Re: Secure passwords?

"nemo_outis" <abc@xxxxxxx> wrote in message
news:Xns972A81A79D83Fabcxyzcom@xxxxxxxxxxxx
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> news:8Fcnf.4522$zt1.656@xxxxxxxxxxxxxxxxxxxx:
>
> > "nemo_outis" <abc@xxxxxxx> wrote in message
> > news:Xns97286406A4BCFabcxyzcom@xxxxxxxxxxxxxxxxxx
> >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
> >> news:Qxxmf.480$q4.124@xxxxxxxxxxxxxxxxxxxx:
> >>
> >> > The real reason is even more simple - faster boxes tend to radiate
> >> > more and, since most of that is the computer equivilent of
> >> > "tum-te-tum, hurry up and type something", the interferance will
> >> > help to conceal unshielded keyboard and screen signals (which is
> >> > all one is interested in).
> >>
> >> The putative effects of interference are frequently overestimated. It
> >> is electronic child's play to filter interference and even, given the
> >> enormous redundancy in many signals, to extract information many
> >> decibels *below* the noise floor.
> >
> > "Child's play"? Gotta have a cite for that one.. admittedly, I'm
> > assuming that the box is somewhere close to the CRT and keyboard.
>
> Here's one example of a "canned solution" extracting signals from noise
> using FFT integration. This particular device concentrates on audio but
> the processes are quite general and apply to virtually all signal
> processing. Hell, these things are now pretty standard - they last were
> cutting edge when I read about them in Aviation Week in the 60s!
>
> http://www.baudline.com/manual/process.html

And hardly the same level of complexity! Being able to integrate a cuboid
doesn't mean that you can provide a pure solution for, say, a four-way
partial differential equation

Not that I'm saying it *can't* be done, of course - after all, aren't
weather forecasts 100% accurate? ;o)

> >> I disagree. Few have access to Tempest kit to make observations,
> >> other than illustrations in manufacturers' brochures (which disclose
> >> little other than the obvious).

> > Few != None
> >
> > Some of us may well have used such equipment for years (hint, hint)
> >
> > See above for the trivial classification level, at least here in the
> > UK.
>
>
> Those who know do not speak; those who speak do not know :-)
>
> You may, as you hint, have some level of access to these things. But
> whether that translates into understanding either the defensive and
> offensive capabilities of emsec as applied to computers is not clear -
> and likely to remain that way, I guess. Use != understand But even if
> you do understand, your understanding is of (nearly) zero value to anyone
> else if you are constrained from communicating it.

?

For the third time of saying - the classification level is the lowest level
possible, at least for the basics (i.e. how to build it). And the techniques
used aren't exactly cutting-edge, either. Nor the materials.

Have to say that I can't really understand your problem, if you've ever used
such kit. Which may or may not be likely, based on simple age - it's far
more common these days to shield the building and use off-the-shelf
equipment, except for the higher-classification networks. Even then, a small
amount of proximity control goes an awful long way.

> > Wouldn't surprise me overmuch if the exact performance characteristics
> > were stil classified - basically for what they tell you about the
> > sensors being employed. Simply estimating the weight of Tempested kit
> > should tell you how much steel has been involved in the shielding, let
> > alone simply buying something and taking it apart!
>
> Oh, the performance of most such machines is fairly clearly defined: they
> conform to some level of NATO standard AMSG 788 (& 719, 720, 784, etc. as
> well as corresponding national standards, including the simple BSI zone
> model). However, the contents of those standards are classified!
>
> But even if the standards were right in front of me, I don't want just a
> cookbook recipe (standards are generally heavy on "shalls" but silent on
> the underlying rationale). No, I want an understanding of what could be
> deployed against me, with what capabilities, at what cost, by which
> agencies. And none of that is available.
>
> Any fool (well, any technologically competent fool) can shield from emsec
> if he just throws money at the problem. RFI/EMI shielding is not exotic
> by any means; it's well-travelled technological ground. No, the trick is
> knowing whether, say, 50 dB suppression is sufficient (for a particular
> class of threat) or whether 100 dB is necessary. Big difference in cost
> (including the secondary problems that arise re ventilation & cooling,
> etc. and issues regarding usability). Moreover, even technologically
> competent fools don't just build and pray - they test and do QA on their
> designs. That means very expensive test equipment, equipment that is
> prohibitively expensive for onesy-twosy do-it-yourself projects.
>
> Regards,
>
> PS And so far we have largely confined our discussions to passive
> emsec. There is a whole other dimension of active emsec where equipment
> to be scanned is "bathed" in EM signals which the computer (or whatever
> is under investigation) modulates.

http://www.google.co.uk/search?&q=definition%3A+reverse+engineering

http://www.google.co.uk/search?&q=definition%3A+density+of+mild+steel

:o)

H1K


.

Relevant Pages

  • Re: Shielded mains cable
    ... where test equipment was built ... But what about in the case of audio equipment ... The grounded on one end shield has nothing to do with AC ground. ... was standard practice in analogue equipment racks for *all* ...
    (rec.audio.tubes)
  • Re: Unipod or Blitz?
    ... part to be fitted into a piece of equipment manufactured before ... Like most of the EU-derived standards and regulations governing ... electronics kit from twenty years ago with one from today. ... That's the European Norm on radiated emissions having an effect, ...
    (comp.sys.acorn.hardware)
  • Re: Calibration equipment design
    ... I guess the equipment manufacturers did the same a long time ago to have ... secondary standards are pricey, ... An above standard precision is ok. ... Making electronic equipment or calibration standards do not differ much, ...
    (sci.electronics.equipment)
  • Re: Shielded mains cable
    ... control room racks, where test equipment was built ... But what about in the case of audio equipment ... The grounded on one end shield has nothing to do with AC ground. ...
    (rec.audio.tubes)
  • Re: TX/WiFi: Gotcha!
    ... > As equipment is upgraded to "G", it must be run in mixed mode for ... There's tons of b equipment in the world ... But both b and g are standards. ... I don't think the speed and range differences are ...
    (comp.sys.palmtops.pilot)