Cypherpunk

Notacon 5

2008-04-10T14:40:00.001-07:00

Notacon5

Back in Cleveland for another great time. This was more of a social time for me, and as I found from the people who run it, that was exactly their intentions. I met a lot of new people, got in touch with a few that I haven’t seen in a year. Got drunk and had a blast. I also got to see more of Cleveland this year, including the soapbox racetrack and the science center.

I only went to two talks this time, which was twice as many talks as last year. Mainly because I had to heckle Aestetix on his talk about art and programming. It was an interesting experiment really on what talks would get accepted, that turned into a halfway serious discussion on perception and code. I will definitely be interested in helping him expand this talk for the future.

Hypatia gave a more academic but completely enjoyable talk on how Internet has been treated by the social sciences, which has been quite poorly. As someone who’s evangelical about technology and cryptography, the presentation gave me some insights on who I need to target. It also reaffirmed my belief that the hype curve isn’t guided by those promoting their wares but by misinformed people with good intentions.

The social aspect is very important. Most of the year, at least for myself, we’re in our little isolated areas wondering half the time if other people share our love for art and technology. Notacon is where we can come together and share the fruits of our labor, bounce ideas of each other, and even combine them into a new beast. Or get drunk and take over Hard Rock Café.

Easy to make Strong Crypto

2007-12-27T12:30:00.000-08:00

If someone asked you to code a strong crypto tool from memory, it wouldn't be surprising to feel a bit overwhelmed, but that's exactly Arnold Reinhold has been able to do. With CipherSaber, he has been showing people that strong crypto is accessible by anyone and not some divine blessing that can be given or withdrawn by the government.

CipherSaber is a protocol, implementing the Arcfour algorithm, that is simple enough for entry level programmers to understand. Once someone understands how simple it is to code their own tools, they can do so anywhere in the world, quickly. With one small step, CipherSaber has been able to easily negate present and future cryptographic export and control laws. We're not even talking about free speech here, but free thought.

Another important component of CipherSaber is that it requires you to hand make your own tools, teaching you that you never have to be unarmed. However, there are some weaknesses that the developer should keep in mind and CipherSaber-2 was developed to address some of these issues.

Once a person has begun this training, they can augment further with TEA and the D-H key exchange for understanding Feistel and asymmetrical ciphers, respectively. Thanks to CipherSaber, a budding programmer can be on the road to a well rounded Cypherpunk.

Critique on Port Knocking

2007-10-03T19:15:00.000-07:00

When it comes to security through obscurity, everyone has their favorite quote. There's Kerckoff's principle, Shannon's maxim, and Raymond's "Security through transparency." I prefer Schneier's summary, "every secret creates a potential failure point."

Port knocking depends obscurity, a secret series of false connections. Using port knocking with multiple people requires a means of communicating and updating the secret. The more users involved means the more people who know the secret and the greater likelihood that the secret will be shared or observed.

Port knocking doesn't protect from sniffing, man-in-the-middle attacks, or spoofing from an established source. Proponents of port knocking claim that it's useful in protecting your sensitive ports from exploitation, but port knocking itself is software (in one form or another) which leaves itself susceptible to vulnerabilities.

In contrast, VPN technology offers the same protection as port knocking, but also has measures to protect the confidentiality and integrity of the communications. The secret is reduced to user authentication, which (aside from being more manageable) can be implemented in a pin protected smartcard.

Hidden Tor Node on a USB Stick

2007-10-02T15:59:00.000-07:00

Recently I launched https://jn52gdac73recgxu.onion/

A Hidden Tor Server using 375mb on a USB stick. A full featured web server, hiding behind a firewall, somewhere in North America.

It was all pretty simple to setup, it took more time finding the suitable software than it did to install and configure them.

Step 1: Download Portable Tor
Step 2: Download xAMPP for Windows
Step 3: Configure TOR for hidden service, Sample Torrc file

Notes: If you run XeroBank, OperaTor or TorPark, be sure to launch Portable Tor first.
xAMPP is not as portable as I'd like, due to its config files including the drive letter that XAMPP was installed on. Best way around this is to use the DOS command SUBST to convert whatever drive you're on to the same letter as when it was installed.

Public Keys and IDs

2007-10-01T15:59:00.000-07:00

My OpenPGP key ID is 0x2E5FE831

If you trust that...
-----BEGIN---
My current OpenSSH Authorized_keys is:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAsw1eoATPLJ6UCLzvFg1zb+4mmbN3zjBqEVODpn1KGCePFTm+P1hw4vXJjlivbEl2WlT/bqQac/mWK/KdH/a7qHUoHAgFedQnRqbHiB0ATHpJFvSoyY85AlWdHUU3ks3qZHat6+3Q0ipxL9H5REpC2LcRHMuGkpaW3rBfidYECCM= rsa-key-20070928

My OTR Fingerprints are:
Chris.Gragsone@Bonjour: 58BFD428 C0160FDC B2D38E25 0ECE9222 834C80C4
Maetrics@AIM: 7740E49E FD643730 072DD305 85CE0B55 49B9E287
Sinchume@gmail: 8D737C1C AC4D1BC5 DC0A3729 C1D18C4B 474BCC5B
Sinchume@yahoo: 4347B3DD 3E508ECA 1701F75F 9C57A7AE 54892C31
Maetrics@irc.2600.net: C65D4DD5 84CD2831 CBFFDEF2 8355BE4C 51DD890C
-----END-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQBHAYBqMFUeNy5f6DERAp2FAJ4h+u1Bx6HKp8VzG0N1YvUmybjzOgCgu0NR
FJTme6u083nA4NwKz15Lutc=
=l14X
-----END PGP SIGNATURE-----

If you'd want my x.509 Cert, just request via email.

Crypto by Default

2007-09-24T16:51:00.000-07:00

For a while, I've used Aim's encryption feature to securely chat with a few friends. This week I decided to try Pidgin (formally Gaim) with Off-The-Record (OTR). My first worry with encryption is always the user base. No sense in having crypto around if no one uses it, eventually you end up with dead keys and forgotten passwords (not that OTR needs passwords). To my shock, not only did my crypto using friends also use OTR, but so did people I considered crypto-novices.

Turns out they all happened to be Apple Mac users running an IM client called Adium. While OTR has an optional plugin's for Pidgin and and a proxy for AIM, Adium has it built-in and running by default. Seamless crypto, the kind that thousands of users experience when give their credit card information to a stranger over the Internet. Why other IM clients aren't Crypto by Default is beyond me.

To the programmers out there, design "Crypto by Default," and include TLS and OTR libraries. To the users, expect nothing less.

Project Idea

2007-09-22T07:46:00.000-07:00

This is more of a note to myself of various crypto projects

a putty app that extracts the host keys from the registry and stores them in .ppk or openssh format. This will make it easier to transfer trusted keys to another client machine. (thanks to Elonka for this idea)
crypto key swiss army knife. Convert sshkeys, x.509 keys, openpgp keys into each other's formats.
bartpe image to support ironkey and various portable apps
TOR Hidden Server, USB key (Completed, read about it here)
.Onion DNS server, (Using Wide Area DNS-SD didn't pan out, read why. Continuing on a different approach suggested by a friend.)
OTR for finch and Second Life

Link-Local Networking

2007-09-18T05:28:00.000-07:00

Often I learn about various protocols just by sniffing the network. A talk I gave recently at md2600 originated from one such promiscuous session. What started from analyzing multicast UDP traffic from a lone macbook, ended with a thorough education in APIPA, multicast DNS, Service Locater Protocol, Universal Plug and Play, and more.

At the suggestion of my friends I've started giving talks about this technology. For those who have heard my talks and want to know more, I've collected a bunch of links.

rfc 3927 - Dynamic Configuration of IPv4 Link-Local Addresses
The Zeroconf Website, with a many useful documents
Bonjour, an Apple implementation for Mac, Windows, and Unix
Avahi, a GPL implementation for Unix

Bonjour for Windows users should also grab the Bounjour Control Panel applet.

Talks on Link-Local Networking
- 9/07/07 Overview of Zeroconf and UPnP given at md2600
- 3/29/08 Local-Link Networking given at CarolinaCon4
- 4/09/08 Ad-Hoc Networking in Linux with Avahi given at CaLUG

Sans YouTube

2007-08-22T11:07:00.000-07:00

This isn't a knock against Sans, but when I went to their newly released Sans YouTube page, I had flashbacks to nightmares my parents told me about strangers. If you lived a protected childhood and don't know what I'm talking about, then maybe you'll remember the horrible Calvin Klein ads that were pulled off for the same reasons.

Compare with

Please Sans, put a curtain behind the guy. I'd rather be reminded of the President's press room than Charlie's basement down the street.

I still recommend people to watch the videos, it's probably the most entertaining way to gain some CPE's.

Notacon 4

2007-08-07T22:04:00.000-07:00

This is a bit late, as the con was held April 27-29 of this year. I mainly went for social reasons and the opportunity to take photos of the con and Cleaveland. But I have to say, Notacon definitely opened my eyes to the artistic side of technology. Even though I didn't attend many of the talks, the focus was conducted via conversations with other attendees.

I spent most of the con in the HF room, discussing a range of topics from art in Second Life to electronic graffiti. I listened to Nick Farr discuss Hacker Spaces, and watched as Aestetix worked on this year's crypto-puzzle. When things were quiet for an exceptionally popular talk, I spent some quality time playing Joust on their full size mame arcade.

The one talk I did attend was Bruce Potter's speech on the "8 Dirty Secrets of the Security Industry." While not ground breaking, it was a step in the right direction. The industry needs a more critical eye and I hope Bruce continues to spread what he's learned.

My favorite parts of the con had to be the Hacker Foundation room, B9punks nightly parties, and the Notacon talent show that introduced me to DualCore, which I've spoken about already in music that appeals to intelligence.

So, if you're looking for a computer enthusiasts get together that isn't a clone of the DEFCON-style security circus or bombards you with HOPE-like propaganda, then I suggest you should check out Notacon and be prepared to make some art!

A Cipher-Only Attack for BitchX Encryption

2007-05-22T19:19:00.000-07:00

I originally wrote this a few years ago, but the server it was hosted on has been down for a few years. I'm also planning to code a proof-of-concept for this soon.

November 24, 2001

BitchX[1] is a popular client for Unix which allows users to communicate to other users through Internet Relay Chat[2] (IRC) networks. On an IRC network each message may be retransmitted multiple times before reaching each of the intended receivers. A user may reduce the number of retransmissions by personally communicating with a single user via Direct Client to Client (DCC) chat. However each form of communication can be eavesdropped on by any network along the transmission routes.

To increase privacy, BitchX included the ability to encrypt transmissions over an IRC network. BitchX utilizes an encryption system based on XOR. While simple XOR is trivial to break using the Occurance of Coincidence method. XOR in Cipher Block Chaining (CBC) mode protects the cipher from this form of analysis. In this paper I will describe the crypto-system, it's weaknesses, and a summary of the difficulties of encrypting IRC communications.

XOR[3] is a boolean operation which is true if only one of it's inputs is true. For cryptography, a plain text can be encrypted by XOR'ing the plain text with a key. This can then be decrypted by XOR'ing the encrypted message with the same key. One benefit of XOR is that same bit of output can be generated by 2 combinations of inputs. An 8bit character could be generated by 256 (or 2^8) combinations of inputs. This property eliminates the one-to-one frequency analysis used on substitution ciphers, such as rot13.

The weakness with XOR encryption occurs when they key is repeated. Normally this occurs when the key is shorter than the plaintext message. By XOR'ing two values, which are the results of an XOR with one shared input, the shared input is eliminated, the result is the XOR of the corresponding inputs. If two encrypted letters (which where encrypted with the same key) are XOR'd with each other, the key is removed and the result is the XOR of the two plain text characters. The key-length can be derived from a process known as Occurance of Coindence[4].

To strengthen the XOR encryption, BitchX counters the Occurance of Coincidence by using Cipher Block Chaining[5] (CBC). In CBC mode, the first character is XOR'd with the key and a seed, or Initial Vector (IV). The next character is XOR'd with the key and a value called the hash value. The first hash value is the Initial Vector XOR'd with the previous plain text character. Each hash value after that is generated by XOR'ing the previous hash value with the previous plaintext character. In other words, each character is used to modify the encryption of the next character.

The most important flaw with this implementation, is that of the IV. BitchX sets the IV to zero for each message it transmits. When the key is XOR'd with zero, the effect is nil. By itself this would not be a weakness, for the plain text XOR'd against the key would still generate unreadable cipher text. The weakness is that the IV is same for each message. Thus, the initial key is repeated for every message.

The XOR of the first encrypted character of any two messages is the same as both plain text characters XOR'd together. This also happens to be the hash for the next encrypted characters XOR'd together. Now we can remove the hash for any pair of XOR characters, by taking all the previous plain text XOR'd pairs, and XOR them together.

Since the key is constant, each pair of characters are encrypted with the same key. Thus when the pair is XOR'd together, the key is eliminated. Using these methods, the hash and the key is stripped from the message. The only thing left is to messages XOR'd together. From here we return back to the simple XOR analysis and pick apart the message.

A unique IV needs to be generated for each transmission, in order to strengthen the crypto-system. Also each person's IV needs to be unique. If any two transmissions have the same IV, the above method will still work. In a 8bit character cipher stream, the odds of having any two transmissions with the same IV is 1 out of 128.

There are problems with generating unique IV's. If one of the people in the chat becomes out of sync with the others for any reason, the crypto-system needs to be re-initiated. Loosing sync can occur anytime a client losses connection with an IRC server, or if IRC servers loose connection with each other (Net-Split), or if the person leaves a channel, or if a person joins a channel after the encryption is initialized.

Thanks to the following people for helping me with this article. Nightmode for giving me a reason to analyze the crypto-system. DeathCubeK for assistance with XOR decryption.

Reference:

[1] BitchX: http://www.bitchx.org/, Oikarinen and Reed
[2] Internet Relay Chat: RFC 1459,
[3] XOR Encryption: http://www.md2600.net/newsletter/issue2/122.html, DeathCubeK
[4] Occurance of Coincidence: http://www.md2600.net/newsletter/issue2/122.html, DeathCubeK
[5] Cipher Block Chaining: Applied Cryptography, Bruce Schneier

TLS and TOR: Two complimentary protocols

2007-05-19T11:43:00.000-07:00

A few months ago, H.D. Moore caused an uproar in the Tor project by releasing tools to unmask certain users. No matter what his intentions were, the threat they present are little. What Moore reminded us was that non-encrypted traffic can be modified for malicious purposes.

There are two aspects to surveillance on the Internet, traffic analysis and wiretapping. Traffic analysis is the study of who you talk to and how often, while wiretapping focuses on what has been said. This difference is important for law enforcement and other privacy concerns as wiretapping typically requires a warrant where traffic analysis has no such restriction.

Tor is a tool to protect your communications from traffic analysis, by obfuscating any unique identifier from the originator of the traffic. Moore's attack breaks this obfuscation by wiretapping and modifying the content. TLS (aka SSL) protects the message from wiretapping and alteration, but does not prevent traffic analysis. Used together, TLS and Tor cover the other tool's weaknesses, providing interlocked protection.

If you use Tor, then you ought to encrypt your traffic with TLS or SSH. In fact, if you use TLS and SSH, then you should possible look into using Tor. However, be careful to note resolve domain names, flush your cookies often, and (with the case of TLS) do not use client side certificates.

Update: 9/18/07 Wired is running an article about how some "researcher" was able to sniff passwords and other private data. My prediction is that this vulnerability will be rediscovered ever six months when a "researcher" discovers TOR.

What PGP can learn from S/MIME

2007-05-10T18:34:00.000-07:00

or, How to infect your friends with Crypto

Recently the topic of secure attachments came up amongst my non-cryptonerd friends, which I have plenty. Their initial solution was to use a password protected Winzip file. I happen to know the recipient digitally signs all of his mail using S/MIME and suggested that they just use encryption. I was able to quickly show them that they already had the recipent's public key and how to encrypt an email to him with no additional software or fuss.

With S/MIME including a copy of the certificate in its signatures, coupled with its integration in various popular email clients, S/MIME has not only made crypto extremely user friendly, but also highly infectious. Now an average user can securely send mail without cutting their own key and remembering another passphrase. This is likely to recruit more users into using cryptography than all of the key signing parties and self-addressed propaganda of the PGP community.

I still enjoy key-signing parties for their social aspects with other cryptonerds and have a PGP key handy just in case, but I'll keep signing emails with my infectious S/MIME.

Hard Drive Encryption and Forensics

2007-03-04T09:40:00.000-08:00

Computer forensics focuses on media analysis, such as analyzing hard drives. In trusted environments, or rather environments under the analyst's control, the analyst has a home field advantage. While an intruder may make the analyst's job more difficult, the intruder is ultimately limited because he does not have control of the environment.

When an analyst works on a device seized from a malicious host, he loses this home field advantage. Forensic "war stories" are often a result of cases where a malicious agent has hardened his environment but overlooked something crucial that the analyst was able to exploit. The classic case is when an amateur deletes his evidence but neglects to wipe the slack, or when someone encrypts the original but overlooks the temporary files created by applications. These war stories boil down to a common moral. The bad guy is caught because his defenses weren't complete.

Now technology is becoming widely adopted that threatens to make such stories extinct. This technology will allow the hostile agent to unrecoverable wipe his hard drive with his mind. While this sounds sensationalist, the technology is very modest. Hard drive encryption is becoming widely adopted by businesses in response to all the hard drives being stolen. Once again encryption is a double-edged sword, as a tool for both sides. The ability to, as Marcus Ranum puts it, "wipe a hard drive merely by forgetting the password," is an obstacle that forensics will have to face.

Forensics will still enjoy their home field advantage when it comes to cases involving hacking, but there are many other crimes who's evidence is found on a hostile computer. In cases such as child pornography, counterfeiting, and organized crime, complete hard drive encryption will determine wither a case results in a conviction. It will be interesting to see how forensics develops to counter this obstacle. My bet will be on certifying professionals on key logger and trojan technologies.

2006: Year of the Missing Hard Drives

2007-01-30T19:36:00.000-08:00

In Practically every month some company made headlines by misplacing a hard drive containing personal information, but the untold story is in the lost hard drives that went unreported. It is bad enough to a company's reputation to announce certain information theft required by law. Imagine the results if a company reported every missing hard drive with internal communications, their next prototype, or confidential client information. Ironically, corporate laptops are probably more likely targeted because of the their unwillingness to report the loss.

Though in most cases, the hardware is covered by insurance, the lose of information or its misuse in the hands of an adversary is unrecoverable. As most of these systems will find their way onto eBay or, in the case of an Army USB key, back alley markets in Afghanistan, their treasures lie waiting to be discovered by anyone with the simplest forensic skill. This trend of undisclosed missing hard drives is likely to become a key method of passive intelligence gathering. It also wouldn't surprise me at all, if various counter-intelligence groups are seeding false information through black market laptops.

Personally I merely hope to find those risque photos the husband promised he would erase ;)

Forensic Irregularities

2006-12-22T02:26:00.000-08:00

In what seems like an example of dumb and dumber, a small counterfeiting case in Michigan exposes a weakness with the science of computer forensics.

“Counterfeiting suspect testifies at his own trial,” Cheboygan Daily Tribune.

Computer forensics as a science contains two fields of practice: technical and analytical. The, objective, technical practice is the foundation, which establishes the field's reputation. The, subjective, analytical practice is the interpretation of the technical findings submitted to the court as testimony. By definition, forensics is a debate using testimony, but the problem with computer forensics is its avoidance of a debate, or critique, due to the opportunity of causing “reasonable doubt” in the subjective testimony.

The defense, as in most court cases, did not have a computer forensics expert, but the prosecution had two forensic teams to review the evidence. An irregularity occurred when one forensic team discovered evidence that was overlooked by the other team, the United States Secret Service. If such a prestigious organization can overlook critical evidence in a counterfeiting case then how is the jury to know if either team performed their analysis thoroughly?

The amount of evidence overlooked in the technical practice affects the accuracy of the testimony. However, there is no method to determine how much an investigator missed and thus determine the accuracy. Rarely does the defense have their own forensic expert, so these irregularities go unnoticed except in few situations. This case is one of many examples that illustrates the field's need for critique.