End-to-end encryption for things that matter.
Keybase is secure messaging and file-sharing.

When the FBI urges E2EE, you know it's serious business. //

In the wake of the Salt Typhoon hacks, which lawmakers and privacy advocates alike have called the worst telecoms breach in America's history, the US government agencies have reversed course on encryption.

After decades of advocating against using this type of secure messaging, "encryption is your friend," Jeff Greene, CISA's executive assistant director for cybersecurity, told journalists last month at a press briefing with a senior FBI official, who also advised us to use "responsibly managed encryption" for phone calls and text messages.

In December, CISA published formal guidance [PDF] on how to keep Chinese government spies off mobile devices, and "strongly urged" politicians and senior government officials — these are "highly targeted" individuals that are "likely to possess information of interest to these threat actors" — to ditch regular phone calls and messaging apps and instead use only end-to-end encrypted communications.

It's a major about-face from the feds, which have historically demanded law enforcement needs a backdoor to access people's communications — but only for crime-fighting and terrorism-preventing purposes.

"We know that bad guys can walk through the same doors that are supposedly built for the good guys," Virtru CEO and co-founder John Ackerly told The Register. "It's one thing to tap hardline wires or voice communication. It's yet another to open up the spigot to all digital communication." //

Pete 2Silver badge
Who's who?

"We know that bad guys can walk through the same doors that are supposedly built for the good guys,"

Although which are the good / bad guys is increasingly difficult to determine. //

Aleph0
Reply Icon
Re: Who's who?
The Patrician to Captain Vimes, in Guards! Guards!: "I believe you find life such a problem because you think there are the good people and the bad people," said the man. "You're wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides.". //

Al fazed
Reply Icon
WTF?
Re: I bet . . .
and the only people interested in spying on you are good people, who have your best interests at heart.

A few of us don't believe this bullsh*t, even here in the UK.

ALF. //

Caffeinated Sponge
Reply Icon
Re: I bet . . .
The last I heard, British Conservatives were still all over the idea that 'only people with something to hide should want encryption'.

Of course, as with the Sir Pterry quote above, whilst this is actually true it is built around the easy to sell misconception that the only people with anything to hide are bad people.

Ente Auth
Open source 2FA authenticator, with end-to-end encrypted backups

Secure Backups
Auth provides end-to-end encrypted cloud backups so you don't have to worry about losing your tokens. Our cryptography has been externally audited.

Cross platform sync
Auth has an app for every platform. Mobile, desktop and web. Your codes sync across all your devices, end-to-end encrypted.

Let’s go through the entire Tailscale system from bottom to top, the same way we built it (but skipping some zigzags we took along the way). With this information, you should be able to build your own Tailscale replacement… except you don’t have to, since our node software is open source and we have a flexible free plan.

What was missed in almost all the reports covering Salt Typhoon was the FBI’s precise warning. “Responsibly managed” encryption is a game-changer. None of the messaging platforms which cyber experts and the media urged SMS/RCS users to switch to are “responsibly managed” under this definition.

The FBI has now expanded on its warning last week, telling me that “law enforcement supports strong, responsibly managed encryption. This encryption should be designed to protect people’s privacy and also managed so U.S. tech companies can provide readable content in response to a lawful court order.”. //

There are just three providers of end-to-end encrypted messaging that matter. Apple, Google and Meta—albeit Signal provides a smaller platform favored by security experts. These are the “U.S. tech companies” the FBI says should change platforms and policy to “provide readable content in response to a lawful court order.”

This doesn’t mean giving the FBI or other agencies a direct line into content, it means Meta, Apple and Google should have the means, the keys to provide content when warranted to do so by a court. Right now they cannot, Police chiefs and other agencies describe this situation as “going dark” and they want it to change. //

This is a dilemma. Apple, Google and Meta all make a virtue of their own lack of access to user content. Apple, by way of example, assures that “end-to-end encrypted data can be decrypted only on your trusted devices where you're signed in to your Apple Account. No one else can access your end-to-end encrypted data—not even Apple—and this data remains secure even in the case of a data breach in the cloud.” //

The argument against “responsible encryption” is very simple. Content is either secure or it’s not. “A backdoor for anybody is a backdoor for everybody.” If someone else has a key to your content, regardless of the policies protecting its use, then your content is exposed and at risk. That’s why the security community feels so strongly about this—it’s seen as black and white, as binary. ///

Oh the irony! The Chinese are exploiting the very backdoor that the FBI insisted that phone companies had to install, and the FBI is doubling down on having a backdoor into encrypted communication.

A US government security official urged Americans to use encrypted messaging as major telecom companies struggle to evict Chinese hackers from their networks. The attack has been attributed to a Chinese hacking group called Salt Typhoon.

There have been reports since early October that Chinese government hackers penetrated the networks of telecoms and may have gained access to systems used for court-authorized wiretaps of communications networks. Impacted telcos reportedly include Verizon, AT&T, T-Mobile, and Lumen (also known as CenturyLink).

T-Mobile has said its own network wasn't hacked but that it severed a connection it had to a different provider whose network was hacked. Lumen has said it has no evidence that customer data on its network was accessed. //

Despite recognizing the security benefits of encryption, US officials have for many years sought backdoors that would give the government access to encrypted communications. Supporters of end-to-end encryption have pointed out that backdoors can also be used by criminal hackers and other nation-states.

"For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys," cryptographer Bruce Schneier wrote after the Chinese hacking of telecom networks was reported in October.

Noting the apparent hacking of systems for court-ordered wiretap requests, Schneier called it "one more example of a backdoor access mechanism being targeted by the 'wrong' eavesdroppers." //

These telecommunications companies are responsible for their lax cybersecurity and their failure to secure their own systems, but the government shares much of the blame," US Sen. Ron Wyden (D-Ore.) wrote in an October 11 letter to the FCC and Justice Department. "The surveillance systems reportedly hacked were mandated by federal law, through the Communications Assistance for Law Enforcement Act (CALEA). CALEA, which was enacted in 1994 at the urging of the Federal Bureau of Investigations (FBI), forced phone companies to install wiretapping technology into then-emerging digital phone networks. In 2006, acting on a request from the FBI, the Federal Communications Commission (FCC) expanded this backdoor mandate to broadband Internet companies."

The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.”

No, it’s not true.

This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was taken widely out of proportion.

Cryptography is safe, and will be for a long time

At the start of WWII, the US armed forces used various means for enciphering their confidential traffic. At the lowest level were hand ciphers. Above that were the M-94 and M-138 strip ciphers and at the top level a small number of highly advanced SIGABA cipher machines.

The Americans used the strip ciphers extensively however these were not only vulnerable to cryptanalysis but also difficult to use. Obviously a more modern and efficient means of enciphering was needed.

At that time Swedish inventor Boris Hagelin was trying to sell his cipher machines to foreign governments. He had already sold versions of his C-36, C-38 and B-211 cipher machines to European countries. He had also visited the United States in 1937 and 1939 in order to promote his C-36 machine and the electric C-38 with a keyboard called BC-38 but he was not successful (1). The Hagelin C-36 had 5 pin-wheels and the lugs on the drum were fixed in place. Hagelin modified the device by adding another pin-wheel and making the lugs moveable. This new machine was called Hagelin C-38 and it was much more secure compared to its predecessor.

In 1940 he brought to the US two copies of the hand operated C-38 and the Americans ordered 50 machines for evaluation. Once the devices were delivered, they underwent testing by the cryptologists of the Army’s Signal Intelligence Service and after approval it was adopted by the US armed forces for their midlevel traffic. Overall, more than 140.000 M-209’s were built for the US forces by the L.C. Smith and Corona Typewriters Company. (2) //

‘Report of interview with S/Sgt, Communications Section 79 Inf Div, 7th Army’. (dated March 1945) (51):

"The US Army code machine #209 was found to be something that hampered operations. It would take at least half hour to get a message through from the message center by use of this code machine and as a result the codes of particular importance or speed, for instance mortar messages, were sent in the clear."

Also, from the ‘Immediate report No. 126 (Combat Observations)’ - dated 6 May 1945 (52): ‘Information on the tactical situation is radioed or telephoned from the regiments to corps at hourly or more frequent intervals. Each officer observer averages about 30 messages per day.………………The M-209 converter proved too slow, cumbersome and inaccurate for transmission of those reports and was replaced by a simple prearranged message code with excellent results’.

This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, sometimes the world requires a bit of what Brad Delong calls “Intellectual Garbage Pickup,” namely: correcting wrong, or mostly-wrong ideas that spread unchecked across the Internet.

This post is inspired by the recent and concerning news that Telegram’s CEO Pavel Durov has been arrested by French authorities for its failure to sufficiently moderate content. While I don’t know the details, the use of criminal charges to coerce social media companies is a pretty worrying escalation, and I hope there’s more to the story.

But this arrest is not what I want to talk about today.

What I do want to talk about is one specific detail of the reporting. Specifically: the fact that nearly every news report about the arrest refers to Telegram as an “encrypted messaging app.”

This phrasing drives me nuts because in a very limited technical sense it’s not wrong. Yet in every sense that matters, it fundamentally misrepresents what Telegram is and how it works in practice. And this misrepresentation is bad for both journalists and particularly for Telegram’s users, many of whom could be badly hurt as a result.

It’s supposed to make the title transfer a breeze and help Californians avoid those tedious trips to the DMV.

Users will soon be able to claim their digital titles via the DMV’s application, track and manage them without getting to the office, according to an Avalanche blog post. The time to transfer vehicle titles drops to a few minutes using blockchain rails in the backend from two weeks via the traditional process, a DMV spokesperson said in an email. //

However, given the recent spate of Microsoft outages and other hacking reports, I am a bit nervous about digitizing without serious hard copy backups. Given how expensive cars have become and how critical having one is to people’s lives and livelihoods, extreme caution should be used before proceeding.

The unintended consequences of this move could be devastating if there are significant issues with the system.

It is also disturbing to note this move is also part of Governor Gavin Newsom’s plans to even have more control over our lives….under the banner of protections. ///

What about people who don't have smartphones, or computers, or Internet ? What happens when there is actual fraud, how do you unwind that? Do people still get paper backup copies of titles?

Christos T. • June 27, 2024 12:44 AM

@sqall:

In 1947 the US occupation authorities retrieved the files of the German Army’s codebreaking agency, called Inspectorate 7/VI. These had been buried at the end of the war in a camp in Austria.

The list of the documents that were retrieved is available from NARA as TICOM report IF-272 Tab ‘D’:
https://catalog.archives.gov/id/2811501

In page 12 of that report, it says: ‘Technische Erlaeuterung zur maschinellen Bearbeitung von AM 1 Kompromisstextloesungen auf der Texttiefe’.
The translation of that report is TICOM DF-114 ‘GERMAN CRYPTANALYTIC DEVICE FOR SOLUTION OF M-209 TRAFFIC’ and was released by the NSA to NARA in 2011 and copied and uploaded by me to Scribd and Google drive in 2012.

You can find it at NARA: https://catalog.archives.gov/id/23889821

Christos T. • June 26, 2024 12:36 AM

The converter M-209 was the medium level cipher system of the US military in the period 1943-45. The US Army used it at Division level (Division-Regiment-Battalion and even up to Corps) also widely used by the USAAF and US Navy.

The regular solution of the M-209 in the period 1943-45 was an impressive achievement for the German side and also the Japanese had some success from late 1944.

Regarding its cryptosecurity the expert on classical cipher systems George Lasry has stated:
(http://scienceblogs.de/klausis-krypto-kolumne/2018/01/21/top-50-cryptogram-solved/)

‘One comment about the security of the M-209. The claim that the Enigma is more secure than the M- 209 is disputable.

1) The best modern ciphertext-only algorithm for Enigma (Ostward and Weierud, 2017) requires no more than 30 letters. My new algorithm for M-209 requires at least 450 letters (Reeds, Morris, and Ritchie needed 1500). So the M-209 is much better protected against ciphertext-only attacks.

2) The Turing Bombe – the best known-plaintext attack against the Enigma needed no more than 15-20 known plaintext letters. The best known-plaintext attacks against the M-209 require at least 50 known plaintext letters.

3) The Unicity Distance for Enigma is about 28, it is 50 for the M-209.

4) The only aspect in which Enigma is more secure than M-209 is about messages in depth (same key). To break Enigma, you needed a few tens of messages in depth. For M-209, two messages in depth are enough. But with good key management discipline, this weakness can be addressed.

Bottom line – if no two messages are sent in depth (full, or partial depth), then the M-209 is much more secure than Enigma’.

Operation RUBICON THESAURUS
The secret purchase of Crypto AG by BND and CIA

THESAURUS 1 (later: RUBICON), was a secret operation of the German Bundesnachrichtendienst (BND) and the US Central Intelligence Agency (CIA), to purchase the Swiss crypto manufacturer Crypto AG (Hagelin) — codenamed MINERVA — in order to control the company, its algorithms and – indirectly – its customers. From 12 June 1970 2 onwards, Crypto AG was jointly owned by CIA and BND, each with 50% of the shares, and from 30 June 1994 exclusively by the CIA [1]. //

Discover how CIA and BND turned Crypto AG from a simple denial operation into an active measures operation. Learn which roles were played by the Deutsche Treuhand Gesellschaft (KPMG), a Liechtenstein law firm, Siemens, Motorola, NSA and Swedish intelligence. The following story is about — in the words of the CIA — The Intelligence Coup of the Century.

The headquarters of the former Crypto AG in Steinhausen (ZG) produced cipher machines for decades. The German foreign intelligence service BND and the US CIA secretly bought the company in 1970. They caused many states to be supplied with machines with weaker encryption that could be decrypted by the BND and CIA. The successor company Crypto International AG was most recently based there. The Swiss company was at the center of a suspected espionage affair. In the summer of 2020, the company was closed due to a federal export ban. Since then, the company premises have been abandoned, but the last traces are still visible, and in a few years the factory and administration building, built in 1966, is to be demolished; around 200 apartments are planned on the site. With my photo report in spring 2021, I documented the abandoned building and area before it disappeared.

In 2020 however, the German TV station ZDF revealed that since 1970, the company was jointly owned by the German BND and the American CIA, and since 1994 exclusively by the CIA [28]. It means that for many years, Western intelligence services were able to manipulate the algorithms of Crypto AG's products and read the communications of many of its customers. Although the company also sold unreadable 1 equipment, the list of countries that had access to such secure technology became shorter every year. According to the NSA, all encryption should be readable.

➤ For further details on this topic, please refer to our follow-up story Operation RUBICON.

1. In this context, readable means that the cryptographic algorithms could be broken by the NSA. Also known as friendly. In contrast: algorithms that are not breakable by NSA, are called unfriendly or unreadable.

SIGABA was an electromechanical rotor-based cipher machine developed in the late 1930s in the United States (US) as a joint effort of the US Army and US Navy [1]. At the time it was considered a superior cipher machine, intended to keep high-level communications absolutely secure. It was used throughout WWII and was so reliable that it was used well into the 1950s, after which it was replaced by newer machines like AFSAM-7 (KL-7). As far as we know, SIGABA was never broken.

The Turing-Welchman Bombe was an electro-mechanical device used at Bletchley Park and its outstations during World War II to assist in breaking the Enigma cipher used by the German military.

Based on ideas from a device known as a bomba, designed in Poland by Marian Rejewski as early as 1939, the Turing-Welchman Bombe enabled Bletchley Park to find the daily keys of the Engima machine on a regular basis throughout most of the war.

The British Bombe was designed by Alan Turing with important additions by Gordon Welchman. They were built by the British Tabulating Machine Company in Letchworth, Hertfordshire.

Virtual Bombe is a 3d Turing-Welchman Bombe simulation which can run using just your browser. No install is necessary.

Enigma is the brand name of a series of cipher machines developed in Germany between 1923 and 1945.

A number of these machines were used during World War 2 by the German Army, Navy and Air Force, this website has simulations for both the three rotor Enigma I used by the Heer (Army) and Luftwaffe (Air Force) and the four rotor Enigma M4 used by the Kriegsmarine (German Navy).

The Enigma code was cracked and read initially by the Poles in 1932 with Bletchley Park continuing and expanding on this work where they regularly read the German encrypted messages throughout the war.

Virtual Enigma is a 3d Enigma simulation which can run using just your browser. No install is necessary. It was released on Alan Turing's 109th Birthday 23rd June 2021

Virtual Hagelin M-209

A 3D simulation of the Hagelin M-209 cipher machine

In cryptography, the M-209, designated CSP-1500 by the Navy (C-48 by the manufacturer) is a portable, mechanical cipher machine used by the US military primarily in World War II, though it remained in active use through the Korean War.

The M-209 was designed by Swedish cryptographer Boris Hagelin and manufactured by Smith & Corona in Syracuse (New York, USA). It was based on the C-38 which itself was an improvement of an earlier machine, the C-36.

This software is an accurate simulation of the M-209 Cipher Machine, used by the US Military during World War 2. The M-209, the American licensed version of the Hagelin C-38, was a portable hand operated cipher machine for tactical messages. It had the size of a lunchbox and presented a brilliant mechanical design, developed by the Swedish cryptographer Boris Hagelin.

This simulator, fully compatible with the original cipher machine, enables realistic operation with rotating wheels, setting of wheel pins and drum lugs, combined with authentic graphics. The program comes with a very complete helpfile, containing the manual, the enciphering procedures from the US military and all technical details on the machine.