Search found 6 matches

by treadlightly
Tue Feb 23, 2016 6:25 pm
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

SA_Steve wrote:There's 200 mostly free apps you can run on smartphones that are unbreakable, these can be stacked on top of native smartphones as another layer.
Yesterday's WSJ front page with three column extension explained lots about the technology and the fact that our gov financed the development of several of these phone loadable encryption apps. Already in heavy use by bad guys.
The government is definitely behind all sorts of encryption not intended to be used in secret. The TOR network (The Onion Router, not to be confused with The Onion, America's finest news source) is a product of the US Navy.

TOR is the so-called Darknet, where The Silk Road sold drugs for so long. And it was invented by our military.
by treadlightly
Sun Feb 21, 2016 11:19 am
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

Crypto and other sorts of computer companies get served secret National Security Letters, which are things called administrative subpoenas, issued without a judge, but subject (in recent years) to judicial review.

The letters include a gag order, making it a really nasty crime to reveal you've gotten demands via National Security Letters, so companies have taken a lesson from the Glomar Explorer, a putative oil research ship actually used to recover a lost Soviet sub.

When questioned about the Explorer's true nature, the CIA had a conundrum. Answer truthfully and wreck an amazing intel asset, or lie and commit a crime. The law didn't allow either.

So, the answers were given in the form or "I can neither confirm nor deny...."

Companies get around the NSL gag order by posting, in advance, a declaration they have received no such letter. If they get served, they pull down the announcement without comment. That's called a canary announcement - if the mine canary dies, you have problems, if the canary announcement dies, customers should be aware of possible government inquiry.

TrueCrypt, one of the most popular cross-platform disk encryption tools in days of yore, took a different approach. Although they were Linux-centric, they made an announcement that Bitlocker in Windows had made their product obsolete, and, besides, TrueCrypt may contain unfixed security issues and can't be trusted. The (somewhat shadowy) developers behind TrueCrypt dropped the project.

Here's that announcement - http://truecrypt.sourceforge.net.

I like security. The rumors TrueCrypt had a problem with an NSL sounded conceivable, and were later pretty much verified, so I switched to BestCrypt, offered by Jetico in Finland, outside at least some US influence (and where Linux was born). I wasn't the only one to bail out of TrueCrypt.

Software audits have since shown TrueCrypt didn't have a backdoor, but the NSL letter was real. Probably.

Encryption giant RSA, according to leaks from that dirtbag Snowden, engineered a back door into a random number generator in their software under pressure and payment from the NSA. These things actually happen and evil people can profit from security weaknesses. That would include evil people within and outside government, just as legitimate forces of justice can benefit.

As a result, US-based encryption will always have a shadow of distrust, and I wonder how long it will take bad guys to apply a little meta-encryption.

Diffie-Hellman key exchange allows two people to arrive at a common shared secret number. You use it every time you visit an https web page, buried in something called IKE, or Internet Key Exchange. The world is welcome to listen to every scrap of communication between two parties doing IKE, unencrypted.

In Diffie-Hellman, neither side gets to predict or determine what the eventual secret number will be, but I can see ways something similar could be used to transmit data. Here's the scrambled data, here's the keys we used, knock yourself out - and you get nothing. Maybe for insurance, keep a few thousand files of random numbers, encrypted, to establish that decrypting a file doesn't necessarily reveal information.

I've often thought it would be immoral fun to have Cosmo's job from that movie, Sneakers. Providing sneaky IT services to someone who would really pay and appreciate the effort, that would be great. Unfortunately, the best opportunities come from those with the most to hide, and that counts me out. I'll stay creatively poor without criminal entanglements, no matter how much they might pay.

But I bet I could do a bang-up job. I am not seeking such employment.

If Apple honors the FBI's request, their security will no longer be trusted by FBI targets. Sounds like time to repeal the Digital Millennium Copyright Act, which prohibits reverse engineering, and free the FBI or NSA to lawfully reverse engineer the iPhone. They don't need to be able to make calls, they just need a dump of the data. The NSA probably has ways to crack AES, which has been found to contain minor weaknesses.
by treadlightly
Fri Feb 19, 2016 11:11 pm
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

One Shot wrote:Interesting additional details.
Comments worth reading too.
http://appleinsider.com/articles/16/02/ ... pple-says-
Sounds like investigators were blocking further access to the account, but didn't understand the implications of what they were doing.

As for Trump's statement against Apple, I wonder where he keeps his money? In a bank? Surely, not.

After all, bank vaults generally feature an internal pane of glass. Drill the mechanism, the glass shatters before you can compromise the lock, and when the glass shatters, it drops additional locking cogs into place.

Kind of like how ten wrong tries on an iPhone will zap it's memory.

And of course Trump's banks would never fail to cooperate with the FBI. But they empower manufacturers to build products that have unbreakable features criminals could leverage.

Tsk, tsk, tsk...
by treadlightly
Thu Feb 18, 2016 10:57 pm
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

Tonight on Fox (O'Reilly, I think), I heard a gentleman argue with passion against the private use of unbreakable cryptography. Plentiful reasons exist to crack terrorist communications wide open.

But questions remain.

If cryptography is outlawed, just exactly what mathematics will be banned from private use? That's all cryptography is, math, and there is also truly unbreakable crypto that requires almost no math - the fearsome one time pad. Use the reversible exclusive-or boolean function, character by character, xor-ing your plaintext against, perhaps, a jpeg file from a web site, and you have something the NSA can't unscramble - but you and your buddies can.

Since it is that easy, why pretend to control it?

Or, how about going whole-hog anti-strong crypto? Right now you'd be counted a hero if you could break the iPhone's encryption. But wait, if you broke the government's AES cipher, would you really be doing a good thing? It's exactly what the government thinks it wants right now - but would that really be a good thing to release into the wild?

I don't often think about it, but encryption is one of the reasons I got my little Macbook Air. I wanted a portable writing machine with long battery life, and I didn't want to have to explain works of fiction to anyone wondering what the heck I was writing about.

So I encrypt. If I lose my laptop I don't have to worry about works in progress being waved around.
by treadlightly
Thu Feb 18, 2016 9:55 am
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

anygunanywhere wrote:
What difference does which version of operating system does it make? They caved 70 times.

Flexible ethics. The hallmark of progressivism.

huge difference, the old operating system they have said could be gotten into...the new one added default security settings which they say they cannot.
plus the issue isnt that they will or wont get into this phone its that they wont write backdoor into their code for law enforcement.[/quote]

Huge difference?

Don't think so. Flexible ethics.[/quote]

I think the difference is the old systems were like locks that supported a regular key and a master key.

The new systems don't allow a master key. Apple did that because they didn't want to hold responsibility for customer's data.

My family owns a storage yard. We don't keep keys for customer's locks. Should we?

And what if the NSA can break the encryption - should they? It would signal to our enemies a vital secret. Churchill let Coventry get bombed for just that reason, or so the popular version of history goes.

It's also possible the NSA can't. The math behind most encryption is fairly simple. Big numbers, but simple math, and widely used for many purposes besides encryption. The security comes from ways to mathematically make sausage out of pig without being able to convert the sausage back to a happy sow.

If those math principles are truly not one-way there would be major implications in many, many areas that have nothing to do with encryption.

If the general public had not yet figured out the Pythagorean theorem, for example, maybe those numeric relationships could be used in encryption. But once an amateur pyramid-builder figured out how much tile to pre-order, the lid would blow clean off any right-triangle based encryption.

If a keyless solution to popular encryption is discovered, it will have such far-reaching ripples it won't stay secret.
by treadlightly
Wed Feb 17, 2016 11:12 pm
Forum: Gun and/or Self-Defense Related Political Issues
Topic: This is why I will not own any Apple products!
Replies: 208
Views: 42555

Re: This is why I will not own any Apple products!

Encryption and munitions are close cousins and the right to keep and bear arms is a very parallel concept with a citizen's right to strong encryption.

As to whether or not there is physically a way for Apple to comply, I'm not sure, but it looks like the request is for a port that would allow rapid-fire trial-and-error passcode attempts. If the point that port would need to be installed is within a chip, it's probably completely impractical to apply it to the individual terrorist's phone, and an erosion of privacy for them to put such a thing in going forward.

As to the notion there is always a way to defeat cryptography, that's not really the case.

For an interesting example, read up on Diffie-Hellman key exchange.

Extremely secure cryptography is available in a number of ways if you can get the parties to agree on a secret key.

Diffie-Hellman allows complete strangers with no prearranged keys a way they can each independently arrive at the same secret key. As the strangers go through the process, the world can listen to everything they have to say and still have no means of figuring out the secret key.

The math behind Diffie-Hellman is very simple. A breach of that protocol would be big news. It's a pretty sure bet there isn't a way to pierce that veil.

And, for full disclosure, I post this from a Macbook Air. Not because I liked Steve Jobs' politics, but as a Unix admin I like the kernel architecture the Mac OS runs on.

Return to “This is why I will not own any Apple products!”