[cryptography] Compromised Sys Admin Hunters and Tor

John Young jya at pipeline.com
Fri Mar 21 08:01:19 EDT 2014


Sys admins catch you hunting them and arrange compromises
to fit your demands so you can crow about how skilled you are.
Then you hire them after being duped as you duped to be hired.

The lead Tor designer reportedly (via Washington Post) had a
session with NSA to brief on how to compromise it, although
"compromise" was not used nor is the word used by
gov-com-org-edu.

http://cryptome.org/2013/10/nsa-tor-dingledine.htm

Not many honest comsec wizards nowadays are promising
more than compromised comsec, and the compromise is gradually
increasing as Snowden material is dribbled out to convince the
public and wizards not a hell of a lot can be done about it except
believe in and buy more compromised comsec.

Not news here and in comsec wizard-land, to be sure, but
compromised comsec is the industry standard, as the industry
and its wizards in and out of government enjoy the boom and
bust in comsec tools generated by precursors of Snowden,
Snowden and his successors.

Compromisability is assumed by the comsec industry to be a
fundamental feature in all nations, no need to advertise it, much
better to advertise how great comsec is and now much it is
needed. Crypto-wizards have a long history of compromising
believers who hire them and who suffer their promises of
highly trusted protection.

Trusted comsec is necessary to get persons to pack their
comms with compromisable information. The greater the
trust the greater the revelations of just what is desired.

So what if laws are aleays jiggered to allow access to the
revelations "under legal pressure" and "FISC orders."
That has been a fundamental feature of crypto and
comsec wizardry.

At 06:04 AM 3/21/2014, you wrote:
>Hi there,
>
>As I am running a local cryptoparty and do a lot of basic encryption/privacy
>talks and workshops, I am often recommending Tor as one of the means of
>protecting one's privacy and yes, even security (for example, by running a
>hidden service and making it possible for users not to leave the darknet).
>
>Of course it's far from being enough, and I make that very clear.
>
>But lately I got to wonder if using Tor does more harm than good? If the NSA
>can impersonate any IP on the planet, they can impersonate any Tor node; tis
>has two important consequences:
>
>1. they know when you're using Tor, and can flag you accordingly, and (for
>    example) deliver some nastiness when (not "if"!) they get the chance,
>    because "when you have something to hide..."
>
>2. they can guess with high probability whom are you communicating with; they
>    don't have to break encryption, it's enough they listen-in and see that a
>    Tor packet from your IP to Node A is x bytes; a packet from Node A to Node
>    B is x-( header + Tor encryption layer size ) bytes, and so on.
>
>So, is using Tor today doing more harm than good? Would ordinary Joe Schmoes
>be far better of not using Tor? How about more high-profile targets, like
>activists/hacktivists, etc?
>
>--
>Pozdr
>rysiek




More information about the cryptography mailing list