Internet Security I: Cryptography and the Darknet

Jung uses the term synchronicity as a synonym for magick.




A friend recently posted to Facebook a link to an article on the wall of lava lamps responsible for security for an estimated ten percent of the world's internet traffic.
The lava lamps provide entropy, a source of true randomness, vital to encryption at heart of internet security. The lava lamp story is a true story and only about as weird as we have come to expect from reality.

As a software engineer who has spent part of his career developing web applications I have to know the basics of internet security, and actually it is a wondrous thing.

The two most important things to know about internet security, as a software engineer, is first that it's important and second that you don't write your own security code. Or at least you don't write your own versions of the standard algorithms and you definitely don't create your own.

The next most basic thing every developer should know is that you never (ever) store user passwords. Instead you store a salted one-way hash. So every time you hear of a website breach revealing usernames and passwords it's very likely the company behind the website wasn't using even basic  security measures.

The standard security protocols and algorithms (the ciphers) are designed so that even knowing how a message was encrypted it shouldn't be possible (without thousands of years of computing power) to crack the cipher and decrypt the message. This means that the *best* code for providing encryption is open source code where anyone can look at it. You might think that this would make the code less secure as anyone can examine it to find vulnerabilities (ways to break the code), but the principle of "many eyes" means that thousands of people scouring the source code are much more likely to find the problems and fix them.

There is a whole industry of ethical "white hat" hackers, practising responsible disclosure, who try to find ways to break into systems and are determined to keep the internet safe. They stand in opposition to "black hat" hackers, many of whom are government agencies unfortunately as proven by the Snowden leaks, who also try and find security vulnerabilities and weaken us all by keeping them secret in order to use them.

Have you ever wondered about the basics of internet security? The internet is inherently insecure, any information sent across it can be "sniffed" anywhere along the way. If two computers wish to talk to each other securely then the messages between them must be encrypted. But if encryption and decryption requires a key, how can computers give each other keys across an insecure connection?

The answer is beautiful math. Assymetric key encryption allows one machine to give another machine a "public key" that can be used to encrypt messages. The only thing that can decode messages encrypted with that key is the corresponding "private key" which the computer keeps secret. So the public key can be sent "in the clear", and even knowing the encoded message, how it was encrypted and the public key used to encrypt it, it is *still* impossible to decrypt it without the private key.

The heart of cryptography is math. Math is purely abstract, it has no objective reality beyond human imagination and is a construct of our minds helpful in understanding reality. Yet whilst it doesn't really exist, at the same time it is constantly facilitating conversation and commerce all around you.

The Darknet

There's been an interesting shift in the darknet in the last few months or so. The darknet is a version of the internet operating over something called "Tor". Tor is a technology originally developed by the US navy for secure communication that allows internet sites to operate with their location and visitors untrackable by normal means.

The black market, for all manner of things, took to the darknet with gusto. Large markets for illegal products took to operating via the darkenet, using cryptocurrencies (digital currencies) like bitcoin for transactions. Bitcoin is not anonymous, it is highly trackable, but there are technological ways round this via coin tumbling. Tumbling effectively launders your bitcoin to make them untraceable. PGP (Pretty Good Privacy) encryption is used to protect messages from prying eyes.

In recent months the major markets have been taken down by law enforcement agencies, usually exploiting browser vulnerabilities and the idiocy of market operators to find them. First Silk Road was taken down, with AlphaBay and HansaMarket next including the feds running Hansa for a while to find the sellers. Particularly the sale of firearms, child pornography, identity theft and narcotics are traded on the darknet and of interest to those who have a reason to be interested in such things. Individual buyers of narcotics are of no interest, but finding the sellers and shutting down the markets are.

One of the last major marketplaces, Dream, seems to be down and untrusted by those who know. The alternative that has sprung up in place of the large markets seems to be individual vendors selling directly via their own sites or encrypted messaging systems. As perceived risk for sellers has gone up so have prices, although still well below street prices for those able to navigate the technological maze.

One of the major functions lost with the markets is escrow for buyers. Escrow is a system intended to permit buyers to purchase with safety against scams or intercepted deliveries but also how several market runners have attempted to exit their risky trade by absconding with all bitcoin held in escrow - the so called "exit scam". Along with escrow the reputation system (similar to ebAy) is also lost, leaving buyers with a much riskier path. For those who know where to look, and reddit isn't a bad place to start, reputation and vendor lists are still curated and available but this is an ever shifting landscape. One of the frontiers of the new wild west.


You may also be interested in the following programming related articles:




"One of the common objections to Christianity is that it would seem to permit the truly evil to repent. If the truly evil really could repent, and change, I don't think that would actually be a bad thing."

Popular posts from this blog

The Jesus Army and the Independent Inquiry into Childhood Sexual Abuse

Image
 IICSA Inquiry - Child Protection in Religious Organisations and Settings  The Truth Project for Victims of Religious Abuse The exclusively male authority of the Jesus Army, delegated from the cruel and unusual senior pastor Noel Stanton, was full of darkness and deceit and nothing of God. It was a personality cult with Noel as an absolute ruler who delighted in crushing people.  Those in the cult who took on a sacred duty to care, and swore a covenant to it, have to answer for the shameful way they treated so many. The leaders who were in charge; it happened on their watch, they let it happen and made it happen. Oath breakers and traitors. To betray love is its own reward. There is a price to be paid in the heart. Deuteronomy 1:35  None of this evil generation will see the good land I promised your ancestors. The JA called itself the "Joshua generation", the J Generation. They didn't read the story right. Only two from that generation believed God and entered the promise
Read more

Commentary on Brexit and Thoughts on Patriotism

Image
I don't seem to meet many ordinary people. Most people seem extraordinary. As much as I am opposed to Brexit it seems curious to me the delight with which some people I follow on Facebook seem to take in news that the negotiations are apparently difficult and that it could be bad for Britain. They seem to relish the damage as they'd rather be right than see something good come out of it. It is a rather foolish state of mind to wish harm upon yourself and your fellows merely in order to be proven right. I detest much of the harm and lack of compassion I see in the Tory government, whilst accepting that those who vote conservative see the world in a very different way to me and that I am not wholly right and nor are they. I want the best for the UK and I want the best for Europe and I sincerely hope we can find our way forward together no matter who is in government in the UK. This is why party politics is so pernicious. It cons you into supporting a side instead of suppo
Read more

The Bible: The Good Parts

Image
I'll start by saying what most "bible believing" Christians dare not say: the bible is a highly problematic book. As a historical record of the (gradual) revelation of the nature of God to humanity it paints a pretty unflattering view of God at times - seen through the eyes of a fallen humanity.  For a look at some of the parts of the Bible that have been used to cause harm see: The Bible: The Bad Parts The bible was greatly redeemed in my eyes by reading " A Matter of Integrity "  by Steve Chalke. I recommend it to everyone. Seen as the ongoing revelation of God to humanity, a revealing that didn't just stop 2000 years ago by the way, the bible again became something sacred and beautiful to me. Despite being a "difficult" book, the nature of God and the way to the kingdom are hidden (or revealed - as you please) within the bible. Below are some of my favourite passages (there are many more that I could have picked) that reveal God and
Read more