Try to argue your case instead of just slinging out allegations such as "offer nothing", and "what is the point of all your nonsense", or "no point to your jibberjabber".
Let me clarify a bit, why it works better with a machine generated algorithm:
There are 2 parameters to successful encryption or decryption:
1) The algorithm 2) The password
Now, you can only perform a traditional brute force attack, if you know the algorithm. And when you know the algorithm, then it is indeed easier to try.
Traditional brute force attack is based on that you use a certain algorithm and then you try key after key after key.
In my case, one would need to try one key to create an algorithm, and then try another key to see, if one is lucky that it decrypts the content.
Therefore with "all my nonsense", the point of my "jibberjabber" is that we have increased the complexity, which in turn ends up adding considerable factors to the power of the encryption.
There are many very traditional things one also would need to do - which is - either to keep the entire encryption jibberjabber on ONE machine preferably with ONE operating system (ie. Linux), and then enter the cleartext on that machine, then do the encryption jibberjabber (nonsense) there, then use for instance a USB key to transfer to a machine which is on the internet.
Similar, the other way, when the cipher text has been received, store it in a USB, then transfer it that way to the other machine (which is off the grid), then use the decryption jabberjibber nonsense to decrypt.
Further simple things (within the usual way of doing things) is to keep the entire algorithm generation and all that other jibberjabber nonsense nothing purely in memory, thereby set no footprint on the disk, and, also ensure that the so called "paging" file in the operating system is 0 size, such that no temporary copies are stored in the temporary directory for page files on the disk.
Thereby via very simple, very doable ways, one can now easy and without much hazzle, ensure a practical security which I think will have very serious problems being hacked/brute-forced by anyone.
Now, as "David Svarrer, you be clueless", please enter into the discussion on a more serious note.
The above security of 2 machines is also known as "protocol based security", however, here its just implemented via the hammer and nails one has in his own drawer.
You are completely right. The more complex the easier it is to detect.
How about this one here:
Use one password to an encryption algorithm generating engine, which generates a one-time encryption software, which then uses another password to encrypt the plain text, after which the plain text and the algorithm is deleted from the computer.
Call: Shinpi E plaintext algorithmpassword encryptionpassword
In the other end, the same. Use one password, to generate the decryption algorithm, and the cipher-text, then place it as plain text on the machine, then delete the generated algorithm and the cipher.
And forth and back it goes.
Call: Shinpi D ciphertext algorithmpassword encryptionpassword
I think we have been staring ourselves blind on IT technology. We have not sat down with a cup of coffee, looking at the traffic, at the person seated at the next table, sipping a bit and thinking a bit.
Your thoughts would go this way:
HOW would I, in a world where all communication is laid bare, where robot crawlers can listen into what I am saying in my own house, through walls and windows, where even if I fart in the toilet, my laptop connected to the internet will snap it up and AI analyze it to tell the NSA, CIA, etc, what I ate for supper?
This is the question which these criminals are asking themselves. And whether they are merely stupid or bright MENSA-candidates, they would likely get this one, single, intelligent idea:
We stay off grid.
Next question: How would we then communicate?
Through same thinking in the mist of the coffee, they would come up with this:
In writing, on paper (as it leaves no noise, cannot be seen through walls, leaves no trail on the internet).
Further question: How would we exchange communication?
Very easy. We agree to a place, where we can exchange messages. Like in the aforementioned case - a toilet cistern, in a mens toilet in the spa, the gym, the sports center, the mosque, the XYZ... Then we have trusted messengers to bring the messages.
Now, the place could be anywhere and everywhere. Either it would be a secluded place, or it would be a very populous place. In the forest in a particular tree. In a boat which can be rented, up under the place where the ores are being put. Under a public bench in the middle of the city.
The point of it all is, that it is not complex to do, due to the fact that our entire surroundings, are complex.
Our natural surroundings are so complex, in fact, that it is impossible by any surveillance force to intercept unless they step up their game.
It appears to me, that everybody sit with their computers and think that "The game is being played online, and how come nobody found the word "Target"" ?
My qualified guess is, that none of this game was played on the grid.
IF now they are in a hurry, then they can agree that the mere fact that one is calling the other greeting them (as is tradition amongst arabics), is the signal that there is a message to be picked up.
If they are NOT in a hurry, the entire thing can go on, very quiet, and the little delay in communicating the SD-cards, is being compensated by doing proper project planning.
THEREFORE, we shall not work on the tech platform, because the solutions which we shall apply, must be such abstract so that they embrace both the online, the offline and other approaches.
THIS, gentlemen and ladies - is the challenge. That we have got computers, and think that they are the holy sacrament. Just because of that we ourselves cannot make one fart without relaying it on social media, we should not think that such criminals are hindered by our laziness.
They have THEIR agenda too, and they will further THEIR agenda in the way they deem fit...
The tragic part is, that unless this silly laptop with these silly criminal's silly plans was on the internet, which can be highly doubted, then there is no way on earth that anyone, being it FBI, Europol, CIA, NSA or others, would be able to snap up the heinous plans.
We should indeed not assume that these criminals are neither stupid or without means, wits or intelligence.
The very unwanted and undesired and - as previously proven by former articles by undersigned - USELESS - craving from the mentioned law enforcement agencies to get insight into encrypted phones, insight into people's computers, etc. etc., is not even useful for the same authorities.
I have proven in former articles, that it is even not working, because things which are really well encrypted and concealed, will not be found, even by trained, motivated, dedicated, empowered, intelligent professionals. I am one of them.
I would, indeed, use any other means, instead of this "hat and blue glass" approach.
I fear that good old professional police work is drowning in the attempts to break into information which one cannot break into.
Lets for instance say, as an example, that a criminal is working with a group of other criminals, some of them locally in a team in Bruxelles, others in a team in Paris, upto the two attacks.
How about if they communicated via physical messages, brought forth and back via public toilets and messengers?
NONE of them would then need to travel. They only visit their local bar or mosque or sports centre, and in the cistern in the male toilet, just like any exam-fraudster would do it in secondary school, the notice has been put, days in advance, by the messenger. And once read, its being flushed. And an new notice is being put, ...
Meanwhile, they have an eager traffic on internet, with emails, pictures of their family, discussions about the Quran and other silly things - and not even a word about any action or activity, because - that is not the way they would communicate.
THEN - on a laptop which is naturally not on the internet - they make their plans, and discuss them etc. - and the USB-stick or even smaller - the SD-card (holding 8 gigabyte in less than 1/2 square-centimeter by 1 millimeter) - is exchanged via the very same system.
I think, gentlemen and ladies, that these people are indeed not stupid.
If one analyses the log on the computer, unless its been tampered with, (which is unlikely), one can see if the computer has been online or not. I guess - bet - that it was never online.
Now tell me, which "surveillance method", or "tapping", would be able to "decrypt" a computer or "invade" it, while it is simply never online.
WHICH security measure is more secure, than simply keeping a machine for such planning, off the grid?
WHY does banks keep their entire banking network off the grid? They have INTERNET access, yes, but these internet-based machines are linked via protocol-based anti-intrusion systems, which makes it virtually impossible to go "backwards" and enter into the banking systems.
No, gentlemen and ladies, we are dealing with intelligent criminals here, and they also know the limitations of security you can have, when you are on the internet.
Let us even go a bit further. The criminals could have one machine being online, and another which they work on, and solely and only using a USB stick or SD ram card to communicate in between them.
On the off grid machine they encrypt and steganograph their heinous acts, and on the online machine they copy the data in form of a picture and send it to a third party (or via drop box, or, even directly via email), to their grandma in Spain. The grandma sends the picture further to their collaboration group in XYZ.
My point is, the entire setup is simple, it is almost uncrackable, cannot be infiltrated, ... There is simply no reason to spend even one more USD on even trying.
There are so so so so so many other ways to crack this nut, but .. Is it not FBI, CIA, NSA, Europol who are the professionals here? I have written to them severally about ideas etc., but they remain quiet. So I must assume that they know what they are doing - at least when it comes to other ways of cracking the nut. Or do they? If they knew, why then, had they not "Cracked" the nut of the most recent attacks in India, France, Belgium, Denmark, .. ?
I think that a hitherto unprecedented way should also be explored - namely to put up a populi based security infrastructure, where the people can pop in and add their contribution to the whole picture.
Just like Google for instance are providing infrastructure in form of the Android system, and more than 2 million people are developing software for the Androids, in similar ways it could be very relieving and opening up, if FBI, CIA, NSA etc. instead of their useless secrecy and "affairs" instead opened completely up, and invited the population to contribute within a security framework.
Imagine if we were our brothers keeper? That we could contribute within a certain limited framework to the global security, ... ?
My 1 Dollar (unencrypted)
(I will not even outside the public sphere grant them the "glory" of calling them "terrorists", because, criminals is what they are, no more, no less),
Yes, you really have a point. And do you remember this "paradogma" which has almost become a mantra amongst cryptographers, "that your encryption algorithm is not really strong if it cannot be published and still stand against attacks"
The place where I stand is very simple: If I can produce a ciphertext which can be read in the other intended end, then whether or not the algorithm is in public or not, it works.
If I was a codebreaker, and I received a picture of a beautiful meadow, and the lowest bit of every 30th blue colour code was a bit of a message, and the message was on top of that encrypted with a non published, hard encryption, leaving a stronger randomness of the cipher code than even Fips-140 ii, ha ha ha ha, I would know that there is nothing I could do.
Besides which, I would need to even know, that the picture has been steganografed... There are means for finding out, however, if the message is short, and the picture is big, then surely, even detecting that the picture is steganographed is not only uphill, its impossible.
What worse is, if bits are straddled / striped, it may be possible to detect that its steganographed, but now the worst part is, that it is not possible, reversely, to detect if an 8 bit shade, 0xf4 of blue is actually part of the cipher or not part of the cipher.
Thereby, gentlemen and ladies, I have by use of one, single example, proven, that the fear of NSA, FBI, CIA that they may come across (lots of) encryption which they can not break is true.
Furthermore, if these same good agencies want to still be funded, they need then to realize that fact.
Further, they would need to use same methods themselves, which brings them at par with the criminals where communication is concerned.
Furthermore, these good agencies, will then devise new (or old) methods to intercept the criminal communication. And they would - as it was in the old days - need permission, and never seek it - and do their job, and the universe would now be able to continue unfolding as universes are supposed to unfold.
And in that reality scenario, no, one would not know if an encrypted file would contain cats napping, or cats napping plus plus :-)
The problem studying nuclear technology is not so much the watch list, but the problem that someone who may be interested in making bombs could be studying what you study.
As someone else wrote, everything needed is on the internet. Besides which, it is not very interesting to study how to make nuclear bombs. It is MUCH more interesting to study, how we, by changes in the way we humans deal with each other, can change the world such that it does not need nuclear bombs.
A nuclear bomb basically has very few problems to solve, and anyone can find all those on the internet too.
However, making a nuclear bomb will not assist solving any of mankind's problems, which basically are of the nature of reducing our greed, and selfishness.
Those who made nuclear weapon and the few who used them, have not solved any problems with those bombs...
We have so many warheads, world wide, so we can blast the entire globe into an inferno of fire.
Besides which, I would never think that anyone are so petty (or stupid), that they cannot see / look right through what you are doing in very few days..
Some of the problems making a nuclear bomb are not related to the architecture, but to the fact that one needs some very pure Uranium 235 or 238.
The very handling of this Uranium is very very difficult....
I am having almost cramps in my stomach about the candidates to the Einstein prize.
BANNING OPEN SOURCE ENCRYPTION.
Haaaaa ha ha ha ha ha ah ha ha aaaaaahhh.
First of all - ha ha - you have to find out if the ban should deal with IMPORT or EXPORT of open source.
EITHER of these options would mean that the believers in this, believes that the OPEN SOURCE ENCRYPTION is located EITHER on the INSIDE of the USA or on the OUTSIDE of the USA.
Also, depending on where it is, one want encryption banned, one must also assume that there are nobody on the "affected" side with the desired "deficiency" of encryption, who has the brain to encrypt.
Oh haaaaaa ha ha ha ha ha ha...
LONG was Professor Oommens face (from Canada), when he had created the worlds best encryption algorithm, and he spent thousands of dollars getting export permission for it, ha ha ha ha, then I pointed out, that he had de facto (ipso facto even) exported it.
Oommen felt very offended, and even pushed his stupid lawyer on me, who threatened me with law-suits etc., for insulting him. (There went that friendship)...
However, he exported it, as he had patented it. 21 months after patenting - it is being published. So, the world had it, via his patent registration. VOILA.
And, Anonymous Coward, I think we would add to the list of what should be banned, to make it even longer than what the Taliban's banned to make ban of open source encryption workable.
(Are they called Taliban, because of that they have banned Tali - and does Tali mean: "The whole world" ??)
Even before computers, we had such advanced encryption algorithms, so that these were practically unbreakable.
Even the Caesar Cipher was a pretty good transposition cipher, ...
OOOpppps. We forgot - we would also ban mathematics in schools, and ban political learning. Ban the idea that something is right or wrong. (We are slowly descending to Maoist China in the 1920's)...
And if now someone by mistake should begin to utter words which could direct someone to think that we need something which can disguise communication, then decapitate them...
We have now joined Stalin Russia ...
Finally we need to have a thought police, which can do early identification of wrong thoughts and deviating thinking, and eliminate those. This is now a mix of George Orwells 1984, Stasi and a communist implementation we saw in the 1970's in Denmark, called "Tvind Skolen" - the school named Tvind.
Hilarious. Simly Hilarious. Not that I don't like Hilary or want him involved...
You have strong points. Maybe that's why the Taliban banned all of the above, without exception, as they knew, that any other organisation using any one thing from the above list, would be able to defeat them, sooner or later :-) :-).
My point with the above is maybe not so much the trust in authority, but the thing that we should not be so much in opposition.
I mean: Why would we not assist FBI on opening 1 (one) phone?
And FBI would - against this - have to accept that they would not be privy to the process, nor to the algorithms, or anything else.
FBI would be invited into the lab, and be bystanders in the process, as guests, not with any authority.
And if Apple in that process did not find anything incriminating, then FBI would be sent out again with their phone and no data.
====
In terms of your extremely wonderful list (and please remember to add water, fire, money, knowledge, from my list of neutral things which are being abused by humans), then I think our most important problem to solve is what to do with us as a human race, due to the way we misbehave.
We as humans, abuse everything we can get our hands on.
Pesticide manufacturers produce pesticides which unnecessariy kill off the bees. Then when told, the reaction is not a kind "Wow, let me try to change". No. The public authority's hard PUNISH-PUNISH stand on everything makes anyone making any mistake, go into denial, and thereby changes do not happen until the managing director is being waterboarded in his own insecticide-soup..
FBI does not come to Apple with a kind request, just to assist them against payment of a few fees. I mean: Hands on our hearts - if I was the FBI-boss, I would approach Apple with sensitivity and not try to abuse my position and armtwist Apple to do something. I would approach Apple and telling them that from time to time we have this problem, and we would likely need help many times each year. Then I would, as FBI, go to a judge to get the permission, in each case. Then I would create the possibility that Apple could employ a forensic police officer to take care of these jobs.
We mistreat each other. Race, gender, sexuality, everything is simply being abused to put other people down.
The list is very, very long. My point is not so much the particular things we do but the fact that we do abuse everything we have, in purely selfish impune directions.
THIS leads back to the original question: That authorities are full of people who are not fit for their office or their position, and therefore they misuse / abuse their position against other human beings.
THIS mistrust, created from this serious abuse, is the core reason why nothing works.
And this is the core reason behind both the terrorism, the terrorists, and the forces fighting them. It is de facto not the good against the bad. It is bad against bad.
The good people are not involved in any way. The good people are neither believers or not believers, religious or not religious - that categorization is useless here. The good people are those who would never do anything consciously to hurt other lifeforms.
So, you have a strong strong point in "Banning LIFE".
Factually, that is what we are on our way to do, by our extremely selfish behaviours as the human race.
"We need to ban trash if it's being used in this way"..
Yes, lets vote that through parliaments, houses, commissions, and into international laws, that Trash must be banned, as they can be abused as weapon of mass destruction.
Anonymous Coward wrote that bad shit never happened before computers were invented.
It is not true. The problem we are having is that the most powerful things in our little Earthly universe are neutral, and they are in high demand by both the good guys and the bad guys:
Money Intelligence Energy Power Knowledge Technology Encryption Computers Fire Information Words ... (conti nue yourself)
Now, even 18th century and before were cruel and gruesome to many people. Even stone age was cruel and gruesome to many people. The quantity of people was less, but still cruel.
And - what made the world gruesome and cruel was never any of these extremely powerful means mentioned above. It was the intentional abuse of these means which was cruel.
Example: We drink water and it is life. Water is also used to "Water board" torture victims. Fire is good to warm ourselves with, while ancient red indians used fire to torture victims with. Etc etc. (the rest is trivial).
My point is, that we have not moved ourselves at all far from stone age. Only difference is, that the magnitude of impact of our abuse of neutral powers has escalated out of hands.
Pay attention to, that this is on all sides. Americans, Russians, Syrians, Iraqi, Muslims, Western societies, hackers, terrorists, school shooters, religions, fanatics, racists, ...
So, we have descended as a human race in terms of the impact of the damage caused whenever one of us humans default to use of any of the above means for our own selfish purposes.
And we have grown closer as a race to become victims of our own self deceit about "human supremacy". It is very simple, actually: With all these "Fights against Evil", effects of which were so clearly was demonstrated in the humorous movie "The fifth element", we will very suddenly, very abruptly all of us be winners of the Darwin awards.
A small part of us will win because we directly committed the indirectly suicidal acts on behalf of the human race.
The large majority of us will also win the Darwin awards for our contribution, because of that either we thought that all the evil of those few should be FOUGHT AWAY (by refusing to assist FBI in individual cases against obvious terrorists, while referring to that "Then we would open a Pandora's box", while we all know that helping FBI from time to time on a good note cannot hurt), or, we decided that it was none of our business, or, we decided not to do anything even though we could, out of cowardness, passivity or other irrelevant excuses :-)...
We, the tech society, should not enter into the dark pit of power desires.
We will do well in assisting the authorities with individual cases of decrypting particular phones belonging to heinous persons, terrorists, mass-murderers, etc.
However, with the complete distrust they have shown us, the citizens of this world, by incarcerating innocent people amongst top criminals, by applying torture and inhumane treatment to other human beings.
It is most unfortunate that our law enforcement are still populated with a few individuals whom cannot be trusted and whom are not being removed when revealed in their racist behaviours - for instance framing majorly black community people for crimes they have not committed, by abusing the fact that many from the black community cannot muster hundreds of thousands of dollars for a proper defense.
O.J. Simpson committed the murder - but was set free as he could pay a dream team of lawyers to reveal genuine technical holes in parts of the otherwise proper police work.
Normal black people do not have this opportunity, hence they end up being jailed for things they did not do, while the perpetrator, being any colour, went free.
Therefore, we cannot trust our authorities. IF we could trust our authorities such that we would know that any case would be run in a fair manner, then we would likely as a tech community have the necessary and desirable trust to blanket assist the NSA and other authorities in their otherwise good job of making the world a more peaceful place to live.
It is therefore we are in dark ages. The dark ages are documented in that both sides (NSA, CIA, etc. on one sides, and the enormous technical community on the other with the population) are arming themselves, instead of working together.
I would go as far as to say, that we could assist NSA and CIA, if they dissolve the Guantanamo and take the consequence of it.
We would be doing ourselves and the inmates a favour by subjecting these to a proper trial, where 2 aspects should be put into the trial:
1) The trial of these people's crimes against humanity as terrorists.
2) The international society, represented by CIA, NSA et al, as being charged for illegal capturing, torture etc. - yet another crime against humanity.
If we do not treat terrorists with humanity (I even have a bad taste in my mouth writing this - while we MUST do that..), then our elected politicians and their security institutions (NSA, CIA et al), will be trusted by their electorate.
It is stupid of us, the tech community, not to assist the authorities on a professional, positive way.
However, it is also stupid of these same authorities to try to armtwist our community.
NONE of us will win this way. We will all win, if we work on a case-per-case basis, on a voluntary participatory basis with the authorities, such that the authorities ALSO have a case to prove towards our tech community and if we do not find it justified, then we simply do not assist breaking up a certain phone.
I have created a wonderful encryption algorithm by the way, which works by 2 passwords. One, which generates the encryption algorithm to be used. Another password is then used with the algorithm to do the encryption of the plain text into cipher text. And - it is symmetric, and a zipper-algorithm (it means that it is self-locking).
I have another wonderful algorithm in the design, which is based on viterbi encoding, where the encryption just accurately distorts the viterbi-redundancy, such that when encrypted, it is not possible to recover a distorted version of the plain text, while, when decrypted, then the viterbi-backtracking is enabled. This makes it possible to make the brute force so much harder, as the encrypted code is not only encrypted, it is overlaid by a true random code, where one can even throw away the randomized seed afterwards!!!!
Imagine: You generate a random seed, then you throw it away, and let viterbi do the rest, while the encryption in itself solely deals with that part? Ain't that sweet?
It means - no code - no decryption - and there is no more algorithm to crack - there is just a bunch of randomized junk...
OHHH I forgot: This one - the viterbi one - works by XOR'ing the random code onto the cipher text. Thereby it is net, de facto 100% random.
LET ME make it worse yet: IF NOW we assume that we use s true random source, ie. the time between the clicks on a geiger muller counter when exposed to caesium radiation - and middle the time and take 0 to be when its lower than average then 1 when its above - then we have a true random source of encryption, and now comes the sweet part: We viterbi the clear text, randomize it, distort the viterbi randomly.
Result: Total random. Ha!
Techdirt has not posted any stories submitted by David Svarrer.
Re: Re: Real Forensics ? Real Encryption?
Let me clarify a bit, why it works better with a machine generated algorithm:
There are 2 parameters to successful encryption or decryption:
1) The algorithm
2) The password
Now, you can only perform a traditional brute force attack, if you know the algorithm. And when you know the algorithm, then it is indeed easier to try.
Traditional brute force attack is based on that you use a certain algorithm and then you try key after key after key.
In my case, one would need to try one key to create an algorithm, and then try another key to see, if one is lucky that it decrypts the content.
Therefore with "all my nonsense", the point of my "jibberjabber" is that we have increased the complexity, which in turn ends up adding considerable factors to the power of the encryption.
There are many very traditional things one also would need to do - which is - either to keep the entire encryption jibberjabber on ONE machine preferably with ONE operating system (ie. Linux), and then enter the cleartext on that machine, then do the encryption jibberjabber (nonsense) there, then use for instance a USB key to transfer to a machine which is on the internet.
Similar, the other way, when the cipher text has been received, store it in a USB, then transfer it that way to the other machine (which is off the grid), then use the decryption jabberjibber nonsense to decrypt.
Further simple things (within the usual way of doing things) is to keep the entire algorithm generation and all that other jibberjabber nonsense nothing purely in memory, thereby set no footprint on the disk, and, also ensure that the so called "paging" file in the operating system is 0 size, such that no temporary copies are stored in the temporary directory for page files on the disk.
Thereby via very simple, very doable ways, one can now easy and without much hazzle, ensure a practical security which I think will have very serious problems being hacked/brute-forced by anyone.
Now, as "David Svarrer, you be clueless", please enter into the discussion on a more serious note.
The above security of 2 machines is also known as "protocol based security", however, here its just implemented via the hammer and nails one has in his own drawer.
Re: All we need to do, is ban...
Re: Password123
Real Forensics ? Real Encryption?
You are completely right. The more complex the easier it is to detect.
How about this one here:
Use one password to an encryption algorithm generating engine, which generates a one-time encryption software, which then uses another password to encrypt the plain text, after which the plain text and the algorithm is deleted from the computer.
Call: Shinpi E plaintext algorithmpassword encryptionpassword
In the other end, the same. Use one password, to generate the decryption algorithm, and the cipher-text, then place it as plain text on the machine, then delete the generated algorithm and the cipher.
And forth and back it goes.
Call: Shinpi D ciphertext algorithmpassword encryptionpassword
The Shinpi technology works this way.
My 15 cents (plaintext)
Re: Just because you got a hammer, not everything turns into nails...
Your thoughts would go this way:
HOW would I, in a world where all communication is laid bare, where robot crawlers can listen into what I am saying in my own house, through walls and windows, where even if I fart in the toilet, my laptop connected to the internet will snap it up and AI analyze it to tell the NSA, CIA, etc, what I ate for supper?
This is the question which these criminals are asking themselves. And whether they are merely stupid or bright MENSA-candidates, they would likely get this one, single, intelligent idea:
We stay off grid.
Next question: How would we then communicate?
Through same thinking in the mist of the coffee, they would come up with this:
In writing, on paper (as it leaves no noise, cannot be seen through walls, leaves no trail on the internet).
Further question: How would we exchange communication?
Very easy. We agree to a place, where we can exchange messages. Like in the aforementioned case - a toilet cistern, in a mens toilet in the spa, the gym, the sports center, the mosque, the XYZ... Then we have trusted messengers to bring the messages.
Now, the place could be anywhere and everywhere. Either it would be a secluded place, or it would be a very populous place. In the forest in a particular tree. In a boat which can be rented, up under the place where the ores are being put. Under a public bench in the middle of the city.
The point of it all is, that it is not complex to do, due to the fact that our entire surroundings, are complex.
Our natural surroundings are so complex, in fact, that it is impossible by any surveillance force to intercept unless they step up their game.
It appears to me, that everybody sit with their computers and think that "The game is being played online, and how come nobody found the word "Target"" ?
My qualified guess is, that none of this game was played on the grid.
IF now they are in a hurry, then they can agree that the mere fact that one is calling the other greeting them (as is tradition amongst arabics), is the signal that there is a message to be picked up.
If they are NOT in a hurry, the entire thing can go on, very quiet, and the little delay in communicating the SD-cards, is being compensated by doing proper project planning.
THEREFORE, we shall not work on the tech platform, because the solutions which we shall apply, must be such abstract so that they embrace both the online, the offline and other approaches.
THIS, gentlemen and ladies - is the challenge. That we have got computers, and think that they are the holy sacrament. Just because of that we ourselves cannot make one fart without relaying it on social media, we should not think that such criminals are hindered by our laziness.
They have THEIR agenda too, and they will further THEIR agenda in the way they deem fit...
My 1 Dollar (in ciphertext)
Terrorist computer thrown in the trash
We should indeed not assume that these criminals are neither stupid or without means, wits or intelligence.
The very unwanted and undesired and - as previously proven by former articles by undersigned - USELESS - craving from the mentioned law enforcement agencies to get insight into encrypted phones, insight into people's computers, etc. etc., is not even useful for the same authorities.
I have proven in former articles, that it is even not working, because things which are really well encrypted and concealed, will not be found, even by trained, motivated, dedicated, empowered, intelligent professionals. I am one of them.
I would, indeed, use any other means, instead of this "hat and blue glass" approach.
I fear that good old professional police work is drowning in the attempts to break into information which one cannot break into.
Lets for instance say, as an example, that a criminal is working with a group of other criminals, some of them locally in a team in Bruxelles, others in a team in Paris, upto the two attacks.
How about if they communicated via physical messages, brought forth and back via public toilets and messengers?
NONE of them would then need to travel. They only visit their local bar or mosque or sports centre, and in the cistern in the male toilet, just like any exam-fraudster would do it in secondary school, the notice has been put, days in advance, by the messenger. And once read, its being flushed. And an new notice is being put, ...
Meanwhile, they have an eager traffic on internet, with emails, pictures of their family, discussions about the Quran and other silly things - and not even a word about any action or activity, because - that is not the way they would communicate.
THEN - on a laptop which is naturally not on the internet - they make their plans, and discuss them etc. - and the USB-stick or even smaller - the SD-card (holding 8 gigabyte in less than 1/2 square-centimeter by 1 millimeter) - is exchanged via the very same system.
I think, gentlemen and ladies, that these people are indeed not stupid.
If one analyses the log on the computer, unless its been tampered with, (which is unlikely), one can see if the computer has been online or not. I guess - bet - that it was never online.
Now tell me, which "surveillance method", or "tapping", would be able to "decrypt" a computer or "invade" it, while it is simply never online.
WHICH security measure is more secure, than simply keeping a machine for such planning, off the grid?
WHY does banks keep their entire banking network off the grid? They have INTERNET access, yes, but these internet-based machines are linked via protocol-based anti-intrusion systems, which makes it virtually impossible to go "backwards" and enter into the banking systems.
No, gentlemen and ladies, we are dealing with intelligent criminals here, and they also know the limitations of security you can have, when you are on the internet.
Let us even go a bit further. The criminals could have one machine being online, and another which they work on, and solely and only using a USB stick or SD ram card to communicate in between them.
On the off grid machine they encrypt and steganograph their heinous acts, and on the online machine they copy the data in form of a picture and send it to a third party (or via drop box, or, even directly via email), to their grandma in Spain. The grandma sends the picture further to their collaboration group in XYZ.
My point is, the entire setup is simple, it is almost uncrackable, cannot be infiltrated, ... There is simply no reason to spend even one more USD on even trying.
There are so so so so so many other ways to crack this nut, but .. Is it not FBI, CIA, NSA, Europol who are the professionals here? I have written to them severally about ideas etc., but they remain quiet. So I must assume that they know what they are doing - at least when it comes to other ways of cracking the nut. Or do they? If they knew, why then, had they not "Cracked" the nut of the most recent attacks in India, France, Belgium, Denmark, .. ?
I think that a hitherto unprecedented way should also be explored - namely to put up a populi based security infrastructure, where the people can pop in and add their contribution to the whole picture.
Just like Google for instance are providing infrastructure in form of the Android system, and more than 2 million people are developing software for the Androids, in similar ways it could be very relieving and opening up, if FBI, CIA, NSA etc. instead of their useless secrecy and "affairs" instead opened completely up, and invited the population to contribute within a security framework.
Imagine if we were our brothers keeper? That we could contribute within a certain limited framework to the global security, ... ?
My 1 Dollar (unencrypted)
(I will not even outside the public sphere grant them the "glory" of calling them "terrorists", because, criminals is what they are, no more, no less),
Re: Hmm. Cats napping or "engrypted griminal dingz"
The place where I stand is very simple: If I can produce a ciphertext which can be read in the other intended end, then whether or not the algorithm is in public or not, it works.
If I was a codebreaker, and I received a picture of a beautiful meadow, and the lowest bit of every 30th blue colour code was a bit of a message, and the message was on top of that encrypted with a non published, hard encryption, leaving a stronger randomness of the cipher code than even Fips-140 ii, ha ha ha ha, I would know that there is nothing I could do.
Besides which, I would need to even know, that the picture has been steganografed... There are means for finding out, however, if the message is short, and the picture is big, then surely, even detecting that the picture is steganographed is not only uphill, its impossible.
What worse is, if bits are straddled / striped, it may be possible to detect that its steganographed, but now the worst part is, that it is not possible, reversely, to detect if an 8 bit shade, 0xf4 of blue is actually part of the cipher or not part of the cipher.
Thereby, gentlemen and ladies, I have by use of one, single example, proven, that the fear of NSA, FBI, CIA that they may come across (lots of) encryption which they can not break is true.
Furthermore, if these same good agencies want to still be funded, they need then to realize that fact.
Further, they would need to use same methods themselves, which brings them at par with the criminals where communication is concerned.
Furthermore, these good agencies, will then devise new (or old) methods to intercept the criminal communication. And they would - as it was in the old days - need permission, and never seek it - and do their job, and the universe would now be able to continue unfolding as universes are supposed to unfold.
And in that reality scenario, no, one would not know if an encrypted file would contain cats napping, or cats napping plus plus :-)
My 1 Dollar (decrypted)
Googling the physics of nuclear technology will get you put onto a watch list
The problem studying nuclear technology is not so much the watch list, but the problem that someone who may be interested in making bombs could be studying what you study.
As someone else wrote, everything needed is on the internet. Besides which, it is not very interesting to study how to make nuclear bombs. It is MUCH more interesting to study, how we, by changes in the way we humans deal with each other, can change the world such that it does not need nuclear bombs.
A nuclear bomb basically has very few problems to solve, and anyone can find all those on the internet too.
However, making a nuclear bomb will not assist solving any of mankind's problems, which basically are of the nature of reducing our greed, and selfishness.
Those who made nuclear weapon and the few who used them, have not solved any problems with those bombs...
We have so many warheads, world wide, so we can blast the entire globe into an inferno of fire.
Besides which, I would never think that anyone are so petty (or stupid), that they cannot see / look right through what you are doing in very few days..
Some of the problems making a nuclear bomb are not related to the architecture, but to the fact that one needs some very pure Uranium 235 or 238.
The very handling of this Uranium is very very difficult....
What is your take?
Banning Open Source Encryption, haaaaaa ha ha ha ha
BANNING OPEN SOURCE ENCRYPTION.
Haaaaa ha ha ha ha ha ah ha ha aaaaaahhh.
First of all - ha ha - you have to find out if the ban should deal with IMPORT or EXPORT of open source.
EITHER of these options would mean that the believers in this, believes that the OPEN SOURCE ENCRYPTION is located EITHER on the INSIDE of the USA or on the OUTSIDE of the USA.
Also, depending on where it is, one want encryption banned, one must also assume that there are nobody on the "affected" side with the desired "deficiency" of encryption, who has the brain to encrypt.
Oh haaaaaa ha ha ha ha ha ha...
LONG was Professor Oommens face (from Canada), when he had created the worlds best encryption algorithm, and he spent thousands of dollars getting export permission for it, ha ha ha ha, then I pointed out, that he had de facto (ipso facto even) exported it.
Oommen felt very offended, and even pushed his stupid lawyer on me, who threatened me with law-suits etc., for insulting him. (There went that friendship)...
However, he exported it, as he had patented it. 21 months after patenting - it is being published. So, the world had it, via his patent registration. VOILA.
And, Anonymous Coward, I think we would add to the list of what should be banned, to make it even longer than what the Taliban's banned to make ban of open source encryption workable.
(Are they called Taliban, because of that they have banned Tali - and does Tali mean: "The whole world" ??)
Even before computers, we had such advanced encryption algorithms, so that these were practically unbreakable.
Even the Caesar Cipher was a pretty good transposition cipher, ...
OOOpppps. We forgot - we would also ban mathematics in schools, and ban political learning. Ban the idea that something is right or wrong. (We are slowly descending to Maoist China in the 1920's)...
And if now someone by mistake should begin to utter words which could direct someone to think that we need something which can disguise communication, then decapitate them...
We have now joined Stalin Russia ...
Finally we need to have a thought police, which can do early identification of wrong thoughts and deviating thinking, and eliminate those. This is now a mix of George Orwells 1984, Stasi and a communist implementation we saw in the 1970's in Denmark, called "Tvind Skolen" - the school named Tvind.
Hilarious. Simly Hilarious. Not that I don't like Hilary or want him involved...
Today I have laughed :-)
My 1 Dollar
Re: Stop terrorism by banning means for the terrorists
My point with the above is maybe not so much the trust in authority, but the thing that we should not be so much in opposition.
I mean: Why would we not assist FBI on opening 1 (one) phone?
And FBI would - against this - have to accept that they would not be privy to the process, nor to the algorithms, or anything else.
FBI would be invited into the lab, and be bystanders in the process, as guests, not with any authority.
And if Apple in that process did not find anything incriminating, then FBI would be sent out again with their phone and no data.
====
In terms of your extremely wonderful list (and please remember to add water, fire, money, knowledge, from my list of neutral things which are being abused by humans), then I think our most important problem to solve is what to do with us as a human race, due to the way we misbehave.
We as humans, abuse everything we can get our hands on.
Pesticide manufacturers produce pesticides which unnecessariy kill off the bees. Then when told, the reaction is not a kind "Wow, let me try to change". No. The public authority's hard PUNISH-PUNISH stand on everything makes anyone making any mistake, go into denial, and thereby changes do not happen until the managing director is being waterboarded in his own insecticide-soup..
FBI does not come to Apple with a kind request, just to assist them against payment of a few fees. I mean: Hands on our hearts - if I was the FBI-boss, I would approach Apple with sensitivity and not try to abuse my position and armtwist Apple to do something. I would approach Apple and telling them that from time to time we have this problem, and we would likely need help many times each year. Then I would, as FBI, go to a judge to get the permission, in each case. Then I would create the possibility that Apple could employ a forensic police officer to take care of these jobs.
We mistreat each other. Race, gender, sexuality, everything is simply being abused to put other people down.
The list is very, very long. My point is not so much the particular things we do but the fact that we do abuse everything we have, in purely selfish impune directions.
THIS leads back to the original question: That authorities are full of people who are not fit for their office or their position, and therefore they misuse / abuse their position against other human beings.
THIS mistrust, created from this serious abuse, is the core reason why nothing works.
And this is the core reason behind both the terrorism, the terrorists, and the forces fighting them. It is de facto not the good against the bad. It is bad against bad.
The good people are not involved in any way. The good people are neither believers or not believers, religious or not religious - that categorization is useless here. The good people are those who would never do anything consciously to hurt other lifeforms.
So, you have a strong strong point in "Banning LIFE".
Factually, that is what we are on our way to do, by our extremely selfish behaviours as the human race.
Re: Trash
I love you... (not in the biblical way)...
"We need to ban trash if it's being used in this way"..
Yes, lets vote that through parliaments, houses, commissions, and into international laws, that Trash must be banned, as they can be abused as weapon of mass destruction.
Stone age?
It is not true. The problem we are having is that the most powerful things in our little Earthly universe are neutral, and they are in high demand by both the good guys and the bad guys:
Money
Intelligence
Energy
Power
Knowledge
Technology
Encryption
Computers
Fire
Information
Words
...
(conti nue yourself)
Now, even 18th century and before were cruel and gruesome to many people. Even stone age was cruel and gruesome to many people. The quantity of people was less, but still cruel.
And - what made the world gruesome and cruel was never any of these extremely powerful means mentioned above. It was the intentional abuse of these means which was cruel.
Example: We drink water and it is life. Water is also used to "Water board" torture victims. Fire is good to warm ourselves with, while ancient red indians used fire to torture victims with. Etc etc. (the rest is trivial).
My point is, that we have not moved ourselves at all far from stone age. Only difference is, that the magnitude of impact of our abuse of neutral powers has escalated out of hands.
Pay attention to, that this is on all sides. Americans, Russians, Syrians, Iraqi, Muslims, Western societies, hackers, terrorists, school shooters, religions, fanatics, racists, ...
So, we have descended as a human race in terms of the impact of the damage caused whenever one of us humans default to use of any of the above means for our own selfish purposes.
And we have grown closer as a race to become victims of our own self deceit about "human supremacy". It is very simple, actually: With all these "Fights against Evil", effects of which were so clearly was demonstrated in the humorous movie "The fifth element", we will very suddenly, very abruptly all of us be winners of the Darwin awards.
A small part of us will win because we directly committed the indirectly suicidal acts on behalf of the human race.
The large majority of us will also win the Darwin awards for our contribution, because of that either we thought that all the evil of those few should be FOUGHT AWAY (by refusing to assist FBI in individual cases against obvious terrorists, while referring to that "Then we would open a Pandora's box", while we all know that helping FBI from time to time on a good note cannot hurt), or, we decided that it was none of our business, or, we decided not to do anything even though we could, out of cowardness, passivity or other irrelevant excuses :-)...
We are in a dark period of time
We will do well in assisting the authorities with individual cases of decrypting particular phones belonging to heinous persons, terrorists, mass-murderers, etc.
However, with the complete distrust they have shown us, the citizens of this world, by incarcerating innocent people amongst top criminals, by applying torture and inhumane treatment to other human beings.
It is most unfortunate that our law enforcement are still populated with a few individuals whom cannot be trusted and whom are not being removed when revealed in their racist behaviours - for instance framing majorly black community people for crimes they have not committed, by abusing the fact that many from the black community cannot muster hundreds of thousands of dollars for a proper defense.
O.J. Simpson committed the murder - but was set free as he could pay a dream team of lawyers to reveal genuine technical holes in parts of the otherwise proper police work.
Normal black people do not have this opportunity, hence they end up being jailed for things they did not do, while the perpetrator, being any colour, went free.
Therefore, we cannot trust our authorities. IF we could trust our authorities such that we would know that any case would be run in a fair manner, then we would likely as a tech community have the necessary and desirable trust to blanket assist the NSA and other authorities in their otherwise good job of making the world a more peaceful place to live.
It is therefore we are in dark ages. The dark ages are documented in that both sides (NSA, CIA, etc. on one sides, and the enormous technical community on the other with the population) are arming themselves, instead of working together.
I would go as far as to say, that we could assist NSA and CIA, if they dissolve the Guantanamo and take the consequence of it.
We would be doing ourselves and the inmates a favour by subjecting these to a proper trial, where 2 aspects should be put into the trial:
1) The trial of these people's crimes against humanity as terrorists.
2) The international society, represented by CIA, NSA et al, as being charged for illegal capturing, torture etc. - yet another crime against humanity.
If we do not treat terrorists with humanity (I even have a bad taste in my mouth writing this - while we MUST do that..), then our elected politicians and their security institutions (NSA, CIA et al), will be trusted by their electorate.
It is stupid of us, the tech community, not to assist the authorities on a professional, positive way.
However, it is also stupid of these same authorities to try to armtwist our community.
NONE of us will win this way. We will all win, if we work on a case-per-case basis, on a voluntary participatory basis with the authorities, such that the authorities ALSO have a case to prove towards our tech community and if we do not find it justified, then we simply do not assist breaking up a certain phone.
I have created a wonderful encryption algorithm by the way, which works by 2 passwords. One, which generates the encryption algorithm to be used. Another password is then used with the algorithm to do the encryption of the plain text into cipher text. And - it is symmetric, and a zipper-algorithm (it means that it is self-locking).
I have another wonderful algorithm in the design, which is based on viterbi encoding, where the encryption just accurately distorts the viterbi-redundancy, such that when encrypted, it is not possible to recover a distorted version of the plain text, while, when decrypted, then the viterbi-backtracking is enabled. This makes it possible to make the brute force so much harder, as the encrypted code is not only encrypted, it is overlaid by a true random code, where one can even throw away the randomized seed afterwards!!!!
Imagine: You generate a random seed, then you throw it away, and let viterbi do the rest, while the encryption in itself solely deals with that part? Ain't that sweet?
It means - no code - no decryption - and there is no more algorithm to crack - there is just a bunch of randomized junk...
OHHH I forgot: This one - the viterbi one - works by XOR'ing the random code onto the cipher text. Thereby it is net, de facto 100% random.
LET ME make it worse yet: IF NOW we assume that we use s true random source, ie. the time between the clicks on a geiger muller counter when exposed to caesium radiation - and middle the time and take 0 to be when its lower than average then 1 when its above - then we have a true random source of encryption, and now comes the sweet part: We viterbi the clear text, randomize it, distort the viterbi randomly.
Result: Total random. Ha!
Techdirt has not posted any stories submitted by David Svarrer.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt