Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 135 136 [137] 138 139 ... 249
2041
Lol KMF this thread isn't even about debating whether or not they have shagged each other or not, it's more about the fact the news story is quite funny or that's the case for me. You're getting a bit sensitive in your old age my old fruit. Like I said, you wana be careful. Might pop a vein!

Meh I don't care enough to pop a vein, it is just funny to see so many hypocrites call someone a sick fuck for having sex with someone of an age that they would probably have sex with in two seconds if it wasn't illegal.

2042
Seriously you must have to lie to yourself pretty convincingly to think that you are actually not attracted to 15 year olds. https://en.wikipedia.org/wiki/Tanner_scale

Tanner V
    breast reaches final adult size; areola returns to contour of the surrounding breast, with a projecting central papilla. [15+]

Tanner V
    hair extends to medial surface of the thighs [15+]


2043
who cares

Well..the people who were in this thread discussing it. If YOU don't care then why bother reading it and replying ?

Lol KMF is just pissed he missed an opportunity to get some underage clunge.

Oh my God it is such an outrage someone had sex with someone who is legal in many parts of the world and who is only a few months away from being legal in the U.K. , what a sick fuck, they are attracted to people who have passed through all stages of sexual development and can not even be told apart from 18 year olds with photographic forensics!!! Absolutely disgusting and something that I totally give a fuck about and in fact am outraged about. Not that long ago people married 12 year olds for fucks sake.

2044
Security / Re: Tor based audio conference
« on: September 25, 2012, 12:57 am »
LOL. The idea of the local cops using Van Eck phreaking or NIC vibration signatures. These guys have enough trouble using wire taps for Christ's sake.

Ok, I admit it's possible. And that just because you use equipment doesn't mean you need to understand why/how it works. But still...

Anyway, the defenses are trivially easy to implement against such things, even places like banks or embassies do it (not that it helps if all the bars and restaurants in a certain  radius are bugged, ha!).

1. Obtain a cheap Chinese NIC with cash or rip one out of a second hand computer from a garage sale.
2. Turn a room into, or easier still, put a protective Faraday cage over your hardware. For people who were asleep in physics, replace Faraday cage with "metal box". e.g. Trash can.

Ta da!

Ta da, now you can't use your wireless card because it is inside a Faraday cage!

2045
who cares

2046
Security / Re: Tor based audio conference
« on: September 22, 2012, 11:24 pm »
you guys are trolling my topic nicely with your sci-fi chimera.

You trolled your own topic from the first post

2047
Security / Re: WATCH OUT !!! OPERATION PANGEA V STARTING NEXT WEEK !!
« on: September 22, 2012, 10:33 pm »
Well, looks like it's main focus in on prescription drugs from online vendors..  thats not to say this site is not a target.. but the profiling on packages sent by anyone other than prominent prescription drug vendors won't be as visible.   i may be wrong, but most prescription drug vendors don't use our payment method.. and they are notoriously international. 

with that said, i'm still going to take it easy next week.  I don't think they will announce a sr operation.

Operation Pangea generally consists of a week where international customs and postal inspectors work overtime trying to intercept drugs in the mail.

2048
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: September 22, 2012, 10:22 pm »
Quote
There are a number of ways of obtaining relatively decent random numbers, such as shuffling cards (a lot... e.g. weeks and weeks) or using a lottery ball (it's this big container full of balls with numbers on them, buffeted by air, it is actually quite effective at being random, at least good enough for things like powerball lotteries).

However, I'm not talking about those toys, but something infinitely more complex, the stock market. Don't think "how absurd" until you've read my entire argument.

Your best shot at getting randomness is monitoring timing differences between keystrokes, mouse positions, keystrokes, timing between mouse movements, your screen, disk access times etc, and taking the hash of all of it. Then repeating that process constantly. Something like this is how your operating system gets randomness anyway. I don't know if this is random enough for a OTP, but it is random enough for you to use for other cryptographic algorithms, or at least it is what you have to work with anyway. Actually many modern CPU's have their own RNG's built into hardware, although I am not sure the specifics of how these RNGs work, something with thermal noise. Actually even a microphone input can be used to generate random numbers quite well.

The cool thing about (many? all? definitely some.) cryptographic hashing algorithms is that they can distill and uniformly distribute randomness. If you have fifty megabytes of data which has three bits of randomness total contained within it, the cryptographic hash of the fifty megabytes of data will also contain three bits of randomness. A SHA256 output is always 256 bits, so if you hash 50 megabytes with 3 bits of randomness, the output is 256 bits 3 of which are random. Cryptographic hashing algorithms also evenly distribute the randomness of their input into their output. If a fifty megabyte file that starts with one random byte and is followed by only non-random bytes, the cryptographic hash value of the file will contain one byte of randomness equally distributed throughout it.

So in summary I am less concerned about the ability to generate randomness than I am with the problem of sharing the generated randomness between the people who would use it for a one time pad.

Quote
In case you don't think the stock market could ever be sufficiently random, it can! Because markets actually are attempts (from a high level perspective) to incorporate all information about the world into them. Prices are a very very concise numerical synopsis of an absolutely terrific quantity of information.

to rip off XKCD....

Code: [Select]
#include <stdio.h>

int main()
{
  printf("%i", rng());
  return 0;
}

int rng()
{
  int random_number = 4; //returned by a fair die, certain to be random
  return random_number;
}

Quote
inefficient does not imply consistent predicative power, which is perfect for us and frustration for arbitragers).

Now, there is a caveat or two with this idea. Markets are not perfectly efficient because they are not frictionless, meaning that some differentials won't be arbitraged because of trading fees and commissions, or taxes. This will be a problem for your seed, this is something that is in between irrational patterns (inefficiency) and unpredictability (efficiency) that could produce consistent price behavior. You will need to come up with another mechanism for avoiding these situations, a delicate issue, but I think a manageable one.

Why not just 'randomly' type on the keyboard until you have hit a thousand keys, and then take the SHA 256 hash value of the output? Most estimates say that English has one bit of randomness per character, so it seems safe to assume that your output is a truly random 256 bit number.

19c41bf387172d7eb28fe1997af60a1e8a9b22bc56f01a772cccd6cbde8f84ef is the SHA 256 value of the previous sentence, I think it is probably 256 bits of randomness, since English prose contains about one bit of randomness per character and the sentence was 289 characters long.


Quote
1. The stock market can be a source of superb random information (for two reasons, paradoxically, efficiency and irrationality)
2.  Everybody has access to the data from all over the world and many channels.
3.  Price prediction and seed poisoning is impractical due to information races.
--
Result: A civilian may be able to build highly sophisticated One Time Pads from the stock market(s).

A. Pounding on my keyboard and hashing the result is probably a good enough source of randomness for a OTP.
B. That doesn't solve the problem of key exchange, which is the real issue.

2049
Security / Re: Tor based audio conference
« on: September 22, 2012, 01:36 pm »
(in either case it is very safe to assume that NSA level attackers can uniquely identify wireless networking cards regardless of their MAC addresses)

2050
Security / Re: Tor based audio conference
« on: September 22, 2012, 01:31 pm »
Buy large directional wifi antenna, drive into large city, get out and sit somewhere away from cameras if possible, change MAC address, connect to AP a few blocks away, then at random points go to a different area of the city and do the same thing.

I say fuck "live" audio chat. Just record yourself talking, screw with the voice using the appropriate software, and upload the wav file to an onion site. Just pretend you're talking to people outside of the solar system and the messages are inevitably delayed by physics lol

I guess that the unique properties of the vibrating elements of your wireless network card leave a fingerprint in outgoing packet streams that can be forensically correlated with the device that sent them. So spoofing MAC address may not be enough, rather using a throw away wireless device for every session. I had heard about this sort of attack before but I still do not know the details of it, however recently I heard a bit of debate in regards to if the logs left at the AP will contain enough information to fingerprint a unique device, or if specialized equipment would be required to take and later detect the fingerprints.

2051
Security / Re: Tor based audio conference or pwn me with a timing attack
« on: September 22, 2012, 01:26 pm »
If an attacker has a botnet with a substantial amount of nodes and they run all the nodes as Tor relays they will all be banned from the Tor network. Tor directory authority servers have a lot of systems in place to prevent an attacker with a huge botnet from suddenly turning the entire thing into a bunch of Tor nodes. They would need to slowly add the nodes over time.

I agree with you that it wouldn't be possible to stick the whole botnet in the Tor network fast. It's easier to stick a rail up LEO asses.

If an attacker doesnt have enough of relay nodes, can they dudos relay nodes forcing them to go down? Check if someone has stopped talking then. If a client is run as a relay node the task has been done. Even if a client is not run as a relay node the attacker may get logs from the relay and determine one of the client's entry guards.

Yes that sort of an attack is possible, I believe that would be some variant of an intersection attack

2052
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: September 22, 2012, 01:03 pm »
The only reason I originally even brought one time pads up is because somebody wondered how encryption works, and it is a very simple to demonstrate algorithm and is still as secure as any algorithm can  possibly be :). That said, even RSA 2,048 and AES-128 are more than enough to secure your communications here. I hear that a lot of progress is being made with quantum computer based cryptanalysis and that RSA and ECC are likely doomed, but there are some quantum resistant multivariate quadratic polynomial based algorithms that look promising for the future. Honestly I don't understand the details of such advanced mathematics though.

2053
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: September 22, 2012, 12:57 pm »
yes OTP is not possible to do securely in the context of vendor customer communications on SR. It is great if you have face to face ability to share a huge amount of true randomness with somebody you need to securely get messages back from in the future though.

2054
You type like a 14 year old

2055
Security / Re: Tor based audio conference
« on: September 21, 2012, 09:30 am »
I actually do think it is a cool idea mito,

A cool idea was tossed up hh. If an attacker owns a botnet with a susbstantial amount of nodes, they would have all nodes run as Tor relays. Then they could remove relay nodes out of the network one by one and wait for somebody to shut up in the middle of his singing. The relay node would be checked for the IP of the entry node. After the entry node is traced, you are only one hop away. The attacker now can compromise it and get your real IP address. Group sex IRL on lsd, mxe and molly is much safer. This will be my opinion on talking anonymously over Tor hehe

If an attacker has a botnet with a substantial amount of nodes and they run all the nodes as Tor relays they will all be banned from the Tor network. Tor directory authority servers have a lot of systems in place to prevent an attacker with a huge botnet from suddenly turning the entire thing into a bunch of Tor nodes. They would need to slowly add the nodes over time. There is a limit to how many new nodes can join the network at a time. That said, they would not even need to take their relays down one at a time. They can see the data arrive at the other end. If you can see a packet transmitted through Tor at any point on its path, you can use a timing attack to identify that packet at any other point you can see it at. So the attacker in your proposed scenario can simultaneously monitor traffic and immediately determine if a packet they see being routed through one of their nodes is the same packet they see arriving with the voice data at the end of the circuit.

Pages: 1 ... 135 136 [137] 138 139 ... 249