Party Vibe

I am only TBH paraphrasing what the Germans are saying (they are good at breaking down the very complex stuff into stages and pointing out “look! this is where it can go wrong!”

This crypto is not totally bunk but corners have been cut to make it fit in with “easy to use/popular” stuff like whatsapp and that in itself introduces sloppy operational practices. The concerns are whether the commercial companies involved will bother to fix it.

A clever youngster could if s/he wanted to wanted to use the open source core; a ARM board and build a modern version of something like this : FS-5000 and it would be very secure indeed and not easy for even GCHQ / NSA to decrypt.

it wouldn’t be illegal to make one if the RF stuff its kept on the approved frequencies – they could add a colour screen to it and even cops would think its some kind of amusing hipster retro gaming device but society is dysfunctional to the point the sort of kid who could build one is equally likely to be well be a young woman from Helsinki or Quezon who is fed up with misogynistic trolls/stalkers so willingly works with global security forces/police as they do to be fair also co-operate in catching the really nasty types.

The other wider issue is the bulk surveillance by NSA/GCHQ is more likely to have been a proof of concept set up with full expectation that the traffic would be encrypted ; the core task being to get the intercept points into the circuits well in advance.

@Tryptameanie 574406 wrote:

You sound as if you are saying “yes, a one time pad is secure, but no-one will be able to make such a one-time pad”

proper one time pads, used as intended are secure – they still get used for the numbers stations on HF but digital computers cannot generate the required level of randomness for the numbers on the pads.

Some analogue electronics can but even then modern society makes the random signals less random as other computers, routers, network kit inject signals into the airwaves of known frequencies and duration. I’d considered building a RNG just for generating passwords for network kit but don’t have the maths skills to test it properly for non randomness; and there also are things like radars round here which always get into the radio airwaves at known times (its how they work after all). The electric mains is also closely monitored for frequency (this is for non sinister reasons to stop the risk of big power cuts) and this info can be used to locate stuff within a small country like the UK.

bad operational practices make good crypto less secure.

Enigma was quite a robust system (which was why most North European nations kept using its commercial variants long after after they knew well that UK had cracked it and that GCHQ / MI6 woudn’t just stop using decrypt after WW II was over) – the Germans reused some keys and also ended every message with HH (Heil Hitler) leaving markers in the encrypted text.

Their keyboard layout differences and test traffic also let clues through; they would just send QWERTZU when they were rushed instead of KAUFEN SIE JEDE WOCHE VIER GUTE BEQUELME PELZE” I remember one line from a book about SOE where a French decrypter had found a keyboard pattern and said “nous avons le QWERTZU; nous marchons ensemble”

If trained soldiers make these slip ups; how do you think a bunch of kids from snapchat generation will fare; especialy as attention to detail and focus on boring tasks isn’t their finest point?

Also commercial organisations tend to “hide in plain sight”; sometimes its better for them to let the govts who ultimately can decide whether or not they can do business in a country see what is happening so they know it isn’t dodgy…

@Tryptameanie 575628 wrote:

This may be of interest here

Browser Extension Brings Encrypted Messaging to Facebook, Twitter, and Any Other Website | MIT Technology Review

interesting stuff but I’d be really concerned about the ad networks and security agencies working together to backdoor it as the business model of too many web services depends on inspecting the user generated content to deliver ads.

As it is my Google / Youtube usage patterns confuse the bots enough they genuinely think I’m a “bald socialist German” :laugh_at: – I use a lot of adblockers whenever possible but if I am on some mobile platforms or a computer in a library some of the most bizzare ads come up. At one point a Google page estimated my age as 55-64; this has since been replaced with “unknown”.

This New Zealand chap is building an RNG which uses legit technology and would only cost around €50 although the source using RF noise would be skewed by the radars and lots of other devices that operate in the 2.4 GHz band. This is 100% open technology and I’d trust it far more than a commercial app on a standard mobile device but its not that trivial to use and I don’t even create any net traffic that needs such a level of encryption – my main use for one is generating long passwords that are used to configure VOIP telecoms kit and to keep at bay those who try and hijack the circuits to resell the phone calls in foreign countries.

OneRNG – Hardware Random Number Generator

some of the RNGs use ionising radiation (i.e radioactive sources) rather than non ionising radiation (electromagnetic signals such as mobile phones, broadcasters, wifi) – for obvious reasons you might not want to have such contraptions in close proximity to human beings, safe sources of this radiation are not cheap.

An avalanche diode is a cheap component normally used to keep strong voltage surges out of equipment that would not tolerate it; it can also be used to generate RF noise. the other bit is a receiver operating on random frequencies in the 2.4 GHz wifi band which has all sorts of other devices transmitting into it (although can be less random due to usage patterns). Other circuits convert all of this into numbers that the operating system can use in its own random number generator.

The boards are not being mass produced yet – the price quoted is a fair one for the materials and I think the CAD files are there somewhere so you could build it if you had the skills and equipment (unfortunately I can barely deal with full size components let alone the surface mount ones)