[cryptography] "stream MAC" - does anything like it exist?

Marsh Ray marsh at extendedsubset.com
Wed Sep 15 13:38:10 EDT 2010

On 09/15/2010 10:21 AM, J.A. Terranson wrote:
> On Wed, 15 Sep 2010, Marsh Ray wrote:
>> On 09/15/2010 01:37 AM, J.A. Terranson wrote:
>>> Clearly, your hearing is impaired. Anonymous travel is becoming nigh
>>> impossible within the United States.
>> If I have a current plate on my car, a driver's license in my pocket, and
>> money for gas I can drive just about anywhere I want.
> This is a long way from "travelling where and how I please". Air travel
> has only recently required ID (I flew well into the 1990's without any ID
> whatsoever, provided my tickets were purchased beforehand), and bus/rail
> lines have only required ID since the 9/11 false flag incident.

Hmm, well, OK. I certainly didn't fly much back then.

> As for
> walking down the street, and doing nothing else, if for *any* reason you
> should get stopped (maybe you vaguely resemble someone on the run, or
> worse, you don't look like the rest of the neighborhood [black in white
> suburb]), and you don't have ID, you *will* be spending some time (from
> hours to days) with the local PD.  The implicit assertion that ID isn't
> required on a 24x7 basis is simply untrue.

Communities have always had laws about "vagrancy", and you're right, how 
they're enforced varies wildly based on the circumstances and local 
discretion. We could have endless discussion about the extent to which 
that is unfair. Let's not, I've heard it all before.

>> Every few years I might get pulled over for a burned out bulb or
>> forgetting to renew my tag, but no one expects an ID otherwise. Hotels
>> and airplanes have always required ID for obvious reasons.
> Oh? What "obvious reason" would that be? Because we all know how well a
> terrorist is likely to use his or her *own* ID, right?

Hotels are entrusting their property to the guest and need to confirm 
who's liable. And yes, there have been actual instances of people not 
being on the plane which was brought down by their baggage.

>> I haven't noticed that much outward, objective change in the past few decades,
>> except that the police and highway patrol (especially in rural areas) are
>> likely to be better trained and more consistent.
> Then you have your head in the sand pretty deep.

Or in the computer, more likely.

Seriously though, I actually have less paperwork for the car than I did 
20 years ago. I moved from a state which required an annual vehicle 
emissions inspection to one that does not, so now I don't need that 
particular sticker.

As for the police training, it's just my impression. Try asking the 
proverbial guy who doesn't "look like the rest of the neighborhood" 
whether he'd rather be pulled over by a rural cop today or in 1975.

>> That said, there's been a huge increase in the number of fixed cameras
>> watching the roads.
> They watch a lot more than just roads now.  And while they are supposedly
> just for traffic control [read: congestion] purposes, they are routinely
> used for law enforcement purposes as well.
>> It's likely that many traffic cameras are reading and recording license
>> plates. In my town, the patrol cars have cameras pointing every
>> direction which recognize stolen (and recently expired :-) license
>> plates. There are enough fixed traffic cameras around town that they
>> never really need to chase anyone with lights and sirens like they used
>> to.
> And yet, the chases continue.  Wonder that, huh?

Not in my neighborhood. There are many PDs that have a "no chase" policy.

>> To what extent this data is recorded, retained, and centralized I don't know.
>> It's probably a fair guess that more data is collected than can be efficiently
>> searched,
> Not so likely.  Modern facial recognition systems are fast coming online.

I think those things are still an open question. Even if they had a low 
1% false positive rate, it doesn't seem that that the resulting data 
would be manageable.

>> yet few entities can bring themselves to throw it away either.
>> Eventually, it revenue-hungry states and municipalities could try to monetize
>> it by selling it to private entities such as insurers, marketers, and credit
>> bureaus.
> "Eventually"? It's been in place since the cameras went up, at least in
> Missouri (and this isn't exactly a progressive leaning State).

I'm near there, too. Do you have a link for that?

>> Genuine concerns over "identity theft" have cut down on some of the
>> enthusiasm for the sale of government records in recent years.
> Cite?

I'd read about earlier plans, and at least one plan that was cancelled 
years ago. But I doubt I could find a definitive source for my 
impression. Probably I just stopped reading the news!

>> The public debate about this data collection isn't really happening for a
>> couple of reasons I can think of. First, the early groups who began objecting
>> to the odd camera here and there tended to discredit themselves by mixing it
>> in with a general paranoia of the federal government and international
>> organizations.
> The implication being that these people needed tin foil hats. Yet, all
> they were concerned of has come to pass...

Some, but not all of it. FEMA has not turned the Amtrack stations into 
concentration camps, for example.

>> Also it's usually not acknowledged who's receiving the surveillance
>> feed, much less what their data retention, information sharing, and
>> privacy practices are.
> So the tin foil'ers were right, eh?

Yes, in this case.

>> So the ID requirements on my car and in my pocket have not changed one bit.
> You clearly aren't listening, even to yourself.

That's likely.

However, the contents of my wallet and car's glove compartment is an 
objective fact.

>> As for the back-end infosystems, I suspect no one really knows or has a
>> plan.
> I used the term "Oracleization" in the general database sense: it is
> irrelevent which back end is in use where: the problem is the back end
> existing at all.

It's definitely an issue.

>>> Forget about accessing any federal building (for any reason
>>> whatsoever) anonymously - or even with legitimate identity that has no
>>> State certified picture to accompany you.
>> It wouldn't surprise me.
> *Why* wouldn't it surprise you?  Do you honestly think the ID requirement
> (a) makes the building any safer, (b) has any legitimate purpose
> whatsoever, (c) that the people working for the federal government should
> receive better security at work than the rest of us?

Any sufficiently non-small organization will have at least a 
receptionist, a sign-in sheet, vistor badges, and an employee escort. If 
the building also happens to be a a courthouse, you can expect at least 
gramps with a .38.

>> But some context that people from other countries may not have when they read
>> a statement like that is many or most Americans will go their entire lives
>> without ever actually entering a US federal building.
> bullshit.  Until recent changes in the "have business" requirements went
> into place, it was very common for people to (anonymously) flood the local
> federal building every year, in search of tax forms.

I always got my tax forms from the local library or post office. Never 
saw any human DoS like that, except at the post office that stayed open 
until midnight on the filing deadline.

>> Seriously, the biggest direct interaction a typical citizen under age 65
>> has with the federal government is filing a yearly tax form. Over 65 you
>> probably receive a monthly check. Oh, we also had to mail in a form this
>> year for the census which is every 10 years.
> This has nothing to do with the central argument. Why the straws?

You originally stated "Anonymous travel is becoming nigh impossible 
within the United States" and I replied with an observation that the 
literal ID requirements have scarcely changed. (As well as an assorted 
bunch of subjective impressions). My belief is that it's best to have a 
good definition of whatever problem you're trying to solve.

It's easy to look at the policies of the federal government (or the news 
from Washington DC) and get an inaccurate picture about daily life in 
the US. Much like impressions formed based on television or a single 
visit to Las Vegas.

Apologies everyone, this started out seeming to relate to crypto, 
authentication, or data security but is way off topic now.

Perhaps this would be a good time for someone to raise an interesting 
hard crypto question?

- Marsh

More information about the cryptography mailing list