I was in a post-apocalyptic Texas. My mission was to broker piece between my village and a gang of nomadic gay vampires. It wasn’t just my blood they wanted to suck. My main concern was that I didn’t want to become Vampire+. I decided I preferred them to the cannibal UFO worshipers.
Secret messages were being exchanged by using steganography to hide them in photographs of puppies. Details and algorithms were found in Bruce Schneier’s book “Look! Puppies! (2nd Edition)“.
Lotus Domino 7 has an unfortunate bug which means that you can’t cross-certify with another organization via phone or e-mail, by using the Domino Administrator, choosing Cross Certify Key… and entering their key ID. The bug is documented in the readme.pdf, and is still unfixed as of 7.0.2. It results in server errors saying “The subject’s public key found in the cross certificate does not match the one found in the certificate table.”
[Update 2006-05-17: I'm pleased to say that I heard today they've managed to squeeze a fix for the problem into 7.0.2. This is not an official statement of support from IBM, etc etc.]
This is a problem in situations where you want to cross-certify your server with someone else’s, but for whatever reasons they can’t or won’t give you access to CERT.ID, and can’t engage the cooperation of the owners of their CERT.ID.
I’m impressed that The Daily Show got someone who actually knows about cryptography to help with their script tonight. Most shows would string together a bunch of random Star Trek jargon words…
Extract from Ed Helms talking to John Stewart about digital voting systems:
Ed: Fortunately today’s e-voting systems support a robust cryptography architecture, using DES keys in CBC mode with a random initialization vector. Now, I know what you’re thinking… “Ed, the CBC encrypt uses a zero seed number so keys could be recovered by parallel processors running a virtual network protocol in a trivially short timeframe.” But in my opinion, that’s fucking bullshit.
John: I don’t, obviously, speak for everybody, but I’m not sure I understood anything you just said.
Ed: No, John, but I did. And there are at least several other people who also did, people like DemocracyHacker23 and GovSniper17… and while no-one knows who they are or what shadowy government conglomerate snatched them up out of college, I have no doubt they will do a bang up job of safeguarding our democracy.
John: But Ed, shouldn’t the process of the election be more transparent? I mean, if something were to go wrong, what would be the harm, say, of having easy to read paper printout of who people voted for, we could go back and check?
Ed: Well, it’s true, paper could give us a way to verify results, but paper’s very expensive, and we’ve already spent an awful lot of money on these computers.
But my favorite quote was slightly earlier in the show:
Ed: …In fact, most of these voting machines run on the same rock-solid Windows platform that never crashes at your home or office.
[Obviously Comedy Central bleeped “fucking bullshit”.]
Well, this is the most interesting thing I’ve heard about in a while: someone’s come up with a provably unbreakable encryption scheme that’s actually practical to implement.
There’s an article in the New York Times about it; basically, the scheme goes as follows:
Someone sets up a satellite to generate a stream of truly random numbers, synchronized to some appropriate time code.
The sender and recipient exchange a secret using an existing public-key encryption scheme, or using some other secure channel. The secret is a time code value.
At the pre-arranged time, the sender uses the random number stream from the satellite to encrypt the data, and the recipient temporarily caches the same chunk of random data in RAM.
When the recipient receives the encrypted message, he decrypts it with the cached data, then throws that data away.
What makes the system unbreakable is that unless you know the secret before the message is sent, you don’t know what part of the random number stream is going to be used—and it’s infeasible to store the entire stream indefinitely. What’s more, once the message has been decrypted, neither the sender nor the recipient has the means to decrypt it again.
The NYT article has some dismissive comments from people like Bruce Schneier, pointing out that even with breakable cryptography, there’s usually an easier way to get the data. But I think this new development is still valuable, because it’s a workable system of “rubber hose resistant cryptography”. That is, it’s a system where you can’t force the recipient to divulge the key and decrypt the message, because he provably can’t do it.
With today’s cryptosystems, if you log all a person’s messages over the course of years you can potentially one day get access to all of them—either by obtaining the single key used, or by breaking the cipher. This new system is equivalent to one-time pad, which is known to be unbreakable, and there’s no way to get access to messages after the fact.
I wonder how long it’ll be before someone sets up an implementation of this? Perhaps the NSA already use it…