Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms …
That's how the plods can beat a one-time pad. If they intercept such a message they can mess it up, breaking the synchronization. That's also how they can beat stego: by mangling any of the images and videos sent over the wires. Once the synchronization is broken (and synchronization is essential to a one-time pad), they lose their ability to communicate, and that can be good enough for them.
Then it's no longer a one-time pad. Plus it still doesn't help if a message gets garbled along the way as ALL the bits can get scrambled, INCLUDING the first ten or whatever. Put it this way. The effectiveness of a one-time pad is dependent on a reliable means of communication: open or not. A distorted message is useless in this scheme.
You can USE the distortion itself as a messaging schema!
The amount and position of image distortion, destruction or change IN ITSELF is a piece of information that can be related to a given pre-determined code and/or phrase. And if the distortion or change is applied randomly, you can create BOUNDARIES that infer that ANY changes or distrotions that fall within a specific range of change values and/or distortion value is an acceptable representation of a given code.
This allows for Steganography that is resistant to randomized bit flipping or bit-swapping or otehr randomized distortions because the 3rd party distortions and changes IN-THEMSELVES are a means of data exchange! Basically you are using a 3rd party's IT weapons against themselves!
.
This post has been deleted by its author
you've only to combine it with rot-13 to make the code nigh on unbreakable as you'd have to analyse the output from *every* book to end up with something you could then try and parse as 'normal text'. Other options are available (such as using a book you wrote yourself, or adding an abitrary number to the book refenece numbers etc.)
In A Perfect Spy, Magnus communicates with the Czechs via an old edition of Simplicissimus. There are many, many books in print which are not going to be in any library accessible by a given state. At one company I worked for we had a code book which was a particular edition of an obscure German -English dictionary. Doubtless crackable, but not with a level of effort which would justify a competitor finding out the book to bill, scrap rates and quality levels for the previous month.
Too much processing - and it assumes you know how their book code is operating (lots of variants in how you give the reference to the particular word - just using an arbitrary (number "wrap around" logic instead of actual page) agreed between the communicators chucks a huge spanner in the works).
Or there's (as alluded to earlier by FT reference) conspirators use a rotating series of freshly published magazines / newspapers instead of a "static" publication.
Book codes are still good (even more so if codes are "hiding in plain sight" via stego methods and so may easily not be spotted)
Frankly if I was a major crook, terrorist etc. i would not be using mainstream "apps" to communicate anything sensitive - back-dooring popular apps would only get the low hanging fruit, not the really dangerous communications.
This post has been deleted by its author
"What's to stop the US from moling all the other stuff and making them useless as well."
Contrary to common US opinion they don't rule the world. The only effect would be to make the products of US-owned corporations unsaleable elsewhere. As I keep saying, if US politicians achieve what they keep aiming for their tech industry will relocate itself wherever there's a tech-friendly government* leaving local franchises to sell broken products to the US market.
*Yes, there would be such things. In fact there'd be strong competition in this field just as there is in tax at present. The rewards would be huge.
But high barriers of entry AND no guarantee they aren't moled, either.
"Contrary to common US opinion they don't rule the world."
Or that's what they WANT you to believe when they're actually pulling a Rothschild and simply controlling things from BEHIND the scenes.
Simple and will cost the government a small fortune. If the government approved encryption is hacked, your bank account cleaned out (or other injury in the legal sense caused), the government is responsible for costs and penalties.
Wait... the government won't agree and won't pay. F*** it. Just say no to Barr's plans.
Stop thinking about it as government money. It is tax payers' money.
If Barr wants warrant breakable encryption he can hire people to code it with his own money. I will even let him accept (taxable) donations for his cause. He can then demonstrate its security by using it for all his bank accounts and business transactions. He can make the entire security community eat crow by demonstrating secure warrant breakable encryption is possible.
The truly rich don't put their real money in bank accounts. They hold it in real estate and other appreciable tangible assets that also are harder to tax as long as they're simply held and not traded (most taxes on assets hit upon sale, not while holding--it's part of the Tax Planning 101 strategy).
No, it just doesn't make sense to pull off. Value is relative, and smaller governments have a hard enough time assessing real estate taxes without getting disputes and court cases. Plus they can employ degrees of separation (such as trust funds) to put some distance between their assets and the tax man. As a last resort, they can always target the tax agencies themselves.
Just watch other countries not give a dam about what happens in the U.S. This stupid ignorant people are just about to ruin current dominance of U.S Technical companies and that means competition is going to appear rapidly and it's going to be encrypted*.
* Unless you happen to live in the following countries.
- Any country with a dictator.
"Just watch other countries not give a dam about what happens in the U.S."
Unfortunately this isn't true. Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon. All governments would love to know everything about anyone, just in case they might need it. It's all about power, and there are a lot of utterly frustrated closet dictators out there...
Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon.
It will take exactly ONE mass hack to disabuse them of that notion (and they had that already, WannaCry and Stuxnet were prime examples of what will happen when the backdoor becomes an open door). The problem with everyone using COTS is that they will inflict this problem on themselves too or face FAR greater costs to keep things safe. Given that they can't even manage with current, almost safe facilities because their core vendor isn't exactly known for having a clue they then might as well publish everything they do, accidentally promoting the sort of transparent governance they have been desperate to avoid so far.
Hmm, now THERE is a benefit: maybe we ought to ban strong encryption in government alone.
> It will take exactly ONE mass hack to disabuse them of that notion
Why? It will be "collateral damage". An "unfortunate incident", and that's all.
You have this strange notion that peoples' wishes and decisions have something to do with logic and causality. Thousands of years of human history have proven that it isn't true, and people rarely chose the sensible solution. They chose the solution which, at that moment, seems to warrant the biggest release of endorphin.
Mummy is grumpy that she can't read your secret diary anymore boys and girls. Surely you want mummy to know how many times a day you're pooping and whether you're a scruncher or a folder and whether you like mummy or not. You selflish little brats. How dare you hide things from her.
"... And all you American fools believe that China is the enemy when it is your own government. ..."
---
AND THAT is why we have our friends Smith & Wesson, Remington, Colt, Armalite, Glock, and H&K to GUARANTEE that any government official STUPID ENOUGH to try this stunt gets a nice whack to the head applied by said friends! We can ASSURE YOU THEY WILL NOT be trying that stunt again!
I can ALSO ASSURE YOU there are MORE THAN ENOUGH OF US to ensure such antics are PUT DOWN with extreme prejudice!
.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
