Mostly, true, but there are methods for delivering this content to the target device, and it is done a heck of a lot more often then most people believe and that is uneffected by spoofing because it gets the raw information directly from the card.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Please help me punch holes in my encryption scheme.
- Thread starter kresh
- Start date
- Sort by reaction score
Mostly, true, but there are methods for delivering this content to the target device, and it is done a heck of a lot more often then most people believe and that is uneffected by spoofing because it gets the raw information directly from the card.
Depends on the people involved and the equipment they are using.
Not really... computers are useless unless you tell them what to do. Brute forcing an AES key would take years even on a large botnet, and all of the theoretical attacks on a key have been shown to be similarily impractical.
Computers aren't the processing device I'm talking about. There are other things that are designed specifically for this task. These machines are much better then brute force; but fortunately are quite rare and only used for things much more critical then anything people here would be involved in.
Then you've well over protected the data, they'd get nothing out of it. If you're still paranoid, you store the data in an encrypted, separate account, and then create another admin account that does one thing. When you log into it, a script is run that purges the data account, and wipes the, now free, space of the drive. Leave that account unprotected, but never log into it. The first thing that any person will do is to try to log into every account; and since this account is unprotected, it will log in easily and before they know what happened, the data is already gone.
As I said, not very practical for this purpose. Having a script to present the string kinda defeats the whole purpose of having it hidden within another string because all someone has to do is read the script.
If they have a reasonable suspicion, you'll probably end up sitting in jail for contempt unless you cough up the keys. Is that legal? Probably not - but if you're pissing off the local government, I'd be more worried about punitive imprisonment and/or other techniques of "rubber hose cryptanalysis" than straightforward cracking.
One extra (though redundant) idea is that TrueCrypt offers a plausible deniability option when creating a volume. That's all likely overkill. As others have stated, the harder part will be the anonymously get the data to the news people and for your data to be taken seriously when they have no one to back it up. Likely the news people will just sit it aside until they can get some real proof, otherwise they can face legal issues if they bring it to light without hard evidence.
Believe what you will. Refusal to believe other people might have information you don't, will only keep you blind to the world around you.
Sure, I've been designing computer networks for the last 10 years. This ranges from MAN fiber rings running ethernet to ATM connections to DSL to my neighbour's packet over radio experiment.
Also, I have been a network security consultant for another 5. (sniffers, firewalls, IDS, IPS, you name it)
I am pretty sure I know what I am talking about. But hey, sure. Let's take your argument:
So, since you agree MAC addresses do not traverse ethernet segments there are 'other' ways to deliver this content to the target device. Well, since your router at home (or whatever you use to send your packets) strips layer 2 info at the first hop the information ('raw information from the card', please kid me not) must be in the payload. Even easier to spoof.
You are right though that refusal to believe other people might have information I don't will make me blind. But I have been doing this for a LONG time, and I see you misinforming people. So in this case I think I will be okay refusing to believe you.
Once again, no offense intended.
That's fine. I have been building network processors, routers, and other semiconductors for, oh, almost 15 years now (although not always). I also have been working for the last 5 years in a field that is involves network / encryption security (yes, intentionally kinda vague).
I'm not blowing smoke, there are ways that the semiconductors are designed that allow some information to be transmitted from one device to another behind the scenes without people knowing it. Those who might endeavor to do so (and some places do) can extract this information and use it against you.
And that would only work if every hop between source and destination would support that 'protocol' Having analyzed layer2 sniffs from 10's of networks comprised of hardware of 10's of different vendors I have NEVER seen anything that does this. (bla bla bla cdp, etc is something different) You were talking about his MAC address ending up at google through sending an e-mail.
Rubberhose Cryptography. Your plausible deniability is blown. Unless you and your family are immune to pain, your encryption scheme is blown.
Rubberhose Cryptography
Rubberhose Cryptography
Sadly, the easiest way to break an encryption is to make or trick a person into giving it to you.