[Kooler] Re: Security, what's that? (was Re: NSA Vs. Linux)

Lan Barnes lanbarnes at earthlink.net
Tue Oct 19 13:41:01 PDT 1999 

"Chris K. Young" wrote:
> 
> On Tue, Oct 19, 1999 at 10:44:14AM -0400, Michael B. Rash foobarred:
> ! Something should be added to this however and that is if you have
> ! encrypted a file on your harddrive with military grade encryption and then
> ! someone say, breaks into your house and steals your entire computer, the
> ! encrypted file (assuming that you encrypted it with a well-written piece
> ! of encryption software such as PGP that doesn't do something stupid like
> ! leave your private key laying around or something) will still be
> ! _computationally_ secure.  With key lengths of 2048 bits or longer you can
> ! be reasonably sure that no one (most likely not even the NSA) will be able
> ! to read your file until well after it no longer has any meaning for you or
> ! anyone else.
> 
> Yes.  It's quite cheap and easy to do cryptographic file systems in
> OpenBSD (made in Canada---land of free cryptography), as well as
> patched Linux kernels.
> 
> !               Of course physical access is still an extreme danger to
> ! security because a determined attacker could "upgrade" your system with
> ! appropriately trojaned software that records your encryption software
> ! password that then stores it or emails it out.
> 
> If you can prevent people from opening your case (I don't know how that
> would be achieved) then this can be prevented with properly chosen
> passwords.  If you're on a IBM-compatible system, you've got to find
> a way to prevent your attacker from toying with the power supply long
> enough to get your nonvolatile RAM erased (assuming your frontline
> defence involves BIOS passwords).
> 
> !                                                 Or, like Chris said,
> ! install a transmitter or use Tempest to monitor EM transmissions or any of
> ! a whole host of other things..
> 
> I'm hoping rather badly that it takes a rather strong adversary to
> have a Tempest at their disposal.  I remember at APEC this year (held
> in Auckland) one of the executive meetings was held in the Government
> House, which is a minute's walk from my house.  There was this US van
> with lots of antennae poking out... scared the Will Robinson out of
> me, enough for me to not type any passwords on my keyboard until the
> van went away a few hours later.  (I'm that paranoid type, you see.)

Our last thread pointed out that paranoia isn't when dealing with
these people. (Yes, that's the sentence I wanted to write.)

(I once had a business partner with a paranoid personality. That
experience led to Barnes's Law # 15: "Deal with a paranoid long
enough, and he forces you to plot against him." I suppose that
applies to gvmt agencies, too.)

I have no doubt that the NSA and CIA have transmitting keyboards
in every major configuration, ready to swap out (should they deem
it necessary) during the next visit from your phone guy, cable
guy, or furnace guy. Beware of the service caller who says "I
need a part and will be right back." ;-)

BTW, we also discussed copper-screening EMF cages to thwart such
devices. 

But with our present slightly psychotic political atmosphere, we
can expect a federal law any day requiring keyboard manufacturer
to include keystroke transmitters in every board (tripling their
price, and exposing our finger tips to RF burns). The stated
reason will be to protect us from drug lords and child
pornographers. I swear, I'm going to find myself actually
sympathizing with DLs and CPs if they're cited one more time as a
reason to violate the Bill of Rights.

OK, this puppy just went [Kooler].

-- 
Lan Barnes                 lanbarnes at earthlink.net
Icon Consulting, Inc       619-273-6677

More information about the KPLUG-List mailing list