Sign in / up

* Posts by uniXbomber

3 publicly visible posts • joined 20 Nov 2007

Choice breeds complexity for Linux desktop

uniXbomber
Gates Horns

collateral software

Users are more adaptable to changing environments than they use to be. The #1 complaint I hear, even from adults, is the lack of games for the linux environment. I happily point to the many quality games available in linux but todays games are all Massive-Multi-player-Online cyberworlds and these people want to connect to the same game that all their friends are in. They don't want to fight with an emulator and settle for a partially functioning game client. Some of these online worlds such as Secondlife and eve-online, to name a few, have answered the call and released native linux game clients, but more developers need to step up and support linux as a valid platform and not just a windows emulator. People what to hear that all the software that they want will run on linux, not that all the software they want has something similar in linux.

0 0

Hushmail warns users over law enforcement backdoor

uniXbomber
Boffin

@ A J

The original Hushmail setup was fairly secure, your browser downloaded the java client which did the encryption on your machine and sent only the encrypted message back. The loophole that is being exploited is that you are downloading the java app from them every time ... which makes you vulnerable to being filtered and served their *rogue* java app which sends back the key with the message. Its no different than catching any other password sniffing trojan from the web. The next step in this tit-for-tat security fuss will be an installed local client, which can be as simple as a local cache of the web page with the unmodified java app, or perhaps a proxy server that holds the secure app in cache and filters and replaces the rogue app. And yes, open-sourcing the client wouldn't hurt.

Hushmail will have to consider discontinuing its services which are proven to be exploitable if they are ever going to regain any credibility as a secure communication provider.

0 0
uniXbomber
Black Helicopters

limitations

E-mail will almost never be 'secure' because there are too many clients and servers involved. Even if your client is secure and your message body is encrypted so the email providers can't read it, whoever your sending it to is still a weak link and still has to be able to read it or what was the point in sending it.

The best you can do is encrypt your hard drive with an encryption package that securely destroys your key on log in and recreates it on logout. If the police bust in and seize your system without shutting it down properly the loss of the key is their fault and you have no key to give them. The down side is that you are at risk from every minor power outage. In which case I would advise generating our key off of a publicly available block of data ( like the .pak file from the shareware version of quake 1 ) so you can recreate it in case of emergency. Of course, then your stuck with lying to the police about not having a key to decrypt it, but your story will be more believable when they step-trace your system and see that the key does in fact get deleted on login.

In any case the use of rainbow tables and other new crypto-breaking techniques will make most forms of cryptography irrelevant in the near future. I am a crypto hobbiest, both designing and breaking codes for fun. I have a few ideas about how to improve cryptography, but if i said them out loud I'm sure I'd get arrested for treason or some other such idiocy.

0 0