SgtSpike (OP)
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
March 26, 2013, 10:25:25 PM |
|
Um, no, it's not. Learn some crypto before you talk about it. A requests PGP key from B C intercepts request C gives A a PGP key aliased as B A sends message encrypted with C's PGP key C now reads message. B has no idea a request was even made.
|
|
|
|
|
|
|
The network tries to produce one block per 10 minutes. It does this by automatically adjusting how difficult it is to produce blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
March 26, 2013, 10:37:52 PM |
|
Would there be a way for someone to MITM communications in such a way that the receiver of the information still gets it and doesn't know that it is compromised? The both parties engaged in encrypted communication must compare the fingerprints of public keys using some other channel. Such as phone call or in-person meeting. If the messages goes trough but the key fingerprints does not match, there is women in middle attack (threesome) happening. The one time pad and picture of cat is problem because of non-randomness of random data and the random material can be easily intercepted. It is cumbersome to practical use and that's why key exchange protocols are used to establish connection.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
BIGMERVE
|
|
March 26, 2013, 10:54:55 PM |
|
Invent your own language.
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
March 26, 2013, 10:59:01 PM |
|
Invent your own language.
Not safe at all. Languages all have common traits that distinguish them from random garbage. I don't remember exactly but something to do with statistics and occurrence of words. If adversary can crack PGP then also it can guess the private key spelled by HEX in invented language.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
March 27, 2013, 01:00:47 AM |
|
https://www.readthenburn.com seems like a relatively ok option if you're dealing with someone that won't be bothered to learn how to use PGP.
|
|
|
|
SgtSpike (OP)
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
March 27, 2013, 01:40:39 AM |
|
https://www.readthenburn.com seems like a relatively ok option if you're dealing with someone that won't be bothered to learn how to use PGP. Nice, interesting solution there. Um, no, it's not. Learn some crypto before you talk about it. A requests PGP key from B C intercepts request C gives A a PGP key aliased as B A sends message encrypted with C's PGP key C now reads message. B has no idea a request was even made. That can only be done if a) You don't verify messages over a different line of communication OR b) Your attacker has complete control over EVERY line of communication you have Agreed.
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 27, 2013, 09:11:49 AM |
|
Um, no, it's not. Learn some crypto before you talk about it. A requests PGP key from B C intercepts request C gives A a PGP key aliased as B A sends message encrypted with C's PGP key C now reads message. B has no idea a request was even made. That can only be done if a) You don't verify messages over a different line of communication OR b) Your attacker has complete control over EVERY line of communication you have which for very sensitive information, you can assume the attacker does. which means: meet in person, as real persons are hard to fake
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
March 27, 2013, 12:44:22 PM |
|
https://www.readthenburn.com seems like a relatively ok option if you're dealing with someone that won't be bothered to learn how to use PGP. And who prevents the page from storing the message forever? Promise not to do so? I call it a trap! Set up such page, then wait for all sorts of secret and confidential information + IP addresses come in such as passwords and login data, links to child porn and so on.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
March 27, 2013, 04:49:35 PM |
|
https://www.readthenburn.com seems like a relatively ok option if you're dealing with someone that won't be bothered to learn how to use PGP. And who prevents the page from storing the message forever? Promise not to do so? I call it a trap! Set up such page, then wait for all sorts of secret and confidential information + IP addresses come in such as passwords and login data, links to child porn and so on. I am skeptical as well but they say that your message is encrypted client-side using a random 256 bit AES key stored in the URL and the cleartext message and secret key is never sent to them. Source code is available but I am still learning to analyse crypto primitives so I can't confidently say this is safe.
|
|
|
|
Rothgar
|
|
March 28, 2013, 01:34:06 AM |
|
Send the person a picture of a cat to use as a one time pad. Mail them a CD with the picture of the cat that you take yourself. Email the OTP encrypted file. I'm being a little silly this is probably overkill. LOL. What about just mailing a password (plaintext), and then emailing a .rar encrypted file? I don't know what OTP is or how a cat picture could be used as a pad, and yes, that might be overkill for my purposes anyway. In case you're interested. This is an encryption technique that is very secure as long as the pad is secret. Even if your picture of a cat was your pad and public I still feel that no one is going to XOR your message with that picture of a cat. http://en.wikipedia.org/wiki/One-time_pad
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 28, 2013, 08:37:56 AM |
|
Even if all your computers are so virus infested they're a biohazard, the chances of the SAME attacker having control over ALL of your communications lines are ridiculously low.
NSA, go look it up you don't know what it is. no one is talking about vira, you should really go read some more about basic cryptografi, as you cleary don't understand.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
johnniewalker
Legendary
Offline
Activity: 896
Merit: 1000
|
|
March 28, 2013, 09:53:33 AM |
|
whatever you do, NOT privnote
|
|
|
|
TECSHARE
In memoriam
Legendary
Offline
Activity: 3318
Merit: 1958
First Exclusion Ever
|
|
March 29, 2013, 09:36:27 AM |
|
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 29, 2013, 09:42:32 AM |
|
Even if all your computers are so virus infested they're a biohazard, the chances of the SAME attacker having control over ALL of your communications lines are ridiculously low.
NSA, go look it up you don't know what it is. no one is talking about vira, you should really go read some more about basic cryptografi, as you cleary don't understand. Yeah, because the NSA has people being paid to listen to your phone lines, read your email and IMs, and intercept and read your regular mail. if the information is sensitive enough, then Yeah! tap all the stuff. but the only hard thing to do here is the phone, the rest is text based and can easily be faked. the only impossible thing is pre-distributed public keys(gpg or similar), but that would require the two parties of the communication to meet at least once.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Richy_T
Legendary
Offline
Activity: 2436
Merit: 2121
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
March 29, 2013, 03:59:27 PM |
|
Yeah, because the NSA has people being paid to listen to your phone lines, read your email and IMs, and intercept and read your regular mail. I hear there's a thing called computers which can replace many people for a lot of repetitive tasks. Could be just a fad though.
|
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 29, 2013, 04:00:33 PM |
|
Even if all your computers are so virus infested they're a biohazard, the chances of the SAME attacker having control over ALL of your communications lines are ridiculously low.
NSA, go look it up you don't know what it is. no one is talking about vira, you should really go read some more about basic cryptografi, as you cleary don't understand. Yeah, because the NSA has people being paid to listen to your phone lines, read your email and IMs, and intercept and read your regular mail. if the information is sensitive enough, then Yeah! tap all the stuff. but the only hard thing to do here is the phone, the rest is text based and can easily be faked. the only impossible thing is pre-distributed public keys(gpg or similar), but that would require the two parties of the communication to meet at least once. Text based communication is not easily faked if you ask a question that very few people would know. simple example: Alice to Attacker: answer this question _, and i will believe you are bob. Attacker to Bob: answer this question _, and i will believe you are bob. Bob to Attacker: this is the answer to the question: _. Attacker to Alice: this is the answer to the question: _. Alice to Attacker: hello, bob! Attacker to Bob: kthxbye. and the Attacker and Alice continues the conversation. It is really that simple, and security would not be any better even with public-key cryptography(unless they where pre-distributed). now, please STFU and go learn some basic cryptography.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 29, 2013, 05:59:41 PM |
|
Even if all your computers are so virus infested they're a biohazard, the chances of the SAME attacker having control over ALL of your communications lines are ridiculously low.
NSA, go look it up you don't know what it is. no one is talking about vira, you should really go read some more about basic cryptografi, as you cleary don't understand. Yeah, because the NSA has people being paid to listen to your phone lines, read your email and IMs, and intercept and read your regular mail. if the information is sensitive enough, then Yeah! tap all the stuff. but the only hard thing to do here is the phone, the rest is text based and can easily be faked. the only impossible thing is pre-distributed public keys(gpg or similar), but that would require the two parties of the communication to meet at least once. Text based communication is not easily faked if you ask a question that very few people would know. simple example: Alice to Attacker: answer this question _, and i will believe you are bob. Attacker to Bob: answer this question _, and i will believe you are bob. Bob to Attacker: this is the answer to the question: _. Attacker to Alice: this is the answer to the question: _. Alice to Attacker: hello, bob! Attacker to Bob: kthxbye. and the Attacker and Alice continues the conversation. It is really that simple, and security would not be any better even with public-key cryptography(unless they where pre-distributed). now, please STFU and go learn some basic cryptography. Delay, idiot. I don't ask the question then go get something to eat. If it takes them too long, it becomes suspicious. have you heard about computers? (btw. you are ignored now, have a nice and ignorant life)
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
March 29, 2013, 06:53:53 PM |
|
the attacker in man in middle attack can also be passive observer. He is not required to modify the plaintext messages, just decrypt, store and resend encrypted with his own key. The security question will go trough as without MITM attack.
Now we are talking about authentication rather than encrypted channel security. They are different animals.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 30, 2013, 01:33:51 AM |
|
the attacker in man in middle attack can also be passive observer. He is not required to modify the plaintext messages, just decrypt, store and resend encrypted with his own key. The security question will go trough as without MITM attack.
Now we are talking about authentication rather than encrypted channel security. They are different animals.
they are different, but if you can't authenticate, encryption does not really matter.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
zedicus
Legendary
Offline
Activity: 966
Merit: 1004
CryptoTalk.Org - Get Paid for every Post!
|
|
March 30, 2013, 11:59:54 AM |
|
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/Can you hear me now? How about now? A lil louder .. Ok good.. Dad said to go ahead and give him a ... https://www.youtube.com/watch?v=w-tr0pVynJsThe look on his face at the end of the video is what happens after you send what ever youre thinking about sending! lolz The US said go ahead and send the dam 5 BTC just stop talking about it.. in fact they will give you 5 BTC just to stfu.. ( ok so i got jokes.. thought i would try to lighten the mood ) Cheers
|
|
|
|
|