sud0nick Posted January 6, 2016 Share Posted January 6, 2016 Challenge accepted: To secure myself from government agencies reading my mind I will put on my tin foil hat. Completely secure. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 6, 2016 Share Posted January 6, 2016 Easy, to save money you reuse the tinfoil that you wrapped yesterdays sandwiches in. While out walking in the park a seagull sees a small piece of bread caught in a fold. It swoops in and grabs the bread, tearing a hole in the hat in the process. You don't notice the hole which allows a small stream of conciousness to leak out, this is picked up by the thought police and results in a long stay in a dark hole. Quote Link to comment Share on other sites More sharing options...
AXANO Posted January 6, 2016 Author Share Posted January 6, 2016 @digininja i respect you and your knowledges and you have proven to me that you know things but if there wasnt a way to hide yourself from the government there wouldnt be any hackers because they would all have been caught surely there is a big chance that somebody will make a mistake but we are not talking about mistakes here only about ways to really stay anonymous from the gov. and to protect all our personal data. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 6, 2016 Share Posted January 6, 2016 Its as I've said a few times, you have to decide who you are trying to stay safe or hide from. It is usually going to be the police who go after low level criminal hackers, in most countries they are under resourced and so have to choose their battles and so the script kiddies who could probably be easily swept up due to really poor OPSEC are unlikely to get tracked down as the prosecution is going to take more effort that its worth. In the UK there is a threshold of monetary loss that someone has to show for a successful prosecution, under that level, the police aren't interested. When the government or police really decide to go after someone, e.g. Lulzsec, they put their resources into action and that is where little mistakes mean big problems for the criminals. So, this takes me back to these questions which you need to answer so that your question can be answered better: Who are you trying to protect your self against What are you planning to do once hidden and is it likely to make you a target What are you trying to actually protect What level of effort do you want to go to to protect yourself? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 6, 2016 Share Posted January 6, 2016 Easy, to save money you reuse the tinfoil that you wrapped yesterdays sandwiches in. While out walking in the park a seagull sees a small piece of bread caught in a fold. It swoops in and grabs the bread, tearing a hole in the hat in the process. You don't notice the hole which allows a small stream of conciousness to leak out, this is picked up by the thought police and results in a long stay in a dark hole. I never told you I eat sandwiches. How did you know? Also, why would I wrap my sandwich in tinfoil, that stuff is for my head. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 6, 2016 Share Posted January 6, 2016 You don't what "them" to know what sandwiches you have do you? That's basic OPSEC. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 18, 2016 Share Posted January 18, 2016 I've just watched a live version of this talk, a very good overview of how hard good OPSEC is. Quote Link to comment Share on other sites More sharing options...
fugu Posted January 20, 2016 Share Posted January 20, 2016 Challenge accepted: To secure myself from government agencies reading my mind I will put on my tin foil hat. Completely secure. http://www.usatoday.com/story/tech/2014/04/22/mind-reading-brain-scans/7747831/ Quote Link to comment Share on other sites More sharing options...
cooper Posted January 21, 2016 Share Posted January 21, 2016 Sean Kennedy's got you covered: , continued . Quote Link to comment Share on other sites More sharing options...
vailixi Posted January 24, 2016 Share Posted January 24, 2016 (edited) Challenge accepted: To secure myself from government agencies reading my mind I will put on my tin foil hat. Completely secure. Tinfoil hats only work if you are not wearing rubber soled shoes. You have to grounded or the tinfoil hat will actually be amplifying said eyesight television Frankenstein radio controls. Saw it on YouTube I'm pretty sure. But on a serious note I would be willing to help develop said chat application. Basically take you favorite book and use that as a wordlist. You know what book it is and your buddy knows what book it is. Each line of the book gets read and used as a salt while hashing each word up to certain length maybe 7 characters bigger words concatenated. So only you and your buddy have the dictionary to create the precomputed lookup cards for messages. Then you create an encrypted container to put the message in put that into another encrypted container and so on for like 500 layers of encryption block cipher send through stream to buddy. So an attacker would have to know what book what pages you are using for salts. Then they would have to know the hashing algorithm then would have to know which encryptions you are using. Then they would need a LOT of compute power to get the plaintext. The hashing portion of this could be figured out like a very complex cryptogram so you alternate hashing and encryption schemes to make it less susceptible to attacks. Nothing is really secure though. Whatever type of encryption is less relevant. But in the case it can be bruted just calculate the total hashrate of all of the computers currently in existance combined and multiply that by like several orders of magnitude. So yeah even if it's bruteable it will still take until sun burns out to crack your message. Anybody want to seriously talk about this hit me up. Edited January 24, 2016 by vailixi Quote Link to comment Share on other sites More sharing options...
digininja Posted January 24, 2016 Share Posted January 24, 2016 That sounds like a whole lot of effort that could easily go wrong and that moves from a chat system to an encrypted message system. If you are going to do that just use pgp or keybase.io. Quote Link to comment Share on other sites More sharing options...
cooper Posted January 25, 2016 Share Posted January 25, 2016 Keybase.io ?? You mean to exchange the public elements of the encryption stack or does it do more than that? Quote Link to comment Share on other sites More sharing options...
digininja Posted January 25, 2016 Share Posted January 25, 2016 What vailixi is describing sounds more like a way to pass encrypted messages rather than a secure chat so I was suggesting rather than inventing their own to use an existing one. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 25, 2016 Share Posted January 25, 2016 Inventing your own can be a great learning experience, though. I'm currently working through "Implementing SSL / TLS Using Cryptography and PKI" by Joshua Davies and it's pretty awesome to see how different algorithms are implemented even if it is a bit dense at times. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 25, 2016 Share Posted January 25, 2016 Learning experience maybe, secure, highly unlikely. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 25, 2016 Share Posted January 25, 2016 Yeah but even Vincent Rijman and John Daemen had to start somewhere. It may not be secure the first time but if you can eventually make a strong cipher/algorithm/encryption standard it would be worth it. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted January 25, 2016 Share Posted January 25, 2016 I have made my own encryption/compression... I have felt the supper clever self appointed genus syndrome... I have also read a lot of articles about other people doing this and the response given... a rookie cryptographer could most likely crack it... So. My clever feeling was put in check by that statement... I would love to put my encryption to the test, I wish there was a place to submit my encryption algorithm. super computers existence allow for a huge advantage and any professional cryptographer would have easy access to one... it was a great learning experience, my skill level has progressed so much with attempting these kinds of projects... I have not given up on this project, just had life issues come up... Quote Link to comment Share on other sites More sharing options...
digininja Posted January 25, 2016 Share Posted January 25, 2016 The general rule is never to rely on any self rolled crypto unless you happen to have lots of qualifications in that area. Do it to learn the concepts but don't trust it. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 25, 2016 Share Posted January 25, 2016 This is why peer review is so important. As i8igmac stated it would be great if there was a place to post your crypto code for wide scale peer review. Maybe there is a place but I haven't looked. Quote Link to comment Share on other sites More sharing options...
cooper Posted January 26, 2016 Share Posted January 26, 2016 Crypto is too important to just hope for the best. There are *so* many ways in which your home-grown crypto can fail it really isn't at all funny. Proving compression/decompression works is easy: Put something in, take it out again, compare what went in with what went out and if identical, see how small it was while being in. If it's smaller than most, hey presto! You have a winning compression algorithm. With crypto people will be able to make assumptions based on the various stages of encrypting the data and the state of the CPU or the power draw while it's doing it or it'll be non-uniform or, or, or.... People who do this sort of thing get paid a *LOT* of money to do this and they too are very hesitant to say "this shit works". Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 4, 2016 Share Posted February 4, 2016 Just found this which seems relevant: https://www.deepdotweb.com/2016/02/03/into-ricochet/ Quote Link to comment Share on other sites More sharing options...
digininja Posted February 4, 2016 Share Posted February 4, 2016 If you are looking at things like that then I'd say look at this instead as I know the authors and trust them. http://risky.biz/RB328 Quote Link to comment Share on other sites More sharing options...
cooper Posted February 5, 2016 Share Posted February 5, 2016 Just found this which seems relevant: https://www.deepdotweb.com/2016/02/03/into-ricochet/ If you are looking at things like that then I'd say look at this instead as I know the authors and trust them. http://risky.biz/RB328 Today, invisible.im's main focus is supporting the development of Ricochet Messenger. So there's no 'instead', rather, we have 2 votes of confidence in Ricochet. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.