Riverside killing off encrypted media radio access

Status
Not open for further replies.
Outerdog

Outerdog

T¹ ÆS Ø
Premium Subscriber
Joined
Jul 1, 2016
Messages
641
RFI-EMI-GUY said:
They did not say, nor did I that the method forces the channel into clear. It just bars the users from passing encrypted voice. The users must then use a clear mode to communicate or not communicate at all.
Click to expand...

I did not say that you said it forces the channel into the clear. You've moved the goalpost just a bit. You said:

RFI-EMI-GUY said:
... can be selectively jammed and the users would be forced to use clear mode.
Click to expand...

I simply wanted to be clear that the attack does not force anything. The attacks, when successful, merely prevents certain modes of operation and does not force anyone to do anything.

The report also indicates that the end user would have difficulty detecting the attack and then suggests that they would be forced to use clear traffic. I'm not sure how they would make that connection if the exploit is difficult to detect. Besides, in most cases when deployed, encryption is strapped (recommended as a stop-gap in the report), wouldn't you agree?

I think we're saying the same thing...
 
H

Hans13

Member
Joined
Dec 30, 2014
Messages
997
Outerdog said:
I did not say that you said it forces the channel into the clear. You've moved the goalpost just a bit.
Click to expand...

Outerdog said:
I simply wanted to be clear that the attack does not force anything. The attacks, when successful, merely prevents certain modes of operation and does not force anyone to do anything.
Click to expand...

You stated, "There is no mention of users being "forced" into running in the clear. "
The report you linked literally stated, " (thereby forcing the users to disable encryption)".

Outerdog said:
The report also indicates that the end user would have difficulty detecting the attack and then suggests that they would be forced to use clear traffic. I'm not sure how they would make that connection if the exploit is difficult to detect. Besides, in most cases when deployed, encryption is strapped (recommended as a stop-gap in the report), wouldn't you agree?
Click to expand...
The title of the article is, in part, "Why (Special) Agent Johnny (Still) Can't Encrypt". When their communications don't go through, they naturally switch to be in the clear. They don't have to know why encryption isn't working, only that it isn't for some reason. The net result is that the user gets forced to communicate in the clear.

Outerdog said:
I think we're saying the same thing...
Click to expand...

Yes, you are.
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,878
Hans13 said:
I'd really hate to have to shoot my toaster; it makes good toast! That is, after all, its purpose in life. Sadly, even kitchen appliances will one day be encrypted. On that day, my toaster and I will have to re-enact a scene from "Old Yeller." Only one of us will be leaving the corn crib.
Click to expand...
It is getting to that point. Today Google is being grilled by Congress for tracking our every movement using devices.

https://youtu.be/N9wsjroVlu8

Sent from my SM-T350 using Tapatalk
 
allend

allend

Member
Premium Subscriber
Joined
Feb 1, 2012
Messages
1,378
Location
Long Beach, CA
Dont worry about Google or anybody else. Just take matters in your own hands to secure your own path. If you do not want tracking buy a car without GPS. Do not text message, do not email, or carry a cell phone. But if you have to use this enterprise solution. Government agencies use this technology when traveling aboard so other countries do not know they are present.

When firefighters are fighting fires they fight fire with fire. They set back fires to meet up with the ragging fire to put out the fire. Catch my drift. This is what the public needs to know and be aware of moving forward with life.

https://www.silentcircle.com/products-and-solutions/silent-phone/
 
Last edited:
H

Hans13

Member
Joined
Dec 30, 2014
Messages
997
allend said:
Dont worry about Google or anybody else. Just take matters in your own hands to secure your own path. If you do not want tracking buy a car without GPS. Do not text message, do not email, or carry a cell phone. But if you have to use this enterprise solution. Government agencies use this technology when traveling aboard so other countries do not know they are present

https://www.silentcircle.com/products-and-solutions/silent-phone/
Click to expand...

Activists already use this strategy. Many of them tend to be hardware and software developers with knowledge and quite a bit of $$. I've used some of the tech when involved and some of it is not anywhere to be found on the clear web. You have to know someone and be trusted to even know it exists.
 
S

slicerwizard

Member
Joined
Sep 19, 2002
Messages
7,643
Location
Toronto, Ontario
RFI-EMI-GUY said:
That's what they said about DES 56.
Click to expand...
So you have nothing...


Anyway, the NSA probably inserted a backdoor, so in the end it won't be brute force that compromizes it.
Click to expand...
The NSA didn't design AES. How can you have such a fundamental misunderstanding?


RFI-EMI-GUY said:
They did not say, nor did I that the method forces the channel into clear. It just bars the users from passing encrypted voice. The users must then use a clear mode to communicate or not communicate at all.
Click to expand...
Groups are typically strapped secure only, so not an issue for any well run department. It's like driving with the hood up and crashing into something and then claiming that the car is stupid and "vulnerable"...

So "that's what they said" and "probably" and "the stupid radio shop made the system stupid by allowing clear traffic". That's all that any of you have regarding cracking AES?

Still waiting for anything concrete about how AES256 is going to be cracked. And if you manage to social engineer or steal a key, that's not cracking AES, despite what Hansie wants to claim. Might as well steal a radio and yell "I cracked AES!!!11!"
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,878
slicerwizard said:
So you have nothing...


The NSA didn't design AES. How can you have such a fundamental misunderstanding?



Groups are typically strapped secure only, so not an issue for any well run department. It's like driving with the hood up and crashing into something and then claiming that the car is stupid and "vulnerable"...

So "that's what they said" and "probably" and "the stupid radio shop made the system stupid by allowing clear traffic". That's all that any of you have regarding cracking AES?

Still waiting for anything concrete about how AES256 is going to be cracked. And if you manage to social engineer or steal a key, that's not cracking AES, despite what Hansie wants to claim. Might as well steal a radio and yell "I cracked AES!!!11!"
Click to expand...
I will leave this right here.

https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html

And this..

https://www.schneier.com/blog/archives/2006/06/greek_wiretappi_1.html

Sent from my SM-T350 using Tapatalk
 
Last edited:
Outerdog

Outerdog

T¹ ÆS Ø
Premium Subscriber
Joined
Jul 1, 2016
Messages
641
krazybob

krazybob

Member
Joined
Oct 26, 2003
Messages
481
Location
Lake Arrowhead, Southern California
Why such drama and outright sarcasm? This is supposed to be an intellectual discussion of encryption and not comments pointed directly at an individual.

The NSA does not need to have developed aes-256 to find a back door. They're the experts at finding back doors of foreign entities and getting into their systems and it only makes sense that they've already cracked AES 256. When you take it to the extreme and consider that drug cartels are likely using this technology that they have obtained unlawfully the NSA of course is motivated to find a way in. If the NSA can find the camera inside of my flat screen LED TV that I can't even find in the microphone I'm sure they can find a back door into AES 256.
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,878
Outerdog said:
For those like me who aren't as enlightened as you, can you explain what these two blog entries do to further the possibility of cracking AES?

I mean just dropping two decade-old blog entries without any context doesn't tell us dummies very much.
Click to expand...
The NSA has for decades, embedded back doors into communications systems and encryption algorithms. They do it by infiltrating the companies who make the technology. It is no different than a corporation hiring a PI firm to plant employees in their company to weed out union sympathizers. But in this case, it is the NSA who recruits engineers and technicians within the industry and they work covertly at the firms making the tech.

Why wait until the product is completed to "social engineer a key" when you can social engineer a back door into the product during development.

For those who remember, the NSA is the one who approves commercial crypto for the government and for export. They really got peaved back when PGP encryption was developed independently and wanted it shut down. To think they have nothing to do with inner workings of AES is extremely naive.





Sent from my SM-T350 using Tapatalk
 
allend

allend

Member
Premium Subscriber
Joined
Feb 1, 2012
Messages
1,378
Location
Long Beach, CA
I use to work for a tech company that bought this company in New Zealand. Now the reason we bought them was Endace since they were an off shore company they could not sell the technology to US based companies because they were offshore and could not sell to the Military or to the CIA or NSA. So in order to sell this product we bought them and sold this hardware device.

https://www.endace.com/

So this hardware device is a network packet sniffer. You attach this hardware appliance to any internal computer network and it can sniff each packet on the network and decode each packet in to plain text.
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,878
allend said:
I use to work for a tech company that bought this company in New Zealand. Now the reason we bought them was Endace since they were an off shore company they could not sell the technology to US based companies because they were offshore and could not sell to the Military or to the CIA or NSA. So in order to sell this product we bought them and sold this hardware device.

https://www.endace.com/

So this hardware device is a network packet sniffer. You attach this hardware appliance to any internal computer network and it can sniff each packet on the network and decode each packet in to plain text.
Click to expand...

There is absolutely no privacy on the internet. It can all be recorded and studied and decrypted at a later time when it it is either technically feasible to decrypt or it becomes important enough to spend money to fund a decryption effort.

The Silent Circle product mentioned a few posts above would concern me. I would think that the resulting network traffic would be a target for state sponsored eavesdropping. The traffic, no matter how brief, can be captured and stored for later analysis. A Canadian company selling a similar product was shut down this past year by the USDOJ who claimed that the Mexican Cartel used their phones. Maybe so, but others were certainly affected by the shutdown.

If you want secure communications, use simplex radio. Encrypt it and change channels hourly. Yes the entire band can be recorded as well. But they have to be in proximity of the signal.
 
krazybob

krazybob

Member
Joined
Oct 26, 2003
Messages
481
Location
Lake Arrowhead, Southern California
RFI-EMI-GUY said:
If you want secure communications, use simplex radio. Encrypt it and change channels hourly. Yes the entire band can be recorded as well. But they have to be in proximity of the signal.
Click to expand...

We already have secure Communications in the military. They use spread spectrum multiband technology. Good luck to decoding that unless you have the key. But therein lies the rub. Technology used to get the key Although our military communications remain secure to some extent. But even though they are using secure communications when orders are sent they have a cipher key that must match on both sides. If it doesn't it is assumed to be fake. That's different than real time dispatch.

I don't know how you can say to use simplex and encrypt it and change channels hourly. If the key is compromised so are your simplex.

Do you remember the mass killings and roving terrorists in San Bernardino California? The man had an iPhone and Apple refused to provide assistance decrypting the phone. They said it was impossible and would destroy the content. Our anti-terrorist folks paid a man $1,000,000 and almost instantly he decrypted the key.

I'll bet if we came up with a million dollars he would decrypt AES256 and provide the software that would allow us to intercept it OTR and grab the key.

As the owner of a hosting company that uses his own Hardware that includes firewalls and switches I can tell you that my own network is not secure. If somebody wants in there going to get in. I am not deluded in thinking because I know that if Yahoo can be broken into, so can I. If Citibank can be broken into, so can I. But why break in? Some do it just to prove that they can do it while others do it so that they may harness to computing power of thousands or hundreds of thousands of computers at any given time. This is how complex keys are easily hacked.

When you think of it this way understand that the computers on the Space Shuttle are 8088 processors. The Originals going all the way back to the IBM or the Tandy that first hit the market. One computer performs one function only on the Space Shuttle. Even though today's computing power can fit into a watch, they don't trust it to one computer.

I will end with this. 5G processing. As mobile devices and smartphones continue to advance so does their speed. I use my cell phone more than I use my desktop now.

Sent from my SM-G965U using Tapatalk
 
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,878
allend said:
Dont worry about Google or anybody else. Just take matters in your own hands to secure your own path. If you do not want tracking buy a car without GPS. Do not text message, do not email, or carry a cell phone. But if you have to use this enterprise solution. Government agencies use this technology when traveling aboard so other countries do not know they are present.

When firefighters are fighting fires they fight fire with fire. They set back fires to meet up with the ragging fire to put out the fire. Catch my drift. This is what the public needs to know and be aware of moving forward with life.

https://www.silentcircle.com/products-and-solutions/silent-phone/
Click to expand...

Have you read the "privacy" policy? They collect everything and sell everything. Maybe your voice and text are encrypted and destroyed, maybe?. But your very existence and behavior as a subscriber to the service is retained and sold.

No thanks...

https://www.silentcircle.com/privacy-policy/

Sent from my SM-T350 using Tapatalk
 
Outerdog

Outerdog

T¹ ÆS Ø
Premium Subscriber
Joined
Jul 1, 2016
Messages
641
RFI-EMI-GUY said:
The NSA has for decades, embedded back doors into communications systems and encryption algorithms. They do it by infiltrating the companies who make the technology. It is no different than a corporation hiring a PI firm to plant employees in their company to weed out union sympathizers. But in this case, it is the NSA who recruits engineers and technicians within the industry and they work covertly at the firms making the tech.

Why wait until the product is completed to "social engineer a key" when you can social engineer a back door into the product during development.

For those who remember, the NSA is the one who approves commercial crypto for the government and for export. They really got peaved back when PGP encryption was developed independently and wanted it shut down. To think they have nothing to do with inner workings of AES is extremely naive.
Click to expand...

So the two decade-old blog entries actually do nothing to support AES 256 being cracked.

Got it.
 
H

Hans13

Member
Joined
Dec 30, 2014
Messages
997
krazybob said:
Why such drama and outright sarcasm? This is supposed to be an intellectual discussion of encryption and not comments pointed directly at an individual.
Click to expand...

I was wondering the same thing. Hopefully, there can be a perspective shift in this thread and we can all focus on the discussion instead of barbs at individuals.

As to the intellectual part, I'm not making any guarantees on my end. Some of what I post will appear quite dense, I assure you. :D
 
Status
Not open for further replies.

Similar threads

A
No more encryption in calif as of Jan 1 2024
2 3 4 5 6
Replies
119
Views
16K
es93546
es93546
jland138
  • Locked
Palo Alto Police now encypted on SVRCS
Replies
19
Views
3K
jland138
jland138
pro106import
  • Locked
Now hear this: Emergency agencies turn off radio encryption
Replies
0
Views
297
pro106import
pro106import
S
  • Locked
LRPD Encryption....Thank You RADIO REFERENCE!!!!
Replies
1
Views
437
pepsima1
P
trunktracking
  • Locked
Orange County Florida Sheriff's Office Denies X2-TDMA System Monitoring Requests
Replies
16
Views
5K
NYRHKY94
NYRHKY94
Top