Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Another practical and far more common scenario than governments-controlling-nukes is mobiles. That is, mobile phones, computers, police cars; anything mobile that needs to communicate with HQ, and which do periodically physically return to those headquarters. As already mentioned, data storage is cheap these days, and data transfer for voice or even video fairly efficient in terms of data usage. When mobiles physically return to headquarters; e.g. police cars returning to the garage, walkie-talkies being docked for re-charging, laptops put back on the desk; pad transfer can happen securely, as it is happening within secure premises and does not need to be transported anywhere that interception could be considered a risk. The mobiles can consume the pads throughout the day while out and about, with an unbreakable communications stream back to headquarters, deleting chunks of pad as they are used in case the mobiles are stolen.
@NyteOwl: I think that's a great example of a case where PGP would be more secure, although it sounds like ROT13 would have sufficed.
@iddles: That sounds like a plausible scenario. However, I still don't think the 100% unbreakability is that significant: a likely attack is putting spyware on the laptop. You might object because that would be a weakness regardless of the cipher. But my point is that even if you use a standard (theoretically breakable) cipher, an attacker won't try to break it because that would be a waste of their time. They'll use some other method. In which case we may as well use a standard cipher and get the convenience of never having to return to HQ to "recharge" the pad.
Yes, PGP would have been a good solution in such a case. I've no idea why it wasn't used. ROT13 would not really have sufficed as any real attempt to compromise the message typically starts with frequency analysis which breaks ROT13 pretty quickly. ROT13 also has the drawback of being alphabetic only
ROT13 would not really have sufficed as any real attempt to compromise the message typically starts with frequency analysis which breaks ROT13 pretty quickly. ROT13 also has the drawback of being alphabetic only
The method you described sounds pretty insecure to me, so I can only assume that Alice and Bob expected there would be no real attempts to compromise the message. Therefore, ROT13 (or a substitution cipher that works for non alphabetic data) would have been fine. Okay, perhaps I exaggerate a bit; ROT13 could probably be broken by people who don't even know much about cryptography so you might want something a little better, but still, it's not a high security situation.
There is a defense from torture etc, and that is plausible deniability. For streaming purposes that would be sending the encrypted data together with an equal amount of random data, and claiming there is no message in the random data.
Somebody sent me today the link to the newborn company that claims it solved the secured communication problem in a new original way: www.alessoft.com
I was to lazy to download the documentation. It's all about accessing the server applications in a very secured way using SMTP protocol (email).
See if it can help you...
Somebody sent me today the link to the newborn company that claims it solved the secured communication problem in a new original way: www.alessoft.com
I was to lazy to download the documentation. It's all about accessing the server applications in a very secured way using SMTP protocol (email).
See if it can help you...
Damn! That used to be Top Secret! Alan Turing Himself first came up with it, and that's why they secretly poisoned him ... so he wouldn't divulge the secret! And now, here's this company, spilling everything!! Gasp!! Now the secret's out!
Frankly speaking, I don't understand what are you talking about... Sorry!
The product looks interesting, I got the documentation, but just need to digest the information...
What do you think?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.