[Cryptography] Lavabit's and Snowden's Solos
Tom Mitchell
mitch at niftyegg.com
Mon Mar 21 19:43:59 EDT 2016
On Wed, Mar 16, 2016 at 5:25 PM, Ladar Levison <ladar at lavabitllc.com> wrote:
>
> As the sysop I feel qualified to
>
....
> P.S. I haven't run this email by my lawyers, but I think everything I said
> is unsealed and public already.
>
A slight divergence, but a sysop perspective question
related to internet services in general.
Many systems run iptables with rate limiting to manage DOS attacks.
Many systems run CFS & LFD, fail2ban, denyhosts, OSSEC,... to protect from
brute
force attacks.
Many systems subscribe to a bad boy list of IP addresses to block as found
by many honeypot systems.
Other individuals run ad blockers or a version of MVPS HOSTS to limit the
risk from
snooping html/javascript.
Q: What if the request was to disable all such shields and allow an armada
of systems to
challenge one or more accounts or services with relentless coordinated
login attacks?
What would be the impact be on the community services?
Would colateral damage to such a system be allowed by law?
Would the demand switch from access to surveillance (requires speculation)?
Routing tables.. can all traffic into and out of a company like lavabit be
forced
through routing resources with packet snooping abilities owned/controlled
by
the FBI even if the bandwidth was maintained.
Side channel attacks? Remove all equal time code for crypto functions.
Remove
all manner of bugs not related to the crypto but to the implementation
framework. Remove time
consuming functions that slow access testing. Compile O0?
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160321/178bf0e2/attachment.html>
More information about the cryptography
mailing list