OpenBSD and the FBI

Mon Dec 20 18:39:18 MST 2010

Okay I have been pondering on most of this thread the past few days.

Then going back and reading the news reports and other URLS that were provided.

On the encryption side, let's make enemies now. Truecrypt is a PITA
and very, very, very easily can damage encrypted data with the design
of their open and plausible denialbility containers. The best
mathematics teachers I had didn't obfuscate what the principles,
concepts and abstractions of mathematics were. The presented it in a
very simple manner of fact which actually lit a fire to want to learn
more. I believe through my own personal tests/use that obfuscates
encryption to the point that one wrong move and you lose the kitty.

Now, for the second topic. Yes, I see a gross misunderstanding about
pass phrases -- and entropy they need to create. Some of this is
caused by developers themselves not allowing enough freedom of
characters to be used in their programs. I had a key for example that
was close to 300bits of entropy for a website. Firefox and Chromium
were just about brought to their knees, much less my DSL connection
having a cow or shutting down. Multiple that in your cache times just
a measly 5-10 tabs and down comes your box. LOL. The "iron key" type
usb keys that have buttons on them and AES encryption with salts plus
add a time lock of some sort are sufficient for light weight travel.
For a full on server or desktop experience it just doesn't work. I
found a few applications that help increase entropy at a daemon level
but are random enough to provide /dev/random the entropy it needs. One
app is actually user and peripheral level exempt which would be great
for headless servers it is called haveged. The other application which
I did not try because I was looking for the type I first mentioned
actually works on the noise of your sound card -- this idea was from
whoever mentioned about tv cards. This application is called
randomsound and is also a daemon. For example my:

sudo cat /proc/sys/kernel/random/entropy_avail levels were < 60 when I
did a pre-install check. Now my entropy_avail levels jump from 133 to
4000 every poll I make with the command above. You can see how if you
are using encryption this will make for faster and stronger key
enc/dec., and maybe someone can clarify but it would enable stronger
and more secure connections of all sorts with any encryption.

I was intrigued though by Ms. Lisa's "challenge" so to say that no
matter what OS anyone is using pwn'g someones box is possible and or
getting contents remotely from someones hard drives thorough their
browsers is quite easily established. I would like some clarification
if you not mind please.  I know about Java and Java Script issues from
TOR use. Flash and Active X don't do any better at leaking "private"
data. I use the word private laughing all the way to the bank. This
country has never had privacy. If you have ever done any sort of
family trees or genealogy you understand what I am saying. Perception
is reality. What has changed is technology, how fast it can spread and
amount of data in the smallest state possible that is available.

-- 
gk