Saint Stanislav Datskovskiy (WOT:asciilifeform) published today a tool for creating a one time use "parachute" Lamport keypair. This type of keypair is referred to as a "parachute" because it allows a person to recover their cryptographic identity after the catastrophic compromise of the extant cryptographic system in which their identity was born. For maximum readability and understandability the ever consumate craftsman implemented this tool in bash using common userland utilities.
Category Archives: Software
Random Idiot Accepts People's Time And Work, Idiot Turns Around And Sells It For Politics
Kiwi social engineer Leah Rowe (WOT:nonperson) during a recent tantrum brought attention to the problematic structure of the open source "Libreboot" project. For its entire history Libreboot consisted of a forked repository of another open source project to which Rowe added still other people's patches under Rowe's name rather than the actual authors' (archived). The catalyst which brought this problem to the fore was a political statement made by Rowe using the name "Libreboot" without consulting the actual authors of Libreboot code. These authors who had not particularly cared that Rowe took their names from their code however decided that they definitely did not want Rowe's political tantrums to be misconstrued as their own.
RNG Whitening Bug Weakened All Versions of GPG
Werner Koch, maintainer of Libgcrypt and GnuPG, announced today:
"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. … All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened."
However, in the text of one of the patches (archived) which accompanied this announcement, we find a slightly different statement:
"This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable."
In effect, this means that no key created with GPG to date carries more than 580 bytes of effective entropy (e.g., all 4096-bit and above RSA keys have 'subkeys' which – we now find – mathematically relate, in a possibly-exploitable way, to the primary key.)
It should be remembered that, due to the structure of the OpenPGP format, breaking a GPG subkey is often quite nearly as good as breaking the primary key – i.e. it will allow the attacker to create valid signatures, in the case of a signature-only subkey, or else to read intercepted ciphertext, or both.
And thus we find that, due to the staggeringly-braindamaged design of the protocol and of this implementation, GPG users who elected to use longer-than-default GPG keys (Phuctor presently contains 1,090,450 RSA moduli which exceed 2048 bits in length1) ended up with smaller-than-default effective cryptographic strength.
Likewise noteworthy is the fact that this bug was contained in an RNG 'whitening' routine. The popular but wholly-pseudoscientific practice of RNG 'whitening' creates the appearance of an effective source of entropy at times when – potentially – none exists2, at the cost of introducing a mathematical relationship (sometimes, as in the case at hand, a very exploitable one) between RNG output bits, which by their nature are intended to be wholly uncorrelated.
Not all of these moduli were generated using GPG. ↩
A whitened (walked over with, e.g., RIPEMD – as in GPG, or SHA2, or AES) stream of zeroes, will typically pass mathematical tests of entropy (e.g., the Diehard suite) with flying colors. While at the same time containing no meaningful entropy in the cryptographic sense. ↩
Eulora 0.1.2 Update Released, Record Loot Follows
Earlier this week the Ministry of Games released version 0.1.2 of their real cash economy MMORPG Eulora to the world. The new client software was made available July 31st and the servers rolled over to the new version on August 3rd. Shortly after the update was made available Daniel P. Barron (WOT:danielpbarron) found a record setting loot pop in the game world. The drop composed of boulders and assorted other loot has a base value of 0.81 Bitcoins with a potentially higher market value in the game's real money economy. Eulora's real cash economy makes it one of several avenues available for earning Bitcoin without dealing with the AML/KYC indignity of the various fiat/Bitcoin interfaces.
Windows Print Spooler Vulnerability Spent 20 Years Unaddressed
A vulnerability in the way Microsoft Windows communicates with printers survived 20 years in the wild (archived). It was addressed in the latest round of Windows Update patches, which if the Stuxnet backdoor is any example means that Microsoft merely tightened the conditions for exploiting it until the probable new vulnerability becomes public knowledge. Sorry for your loss.
"Pokemon Go" Ushers In New Phase Of Smartphone Surveillance
This past week's release of the smartphone gamified reality app "Pokemon Go" heralds the beginning of a new phase of the smartphone surveillance era. Billed as an "augmented reality" game the app uses in game incentives to direct users to physically visit locations that they would not otherwise. The app has already lead to a teenager discovering a dead body in a location she would have not otherwise visited.
In addition to directing users to physical locations the app encourages users to enable their smartphone's camera so that they may see pokemon "appear" in the real world. This active scanning of the real world by app users presents far greater potential for image collection than the typical social media app which relies on the user's vanity to get them to use their smartphone's camera.
It almost makes the app's requirement to turn on the smartphone's location services, one that will likely snare low intelligence "criminals", seem mundane.
Pokemon Go was preceeded by an alternate reality game called Ingress also developed by Pokemon Go creator Niantic. Ingress however lacked tie ins to any popular media franchises1 which would have delivered a ready made user base in the manner Pokemon Go has. Peace in our time!
Deepening the rabbit hole is Nintendo's long refusal to allow media properties they have a stake in to run on devices that aren't also sold by Nintendo. ↩
First Anniversary of BIP 66 Clusterfuck
One year ago the BIP 66 clusterfuck happened. The chainsplit following the "activation" revealed that many miners were using simplified (and dysfunctional) chain verification, which led to abundant lols and chain splits. Turns out "soft" forks aren't all that soft! More splits happened after the initial split that inaugurated the clusterfuck, and they happened for the same reason. Never forget!
How The Tor Project Pays And Pays CIA Agents From Their USG.Navy Coffers
From the Tor Project's own timeline on their hiring and post separation payments to "former" CIA agent David Chasteen. Given the source, information presented as facts in this timeline may not be in concordance with reality. Interesting points bolded:
A sends:
Subject: David Chasteen Timeline
This is a timeline of events related to Tor's hiring of David Chasteen.
January 15th, 2011: David Chasteen attended a Tor hackday at MIT, while claiming to work for the State Department. There, he met Tor people including Jacob Appelbaum. Around this time, David Chasteen indicated he was interested in a job at Tor, but he was not hired.
October 5th, 2014: Roger Dingledine suggested adding David Chasteen to the tor-internal private mailing list and possibly hiring him as a project manager.
October 8th, 2014: Based on her previous experiences working with him, Karen Reilly sent an email to tor-internal advocating for David Chasteen to be hired as a project manager.
October 14th, 2014: David Chasteen was added to tor-internal.
November 5th and 6th, 2014: Operation Onymous
November 6th, 2014: David Chasteen's last day at the CIA after working there for 8 years.
November 7th, 2014: David Chasteen's first day working for Tor as a project manager. Along with Karen Reilly, he attended Freedom of the Press Foundation's Digital Security Conference in Washington DC. At the conference, he met with Xeni Jardin about writing a guest post on Boingboing about Tor hiring him. On this same day, David Chasteen disclosed to Roger Dingledine that he worked for the CIA.
November 9th, 2014: In the wake of media concerns stemming from Operation Onymous, Jacob Appelbaum sent an email to tor-internal calling for a more coordinated media strategy. In this, he asked if anyone paid by Tor has a clearance.
November 10th, 2014 13:30 EST: David Chasteen responded saying that he had a clearance, but it is no longer active. He further stated that, because all Foreign Service Officers and military officers have clearance, having a policy against hiring anyone with a clearance would be discrimination against veterans.
November 10th, 2014 15:21 EST: David Chasteen sent an email to tor-internal disclosing that he worked for the CIA for 8 years, explaining why he wanted to work for Tor, and discussing is plans going forward (including the Boingboing guest post).
November 10th, 2014: tor-internal IRC and mailing list discussion about how to handle the hiring of David Chasteen.
November 10th, 2014 18:21 EST: David Chasteen sent an email saying he was going to "bow out" because it did not seem like anyone was comfortable with the situation.
November 11th, 2014 18:51 EST: Jacob Appelbaum sent the #tor-internal IRC log to the tor-internal email list.
November 10th, 2014 22:44 EST: David Chasteen said he was going to unsubscribe himself from tor-internal. At 23:10 EST, Damian Johnson confired that David Chasteen was no longer on tor-internal.
November 16th: Andrew Lewman sent an email to tor-internal saying that David Chasteen hired a law firm and that members of the list should have no contact with David Chasteen or discussions about him.
December 2nd: Andrew Lewman told tor-internal that negotiations with David Chasteen were ongoing, reiterated his request that tor-internal members have no contact with or discussions about David Chasteen, and said he would report back with updates.
At some later date, David Chasteen settled out of court with the Tor Project.1
This means the Tor Project paid their valiant CMU Tor Attack and Operation Onymous fall guy. Except where are the mentions that the CMU Tor Attack did Operation Onymous? Well, who needs those when you have a David Chasteen to play distraction. ↩
Remains Of Hewlett Packard Go All In On Remains Of Syfy Franchise
In a press release today Hewlett Packard Enterprise, a venture cast off from printer ink scam and former technology powerhouse Hewlett Packard1 in 2015, announced it had bought the plotline to "Star Trek Beyond" from producers of the film as a marketing vehicle for an upcoming product launch. Created by Gene Roddenberry (WOT:nonperson) the Star Trek Syfy franchise helped to kickstart Hollywood's shift to an annuitized business model2 which allows for a predictable return on investment by telling audiences "STFU, these stories are connected." The product driving the plot of the film is yet another Unix machine produced by Hewlett Packard Enterprise (TM)(R) running with an odd build of Linux3 instead of HP-UX and a novel form of memory together united in the way the marketing department imagines it will work after 250 years of bug fixes.
The piece of the historical Hewlett Packard's corpse which most closely carries out the original's work was severed in 1999 and now goes by the name Agilient Technologies. ↩
At present the outwardly healthiest of these motion picture annuities is operated by Disney utilizing their acquired comic book properties. ↩
Correction: Hewlett Packard Enterprise (TM)(R) scrapped their oddball Linux portion of this product in favor of running a less peculiar flavor of Linux ↩
20th Anniversary Of Kaczynski's Capture Today
Today marks the 20th anniversary of the capture of noted mathematician and widely published philosopher of technology Theodore Kaczynski by forces of the United States regime in Washington, DC. Theodore Kaczynski is also widely suspected to have been forcefully drugged and violated as a part of the CIA's MKULTRA program as an undergraduate at Harvard. In a rare feat for any author Kaczynski managed to get a 34 kiloword essay titled Industrial Society and Its Future published in print in the September 19th, 1995 editions of the New York Times and Washington Post in its entirety.1 After a political show trial the regime in Washington DC had locked Kaczynki up at their Florence, Colorado super maximum security prison where he remains a political prisoner.
The full text of Industrial Society and Its Future is reproduced below: Continue reading
This was before the Internet had emboldened both of those publications to adopt their present habit of routinely publishing whatever long for slop they can get their hands on. ↩