[Cryptography] check-summed keys in secret ciphers?
arxlight at arx.li
Mon Sep 30 19:44:46 EDT 2013
On 9/30/13 11:07 PM, Jerry Leichter wrote:
> On Sep 30, 2013, at 4:16 AM, ianG <iang at iang.org> wrote:
>> But it still doesn't quite work. It seems antithetical to NSA's obsession with security at Suite A levels, if they are worried about the gear being snatched, they shouldn't have secret algorithms in them at all.
> This reminds me of the signature line someone used for years: A boat in a harbor is safe, but that's not what boats are for. In some cases you need to communicate securely with someone who's "in harm's way", so any security device you give him is also "in harm's way". This is hardly a new problem. Back in WW I, code books on ships had lead covers and anyone who had access to them had an obligation to see they were tossed overboard if the ship was about to fall into enemy hands. Attackers tried very hard to get to the code book before it could be tossed.
> Embassies need to be able to communicate at very high levels of security. They are normally considered quite secure, but quiet attacks against them do occur. (There are some interesting stories of such things in Peter Wright's Spycatcher, which tells the story of his career in MI5. If you haven't read it - get a copy right now.) And of course people always look at the seizure of the US embassy in Iran. I don't know if any crypto equipment was compromised, but it has been reported that the Iranians were able, by dint of a huge amount of manual labor, to piece back together shredded documents. (This lead to an upgrade of shredders not just by the State Department but in the market at large, which came to demand cross-cut shredders, which cut the paper into longitudinal strips, but then cut across the strips to produce pieces no more than an inch or so long. Those probably could be re-assembled using computerized techniques - originally developed to re-assemble old parc
> ents like the Dead Sea Scrolls.)
Just to close the circle on this:
The Iranians used hundreds of carpet weavers (mostly women) to
reconstruct a good portion of the shredded documents which they
published (and I think continue to publish) eventually reaching 77
volumes of printed material in a series wonderfully named "Documents
from the U.S. Espionage Den."
They did a remarkably good job, considering:
You can see a bunch of the covers via Google Books here:
You could peruse the entire collection in a private (but not secret)
library of which I was once a member (outside the United States of
course) and I seem to remember that a London library had a good number
of the books too, despite the fact that the material was still
classified at the time (and I think still is?)
Perhaps it would be amusing to write to the old publisher and see if one
can still order the entire set:
Center for the Publication of the U.S. Espionage Den's Documents
P.O. Box 15815-3489
Islamic Republic of Iran
Then again, you might find yourself unable to get on international
flights for a time after such a request, who knows.
On your speculation about crosscut shredding, you're right on the money.
DARPA ran a "de-shredding challenge" in 2011. A team from San Fran
("All Your Shreds Are Belong To U.S.") won by substantially
reconstructing 5 of 7 "puzzles." DARPA has since yanked the content
there (or it has merely succumbed to bitrot/linkrot) but I recall it
being impressive. The amount reconstructed from very high security
cross-shred was eye-opening.
Ah, found a mirror (on a site selling shredding services, of course):
Lesson 1: Don't use line-ruled paper. Ever.
Lesson 2: Burn or pulp after you shred.
One imagines that substantial progress on the problem has been made
since the contest.
Ah, I see in writing this that there's a Wikipedia article on it too:
Which, in turn, lists the DARPA archive:
As you might imagine, the events of 1979 caused quite a stir when it
came to the security of Department of State facilities. What might
surprise you, however, would be to learn that most of this work was done
on improving "time to destruction" of classified material, and the means
to buy that time (read: Marines) for duty officers (read: intelligence
officers), and not actually improving security for diplomatic staff.
Those jarheads aren't for you folks, they are for the Classified.
More information about the cryptography