Posts by SteveH
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Hard News: Everybody's Machiavelli, in reply to Chris Waugh,
And how was it anything but inevitable that the past actions of the male protagonists aren’t being put on quite such prominent display? I’ve seen a few reminders of past mayoral and blubberly indiscretions, but nothing like what Chuang has been subject to.
I think much of that is because it's not news - his past indiscretions have been covered previously. His actions and motivations in this case are all too commonplace and therefore uninteresting. But she is unknown and her motivation in revealing the affair has been unclear and at times self-contradictory. Naturally that's where attention has focused.
-
Hard News: Everybody's Machiavelli, in reply to Rik,
Maybe it’s just a part-time job running the city – or maybe Doug McKay runs the place, leaving Len with too much spare time on his hands.
You don't think someone can hold down a full time job and also find time for sex a dozen times in 2 years? Really Rik?
-
Hard News: Everybody's Machiavelli, in reply to Cam Slater,
justifications from the left about Brown’s actions are disgusting.
I haven't seen anyone justifying Brown's actions. Quite a bit of shrugging and disinterest in someone else's personal life, sure, but justifications? Not at all.
And since when do you get to take the moral high ground over extra-martial affairs?
-
Hard News: The non-binary council, in reply to Matthew Poole,
Krum campaigned loudly on outright lies about the Unitary Plan
In my area she was fear-mongering about three story apartment blocks popping up next door under the unitary plan despite there already being three story apartment blocks in the next street over. She was also spreading FUD about the airport's altered flight plan trial. I'm very disappointed the electorate accepted her lies.
-
Hard News: The non-binary council, in reply to Stephen R,
Has there been an answer to the question “Why did she go public?” – not just the timing, but at all?
Not that I've seen. She's really played down her own role in it, essentially claiming that she was a reluctant participant and tried several times to end it, but the story isn't entirely consistent. I'm picking up a significant "spurned lover" vibe so it could just be that. I suspect she was willing but conflicted at the time and now regrets what happened.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to BenWilson,
If it doesn’t get the password of the hidden volume, it doesn’t know anything about it, and won’t necessarily avoid it. Presumably you have to mount the hidden volume when you’re using the system a lot, or you risk overwriting some of it.
That's correct. Truecrypt is unaware of the inner volume when accessing the outer volume unless you provide the inner volume key. It's not necessary to mount the inner volume as there is a mode which simply protects the sectors used by the inner volume.
BTW, the documentation is all online, we don't need to speculate about how it works.
If I were designing it, I’d make the hidden volume data go from the end of the data space backwards, and all the other data go from the front, forwards, so that such overwriting would be unlikely until both volumes together were nearing the partition capacity, in case you wanted to work for extended periods without mounting the hidden volume (say you thought you were being observed). In that case, the avoidance of the end would be automatic and normal for the system anyway, and no proof of anything.
If you're designing a system that will use existing filesystems you don't have the luxury of deciding which sectors the outer filesystem will decide to use. Aside from that, with your design, if there is a hidden volume that you're using then the data at end of the partition is going to change regardless of how full outer volume is. Thus changing data at the end of the partition is prima facie evidence of a hidden volume. As I said before, Truecrypt's hidden volumes are also not secure if an adversary has access to the outer volume at multiple points in time, but your system would make it particularly easy to detect the hidden volume.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to BenWilson,
Yup, and it’s not secret by definition if there are thousands of publicly available copies of it floating around. Hence, that is not a one-time-pad. That’s a thousands of times pad, and really insecure.
It is generally accepted that it is sufficient to keep secret the fact that something is being used as a key. It is not necessary to keep the existence of the thing secret in it's entirety. Of course if an adversary is aware that both parties have the same CD (or book or whatever) they would be very suspicious, so one or both parties should dissociate themselves from whatever they are using to source the key.
The "one-time" in OTP refers to single use which is one of the critical requirements of the system. It doesn't imply that the key must be destroyed. A bigger problem with using something like a CD is that a OTP really needs to be perfectly random.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to BenWilson,
"BTW the music industry already runs a world wide OTP distribution system – let’s both buy the same CD and use the LSBs of the waveforms"
That's not an OTP. The OT being the part by which you can tell. When you use a segment of the OTP's key, you delete it. In the old days the key pieces were on small notepads so that the pages could be burned as they were used, which is where the name comes from. If there's other copies out there, it's a dreadfully insecure system.
A OTP has certain requirements one of which is that it must be kept secret forever. Destroying it after use is one way to ensure secrecy, but it is not a requirement. Data retrieved from a commercial CD could be fine provided you do not reveal which CD you are using (better yet, don't reveal you're using a CD). However I don't know if using the least significant bit of each word on a CD would be sufficiently random.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to Duane Griffin,
The scenario is that you’ve provided the adversary with the outer key and they are forensically examining the outer volume’s decrypted filesystem image. Depending on various things, they may be able to look at the low-level pattern of activity and determine there is a space that it is avoiding, for no apparent reason.
Most filesystems and devices don't provide any way to tell if a particular part of the storage has or hasn't been changed over time short of being able to compare two snapshots of the filesystem. However you must avoid creating accidental copies of the hidden volume's data as the same set of "random" data appearing in multiple places would be suspicious. So things like keeping image style backups or defragmenting the outer volume are not recommended. You must select the outer filesystem carefully - journaled filesystems (such as NTFS) can be a problem. Even what physical device hosts the outer volume must be carefully considered - SSDs for example contain wear-leveling algorithms that can copy sectors around and/or reveal information about which parts of the device have been modified.
There are higher level attacks too - something as simple as a recent files list could reveal the presence of hidden volume. Or an outer volume that has been accessed recently but not modified could raise suspicions that the outer volume is a dummy.
If you are careful in your use of the outer volume it is probably impossible to prove the existence of the inner volume unless the adversary has had access to the outer volume at more than one distinct point in time. But it's actually pretty difficult to use a hidden volume securely. See the Truecrypt documentation for a more complete list.
-
I love the latest line from the right: that Obama will negotiate with Iran and Russia but he won't negotiate with the Republicans. They are actually proud of being more difficult to negotiate with than Iran.
The two things I am most angry about are Boehner's refusal to allow a vote on a clean funding bill, and the fact that the politicians still get paid.