From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,
	PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4
Path: 
 border1.nntp.dca3.giganews.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news.bbs-scene.org!weretis.net!feeder4.news.weretis.net!newsfeed.fsmpi.rwth-aachen.de!reality.xs3.de!news.jacob-sparre.dk!loke.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: library/binding for sftp?
Date: Mon, 19 Aug 2013 17:45:34 -0500
Organization: Jacob Sparre Andersen Research & Innovation
Message-ID: <kuu76i$mej$1@loke.gir.dk>
References: 
 <85li4gmhrt.fsf@stephe-leake.org><2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net><85vc3jfias.fsf@stephe-leake.org><1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net><85bo59g6h7.fsf@stephe-leake.org><ul3xotcxb4wh$.1rfdfqdzhndf.dlg@40tude.net><kttvbd$jp7$1@dont-email.me><bccmiwywovsc.1gr3p41feupbk$.dlg@40tude.net><5987935c-dbce-4602-b0e6-2bb85513588b@googlegroups.com><9oo34px7j5ko$.1j7bcnxwzgcxe.dlg@40tude.net><ef5ac77e-14b7-4328-8b7f-0db73020cee5@googlegroups.com><20130808111404.5fc6ce14@hactar.xn--rombobjrn-67a.se><1nfcrgjw8vkrb.1aukq12ys882l$.dlg@40tude.net><20130808133709.09dfef98@hactar.xn--rombobjrn-67a.se><ku0qti$6nr$1@loke.gir.dk>
 <20130809104904.6ca91de2@hactar.xn--rombobjrn-67a.se>
 <ku3ig5$9ml$1@loke.gir.dk> <alpine.DEB.2.10.1308191900320.24091@debian>
NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net
X-Trace: loke.gir.dk 1376952339 22995 69.95.181.76 (19 Aug 2013 22:45:39 GMT)
X-Complaints-To: news@jacob-sparre.dk
NNTP-Posting-Date: Mon, 19 Aug 2013 22:45:39 +0000 (UTC)
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-Original-Bytes: 3416
Xref: number.nntp.dca.giganews.com comp.lang.ada:183075
Date: 2013-08-19T17:45:34-05:00
List-Id: <comp.lang.ada>

<Stefan.Lucks@uni-weimar.de> wrote in message 
news:alpine.DEB.2.10.1308191900320.24091@debian...
On Fri, 9 Aug 2013, Randy Brukardt wrote:

>>>>> Firstly, there is no protection against targeted attack. Secondly,
>>>>> regarding spies, they aren't any good in programming. Obscuring is
>>>>> the best method against unfocused surveillance which works only
>>>>> with known protocols.
>>>>
>>>> Four false statements in a row.
>>>
>>> There are only three here,
>>
>> Three sentences, but I see two statements in the third sentence.
>
> There is only one in the third sentence that I see. "best method". The 
> rest
> is a definition.

Randy, I see two statements in the third sentence, and no definition:

1. obscuring is the best method against unfocused surveillance
2. unfocused surveillance works only with known protocols.

I question the first statement.

The second one is dangerously wrong, and there are plenty of
counterexamples.

One common error frequently found in homegrown protocols is encrypting
some stuff while leaving other sensitive information in the clear. E.g.,
older versions of WinZip did support the encryption of files, while
including plain filenames in the archives. (I am not sure about recent
versions of WinZip.) Any protocol based on sending "encrypted" archives
would trivially leave the filenames open even for unfocused surveillance
operations -- if that was fishing for filenames.


------  I  love  the  taste  of  Cryptanalysis  in  the morning!  ------
     <http://www.uni-weimar.de/cms/medien/mediensicherheit/home.html>
--Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--