News:

I hope she gets diverticulitis and all her poop kills her.

Main Menu

The Advent of Netwar

Started by Cain, February 06, 2008, 02:29:06 PM

Previous topic - Next topic

Cain

I would have been looking at PGP or one time pads myself.

TheLastLump

Aw... that's sad to hear. I knew the one-time pad was the best option, but I've read it's too inflexible when it comes to ways you can apply it. A simple vignere cypher at least keeps n00bs and people who don't know much about cracking codes out of your hair.

I'm just starting to learn C++ programming, but the site I'm taking notes from ( http://www.cprogramming.com/begin.html ) isn't very thorough. They leave alot of stuff out that somebody who knows nothing about programming would need to know, and it's getting abit irritating; a couple lessons in and I feel like I'm learning stuff I'm not ready to use yet. Anybody know if there's a better "C++: the n00b edition!" sorta guide out there?
"It's a dog-eat-dog world, Jesus, please holla back..." -The Game

doughboy359: Don't be angry cause you're a heretical pagan, we'll still accept you if you convert. Doughboy, on being a Catholic.

Bebek Sincap Ratatosk

Quote from: Cain on May 09, 2008, 05:33:07 PM
I would have been looking at PGP or one time pads myself.

OTP's are very very secure... in some sense, but they have some serious flaws, particularly in a decentralized situation. OTP's require very random data, a secure transport mechanism and physical security of whatever pads exist.

Asymmetric encryption, on the other hand, like PGP or GPG can use a public channel for distributing the public key and all the random (plus key sizes) are handled in software.

I would probably recommend a GPG or PGP solution for the sort of stuff discussed here.

Basically, every member of the group would need to install GPG or PGP and create their own Public/Private keypair. They could then cut/paste the public key into a thread here at PD.com and anyone could then send encrypted communication to anyone else with GPG/PGP. A single message can be encrypted with multiple keys so if I wanted to send a encrypted message to Hoopla, Cram and Cain, I could do so... and each of them would only need their own private key and the passphrase they use to protect that key.

Basically it could work like this:

Write text -> Use Public Key for pd.com users x, y and z -> post encrypted message at PD.com -> Users x, y and z can decrypt the data... no one else can.

If we use pseudonyms and proxies for those posts, it also tangles any lines connecting us rather well.
- I don't see race. I just see cars going around in a circle.

"Back in my day, crazy meant something. Now everyone is crazy" - Charlie Manson

Dr. Pataphoros, SpD

Quote from: Ratatosk on May 09, 2008, 03:12:35 PM
This is the correct cryptocycle. Polyalphabetic substitution is not a secure way of encrypting anything anymore. Either one time pads (which includes the deck of cards method), symmetric encryption of at least 128 bits or asymmetric encryption of at least 1024 bits is necessary to defeat common cryptanalysis. For NSA level analysis, well, who knows...


I worked at the NSA, so I know.  While I can't give details, let's just say that if there's something the NSA wants to know they have the means to know it.  Sounds conspiracy-nut-like for me to say that, but like I said, I worked there for six years.

-R
-Padre Pataphoros, Bearer of Nine Names, Custodian of the Gate to the Forward Four, The Man Called Nobody, Philosopher of the Eleventeenth Sphere, The Noisy Ninja, Guardian of the Silver Hammer, Patron of the Perpetual Plan B, The Lord High Slacker, [The Secret Name of Power]

Bebek Sincap Ratatosk

Quote from: Pataphoros on May 09, 2008, 06:00:34 PM
Quote from: Ratatosk on May 09, 2008, 03:12:35 PM
This is the correct cryptocycle. Polyalphabetic substitution is not a secure way of encrypting anything anymore. Either one time pads (which includes the deck of cards method), symmetric encryption of at least 128 bits or asymmetric encryption of at least 1024 bits is necessary to defeat common cryptanalysis. For NSA level analysis, well, who knows...


I worked at the NSA, so I know.  While I can't give details, let's just say that if there's something the NSA wants to know they have the means to know it.  Sounds conspiracy-nut-like for me to say that, but like I said, I worked there for six years.

-R

I have had a number of friends that have worked with various Three Letter Acronyms and I have gotten that same line from some of them... except for my friend from Navy Intel. He told me to shut up and not ask him questions about such things (even though we talked about all sorts of other Military stuff).

While I find the other responses to be in line with my thinking... I've often wondered if Simon was really the only one 'in the know'. He also spoke Pharsee which is cool.
- I don't see race. I just see cars going around in a circle.

"Back in my day, crazy meant something. Now everyone is crazy" - Charlie Manson

Cain

Thats a point, if you want to keep something secret, learn Farsi and Arabic, since the in-thing seems to be firing people who can speak the language for being gay and letting the paperwork pile up.

Bebek Sincap Ratatosk

Quote from: Cain on May 09, 2008, 06:14:07 PM
Thats a point, if you want to keep something secret, learn Farsi and Arabic, since the in-thing seems to be firing people who can speak the language for being gay and letting the paperwork pile up.

HorrorMirth ITT
- I don't see race. I just see cars going around in a circle.

"Back in my day, crazy meant something. Now everyone is crazy" - Charlie Manson

Verbal Mike

Rata, I never understood the PGP/GPG concept until now... The simplicity is mind-bogglingly amazing. Thanks for the explanation.
By the way, I just started working for an online banking company... Most of my work will at least involve security/validation procedures, so training has really got me thinking about security. Any recommended book to read as a first general introduction to  information-age security? I'm thinking this job can be a great opportunity to experience real-life cases to get my head around security. I also have a distinct feeling that far too much of the company's security depends on hoping fraudsters don't figure out our procedures... Meaning I should eventually be able to figure out a foolproof way to scam the company, if my hunch is right. Would be a sweet way to wow my superiors and possibly get a more interesting position...
Unless stated otherwise, feel free to copy or reproduce any text I post anywhere and any way you like. I will never throw a hissy-fit over it, promise.

Cain

As someone who is not a programmer but has an abiding interest in security of all sorts, I highly recommend:

Bruce Schneier - Applied Cryptography
Dennis Gluth - A beginner's guide to hacking computing systems
The Institute for Security Technology Studies - Cyberwarfare
Kevin Mitnick - The Art of Deception

fomenter

i looked up PGP on the Internet last week and the web sites promoting /it offering free downloads seem to be claiming near invulnerability true or not??
"So she says to me, do you wanna be a BAD boy? And I say YEAH baby YEAH! Surf's up space ponies! I'm makin' gravy... Without the lumps. HAAA-ha-ha-ha!"


hmroogp

TheLastLump

Not sure; this is the first I've heard of it. If your company's interested in security, you might want to get BugTraq (sp?) mailing list. Don't get too many- it'll fill your box up real quick.

I found out how to hack a Mitsubishi from that list; they post all sorts of new exploits and ways to counter it. Good stuff.
"It's a dog-eat-dog world, Jesus, please holla back..." -The Game

doughboy359: Don't be angry cause you're a heretical pagan, we'll still accept you if you convert. Doughboy, on being a Catholic.

Cain

According to Bruce Schneier, PGP's as good as it gets, and as close as a civilian will come to military grade encryption.

In US vs Boucher, federal investigators complained it was nearly impossible to access the defendants computer and actually impossible to read drive Z (where they were looking for illegal photos), which was 2 years ago.

Furthermore, if you are in the USA, your encryption passwords are protected by the Fifth Amendment.

fomenter

i take the 5th

sounds  cryptocool, if i get PGP and figure it out all i will need is some one to send secret messages to and something worth keeping secret
"So she says to me, do you wanna be a BAD boy? And I say YEAH baby YEAH! Surf's up space ponies! I'm makin' gravy... Without the lumps. HAAA-ha-ha-ha!"


hmroogp

Cain

Just send e-books (from Project Gutenburg) back and forth among your friends, encrypted.

It'll wind up the NSA no end.

fomenter

#29
if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-if you are reading this you work for the nsa-

encrypt and send 
 
extra windup if sent to Islamic organisations
"So she says to me, do you wanna be a BAD boy? And I say YEAH baby YEAH! Surf's up space ponies! I'm makin' gravy... Without the lumps. HAAA-ha-ha-ha!"


hmroogp