SoylentNews is people
SoylentNews
The hidden world in short-wave.
I was interviewed a few weeks back for my website priyom.org [Javascript recommended] which is a community that tracks and logs Numbers Station and military radio stations from all over the world.
The article on The Daily Beast can be found here: http://www.thedailybeast.com/articles/2016/03/06/the-stupidly-simple-spy-messages-no-computer-could-decode.html
When I was 10 years old, I found a shortwave radio in a crumbling old leather trunk where we kept family photos and other memorabilia. As I spun the dial, tinny, modulating noises, like the song of an electronic slide whistle, emanated from the radio's small speaker. Staticky cracks and pops competed for airtime. The sounds swished and swirled, unintelligible and unremarkable. But then, emerging through the clamor, was a voice.
I might have run right over it with the dial, but the voice's rhythmic, steady pacing caught me up short. It wasn't a deejay. Nor a commercial. And he wasn't singing. He was just speaking. The same line, over and over again.
"7...6...7...4...3." Pause. "7...6...7...4...3."
I don't remember if those were the exact numbers. But they were numbers. A repeated sequence which had no obvious meaning, and was entirely devoid of context. To find him here, amidst the screeches and howls of the shortwave frequencies, was like coming upon a man standing in the middle of a forest, talking out loud to no one.
How long had he been here? Who was he talking to? He had that officious tone of the recorded telephone operators who chastised you for dialing a wrong number. "Please hang up, check the number, and dial again." And the same distracting static I'd heard in those messages filled the background. I wasn't sure if he was speaking live, or if he'd been recorded and set loose to play into the air.
It's well-written and a good introduction into the world of number stations and short-wave. I think the Soylent community will enjoy the article, maybe prompt some of you to dig a radio out of your attic and have a listen. Alternatively, you can listen to some stations online. Different stations broadcast at different times; check out the listings on the station schedule page (Javascript required).
Some other resources to check out on the scene:
Enigma 2000 group http://www.brogers.dsl.pipex.com/enigma2000
Simon Mason's website http://www.simonmason.karoo.net/
[Ed. addition.] These stations apparently depend on previously-distributed one-time pads:
In cryptography, the one-time pad is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key. Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition.
(Score: 2) by JoeMerchant on Saturday April 30 2016, @08:11PM
DES was highly suspect in the early 1990s, elliptic curve was pushed in every academic course as a "standard" around that time, too. I think DES proved somewhat legit, while elliptic curve was never thought to be any good by "people who cared." Then there was the whole NSA deal with this: https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]
I do live in a world where "good enough" randomness is, infact, good enough. The secrets I protect are not to be shrouded for all time, and noone would likely bother to try to break ROT-13 on most of it. However, I also live in a world exposed to "common attacks" which are developed on commonly used algorithms, so, when someone breaks a standard tool - if we happen to be using said standard tool, our names will be dragged through the press as "insecure, negligent, etc." As such, a little creativity, even if it results in something less secure, is often preferable to following on the bandwagon of the latest idea of unbreakable. Assuming quantum computers continue to develop at a roughly Moore's Law rate, they'll likely be breaking most current asymmetric key schemes before I retire... but, as inadvisable as it is in many circles, a touch of security through obscurity will keep the standard hacks from forcing a recall on our products.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by stormwyrm on Sunday May 01 2016, @01:54AM
DES was suspect until academic cryptographers (re)discovered differential cryptanalysis in the late 1980s, and found that when they applied it to DES, they found that the S-boxes for it seemed to have been chosen in such a way as to make their new attack nearly useless, when it positively destroyed other contemporary ciphers. Later, some guy from IBM fessed up and told everyone that they knew all about differential cryptanalysis in the 1970s, the NSA's mysterious change in the S-boxes was guided by it, and that the government then told them it was classified. I mentioned Dual_EC_DRBG, and also said that no one who had any choice in the matter tried to use it, as not only was it a couple orders of magnitude slower than most other CPRNG algorithms, it also made use of magic numbers that no one could explain that made everyone strongly believe that it had a back door put there by the NSA.
The thing is, the only reason we know that ciphers are any good is that people study and analyse them for weaknesses. This is, like many fields, a difficult and specialised one that takes years to master, and we laypersons can only know that the specialists in the field are any good by looking at track records of what they have done. It's the same as in any field where expertise is difficult to obtain. To imagine that one is able to do better than folks like Schneier, Rijmen, or Rivest just by reading a few random articles from a Google search is an instance of something called the Dunning-Kruger Effect.
While yes, doing the odd bit of security by obscurity may help keep you secure, but if you're trying to communicate securely with anyone outside of yourself at some future time, you have to convince them to use your non-standard system. That is easier said than done, and if the circle of people with whom you wish to communicate becomes large enough, your enemies will also obtain your encryption tools and study them for weaknesses. If you don't really know what you're doing, and chances are you don't (see above), your enemies will eventually find one or more weaknesses and penetrate your security. So much for security by obscurity.
There is plenty of research being done on post-quantum cryptography and hopefully before quantum computers become practical they will see wide use.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by JoeMerchant on Sunday May 01 2016, @02:40AM
Of course, we accept our vendor's word that their "certified security" is as good as they say, and we, along with dozens of our competitors, use them to tunnel packets under this wonderful blanket of VPN goodness.
Judging from their technical depth in other areas, I'm assuming that a flaw will be found in their implementation sooner than later, and when it happens I want the people who start looking at our AMQ packets to see mostly white noise, instead of names, addresses, etc. in plaintext. The vendor will scramble and figure out a patch in a month or two, we'll all have a big rollout circus, and things will get back to normal. I just want our department to be able to answer the questions from on-high with "yes, we use them, but our additional layer of security will prevent any exposure." With all the other crap out there in plaintext during the breach, I doubt anybody will care enough to grab our internal communications and try to get into them, and even if they do - we should be clearly shown to be trying harder than the next guy... Yes - this is really only good in closed systems, but when you have the luxury of operating a closed system, why not take advantage of the low hanging fruit?
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end