I remember reading about Richard Stallman's setup [0] and thought it sounded indeed crazy. I couldn't understand why he needed so much 'freedom'. I do now.
The difference between "tinfoil hatters" and reasonable people like Bruce Schneier now seems to be how concerned they are with their ability to destroy a harddrive, and TEMPEST.
You mean changing the number of "2048" to "4096"? I'm not sold on that being a meaningful improvement to his security, but even so, you realize that change costs him nothing, right? He needed to generate a new key... why not set it to 4096 bits? Everything he does with that key happens in human scale time --- even a 500ms per message delay wouldn't be noticeable.
So, some evocatively named Linux distro recommends the same key size, is what I understand you to be saying, and therefore... what? Aliens really did land at Roswell?
> You mean changing the number of "2048" to "4096"?
No, certainly not. I agree with you; the change from 2048 to 4096 isn't interesting.
The interesting part is that he 1) generated a new key (okay, not actually interesting in itself), 2) is using it in an isolated install, 3) this isolate install is on entirely separate hardware, not just a VM, 4) this separate hardware is new hardware that has never been networked.
Tinfoil Hat Linux was never really about using large PGP keys, you could use large PGP keys on a co-located RHEL box just as well as you could on an old crusty THL box covered with shoes and bluejeans in your closet. Rather, Tinfoil Hat Linux was about cautious (really, hyper-paranoid for the hell of it) treatment of private keys and plaintext. Extremely cautious treatment of plaintext and private keys is what he is currently going out of his way to do.
Is going to such an extreme (new hardware that has never been networked?) really necessary? I don't have the expertise to say. What I can say is that is nearing the sort of baseline paranoid treatment of private keys and plaintext that THL is known for. He's not blinking out leaked documents in morse code yet, he isn't worried about white vans down the street reconstructing the images on his monitor or RF leakage from his CPU giving them bits of his private key, but we are at the point where that is the next logical step.
(And no, aliens never landed at Roswell (or anywhere else), JFK was shot from the Book Depository (and only the Book Depository), and Stanley Kubrick did not film the moon landings (that was done with television cameras mounted on tripods, the LEM lander legs, and the astronauts' chests))
> Is going to such an extreme... really necessary?
Since Schneier's now doing analysis of unreleased Snowden documents for the Guardian, he now has reason to believe that the NSA has a strong motive to see what documents he's working on.
Seems to me that the level of tin-foil-hattery that's reasonable to protect against an organisation likely to be targeting you specifically needs to be an order of magnitude greater than that which is reasonable to protect against a general-population surveillance dragnet.
Well, tin-foil-hattery traditionally refers not only to the paranoia associated with the probability of being watched but also with the malicious or manipulative intent of those people or groups. Schneier needs to protect himself from the possibility of either his data being used in a manner to prosecute or punish or action taken to stifle work he has so far kept private. It's more than reasonable for him to give credence to the threat of a self-interested government agency acting maliciously toward him.
However, Schneier was a target well before this due to the nature of his work. It is exactly the scope of the recent revelations that throws the conventional thinking on where the fuzzy line between an appropriate risk assessment based on position of interest and the general population. When the potential dragnet is widespread and permanent I no longer have to only consider how important I am now (which I'm not), but I also have to consider if I will ever be take on a role that IS important not just now, but then.
Just out of curiosity - assume you took a key of 8096 bits - and it is super long - could you then make a hash of the key which were shorter, and provide the hash, with instructions on how to reverse it, and then use the hash to produce the 8096 keylength with less digits between you and the recipient?
Are you asking whether you can compress an RSA key?
Anyways: don't use 8192 bit keys. Whatever kills the 4096 bit keys is going to kill RSA along with them. Honestly, I think 4096 bits is also kind of a you're-kidding-yourself key length; if attacks on 2048 bit keys became tractable, RSA is probably in serious trouble.
Dude, Get your ass to SF so I can buy you the many beers I owe you!
I get truly excited when I see your replies, I'd love to banter in [inebriated] public! With that said, may I please make the humble request;
Yoou have contributed a shitload of awesome comments on the state f "who-the-fuck-are-we-kidding" with respect to encryption and privacy in light of what we actually know now related to the NSA....
Would you please create a post, in an Explain-Like-I-Am-Five-Years-Old manner on both the state of the capabilities of the NSA, the state of current encryption tech/methods we rely on, AND what the heck I, as and individual, could/can/should do about protecting myself.
---
I can speculate all day long about all sorts of things, but I am asking - given the NSA-Fatigue I suffer from - fr your help.
I WILL PAY YOU FOR THIS SERVICE; Set the price at $20 for the best recommendation. Crowd-source your network of people who have enough info to contribute to the recommendation...
Aside from smashing my machines and cancelling my power utility, I have no clue how to regain privacy at this point.
Then we will drink, and e Merry, Pippin and Sam!
EDIT: Tawny Port May be responsible for this post.
No - one of the main points of a hash is that it is non-reversible.
Also, if you had a short string that could be expanded into the larger key, then what you really have is a short key to a slightly different crypto system, which is less secure than the original key in the original system.
Also, if you can significantly compress a string of truly random data, you can also probably compress digital video by a significant factor as well, and should therefore found a startup selling your groundbreaking compression technology.
Also, from your Tinfoil Hat Linux link, this idea is hilariously awesome:
Keystroke monitoring — THL has gpggrid, a wrapper for GPG that lets you use a video game style character entry system instead of typing in your passphrase. Keystroke loggers get a set of grid points, not your passphrase.
I wonder if it might be possible to implement that idea into other operating systems?
Air gapped with new hardware: "Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good."
Air gapping is certainly not unprecedented, but individuals using it have traditionally been considered pretty "tinfoil-y".
edit: "I wonder if it might be possible to implement that idea into other operating systems?"
gpggrid itself could probably just be built on any other Linux install. Certainly it could be recreated. One of the neat features of TFL that I really like is the idea of blinking LEDs on the users keyboard instead of displaying things on screen. Effective? Who knows... but certainly amusing.
IF he was serious he would be burning CDs/DVDs instead of using a read-write USB stick. It is tedious, but blank media is cheap and there is precedent (that I'm sure Bruce is aware of): The DoD's own (classified) SIPRNet was infiltrated via a flash-drive based virus back in 2008.
I kinda thought the same thing about flash-drive viruses, and why Bruce wasn't using CDs/DVDs instead. Then I realized if he was really serious, he wouldn't say what he's really using, and he'd have a USB honeypot plugged into his network-facing computer.
Note that he didn't say what software he's running on the new air-gapped computer. The difference between locking down one air-gapped PC running only software required for encryption and locking down the entire network of PCs running the wide variety of software required to do everything everyone needs to do on the SIPRnet is huge.
Another approach might be to set up an old-fashioned serial link between the machines. It's easy enough to observe and audit all the traffic that passes through a serial cable.
The switch is electrical and advisory. The SD card reader is free to ignore it.
Search for "Bootable SD Card Method" here: http://chdk.wikia.com/wiki/Prepare_your_SD_card (I have a Canon camera that runs CHDK. Those instructions work, and the camera can write to the SD card.)
The SD card switch is actually read by an external physical sensor (a tiny button like the write-protect buttons inside of ancient 3.5" floppy drives), at least on most SD cards. I had an SD card whose switch wasn't quite thick enough to trigger the writability sensor of an SD card reader, so I had to wrap it in tape.
He's not doing that because of concerns about PGP, just to be clear, but because his host computer isn't secure (none of ours are); he's doing basically the same thing as the people who run their browsers in a VM, or the same thing that security professionals tell business owners to do when they want to access their online banking.
The general idea is to use a machine which has minimal opportunity to be compromised through other activities. There have been known to be exploits that allow a compromised VM guest to compromise the host, and obviously if you compromise the host you can compromise all the other guests.
Using a separate VM is worse than using a separate physical machine and better than doing nothing. Whether it's "good enough" depends on who you are. Who are the plausible attackers? What do you stand to lose if it goes wrong?
The VM is easily vulnerable to the host OS, so running in a VM only protects the activities you do in the VM in the sense that the software pwning the host might not be looking for it. So not really.
Unless you are not using the host OS for anything _other_ than virtualization. If the host OS is used to host VMs[1], which are then used for specific tasks (casual browsing, banking, development, etc). Any exploit will be limited to the VM. This would be a pretty solid setup. It is only vulnerable to attackers that have direct access to the hardware, or have the ability to exploit the hypervisor.
[1] in other words if the host OS is used as a hypervisor, or if the host OS _is_ a hypervisor.
> Germany's best-selling PC magazine
c't periodically distributes "Bankix"
on their CD.
>I believe that quite a few people
actually use it.
That sounds like a great attack vector. How secure are factories where discs are pressed? Even without access to the factory you could buy a bunch of magazines and repackage them with compromised CDs.
Someone would probably notice, checking the DVD against a checksum.
Repackaging it seems to be tricky, since the paper inlay is bound in the magazine, it's not just stuck on the cover or whatever. You tear it out at a perforation, leaving part of the DVD cover inside.
There are much more exposed attack vectors on online banking users, I would think.
And you can always just download the ISO and check it against the hash (and the PGP key).
I've set up VMs for people with their credentials in the VM and nowhere else, and the host firewalled pretty restrictively such that that VM is pretty useless except for banking. I suspect compliance is high on systems like that.
Most European banks do. Only few US banks do. Primary reason for this difference is that it's trivial to transfer money from one European bank account to any other bank account. It basically works like email, where you can just enter any destination bank account number. With US bank accounts the process is much harder, as you first need to add and confirm the second bank account (which somewhat reduces the risk of what can happen if someone gets access to your account).
We're almost to a point where the question isn't whether or not they support it, it's finding out that they have a program, clicking through tiny text links at the bottom of pages, and figuring out how yet-another-implementation works.
The major ones that I've used do - Chase and Bank of America, both through sending codes over SMS to login and perform certain activities once logged in. For BoA, even if you stole my password and browser cookie (to get past the login check), you still wouldn't be able to do anything but pay my bills for me. Anything that might send money to a new destination, like creating a new billpay recipient, changing the info of one, or adding a wire transfer destination, requires an additional 2-factor code.
Both my banks do (European banks, specifically Rabo and ABN/AMRO).
These are still not immune to phishing attacks but it's a lot better than TAN codes or some other 'dumb' authentication scheme.
Typically these systems work in conjunction with pin-and-chip card, a small piece of hardware that generates the codes and a challenge / response system built into the website you use for the authorization.
Separate challenges exist for logging in (read access) and transferring money.
Those are common in Brazilian banks as well. At least four of the six biggest (I don't remember about the last two) do two-factor authentication.
Another cool thing I've seen in Banco do Brasil was the need to authorize the computer you're going to use in a ATM or in a 1-800. If I recall correctly, they do that with a Java applet.
Recently they also launched a common-malware-search-and-destroy application of MANDATORY use in Windows computers (my mom uses, she asked me. And yes, the digital certificates were all valid).
My American Express personal savings does. HSBC does and even allows you to enter your 2FA on a JavaScript keyboard (clicky click) if you choose to mitigate the threat of a key logger.
Given what we know about USB sticks, especially their use in Iran, you would have to be ABSOLUTELY FUCKING RETARDED to trust them.
Oh so he encrypted his files, and walked them between his stand alone and his internet machines. Yeah, okay this established the file's integrity, and that's just fantastic.
But what assurance does he have that the USB stick isn't getting infected on the internet machine, and then deploying stealth hacksaw services onto the standalone, to buffer and relay data and commands each time it jacks in?
I mean, that's exactly what Stuxnet was designed to fucking do.
It's different if you own your own USB stick and only use that stick, and have the hosts configured correctly. Arbitrary USB devices picked up off the ground or provided by malicious people do terrify me, mainly because they can be keyboards or whatever in usb-stick physical packaging.
Even USB sticks that are your own USB sticks could be keyboards or whatever. Unless you've verified it isn't a store bought USB stick is just as risky as one that you picked up from the street or that someone gave you, in both cases you have no idea 'where it's been' before it got into your possession.
No, the vast majority of USB sticks in the world are not pwned. If you randomly go out to purchase one in a large market, it's pretty likely to be safe.
Things like the Bagram PX were concentrations of high value targets with only one source of supply. The general USB stick marketplace is a lot safer. In China they're often fake and thus unreliable (smaller than advertised), but in the US, I'd be pretty comfortable driving to a Best Buy 50 miles away and picking up a random USB token.
A USB key someone hands you is much more likely to be a targeted attack. A USB key randomly lying on the ground outside a target is also much more likely to be an attack.
The vast majority of USB sticks are lost, not attacks, the vast majority of USB keys handed to you are handed to you in good faith, not as attacks.
That doesn't mean there are no attacks.
So prudence is adviced in either case, on the off chance that the one that you have is a bad one. Ditto for anything else that you stick into a USB port.
That webcam plugged into your computer, are you sure the mike isn't on all the time and that the driver doesn't pass your speech during the day out in compressed and encrypted form to some server farm at night ;)
Just like bareback sex with partners who remain monogamous for the duration of your relationship, repeatedly sticking the same USB device into your computer is a lot less risky than sticking a wide variety of USB devices of unknown provenance into your computer...
Air-gapping is really the only way to stay secure. Plus, I would worry about cameras, microphones and vibration monitors, so I would want to put the air-gapped machine in a room that is away from any other electronics. Ideally in some sort of faraday cage, or at least located a reasonable distance away from walls - to bring it up to TEMPEST (or similar) standards. Unfortunately, most of us do not have the space in our homes to do it properly, so we have to resign ourselves to losing control of our machines and our data.
I see a new product. The air gap - a micro computer that takes simple commands, like mail, ftp and get, to serve as a simple go between layer for people who want this kind of privacy.
IMHO, the hard part would be creating the interface on the on the pc.
Julian Assange worked on projects relating to maze navigation, theorizing that people could memorize the muscle sequences but not be able to tell them under pressure, or fail under pressure.
Randomizing the position of landmarks eg. go to A, B, E, C, F, then showing a map could let the user enter a different sequence of keystrokes to get the same result.
Surely a virologist can be considered more reasonable about related matters of personal than the general public (who cannot even be trusted to immunize themselves or their children, and cannot be trusted to trust modern medicine instead of roots some hippy pulled out of the ground behind their shed).
Bruce isn't a nutter. I don't think many people would actually argue otherwise.
> "Trust no one! Suspect EVERYTHING!", I can say today without sounding crazy.
It's really not that hard to say this seriously without wearing a tinfoil hat. I've been doing that since high school.
The key is thinking in terms of operations, rather than in terms of generic trust. You need to know what you're doing, maintain opsec and have a strong, realistic threat analysis. For me, the Snowden cascade hasn't changed anything: if someone can penetrate the USGov's defenses, then they can almost certainly penetrate mine.
And that has always been true.
The revelations are a matter of ideological trust--trust in whether or not someone agrees with you--, but the USGov has never had much of this kind of trust, not even at its founding, nor has it ever acquired it.
Mainstream media bombardment and constant advertising harassment do a pretty good job of mind control, though.
Also, culture is the best mind control. Raise people with a mind set the way you want it and you never have to do anything directly, because they already are siding with you even through cognative dissonance.
You could be right. Or it could be the exact opposite. Or something else. It doesn't matter. Fundamentally we do it to ourselves, because we're herd/pack/social animals. We shun anyone too different from the tribe, it's in our DNA. Because of that, we are highly evolved to fit in.
Yeah, we're self aware and all that, we have choices, but what we generally choose to do is identify with some group and hate opposing groups. It's what we do.
In England and Wales, truancy is a criminal offence for parents.[6] Since 1998, a police officer of or above the rank of superintendent may direct that for a specified time in a specified area a police officer may remove a child believed to be absent from a school without authority to that school or to another designated place....
It's not that widely known, but you can remove your child from state education as a parent and teach them yourself. You just have to tell the local authority you're doing so in writing.
>Although mind-control waves still aren't, TO THE BEST OF MY KNOWLEDGE, a thing.
knowing that you're under constant surveilance and your every step/action is recorded makes wonders in the way of shaping and controlling your behavior.
Too often people forget that propaganda machines (media outlets) and biased education materials significantly shape the perspective people have of the world. That's the kind of 'mind control' which matters.
The original idea of a "tinfoil hatter" was that the "hatter" wore a head garment made of tinfoil, to block the mind-control radio waves the [government|aliens] were using to take over people's brains. I don't think we have any particular indication that is likely, yet.
Everyone cares if they would [and that they are]. What is immaterial is what technology the governments use to spy on their people, especially unlawfully.
To be fair, there is plenty of documentation that diverse subliminals find their ways into television programming, and even the music in supermarkets. Just like Fight Club.
Effectiveness of subliminal messaging (i.e. visual and audible signals which are so quick/quiet/subtle that they're available only to your unconscious mind) is not that hard to test in a laboratory, and studies are pretty conclusive that it it doesn't influence decisions unless the stimulus is presented within a few seconds of making the decision (i.e. grocery store aisle).
People are definitely swayed by overt, liminal signals in subtle ways, but subliminal messaging specifically was created by an ad agency and the science was pretty well debunked.
Well, we're probably just a few short decades away from us being able to influence things around us (and possibly even animals) with mind control. At that point you'd have to believe the government would be already working on ways to get into people's heads.
"Trust no one! Suspect EVERYTHING!", I can say today without sounding crazy.
What's seemingly worse/more crazy is many of these materials date for 4-5 years ago (2008-09). If these data were public, it would have potenially casued huge behavioural shifts.
In that way, its reminiscent of 9-11 where the damage was done not on that day, but the years earlier when the bad guys were training in plain daylight.
Regarding the kernel.org hack: Even with git’s hashing, wouldn’t an attack on Linus’ – or even a subsystem maintainer’s – computer still be a viable way to get code into the kernel, as said code would be a variant of new, unpublished code rather than changed old code?
It wouldn't be particularly easier to do it that way than just submitting your subversive code normally. Either way your change would need to be "underhanded" such that anybody viewing it wouldn't suspect anything.
In fact, trying to slip it in under the radar like that would actually just increase the chances of getting caught, because then it becomes something that isn't suppose to be there instead of merely something that does something that it isn't suppose to do.
If you can come up with a backdoor that requires the non-obvious interaction of multiple parts of the kernel (or parts of the kernel and certain user-space actions) then it would be reasonable to break up the necessary changes and slip each one in as a part of a larger demonstrable improvement to each specific subsystem.
For example (completely hypothetical), you could create a race condition in the kernel's page allocator that can be reliably be triggered by filling up physical ram and then forcing the kernel to allocate more memory for itself by filling up the proc table past a certain size. So in one patch you include an improvement to the allocator that has this obscure race condition but otherwise makes the allocator work much faster. Then in another patch you increase the maximum size of the proc table (under the pretense of supporting some big-iron system that practically no one outside of some HPC centers own) so that filling it up will force a kernel page allocation. So then you can force the exploit to occur on any system with both patches installed simply by allocating all the physical ram and then creating a ton of do-nothing processes that max out the proc table.
If you are an organization like the NSA you could even have the submissions come from what appear to be completely independent developers.
It is kind of the exploit version of "parallel construction." You know the exploit you want to put into the kernel, you just need to come up with reasonable sounding explanations for every little patch that ultimately gets you to the end goal.
That reminds me of a story I read about how the satellite companies foiled carders by slowly building up a new decryption system out of apparent garbage released across a long string of updates. I don't dare to search for it though, so I don't have a link.
There is every possibility, however, that there is open-source code in the Linux kernel that, at runtime, interacts with specific microcode instructions that can backdoor a system. Runtime remote backdoor triggers are more useful anyway, because the one thing the NSA can't do is hide from network sniffers. (Of course the best way to hide would be piggybacking on something like automatic software update requests - which I happen to disable, as a nod to my tinfoil wearing brethren.)
How many security exploits have been found in the Linux kernel, or other trusted software? How many of those were around for a "long time"? Every one of those got by the normal peer review process.
So the question is, which is harder: does it take more skill to accidently insert a bug that gets by (sometimes for years), or to do so on purpose?
"Trust no one! Suspect EVERYTHING!", I can say today without sounding crazy.
Also, remember this? http://www.linuxfoundation.org/news-media/blogs/browse/2011/... ....hmm, I wonder if....