[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "I Write Mass Surveillance Software"



On Thu, Sep 17, 2009 at 03:58:50PM -0400, Michael Holstein wrote:

> (basically, all the OP on Rededit was saying, was he's the guy that 
> writes the microengine code)  .. the processors themselves aren't 

Not quite -- he explicitly claimed they used custom hardware. Perhaps
using network processor macro cells, but custom design was definitely
involved. 

> capable of realtime brute-force decryption ... but they are the sort of 

There's no such thing, apart from really obsolete cryptosystems. And
even there you can't just fish for content as it was cleartext.

> thing that can look for signatures/keywords/etc in a stream and act upon 
> it at wire-speed.

That is old news.
 
> As for breaking encryption, this would be a task better suited for a 
> large farm of purpose-programmed FPGAs, since I'm not aware of any 
> commercially-produced ASIC that does this (although the NSA does list 
> jobs for "semiconductor fabrication", so I'm sure they're in that game).

I can see large boxes for e.g. offline DES (perhaps even 3DES) cracks, 
but everything else is probably not cost effective (of course, NSA has 
demonstrably been decades ahead of open research in some instances, 
so don't blame me if they waterboard you just because you took this 
at face value).
 
> IIRC the Russians had purpose-built their own ASICs to break DES when it 
> was en-vouge .. I'm sure our side of the pond actively does the same.
> 
> Sneakier mice, better mousetraps.
> Lather, rinse, repeat.
> while().

What I really dread is having to sanitize my entire systems, which
effectively means wiping and bootstrapping my entire infrastructure 
from known good state, establish physical security, secret management
including crypto hardware, system hardening, privilege separation, 
intrusion detection and documentation, periodic review, and the like.

This is seriously annoying, and I resent having to go full tinhat
monty. In case anyone has pointers or has already done such a thing
I very much welcome any documentation. We should publish everthing
in the open to make it easily replicable by anybody anywhere, so 
just to make the annoyance mutual.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE