LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-19-2012, 07:52 AM   #31
iddles
LQ Newbie
 
Registered: Aug 2012
Posts: 4

Rep: Reputation: Disabled

Another practical and far more common scenario than governments-controlling-nukes is mobiles. That is, mobile phones, computers, police cars; anything mobile that needs to communicate with HQ, and which do periodically physically return to those headquarters. As already mentioned, data storage is cheap these days, and data transfer for voice or even video fairly efficient in terms of data usage. When mobiles physically return to headquarters; e.g. police cars returning to the garage, walkie-talkies being docked for re-charging, laptops put back on the desk; pad transfer can happen securely, as it is happening within secure premises and does not need to be transported anywhere that interception could be considered a risk. The mobiles can consume the pads throughout the day while out and about, with an unbreakable communications stream back to headquarters, deleting chunks of pad as they are used in case the mobiles are stolen.

This is not merely theoretical.
 
Old 08-19-2012, 09:18 AM   #32
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,774

Rep: Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081
@NyteOwl: I think that's a great example of a case where PGP would be more secure, although it sounds like ROT13 would have sufficed.

@iddles: That sounds like a plausible scenario. However, I still don't think the 100% unbreakability is that significant: a likely attack is putting spyware on the laptop. You might object because that would be a weakness regardless of the cipher. But my point is that even if you use a standard (theoretically breakable) cipher, an attacker won't try to break it because that would be a waste of their time. They'll use some other method. In which case we may as well use a standard cipher and get the convenience of never having to return to HQ to "recharge" the pad.
 
Old 08-19-2012, 03:08 PM   #33
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Yes, PGP would have been a good solution in such a case. I've no idea why it wasn't used. ROT13 would not really have sufficed as any real attempt to compromise the message typically starts with frequency analysis which breaks ROT13 pretty quickly. ROT13 also has the drawback of being alphabetic only
 
Old 08-19-2012, 07:42 PM   #34
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,774

Rep: Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081
Quote:
Originally Posted by NyteOwl View Post
ROT13 would not really have sufficed as any real attempt to compromise the message typically starts with frequency analysis which breaks ROT13 pretty quickly. ROT13 also has the drawback of being alphabetic only
The method you described sounds pretty insecure to me, so I can only assume that Alice and Bob expected there would be no real attempts to compromise the message. Therefore, ROT13 (or a substitution cipher that works for non alphabetic data) would have been fine. Okay, perhaps I exaggerate a bit; ROT13 could probably be broken by people who don't even know much about cryptography so you might want something a little better, but still, it's not a high security situation.
 
Old 10-13-2012, 04:10 AM   #35
Charles Butler
LQ Newbie
 
Registered: Jul 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ntubski View Post
Even one-time pad is vulnerable to rubber hose cryptanalysis, or the $5 wrench.
There is a defense from torture etc, and that is plausible deniability. For streaming purposes that would be sending the encrypted data together with an equal amount of random data, and claiming there is no message in the random data.
 
Old 10-25-2012, 01:02 PM   #36
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Rep: Reputation: Disabled
Somebody sent me today the link to the newborn company that claims it solved the secured communication problem in a new original way: www.alessoft.com
I was to lazy to download the documentation. It's all about accessing the server applications in a very secured way using SMTP protocol (email).
See if it can help you...
 
Old 10-25-2012, 01:58 PM   #37
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,609
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by evgenyz View Post
Somebody sent me today the link to the newborn company that claims it solved the secured communication problem in a new original way: www.alessoft.com
I was to lazy to download the documentation. It's all about accessing the server applications in a very secured way using SMTP protocol (email).
See if it can help you...
Damn! That used to be Top Secret! Alan Turing Himself first came up with it, and that's why they secretly poisoned him ... so he wouldn't divulge the secret! And now, here's this company, spilling everything!! Gasp!! Now the secret's out!
 
Old 10-25-2012, 02:18 PM   #38
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Rep: Reputation: Disabled
Frankly speaking, I don't understand what are you talking about... Sorry!
The product looks interesting, I got the documentation, but just need to digest the information...
What do you think?
 
Old 10-27-2012, 06:02 AM   #39
pin
LQ Newbie
 
Registered: Oct 2012
Posts: 4

Rep: Reputation: Disabled
The product is ABSOLUTELY UNBREAKABLE (at least this what they claim...)
 
Old 10-29-2012, 11:50 AM   #40
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,609
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by pin View Post
The product is ABSOLUTELY UNBREAKABLE (at least this what they claim...)
They always do.
 
Old 10-29-2012, 01:01 PM   #41
pin
LQ Newbie
 
Registered: Oct 2012
Posts: 4

Rep: Reputation: Disabled
get their PP presentation. It's interesting approach. I sent them email and asked for trail license...
Wnt to test in my server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
One-time pad cryptography CoderMan Debian 2 04-27-2009 08:19 PM
LXer: Google takes aim at Microsoft with more e-mail security products LXer Syndicated Linux News 0 02-06-2008 04:30 AM
LXer: 'Business responsible for security of digital products and services' LXer Syndicated Linux News 0 11-04-2006 09:21 PM
LXer: Report: New Linux Security Products Glimmer On Horizon LXer Syndicated Linux News 0 10-27-2006 10:54 PM
LXer: The 25 worst tech products of all time LXer Syndicated Linux News 0 05-27-2006 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration