GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This seems relavant to this discussion. http://www.theregister.co.uk/2013/09...tion_standard/
I'd suppose if they had access to a "backdoor" you wouldn't necessarily have a need to weaken it.
Also, The fact that Serpent has a higher security margin than Rijndael, (from what little I understand), Would seem to support the statement the standard was weakened in favor of a faster and easier way for implementation.
Last time I tried encryption was with TruCrypt using Serpent and whirlpool for the hash funtion.
Maybe it's time to start playing/familiarizing myself with it again.
This seems relavant to this discussion. http://www.theregister.co.uk/2013/09...tion_standard/
I'd suppose if they had access to a "backdoor" you wouldn't necessarily have a need to weaken it.
Also, The fact that Serpent has a higher security margin than Rijndael, (from what little I understand), Would seem to support the statement the standard was weakened in favor of a faster and easier way for implementation.
Last time I tried encryption was with TruCrypt using Serpent and whirlpool for the hash funtion.
Maybe it's time to start playing/familiarizing myself with it again.
Tor has always been vulnerable to good ol' traffic analysis. If you have the means to sample merely the payloadsize of the traffic that is being bounced from one node to the next, you can trace the payload back to its source even if you cannot in real time decrypt the messages. You don't have to peel-the-onion if you just want to figure out where a message is ultimately going. (You make guesses ... then you examine what's coming-out of whatever nodes you know the message-of-interest might have gone to, to either substantiate or deny your guesses.)
Quote:
http://www.cl.cam.ac.uk/~sjm217/pape...and05torta.pdf:
"Tor is the second generation Onion Router, supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common tasks, such as web browsing, but insecure against traffic-analysis attacks by a global passive adversary. We present new traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor. Furthermore, we show that otherwise unrelated streams can be linked back to the same initiator. Our attack is feasible for the adversary anticipated by the Tor designers. Our theoretical attacks are backed up by experiments performed on the deployed, albeit experimental, Tor network. Our techniques should also be applicable to any low latency anonymous network. These attacks highlight the relationship between the field of traffic-analysis and more traditional computer security issues, such as covert channel analysis. Our research also highlights that the inability to directly observe network links does not prevent an attacker from performing traffic-analysis: the adversary can use the anonymising network as an oracle to infer the traffic load on remote nodes in order to perform traffic-analysis."
(Emphasis mine. Furthermore, this paper is just "Low-Cost" Traffic Analysis of Tor. If money were no object . . . )
You also have the perfect "crib" to an upstream message if you are correct in your guess about the identity of the downstream one. In fact, you can snag a "crib" about every layer of the onion,if you have the capability of performing all-inclusive traffic monitoring, such that you captured the (probable) output of every (probable) bounce. NSA has that capability: the core of the Internet, after all, is a government network.
Personally, I have zero sympathy for those who seek to use the Internet to cover themselves in the committing of a felony. I think such people deserve, not just "to get what's coming to them," but to be drawn-and-quartered.
My personal concern about NSA is not so much that "they crack encrypted messages." (That's part of their mission.) My concern is that they are operating wastefully, to the enrichment of private contractors, and outside of the law ... and that no one seems to be able to test whether this or isn't so. (Hence, we must wisely presume that it is. Therefore, "Houston, we have a problem.")
The profound secrecy surrounding this agency creates the penultimate "the cat's away" situation, and the mice have an unlimited secret budget. Which gives us: extremely fat mice, and not-necessarily better "national security." If there is no real oversight, good public decisions will not be made, and bureaucrat-types (yeah, they're in black-ops too) will make self-serving assessments. This is just human nature. If people can lie to Congress, even while keeping most of its Members totally in the dark, the Public's interests cannot be served ... yet "serving the Public's interests" also is "the Mission."
Given the profound importance of this Agency's mission, these issues are a very big matter of legitimate Public concern. We are spending #CLASSIFIED# on this. Are we getting what we paid for? How can we be sure?
Last edited by sundialsvcs; 09-18-2013 at 12:32 PM.
If the NSA is collecting private data that belongs to US citizens without a warrant. They are breaking the law.
1. Guilt requires proof.
2. It's not whether you do it, it's whether you get caught.
3. Laws are like spider webs, they catch the small, the big just break on through to the other side.
This thread really rocks. I say encrypt everything, not to hide anything but to make them work for it. I'm pretty sure they can be swamped by too much data.
1. Guilt requires proof.
2. It's not whether you do it, it's whether you get caught.
3. Laws are like spider webs, they catch the small, the big just break on through to the other side.
This thread really rocks. I say encrypt everything, not to hide anything but to make them work for it. I'm pretty sure they can be swamped by too much data.
So are you saying that the NSA had the right to collect the data without a warrant?
If no one is actively watching the NSA('s contractors with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# budgets, and lying to the US Congress about it all, then ... No. "Warrants? We don't need no stinkin' warrants. And, just because you dared to ask, you go to jail Forever." (Very convenient, huh?)
The Due Process Of Law™ is ... "an unnecessary expense," when your real purpose is to sell the US Government another #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# hard-disk drives to go along with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# coffee makers.
That's the risk.
On the one hand, we like to think that "The National Security Agency" is an "Agency" with a "Holy Mission."
But ... we also have to consider $$ Human $$ Nature $$.
There are plenty of companies out there whose sole purpose it is to $$contract$$ $$with$$ this faceless entity which, they know all too well, has the capability to spend bottomless amounts of Money and to do it all in Secret. (These companies also know, of course, that "Congress $$ Can $$ Be $$ Bought," and even that the Supreme Court has said that it's not "Bribery.") (Gee, wonder why they saw fit to say that?)
That's the risk. Human Nature.
"The United States Constitution?" Inconvenient. "$$$$$!!!" "Supreme Law of the Land?" Aww, c'mon, I know how to fix THAT! "$$$$$!!!"Forget "who wants to be a millionaire!" We're talking bil- or even tril- here... and $$ no one $$ will $$ ever $$ know!! $$ "Take thine ease, oh my soul!" <<belch!>>
That's the risk. Human. Nature. Some things have not changed since the days of ancient Babylon.
Last edited by sundialsvcs; 09-18-2013 at 04:07 PM.
Personally I have been wondering about the Linux hacking incident that happened a while back, and very few details were ever release about what happened...
So are you saying that the NSA had the right to collect the data without a warrant?
Are you surprised? Even basic police structures do this whole time behind your and mine back. Afterall the 'excuse of security' argument never gets old or rusty. If someone will ask why they did it they will just say they did it for safety reasons which is purpose of such organisations in first place and they won't face any charges with this anyway.
Quote:
Originally Posted by sundialsvcs
If no one is actively watching the NSA('s contractors with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# budgets, and lying to the US Congress about it all, then ... No. "Warrants? We don't need no stinkin' warrants. And, just because you dared to ask, you go to jail Forever." (Very convenient, huh?)
The Due Process Of Law™ is ... "an unnecessary expense," when your real purpose is to sell the US Government another #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# hard-disk drives to go along with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# coffee makers.
That's the risk.
On the one hand, we like to think that "The National Security Agency" is an "Agency" with a "Holy Mission."
But ... we also have to consider $$ Human $$ Nature $$.
There are plenty of companies out there whose sole purpose it is to $$contract$$ $$with$$ this faceless entity which, they know all too well, has the capability to spend bottomless amounts of Money and to do it all in Secret. (These companies also know, of course, that "Congress $$ Can $$ Be $$ Bought," and even that the Supreme Court has said that it's not "Bribery.") (Gee, wonder why they saw fit to say that?)
That's the risk. Human Nature.
"The United States Constitution?" Inconvenient. "$$$$$!!!" "Supreme Law of the Land?" Aww, c'mon, I know how to fix THAT! "$$$$$!!!"Forget "who wants to be a millionaire!" We're talking bil- or even tril- here... and $$ no one $$ will $$ ever $$ know!! $$ "Take thine ease, oh my soul!" <<belch!>>
That's the risk. Human. Nature. Some things have not changed since the days of ancient Babylon.
Had to quote this so it won't go away later. Brilliant post. Money really makes world events go 'round..some things really never change. Have a look at this for example how they spend our money:
Quote:
$800,000 prostate cancer research for minorities
$1.6 million for computerization of hospital records in Oakland, CA
$2.4 million handicap access and a fire sprinkler system at a community club in New York
$3.6 million to eradicate marijuana in Kentucky
$3.9 million energy-efficient solar film for buildings development grant
$5 million San Francisco visitors center
$18 million Edward Kennedy Policy Institute in Massachusetts
$20 million World War II Museum in Louisiana
$23 million indigent health care for Hawaii
$47 million anti-drug training centers throughout the U.S.
So are you saying that the NSA had the right to collect the data without a warrant?
No, I'm not saying it's right. I'm saying when you live in a twisted Orwellian universe you must not rely on Cartesian concepts like right and wrong. If the NSA breaks the law, what are you going to do about it? Call the Police or write your Congressman? Better to complain to your bank that you doubt their ability to protect your financial security and get them to fight the battle. After all, you fight fire with fire, fight government with big business.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.