Hey this is my first post. I was gonna start a thread about this but I can't til 20 replies. The only way to subvert police surveillance is by using
military grade encryption. That means one time pads.
Here's an article I wrote and crossposted to reddit. I haven't seen enough of this being talked about on the net. And if any of you would like to
make a new thread to discuss this please c/p and do so as I'm a new member.
One Time Pad Generation, Relays, Rootkits and Chip Security
This may be out of the bounds of most reader's needs, but if you're prepared in other ways perhaps its time to consider upgrading your security /
communications. It's shocking how poorly documented high level cryptography can be. If you're trying to get a massive RSA key past 4096 bits, look
out, because most RSA software won't generate a key past around 64000 bits, let alone the megabytes you need to ensure security these days with that
1024 RSA has been broken by a few hundred computers in on the order of hours. 4096 RSA we can presume to be currently open to the government. What's
worse, because RSA is vulnerable to quantum factoring, unlike other algorithms it will be completely destroyed should someone break the quantum
computing puzzle (and you can bet the govt will be first.)
Instead of searching for another symmetric key algorithm that factors in square polynomial time to future quantum computers, go straight for the very
best, random One Time Pads. Around WW2 (although the development of these thoughts certainly preceded this,) the Allies switched from using numbers
generated from lottery balls to quantum random number generators based on Michaelson-Morrelly interferometers. Because of the many weaknesses in Axis
selection of random numbers, and errors in re-transmissions or re-use of codes; OTP successes / failures lead to enormous tactical advantages in the
Classical random number generators are NOT sufficient. Most hardware RNG's you can buy on the internet today will claim to be completely quantum in
nature. This is a lie. Independent tests of cheap hardware RNG's confirm their classical, vulnerable nature. You will need to spend between
$500-$2000 to get a proper MegaByte per sec RNG based on quantum interference or other quantum noise effects. Do not buy cheap $100 RNG's. They will
not work properly. Also, if you are so technically inclined it is much more affordable to build and calibrate your own interferometer. Very simple for
those who are familiar with the equipment.
Additonal software is necessary to distill and hash the raw RNG data. Linux [I use Debian but most security nuts rave about OpenBSD] provides all this
free and there is probably Windows software which also fulfills this purpose but running Windows almost defeats any security advantage OTP tech has to
If this was all there was to it, security would be a hassle, but doable. Unfortunately your chip is not secure. Intel recently admitted they are
remote rootkitting all chips for supposed "DRM" purposes. (Digital rights management, anti-piracy.) These rootkits are hardware based, and cannot be
defeated thru software alone. In fact, there is very legitimate speculation on many security forums that these / or variants of these types of
rootkits have existed since the 80's or 90's in Intel / AMD---although I won't go into that now. What's important is that Sun Microsystems has an
openly published chipset called OpenSPARC. IMO this is the current safest bet in terms of avoiding rootkits. It's still possible that OpenSPARC has a
security flaw, but the opensource community can catch it. Certainly better than Intel; who admit they just straight up rootkit it from the start
You'd be shocked how easy it is to create a rootkit. I've read posts on security forums that indicate how hiding these devices in plain sight
doesn't necessarily alert anyone. For instance, one weakness in a (nonSPARC) chip was based on the fact that two circuits were manufactured in such a
way as to have an effect on eachother that wasn't documented in the hardware's guide. This effect was enough for a bleedthru signal which leaks info
about unciphered I/O processes. By creating a bridge from secure memory space to insecure memory space you gut the system like a fish to any unauth'd
Of course all hardware vendors are aware of these problems. But they don't care. Not enough to prevent them anyways. The bottom line $$$ is always
most important and security is a distant threat that barely affects their designs (except to conform to a minimal standard.) Which means there's no
reason to expect that OpenSPARC hasn't accidently compromised their hardware thru legacy chip design or simple oversight. (VERY hard to rule out a
rootkit in millionpage+ designs). This doesn't even count the possibility of government colluding with chip manufacturers to root every available
Also there's a new boogey man I never knew existed before I started browsing for this info. Let's say you're a hostile govt agency bent on Total
Information Awareness (that used to be a program name). If you truly had total hidden root access on a computer, it would be trivially easy to monitor
for random signals. I.E. to scan covertly for ANY sign of random data. Then; when the chip is I/O processing the XOR of one time pad + data; your
rootkit introduces a slight error. You could make it look just as random - but with hidden flaws introduced. (This part is mathematically above me but
I know such schemes are possible based on others writings.) Then all one time pad comm is compromised on the system.
There are ways of defeating even this type of abominable rootkit; but it basically involves auditing and barebone scraping HD drivers, assembling a
custom XOR OTP circuit from a barebone integrated circuit, and using a physical firewall to transfer data onto a network.. absurd really. And beyond
the capabilites of almost anyone. Which is why our govts spying program works so well!
Also. What do you DO once you've generated OTP info? Well there are countless free programs out there that will cipher/decrypt your plaintext
messages. Combine with email and you're set. However, if you're a bit more technically sophisticated there are several attempts to implement OTP
over SSH. Here www.maurits.vdschee.nl...
is one such attempt. [Script at bottom of page] I warn you to heed the authors warning though, that
software is unfinished and not entirely secure; but it beats the alternative of using RSA to crypt your SSH.
Also, don't think that just because you're routing info thru SSH / VPN's / other countries that you're safe. Every connection you make is logged
in such a way that reconstructing the path of your packets is trivially easy (for our government.) In times like these where privacy rights are
nonexistent, massive warrantless domestic spy programs are running rampant, and countless beaurocratic individuals are being allowed access in an
unregulated, unmonitored fashion to other's private information a little precaution is warranted. (Look at all the abuse going on with the FBI's
PATRIOT shenanigans - monitoring ex girlfriend's phone lines, etc.; tens of thousands of requests for info all being rubberstamped, and imagine how
much worse it could get soon.)
If you were so inclined to really escape your signal being tracked, the easiest options are HAM OTP relays [i.e. two or more computers in different
parts of world connected by IP packet over radio with OTP ciphers, with the end relay node broadcasting to the net **NOTE this is illegal without an
FCC license] Or cell phone / short dist radio relays. [i.e. drop a cell phone in the woods with a solar charger and patch into it from miles away via
tightbeam.] Any voice capable cell phone can be turned into a dataline. Even the cheap TracFone's can be hacked to turn into a 2.5 KBps data line
where lowest service level is available. (Google for more info on specific phone models.) Or a link to an open wifi could be established. (This is
illegal in some states without permission.)
On top of that layer; or alternatively without an end relay for those who can't afford - you should be purchasing access (or at least getting several
free proxy servers from the endless lists online) to servers in multiple countries and routing your exit thru them with VPN / SSH software.
We can't all be James Bond accessing our email. But OTP / secure chips / secure relays can provide a level of security unparalleled by current
-written by Marat ----in honor of "The People's Hero" Jean Paul Marat www.amazon.com...