/os/ - Online Security

News, techniques and methods for computer network security.

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Board Rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Magrathea | Catalog | Bottom


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Expand All Images


Cryptography Endwall 05/12/2018 (Sat) 20:26:54 [Preview] No. 1211
In this thread we will discuss cryptography, cryptosystems, crypt-analysis, and tools for cryptography such as gpg and other tools. If you work in this field or hear of some relevant news about this field feel free to contribute. Use hyperlinks and source citations to back up any claims made if necessary.


Endwall 05/12/2018 (Sat) 20:33:48 [Preview] No.1212 del
Some introductory questions:

1) What are some good books on this subject both mathematical and practical?

2) What are some good methods to defeat crypt-analysis like frequency analysis to include when doing standard encryption methods like RSA using gpg? Would padding the plain text message before encryption with arbitrary random ASCII on both ends help or hinder this process?

3) Why is the trend for modern crypto to move away from using prime numbers towards elliptic curves? Speed? Security? Lower computation time?

Feel free to ask your own questions or to answer any that you see if you are knowledgeable on the subject field.


Endwall 05/13/2018 (Sun) 07:18:05 [Preview] No.1213 del
>>1212
2)
I'm suggesting to pad your messages with passgen.sh as I think that it might be helpful.

$ passgen >> message.txt
$ nano message.txt

/BwZ1X7Xe3YgJhlWtxjmjweodhiKm5Dg2mkuyEyTRTQCFL2AajWTTxGl2TW1/tSztDoz2Ci0YveM

This is the message. Have a nice day!

^X

$ passgen >> message.txt

$ gpg --list-keys | more
$ gpg -e -a -r Endwall message.txt
$ cat message.txt.asc
$ gpg -d message.txt.asc

Seems to work. Maybe pad it twice on either end. That should mess with the crypt-analysis. Just an idea.


Endwall 05/13/2018 (Sun) 07:24:32 [Preview] No.1214 del
Of course do this on your air gap and shuttle the messages and replies by floppy disk to your transmission workstation. Do encryption and decryption on an air-gap, and move the messages by floppy disk message sneaker net FDMSN . That should mess them up really good. If they can still get to your messages after that then re-evaluate the trustworthiness of the counter-party correspondent.


Endwall 05/13/2018 (Sun) 07:25:53 [Preview] No.1215 del
13ZoQy9B1ujf/6KODseSSs9R2ARf8dxxr8Y/MaYr2a8YdfXpijZLpXz3UZMpYzbbKKqj0hY8hEMZ
AfgWbLpcoYtf/UhcZ92DbORgEwMQs7RandyjFkwJ0cMWZTW1wOYSiKgHExfbt72aXg2PDeARrBY0
CruBW+b8R9ZlNM1Tv0eedoVjlJZi8LVRmlnKw1hQn2lCSyvjXTzNq+6+BylwuSfi+89FKsvMQgfX
bvX56HsxwXCUxE4ydBFmaS+1JdJWycY/EQN6cCfcblQSrYcuWZwHckEvLdf+wAcQxxbq2OhZyy5I
2go0G2d4gBMTB3T/+tXD7DM4JkkVmQkSeDiArEgUvvJ8oyBNmuDHQ/e3dtKFHhEmmXDax2yHwvEk
ZFBtRZyU+BZ5QiS5BsQr0tVKg2AAa7+WYvKmGQkN7C22QcybQzu7n2GHW34ZcitYmwehWtF/nJko
oxz2ANtQaruvfxU0JoZoZ/fGiXQ7LvQe1DfTUz6WoqNpfSpH4lq3GTeaO+aBB0CDvayrqOn4hpmK
gqy08tCIwuNfQbkRjxwx6jK6RHx5r9rOXe1cFZKoteAx4g+AVYfHFanpo+mXrk1nj3ceq06bNDFJ
ywAwOfAhjToLvc3T7ss/JUMHOLSoi2vSuF9YRou3yab1YMJFToFloOxkdVOXRUjaGR8AOqkqoqzO
Q08htUsrrFo5LwlbYsNj3r05gQP4glqZSyAvcLU1INmKjkWWGXdRr1uuf/ZeNR0QUlElDXCm2jbS
/BwZ1X7Xe3YgJhlWtxjmjweodhiKm5Dg2mkuyEyTRTQCFL2AajWTTxGl2TW1/tSztDoz2Ci0YveM

This is the message

R+dVRSBw7ZHS0SxB19SpSr5tcHNHIU2Nea9LKIgD9rRQYLbxPqaD4GQJtSM3sUniM1uforqxc9VE
3H0/Fe3o1JJDh1xnfWwiscnpb9OcSdOJAH9+Lz5C+1Pgoh2ZYtwwhCxp2wtNfsmZWR6V7RKZMkO/
lGUrlL/P4pXTq+z0co7GOI1W6PNI5E2+0E91UOv7Id4iBUa8FFEyPv7TGDJ7ZWSnCCops4cmZXYF
6DgWgp8y7v+1CbxWbgXYBddylSsQPNyNaG+IDlIhO4VjibZ0b9iBA02P0rUF6sxuWv+YVZ/Pxzm5
VlAIOjiRYto2zA7ei9tw7lhmSwX8A3xW9+zALOJb1e8B95aL+bZwwmu4Sq7rpnbY59FQkesCcDVf
+rNucwbLg9HsXTGnHxNJ2rQCHfTwL14wAEXd+LHY6p/JnNtM3xnWWe+67FGMGAg9vslynkqJH3bT
yM1XiW2+r5P/Pr5QaUqqd/h8sQsexuUgDzymqlz0N9ncbEB7c74JObHlNEzSEmVLquYU/NJi7TV5
OSgwyRtDAAITbK73KNQiPaDcZG6vSsLoQT5UeiqIYuqclgMLECtVGhDFvhuxJUREK9IZKlG7W3RY
XTS+yBwSXMhwu9EN4lcze3L5JeKoqWfaducYU+V72CsH6xX3ynZdc4YKOm9BzqDD+NdQnRM+Kt50
R/t26ACms/nRiDVxkSj7ZBNOv8KDtsBTYUuTH+JPx9rwI7ilIJs5FrXXPqWdR1idAM80GSKTk/PR
lL5r941U2cP6FJfvgPv/emI83/IY4cRB3BzWLKyZfLG9u9iH8ldsUe3pa1X+B2suzTnyrqC+CQoP
4rIUdH/6JcPJnGSKVNOEsW5TuJRQDMfdmPpwuwgWFwY/MCw36dYbzPonE4dVd2LWx/dIj2uXafrz
F1yfpG6omJjtuzf5w4O0OjFvT8zZc0OnlSJ4Qr4LWOCUjdZTzN7hPB+ZjAiJLvvWlHuz/8RELfJx
BF1j+P4eoDDymo45Tk/nkZnoNHS9rHPDITultXHl+nnpjItbj1X2vMeJPWfNTQeV7QcX51cSKaPY
T1H+cpzz80PmV0TRRbr6rsPlwmxxl72vQqXhruc7dw4+YAHRVRwIqudCgu/M0bj8guE+bb9x679j
WsW1cNEU0OJt+OIvbayi3Ko/Wqen3w+3ravWYaSHJT7RaZqvOOLkdl/iEiazmG5rYa9GMvx2i57W
XpRX446eEThe8WQpP0ShgNfDfQw1ZISSWoRivxNMJYX5Px0K


Endwall 05/13/2018 (Sun) 07:29:29 [Preview] No.1216 del
>>1215
Why stop there? Pad every paragraph!!


Endwall 07/03/2019 (Wed) 08:10:20 [Preview] No.1430 del
Vernam Cipher (One-Time Pad)
https://youtube.com/watch?v=cpqwp2H0SNo [Embed]
Duration : 11:21 Published : 08 Oct 2018
Description:
The Vernam cipher (aka the one-time pad, or Vigenere OTP) is the only encryption algorithm with perfect security, meaning it is unbreakable. The general concept of computational security is explained and also how XOR is used in this cipher. Then I explain the reasons why the Vernam cipher isn't really useable in 'real life'.


Endwall 07/03/2019 (Wed) 08:16:36 [Preview] No.1431 del
Endwall's Comment: This really is usable in the situation where you have limited computational power....like with an 8 bit computer for instance. you could use a floppy disk as the pad, and copy it and give it to your counter party for a year's worth of real time instant messaging over the telephone line. Every used block should be overwritten with a null character or zeroed out so that the program knows were to seek to for the next decryption block. This crypto-system is optimal to use with an 8-bit computer over the telephone lines. The computations are simple. This could be programmed in a weekend. Find or demonstrate working examples of this over the telephone modem on a Commodore 64 and post back here (working code or videos of it working).

https://en.wikipedia.org/wiki/One-time_pad

"Starting in 1988, the African National Congress (ANC) used disk-based one-time pads as part of a secure communication system between ANC leaders outside South Africa and in-country operatives as part of Operation Vula[28], a successful effort to build a resistance network inside South Africa. Random numbers on the disk were erased after use. A Belgian airline stewardess acted as courier to bring in the pad disks. A regular resupply of new disks was needed as they were used up fairly quickly. One problem with the system was that it could not be used for secure data storage. Later Vula added a stream cipher keyed by book codes to solve this problem.[29]"

Apparently not an original idea, even Africans were smart enough to go to this level...


Endwall 07/07/2019 (Sun) 20:32:05 [Preview] No.1438 del
Hak5
How To Use One-Time Pads To Send Encrypted Messages, Hak5 1620
https://youtube.com/watch?v=WkgumA5mHoI [Embed]
Published : 02 Jul 2014 Duration : 22:21

https://red-bean.com/onetime/

https://red-bean.com/onetime/get


Endwall 07/07/2019 (Sun) 20:46:25 [Preview] No.1439 del
Using a DVD with 4.7GB of random bits or random characters from /dev/urandom is probably good enough for most people for a time frame of 5 years worth of communications. People with a necessity for a longer time frame could do this with 10 TB hard disks and have private bi directional or (group based ) conversations with trusted parties for several years like maybe 20 years as long as you don't start sending large files. It should be good for text, pictures, audio and small video clips.

For more serious people getting actual random numbers will be a priority, by building some kind of physical or electronic device that can generate random static to record to disc. A Geiger counter, radio transmissions on a static channel. Maybe take all of these inputs and sum them together and add it to the output from /dev/urandom.


Endwall 09/14/2019 (Sat) 21:23:01 [Preview] No.1460 del
>>1439
Shale usually contains trace amounts of the elements Uranium, Thorium, and Potassium, as radioactive isotopes. Go to the mountains or wherever you can find rock outcrops and bring a hammer and a burlap sack. Smack off some shale and sandstone from the rocks, and then bring them home. Smash these up with the hammer using protective eye wear in the back yard. Place the rock chips into your burlap sack. This will serve as the radioactive source. Your Geiger counter will go into the bag and connect via RS-232 to your 8-bit computer. The accumulation count of gamma ray / decay event detection in a 5 second window, will be counted every 5 seconds. If the 5 second decay count is even store a 0, if the count is odd store a 1. Every 40 seconds a random byte will be created. Write these in sequence to a 1.44MB A:\ floppy disk. This is either your key for your one time pad or a random seed to use for pseudo random number generation.


Endwall 09/14/2019 (Sat) 23:10:40 [Preview] No.1462 del
>>1460
This would be too slow to be practical. If you could get a gamma count every second then it's better.
1024 Bytes / KB

1024^2 Bytes/MB *1.44 MB/floppy = 1509949.44 Bytes /Floppy Disk

At a rate of one random bit per second is 8 seconds per byte

= 12079595.52 s = ~139.8 days. Too slow.

Need to figure out a way to sample faster. I've never done this personally but I'd like to try it as an experiment. If you get something like this going, make a youtube video with instructions.


Endwall 09/14/2019 (Sat) 23:18:27 [Preview] No.1463 del
Uranium Random Number Generator
https://youtube.com/watch?v=A7FiVn776eY [Embed]
Demo of the device configured for a 4-bit random number based on events detected from a Geiger counter excited by Uranium.
Published : 12 Apr 2019 Duration : 01:20
Random Number Generating Geiger Counter
https://youtube.com/watch?v=T0r6XocVHyo [Embed]
Team Chub's senior design project
Published : 04 Apr 2011 Duration : 02:18
Raspberry Pi Geiger Counter and Random Number Generator
https://youtube.com/watch?v=yfOV9Ex47pE [Embed]
Duration : 04:05 Published : 26 Dec 2012
"This is a quick video showing the Mighty Ohm Geiger counter i got for Christmas. I have interfaced it with the
Raspberry pi so it can also act as a random number generator.
The Python code for interfacing with Cosm: https://docs.google.com/open?id=0B1i26IugaGQbWFh6X1Bodmc3eUk
(I have regenerated my API key so don't bother trying to post to my stream :)
The Python code for Random Number Generation: https://docs.google.com/open?id=0B1i26IugaGQbYTRKRUl5aFhMZFU
My Cosm feed: https://cosm.com/feeds/94794
The Geiger Counter: http://mightyohm.com/blog/products/geiger-counter/
Picture of the Rapsberry Pi and Geiger counter: https://docs.google.com/open?id=0B1i26IugaGQbcHpCeXJHSEp5UEE"

etc...


Endwall 09/14/2019 (Sat) 23:22:39 [Preview] No.1464 del
Radioactive Random Number Generator
https://youtube.com/watch?v=agvcduNRxKg [Embed]
Duration : 14:37 Published : 26 Jul 2018
Ever want to generate random numbers? Radioactivity is the way to go! This Counter is compatible with the Arduino so you can make one yourself!
https://amzn.to/2zKDbLS


Anonymous 09/23/2019 (Mon) 01:08:52 [Preview] No.1467 del
>>1460
or you could get a smoke detector from the hardware store.


Endwall 09/23/2019 (Mon) 03:31:11 [Preview] No.1469 del
>>1467
Yeah that's probably faster/smarter to get the Americium from a smoke detector. Good call.


Anonymous 10/14/2019 (Mon) 19:23:20 [Preview] No.1477 del
crypto101.io is a decent overview of _contemporary_ cryptography, not the usual textbooks


Anonymous 11/14/2019 (Thu) 03:21:11 [Preview] No.1495 del
>>1469
and it should work the same, right? just a button of a different material.


Endwall 11/15/2019 (Fri) 02:36:19 [Preview] No.1498 del
>>1495
Any radiocative isotope of an element should work. In the video he's using Americium from a smoke detector. You just need some random gamma and beta radiation from a decay event to set off the Geiger counter. Any radio isotope will do. Radioactive decay times and quantities are random and unknowable before the event occurs.


Anonymous 05/03/2021 (Mon) 03:27:01 [Preview] No.1721 del
(21.11 KB 336x336 Youdontsay.jpeg)
How does a crypto operator in a client relationship protect themselves against duress?
We are already starting to see digital robberies, because crypto clients are typically anonymous and can use a range of access point the rick of Crypto-ATM robberies is increasing.
A two factor authorization and a silent alarm would be easy to set up- but this presents the risk that the silent alarm keeper could freeze accounts and make demands of clients.
A "two key" system can be used to ensure transactions and blocks are only made with the simultaneous cooperation of the Client and broker, but as with TOR if unilateral blocking is not possible the systematic takeover of brokering services is likely to eventuate.
While in theory if the broker was a bad-actor they still wouldn't gain access, the client would loose their protection without their knowledge- and a large number of bad-actor brokers would emerge to net a large number of clients.

Is this a problem inherent to a single origin (client centered) authorization chain?
Could the blockchain work in tandem in a two factor access system?



Top | Catalog | Post a reply | Magrathea | Return