Reply to: Lavabit

Current client asked me to password protect the spreadsheet, and then email the password and the spreadsheet together, for security purposes.

FTFY

Everything that goes through BlackBerry goes through one of their NOC's, originally these were just in Canada but have now them in Europe too. GCHQ have approved BlackBerry for upto IL3 (Restricted), I know this as I was on the project that got them accredited when I worked for the Police

Encryption

The only form of encryption that I can guarantee the NSA can't crack by interception is a one time pad.

Generate a USB stick full of random noise.

For each byte in your message XOR it with the next byte in the noise
Only ever use one byte of randomness, ever, so increment the pointer.

The data structure you send the client is thus a header saying where in the sequence you start, then data, then some extra crap to bulk up the message so that the interceptor can't say "aha, this message is longer !" Also of course you need to send messages at random intervals so they can't work out that "X happened after he sent this message"

The client has a copy of your USB stick

Generating the random numbers is an interesting problem, give up all thoughts now of using the rand() function in whatever language you use.

The best thing to do is sample the sound card in your PC to produce a file of N billion randomish bytes
When you have enough bytes, loop and XOR the file with new randomish numbers until you are satisfied it is random enough
The use an SHA or similar has because you're paranoid, and finally because you're really paranoid run a loop that uses noise to choose pairs of values to swap within the large file.

That sounds a bit paranoid, but there are some patterns in the randomish noise you get from sampling a sound card that doesn't have a microphone attached.

Then visit client, give them the USB, and entreat them to keep it really safe.

With the key, decryption is trivial and fast, though if you're a defence contractor you will need to make it look more complex to justify the bill.

This is because exclusive OR-ing undoes itself

ie for all A and all B

(A XOR B) XOR B = A

Since there is no repitinio or pattern in the key and because the key is longer than the plaintext, it cannot be cracked, all all. This is not a "life time of the universe" scale problem it just can't be done, just like you can't count all the fractions.



The only way possible to hack this is if the bad/good guys intercept you without you knowing or by some other means get access to the USB sticks or the machines it runs on.

Since you're serious about this, you don't just carry one USB stick with you, but N which have to be combined to give the right key this method existing only in your head, again XORing them, with some other process you can think up.

This also serves as authentication, since key holders can encrypt in a way that can be decoded.

Ideally, you should send multiple keys by multiple routes as well.

The analysis regards a EU product built for a US client. It is 'commercial in confidence' that analysis would most certainly benefit competitors.

That's ironic as a company I know that are paranoid about security heavily use Blackberrys, supposedly they have some agreement with Blackberry that nothing goes on but I think they're kidding themselves

It's about as useful as GCHQ getting Huewai to audit themselves over whether there's any root kits in the telecoms hardware

I once had a Client who when approached about sending sensitive information the said "Its ok, we use the password on the MS Word Document"

Is this news? A few years back Blackberry's were not allowed at some companies due to the fact that all data would route via US servers, so was considered unsecure.

That depends on how secure you need to be, what the data contains, and who the data belongs to.
If it needs to be fully secure then it should not be passed anywhere online.
If it's information about your Ltd, then do you really think the US are going to be interested? It's unlikely they'll want to use that info for a commercial advantage.

Security is all about scaling as appropriate. The more secure you need to be, generally the less convenience you'll have.

I used to have an anonymous email address through anon.penet.fi but that seems to have shut down some time back.

Still at least they don't spy on their citizens as much as the Uk you can sleep soundly at night now