Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext:

Law enforcement can also partner with private industry to address a problem we call “Going Dark.” Technology increasingly frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime. For example, many instant-messaging services now encrypt messages by default. The prevent the police from reading those messages, even if an impartial judge approves their interception.

The problem is especially critical because electronic evidence is necessary for both the investigation of a cyber incident and the prosecution of the perpetrator. If we cannot access data even with lawful process, we are unable to do our job. Our ability to secure systems and prosecute criminals depends on our ability to gather evidence.

I encourage you to carefully consider your company’s interests and how you can work cooperatively with us. Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.

Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption.

I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.

Responsible encryption is effective secure encryption, coupled with access capabilities. We know encryption can include safeguards. For example, there are systems that include central management of security keys and operating system updates; scanning of content, like your e-mails, for advertising purposes; simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a “backdoor.” In fact, those very capabilities are marketed and sought out.

I do not believe that the government should mandate a specific means of ensuring access. The government does not need to micromanage the engineering.

The question is whether to require a particular goal: When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help. The government does not need to hold the key.

Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud. This is something we pointed out in our 2016 paper: “Don’t Panic.” But forcing companies to build an alternate means to access the plaintext that the user can’t control is an enormous vulnerability.

Tags: cloud computing, crypto wars, cryptography, encryption, FBI, police, vulnerabilities

Posted on January 11, 2018 at 7:05 AM • 165 Comments

Comments

Rick Lobrecht • January 11, 2018 7:23 AM

“Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.”

Ha – classic.

I also find it more than a bit ludicrous that people would seek out targeted advertising based on email content.

Mike • January 11, 2018 7:49 AM

The term “responsible encryption” is nonsense. Either you encrypt or you don’t.

Rosenstein obviously has no idea of what encryption is or how it works. However, he has many people he can call on who do understand encryption and they’ll all tell him that what he is asking for is to make encryption worthless.

I wonder if he sits in these briefings with his eyes shut and his fingers in his ears shouting “La, La, La, I can’t hear you!”.

Ollie Jones • January 11, 2018 8:05 AM

The extent to which government executives can be modeled using memoryless entities is very interesting. It seems like we’re doomed, like the movie Groundhog Day, endlessly to repeat this conversation about the dangers of crypto master keys.

But this is important: all secrets leak. Not even state actors with unlimited infosec budgets can prevent secrets from getting into unintended hands. In particular, USA state actors have accumulated a negative track record on this topic in the past few years.

A vastly important part of preventing disaster when secrets leak is to make the secrets have limited value. For resilience, the secrets’ value necessarily must be limited both in time and in scope. Crypto master keys (or schemes for generating them in response to instructions from “impartial judges”) don’t meet those criteria.

echo • January 11, 2018 8:24 AM

Law enforcement have metadata and time on their side. I wonder if this demand for backdoors is really laziness on their part i.e. them expecting confessions and communities to provide leads and backdoors are just a means to this end.

If the state sector more readily admitted mistakes and was less prone to expanding makework headcount I would have more sympathy.

I think the GCHQ annual report was interesting insofar as they said the boss people around approach no longer worked.

What are these “cyber incidents” and in what way would a backdoor help?

Denis • January 11, 2018 8:28 AM

This is not an “FBI proposal”, this is a Deputy Attorney General speech. The FBI is mentioned in his speech only once – as a source of statistical data.
He’s a senior government official, sure. But framing his opinion as an “FBI proposal” is too far-fetched (unless you’re peddling conspiracy theories).

Lisa • January 11, 2018 8:40 AM

FBI henchmen are also complaining about the going dark problem.

quote: The human brain imposes a high degree of complexity, effectively encrypting any information it stores. In the past we were able to beat confessions out of suspects to overcome this. But now anti-torture policies are resulting in a going-dark problem for law enforcement, as we can no longer easily get confessions out of suspects’ encrypted brains. This has resulted in the unfortunate consequences of law enforcement being required do actual police investigations which require far more effort and resources then beating confessions out of suspects.

Computers are tools for our brains, so police also want means to be able to get info from there too, regardless of privacy and other human rights.

In the end, the fact is that law enforcement is always supportive of police state policies, since it makes their jobs that much easier. But it is up to civil society to resist this, so that human rights are supported in addition to criminal law.

Bob • January 11, 2018 9:04 AM

No one calls any of those functions a “backdoor.”

No?

fred • January 11, 2018 9:16 AM

No one calls any of those functions a “backdoor.”

that is correct. only law enforcement calls them backdoors. the rest of the of the world calls them exploits.

In the age of information warfare, more access is not what we need. We need less people being sheep.

Clive Robinson • January 11, 2018 10:02 AM

So we get the “You shall be our slaves and vassals” quip,

When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help.

No the company “shall not be forced into indentured service”, they espouse a free market system then they should live or die by it. Either they pay what independent consultants ask or they should grow their own talent, either they are uterly and moronically stupid or they have ulterior motives. Whilst it would be nice to think it’s the former I would bet on the latter. There is a plan you can be certain but this is just one steping stone not the end game, and as has been pointed out “The price of freedom is eternal vigilance”. These people are not going to give up they have been at it one way or another since before we ever heard of the Clipper chip. Like disease ridden mosquitoes, it does not matter how much you wave your hands they will keep coming back to put the bite on the population to rend them low, mad or both with their infective agent. As with mosquitoes you need to drain the swamp and poison every last place they might hide as well as using a powerfull deterant they can not get through[1].

But there is a darker side to these warrents. In the past when it was your papers, they had to present them to you or your agent. Thus you were given due notice, and you could use other legislation designed to give “equity at arms” to help defend yourself. With electronic communications they can keep looking and searching untill they find something, anything by which they can bankrupt you or in other ways strip you of your rights.

It is obvious by the many motions filed that part of their game plan is “rights stripping” that is to force you into a position where they can and will ruin you or drive you to your death. They have done it before, they are still doing it and they will step it up. Remember guilt or innocence is of absolutly no interest to them, getting press is what careers are made with… Thus when the knock comes you are already guilty or dead, you just don’t know it and you won’t be alowed to find out the who and the why of it…

@ echo,

Law enforcement have metadata and time on their side. I wonder if this demand for backdoors is really laziness on their part i.e. them expecting confessions and communities to provide leads and backdoors are just a means to this end.

As I indicated above part of it is “rights stripping” other parts would be “parallel construction” oh and in the UK “entrapment” would be high on the list as would be “placing” of agent provocateur’s for “incitement” purposes. Then there is the “passing on” of surveillance to commerial organisations like Sony, etc etc so that lawful protesters could have civil injunctions taken out against them by the commercial entities. The Met Police have been some what “ham fisted” about all of the above and the information has leaked. It is known that both MI5 and GCHQ have been involed upto their necks in it, the question is thus what have the Secret “Service” (MI6) been upto at home and abroad. Maggie Thatcher gave them handouts above inflation and they all still do rather well out of the UK tax payer… So they are “Pleasing, teasing or blackmailing” those who hold the purse strings. One such person they very much had under their thumb at her tenure in the Home Office is our current Prime Minister, whilst ordinary policing got the chop new fairly usless intek agencies got the cash instead, which realy does not bode well for UK citizens…

@ Denis,

This is not an “FBI proposal”, this is a Deputy Attorney General speech

The FBI have been upto this “going dark” nonsense for a very long time now. Back long ago “the screach” was giving private briefings in Europe about it and ironicaly it leaked out. We only know a very tiny fraction of what Edgar J. Hover got upto because those acolytes he had covered it up, but they almost certainly carried on as “true believers” always do. As they were in positions of power they could select train and promote other acolytes to “Maintain the Faith”. It is this legacy thinking you see behind both the FBI and DoJ behaviour to twist and warp and bend the law to their chosing. They have been at it a long time and the failing of their case against Apple was just an unexpected bump in their track, it did not derail anything just shook things up a little. They will do it again with some organisation less able to fight back untill they have the judgment they want as president to go back and take Apple or similar giant down. Thus have an example to beat others with. It’s exactly the same sort of game that gave the US the war on terror. Official US policy is beat up on the weak to set an example to the rest. Nations, corporations, citizens or even innocents abroad, that is the policy if Psyco Uncle Sam sees hesitation to jump to the whims the Puppet has. The real question is the “follow the money” one of “Who benifits” and pulls the puppets strings, it is sure bot the average US citizen. But when a US President warns the people of the MIC is he mad or giving due warning?

[1] I’ve talked about powerfull deterants they can not get through before, but nearly all of us are our own worst enemy due to “ease of use” it destroys OpSec and that is just one reason why they know they will win if they go softly softly and close the net around the entire population.

Evan • January 11, 2018 10:39 AM

When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help.

Why, though? The company is helping by complying with the warrant or order, and they should not be expected to alter their business just because it makes the FBI’s job harder occasionally otherwise.

Rhys • January 11, 2018 10:46 AM

It is unclear to me what public service of ‘domestic tranquility’ the FBI & civilian police intend to secure for the citizenry as a whole.

I enjoyed Fred’s reminder that what is being asked for are exploit kits. Like the one that was recently stolen- don’t these kits eventually get subverted to the use of the criminals? How does one secure an exploit tool or kit, too?

The FBI & law enforcement always bristle at the appointment of civilian review boards. Oversight & accountability appears to be a monopoly they would retain unto themselves.

The “us” vs “them” fractionalization serves whom?

Why would anyone “trust” a value proposition that starts with …trust ‘us’ to find & prosecute those who you shouldn’t trust?

CallMeLateForSupper • January 11, 2018 11:01 AM

“Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.”

Wait…. data that has been encrypted is secure, no? I mean, anyone who gains access to encrypted data gets only gobbledegook, not “actionable” secrets. Sounds to me like encrypted data is protected data. If my encrypted data is protected, what protection value-add does law enforcement think it lends to my data? (rhetorical)

Comey and Rosenstein and their ilk can lobby for “responsible encryption” ’til the cows come home, but I lost patience with that flat-Earth argument many moons ago. My ears are closed to it; I will never give it credence.

The world changed for the worse when we learned of IC’s undiscriminating upstream dragnet; “unwitting” collecting on U.S. persons; swiss cheese policy on “data minimization”; declaration of free-fire snarfing of anything and everything encrypted, regardless of the nationality of sender or recipient. And then we learned that FBI has access to IC’s massive data pot. Because security. Because pedophile. Because drug dealer. I don’t swallow that whole, because the greater bulk of the corpus smells bad. How can any U.S. person not feel targeted by their own government?!

Douglas Coulter • January 11, 2018 11:13 AM

@Clive !!!
And in the end, when they just force it on us – or make things they can’t break illegal, amounting to the same thing and making it even easier for them – they’ll say “well, we asked nicely, over and over…”

Isn’t there a current example of a tinpot corrupt dictator who has declared it a crime to have encryption on your device right now? I think he looks a bit like Gollum or something? Maybe we need to point out who uses such techniques on their own populace more. It’s not like we are short of easy examples.

Yes No • January 11, 2018 11:39 AM

@Mike:
reI wonder if he sits in these briefings with his eyes shut and his fingers in his ears shouting “La, La, La, I can’t hear you!”.

More likely not, since he will be told only what he wants to hear. It takes courage (and a failure plan) to speak truth to power.

CallMeLateForSupper • January 11, 2018 11:58 AM

Right on cue:
“FBI chief calls unbreakable encryption ‘urgent public safety issue'”
https://www.reuters.com/article/us-usa-cyber-fbi/fbi-chief-calls-unbreakable-encryption-urgent-public-safety-issue-idUSKBN1EY1S7
Oh-h-h-h and he never gives up
And he never gives in
He just sings the name line.

And who say FBI is humorless?!
“An FBI forensic expert lambasted Apple for making iPhones hard to hack into.”
https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones

foo • January 11, 2018 12:19 PM

@Rick Lobrecht

I also find it more than a bit ludicrous that people would seek out targeted advertising based on email content.

People don’t seek out the feature of being targeted advertised to, companies seek out the feature of being able to targeted advertise to you. You are the product, companies are the customers. FBI guy just confuses the two intentionally to make an invalid point sound valid. He’s not moronically stupid, it’s all ulterior motives.

@Bruce

Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud.

Along the same vein, people actually don’t want the feature of being targeted advertised to, nor the feature of having their stuff stored insecurely to enable that. That’s why people have been leaving Gmail for offshore services like Protonmail. FBI guy is just basically proposing that the US economy further tanks, as even more people turn to offshore services. (until it’s all made illegal and we descend into a total dictatorship)

hmm • January 11, 2018 12:25 PM

“only law enforcement calls them backdoors. the rest of the of the world calls them exploits.”

The difference between backdoor and exploit is the backdoor is planned in advance by the vendor.

Exploit = cutting a new secret door in. Backdoor = constructing a secret door at production time.

FWIW it has nothing to do with law enforcement terminology.

Grauhut • January 11, 2018 12:31 PM

“I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.”

I simply maintain Mr. Rosenstein forgets that these companies do not own my data, so they can not legally transfer them to a third party if secured.

DMCA, my copyright, breaking encryption strictly forbidden! 🙂

“Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud.”

Nope, Gmail only sees what i allow them to see, its easy to use them with mail encryption switched on.

hmm • January 11, 2018 12:42 PM

“Isn’t there a current example of a tinpot corrupt dictator who has declared it a crime to have encryption on your device right now?”

http://www.truth-out.org/news/item/42020-us-provides-military-assistance-to-73-percent-of-world-s-dictatorships

73 % of the worlds dictatorships get US MILITARY assistance, some sub/superset of that get powerful network tools to strip out encryption, MITM and track people on a massive scale – so they can be disappeared, tortured and killed with simple low-tech hand weapons.

If the US wants to be the world’s policeman it might stop being the world’s #1 arms exporter.
If it wants to be a bastion of freedom and rights it might stop selling tools of authoritarianism
TO WELL KNOWN AUTHORITARIAN REGIMES THAT ABUSE IT IN PLAIN SIGHT.

The truth is there isn’t enough of a US constituency that gives a crap about the qualities of lives and basic freedoms in other countries, or even really their own. It’s not a majority and it’s not close. There’s no outrage about US allies committing genocide, even.

In that environment backdoors in US products should be fully expected even where fully denied.
They get paid to do it. Money uber alles.

vas pup • January 11, 2018 12:49 PM

@all and @Lisa in particular.
Power corrupt, absolute power corrupts absolutely.
I don’t see any mechanism (if suggestion of Deputy AG implemented) to really control how they use the power/cooperation. Theoretically I could accept such powers (with strong safeguards to be developed) in the cases related to treason/terrorism(real national security issues – then NSA should help, not private business) or Federal offences with possibility of capital punishment only. In latter similar should be done as with IPhone hacking case on FBI request. It was done by independent private contractor, not by Apple.
Regarding FBI versus DOJ. FBI have two tasks: (1)prevent/interfere with immediate criminal act in progress with danger of death/injury, real threat to national Security. For that purpose wider set of technical and investigative tools should be available. In that case the most important to balance prevention versus future prosecution;(2) collect evidence on Federal offences which let DOJ support prosecution in the court. For that purpose set of tools dictates by Rules of Criminal Procedure. Meaning DOJ and FBI are on the same page only on (2), but concept of parallel construction let FBI utilize information obtained using criminal intelligence tools to collect other evidence acceptable by DOJ for prosecution.
Suggestion: may be like with safe deposit box (or like ICBM launch) it should two keys applied simultaneously to decrypt/open/launch(two buttons pressed)and independently. Only one key should be in possession of the business.
I agree with Lisa that trust LEOs is to (bleep) yourself, but any stable society needs them as wolves as sanitary force in the forest. There no viable alternative to them – just chaos or law of jungles. The whole idea and I agree with Clive is to keep them under control of society not vice versa.

hmm • January 11, 2018 12:49 PM

https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones

-Encryption = jerks

“‘House votes on controversial FISA ACT today.’ This is the act that may have been used, with the help of the discredited and phony Dossier, to so badly surveil and abuse the Trump Campaign by the previous administration and others?” Trump tweeted.

-Does he even realize he’s bigly helping to get it re-authorized I wonder?

Mercy • January 11, 2018 12:54 PM

“Gmail only sees what i allow them to see, its easy to use them with mail encryption switched on.”

You’re comforting yourself with how it ought to be. You don’t actually believe that do you?

Clive Robinson • January 11, 2018 1:10 PM

@ hmm,

FWIW it has nothing to do with law enforcement terminology.

Who cares that’s boring, the other version is so much more fun style wise.

But it also gets the no such thing as NOBUS across to the ordinary bod on the street, which is the important thing.

Any way the FBI tried foisting “Golden Key” and “Frontdoor” make it sound nice names on us under that loony Comey and it panned for them. Thus it’s our turn to force “exploit”, “crime hole” “Arse end entry”, “Draws Dropper” and anything else that sounds bad or derogatory on them. It is after all only fair 😉

It’s a war of words and meaning, I’d call it illegal propaganda by the FBI but then they get all upset when justifiably accused of committing crimes, which makes their trigger fingers itch at the very least as various FBI extra judicial executions have shown.

hmm • January 11, 2018 1:15 PM

“Golden Key” and “Frontdoor”

Orwell is more prescient every passing day.

“Arse end entry” = that’s the one they convert to obscure acronyms. “The AEE program”

Cheers

Wael • January 11, 2018 1:19 PM

his idea is that tech companies just save a copy of the plaintext

Truth (fact) of the matter is “Privacy” has been redefined as “concealment,” through a clever a sleight of hand. Daniel J. Solove’s excellent essay, I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy” describes that.

echo • January 11, 2018 1:58 PM

@ Clive

I know what you mean with your graphic examples. With one eye on Susan Landau’s work and more everyday abuses of power I believe the issues are pervasive even if they are minor and petty.

Last week one of the UK newspapers reported that during the “short sharp shock” period under Thatcher (promoted and organised by Willie Whitelaw) young boys in detention centres were subject to physical beatings and for those with longer memories sexual abuse. The sexual abusers were prosecuted some years ago along with their equivalents in other organisations. This new case being brought by lawyers is about the institutional brutalising and knock on effects.

All systems leak information. Every time an agency acts or opens its mouth or interacts it leaks information. People talk. The truth gets out eventually.

If an agency abused its eavesdropping power to neuter an investigation or complaints would they be caught? Could this happen, or is this very unlikely and sufficent safeguards exist to prevent this?

neill • January 11, 2018 1:58 PM

instead of breaking encryption –

could e.g. google just backup unencrypted email data onto (LTO etc) tapes, then once filled up, remove those (hence take them offline), then place them inside a vault inside a secure datacenter, then shred them after a required retain period (3 yrs, 5yrs, …)?

online data would be still encrypted, but 3 letter agencies can request certain tapes – they just have to figure out exactly what time period they need, that should be possible via metadata.

Protect my fhqwhgads • January 11, 2018 2:04 PM

‘your’ data? who is ‘you’?

I’ve a funny feeling about the current meaning of ‘Collect’, not search or discover, but Collect. Almost like they already know exactly what’s there, they just need to go collect it in a non-poisoned fruit kind of way.

hmm • January 11, 2018 2:35 PM

Do they even need to weaken actual encryption except to get at unsent stationary data faster?

If they want something all they have to do is wait until it comes in or goes out.
If it doesn’t, how important or necessary or dangerous could that data actually be?
Lock them up on contempt (as they do) and wait. Nobody else has to be compromised.

The convenience factor for LEO is becoming more important than the law itself. It’s a ridiculous precedent no matter what is on these phones, bomb plans or even treason itself simply can’t compare to willingly dissolving the Constitution by fiat.

Legal protections from domestic spying? Easily sorted with momentary extra-national routing.
You’d never notice. They own hops along the way, they log the key-ex’s no doubt, certs, etc.
Without proving you are damaged nobody can sue to stop it, or even know it happens.

What, laws? We’ve got companies with NDA’s signed by law enforcement, flouting them right now.
Nobody will care about unintended ends when they have the means to justify anything at all.

hmm • January 11, 2018 2:43 PM

@ Neill

“online data would be still encrypted”

Exactly, another perfectly simple semantic loophole. “The data is still encrypted, see?”
Just no longer individually encrypted as the user expected when they sent it.

“But it’s encrypted! Nobody without the key can get at it.” -WHICH KEY? Their key.

Clive Robinson • January 11, 2018 3:00 PM

@ Doug,

And in the end, when they just force it on us – or make things they can’t break illegal, amounting to the same thing and making it even easier for them – they’ll say “well, we asked nicely, over and over…”

There are things you can do that have been common knowledge for over a century that you can still do today as long as they alow you a communications path at some level.

Let’s say I send you,

You up for a drink Friday usuall place and time?

What does it actually mean?

If I sent you,

When the seagulls follow the trawler, it’s because they think sardines will be thrown into the sea.

You might be suspicious unless of course I’m Eric Cantona.

The point is with care “One Time Phrase” codes do work. Some will also work if used repeatedly quite innocently but then used at a pre agreed time where their meaning changes. Likewise their place in a conversation.

Such systems came most obviously to the fore in WWII with the BBC transmitting “And now some messages for our friends” followed by half a different sentances. Some were One Time Phrases others were “nulls” used to pad out to the same number of messages to avoid traffic analysis.

Such systems hide in plain sight to some degree but they are neither simple codes or stegonography that can be found by various simple analysis techniques. They do have the same strengths as One Time Pads but not the same flexability, but they don’t stand out under simple analysis as One Time Pads do.

Thus the FBI have a problem, the One Time Phrase can be sent under their noses without them being able to say they are a code, or even recognising them as such. Further implanting spyware into the user device will not gain any advantage as it’s the human mind that extends the security end point beyond the comnunications end point.

neill • January 11, 2018 3:29 PM

@hmm

this was just a quick thought, to give lawmen access to the backup vaults, though not in realtime – w/o breaking encryption for all of mankind

implementation would be hell complicated, i know, esp with in-memory-encr., but somewhere at some point you need to decrypt in order to process the data (sql, email whatever) – so right there you gotta grab what you can and write to the tape archive

since those would reside only offline in a datacenter i would not mind 3 letter agents living there to have access to it. not the best and fastest method, but you can fulfill the request for access!

hmm • January 11, 2018 3:52 PM

” access to the backup vaults, though not in realtime ”

What would preclude that? They make the backups instantly right?

” since those would reside only offline in a datacenter ”

I tend to doubt that too. They have systems in place to access DMZ’s within each platform.
Why even pretend it has to be offline, what would force that? The law doesn’t AFAIK.

Clive Robinson • January 11, 2018 4:31 PM

@ neill, hmm,

blockquote>but somewhere at some point you need to decrypt in order to process the data (sql, email whatever) – so right there you gotta grab what you can and write to the tape archive

How is the plaibtext getting to the vault?

If you remember Google made the mistake of having a strongly encrypted entry portal. But… The backhaul from one site to another was plaintext so the NSA simply parasited the backhaul –supposadly– without Googles knowledge.

The big problem is encryption is expensive, especially if you do it at an adequate KeyMat protection level. A single point to point link looks easy, but when you potentially have a thousand or so from all over a continent things start getting more than a tads interesting. Which is why plaintext was often the default on high capacity backhauls…

The IC are like roaches, once they have found a way in extermination becomes close to impossible. They just drop something on the Flash ROM in some SoC in a 4 line LCD status display and that computer is forever owned breeding little nasties to go forth and re-multiply…

Sometimes the only solution is like that with termites “burn the house down and walk away”…

Coyne Tibbets • January 11, 2018 5:31 PM

“I encourage you to carefully consider your company’s interests and how you can work cooperatively with us.”

Talk about thinly veiled threats…

echo • January 11, 2018 5:42 PM

Partly by chance I watched Youtube documentaries on the spy satellite program and the construction of NORAD. Most of the content was the usual. What interested me was the psychology of post WWII people driven to prevent another war versus the paranoia of the mob whipped up by Stalin.

I have also read books by Joe Navarro and FBI interrigation guidance. This is very interesting too.

One point the satellite show made was satellites were the cheapest verification solution. Joe says he found buying a beer and a packet of cigarettes worked.

I guess if “they” are collecting everything directly or indirectly an encryption backdoor makes economic sense as the cost to the FBI is effectively free. This is an intractible problem. Rather than confronting this head on I wonder if social policy and equality help more and whether this argument would help political paymasters reconsider allowing assualts on privacy?

Mark • January 11, 2018 5:42 PM

Fantastic. More American rubbish driving insecurity for the rest of us. Hopefully we can get away from the big American tech companies.

Bruce, when are you going to write the article that needs to be written? Your country is directly responsible for insecure products, services, and poor digital privacy. This is both driven through your country’s push of capitalism throughout the world and your pointless “national security” arguments.

I’m tired of it. Boycott all American products and services.

Wael • January 11, 2018 6:00 PM

@Ratio,

When I said “Devices are marked”, I was aluding to techiques like the ones described in this thread. Tell me something: can‌‌‍‍‍‍‍‍‍ you‌‍‌‌‌‌ read‍‌‌‍‍‌‍‍‍‍ between‌‌‍‌‌‍‍‌‌ the‌‍‌‍‍‍‍‍‍‍‍‍‍‌‍ words?

Here is a pregnant hint, using military-strength encoding that beats your industry strength one from last year! Tick-tock, Coitarice…

hmm • January 11, 2018 6:50 PM

“I’m tired of it. Boycott all American products and services.”

Isn’t that a bit of an overreach coming from one of the 5 eyeballs as you are though, Mark?
I don’t disagree with the sentiment or the underlying point though, you’re not wrong.
This stuff has to have limits, I’m not sure they exist yet.

Douglas Coulter • January 11, 2018 7:17 PM

@Clive
I’ve done up a bit of “toy” crypto for fun.
The real problem in my eyes is key exchange – and your method above is similar to what I had planned (my G+ pals are already playing with it online).

For that matter, you could just agree that the bits starting after some number in say, a kitten video you send the link to, are the one time key till updated. Your keyphrase is then just the number you begin at, using it in similar fashion to a one time pad after that – perhaps whitening it a bit to make it a little less obvious.

Obviously, no one’s actually going around breaking good crypto – it’s all side and back channel stuff in all but perhaps a rare and extreme case.

You could also (and I note in an interview with Snowden and Bruce this was quickly subject-changed) layer a few types of encryption, perhaps designing it so that a little garbage plaintext would show up if one layer got broken successfully. This would of course drive human analysts crazy with false positives – a little jihad and alan’s snackbar followed by more “just random white bits”. You could have all manner of fun using crap crypto that never the less takes a lot of cycles to crack, well known bad random number generators…and at some layer, some really good stuff that’s near-impossible to brute force. And of course, order the layers by using some of the bits of the hash of the pass phrase so it’s not the same every time.

But it’s all fantasy, the problem is that when they grab that level of control over everyone, you’re had, secrets kept or not. The current regime is just fine to for example, catch on very fast if more than a few people start to look like they are organizing to resist – they can be nipped in the bud before it’d be a big public splash….and that’s all that’s needed to keep a police state advancing.

But then…
You have all these “white noise” files on your system, or other issues they can decide not to like you about. Truth is, once “they” decide to not like you – you’re had, whether you did anything or not, or have crypto or not (ask Erdogan’s victims, or…it’s a long list as you know).

neill • January 11, 2018 7:23 PM

@Clive Robinson, hmm

how exactly this could be implemented in hard/software needs to be discussed. i assume that 3 letter guys can get into most internet traffic anyways, so instead of compromising encryption worldwide we can just give them some space in a datacenter (-tapearchive) to go wild. AFAIK at&t had some small locked rooms available for them at their COs in the past. let’s just discuss this publicly, instead of ‘cat&mouse’ games. maybe someone has good ideas with hypervisor trickery and dual links etc to get data in&out encrypted to WAN and plain to TAR. maybe we need silicone changes, too, for that separation (they are needed anyways after spectre/meltdown). and would someone convince intel please to take out the IME, i would not miss that thing a bit …

Douglas Coulter • January 11, 2018 7:23 PM

@hmmm
Re the US meddling.
We agree for once. Trying to “control the narrative” with violence, in person or in proxy, implies some real hubris that you can and know what’s best, or some real serious psychological problems or just plain evil intent if you don’t care what’s best for all – just you, and at that, only in the short term.
Yet we don’t seem to be able to stop. Money talks, and the MIC, as we were warned, needs enemies to scare us with so we’ll buy their stuff and spend our blood.

I found this an interesting intellectual journey, even though I don’t agree with all this guy’s sayings or politics. AI is here, and despite the twin jokes – one that it’s going to become real smart and take over, and the other that it’s real dumb and already has – well…that last one is closer to true in his world. Very interesting and I think worth the time.

https://www.youtube.com/watch?v=RmIgJ64z6Y4

“Hey, you broke the future” – corporations as the real AI threat.

hmm • January 11, 2018 7:43 PM

@Clive

https://en.wikipedia.org/wiki/Room_641A

Just a co-lo cage for vpn to UT/MD, people were shocked when they found out initially. Shocked! 😀

hmm • January 11, 2018 9:05 PM

@ Doug

I’m enjoying the video, it wastes no time to provoke some thoughts. Thanks

I’d tend to believe most anyone visiting this blog and reading Bruce’s insights and those of the interested community, they and I see more eye to eye than not – We all probably realize on some level we’re the boiling frogs right now and we’ve only got minutes to fix it.

None of our inventions is without flaws and the tools we have are well beyond the comprehension of 99%+ of the population. We’re already dependent on things we cannot recreate. AI could be well beyond 100%, if we achieve it. Who would be in a position to program it, argue with it? A VERY select few, like ministers in the king’s court. Would it not at some point rule us outright as we cede full dependence to it? Should we? Questions we ought to ask before plugging it in, dropping it on Nagasaki.

Intelligence is knowing what can be done and how, wisdom is knowing what to do and what not to do. Everything is a tradeoff. If we decouple one from the other the future will not include us. We have a ridiculously bad track record as a collective cognizance, and putting blind faith in man-made AI to solve these world problems to me is no different from a religion: Faith required, details are sketchy, you can’t really test it – and you’d better start praying now.

https://www.youtube.com/watch?v=15YgdrhrCM8

hmm • January 11, 2018 9:59 PM

@ Doug

Is that you out there with the microwave ion sources and xray cameras and whatnot? Looks like fun.

Clive Robinson • January 12, 2018 3:02 AM

@ echo,

One point the satellite show made was satellites were the cheapest verification solution. Joe says he found buying a beer and a packet of cigarettes worked.

Actually the reason the US stopped using HumInt and the likes of the U2 is their “two faced” attitude.

They had made the CCCP (USSR) out to be some evil hiding under the bed etc they had run thenselves into a propaganda cul de sac. That is they wanted to occupie the moral high ground over spying. Unfortunatly the CCCP were rather better at the propaganda. Thus having a U2 pilot paraded infront of cameras etc and the problem with US citizens doing an “OMG get him home from that evil at any cost” was a major political not fiscal cost issue.

So the US politicos decided to go down the HighTech route and put “spys in the skys” that did not have tear jerk humans on board, nor could be –at that time– shot down.

It in turn caused other major political problems. Due to a senior US person having large investments in the aircraft manufacturing orgsnisations Curtis LeMay was using for his nuclear deterant, missile/rocket solutions were effectively nixed. Thus the German rocket scientists the US had got via Operation Paperclip were sitting worse than idle on a US airforce base in some backwater. The bleeb bleep bleep of Sputnik at the top of the HF band which could be heard by any Ham Operator including many schools made it major major news. That was first called a fake by the US then when publicly confirmed beyond dispute via work in the UK (Jodrell bank) it became a major political disaster for the US. Witn the result being the start of the Space Race that the CCCP had a major advantage at (they only had to show successes unlike the US).

It’s a story that fills quite a number of books but it makes a fascinating and frankly enjoyable read.

Sarah • January 12, 2018 3:15 AM

It doesn’t mean diddly squat if gmail saves the plaintext, if one encrypt the text outside the browser, and then plops it into gmail.

echo • January 12, 2018 8:11 AM

@Douglas Coulter

Thanks for the link. It was fun listening to this while I was crashed out drooling face down on my sofa.

@Clive

The videos I watched had some bias. The better of the two alluded to what you said. Thanks for backfilling to round the story out. These other perspectives are often forgotten or not given prominence.

While Kennedy reigned in his more aggressive military leaders which is well documented on good books on the history of game theory which played a significant role in the Cold War I quite like Khrushchev. He at least acknowledged Stalinistic militarisation as took food out of peoples mouths and facilitated de-escalation. I guess, credit is due too to much lesser known “humans in the loop” who helped avert crisis on both sides.

Clive Robinson • January 12, 2018 8:46 AM

@ Doug,

As others are likely to be reading along I’m going to be a little more formal to stop them making assumptions that could hurt them.

So,

The real problem in my eyes is key exchange

Key Managment (KeyMan) is a way way more complicated process than most can even hazzard a guess at. Ignoring all the KeyGen, storage, distribution, audit and secure disposal issues you have the “turtles all the way down” issue of getting to the point of “Secuerly and covertly transfering the first/master key/seed/secret”.

Whilst the use of asymmetric PubKey can –maybe– give you a secure channel, it’s use in most occasions is not at all covert. Thus you need another layer of secure covert rendezvous protocols which means… yet another turtle. That’s why an in person meeting is what traditionaly it has boiled down to.

In some past cases a OTP typed on cigarette paper thats been washed in permangenate in a “brush by” in the street or similar using age old school field craft is the solution, but not “dead letter boxes” as the chain of KeyMat custody would be broken which is a major no no for KeyMan.

It’s an issue the open crypto community has been avoiding addressing for years, in part because Diffie-Hellmen was seen as a “good enough” solution to what may well turn out to be an intractable problem of “Holy Grail” proportions.

Which brings us around to the master secret issue. As you say,

For that matter, you could just agree that the bits starting after some number in say, a kitten video you send the link to, are the one time key till updated. Your keyphrase is then just the number you begin at, using it in similar fashion to a one time pad after that – perhaps whitening it a bit to make it a little less obvious.

Is fine for fun / experimentation, but as we now know the larger SigInt agencies that straddle communications choke points have a “Collect it all” policy with a “forever” clause on what might constitute crypto (including plain text that might be KeyMat). Stream ciphers which the OTP method is, using a public text makes it a week “Book Cipher” which are extreamly vulnerable to “Similar/Guesed Key” attacks. Put simply you do a trial run on part of a suspect “book cipher” and check the statistics of the output. Whilst incredibly dull work if done by hand it can be easily automated and increadibly fast these days with the entire top 100 alltime best sellers being fully checked for probables in mear seconds.

Which often gives rise to a thought process…

If you have an assumed secure cipher like AES256 and a secure mode to use it in on a public text how secure is the output, and can that be sufficiently secure to use as a practically secure One Time Pad with a little post encryption touch up[1]?

The answer is that it turns out to be likely to be less secure than using AES in CTR mode, due to the “reuse” issues inherant in plaintext. It’s thus actually more secure to use a seeded counter as the input to a block cipher and the plain text as extra whitening in a chain cipher[2].

The important point to note though is that you can not just use parts of a “book” such as a publicly available kitten video, you have not already used.

Which brings us around to the “Security and Communications end point” issue,

Obviously, no one’s actually going around breaking good crypto – it’s all side and back channel stuff in all but perhaps a rare and extreme case.

As always the SigInt agencies will go for the “easy route” where they can. However that may be a different approach depending on if it is a “targeted attack” rather than the prefered “hover it up” attack”.

If the security end point is before the communications end point they may just go directly to an “end run attack” at the HCI level as this will in most cases be valid plaintext. Thus the likes of the Signal protocol will not protect a user who has WhatSapp on a mobile phone. Because the likes of CarrierIQ and similar “tech support” software just logs not just the ciphertext comming in but likewise the plaintext displayed to the user, and sends it off to some server on the Internet where noboubt the SigInt agencies have “tee’d” the first upstream router to send them a copy of every users messages and plaintext at the HCI. Even if such software is not already on a smart phone the use of various Over The Air protocols will get it on there. Similar applies to connected desktops, laptops, netbooks, pads and PIMs. The clear message is “They own your device not you and they can do anything they please”.

Thus even is Apple goes to bat for you in one area they have no choice in others. Thus Cloud backups are not yours they are the Corporates and thus third party business records not even requiring a warrant from a judge, just an NSL at most…

To be secure the security end point not only has to be off the communicatiins device, it also has to be in effect “side channel” free to stop the hidden onwards comms channel. Thus the ciphertext must not be random uninteligable charecters, but an easily read apparently plaintext string that the human mind can easily remember. Without these properties it’s game over. So whilst the One Time Pad –cipher– “sounds cool” it’s a bit of a nightmare to use, thus the One Time Phrase –code– trumps it in many ways, providing you have sufficient fore knowledge to make a suitable code. Because a user can just look at the phrase and either immediately know what it means from memory, or can put the phone down and do other things untill they can surreptitiously slip of and look it up in the code book.

When it comes to OpSec “simplicity and ease of use” trump just about everything else almost every time.

But in addition also making an attackers life hard for little effort is almost always a good thing. Which brings us around to,

You could also (and I note in an interview with Snowden and Bruce this was quickly subject-changed) layer a few types of encryption, perhaps designing it so that a little garbage plaintext would show up if one layer got broken successfully. This would of course drive human analysts crazy with false positives

I’ve no idea why either Bruce or Ed would shy away from this area it’s a fairly standard thing and has been for so long its beard is longer than both mine and Methuselah’s combined.

If you look at a successfull hand cipher they rarely encrypt plaintext directly, they either compress or precode it before ciphering. This is the first level of making life harder for an analyst and something that must always be done with a stream cipher, which includes the One Time Pad[3]. If you look up the VIC cipher[4] you will see it has a simple method of changing the plaintext from a 26 member alphabet to a 10member alphabet using a “Straddling Checkerboard”, and as part of the process flattens the statistics quite a bit.

Most people do not think about using the straddling checkerboard or other compression system in reverse to change the “give away” near flat statistics of the One Time Pad into something with statistics that make it look like a simple non polyalphabetic cipher.

There is also the notions of “Russian coupling” and “Indicator embedding” to consider. You can obviously “plaintext embbed” as well.

That is you take your ciphertext output from the OTP break it at some point and move the first part to last. You then at the correct point put the indicator in, which is the normal procedure. Then decomoress it to change the statistics You then add random plaintext encrypted with a non polyalphabetic cipher and add it in using the equivalent of a grill method. This also has the ability to act as “nulls” to padout messages to a fixed size. Yes it makes the final message quite a bit longer but the old “minimum on air time” rule[5] does not apply to digital communications networks.

As I’ve said these techniques are not exactly new, they have been suspected to be in use with the likes of Numbers Stations and other “Home Station” broadcasts all through the cold war, and they have recently shown a resurgence of use, with North Korea supposadly putting more into service in the HF bands with skip down in most of the US and Europe. Also apparently causing interferance and jamming to existing services in South Korea[6] via NVIS antenna radiation which is difficult to DF beyond the ground wave (a mode I happen to like as well 😉

The problem is injudicious use of crypto which makes,

But it’s all fantasy, the problem is that when they grab that level of control over everyone, you’re had, secrets kept or not.

A point of concern.

It’s why the use of sensible One Time Phrases and effectively OffLine usage via the human mind is where it will end up as long as some method of communication is alowed. And I suspect there is way way to much invested in “Social Networking” for it to be stamped out. Whilst Governments can be powerfull they are far from onipotent, and it’s a quater to a third of a century to late to put Social Networking back in Pandora’s box. For instance it is known that even North Korea’s do Social Networking via Smart Phones on mobile phone networks in China. The cost of trying to stamp this out is too great compared to monitoring it. Thus the trick as normal is “looking innocent” and “staying under the radar”

There is a problem with TRNG derived One Time Pads that you note,

But then… You have all these “white noise” files on your system, or other issues they can decide not to like you about.

It’s why the question about AES256 or similar in CTR mode arises. As has been noted the RC4 stream generator was sufficiently simple that it could be memorised and coded in five minutes by even an average programer. There was also the Perl implementation of a crypto algorithm that was printed on a tee shirt that could also be memorised. We are bringing into this world a whole new generation of programmers who use Python which has certain advantages as most interpreters do. The thing is that we need crypto in many forms otherwise the first world economy will grind to a halt rapidly. In times past there were arguments about 40bit Crypto for Export but alowing full size hash algorithms to be exported. It takes very little in the way of brains to look memorise a Horst Feistel round structure and see how a hash function could replace the one way structures in the Feistel round. Likewise memorising a Key Expansion scheme using a hash function is very easy as is turning a hash function into a keyed stream generator. Writing the Python code to do this fron memory whilst not quite trivial is more than possible for quite a few people.

Thus writing a program to generate One Time Pad sheets to a printer or just typing the crypto/plain text in to get plain/crypto text out is more than possible if not easy with a little practice. Thus booting a disconected PC from a CD/DVD run from RAM distro and typing in the code into the python interpreter is a possability that gets around the use of TRNG derived “White Noise” files.

Whilst I’m not suggesting people do any of this, it will give then ideas they can work on such that if ever the need arises they have a position to fall back to.

As for “being selected” there is nothing you can do about that once it starts, it has to run it’s corse irrespective of anything you do. There are still people who lived through Senator McCathy’s “Unamerican Behaviour” witch trials, where people were more than happy to lie under oath about other people to either try and save their own necks or for the fame of being a star witness, or strut around being “A big man” in a snazzy uniform with lots of badges and medals. The US citizens sat there night after night watching it like a spectator sport and did nothing but sit and watch. This is a fairly common human failing and history shows it happening with regular monotony.

Put simply there are Authoritarian leaders, who can only maintain their position due to mindless authoritarian followers or chancers, and they only maintain their position because the rest of the citizens let them one way or another… As long as humanity does this then your chance of being selected is just pot luck, because of the “I’m alright jack” attitude untill it’s their turn for the “midnight knock”…

Like death it’s one of the few certainties in life. It’s what the various documents the founding fathers and others drew up to stop it happening. In all honesty do you think the authoritarian in the DoJ / FBI / NSA / CIA care one jot to the oath they swore to the Constirution? Nope me neither, how about their had selected authoritarian follows? Nope me neither. How about good old Joe public? Is his head out of the sporting pages? The Romans used Bread and Circuses, the West Beer and Sport. Mind you back in Ceasers day they were for free, these days theres a bunch of rent seekers holding their hands out to fleece you to the core.

Sorry to end on a grim note, but realy that’s the way of the Western world today and I doubt it’s going to be any better tommorow or the day after… It’s a get down –on your knees– or get out –of town– culture. You atleast have taken some steps away from it and I sure wish more than a few others would to.

[1] I won’t go into the details again, but genuine unbounded output from a TRNG is not suitable for making an OTP due to Run Length issues without having adjustments made to reduce plaintext leakage by changes in the output statistics. Nor for that matter is output from AES256 regardless of the modes you might use it in for the same reasons.

[2] Chain ciphers like 3DES whilst conceptually simple have a few issues that can be looked up. But if you think about it with 3DES if you use a seeded counter as the primary input you have three non output chain points you can add XOR type whitening. As long as one of the ciphers is keyed, you can use crypto hashes for other positions in the chain after whitening.

[3] People misunderstand how a stream cipher and in particular the OTP work and what their security promise is. They do not guarentee to make a message undecipherable, only to make all possible plaintexts equally probable. It’s one reason why an incorrectly made OTP can leak plain text and book ciphers can be broken by the sawbuck method. The way to limit this is to change the statistics of the plaintext first. That way the real plaintext looks like random gibberish and does not make it out of a simple fast statistical checking process as a “probable”.

[4] https://en.m.wikipedia.org/wiki/VIC_cipher

[5] Early “Spy Sets” are truly appaling in many respects, I’ve one or two in my collection along with Mil comms gear. WWII kit was “morse code” and was in effect a “keyed power oscillator” and a “Direct Conversion” converter to get side tone and reception. Often they would use a single crystal for frequency control and back in WWII these were not those tiny welded “relay can” HCU devices but bakalite containers the size of a matchbox with two bannana plugs 1/2inch appart at one end and a rubber gasket and screw down lid at the other with internal spring clips and plates to hold the natural quartz resonator. It realy did not matter if the key was down or not, it leaked signals from the oscillator all the time it was on and the German radio service were known to be able to Direction Find from upto ten miles away. Which made the life expectancy of all but a light traffic radio operator quite short unless they were very cautious and clever about their OpSec.

[6] http://nationalinterest.org/blog/the-buzz/north-korea-broadcasts-really-strange-messages-new-nuclear-20183

Petre Peter • January 12, 2018 9:47 AM

Remember! GAK (government access to keys) and maybe we’ll soon have a section here for it. It’s hard not to panic.

email • January 12, 2018 10:27 AM

Okay. Government can have our keys. In exchange we get freedom of information laws which mean something and data storage of official documents which doesn’t go walkies? I also propose in exhcange for an always monitored chasless society every state official who uses the phrase “because of national security” receives an increasingly powerful electric shock.

Puppy • January 12, 2018 11:08 AM

If everyone reading this blog would write their Reps and President via snail mail…it might make them wary of changing things.

Demand they get Wray fired. Demand they demote encryption foes. Threat works.

Allowing the courts to do the lifting on issues like this is dangerous. Courts are agents of government, and they are too easily hijacked by government for use against the citizenry.

No pile of letters threatening action? They’ll just run over encryption. This idea that they’ll stop without force from the public is just delusional. Insane.

We need a million ex military with locked and encrypted phones to cross our border while absolutely refusing to provide unlock codes. Big fights are dangerous…but those would help too. No one backs down without force.

Mud • January 12, 2018 11:10 AM

https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones

65535 • January 12, 2018 1:31 PM

@ Rick Lobrecht, Mike, Clive and many others

“Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.” ‘Ha – classic.’ –Rick lobrecht

I agree that statement from Deputy Attorney General Rosenstein is a humorous logical fallacy. It is another reason to read your personal communications without a search warrant.

“The term “responsible encryption” is nonsense. Either you encrypt or you don’t.”-Mike

You hit the nail on the head and there is nothing more to be said.

“It is unclear to me what public service of ‘domestic tranquility’ the FBI & civilian police intend to secure for the citizenry as a whole.”-Rhys

The answer is none.

The FBI and police want to go on a huge fishing expedition with little or no cost to them. The FBI has rarely stopped any crime with so called “high tech” methods. The FBI and the police use dubious methods and informants to get a conviction after a crime has occurred.

Look, no one ever said law enforcement was easy – it is hard and has been throughout the ages. Police work requires getting out of an overstuffed desk chair a doing hard grinding investigative work. If Rosenstein doesn’t like it he should not have joined the Bureau.

I think Rosenstein is a lazy over-paid bureaucrat who doesn’t want to leave his lavish office to catch criminals. The hardest task he has performed in the last few years is making a speech.

He wants push-button law enforcement with no regard to people’s rights. He wants dossiers on everyone but himself and never ending list of movements on all Americans at a press of a button from his custom Smartphone. He probably thinks routine police work is too strenuous to do. The Fourth Amendment are too inconvenient to follow.

But, it is a different story with his personal privacy. Try getting metadata on movements of Rosenstein personal/business cell phone and you will stopped cold.

He wants to create a one-way mirror so he can watch Americans while hiding his own prosecution activities however parallel constructed. His tutor, the NSA has to redact their definition of “meta-data” due to “National Security” which what he does. This shift of power to bureaucrats from the very citizens who pay salaries said bureaucrats is a stinks to high heaven.

He should stick to well known investigative tactics – not ordering internet providers to live stream their customer’s conversation to J. Edgar Hoover Building in DC.

I suggest Rosenstein stick to real investigative tactics using proper search warrants or leave the Justice Department.

Ooragnak • January 12, 2018 1:34 PM

Encrypt responsibly. Never drink and encrypt. Buzzed encryption is drunk encryption. Think of the children.

email • January 13, 2018 12:01 AM

“The FBI and police want to go on a huge fishing expedition with little or no cost to them.”

It’s true but given the ‘do more with less’ mantra can you blame them?

65535 • January 13, 2018 2:02 AM

@ email

“It’s true but given the ‘do more with less’ mantra can you blame them?”- email

Yes, I can.

The whole Justice Department is mainly over-paid lazy lawyers or corrupt cops that made into the J. Edgar Hoover Building by greasy political connections. They want convictions or plea bargains given them on a silver platters with little or no actual work.

I have had the unfortunate experience of working with a few. They are the bureaucrat’s version of military brat on steroids. They leak money like the Titanic. They need less money and more actual backbone and brain power.

Cut their budget by 35 percent. No more stingrays or Bat-mobiles stuffed with cell tower suckers and automatic license plate readers. I say the less money to them the better.

Jacques • January 13, 2018 2:18 PM

Rosenstein is right that many services like Gmail naturally keep
plaintext in the cloud.

Along the same vein, people actually don’t want the feature of being
targeted advertised to, nor the feature of having their stuff stored
insecurely to enable that. That’s why people have been leaving Gmail
for offshore services like Protonmail.

Exactly.

More and more people realise that Gmail is simply a massive surveillance system, and it was so from the beginning:
https://www.alternet.org/media/google-using-gmail-build-psychological-profiles-hundreds-millions-people

I’d also say that Gmail is actually not keeping plaintext naturally.
They could be dropping it, at least at request from its users, but they are keeping it as long as they wish. They percasive scanning and analysing emails’ contents of people who don’t use Gmail (they are just contacting others who do) and didn’t even sign they abusive “privacy policy”, which I consider unethical.

Clive Robinson • January 13, 2018 3:00 PM

@ Jacques, All,

More and more people realise that Gmail is simply a massive surveillance system, and it was so from the beginning:

Whilst the more savvy users have caught on, there are a whole host of users that even though they are clued up they have no choice. Some are considered our most vulnerable ie school children/students where there academic career is on various google storage center mass storage, which also means with high probability the NSA and other US IC entities have it as well.

Put simply schools, collages universities have been pushed by those like Deans who have their fingers firmly in the institutions till into Googles various offerings. Thus neither the the academics, the children/students or their parents have any choice, they get told “Use or be Failed/Expelled”…

It is as they say “Utter Madness” but those institutions that have now effectively become “Hedge Funds” have an insatiable desire for the students loan monies, but offer less and less in return. It’s now not at all unknown for a student to be taught/mentored and in effect supervised by older students, who are often paid way way less than they should be.

It is a disaster in not just the US Education system, and it does not bode well. The view of a number of –cash grabbing– “advisors” is “AI will replace the need for not just unskilled labour but all the way up to researcher assistants, technicians and engineers”… The trouble is they appear incapable of “joining the dots” in their arguments… This sort of thinking was around in the “money men” back it the Thatcher/Reagan era, with bold but stupid statments such as in the UK “We will only need a service industry” well we know how that played out several Banking Crisis and Recessions later, with “Quantative Easing” and it’s like robbing the bottom 99% of the population over and over for the massive benifit of the 1% of the 1%…

Jarda • January 14, 2018 4:40 AM

Here we have a new terminus technicus: Responsible encryption.
ROTFL!

65535 • January 14, 2018 3:32 PM

@ Clive Robinson

“…most vulnerable ie school children/students where there academic career is on various google storage center mass storage, which also means with high probability the NSA and other US IC entities have it as well. Put simply schools, collages universities have been pushed by those like Deans who have their fingers firmly in the institutions till into Googles various offerings.”-Clive R.

That is exactly the problem.

I take continuing Ed courses for various degrees and certificates at a college. The college forces all students to use Gmail internally. This is a huge leak of data.

Will say certain professors have heard about the NSA tapping into Google un-encrypted data lines between data centers, which is supposedly now encrypted, and they are using outside email providers, but the data at rest is not encrypted. I am betting Google sells it. I also think this google deal is entrenched into the medical industry. This is a travesty.

David • January 16, 2018 7:07 AM

“Responsible encryption is effective secure encryption, coupled with access capabilities.”

It’s thirteen o’clock, freedom is slavery, ciphertext is plaintext.

INGSOC wants you to be responsible. Don’t worry, you are not a slave who must remain completely transparent to INGSOC. You have rights, you are free, and Big Brother loves you.

Snake • January 16, 2018 4:51 PM

“I encourage you to carefully consider your company’s interests and how you can work cooperatively with us”

Comply, or else…

justina colmena • January 18, 2018 4:58 PM

… he proposes that tech companies decrease their communications and device security for the benefit of the FBI.

By making such a proposal as an official pronouncement of the U.S. Department of Justice, Rosenstein is guilty of a war crime known in German as Wehrkraftzersetzung, or hindering the war effort, in this case the war effort of the United States, that is, the continual and general efforts of U.S. citizens, businesses, and military forces to maintain preparedness for war, which is ever imminent in this day and age of terrorism and nation-state nuclear threats.

Rosenstein’s proposal is to the benefit of organized crime cartels, and certainly not at all helpful to FBI in its official duty to fight crime.

lurker2018 • January 19, 2018 3:38 AM

“I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.”

This is misdirection, he really means “companies should be forced to provide…”. All companies already “retain the capability to provide…”, they just choose not to.

If Microsoft, Google, Apple, etc. wanted to keep plain-text copies they could simply stick something on line 1232034 of the EULA stating:

“When you click the ‘encrypt’ button on our product, a plain-text copy is forwarded to our cloud prior to encryption”.

What Rosenstein is doing is typical government double-speak for something they want to force companies to do but make it look like it was their idea to volunteer.

Ratio • January 21, 2018 9:00 PM

@Wael,

Tell me something: can‌‌‍‍‍‍‍‍‍ you‌‍‌‌‌‌ read‍‌‌‍‍‌‍‍‍‍ between‌‌‍‌‌‍‍‌‌ the‌‍‌‍‍‍‍‍‍‍‍‍‍‌‍ words?

Hmm… I‍‌‍‍‍‌‍‌‍‍ think‍‍‍‍‌‌‍‌‌‌‌‌‌‌‍‌‍‍‍ you‌‍‍‍‌‍‌‍‌‌‌‌‍‍‍ know‌‌‌‌‌‍‌‍‍‍‍‍ the‌‍‌‍‌‌‌‌‍‍‍ answer‌‌‌‌‍ to‌‍‍‍‍‍‍‍‍‌‍ that‍‌‌‍‍‍‍‍‌‌‌‌‍‍ one. Or most of it, anyway. 🙂

Wael • January 21, 2018 9:13 PM

@Ratio,

Makes sense… Fight fire with fire, eh? lol

Ratio • January 22, 2018 1:01 AM

@Wael, exactly. : -) I need to finish this one so I can move on to the other one…

Wael • January 22, 2018 1:38 AM

@Ratio,

Forget about the Morse code one. The decoder isn’t very accurate (unless you know of an audio decoder of Morse code.) And I messed up the delimiters between letters anyway. I encoded dashes and dots but forgot the delimiter so the messsge is ambiguous. Even I forgot what I typed. Lol

The poem one is sufficient — I verified it several times.. Only one step left (the key is very easy to find — you only need a white belt in Google-Fu to find it.)

The limerick is wrapped in AES,
OpenSSL is a loosing bet
With a 256-bit key — no less!
Decrypt with https://aesencryption.net

You can do it! Don’t forget the address 😉
Speaking of poetry… here is a poem for you read by a child, the recording is old I think. Impress me and tell me two mistakes he makes. Impress me more and tell me the true story behind the poem — no time limit on this one.

Wael • January 22, 2018 2:00 AM

@Ratio,

no time limit on this one.

The story of the poem isn’t far off from the theme of this blog. It has to do with measures and counter-measures: how clever people can achieve what they want.

Ratio • January 22, 2018 4:00 AM

@Wael,

Forget about the Morse code one. […] I encoded dashes and dots but forgot the delimiter so the messsge is ambiguous.

You preserved word boundaries, though. I solved part of it by hand and will just brute-force the missing bits.

The poem one is sufficient […]

I thought I had the key, but after your comments I have more than one candidate. We’ll see.

here is a poem for you read by a child

TODO += that

I take it you didn’t solve my Morse code? (I used the exact same scheme you used.)

Wael • January 22, 2018 5:10 AM

@Ratio,

You preserved word boundaries, though.

I did? Lemme look at it in the morning. I was trying to decode the Morse code by ear, but I discovered I need more practice. Got rusty, I guess.

I thought I had the key, but after your comments I have more than one candidate. We’ll see.

I can’t help you with the key, and there is only one way to know the key you have is correct! It changed gibberish into world-class literature! This is the simplest part of the fecodng process!

I take it you didn’t solve my Morse code? (I used the exact same scheme you used.)

I know you did (fire with fire) and I, didn’t solve it. Still recovering in bed.

Wael • January 22, 2018 11:35 AM

@Ratio,

I didn’t solve it

It’s impossibly long to decipher (my own puzzle!) I found a decoder that decodes morse code without spaces. My only other choice was to use an audio decoder to decode the message (I think it was the same.) But the audio decoder doesn’t work very well — you may have better luck. Next time I won’t forget the delimiters, which will be hard to do in a stealthy manner since we only have two invisible symbols to work with. If there is a third one it would be a lot easier. I think we can get around this as well by spelling out “dit”, “dot” explicitly, but that’s very inefficient. Here is some few commands / “scripts” to help you with similar things…

_{Scan a page:

curl https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_530.html#c6768390 > scan.txt}

_{ZJWN to Binary:

perl -pe ‘s/‍/0/g;s/‌/1/g’ < scan.txt > bin.txt}

Strip spaces:
_{perl -pe ‘s/ //g’ < bin..txt > stripped.txt}

I’ll give up on this — but the idea was demonstrated, nonetheless.

Wael • January 22, 2018 11:57 AM

@Ratio,

Dang! Not playing with a full deck today… the parser ate the “>” signs and I am tool tired to map them for proper rendering…

perl -pe ‘s/\x{E2}\x{80}\x{8D}/0/g;s/\x{E2}\x{80}\x{8C}/1/g’ < scan.txt > out.txt

The above is for text that was copied into vi. you can do similar things for text that was obtained using “curl”, but have to replace the hex codes with ZWJ/ZWNJ …

Ratio • January 22, 2018 5:08 PM

@Wael,

It’s impossibly long to decipher

The first three words are: “MESS NOT WITH”. Too many interruptions to completely solve the other two by hand, but generating all possible solutions shoudn’t be too hard. (I do have to keep my earlier limitations in place, as you’ll understand once you decipher my Morse code.)

Next time I won’t forget the delimiters, which will be hard to do in a stealthy manner since we only have two invisible symbols to work with.

Maybe there are other invisible‌‍‌‌‏‎‍‏‎‍‍‍ symbols one could use? 😉

Wael • January 22, 2018 5:24 PM

@Ratio,

The first three words are: “MESS NOT WITH”.

Impressive! +1

Lol! I almost remember now 🙂

Mess not with me, dawg (or Chief) or something like that 🙂

I’ll look with a magnifying glass at your text later. I have work to do, and it’s starting to look like an all-nighter 🙁

Wael • January 22, 2018 5:41 PM

@Ratio,

(I do have to keep my earlier limitations in place, as you’ll understand once you decipher my Morse code.)

And I think I know what these limitations are without deciphering the text (I honestly haven’t yet.) I can almost decipher your mind 😉

Ratio • January 22, 2018 7:00 PM

@Wael,

Mess not with me, dawg (or Chief) or something like that 🙂

Game was rigged: there should have been a delimiter between the word “ME” and the comma. (It was “CHIEF”. Lots of dots.)

Assuming a text message in $_ and mapping from (uppercase) symbols to Morse code in %MORSE, you can use this (untested) snippet to encode and print:

print s/(.)/$MORSE{uc $1}/eg;

(Untested. Perl is rusty. You’ve been warned.)

And I think I know what these limitations are without deciphering the text (I honestly haven’t yet.) I can almost decipher your mind 😉

Could be. Could be. 😉

Ratio • January 22, 2018 7:15 PM

@Wael,

This should actually work:

s/(.)/$MORSE{uc $1}/eg; print;

Wael • January 22, 2018 11:30 PM

@Ratio,

.-…-.-.. REAL
….–.——-.-… –> Whoa, there are 136650 actual solutions.
-…-.-.—-… DECODE
—–.-….. MORSE
-.-.—-… CODE
—-. ON
-……..-. –> THIER
.–…..—-.. –> PHONE

Maybe there are other invisible‌‍‌‌‏‎‍‏‎‍‍‍ symbols one could use? 😉

Didn’t search for all the non-printing characters. RLM, eh? Cool! But quite honestly this Morse Code crap isn’t suitable for secret communications. I felt like I’m playing Wheel of Fortune with this one, and I don’t have the patience for the second word — tried to guess a bunch of things out of the possibilities… Nada…

OK,

Tick-Tock, Coitarice! 🙂

@Ratio • January 23, 2018 12:20 AM

@Ratio,

Three symbols in total now! Update your multiplication table: 11 x 12 = 202
You know, if we encode using a Ternary numeral system, we could cause some real damage! Forget bits! One trit[1] is equivalent to 1.58496 bits of information.

[1] Be careful not to drop the “R”, or you could get into a world of hurts real fast. That’s one disadvantage. One mistake and you could be thrown in a jail-cell as cold as a witch’s “trit”.

Wael • January 23, 2018 12:25 AM

@Ratio,

Three symbols in total now!

That was me, chief! Dang! I need some sleep! I got an illegitimate sock puppet named @Ratio now! Who’s yo Daddy? lol

Ratio • January 23, 2018 12:36 AM

@Wael,

Whoa, there are 136650 actual solutions.

So close, and yet so far…

@@Ratio,

Three symbols in total now!

Actually, four: &lrm; / &rlm; / &zwj; / &zwnj; Been a long day, huh? 😉

Wael • January 23, 2018 12:48 AM

@Ratio,

So close, and yet so far…

Kinda like the distance between you and the key. And knowing how evil you are, it’s probably an Arabic word.

Been a long day, huh? 😉

Very long week! You can tell how much sleep I got by how goofy I am. My goofiness is directly proportional to the number of hours I’ve been awake. G = K * N; G = Goofyness, N = # Hours up, K is … I don’t know plank’s constant or Avogadro’s number or something else.

Ratio • January 23, 2018 1:05 AM

@Wael,

Kinda like the distance between you and the key.

That was uncalled for! 🙁

And knowing how evil you are, it’s probably an Arabic word.

Missed opportunities… Six letters. … and I’m out of hints. 🙂

K is …

The Quantity. You know, كم.

Ratio • January 23, 2018 1:09 AM

@Wael, “missed opportunities” was not a hint. (I should have used an Arabic word.)

Wael • January 23, 2018 1:19 AM

@Ratio,

That was uncalled for! 🙁

Lol!

Six letters. … and I’m out of hints. 🙂

I see your hint, and lower you this: the key is five characters long. No more hints!

Wael • January 23, 2018 2:22 AM

@Ratio,

I knew it! Real Spooks Decode Morse Code On Their Phone! 🙂

The Quantity. You know, كم.

Accent marks can make a huge difference in meaning here! It could mean a “sleeve” or “quanta”, as in Quantum Mechanics. Also means “how much”, which is what you probably mean! Very few hours of sleep this week.

Ratio • January 23, 2018 4:23 AM

@Wael,

No more hints!

Earlier I thought you meant the rhyme scheme of the longer poem, but then you kept bringing up the limerick. Without even checking, I’ll tell you right now that the 5 letters “ΑΑΒΒΑ” (all uppercase, all lowercase, or mixed) are not the key I need. What is your response?

I knew it! Real Spooks Decode Morse Code On Their Phone! 🙂

That’s +1. Another +1 if BSPMBS (a.k.a. The Stoner) can confirm. 😉

Also means “how much”, which is what you probably mean! Very few hours of sleep this week.

It is, and so it seems.

Wael • January 23, 2018 4:35 AM

@Ratio,

I’ll tell you right now that the 5 letters “ΑΑΒΒΑ” (all uppercase, all lowercase, or mixed) are not the key I need. What is your response?

My response: you are right! Read the poem!

Don’t run out of steam; Remember, and you’ll be done; The key’s the rhyme scheme, Replace B with zero and A with one

BSPMBS is sick, I hear.

Ratio • January 23, 2018 4:54 AM

@Wael,

(Don’t worry, I hadn’t forgotten about A → 0 and B → 1.)

Notice anything odd about “ΑΑΒΒΑ”?

BSPMBS is sick, I hear.

Tell BSPMBS to get well soon.

Ratio • January 23, 2018 4:58 AM

@Wael,

Oops. The other way around: A → 1 and B → 0.

Wael • January 23, 2018 5:08 AM

@Ratio,

Oops. The other way around: A → 1 and B → 0.

Yes, I noticed. Good mapping. You have the gibberish right, you have the key right. Did you follow this:

The limerick is wrapped in AES, OpenSSL is a loosing bet With a 256-bit key — no less! Decrypt with https://aesencryption.net

? – because that produces world-class literature for me! I’ll forward him your regards 😉

Ratio • January 23, 2018 5:21 AM

@Wael,

Don’t worry about the gibberish; I’ll have “world-class literature” later.

I was just asking when “AABBA” is not “ΑΑΒΒΑ”. (Inspiration: key + hidden info.)

Wael • January 23, 2018 5:41 AM

@Ratio,

I looked and saw nothing special — maybe the skull is getting too heavy and the eyes too dim.
The only thing I noticed about AABBA is an extra letter! Used to hear the band play all day long on this street – every day! Not that I wanted to hear them. They just had the recording going on all the time. They probably still do.

Wael • January 23, 2018 5:45 AM

@Ratio,

And I looked with my magnifying glass, saw the secrets.

Clive Robinson • January 23, 2018 7:54 AM

@ Wael,

BSPMBS is sick, I hear.

I had heard he was a weedy sort, obviously the BS has got to him. Perhaps a change would be as good as a rest… Maybe he needs to get out and just smell the grass instead?

Obviously if he so tired he needs to avoid getting burned, out side up on a stretch might be better for him.

Bong-Smoking Primitive Monkey-Brained Spook • January 23, 2018 8:44 AM

My ears are burning.

Bong-Smoking Primitive Monkey-Brained Spook • January 23, 2018 9:23 AM

@Ratio,

Real Spooks Decode Morse Code On Their Phone! 🙂

I’ll unravel and crack anything in my bong and then I’ll drink the solution. I live on the edge, baby!

Wael • January 23, 2018 2:00 PM

@Ratio,

Don’t worry about the gibberish; I’ll have “world-class literature” later.

World class, it is! But…

I’ll have to give you the same response I gave @Buck a while back! No pressure. Clock is ticking, tomorrow is the time. Tick-Tock, Coitarice 🙂

Waiting for the clock to hit top of the hour before I push submit

@Buck, where have you gone, mate?

Ratio • January 23, 2018 4:00 PM

@Wael,

Remind me, when’s the deadline exactly? Your tick-tock doesn’t seem to say. (I got out my own magnifying glass and all.)

@Bong-Smoking Primitive Monkey-Brained Spook,

I’ll unravel and crack anything in my bong and then I’ll drink the solution. I live on the edge, baby!

This is not in any spook handbook, I assume?

Wael • January 23, 2018 5:35 PM

@Ratio,

Deadline removed. You got the major part done, and the rest is just a formality for completion. Post it when you feel like it 😉 No need for glasses this time!

Bong-Smoking Primitive Monkey-Brained Spook • January 23, 2018 6:51 PM

@ Ratio:

This is not in any spook handbook, I assume?

Are you a whistleblower or something? Have a sip. 🙂 Now repeat after me, ten times: I can neither confirm nor deny we are spooks.

Ratio • January 23, 2018 7:24 PM

I’ll do it once. Holler if you need reps:

I can neither confirm nor deny I’m a spook, @Bong-Smoking Primitive Monkey-Brained Spook.

Your cover story is you’re a spook?! Are you high!?! blink Oh, right. Never mind.

Clive Robinson • January 23, 2018 9:20 PM

@ BSPMBS,

I can neither confirm nor deny we are spooks.

Well thanks for telling the world…

The boys in the “service” do not use the word “spooks” ever, they are and ever have been “Officers of His/Her Britanic Majesty’s Government”. Ever since Mr “C” Cunningham made them “Pasport Officers”.

So the line should be,

the points you have raised

As for the ‘clodies’ on your side of the pond they have their own PR people call your people for a meeting in the old capital building, for an official “off the record” briefing. Apparently Hayden and Rice did a lot of these…

Bong-Smoking Primitive Monkey-Brained Spook. • January 24, 2018 3:18 AM

@Ratio,

Your cover story is you’re a spook?!

If you wear glasses‍‌‍‍‍‌‍‌‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‌‍‍‌‌‌‍‌‍‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‌‌‍‍‌‌‍‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‌‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‍‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‌‌‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‌‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‍‌‍‍‍‌‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‌‍‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‌‌‌‌‌‌‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‌‌‍‍‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‌‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‍‍‌‍‌‌‌‌‍‍‌‍‍‌‌‌‌‌‌ then you are a spook. Cover is Reverse Psychology. Don’t expect any replies today. I already started counting sheep (reached a large number, but still counting.)

Spooksvile Cats • January 24, 2018 11:03 AM

@ BSPMBS,

Have a look at the visable length of your comment above with that on the 100 latest comments page…

For some reason it thinks your post is way longer than it appears…

Mike Barno • January 24, 2018 11:09 AM

@ Spooksvile Cats :

Have a look at the visable length of your comment above with that on the 100 latest comments page…

For some reason it thinks your post is way longer than it appears…

The newest-comments page trims all comments beyond a certain length, and inserts a “Read More” link to the original page with the XXL-size full comment.

Mike Barno • January 24, 2018 11:19 AM

@ Spooksvile Cats :

…and I see it inserts the “Read More” link after only a short apparent squib, rather than after a full paragraph or two. So the software must be counting characters, not lines, and that first line of text must include enough of those non-displaying Unicode characters. Those frequent commenters are using that trick as proof of concept for a secret communication technique that was discussed in another article here.

Sharp catch.

Bong-Smoking Primitive Monkey-Brained Spook • January 24, 2018 12:34 PM

@ Spooksvile Cats:

For some reason it thinks your post is way longer than it appears…

It’s not a bug – it’s an undocumented feature! You need to wear your spook glasses to understand 😉

Spooksvile Cats • January 24, 2018 5:18 PM

@ BSPMBS,

It’s not a bug – it’s an undocumented feature! You need to wear your spook glasses to understand 😉

Dis cat thingy, don’t need no glasses to spot de obvious.

@ Ratio,

Eyes a thinking you needs to get down on dat BSPMBS’s case and tippy tappy to der beat 😉

Wael • January 24, 2018 6:21 PM

@Spooksvile Cats, cc: @Ratio,

Eyes a thinking you needs to get down on dat BSPMBS’s…

making a bag of popcorn and awaiting the stoner to be schooled… The suspense is killing me 🙂

Ratio • January 24, 2018 6:31 PM

@Bong-Smoking Primitive Monkey-Brained Spook,

If you wear glasses‍‌‍‍‍‌‍‌‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‌‍‍‌‌‌‍‌‍‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‌‌‍‍‌‌‍‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‌‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‍‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‌‌‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‌‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‍‌‍‍‍‌‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‌‍‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‌‌‌‌‌‌‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‌‌‍‍‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‌‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‍‍‌‍‌‌‌‌‍‍‌‍‍‌‌‌‌‌‌ then you are a spook.

Are you wearing your glasses? You’ll be needing them. 😉

@Spooksvile Cats,

Eyes a thinking you needs to get down on dat BSPMBS’s case and tippy tappy to der beat 😉

It’s got a beat, alright. And a pounding base-2. 😉

@Wael,

You reading along? Don’t need glasses to figure this one out, huh? Or do you? 😉

Wael • January 24, 2018 7:02 PM

@Ratio,

Are you wearing your glasses? You’ll be needing them. 😉

Won’t help him! His eyes are too cloudy from the last puff he took from his newest Nargileh 🙂

You reading along? Don’t need glasses to figure this one out, huh? Or do you? 😉

Why you little devil! That was ingenious! Mua ha ha ha! Next one will use OpenSSL. And since you introduced me to two new bad boys, the encoding will be Quaternary — a tough one to decipher for the most sophisticated _PeepingTom, Dick_Head, and _DirtyHarry™ ‘s of the world.

You’ll need a 3-D polarized glasses and Stereographic Vision for the next one. Stay tuned, but don’t hold your breath. May take some time.

Mike Barno • January 24, 2018 7:47 PM

@ Wael, Ratio, Monkey-Brained :

The best tool I can find for this is a 1962 View-Master. No digital processing, no OpenSSL, but, oh boy!, it’s stereoscopic 3-D. So the hidden information is: Disneyland! Nikita Khrushchev was right.

Ratio • January 24, 2018 8:00 PM

@Wael,

Won’t help him!

A spook who’s into pharmacology, optics, cryptanalysis, and much else? Don’t you underestimate Those Kinda People! (A +1 for you if you understand within 24 hours. And an extra +1 if within the next hour. Shouldn’t be too hard.)

the encoding will be Quaternary

Just remember this. (Sorry.)

You’ll need a 3-D polarized glasses and Stereographic Vision for the next one.

You’re making me fill out forms in triplicate here. Do they even issue those? Ah well, I’ll find out, I guess…

Wael • January 24, 2018 8:05 PM

@Mike Barno,

1962 View-Master. You’d better start getting used to wearing one of them glasses. You may need it in the future 🙂

stereoscopic

That’s the word I was looking for! Thanks!

Wael • January 24, 2018 8:11 PM

@Ratio,

A spook who’s into pharmacology, optics, cryptanalysis, and much else? Don’t you underestimate Those Kinda People!

A description of BSPMBS?

Ratio • January 24, 2018 8:20 PM

@Mike Barno,

The best tool I can find for this is a 1962 View-Master.

The Model G, of course. Good thinking.

@Wael,

A description of BSPMBS?

That’s the obvious part. Anything else? (40 mins for +2)

Ratio • January 24, 2018 8:45 PM

@Wael,

A hint: he’s one of Those Kinda People. The question is, who is he? (15 mins for +2)

Wael • January 24, 2018 8:52 PM

@Ratio,

Looking here: https://acronyms.thefreedictionary.com/TKP

I’ll do it for +2 bitcoins. Deal?

Wael • January 24, 2018 8:54 PM

@Ratio,

TLA’s

Ratio • January 24, 2018 9:00 PM

@Wael,

Nope. You’re looking at the right words, but your View-Master ain’t working. 😉

(I own 0 cryptocurrency. You’ll have to settle for points —and eternal glory— for now.)

Wael • January 24, 2018 9:05 PM

@Ratio,

So after I reprieved you, you come back and hit me with a few minute time-limit? I don’t have my glasses on (in case they’re needed.)

I own 0 cryptocurrency.

Post the goddamn world-class piece of literature, then and earn some!

Ratio • January 24, 2018 9:30 PM

@Wael,

No special glasses or any other technology needed.

[…] you come back and hit me with a few minute time-limit?

It’s just that it’s so easy. But fine, have another hour, starting now, for +2. I’ll even throw in an extra hint: I sometimes drop my aitches. 🙂

(If you keep going on about literature, I’ll work that into your final hint.)

Wael • January 24, 2018 9:41 PM

@Ratio,

Deja Vu! And you’re posting at half hour boundaries again! Sell me another hint for half a point. Come on, Chief! I’m still not fully recovered.

Ratio • January 24, 2018 10:00 PM

@Wael,

Sell me another hint for half a point.

There are only so many hints I can give. Here’s a hint regarding literature, just for you: Those Kinda People have been known to produce great poetry. (You get to keep your half a point, and I’ll add another 30 minutes for your +2. After that, it’s +1 for the next 24 hours, and niente after that.)

Good luck! 🙂

Wael • January 24, 2018 10:03 PM

@Ratio,

I got it before the hint. It’s one of the band you posted. Will nail him down in a jiffy.

Ratio • January 24, 2018 11:00 PM

@Wael,

It’s one of the band you posted.

No, that video was about the symbols in any future “quaternarily-encoded” Morse code: Keep ’em Separated. 🙂

This is all the info you could possibly need to solve it:

[A spook] who’s into pharmacology, optics, cryptanalysis, and much else? Don’t you underestimate Those Kinda People!
He’s one of Those Kinda People. The question is, who is he?
I sometimes drop my aitches.
Those Kinda People have been known to produce great poetry.

Note that I bracketed “a spook”. (Your final hint for today.)

Wael • January 25, 2018 2:30 AM

@Ratio,

You might need your regular‍‌‍‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‌‌‌‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‌‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‍‍‌‌‍‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‍‍‍‌‍‌‌‌‌‍‍‌‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‌‍‍‍‍‌‍‌‌‍‍‌‍‍‍‍‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‍‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‍‌‍‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‌‍‌‌‌‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‍‍‍‌‍‌‌‌‍‍‍‍‍‌‍‌‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‌‌‍‌‌‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‍‌‌‍‍‌‌‌‍‌‍‍‍‌‍‌‌‌‌‍‍‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‍‌‍‌‌‌‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‌‍‍‌‍‌‌‌‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‌‍‍‌‌‌‍‍‌‍‌‌‌‌‍‌‌‍‍‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‌‌‌‍‍‌‌‍‍‌‍‍‍‌‌‍‍‍‍‍‍‌‌‍‍‍‌‍‍‌‌‌‍‍‍‍‍‌‍‌‌‌‌‍‍‌‌‍‍‍‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‌‌‍‌‌‌‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‌‍‌‌‌‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‍‌‌‌‌‌‍‌‌‍‍‌‌‍‍‌‌‍‍‍‌‍‍‌‌‍‌‍‍‌‍‍‌‍‌‌‌‍‍‌‌‍‌‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‌‍‌‍‌‌‍‌‌‍‍‍‍‌‍‍‍‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‍‌‍‍‌‌‍‍‌‍‍‍‍‍‌‍‌‍‍‍‌‌‍‍‌‍‍‍‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‌‌‌‍‍‌‍‌‌‌‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‌‌‍‌‌‍‌‌‍‌‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‍‍‍‌‌‍‍‌‍‌‍‍‍‍‌‍‌‍‍‍‌‌‍‍‌‌‍‍‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‍‌‌‍‌‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‌‍‌‍‍‌‌‍‍‌‍‍‍‌‌‍‌‍‌‍‍‌‌‍‌‌‍‍‍‌‍‌‌‍‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‌‍‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‌‍‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‌‌‌‍‍‌‌‌‍‌‍‍‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‍ glasses for this one. ‍‌‍‌‍‌‍‌‍‍‌‌‍‍‌‍‍‌‍‍‍‌‌‍‍‌‌‌‍‍‌‌‍‌‌‍‍‌‍‍‍‌‍‍‍‌‌‌‍‌‍‌‍‌‌‍‍‌‌‍‌‍‌‌‍‌‍‌‌‍‍‍‍‍‌‌‍‍‍‌‍‍‌‌‌‍‍‌‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‍‍‌‌‍‌‍‍‌‍‌‍‍‌‌‍‍‍‍‌‌‍‌‍‌‍‍‌‌‍‍‍‌‍‌‍‍‌‌‌‍‍‍‌‌‍‍‌‌‍‍‌‌‍‍‌‍‍‌‌‌‍‌‌‍‍‌‍‌‍‍‍‌‍‌‌‌‌‍‍‍‍‌‌‌‍‍‌‍‍‌‍‌‌‍‍‌‍‌‌‍‍‍‌‍‍‌‍‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‌‍‌‌‍‌‍‌‍‌‍‍‌‌‍‌‌‌‍‍‍‌‍‌‌‍‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‍‌‍‌‍‍‌‍‍‍‌‍‌‍‌‌‍‍‍‍‌‍‌‌‍‍‌‌‍‍‌‌‍‌‍‌‍‍‌‌‌‍‌‌‍‍‌‍‌‍‍‍‌‍‍‌‌‌‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‍‌‌‍‍‍‌‍‌‍‍‌‌‍‍‍‌‌‍‌‍‍‍‍‌‍‍‌‌‌‍‍‌‍‍‍‌‍‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‌‍‍‍‌‍‌‍‌‌‍‍‌‌‌‍‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‍‍‌‌‍‍‍‍‍‌‌‌‍‍‍‍‍‌‍‌‍‍‌‌‍‌‍‍‍‌‍‌‍‌‌‌‌‍‍‌‍‌‍‌‍‍‍‍‍‌‍‍‍‌‍‌‍‍‍‍‌‍‌‍‍‌‌‌‍‌‌‍‍‌‌‌‍‍‍‍‍‌‍‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‍‍‌‌‍‌‍‍‌‍‌‍‌‌‍‌‍‌‍‍‌‍‍‌‌‍‌‌‌‌‍‍‌‌‍‌‍‌‍‌‍‍‍‌‍‌‍‌‌‍‌‍‍‍‍‌‍‍‍‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‍‌‍‌‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‍‍‌‍‍‌‍‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‍‌‌‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‍‍‌‍‍‍‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‍‌‍‍‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‍‍‌‍‍‍‍‌‍‍‌‌‍‌‌‍‌‍‌‌‌‍‌‌‌‍‍‌‌‍‍‍‍‍‌‌‍‌‌‍‌‍‌‌‍‌‍‍‌‍‌‍‍‍‌‌‍‍‌‍‍‍‌‌‍‍‍‌‌‍‍‌‍‍‌‍‍‌‌‌‍‍‌‌‌‌‍‌‍‍‌‍‌‍‌‍‌‍‌‍‍‍‌‍‍‍‌‍‌‍‌‌‌‍‌‍‌‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‍‍‌‍‍‌‌‍‌‍‌‌‍‍‍‌‍‍‌‌‌‍‌‌‍‍‌‍‌‍‍‍‌‍‌‌‍‌‍‌‍‍‌‌‍‍‌‌‌‍‌‍‍‍‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‍‍‌‍‌‍‍‌‍‌‌‍‌‍‍‌‌‍‌‍‍‌‌‌‍‍‌‍‌‍‍‌‍‌‍‍‌‌‍‍‍‍‌‍‌‍‍‍‌‍‌‍‌‌‍‌‍‌‍‍‌‌‌‍‌‌‍‍‍‌‍‌‍‌‌‍‍‍‍‌‍‌‍‍‌‍‌‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‍‍‍‌‌‌‍‌‌‍‌‍‍‍‍‌‌‌‍‍‌‍‍‌‌‌‌‍‍‍‍‌‌‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‌‌‍‍‌‍‍‍‌‌‍‌‌‌‍‌‍‍‍‌‍‍‍‌‍‌‍‍‌‌‍‌‍‍‌‍‍‍‍‌‌‍‌‌‍‍‍‌‍‌‍‌‌‌‍‌‌‍‌‍‌‌‍‌‍‍‌‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‍‌‍‍‌‍‌‍‌‍‌‍‌‌‍‍‌‌‍‍‌‍‌‍‍‍‍‍‌‍‍‍‍‌‌‍‌‍‍‍‍‌‍‍‌‍‍‍‌‍‍‍‌‍‌‌‍‍‌‍‌‍‌‍‌‌‍‍‍‌‌‍‌‍‍‍‌‍‌‌‍‍‌‍‌‌‌‍‌‍‌‍‌‍‍‌‌‌‍‍‌‌‍‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‍‍‍‍‌‍‌‍‌‍‌‍‍‍‌‍‌‍‍‌‌‍‍‌‍‌‌‌‌‍‌‌‌‍‍‌‌‍‌‍‍‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‌‍‍‌‍‌‍‌‌‍‍‍‍‍‌‌‌‍‍‌‍‌‍‍‍‌‍‍‍‌‌‌‍‍‌‌‍‍‌‌‍‍‌‍‍‍‌‌‌‍‍‌‍‌‍‌‌‍‌‍‍‌‌‌‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‌‍‍‌‍‍‌‍‌‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‍‍‍‌‌‌‌‍‍‍‍‍‌‍‌‌‌‌‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‌‍‌‌‍‍‌‌‌‍‌‍‌‍‍‌‌‍‍‍‌‍‌‌‌‍‍‍‍‍‌‌‍‌‍‌‍‍‍‍‍‌‍‌‍‍‌‌‍‌‌‌‍‍‌‌‍‌‍‌‍‍‌‍‍‌‍‍‌‍‌‌‌‍‍‌‍‍‍‌‌‍‍‌‍‍‌‍‍‌‍‍‌‍‌‌‌‍‌‌‍‍‌‌‍‌‌‍‌‍‌‌‍‍‌‌‌‍‌‌‍‍‌‌‌‍‌‌‌‌‍‍‍‍‌‌‌‌‍‍‍‍‌‍‍‌‍‌‍‍‍‌‌‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‍‌‌‌‍‍‌‍‌‌‌‌‍‌‌‌‍‍‍‍‍‌‍‍‌‌‌‍‍‌‍‍‍‍‌‍‍‌‌‍‌‌‍‌‍‌‌‌‍‍‌‌‍‌‌‍‌‌‍‌‍‌‍‍‍‌‍‌‍‌‌‌‍‌‍‍‍‌‍‍‌‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‍‌‍‍‌‍‍‌‍‍‍‍‍‌‍‌‌‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‍‌‍‌‍‌‍‍‍‌‌‍‍‌‍‍‍‍‌‌‍‌‍‌‍‌‌‌‍‌‍‌‌‍‍‍‍‍‌‌‌‍‍‍‍‌‌‍‍‌‌‌‍‌‌‍‌‍‌‍‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‍‍‍‌‌‌‍‍‍‍‌‍‍‌‍‌‌‍‌‍‌‌‍‍‍‍‍‌‌‍‌‍‌‍‌‌‌‌‍‌‍‍‌‍‌‍‍‍‍‍‍‌‌‌‍‍‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‍‌‍‌‍‌‍‌‍‍‍‌‍‌‍‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‍‍‌‍‍‌‍‌‌‍‌‌‌‍‌‍‌‍‌‍‌‍‌‌‌‍‌‍‍‌‌‍‍‍‌‍‍‍‌‌‌‍‍‍‍‌‍‌‍‍‌‌‍‌‌‍‍‍‌‍‍‍‍‌‍‍‌‌‍‌‍‌‌‍‍‌‌‍‍‌‌‍‌‌‍‌‍‍‌‍‍‌‌‍‍‍‍‍‌‍‍‍‌‌‍‍‍‌‍‌‌‌‌‍‍‌‌‍‌‌‍‍‌‌‌‍‌‍‌‍‌‍‍‍‌‌‌‍‌‌‍‌‍‍‌‍‍‌‍‌‍‌‌‍‌‌‍‌‍‍‌‍‌‍‌‍‌‍‍‍‍‌‍‌‌‌‌‍‌‍‍‌‍‍‍‍‌‌‌‍‍‌‌‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‍‍‌‍‌‍‌‌‍‌‍‍‌‌‍‍‍‌‌‌‌‍‍‍‍‍‌‍‌‌‌‌‍‍‌‌‍‍‍‌‍‌‌‍‍‌‍‍‍‌‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‌‌‌‍‌‌‌‍‌‍‍‌‍‍‍‍‌‍‍‍‍‌‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‌‌‍‌‌‍‌‍‌‌‍‌‌‍‌‌‍‍‍‌‌‌‍‍‍‌‍‍‌‌‍‍‌‌‍‌‍‍‌‌‍‍‍‌‍‌‌‍‌‍‍‌‌‌‍‌‍‌‍‌‌‌‌‍‌‍‍‌‍‍‌‍‍‍‍‍‌‍‌‌‌‌‍‌‍‍‍‍‍‌‍‌‍‍‍‍‌‍‍‌‍‌‍‌‌‌‍‌‌‍‌‍‍‌‍‌‌‌‍‌‌‍‍‌‍‌‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‌‌‍‍‌‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‍‍‌‍‌‍‌‌‌‍‌‌‌‍‌‍‌‍‌‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‌‌‍‌‍‌‍‌‌‍‍‍‌‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‌‌‍‌‍‌‌‍‌‍‍‌‍‍‌‍‌‍‍‍‍‍‌‍‌‍‍‌‍‍‍‍‍‌‍‌‌‌‍‌‍‌‍‌‍‍‌‍‌‍‍‌‌‍‍‍‌‌‍‌‍‌‍‍‍‍‍‌‌‍‌‍‍‌‍‌‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‌‍‌‍‌‍‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‍‌‍‌‌‌‍‍‌‌‍‌‌‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‍‌‍‍‌‍‌‌‌‌‍‍‌‌‍‌‍‌‍‌‍‍‌‍‌‍‍‌‌‌‍‌‌‌‍‌‍‌‌‍‌‍‍‌‌‍‌‌‍‌‍‍‌‍‌‍‌‌‍‌‌‍‍‌‍‍‍‍‌‌‍‍‍‌‍‌‌‌‍‌‌‍‍‍‌‌‍‍‍‌‍‌‌‌‌‍‌‍‍‍‌‌‍‌‌‍‍‌‌‌‍‌‌‌‍‌‌‍‍‍‌‍‍‌‌‍‍‌‌‍‍‍‌‌‍‌‍‌‍‌‍‍‌‍‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‍‍‍‍‌‍‌‍‌‍‌‍‌‌‌‍‌‌‍‍‌‍‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‍‍‍‌‍‌‍‌‌‍‌‍‍‌‌‍‌‌‌‌‍‌‍‌‌‍‌‍‍‍‌‌‍‍‍‌‍‌‍‌‌‍‍‌‍‌‌‌‍‌‌‌‍‌‍‌‌‍‌‍‍‌‌‍‍‌‍‌‍‌‌‌‌‍‌‍‍‌‍‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‌‌‍‍‌‍‌‌‍‌‌‍‍‍‍‌‌‍‍‍‍‍‌‌‌‍‍‍‌‍‌‌‌‌‍‌‍‍‌‍‍‍‍‍‌‍‌‍‍‍‌‌‌‍‌‍‍‌‌‍‍‍‌‌‍‍‍‍‌‍‍‌‌‍‍‍‍‍‍‌‌‍‍‌‍‍‌‌‌‍‍‍‌‍‌‌‍‍‌‌‍‍‍‍‍‌‍‌‍‍‌‌‌‍‍‍‌‍‌‍‍‌‍‍‌‍‌‍‌‌‍‌‍‍‌‌‍‌‌‍‌‍‌‌‍‍‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‍‌‍‍‌‍‍‍‍‌‌‌‍‌‍‍‍‌‍‌‍‍‌‍‍‌‍‍‌‌‌‌‍‍‌‌‌‍‍‍‍‌‌‍‌‍‍‌‍‌‍‌‍‍‌‌‍‌‌‍‍‌‌‌‍‌‌‍‌‍‌‌‍‌‌‌‍‌‍‌‍‌‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‌‌‍‌‌‍‌‍‌‌‍‌‍‍‍‍‌‌‌‍‍‍‌‍‌‌‌‍‌‍‌‍‌‌‍‍‍‌‌‍‌‍‌‍‍‍‍‍‍‌‌‍‌‍‌‍‌‍‍‌‌‍‌‍‌‌‍‌‌‍‍‍‍‌‌‍‌‍‌‍‌‌‌‍‌‍‌‍‌‌‍‍‌‍‍‍‌‌‍‌‌‌‌‍‌‍‍‍‌‍‍‍‌‍‍‍‍‌‌‍‍‌‌‌‍‍‍‍‌‍‌‍‌‌‍‍‌‍‌‍‍‌‌‍‌‌‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‍‌‍‌‌‍‌‌‍‍‍‌‍‍‌‍‌‍‍‌‍‍‌‍‌‍‍‌‌‍‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‌‍‍‍‍‍‌‍‌‍‌‍‍‌‍‍‍‌‌‍‍‍‍‍‌‍‍‌‍‌‌‍‌‌‍‍‌‌‌‍‌‍‍‍‍‍‌‍‌‌‍‌‍‌‍‍‌‍‍‌‌‍‍‍‌‌‌‍‍‌‍‍‍‌‍‌‌‌‌‍‌‍‍‌‌‌‍‍‍‌‌‍‍‌‍‍‌‌‍‌‍‍‌‍‍‌‌‍‍‍‌‍‌‍‍‌‌‍‍‍‌‍‌‍‍‍‍‍‌‌‌‍‌‌‍‍‌‌‍‌‌‌‌‍‍‍‍‌‍‌‍‍‌‌‌‍‍‍‍‍‌‍‍‌‌‌‍‍‌‍‌‍‍‌‌‍‌‌‌‌‍‍‍‍‌‌‍‌‍‌‌‍‌‍‍‌‍‌‍‍‌‍‍‌‌‍‍‍‌‍‌‌‍‌‍‍‌‍‍‌‍‍‌‍‌‌‍‍‍‌‍‍‌‍‍‌‍‍‍‍‌‍‌‌‍‍‌‍‌‍‍‍‍‌‍‍‌‌‍‌‍‍‍‍‍‌‌‌‍‍‍‍‌‌‍‌‍‍‌‍‌‍‍‌‍‌‌‍‌‌‍‌‌‌‌‍‌‍‍‌‌‌‍‍‌‍‍‍‍‌‌‍‍‌‌‍‌‍‍‍‌‌‌‍‍‌‍‍‍‌‍‌‌‌‌‍‍‌‍‌‌‌‌‍‌‍‍‍‍‍‌‍‍‌‌‌‍‍‌‍‌‍‍‍‌‍‌‍‌‌‌‌‍‍‍‍‍‌‌‍‌‌‌‍‌‍‍‍‌‍‌‍‌‌‍‍‍‍‌‍‌‍‍‌‍‌‍‍‌‍‍‍‌‌‌‍‍‌‍‌‍‌‌‍‌‌‍‍‍‌‍‍‌‌‌‌‍‍‌‍‌‍‍‌‌‍‍‍‌‍‍‌‌‍‌‍‌‌‌‌‍‍‌‍‌‍‍‍‍‌‍‍‌‍‍‍‍‍‌‍‍‌‌‌‍‍‌‍‌‍‍‌‌‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‍‌‍‍‌‍‍‌‍‌‌‍‌‍‌‍‍‌‌‍‍‌‌‌‍‍‍‍‌‌‌‍‌‌‌‍‍‌‌‌‍‍‍‍‌‌‌‍‍‌‌‍‍‌‍‌‌‌‌‍‌‌‍‍‌‌‌‍‌‍‍‍‍‌‍‍‍‌‍‌‌‌‌‍‌‍‍‍‍‌‍‍‌‌‌‍‍‍‍‍‌‍‍‍‌‌‍‍‌‍‍‍‍‌‍‍‌‍‌‍‍‌‌‍‌‍‌‍‍‍‍‍‌‌‌‍‍‍‌‍‌‌‍‍‍‌‌‍‍‌‌‍‍‌‍‍‍‍‍‌‍‌‍‍‌‍‍‌‍‍‍‍‌‍‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‌‍‍‌‍‍‌‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‍‌‍‌‌‍‌‍‍‌‍‌‍‍‌‌‌‍‍‍‌‌‍‍‌‍‍‌‍‍‌‍‌‌‍‌‌‍‌‍‌‌‍‌‍‍‍‍‍‌‍‌‍‍‍‌‍‍‍‌‌‍‌‍‌‌‍‌‍‌‌‍‍‍‍‌‍‍‌‍‍‌‍‌‍‍‍‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‍‌‌‌‌‍‌‍‍‌‌‌‌‍‌ I give up. Save me the +1 for another day.

Spooksvile Cat • January 25, 2018 8:21 AM

@ Wael, Ratio

The hundred latest comments are, still singling out some of your comments…

Wael • January 25, 2018 8:59 AM

@Spooksvile Cat,

The hundred latest comments are, still singling out some of your comments…

It’s because they include non-printing encoded messages. Do the following:

curl -o scan.txt https://www.schneier.com/blog/archives/2018/01/yet_another_fbi.html#c6768911
open scan.txt and look at the encoded, hidden information.
Try to decode / decipher what @Ratio and I are talking about.

Some parts will be easy, and other parts will not be so easy. Use vi for this one, as I encoded it using the hex value of these special characters. Follow the discussion that starts with cutsie poetry and continues on this thread for more information and some shared perl scripts that may help. I believe it’s a fun exercise to go through, if you care for that sort of thing…

Spooksvile Cat • January 25, 2018 9:41 AM

@ Wael,

It’s because they include non-printing encoded messages

I know that… I thought “cat” in the name and the other hints in my first post above “Would have got the message across”[1]

The implicit question now explicitly stated is “What are you going to do to hide it?”

It’s not stego or covert if it’s that easy to spot 😉

Do I need to drop hints with a lead weight again?

[1] As once said befor “Hark what light through yonder window breaks…” to which you once replied with another quote.

Spooksvile cat • January 25, 2018 9:47 AM

@ Wael,

Tell you what I’ll give you a freeby if that’s all white with you,

Think space not noise first.

Wael • January 25, 2018 10:01 AM

@Spooksvile cat,

Do I need to drop hints with a lead weight again?

I really need to disappear for a bit. Have some work to finish and may take me through the weekend. I’ll relook at this at the next open time slot. Getting more interesting…

Changing handle names is equivalent to changing context, ya know? Engage someone else in my absence…

Ratio • January 25, 2018 7:00 PM

@Wael,

You might need your regular glasses for this one.

Are you into pointillism now? I can clearly see there are 303 dots on the left and 544 dots on the right. On the left you’ve got 3 items, and I can make out all the details. On the right I see… squinting … something fuzzy??

I get the left side of this here artwork, though it’s not clear to me why you included the leftmost of the three items. I mean, it doesn’t seem to, you know, achieve anything. (I’m not one of those really artsy folks, so I may be missing the subtle nuances of the craft.) The right half of your masterpiece looks intriguing, but I don’t really understand it yet. Knowing you, next you’ll be telling me to discover world-class literature in your beautiful painting… 😉

I give up. Save me the +1 for another day.

Should I reveal the answer? (If not, another hint: wordplay.) I’ll think of a new challenge.

Wael • January 27, 2018 10:07 AM

@Ratio,

On the right I see… *squinting* … something fuzzy??

The painting is a path starting from left to right (so it’s not in a Semetic language: Akkadian, Arabic, Aramaic, Hebrew,… ) The left half is essential to understandng the right half. That’s how you develop an appreciation for the full picture.

Should I reveal the answer

Yes, please.

@Spooksvile cat[s],

Think space not noise first.

The purpose wasn’t to “hide” the existance of the message (definition of Steganography. ) Rather, it was some demonstration of what could be done with these special characters. I choose something simple and fun, I think. I could have done something more, but I thought it would be dangerous, such as encoding an executable or an image — which can be repurposed as a vector for embedding malicious payloads in texts. I don’t want to elaborate too much on that, but rest assured that some researcher, as you well know, will write some paper about this in the future.

I do understand “the space not noise,” no hint needed — leaded or otherwise. If I intended for the message to be hidden, only the recipient would see it, and I would not have alerted everyone else to it’s existence (self-defeating Stego.) Think of this as the demo version!

Ratio • January 27, 2018 11:30 AM

@Wael,

The left half is essential to understandng the right half. That’s how you develop an appreciation for the full picture.

I hestitate to suggest this, but wouldn’t your masterpiece have looked even better without the first third of the left half? Is it not superfluous, oh Great Artist? 😉

The answer is: al-Kindi. (One of those Kindah people, like Imru’ al-Qais.)

Wael • January 27, 2018 12:40 PM

@Ratio,

The answer is: al-Kindi. (One of those Kindah people, like Imru’ al-Qais.)

Very very clever, but I would not have guessed it in a thousand years. Imrue’ al-Qais is something else, man! Don’t start with me. His poetry was part of the Mu’allaqat, as you very well know… As for: here is a poem for you read by a child, the story is cute — actually three stories in one! One of them is funny, I think.

I hestitate to suggest this, but wouldn’t your masterpiece have looked even better without the first third of the left half?

Yes, yes. But it’s a “demo” version. Next ones will not have redundant “information”.

Is it not superfluous, oh Great Artist? 😉

It is. Good critique. Noted for future reference. You just made it harder on yourself.

Wael • January 27, 2018 9:21 PM

@Spooksvile cat[s],

Can you decipher this? The solution is a number.

Ratio • January 28, 2018 8:06 AM

@Wael,

Very very clever, but I would not have guessed it in a thousand years.

I can’t remember exactly why I thought of al-Kindi when you were dissing the one and only BSPMBS, but I couldn’t resist the wordplay. 😉

[…] it’s a “demo” version

OK, sure. It occurred to me there may be other improvements, but I haven’t had time to play with them to see if / how well they work in practice.

Wael • January 28, 2018 8:26 AM

@Ratio,

It occurred to me there may be other improvements,

I hear ya! Go for for it! You know, I was thinking of a browser extension that does that. Click a button to hide text before submitting, or click it to reveal the text. Could also choose the encoding scheme: Morse Code, Shared Secret encryption / decryption, or even compression… Maybe one of these days… You could also use that for signatures without obstructing the viewable text. One can click the “verify signature” button, and magic will happen in za background. Many ideas…

The ‘broblem’ is, as usual, key management and exchange.

Wael • January 28, 2018 8:37 AM

@Ratio,

can’t remember exactly why I thought of al-Kindi

Like I said: it was clever word play, perhaps too clever. You could have given me better hints, especially after you misdirected my thought process with the band you posted. You rigged this puzzle, maybe inadvertently, just like I rigged mine by forgetting the last delimiter ‘, Chief’ in a previous one. We’re even.

A good hint might have been: Mu’ alaqat or something of the sort.

Wael • January 28, 2018 8:43 AM

@Ratio,

Speaking of key exchange: do you think this would work? We can do that “in the background”, ya know!

It needs a second pair of eyes to verify. Any opinions on the protocol and where it could be “enhanced”? I believe we’re in a position to apply the next fortification 😉

Would perfect secrecy work on such communication media — perfect or otherwise? tick-tock 🙂

Wael • January 28, 2018 8:45 AM

@Ratio,

Would perfect secrecy work on such communication media — perfect or otherwise?

Meant to say: Is Forward Secrecy achievable — Perfect or otherwise.

Wael • January 28, 2018 9:13 AM

@Spooksvile cat[s],

You can’t decipher it, can you? Of course not! There could be many solutions. You should head you’re own advice “think spaces not noise”, if that’s all white with you 😉 Ephemeral handle, eh. Melikes it.

Hint: spaces after odd words are 0, and spaces after even words are 1. Or vice versa. Spaces aren’t really necessary here, as odd words could be interpreted as one and even words could be interpreted as 0, or vice versa.

Not a very efficient encoding scheme and there is room for a lot of improvement. The result is text that’s completely benign that hides other meanings within it. Gives a whole different meaning to the expression: read between the lines… How we agree on the encoding scheme is the problem.

@Ratio,

Want to move to ECC, next, followed by ECDH?

Spooksvile cat • January 28, 2018 5:16 PM

@ Wael,

You can’t decipher it, can you?

Yes and no. I’ve not looked at it yet because I’ve been suffering heart/breathing probs and am thus away from an Intetnet connected computer with the required tools. Not that I could summon the energy to use it anyway. Due to lack of oxygen –even with a face mask– I’m sleeping most of the time from the exhaustion of doing simple things like getting up to go use the facilities, or just having a cough…

Nice to see you caught the “Barry …..” theme, +1 to you.

Ephemeral handle, eh. Melikes it.

Chosen to hounour BSPMBS in the first part, and a *nix utility or use in the second part.

After all “Spooksvile curlers” would sound like either an ice sports team, or hair dressers, which just does not sound cool (oders or trers sounds even worse 😉

Hint: spaces after odd words are 0, and spaces after even words are 1. Or vice versa.

I could joke about “Bringing up the Bacon” over that for it is the father of empiricism that came up with that sort of binary cipher / stego system back in 1605[0].

As you note,

Not a very efficient encoding scheme and there is room for a lot of improvement. The result is text that’s completely benign that hides other meanings within it. Gives a whole different meaning to the expression: read between the lines…

Which brings us to the real meat of the problem,

How we agree on the encoding scheme is the problem.

But also drags in the KeyMan issue as well.

I’m assuming it’s to be used as a “hand cipher”[1] thus taking the “security end point” out and beyond that of the “communications end point”. Thus making it a significant problem for any level of attacker, as they have to not just target but come out of the woodwork in ways that will give them away to a keen eyed opserver.

Thus the choice of the system has to be made on the strength of security it offers when communicated (not end point issues).

The strongest hand cipher when used properly is the One Time Pad. As you know it’s strength is not in making a message undiscoverable but equiprobable with all other messages of the same length. Which means that to get “undiscoverable” properties you need to “flaten the statistics” first especially with short messages which may require padding as well. There are two ways to flatten the statistics, compression or encryption (preferably both). Thus the OTP gets used as “super encryption” to a weaker hand cipher.

The OTP has other “practical” issues which is possibly why the likes of the VIC[2] cipher system decided to use just compression via a straddling checkerboard and a stream generator based on a simple Lagged Fibonacci generator[3].

The stream generator got around another failing of the OTP of having to carry the key-text with you that if seen was a dead give away. The “seed” or “key” for the generator was taken from commercial books, which were very much less suspicious. Which in a way is a poor “book code”. All be it much weaker security wise than the OTP it was not broken whilst it was in use (unlike the use of the OTP by Russia as described in project VENONA).

So yes there are a number of ways to go in what is a private low use hand crypto system, that are do’able by hand but they have to be agreed via a private channel first. The setting up and use of which has been and probably will remain for some time a “turtles all the way down” problem.

There is however a more modern twist, which is the use of “broken tablets”. It has been discussed on this blog before that some tablets such as realy cheap Android based systems can have the likes of an interpreted language added (there are BASIC, Python and Forth interpreters for Android out there) some of which have useful crypto libraries. Thus it is possible to memorise a simple crypto program you can type in by hand from memory without needing to save it. Likewise there are packages that make the likes of “Busybox”[4] available in numerous forms so even an old laptop can boot it off of a floppy disk and use the shell to script up a program using the *nix CLI utilities. The important point discussed in the past about tablets etc is “emasculating their wireless communications”. That is killing the WiFi etc just leaving the USB port to transfer data, in effect strengthaning their security, so they can be used as a seperate security end point devices.

Such a system opens up all sorts of possibilities without the user having to put any suspicious bespoke crypto programs in more permanent storage.

[0] https://en.m.wikipedia.org/wiki/Bacon%27s_cipher

[1] http://www.quadibloc.com/crypto/ppen01.htm

[2] https://en.m.wikipedia.org/wiki/VIC_cipher

[3] [3] Due to a private communication to Donald Knuth, he published details in The Art of computer programing Vol 2 of the 1958 work of G.J.Mitchell and D.P.Moore which is a much better additive generator than that used in the VIC cipher. In effect it uses the ideas behind the Linear Feedback Shift Register (LFSR). Rather than XORing bits it adds binary words (the LSB brhaviour of a binnary adder is the equivalent of an XOR, the rest of each word in effect acts as an integrator or digital low pass filter). The later additions of Vol2 have further work on the basic Mitchell-Moore generator using SUB and MUL, and you can further augment them by switching between the various basic maths and XOR operators whilst the generator is running.

[4] https://en.m.wikipedia.org/wiki/BusyBox

Wael • January 28, 2018 6:19 PM

@Spooksvile cat,

Due to lack of oxygen –even with a face mask…

Not what I wanted to hear. Get well, hopefully that’s a temporary setback, right? When you feel better, we’ll smoke a cigar together. Deal? We’ll invite the stoner, too. He’s into this kind of thing.

Chosen to hounour BSPMBS in the first part, and a *nix utility or use in the second part.

He’s a made-man becuase of the Sicilian village you visited once upon a crime. Didn’t you “waterboard” him at birth?

for it is the father of empiricism that came up with that sort of binary cipher / stego system back in 1605

But his system is different! It’s not really Steganography because the message, to the uninitiated observer, is not ‘readable’ and is clearly hiding some meaning. This is opposed to the one I used in which the message looks very normal — nothing special about it.

I’m assuming it’s to be used as a “hand cipher”

Yea, hand-cipher is doable but kinda tedious and error-prone. Probably spies still use it, I am not sure.

[…] compression or encryption (preferably both).

Agreed, but good encryption algorithms produce ciphertext that’s close to random, thereby compression wouldn’t compress it by much — at least the current compression mechanisms. In the past I spoke of another method that’s capable of random input compression, and I got some slack for it from @Mark_H (but I payed him back.) Speaking of that, I haven’t heard from Andrew, my friend, in over a year. Don’t know what happened to him 🙁

but they have to be agreed via a private channel first.

Well, we don’t have private channels here – at least wodespread ones.

Busybox…

I’ve used busybox many times, especially in bringing up mobile phones. Useful tool.

In effect it uses the ideas behind the Linear Feedback Shift Register (LFSR)

Used today for generating pseudo random numbers… I have to read up more on the VIC Cipher (I don’t recall reading about it.)

Bong-Smoking Primitive Monkey-Brained Spook • January 28, 2018 9:54 PM

@Spooksvile cat,

Chosen to hounour BSPMBS in the first part, and a *nix utility or use in the second part.

You’re a scholar and a gentleman. Get well soon.

Wael • January 28, 2018 11:07 PM

@Spooksvile cat,

[…] an Intetnet connected computer with the required tools.

You could do it in your head, I beleive. Here is the answer[1]:

Can you decipher this? The solution is a number.

Choosing odd → 1; even → 0
Punctuation marks count too.

Can¹ you¹ decipher⁰ this?¹ The¹ solution⁰ is⁰ a¹ number.¹

Solution: 110110011; 435 decimal or 0x1B3

The text looks completely normal. It can be made to pass any “keyword sniffer” 😉 This sort of encoding, in it’s current crude form, isn’t efficient for large data exchange. Such a scheme is suitable for exchanging keys (with a level of finesse, of course.)

[1] Other solutions are possible becuase there was no agreed upon method of decoding the message.

Wael • January 28, 2018 11:28 PM

@Spooksvile cat,,

And the level of finesse could utilize any of the key exchange protocols. The difference being it’s done with clear text messages that don’t tell what’s going on behind the scenes.

Following along, @Ratio? No microscope or X-Ray vision contact lenses required here 😉

That’s all I have to say about that. — Forest, Forest Gump.

Wael • January 29, 2018 7:25 PM

@Spooksvile Cat,

[…] to which you once replied with another quote.

The reply was:

“What doth gravity out of his bed at midnight? -King Henry IV. Part I. Act ii.
Sc. 4.”

Meaning: light overcomes gravity, and you need to get healthy and out of bed soon, my friend! Cooking Cornish Hens stuffed with Freek… Have you tried that yet?

Ratio • January 29, 2018 7:28 PM

@Wael,

You could have given me better hints, especially after you misdirected my thought process with the band you posted.

Delicate business, these riddles.

You know, I was thinking of a browser extension that does that. Click a button to hide text before submitting, or click it to reveal the text. Could also choose the encoding scheme: Morse Code, Shared Secret encryption / decryption, or even compression…

I was thinking mostly about how you could cram more “invisible” information into a random piece of text. Or do it more efficiently: we’re at over five, six bytes per bit. Your latest encoding blows that up even more.

(Note to self: look at links on key exchange, fortification, ECC, ECDH.)

Wael • January 29, 2018 7:34 PM

@Ratio,

I was thinking mostly about how you could cram more “invisible”

Many ways – there is a limit we can’t break. Has to do with Claude Shannon and information theory, though. Bummer 😉

The problem with “invisible” things is they can be made visible or disabled. But I am all ears… Better start flapping your crypto-lips 🙂

Wael • January 29, 2018 8:03 PM

@Ratio,

Delicate business, these riddles.

You have an extraordinary ability in connecting things. I noticed that the first time you said something about ‘two shots to the head.’ And my prediction was:

[…] expect trouble now

or something like that. My prediction was true. I wonder how much more trouble it will be! Your writing style still reminds me of someone. I do have an ability in pattern recognition too, although I do suffer from some false positives.

we’re at over five, six bytes per bit.

Yes! Because we’re representing a bit with three bytes: {0xE2, 0X80, 0X8D} → 1 and {0xE2, 0X80, 0X8C} → 0 or vice-versa. You can make it more efficient, but you’d loose “invisibility”.[1]

Your latest encoding blows that up even more.

An acceptable price to pay for refreshing a key. And if that key is used indirectly, it could be a long-lived key, too. Think of it as a one-time hit (no offense, @BSPMBS.)

[1] I’m not ruling out the existence of more efficient encoding schemes… go for it.

pup socket • January 30, 2018 5:30 AM

@Wael: it was me who said that !!i was one way. Tell the stoner I said “high”. 😉

Wael • January 30, 2018 6:20 AM

@pup socket,

Of course. Now cool it down before Hamlet tears us a new one 😉 Will deliver your message to his highness, but I saw him here recently… Maybe he’ll see that without assistance.

Clive Robinson • January 30, 2018 8:12 AM

@ Wael,

Still in “the pit” as it were but not the barbeque pit 😉 as the old saying goes “When a man’s got to do for what a man’s got to chew”

Cooking Cornish Hens stuffed with Freek… Have you tried that yet?

Whilst I know wht Freek is, getting hold of it localy has not happened and the process has left me a little green or more correctly cynosed 🙁

As for “Cornish Hens” I’m not keen on them, as they are “one meal broilers” slaughtered at only five weeks at most and are breast heavy. I prefer older birds that have more flavour that have a more even layer of meat on the carcass especially in the legs. In part because I’m not that keen on breast meat as it drys out quickly even in free range organics. So you end up using lots of mayo in sarnies etc with the left overs.

When I’m out of my “endless sleep” mode I’ll track down some Freek and try stuffing and slow cooking some large thighs to try it out.

Have you tried a lemon grass, mint and twice boiled rice stuffing? If you cannot get lemon grass easily then you can use the zest and juice of ordinary lemons but add a little lime juice as well.

Mind you there are quite a lot of dried dates and apricots around at the moment. I guess you’ve tried tagine cooked chicken at some point 😉 I sautee three medium onions and add some galic and harisa (or if you don’t like the heat smoked paprika[1], ginger, corriand seeds and mint). Add the overnight soaked dates and apricots along with cooked rice, chicken or lamb and just let it cook real real slow for several hours…

[1] I find the use of smoked paprika or pepers to be essential to tagine cooking, to get the right taste. They used to be used in the old brick wood fired bread ovens to use up the residual heat, thus they impartetd a smoked flavour to the food.

[2] Oh for those who buy a brick oven for their garden, for your own sake do not use pine or similar softwoods, because you will regret the taste it imparts.

Wael • January 30, 2018 8:37 AM

@Clive Robinson,

Still in “the pit” as it were but not the barbeque pit 😉

Get out of the pit!

As for “Cornish Hens” I’m not keen on them, as they are “one meal broilers”

I’m not either, but variety is ok once in a while.

When I’m out of my “endless sleep” mode I’ll track down some Freek and try stuffing and slow cooking some large thighs to try it out.

Let me know so I share my recepie…

Have you tried a lemon grass, mint and twice boiled rice stuffing?

Nope! I can get lemon grass here.

I guess you’ve tried tagine cooked chicken at some point 😉

I cannot confirm or deny that! Tagine, Pizza! Are you kidding? I need to be careful, dawg!

Bong-Smoking Primitive Monkey-Brained Spook • January 30, 2018 9:15 AM

@ Clive Robinson:

not the barbeque pit 😉

Don’t say that again. You have a long way before you visit the crematory.

Have you tried a lemon grass

and …

Maybe he needs to get out and just smell the grass instead?

I need no education on grass. I happen to be a subject matter domain expert. I could give you a tutorial.

@ pup socket:

Tell the stoner I said “high”. 😉

Salutations, and wipe that smirk off yer face ;P

Hey Chic get your Freek in • August 25, 2018 6:01 AM

@ Wael,

Seeing as you brought it up again indirectly… Speaking of Hamlet means brushing up things.

@ BSPMBS,

Your subject matter speciality might be what goes into “Making the White Stuff” But remember the old joke about “The isle of Wight Ferry”?

Well it’s the same old BS.

Bong-Smoking Primitive Monkey-Brained Spook • August 25, 2018 2:29 PM

@Hey Chic get your Freek in:

Your subject matter speciality might be what goes into “Making the White Stuff”

Ummm… Okay

But remember the old joke about “The isle of Wight Ferry”?

Which variant?

Hey Chic... • August 25, 2018 4:31 PM

@ Bong-Smoking Primitive Monkey-Brained Spook,

I think we’ve been @Moderated… I guess the “white-Wight”, “cows-Cowes” spoken word to location code got chopped.

The question is did you get the other code?

But back to your questions the first answer was “milk” the second answer kind of followed on after considerable rumination to become “organic top soil fertilizer” 😉

Oh the Isle of Wight Ferry joke is a spoken one which is “What’s brown steaming and comes backwards out of Cows?”. Cows –actually spelt Cowes– being a town on the north side of the island where there is a ferry to the mainland. Also each year the Royal Yacht Club holds it’s races and other festivities just next to the hovercraft yards there, that sadly are nolonger doing their thing, but did have the worlds largest “Union Flag” painted on it’s doors visable from some considerable distance.

https://www.wikipedia.org/wiki/British_Hovercraft_Corporation

Wael • August 26, 2018 1:39 AM

@Hey Chic get your Freek,

Speaking of Hamlet means brushing up things.

Hamlet is a temporary nick-name assigned to one of the bloggers here 🙂 If you follow the thread you’ll likely guess it.

Wael • August 26, 2018 2:14 PM

@Ratio,

Remind me, when’s the deadline exactly? Your tick-tock doesn’t seem to say. (I got out my own magnifying glass and all.)

+8.7

I was hoping you score the promoissed +10, but 8.7 is an ‘A’! Good job, you got all the steps except for the final ‘formality’ 🙂

Schneier on Security

Comments

Leave a comment Cancel reply