* Posts by codefu

6 posts • joined 23 Sep 2011

Four ways the Guardian could have protected Snowden – by THE NSA

codefu
Black Helicopters

We need Plausible Deniability (i.e. What No TrueCrypt?)

Mostly good points but you should/can also throw TrueCrypt into the mix.

Apart allowing creation of a standard password based encrypted volume, one unique feature in TrueCrypt is the support for "Plausible Deniability". This is an encrypted volume with two passwords. One password provides access to the standard outer volume, and the other will decrypt a hidden volume inside the outer volume. Thus the user, if demanded his password under RIPA to decrypt the data, he simply gives up his outer volume password. By examining the encrypted data alone, even after decryption with the outer volume password, there should be no way for anyone to prove a hidden volume exists - hence he can plausibly deny existence of anything the authorities might be after.

This is not to say it's completely foolproof as it could still be compromised under certain circumstances.

1
0

GoPro accused of using DMCA to take down product review

codefu
Terminator

Regardless of copyright / trademark laws etc...

I wholeheartedly agree with the last paragraph

"By choosing to go the DMCA route, rather than just picking up a telephone and asking DigitalRev nicely, the company may have shot itself in the foot..."

And I hope most readers do too... otherwise cilvilisation is doomed and terminator lawyers will rule the world.

4
0

Prepare for 'post-crypto world', warns godfather of encryption

codefu
Stop

Agree with Diffie

Surely the persistence of malware, if anything, should mean encryption is ever MORE important?

As ever, the problem with encryption is key management. But technologies to solve this problem (at least partially) are already widely available in the form of TPM, smart cards and ARM TrustZone. They're just not well integrated into OS platforms.

For TPM naysayers, yes it *could* be abused by industry to restrict access, creativity and openness, but that doesn't mean the technology itself is "evil", anymore than knives are just because they could be used for murder. Ultimately, if used sensibly, hardware protection is an excellent way of mitigating against software attacks.

1
0
codefu
Headmaster

DES was originally designed by IBM (as Lucifer) though admittedly weakened by the NSA (from 64 bit to 56 bit), but not in secret. After decades of scrutiny no backdoor has yet been found.

The AES specification is a result of a world-wide public contest. The winning entry, Rijndael, is specified by Joan Daemen and Vincent Rijmen, two Belgian researchers. The AES finalists include entries from all over the wrold. It was organised by NIST, an agency of the U.S. Department of Commerce (and not NSA).

7
0

First Google wants to know all about you, now it wants a RING on your finger

codefu
Thumb Up

Re: I don't know...

Hey Otto, good news - that's exactly what we have developed at Hoverkey and we're very glad that people are starting to realise the what a great idea it is to authenticate on a mobile device via NFC! And it's all done with proper crypto & stuff. Now if we can just get Google's attention...

0
0

Faster-than-light back with surprising CERN discovery

codefu
Terminator

Just a glitch in the Matrix

All will be fixed in the next release.

5
1

Forums