From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.180.77.115 with SMTP id r19mr3846190wiw.4.1376933157096; Mon, 19 Aug 2013 10:25:57 -0700 (PDT) Path: border1.nntp.dca3.giganews.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!el7no2197923wib.1!news-out.google.com!cc8ni41473wib.1!nntp.google.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!193.141.40.65.MISMATCH!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!news-1.dfn.de!news.dfn.de!news.uni-weimar.de!medsec1.medien.uni-weimar.de!lucks From: Stefan.Lucks@uni-weimar.de Newsgroups: comp.lang.ada Subject: Re: library/binding for sftp? Date: Mon, 19 Aug 2013 19:26:16 +0200 Organization: Bauhaus-Universitaet Weimar Message-ID: References: <85li4gmhrt.fsf@stephe-leake.org><2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net><85vc3jfias.fsf@stephe-leake.org><1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net><85bo59g6h7.fsf@stephe-leake.org><5987935c-dbce-4602-b0e6-2bb85513588b@googlegroups.com><9oo34px7j5ko$.1j7bcnxwzgcxe.dlg@40tude.net><20130808111404.5fc6ce14@hactar.xn--rombobjrn-67a.se><1nfcrgjw8vkrb.1aukq12ys882l$.dlg@40tude.net><20130808133709.09dfef98@hactar.xn--rombobjrn-67a.se> <20130809104904.6ca91de2@hactar.xn--rombobjrn-67a.se> NNTP-Posting-Host: medsec1.medien.uni-weimar.de Mime-Version: 1.0 X-Trace: tigger.scc.uni-weimar.de 1376933156 17028 141.54.178.228 (19 Aug 2013 17:25:56 GMT) X-Complaints-To: news@tigger.scc.uni-weimar.de NNTP-Posting-Date: Mon, 19 Aug 2013 17:25:56 +0000 (UTC) X-X-Sender: lucks@debian In-Reply-To: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) Content-Type: TEXT/PLAIN; format=flowed; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Original-Lines: 48 X-Original-Bytes: 3524 Xref: number.nntp.dca.giganews.com comp.lang.ada:183066 Date: 2013-08-19T19:26:16+02:00 List-Id: On Fri, 9 Aug 2013, Randy Brukardt wrote: >>>>> Firstly, there is no protection against targeted attack. Secondly, >>>>> regarding spies, they aren't any good in programming. Obscuring is >>>>> the best method against unfocused surveillance which works only >>>>> with known protocols. >>>> >>>> Four false statements in a row. >>> >>> There are only three here, >> >> Three sentences, but I see two statements in the third sentence. > > There is only one in the third sentence that I see. "best method". The re= st > is a definition. Randy, I see two statements in the third sentence, and no definition: 1. obscuring is the best method against unfocused surveillance 2. unfocused surveillance works only with known protocols. I question the first statement. The second one is dangerously wrong, and there are plenty of=20 counterexamples. One common error frequently found in homegrown protocols is encrypting=20 some stuff while leaving other sensitive information in the clear. E.g.,=20 older versions of WinZip did support the encryption of files, while=20 including plain filenames in the archives. (I am not sure about recent=20 versions of WinZip.) Any protocol based on sending "encrypted" archives=20 would trivially leave the filenames open even for unfocused surveillance=20 operations -- if that was fishing for filenames. ------ I love the taste of Cryptanalysis in the morning! ------ --Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universit=E4t Weimar, Germany--