There is still the old venerable one-time pad. Granted, the key management
gets pretty onerous with many communication partners, but in one-to-one or
few-to-few structure it should be sufficient. And not even NSA can break
that, at least not from intercepted communication.
The necessary key size is not a problem these days, in this age of
terabyte harddrives and gigabyte flash chips. A 16-gigabyte flash can
store enough random numbers to encrypt almost 4000 hours of GSM-bitrate
phonecall. (Then the problem gets to be a reliable destruction of used
keys, and reliable guarding of unused keys. An embedded microcontroller in
charge of the key could take care of both, destroy the memory when
tampering is detected, improper PIN is used too many times, or duress PIN
is entered. It should also limit the speed of outputting the key, so any
attack aimed at obtaining significant part of the memory in reasonably
short time is thwarted.)
(Beware of secure erasing of flash chips; the sector wear leveling
algorithms may spoil your day as the physical medium behavior is different
than what our hard-drive based assumptions can lead us to think and
parts of the data can soon end up scattered all over the flash in multiple
copies. Said microcontroller can also take care of this, though, if a
chip without such sophisticated algorithm is used. This application will
not have too many random writes anyway so wear-leveling is not necessary.)
The devices for secure communication then themselves have to be ironclad
and have bare minimum of interfaces exposed to the Net.
Alternative ways of communication can also be exploited, from physical
shipping of media (with tamper-evident packaging) to direct-line-of-sight
laser communications (beware of atmospheric scatter though).
NSA is powerful. But it is not omnipotent. Making us believe they can do
more than they can do (same as fooling us into believing they can do less
than they can - hi, Sun Tzu) can be a form of psychological warfare.
On Wed, 11 Apr 2012, Roger at Bugsweeps wrote:
> http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
>
>
>
>
>
> What is so difficult for an old TSCM'er like me (sweeping since 1973) is
> with this NSA data basing all communications I can no longer tell a client
> that their communications are secure. I used to be able to do that and I
> can't any longer.
>
>
>
> I hate to say it but TSCM may become obsolete. It has been great to me over
> 40 years, so it makes me pretty sad that we can no longer protect the Fourth
> Amendment.
>
>
>
> Roger
>
> www.bugsweeps.com
>
>
>
>
>
>
Received on Sat Mar 02 2024 - 00:57:27 CST