<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">I think this is an interesting article about the history of cypherpunks and how bitcoin and cryptos were born. Worth the read and I hope people stop killing great projects with stupid finance... <a href="https://medium.com/@franparga/this-time-is-different-9a5feeb6975b">https://medium.com/@franparga/this-time-is-different-9a5feeb6975b</a><div><br></div><div>Thank you for keeping this mailing list alive!</div><div><br></div><div><br><br><div id="AppleMailSignature">Enviado desde mi iPhone</div><div><br>El 22 dic 2017, a las 18:00, <a href="mailto:cryptography-request@metzdowd.com">cryptography-request@metzdowd.com</a> escribió:<br><br></div><blockquote type="cite"><div><span>Send cryptography mailing list submissions to</span><br><span> <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span></span><br><span>To subscribe or unsubscribe via the World Wide Web, visit</span><br><span> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></span><br><span>or, via email, send a message with subject or body 'help' to</span><br><span> <a href="mailto:cryptography-request@metzdowd.com">cryptography-request@metzdowd.com</a></span><br><span></span><br><span>You can reach the person managing the list at</span><br><span> <a href="mailto:cryptography-owner@metzdowd.com">cryptography-owner@metzdowd.com</a></span><br><span></span><br><span>When replying, please edit your Subject line so it is more specific</span><br><span>than "Re: Contents of cryptography digest..."</span><br><span></span><br><span></span><br><span>Today's Topics:</span><br><span></span><br><span> 1. Re: paragraph with expected frequencies (John Denker)</span><br><span> 2. Re: Rubber-hose resistance? (Patrick Chkoreff)</span><br><span> 3. Re: Lakestone Bank and Trust Just Made A Problem, Oopsie</span><br><span> (Georgi Guninski)</span><br><span> 4. Bitcoin, fork you very much (John Levine)</span><br><span> 5. Re: Rubber-hose resistance? (Nico Williams)</span><br><span> 6. Web voting service (Phillip Hallam-Baker)</span><br><span> 7. Re: Rubber-hose resistance? (Jeremy Stanley)</span><br><span> 8. Re: Bitcoin, fork you very much (Natanael)</span><br><span> 9. Re: Bitcoin theft and the future of cryptocurrencies</span><br><span> (Tom Mitchell)</span><br><span> 10. Zcash 2nd Ceremony Call for Review / Participation, @Snowden</span><br><span> EFF ACLU Privacy Updates (grarpamp)</span><br><span> 11. Re: Rubber-hose resistance? (Jerry Leichter)</span><br><span> 12. Re: Rubber-hose resistance? (Peter Gutmann)</span><br><span> 13. Re: Rubber-hose resistance? (Jeremy Stanley)</span><br><span> 14. Re: paragraph with expected frequencies (Robin Wood)</span><br><span> 15. Re: Lakestone Bank and Trust Just Made A Problem, Oopsie</span><br><span> (John Levine)</span><br><span> 16. Re: Rubber-hose resistance? (Patrick Chkoreff)</span><br><span> 17. Happy birthday, Tommy Flowers! (Dave Horsfall)</span><br><span> 18. Cybersecurity Regulation for Crypto Exchanges (Aimable Niyikiza)</span><br><span> 19. Re: Rubber-hose resistance? (Gé Weijers)</span><br><span></span><br><span></span><br><span>----------------------------------------------------------------------</span><br><span></span><br><span>Message: 1</span><br><span>Date: Thu, 21 Dec 2017 07:07:41 -0700</span><br><span>From: John Denker <<a href="mailto:jsd@av8n.com">jsd@av8n.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] paragraph with expected frequencies</span><br><span>Message-ID: <<a href="mailto:e0be2c4b-6084-c4b3-c0b7-a73b25af93d0@av8n.com">e0be2c4b-6084-c4b3-c0b7-a73b25af93d0@av8n.com</a>></span><br><span>Content-Type: text/plain; charset=utf-8</span><br><span></span><br><span>On 12/20/2017 02:02 AM, Robin Wood wrote:</span><br><blockquote type="cite"><span>I'm working on a bit of crypto with my young daughter and we are about to</span><br></blockquote><blockquote type="cite"><span>look at frequency analysis. Are there any short UK English paragraphs where</span><br></blockquote><blockquote type="cite"><span>the frequency of letters is about what you would expect based on frequency</span><br></blockquote><blockquote type="cite"><span>charts? i.e. E then T, A and O.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Bonus if the digraphs are also roughly in order.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>I want to count the letters by hand so don't want anything too long and it</span><br></blockquote><blockquote type="cite"><span>has to be PG content.</span><br></blockquote><span></span><br><span></span><br><span>The question is both trivial to answer, and impossible.</span><br><span></span><br><span>It is trivial for linguistic and cryptological reasons:</span><br><span>Almost any reasonably large sample of English will</span><br><span>display characteristic English letter-frequencies.</span><br><span></span><br><span>This is not mathematically guaranteed; it is just a</span><br><span>known property of natural language.</span><br><span></span><br><span>It is an important property. Frequency analysis is</span><br><span>not a known-text or chosen-text attack, where you</span><br><span>know a_priori that the text has the exact "expected</span><br><span>frequencies". It works for any halfway-reasonable</span><br><span>text. This is the fatal weakness of any monoalphabetic</span><br><span>substitution cipher.</span><br><span></span><br><span>==========</span><br><span></span><br><span>In contrast, there are good mathematical reasons why</span><br><span>no finite sample will display the "expected frequencies"</span><br><span>exactly.</span><br><span></span><br><span>Frequency is a type of probability. There are lots of</span><br><span>probabilities in this world, and lots of frequencies.</span><br><span>In this case we are particularly interested in the</span><br><span>/population/ i.e. all possible texts, which is an</span><br><span>effectively infinite set, and various finite /samples/</span><br><span>that might be drawn from the population. Statisticians</span><br><span>give these terms technical meanings which unfortunately</span><br><span>diverge from the meanings in any other context, but</span><br><span>let's stick with the statistical definitions here.</span><br><span></span><br><span>The frequencies observed on any sample will converge</span><br><span>to the frequencies on the population in the limit</span><br><span>of large sample-sizes ... but we are talking about</span><br><span>convergence in the limit, not equality for any finite</span><br><span>sample.</span><br><span></span><br><span>For any finite sample, /statistical fluctuations/</span><br><span>guarantee that the sample frequencies are expected</span><br><span>to differ from the population frequencies. You can</span><br><span>use properties of the population to predict the</span><br><span>distribution of fluctuations (as a function of</span><br><span>sample size) if you want.</span><br><span></span><br><span>The larger the number of observables (e.g. the 26</span><br><span>different letter frequencies) the smaller your</span><br><span>chance of seeing the "expected frequencies" exactly.</span><br><span></span><br><span>On the other hand, the point of the exercise is</span><br><span>statistical /inference/. Frequency analysis allows</span><br><span>you to infer that the text is English, as opposed</span><br><span>to gibberish. With a reasonable-sized sample, you</span><br><span>can infer this with high confidence _despite_ the</span><br><span>fluctuations. The confidence will never be exactly</span><br><span>100%, because the tail of the English distribution</span><br><span>will overlap the tail of the gibberish distribution</span><br><span>"somewhat", but this is not a problem in practice.</span><br><span></span><br><span>Even if you could hunt up a sample that did have</span><br><span>the exact "expected frequencies", it would be very</span><br><span>unwise to use it as the basis of a lesson, because</span><br><span>it would teach a wrong lesson about statistical</span><br><span>fluctuations and statistical inference.</span><br><span></span><br><span>==> A much better lesson would be to repeat the</span><br><span>experiment with a few different sample-sizes from</span><br><span>the same source, to demonstrate the mathematical</span><br><span>point about fluctuations and convergence ... and</span><br><span>then compare a few disparate sources (e.g. Dickens</span><br><span>versus Rowling), to demonstrate the linguistic</span><br><span>point about near-invariance of the frequencies.</span><br><span>Thirdly, histogram a random process (diceware)</span><br><span>as a control.</span><br><span></span><br><span>Counting using tally-marks (a) is easier and (b)</span><br><span>constructs a histogram on the fly. Plot a large</span><br><span>sample with N subsamples, using N colors of ink,</span><br><span>all on the same cumulative histogram, so you can</span><br><span>see the fluctuations and the convergence at a glance.</span><br><span></span><br><span>Digraphs converge 26 times more slowly, for obvious</span><br><span>reasons, and so require much larger samples. This</span><br><span>should come several turns later on the pedagogical</span><br><span>spiral.</span><br><span></span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 2</span><br><span>Date: Thu, 21 Dec 2017 09:09:42 -0500</span><br><span>From: Patrick Chkoreff <<a href="mailto:patrick@rayservers.net">patrick@rayservers.net</a>></span><br><span>Cc: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:79f6cef6-bdf9-e5ee-8c19-40ffc5e6ee9b@rayservers.net">79f6cef6-bdf9-e5ee-8c19-40ffc5e6ee9b@rayservers.net</a>></span><br><span>Content-Type: text/plain; charset=utf-8</span><br><span></span><br><span>Jerry Leichter wrote on 12/20/2017 10:29 PM:</span><br><span></span><br><blockquote type="cite"><span>Then you don't understand how SSD's work.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The number of pages actually available inside the SSD may be - likely is - quite a bit larger than the size visible outside the device. When you write a block, it goes on some page. You don't know - there's no interface to find out - what page that block lies on. If you write the same block again, it almost certainly ends up on some other page. The old page goes into a "to be erased and reused later" list.</span><br></blockquote><span></span><br><span>Thanks, that's good to know.</span><br><span></span><br><span></span><br><blockquote type="cite"><span>Just because you filled up every block does not mean the list of free pages is empty. Nor does it mean those pages have been erased.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>There is simply no way to know you've erased all the pages in an SSD using only the interface the device presents to you that makes it look like a disk.</span><br></blockquote><span></span><br><span>Got it.</span><br><span></span><br><span></span><br><blockquote type="cite"><span>If you don't know enough about how the device you are trying to erase is organized internally to rule out or rule in such possibilities, you have no business claiming you have an effective erasure tool.</span><br></blockquote><span></span><br><span>Now I claim the opposite: No such tool exists, and it is impossible to</span><br><span>create one in software only.</span><br><span></span><br><span>The border crossing scenario just got more difficult. If you copy</span><br><span>anything to the laptop, and then try to erase it using software</span><br><span>techniques only, there is no way to be sure that it's gone.</span><br><span></span><br><span>I suppose now it's safest just to shred the SSD physically before you</span><br><span>return from the trip. Either return with no hard drive or install a spare.</span><br><span></span><br><span></span><br><span>-- Patrick</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 3</span><br><span>Date: Thu, 21 Dec 2017 17:07:28 +0200</span><br><span>From: Georgi Guninski <<a href="mailto:guninski@guninski.com">guninski@guninski.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Lakestone Bank and Trust Just Made A</span><br><span> Problem, Oopsie</span><br><span>Message-ID: <<a href="mailto:20171221150728.GC844@sivokote.iziade.m">20171221150728.GC844@sivokote.iziade.m</a>$></span><br><span>Content-Type: text/plain; charset=us-ascii</span><br><span></span><br><span>On Wed, Dec 20, 2017 at 10:33:20PM -0500, grarpamp wrote:</span><br><blockquote type="cite"><span>OP's:</span><br></blockquote><blockquote type="cite"><span><a href="https://www.facebook.com/groups/Ethereum/permalink/1393594610766582/">https://www.facebook.com/groups/Ethereum/permalink/1393594610766582/</a></span><br></blockquote><blockquote type="cite"><span>294 Likes843 Comments189 Shares</span><br></blockquote><blockquote type="cite"><span><a href="https://www.facebook.com/LakestoneBank/">https://www.facebook.com/LakestoneBank/</a></span><br></blockquote><blockquote type="cite"><span><a href="https://m.facebook.com/LakestoneBank/reviews/">https://m.facebook.com/LakestoneBank/reviews/</a></span><br></blockquote><blockquote type="cite"><span><a href="https://www.reddit.com/r/Bitcoin/comments/7l461c/banks_trying_to_come_down_on_crypto_investers/">https://www.reddit.com/r/Bitcoin/comments/7l461c/banks_trying_to_come_down_on_crypto_investers/</a></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>This greedy bank well might kill herself, possibly downing large</span><br><span>amount of the rest of Ponzi scheme banks.</span><br><span>It is enough critical (possibly not large) part of their lusers </span><br><span>to ask their money back.</span><br><span></span><br><span>This leads to the question:</span><br><span></span><br><span>How would a cryptocurrency work if the banking system is down or there</span><br><span>is global hyperinflation?</span><br><span></span><br><span>AFAIK the bitcoin core blockchain is about 150G and it can't track</span><br><span>every beer bought for pico BTC.</span><br><span></span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 4</span><br><span>Date: 21 Dec 2017 11:20:42 -0500</span><br><span>From: "John Levine" <<a href="mailto:johnl@iecc.com">johnl@iecc.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: [Cryptography] Bitcoin, fork you very much</span><br><span>Message-ID: <<a href="mailto:20171221162042.4D3B1183C4A3@ary.qy">20171221162042.4D3B1183C4A3@ary.qy</a>></span><br><span>Content-Type: text/plain; charset=utf-8</span><br><span></span><br><span>Let's say I'm with the Chinese government and decide that I am tired</span><br><span>of people evading currency controls and money laundering with Bitcoin.</span><br><span>So we adjust the Great Firewall of China to block port 8333. We also</span><br><span>add some MITM proxies that take newly mined blocks from the Chinese</span><br><span>side, rewrite them to put the newly mined btc into government-approved</span><br><span>wallets, fill up the blocks with transactions from outside China, and</span><br><span>send them along.</span><br><span></span><br><span>Since a large fraction of the miners are inside China and all of the</span><br><span>hard currency exchanges are outside, this is a pretty serious fork.</span><br><span>No doubt people will start trying to evade the block, but the the GFoC</span><br><span>works pretty well, and any evasion will take a while to start being</span><br><span>effective. It'd also be easy to tell who was trying to evade (look at</span><br><span>the blocks in the chains they publish) and send someone around to chat</span><br><span>with them.</span><br><span></span><br><span>Even if the two sides are eventually reunited, then what? It'd be</span><br><span>obvious which blocks had been rewritten, but even if there was some</span><br><span>improbable global consensus to disregard them, what happens to all of</span><br><span>the transactions?</span><br><span></span><br><span>Am I missing anything important here?</span><br><span></span><br><span>R's,</span><br><span>John</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 5</span><br><span>Date: Thu, 21 Dec 2017 10:37:16 -0600</span><br><span>From: Nico Williams <<a href="mailto:nico@cryptonector.com">nico@cryptonector.com</a>></span><br><span>To: Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>></span><br><span>Cc: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <20171221163714.GA12282@localhost></span><br><span>Content-Type: text/plain; charset=us-ascii</span><br><span></span><br><span>On Wed, Dec 20, 2017 at 06:31:24PM +0000, Jeremy Stanley wrote:</span><br><blockquote type="cite"><span>Also, when crossing some borders, your devices may leave your person</span><br></blockquote><blockquote type="cite"><span>and be out of visual range for extended periods of time before you</span><br></blockquote><blockquote type="cite"><span>get them back. In such circumstances do you consider them probably</span><br></blockquote><blockquote type="cite"><span>compromised (perhaps even at the firmware or hardware level) and</span><br></blockquote><blockquote type="cite"><span>quarantine or dispose of them accordingly?</span><br></blockquote><span></span><br><span>If that happens you just dispose of the devices.</span><br><span></span><br><span>A simple defense against this sort of attack is to carry just a</span><br><span>raspberry pi and an SD card with a minimal OS and content. You can</span><br><span>always buy a new SD card, download an image, and build yourself a remote</span><br><span>access terminal. It's pretty simple. It's not likely that customs will</span><br><span>have a hardware attach for every SBC out there, and you can always</span><br><span>inspect it, as these computers are very small and their boards highly</span><br><span>accessible.</span><br><span></span><br><span>If you stay at a hotel then chances are you can just display onto the</span><br><span>room's TV with an HDMI cable. Or you can carry a 14" portable display</span><br><span>-- these are widely available and cheap.</span><br><span></span><br><span>You will have to carry a keyboard and mouse, but that's a plus. I</span><br><span>always do anyways for ergonomics reasons, and maybe so should you.</span><br><span></span><br><span>This approach compares well to a proper laptop if all you'll be needing</span><br><span>is a terminal anyways.</span><br><span></span><br><span>Nico</span><br><span>-- </span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 6</span><br><span>Date: Thu, 21 Dec 2017 13:09:45 -0500</span><br><span>From: Phillip Hallam-Baker <<a href="mailto:phill@hallambaker.com">phill@hallambaker.com</a>></span><br><span>To: Cryptography Mailing List <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: [Cryptography] Web voting service</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CAMm+LwjdVTfoY_4bdjh6tk+OGnsa7B8nQB3u0fZcfhD_Wmi4TA@mail.gmail.com">CAMm+LwjdVTfoY_4bdjh6tk+OGnsa7B8nQB3u0fZcfhD_Wmi4TA@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>I am currently deploying the Mesh services for an external test and looking</span><br><span>for small, self-contained applications that can be supported thereon.</span><br><span></span><br><span>The basic premise of the Mesh is that it becomes really easy to do a lot of</span><br><span>cool cryptography iff we get to a point where use of private keys for</span><br><span>security purposes is as fluent as passwords.</span><br><span></span><br><span>One facility I will eventually need is the ability to checkpoint assertions</span><br><span>about public keys in a linked hash log (aka Blockchain). Since I am not of</span><br><span>the proof of work faith, I am looking to DAG type approaches to assure</span><br><span>integrity of the hash log (aka HashGraph). So I am looking for a smallish</span><br><span>project that could showcase the effort and create a nucleus of services</span><br><span>that could later be built into a HashGraph infrastructure.</span><br><span></span><br><span></span><br><span>One facility I think we need is the ability to record non-anonymous votes.</span><br><span>This happens a lot in industry consortia where each member has a vote and</span><br><span>the way that they vote is public. [Yes anonymous is more interesting as a</span><br><span>problem but that can be built on the public voting scheme].</span><br><span></span><br><span>So the basic idea is that there is a Web Service that accepts two types of</span><br><span>data and records them in a hash log:</span><br><span></span><br><span>1) Votes</span><br><span>2) Witness values.</span><br><span></span><br><span>Assume I am not stupid and the votes are authenticated appropriately,</span><br><span>timestamped, etc. Votes can be encrypted until the close of the ballot is</span><br><span>declared, etc.</span><br><span></span><br><span>The Witness values are any unpredictable value published by any other</span><br><span>source that can be verified retrospectively. For example:</span><br><span></span><br><span>* A signed time source</span><br><span>* Any block chain output</span><br><span></span><br><span>Each witness value contains sufficient information to allow a third party</span><br><span>to verify it. Typically this would be a URI and possibly a date-time or</span><br><span>index value.</span><br><span></span><br><span>The hash log is signed every n minutes. When a vote (or any other value) is</span><br><span>enrolled in the hash log, the service provides a signed receipt. This</span><br><span>enables the voter to call fraud should their vote not be recorded. [For</span><br><span>additional bonus points we can add in Micali Fair Contracts which went out</span><br><span>of patent recently]</span><br><span></span><br><span></span><br><span>Now consider a situation in which there are multiple vote servers accepting</span><br><span>votes on the same ballot. If one goes down, another server can accept it.</span><br><span>All the vote counter then needs to do is check all the approved logs. This</span><br><span>prevents a form of fraud where the vote server goes down (or is DDoSed)</span><br><span>when the ballot is in one side's favor.</span><br><span></span><br><span></span><br><span>One building block for such a system would be a disclosure service which</span><br><span>publishes a list of public keys and then releases the corresponding private</span><br><span>key at a specified time. So I would probably publish key pairs for each</span><br><span>hour for the next 30 days, for each day for the next year and each week for</span><br><span>the next decade on a rolling basis. Easy enough to do from a single master</span><br><span>secret.</span><br><span></span><br><span>Using the same techniques as proxy re-encryption, people can choose</span><br><span>multiple services and build n of m type quorum schemes using Shamir secret</span><br><span>sharing on top. So if encrypted ballots are used and one of the disclosure</span><br><span>services dies, the system remains robust.</span><br><span>-------------- next part --------------</span><br><span>An HTML attachment was scrubbed...</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/fc6905aa/attachment-0001.html">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/fc6905aa/attachment-0001.html</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 7</span><br><span>Date: Thu, 21 Dec 2017 18:53:50 +0000</span><br><span>From: Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:20171221185350.GZ13067@yuggoth.org">20171221185350.GZ13067@yuggoth.org</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>On 2017-12-21 10:37:16 -0600 (-0600), Nico Williams wrote:</span><br><blockquote type="cite"><span>On Wed, Dec 20, 2017 at 06:31:24PM +0000, Jeremy Stanley wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>Also, when crossing some borders, your devices may leave your person</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>and be out of visual range for extended periods of time before you</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>get them back. In such circumstances do you consider them probably</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>compromised (perhaps even at the firmware or hardware level) and</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>quarantine or dispose of them accordingly?</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>If that happens you just dispose of the devices.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>A simple defense against this sort of attack is to carry just a</span><br></blockquote><blockquote type="cite"><span>raspberry pi and an SD card with a minimal OS and content. You can</span><br></blockquote><blockquote type="cite"><span>always buy a new SD card, download an image, and build yourself a remote</span><br></blockquote><blockquote type="cite"><span>access terminal. It's pretty simple. It's not likely that customs will</span><br></blockquote><blockquote type="cite"><span>have a hardware attach for every SBC out there, and you can always</span><br></blockquote><blockquote type="cite"><span>inspect it, as these computers are very small and their boards highly</span><br></blockquote><blockquote type="cite"><span>accessible.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>If you stay at a hotel then chances are you can just display onto the</span><br></blockquote><blockquote type="cite"><span>room's TV with an HDMI cable. Or you can carry a 14" portable display</span><br></blockquote><blockquote type="cite"><span>-- these are widely available and cheap.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>You will have to carry a keyboard and mouse, but that's a plus. I</span><br></blockquote><blockquote type="cite"><span>always do anyways for ergonomics reasons, and maybe so should you.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>This approach compares well to a proper laptop if all you'll be needing</span><br></blockquote><blockquote type="cite"><span>is a terminal anyways.</span><br></blockquote><span></span><br><span>That's fairly similar to how I've been handling things. When I</span><br><span>travel domestically I do so with homebrewed netbook-like devices</span><br><span>cobbled together from SBCs with commodity tablet-sized display</span><br><span>panels and USB mini-keyboards obtained from inexpensive tablet</span><br><span>cases. I'm a little uneasy trying to cross international borders</span><br><span>with homemade computers though, so I've resorted to using very cheap</span><br><span>"burner" mini-laptops that I won't be too upset if I have to ditch</span><br><span>(I tend to keep one in checked luggage and one in my carry-on in</span><br><span>case that happens). Most recently I've been using the Fusion5</span><br><span>lapbooks which run around us$160 and can run a fairly unmolested</span><br><span>Debian install with a mainline Linux kernel, but Chromebooks are</span><br><span>another popular choice for this among my colleagues who take similar</span><br><span>measures.</span><br><span></span><br><span>I've also invested in bulk packs of tamper-evident evidence bags</span><br><span>large enough to put my devices in, and rolls of tamper-evident</span><br><span>serial number labels to cover all ports on them. These are obviously</span><br><span>not foolproof, but they increase the amount of time an adversary</span><br><span>needs to muck with my hardware and still go undetected (I bring a</span><br><span>stack of bags, so that when I go out to dinner I can put my devices</span><br><span>in a fresh bag before putting that in the not-terribly-trustworthy</span><br><span>safe in my hotel room).</span><br><span></span><br><span>And as mentioned elsewhere in the thread, I too have determined that</span><br><span>a good, strong memorized password/passphrase is a safer choice to</span><br><span>bring across borders than an SSH key when it comes to having a way</span><br><span>to bootstrap my actual keys once I reach my destination. It's about</span><br><span>the only time I SSH with a password (been meaning to set up a second</span><br><span>sshd specifically for this with some sort of port-knocking scheme so</span><br><span>it's not easily discoverable by all the brute-forcing portscanners</span><br><span>out there, and then I can leave my normal sshd set for key-only</span><br><span>auth). I also tend to make short-lived keys I'll use while</span><br><span>travelling and yank their access as soon as I get home, just for</span><br><span>good hygiene.</span><br><span></span><br><span>Of course, travel into mainland China adds an extra layer of fun</span><br><span>here, but for the moment it's still possible to use a wireless modem</span><br><span>or phone tether with a SIM for a non-Chinese mobile provider on an</span><br><span>international roaming plan to get around the GFW block for SSH and</span><br><span>VPN protocols.</span><br><span>-- </span><br><span>Jeremy Stanley</span><br><span>-------------- next part --------------</span><br><span>A non-text attachment was scrubbed...</span><br><span>Name: signature.asc</span><br><span>Type: application/pgp-signature</span><br><span>Size: 949 bytes</span><br><span>Desc: Digital signature</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/1730aa4a/attachment-0001.sig">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/1730aa4a/attachment-0001.sig</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 8</span><br><span>Date: Thu, 21 Dec 2017 20:49:08 +0100</span><br><span>From: Natanael <<a href="mailto:natanael.l@gmail.com">natanael.l@gmail.com</a>></span><br><span>To: John Levine <<a href="mailto:johnl@iecc.com">johnl@iecc.com</a>></span><br><span>Cc: Cryptography Mailing List <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] Bitcoin, fork you very much</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CAAt2M1_ZiTO43B3XaUP8bHmq2UGmH_=yH-_tTbQuShAwMQt3ag@mail.gmail.com">CAAt2M1_ZiTO43B3XaUP8bHmq2UGmH_=yH-_tTbQuShAwMQt3ag@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>Den 21 dec. 2017 20:33 skrev "John Levine" <<a href="mailto:johnl@iecc.com">johnl@iecc.com</a>>:</span><br><span></span><br><span>Let's say I'm with the Chinese government and decide that I am tired</span><br><span>of people evading currency controls and money laundering with Bitcoin.</span><br><span>So we adjust the Great Firewall of China to block port 8333. We also</span><br><span>add some MITM proxies that take newly mined blocks from the Chinese</span><br><span>side, rewrite them to put the newly mined btc into government-approved</span><br><span>wallets, fill up the blocks with transactions from outside China, and</span><br><span>send them along.</span><br><span></span><br><span></span><br><span>Blocks are considered valid if;</span><br><span></span><br><span>* The syntax is correct for the header and for all transactions. The header</span><br><span>includes a Merkle tree hash of the transactions.</span><br><span>* If all values are within the correct limits, such as that the time of one</span><br><span>block may not be too far back or into the future compared to the prior one.</span><br><span>* If the miner's "coinbase transaction" is valid, that first transaction in</span><br><span>the block in which the miner claims the reward and fees to his own address.</span><br><span>He can't claim a larger payout than the available reward + fees in the</span><br><span>transactions bundled in the block.</span><br><span>* If all transactions only try to claim valid unspent transaction outputs</span><br><span>from previous transactions, and if they follow all the scripting rules</span><br><span>correctly (different address formats enforce different scripts), and if</span><br><span>outputs are not larger than the inputs.</span><br><span></span><br><span>And critically, where your idea fails:</span><br><span></span><br><span>* If the proof of work is valid, meaning that the integer representation of</span><br><span>SHA256(SHA256(block header)) is less than the current mining difficulty</span><br><span>target value.</span><br><span></span><br><span>Changing the coinbase transaction to steal the coins changes the Merkle</span><br><span>tree hash in the header and thus invalidates the proof of work, because the</span><br><span>header hash changes too - randomly. With a very very tiny probability to be</span><br><span>valid PoW.</span><br><span></span><br><span>(Note that the above criteria are not complete, there are more factors</span><br><span>involved. But they're sufficient to describe the concept.)</span><br><span></span><br><span>It's relatively much easier to just attempt to isolate your people from any</span><br><span>cryptocurrency nodes.</span><br><span>-------------- next part --------------</span><br><span>An HTML attachment was scrubbed...</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/5105e84a/attachment-0001.html">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/5105e84a/attachment-0001.html</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 9</span><br><span>Date: Thu, 21 Dec 2017 12:40:22 -0800</span><br><span>From: Tom Mitchell <<a href="mailto:mitch@niftyegg.com">mitch@niftyegg.com</a>></span><br><span>To: grarpamp <<a href="mailto:grarpamp@gmail.com">grarpamp@gmail.com</a>></span><br><span>Cc: Crypto <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] Bitcoin theft and the future of</span><br><span> cryptocurrencies</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CAAMy4USjJZrRGzVYUX=di8pob1NJCHtHSzTvdr+yd8BZWaB2Hg@mail.gmail.com">CAAMy4USjJZrRGzVYUX=di8pob1NJCHtHSzTvdr+yd8BZWaB2Hg@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>On Wed, Dec 20, 2017 at 5:37 PM, grarpamp <<a href="mailto:grarpamp@gmail.com">grarpamp@gmail.com</a>> wrote:</span><br><span></span><br><blockquote type="cite"><span>On Wed, Dec 20, 2017 at 2:47 PM, Tom Mitchell <<a href="mailto:mitch@niftyegg.com">mitch@niftyegg.com</a>> wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Cryptocurrency is the new cash.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Missing/Omitted in this thread is a mention of quantum computing vs.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>blockchain.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>At first quantum computing will be only available to nation states and</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>monster corporations.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Will they play nice? Then there may be AI discovered insights into</span><br></blockquote></blockquote><blockquote type="cite"><span>existing</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>methods with</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>or without quantum computing.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>see Programming Pearls by Bentley or as we all know "It is easy is you</span><br></blockquote></blockquote><blockquote type="cite"><span>know</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>how".</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>To the extent Q / AI are ranked as legit threats, then the same level</span><br></blockquote><blockquote type="cite"><span>of efforts should be being thrown into deploying Post Q/AI cryptocoin,</span><br></blockquote><blockquote type="cite"><span>and serious questions should be lodged and asked of those that don't.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>On the quantum computing side... it is here in the context of the</span><br><span>life of investments mod the ability to move from a pre-Q chain to a post-Q</span><br><span>chain.</span><br><span></span><br><span><a href="https://www.technologyreview.com/s/609451/ibm-raises-the-bar-with-a-50-qubit-quantum-computer/">https://www.technologyreview.com/s/609451/ibm-raises-the-bar-with-a-50-qubit-quantum-computer/</a></span><br><span></span><br><span>It does not take AI to add new twists to computation.</span><br><span><a href="https://www.technologyreview.com/s/609193/new-twists-in-the-road-to-quantum-supremacy/">https://www.technologyreview.com/s/609193/new-twists-in-the-road-to-quantum-supremacy/</a></span><br><span>If we are lucky "quantum supremacy stuff will be overhyped and</span><br><span>misunderstood"....</span><br><span></span><br><span></span><br><span>-- </span><br><span> T o m M i t c h e l l</span><br><span>-------------- next part --------------</span><br><span>An HTML attachment was scrubbed...</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/442ff8ea/attachment-0001.html">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/442ff8ea/attachment-0001.html</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 10</span><br><span>Date: Fri, 22 Dec 2017 00:27:50 -0500</span><br><span>From: grarpamp <<a href="mailto:grarpamp@gmail.com">grarpamp@gmail.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Cc: <a href="mailto:tor-talk@lists.torproject.org">tor-talk@lists.torproject.org</a></span><br><span>Subject: [Cryptography] Zcash 2nd Ceremony Call for Review /</span><br><span> Participation, @Snowden EFF ACLU Privacy Updates</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CAD2Ti2_QBdN=PnUqFA5v06RR4=95bbjYTnbWbHf=OcA_4YicZw@mail.gmail.com">CAD2Ti2_QBdN=PnUqFA5v06RR4=95bbjYTnbWbHf=OcA_4YicZw@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="UTF-8"</span><br><span></span><br><span>The Zcash Foundation’s Powers of Tau Ceremony</span><br><span></span><br><span>The Zcash Foundation is excited to announce that we have already begun</span><br><span>coordinating a Powers of Tau ceremony. Because the results of this</span><br><span>ceremony are intended for general public use (not just for Zcash), we</span><br><span>want to involve as many diverse participants as possible</span><br><span>(professionals, startups, enterprises, and even just ordinary members</span><br><span>of the community).</span><br><span></span><br><span><a href="https://z.cash.foundation/blog/powers-of-tau/">https://z.cash.foundation/blog/powers-of-tau/</a></span><br><span><a href="https://lists.z.cash.foundation/pipermail/zapps-wg/2017/thread.html">https://lists.z.cash.foundation/pipermail/zapps-wg/2017/thread.html</a></span><br><span><a href="https://eprint.iacr.org/2017/1050">https://eprint.iacr.org/2017/1050</a></span><br><span><a href="https://github.com/ZcashFoundation/powersoftau-attestations/">https://github.com/ZcashFoundation/powersoftau-attestations/</a></span><br><span><a href="https://chat.zcashcommunity.com/channel/mpc">https://chat.zcashcommunity.com/channel/mpc</a></span><br><span><a href="https://github.com/ebfull/powersoftau/">https://github.com/ebfull/powersoftau/</a></span><br><span></span><br><span><a href="https://z.cash/tag/sapling.html">https://z.cash/tag/sapling.html</a></span><br><span></span><br><span><a href="https://z.cash/technology/zksnarks.html">https://z.cash/technology/zksnarks.html</a></span><br><span><a href="https://z.cash/technology/paramgen.html">https://z.cash/technology/paramgen.html</a></span><br><span><a href="https://z.cash/blog/generating-zcash-parameters.html">https://z.cash/blog/generating-zcash-parameters.html</a></span><br><span></span><br><span><a href="https://twitter.com/Snowden">https://twitter.com/Snowden</a></span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 11</span><br><span>Date: Thu, 21 Dec 2017 17:21:00 -0500</span><br><span>From: Jerry Leichter <<a href="mailto:leichter@lrw.com">leichter@lrw.com</a>></span><br><span>To: Patrick Chkoreff <<a href="mailto:patrick@rayservers.net">patrick@rayservers.net</a>></span><br><span>Cc: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:FD53C11B-3A02-48F6-ACD4-3776DF8EDA25@lrw.com">FD53C11B-3A02-48F6-ACD4-3776DF8EDA25@lrw.com</a>></span><br><span>Content-Type: text/plain; charset=us-ascii</span><br><span></span><br><blockquote type="cite"><span>The border crossing scenario just got more difficult. If you copy</span><br></blockquote><blockquote type="cite"><span>anything to the laptop, and then try to erase it using software</span><br></blockquote><blockquote type="cite"><span>techniques only, there is no way to be sure that it's gone.</span><br></blockquote><span>Correct. As an interesting datapoint: Apple's MacOS has a Disk Utility that does all kinds of low-level stuff on a disk. It used to provide a Secure Erase option, which erased everything on a hard drive using well-known techniques. It no longer does: Apple no longer sells any devices with "spinning rust" disks, just SSD's; and there is no secure way, even if you are the OS/driver author, to do a secure erasure.</span><br><span></span><br><span>Note that this is problem arises *because SSD's implement a backwards-compatible interface to a disk*. The underlying technology is actually not a great match to the way disks work; there's a lot of code inside and SSD to make the device "look like" a disk. The underlying layer *could* securely erase all the contents; and an interface to request erasure *could* be provided. Such interfaces have been proposed and perhaps even implemented, but as far as I know none has actually been implemented in a mass-market product. (It would not surprise me to learn that parts with this capability exist in specialized markets, e.g., for the military. The prices would likely be extremely high.)</span><br><span></span><br><span>For the rest of us, probably the best thing to do is to encrypt everything before it goes to the device. Destroy the key, and the device is logically erased instantly. (Both iPhones and some Android devices actually do this.)</span><br><span></span><br><span>Of course you run into the "turtles all the way down" problem: If you store the key on the device itself ... how do you erase it when you can't control what gets written where?</span><br><span></span><br><blockquote type="cite"><span>I suppose now it's safest just to shred the SSD physically before you</span><br></blockquote><blockquote type="cite"><span>return from the trip. Either return with no hard drive or install a spare.</span><br></blockquote><span>While the information may be *present* on the drive, getting it out requires specialized hardware and techniques. How valuable is this information? How serious an attack are you concerned about having to survive?</span><br><span> -- Jerry</span><br><span></span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 12</span><br><span>Date: Thu, 21 Dec 2017 22:26:42 +0000</span><br><span>From: Peter Gutmann <<a href="mailto:pgut001@cs.auckland.ac.nz">pgut001@cs.auckland.ac.nz</a>></span><br><span>To: Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>>, "<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>"</span><br><span> <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:1513895198544.66167@cs.auckland.ac.nz">1513895198544.66167@cs.auckland.ac.nz</a>></span><br><span>Content-Type: text/plain; charset="iso-8859-1"</span><br><span></span><br><span>Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>> writes:</span><br><span></span><br><blockquote type="cite"><span>When I travel domestically I do so with homebrewed netbook-like devices</span><br></blockquote><blockquote type="cite"><span>cobbled together from SBCs with commodity tablet-sized display panels and USB</span><br></blockquote><blockquote type="cite"><span>mini-keyboards obtained from inexpensive tablet cases.</span><br></blockquote><span></span><br><span>How do the TSA guys react when they open your bag and see a pile of strange</span><br><span>wired-together electronics?</span><br><span></span><br><span>Peter.</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 13</span><br><span>Date: Thu, 21 Dec 2017 22:32:24 +0000</span><br><span>From: Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:20171221223223.GA13067@yuggoth.org">20171221223223.GA13067@yuggoth.org</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>On 2017-12-21 22:26:42 +0000 (+0000), Peter Gutmann wrote:</span><br><span>[...]</span><br><blockquote type="cite"><span>How do the TSA guys react when they open your bag and see a pile</span><br></blockquote><blockquote type="cite"><span>of strange wired-together electronics?</span><br></blockquote><span>[...]</span><br><span></span><br><span>So far it's gone through the X-ray conveyor zipped up (I have it</span><br><span>strapped into a modified fabric CD organizer for convenience) at</span><br><span>least a couple dozen times and not raised any red flags. I expect it</span><br><span>looks pretty much like a typical tablet or netbook on profile.</span><br><span>-- </span><br><span>Jeremy Stanley</span><br><span>-------------- next part --------------</span><br><span>A non-text attachment was scrubbed...</span><br><span>Name: signature.asc</span><br><span>Type: application/pgp-signature</span><br><span>Size: 949 bytes</span><br><span>Desc: Digital signature</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/eac1a1fa/attachment-0001.sig">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/eac1a1fa/attachment-0001.sig</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 14</span><br><span>Date: Thu, 21 Dec 2017 23:05:25 +0000</span><br><span>From: Robin Wood <<a href="mailto:robin@digi.ninja">robin@digi.ninja</a>></span><br><span>To: John Denker <<a href="mailto:jsd@av8n.com">jsd@av8n.com</a>></span><br><span>Cc: Cryptography Mailing List <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] paragraph with expected frequencies</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CALmccy6bypD0sZ8R8VN25ZP44w6pB3409a=fCTk5k2+5LQH0gA@mail.gmail.com">CALmccy6bypD0sZ8R8VN25ZP44w6pB3409a=fCTk5k2+5LQH0gA@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>On Thu, 21 Dec 2017, 19:31 John Denker via cryptography, <</span><br><span><a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>> wrote:</span><br><span></span><br><blockquote type="cite"><span>On 12/20/2017 02:02 AM, Robin Wood wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>I'm working on a bit of crypto with my young daughter and we are about to</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>look at frequency analysis. Are there any short UK English paragraphs</span><br></blockquote></blockquote><blockquote type="cite"><span>where</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>the frequency of letters is about what you would expect based on</span><br></blockquote></blockquote><blockquote type="cite"><span>frequency</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>charts? i.e. E then T, A and O.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Bonus if the digraphs are also roughly in order.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>I want to count the letters by hand so don't want anything too long and</span><br></blockquote></blockquote><blockquote type="cite"><span>it</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>has to be PG content.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The question is both trivial to answer, and impossible.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>It is trivial for linguistic and cryptological reasons:</span><br></blockquote><blockquote type="cite"><span>Almost any reasonably large sample of English will</span><br></blockquote><blockquote type="cite"><span>display characteristic English letter-frequencies.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>This is not mathematically guaranteed; it is just a</span><br></blockquote><blockquote type="cite"><span>known property of natural language.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>It is an important property. Frequency analysis is</span><br></blockquote><blockquote type="cite"><span>not a known-text or chosen-text attack, where you</span><br></blockquote><blockquote type="cite"><span>know a_priori that the text has the exact "expected</span><br></blockquote><blockquote type="cite"><span>frequencies". It works for any halfway-reasonable</span><br></blockquote><blockquote type="cite"><span>text. This is the fatal weakness of any monoalphabetic</span><br></blockquote><blockquote type="cite"><span>substitution cipher.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>==========</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>In contrast, there are good mathematical reasons why</span><br></blockquote><blockquote type="cite"><span>no finite sample will display the "expected frequencies"</span><br></blockquote><blockquote type="cite"><span>exactly.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Frequency is a type of probability. There are lots of</span><br></blockquote><blockquote type="cite"><span>probabilities in this world, and lots of frequencies.</span><br></blockquote><blockquote type="cite"><span>In this case we are particularly interested in the</span><br></blockquote><blockquote type="cite"><span>/population/ i.e. all possible texts, which is an</span><br></blockquote><blockquote type="cite"><span>effectively infinite set, and various finite /samples/</span><br></blockquote><blockquote type="cite"><span>that might be drawn from the population. Statisticians</span><br></blockquote><blockquote type="cite"><span>give these terms technical meanings which unfortunately</span><br></blockquote><blockquote type="cite"><span>diverge from the meanings in any other context, but</span><br></blockquote><blockquote type="cite"><span>let's stick with the statistical definitions here.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The frequencies observed on any sample will converge</span><br></blockquote><blockquote type="cite"><span>to the frequencies on the population in the limit</span><br></blockquote><blockquote type="cite"><span>of large sample-sizes ... but we are talking about</span><br></blockquote><blockquote type="cite"><span>convergence in the limit, not equality for any finite</span><br></blockquote><blockquote type="cite"><span>sample.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>For any finite sample, /statistical fluctuations/</span><br></blockquote><blockquote type="cite"><span>guarantee that the sample frequencies are expected</span><br></blockquote><blockquote type="cite"><span>to differ from the population frequencies. You can</span><br></blockquote><blockquote type="cite"><span>use properties of the population to predict the</span><br></blockquote><blockquote type="cite"><span>distribution of fluctuations (as a function of</span><br></blockquote><blockquote type="cite"><span>sample size) if you want.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The larger the number of observables (e.g. the 26</span><br></blockquote><blockquote type="cite"><span>different letter frequencies) the smaller your</span><br></blockquote><blockquote type="cite"><span>chance of seeing the "expected frequencies" exactly.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On the other hand, the point of the exercise is</span><br></blockquote><blockquote type="cite"><span>statistical /inference/. Frequency analysis allows</span><br></blockquote><blockquote type="cite"><span>you to infer that the text is English, as opposed</span><br></blockquote><blockquote type="cite"><span>to gibberish. With a reasonable-sized sample, you</span><br></blockquote><blockquote type="cite"><span>can infer this with high confidence _despite_ the</span><br></blockquote><blockquote type="cite"><span>fluctuations. The confidence will never be exactly</span><br></blockquote><blockquote type="cite"><span>100%, because the tail of the English distribution</span><br></blockquote><blockquote type="cite"><span>will overlap the tail of the gibberish distribution</span><br></blockquote><blockquote type="cite"><span>"somewhat", but this is not a problem in practice.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Even if you could hunt up a sample that did have</span><br></blockquote><blockquote type="cite"><span>the exact "expected frequencies", it would be very</span><br></blockquote><blockquote type="cite"><span>unwise to use it as the basis of a lesson, because</span><br></blockquote><blockquote type="cite"><span>it would teach a wrong lesson about statistical</span><br></blockquote><blockquote type="cite"><span>fluctuations and statistical inference.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>==> A much better lesson would be to repeat the</span><br></blockquote><blockquote type="cite"><span>experiment with a few different sample-sizes from</span><br></blockquote><blockquote type="cite"><span>the same source, to demonstrate the mathematical</span><br></blockquote><blockquote type="cite"><span>point about fluctuations and convergence ... and</span><br></blockquote><blockquote type="cite"><span>then compare a few disparate sources (e.g. Dickens</span><br></blockquote><blockquote type="cite"><span>versus Rowling), to demonstrate the linguistic</span><br></blockquote><blockquote type="cite"><span>point about near-invariance of the frequencies.</span><br></blockquote><blockquote type="cite"><span>Thirdly, histogram a random process (diceware)</span><br></blockquote><blockquote type="cite"><span>as a control.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Counting using tally-marks (a) is easier and (b)</span><br></blockquote><blockquote type="cite"><span>constructs a histogram on the fly. Plot a large</span><br></blockquote><blockquote type="cite"><span>sample with N subsamples, using N colors of ink,</span><br></blockquote><blockquote type="cite"><span>all on the same cumulative histogram, so you can</span><br></blockquote><blockquote type="cite"><span>see the fluctuations and the convergence at a glance.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Digraphs converge 26 times more slowly, for obvious</span><br></blockquote><blockquote type="cite"><span>reasons, and so require much larger samples. This</span><br></blockquote><blockquote type="cite"><span>should come several turns later on the pedagogical</span><br></blockquote><blockquote type="cite"><span>spiral.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span></span><br><span>Oh well, was worth a try. I'll grab some cuttings from different newspapers</span><br><span>and start with those and see how we go.</span><br><span></span><br><span>Start with some counting by hand then write some code to do bigger texts</span><br><span>and create graphs.</span><br><span></span><br><span>Might be interesting to try to find texts that do fit the expected</span><br><span>frequencies, maybe a discussion of the Queen jumping in a Zumba class :)</span><br><span></span><br><span>Robin</span><br><span></span><br><span>Robin</span><br><span></span><br><span></span><br><span></span><br><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>The cryptography mailing list</span><br></blockquote><blockquote type="cite"><span><a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br></blockquote><blockquote type="cite"><span><a href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></span><br></blockquote><span>-------------- next part --------------</span><br><span>An HTML attachment was scrubbed...</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/1e64feb9/attachment-0001.html">http://www.metzdowd.com/pipermail/cryptography/attachments/20171221/1e64feb9/attachment-0001.html</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 15</span><br><span>Date: 21 Dec 2017 18:11:11 -0500</span><br><span>From: "John Levine" <<a href="mailto:johnl@iecc.com">johnl@iecc.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Cc: <a href="mailto:guninski@guninski.com">guninski@guninski.com</a></span><br><span>Subject: Re: [Cryptography] Lakestone Bank and Trust Just Made A</span><br><span> Problem, Oopsie</span><br><span>Message-ID: <<a href="mailto:20171221231111.91A97186C322@ary.qy">20171221231111.91A97186C322@ary.qy</a>></span><br><span>Content-Type: text/plain; charset=utf-8</span><br><span></span><br><span>In article <<a href="mailto:20171221150728.GC844@sivokote.iziade.m">20171221150728.GC844@sivokote.iziade.m</a>$> you write:</span><br><blockquote type="cite"><span>On Wed, Dec 20, 2017 at 10:33:20PM -0500, grarpamp wrote:</span><br></blockquote><span></span><br><blockquote type="cite"><blockquote type="cite"><span><a href="https://www.facebook.com/LakestoneBank/">https://www.facebook.com/LakestoneBank/</a></span><br></blockquote></blockquote><span></span><br><blockquote type="cite"><span>This greedy bank well might kill herself, possibly downing large</span><br></blockquote><blockquote type="cite"><span>amount of the rest of Ponzi scheme banks.</span><br></blockquote><blockquote type="cite"><span>It is enough critical (possibly not large) part of their lusers </span><br></blockquote><blockquote type="cite"><span>to ask their money back.</span><br></blockquote><span></span><br><span>That's completely ridiculous. This is a small town bank in Lapeer MI,</span><br><span>an exurb of Detroit. It has been around since 1902 has grown modestly</span><br><span>by buying and merging other small banks nearby including one that was</span><br><span>founded in 1898. It has under $600 million in assets, which is quite</span><br><span>small, and a 10% capital ratio and 10% return on equity, which make it</span><br><span>a very healthy little bank. I expect that most of their customers</span><br><span>live within driving distance of one of their offices.</span><br><span></span><br><span>They probably consider speculating on Bitcoin to be gambling, which by</span><br><span>any normal definition is exactly what it is. It is not unusual for</span><br><span>banks to fire customers who they believe are engaging in excessively</span><br><span>risky financial behavior. The only response I have seen to the letter</span><br><span>from the bank is flaming on reddit. I see no evidence that any of the</span><br><span>bank's other customers care, or have even noticed.</span><br><span></span><br><span>R's,</span><br><span>John</span><br><span></span><br><span>PS: Once again, I would encourage people who know nothing about</span><br><span>economics, and aren't willing to do the most basic research, to</span><br><span>refrain from economic pontification.</span><br><span></span><br><span></span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 16</span><br><span>Date: Thu, 21 Dec 2017 18:54:46 -0500</span><br><span>From: Patrick Chkoreff <<a href="mailto:patrick@rayservers.net">patrick@rayservers.net</a>></span><br><span>To: Cryptography <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <<a href="mailto:faf66ca0-3a9f-e8ea-a953-11a0ecdb3914@rayservers.net">faf66ca0-3a9f-e8ea-a953-11a0ecdb3914@rayservers.net</a>></span><br><span>Content-Type: text/plain; charset=utf-8</span><br><span></span><br><span>Jerry Leichter wrote on 12/21/2017 05:21 PM:</span><br><span>...</span><br><blockquote type="cite"><span>For the rest of us, probably the best thing to do is to encrypt</span><br></blockquote><blockquote type="cite"><span>everything before it goes to the device. Destroy the key, and the</span><br></blockquote><blockquote type="cite"><span>device is logically erased instantly. (Both iPhones and some Android</span><br></blockquote><blockquote type="cite"><span>devices actually do this.)</span><br></blockquote><span></span><br><span>Right.</span><br><span></span><br><blockquote type="cite"><span>Of course you run into the "turtles all the way down" problem: If</span><br></blockquote><blockquote type="cite"><span>you store the key on the device itself ... how do you erase it when</span><br></blockquote><blockquote type="cite"><span>you can't control what gets written where?</span><br></blockquote><span></span><br><span>Right. I can tediously ponder any number of software counter-measures,</span><br><span>but they're all vulnerable.</span><br><span></span><br><blockquote type="cite"><blockquote type="cite"><span>I suppose now it's safest just to shred the SSD physically before</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>you return from the trip. Either return with no hard drive or</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>install a spare.</span><br></blockquote></blockquote><span></span><br><blockquote type="cite"><span>While the information may be *present* on the drive, getting it out</span><br></blockquote><blockquote type="cite"><span>requires specialized hardware and techniques. How valuable is this</span><br></blockquote><blockquote type="cite"><span>information? How serious an attack are you concerned about having to</span><br></blockquote><blockquote type="cite"><span>survive? -- Jerry</span><br></blockquote><span></span><br><span>My own threat model is not terribly demanding. I mostly just want to</span><br><span>protect GPG and SSH private keys.</span><br><span></span><br><span>I think you have to physically destroy the device. It's the only way to</span><br><span>be sure. Carry only a disposable device, as Nico and Jeremy have</span><br><span>discussed, such as a Raspberry PI and SD card. I think you can just</span><br><span>destroy the SD card, as I suspect no traces of information will remain</span><br><span>on the PI itself, discounting 4 degree Kelvin attacks on RAM.</span><br><span></span><br><span></span><br><span>-- Patrick</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 17</span><br><span>Date: Fri, 22 Dec 2017 11:29:09 +1100 (EST)</span><br><span>From: Dave Horsfall <<a href="mailto:dave@horsfall.org">dave@horsfall.org</a>></span><br><span>To: Cryptography List <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: [Cryptography] Happy birthday, Tommy Flowers!</span><br><span>Message-ID: <<a href="mailto:alpine.BSF.2.21.1712221126380.27626@aneurin.horsfall.org">alpine.BSF.2.21.1712221126380.27626@aneurin.horsfall.org</a>></span><br><span>Content-Type: text/plain; charset=US-ASCII; format=flowed</span><br><span></span><br><span>Tommy Flowers MBE was born on this day in 1905; an electrical and </span><br><span>mechanical engineer, he designed Colossus, arguably the world's first </span><br><span>electronic computer, which was used to break the German "Lorenz" </span><br><span>high-level cipher (not Enigma, as some think).</span><br><span></span><br><span>-- </span><br><span>Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 18</span><br><span>Date: Fri, 22 Dec 2017 18:07:30 +0900</span><br><span>From: Aimable Niyikiza <<a href="mailto:niyimunyura@gmail.com">niyimunyura@gmail.com</a>></span><br><span>To: <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span>Subject: [Cryptography] Cybersecurity Regulation for Crypto Exchanges</span><br><span>Message-ID:</span><br><span> <<a href="mailto:CACE-jhYfHkByUuUbg5BB28ZLjAVJCNPRZFC_nhpHJBeZJKByiQ@mail.gmail.com">CACE-jhYfHkByUuUbg5BB28ZLjAVJCNPRZFC_nhpHJBeZJKByiQ@mail.gmail.com</a>></span><br><span>Content-Type: text/plain; charset="utf-8"</span><br><span></span><br><span>With the rise of hacking incidents (whether real or staged) of</span><br><span>cryptocurrency exchangies and wallet companies, it seems that there needs</span><br><span>to be a framework aking to PCI-DSS for these companies to follow.</span><br><span></span><br><span>Eg:</span><br><span><a href="https://techcrunch.com/2017/12/20/etherdelta-suspends-service/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook">https://techcrunch.com/2017/12/20/etherdelta-suspends-service/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook</a></span><br><span></span><br><span></span><br><span>Users need to know that their money/tokens are kept responsibly.</span><br><span></span><br><span>I'm thinking of a non-profit auditing organization that would check if they</span><br><span>follow the most basic Cybersecurity practices.</span><br><span></span><br><span>Any ideas?</span><br><span></span><br><span>--NA</span><br><span>-------------- next part --------------</span><br><span>An HTML attachment was scrubbed...</span><br><span>URL: <<a href="http://www.metzdowd.com/pipermail/cryptography/attachments/20171222/ddc6218d/attachment-0001.html">http://www.metzdowd.com/pipermail/cryptography/attachments/20171222/ddc6218d/attachment-0001.html</a>></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Message: 19</span><br><span>Date: Fri, 22 Dec 2017 10:21:57 +0100</span><br><span>From: Gé Weijers <<a href="mailto:ge@weijers.org">ge@weijers.org</a>></span><br><span>To: Patrick Chkoreff <<a href="mailto:patrick@rayservers.net">patrick@rayservers.net</a>></span><br><span>Cc: Cryptography <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>></span><br><span>Subject: Re: [Cryptography] Rubber-hose resistance?</span><br><span>Message-ID: <1677840623069639153@unknownmsgid></span><br><span>Content-Type: text/plain; charset="UTF-8"</span><br><span></span><br><blockquote type="cite"><span>[...] as I suspect no traces of information will remain</span><br></blockquote><blockquote type="cite"><span>on the PI itself, discounting 4 degree Kelvin attacks on RAM.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>Desoldering the RAM while maintaining a low temperature should be interesting.</span><br><span>The original raspberry pi used a PoP package, which would make it even</span><br><span>more interesting.</span><br><span></span><br><span>Gé</span><br><span></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>Subject: Digest Footer</span><br><span></span><br><span>_______________________________________________</span><br><span>cryptography mailing list</span><br><span><a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a></span><br><span><a href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>End of cryptography Digest, Vol 56, Issue 22</span><br><span>********************************************</span><br></div></blockquote></div></body></html>