Cheap as Chips

What people are working on at the moment
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#46 Re: Cheap as Chips

Post by jack »

Cressy Snr wrote:... making it virtually impossible for any originating router/ip address to be traced...
That's the theory.

However, consider the pedigree. The FBI got The Silk Road without too much trouble.

In the network security world, many believe it's a USA "honeypot"...
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#47 Re: Cheap as Chips

Post by Nick »

Though tor != the dark web. Tor allows anonymous browsing, which can be a literal life saver for people under totalitarian régimes. It can also be used for less positive things, but don;t blame the facility for the use some people put it to.

Anyway, I doubt the sort of posts that fill the forum need bother with tor, unlike unsolicited emails, there is nothing illegal anywhere with posting to a forum.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#48 Re: Cheap as Chips

Post by Nick »

However, consider the pedigree. The FBI got The Silk Road without too much trouble.
Well, they claim to have got DPR, but no one knows for sure. The vulnerability of Silk Road was part the fact that to buy something physical involves it being delivered, and even though it was anonymous the site itself had as many vulnerabilities as any other web page so they shut it down that way not by breaking tor.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#49 Re: Cheap as Chips

Post by jack »

Agree entirely about the need for a truly anonymising service wrt dissidents etc.

However, as we all know "One man's terrorist is another man's freedom fighter" (Gerald Seymour, 1975, "Harry's Game").

If the dangerous loonies are using it, then you can bet your (or the NSA's) bottom dollar that there's serious interest in subverting it.

And if it was compromised, it'd be a great secret (think Enigma, Crypto AG, the prime factoring problem etc. ad nauseam)
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#50 Re: Cheap as Chips

Post by Nick »

And if it was compromised, it'd be a great secret (think Enigma, Crypto AG, the prime factoring problem etc. ad nauseam)
Yes, but it would have to (probably) be a mathematical exploit of the underlying crypto or onion protocol as its open source, so harder to hide a backdoor than (say) a router or closed source OS.

https://www.torproject.org/
If the dangerous loonies are using it, then you can bet your (or the NSA's) bottom dollar that there's serious interest in subverting it.
Problem is its often hard to tell the NSA from the "dangerous loonies"
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#51 Re: Cheap as Chips

Post by jack »

Nick wrote:
Jack wrote:And if it was compromised, it'd be a great secret (think Enigma, Crypto AG, the prime factoring problem etc. ad nauseam)
Yes, but it would have to (probably) be a mathematical exploit of the underlying crypto or onion protocol as its open source, so harder to hide a backdoor than (say) a router or closed source OS.
c.f. "the prime factoring problem" - i.e., if that's solvable (and many think it might be), then PK encryption is an open book, i.e. worthless.
Nick wrote:
Jack wrote:If the dangerous loonies are using it, then you can bet your (or the NSA's) bottom dollar that there's serious interest in subverting it.
Problem is its often hard to tell the NSA from the "dangerous loonies"
c.f. "One man's terrorist is another man's freedom fighter", the corollary being "One man's freedom fighter is another man's terrorist" :)

The various agencies work on the basis of "if you have nothing to hide, you have nothing to fear". Whatever.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#52 Re: Cheap as Chips

Post by Nick »

c.f. "the prime factoring problem" - i.e., if that's solvable (and many think it might be), then PK encryption is an open book, i.e. worthless.
Yes, but if that was solved, then tor would be the least of the problem. However it would only break the key exchange part, one time pads would remain just as unbreakable without the key, so all that would inconvenience is most of the world, Agents (of all types) would go back to older methods of key exchange.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#53 Re: Cheap as Chips

Post by jack »

Nick wrote:
c.f. "the prime factoring problem" - i.e., if that's solvable (and many think it might be), then PK encryption is an open book, i.e. worthless.
Yes, but if that was solved, then tor would be the least of the problem. However it would only break the key exchange part, one time pads would remain just as unbreakable without the key, so all that would inconvenience is most of the world, Agents (of all types) would go back to older methods of key exchange.
Not just DH exchange would be compromised - with the prime factoring problem solved, given a key, modulus and exponent, you could get back to the actors' secrets - therein lie dragons...

With those, you can then get to the shared secret, and therefore forge digital signatures, fake web site certificates, all sorts of carnage. More importantly, you can silently read any traffic which relies on a shared secret (agreed by DH) symmetric encryption, regardless of the encryption algorithm (unless its EC-based)... PFS would not protect you...

OTPs have been around for ages and are, of course, technically unbreakable (unless you have a pad!) - I deeply suspect that OTPs are the choice of professionals anyway - who would trust DH etc. - many are vulnerable to man-in-the-middle attacks and others.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#54 Re: Cheap as Chips

Post by Nick »

Not just DH exchange would be compromised - with the prime factoring problem solved, given a key, modulus and exponent, you could get back to the actors' secrets - therein lie dragons...
Yes, that was my point, once the key exchange is open the rest fails. I didnt bother typing all the rest you have, its just extra words with no more information.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#55 Re: Cheap as Chips

Post by jack »

Nick wrote:... I didnt bother typing all the rest you have, its just extra words with no more information.
Soooo sorry :) (best Father Jack mode)

I know that you'd know that, but most reading this (if they can be bothered) would not :) The consequences are huge.
Vivitur ingenio, caetera mortis erunt
simon
Thermionic Monk Status
Posts: 5600
Joined: Thu May 24, 2007 11:22 am
Location: People's Republic of South Yorkshire

#56 Re: Cheap as Chips

Post by simon »

I read it, but still didn't understand it. :(
User avatar
pre65
Amstrad Tower of Power
Posts: 21373
Joined: Wed Aug 22, 2007 11:13 pm
Location: North Essex/Suffolk border.

#57 Re: Cheap as Chips

Post by pre65 »

simon wrote:I read it, but still didn't understand it. :(
It's obvious to me, that more than two bwain cells are needed for an understanding. :wink: :lol:
The only thing necessary for the triumph of evil is for good men to do nothing.

Edmund Burke

G-Popz THE easy listening connoisseur. (Philip)
User avatar
Mike H
Amstrad Tower of Power
Posts: 20157
Joined: Sat Oct 04, 2008 5:38 pm
Location: The Fens
Contact:

#58 Re: Cheap as Chips

Post by Mike H »

Over my head too. very much an outside observer here. :D
 
"No matter how fast light travels it finds that the darkness has always got there first, and is waiting for it."
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#59 Re: Cheap as Chips

Post by jack »

It was mostly b*llocks anyway :)
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15706
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#60 Re: Cheap as Chips

Post by Nick »

Whenever you do a https type communication or talk to your bank, or do anything that involves public key encryption, the process stars by the two sides exchanging keys, they exchange a public key and keep a private key, that allows the communication between the two sides (traditionally Alice and Bob) to be encrypted, such that the actual keys used (basically a big number) is never transferred so is not visible. A third party (Charlie) can see the encrypted communication, but without the keys can not decode the communication.

The keys rely on the property of prime numbers, such that given two large prime numbers (say 15,485,863 and 32,452,843, though much larger normally) are multiplied together to give a new number 502,560,280,658,509. Given that number (and that’s a small example) its very very hard (read takes a long time) to find the only two prime numbers that were multiplied together to give that result. So you can pass the result in public without there being any likely chance that it can be factored (find the number that are multiplied together) to find the original two prime numbers. However if you have one of the original numbers, then finding the other becomes a simple matter of division.

If as Nick (Jack) says, a solution is found for "the prime factoring problem", then the above is no longer true so it becomes possible to extract the keys from the combined number, so it fails to be secure and the world goes to hell in a handcart very very quickly in a way that would make the last crash look like a bad day at the dogs.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
Post Reply