Register | Sign In


Understanding through Discussion


EvC Forum active members: 65 (9162 total)
3 online now:
Newest Member: popoi
Post Volume: Total: 915,817 Year: 3,074/9,624 Month: 919/1,588 Week: 102/223 Day: 0/13 Hour: 0/0


Thread  Details

Email This Thread
Newer Topic | Older Topic
  
Author Topic:   For those concerned with Free Speech (or Porn), it is time to get active.
Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 57 of 304 (220290)
06-28-2005 12:15 AM
Reply to: Message 51 by jar
06-27-2005 7:05 PM


Re: Not surprising
Just to make you feel good, there is a proposal to log all access to listed ips.
*cough* proxy server *cough*

This message is a reply to:
 Message 51 by jar, posted 06-27-2005 7:05 PM jar has replied

Replies to this message:
 Message 58 by jar, posted 06-28-2005 12:18 AM Slim Jim has replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 59 of 304 (220294)
06-28-2005 12:30 AM
Reply to: Message 58 by jar
06-28-2005 12:18 AM


Re: Not surprising
Good, but not that good if anyone wishes to really do a trace.
What would that accomplish? A trace to an unlogged and anonymous proxy server in, say, Tuvalu is not much of an indication of whom is hiding behind the proxy.

This message is a reply to:
 Message 58 by jar, posted 06-28-2005 12:18 AM jar has replied

Replies to this message:
 Message 61 by jar, posted 06-28-2005 12:36 AM Slim Jim has replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 63 of 304 (220301)
06-28-2005 12:56 AM
Reply to: Message 61 by jar
06-28-2005 12:36 AM


Re: Not surprising
If the proxy server is unlogged, then how would one retrieve a datapath past the proxy server?
If anonymous, unlogged proxy servers seem horrendously unsafe then consider running tor with pgp. Now even infidels, puppy-jugglers and child pornographers can feel safe. Each encrypted packet on onion routers has no common source or destination. Essentially there is no longer a datapath from source to destination to trace.

This message is a reply to:
 Message 61 by jar, posted 06-28-2005 12:36 AM jar has replied

Replies to this message:
 Message 64 by jar, posted 06-28-2005 1:07 AM Slim Jim has replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 66 of 304 (220306)
06-28-2005 1:31 AM
Reply to: Message 64 by jar
06-28-2005 1:07 AM


Re: Not surprising
You do not offer any specific details for your standpoint.
  • How do we trace a datastream if there is no common source and destination?
  • How do we trace a datastream if there is footprint erasure?
  • How do we decrypt packets if all we have is said packets?
  • How do we decrypt packets even if we (somehow) manage to get our hands on the correct 4096 bit RSA public key?
I think the described method of "picking up the suspected machine" sounds best. Problem is, how on earth do we tell which is the correct machine to pick up?

This message is a reply to:
 Message 64 by jar, posted 06-28-2005 1:07 AM jar has replied

Replies to this message:
 Message 67 by jar, posted 06-28-2005 1:34 AM Slim Jim has replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 68 of 304 (220310)
06-28-2005 1:47 AM
Reply to: Message 65 by lfen
06-28-2005 1:20 AM


Re: Not surprising
And the government has the most resources of all, unwieldy as those resources may be they have deep pockets and should they choose bring a lot to bear on cracking protection.
PGP cryptography is one of those technologies that puts "government strength" cryptography in the hands of the common individual. The US government even went so far as to pursue a criminal investigation against its creator for "munitions export without a license."
Using PGP and a 4096 bit RSA key to encrypt information you can be quite happy that prying eyes will be kept in the dark. Computer scientists and cryptologists estimate that their is insufficient computing power on the planet for the foreseeable future to decrypt such information before the sun burns out.

This message is a reply to:
 Message 65 by lfen, posted 06-28-2005 1:20 AM lfen has not replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 69 of 304 (220312)
06-28-2005 2:00 AM
Reply to: Message 67 by jar
06-28-2005 1:34 AM


Re: This is an interesting discussion
LOL, apologies for the threadjack. My PhD was on low-latency anonymity of second-generation onion routing; some of your comments were just too succulent to ignore.

This message is a reply to:
 Message 67 by jar, posted 06-28-2005 1:34 AM jar has not replied

Replies to this message:
 Message 73 by Silent H, posted 06-28-2005 5:55 AM Slim Jim has replied

Slim Jim
Junior Member (Idle past 6243 days)
Posts: 26
Joined: 05-06-2005


Message 111 of 304 (220400)
06-28-2005 10:07 AM
Reply to: Message 73 by Silent H
06-28-2005 5:55 AM


Re: This is an interesting discussion
This will be my last rant about public key encryption and internet security in this thread. I'll do my best to make it understandable. (And apologies to those whom do not care for such techno-babble).
You are indeed correct that a proxy is worthless if an interested party already knows the identity of a specific individual and wishes to carry out electronic surveilence. Barring having physical access to that individual's computer, their best bet for network traffic analysis is by "sniffing" all traffic on the link from the individual's computer to their ISP. The question now becomes "what will they be able to analyze?"
If you communicate over the internet in an insecure an unprotected fashion, then every TCP segment (i.e. all chunks of data transmitted when surfing the net) that your computer sends and receives contains
  • the source IP address
  • the destination IP address
  • a sequence number (used for reconstituting data in the correct order and in case packets are lost/arrive out of order)
  • more bookkeeping information superfluous to this discussion
  • the actual application data (e.g. a chunk of HTML web page etc) you are interested in viewing/sending
Using the sequence numbers, a snooping observer can readily reconstruct all information that you are indeed sending and receiving. If you are under surveilence and viewing kiddie-porn you can expect the FBI to come crashing through your front door.
If, however, you are communicating over an encrypted connection then the snooping observer will no longer have raw application data to reconstruct. Without your private key, they will have to rely on brute-force number field sieving or elliptic curve factoring to decrypt the application data contained within each TCP packet.
If you are using a weak form of encryption then, the snooping observer will (with a little time and computing power) be able to decrypt and reconstruct the application data. Again, expect a visit from the FBI.
If you have used much stronger forms of encryption, then it becomes computationally infeasible for anyone to decrypt the application data.
I guess this begs the question - how infeasible is infeasible? Trying to decrypt data on a home PC may be computationally infeasible, but is it really infeasible for the boffins at the NSA with their distributed grids of supercomputers? The answer depends on the algorithm you use to encrypt your data, and the strength of the key used.
PGP (Pretty Good Privacy) is a freely available program implementing public key cryptography. It's been around for a while now, and provides a swarth of encryption algorithms (ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160, TIGER etc.) RSA is one of the more noted and secure algorithms. It is one of the algorithms that most banks, governments and the military currently use to encrypt data when electronically communicating. It is a very simple algorithm that at the same time is computationally infeasible to break:
1. select two very large prime numbers, p, q, such that p does not equal q.
2. compute n = pq
3. compute z = (p-1)(q-1)
4. compute e such that e and z are coprime
5. compute d such that ed-1 is exactly divisible by z
Now some message fragment m is encrypted to a value c using e and n; c is decrypted using d and n:
c = m^e mod n
m = c^d mod n
The infeasibility of breaking a message encrypted using the RSA algorithm fundamentally depends on the size of p and q. If n = pq is less than 256 bits (i.e. n < 2^256), a message can be broken in a few hours on a modern PC; if n is less then 512 bits, a message can be broken by a few hundred supercomputers in a distributed computing network; if n is 1024 bits or more is it currently unbreakable using the currently available technology in the world (it would take ~7000000 times as long as 512 bits); if n is 4096 bits or more, then all world's current and future computational power combined will be insufficient to break the encryption before the Sun burns out.
Consider the fact that most banks use RSA-1024 bit encryption for financial transactions, the US government uses RSA-2048 bit encryption for highly sensitive communications, and freely available PGP programs offer RSA-4096 bit encryption for your home PC.
There is also another form of technology that I am currently involved in called circuit-based low-latency anomymous communication services, or second-generation onion routing. In this computing paradigm all network communication is coordinated over a distributed network sharing perfect forward secrecy, integrity checking, and location-hidden services. This means that all communication is distributed over the network so that no single point can link a packet to its destination. No computer in such a network sees more than one router ahead; neither a compromised server nor a snooping observer can perform traffic analysis in order to determine the source, destination or payload of a TCP packet.
One final point. It may seem surprising that with this technology publically and freely available, there are any successful internet child pornagraphy investigations. In some respects it is surprising. But I'm relieved that some paedophiles and crooks tend not to be technically savvy of this technology. I'm also relieved that others tend to be compulsive enough to send just one more picture to that undercover FBI agent.

This message is a reply to:
 Message 73 by Silent H, posted 06-28-2005 5:55 AM Silent H has not replied

Newer Topic | Older Topic
Jump to:


Copyright 2001-2023 by EvC Forum, All Rights Reserved

™ Version 4.2
Innovative software from Qwixotic © 2024