dChan
Anonymous ID: f3decb Jan. 19, 2021, 12:48 p.m. No.12610626   🗄️.is 🔗kun

>>12608627 (PB)

rant/

Unless you run it yourself, there is no such thing as a secure VPN. And even then, it's "iffy". TOR was provably broken back when they refused to expand the number of hops to a user selected number or to implement random hops (one time a single hop, 11 milliseconds later 42, the next packet 9 with zero delay at the origination point and so on … both packet timing and the number of hops have to be independently random and draw from a fairly large space). As things stand, the spy agencies have installed sufficient exit nodes as to be numerically certain of eventually getting both ends of the packet through timing attacks … where it must begin and end in the clear … often enough to make it certain that they will eventually be heating up pliers for whoever the target is.

The best course of action has always been … and will always be … to either choose your words with extreme care, use a one time pad of normal-sounding code phrases or not to speak at all. If you use a OTP but it still sounds to AI like code (why is an egg farmer talking about Egyptian architecture to a hooker 3,000 miles away?), you still flag your comms for closer scrutiny.

I use long format passwords carefully chosen from provably random seeds and then jumbled up using other provably random seeds until I arrived at something that wasn't a word, but was pronounceable as an aid to memory. Computationally, they probably aren't brute-force breakable within my lifetime by even an ordinary supercomputer. Quantum computing may have changed that … but I've been getting older, too. It's a race and I am in a good position to win. But, put a crying and fearful grandchild on the phone and they will become clear-text just as fast as I can write them down.

 

If you are a high enough value target, there IS NO SECURITY via ANY electronic means of communication.

 

I tried to get everyone I could speak with to use encryption in their e-mails way back when PGP/GPG was new. Decryption of an unknown cipher is computationally intensive and - much - harder than encryption. IF we had adopted it en masse, we could now be overwhelming the listeners and even the NSA would find the problem insurmountable. But I was able to convince NO ONE … they all thought that the initial, cook book / 15 minutes for the slow ones in the back, setup in Thunderbird was too hard. Basically, no one adopted because no one adopted.

And here we are, NEEDING to disappear in a sea of encryption, but not having that sea to surround us.

All of you fuckers who use a password found in ANY dictionary, even "leetspeak" or Klingon or Papiamento (spoken on one island in the world by only a few thousand people … but for which a dictionary exists), or who trust strangers with your secrets via VPNs or "secure e-mail" should know that you might as well skip the password entirely … in only keeps your cousin from viewing your porn until s/he boots your computer from a USB key.

/rant