A

It's time for Security Now. Steve Gibson is here. We've got a great show for you. First of all, I am stunned, but it turns out all of this noise about how quantum computing is zipping right along and quantum factorization is bs, steve explains. He's also going to talk about a new the final, I think volume of one of our favorite Sci Fi series and then an introduction to Zero Knowledge proofs. This is going to be a fun one for your brain. It's all coming up next on Security Now. Today's show is brought to you by Progressive Insurance. Do you ever find yourself playing the budgeting game? Well, with a name your price tool from Progressive, you can find options that fit your budget and potentially lower your bills. Try it@progressive.com Progressive Casualty Insurance Company and affiliates Price and coverage match limited by state law not available in all states. Dates let's map out this week's amazing destinations and travel tips.

B

Honestly, Will, I didn't plan any trips, but I did switch to T Mobile with their new Family Freedom offer.

A

That's not the itinerary we're following.

B

Well, I'm departing from ATT and embarking on a new journey with T Mobile. They paid off my family's four phones up to $3200 and gave us four new phones on the house.

A

Bon voyage.

B

Introducing Family Freedom. Our lowest cost will switch our biggest family savings all on America's largest 5G network. Visit your local T Mobile location or learn more@t mobile.com FamilyFreedom up to $800 per line via virtual prepaid card typically takes 15 days. Free phones via 24 monthly bill credits with finance agreement eg Apple iPhone 16128.

A

Gigabyte $829.99 Eligible trade in eg iPhone.

B

11 Pro for well qualified credits end and balance due if you pay off.

A

Early or cancel Contact T Mobile this episode brought to you by Red Canary when cybersecurity threats hit fast, you need an MDR partner that moves faster. Red Canary delivers 24.7expert MDR support, total visibility and actionable insights. Plus it helps you detect four times more threats so you can stay ahead without burning out. Red Canary clears the noise and has your back every hour, every incident. Get the backup you deserve. Visit redcanary.com difference to learn more podcasts you love from people you trust. This is Twit. This is Security now with Steve Gibson Episode 1034 recorded Tuesday, July 15, 2025 Introduction to Zero Knowledge Proofs it's time for security Now. The show where you, dear, dear listener, get filled in on everything going wrong in technology.

B

What the hell is going on?

A

What could possibly go wrong with this man Right here, Mr. Steve Gibson, who is a font of knowledge. Without him we would be wandering in the wilderness. Thank you for being here.

B

Happier than you are now, but still maybe a little hungry.

A

You might not be so scared, but ignorance is not bliss.

B

Oh, are we gonna have fun the next couple hours? Leo? We have a the long awaited. Little did we know we needed it until it arrived. Serious takedown of all quantum computing factorization nonsense.

A

Really, really.

B

None of it is true. Oh no, it has never worked. It doesn't work. It has never worked. It's all. They've all used deliberately contrived tests.

A

How frustrating.

B

Peter Gutman, who's a well known cryptographer in New Zealand just wrote a beautiful piece thanks to one of our listeners who sent me the link. So we're going to spend some time taking that apart. We've also, we're also, thanks to another listener, going to look at Notepad, which is a favorite Windows notepad replacement utility for many of us. I'm converted and I'm converted thanks to our listeners. Listeners who said I made some comment about Notepad and they said aren't you using Notepad? And everybody else piled on the Notepad.

A

People are absolute, you know, fanatics.

B

Well, and I've complained about it many times because the author, Don Ho, just can't leave it alone. It's like it's done. Don, just stop with, you know, because as we know, every time it updates there's an opportunity that it might be something. There might be. You might be introducing more problems than solutions. Anyway, there's a new problem with it that we're going to go into. We've also got a screenshot of Babiverse book 6 laying on Dennis Taylor's lap. Oh, we've got a little news on crypto ATM machines, some, some signal versus WhatsApp encryption questions resolved. Also, we just talked about browser fingerprinting. Another listener brought to my reminded me essentially because I knew of this before the EFF's latest effort which obsoletes Panopticlick, which was their previous thing we talked about, which they haven't touched since 2017. We're going to be able to take a deep dive into exactly what those metrics are and how valuable they are on a granular, granular level. And then, oh, are we going to have fun with Peggy and Victor?

A

Who are they?

B

Peggy and Victor? Peggy is the prover, Victor is the.

A

Verifier oh, this is like Bob and Carol and Ted.

B

Yes. And Alice.

A

Yes.

B

Eve, actually, the eavesdropper. Those are the standard characters used when talking about zero knowledge proofs. Zero Knowledge proofs is a surprisingly recent emergent technology because it turns out it's quite tricky. The. The goal is to. And this. The reason we're talking about this is that Google just released their open to the open source community on GitHub. Their code for zero knowledge proof age verification. The idea being you want to verify someone's age is 18 while revealing absolutely nothing about them other than proving the assertion that they're 18. So it turns out there's a whole field of math which is very tricky, which surrounds the idea of proving an assertion while revealing nothing. I know it's counterintuitive, but we. I've got some examples using Peggy and Victor and. And a cast of additional characters. We've got a couple competitors who've been buying something from a. From a common supplier.

A

We're not going in a Chinese room or anything, are we? This sounds a little bit like, all right, will there be math?

B

There will be math. There will be magic caves. There will be boxes locked in rooms. Question of what happened to Wally?

A

Wow.

B

So I think we're gonna have a little fun.

A

This is going to be a. Is it, would you say a propeller head episode?

B

No, this is one, actually where I think many of our listeners will get their kids in for the discussion of zero knowledge proofs.

A

Oh, how fun. All right, stay tuned. And of course, a picture of the week, which I have yet to. To glance at, so I won't be amazed and surprised.

B

The mailing went out and I already have the answer to the question heck is going on here? Oh, yeah, we all do this. This is what happens, you know, in our neck of the woods.

A

It's like, okay, all I see is the caption. What's that about? The weakest link. But we will take a look at the picture together in just a moment. But first, a word from our sponsor for this segment of security. Now, the great folks at Bitwarden. Oh, I love Bit Warden, the trusted leader in password, pass key and secrets management. Bitwarden is consistently ranked number one in user satisfaction by G2 and software reviews. With more than 10 million users across 180 countries and over 50,000 businesses. Yeah, businesses. Now, if you're planning travel as I am, Bitwarden password manager can make your travels safer and easier. In fact, I've already done this. Add your passport number to your vault for easy Access for tax free shopping. Actually, I even keep an image of my passport in my Bit Warden vault. Partly because I know it's completely safe in there. I do it with my Social Security number, all my secrets. It's completely safe in there. But it's great to have because if I lose my passport as I'm overseas, I have an image of the passport readily available on my phone or my computer. That's the other nice thing about it, because my passport is on every machine that Bit Warden's on. And Bitwarden's everywhere. You can use Bitwarden if your partner uses Bitwarden to secretly share your hotel or locker code with your travel partner. That's a good idea when using an airport or hotel WI Fi. Take this is actually just a generic tip. Not just Bitwarden users, but everybody should take proactive steps to help secure your data. Protect it against cyber threats. Of course, if you are using Bit Warden, all your stuff is in that encrypted vault no one can get into. Another little tip, only connect to the official airport hotel WI FI network. Yes, that seems a good tip. Do if you're using Bitwarden, enable auto fill for credentials. Why? Because Bit Warden will not fill your credentials into a site that is an imposter site. Bitwarden knows better, so it actually protects you from being fooled by sites that are pretending to be other sites. You also want to make sure you protect your device from automatically reconnecting the public WI Fi. If you leave that airport or hotel, forget the network in your device's settings. After use, bad guys often impersonate these open WI FI access points, pretending that they're the airport or the hotel and they're not. Also, of course you know this. Avoid downloading files, clicking unfamiliar links, or accessing sensitive personal or work accounts while connected to a public WI Fi. Students nowadays are spending the majority of their time online, not just for learning, but for socializing, gaming, doing other activities. With all this comes many accounts passwords. And even if your student knows the security risks, let's face it, convenience almost always takes precedence. That's why you want to get them a password manager. Your whole family should have Bit Warden. It generates unique strong passwords. Unique, used once on any site. Students can use and access them from any device. Their phone, their laptop, their desktop, anywhere they go. And they can get started for free. Because Bit Warden is open source, free forever for individuals. Oh, and by the way, just a little incentive, maybe you pass this along to your student. Cybersecurity skills are in high Demand. These days, potential employers will appreciate employees, even an entry level job if that employee has a solid understanding of password management. So make sure your, your student tells the interviewer, yeah, I use Bitwarden. I feel pretty secure about that. They'll be impressed, I guarantee you. Bit Warden setup only takes a few minutes. If you're using it in business, you'll be thrilled to know it imports from most password management solutions. So it's easy to move. And, and this is super important to me. I know it's important to Steve. It should be important to everyone. When you're using crypto, you want open source. Bit Warden's open source GPL licensed. It can be inspected by anyone. And they of course regularly have audits from third party experts and publish the results of those audits. So you can use Bit Warden with confidence. Bit warden meets SOC2 type 2 GDPR HIPAA CCPA standards. It's ISO 2700120002 certified. So it's absolutely secure. I trust them with my life. Everything's in there. And by the way, one more thing. I just recently did this. Bit Warden has a form on their website. Kind of an in case of emergency form you could fill out and put somewhere safe. Put it in your safe, give it to your spouse for safekeeping with your passwords, your, your two factor. All the information they would need to know if something should happen to you. It is. I have it. Don't tell anybody. I have it under my desk. Blotter on my desk. Lisa. It's under my desk. Blotter on my desk. So. Because I don't want to leave her high and dry. And that's the beauty of having a good password manager. In fact, she is my, this is another thing Bitwarden does. She is my trusted successor. So you can actually establish somebody that would get the passwords if you pass on. Very important. Get started today with Bit Warden's free trial of a teams or enterprise plan or get started for free across all devices as an individual user@bitwarden.com Twitter that's bitwarden.com TWIT Wow, that was a tip laden commercial. I apologize.

B

And Leo, do not pass on because we're not, we're not ready to be done.

A

I'm not planning to, but okay. That's the problem. You know, you step off the wrong curve and suddenly boom, you are history. Now you know it's not history. Our picture of the week. What's that about? The weakest link.

B

Yeah, so I, I, the caption I Gave this was, you know, posing the question, what's that about the weakest link? Because we've of course heard that phrase a lot. So that's, that's what this picture put me in mind of. It's like, okay, so what we have here is a. One of our. One of our favorite fence pictures of or gate in on. On a fence.

A

I understand why there's two locks.

B

Oh, it's covered with locks. We got three.

A

Oh, there's three. Yeah, yeah.

B

And the, the back ones do absolutely nothing. I mean, they're like, you know, like. Okay. And then one in the middle of the chain is hooked to a carabiner.

A

Oh, that's not very secure.

B

Everybody knows it's designed to be something you can open. You just push the little side in and then slip the padlock out and the gate opens.

A

So this is not a locked gate, despite the three padlocks.

B

Correct. It is a closed gate. And I guess, you know, all of this contraption prevents the wind from blowing it open, but that's about the limit of the security that's available here now. So I posed this to our listeners. I sent out the mailing went out to, we're just shy at this point of 18,000 weekly subscribers to the Security now email list. And so many of them responded saying, oh, yep, this is common where in these parts. Around these parts. The idea is that you may want the UPS driver to be able to. To roll up your driveway, but you don't want, you know, goats to get out.

A

Cows don't know how to use carabiners.

B

They're not, you know. Well, they. There's no opposable thumb there, Leo. You really need the opposable thumbs. That's right. So, so. And if you were exiting your property so that UPS and Amazon and so. And you know, GrubHub and so forth would no longer be invited. Then you, then you deploy these additional padlocks.

A

They're there for your later use.

B

Subs exactly there. And you can put them in series. You can put them in parallel. You can just, you know, you know.

A

Create neighbors might have keys to one of them. And you're.

B

Or this may be a shared property. And so you don't want to share keys, but you want to then put your locks in series so that anybody who opens anyway, it's, it's, you know, it's an interesting contraption that's been built here. It turns out not at all foreign to many of our listeners, who we.

A

Have many cattlemen, we pull from a large variety yes.

B

Of security enthusiasts. Okay, so. Oh my God. One of our listeners sent a link to a paper that was co authored by Peter Gutman. And I'm not sure that our listener knew, based on the the comment that accompanied the email, what to make of this paper since I could understand that its title is this literal title and this is a formally published, highly referenced meaning, lots of references, three pages of references at the end paper serious titled replication of quantum factorization records with an 8 bit home computer, an abacus and a dog. That's the title of the paper. So, you know, I'm sure that that title alone would have hooked me with a huh. If Peter's name wasn't immediately familiar to me. Wikipedia opens its lengthy description of Peter's history by writing Peter Klaus Gutman is a computer scientist in the Department of Computer Science at the University of Auckland in Auckland, New Zealand. He has a PhD in computer science from the University of Auckland. His PhD thesis and a book based on the thesis were about a cryptographic security architecture. He's interested in computer security issues. Yeah, no kidding. Including security architecture, security usability, and it says per ends or more usually the lack thereof, as in, you know, lack of usability and hardware security. He has discovered several flaws in publicly released cryptosystems and protocols. He is the developer of the Cryptlib Open Source Software Security library and contributed to PGP version 2. So you know, he from. He's like a, you know, a serious cryptographer. He knows his way around computer security and cryptography and I felt compelled to venture into anything that he might write on the subject of replicating various quantum computer factorization records as it, you know, having broken a record for quantum computer based factoring. So in this case he's breaking the records with an eight bit home computer which turned out to be a 6502 based Commodore Vic 20. You know, not even a pet, an abacus and his dog named Scribble. So before I go any further, I want to make sure that I do not forget to leave a link to his work in the show notes. So it's there now for anyone who wants more details. I'm going to skip a big chunk in the middle because all of the fun is at the front and a little bit at the end. But it's all there for anybody who wants more. Now, I hardly consider myself to be any kind of expert in the field of quantum computing. I certainly am not. And I have felt somewhat self conscious through the years as Leo, you and I have continually poked fun at what appear to be the extremely meager quantum computing number factoring accomplishments that seem to nonetheless be celebrated by the popular press as if it's like, oh, you know, watch out, we just factored the number 21. Oh, so cryptography as we know it is over. You know, it's like, okay, well it's not clear to me that what we see is scalability or much in the way of evidence that we're in trouble. You know, the fact that some super cooled chip operating at sub zero, you know, cryogenic temperatures is able to factor the six bit number 35 into its two products 5 and 7 to me has never clearly suggested that more bits will be forthcoming, nor when. Okay, so I felt somewhat heartened to learn at least that my intuition here and my understanding of physics where it matters may be intact. Peter and his co author of this paper in this recently released March 2025 piece are quite clearly similarly unimpressed. But it even goes further than them being unimpressed. Their paper's abstract is very short and to the point. It simply reads, this paper presents implementations that match and where possible exceed current quantum factorization records using a VIC 28 bit home computer from 1981, an Abacus and a dog. We hope that this work will inspire future efforts to match any further quantum factorization records, should they arise. Now Peter's having some fun with this, although his sincere intent appears to, to be to roundly debunk these accomplishments I have in quotes that, that have been achieved so far. Peter understood that his use of the term factorize which appears throughout the paper, and that's with an R I S E as opposed to, you know, in the US we would say factorize R I Z E and even that I've, I've never liked that phrase factorize that seem, I mean, I, I get it, you're making a verb. But isn't factor you can factor something. You, you, you, you, you, you know, factor an an integer into its components. Anyway, factorizes how he wants to say it. So the. But the first footnote in his paper tackles this head on. He wrote, we use the UK form factorize F A C T O R I S E here in place of the U S variance factorized with a Z or factor in order to avoid the 40 tariff on the U S term. So anyway, it occurred to me that he might qualify for a quantity discount in, in his use of the term since it's used in nearly every sentence of this paper. So I need to share this with everyone because it's actually important what he has to say here, even though he's. I mean, basically he is just so disgusted with what he sees as what's going on that he decided to take this tact of, of his paper. We all know that quantum computing presents what has been described as a clear and present danger to the world's current quantum naive cryptography, and specifically to the threat that this prime factorization problem, upon which much of today's security technology still critically depends, might be put at risk, might be at risk of being solved by sufficiently powerful quantum computers. Peter and his co author are here to disabuse us of any such concern. So they write in 1980. In 1994, mathematician Peter Shore S H O R proposed his quantum factorization algorithm, now known as shor's algorithm. In 2001, a group at IBM used it to factorize the number 15. 11 years later, this was extended to factorize the number 21. And another seven years later, a factorization of 35 was attempted but failed. Okay, yeah, we're pushing it, Leo. That's six bits. We can't, can't get to six bits. Wow. Five. We were able to do 21. The number 21 fits in five bits, but 35 requires six bits. Couldn't. We couldn't get five and seven out of. Out of 35. He says, since no new records have been set, although a number of announcements are of such feats have cropped up from time to time alongside the more publicly visible announcements of quantum supremacy every few months. He says these announcements are accompanied by ongoing debates over whether a factorization actually took place and if so, what it was that was factorized, with the issue covered in more detail in this paper's section three. Now, I should note that I'm not. I've removed from this text all of the reference, you know, in square brackets, a number which refers to the facts of the, you know, some other paper written. So, for example, where he says. Which is accompanied by ongoing debates over whether a factorization actually took place there, he will have a reference to another piece of research which is, you know, seriously questioning the announcement. So this paper is heavily referenced to, to back up everything that Peter is saying. He says of particular note was the claim in 2024, so just last year by researchers to a factorized an RSA 2048 number. And he says, that's the, the D Wave paper. And remember that we talked about that last year when it happened. D Wave was supposed to have made some big, great, huge breakthrough. It's like, oh, no. He says in this paper, the one he's writing today, we focus on the factorizations of 15, 21 and 35, as well as the claimed RSA 2048 factorization. He explains. New technologies, when introduced, are typically given names that overstate their capabilities, usually by equating them with existing familiar systems or technological artifacts. For example, the first computers in the 1940s and 1950s, often little more than glorified electric adding machines, were nevertheless described as electronic brains. More recently, large language models have been touted as artificial intelligence, and complex physics experiments have been touted as quantum computers. In order to avoid any confusion with actual computers like the VIC 20, with which they have nothing in common, we refer to them here at that meaning quantum computers as physics experiments. Similarly, we refer to an abacus as an abacus rather than as a digital computer, despite the fact that it relies on digital manipulation to affect its computations. And finally, we refer to a dog as a dog, because even the most strenuous mental gymnastics can't really make it sound like it's a computer.

A

Okay, now they're just being sarcastic.

B

He is, but he's. Believe me. Wait till you see where this goes, Leo. I mean, he just drives a stake through the heart of quantum computing by the time we're done, he says. When stage magicians perform sleight of hand tricks, traditionally card tricks, they use specially constructed decks called force decks, with which they can force the participants in the trick to pick a card of the magician's choosing. An example of such a force deck is a Svengali deck, which, when shown to the participant or the audience, appears to contain a standard mix of cards, but which only contains a single repeated and therefore entirely predictable card. Similarly, quantum factorization is performed using sleight of hand numbers that have been selected to make them very easy to factorize using a physics experiment and by extension, a VIC 20, an Abacus or a dog. Ow. Huh? A standard technique is to ensure that the factors differ by only a few bits, meaning least significant bits that can then be found using a simple search based approach that has nothing to do with factorization. For example, the lengthy RSA 2048 number. And then in his paper, he enumerates it full out. He like every single digit is there, it takes about one and a half lines of. Of decimal, with every three digits separated by a comma is the product, he says, of two factors, which he then also lists out, that differ by only one or two least significant bits. And indeed that's what we see. We see two large numbers each half the length of the law of the 2048 bit number, and they are only a few decimal digits different from each other. He says this makes it possible. And think about this, Leo. You'll get this instantly. To perform this factorization he has in air quotes through a simple integer square root calculation, because of course that's going to bring you to a spot in between the two. Then you just search in both directions until you find the two. Oh my God. Oh my God. Uhhuh. He says note that such a value would never be encountered in the real world since the RSA key generation process typically requires that. And then he has a little bit of math here. The absolute value of P minus Q is greater than 100 or more bits. Indifferent, you know, indifference, meaning you would never have the case where the two prime factors differ by a small integer with their square root dead in between the two of them. Yet that's what was done and everyone jumped around and celebrated. He says. As one analysis puts it, quote. Instead of waiting for the hardware to improve by yet further orders of magnitude, researchers began inventing better and better tricks for factoring numbers by exploiting their hidden structure.

A

Hidden structure? You mean they're right next to each other?

B

Yeah. My God, they're almost identical. He says a second technique used in FA in quantum factorization is to use pre processing on a computer to transform the value being factorized into an entirely different form or even a different problem to solve, which is then amenable to being solved via a physics experiment. For example, the 2019 quantum factorization of 1/099 comma 551 comma 473 comma 989. So that's C, that would be a million billion. So it's 1,099,551,473, 989, he says. Relied the the 2019, like much ballyhooed amazing breakthrough, relied on processing with a computer to transform the problem into one that was solvable with a three cubit circuit, which otherwise, I mean, this would have required a huge number of qubits which don't work. We don't have that today. So we're going to transform this into something and do some sleight of hand so we only need three qubits and say that we actually accomplished something. He said. Other quantum factorizations also rely on computers to reduce the problem to a form in which it can be solved in quotes through a physics experiment. Even the factorizations of 15 and 21 use the so called compiled form of Shor's algorithm, which uses prior knowledge of the answer to merely verify the known in advance factors rather than performing any actual factorization.

A

This is basically fraud.

B

It is fraud. Yes. And this is why he's so fed up with this and just decided, okay, I gotta just call a dog a dog. He said in the case of 15 and 21, and thus this re in the case of 15 and 21, this reduced the number of qubits required from 8 and 10 to 2 in the compiled form. The paper that discusses this result comments that it is not legitimate for a compiler to know the answer to the problem being solved. To even call such a procedure compilation is an abuse of language. So other observers have been saying this, but it hasn't all been pulled together and given the attention until Peters finally said, okay, let's, you know, let's just really put, put this to rest. They write the paper then presents the factorization of a 768 bit 231 digit number and a get this 20,000 bit number, both of which can also be factorized using two qubits in the compiled form, as the paper points out. Quote Our technique can favor can factor Our technique can factor all products of P and q such that P and Q are unequal primes greater than two runs in constant time and requires only two coherent qubits. Meaning they've just demonstrated the cheat. Still other quantum factorizations go even further. They write, for example, one claimed factorization involved working backwards from the known answer to design a physics experiment that produced the known and advanced solution. There's no equivalent computation for such sleight of hand operation, so we have no means to show an equivalent using a VIC 20 or an Abacus. The trick in all of these cases is to figure out how to construct a value such that it can then be transformed into a vastly simpler form in which it can be factorized via a physics experiment.

A

I love it that he keeps calling these physics experiments. Basically, he's saying they're just designing this in such a way that simple physics can solve it. It's not a quantum computer. It's just a physics experiment.

B

It's not doing any actual computation.

A

Amazing, he said.

B

These types of factorizations have also been referred to as stunt factorizations. For example, the main effort in the 2012 factorization of 143 into 11 and 13 consisted of finding a value with the special properties required that allowed it to be factorized by a physics experiment. This feat was then extended in 2014 to the value 56,153, which is also special as we'll see in 2018 to 44. 88. 459, another special value. And later that year to the impressive looking. And then I've got the number here. You know, it's, it's long. It's a long, long, long, long number.

A

I'll show people if they.

B

There it is. There, there in the middle. 3 8312-3885-2164-2721, 458, 9. Blah, blah, blah, blah, blah.

A

Yeah.

B

He says many further types and techniques from for stunt factorizations exist far too many to catalog here, with the practice typically being to manufacture a small value that's easily factorized via a physics experiment and then later figuring out how to stretch the value to add more and more digits while still allowing it to be factorized by the same physics experiment. I know, Leo, it's all fraud.

A

It's backwards. The whole thing's backwards. We know the answer. Now let's see if we can design a problem that will give you the same answer exactly.

B

He says. For example, the compiled Shor's algorithm can factorize any composite number P times Q on a very small physics experiment, a factorization mechanism that has been given the tongue in cheek name Schmolen Schmid Vargo algorithm after the authors of the paper that pointed out the technique. In other words, you're not actually doing anything. So that's the Smolen, the, the Smolen Smith Vargo algorithm, he says. It should be noted here that all of these sleight of hand and stunt values are trivially factorized by Fermat's method on a rise on a Raspberry PI or similar. In other words, you don't need no stinking quantum computer or even sub zero temperatures and cool, you know, liquid nitrogen or anything. Just a Raspberry PI, he says. Similar to stage Magic, the exercise, when responding to a new quantum factorization announcement, is not only to marvel at the trick, but to try and figure out where the sleight of hand occurred. One simple technique to catch the use of sleight of hand numbers is to view them in binary form. If they consist almost entirely of zero bits, as did the 2019 factorization of and this is the number I mentioned before, 1,099,551,473,989, which begins with 1000-0000-0000-0000,000,000 Zeros when expressed when expressed in binary, then it's A sleight of hand number.

A

It looks, it looks sophisticated in decimal. In binary, it's trivial.

B

It's ridiculous. Exactly. He says. Similarly, numbers with repeat patterns 1-0-10-1010 or are similar sleight of hand numbers. Section 7 presents a technique for selecting non sleight of hand numbers for future quantum factorization work. And that's, that's a section I told you I wasn't going to dig into because everyone will get the idea here very shortly. I'm almost finished with this. Where he actually says, okay, if you're going to impress anybody in the future, here's how you got to choose your numbers anyway. He says a second technique is to check whether the value submitted to the physics experiment was the one being factorized or whether it has been first transformed on a computer into an entirely different form that's solvable with a physics experiment. A standard trick here is to transform the factorization into a combinatorial minimization problem, which is readily solved using Grover's algorithm. Completely impractical for factorization, but perfectly suitable for publication credit. Meaning we need to get out, you know, we need to publish something because we're spending a lot of money on all this liquid nitrogen, which is not getting us anywhere. He said. Many other sleight of hand tricks exist for creating apparent quantum factorizations. One example is what we're calling the callous normal form for sleight of hand quantum factorization, or just callous normal form for short, after a cryptographer John Callis, who first described it. In the callus normal form, the factors are integers. P equals 2 times n minus 1 and q equals 2 times m plus 1, where n is less than M and P and Q are ideally prime but don't have to be. The binary representation of the product N is P times Q, then that then starts with n1 bits followed by m minus n0 bits and ends in another n bits. Anyway, so the point is it's, it's contrived. He says, needless to say, this is easily detected, right? Because you've got all of these, you've got all of these one bits, then a big block of zero bits, then an exactly identical size block of, of. Of one bits. Again, he says, needless to say, this is easily detected even on a 6502 and easily factorized. And he says, and he says, he says, friends, no real world NSA toolkit would ever generate such primes. He says. For example, a recent preprint, meaning getting ready to come out in the literature Uses this form to claim in its title Success in factorizing 4096 bit integers with Shor's algorithm, quote under certain conditions, where the conditions for the 12 examples used turn out to be equivalent to the all of them to the callous normal form. So the entire paper was a cheat with 12 examples of supposedly 4096 bit factorization, which if true would destroy current, you know, RSA style public key crypto. Notice that it hasn't been destroyed. In other words, everyone is cheating and cheating badly. And it's no wonder that Peter finally got fed up with this and decided to author this takedown. No quantum computer that's known or has been published about has ever done anything actually useful. Not even to factor the six bit number 35.

A

So this is amazing. How did we get fooled by this?

B

It's just unbelievable. People not really, you know, taking everyone down.

A

Yeah, it's math, it's complicated. It's gonna take somebody like Peter to figure this all out.

B

I mean, and the press looks at the title and goes, oh my God, they did it.

A

I did that.

B

40906 bit numbers have been factored.

A

Yeah, I've been reporting it as if they're real. I, I mean, they pulled the wool over our eyes, right?

B

He finishes WRITING so far as we've been able to determine, this is, you know, PhD in crypto and, and security, the author of the Crypt Libe open Source library. He says, so far as we've been able to determine, no quantum factorization has ever factorized a value that wasn't either a carefully constructed sleight of hand number or for which most of the work wasn't done beforehand with a computer in order to transform the problem into a different one that could then be readily solved by a physics experiment.

A

I'm pissed. I've been told.

B

Yes, we should all be. We attempt to address this deficiency by providing criteria for evaluating quantum factorization attempts in Section 7. The pervasive use of sleight of hand numbers and techniques and stunt factorizations throughout the field of quantum factorization makes it difficult to select targets for our factorization replication attempts. Since it's possible, with a bit of thought, to construct arbitrary, impressive looking values for factorization. An example being the 20,000 bit artificial value that was factorized with a 2 qubit physics experiment. We have to select targets that are at least within shouting distance of an actual application of something like Shor's algorithm for quantum factorization. The three instances of this that we have been able to identify in the literature, even Though they also use sleight of hand by using the compiled form of. Of Shor's algorithm. Mentioned earlier are the 2001 factorization of 15, the 2012 factorization of 21, and the attempted 2019 factorization of 35.

A

They couldn't even do that.

B

Meaning. Yes, that's. That's where we are today in. In reality.

A

What a relief.

B

Yes.

A

By the way, you know we've interviewed this guy.

B

Yes. Back in security. It's like 79 or something. 74 in the beginning. Yes.

A

Yeah. He did a paper on Windows Vista content protection, which he said was the. As the longest suicide known in history. So this guy's been writing this kind of debunking blog post for a long time, and he's cool. He's really cool. I can't believe we've interviewed him.

B

Oh, Ed, Leo, bring up a picture of him. Go, go. Just Google his name. Yeah, he's. He's like. He's. He looks like, you know, Linus's best friend.

A

He's a kiwi. Yeah.

B

Yep.

A

He says, chicken game. Don't look at this chicken on his T shirt. I don't know. I know what that's all about. Oh, and then it says on the picture of the chicken on his T shirt, game over. That is the nerdiest T shirt I have ever seen. How funny. Oh, my. Oh, my.

B

So, anyway, so they proceed to demonstrate that in the paper how a Commodore VIC20 from 1981 can match any feat that any quantum computer has performed so far. They use an abacus to do the same thing. And when they get to their chosen dog, Scribble, they write, as has been previously pointed out, the 2021. The. The. The. The 2001 and 2012 quantum factorization records may be easily matched. Now. Okay. 2021 was the factor of. A factorization of 15. Right. So we factor 15 into 3 and 5. 20. 20. 2021 was the. I'm sorry. 2012 was the factory factorization of 21, which we factor into. Which we factor in into 3 and 7. So both of those, you'll note, have a common prime factor of three. Okay, so he says, as has been previously Pointed out, the 2001 and 2012 quantum factorization records may be easily matched by a dog trained to bark three times.

A

And here, ladies and gentlemen, I give.

B

You is the Scribble the dog Scribble. We verified this by taking a recently calibrated reference dog, a scribble depiction depicted here and having him bark three times.

A

Yeah.

B

Thus simultaneously factorizing both 15 and 21. This process, he writes, was not as simple as it first appeared because Scribble is very well behaved and almost never barks. Having him perform the quantum factorization required having his own. His owner required having his owner play with him with a ball in order to encourage him to bark. It was a special performance just for this publication because he understands the importance of evidence based science.

A

Oh my goodness.

B

This process was then repeated to have him bark five times, factorizing the number 35 and thereby exceeding the capabilities of the quantum factorization physics experiments mentioned earlier.

A

Snarky.

B

He says, unfortunately, that this process fails for the RSH 2048 values since the size of the factors exceeds even the most enthusiastic dog's barking ability. However, there is another process that that allows us to factorize even these huge numbers with a dog. Recall from section 4 that the prime factors Q and P were either two or six apart. This led to an analysis where it was discovered that P equals x minus D and Q equals x plus D, where X is the integer in the middle between P and Q and D is either 1 or 3. It can thus be argued that D is the real secret.

A

Is it one? Is it three?

B

So teaching a dog to bark three times already gives us all the actual factorizations with Shor's algorithm plus 50% of of the moduli in the D wave paper. In the same way that factorizing 143 also factorizes 56,153, 4,088,459 and that other really hideously long number, the number referred.

A

To earlier, which is very, very big. Yep, it's the same.

B

Having set up the situation quite well, the paper then gets down to its serious purpose of establishing some guidelines and standards for choosing the numbers that we be factored by wannabe quantum computing experiments. And this was really the entire point of the paper. Though, you know, without the lead up preamble, the serious need for the guidelines might not be fully appreciated. And they finish by writing, in this paper we showed how to replicate current quantum factorization records using first a VIC 28 bit home computer from 1981, then an abacus, and finally a dog. In terms of comparative demonstrated factorization power, we rank a Vic 20 above an Abacus, an Abacus above a dog, and a dog above a quantum factorization physics experiment. Finally, we provide standard evaluation criteria for future claimed quantum factorizations, and we can all take a deep slow breath and not worry that that the factorizing factorization factorizing problem is going to be solved anytime Soon. It's all just been a scam from.

A

And by the way, okay, I understand Chinese researchers, probably it's a scam, but IBM, Google, I mean, why? Is it because they're trying to get funding?

B

I think they're probably trying to say, oh, we're getting closer, we're making progress. You know, it could happen any day.

A

It's smoke and mirrors.

B

Yes. That's why you and I have been laughing about it, like, for the last 10 years when we say, oh, they factored 15. Well, turns out they didn't actually even do that.

A

They didn't even do that. They rank lower than a dog.

B

Wow.

A

I'm just kind of blown away. And this guy's credible? I mean, I think he is. I think he's a real deal. Yes, he's a cryptographer.

B

Yeah. And. And. And I. I mean, I spent enough time on this. We got other stuff to talk about today. But that section 7, the link is in the show notes. He goes through a detailed explanation of. If you actually want to publish a paper, factor a number that meets the following criteria. And he lays it out.

A

Svengali number.

B

Exactly. It's not all. It's not one followed by all zeros or some ridiculous pattern which, you know, they're only three apart.

A

And so take the square root and.

B

You know, that gets you close, and then you just go in each direction.

A

Ah, this is depressing that I just. Confirmation that we live in a very bad timeline where people are just corrupt. They're just corrupt. All right, you want to take a break before we go on? That was. That was a lot. I still am absorbing all that. Wow. Wow. I'm miffed.

B

Yep.

A

Well, I've been. I've been, you know, kind of uncritically repeating those headlines. Not anymore.

B

Why wouldn't everybody, you know?

A

Well, yeah, I mean, I don't know any better. Wow. All right, this episode of Security now brought to you by Delete Me. They're doing, I think, good work in kind of decrepifying the Internet in specifically one specific way. If ever wondered how much of your personal data is out there on the Internet. Well, don't. Don't search for it, but just understand it is more than you think. Your name, your contact info. Steve and I found our Social Security numbers, home addresses, everything. Even information about your family members. And this is the sad fact of it. It's completely legal. It's being compiled by businesses. They're called data brokers. Businesses who compile this data and then sell it online to the highest Bidder. Anyone on the web can buy your private details and it can lead to horrendous impacts, identity theft, phishing attempts, doxxing harassment. But now you can protect your privacy with Delete Me. Look, I live in public, I share my opinions online. I know what the risks are. And we have been harassed mercilessly. It's important to think about safety and security, even more important with the management in your company. Because you don't want your company to get phished using easily retrievable information about your. That's what happened to us. Our employees are smart enough, they didn't get fooled, but they could have been. And when I saw these phishing attempts that had all the information, I thought how did they do this? And then I realized data brokers. It's easier than it has ever been to find anything you want to know about somebody online. That's why we use as a company Delete Me. And I recommend it too. Delete Me. It's a subscription service that removes all your personal info from hundreds of data brokers. You sign up, you give Delete me the info. You know it's not blanket. You tell them delete this but not that. Tell them what you want deleted. That's good. You have completely control. Then their experts take it from there. We just got a Delete Me report the other day. They send you regular personalized privacy reports showing what info they found, where they found it and what they removed. And it's important, this is not a one time service because Delete Me is always working for you. Because these data brokers, they're like cockroaches. They spring up, change their names and start all over again. And there's new ones literally every single day. That's why you need Deleteme constantly monitoring and removing the personal information you don't want on the Internet. To put it simply, Delete Me does all the hard work of wiping you and your family and your business's personal information from data broker websites. Take control of your data. Keep your private life private by signing up for DeleteMe. We've got a special discount for our listeners today. Get 20% off your Delete Me plan when you go to JoinDeleteMe.com TWiT and use the promo code TWIT at checkout. The only way to get 20% off, go to JoinDeleteMe.com TWIT JoinDeleteMe.com TWIT and use the code TWIT at checkout. That's JoinDeleteMe.com TWIT offer code TWIT. Thank you Deleteme for doing this is the most important work. So important. All right, back we go. I think a little listener feedback is.

B

In the in order Here we got Benjamin Lynn Lindner. Lynn Lynn Lindner. Yeah, he knows his name. You don't have any R. Yeah.

A

Yeah.

B

So he wrote. Hi Steve. Long time listener and club Twit member. Yay. Thank you Benjamin.

A

Thank you.

B

Yours is the only podcast I listen to with my full attention and I will pause if I can't pay attention at the moment. The only podcast I make sure to hear and understand everything. I'll often re listen several times to things I didn't fully understand. In short, high praise. He said, I came across something this week that I thought didn't seem right, but I'm not sure. I'm however sure that the above is true of many people. Thank you. He said notepad plus plus updated again to 8.8.3 and he said parens we know how you love those frequent updates. Yeah he said in the information about the update the developer says that this version ships self signed with a CA certificate and give instructions for installing it as a root CA in users machines. He explains that he's been having difficulties getting a code signing certificate so the unsigned binaries triggered AV false positives. Oh boy, don't I know about that. He said this seems to me much too dangerous. Oh, and there is a link to that posting at the notepad+plus.org site. He said this seems to me much too dangerous. I myself am not having the problem described, but I was just struck by the danger of such a thing. Even if Notepad is okay, the developer has no intention with a very powerful cert. Seems to me like a terrible suggestion. It's just too powerful and thus dangerous. There's also the bad habit forming of installing certs willy nilly to solve problems. I can see a developer being frustrated in coming to this solution, but it's irresponsible to put this out to the general public. Am I understanding this correctly? Also a spin right owner v7 when okay, so I was apprised of this issue with Notepad first some time ago by another of our listeners who wrote to ask whether I had any ideas for solving this problem for our Notepad author. Before I go any further, let's see what Notepad Author wrote. He announced this Notepad Plus plus version 8.8.3 release under the title Notepad Plus Plus Version 8.8.3 Release Self Signed Certificate. He wrote there were and still are. This is this is Don Ho writing. There were and still are many false positives reported as in the previous version 8.8.2 by the antivirus software due to the absence of Windows code Signing certificate to prevent this issue from recurring in future releases. From this version on Notepad Release is signed with a certificate issued by a self signed certificate authority. The root certificate is published on The Notepad website, GitHub repository and Notepad user manual, allowing antivirus I antivirus vendors, IT teams and users to verify the authenticity of each release. Then he says how to install the root certificate. Double click the certificate, it may tell you it's invalid. Ignore that and click Install Certificate, the certificate Import Wizard. Select Local Machine, then click Next. If prompted by uac, depending upon admin privileges, click yes, choose Place all certificates in the following status store, then browse and select Trusted Root Certification Authorities. Click Next. On the final page of the wizard, click Finish to complete the installation. He says, for detailed instructions, see Notepad++ user manual. And he I know. And he finishes. We're still trying to obtain a certificate issued by conventional certificate authorities for a better user experience. But let's be honest, he writes, it's probably not happening. Notepad isn't a business, it's certainly not an enterprise. And apparently that makes a popular open source project invisible to their gatekeeping standards.

A

Well, that's reasonable. If they won't give him a certificate, it is.

B

I mean, this is a problem. He says if the gatekeepers won't issue a certificate under the name we deserve, so be it. At least it spares us from wasting time and energy on a frustrating process that attempts or that that demands we beg for a new certificate every three years. The Notepad root certificate may not carry their approval, but it leads us to freedom. Okay, so what we have here is another effectively like what we have here on a broader scale is another effectively intractable problem caused by the ever escalating war between malware and goodware. Just like this Notepad plus plus guy, I, as we all know, write goodware. And if I fail to sign any of that goodware by grc, the AV industry, Microsoft and Windows Defender all collectively freak out. They sometimes freak out even if I sign my software.

A

Yeah, that happened, right? Yeah.

B

Yeah. With a certificate that has been continually signing only good software for years and has never once been found to sign any malware. That's just where the bar has been set. That bar has been pushed as high as it can go because it's safer for the end user if their protectors say no to Goodware then yes to malware. And you know this has been an ongoing drama. You know that as a software developer, I've been sharing with our audience here, you know, as it's been unfolding for a while, Microsoft was giving extra brownie points to any code that was signed with, with an, with an extra expensive EV code signing certificate, you know, extended validation. So that's what I was using. I would pay the price, get an extended validation certificate because it was the best you could get. And EV certs could only be received, stored in and used inside of an hsm, a hardware security module. This effectively raised the bar even higher and much more robustly prevented their theft and abuse. Because you could never get the certificate out of an hsv. It only goes in, there's no way to extract it because you know that's the real danger, right? That bad guys will get their hands on a trusted and trustworthy code signing certificate and use it to sign some of their nasty malware that will then stand a much greater chance of sliding right past AV detections, specifically because it's been signed by a signer whose trust has been earned. Now, for reasons that remain a mystery, Microsoft then later decided to deprecate that special treatment of EV certificates. Maybe it just created too much of a schism in the industry. I don't know what happened. I talked, did you? To the guy at DigiCert, my contact there, Jeremy, who knows, I mean who's on the the Cab forum and participates and he said nobody knows why Microsoft decided, they just announced, okay, EV code signing is no longer going to be special. So of course naturally that wasn't until after I jumped, I know I had jumped through all those numerous hoops to allow GRC's server to individually sign every copy of Spinrite 61 on the fly with a hardware security module, you know, as it's being downloaded by its user now that's in place and it's been working surprisingly well. After I finally got it working, I expect that I'll just leave it there, even though I'm not sure since the maintenance of certificates in HSMs is annoying too. But it's safer to have it in an hsm, so I imagine I will. But in any event, we're now told that the evness of code signing certs is irrelevant. And I'm fine with that since proving my identity for an EV qualification was bizarre. Remember what I was required to do? I had a one way video call with me on the camera holding up my government issued ID next to my face. And then having to move, being instructed to move my left hand around among my face and my driver's license while the, the guy from Digicert was looking at me from wherever he was. I mean, talk about raising the bar. So wow. But whether my code signing certificate is EV or not, what matters most is that the private key that was used to sign the certificate was itself signed by Digicert's private key. And that that private keys matching public key is already present in everyone's Windows PC certificate store. As it is, it's everybody has Digicert key and Microsoft's and a bunch of other people's. Digicert's public signing key is also present in all of the AV testing systems. Right. All of the things that are, that are out there checking certificates have that same set of, of of certificate authority master public keys. Which brings us to the problem that Notepad plus plus's author Don Ho now has non EV generic organization validation code signing certificates. The kind that he's being asked to get cost between 250 and $400 per year. This is not a cheap game. And Notepad is Windows freeware. Who's going to pay that cost? Yeah, GRC can afford that since I've been fortunate enough to develop an amazing following of terrific customers. So all of GRC's freeware gets the benefit of being signed by the same certificate that it's paid for commercial software which is as we know, still at this time only Spinrite is used for signing. But Don is offering Notepad to the world for free and he's understandably irked by the idea of needing to pay for the privilege of not being flagged by the world's over hyperactive AV scanning and being flagged as malicious. Which of course freaks out every Windows users like what, what? You know, it never used to be malicious, now it's suddenly malicious. What? You know, Notepad is not and has never been malicious, but code is code and today's AV takes a better safe than sorry approach. Code that is not signed is automatically looked down upon with extreme suspicion. I mean it's basically just flagged because why not? Why would any reputable code not having have a code signing certificate? Sometimes I'll, I'll forget to sign a test of mine. Drop it on virus total. And it just, it just goes crazy. I and I think first I think what happened? And then I realize, oh, I forgot to sign it. I sign it, drop the same code on virus total. I get zero out of 72 detections. Everything is fine. Same Code, just the presence of that signature is what makes the difference. But it's because the signature is from Digicert, and that's the key. What Don is attempting to do is to be his own certificate authority, and it won't work. He created a pair of certificates, one private and the other public. And the private key certificate. I'm sorry, the, the public key certificate is self signed. It's an anchor, just like Digicert's public certificate is self signed. All of the certificates in the, in the root store sign themselves. That's because they're anchors. So they're not. We're not relying on them being signed by somebody else who we trust. They are who we trust. So those certificates sign themselves saying, well, I trust myself and you're going to trust us too. And so then we trust everything they sign. So they're all so, so. But what Don is doing is he's creating his own trust anchor. The difference is that none of our PCs, none of the AV tools contain Don Ho's CA root certificate until and unless we deliberately install it into our machines. So our listener asked in his, in his note, he said, even if Notepad is okay and the developer has no ill intention with a very powerful cert, it seems to me like a terrible suggestion. It's just too powerful and thus dangerous. There's also the habit, the bad habit forming of installing certs willy nilly to solve problems. Okay, now, at first we might think that the biggest danger is that Don might not be good at keeping his own secrets and that someone might break into his development environment to steal the private certificate he uses to sign his freeware. I don't think that's a big concern, because the only place anything signed by though by that stolen, if it were stolen by that certificate would be trusted, would be within this, this, the microcosm of Don's own Notepad Plus plus users into whose PCs he had somehow convinced to install his proprietary certificate. That's not going to be of much use to someone who wishes to sneak their malware past the world's av. And I'm not at all convinced that Don's solution will help at all with the world's AV tools. They don't know that they can trust code signed by Don's own certificate. And why would they? We know that Don's a good guy, that he would never deliberately produce malware. But nothing prevents any malware authority from doing the same thing Don did. Creating their own certificate pair and signing their code with an untrusted certificate. That has no pedigree. The fact that some of Don's users may elect to place his certificate into their own machine CA root store certainly won't sway the opinion of these hyperactive, overactive AV tools. And it's unclear to me that it would sway the opinion of Windows Defender. I don't think Microsoft is going to care. So it does not seem to me that Don creating his own certificate, first of all is a big problem from the standpoint of it representing any great risk of abuse. But it's also not clear to me that it will achieve what Don hopes. Since AV tools are not going to be checking, you know, against the the users root store. They're going to be looking at their own trusted stores and, and trusting that, you know, Don's site says this will quote, allow antivirus vendors, it teams and users to verify the autistic authenticity of each release. Who's going to do that? No AV vendor is going to get Don's certificate just so copies of Notepad could be checked. You know, sorry, but it's not that big a deal. But I suppose hope springs eternal. What I do very much worry about is what our listener Benjamin referred to as the bad habit forming of installing certificates to solve problems. With that I really agree wholeheartedly. Just about the last thing I want is for my own machines CA root stores to be filling up with random certificates from the authors of freeware that I wish to use. You know, on the one hand, over time that would create a truly unmanageable mess and as I noted, it's unclear that on the other hand that it would accomplish anything anyway since any malware author is just able to create their own and do what Don did. So there's no way any antivirus system or Microsoft's own Defender endpoint protection is going to care. So I, I'm 100% sympathetic with Don's plight and as I noted, this is a real mess without any clear solution. We have a problem in our industry because the, the only way we have found to give any pedigree to software is to prove authorship. And proving authorship is, is. I don't see how you do that for free. This is a different problem than let's Encrypt solved with free domain validation certs. Right? You're not. Let's Encrypt is not saying anything about the reputation of the site that you're visiting. They're only saying you're visiting this domain name. So they're just giving you privacy protection and, and authenticating that you're connecting to the domain name you think you are, but they're not saying anything about its reputation. Code signing certificates are trying to make an assertion about the reputation of the entity that signed the code. That's where we are.

A

I see.

B

And so the open source community and the freeware community is in trouble.

A

Yeah, this is really an anti freeware move on the part of these guys, you know. Now I understand why it's an issue. This isn't an issue of course on Linux because you don't have a big company like Microsoft scanning this stuff and saying oh this is suspicious. You do have some av, but not anything near the same AV industry. On Linux though, people don't use certificates, they just use hashes. And all that does it doesn't prove the reputation. All it does is say well this came from modified. Yeah, some modified came from the original source and this person, it's like a PGP key. This person certifies this is him and he made it. But it's up to you to do the reputation part. That works fine though by the way on Linux, on open source operating systems because you don't have these, this big company saying well you don't want to run that, do you?

B

No. And I mean it's a problem you download. I mean and but when my certificate was new, Windows Defender was deleting.

A

Right.

B

The, the deleting it from people's computer quarantining it and deleting it they couldn't get would just, it would vaporize the moment it arrived.

A

Oh, that's horrible.

B

And so, and I'm talking about working with you know, sophisticated users who are testing pre release code.

A

Yeah.

B

And, and, and the only way I as a developer, Leo, I have to completely turn off Windows Defender from my assem tree or the moment I assemble code and create an exe, it's gone.

A

That's hysterical.

B

It's never been seen. Windows Defender just erases it. And so I have to.

A

That's a little draconian, don't you?

B

It's what everywhere? All, all developers have to shut off Defender for their development tree because it just eliminates their X's. They, they in the moment, they're, they appear out of the linker. They're, they're, they, they vaporize it shoots them with a space laser.

A

That's crazy.

B

It's today's world.

A

Well, it's today's commercial world I guess I. Do you think we're less safe on Linux? Because I mean.

B

No, because Linux is not a big target. Windows is the Target Windows is what the malware guys want to get into.

A

Yeah, there's got to be a better way. This is, this is ridiculous.

B

And, and that's why I wanted to point out the difference between certs and let's Encrypt is. Let's Encrypt can give you free certs because of all its. Right. It's just saying you are at this.

A

Domain so you'll still get flagged by Defender and all the other av. Yeah, I wonder if, because Defender flags it, the other AV guys said oh well, we better flag it too.

B

I think they all work independently. I, you know, they're all trying to be better than Microsoft. And you know, early on there were some arguments that well, Defender wasn't that good, but it was free, you know, malwarebytes and, and, and McAfee and, and I mean there's a lot of legacy problem.

A

I mean Apple does for stuff sold in the ma in the store have a notarization process and an authentication process. So if you buy it in the store, it's assumed it, it's all fine because Apple's protecting you. But you can download arbitrary stuff and Apple say whoa. And you can say no.

B

And, and this is like kind of like the whole side loading problem. Right, Right. I mean the presumption is. We're moving toward this store model because Microsoft will be doing the vetting and if it comes to the Microsoft Store, it's from a developer who's established a reputation. And so it is, is it is a pushback against, you know, against the world we have had before where apps, you just get them wherever you want to.

A

I don't like it, but I guess we, I guess it's a necessary evil for security.

B

Yeah.

A

That's why I use Linux though. I don't have any, I don't have any Windows machines.

B

Okay, break time and then we're gonna, we're gonna go do a little more feedback.

A

But I did have a question I wanted to ask you. Let's. Encrypt has announced that they are going to offer certificates for IP addresses.

B

Yes.

A

The hell does that mean?

B

You can put an IP address into your browser. You can go, you know, HTTPs 1.1.1.1 will take you to Cloudflare. But the certificate name has to have, the certificate has to have 1.1.1.1 in the certificate. Otherwise you can't get a TLS connection. So the name and the URL has to appear in the certificate and there.

A

Aren'T very many URLs that you would use the dotted quad as the and.

B

If you go to Cloudflare. If you go to cloudflare.com look at the cert, you'll see their IP addresses are in the certificate name in the SAN.

A

Probably true for Quad 9 as well. That's interesting. Yeah.

B

Yep.

A

Oh good. Thank you. It's not something you or I would do. We don't unless we had some magic IP address like.

B

Right. Unless it's a really cool address, you know. 12.3.4. It's got to be good.

A

That'd be good. Yeah. I'd get a cert for that.

B

Heartbeat.

A

All right, we got some very good news coming up, but we're going to save that for one more break here from our sponsor in this segment of security now, Big Idiot, the next generation AI powered data security and compliance solution, Big ID is the first and actually I think the only leading data security and compliance solution to uncover dark data through AI classification, to identify and manage risk, to remediate the way you want, to map and monitor access controls, and to scale your data security strategy. Along with unmatched coverage for cloud and on prem data sources, BigID also seamlessly integrates with your existing tech stack and allows you to coordinate security and remediation workflows. You could take action on data risks to protect against breaches, annotate, delete, quarantine and more based on the data, all while maintaining an audit trail. And it works with everything you use. Partners include ServiceNow, Palo Alto Networks, Microsoft, Google AWS and more. With BigID's advanced AI models, you can reduce risk, accelerate time to insight and gain visibility and control over all your data. No wonder Intuit named it the number one platform for data classification in accuracy, speed and scalability. Now if you want to think about a entity that has a lot of dark data, a lot of need to keep an eye on compliance, a huge need to make sure it's only using the right data for generative AI. Maybe you might think of the US army. The US army used Big ID to illuminate dark data, to accelerate cloud migration, to minimize redundancy and to automate data retention. Big ID is the best for all of that. And listen to the quote we got from US army and Training and Doctrine Command. This is what they said. This is US Army Training and Doctorate Command said quote the first wow moment with Big ID came with being able to have that single interface that inventories a variety of data holdings, including structured and unstructured Data across emails, zip files, SharePoint, databases and more. To see that mass and to be able to correlate across those is completely novel. I've never seen a capability that brings this together like Big ID does. What a quote, what a testimonial. But there's more. CNBC recognized Big ID as one of the top 25 startups for the enterprise. They were named to the Inc 5000 and Deloitte 500 not just once, but four years in a row. The publisher of Cyber Defense magazine says, quote, big ID embodies three major features we judges look for to become winners. Understanding tomorrow's threats today, providing a cost effective solution, and three, innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach, end quote. Start protecting your sensitive data wherever your data lives. @bigid.com SecurityNow Get a free demo to see how BigID can help your organization reduce data risk and accelerate the adoption of generative AI. Again, that's bigid.com security now. Oh, also, there's a free white paper that provides valuable insights for our new framework, AI Trism T R I S M. That's AI Trust, Risk and Security Management. This paper will help you harness the full potential of AI responsibly. And you can find it now free@bigid.com bigid.com security now. We thank them so much for their support of the important work Steve's doing on security now. And now the good news.

B

So Kevin Zollinger, a listener of ours, shared an image and wrote, morning. I suspect I am number 3231 to pass this along, but it looks like book 6 is on its way. He said, I grabbed the image off Reddit. Sometime next year we'll be back hearing about the many adventures of the Bobs. And I don't recognize the app this screenshot was taken from. Is that Instagram, Leo?

A

Yeah, I think so. I'm looking at the likes, the retweets, the.

B

Yeah, yeah, it looks like. Anyway, what we see appears to be posted by Dennis E. Taylor. It was 49 minutes ago from when the screenshot was taken. It's a photo of a manuscript titled Revelations. And then underneath it it says Perens Babiverse Book 6 by Dennis E. Taylor.

A

Wow.

B

And it's sitting on, presumably his lap. We see a pair of legs in shorts underneath the draft manuscript as well. And down in that fine print it says version 2025. 7.12.1. Wow. Would place it as as last week. So looks like, you know, printed out on paper manuscript.

A

So that's the Real Deal and Spiral bound no less. Wow, that's cool.

B

Christopher Lawson says Mr. Gibson, while listening to podcast 1033, you were asking about the difference in WhatsApp and other messaging apps with regard to WhatsApp not using encrypt message storage. Messaging applications like Signal encrypts the SQLite database on the mobile device in addition to the built in device storage encryption and stores the encryption key on the keychain. This prevents backups to itunes and icloud from containing the unencrypted messages along with any spyware mercenary ware from exfiltrating unencrypted messages from the shared applications container locations. WhatsApp has chosen to keep the messages decrypted so that they can be recovered from backup or transferred to a new phone or even phone brand. Single has chosen privacy over portability and usability in many areas, while WhatsApp is focused on usability and portability over the additional layers of security controls. Keep up the great work with teaching engaging critical thinking skills with your podcasts. Signed Chris so Chris, thank you. Anyway, so that that sort of explains a little in a little more clearly what it was that we saw in the news last week that had WhatsApp in trouble. The reason WhatsApp was presumably the the Congress, the congressional staffers were being told that WhatsApp was no longer safe to use. Stop using it, use some other things is that its data at rest is not stored in encrypted form.

A

Interesting.

B

And, and again, you know, who knows with Congress. But still that's, that's, that at least clarifies that. So thank you Chris. Matt Oliver said hi Steve, It's Thursday evening here in New Zealand and I'm continuing with my weekly regime of watching Slash listening to Security Now. I was super surprised tonight with your mention of crypto ATMs and their fraudulent use, as the New Zealand government just yesterday announced that they're introducing a bill to outlight outright ban them in New Zealand as part of an anti money laundering bill update. They're also heavily limiting cash transfers out of New Zealand, but that's another story he wrote. It will stop these criminals from being able to extort cash from unsuspecting victims. But if someone in New Zealand wants to invest more than $5,000 overseas, it seems they'll be limited to breaking it up into multiple transactions. I'm not too sure where the line should be. It seems like only a few weeks since you shared episode 1000. How can you be at 1033 already?

A

That's amazing.

B

Yeah, tell us about it. It does seem like quite a while ago. So anyway, it does appear that the crypto ATM business may be in for some rocky times. We know that the creation of cryptocurrency itself really opened the floodgates for extortion and ransomware. Cryptocurrency is so handy, but also so inherently prone to abuse. So I suppose it should come as no surprise that crypto ATMs would be no less abuse prone. Jeff A listener said hello Steve, on security now podcast 1033 you discussed the Apple and WhatsApp responses to the Israeli spyware vendor attacks, and in particular you mentioned that WhatsApp was able to remediate the PDF free type font rendering vulnerability issue on the server side without changes to the client. That's right. I quoted a WhatsApp rep saying that about WhatsApp, and he says Jeff asks, since WhatsApp is supposedly end to end encrypted, how could this have been implemented? Meta should have no visibility into chat contents, although perhaps non text content is sent in the clear, which would be an interesting admission on its own, especially since CSAM and other illegal non text based content is also used as a justification to add backdoors to encrypted communications. Unless I'm missing something obvious, this seems like a very big deal, but would want to confirm the reporting before jumping to any conclusions. Signed Jeff. And for what it's worth, Jeff's note was similar to that from many of our astute listeners who have been paying attention and pointed out the same issue asking the same question, which amounted to Meta said that they were able to deal with the Apple zero day on the server side without requiring their clients the the, you know, the WhatsApp apps to be updated. But if all of WhatsApp communications are actually end to end encrypted, with the bad guys sending maliciously formatted PDFs to targeted victims, how would that have been possible? We got great listeners and they were 100 right. That's what's known in the industry actually, as a damn good question. Last week I I glibly and incorrectly assumed that they could just scan any PDFs for the deliberately malformed experts exploit, see that and refuse to deliberate. But they obviously can't do that. Meta should have absolutely zero visibility into any of the content being transacted. So to Jeff's and many of our listeners points, there's really nothing at all that Meta should have been able to do on the server side. The only thing I could imagine that perhaps explains WhatsApp that could be going on. Is it perhaps WhatsApp doesn't attempt to contain complete rendering code internally in the app. That is the app could be modular. It might be that PDF rendering code from the server is done on the fly in some circumstances. For example, the, the, the, the, the decrypted PDF might be sent to meta for, for rendering back into text. Or there might be a module in the. What in, in the WhatsAppa could have updated to fix the rendering problem themselves. But it, it ounds like maybe PDFs are actually being rendered at meta and that they fixed the bug there. And so, you know, that is a little bit of a glitch in the, in the end to end encryption. If PDFs actually go to Meta after being decrypted in order to have the PDF rendered, then that's something that would be worth pointing out too.

A

So let me, let me. There is one thing that you can do if you are using WhatsApp not about PDFs, but about encryption. I'm looking at my WhatsApp and in the chat backup there is an option off by default to end in end, end to end, encrypt your backup. So you could turn that on. So thanks to Darren Okey who pointed this out.

B

It's actually, maybe the problem is that it's off by default.

A

It's off by default, so maybe people should turn it on. Yeah, yeah.

B

Anyway, definitely a tip of the hat to our listeners who have been paying attention.

A

That's really interesting that there's, you know, so.

B

Well, either they're rendering it on their servers, which kind of is what it sounds like, or they're able to update a rendering module of WhatsApp without updating the entire app.

A

Right.

B

So I mean, I'm like explaining to, that I'm explaining around their claim that they're able to do this. It would be nice to know actually how they're able to do it.

A

I don't know.

B

Casey said. Steve just wanted to share today a neat tool from the EFF called Cover your tracks. Oh yeah, and it's at coveryourtracks.eff.org he says this is a useful tool for anyone who wants to test and better understand browser fingerprinting. He's had a co worker had shared news of a breach that didn't seem completely straightforward from Cyber News. And he gives the, you know, cybernews.com that I was analyzing when I had found this link to the EFF tool. Many articles from the Cyber News site seem to promote their own tools and and to engage users, mostly for advertising purposes, but one stood out since it correlated with the browser fingerprinting episode you recently shared. I would be interested to know your take on this site and tools like their password leak checker. I'm skeptical meaning of Cyber News's implementation that 16 billion credentials were leaked earlier this year. That does seem like a high number and skeptical of their recommendations, which seem biased. This dive gave me more reasons why I'm happy to be able to hear from you each and every week. I've been following your work since before the days you published the experiences. Oh yeah, with the once named Wicked Script Kitty and the adventures you had infiltrating the IRC site that was being used to dos your site. I won't tell you how old I was at the time, but boy, he said. But boy, those are classic. Can't count the number of times I've used and recommended Spin Right Security Now, Vitamin D, the Healthy Sleep formula, the picture of the week, and the many more things you share. Let's just say that even while on vacation I couldn't help but think about you and Security now while visiting Irvine and the beautiful surrounding area. Thanks for everything, kcc. Well Casey, thanks very much for your note. I'm so tickled that so many of my wanderings have been useful to you and your colleagues. I'm aware of the EFF's cover your tracks page, and in the past years we've talked several times about their earlier effort Panopticlick, which they released at version three level back in 2017. But the coveryourtracks eff.org org site and and that work is their latest and it serves as a perfect follow on to our recent discussion of browser fingerprinting. I just went there with my Firefox browser, which is running U Block Origin and Privacy badger. So both those two things U Block Origin and Privacy badger. The EFFS Cover your track site performs proactive fingerprinting of the same sort that's performed by tracking sites and shows what they are able to see. After auditing my browser, I'm going to share what that site showed me about my browser Leo after we take another break.

A

Okay, that's good and I will show it to everyone. But first, a word from our fine sponsor. I know we're doing zero knowledge. How about Zero Trust? Huh? How about that? That is the best way everybody knows to protect your business and threat lockers. The best way to do zero Trust Ransomware is killing businesses worldwide. You've seen it through Phishing emails, infected downloads, malicious websites, RDP exploits. You don't want to be the next victim. You don't want your business to be the next victim. Threat Locker's zero trust platform takes a and this is the key proactive deny by default approach. Deny by default. It blocks every unauthorized action, protecting you from both known and unknown threats. Zero days no one's ever seen before. Trusted by Global enterprises like JetBlue and the Port of Vancouver, Threat Locker shields you from zero day exploits and supply chain attacks and provides you with a complete audit trail for compliance. You know exactly who did what, when, where. You've got absolute compliance. ThreatLocker's innovative ring fencing technology isolates those critical applications from weaponization. It stops ransomware cold. It also, and this is super important, limits lateral movement within your network. Threat Locker works across all industries. It supports Mac environments. They have 24. 7 support based right here in the US and threat locker gives you comprehensive visibility and control. Just ask Mark Tolson. He's the IT Director for the city of Champaign, Illinois. We've talked about this. City governments are often targets of ransomware attacks. Mark doesn't worry. He says, quote, threat Locker provides that extra key to block anomalies that nothing else can do. If bad actors got in and tried to execute something, I take comfort in knowing Threat Locker will stop it. Stop worrying about cyber threats. Get unprecedented protection quickly, easily and cost effectively with Threat Locker. I mean really cost effectively. I was kind of stunned when I checked it out. It's very affordable. Visit threatlocker.com TWIT get a free 30 day trial. Learn more about how ThreatLocker can help mitigate unknown threats and ensure compliance. That's threatlocker.com Twitter we thank these guys so much for their support. They're really big fans of yours, Steve, and Security now, and we're big fans of theirs. So goes both ways. All right, let's.

B

Okay, so let's see. I go to coveryourtracks.eff.org with my Firefox browser loaded with UBlock, Origin and Privacy badger. The result page says, here are your cover your tracks results. They include an overview of how visible you are to trackers with an index and glossary of all the metrics we measured below. Our tests indicate that you have strong protection against web tracking. Yay. Okay, so they are they. They quickly divide this into three categories. Is your browser blocking tracking ads? Yes, it is. Is it blocking invisible trackers? Yes, it is. Is it protecting me from fingerprinting? Oh, they answer. Your browser has a unique Fingerprint. And they say note because tracking techniques are complex, subtle and constantly evolving, cover your tracks does not measure all forms of tracking and protection. They're, you know, they're here to make a point, but boy do they. They said your browser fingerprint appears to be unique among the 244,246 browsers tested in the past 45 days. Okay, ouch. So that's a bit shy of one quarter million visitors who have used cover your tracks over the past month and a half. And not one of those visitors browsers had the same fingerprint as mine.

A

Or mine as it turns out. But that's the, that's the thing you were talking about the other day.

B

Exactly.

A

It's almost impossible to prevent.

B

So for example, they check the headers that my user agent header says Mozilla 5.0 Windows NT 10.0 win 64x64 RV colon 144.0. Okay, that's 140. That's got to be the version number of Firefox. Then I've got Gecko 2010101 and yeah, Firefox 1 400. So that's my user agent header.

A

For some reason, almost everything identifies as Mozilla. I don't.

B

It's bizarre and it still is. You're right. Everything starts with Mozilla slash something and it's purely history. It's because. It's because the very first browser was Netscape.

A

Right.

B

And, and you had to have that in the user agent to tell the early web servers that you were a user based web browser, not some other robot or something. So it's just there, you know, everything has it. So they note that that user agent header as it is conveys 4.41 bits of identifying information. In other words, it is. And the reason bits can be fractional is, you know, log power of two reasons. The point is that 1 in 21.21 browsers share this value.

A

So it's already narrowed it down that much. Yes, just from that. Just from the user agent.

B

That one user agent of, of that. Of that 244 plus thousand browsers they've seen in the last 45, 45 days. My browser is, is, is. Has been reduced from that population to 1 in 21.21 of that entire set. And that's 4.41 bits in. In. In binary terms. Then we have another header, the HTTP Accept header, which contains another bunch of stuff. It tell. It says that, that, that the browser wants to re. Re receive HTML Text. It doesn't care about the, about the. The name and. And path name. It. It's able to use. It's able to unzip the data using qzip or deflate or BR or. Or zstd. It wants English as its standard language. And basically it says, you know, this is who this guy is. From this again from the standpoint of the server. And they note, okay, there's, you know that that's a lot of information to give that further presented nearly two bits. Nearly. So it was 1.91 bits of data. Two bits. Right. Would have been one and four. This is one in 3.76 browsers should have the same value my Firefox browser had. Then there's a list of plugin information. The, the. The plugins that the browser contains. I've got five of them. Plugin 0 through Plugin 4. Turns out not very unique. It only. All of that list of plugins was only worth 0.64 bits of identification. So I'm 1 in 5. I'm 1. I'm 1 in 1.56 browsers with that value.

A

Mine too. I've switched to ARC over here. And this is. It's funny, user agent is still Mozilla. It says it's an Intel Mac, which it's not. But okay.

B

Yeah.

A

So but just like you have four plugins which give it the same bits of identifying information.

B

Yeah. I've got time zone offset. That is something that my browser is announcing. That is what is my time zone. And that's worth 4.11 bits of information. So 1 in 17.31 browsers also have my time zone offset of 420, which is an interesting time zone.

A

Isn't that an interesting offset? I don't know what that is. That's an Elon Musk offset.

B

That's right. Also the actual explicit time zone says is set to America SL/ Los Angeles. Well that's good for 4.4 bits of additional discrimination among all the browsers in the world. So 1 in 21.05 browsers share that value. The screen size that I happen to be using, boy did that make me unique. I happen to be on. On a screen. It's that one of those curved wide screens.

A

Oh.

B

So it's 3840 by 1600 by 24 resolution. Interestingly enough, that's 11.65 worth of. That's a lot. Almost 12 bits of identification compared to all the other browsers visiting that. That eliminated that put me into a subset of 1 in 3213. 3213. Almost 214 browsers.

A

So that's bad, right? You don't want to be less unique, not more.

B

Yes. It's highly identifying for me to use that bizarre screen. So maybe use a Palm Pilot. I don't know.

A

Oh, just give up. As many system.

B

The particular system fonts you have that they're all listed there. So the. The server. I mean, this is nonsense. Why are our browsers blabbing that? I got, you know, Calibri and Cambria and Cambria Math and Comic Sans Mississippi and Consulus and Lucidity.

A

Yeah, that's crazy.

B

You know, it's like nuts.

A

But it's a great. Well, you know, that's because the website might do a query saying, hey, do you have Lucida Grants? Can we show the.

B

Exactly. Yeah, exactly. Oh, he's got Palatino Linotypes.

A

Oh, we love that one.

B

You know, let's use that. Anyway, that's good for 3.2 bits worth.

A

I still have wing dings on my computer.

B

I do too, via JavaScript. You and I both. And I'm a big Verdana fan, so.

A

I like Verdana.

B

Yeah, and. And there. And yeah. Anyway, so. Oh, and are cookies enabled? Yes. Although it turns out that doesn't help very much. Get this. Cookies being enabled, you have to have. That's 0.07% worth of discrimination. So only good for 1 in 1.05 browsers, basically everybody. Because if you don't have cookies, you're, you know, I don't know who. What you can do. And then what about the super cookies? DOM storage. Yes. DOM session storage. Yes. I. E. User data? No. Open database. No. Index DB. Yes. So that's good for not much. 0.18 bits worth of further discrimination.

A

Pretty normal there.

B

1 in 1.13. Yes. Pretty normal there. Then we've get the. Can the. The. The. The. The graphic canvas fingerprinting, which is really interesting. I'll explain what they say. They said a tracking site can perform a specific test on the HTML HTML5 canvas element. That's actually where you're able to draw on the user screen using JavaScript. They said this metric is the unique identification the tracker assigns to your browser after it performs this test. Canvas fingerprinting is invisible to the user. A tracker can create a canvas in.

A

Your browser off screen, not visible.

B

Yep. And generate a complicated collage of shapes, colors and text using JavaScript. Then with the resulting collage, the tracker extracts the actual bitmap Data about exactly how each pixel on the canvas is rendered. They said many variables will affect the final result. These include your operating system, your graphics card, your firmware version, things you can't change, you know, readily. Graphics driver version and installed fonts. They said this is a complex and very reliable fingerprinting metric for trackers. Slightly different images will be rendered due to small differences in video card hardware, drivers, operating system and installed fonts. So despite all that, not a lot of identifying information. 1.57 bits worth in my own browser.

A

Mine's 9.22. Mine's really interesting. Yeah.

B

Well, you got, you got. Probably have fancy stuff going on.

A

I do, yeah.

B

I was. I'm a generic intel video on an Intel NUC. So I share all of those characteristics with one out of every three browsers. Out of that 244,000.

A

Mine is one out of 595 browsers. Wow, that's interesting.

B

That's because you're fancy.

A

The higher that number the worse because.

B

You'Re more unique, you're more, you're more able to discriminate. They're able to discriminate you from other browsers.

A

But wait till you see my WebGL fingerprint. Boy, oh boy.

B

Again, mine's not very fancy because I'm just using an intel, you know, built in graphics thing. I'm 1.72 bits and so I'm left. I'm about one and three and a third. Browsers.

A

10, 656 browser.

B

They're tracking you so bad. I am now. Wow.

A

And that's value for just this fingerprint. So remember, we got to combine them all. Right. To get a really good. Pretty good.

B

Just this component of your fingerprint. Yes. So that's a lot of bits they got on you.

A

Not good.

B

Also WebGL vendor and renderer there because that. There are so many possibilities. That's a lot more identifiable. I'm at 6.32 bits. So I'm about 1 in 80 browsers share my particular combination for WebGL vendor and renderer. And what you're what, A little higher.

A

Than that one in 1400 10. 10 and a half bits.

B

Yeah. And then we, we both have the DNT header enabled fools that we are.

A

Ironically turning that on gives them more bits of information.

B

Yep.

A

Most people don't do it. Only half, half of the people do.

B

It exactly where you can. You just want to kind of blend in with the herd if possible in order to be less identifiable. Language being English, that wasn't. That was less than a bit worth. So 0.87 for me and 86 for you. It thinks I'm a. My hardware specs. It thinks I'm on a. It says, you know, platform win 32 1.29 bits. Touch support is less than a bit. Interestingly, the audio context fingerprint for me was way up. I mean it. It. Well, not up in terms of number. It turns out that whatever the audio context fingerprint is, the, the value they got was 35.7499-720938-50374. Whatever that is. It's only worth a little over two bits. 2.27 bits of, of. Of specificity there.

A

You probably have a very common audio.

B

Card then codec Again, it's the one built into the intel nuc. So I bet that is. Yep.

A

Yep.

B

And yours is somewhat real.

A

Mine's yeah, because it's a Mac. So it's just by virtue of being a Mac, it's less common. Yeah.

B

So anyway, what we. So what we have with all these many parameters is that, you know, although none of them taken alone would be super useful for identifying a single browser, but when you contribute, when you concatenate all the effective unique bits that each of those parameters offer, you end up. In my case, they've never seen. That site has never seen in the last 45 days and more than 244,000 browsers nobody else has come along to with exactly the same combination.

A

That's good.

B

They don't need a cookie, they don't need anything else to know who I am.

A

You're one and a quarter million.

B

That's not good. And so that. So our takeaway here is that, you know, and I've got ublock origin and privacy Badger.

A

Doesn't matter.

B

It said you're blocking ads, you're blocking trackers.

A

Yeah.

B

Doesn't matter.

A

Yeah.

B

Our fingerprinting, tracking, today's tracking technology has become serious. It's become that serious that you know, unfortunately it's JavaScript and remember I talked about this last week I tried turning off JavaScript for a third party. Where the. The site I would go to, they could run their own JavaScript on my page, but not any third party, not any advertisers. I was immediately unable to make a restaurant reservation. Just couldn't because unfortunately today's web pages are pulling technology from everywhere else. Nobody does their. No like rolls their own reservation system. They use OpenTable. Why. Why reinvent the wheel? Or. And, and they use Salesforce for this and they use OAuth for that. And they. I mean they just use technology from everywhere. Everybody wants to run their script on your browser and trying to turn off third party scripting breaks immediately. And it's third party scripting that the advertisers are leveraging to generate these super unique fingerprints. And as we found out last week when we talked about this, they are using the fingerprint to regenerate a cookie. Cookie is still the gold standard. They want to get a cookie because nothing's better than that. But if you delete them or change browsers or while you're on the same IP or on the same machine, they can still lock onto to your, your altered but identifiably changed fingerprint and recookie your new browser or refresh a cookie that you just deleted. You know, I kind of understand, Leo, why you've given up. Yeah, because.

A

Yeah, like, you know, ironically, if you use no script, that probably narrows it down even more, right?

B

Yeah, nobody does that. So you'd be one in a, in a bazillion. Yeah. Because you can't turn, you can't turn off scripting any longer.

A

So it's kind of counterintuitive. But the more protections you have, probably the more identifiable you are.

B

Yeah, the, the, the more generic you could be. Yeah, the, you know, you would like to have a browser where they said, well, we don't know who you are, but you know, half the browsers that came by look the same as you.

A

That would use Edge, no plugins, run your screen at 1920 by 1080. You know, I mean it's things like that, you know, it's. Yeah, it's things you don't want to do, frankly.

B

Okay. And our last bit of feedback, Paul, said. Steve, listening to yesterday's podcast and the type memory overflow paragon used for WhatsApp PDF attacks made me wonder something. If all interpreters were rewritten in memory safe languages, would they be problem free or just have a way smaller attack surface? I'm not sure if the problems with interpreters have historically been memory safety related or other problems like input sanitation not being checked. If it is input related, from my understanding, that would not be fixed by memory safe languages. Thanks Paul. So that's a terrific question. I think the fairest way to evaluate this would be to observe that the problems with interpreters have historically been the same as the problems with any other class of code. So same mix of problems, but that interpreters tend to be problem magnets due to the particularly large attack surface they present. It is an interpreter's inherent nature to be heavily directed by the content of the data they're interpreting. That's the unique characteristic that makes interpreters interpreters and inherently more prone to abuse. There's much greater opportunity for their abuse by way of of abusing the formatting of that data. By comparison, for example, code whose functioning is inherently independent of the data it is processing is in is going to be inherently far less vulnerable. So yes, the benefit derived from writing interpreters in memory safe languages would likely be significant, not because interpreters are necessarily more prone to the problems that are often resolved through the use of memory safe languages, but because interpreters are just generally so much more prone to all problems of coding. And memory safe languages have been shown over and over to be terrific for preventing one large class of memory related coding mistakes. Another way of expressing what Paul suggests is that if one wanted to begin the work of rewriting a large body of code in a memory safe language, a great place to begin that work to quickly realize the largest increase in security and operational integrity would be anywhere the functioning of the code is subject to the specific contents of its data. That's the nature of interpretation and the location of an historically oversized percentage of coding mistakes. Like, you know, through time. So you know, if you've got a big project, you're saying, hey let's, let's recode this in Rust or Java or something. First recode the interpretation part of that large object. If there are, if there are some, you know, that's going to be where you're, you'll get a large amount of leverage from that recoding effort. Okay Now Leo.

A

Yes.

B

And our, our listeners after this next final sponsor. This is where I think our listeners would have fun if they involve their kids. Because we're going to have some fun.

A

This is our zero knowledge segment coming up.

B

I can tell Introduction to Zero Knowledge Proofs. There are some fun thought problems here.

A

This will be good for me too. I have a childlike brain, so this should work very well for me. We'll see. Stay tuned. This episode of Security now brought to you by US Cloud, the number one Microsoft Unified support replacement. Now we've been telling you about US Cloud now for some months. I hope you hope it's registering because I think the name doesn't immediately tell you they are the Global leader in third party Microsoft support for enterprises now support 50 of the Fortune 500. And there's a good reason for this. Switching to US cloud can save your business 30 to 50% over Microsoft's overpriced, underperforming Unified and Premier support. I say overpriced, okay, maybe you'll understand that. But yes. Did you know US Cloud is actually twice as fast as Microsoft in average time to resolution? That's what I mean by underperforming. U.S. cloud is twice as fast. And now they're going to live up to their name because they're going to do something I doubt Microsoft would ever do. They're going to tell you how you can save money on Azure. Yet Microsoft does not want you to save money on Azure. US Cloud is excited to tell you about a new offering. This is their Azure cost optimization services. I mean, look, if you're like me, if you're like any business, you probably don't pay that much attention to your Azure usage. It's really handy, right? It's really useful. If it's been a while though, you probably have some Azure sprawl, a little, I don't know, spend creep going on. I bet you do. The good news is saving on Azure is easier than you think. With US Cloud. US Cloud offers an eight week Azure engagement powered by VBox that identifies key opportunities to reduce cost across your entire Azure environment. With expert guidance, you will get access to US Cloud senior engineers. This is another way they're better by the way. They hire the best people. With an average of over 16 years with Microsoft products, this is the creme de la creme. At the end of those eight weeks, your interactive dashboard will identify, rebuild and downscale opportunities and unused resources. Which means you can reallocate those precious IT dollars towards. Well, there's always something, right, needed resources, whatever it is you need. Although if you want the savings to continue, you might take a look at investing your Azure savings in US Cloud's Microsoft support. That's what a few US Cloud's other customers have done. Completely eliminate your unified spend. And remember, you're going to save 30 to 50% by doing that. So the savings just pile up. This is what Sam did. He's the technical operations manager at Bed Gaming B E D. He gave us Cloud 5 stars, said, and this is the quote, we had found some things that had been running for three years which no one was checking. These VMs were, I don't know, 10 grand a month. Not a massive chunk in the grand scheme of how much we spend on Azure. But once you get to 40 or $50,000 a month, it really starts to add up. This is the great solution. Stop overpaying for Azure, identify and eliminate Azure creep and boost your performance all in eight weeks. With US Cloud. I mean, why wouldn't you visit uscloud.com and book a call today to find out how much your team can save? That's uscloud.com to book a call today. Get faster Microsoft support for less. It's better too. Faster Microsoft Support for less. USCloud.com we thank him so much for supporting Steve and his good works here at Security Now. All right, you say it's not a propeller hat, but I'm gonna. I'm gonna gird myself.

B

We're gonna have fun.

A

Okay?

B

Okay, so first off, a little bit of background here. The recent issues surround the reason we're talking about zero knowledge proofs is these recent issues surrounding the growing pressure to create some means of providing online age verification, with its accompanying worrisome implications for privacy has brought a somewhat obscure but quite interesting bit of academic technology into the foreground. This area of study and recent developments for computers is known generically as zero knowledge proofs, sometimes abbreviated ZK proofs or just ZKPs. Now, as we know, when discussing cryptographic protocols, as we've often done here, and as is typically done in the literature, the various participants are given representative names. Alice is typically the initiator of a communication. Bob is typically, you know, A and B. Bob is the recipient of that communication. Eve is the name given to someone attempting to eavesdrop on that communication between Alice and Bob. Mallory is a malicious attacker, or maybe Mallory in the middle. And if additional participants are needed, we for multi party communications, we typically bring out Carol and Dave to be the C and D of the A, B, C and D group. Now, for today's discussion, we're going to introduce two new characters who we've never used before. Peggy is someone who wishes to prove something, and Victor is the verifier of what Piggy wishes to prove. Or maybe Victor is the person that Piggy needs to convince of something. Though she. She makes an assertion, she's trying to convince Victor. So we have Piggy and Victor. Now, a formal description of any zero knowledge proof is pretty short. It reads something like this. It would say a zero knowledge proof is a protocol by which one party, the prover, can convince another party, the verifier, that some given statement is true without conveying to the verifier any information beyond the mere fact of that statement's truth. So it's an interesting problem.

A

Yeah.

B

In other words, the verifier learns nothing beyond the truth of the assertion that the prover wishes to make.

A

I am over 13, for instance.

B

Okay. By comparison, you Know, you know, instances of what we might term a knowledge based proof as opposed to a zero knowledge proof. You know, you know, they're all around us, right? Someone can prove their assertion of some information simply by revealing it.

A

I know this.

B

I'm. I'm over 13. Look at me, right?

A

Or look at mine, right? Yeah. My identity card or whatever.

B

Yeah, so, so, so there you're giving the person information beyond your assertion that you're over 13.

A

And we don't want to do that.

B

Right. The tricky zero knowledge proof part is to prove this. This the, the, the possession or prove the assertion is true while not revealing any information or any aspect of it. So the formal requirements for true zero knowledge proofs are actually even higher than this. Because we want true zero knowledge, there should be no knowledge received that can get this LEO that can be passed on to a third party. That is, Piggy may prove something to Victor, but not. But Victor doesn't gain anything that allows him to prove it to someone else. So there, there's an. Actually an even higher bar. You know, the verifier in this setting, even after they've been convinced of the truth of the prover statement, should nevertheless be unable to prove that statement to any other third party. So sub zero knowledge proofs can be interactive, meaning that the prover and the verifier exchange messages following some protocol. I'll share, I'll show that we're gonna, we're gonna look at three examples. The first, the first and the third use Piggy and Victor. The second is, is an interactive. Well actually the second, third are both interactive. So I titled today's podcast Introduction to Zero knowledge Proofs because I wanted to start everyone thinking about this. What is really a fascinating realm without yet getting bogged down and mired in cryptographic esoterics. And it turns out it's not necessary since there are some very cool physical examples that we're going to look at, which should serve to get everyone thinking about this topic broadly. Also, although computer scientists are excitedly talking about zero knowledge proofs being useful for the online age verification problem, you know, at best ZKPS will only be one useful part or one needed, one required part of the solution. So, you know, yes, people are talking about this in, in the zero knowledge proofs regarding age verification. But to me the problem mostly, the problem of age verification mostly involves somehow linking a person's verifiable date of birth to an unspoofable biometric. You know, once you have that, a zero knowledge proof could be used to prove an assertion of age without revealing anything more. Or maybe the, the way it's used is you need to convince your iPhone that you're older than 18, but you don't want Apple to know anything more about you. Then the biometric is used for, for Apple's iPhone to disclose its belief of that to a third party. And so you managed to share nothing with Apple, yet you have convinced Apple that you're over 18. So then it's able to convince other people who ask. So we got a ways to go. It's not like this zero knowledge proof business is just going to solve all of our problems. Okay, so I want to make absolutely certain that everyone appreciates this is not some sort of magic. Again, age verification technology, it'll just be part of a much larger system. But it is arguably a requirement. If for example, you would like Apple to be able to assert your age without telling Apple anything more, that's where the zero knowledge would come in. So our goal today is to develop some sense for what it means to have a zero knowledge proof system. Okay, so we're going to look at, as I, as I said, three examples. So let's give, so what do we mean by zero knowledge proof? Let's give it some context. A perfect place to start is a classic ZKP demo known as Where's Wally? Now imagine that there's a large sheet of paper, say 2ft by 2ft, and printed on this sheet is a solid mass of tiny line drawn cartoon characters of various colors doing various things. And somewhere hidden in plain sight is Wally. But nothing obviously distinguishes wall E from any of the other characters. And there is so much going on. I mean this sheet is covered with these little guys doing stuff. So much visual noise printed on this. Now it's, since it's 2ft by 2ft, that's 4 square feet of, of of paper that even knowing what Wally looks like, even being able to recognize him if you saw him, there's just no way to find him. Hiding in plain sight, as it were, among everything else that's going on.

A

Okay, he's not wearing a funny hat and striped knickers. He's completely normal.

B

Or everybody else is too. Oh, I mean it's just a, just a, just a confused. Just exactly blends in hidden in the noise. But Piggy, the proverb in our zero knowledge proof example, she knows where Wally is and she wants to prove to Victor the verifier that she knows. Now before this, Victor has been visually scouring this four square foot sheet of paper. Over and over, he's looked everywhere multiple times until he's become convinced that Peggy is full of it and that there's no Wally printed anywhere on the sheet. Peggy claims otherwise. She says, oh yeah, I know where he is. She's rather proud of her discovery, and she's become somewhat annoyed with Victor, claiming that she's not telling him the truth. So she's decided she's not going to show him where Wally is. Well, she wants to keep Wally's location a secret from Victor, even after proving not only that Wally does exist on the sheet, but also that she knows where Wally is. If she can pull this off, it's going to further drive Victor nuts, because he'll know for sure that there's a Wall E there somewhere, but still have no idea where.

A

I like this game.

B

So how does Piggy create a zero knowledge proof of Wally's existence on the sheet of paper while keeping his location secret? She gets another much larger sheet of paper, double the length in each dimension, so it's 4ft by 4ft. And in the center of that larger sheet, she cuts a small hole the size of Wally on the printed sheet. She positions the top cover sheet while Victor is out of the room, of course, over the printed sheet, with Wally's image visible through the hole, there's Wally looking at what Piggy has done. She invites him in and says, okay, I'll prove to you that there's a Wally here. So Victor comes in the room. Victor cannot deny now that there's Wally. She's proven that.

A

Yes.

B

And the fact that Piggy was able to place the large cover sheet over the printed sheet so that Wally's image appears through the little hole in the center of the COVID sheet further proves that Peggy knows where Wally is on the printed sheet. But thanks to the fact that the COVID sheet is twice as long in each dimension as the sheet it's covering, the printed sheet would be covered up no matter where on that lower sheet Wall E was printed. Peggy has accomplished her task. She has definitely proven to Victor that Wall E exists on the original printed sheet, while giving him absolutely no information about where Wally might be. Peggy the prover constructed a zero knowledge proof of Wally's existence and that she knows his location. There's something else worth noting here which is part of the definition of zero knowledge proofs and which can be important in some applications. As I mentioned before, although Victor is now utterly certain that Wally does exist and that Peggy does know where Wally is, Victor's still unable to now prove that to anyone else. Because he still can't find Wally.

A

Right?

B

He, Peggy made him leave. She took the, the top sheet off, he came back. He's still pissed off now because he knows Wally's there somewhere and he absolutely knows it. But he can't prove it to anybody else either. Okay, so next example. This next example demonstrates some other properties of this interesting realm. We've got two competitors. They have so far each been allowed to purchase some number of a rare and precious item from a common supplier. They want as much as they can get. They've each been allowed to purchase a certain amount. The supplier claims that both parties have been allowed to purchase the same number of these items. But as part of the purchase agreement, the supplier made them sign an NDA, a non disclosure agreement, which has bound them to keep the number of items they were each sold a secret, especially from one another. They're not allowed to divulge to anyone, especially each other, how many they have been allowed to purchase. The supplier says, I've sold you both the same amount. If they violate that NDA, they will lose any opportunity to purchase any more of these precious items in the future. The problem is their competitors. They need these things and they don't trust completely. The suppliers claim their assertion to have sold them so far the same number. So they want to verify, or in this case, to prove, that they have both purchased the same number of items without breaching their NDA and revealing the number of items each has purchased. The items, as it turns out, are only sold in lots of 100. So they may have each purchased 100, 200, 300 or 400 of the items. They know how many they have purchased, but they don't know how many their competitor has purchased. And neither of them is allowed to reveal their purchase quantity to the other. What they want to know is whether the seller has told them the truth. Just that, the truth about having sold them each the same number of units. Yes or no. What they need is a zero knowledge proof. And over drinks one night, they devise a way to accomplish this. They get four identical small lockable boxes, each having a differently keyed lock. So four box, four lockable boxes and four keys, one, one for each box. Into the top of each box they cut a small slit through which a piece of paper can be dropped. You know, like a little ballot box. The four boxes are labeled 100, 200, 300 and 400, corresponding to the number of items each has been able to purchase from their common supplier. And each box is locked with its respective key which is left in the lock. And all four boxes are placed alone on a table in a room with a door. They also prepare four slips of paper. One piece, one slip of the paper has a big green check mark on it, and the other three have a big red X. The two competitors gather outside the room containing these four boxes, and they flip a coin to decide who's going to go first. The winner of the coin toss enters the room and closes the door behind him. He goes to the box which represents the quantity of items he has purchased. 100, 200, 300, or 400. He removes its key and places it in. In his pocket. He also removes the other three keys from the other three boxes. So now all the boxes look the same, right? They're just. There are three. There are four locked boxes. There's no keys. He. He leaves the room, closes the door behind him. Then together, the two of them destroy the three keys for the other boxes, which will never be opened. Okay? And that first guy has kept the key for the one box that corresponds to how many items he's purchased. Next, the other competitor takes the four slips of paper into the room and closes the door behind him. He drops the slip of paper having the big green check mark into the top slot of the box, which corresponds to the quantity of items he has been allowed to purchase from their common supplier. Again, 100, 200, 300, 400, whichever box. And he drops the three big red X slips into the other three boxes. And then he exits the room and closes the door. Finally, the first person who removed and retained that one key from the one box, which only opens the box corresponding to the quantity of items he has purchased, enters the room and closes the door. He. He goes to that box. He returns to the box for which he has the key and use it. And that's. That's the. That that key will only open that box. Uses the key to open the box and withdraws the slip of paper that box contains. He relocks the box so now they're all locked again. And exits the room with a slip of paper and shows it to the competitor. Only if the box he had the key for was the same box as his competitor dropped the green check mark paper into, will he have been able to successfully withdraw a piece of paper containing a green check mark. And in that case, they will have confirmed to each other that they have each been able to purchase the same quantity of items from their shared supplier. In other words, if the first competitor withdrew a slip of paper with a red X, they will both know that they had been lied to by their seller. But that is all they know. They only get a yes or no. They don't learn anything else. Neither of them will have learned how many of the items the other has been able to purchase. So they will not have discovered, they will not have disclosed that to the other and thus will not have breached their purchase agreement. They did not breach their agreement. They did not breach their NDA. If they, if they don't know how much. If, if they learn if, if they, if, if a red X gets pulled out after that, that, that third round, they only know they did not, they have not both purchased the same amount of, but not how much. So there again is. That is an interactive zero knowledge proof where nothing is learned, no information is gained other than the. The. The verification of an assertion. Okay, and for the third example, we're going to look at one that involves statistical proof. This is another famous thought experiment often referred to as Ali Baba's Cave. And for this we return to Peggy and Victor. A cave is discovered which has an odd shape. It has a cave tunnel shaped in a ring with an entrance in the side of the mountain on one side of the ring shaped tunnel and a locked door which completely blocks the tunnel at the opposite. Deep inside the mountain, the opposite side of the ring. So the locked door, which is far away from the tunnel's opening from the outside, cannot be seen since it's deepest in the back of the ring tunnel. Peggy, who returns as our prover, claims to have discovered the magic word that can unlock the door from either side. But once again, Victor. Oh, Victor. He's skeptical before this. Victor. And it's understandably why he's skeptical. He had tried every word he could think of. No matter what he says to the door, it remains stubbornly locked. He doubts Peggy's claim to have discovered the magic word. He thinks, you know, he knows all the words that she knows. And especially all that business with Wally. He's a bit more annoyed than ever with her. For her part, Piggy is willing to work to convince Victor that she knows the magic word. But she insists upon doing it in a way that cannot also be used to prove it to anyone else. Remember, that's part of our, our, our. Our goal here is not being able to. To prove what is proven to the Victor, the Verifier to anyone else. So, and, and this is a problem. For whatever reason, that's crucial because, you know, Peggy wants to keep this secret. She's willing to prove it to Victor. She doesn't want Victor to be able to go off and and prove it elsewhere. Remember, the formal requirements for zero knowledge proofs are that the the. Even if the verifier has been convinced of the truth of the prover's statement, it the verifier should nevertheless be unable to prove the statement to any other third party. Okay, so if Victor and Peggy were to simply stand at the cave's opening with the two tunnels heading off in opposite directions, clockwise and counterclockwise around the ring, and if Peggy were to go down one path, say the magic words to the door, and then a few minutes later emerge from the other path, Victor would obviously be immediately convinced that Piggy had to have been able to open the door with the magic word because the only way she could have completely circumnavigated the ring Tuttle would if would be if she was able to open and pass through the magic word door. But if Victor were to record Piggy's accomplishment with his phone's video camera, or if someone other than Victor happened to also be standing there too, watching Piggy do this, either of those would constitute incontrovertible proof of Piggy's grasp of magical cave door operation. And that would be unacceptable to her. She refuses to do that. She's willing to convince Victor, but you know, you know and, and you know she's stubborn. We've already seen her use a large sheet of paper to frustrate Victor. Piggy's pretty clever. So she's come up with a way to prove to Victor and Victor alone that she can pass through that door at the far back side of the Ring tunnel cave, while at the same time preventing a video recording from creating solid evidence or even evidence for someone standing by and silently observing the same thing that Victor observes. Once again, Peggy and Victor stand at the mouth of the cave with the two tunnels diverging in opposite directions. Inside the mountain, Peggy has Victor turn around so that she is unobserved and has him start counting down from 10. She keeps her eye on him while she disappears from sight down the tunnel of her choosing. Once Victor's count reaches zero, he turns around and shouts into the tunnel that he wants her to and, and, and, and shouts like, you know, into both tunnels the specific tunnel he wants her to emerge from. If Peggy happened to go down that side of the ring, she simply retraces her path and comes out the side that Victor asked her to. But if she went down the other side, she must use her magic word to open the door and emerge from the path Victor has requested. So what do we know? And what does Victor know at this point? What we know is that there's a 5050 chance that piggy may have initially gone down the same path that Victor asked her to return from. So she would not have needed to use her magic word. Victor knows that she got it correct once because he's only asked her once so far. But of course that might have just been beginner's luck. So they do it again. As before, Victor turns us back, counts down from 10, which is what Peggy insists upon. Peggy herself chooses a direction, gets to the door and waits for Victor to shout out which path he wants her to return from. Since Peggy does know the magic word, she is always able to succeed. But if she did not know the magic word, and if they kept playing this game, the chances get greater and greater that Victor will ask her to return on the path opposite the one she went down. And Victor will have his, well, his victory of proving that she never did know the magic word after all. Now we know how the statistics of this go. Right. One test is a 50, 52 tests where both must be correct. Assuming an equal probability of outcome is 1 in 4, there's a 1 in 4 chance, if Victor and Peggy do this twice, that Peggy could just get lucky, not know the word, but choose the right path both times. There's a 1 in 4 chance of that. Three tests reduces the probability to 1 and 8. Four tests, 1 in 16. Then we get to 1 in 32, 6412-825651-21024, 2048, 4096 and so on to get to 4096. One chance in 4096. That only requires 12 runs. So if Piggy did not know the secret door opening word, there would only be one chance in 4096 of her being able to get the path correct. Or all 12 times. Before long, annoying as he may be, Victor will give up and admit that Piggy must indeed be able to cross that door's threshold. Either that or she is incredibly lucky and just should go to Las Vegas. So how has this statistical variation solved Peggy's concern about keeping her magical locksmith abilities unproven to anyone else. Assuming that a camera or an observer were to turn around and be unable to see the path she took, which is the obvious requirement. Just as she has required a Victor, there would be no way for a video recording or an on the spot observer to know that she and Victor were Not conspiring. By having prearranged the sequence of tunnels, Victor would call out and Piggy would choose to return. Would choose to go down and then return from. They could have some system like take a famous phrase, ask not what you can do for your country, where a vowel in the letters of that of the words of that phrase means take the left tunnel. And a consonant in the words of that phrase means go down the right. This would allow Victor and Peggy to stage the entire event for an audience and gives Peggy the plausible deniability that she requires. And if confronted by someone who stood there or watched the video, she could say how gullible are you? Victor and I simply pre arranged the sequence of tunnels. Why else do you do you imagine I didn't just let people directly observe which path I took? It was so I could stage the whole thing. So she has plausible deniability. And you'll note that assuming that that she and Victoria did not stage the entire thing, Victor would be unable to convince the observer that she. That. That he and she did not stage it. He has no way of. He knows he was choosing paths at random, but he has no way of proving the knowledge. He now has that Piggy has the magic word to anybody else because only he knows that it was actually random. Everybody, everybody else is saying, yeah, sure, you know, we know you guys cheated somehow. There are many other physical world constructions involving colored balls and. And decks of cards. But anyway, everyone should now know by. By now have a good idea for what we're talking about. There are clearly ways to prove some statement or assertion involving other conditions without disclosing any other information about those conditions. The proof can be made while leaking zero knowledge. As an academic pursuit, a great deal of time and attention has been devoted to the formalization of zero knowledge proofs. A zero knowledge proof of some statement must satisfy three properties. The the property of completeness. Completeness means if the statement is true, that an honest verifier who's following the protocol properly will be convinced of this fact by an honest prover. Then there's the statement of soundness. If the statement is false, then no cheating prover, no matter what they do, can convince an honest verifier that it is true, except with some acceptably very small probability, like we saw with the Cave. And thirdly zero knowledge. If the statement is true, then no verifier learns anything other than the fact that the statement is true. Peggy said, Wally's there somewhere. Victor said, no, he's not. I've looked everywhere There he, you know, you're making that up. She showed him Wally through a little hole in the paper. Victor's like, wow, okay, you're right, he's there. But after she removes the paper, Victor still doesn't know where Wally is. He's, you know, he's no wiser afterwards, but now he's really upset because he knows he's there somewhere and he can't find him. So the statement is true. The no verifier learns anything other than the fact that it's true. You know, in the case of our competitors, they only learned whether or not they had both purchased the same quantity of goods, yes or no. And if not, they didn't learn anything about who was able to purchase more than the other. And later, finally with the cave, Victor was only ever able to convince himself that despite himself trying all the words he could think of, Peggy must indeed know the magic cave door opening word. And she was willing to prove it as many times as he needed to.

A

Her.

B

Needed her to prove it to him until he was convinced. So those first two properties, completeness and soundness, are generally true of many interactive proof systems that they're not really anything special. If the assertion is true, the prover will be able to convince an honest verifier of this. If the assertion is false, it's not possible for a prover to fool the verifier into believing it's true. But it's the third property, zero knowledge, that the verifier is unable to learn anything other than the truth of the assertion. That's where the magic happens and turns the proof into a zkp. So zero knowledge proof technology is around and it is currently in use for many privacy centric purposes. It's used anywhere. It's necessary to prove an assertion, you know, like the knowledge of a username and password, but without revealing anything about the username or password. It may be eventually, you know, it may eventually lie at the heart of some future age verification system suitable for use by the Internet and elsewhere. But as I started off saying at the top, I'm not holding my breath because a great deal of supporting infrastructure will be needed beyond just the zero knowledge proof mechanics before we have anything that we can apply this technology to. But anyway, no next time at your the, the next time that you're at a cocktail party, if those are a thing any longer and you're, you know, being annoyed by someone who's asking what you do, you can have some fun talking about Wall E and magic caves and probably Be left alone pretty quickly at the party.

A

Well, that was, that was fun. I. I feel like there should be some sort of mechanical way of generating zero knowledge proofs, but I think you just have to think really hard. Right. I like the box one.

B

Yeah.

A

I'm not crazy about the cave one. Only because it depends on probability.

B

Correct?

A

Yeah.

B

Correct. Yep.

A

So that to me is. Well, I mean, it's pretty good. The one about the sheet, she could have a second sheet that she put over the first sheet that had Wally and then put the third sheet on top of the second sheet. He wouldn't know. So the box is the best one. But still, I feel like there's something we. We should. I mean, it's good. I like these. How would you apply that to age verification, you think? Is there a way?

B

I have no idea.

A

Let's think about that. Right in to Steve. And if you want to get onto Steve's mailing lists or send an email, you gotta go to grc.com email there's two parts to that page. First part is you submit an email address that you'd like to use with Steve. It has to be the one you'll originate email to Steve from. That way he will whitelist you so you can automatically send him email. So do that and then tell us how would you apply ZKP to age verification? Because that would be good. That would be useful. The second part of it is below that part there are two unchecked checkboxes. Those are for Steve's newsletters. One is the weekly show notes newsletter for this show, which everybody should get because if you listen to the show, it's great to have those ahead of time, you see the picture, so forth. So on the second checkbox is a much less frequent kind of occasional emailing. That would be an announcement, for instance, that there was a new product from GRC.com like the long awaited DNS benchmark, which is imminent, right?

B

Yep.

A

Okay.

B

Working on it.

A

Steve does not work to anybody. She has no masters. He works at his own pace and will it'll be ready when it's done. In the words of Michelangelo, all I.

B

Can promise is it'll be good and.

A

It will be good and bug free when it's done in assembler. Let's see what else. Oh, While you're@grc.com you might also want to take a look. First of all, he has the podcast, but he has unique. Everything Steve offers is something we don't offer. So on our website, Twitter, TV, SN, we have a 128 kilobit audio version. And we have a video version. Steve marches to the beat at a different drummer. He has a 16 kilobit audio version. Nice and small. Little scratchy, but small. He also has a 64 kilobit, which really should be the default version, but for technical reasons we don't offer that anymore because Apple squinches it, et cetera, et cetera. But Steve does. So that's really all you really need. That's a good quality 64 kilobit audio. He also has those aforementioned show notes which are very handy to read along while you listen. He also has human written transcriptions. This is not an AI. This is Elaine Ferris, court reporter. And she does this all. It takes her a couple of days. But those are really useful either for reading along while you're listening or to. I often look at the show notes while you're talking, Steve, to kind of, kind of get it into my head. It's actually useful to read along as he's talking.

B

Well, you want to see a picture of the dog and I.

A

And I'm always looking for the things I might want to show on screen. Exactly right. He, he also has the show notes, transcriptions. He's got it all there. And really, most importantly, he has his bread and butter. The thing he, he lives on. The, the. The sandwich for his, for his.

B

The raison d'. Etre.

A

The raison d'. Etre. The, the ham that he puts in his sandwich. It is of course, Spin right, the world's finest mass storage recovery. In fact, it's the only one really. Performance enhancer. And, and what else does it do? It does recover. It does recovery, performance sensing and, and checking. Look, if you've got a disk, if you've got an ssd, you gotta have spin, right? Go get yourself a copy. 6.1 is the current version. I don't know why I've forgotten that phrase that I say every single time.

B

It'll come back.

A

Anyway, let's see what else. Oh yes, you, you know about our website. If you go there also, you'll see a link Twitter TV SN to our YouTube channel that you want to keep that in the back of your mind because if you hear something like you want to tease your brother on zero knowledge proofs, you can just clip that part in the YouTube and send it to him. Everybody can see YouTube. It's a great way to share, you know, the wealth, share the information you glean from security. Now you should also probably subscribe in your favorite podcast client, whether it's pocketcast or overcast or Apple podcast, whatever it is, so that you get it automatically, then you don't have to think about it. Audio and video versions available. We record this show right after Mac Break weekly, which is usually Tuesdays, 1:30 Pacific, sometimes a little later, depending if Mac Break Weekly goes long as it did today. 1:30 Pacific, 4:30 Eastern, 20:30 UTC. You can watch us live in the club, of course, Club Twitt members get that behind the velvet rope access. They get content before and after the shows and stuff like that. If you're not a member of Club Twit, 10 bucks a month ad, free versions of all the shows. It's a really good thing. Lots of special. We got a busy week. We got Micah's Crafting Corner. Tomorrow, Thursday, Paris, Jeff and I are going to do a special interview, pre recorded interview of the woman in charge of Gemini, the Google AI AI. Yeah, that'll be really interesting. And then Friday, Richard Campbell's building his new PC and I said, richard, let's do this on the air. So he's going to do it for the club members. I will be kibitzing. So we've got a busy week this week. Club members get access to all of that on the Twit plus feed or even live if they want to watch. So please join the Club Twit tv. Club Twit, that's by way of a plug. But you don't have to watch live, obviously you can download a copy of the show. I think that's all I need to say except thank you for joining us and we hope we'll see you next week on Security Now.

B

Right. Oh, for episode 1035.

A

It's amazing. It's a miracle. Security Now.