Transcript

The Philosopher:

Megan: “Privacy” is an impractical way to think about data in a digital world so unlike the one in which our soci–

Ponytail: So bored.

The Crypto Nut:

Cueball: My data is safe behind six layers of symmetric and public-key algorithms.

Friend: What data is it?

Cueball: Mostly me emailing with people about cryptography.

The Conspiracist:

Cueball talks to Megan.

Cueball: These leaks are just the tip of the iceberg. There’s a warehouse in Utah where the NSA has the entire iceberg. I don’t know how they got it there.

The Nihilist:

Megan: Joke’s on them, gathering all this data on me as if anything I do means anything.

The Exhibitionist:

Cueball is watching a surveillance console, Officer Ponytail stands behind him.

Console: Mmmm, I sure hope the NSA isn’t watching me bite into these juicy strawberries!! Oops, I dripped some on my shirt! Better take it off. Google, are you there? Google, this lotion feels soooo good.

Cueball: Um.

The Sage:

Beret Guy and Cueball sitting at a table.

Beret Guy: I don’t know or care what data anyone has about me. Data is imaginary. This burrito is real.

The post Internet privacy opinion after the NSA revelations appeared first on GL.IB.LY.

Well I wonder how he would feel after a paper was released this month showing that you can change the logic gates of a microprocessor by changing the doping of transistors. Such changes, the trojan, would not be visible (functionaly or optically) and the underlying circuitry would be unaffected. As Brucie suggests one of the best things to do with this is attack the random number generator (RNG) by lowering the entropy of random numbers. Random numbers underpin modern cryptography and should they become predictable then all security is lost.

Oh so what about that stuff with micro-code? Tbh I don’t know, the more I learned the more dangerous it seemed. Here is an excerpt from another article:

But Intel’s biggest security feature may lie in keeping the technical
details behind its BIOS Update technology a closely guarded secret. “There is
no documentation,” said Frank Binns, an architect in Intel’s
microprocessor group. “It’s not as if you can get an Intel ‘Red Book’
with this stuff written down. It’s actually in the heads of less than 10
people in the whole of Intel.

Interesting,  this thing [levels of encryption within the processor that prevents malicious encrypted microcode updates] is known by a few people at Intel and bunch of people over at the NSA, a fair assumption given current revelations — I wish they’d tell me where I left my coke!

The post Paranoia deepens for security people as hardware trojans cloak appeared first on GL.IB.LY.

Linus’ reply:

Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don’t. Long answer: we use rdrand as one of many inputs into the random pool, and we use it as a way to improve that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random. Really short answer: you’re ignorant.

 

The post Linus Torvalds responds to petition to remove RdRand from /dev/random appeared first on GL.IB.LY.