[cryptography] Which encryption chips are compromised?

John Young jya at pipeline.com
Sun Nov 10 12:36:19 EST 2013


The Gardian, NYT and ProPublica have disclosed their close
coordination for Snowden releases. But AFAIK have not disclosed
redaction coordination.

There is a bit of evidence of PDF and publication coordination among
The Guardian and the NYT-Propub via PDF properties and DocCloud
file number:

ProPub produced its PDF a few minutes before The Guardian
but the Guardian was first to put it on DocCloud.

Two types of PDF programs were used. Thus the redactions made
by likely different means and therefore possibly different means
might be used to lift the redactions.

The imaging PDFs by the spies are more protective than the
commercial versions, and produce much larger file sizes. and
more blurred content. See those by ODNI as examples.

Several programs claim to be able to lift PDF redactions.

PitStop is one we have used successfully some time ago
but not recently.

http://www.enfocus.com/en/products/pitstop-pro

Redax is used widely by the USG to redact. Our version of
Redax does not lift the Sigint Enabling redactions on either
version.

http://www.appligent.com/desktop-software/redax/

Some may recall we lifted redactions on an NYT release of
CIA overthrow of Mossedeq by accident when an old, slow
machine momentarily delayed the black stripes. We froze
the screen repeatedly to grab and reconstruct the underlying
text. Adobe has since fixed that hole. But there are likely
others due to the incessant attack on vainglorius Adobe.

A source for hacking PDF passwords and maybe lifting
redactions is Elcomsoft.com, a Russian firm infamous for
its coder Dimitry Sklyrov indictment for copyright miscreancy.

https://www.eff.org/cases/us-v-elcomsoft-sklyarov

http://www.elcomsoft.com/

Lifting redactions would be a fine research project, kind of like
Tempest revelations, so great are redactions deployed by govs
and journalists these days to wield and flaunt joint complicity to
tease and withhold until bribes and budget increases are paid.

But results would have to be fast and undercover before the
digital barn doors are closed and old-time paper incision is
re-instituted. Same for eventual dust-binning of digital
crypto in favor of, well, best not to fall for open source
delusion again.

At 11:25 AM 11/10/2013, you wrote:
>On 10/11/13 16:31 PM, John Young wrote:
>>The Guardian version (greater redaction):
>>
>>http://s3.documentcloud.org/documents/784159/sigintenabling-clean-1.pdf
>>
>>NYTimes-ProPublica version (lesser redaction):
>>
>>http://s3.documentcloud.org/documents/784280/sigint-enabling-project.pdf
>>
>>[0] A related question is where were these slides posted on the Guardian
>>and NYT sites?  Which did which redaction?
>>
>>>[1]
>>>https://twitter.com/ashk4n/status/375758189444493312/photo/1
>>>http://financialcryptography.com/mt/archives/001455.html
>
>
>Nice!  Lots more information, and evidence.  Blog post updated...
>
>This appears to be the NYT commentary:
>
>http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0#briefing
>
>What I was surprised about with these detailed revelations was that 
>there was almost no fuss.  This stuff is the smoking gun for our 
>industry.  I must have been totally asleep to miss them...
>
>
>iang




More information about the cryptography mailing list