No announcement yet.

Bruce Schneier – snake oil oozes across the Atlantic!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Bruce Schneier – snake oil oozes across the Atlantic!

    The Whitenoise Challenge That Black Hat Wouldn’t Take is two days away now!

    Mr. Schneier, Whitenoise and its resulting DIVA are finalists in the Global Security Challenge 2013 in London on September 12, 2013. So as the Whitenoise Challenge That Black Hat Wouldn’t Take, as well as our personal challenge, is going on so does a global international challenge and evaluation by experts of all stripes proceed. It is also up for a San Andreas Spiffy Award for the technology most likely to change the way we live at the Telecom Council of Silicon Valley at the renowned TC3 event in September as well.

    DIVA figured that today we might use a couple of the comments from the judges from the Global Security Challenge 2013 as a learning experience. It can be a challenge in its own right to communicate clearly.

    One judge –

    “If this idea works it will be a truly disruptive technology, as its claim represent the cryptographical holy grail. From the material on the web site I cannot judge whether the claims are true, but much seems to hinge on the strength of White Noise, which is a stream cipher which seems to require a secret key (albeit one generated from a sequence of subkeys). Whilst it is true that XORing with a given random key will encrypt and doing it again will decrypt (idempotency), such ciphers are susceptible to a know plaintext attack, and of course the key (or its generating subkeys) have to be transmitted to the recipient. It would be good to hear more about how White Noise, DIVA and DDKI.”

    In line with the contest, obviously it is important that Whitenoise is strong enough to resist attacks. That is what we are proving with this contest (in addition to all the testing done ad nauseum with universities, NRC of Canada, CSE, CSIS, and US counterparts.)

    It is used for DIVA (go read it is all there) and DDKI which are dynamic distributed key systems. The pre-authenticated keys are distributed one time –much like how you got your drivers license – in what is called Level 4 Identity Proofing and results in the binding of digital keys to organic identity. This is the same net result when people buy or are given devices with enabled chipsets.

    The can also be distributed electronically. Use SSL if you want even though that is readily broken:
    And from our friends at Black Hat on a black hat conference note:

    breaking https in 30 seconds~ (sounds like a movie title)

    A key cannot be stolen and used without detection in electronic, one time, key distribution. Using the good parts of existing public, asymmetric network topologies creates what we dub a “two-channel, multi-factor” authentication scheme. For you hackers out there, that means you would have to break both a sysmmetric and asymmetric key simultaneously, and for each and every dynamic key change (because of offset management.)

    “There is reference made to DIVA enabled chipsets and DIVA available through Norton downloads. It would be helpful to have clarification if you need both or if either mechanism allows for installing this capability on a computer system. With regard to the reference of DIVA enabled chipsets, what does that specifically mean? What is the process that one needs to go through?”

    Manufactures can simply swap out chip sets in their next manufacturing cycle to chips enabled with a unique Whitenoise key and DIVA. This is the same thing that the University of Victoria, Canada studied for two years on an FPGA chip in a study funded by the National Research Council of Canada.

    Keys can also be securely provisioned, either to an acceptable chipset, or to other storage areas on a communication enabled device. In either context, the capacity is then enable with online enrollment, authentication and activation of the key or service related to a key. A key cannot be stolen without detection.

    I would go to > Technology > You Tube Learning to see and learn more about how Whitenoise keys are made and how they lead to Dynamic Identity Verification and Authentication (DIVA – that’s me!) and Dynamic Distributed Key Infrastructures DDKI.


    Tomorrow the Bruce Schneier [BS] Challenge Clock goes live for the Whitenoise Challenge That Black Hat Would Not Take and the day after is SHOW TIME!