Silk Road forums
Discussion => Security => Topic started by: 1nz74g8 on December 20, 2012, 11:10 pm
-
I have a couple of security related threads on page 16 & 17 of the security basics page. It is amazing how few are actually taking the time to read through the material. It seems that the prospect of purchasing illegal drugs in such a 1337 way just totally clouds the mind.
I found this on Slashdot today. I am here to tell this community that you are all in danger. There is some work to do ASAP.
Slashdot:
ElcomSoft Tool Cracks BitLocker, PGP, TrueCrypt In Real-Time
Posted by timothyon Thursday December 20, @01:48PM
from the well-that-puts-a-spin-on-things dept.
An anonymous reader writes "Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008." All that for $300.
Wake Up!
-
Assuming your motivation for this was as you stated... that's kind of you. But there's nothing to worry about here. There's another thread about it around. See that for further info.
-
http://dkn255hz262ypmii.onion/index.php?topic=94920.msg672761#msg672761
-
VPN Providers Say China Blocks Encryption Using Machine Learning Algorithms
As I read further it got even worse. This article will highlight my Deep Packet Inspection worries.....
Slashdot:
Posted by timothyon Thursday December 20, @10:07AM
from the man-vs-state-with-a-cast-of-millions dept.
An anonymous reader writes "The internet control in China seems to have been tightened recently, according to the Guardian. Several VPN providers claimed that the censorship system can 'learn, discover and block' encrypted VPN protocols. Using machine learning algorithms in protocol classification is not exactly a new topic in the field. And given the fact that even the founding father of the 'Great Firewall,' Fan Bingxing himself, has also written a paper about utilizing machine learning algorithm in encrypted traffic analysis, it would be not surprising at all if they are now starting to identify suspicious encrypted traffic using numerically efficient classifiers. So the arm race between anti-censorship and surveillance technology goes on."
1nz74g8
-
Slashdot has gone to shit. I'm not sure there even IS an editor anymore. I pay more attention to the commenters than the damn authors -- check what they have to say. I'm willing to bet this is old news and can't hurt us anyway.
-
I took a look at the post and I am aware of the old hack. What is shitty is that it is getting wrapped up into a tool for sale openly for the script kiddies. There is MUCH deadlier forensic technology emerging. Most noteworthy, to me, being the SHA-1 Hahn Analysis Technique.
Take a look at my other threads, tell me what you think of my observations and hacking techniques. I welcome the dialogue; up until now it has been kinda boring hanging around here. I love the LE acronym; I guess that is a bit much to type. Personally, I could care less about LE; I don't put myself in compromising situations and I've been down for a long time. This illicit trade bubbled up into my curiosity so I'm taking a look at it. I will not be an asshole; I will try to help. IMHO this is a crumbling castle and it is going to cost a few very much. I will end this comment by telling you that I have formal training involving encryption techniques and computer science in general. I have actually taken the time to step through and calculate most of the modern encryption protocols, step by step, by hand in a notebook.
"I always assume that which one man can do, so can another."
~Herbert O Yardley - NSA
Good Luck,
1nz74g8
-
I'm working towards a free and open net. Just now Vint Cerf sent out this email to me, here is the body:
Over the past few weeks, you stood with millions from all corners of the world who took action in support of a free and open Internet. Your voice was heard.
Some governments sought to use the recent meeting of the International Telecommunication Union in Dubai to increase censorship and regulation of the Internet. At the conclusion of the meeting last Friday, 89 countries signed the treaty, while 55 countries said they would not sign or that additional review was needed. We stand with the countries that refused to sign, and we stand with you.
We we want to thank you for your actions over the past few weeks. Your voice helped shine a light on a process that would otherwise have been in the dark, and you helped bring the issue of Internet freedom to global prominence.
With your support, we can continue to help ensure that governments alone do not direct the future of the Internet. Thank you.
Until next time,
Vint Cerf
Google
-
I took a look at the post and I am aware of the old hack. What is shitty is that it is getting wrapped up into a tool for sale openly for the script kiddies. There is MUCH deadlier forensic technology emerging. Most noteworthy, to me, being the SHA-1 Hahn Analysis Technique.
Take a look at my other threads, tell me what you think of my observations and hacking techniques. I welcome the dialogue; up until now it has been kinda boring hanging around here. I love the LE acronym; I guess that is a bit much to type. Personally, I could care less about LE; I don't put myself in compromising situations and I've been down for a long time. This illicit trade bubbled up into my curiosity so I'm taking a look at it. I will not be an asshole; I will try to help. IMHO this is a crumbling castle and it is going to cost a few very much. I will end this comment by telling you that I have formal training involving encryption techniques and computer science in general. I have actually taken the time to step through and calculate most of the modern encryption protocols, step by step, by hand in a notebook.
"I always assume that which one man can do, so can another."
~Herbert O Yardley - NSA
Good Luck,
1nz74g8
There's a few technologically savvy people around. There's even a couple who have really impressed me. But if you're hoping to find more people who can discuss the mathematics of symmetric and asymmetric cryptography... I'm afraid you're bound to be further disappointed.
Even I've only stepped through the basic algorithms to understand them at that level. And I soon after forgot and wouldn't be able to do it again.
Yes, I'm so cool I get to say "even I." Deal wid it. Or something. Oh yeah: "yo." :P
-
Well some good news is better than no news :P YO! brutha...
-
Thanks, pretty interesting stuff right there.
-
I personally amn't worried about this at all.
I might not understand this correctly and I dont claim to be an expert in encryption but I believe it is impossible to "break" the encryption as the algorithm is dynamic based on the character order of the secret key- that is to say it is not a straight up encryption algorithm but changes depending on the secret key.
I may well be wrong though?
-
I guess the only way you could say the encryption is broken is if you can find any collisions, which I don't think has been done yet.
Even then, MD5 has like 20 known collisions and although it is not considered secure, you still have to brute force passwords.
-
Saying that this tool cracks Truecrypt or GPG is like saying you have cracked a safe if someone leaves the key out and you find it. Keys in memory are not secure, keys need to be in memory for the duration of their use. This is extremely old news.