log☇︎
843700+ entries in 0.56s
Namworld: So, no one is running a MPOE or BBET passthrough currently? Jurov, would you be willing to take my holders on coinbr?
mircea_popescu: jurov ostensibly they can just shoot you, too. hardly part of the discussion i guess.
mircea_popescu: we can agree that wearing a maillot is kinda like being dressed, except if it gets wet, or if it gets flashed or if there's a black light etc.
nanotube: mircea_popescu> Bunnyh in most free countries it's enough to say it's nobody;'s business what you kee pthere <- unfortunately there are countries that are not that free.
jurov: such as denying that attack vector exists "in any circumstance" mkay.
nanotube: what's this "the attack vector" you speak of? haven't we agreed that there are multiple? :D
mircea_popescu: they may be more convenient or profitable or w/e, but they're still qualitatively different.
mircea_popescu: nanotube yes, we can. but we'll have to agree that while some things provide absolute protection against the attack vector, some other things provide partial protection.
Bunnyh: i'd summarize this by saying that there are needs for different granularities in encrypting data
nanotube: can we all just agree that there are multiple attack vectors, and different approaches provide varying protections against them?
mircea_popescu: Bunnyh in most free countries it's enough to say it's nobody;'s business what you kee pthere and the da can either make a case or get lost.
Bunnyh: is it any easier to explain why have you encryped partitions but don't actually know what's in there?
mircea_popescu: what is this, england ?
mircea_popescu: herp. the proof is that i keep secrets ?
mircea_popescu: circumstantial evidence, of the weakest sort. i'll just point and laugh at you.
jurov: now deny that
mircea_popescu: "your honor, we know X talked to Y. therefore X did it" ?
mircea_popescu: i fail to see how this works.
jurov: the logic is, such an powerful adversary doesn't really need the data, they have them from other sources, just metadata are OK to use against you
mircea_popescu: jurov i don't quite follow the logic there.
jurov: then if you are unable to decrypt it, won't help you much
mircea_popescu: nanotube it's basically an antivirus product. it's good to have for your girlfriend, so it keeps the system sorta-above water.
nanotube: which you are correct to bring up.
jurov: how not? if it's law enformcement, usually it's just sufficient to prove that you are owner of certain gpg key.
nanotube: anyway, so my point is, it's good to have fde, to have easy 'blanket' protection against the common issue of accidental loss. and then you can use another layer such as gpg to protect the 'really important stuff'
mircea_popescu: nanotube nope. recall, im the guy using his real name in the bitcoin space.
nanotube: if your email was gpgd, your headers are still plain text. news for you? :)
jurov: i mean, once someone is either able to reboot the machine without you knowing or freeze memory modules, it's pretty game over
nanotube: with fde, they get bupkus.
nanotube: because you must take effort to encrypt every file.
dub: its exactly the same thing
nanotube: which, let's face it, is a much more common class of issue than "someone actively trying to snoop at your files"
mircea_popescu: except it doesn't rly. it tries to.
mircea_popescu: rightj. the death of fde is the boot part rly.
nanotube: would be easier to use than individual file encryption. and you'd also only access it when you need.
mircea_popescu: ftr, im not saying fde will never work. it may eventually work. we're not there yet.
nanotube: but then also, how about an encrypted partition with your files?
nanotube: mircea_popescu: sure, if you didn't happen to use gpg in the session, you're fine. and actually, gpg could be 'really good' at not caching pw in memory, thanks to gpg-agent being purpose-built to handle thing securely. cf this paper: philosecurity.org/pubs/davidoff-clearmem-linux.pdf‎
dub: dexX7: he can say that, kinda like, climate science is bunk because someone said al gore made it up
mircea_popescu: 's convenient in some cases. you have to appreciate we were discussing a specific rthing, ie, making an airgapped machine.
Bunnyh: what's wrong with using fde when, say, developing software? would you rather have each of the thousands of files encrypted individually?
mircea_popescu: otherwise we're back to yadda yadfda, you can't say faith healing doesn't work.
mircea_popescu: this is why you need experts : so they make definite statements in places where the common sense seems lost.
dexX7: yada yada.. i think you simply can't say "this one sucks, the other one is the way to go".
mircea_popescu: without going into all the ways truecrypt is broken and etc, which i don't feel i have the energy for ☟︎
dub: sure, deploying fde and feeling safe in the manner of your average global megacorp security weeny is silly but that doesnt make it broken
mircea_popescu: this alone is the end of the theoretical discussion.
mircea_popescu: basically, in the simplest of terms : fde requires key be available for the os at all times the disk is in use.
dub: who says its booted? you're talking about completely different things tbh
mircea_popescu: how the hell are you going to boot an encrypted disk ?
Bunnyh: suppose i didn't decrypt my disk in the current session?
mircea_popescu: suppose i didn't touch gpg in the current session.
nanotube: not sure how aggressive gpg is in not storing your pw anywhere in memory. my /guess/ is that if you can take a memdump, you can get the gpg pw also. not sure though.
mircea_popescu: ok, let's make it simple : do you agree that in order for your system to be safe it has to be powered down, whereas for gpg to be safe it doesn't have to be powered down ?
nanotube: mircea_popescu: got link to such attack?
dub: the latest link has thesame dependancy
nanotube: required the attacker to boot from usb, which modifies the bios/mbr to log pw. then you wait until i log on and snarf my pw
nanotube: the 'maid attack' that you link to
mircea_popescu: it's just nonsense. to be able to boot you will have to at some point trust the machine. that's all.
mircea_popescu: i can just steal your key from the boot in a variety of different ways, also from recently powered down systems,
nanotube: and if you do the same, you got my gpgd stuff just as well.
nanotube: you have to get it, modify it, then give it back to me, then get it again
nanotube: mircea_popescu> nanotube if i get your "full disk encrupted" pc i can full disk decrypt it. if i get your gpg'd stuff, good luck to me. <- you are missing a crucial step. you don't just 'get my fde comp and got everything'
mircea_popescu: jurov here's an 5 year old forum post going through the basics : http://forum.teamxbox.com/archive/index.php/t-617093.html
jurov: so the same attack can be applied to gpg
jurov: she just modified the bootloader for next time you'll input passphrase
jurov: the chick yu linked to did not do that
mircea_popescu: dexX7 there are numerous different avenues to remove encryption from a full disk encryption schemes.
gribble: mircea_popescu was last seen in #bitcoin-assets 2 minutes and 53 seconds ago: <mircea_popescu> because should you obtain the encrypted file there's nothing you can do.
dexX7: same applies to "encrypted hard drive", so you already include "direct access attacks". i'll rephrase then: how is single file encryption more secure in a similar scenario?
mircea_popescu: because should you obtain the encrypted file there's nothing you can do.
dexX7: i'd like to know: why do you say single file encryption is preferred?
mircea_popescu: nanotube and as to "use both" : the point of science, any science, is to isolate what works from what doesn't and exclude the latter. this is why dentist treats your teeth his way rather than recommending you "also use shaman method".
dexX7: even a stupid guy can figure something out, if he's given enough time
mircea_popescu: why not just use rot13 then
mircea_popescu: so what is this, "it's safe because bad guy is presumed stupid" ?
dexX7: hm.. in that case you're right, but i'd assume the standard scenario is more like "bad guy sneaks into your house and steals your hdd"
mircea_popescu: if it fails to do that, it fails.
mircea_popescu: but that's the usecase man. full disk encryption is supposed to protect the data from physical access attacks.
dexX7: haha, i was just pulling out stupid examples to find something simliar to "full disk encryption sucks, because of attacks based on direct access to the hardware"
mircea_popescu: nanotube if i get your "full disk encrupted" pc i can full disk decrypt it. if i get your gpg'd stuff, good luck to me.
mircea_popescu: dexX7 not quite. passwords suck on http because http is stateless. that's true.
mircea_popescu: ;;later tell chsados sup
nubbins`: ugh, i better get this day started. thanksgiving supper in an hour
nubbins`: would be neat to own some ¥
nubbins`: how do they make money?
kakobrekla: >there are NO trading fees on btcchina
zoinky: wont that graph look funny when the top 3 exchanges is BTCChina
nubbins`: wht a trainwreck of a company
kakobrekla: he obv should use samsung tablet
nubbins`: the real news story is that the USPS decided to let some asshole design a set of stamps on his ipad
nubbins`: and they all have "FOREVER" with a line crossing it out
nubbins`: "turn around / twist"
nubbins`: what's with the random words
kakobrekla: i think they forgot sarastaball?
nubbins`: "One shows a young swimmer doing a cannonball into water. In another, a child is skateboarding wearing a helmet but no kneepads. In the third, a youngster is doing a headstand without a helmet."
kakobrekla: just that others suck
nubbins`: specifically in that he fancies himself to be very clever and very wise
kakobrekla: ah that
nubbins`: i think "eskimobob" from btctalk has some major issues