Encryption, paranoia and virtual machines
Tyler Aviss
tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Dec 4 06:57:13 UTC 2011
on my phone it resolves just fine to the ss.org address. how interesting
On Nov 28, 2011 3:06 AM, "R. Russell Reiter" <rreiter91-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Ah, the enigma codes. The German esszett ligature (also called the
> scharfes s (sharp s)) ß evolved from the ligature"long s over round s".
>
> It is replaced by 'SS' in capitalized spelling and in alphabetic ordering.
> ß is only used in Germany and Austria, nowadays generally never in
> Switzerland.
>
> The code might have been a little harder to crack if there weren't
> apparantly orphaned SS's in messages.
>
> I wonder how tlug.ß.org would resolve.
>
> Cheers,
> Rußell
>
> Christopher Browne <cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>
> >Well, the "security" of the rolls mostly depends on the attacker not
> >knowing how it works, and the majority of the population being
> >comprised of
> >illiterate slaves. Having 3 or 4 rolls of different sizes would
> >suffice
> >for cracking most of this; knowing the fact of variable roll size is
> >99% of
> >the trick.
> >
> >A considerable portion of security from encryption is achieved by
> >minimizing the source text, notably to keep out readily guessable plain
> >text. In WWII, British decryption efforts were helped plenty by German
> >officers that considered it a "career limiting" factor *not* to end
> >messages with "Heil Hitler". That perception mayn't have been wrong,
> >but
> >those bits of predictable plain text almost certainly caused the losses
> >of
> >German U-Boats, as it provided a vulnerability for Allied
> >cryptographers to
> >exploit.
> >
> >F. L. Bauer's book on cryptography describes other "politically
> >necessary"
> >sorts of cryptographic protocol failures - when messages contain
> >fawning
> >phrasing ("by order of the fuhrer") or spelling out some of the wacky
> >long
> >officer titles in high command, this all helps in attacking:
> >A) individual messages
> >B) message keys that will be used on other messages
> >(Hence, the sloppy bozo may wind up getting others that are competent
> >killed)
> >C) the cipher system as a whole.
> >
> >Bauer observes that a *good* cryptograms clerk:
> >- removes all unnecessary text
> >- abbreviates heavily
> >- misspells whatever they can
> >
> >That seems like it's likely to still be valid-ish.
> >
> >We do have stronger ciphers, today, but the notion that having known
> >plaintext helps certainly persists in modern cryptanalysis. You'll see
> >it
> >a fair bit in Bruce Schneier's writing (sp?)
> >
> >On some extra reflection, there is a harmful aspect to encrypting your
> >whole system, as this introduces a barrel load of known plaintext.
> >Forget
> >about a few references to Nazi haute, you are throwing in a dozen
> >copies of
> >the GPL, and as likely as not, a gigabyte of well-known binary and text
> >data. Lots of material for cryptanalysis, quite possibly enough to
> >meaningfully enhance a brute force attack.
> >
> >And when it's certain that the key for all that will be in the VM, a
> >smart
> >attacker won't bother with brute force when getting the key from the VM
> >will provide the Keys To The Kingdom. Better still, once cracked, you
> >can't fix it - changing the key requires rebuilding your VM. A
> >*really*
> >smart attacker may be sufficiently ready that they'll regain access
> >before
> >you can reboot into the new VM!
>
> R. Russell Reiter's Left Brain Messaging Matrix
> [Currently Under Development] Your mileage may vary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20111203/1a78df07/attachment.html>
More information about the Legacy
mailing list