Bits of the Swiss gov't have a 'flexible attitude' to doing the right thing and other bits have an even more flexible attitude to finding out
Swiss politicians only found out last year that cipher machine company Crypto AG was (quite literally) owned by the US and Germany during the Cold War, a striking report from its parliament has revealed. The company, which supplied high-grade encryption machines to governments and corporations around the world, was in fact …
within your community, because nobody likes those drivers from Aargau, the arrogant French-speaking bits (assuming you are not part of it), the inflexible German speaking bits (If you are not part of it), the neighboring Kanton, the rich Zürich bankers, the foreigners (especially the Germans if you live near that border, or the Italians if you live near that border) ... you get the idea.
Still, the brother you hate is better than the brother across the border, who threatens your strategic cheese supplies. That does explain 500 years of peace and democracy nicely, doesn't it?
You have a typo.
Wikipedia page "Women's Suffrage in Switzerland" gives a date of 1st Feb 1971 for when women got the vote in federal elections. The last canton to give women the vote on local matters did so in 1990.
"A previous referendum on women's suffrage was held on 1 February 1959 and was rejected by the majority (67%) of Switzerland's men."
I thought they were hewn from the living steel / gold / whatever one atom at a time by Norns whose sole joy is to think of the profit they make from mugs like me (Breitling chronometre , electronic, accurate to within 15 seconds per year, steel bracelet, battery replacement a snip at £150.00 every three years). It definitely says SWISS MADE on the dial.
"If the legal framework allowed the American intelligence service and foreign intelligence services to jointly use a company to seek information on foreigners, such collaboration had a great political significance, then we are very happy that the American political leaders were not informed."
I don't think that this is any surprise, regardless of which political party you may support, the intelligence services normally do their work for the country, not politicians. The political leaders are only updated when the services think that it's necessary.
here's a poser: was it because the spooks wanted to give their paymasters time to sort out their finances, or was it because they wanted to gather "kompromat" on them? There's this third option, i.e. nobody's above the law, but... well, the third option is generally for little people, plebs and such...
I somehow doubt that if they knew the machines were compromised that they would allow their government to use them. I think the Russians and the Chinese avoided them anyway because they were suspicious anyway.
"I think the Russians and the Chinese avoided them anyway because they were suspicious anyway."
Pretty much this. On the other hand the British and CIA heavily pushed these things on their "allies"
HINT: if someone's really keen for you to use something, there's usually an ulterior motive.
This just shows that intelligence agencies are out of control. Maybe they even inform or ask permission from the government for this compromise.
I'm sorry, but someone will have to endure a mock execution for this. Hang them for ten seconds and if they survive they'll be cut down. If they don't, well bad luck.
Just like you can't be a little bit pregnant, if the crypto is weakened then you have to assume your communications are no longer secure
I think this boolean interpretation of crypto security is a little bit overdone. In practice, if the crypto is sufficiently hard to decrypt that other methods to obtain the same information are much simpler, then it is not useful to look deeper.
It's not exactly boolean, but there's a thin fragile line between very secure and very insecure, and a small 'in' can easily take you over that line without anyone else realising.
Most of the other methods you're probably thinking of would be disfavoured by intelligence agencies because they're significantly less covert than subverting crypto, which in this case was done while there were little more than rumours about it for ~60 years.
The other methods also become simpler if your adversary sleeps easy wrongly believing their crypto is keeping them safe.
" if the crypto is sufficiently hard to decrypt that other methods to obtain the same information are much simpler, then it is not useful to look deeper."
As long as the source is the same. A big component of intelligence is knowing where the information comes from. If decryption means you are getting it directly, that's a big thing.
.....have been using private ciphers to protect messaging BEFORE OUR MESSAGES enter any public channel.
How hard is it to understand that with this approach, IT DOES NOT MATTER IF THE SPOOKS ARE USING BACKDOORS? Cisco, Jupiter, Crypto AG.......NSA, GCHQ, Russian spooks, Chinese spooks.....eat your hearts out.
And the proliferation of private ciphers is just making the job of "government spook" harder with every new private cipher in use.
I know, I know......private ciphers are known to be "very weak". So what?
... I was a part of a development team who were building (at a colossal cost) a SATCOM network for customer who I had better not name. Since they were not a part of NATO they had no access to UK/US military-grade cryptos, so elected to use high-grade crypto devices from CryptoAG. I am now wondering just what they are thinking now knowing that their supposedly secure network is an open book to both the CIA and BUD - bet they are definitely not happy bunnies at the moment.
Your former employer must be world class idiots if they were gullible enough to believe the sales brochures and marketroids that said these devices were secure.
Even if the CryptoAG kit hadn't been nobbled, the sensible approach would be to assume the major sigint players could crack the cyphertext and not use these devices for the really important stuff.
Besides, many countries don't care if Russia, USA. China, etc can break their day-to-day crypto. They assume that happens and just suck it up. What matters to them is their neighbours/regional rivals can't read their encrypted traffic. The weakened CryptoAG hardware is likely to be good enough to pass that test.
I knew spooks from my own country who privately said they suspected their encrypted comms were bugged by the americans and layered their own crypto over the top (including one time pads - which are still hard to breach)
The problem with using crypto is that unless you use high level crypto for EVERYTHING (including the laundry list), then everything encrypted is obviously a high value target woorthy of expending effort to obtain
when used properly, one-time pads are impossible to break.
using high-level crypto for EVERYTHING is very, very stupid - especially for low-grade dreck like a laundry list because stuff like that makes known plaintext attacks easier. it also increases the probability of a fuck-up with key management and bad/sloppy crypto practices like sending the same message with different keys or algorithms. more messages - more mistakes.
needlessly increasing the volume of cyphertext is asking for trouble. it provides more opportunities for traffic analysis and known plaintext attacks. that's made much worse because it'll be far more likely the cypher clerks get lazy or complacent and do something which exposes the key(s). or they put all the plaintext in the bin - where it can get 'recycled' - instead of making sure the really secret stuff gets separated out and burned.
encrypt your laundry list if you really must but don't use the same crypto as you'd use for the really secret stuff.
Not using one-time-pads. Unless they were foolish enough to use one page per day and then start over from the beginning after the last page, at which point they would have converted their one-time-pad into a book cipher. If you have a endless supply of one-time pads, it would not defeat the crypto to send copies of phone books, War and Peace, Beowulf, or other long texts just to break your opponents' will to live.
An issue is whether the eavesdropper can tell the difference between a message enciphered using high or lower grade cryptography. If not then the attacker has to decide whether their inability to read the message is due to their failure to crack the weaker encryption, or that high grade encryption was used.
BTW, some people's laundry list IS the really (Victoria's) secret stuff. ;o)
Oh, and just because a crypto algorithm is 'in house' does not mean it is insecure. There are a lot of mathematicians out there who are quite competent to design their own EC or RSA type bespoke implementations, and I dare say that new algorithms could be found that are also quite or even highly secure.
One-time pads are easy, so why not roll your own? I would expect that any self-respecting bad actor (i.e., all those secret services out there), figured this one out quite a while ago. a memory stick (cd, floppy, ...) can hold a decent amount of randomness to sprinkle across your data.
Do not roll your own random number generator for one-time pads, etc., etc.
I agree, commercially available books are much easier and if you keep the title and print version secret, it is nearly impossible to break. I personally am quite partial to The Key to Rebecca (but I am not going to tell you which translation).
Well.....that advice depends on just how long the message needs to remain secret. It's good advice if you want the message to be secret for years.
But if a few weeks is enough, poor encryption MIGHT BE GOOD ENOUGH!
Oh......I don't think Thomas Beale was worried about randomness....and two of his three messages are still secret after more than a centuty!
Working in the field of spectroscopy, I have harddisks full of randomness. It's called quantum noise and it is part of any particle detection experiment. For home use, you could rig up a Geiger counter to give you very decent randomness.
If you want maximum entropy you might want to compare particle pair distances for each bit of entropy: (time_p2 - time_p1) > (time_p4 - time_p3) ? 1 : 0. That should remove digitization artefacts (e.g., from detector dead-time, non-normal distribution of your source, ...).
It's refreshing to see an article of this sort where the "why didn't they just roll their own--it's easy!" comment(s) appear to be missing. So: it's time for the second great fallacy of crypto: one-time pads fix everything.
It is true that perfect one-time pads are cryptographically unbreakable. The weakness of a one-time pad system is not in the keys, but in the key distribution. You see, the key itself is a type of message, and you need to get that message to both ends of a conversation you want to have. Now, in order to securely transmit a message between two parties, you just.....encrypt... Nope, you cannot use encryption. For the purposes of these discussions, the key is itself a plaintext message which has to be transmitted somehow.
Certainly, if your 64Gb of random noise gets picked up by a TLA, they don't know how those bits are being interpreted. They still have to understand the underlying crypto system that is going to convert those bits into a key. But again, that it true for ANY crypto system. We have to assume that this is known.
I am certainly not suggesting that one-time pads are useless. But they are not practical for many, many use cases.
I will keep banging on this. If you are not capable of defending yourself in an extended conflict against a determined foe, you are not sovereign. You must be capable of manufacturing your own food, guns, and bullets. You must be capable of maintaining the secrecy of your own communications. People who talk about leaving the US because of diminishing freedoms don't understand that the bulk of the places on the planet are only independent because the big boys cannot be bothers to roll them up.
It is not cheap. It is expensive. But anything less means that you are "independent" on the good graces of your superiors.
All you read here is based on the CIA Minerva Report about the Thesaurus/Rubicon. We from Cryptomuseum were invited to read this report, and to make notes out of it. (but *not* to have it). Read our story here:
And about the relevant media involved, see here:
Our special thanks to out to Peter Müller and Huub Jaspers to get us involved to explain the media about all the technical aspects of this affair.
Hopefully this will be a good read for you, and excuse us for burning a couple of hours away of your time ;-)
Marc & Paul, Cryptomuseum
This post has been deleted by its author