BM-NB4UTyuEJrQBtxJfT96DVagfQo8ZaeoN
BM-NB4UTyuEJrQBtxJfT96DVagfQo8ZaeoN

Security By Obscurity
Jun 29 07:18 [raw]

A bitmessage poster wrote, "Security by obscurity is inefficient." Ever heard of "classified" or "top secret?" Since it works so bad, why do they do it? (Rhetorical question, you'll not be able to provide a reasonable or cogent answer.) One can't get these crypto-cult-koolaid drinkers to admit their ideas are wrong-headed. Some cult leader at a conference or college class said it, so it must be true. Security by obscurity is the most often employed, and most often successful security strategy in most domains from the statehouse down to the chef's secret mustard recipe. Security by obscurity works 99.99 % of the time. Because 0.01% of the time it fails or a traitor leaks something, the gatekeepers of cryptography pounce on the event as evidence that you must use their products and ideas to secure your secrets. Because obscurity fails once in a while, the crypto-cult gatekeepers lie to you and expect you to believe their crypto fails less. But in practical experience, industry standard cryptography fails much more often than security by obscurity. And when it does fail, it does not put one person's obscure secrets at risk--when cryptography fails, it risks the secrets of millions of dupes who are using the failed crypto. = zaeon = Bitmessage broadcast: BM-NB4UTyuEJrQBtxJfT96DVagfQo8ZaeoN

Double Tor Tunnel
Jun 29 05:13 [raw]

There is no feature that allows specification of longer circuit route length in torrc. https://www.torproject.org/docs/tor-manual.html.en The circuit length is hard coded into Tor source code as: "#define DEFAULT_ROUTE_LEN 3." https://gitweb.torproject.org/tor.git/tree/src/or/or.h?h=release-0.3.4#n4848 In order to build longer circuits a user must download and modify the source code, compile the source, then build a package for the target distribution. This is an unwieldy process that the average user cannot do. Average users don't know how to download, install, and use compilers, nor do they know how to build linux packages. So your criticism is uninformed. There is no published setting in torrc that allows bypassing this. The double tunnel method is much simpler. ------------------------------------------------------ This is also retarded. You can just add more hops in Tor with the torrc config. ------------------------------------------------------ How to Double Tunnel Tor through Tor One may tunnel one instance of Tor through another instance to double the length of the Tor circuit. Connecting to Tor over tor adds extra difficulty to attacks on your Tor usage. Method #1: Android Connect the Android device to the Internet and download Orbot from the app store or f-droid. In Orbot settings, enable Tor socks and adjust the port number to your desired port. Enable Internet connection sharing on your android device or tether it to the computer, while ensuring the android device is connected to the Internet. On the computer, install and configure Tor to connect via a proxy. In the proxy configuration, enter the port number and IP address of your android device. This will vary depending on whether your computer is connected directly to the Android device or to a LAN or wifi hotspot shared with the Android device. After you enter the Tor socks port from the Android device, run Tor from your computer. The Tor instance on the computer will connect to Orbot on the Android device. Orbot is already connected to Tor. Now the computer will tunnel through the Orbot circuit and create another Tor circuit beginning at the exit node of the Orbot circuit. Now instead of five hops in the Tor tunnel you should have ten hops. This will slow down the connection a bit but if security is paramount this is tops. Method #2: Virtual Machine Run a virtual machine OS with an instance of Tor running. Outside the VM on another computer, or in another VM on the same computer, run another instance of Tor. Enable Tor socks on one VM, and configure the other VM to connect to the Torsocks of the other VM, completing a double Tor tunnel. = zaeon =

Roll Your Own Crypto
Jun 28 09:50 [raw]

Polly wanna cracker? = zaeon = ------------------------------------------------------ This is dangerous nonsense and you're completely wrong. It's not gatekeeping any more than recommending that you shouldn't do your own surgery is gatekeeping. You're putting yourself and others at risk by suggesting that the insecure bullshit you come up with is better than things like AES. ------------------------------------------------------ Roll your own crypto. Roll your own crypto before the NSA-sponsored mathematicians at Stanford and MIT roll more "secure" crypto for you. When you roll your own crypto expect to be heckled and harassed by these gatekeepers. They have an agenda: keep all cryptographic standards following the same old model. Every few years the same old model proves to be insecure, requiring adjustments in key sizes and parameters without any real structural change to the way they scaffold the algorithms and infrastructures. If 24 bit crypto was broken, then 48 bit crypto was broken, then 56 bit crypto was broken, why would you ever trust any of those algorithms or their designers ever again? If a community of gatekeepers, with their standards, has repeatedly handed you products that prove insecure, isn't it stupid to keep using their products? Shouldn't you switch brands? I am glad to see that many have opened their eyes to reject standard crypto. Some people are no longer afraid to stand up to the gatekeepers of academia. These gatekeepers poison every well and shield us from progress. They are establishment hacks who benefit by keeping the rest of us amazed, dazed and ignorant. Reject their authority. They have no authority to govern our growth and understanding, or our communications. We don't need them or their gatekeeping. We don't need to apologize for rolling our own. ROLL YOUR OWN CRYPTO. ROLL IT OFTEN. RE-ROLL IT OFTEN. CHANGE IT OFTEN. HONE IT, IMPROVE IT, ATTACK IT, REWORK IT, REFINE IT--OFTEN. Share it, secrete it, share some, obscure some, piggy back it, cascade it, try everything with it that you like. If this were the norm, the deep state would have extreme difficulty trying to crack anything--it would become a per message attack, rather than a standard attack. Do not listen to the gatekeepers who tell you to only use crypto approved by "the experts." The more crypto you create, attack, and share with others for attacking, the better you will become at transcending the experts' complicated (and repeatedly broken) standards with experience and understanding of what works. Example: I invented a simple field cipher (hand encryption) that is more secure than AES or pretty much any feistel-network cipher. I know from experience, from rolling around in crypto and reconstructing the crypto of others who rolled their own, the security of this field cipher is great. If the power grid goes down, I'll still have cryptography with paper and pen because I dared to roll my own. I've got cryptography in my wallet. That's priceless. = zaeon =

Double Tor Tunnel
Jun 23 18:47 [raw]

How to Double Tunnel Tor through Tor One may tunnel one instance of Tor through another instance to double the length of the Tor circuit. Connecting to Tor over tor adds extra difficulty to attacks on your Tor usage. Method #1: Android Connect the Android device to the Internet and download Orbot from the app store or f-droid. In Orbot settings, enable Tor socks and adjust the port number to your desired port. Enable Internet connection sharing on your android device or tether it to the computer, while ensuring the android device is connected to the Internet. On the computer, install and configure Tor to connect via a proxy. In the proxy configuration, enter the port number and IP address of your android device. This will vary depending on whether your computer is connected directly to the Android device or to a LAN or wifi hotspot shared with the Android device. After you enter the Tor socks port from the Android device, run Tor from your computer. The Tor instance on the computer will connect to Orbot on the Android device. Orbot is already connected to Tor. Now the computer will tunnel through the Orbot circuit and create another Tor circuit beginning at the exit node of the Orbot circuit. Now instead of five hops in the Tor tunnel you should have ten hops. This will slow down the connection a bit but if security is paramount this is tops. Method #2: Virtual Machine Run a virtual machine OS with an instance of Tor running. Outside the VM on another computer, or in another VM on the same computer, run another instance of Tor. Enable Tor socks on one VM, and configure the other VM to connect to the Torsocks of the other VM, completing a double Tor tunnel. = zaeon =

Air Gapped Bitmessage?
Jun 23 07:12 [raw]

Hi all, I would like to run Bitmessage on air gap. Machine Charlie runs a Internet-facing bitmessage daemon with no address keys. Periodically Charlie exports all new objects to a USB drive. Machine Delta is air gapped. Delta takes the incoming objects from the USB drive and feeds them to a local PyBitmessage instance with address keys, decrypting them as if received from the Internet. Machine Delta also composes messages and encrypts the objects, exporting them to the USB drive. When the drive returns to Charlie he snarfs the USB media and sends the new objects to the network. What are some user-friendly methods to accomplish this? Has this idea already been contemplated or deployed? Are there extra security precautions that would improve a air gap setup? = zaeon =

Roll Your Own Crypto
Jun 23 02:57 [raw]

Roll your own crypto. Roll your own crypto before the NSA-sponsored mathematicians at Stanford and MIT roll more "secure" crypto for you. When you roll your own crypto expect to be heckled and harassed by these gatekeepers. They have an agenda: keep all cryptographic standards following the same old model. Every few years the same old model proves to be insecure, requiring adjustments in key sizes and parameters without any real structural change to the way they scaffold the algorithms and infrastructures. If 24 bit crypto was broken, then 48 bit crypto was broken, then 56 bit crypto was broken, why would you ever trust any of those algorithms or their designers ever again? If a community of gatekeepers, with their standards, has repeatedly handed you products that prove insecure, isn't it stupid to keep using their products? Shouldn't you switch brands? I am glad to see that many have opened their eyes to reject standard crypto. Some people are no longer afraid to stand up to the gatekeepers of academia. These gatekeepers poison every well and shield us from progress. They are establishment hacks who benefit by keeping the rest of us amazed, dazed and ignorant. Reject their authority. They have no authority to govern our growth and understanding, or our communications. We don't need them or their gatekeeping. We don't need to apologize for rolling our own. ROLL YOUR OWN CRYPTO. ROLL IT OFTEN. RE-ROLL IT OFTEN. CHANGE IT OFTEN. HONE IT, IMPROVE IT, ATTACK IT, REWORK IT, REFINE IT--OFTEN. Share it, secrete it, share some, obscure some, piggy back it, cascade it, try everything with it that you like. If this were the norm, the deep state would have extreme difficulty trying to crack anything--it would become a per message attack, rather than a standard attack. Do not listen to the gatekeepers who tell you to only use crypto approved by "the experts." The more crypto you create, attack, and share with others for attacking, the better you will become at transcending the experts' complicated (and repeatedly broken) standards with experience and understanding of what works. Example: I invented a simple field cipher (hand encryption) that is more secure than AES or pretty much any feistel-network cipher. I know from experience, from rolling around in crypto and reconstructing the crypto of others who rolled their own, the security of this field cipher is great. If the power grid goes down, I'll still have cryptography with paper and pen because I dared to roll my own. I've got cryptography in my wallet. That's priceless. = zaeon =

Help Improving Algorithm
Jun 1 13:35 [raw]

I'm crafting a public key (asymmetric) crypto algorithm. It is simple; quite a bit simpler than RSA. It's near completion but the math has a single security flaw that needs ironed out. This is where I need more minds. Are there any mathematicians / cryptographers / cryptanalists here that would like to discuss ways to patch up the hole and collaborate on making a new, open, free and secure cipher? If interested PM me with your pseudonym. If you know someone else that might be interested but does not monitor this signal please forward this message. I'll check in again toward the end of next week. = zaeon = BM-NB4UTyuEJrQBtxJfT96DVagfQo8ZaeoN

Why [chan] |+| safehouse |+| ?
May 9 03:02 [raw]

I opened up a Bitmessage safe-house channel. Why [chan] |+| safehouse |+| ? I posted this chan to mirror something I'm doing in real life: building a real safe-house. If I can find enough kindred spirits we will make a safe-house network. By "safe-house" I mean a real, honest-to-goodness safe-house--a common ground for people to hide out from the hustle and bustle of their normal life. I do not mean a safe-house for spooks or spies, or gangsters. This safe-house is for normal, intelligent, rational, polite people. The target demographic is people who want a secret, safe place they can quickly retreat to in stressful times or in the rare event they may actually be in danger. My current safe-house lay in a rural location. It will be a great hideout with a couple of added mobile camper trailers. I bought another location that currently has no structure. There I will build another safe-house. I regularly scan real estate listings for a third chunk of real estate. The third location will be purchased by a nominee without my name going into the property records. This way I can hide out there from the ex-girlfriend, bill collectors, and Bubba. For the safe-house and network concept to function we would require a brotherhood. This brotherhood must establish and enforce agreed rules and values. All safe-houses would be privately owned. Private ownership would prevent leftist, or hippie, cult-like domination where you get thrown off the property you bought. The Brotherhood would hold quarterly meetings to establish and maintain codes of conduct and discipline for breaches. Flagrant violation of the codes of conduct would mean discipline, up to banishment from the brotherhood. Any jackass would find himself with no more cool crash pads or vacation spots. Of course the idea of accountability and mutual respect rules out crypto-anarchists, sodomy activists, leftists, insurrectionists, cops, pedos, and other assorted people who don't respect the dignity, space and property of others. What's left is high functioning, moral, truthful, highly-intelligent people. The Brotherhood would strive to attract people who like to make new friends and enjoy the idea of good laws benefiting all participants. Such a brotherhood would ensure that even in strange places there will be a stranger there who will treat you like a brother or sister. Under the safe-house concept everyone in the network will maintain a guest house, bunkhouse, or a trailer on their property so they can admit brothers into their personal domain on short notice. There would be an actual enlistment process. Swearing of oaths and non-disclosure agreements would preserve respect and honor for each other. This would be a boon to activists and independent journalists (especially crypto and privacy activists) who want to get together to collaborate on projects. The brotherhood would carve out a niche with a high level of trust. There is no better level of trust than eyeball-to-eyeball with each other's friends and family. Business deals and startups could grow out of such a brotherhood. Undoubtedly the brotherhood would fail if it admitted militant, leftists or immoral people that poison the well. Such low-functioning people hijack and destroy every good thing to bring everyone and everything down to their immoral level. They will betray confidence the moment you disagree with their insane notions. They will attack your family. They will create false rumors and slanders to bring down the brotherhood. The brotherhood would need strict rules and a very stringent vetting process to keep such rabble from infiltrating and wrecking a good thing. Think about the Elks Lodge system. It is a brotherhood that centers mostly around drinking beer. It has remained active for a long time. Imagine a brotherhood centered around things more important than bar room gossip. Imagine the friendships and dreams such a brotherhood could cultivate. I said the brotherhood will need laws and discipline to protect itself from corruption. The first law of the brotherhood: No liars. Not ever. Anyone who lies to the brotherhood would be permanently expelled. The brotherhood would publish the excommunication and the reasons for it. That is the most important law to prevent corruption: banishment of liars, because all corruption depends upon the cloak of deception. Deceivers would find no quarter in a well-regulated brotherhood. Here is a sample list of rules that would serve to weed out the troublemakers, users, and creeps. Rule #1: No liars. Rule #2: No druggies. Rule #3: No whores or whore-mongers. Rule #4: No leftists. Rule #5: No thieves. Rule #6: No neo-Nazis. Rule #7: No journalists except independent journalists who sign privacy and non-disclosure contracts. Rule #8: No member of any secret society of any kind: no bikers, no Freemasons, etc. Rule #9: No pedophiles. There is no such thing as a repentant child molester. On case of sexual abuse would be trumpeted by media savages to damage the reputation of every innocent person in the brotherhood. Are there enough moral and enlightened people in the world to build such a society? The concept of communion, of sharing the tent and the food, is what brought ancient tribes together and gave them mutual comfort and protection. In our atomistic and profane commercial world where money is king, perhaps a new king of brotherhood could rise up to challenge the king of mammon. Perhaps people could learn to be united by their common humanity instead of the profit motive. = zaeon =