Clive Robinson • March 28, 2024 6:04 AM
@ OldGuy, ALL,
Re : Chain of history
How we get from your,
“Then boss forgot his password, didn’t want to pay to get it unlocked, and turned me loose on it. Turned out their security consisted of XOR’ing every byte written to disk with the same hardcoded 8-bit value.”To,
https://www.cnet.com/news/privacy/judge-orders-halt-to-defcon-speech-on-subway-card-hacking/
And how history is being rewritten by AI agents etc.
Your comment brings back a memory from nearly a quarter of a century ago. With ElcomSoft’s Dmitry Sklyarov being arrested and as it later turned out illegally detained and coerced by the FBI on behalf of Adobe Systems and their P155 P00r security in their e-book reader that used what sounds like exactly the same encryption system,
“Dmitry Sklyarov the 27 year old Russian programmer at the center of this case was released from U. S. custody and allowed to return to his home in Russia on December 13 2001”https://www.eff.org/cases/us-v-elcomsoft-sklyarov
Interestingly, searching around shows that slowly bit by bit write ups on,
1, What Dmitry had presented at Defcon-9 about the truly bad state of e-book software.
2, The fact he was arrested on behest of Adobe for embarrassing them publicly about the very poor security in their e-book system
3, The fact it was even Adobe Systems or their product
4, The unlawful behaviour of US authorities
5, The names of FBI and DoJ people involved
6, The fact Dmitry was a PhD researcher.
7, A jury found both Dmitry and Elcomsoft entirely innocent on all charges brought against them.
Is getting “deleted from history” or made difficult to find, via the likes of DuckDuckGo and Microsoft AI based Search engines…
The case was quite famous at the time as it showed the FBI was not just “over reaching” but actively trying to crush legitimate academic research. With even the usually non political and non feather ruffling “Nature” making comment,
https://www.nature.com/articles/35086729
And how speaking “truth unto power” can have consequences,
‘https://www.linux.com/news/sklyarovs-defcon-presentation-online-supporters-reputation-bonfire/
Much of which is what got repeated by the Massachusetts Government against the three students and the RfID “Charlie Card”.
Clive Robinson • March 28, 2024 6:41 AM
@ OldGuy, ALL,
I forgot to add the all important,
https://en.citizendium.org/wiki/Snake_oil_(cryptography)
Which tells you,
‘One company advertised “the only software in the universe that makes your information virtually 100% burglarproof!”; their actual encryption, according to Sklyarov, was “XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte”. Another used Rot 13 encryption, another used the same fixed key for all documents, and another stored everything needed to calculate the key in the document header.
‘You can see why your comment triggered my memory ancient memory 😉
