More updates on old tech from the 60's.

 

How to factor 2048 bit RSA integers with less than a million noisy qubits
"could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week,"
https://arxiv.org/abs/2505.15917#

Only a million. Crack that whip!

 

https://apnews.com/article/crypto-bitcoin-kidnapping-wrench-attack-ddc7263c25ba590f85648e1682576971

Why ‘wrench attacks’ on wealthy crypto holders are on the rise



Used properly, such wallets can defeat even the most sophisticated and determined hackers.

But they can’t defeat thieves who force a victim to give up their password to access their wallets and move money.

 

https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more

 

https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more

It is incredible to me that there exist people that would willingly install internet-enabled cameras in their homes.

Allen Funt would be thrilled!

 

It is incredible to me that there exist people that would willingly install internet-enabled cameras in their homes.

Allen Funt would be thrilled!

Not surprising to me at all. There are several kinds of people that would do so in a heartbeat. One group has those that are so naive (still) that they just blindly assume that nothing bad can possibly happen and that it will due exactly (and only) what they are wanting to use it for. Another group are those that turn off all critical thought as soon as some shiny freebie is dangled in front of them -- these are the folks that have hundred of "free" apps installed on their phone. Then there are those that have grown up in a culture where their peers increasingly dismiss the value of privacy and simply don't care (today) about what they share. Then, of course, you have that large fraction of folks that crave any sort of attention and celebrity and will deliberately share everything hoping like hell that some of it will go viral.

 

 

https://www.supernetworks.org/pages/blog/agentic-insecurity-vibes-on-bitchat
Identity Is A Bitchat Challenge (MITM Flaw)

The Intersection of Vibe Coding and Security
Many of us have seen glimpses of what agentic generative coding does for security. We see the missteps, and sometimes wonder about the shallow bugs that pile on. Config managers that are almost always arbitrary file upload endpoints. Glue layers that become bash command launch as a service. And most frustratingly, code generation that's excellent at pretending forward progress has been made when no meaningful change has occurred. One of the most impressive parts of agentic coding is exactly that: how convincing it is by appearance and how easily we're tricked about the depth of substance in the code gen. In some ways we extend our trust of people to the stochastic code parrots, assuming that generative coding produced the actual work a human would have probably performed.
...
But bitchat's most glaring issue is identity. There's essentially no trust/auth built in today. So I would not really think about this as a secure messenger. The protocol has an identity key system, but it's only decorative as implemented and has misleading security claims. The 32-byte public key gets shuffled around with ephemeral key pairs as an opaque blob. The user verification is unfortunately disconnected from any trust and authentication. These are the hallmarks of vibe code (in)security.

Secure messaging systems do usually provide a way for users to establish trust, and that's what bitchat does not have right now.
...
In cryptography, details matter. A protocol that has the right vibes can have fundamental substance flaws that compromise everything it claims to protect.

 

 

Only it's more like the NSA doing it.... They used to be very proud of what their Cray "super computers" could do. Wonder what they're using these days...

 

Only it's more like the NSA doing it.... They used to be very proud of what their Cray "super computers" could do. Wonder what they're using these days...

Cray "super computers" were just for paperwork. The best encryption from 70 years ago, using digital tube circuits, is still secure..
BLACKER, Post-Quantum Cryptography, end-to-end encryption was running in the 70's.

 

Cray "super computers" were just for paperwork. The best encryption from 70 years ago, using digital tube circuits, is still secure..

I'd really like to see some evidence supporting this claim. And I'm talking about something other than one-time pads, which are theoretically unbreakable (but which the NSA broke several thousand of in Project Venona starting in the mid-1940s and up through about 1980).

What encryption from the mid-1950s using digital tube circuits is still secure today?

BLACKER, Post-Quantum Cryptography, end-to-end encryption was running in the 70's.

It was initiated in the late 70s, but fielded devices weren't around until about a decade later.

Just because a system uses end-to-end encryption does not make it secure. BLACKER likely used DES or similar symmetric crypto implemented in hardware. With it's 56-bit key, DES can be broken today in minutes on a dedicated machine or in seconds on a distributed cluster. Even before the turn of the century, it was demonstrated that it could be brute-forced in under a day.

Pretty much all symmetric ciphers are post-quantum resistant in that their key length is effectively cut in half by Grover's algorithm (whereas many public-key algorithms are shattered by Shor's algorithm). So doubling the key length recovers the prior level of resistance even in a post-quantum world. Though some cipher modes are potentially threatened by Simon's algorithm and others.

 

No, the Cray's were being used to "listen" on phone lines (international?) for trigger words (among other things). I.E. warrantless searches using wiretaps and they were pretty open about it and even admitted it in the various exhibits in their museum in Maryland when I was there in the 90's? to "Keep America Safe". They even had a Cray module on display. Cray made a big thing out of being liquid cooled as if they were the only ones doing it. IBM had been doing it long before Cray came around. Not sure what happened to Cray but IBM probably outdid them when they got around to doing it. Don't hear much about "Super Computers" anymore...
Saw something last night showing a chinese "Bot Farm" built using Apple smart phones. Rack after rack of smart phones with each rack holding several hundred phones each. Apparently used to innundate targets like the X platform with misinformation every time something negative is said about the CPP in the news. Attempting to sway attention away from negative reports on china. As a side note. I keep seeing news pieces from "Interesting Engineering" about all the Brilliant Engineering Advances mostly from china. Apparently a china shill. I just looked and the Wiki article about them has been removed although the search engines still show excerpts from the article but their link to Wiki now brings up a page with just Wiki instructions on how to generate an information thread. The actual article about them has been removed!

 

I'd really like to see some evidence supporting this claim. And I'm talking about something other than one-time pads, which are theoretically unbreakable (but which the NSA broke several thousand of in Project Venona starting in the mid-1940s and up through about 1980).

What encryption from the mid-1950s using digital tube circuits is still secure today?



It was initiated in the late 70s, but fielded devices weren't around until about a decade later.

Just because a system uses end-to-end encryption does not make it secure. BLACKER likely used DES or similar symmetric crypto implemented in hardware. With it's 56-bit key, DES can be broken today in minutes on a dedicated machine or in seconds on a distributed cluster. Even before the turn of the century, it was demonstrated that it could be brute-forced in under a day.

Pretty much all symmetric ciphers are post-quantum resistant in that their key length is effectively cut in half by Grover's algorithm (whereas many public-key algorithms are shattered by Shor's algorithm). So doubling the key length recovers the prior level of resistance even in a post-quantum world. Though some cipher modes are potentially threatened by Simon's algorithm and others.

NO, BLACKER and similar systems didn't use DES or some simple easily symmetric crypto.

The old tube KWT and KWR-37 machines are, to the best of my knowledge, still classified at least SECRET and traffic they passed is still secure from stored message attacks unless you have the crypto keys.




They had the gear, the manuals and some of our people for sure since the 60's but it's useless without the keys (that the Russians paid good money to steal).


https://nsarchive2.gwu.edu/NSAEBB/NSAEBB453/docs/doc25.pdf
The KWR-37 series was retired in the 90's, not because it was compromised, cracked or broken. It was just too damn old to keep going.

 

No, the Cray's were being used to "listen" on phone lines (international?) for trigger words (among other things). I.E. warrantless searches using wiretaps and they were pretty open about it and even admitted it in the various exhibits in their museum in Maryland when I was there in the 90's? to "Keep America Safe". They even had a Cray module on display. Cray made a big thing out of being liquid cooled as if they were the only ones doing it. IBM had been doing it long before Cray came around. Not sure what happened to Cray but IBM probably outdid them when they got around to doing it. Don't hear much about "Super Computers" anymore...
Saw something last night showing a chinese "Bot Farm" built using Apple smart phones. Rack after rack of smart phones with each rack holding several hundred phones each. Apparently used to innundate targets like the X platform with misinformation every time something negative is said about the CPP in the news. Attempting to sway attention away from negative reports on china. As a side note. I keep seeing news pieces from "Interesting Engineering" about all the Brilliant Engineering Advances mostly from china. Apparently a china shill. I just looked and the Wiki article about them has been removed although the search engines still show excerpts from the article but their link to Wiki now brings up a page with just Wiki instructions on how to generate an information thread. The actual article about them has been removed!

Exactly what I mean, paperwork, listening to clear conversions with no security protections. What was critical was bulk access, systems able to store all the data and sort for trigger words later as requests can in. These machines just replaced people doing the same jobs. The code breaking machines were custom hardware back then and today.
https://ethw.org/Milestones:US_Naval_Computing_Machine_Laboratory,_1942-1945

 

NO, BLACKER and similar systems didn't use DES or some simple easily symmetric crypto.

The old tube KWT and KWR-37 machines are, to the best of my knowledge, still classified at least SECRET and traffic they passed is still secure from stored message attacks unless you have the crypto keys.
View attachment 352979

View attachment 352972View attachment 352973

They had the gear, the manuals and some of our people for sure since the 60's but it's useless without the keys (that the Russians paid good money to steal).
View attachment 352974View attachment 352975

https://nsarchive2.gwu.edu/NSAEBB/NSAEBB453/docs/doc25.pdf
The KWR-37 series was retired in the 90's, not because it was compromised, cracked or broken. It was just too damn old to keep going.

The KW-37 had 52 flip flops -- 4 each on 13 PCBs. Assuming every one of them was used as part of the encryption state, that's 52 bits, which is more than an order of magnitude weaker than DES's 56 bits. This would be in a fairly reasonable relationship, given that the HW-37 was introduced about a decade before DES.

Brute force attacking a 52-bit key space was too computationally difficult until sometime in the early to mid 1990s. Today, 128 bits is generally considered the shortest key that can be considered secure against classical attacks and 256 bits is needed against quantum-based attacks.

 

The KW-37 had 52 flip flops -- 4 each on 13 PCBs. Assuming every one of them was used as part of the encryption state, that's 52 bits, which is more than an order of magnitude weaker than DES's 56 bits. This would be in a fairly reasonable relationship, given that the HW-37 was introduced about a decade before DES.

Brute force attacking a 52-bit key space was too computationally difficult until sometime in the early to mid 1990s. Today, 128 bits is generally considered the shortest key that can be considered secure against classical attacks and 256 bits is needed against quantum-based attacks.

Very simplistic examination of the machine. There was more (logic) to the compete encryption algo than digital flip-flops, that expanded the effective key space greatly. DES is a block cipher, It was a type of stream cipher.
https://en.wikipedia.org/wiki/Stream_cipher

Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the one-time pad (OTP). A one-time pad uses a keystream of completely random digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proven to be secure by Claude E. Shannon in 1949.[1] However, the keystream must be generated completely at random with at least the same length as the plaintext and cannot be used more than once. This makes the system cumbersome to implement in many practical applications, and as a result the one-time pad has not been widely used, except for the most critical applications. Key generation, distribution and management are critical for those applications.

A stream cipher makes use of a much smaller and more convenient key such as 128 bits. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost. The keystream is now pseudorandom and so is not truly random. The proof of security associated with the one-time pad no longer holds. It is quite possible for a stream cipher to be completely insecure.[citation needed]

"It is quite possible for a stream cipher to be completely insecure" This one was not.

 

Very simplistic examination of the machine. There was more (logic) to the compete encryption algo than digital flip-flops that expanded the effective key space greatly. It as a type of stream cipher.
https://en.wikipedia.org/wiki/Stream_cipher

Yes, it was a stream cipher machine. So what? The cryptographic security is limited to no more than the number of possible initial states of the machine. All an attacker has to do is try every possible initial state. If that can be done in a useful amount of time, then the system is insecure. What might have been effectively secure against brute force attacks five or six decades ago is now usually hopelessly insecure because the entire keyspace can be explored in a useful amount of time.

The fact that the hardware for the machine is still classified is actually one of the strongest indications that the system is not secure against a brute-force attack on the key space. Instead, it is relying on keeping the algorithmic details a secret instead, i.e., security through obscurity. Another strong indicator is that if it had been so secure that it would still be secure today, instead of getting rid of it because the equipment was so old, they would have just implemented it using updated technology. It's telling that it was retired right as brute-force attacks against keys of its size were on the horizon of becoming practical.

 

Yes, it was a stream cipher machine. So what? The cryptographic security is limited to no more than the number of possible initial states of the machine. All an attacker has to do is try every possible initial state. If that can be done in a useful amount of time, then the system is insecure. What might have been effectively secure against brute force attacks five or six decades ago is now usually hopelessly insecure because the entire keyspace can be explored in a useful amount of time.

The fact that the hardware for the machine is still classified is actually one of the strongest indications that the system is not secure against a brute-force attack on the key space. Instead, it is relying on keeping the algorithmic details a secret instead, i.e., security through obscurity. Another strong indicator is that if it had been so secure that it would still be secure today, instead of getting rid of it because the equipment was so old, they would have just implemented it using updated technology. It's telling that it was retired right as brute-force attacks against keys of its size were on the horizon of becoming practical.

Sorry, you're wrong about cryptographic security is limited to no more than the number of possible initial states of the machine being set by some number of flip-flops or internal memory elements. The Soviets had several of the complete devices and manuals for decades, it's not a secret to them what's inside the box, that's why the paid for stolen keys, they couldn't crack it and IMO nobody has ever claimed they could with modern equipment (unlike devices like the KW-7 that they totally broke). The newer KG-84 (we had a new units installed on my last deployment) and other similar solid-state devices used basically the same stream cipher designs with updates and improvements but it mainly removed the problem with cards being stolen by using secure keying FILL devices instead of easily stolen cards.


https://www.cryptomuseum.com/crypto/algo/saville/index.htm

SAVILLE cryptographic algorithm — these were called crypto logics in the old days — is a stream cipher, widely used in cryptographic equipment used by NATO and by the administrations of NATO-countries. SAVILLE is a joint development of the NSA (US) and GCHQ (UK) and its origin probably dates back to end of the 1960s, beginning of the seventies, considering the early implementations in devices such as the US VINSON (KY-57) and the UK Lamberton (BID/250).

At the time, two teams were formed to develop a new cryptographic algorithm: one at the NSA and one at GCHQ. At GCHQ, WWII cryptanalist Michael Crum 1 was involved in the project. Both teams produced algorithms which were then rigorously analysed by the other agency. In the end, the GCHQ algorithm was accepted as the better one and became known as SAVILLE [5]. In most literature however, SAVILLE is commonly attributed to the NSA.

 

Sorry, you're wrong about cryptographic security is limited to no more than the number of possible initial states of the machine being set by some number of flip-flops or internal memory elements. The Soviets had several of the complete devices and manuals for decades, it's not a secret to them what's inside the box, that's why the paid for stolen keys, they couldn't crack it and IMO nobody has ever claimed they could with modern equipment (unlike devices like the KW-7 that they totally broke).

Of course the Soviets would pay for stolen keys instead of trying to use a brute-force attack. As I've already pointed out, a brute force attack against this size key space wasn't feasible until the late 1990s, by which time the Soviet Union no longer existed and hadn't for a number of years.

Today, a brute force attack against that size keyspace would be little more than a homework assignment once you had an emulator for the machine. A class of a couple dozen students could partition the key space and exhaustively try every possible initial setting in under a month using nothing more than their own PCs. Someone spinning up a distributed cloud network could do it in a few seconds (once they got everything set up and told it to start).