Securing your communication lines.

Post #32,068 by inthane-chan 3/13/02 5:02:12 PM Reply	Securing your communication lines. Okay, we all know about the Weirdness that is coming down from On High. Asscroft seems to be out to make a mockery of civil liberties, and I'm probably going to jail just for making this post. :) I recently re-read Cryptonomicon, and the bit where one of the characters deduces some information based on transmission patterns (i.e. watching what happens when a transmission is made, instead of reading the transmission itself) is a fairly serious issue. So, what do we do about it? Simple: Maintain daily/hourly (depending on intensity) "squirts" of a certain amount of data, to the max size you could assume you would be sending, to all those who you might communicate with. Using a PGP keyring and a suitable source of random garbage (I prefer the Mersenne Twistor myself, but an outside source of chaos is probably a better idea, such as a cup of hot tea.) you would take random garbage, encrypt it with your private and your target's public key, and if you actually had anything to send, you would queue it up, fire it off, and the recieving app would recognize the mail from it's header. Odds are against ever hitting it with the RNG, and if it does, it's just a piece of easily discardable trash, unless it somehow happens to be the source code for Snow Crash. :P I'm just wondering if anybody sees any major flaws in this process, not including the possibility of somebody having an easy way to crack PGP, or having access to the computers/keyrings of the individuals communicating. "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Friedrich Nietzsche
Post #32,098 by kmself 3/13/02 9:02:40 PM Reply	Traffic analysis It's a non-subtle, non-trivial problem. In some cases, signficant information can be obtained by apparently casual observation. Note the data-level exploit possible from monitoring modem indicator LEDs published recently. There's also been discussion, much in light of 11 Sept., about information which can be gathered just knowing patterns of contact and phone calls among terrorists (or suspected terrorists). In PKI circles, it's well known that establishing patterns of who's signed whose keys provides verifiable, hard, nonrefutable evidence of associations and meetings among people. Most keysigning protocols make clear that if you don't want your association made public, you'd best not let your signed key into the wild. Similarly, deaddrop communications are much better than point-to-point messages. While PKI allows for use of well-known public keys, there's also another pattern of communications possible using otherwise secret keys, though this varies strongly from the typical PKI usage pattern. For all anyone knows, I could be encoding messages steganographically into arbitrary variances in the posts I make at zIWETHEY. My own grammar and language patterns are sufficient that subtle changes in word choice or radnom mispellings might be highly significant. See generally Applied Cryptography for much discussion of this topic. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.ix.netcom.com/\|[link\|http://kmself.ix.netcom.com/\|http://kmself.ix.netcom.com/]] What part of "gestalt" don't you understand?`
Post #32,109 by ben_tilly 3/13/02 11:29:21 PM Reply	anyone knows? OTOH some of us might know that it would take more self-restraint and forethought to do so than you are psersonally capable of... :-P Cheers, Ben "... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything." --Richard Feynman
Post #32,233 by a6l6e6x 3/14/02 4:51:25 PM Reply	Low order bits of pixels in Karsten picture work as well. Alex "Never express yourself more clearly than you think." -- Neils Bohr (1885-1962)
Post #32,231 by a6l6e6x 3/14/02 4:49:16 PM Reply	If I remember "The Codebreakers" book correctly, [link\|http://home.att.net/~mleary/pennl7.htm\|William F. Friedman] developed a test that would establish that a message contained information w/o knowing what the information was. It may be The Index of Coincidence and Its Applications in Cryptography mentioned in the link. So, when your not sending a message, send the text from some arbitrary novel. You don't want to use random text that can be detected as such and ignored. But as Karsten points out elsewhere, look out for traffic analysis. To beat it you need to be communicating continuously with filler (as above) during times there is nothing to say. Alex "Never express yourself more clearly than you think." -- Neils Bohr (1885-1962)
Post #32,237 by boxley 3/14/02 5:02:16 PM Reply	one time pad Identicle CD's on each end makes a great one time pad. thanx, bill There is no difference between a "settler," "soldier," "secular," or "Chassidic Jew." The target is the JEW. \ufffd Harvey Tannenbaum
Post #32,465 by a6l6e6x 3/16/02 7:36:58 PM Reply	Yes, but only with truly random data. "The generation of random numbers is not something you want to leave to chance." I forget who said that. Alex "Never express yourself more clearly than you think." -- Neils Bohr (1885-1962)

Welcome to IWETHEY!