Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Damn that's gloomy! And there must me something in between this and that:

On the day the world ends
A bee circles a clover,
A Fisherman mends a glimmering net.
Happy porpoises jump in the sea,
By the rainspout young sparrows are playing
And the snake is gold-skinned as it it should always be.

On the day the world ends
Women walk through fields under their umbrellas
A drunkard grows sleepy at the edge of a lawn,
Vegetable peddlers shout in the street
And a yellow-sailed boat comes nearer the island,
The voice of a violin lasts in the air
And leads into a starry night.

And those who expected lightning and thunder
Are disappointed.
And those who expected signs and archangels' trumps
Do not believe it is happening now.
As long as the sun and the moon are above,
As long as the bumblebee visits a rose
As long as rosy infants are born
No one believes it is happening now.

Only a white-haired old man, who would be a prophet,
Yet is not a prophet, for he's much too busy,
Repeats while he binds his tomatoes:
No other end of the world there will be,
No other end of the world there will be.

Czeslaw Milosz

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

That was pretty much my thoughts as well. No TLA is interested in the general chatter of what goes on. But if you are one of those that they are interested in, I doubt there is much that could be done to prevent them from getting the information.

As for the return swing of the pendulum, I don't think it's on it's way back. I have a feeling it's going to keep it's current direction, but we just won't hear about it.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Your as safe and savvy as you want to be now, and as safe and savvy afterward when you realize you've done the right thing... wash, rinse, repeat.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

I can't take it. I tried duct tape on my fingers, I tried extra coffee (mmmm, coffee good). I give up. Seriously, if you're just looking for a secure enough, trustworthy enough, mechanism to send messages, there are plenty already out there. As our good friend Erehwon has already mentioned, reinventing the wheel is bad. Cryptography is *hard*. Seriously. If you think you have some magic answer, you don't know enough, and you haven't read enough.

For those crazy folk who think the NSA/NRO/DIA/DISA/CIA/FBI/DHS/SMG etc etc etc *care* *at* *all* about what you are doing, you're wrong. They don't. You are just not that interesting. Is there anyone on this forum that those folk might be interested in? Sure, maybe. I could even hazard a guess as to who they were, and why (but I won't). For every conspiracy crazy out there that thinks the NSA is paying attention to them, there's someone in one of the TLA's that just doesn't care. Seriously.

I'm certainly not saying that they (the FedGov) haven't far overstepped their bounds in the past few, but the pendulum is about to swing back (it's one of those danged physics things, pendulums). I'm just saying that you should all let common sense prevail. Smart people have worked on these problems, and there are good solutions out there, including PGP (my personal favorite), TOR, SILC (not common, but very nice), and so on.

Remember what Barbie says: "Math is hard."

I really need more coffee...

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Just a clarification, when you say "VPN encryption keys" do you mean the pre-shared secret keys, or do you mean the public key of the vpn device and the secret key of the user?

The reason I ask is the pre-shared keys can be written down, told over the phone, the closing price of gold every day until the max key length is reached, etc. Also you can disable IKE/IKEv2 certificate and key management thus reducing your attack surface.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Use two different encryption algorithims with two different keys and bit levels. Then figure out a small .exe that speeds up the process at both ends.

Worried about NSA? Worry about your ISP and browser choices and settings first. What are you leaking locally? Your ISP is the first challenge, not the NSA who has your ISP by the balls anyway.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

If you're aggravated with with the NSA, you should really be fuming over the whole worldwide signals intelligence community. The NSA has the biggest "Friends and Family" plans around, if NSA isn't listening in, there is always the Canadian CSE, United Kingdom's GCHQ, DSD from Australia, and New Zealand's GCSB. Not knowing where you're from, there's entirely a good chance that unless you personally coded your OS, that it might be leaking information about you to one of the above mentioned agencies.

Know that NSA is the largest single employer of mathematicians in the U.S. (and very likely the world)

Mind you since they only have so many analysts, its a mind boggling exercise to figure out the real signal from the all the noise.

As far as starting a tunneling service from scratch, your best bet isn't to reinvent the wheel, but build on some existing technology, mess around with Tor, its the best example of what I like to call "Not ready for prime time" software, but doing a considerably better job than any of the other existing anonymity networks out there.


Just because you can't see them, doesn't mean they aren't there, for all you know there might be a RC-12 loitering around your neighborhood on a joint training operation...

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

PKI is not subject to man in the middle attacks in the way I think you are looking at it. Yes, it uses public keys but even if I have your public key, I don't have your private key, as that SHOULD NEVER be transmitted over the network and the private key is used to encrypte and decrypt. So while I may have both user's public keys, encryption and decryption requires the private key as well. For example. You and I share public keys. I use my private key and your public key to encrypt and email and send to you. You use my public key and your private key to decryption. Public keys are just that, public. They are shared on public servers which any one can access but without the private keys to do the encryption and decryption they are essentially useless.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Some interesting points.

To clarify, I am not so much "concerned" with the NSA as I am aggravated with the way they have taken their power to listen in on anyone and made a machine to listen in on everyone. My method of protest is to do my best to bypass their filters and obfuscate my communications as much as possible. I was thinking about starting a little tunnelling service for political dissidents, conspiracy theorists, investigative journalists and the generally paranoid.

Why not use PKI? (my understinding is) PKI involves both ends sharing public keys, and depends on the cypher to secure data. When keys are shared in secret, there is no possibility for the cypher to be cracked because the man in the middle has no keys at all. It would be nicer to not have to worry about when some mathematician will make a formula to crack your encryption and all your old communications will be readable. I also have a "build it for the hundred year storm" mentality.

I looked at Aladdin hasp. It's no good when the company has a chart of serial numbers matched with passwords. On Aladdin's website they said it was more secure because the keys which you write the passwords to, people can also read them out. Hmmmm.
Then I got to wondering whether I could reburn the ROM so the serial number read 0000000. Then there would be nothing to look up. What would be the greatest would be some Aladdin dongles which haven't been programmed yet. No serial No password. I like the idea of taking big brother tools and using them for freedom.

"NSA black helicopter and van outside your place right now." -- Thanks for a good laugh. Just to let you know, I listen to The Alex Jones Show. The helicopters and vans have left long ago presumably due to boredom ;)
BTW: What do you guys think of The Alex Jones Show? You must have some good info, what's it all about, I still can't figure it out.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

I'd protest this as a "tinfoil hat" post heading for dev/nul, but then I'm too paranoid to protest. Now what'd I do with those damn wheat pennies?

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

...or handled a Penny, cause if you did, they have your DNA, that's the only reason they keep them in circulation.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Especially if you file a tax return, or have a mail box close by.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

IMO, if you're concerned about the NSA, then you have bigger issues than what encryption to use.

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

Or you could do it old school and either make up your own cipher, or use one of the traditional ciphers and send it via snail mail. Then you can communicate via electronic mail with your key.

But honestly PGP seems secure enough to me.

xor

Re: Using copy protection dongles to distribute vpn encryption keys by mail?

My only experience with dongles are of the parallel port variety used for anti-software piracy. Man those things were a pain in the butt.

If you are concerned about the NSA you need to do the following to exchange your first key:

Meet in person, in a sound proof Faraday cage and exchange keys.

xor