Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 53

Thread: DriveCrypt

  1. #21
    Marty
    Guest

    Re: nemo On Open Source

    On Fri, 28 Nov 2008 12:48:38 -0500, Ari
    <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote:

    >>
    >> Open source code is no panacea. [SNIP]

    >
    >> Hard work with little or no glory in it. [SNIP]
    >>
    >> Here the "many
    >> eyes" concept of open-source code inspection breaks down badly, since so
    >> few of those eyes are qualified. [SNIP]


    >> The black hats are
    >> looking for exploitable flaws, and having the source code is a big help. [SNIP]


    In the meantime, Linux is growing and thriving. And for some reason
    you don't need a new operating system to run new hardware - like
    USB on Win9x because there is no driver available. Imagine that.


    Marty

  2. #22
    George Orwell
    Guest

    Re: DriveCrypt

    >
    > But it gets worse yet. Open source review has some chance (not nearly as
    > good as is commonly thought IMHO) of winkling out bugs, but it is much
    > less likely to be effective at outing backdoors that have been created
    > and carefully disguised by skilled opponents (I'll answer objections
    > about JAP, etc. if called upon). The proof of how hard it can be to find
    > carefully crafted flaws in code (rather than ordinary unintentional ones)
    > is illustrated brilliantly by the annual "Underhanded C" contest. You
    > can stare for an hour at 20 lines of code, knowing that there is a bug
    > there, and exactly what kind of bug it is, and still not see it. If the
    > NSA has tens of thousands of lines of source code to sneak in a flaw I
    > have little doubt that the chances of it being outed by less than man-
    > years of careful inspection is damned near zero. Open source may work
    > for outing bugs, but outing good backdoors is a whole different game!
    >
    > Ain't life a bitch?
    >
    > Regards,


    An interesting read. Scary too. Maybe I'll go back to OTP, using my
    caesium decay for the RN source. Tedious, but no back doors and no
    sneaky code. Unless god works for the NSA.















  3. #23
    nemo_outis
    Guest

    Re: nemo On Open Source

    Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
    news:ggpatm$uau$1@news.motzarella.org:

    > Your position and mine are about the same.



    Not quite.

    I speak of how open source is not a panacea. Of how the *potential* of
    open source for thorough review and testing is almost never *realized* -
    especially for crypto programs. Of how bugs *may* be exploited and how
    backdoors *might* be inserted and remain undetected in open-source code.
    Of what the NSA and other adversaries *may* be doing.

    But for many of the same reasons that support the *possiblity* of the NSA
    doing such things, I can draw no conclusion whether (and/or to what
    extent) they are *really* doing so. That would be speculation and
    surmise.

    However, depending on their threat model and risk and consequence
    analysis, some parties *may* choose to base their precautions on
    scenarios approaching such worst-case possibilities.

    Regards,

    PS The resources and capabilities of the NSA (and such), great as they
    are, are limited and finite. I suspect (but, for obvious reasons, do not
    know) that the NSA is very selective in which programs it compromises.
    For instance, Windows would be extremely attractive because of its
    ubiquity, and also because mechanisms like frequent updates provide
    attractive paths for ongoing compromise in the face of new
    opportunities/threats. Moreover Windows provides an avenue to compromise
    any program run under it, including completely "clean" crypto programs.

    Compromising all the many crypto programs out there individually would be
    very difficult, even for the NSA (unless, say, AES has a flaw). So many
    contacts with crypto companies/organizations would, for instance, carry a
    high risk of disclosure.

    However, putting out one "ostensibly very good" program cheap or free for
    subsequent widespread adoption could easily be done by the NSA.
    Truecrypt could, for example, be such a program. (I emphasize "could" -
    I have absolutely no substantive evidence for this being true.)



  4. #24
    nemo_outis
    Guest

    Re: DriveCrypt

    George Orwell <nobody@mixmaster.it> wrote in
    news:64a9ae567d05254aa28829abd480fe15@mixmaster.it:

    > An interesting read. Scary too. Maybe I'll go back to OTP, using my
    > caesium decay for the RN source. Tedious, but no back doors and no
    > sneaky code. Unless god works for the NSA.


    Even OTP won't save you if your computer OS has been compromised.

    As for crypto guarantees, I wouldn't accept one from God Himself except
    maybe if I also had a non-compete agreement signed by the Devil :-)

    Regards,



  5. #25
    nemo_outis
    Guest

    Re: DriveCrypt

    Nomen Nescio <nobody@dizum.com> wrote in
    news:751124944d936a1f05a0ade1767aa5da@dizum.com:

    > Absolutely amazing. No wonder Usenet is such a toilet.


    Thanks for adding your incremental turd.


  6. #26
    anonymous
    Guest

    Re: DriveCrypt

    > George Orwell <nobody@mixmaster.it> wrote in
    > news:64a9ae567d05254aa28829abd480fe15@mixmaster.it:
    >
    >> An interesting read. Scary too. Maybe I'll go back to OTP, using my
    >> caesium decay for the RN source. Tedious, but no back doors and no
    >> sneaky code. Unless god works for the NSA.

    >
    > Even OTP won't save you if your computer OS has been compromised.
    >
    > As for crypto guarantees, I wouldn't accept one from God Himself except
    > maybe if I also had a non-compete agreement signed by the Devil :-)
    >
    > Regards,


    Then you truly would have deceived yourself, making any agreement
    with
    the devil.



  7. #27
    nemo_outis
    Guest

    Re: DriveCrypt

    anonymous <anon@domain.invalid> wrote in news:ggpn1e$6p5$1@news.mixmin.net:

    > Then you truly would have deceived yourself, making any agreement
    > with the devil.



    My transactions with the Devil have been eminently satisfactory, those with
    God considerably more problematic :-)

    Regards,

  8. #28
    anonymous
    Guest

    Re: DriveCrypt

    > anonymous <anon@domain.invalid> wrote in news:ggpn1e$6p5$1@news.mixmin.net:
    >
    >> Then you truly would have deceived yourself, making any agreement
    >> with the devil.

    >
    >
    > My transactions with the Devil have been eminently satisfactory, those with
    > God considerably more problematic :-)
    >
    > Regards,


    OOH, but the payment that is comming due!



  9. #29
    nemo_outis
    Guest

    Re: DriveCrypt

    anonymous <anon@domain.invalid> wrote in
    news:ggpq3p$a9r$1@news.mixmin.net:


    >> My transactions with the Devil have been eminently satisfactory,
    >> those with God considerably more problematic :-)
    >>
    >> Regards,

    >
    > OOH, but the payment that is comming due!


    Voltaire on his deathbed was urged by an attending priest to renounce the
    Devil. Voltaire replied, "Now is not a good time to be making new
    enemies."

    Regards,

  10. #30
    Ari
    Guest

    Re: nemo On Open Source

    On Fri, 28 Nov 2008 18:37:32 GMT, nemo_outis wrote:

    > The resources and capabilities of the NSA (and such), great as they
    > are, are limited and finite. I suspect (but, for obvious reasons, do not
    > know) that the NSA is very selective in which programs it compromises.


    So you don't think have my pink/baby blue tray icon "You're USB stick is
    deep inside my 2.0 slot" notification tool is compromised?

    > For instance, Windows would be extremely attractive because of its
    > ubiquity, and also because mechanisms like frequent updates provide
    > attractive paths for ongoing compromise in the face of new
    > opportunities/threats. Moreover Windows provides an avenue to compromise
    > any program run under it, including completely "clean" crypto programs.


    I assume it is.

    > Compromising all the many crypto programs out there individually would be
    > very difficult, even for the NSA (unless, say, AES has a flaw). So many
    > contacts with crypto companies/organizations would, for instance, carry a
    > high risk of disclosure.


    They could compromise four or five packages and get both wide
    international results or one package which dominates an important
    software/business sector. E.g. PROMIS

    http://tr.im/1m3v

    nemo, you know geographically that is my ole stompin' grounds.

    > However, putting out one "ostensibly very good" program cheap or free for
    > subsequent widespread adoption could easily be done by the NSA.
    > Truecrypt could, for example, be such a program. (I emphasize "could" -
    > I have absolutely no substantive evidence for this being true.)


    How about Unix/Linux?
    --
    Meet Ari!
    http://tr.im/1fa3

  11. #31
    Ari
    Guest

    Re: nemo On Open Source

    On Fri, 28 Nov 2008 18:10:25 GMT, Marty wrote:

    > On Fri, 28 Nov 2008 12:48:38 -0500, Ari
    > <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote:
    >
    >>>
    >>> Open source code is no panacea. [SNIP]

    >>
    >>> Hard work with little or no glory in it. [SNIP]
    >>>
    >>> Here the "many
    >>> eyes" concept of open-source code inspection breaks down badly, since so
    >>> few of those eyes are qualified. [SNIP]

    >
    >>> The black hats are
    >>> looking for exploitable flaws, and having the source code is a big help. [SNIP]

    >
    > In the meantime, Linux is growing and thriving. And for some reason
    > you don't need a new operating system to run new hardware - like
    > USB on Win9x because there is no driver available. Imagine that.
    >
    > Marty


    McFly, if you don't think that distros of Linux can be comprmised,
    you're delusional.

    Imagine that.
    --
    Meet Ari!
    http://tr.im/1fa3

  12. #32
    grrrl germs
    Guest

    Re: nemo On Open Source

    "Ari" <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in message
    news:ggq2ht$gut$1@news.motzarella.org...
    > On Fri, 28 Nov 2008 18:37:32 GMT, nemo_outis wrote:
    >
    >> The resources and capabilities of the NSA (and such), great as they
    >> are, are limited and finite. I suspect (but, for obvious reasons, do
    >> not
    >> know) that the NSA is very selective in which programs it compromises.

    >
    > So you don't think have my pink/baby blue tray icon "You're USB stick is
    > deep inside my 2.0 slot" notification tool is compromised?
    >
    >> For instance, Windows would be extremely attractive because of its
    >> ubiquity, and also because mechanisms like frequent updates provide
    >> attractive paths for ongoing compromise in the face of new
    >> opportunities/threats. Moreover Windows provides an avenue to
    >> compromise
    >> any program run under it, including completely "clean" crypto programs.

    >
    > I assume it is.
    >
    >> Compromising all the many crypto programs out there individually would
    >> be
    >> very difficult, even for the NSA (unless, say, AES has a flaw). So
    >> many
    >> contacts with crypto companies/organizations would, for instance, carry
    >> a
    >> high risk of disclosure.

    >
    > They could compromise four or five packages and get both wide
    > international results or one package which dominates an important
    > software/business sector. E.g. PROMIS
    >
    > http://tr.im/1m3v
    >
    > nemo, you know geographically that is my ole stompin' grounds.
    >



    wot ARE u talkin' about, mister? i bet its complicated. it looks
    complicatred. today's gud news IS one bully in heer got OWNED and the
    other got warned about Nic. did U kno that? i'm going to put it on my
    blog. donald says U might have a crush on me ! R U nice? if U hav a
    crush U can test it at DR LOVE's LOVECALCULATOR
    http://www.lovecalculator.com/

    U got 24 http://www.lovecalculator.com/love.p...me2=grrrlgerms
    so U dont have a crush that means U can't be a PERV on me then. UR ok.
    but a bit boring.
    i checked out Alric Knebel (cos hes been STALKING me). we got 71
    http://www.lovecalculator.com/love.p...me2=grrrlgerms .
    I think he's a PERV. i mean 71 is high. how high does it HAVE to be
    before a perv attaks? U and Nic can protect me if U like.

    i checked out BULLY bear bottoms and he got 11. maybe its becuase hes not
    normal and wants to FLAGILATE me (that means whip) or bully me. is he
    GAY? i mean theres nothing rong about someone being GAY as long as theyre
    not homosexual.

    im going to try that calculator on other people.



    --

    no invitations for the moment



  13. #33
    Anonymous Remailer
    Guest

    Re: DriveCrypt


    nemo_outis wrote:

    > anonymous <anon@domain.invalid> wrote in
    > news:ggpq3p$a9r$1@news.mixmin.net:
    >
    >
    > >> My transactions with the Devil have been eminently satisfactory,
    > >> those with God considerably more problematic :-)
    > >>
    > >> Regards,

    > >
    > > OOH, but the payment that is comming due!

    >
    > Voltaire on his deathbed was urged by an attending priest to renounce the
    > Devil. Voltaire replied, "Now is not a good time to be making new
    > enemies."


    It seems only fitting that one of the historical entities you
    "connect" with enough to cite in defense of your asininity,
    would happen to be one that rotted away, and eventually died, of
    syphilis.







  14. #34
    Nightmix-Remailer
    Guest

    Re: DriveCrypt

    nemo_outis wrote:

    > Nomen Nescio <nobody@dizum.com> wrote in
    > news:751124944d936a1f05a0ade1767aa5da@dizum.com:
    >
    > > Absolutely amazing. No wonder Usenet is such a toilet.

    >
    > Thanks for adding your incremental turd.


    I notice you don't have the balls to refute the fact that you're a
    congenital liar regarding the openness of Truecrypt source code, and
    your idiot-savant is a congenital dimwit who actually thinks
    there's a crumb of credibility to anything you say. No, you had to
    snip and run from all that and make one of your failed attempts to
    be cute, as cover. Didn't you kiddo.

    That makes you an exposed coward, and me the Tidy Bowl Man.

    That's right. Gotcha *again*, bitch. :-p

    Gonna crumble into your usual pile of quivering "blither" spew for
    us this time?
    ~~~~~~~~~~~~~~~~~~~~~
    This message was posted via one or more anonymous remailing services.
    The original sender is unknown. Any address shown in the From header
    is unverified. Please report spam or misuse to the remailer-operator:
    <nightmix@fahr-zur-hoelle.org>



  15. #35
    nemo_outis
    Guest

    Re: DriveCrypt

    Anonymous Remailer <mix@awxcnx.de> wrote in
    news:778d831da5a05a873ad506f3a63d9505@awxcnx.de:

    >> Voltaire on his deathbed was urged by an attending priest to renounce
    >> the Devil. Voltaire replied, "Now is not a good time to be making
    >> new enemies."

    >
    > It seems only fitting that one of the historical entities you
    > "connect" with enough to cite in defense of your asininity,
    > would happen to be one that rotted away, and eventually died, of
    > syphilis.


    You're a feckin' moron, and with this gem you've won the non-sequitur of
    the week award!

    Voltaire lived to 84 (a ripe old age for those days) and the cause of his
    death was unspecified - there's not a hint of him having syphilis. Perhaps
    in the muddled porridge of your brain you confused Voltaire with his
    fictional character, Dr. Pangloss?

    Regards,


  16. #36
    nemo_outis
    Guest

    Re: DriveCrypt

    Nightmix-Remailer <spam_for_blackhole@nurfuerspam.de> wrote in
    news:4EIR8FIP39783.0986226852@blackhole.org:

    It's nice you have access to a computer down there at the home for the
    feeble-minded.


  17. #37
    Ari
    Guest

    Re: DriveCrypt

    On 1 Dec 2008 01:22:01 -0000, Nightmix-Remailer wrote:

    > nemo_outis wrote:
    >
    >> Nomen Nescio <nobody@dizum.com> wrote in
    >> news:751124944d936a1f05a0ade1767aa5da@dizum.com:
    >>
    >>> Absolutely amazing. No wonder Usenet is such a toilet.

    >>
    >> Thanks for adding your incremental turd.

    >
    > I notice you don't have the balls to refute the fact that you're a
    > congenital liar


    My God! nemo lied as a fetus! Nemo, you never told me! lol
    --
    Meet Ari!
    http://tr.im/1fa3

  18. #38
    Ari
    Guest

    Re: DriveCrypt

    On Mon, 01 Dec 2008 01:47:11 +0100, Anonymous Remailer wrote:

    > nemo_outis wrote:
    >
    >> anonymous <anon@domain.invalid> wrote in
    >> news:ggpq3p$a9r$1@news.mixmin.net:
    >>
    >>>> My transactions with the Devil have been eminently satisfactory,
    >>>> those with God considerably more problematic :-)
    >>>>
    >>>> Regards,
    >>>
    >>> OOH, but the payment that is comming due!

    >>
    >> Voltaire on his deathbed was urged by an attending priest to renounce the
    >> Devil. Voltaire replied, "Now is not a good time to be making new
    >> enemies."

    >
    > It seems only fitting that one of the historical entities you
    > "connect" with enough to cite in defense of your asininity,
    > would happen to be one that rotted away, and eventually died, of
    > syphilis.


    BWAHAHAHAAAA. Your anonymous Google ****ed your history lesson up.
    --
    Meet Ari!
    http://tr.im/1fa3

  19. #39
    Nomen Nescio
    Guest

    Re: DriveCrypt

    nemo_outis wrote:

    > Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
    > news:ggorap$nqi$1@news.motzarella.org:
    >
    > ...
    > >> In short, there is NO substantive public evidence that Truecrypt's
    > >> source code has been the subject of thorough review, nor is there any
    > >> reason to rely on the credentials of the developers (since they
    > >> remain anonymous). In that absence, using Truecrypt is an act of
    > >> blind faith every bit as much (or more!) than using a closed-source
    > >> encryption program.

    >
    > > "You can't trust code that you did not totally create yourself"
    > > Ken Thompson "Reflections on Trusting Trust"

    >
    > Yes, the above paper - which everyone here should read! - makes a very
    > powerful point.


    If you're a moron. There's nothing wrong with trusting code someone
    else wrote. individuals, businesses, and even governments do it
    every day with no ill effects. The key is learning enough to know
    WHICH code to trust and definitely not listening to idiots like you.

    >
    > But it gets worse, much worse.
    >
    > Open source code is no panacea.


    Nobody ever said it was. It makes you feel like a grownup to lie
    and try to make it sound like someone did, but it never happened.

    Once again, open source is an additional barrier for bad or evil
    code to overcome. The ideal would be poth public and private review.

    > First of all, I don't believe most open
    > source code gets anything more than very cursory review


    Yeah, that's why the last two flaws in GnuPG were discovered by an
    independent reviewer. And why the last SSL bug was discovered the
    same way.

    Never mind the fact that reality PROVES it works or anything, just
    go ahead on and blither.

    > Good thorough code review and testing is hard, tedious, painstaking work.


    Wy do you suppose it is you have to pretend it's an either/or world
    just to try and make a point?

    Do you suppose you've had your ass handed to you over this before
    and now your ego just won't let you sleep unless you spread this
    sort of nonsense?

    Of course that's it.

    <rest snipped unread>


  20. #40
    Non scrivetemi
    Guest

    Re: DriveCrypt

    nemo_outis wrote:

    > Anonymous Remailer <mix@awxcnx.de> wrote in
    > news:778d831da5a05a873ad506f3a63d9505@awxcnx.de:
    >
    > >> Voltaire on his deathbed was urged by an attending priest to renounce
    > >> the Devil. Voltaire replied, "Now is not a good time to be making
    > >> new enemies."

    > >
    > > It seems only fitting that one of the historical entities you
    > > "connect" with enough to cite in defense of your asininity,
    > > would happen to be one that rotted away, and eventually died, of
    > > syphilis.

    >
    > You're a feckin' moron, and with this gem you've won the non-sequitur of
    > the week award!
    >
    > Voltaire lived to 84 (a ripe old age for those days) and the cause of his
    > death was unspecified


    I see you're still having a fling with Wikipedia.

    What an idiot you've become.












Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •