Likewise
Don't trust the US on 'no hack' pact.
In fact, don't trust, full stop.
Posts by codefu
8 publicly visible posts • joined 23 Sep 2011
Former FBI spy hunter: Don’t trust China on ‘no hack’ pact
Row over GCHQ-built voice algo MIKEY SAKKE rumbles on
Four ways the Guardian could have protected Snowden – by THE NSA
Thursday 22nd August 2013 12:17 GMT 
We need Plausible Deniability (i.e. What No TrueCrypt?)
Mostly good points but you should/can also throw TrueCrypt into the mix.
Apart allowing creation of a standard password based encrypted volume, one unique feature in TrueCrypt is the support for "Plausible Deniability". This is an encrypted volume with two passwords. One password provides access to the standard outer volume, and the other will decrypt a hidden volume inside the outer volume. Thus the user, if demanded his password under RIPA to decrypt the data, he simply gives up his outer volume password. By examining the encrypted data alone, even after decryption with the outer volume password, there should be no way for anyone to prove a hidden volume exists - hence he can plausibly deny existence of anything the authorities might be after.
This is not to say it's completely foolproof as it could still be compromised under certain circumstances.
GoPro accused of using DMCA to take down product review
Thursday 21st March 2013 16:04 GMT 
Regardless of copyright / trademark laws etc...
I wholeheartedly agree with the last paragraph
"By choosing to go the DMCA route, rather than just picking up a telephone and asking DigitalRev nicely, the company may have shot itself in the foot..."
And I hope most readers do too... otherwise cilvilisation is doomed and terminator lawyers will rule the world.
Prepare for 'post-crypto world', warns godfather of encryption
Friday 1st March 2013 16:05 GMT 
Agree with Diffie
Surely the persistence of malware, if anything, should mean encryption is ever MORE important?
As ever, the problem with encryption is key management. But technologies to solve this problem (at least partially) are already widely available in the form of TPM, smart cards and ARM TrustZone. They're just not well integrated into OS platforms.
For TPM naysayers, yes it *could* be abused by industry to restrict access, creativity and openness, but that doesn't mean the technology itself is "evil", anymore than knives are just because they could be used for murder. Ultimately, if used sensibly, hardware protection is an excellent way of mitigating against software attacks.
Friday 1st March 2013 16:05 GMT
DES was originally designed by IBM (as Lucifer) though admittedly weakened by the NSA (from 64 bit to 56 bit), but not in secret. After decades of scrutiny no backdoor has yet been found.
The AES specification is a result of a world-wide public contest. The winning entry, Rijndael, is specified by Joan Daemen and Vincent Rijmen, two Belgian researchers. The AES finalists include entries from all over the wrold. It was organised by NIST, an agency of the U.S. Department of Commerce (and not NSA).
First Google wants to know all about you, now it wants a RING on your finger
Tuesday 22nd January 2013 21:06 GMT
Re: I don't know...
Hey Otto, good news - that's exactly what we have developed at Hoverkey and we're very glad that people are starting to realise the what a great idea it is to authenticate on a mobile device via NFC! And it's all done with proper crypto & stuff. Now if we can just get Google's attention...
Biting the hand that feeds IT
