Page 3 of 4 FirstFirst 1234 LastLast
Results 51 to 75 of 76

Thread: The public use of ENCRYPTION

  1. #51
    Join Date
    Jan 10, 2013
    Location
    eastern side of au
    Posts
    254
    Thanks
    106
    Thanked 169 Times in 94 Posts
    Country: Australia

    Default

    And this is why UK start and then Australia tried to butcher what is know as the 'encryption back door U laws' which is coming to a country near you soon for the very reason the spooks are having issues breaking apps.

    https://www.wired.com/story/australi...global-impact/

    I will also put this out there - it is only a matter of time before AES in radios are outlawed, it will be on the back so some event and some govt twit claiming they are not able to easily collect transmissions via normal means (from telecommunication network) so we now will outlaw it. Up side locally, work has more customers ordering AES feature enabled in the radios by default for privacy and protection of there activities and surprising motorola is supplying with out crying. Just goes to show they area hoer for a dollar atm.
    I do not believe in political correctness BS leftest tripe
    Suck it up, HTFU and make the place great again! Work never killed anyone who did it safely


  2. The Following User Says Thank You to techman For This Useful Post:

    Mars (Sep 09, 2019)

  3. #52
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Believe it or not, the Internet is still in its infancy. There is no doubt in my mind the excrement that operates our world governments will eventually want the ability to completely intrude into our lives, without the need for a warrant or our consent.

    The mentally ill reporter (Caroline Barghout) from the CBC in Canada, who wrote the FALSE story about Ed Richardson last February (city radio manager accused of all kinds of things) actually attempted to name me in the story, suggesting I have something to hide, because I promote privacy and encryption. “Why would you need encryption? What are you doing with that?”

    Look bitch, you use AES-256 every time you check your email, look at your porn on the Internet, watch Netflix, YouTube or even do your nightly iCloud backup. What a clueless, uneducated, hypocritical ****.

  4. The Following 4 Users Say Thank You to Mars For This Useful Post:

    BobbyBoucher (Aug 26, 2019),com501 (Aug 25, 2019),romanrobles (Aug 28, 2019),Viper1-6 (Aug 24, 2019)

  5. #53
    Join Date
    Jun 25, 2012
    Posts
    122
    Thanks
    487
    Thanked 39 Times in 24 Posts
    Country: Canada

    Default

    My view on the use of strong encryption (AES) is I want to have to block unauthorized intercepts of my communications. If LE has a legitimate need to monitor an individuals communication then I have no problem with that, trouble is a lot of times LE is on a fishing trip.

    I forget my source (I will try to find it) but it is my understanding that every single communication today is monitored and stored by groups like the NSA and CSE and others in the five eyes. I understand that if you show up on their radar they can dial back to 2004 on your emails even your internet searches. What I don't like about this type of monitoring is it's like listing to someones thoughts, it's absurd that governments are this paranoid.

    Keep this in mind. Long before the internet and electronic communications all LE could do is tap a phone or bug your home/business. If you whispered something in someones ear they could not intercept that. That is what AES does for use and we have that right not to have our thoughts intercepted.

    here is the wiki on the five eyes (looking for my source about dialing back to 2004);


    HTML Code:
    https://en.wikipedia.org/wiki/Five_Eyes
    HTML Code:
    https://en.wikipedia.org/wiki/List_of_people_under_Five_Eyes_surveillance

  6. The Following 2 Users Say Thank You to SPECIAL_EYE For This Useful Post:

    Mars (Aug 25, 2019),romanrobles (Aug 28, 2019)

  7. #54
    Join Date
    Jan 04, 2013
    Location
    Planet Vulcan
    Posts
    173
    Thanks
    108
    Thanked 74 Times in 37 Posts

    Default

    I read this book a few months back and there were so many cases from yesteryear that just a single use of a numeric pager could make a case in the 80's and 90's.
    It is quite a read. https://www.amazon.com/U-S-Marshals-.../dp/0062227254

  8. #55
    Join Date
    Mar 04, 2019
    Posts
    6
    Thanks
    11
    Thanked 3 Times in 3 Posts
    Country: United States

    Default

    Has anyone thought about (in the US) CALEA as it relates to encrypted radio traffic?

    Since DMR, NXDN, and Motorola ADP use weaker (as a whole) encryption, it seems to me (and please correct me if I'm going down the wrong path) that there would be every reason for manufacturers to design a backdoor into these types of encryption, and no reason to assume liability by not doing so. In fact, in reading some of the standards on DES and DVP, I'm not sure there aren't backdoors on these also.

    I came of age in the "clipper chip" era of the 90's, so my paranoia of sorts has deep roots. This is an interesting thread!!!

  9. #56
    Join Date
    Nov 04, 2012
    Location
    True North Strong and Free
    Posts
    286
    Thanks
    1,804
    Thanked 516 Times in 221 Posts
    Country: Albania

    Default

    Quote Originally Posted by mattnik View Post
    Has anyone thought about (in the US) CALEA as it relates to encrypted radio traffic?

    Since DMR, NXDN, and Motorola ADP use weaker (as a whole) encryption, it seems to me (and please correct me if I'm going down the wrong path) that there would be every reason for manufacturers to design a backdoor into these types of encryption, and no reason to assume liability by not doing so. In fact, in reading some of the standards on DES and DVP, I'm not sure there aren't backdoors on these also.

    I came of age in the "clipper chip" era of the 90's, so my paranoia of sorts has deep roots. This is an interesting thread!!!
    Only Motorola does not offer AES 256 bit encryption on their DMR line in North America to the average Joe buyer.
    It appears that Motorola has done this to ‘force’ customers to purchase P25 if they want actual voice security.

    Kenwood offers a welfare form of encryption as a stock option. Not secure by any stretch of the imagination at all. If memory serves me it’s something uselesss like 15bits.
    -Kenwood NX-5xxx(DMR, NXDN and P25) series has optional hardware AES256 encryption.
    -Tait offers AES256 on their DMR gear.
    -Hytera offers AES256 on their DMR gear.
    -Anytone offers AES256 on the AT-D878UV portable this was just released in firmware V1.14. It IS compatible with the DMR spec AES256. It will also be in their soon to be released AT-D578xxx mobile.

    By the way Motorola ADP(Advanced Digitial Privacy) is RC4 with a 40bit key. It’s welfare security and is less secure than DES.

    While ADP will keep people with scanners from listening, it’s not secure by any stretch of the imagination. DES uses a 56 bit key and has been considered broken for many years now.
    The only company that carries any weight in the DMR market that won’t sell you a radio in North America with AES256 is Motorola.

  10. The Following 7 Users Say Thank You to Viper1-6 For This Useful Post:

    Alpha (Sep 09, 2019),com501 (Sep 09, 2019),Hartley (Sep 15, 2019),k1ngfish (Sep 09, 2019),Mars (Sep 09, 2019),mattnik (Sep 09, 2019),MTS2000DES (Sep 10, 2019)

  11. #57
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Viper1-6 is correct with his statements about the availability of AES-capable (enabled) DMR radio gear.

    But I'd like to draw the attention of everyone to the archaic and heavy-handed US Government policy which governs licensing certain items for export.

    https://www.bis.doc.gov/index.php/po...t/c-740-17-b-2

    Section 740(17)(b)(2) states the following:

    Items described in 740.17(b)(2) require a classification request to be eligible for license exception ENC, as well as semi-annual sales reporting. See here for the semi-annual sales reporting requirements.

    Items described in 740.17(b)(2) include:

    – 'Network infrastructure' items as described in 740.17(b)(2)(i)(A).
    – Encryption source code that is not publicly available.
    – Commodities, software, and components that have been designed, modified, adapted or customized for "government end-user(s)".
    – Certain customized items, including:
    •Items that are designed, modified, adapted, or customized for "government end-users"; or
    •Items where the encryption functionality is designed or modified for a particular customer or can be easily changed by the user.
    – Commodities and software for quantum cryptography.
    – Commodities and software that provide penetration capabilities that are capable of attacking, denying, disrupting or otherwise impairing the use of cyber infrastructure or networks.
    - Public safety/first responder radio (P25 or TETRA).
    – Items described in 5A002.d and e., and related software.
    – Cryptanalytic items under 5A004.
    – "Open Cryptographic Interface" items.
    – Encryption technology classified under ECCN 5E002.

    ------

    The bolding of the above text is my doing. I wanted to draw attention to certain items.

    So first, what is "Network Infrastructure", as defined by the BIS? I guess we'll never know, as clicking on the hyerlink on their website, leads to a 404 (dead). Very competent, BIS.

    Next, they define "Public Safety radios" as being P25 or Tetra. OK. I'm assuming that's because P25 and Tetra radios utilize secure hardware to store keys? (Not counting welfare software encryption algorithms). Does this mean DMR radios are not inclusive in the "Public Safety radios" definition? I guess they can't enforce their export restrictions on DMR gear. I wonder if it applies to those who import these devices into the US as well?

    Regardless of my comments about Public Safety radios, a potential "catch all" exists here with respect to the "Items where the encryption functionality is designed or modified for a particular customer or can be easily changed by the user." clause.

    It could easily be argued the Anytone AT-D878UV falls into this category as encryption keys are easily modified by the end user. But this would also apply to Wi-Fi routers (which could be used to do all kinds of voice/video/data transmissions over a wide area), Hytera radios (which are already imported/exported in/out of the USA) and many other devices. Hytera radios by the way, allow for full FPP of the AES key and Key ID itself, by the end user. I was totally impressed by that when I owned the PD982.

    But I saved the best for last. And this is just mind boggling. For the purpose of defining why they must control the export and reexport of encryption, they're relying on a 1996 statement made by former US President Bill Clinton.

    https://www.ecfr.gov/cgi-bin/text-id..._115&rgn=div88

    Quote Originally Posted by BIS
    Encryption items can be used to maintain the secrecy of information, and thereby may be used by persons abroad to harm U.S. national security, foreign policy and law enforcement interests. The United States has a critical interest in ensuring that important and sensitive information of the public and private sector is protected. Consistent with our international obligations as a member of the Wassenaar Arrangement, the United States has a responsibility to maintain control over the export and reexport of encryption items. As the President indicated in Executive Order 13026 and in his Memorandum of November 15, 1996, exports and reexports of encryption software, like exports and reexports of encryption hardware, are controlled because of this functional capacity to encrypt information, and not because of any informational or theoretical value that such software may reflect, contain, or represent, or that its export or reexport may convey to others abroad. For this reason, export controls on encryption software are distinguished from controls on other software regulated under the EAR.
    It gets better.

    Quote Originally Posted by BIS
    Licensing Policy (2)

    https://www.ecfr.gov/cgi-bin/text-id..._115&rgn=div88

    (b) Publicly available encryption source code—(1) Scope and eligibility. Subject to the notification requirements of paragraph (b)(2) of this section, publicly available (see §734.3(b)(3) of the EAR) encryption source code classified under ECCN 5D002 is not subject to the EAR. Such source code is publicly available even if it is subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code.
    As the source code for the algorithm selected as the AES is publicly available - https://github.com/kokke/tiny-AES-c -, I guess this means devices which utilize this publicly available algorithm/source code are not subject to export control restrictions? Or is the BIS going to contradict themselves and (cluelessly) force their ignorance on us, looking to victimize amateur radio dealers who are shipping Anytone AT-D878UV and AT-D578UV radios outside of the US?

    I guess if radios are still shipping with 1.13 firmware, there is no AES or working encryption. Not a problem. Might be an easy way to get out of this mess. I wish I could say the same about Motorola, who has shipped me numerous devices over the years which had embedded AES-256 support in the firmware and only needed the "CFS_Enabled' flag set for the AESPRIVACY option. Oh wait, AES is an open-source algorithm. I guess all of this nonsense about AES-256 being "highly sensitive" is just something Motorola likes to hype to protect their P25 APX sales.

    I'll admit, this whole BIS thing is extremely confusing. From contradictory statements, to broken links on their website, it's enough to confuse even the most seasoned legal specialists. This nonsense leads to people using "opinions" of the law, instead of the actual intent and meaning of it. That should never happen. Laws should be black-and-white, with clearly laid out and understandable terms. Unless of course, the intent of the law is only to make people victims and give them the runaround.

  12. The Following 5 Users Say Thank You to Mars For This Useful Post:

    Alpha (Sep 09, 2019),com501 (Sep 09, 2019),mattnik (Sep 09, 2019),MTS2000DES (Sep 10, 2019),Viper1-6 (Sep 09, 2019)

  13. #58
    Join Date
    Mar 04, 2019
    Posts
    6
    Thanks
    11
    Thanked 3 Times in 3 Posts
    Country: United States

    Default

    Quote Originally Posted by Viper1-6 View Post
    Kenwood offers a welfare form of encryption as a stock option. Not secure by any stretch of the imagination at all. If memory serves me it’s something uselesss like 15bits.
    -Kenwood NX-5xxx(DMR, NXDN and P25) series has optional hardware AES256 encryption.
    -Tait offers AES256 on their DMR gear.
    -Hytera offers AES256 on their DMR gear.
    -Anytone offers AES256 on the AT-D878UV portable this was just released in firmware V1.14. It IS compatible with the DMR spec AES256. It will also be in their soon to be released AT-D578xxx mobile.
    But under CALEA, LEO has to have the ability to monitor comms, such as POTS, VoIP, etc. Even if it's AES256, there seems to be little reason NOT to bake in some sort of back door. I'm not saying it is there, but does radio communications fall under CALEA, and if so, could the fedgov use that statute to bludgeon manufacturers to build in a backdoor.

    I'm learning quick (this board is a GREAT resource) but there's so much I don't know.

  14. #59
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Quote Originally Posted by mattnik View Post
    But under CALEA, LEO has to have the ability to monitor comms, such as POTS, VoIP, etc. Even if it's AES256, there seems to be little reason NOT to bake in some sort of back door. I'm not saying it is there, but does radio communications fall under CALEA, and if so, could the fedgov use that statute to bludgeon manufacturers to build in a backdoor.
    Welcome (six months after the fact) to the website. Glad to have you aboard.

    I too, thought AES was back-doored. I even posted as such about 15 years ago on Batboard. I had absolutely no proof of this. I was an ignorant, moronic, untrusting idiot. Not implying you fall into this category -- only speaking about how foolish I was. I came to realize I was most likely mistaken about AES being open to cracking by LEO/intelligence, based on the following:

    - The source code for Rijndael (the algorithm chosen for the AES) is publicly available and has been scrutinized by the best cryptographers and conspiracy theorists out there. None have ever made the allegation about a back-door being found. Nothing suspicious in the code has been uncovered or discovered.

    - People, by nature, just can't keep their mouths shut. If AES was back-doored, surely some anonymous NSA contractor would've posted on Reddit or 4chan about it. Snowden didn't drop that bomb either, and he dropped the largest bomb(s) in the history of NSA leaks.

    - If AES was compromised/back-doored, and LEO/Intelligence was making use of recovered clear data, it would've come out in court dockets as part of the disclosure process. To date, that hasn't occurred. The only successful attacks on AES have been related to compromised passwords (keys) or "stupid keys" which can be brute-forced, just like any other algorithm. Just because AES is complex, doesn't mean it can't be cracked. Pick 0101010101010101... as a key, and you can't expect security. (cough cough, WPS, cough cough)

    I'm confident Rijndael is "secure" for the time being, so long as a complex and secure key (password) is selected to encrypt the clear data. This means a completely random, 256-bit key, not indicative of any patterns or human stupidity.

    On the topic of security, I encourage everyone to read up on the runners-up to the AES competition/submission. Rijndael was chosen for it's efficiency and ease of implementing into software. A more secure algorithm which was submitted as an AES candidate was Serpent. It lost because of the software efficiency issue. Serpent scored the second-highest score to Rijndael. More on Serpent: https://en.wikipedia.org/wiki/Serpent_(cipher)

    The Veracrypt full-disk encryption suite allows for Serpent to be selected as the desired algorithm. Something to consider...

  15. The Following 9 Users Say Thank You to Mars For This Useful Post:

    com501 (Sep 09, 2019),mattnik (Sep 11, 2019),motorola_otaku (Sep 10, 2019),MTS2000DES (Sep 10, 2019),p47r4ck (Sep 09, 2019),romanrobles (Sep 13, 2019),SPECIAL_EYE (Sep 10, 2019),SwissMoto (Sep 20, 2019),Viper1-6 (Sep 09, 2019)

  16. #60
    Join Date
    Nov 04, 2012
    Location
    True North Strong and Free
    Posts
    286
    Thanks
    1,804
    Thanked 516 Times in 221 Posts
    Country: Albania

    Default

    The only issue with that is this:

    If they build a ‘back door’ into encryption used by DMR/NXDN/P25, they would have to have a specific option for public safety and the rest of us.

    You, me and anyone else can buy surplus P25 gear with UCMs used by public safety and use it.

    Do you really thing public safety would use a compromised flavour of AES256?

    The issue with a ‘back door’ is that someone will figure it out. Cryptographic researchers continuously try and find weaknesses in existing and new cryptographic algorithms. Same with the ‘bad guys’. In this day and age who the ‘good guy’ is and who the ‘bad guy’ is is a very, very grey area.

    The government is not always the ‘good guy’

  17. The Following 5 Users Say Thank You to Viper1-6 For This Useful Post:

    com501 (Sep 09, 2019),Mars (Sep 09, 2019),mattnik (Sep 11, 2019),romanrobles (Sep 13, 2019),SPECIAL_EYE (Sep 10, 2019)

  18. #61
    Join Date
    Feb 04, 2012
    Posts
    1,871
    Thanks
    179
    Thanked 667 Times in 302 Posts

    Default

    One thing to remember with any encryption method is that the algorithm may be secure but there is nothing stopping a manufacturer or anyone else of sneaking in some type of backdoor to the loaded key memory that leaks the key over time. This would have to be buried in the firmware or in the way the algo is implemented.

    I have not heard of this actually happening but with some of the computer file encryption software I would be very concerned that it might be a possibility.

    FYI VeraCrypt lets you select an option that uses both AES and Serpent. There is no way to tell what algo or combination of algos was used in VeraCrypt I highly recommend it.

  19. The Following 2 Users Say Thank You to Notarola For This Useful Post:

    Mars (Sep 20, 2019),mattnik (Sep 13, 2019)

  20. #62
    Join Date
    Jan 27, 2016
    Posts
    34
    Thanks
    17
    Thanked 54 Times in 22 Posts
    Country: United States

    Default

    I've heard of it happening. However, I can no longer find the article to reference on the web. (No surprise there...)

    During the late 90's there was an accusation that Microsoft IE embedded a "helper key" somewhere within https transactions. The idea was the "helper key" would effectively reduce the (then) 128 bit cipher down to 40 bits. This would effectively reduce the cipher strength to the same as the exportable version. They didn't want to completely defeat the encryption, but just make it easy enough to brute force.

    Because of this, folks were inclined to look at non-US made encryption schemes. There were issues and accusations with that as well.

    I tend not to completely trust anything cryptographic unless one can review and compile the source code for themselves. I will allow myself to be complacent if I'm not concerned with big-brother watching.


    M

  21. The Following 3 Users Say Thank You to m0th For This Useful Post:

    Mars (Sep 20, 2019),mattnik (Sep 13, 2019),motorola_otaku (Sep 10, 2019)

  22. #63
    Join Date
    Mar 04, 2019
    Posts
    6
    Thanks
    11
    Thanked 3 Times in 3 Posts
    Country: United States

    Default

    Quote Originally Posted by Mars View Post
    Welcome (six months after the fact) to the website. Glad to have you aboard.

    I too, thought AES was back-doored. I even posted as such about 15 years ago on Batboard. I had absolutely no proof of this. I was an ignorant, moronic, untrusting idiot. Not implying you fall into this category -- only speaking about how foolish I was. I came to realize I was most likely mistaken about AES being open to cracking by LEO/intelligence, based on the following:

    - The source code for Rijndael (the algorithm chosen for the AES) is publicly available and has been scrutinized by the best cryptographers and conspiracy theorists out there. None have ever made the allegation about a back-door being found. Nothing suspicious in the code has been uncovered or discovered.

    - People, by nature, just can't keep their mouths shut. If AES was back-doored, surely some anonymous NSA contractor would've posted on Reddit or 4chan about it. Snowden didn't drop that bomb either, and he dropped the largest bomb(s) in the history of NSA leaks.

    - If AES was compromised/back-doored, and LEO/Intelligence was making use of recovered clear data, it would've come out in court dockets as part of the disclosure process. To date, that hasn't occurred. The only successful attacks on AES have been related to compromised passwords (keys) or "stupid keys" which can be brute-forced, just like any other algorithm. Just because AES is complex, doesn't mean it can't be cracked. Pick 0101010101010101... as a key, and you can't expect security. (cough cough, WPS, cough cough)

    I'm confident Rijndael is "secure" for the time being, so long as a complex and secure key (password) is selected to encrypt the clear data. This means a completely random, 256-bit key, not indicative of any patterns or human stupidity.
    I never thought of it that way, and it makes sense. I just figured that regardless of the encryption method used, one could build a hardware backdoor. I never thought about that fact that the method of encryption would pass it's security past the hardware. So in other words, the security of the method is inherited by the hardware used, right?

  23. The Following User Says Thank You to mattnik For This Useful Post:

    Mars (Sep 20, 2019)

  24. #64
    Join Date
    Feb 12, 2014
    Posts
    35
    Thanks
    13
    Thanked 50 Times in 22 Posts

    Default

    FWIW

    Encryption Working Group Releases Paper To 'Move The Conversation Forward'

    https://www.techdirt.com/articles/20...-forward.shtml

    One of the frustrating aspects of the "debate" (if you can call it that) over encryption and whether or not law enforcement should be able to have any kind of "access" is that it's been no debate at all. You have people who understand encryption who keep pointing out that what is being asked of them is impossible to do without jeopardizing some fairly fundamental security principles, and then a bunch of folks who respond with "well, just nerd harder." There have been a few people who have suggested, at the very least, that "a conversation" was necessary between the different viewpoints, but mostly when that's brought up it has meant non-technical law enforcement folks lecturing tech folks on why "lawful access" to encryption is necessary...

  25. The Following 6 Users Say Thank You to KA1RBI For This Useful Post:

    Alpha (Sep 14, 2019),com501 (Sep 14, 2019),Hartley (Sep 15, 2019),Mars (Sep 13, 2019),motorola_otaku (Sep 16, 2019),Notarola (Sep 14, 2019)

  26. #65
    Join Date
    Jun 25, 2012
    Posts
    122
    Thanks
    487
    Thanked 39 Times in 24 Posts
    Country: Canada

    Default

    If LE wants access to our stuff why cant we have access to theirs, they are civil servants after all? I say all police forces should post their GP encryption keys online like a US hams have to LOL.

    Quote Originally Posted by KA1RBI View Post
    FWIW

    Encryption Working Group Releases Paper To 'Move The Conversation Forward'

    https://www.techdirt.com/articles/20...-forward.shtml

    One of the frustrating aspects of the "debate" (if you can call it that) over encryption and whether or not law enforcement should be able to have any kind of "access" is that it's been no debate at all. You have people who understand encryption who keep pointing out that what is being asked of them is impossible to do without jeopardizing some fairly fundamental security principles, and then a bunch of folks who respond with "well, just nerd harder." There have been a few people who have suggested, at the very least, that "a conversation" was necessary between the different viewpoints, but mostly when that's brought up it has meant non-technical law enforcement folks lecturing tech folks on why "lawful access" to encryption is necessary...

  27. #66
    Join Date
    Mar 04, 2019
    Location
    Iowa
    Posts
    1
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Country: United States

    Default

    I have not heard anyone talk about TrueCrypt in quite a long time. It is also my understanding that they closed up shop from pressure to backdoor the software. I use OpenPGP / Gpgex. for personal records and such with no issues. Paul Harvey lol quite the the man to to tell "The Rest Of The Story". On another note was it EF Johnson that had Transcrypt DES boards they used to sell? I remember a catalog from years ago where you could buy these boards and install them in any radio. I think they even supported some sort of OTAR, but not sure. I know they once had a database with install instructions for various radios Ham / Commercial. I don't think those boards were a big money maker for them because I believe they were discontinued quite a long time ago. I just wish that I had an audio sample just to see how clean and readable voice was decoded. As far as OTAR on those small little boards I have no Idea how that worked.

  28. #67
    Join Date
    Jan 18, 2013
    Location
    In Your Network
    Posts
    2,585
    Thanks
    2,360
    Thanked 1,716 Times in 864 Posts
    Country: Holy See

    Default

    Quote Originally Posted by Rasputin View Post
    I have not heard anyone talk about TrueCrypt in quite a long time. It is also my understanding that they closed up shop from pressure to backdoor the software. I use OpenPGP / Gpgex. for personal records and such with no issues. Paul Harvey lol quite the the man to to tell "The Rest Of The Story". On another note was it EF Johnson that had Transcrypt DES boards they used to sell? I remember a catalog from years ago where you could buy these boards and install them in any radio. I think they even supported some sort of OTAR, but not sure. I know they once had a database with install instructions for various radios Ham / Commercial. I don't think those boards were a big money maker for them because I believe they were discontinued quite a long time ago. I just wish that I had an audio sample just to see how clean and readable voice was decoded. As far as OTAR on those small little boards I have no Idea how that worked.
    I have several of those boards and used them in HT1550s and some Kenwood kit. They worked very well and the audio recovery wasn't too bad.

    Transcrypt also sold a re-engineered BK portable that did programmable frequency hopping and also had the DES boards. I had a pair of demos for quite a while. Wish I still had them. Switching was so fast that you couldn't follow a conversation even if you knew the frequencies (unless you had a dozen or more single channel receivers on the frequencies used).
    Apparently NOT a radio professional.

  29. #68
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    16
    Thanks
    4
    Thanked 11 Times in 7 Posts
    Country: UK

    Default

    Great thread and very interesting.

    Brings back memories of when I worked with MASC equipped Motos (which made users sound like they had their head in a bucket) and COUGAR kit in the 90's. I still miss opening the little book with wax sealed pages and pumping the numbers into the programmer but we've come a long way since then!

  30. The Following User Says Thank You to Outpost Delta For This Useful Post:

    Mars (Sep 20, 2019)

  31. #69
    Join Date
    Aug 15, 2019
    Posts
    42
    Thanks
    34
    Thanked 77 Times in 36 Posts
    Country: Australia

    Default

    Quote Originally Posted by Rasputin View Post
    I have not heard anyone talk about TrueCrypt in quite a long time. It is also my understanding that they closed up shop from pressure to backdoor the software.
    They closed down because the author, cartel boss Paul Le Roux, is in jail.

  32. The Following 2 Users Say Thank You to syntrx For This Useful Post:

    Mars (Sep 20, 2019),Rasputin (Sep 20, 2019)

  33. #70
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Quote Originally Posted by mattnik View Post
    I never thought of it that way, and it makes sense. I just figured that regardless of the encryption method used, one could build a hardware backdoor. I never thought about that fact that the method of encryption would pass it's security past the hardware. So in other words, the security of the method is inherited by the hardware used, right?
    Sorry for the tardy reply here.

    Bingo. Encryption can be pretty much useless, or at least compromised at one or more layers, if the implementation is flawed. Here are some examples, all involving AES-256:

    MOTOTRBO radios with the AES Privacy option. The RF and network layers are secured, but the software, hardware and key management layers (if you want to call them this) are completely compromised.

    • No secure memory space for keys
    • No tamper-detect circuit (hardware)
    • No robust user-authentication password (software tamper detect)
    • Keys are entered into non-secure codeplug (encrypted XML, but decryption key is sniffed out of RAM)
    • Keys are compromised by insecure storage/distribution of codeplug (Sure, email your AES-loaded codeplug to your buddy!)
    • Keys are loaded by non-secure hardware device connected to the internet!
    • The radio is not FIPS 140-2 validated


    Anytone AT-D878UV & AT-D578UV radios are just as bad as the Motorola radios, with these additional critical FAILS:

    • The Anytone codeplug is CLEAR DATA. Open with hex workshop. There's the keys!
    • When reading the Anytone codeplug from radio, the key data is also read and displayed in cleartext within the CPS. That's a total fail.


    Side-channel attacks

    • Crypto device is compromised by accessing program memory (RAM) and sniffing cleartext;
    • Complex and highly specialized attacks involving monitoring the current consumption of crypto chip. Can do replay attack/emulate how it functions.
    • Passively monitor the processor using electromagnetic means. Read more, here: https://www.wired.com/2015/07/resear...le-cell-phone/


    These are just some of dozens of different ways to exploit a secure algorithm (or even hardware). Careful consideration must be given when implementing secure hardware devices.

    • Key distribution methods (i.e. a secure hardware device, such as the Motorola KVL3000+, KVL4000, KVL5000, operating in FIPS 140-2 mode)
    • Key storage methods. You don't store your keys on a CLEAR hard drive/flash drive and then connect it to the internet or leave it otherwise unattended/vulnerable.
    • How many crypto managers are involved with a given project? Each one is a liability.
    • Segment your secure traffic. Rekey often. Why? If a radio is stolen or a key is compromised, historical, archived traffic is vulnerable to recovery. If the same key is used for talkgroup 102, for 4 years, and someone sniffs a key from something, that archived traffic is OWNED. If the key is changed often, then only the traffic encrypted with the compromised key is owned. Same with using the same key for all talkgroups. Compartmentalize all comms/teams. Not everyone needs the same groups/keys. This is especially true on MOTOTRBO and Anytone DMR radios, where keys are easily shared/leaked via email by security-inept retards.


    The NSA has approved AES-256 (now listed in the CNSA Algorithm Suite, formerly Suite B) for securing data classified as TOP SECRET, however the implementation of the algorithm must be done in a module that's rated for the level of classification. Example: FIPS 140-2 modules are not approved for TOP SECRET traffic. The Harris SIERRA module (was used with special Type I vocons in the XTS5000 back in the day) could handle TOP SECRET traffic utilizing AES-256. However, BATON or SAVILLE were much more common for this purpose. A special keyfill device rated for CCI (classified as such when it contains keys) is used to manage keys.

    We could go forever about security. If all we're up against is hammies/hobbyists, MOTOTRBO/Anyone AES is very effective in making it IMPOSSIBLE for someone to brute-force crack a random 32-byte key, by means of intercepting your RF traffic, or even by sniffing the network (linked repeaters) traffic. The same cannot be said for ADP/EDP or DES. Stay far far away from those algorithms. They are 100% compromised and be can brute-forced in near real-time. I've seen it with my own eyes. Those algorithms/implementations are to be considered "more private than clear", but NOT secure.

    When using encryption -- any algorithm, bear in mind it's very simple for anyone to archive comms and decrypt them at a later date. They can work on key recovery, then go to town on everything you've ever said. Don't cheap out on encryption.

  34. #71
    Join Date
    Aug 15, 2019
    Posts
    42
    Thanks
    34
    Thanked 77 Times in 36 Posts
    Country: Australia

    Default

    Does the KVL4000 still reenable wifi and Bluetooth automatically if you let the battery run down, or did Motorola fix that bit of stupidity?

  35. #72
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Quote Originally Posted by syntrx View Post
    Does the KVL4000 still reenable wifi and Bluetooth automatically if you let the battery run down, or did Motorola fix that bit of stupidity?
    No idea. I never bothered with it. Junk. haha. I use the KVL3000+ with the broken clock instead

    I highly recommend duggerd's KFDTool to anyone who simply needs to load DES/AES/ADP keys to a P25 radio. Might have not secure memory or be FIPS compliant, but it certainly will accomplish key-loading for 5-10% of the price Motorola wants for their contraptions.

  36. #73
    Join Date
    Mar 08, 2014
    Location
    Florida
    Posts
    587
    Thanks
    319
    Thanked 514 Times in 283 Posts

    Default

    If you want to maximize security, avoid broadcasting over the network unless absolutely necessary. - Use simplex. Change keys AND frequencies often. Avoid use of same personal identifiers in both encrypted and clear modes. Don't say anything that could be of value 5 years in the future.

  37. The Following 2 Users Say Thank You to RFI-EMI-GUY For This Useful Post:

    k1ngfish (Yesterday),Mars (Yesterday)

  38. #74
    Join Date
    Feb 04, 2012
    Posts
    1,871
    Thanks
    179
    Thanked 667 Times in 302 Posts

    Default

    Quote Originally Posted by Mars View Post
    Rekey often.
    This is so important that it bears repeating.

  39. The Following 2 Users Say Thank You to Notarola For This Useful Post:

    Mars (Yesterday),Viper1-6 (Yesterday)

  40. #75
    Join Date
    Dec 21, 2011
    Posts
    4,509
    Thanks
    3,787
    Thanked 6,630 Times in 1,889 Posts
    Country: Canada

    Default

    Quote Originally Posted by Notarola View Post
    This is so important that it bears repeating.
    Further to your comment...

    Rekeying often, doesn't mean use a multikey radio and manually change the key via the soft menu, every week. Rekey means physically load new key(s) into radio at specified interval or when commencing a new project/investigation. This practice mitigates many keys/ops being compromised if a radio itself is stolen/compromised.

    Load 100 multikeys into a radio. Switch the key every week. But if an adversary has obtained a radio and dumped all 100 keys, they'll be listening each time the key is soft-changed. Multi-key should only be used for traffic segmentation/unique-per-agency.

  41. The Following User Says Thank You to Mars For This Useful Post:

    Viper1-6 (Yesterday)