Go Back   Team-BHP > Around the Corner > Shifting gears


Closed Thread
 
Thread Tools Search this Thread
Old 30th July 2013, 11:19   #181
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,339
Thanked: 14,171 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
It is 256-bit. For symmetric encryption, 256-bit is a real tough nut to crack. Quoting directly from Wikipedia:

"50 supercomputers that could check a billion billion (10^18) AES keys per second (if such a device could ever be made) would, in theory, require about 310^51 years to exhaust the 256-bit key space."

There are a number of conspiracy theories that claim the NSA has backdoor access to AES that allows them to break it. No evidence of this has ever been presented though (AES is an open algorithm and has Belgian roots).
Well, if websense can easily look into your secure https traffic, what makes you think NSA can't? The trick is in routing your traffic through a proxy. If NSA can control a few prominent routers, it can be achieved.

http://doublef.org/archives/websense...https-proxying

I remember how RSA digital public/private key encryption could not be used outside USA until late 90s. Then Clinton changed his mind all of a sudden, and made it available to whole world, except 6-7 countries. Then the buzz was that NSA had the third key, or could generate any private key. Then Internet commerce was still in the infancy and nobody really was worried about it.

PS: This month I completed 20 years on Internet. When I look back, I am amazed how much it has changed the world around us.
Samurai is offline  
Old 30th July 2013, 11:31   #182
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 1,946
Thanked: 1,410 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by Samurai View Post
Well, if websense can easily look into your secure https traffic, what makes you think NSA can't? The trick is in routing your traffic through a proxy. If NSA can control a few prominent routers, it can be achieved.

http://doublef.org/archives/websense...https-proxying
From that article:

"A self-signed SSL Certificate is required for the inbound SCIP process to work. This certificate then needs to be deployed and imported into your client’s Trusted Root CA stores . We leveraged Microsoft Group Policies to handle this for Internet Explorer, but this didn’t address our Mac OSX clients, mobile devices, or Firefox users."

If your computer's root certificate store is not safe, then what is? As you can see, it works only with Internet Explorer, and that too with Group Policies (ie, Microsoft AD-controlled domains). In all other cases, it needs the cooperation of the user. In particular, it will not work on Linux/Firefox etc.

Quote:
Originally Posted by Samurai View Post
I remember how RSA digital public/private key encryption could not be used outside USA until late 90s. Then Clinton changed his mind all of a sudden, and made it available to whole world, except 6-7 countries. Then the buzz was that NSA had the third key, or could generate any private key. Then Internet commerce was still in the infancy and nobody really was worried about it.
Correct. As I mentioned, there have always been conspiracy theories around this (the NSA's access to backdoors). I guess this is one of the questions we'll never get the answer to, unless another Snowden decides to come clean.

Quote:
Originally Posted by Samurai View Post
PS: This month I completed 20 years on Internet. When I look back, I am amazed how much it has changed the world around us.
Come to think of it - me too (3rd semester started in July '93, and with it access to the department's computing infrastructure including emails and web - NCSA Mosaic, anyone?)

Quote:
Originally Posted by mxx View Post
Why this privacy concern? Unless you are living under a rock, government already has your data from various sources- PAN, passport, ration card, driving license, census data. So, why scared about privacy when talking about aadhar or NPR?
The government can have my attributes (which they start collecting from the moment of my birth), as long as they can make sure only authorized people have access to it, in legal ways. Here the problem is that the government is asking for complete access to all my transactions too, even when such transactions have nothing to do with the government. Among the examples you quote (keeping PAN separately), ration card and passport do record a subset of transactions, but they are opt-in.

As for PAN: it is indeed an intrusion, and is forced down our throats in the names of tax collection and reduction in black money. As Cobrapost and many others have shown, it does not deter anyone. Even then, its scope is fairly limited (there are probably < 15 crore PAN card holders in India).

Last edited by binand : 30th July 2013 at 11:53.
binand is online now  
Old 30th July 2013, 12:47   #183
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,339
Thanked: 14,171 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
If your computer's root certificate store is not safe, then what is?
How hard is it for one of the root CA certificate to belong to NSA. Anyway, such speculations have no end.

Quote:
Originally Posted by binand View Post
Come to think of it - me too (3rd semester started in July '93, and with it access to the department's computing infrastructure including emails and web - NCSA Mosaic, anyone?)
I started working at AT&T Bell Labs in July 93. First one year was purely email/ftp/Usenet/Archie/Gopher/listserv etc. You probably remember the India network news digest from Bowling Green State University. Started using NCSA Mosaic only in 1994, soon followed by Netscape.
Samurai is offline  
Old 30th July 2013, 13:47   #184
Senior - BHPian
 
msdivy's Avatar
 
Join Date: Aug 2006
Location: Bangalore
Posts: 1,440
Thanked: 829 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
PRISM was about illegal access to the stored version at the service provider's end.
It is still not clear what exactly NSA is doing. There were reports that NSA has 5 Zettabyte (1 ZB = 1 billion TB) storage facility in Utah. Snowden has revealed that NSA has tap on internet traffic of major ISPs like AT & T, Verizon. Google, Microsoft, Facebook has clarified that they by default don't share any user information with NSA or FBI (they must do so if there a warrant from court).

So NSA could be tapping all internet traffic and storing in their data center. NSA has clarified that they store only metadata (like email, www headers). But there is no reason why they can't store the content.

If the web content is plain text (like HTTP), they can read off the traffic. Most of the email (port 25 SMTP traffic) is unencrypted. So no issues for email. For encrypted web traffic like HTTPS, there are many options for NSA:
1) Get a warrant from court.
2) Wait for expiry of data. Courts consider data older than 6 months as expired. So after 6 months they can approach Google, FB or Microsoft & ask them to decode.
3) This is crazy but can happen - NSA might get hold of private keys of Google, FB or Microsoft, just decode traffic on the fly and read like plain text, when they are tapping these companies ISPs. If NSA is doing this, then may face action from the court.

So there are many ways NSA can see your data without trying any brute-force methods. BTW, brute force is costly and takes time.
Quote:
To encrypt data in storage, you need specialized tools - I personally prefer TrueCrypt (www.truecrypt.org).
Right, with stronger encryption, even NSA won't be able to decode.
Quote:
Originally Posted by Samurai View Post
Well, if websense can easily look into your secure https traffic, what makes you think NSA can't?
Wensense acts as man in the middle and hence it can see the traffic. If NSA tries this, it is easily exposed since certificate thumbprint is unique for any certificate and NSA cannot spoof that.
msdivy is offline  
Old 30th July 2013, 14:24   #185
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 1,946
Thanked: 1,410 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by msdivy View Post
...there are many options for NSA:
1) Get a warrant from court.
The PATRIOT Act gets rid of those pesky things, warrants.

http://www.aclu.org/blog/national-se...le-less-secret

Keeping this on-topic, we too have a tradition of laws that trample over civil liberties - from the MISA of Indira Gandhi (which she got listed in the 9th schedule) to the present version of UAPA.
binand is online now  
Old 30th July 2013, 14:31   #186
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,339
Thanked: 14,171 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by msdivy View Post
If NSA tries this, it is easily exposed since certificate thumbprint is unique for any certificate and NSA cannot spoof that.
You are talking about the limits we know of... NSA is not a hacker, their backdoor if any, will be designed into the software implementation. If you are using opensource like openssl, you could go over every line and make sure there are no backdoors. But if you are using hardware/software provided by US corporations, it is very very hard to ascertain that. Back in the Bell Labs days, I was told that such backdoors existed in every communication equipment (like exchanges) right from the WW-II days. Same practice was continued into networking equipment later.
Samurai is offline  
Old 30th July 2013, 14:37   #187
Senior - BHPian
 
srishiva's Avatar
 
Join Date: Nov 2006
Location: Bengaluru
Posts: 3,545
Thanked: 766 Times
Infractions: 0/1 (4)
Default Re: Nationwide UID - will it work?

I think with the advent of PGP, the backdoor was shut on govt agencies. How many of you guys find 'The Code Book' a delightful read?
Also, I did not understand what was the big deal that NSA was listening to traffic. Its been happening for a really long time and was public knowledge. There is a facility in UK where it operates with them. Majority of traffic is un-encrypted anyway.

Last edited by srishiva : 30th July 2013 at 14:41.
srishiva is offline  
Old 30th July 2013, 14:46   #188
Senior - BHPian
 
msdivy's Avatar
 
Join Date: Aug 2006
Location: Bangalore
Posts: 1,440
Thanked: 829 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by dass View Post
It has been over a month since I and my wife stood in a long queue for over 4 hours to get ourselves enrolled for an aadhar card
The details of UID centers is not shared and sometimes it happens on adhoc basis. At JP nagar post office center, the queue starts to build up from 8AM. When the counter opens at 9AM, they issue a token for interview, which is usually after few weeks.
My friend informed me that is a center at Shalini grounds Jayanagar where is there is hardly anybody. There are 4 counters and no queue. I visited with my daughter at 12PM on a Saturday and we were out in 20 minutes.
Quote:
Originally Posted by binand View Post
The PATRIOT Act gets rid of those pesky things, warrants.
Patriot Act expires in 2015. In the light of recent happening, not sure if they will renew again.
Quote:
Originally Posted by srishiva View Post
Also, I did not understand what was the big deal that NSA was listening to traffic.
NSA is building a map of people & their networks. If there is a suspect, they know all the folks he has contact and all the folks his contacts have. NSA has said they investigate even 2nd degree, sometime 3rd degree contacts. That covers most folks on the internet. The whole operation looks like Stasi network, the secret police of East Germany.

The point is, with this data NSA can build case on anybody, I mean anybody to put them behind bars. Bad guys already know this and they are not fools to plan an activity on Facebook. So why is NSA spending billions of dollars on such an infrastructure?

Last edited by msdivy : 30th July 2013 at 15:02.
msdivy is offline  
Old 30th July 2013, 14:50   #189
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 1,946
Thanked: 1,410 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by Samurai View Post
You are talking about the limits we know of... NSA is not a hacker, their backdoor if any, will be designed into the software implementation.
Even that will be caught. Their backdoor is the National Security Letter (see previous post) - which the service provider has to obey and whose receipt he is not allowed to acknowledge.

Quote:
Originally Posted by srishiva View Post
Also, I did not understand what was the big deal that NSA was listening to traffic.
The big deal is the coverage of the programme, and its warrantless nature (which is in direct violation of the fourth amendment to the US constitution). The difference is approximately the same as asking a member of your household, "may I read this one letter addressed to you?" and forcing opening every mailbox in the neighbourhood to read every letter within.
binand is online now  
Old 30th July 2013, 14:56   #190
Senior - BHPian
 
srishiva's Avatar
 
Join Date: Nov 2006
Location: Bengaluru
Posts: 3,545
Thanked: 766 Times
Infractions: 0/1 (4)
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
Even that will be caught. Their backdoor is the National Security Letter (see previous post) - which the service provider has to obey and whose receipt he is not allowed to acknowledge.



The big deal is the coverage of the programme, and its warrantless nature (which is in direct violation of the fourth amendment to the US constitution). The difference is approximately the same as asking a member of your household, "may I read this one letter addressed to you?" and forcing opening every mailbox in the neighbourhood to read every letter within.
They are not asking anyone here Any traffic from Europe to US was always monitored since world war days.
Anyway, I have no problems if they search my traffic for any word combinations until I turn a Politician.
srishiva is offline  
Old 30th July 2013, 19:44   #191
999
BHPian
 
999's Avatar
 
Join Date: Apr 2011
Location: Trivandrum
Posts: 227
Thanked: 84 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
It is 256-bit.
My bad it should have been bit
Quote:
Originally Posted by binand View Post

PRISM is not about decrypting encrypted traffic. The encryption - the common variety that you or me encounter daily by means of "lock icon" and the like - encrypts data in transport, not in storage.
Agree, PRISM is not only about reading server data. It had a subsidiary programme called BLARNEY to intercept data mid stream or choke points. These may require decryption on the fly?

Quote:
Originally Posted by binand View Post

This storage could be at either end - your computer, or at the service provider's. PRISM was about illegal access to the stored version at the service provider's end.
Not only that. The NSA was even sniffing the marine internet cables directly for data, to which they have direct access in the name of security by international treaties.

Quote:
Originally Posted by binand View Post
The Blackberry issue is that the device encrypts BBM messages in transport between handsets. So the unencrypted version is available only at the source and destination handsets - even RIM cannot see it decrypted. This is still not resolved, if I remember correctly (the GoI and RIM have reached an agreement about emails sent via BB, not about BBM).
http://docs.blackberry.com/en/admin/..._193608_11.jsp
Before the BlackBerry device sends a message, it compresses the message and then encrypts the message using the master encryption key, which is unique to that BlackBerry device. The BlackBerry device does not use the master encryption key in the compression process.
When the BlackBerry Enterprise Server receives the message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message using the master encryption key of the BlackBerry device, and then decompresses the message.


BB didnt want to part with this master key(device pin, can be reset by a service engineer), if I understood the matter correctly. So GoI had to come up with a compromise. BB even declined to set up servers in India, which would have helped the case. As you know they are in Canada.

Also NSA is said to have a breakthrough in AES encryption some time back. Their new data center in Utah is really unique.

http://www.wired.com/threatlevel/201...tacenter/all/1

LPG is just the beginning. Have you seen the new passport renewal form? Already aadhar is asked for. Now not mandatory, but again it is just a matter of time.

Last edited by 999 : 30th July 2013 at 19:46.
999 is offline  
Old 30th July 2013, 22:13   #192
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 1,946
Thanked: 1,410 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by 999 View Post
Agree, PRISM is not only about reading server data. It had a subsidiary programme called BLARNEY to intercept data mid stream or choke points. These may require decryption on the fly?
Or it could be targeted at the unencrypted traffic out there (think emails).

Quote:
Originally Posted by 999 View Post
http://docs.blackberry.com/en/admin/..._193608_11.jsp
Before the BlackBerry device sends a message, it compresses the message and then encrypts the message using the master encryption key, which is unique to that BlackBerry device. The BlackBerry device does not use the master encryption key in the compression process.
This is all about emails sent from the BB handheld. I was talking of BBM. But you appear to be right, there seems to be a master key even for BBM which is burned onto the device at the point of manufacture.

I have now access to Silent Text on my Android phone. I now just need to get my pals to install it too. :-) This is Phil Zimmerman's, who I hope and trust hasn't yet given in to GoUS pressure.

Quote:
Originally Posted by 999 View Post
LPG is just the beginning. Have you seen the new passport renewal form? Already aadhar is asked for. Now not mandatory, but again it is just a matter of time.
As long as it is optional, I will opt-out.
binand is online now  
Old 31st July 2013, 20:14   #193
999
BHPian
 
999's Avatar
 
Join Date: Apr 2011
Location: Trivandrum
Posts: 227
Thanked: 84 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by binand View Post
Or it could be targeted at the unencrypted traffic out there (think emails).
you may have already seen this,
http://www.theguardian.com/world/201...am-online-data

Thanks for the silent text info. I will check that out .

Last edited by 999 : 31st July 2013 at 20:21.
999 is offline  
Old 3rd August 2013, 21:14   #194
BHPian
 
Join Date: Aug 2010
Location: Bangalore
Posts: 90
Thanked: 63 Times
Default Re: Nationwide UID - will it work?

Quote:
Originally Posted by msdivy View Post
The details of UID centers is not shared and sometimes it happens on adhoc basis.
My friend informed me that is a center at Shalini grounds Jayanagar where is there is hardly anybody. There are 4 counters and no queue. I visited with my daughter at 12PM on a Saturday and we were out in 20 minutes.
msdivy,
I took your cue and went to Shalini grounds today and we were done in 2 hours. There were just four people when I walked in.

Thanks.
fordday
fordday is offline  
Old 16th August 2013, 21:16   #195
BHPian
 
rohan_iitr's Avatar
 
Join Date: Feb 2009
Location: Bangalore
Posts: 992
Thanked: 401 Times
Default Re: Nationwide UID - will it work?

My wife went for aadhar card enrollment. But the data entry operator made a mistake while entering the bank account details. The name of Bank is wrong.

How to get it corrected ?

Rohan
rohan_iitr is offline  
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Car Accessories - AutoTrends.in (Mumbai & nationwide shipping) anoshdhondy Mumbai 8 4th July 2016 16:41
Chicken Pox Vaccine: India facing a nationwide shortage? A.R Shifting gears 26 10th March 2015 01:06
NHAI: Nationwide Toll Plaza Data now online! moralfibre Street Experiences 39 24th November 2014 21:39
nationwide bandh jul 5th- Which companies are closed babaops Shifting gears 55 6th July 2010 22:50


All times are GMT +5.5. The time now is 16:25.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks