[coderman at gmail.com: Re: [dave at farber.net: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]

Eugen Leitl eugen at leitl.org
Mon Jan 2 07:09:32 EST 2006

----- Forwarded message from coderman <coderman at gmail.com> -----

From: coderman <coderman at gmail.com>
Date: Sun, 1 Jan 2006 18:53:13 -0800
To: "J.A. Terranson" <measl at mfn.org>
Cc: Tyler Durden <camera_lumina at hotmail.com>, jya at cryptome.net,
	cypherpunks at jfet.org
Subject: Re: [dave at farber.net: [IP] more on AP Story Justice Dept.
  Probing Domestic Spyin

On 1/1/06, J.A. Terranson <measl at mfn.org> wrote:
> (1) We are describing encryptedmessage sent over the public internet -
> granted, it's in "pieces", yet it's still sent into the public cloud;

yeah, follow tcp stream in ethereal is a good example of how trivial
it is to recreate a session of communication given an archive of its
component datagrams.

> (2) These various pieces are all "record" communications as far as
> NSA/Echelon is concerned, and therefore we should expect that they will
> draw significant attention - and end up in permanent archives;

right.  hence my fetish for one time pads for key exchange and
previous comment about quantum computers / fast GNFS / etc.  they are
up to 8 qubits, only a few thousand more to go.  ;)

> (3) Since all off the pieces have been stored - including both the
> encrypted messagetexts and the decryptors, what is to prevent a
> time-faking attack against this message?  After all, if you have all the
> parts, you can just "reinstantiate" the network as it was was the messages
> were originally sent.

this is particular to the method TD mentioned i think...

i am assuming the following:
- the operating system is installed on a loop-aes volume so that
integrity of the kernel, libraries and utilities is protected via
- the one time pads are stored encrypted in a similar manner so that
access to them requires external keys (like the gpg encrypted keys
used for loop-aes volumes)
- the passphrase used to authenticate a user for access to the pads is
coupled with external storage (usb) of the keys used to access the

to recover the plaintext communication from the encrypted datagrams
the attacker would need to obtain the encrypted pad, the keys on
external storage (usb), and the passphrase to access the keys.

> (4) For any form of time-destruction messaging to really work, the keying
> information would have to be tied to a physical <something> that cannot be
> reclaimed, and which decays at a fixed, known, and closely approximatable
> rate (a radiodecay probably doesn't meet this criteria);
> Every time-sensitive auto-destructing system Ive seen discussed here fails
> these weaknesses.

this doesn't provide time destruction so i assume this is in reference
to Tyler's description.  you could couple the user authentication with
a physically hardened token of some sort for access to the pads but
even this would require manual destruction.

do they make physically hardened authentication tokens with timed self
destruction built in?

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060102/d249a12f/attachment.pgp>

More information about the cryptography mailing list