Be careful

Discussion in 'Technical' started by melbo, Dec 20, 2007.


  1. monkeyman

    monkeyman Monkey+++ Moderator Emeritus Founding Member

    One interesting possibility that soeone kind of skipped over was the spam that we all get. In order to look for anything they first have to sort out what they are NOT interested in, theres no way they could have people read every piece of email you get especialy with the dozens or even hundreds of spam mails most of us get every day. So I wonder what it would take to trip the spam filter on their sorting software? If it is automaticly discarded as being spam then no one ever looks at it and that would after all be the best encryption of all. Just make sure that all comms that wanted to be secue are done so they appear to be normal spam and the recipient knows to recognize it but the snoopers just see spam and keep going.
     
  2. Tango3

    Tango3 Aimless wanderer

    [2c][2c]tolls from the nafta super tollway and side street tollways.
     
  3. hartage

    hartage Monkey+++


    Kind of like what prisoners use ? They hide their code in seemingly regular letters. I belive they use things as simple as word spacing to far more complicated methods to select the words and/or letters to highlight their intended coded message.

    I think there are two ways to protect information. 1. hide it in plain sight using anonymity and the masses or 2. protect it with encryption but doing so also attracts attention to it.

    Sooner or later we will be able to harness quantum entaglement and just send information instantly and with no interception.
     
  4. monkeyman

    monkeyman Monkey+++ Moderator Emeritus Founding Member

    It could even be encrypted inside of an inocent format. Kind of like say a spam mail with the actual message encrypted then embeded inside of a photo of the supposed product or something realted so it is obviously not out of place. Then you have multiple layers of security since if its done well enouph it should be seen as spam and never looked at at all, if it is looked at then theres a fair chance they may not realize there is anything in the pic, if they look closer at the pic and break the encryption that has it into the pic then it still appears to be giberish and may convince them its a random thing that only looked like something was there, then if they do pull it out they still have to crack the encryption.

    I could be wrong but I dont really think there is any 1 thing that could reliably keep messages secure from intelegence folks but the more different meathods that are combined, especialy if it can be done with little or no tell tale signs (like the file that SHOULD be say 5mb being 2 gb) then the better the odds of it getting by. Of coarse then theres also the rumors at least that all of the computers conected to the internet have key stroke monitoring systems watching them and as such the message could just be read as it was being typed with out bothering to look at the coded versions and then if it was bothersome they just look at the meathods used and who it was sent to and such to see who else to monitor and what to look for if they intercept a hard copy of comms that they werent able to intercept through electronic means.
     
  5. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I was just reading an article in (I believe Scientific American Magazine) not too long ago, and the article was about Quantum Computers which utilize diamond core processors capable of computing at thousands times faster than what we have currently. If this is what is going to be made available in the next decade, then you can bet the bank on the fact that some clandestine .gov agency has been using this technology for a while now.

    Imagine the encryption of one of those babies...whooo.
     
  6. monkeyman

    monkeyman Monkey+++ Moderator Emeritus Founding Member

    ...and its ability to break encryption.
     
  7. hartage

    hartage Monkey+++

    Yeah, that is the fear of many organizations protecting information. The second quantum computing becomes a reality they will have to revamp their encryption methods. Not an easy or quick task to undertake.
     
  8. mage2

    mage2 Monkey+++

    Warning i am a little long winded below.

    Im a geek, and if i wanted to do something that would keep other eyes off my prize. i would be using something with AES-256 or stronger, blowfish is nice with pgp a good front end. encrypt with a extremely large key and then hide that encrypted file in another file (picture, movie, song) using stenography. There are many papers that cover the best practices. There are limits on CPU time, man power, and money. Given these limitations the attackers would have to know what to look for (what file), information on the encryption, then how to attack it.
    brute force with the max size password would be extremely secure just because of the number of possible keys. The attackers would know where to hit to find the weakest link, for instance. they see you transfer a file they think contains a msg you have encrypted with safe/clean software. they would not start with brute force. they would come to your house and borrow your systems. then they could get access to what software you used and possible keys ( the files on the system) 10,000 files on a normal pc is alot easier than brute force. i think brute force would be the last option because of how difficult it could be. That said there has been many improvements on that topic. Doing things like creating "Rainbow tables" and using FPGA chips(and now GPUs) to increase the speed of bruteforce attacks does help the odds of a break of a weak password.

    All security is only as strong as its weakest link.
    that brings up encrypted disks where the entire drive is encrypted and nothing is stored in ram or otherwise unencrypted. that can get complicated.
     
  9. melbo

    melbo Hunter Gatherer Administrator Founding Member

    mage2,
    Don't you think that most readily available encryption apps have some sort of backdoor or at least a tag that can tell what was used to encrypt it? I have used Truecrypt in the past and my system has gotten a bit tougher to 'discover' as I've moved to Linux and my TC now accessed from a command line terminal rather than point and clickGUI. I do still have that one picture out of 40,000 that may be a bit off in its mds hash...

    Most of the folks that try to hide things are simply busted open via a simple text search, hidden file or not. Beware the Honey Pot!
     
  10. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Blast from the past.

    Found this while doing some other searching. UK based and from 2002

    Nah, couldn't happen.
    "Keys" are handed over to decrypt encrypted data.
    see?
    It is there. and they can do it. beware of HoneyPots.

    http://www.governmentsecurity.org/archive/t4912.html
     
  11. hartage

    hartage Monkey+++


    Really disturbing.... seems the only way to counter would be an encryption program that is open source (anybody can examine) that you compile yourself to ensure no BS code sneaks into it. Transparancy = no back doors.
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7