are describing isn't even remotely close to the definition of perfect secrecy (the mathematical property required of OTPs).   Perfect secrecy is what makes OTP-encrypted text "forever safe."  If your dice are biased, you won't have perfect secrecy.  I'll say that again:  if your dice are biased, you won't have perfect secrecy.  It is not sufficient for the dice to be "non-deterministic":  they have to have a specific distribution, a uniform distribution, that renders plaintext and ciphertext symbols independent.  Biased dice won't give you that distribution.

I even gave you a counterexample, which you quoted in your reply:  a perfectly crackable ciphertext whose key stream was very nonuniform but nevertheless random and non-deterministic.  That should be enough to demonstrate why  non-determinism isn't enough, and that nonuniformity makes a OTP breakable:  if your dice are biased, you won't have perfect secrecy.

Again, you can find this stuff in any undergraduate crypto textbook.  I strongly suggest you do so, because apparently your misconception of perfect secrecy is telling you that you can use a bad keystream, and that you don't need to care about bias in your source of randomness.
 

dittybopper: Of course, there is no way to really know for sure:


There are some ways to know for sure.  You can just measure your dice with a micrometer to see if they have any oblateness.  Oblateness correlates pretty well with bias.  That's not the only possible source of bias, but it's certainly a bad sign by itself.
 
2013-07-13 07:25:05 PM
Hi,

Just to be helpful, I decided to pull out my micrometer and measure some dice.  Unfortunately, most of my dice are die-cast and untumbled (Gamescience is a good source for precision dice) but I found some toy-grade D6s with the smooth edges.

Three axes for each of three dice are roughly (inches):
a)   0.615  0.614 0.607
b)   0.611  0.623  0.620
c)    0.611  0.617 0.617

These have an oblateness of around 0.1-0.3mm, and a flatness all around 0.01.  With the numbers predicted in the article I cited, you might expect these dice to roll one of the flat sides 34% of the time, and the other sides each 33% of the time.  So a 0.5% bias for two outcomes, not counting the effect of the rounded corners.

What does that mean, practically speaking?  I wrote a little program to generate key streams with this distribution for a base-6 OTP, to see if this tiny bias lets me distinguish between a plaintext message of all 0s and a message of all 2s by examining the ciphertext using a likelihood ratio test.  My probability of guessing the plaintext from the ciphertext depends on length:

Length 100:   guessed right 55.6% of the time
Length 200:   guessed right 56.35% of the time
Length 300:   guessed right 59.35% of the time
Length 500:   guessed right 61.45% of the time
Length 1000:  guessed right 65.95% of the time
Length 5000:  guessed right 80.70% of the time

(All simulations based on 1000 trials)

In all cases I did better than random when guessing the plaintext from the ciphertext, because of this tiny 1% bias in the die.  In all cases, the ciphertext leaked information about the plaintext, and the vaunted perfect secrecy of the OTP did not exist.

Conclusion:  if your dice are slightly biased, you don't have perfect secrecy.
 
2013-07-13 09:39:01 PM
OK, so you got me thinking:  Just how random are those pages.  So I ran some tests (frequency, chi-square).  It was made tedious by the fact that I had to re-type them :-(

Interestingly enough, a couple pages actually failed, but taken as an entire group (250 groups per page, 15 pages worth, or 18,750 numbers), they were within the expected values for a random series (confidence 95%).  I can only assume that the reason why a couple pages failed is that the sample size was too small.
 
2013-07-13 11:16:43 PM

dittybopper: Interestingly enough, a couple pages actually failed, but taken as an entire group (250 groups per page, 15 pages worth, or 18,750 numbers), they were within the expected values for a random series (confidence 95%).


Hi,

A chi-squared test at 95% confidence would not detect the kind of bias I mentioned above, unless you observed a lot more data.

If one axis of a D6 has a 34% chance of facing up, and if I am not mistaken, the Pearson Chi-squared test statistic has an expected value of roughly N/5000 for N die rolls.  You'd have to observe over 55,000 values before the expected value exceeds the 95% confidence threshold for 5 degrees of freedom.  And yet, with that slightly biased die, I can still guess from your ciphertext whether you sent 1000 0s or 1000 2s, and be right 65% of the time.

In general, a chi-squared test is a pretty loose test that can miss this kind of bias because (a) the biased die is very close to fair, and (b) it isn't a specific test for a specific kind of bias, and is therefore less powerful.  If you knew the specific bias you were looking for---for example, if your micrometer tells you that 2 and 5 may be more likely than 1, 3, 4 and 6---you can test for that specifically and detect it more readily.

I would advise you to save a lot of typing and just measure your dice.  If you have any suspicion that your dice might be a fraction of a percent off here or there, we can write a program to compute how much that slight discrepancy would compromise messages of different length.  But in general, slightly nonuniform dice break the perfect secrecy of OTP encryption.
 
Displayed 145 of 145 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report