Secure E-mail Primer southerner Minuteman Member # 536 posted 11-26-2002 15:28 Everyone seems to be concerned with "secure communications," but not many people seem to know much about it, at least as it applies to the online world. I thought I would post this in the hope that y'all get something out of it. Caveats There is one provably secure encryption protocol, called a "one-time pad." This is difficult to do right, but if you can pull it off, then no-one can decrypt your communications. The rest of the systems you see out there are breakable, given enough time. Most depend on something that we think is hard (like factoring large prime numbers), but an advance in number theory could really change things. Even algorithms that have no known flaws will be broken as computer technology gets better -- this is likely a long time away, but should sit there in the back of your mind as a possibility. Note also that the NSA has more insanely-bright mathematicians working for them than anyone else (than exist outside the agency?) Guess what they're working on -- crypto. The law also allows law enforcement agencies to break into your home without notice and place programs/hardware on your computer that record your keystrokes, and there are technologies that allow outsiders to remotely view your monitor's output. Even worse -- if you assume that your communications are being monitored but those monitoring them can't get to the message itself, the fact that you're choosing to encrypt some transmissions to particular recipients can tell the eavesdropper a lot. So what's the point? Nothing is sure in this life. There are a few things we know, and there are a few things that we're probably safe to assume: Internet communications are routinely monitored. Do some research into a project called "Carnivore" for more info (not that this is the only way to do so -- it's just the way everyone should know about given the press coverage). Sending unencrypted communications over the internet is like sending regular mail on a postcard. Imagine everything being sent on postcards, with the USPS running everything through an optical character recognition system to look for interesting snippets of text and keywords -- this is essentially what happens with e-mail (and likely, but to a lesser degree, http traffic like what reaches this web site.) Encrypting your communications raises a flag, unless you're one of those paranoid sorts who encrypts everything. Decrypting messages, even those encrypted with relatively weak protocols like DES, consumes resources. Nobody has limitless resources. Encryption limits the ability of outsiders to eavesdrop on your communications. While it may be possible to break a protocol like PGP (if the NSA ever did and it was clear that that was what happened, they'd lose a huge tool), in the past it's been more cost-effective to get the proper warrants filled out and place electronic recording devices on individual PC's. This means that you have to establish that you're worth that kind of investigation, as manpower is far from sufficient for everyday tasks anyway. Basically, encrypting your comms goes a long way to insuring your privacy. Even from determined attackers, unless you're on the Most Wanted list or something. Everyone in agreement so far? Good... Basics We'll start with basic definitions: A one-time pad is the most secure cryptosystem, but it's a real pain to set up. You need to find truly random data (flip a coin a million times, or record background radiation and use intervals between ticks, or draw lotto balls out of the air-blower machine, or something), then you need to deliver a copy of the random data to the person you'll be communicating with. From there you just take your message and essentially combine it with the pad. The recipient subtracts the pad out and gets the message. If you ever re-use a pad, you're through. If someone else gets the pad, you're through (read: easy-to-destroy pad required for each message -- not one CD-ROM of data for this year's comms). If they don't have the pad, you can prove mathematically that any interpretation of the data is as likely as any other. Symmetric key systems: I encrypt a file with the passphrase "I-liek*whips&chainzzz", and you can decrypt it with the same passphrase. Works great as long as the pass-phrase can't be guessed (it needs to approach randomness -- it's common to use dictionaries against encrypted files for a quick break; someone well-funded could look through your library and run the texts of each book against a file too -- looking for a phrase out of them.) These are fast, and some of them (like IDEA and 3DES) have been attacked enough over the years that they're viewed as really secure. The problem with these is that you need to have a secure channel to transmit the passphrase over. Not easy, unless you're planning a face-to-face anyway. Public Key systems. These are cool. Everyone has 2 keys, one they hold close to their chest (called a secret, or private key), and one they give to the rest of the world. Anything encrypted with one key can only be decrypted by the matching key, and knowledge of one key gives an attacker no info on the other key. Basically, if everyone has my public key, they can send me encrypted files that no-one else can read. If I run a file or message through my private key, anyone can run it through my public key and know that I "signed" the file. Hash functions: a message run through a hash will through out a fixed-size representation of that message. Good hash functions are such that knowing a hash tells you nothing about the original message, and the hash function will produce a different output for every different input, with an astronomical possibility of being able to fake one. You probably don't need to understand this. Authentication: knowing that the person who claims to have sent you a file is actually the person who sent it. Spammers can forge return-addresses, and so can anyone else. To forge a digital signature, they'd need to have a copy of the signing key and the pass-phrase that protects it. Needless to say, no-one ever gets you secret/private key. In general, more bits in a key or cryptosystem means more security than less bits, but only within the same type of system. A 4096-bit PGP public key is harder to break that a 1024-bit key, but that doesn't mean a 1024-bit Public key is harder to break than a 168-bit 3DES key (which is actually about 140 effective bits...) You're trying to solve a different problem when attacking different cryptosystems, so they can't really be compared. ONLY USE TRUSTED CRYPTOSYSTEMS -- "trusted" means "really smart people have tried for a really long time to break it, and have always failed." It does not mean "no-one knows the method of encrypting/decrypting, so I'm secure" -- that's called "security through obscurity," and it's a recipe for disaster. There are a ton of good cryptosystems that are well-known in the crypto community. They don't need to hide that algorithm because it's strong enough to not have any weaknesses withing the algorithm itself. ANd that's enough here. PGP PGP is probably the best system out there for personal use. It's got a non-commercial clone called GPG that's available for all available platforms, and you can get a free version from http://www.pgpi.com (technically that link may only be for those out of the US to download from -- check www.pgp.com if you're in the states) that integrates well with Windows, Outlook/Outlook Express, Eudora, and possibly others. PGP is nice in that it allows you to sign/verify and encrypt/decrypt without ever depending on a secure channel (ie: you can do it all, securely, over the internet). It (or its clone GPG) also runs on all the major platforms, so anyone can use it. More importantly, though, it allows you to build a "web of trust." A web of trust is a ground-up model for creating a network of keys. You sign someone else's key to show that you believe he is who he says he is. You can also mark his key based on how much you trust him -- do you trust him to vouch for new keys via his signature, or not at all, or somewhere in the middle (in which case you can set things so that for instance 3 guys you partially trust have signed his key, and that's enough to prove to you that he's who he says he is). Basically, you can set up a system that maintains itself: you sign the keys of people you know, and they do the same to you. If your boss signs a key, you trust it as valid. If a key has the signatures of lots of guys you partially trust (but not enough to introduce keys just on their signature), then you can use that to determine that it's valid and legitimate. I could add a lot of details here, but that's enough to give you the idea. Hushmail This is an "openPGP" implementation. It uses PGP, but the PGP client you use is actually Java-based and opens in your browser. You can access it anywhere from any computer with Netscape or IE and Java. Nothing unencrypted is ever stored on Hushmail's server, provided it's between 2 members (or between a member and a normal e-mail addy, if the sender chose to encrypt). Great system, but now you know enough. There's a program out there called Top Secret Crypto. Its claim to fame is that it will allow you to generate and print out one-time code pads from your computer. http://www.topsecretcrypto.com/ You might want to check it out... JP After a quick peek... I'd prefer to stick with programs that publish their source code, and that have been subjected to peer review. You can make your own call, though. Note that it's very difficult to get truly random numbers out of a computer. There are "pseudo-random number generators" out there that _look_ like they're good enough, but aren't. No idea what this guy (who doesn't publish his cridentials, either) is doing. i'm sorry southerner... i just can't let this go..... I HAVE TO RANT. it's either /rick RANTS or /rick BLOWS A BLOOD VESSEL. it's REALITY CHECK TIME people........ i agree, the concept of single use day pads are great. the REALITY of it is, unless you CONSTANTLY TRAIN with it, you ain't gonna use it when you need it. also, IT MAY BE OVERKILL..... OVERKILL???????? yeah, OVERKILL..... let me 'splain. scenerio- 'squad' is going to go 'scout' something, has 'opord', with contingencies predifined. now, what COMMS is that 'squad' going to need. let's see, 1. routine checkin. 2. aborting due to non-combat injury 3. E&E'ing 4. can i shoot them now? 5. i shot them! 6. E&E'ng to Rally point #X 7. tango's coming your way (small) 8. tango's coming your way (BIG) 9. we're all about to die. 10. mission complete, coming home 11. mission complete, delayed return, non-critical. 12. we're in it DEEP and NEED HELP! 13. we're in it DEEP, it's been nice knowing you. there probably are a few others, but in essence, there are generally less than 20 possible 'messages' that would be appropriate to communicate from a squad to a base. any type of 'lengthy process' that would be required in order to convey any of these messages would result in one of three things. 1. possibility of confusion 2. difficult to use when excited 3. long transmission time it's MUCH easier to setup a 'brevity code' for 'day use'. something where the whole message 'transaction' can be sent in 5 seconds or less. now, realize that i am talking about SQUAD TO BASE, or SQUAD TO SQUAD comms. for BASE TO BASE, YES. an 'encryption' system is good. a 'day pad' system in a particular 'group' of people is a great idear. go for it.... but, before you 'deploy' it,,, ask these questions: what do you do if it is compromised? (please don't tell me it can't be compromised, i know better) how do you 'issue' new 'keys' in a SHTF scenerio, when you HAVE to ASSUME that all 'electronic communications' are MONITORED, and snail-mail is not one of the options you can use, and 'courier' isn't any better of an idear? yeah, /rick has a better idear. it's this: DO NOT RELY ON LONG RANGE SECURE COMMUNICATIONS. huh? yeah. that is what i said. have i lost my mind? NO well, ok, maybe, but NO...... let me 'splain....... first, some questions........ FUNDAMENTAL QUESTIONS..... 1. what PURPOSE does SECURE comms conveyed over LONG DISTANCES serve? 2. what ADVANTAGE be gained by having secure long distance comms? 3. what is the possible 'exposure' in NOT using secure long distance comms? those are the questions that must be answered...... 1. long distance secure commo can be useful in the following scenerio's: a. transmission of plans, opords, intel, and other 'mission critical' information from a central command to a field unit. b. transmission of plans, opords, intel, and other 'mission critical' information from a field unit to a central command. (if you can come up with more, please let me know!) of course, this ASSUMES that there is a 'central command'... well, guess what, you put 10 'patriots' into a room, and you will get 3 different 'groups' come out, and you will be lucky if they ever agree to come within 2 miles of each other, ever again. central command, yeah, right. we can't even agree on FEDERALISM vs ANTI-FEDERALISM, and we've been discussing that one for over 200 years!!!!!!! 2. Advantages are basically in that you can communicate without 'alerting' the OPFOR as to your plans. well, maybe. if you run 'secure comms' all the time, then, yes, you can gain something. but, if you don't, and suddenly, you start sending secure comms, guess what, OPFOR hears that and sez,,, 'hey, they went secure, it's time to eliminate them'.... 3. well, 'exposure'??? yeah, i.e. what is the problem with NOT using secure comms? OPFOR will know what you are up to....... well, hrm. if OPFOR doesn't already KNOW what you are up to, then OPFOR is a pile of MORONS, and it just don't matter. if OPFOR does know 'in essence' what you are up to, well, suddenly dropping into a 'secure' mode is a BIG RED FLAG saying 'hey, they's about to do something, maybe it's time to 'eliminate' them.'... yeah, /rick is in a bad mood. yeah, plan globally, act locally, sure. yeah. ok, fine. whatever. i wish i could meet you over a cup (pot) of coffee (or two). COMPUTER SECURITY IS A MYTH. the last 4 years i was in the navy, i was 'involved' with 'computer security' on networks. well, lemme tell you a funny story... the 'bigshots' from sublant came by to 'inspect'. they were dutifully impressed, and took many notes. so, i asked them, "how do you guys maintain security on your network"?????? ready? are you REALLY READY to hear the answer??? well, i was expecting some description of procedures, policies, software, hardware, inspections, etc.... what i got was VERY INFORMATIVE.... their answer? at that time, sublant maintained their network secure using two basic procedures. 1. no connections OUTSIDE the network. no modems, no routers, no floppy's, no CD's, all network hardware VISIBLE, so any 'breech' can be 'seen'. 2. marines walking around the building with guns. a couple more RANTS then i'm done for today. 1. anything less than 100% SECURE commo is DANGEROUS.... (as opposed to 'clear text'). HUH???????? yes. if its 100% SECURE, then, ok, fine, at least the CONTENT of the message is secure, but the 'trail' that there HAS BEEN secure comms, is still there. if it's clear text, well, it's clear text. if is is 99% SECURE, IT'S A DEATH-TRAP!!! because COMPLACENCY sets in!!!!!!!!!!! summary: secure comms, even though they would be nice, really have NO REAL USE in our environment. Would a patriot who is about to get 'taken out' want his message to have to be 'decyphered'? or would he rather grab a microphone and tell the WHOLE WORLD in plain text that the Beast is about to descend on him? it's something to think about. /rick quote: again, southerner, please realize that my previous post was not intended to be a flame. it was a RANT. i'm dont' want you to feel like i'm poo-poo'ing your post. i'm just frustrated. I hope you don't mind if I reply. You seem to be taking the attitude that: 1) Provable security is overkill for field use. 2) Perfect security is impossible with a machine that's connected to another machine (and not even then, if you take Van Eck transmissions into account. 3) Therefore, any attempt to make our messages more private is not only useless, but counterproductive of not outright dangerous. Close enough? Let's just say that I don't agree. quote: the only real secure communication is that which is whispered to the person next to you at a rock concert. And not even then, depending on who you're talking to. The only way to keep something secret is to tell no-one about it. But then, it's kind of hard to do anything involving other people if that's the case. quote: i agree, the concept of single use day pads are great. Did you read my post? Was there anything there advocating use of one time pads, or offering suggestions on how to go about creating and using them? Links to software? Descriptions of why you might (not) want to use an XOR instead of bitwise AND? No. Lots of people buy into the claims of snake-oil salesmen who are hawking "perfect security." My point was to say that it just ain't so! The only crypto scheme that can be mathematically proven secure, whether you like it or not, is a one-time pad. Sorry if that's increasing your blood pressure, but as God didn't ask for my input when designing the universe (and one of its building blocks -- mathematics), you can't really take that one out on me. quote: scenerio- 'squad' is going to go 'scout' something, has 'opord', with contingencies predifined. now, what COMMS is that 'squad' going to need. Smartass response is to refer back to notes taken when the op order was issued. quote: now, realize that i am talking about SQUAD TO BASE, or SQUAD TO SQUAD comms. Might be a good idea for another thread, as the two topics don't really overlap... quote: for BASE TO BASE, YES. an 'encryption' system is good. Hmmmm. I think we're on a different wavelength here. I'm not talking about "base to base," which implies organization beyond what this post can get into and RF transmissions (that'd piss off the FCC). I'm talking about tightening up security on EMAIL, like in the subject line. I wouldn't suggest that coordinating teams rely on e-mail for anything. Again, a good topic for another thread. quote: a 'day pad' system in a particular 'group' of people is a great idear. It's a terrible idea. Tracking what portions of the pad had been used and protecting the integrity of the pad would be almost impossible. If you've got 8 different people to keep track of, and you're using one-time-pads, you need 8 pads. quote: how do you 'issue' new 'keys' in a SHTF scenerio, when you HAVE to ASSUME that all 'electronic communications' are MONITORED, and snail-mail is not one of the options you can use, and 'courier' isn't any better of an idear? Again, before you come pissing on me for not hitting all the concepts you thought my post would cover, please re-read the original. This isn't titled "good comsec for SHTF scenarios, with a focus on OTP procedures;" it's a brief little treatise on e-mail and why PGP usage is a good thing. OTPs were mentioned in a large section about caution and the (potential) fallability of the recommendations I was making. Or is that not how it reads? In answer to your question though, initiating secure communications when there is no secure channel is a good job for public key crypto. That's why it's used. quote: DO NOT RELY ON LONG RANGE SECURE COMMUNICATIONS. Do you mean "heed the warnings in the original post before transmitting extremely sensitive material over any channel," or do you mean "don't waste the effort -- it's better that all your online correspondence be cleartext? Hey -- another good topic for another post -- how to pass meaningful information to your long-distance compatriots without looking like you're doing so. Believe it or not, I could help out on that one. quote: COMPUTER SECURITY IS A MYTH. Nope. You're right if you're working from the "the only security is absolute impenetrable security" -- generally referred to as a computer in a guarded room with no doors, powered off and connected to nothing. If you're talking about decreasing your risk of inadvertent loss of privacy, you're wrong. quote: at that time, sublant maintained their network secure using two basic procedures. 1. no connections OUTSIDE the network. no modems, no routers, no floppy's, no CD's, all network hardware VISIBLE, so any 'breech' can be 'seen'. 2. marines walking around the building with guns. Gimme a few mil and I can breach even that. NOTHING is as secure as you'd like it to be, and it's not worth the effort to do so. If you get to the point where an opponent has to spend $10 billion to crack the system, he's going to find another way. What's the price to kidnap your wife and torture her on video, in order to get your help getting info? What's the price of integrity for a 20-yo legal assistant with a high clearance? And, again, what does this matter as far as EMAIL is concerned? quote: 1. anything less than 100% SECURE commo is DANGEROUS.... (as opposed to 'clear text'). Again, you're welcome to your opinion here. I disagree, as does your former employer (does the Navy use any comms that are neither cleartext nor 100% SECURE? We sure did in the Army. Is a SINGAR 100% SECURE? Nope. Does that negate its use? Nope. Does it make captured communcations less useful to eavesdroppers? Oh yeah. Is there value there? Sure. Your argument seems to be "anything other than wide-open comms WILL LEAD YOU DOWN THE PATH TO COMPLACENCY AND YOU WILL DIE DIE DIE!!!!!!!!" Mine is that there are times when it's appropriate to use something _more_ than nothing, and that doing so more often makes the important communcations draw less attention. Then we come to the issue of authentication. Is that completely unimportant and generally dangerous too? quote: secure comms, even though they would be nice, really have NO REAL USE in our environment. You're welcome to that opinion. quote: Would a patriot who is about to get 'taken out' want his message to have to be 'decyphered'? or would he rather grab a microphone and tell the WHOLE WORLD in plain text that the Beast is about to descend on him? it's something to think about. Again, a good idea for another thread. Southerner, In many ways I can agree with some of your points. But, all of the pc security measures were explored ad nausium and found to be crackable/unworkable. In the past year several patiots who went down had been using many of the very things you mention...in every case uncle busted through the pc security measure like a hot knife through butter. In the very near future the net will become a complete liability (if it isn't allready) The net is a dead fish. And, many of the militias have turned it off or are preparing to. That's why non net based commo is of prmary importance now. ButlerCountyOUM Platoon Commander Moderator NCO Contributor Member # 26 posted 11-27-2002 05:42 Southerner: i would like to apologize for coming across sorta as an ASS. your points are valid. the problem is (and really, was basically the SOURCE of the RANT) is that there seems to be a whole bunch of people who think that computers and the internet, and email, and bulletin boards, are going to be of use during what is to come. secure email would be great. sure, there may be some way to do it. but it takes TIME and EFFORT, and possibly MONEY. of which, that TIME,EFFORT,MONEY is better used to buy STORED FOOD, AMMO, TRAIN, HF GEAR, HAND TOOLS, LAND, CHICKEN FEED, SEEDS, WATER FILTERS, FOOD, RECHARGABLE BATTRYS, SOLAR PANELS, AMMO, EYEGLASSES, etc......... WE GOT LESS THAN 7 MONTHS LEFT /rick ButlerCountyOUM Why do we have 7 months left???? I'm confused I see no threat coming that soon. Posts: 73 | From: Jackson Mississippi | Registered: Mar 2002 | IP: Logged NJM1a Minuteman Member # 1125 posted 11-28-2002 16:04 Did rick just use the word Overkill? I was underthe impression that word wasn't in the milita man's diolect.. what were you refering to rick about 7 months? NJM1a I was wondering what he meant by: WE GOT LESS THAN 7 MONTHS LEFT I was wondering why we have 7 months left and what is this specific threat or is it just a goal to get our stuff together??? OK, not being comms-expert (and probably not even coms-competent) let me stick my hoof in my mouth here. There would be two reasons for secure communications: 1. to transmit intel 2. to confuse and obfuscate Please let me explain. For intel, One Time Code Pads would be useful for dead drops, email, radio traffic etc. Hard to know what was on a slip of paper if it's only a series of 5-letter groups. In a true OTCP setup, there are only two pads, both having been distributed by hand. To compromise the code, one of the two pad-holders has to be compromised. To confuse and obfuscate... well, how about one day all email (other than spam) is suddenly encrypted. You're and the NWO are trying to figure out what's important info ("attack with plan B at 1200" or "hey guys, did you get the pics of my girlfriend?") With limited resources, how does one tell which messages to attempt to decrypt first? -------------------- "The 1st Rule of Emergency Medicine: never say 'Oops'!" posted 11-28-2002 18:07 ok, this really is an issue for 'chaplains corner' but the short version is: U.S./U.N. is the 4th beast of Daniel Ch:11 America is Mystery Babylon. the 501(c)(3) incorporated church is the Whore of Bablon. Butros Butros Gali is THE AntiChrist the Pope is THE false Prophet. Kofi Anon will have 42 months left as the secgen of the UN in June of 2003. I believe that the 'Beast' will receive the deadly wound some time between now and june 2k3, and we will see gali re-establish the UN in Jeruselem some time before november of 2k3. (most likly we will receive the deadly wound before the end of april, just a gut feel there)... oh, the deadly wound? Nuclear strike on NYC, LA, Miami, and possibly DC, that will basically 'vaporize' the UN building, including kofi anon. at that point fema will kick in, cause the executive dept of the fedguv will basically not have many people left in it. but that's just the way i see it, as detailed in your local copy of the King James Bible. i hope i'm wrong. but i doubt it. for more information, i'll refer you to a friend of mine in oregon..... he writes a whole lot better then me. http://www.christianmedianetwork.com/lep.html /rick Thanks for the info, but does the new testament not have the same info just in modern english? posted 11-28-2002 20:10 quote: Originally posted by ButlerCountyOUM: of course, this ASSUMES that there is a 'central command'... well, guess what, you put 10 'patriots' into a room, and you will get 3 different 'groups' come out, and you will be lucky if they ever agree to come within 2 miles of each other, ever again. central command, yeah, right. we can't even agree on FEDERALISM vs ANTI-FEDERALISM, and we've been discussing that one for over 200 years!!!!!!! 2. Advantages are basically in that you can communicate without 'alerting' the OPFOR as to your plans. well, maybe. if you run 'secure comms' all the time, then, yes, you can gain something. but, if you don't, and suddenly, you start sending secure comms, guess what, OPFOR hears that and sez,,, 'hey, they went secure, it's time to eliminate them'.... 3. well, 'exposure'??? yeah, i.e. what is the problem with NOT using secure comms? OPFOR will know what you are up to....... well, hrm. if OPFOR doesn't already KNOW what you are up to, then OPFOR is a pile of MORONS, and it just don't matter. if OPFOR does know 'in essence' what you are up to, well, suddenly dropping into a 'secure' mode is a BIG RED FLAG saying 'hey, they's about to do something, maybe it's time to 'eliminate' them.'... Somebody had to say it. And yes the mere presence of secure comm/encryption, would be indication enough. Just the presence of a certain frequency can be enough. If I knew freqs of opfor, all I would really need is a way to pick that freq up, and maybe some DF ability. I would know two things: - they are present and transmitting something. - I know where they are. Now imagine a known freq by a local unit, encrypted. It's enough for something to be shown. Maybe if it fits a "transmission profile"? Maybe when everybody is using FRS or CB in an AO, and I get on and say "I'm at the third parking lot with my rig." Might blend in with all the chatter of the other truckers. But if the intended recipient knows what third parking lot and rig mean, I can really be saying "I am in position with the scope." Can anybody cite any case of a unit being rolled up or compromised because something was decrypted? No. Because those outcomes could not have been prevented with secure comm. By the way, the device that reads monitors is called a "Van Eck Device". It's an old idea. In some cases a bad channel on a simple TV might display what is on your computer screen nearby. -------------------- Fear nothing that bleeds.