kottke.org posts about cryptography

The Secret Message Encoded in the Parachute of the Mars Perseverance Rover

posted by Jason Kottke   Feb 24, 2021

decode instructions for the secret message hidden in the pattern of the Parachute of the Perseverance rover

decode instructions for the secret message hidden in the pattern of the Parachute of the Perseverance rover

NASA engineers encoded a secret message in the parachute the Perseverance rover used to slow its descent to the surface of Mars. Tanya Fish provided a handy guide to decoding it on Twitter and as a PDF available on GitHub.

Lava Lamps Help Keep The Internet Secure??

posted by Jason Kottke   Jan 14, 2021

Web performance and security company Cloudflare uses a wall of lava lamps to generate random numbers to help keep the internet secure. Random numbers generated by computers are often not exactly random, so what Cloudflare does is take photos of the lamps’ activities and uses the uncertainty of the lava blooping up and down to generate truly random numbers. Here’s a look at how the process works:

At Cloudflare, we have thousands of computers in data centers all around the world, and each one of these computers needs cryptographic randomness. Historically, they got that randomness using the default mechanism made available by the operating system that we run on them, Linux.

But being good cryptographers, we’re always trying to hedge our bets. We wanted a system to ensure that even if the default mechanism for acquiring randomness was flawed, we’d still be secure. That’s how we came up with LavaRand.

LavaRand is a system that uses lava lamps as a secondary source of randomness for our production servers. A wall of lava lamps in the lobby of our San Francisco office provides an unpredictable input to a camera aimed at the wall. A video feed from the camera is fed into a CSPRNG [cryptographically-secure pseudorandom number generator], and that CSPRNG provides a stream of random values that can be used as an extra source of randomness by our production servers. Since the flow of the “lava” in a lava lamp is very unpredictable, “measuring” the lamps by taking footage of them is a good way to obtain unpredictable randomness. Computers store images as very large numbers, so we can use them as the input to a CSPRNG just like any other number.

(via open culture)

The NSA is decrypting all the things

posted by Jason Kottke   Sep 06, 2013

Edward Snowden’s leak of NSA documents keeps paying dividends. The latest report (in the Guardian, the NY Times, and Pro Publica) alleges that the NSA has cracked or circumvented many of the internet security protocols designed to keep communications private from third parties. From the Pro Publica piece:

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Cryptographer Matthew Green speculates on exactly how the NSA might have achieved these results and what the implications are.

Probably the biggest concern in all this is the evidence of collaboration between the NSA and unspecified ‘telecom providers’. We already know that the major US (and international) telecom carriers routinely assist the NSA in collecting data from fiber-optic cables. But all this data is no good if it’s encrypted.

While software compromises and weak standards can help the NSA deal with some of this, by far the easiest way to access encrypted data is to simply ask for — or steal — the keys. This goes for something as simple as cellular encryption (protected by a single key database at each carrier) all the way to SSL/TLS which is (most commonly) protected with a few relatively short RSA keys.

If you’re concerned about the privacy of your communications, security expert Bruce Schneier has some suggestions for keeping secure.

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you’re much better protected than if you communicate in the clear.