Sujet : Re: FOSS and backdoors in the US
De : peter (at) *nospam* tsto.co.uk (Peter Fairbrother)
Groupes : sci.cryptDate : 05. Jun 2024, 22:01:22
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v3qjn3$14dl8$1@dont-email.me>
References : 1 2 3 4 5 6 7
User-Agent : Mozilla Thunderbird
On 05/06/2024 20:02, Edward Teach wrote:
On Fri, 10 May 2024 13:21:15 -0700
"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:
On 5/9/2024 3:15 PM, Rich wrote:
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
On 5/8/2024 9:27 PM, Marco Moock wrote:
Am 07.05.2024 18:20 Uhr schrieb Edward Teach:
Backdoors.
>
When people use PRIVATE ENCRYPTION BEFORE any messaging enters a
public channel.......
>
......backdoors are the least of their worries!
>
Isn't enough. There is a time when that message is unencrypted
(e.g. when entering it to the crypto application). The operating
system can then read the cleartext. If the backdoor is in the OS,
X11 etc., it still works here.
>
Go to a 100% "clean room", cloaked, cannot receive and/or send
anything...
The magic word is "air-gapped".
Plus "Faraday caged". Though a faraday cage can transmit magnetic fields, so "magnetically shielded". And the power supply can transmit info, so "internally powered". And to stop remote over-the-shoulder-surfing, "opaque". "Soundproof", of course. Und so weiter.
Encrypt a message on a clean thumb drive.
A writable CD is better, less places to put a hardware back door. A blowtorch works well for later secure deletion of the CD. For those who might object to the fumes, you could print out the ciphertext as a series of QR type codes on paper, then burn them.
However even then a backdoor might reveal the key in the ciphertext in eg padding, nonces, through limiting possible key selections etc. etc; perhaps in encrypted form so only the unintended recipient can read it, and to make it look random as good ciphertext should look and thus harder to detect.
That might sound complicated but if you know which encryption algorithms are to be used and have hardware or software access to the computer before the encryption is done it is fairly straightforward to implement.
Sorry I started this thread......in my world "private encryption" only
needs to be private for twenty-four hours.....maybe less!!!
After that.......it doesn't matter who knows.................
For the rest of us mortals (or perhaps more importantly, for our clients), it can be a matter of life and death, for a lifetime.
100% security is very very very hard, often impossible. Yet security is still a Boolean (tenth law).
Peter Fairbrother
FOSS and backdoors in the US
Re: FOSS and backdoors in the US
