[jdev] Protecting IM From Big Brother

Dave Cridland dave at cridland.net
Tue Nov 27 11:17:59 CST 2007

On Tue Nov 27 16:19:38 2007, Alexey Nezhdanov wrote:
> Not just these two. XMPP have specification for pgp usage on top of  
> xmpp, I use it sometimes with Psi client and I am sure that at  
> least some other clients support it as well.
And there's ESessions, and S/MIME, and XTLS... The problem isn't so  
much encrypting the traffic, which is simple enough, it's all the  
other additional properties. ESessions and OTR are both geared very  
heavily toward IM, whereas S/MIME and PGP both leverage existing  
cryptography designed for email and deploy it on IM, and finally XTLS  
treats chat sessions like connections, and does TLS over them.  
(That's SSLv4, in effect).

> I'll explain it for the others who are less familiar with  
> encryption: both methods (OTR and PGP) are the end-to-end  
> encryptions. Big brother will never waste his resources to crack  
> these unless you are highly wanted criminal (and even in this case  
> it will be not too easy for him to crack it).

Well, you can - if you really want - calculate the computing power  
required to decrypt all XMPP messages. Note that you have to be able  
to decrypt them in near-real-time, at least, you need to decrypt as  
fast as you intercept, which amounts to more or less the same thing I  

Now, I don't know how much computing resource NSA, or GCHQ, actually,  
have, but we can do another calculation, too - we can translate the  
MIPs into Watts of electrical power, based on the power consumption  
of the individual CPUs required for this MIPpage.

Then divide by 2*10^8. This magical figure will then tell you how  
many power stations will need to be fairly close by Fort Meade. (Or  
Cheltenham, for the Brits).

(Of course, I'm assuming a 200MW reactor, here, as I can't really be  
bothered to look up what wattage a nuclear power station can generate  
these days).

Once all this is done, simply count the power stations in the target  
area (Google Maps, or simply go and look - you can certainly drive  
around the Doughnut in Cheltenham).

Now, if you see a vast array of power stations - big complexes with  
vast cooling towers, you can't miss them - conveniently located  
within a useful range of the big brother of your choice, then hold  
onto your tinfoil hats and grab your one-time pads, because it's the  
only chance you have. (And, please note, that's one-time pads  
generated very carefully.)

Alternately, if you happen to notice that cooling towers are, in  
fact, conspicuous only by their absence in leafy Cheltenham, then you  
can simply reuse your tinfoil hat as a convenient bowl to hold your  
crisps in while you watch the lotto on telly purely to see if you've  
one. (The latter not being a hint to use it as the source for your  
one-time pad, of course, since that would be foolish in the extreme,  
of course).

Of course, if you're a fully paid up member of the black helicopter  
spotting brigade, then you'll refute such arguments as being the  
ravings of an evil spook. But then, you'll also note that it's too  
late, because I've infiltrated you now.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list