Security Now 1034 transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show

0:00:00 - Leo Laporte
It's time for security now. Steve Gibson is here. We've got a great show for you. First of all, I am stunned, but it turns out. All of this noise about how quantum computing is zipping right along and quantum factorization is BS, steve explains he's also going to talk about a new, the final, I think, volume of one of our favorite sci-fi series, and then an introduction to zero knowledge proofs. This is going to be a fun one for your brain. It's all coming up. Next on Security Now Podcasts you love.

From people you trust. This is Twit. This is Security Now with Steve Gibson, episode 1034, recorded Tuesday, july 15th 2025. Introduction to Zero Knowledge Proofs. It's time for Security Now, the show where you, dear, dear listener, get filled in on everything going wrong in technology, what the hell is going on what could possibly go wrong with this man right here, mr steve gibson, who is a font of knowledge. Without him, we would be wandering in the wilderness.

0:01:18 - Steve Gibson
Thank you for being here happier than you are now, but still, yeah, maybe a little hungry might not be so scared, but ignorance is not bliss.

Oh, are we gonna have fun for the next couple hours, leo. We have a. The long-awaited little. Did we know we needed it until it arrived? Serious takedown of all quantum computing factorization nonsense. Really, yes, none of it is true. Oh no, it has never worked. It doesn't work. It has never worked. They've all used deliberately contrived tests. How frustrating. Peter Gutman, who's a well-known cryptographer in New Zealand, just wrote a beautiful piece thanks to one of our listeners who sent me the link, so we're going to spend some time taking that apart. We're also, thanks to another listener, going to look at Notepad++, which is a favorite Windows Notepad replacement utility for many of us. I'm converted, and I'm converted and I I converted thanks to our listeners who said I made some comment about notepad and they said aren't you using notepad plus plus?

and everybody else piled on the notepad.

0:02:36 - Leo Laporte
Plus plus people are absolute.

0:02:38 - Steve Gibson
You know finesse and I've complained about it many times because the author, don Ho, just can't leave it alone. It's like it's done, don, just stop with you know, because, as we know, every time it updates, there's an opportunity that it might be. There might be. You might be introducing more problems than solutions. Anyway, there's a new problem with it that we're going to go into. We've also got a screenshot of Babaverse, book six laying on Dennis Taylor's lap. We've got a little news on crypto ATM machines, some signal versus WhatsApp encryption questions resolved. Also, we just talked about browser fingerprinting. Another listener reminded me essentially because I knew of this before the EFF's latest effort, which obsoletes Panopticlick, which was their previous thing we talked about, which they haven't touched since 2017. They haven't touched since 2017. We're going to be able to take a deep dive into exactly what those metrics are and how valuable they are on a granular level. And then, oh, are we going to have fun with Peggy and Victor, who?

0:03:59 - Leo Laporte
are they?

0:04:00 - Steve Gibson
Peggy and Victor. Peggy is the prover, victor is the verifier.

0:04:05 - Leo Laporte
Oh, this is like Bob and Carol and Ted. Yes, and.

0:04:10 - Steve Gibson
Alice, eve, actually the eavesdropper those are the standard characters used when talking about zero-knowledge proofs. Zero-knowledge proofs is a surprisingly recent emergent technology because it turns out it's quite tricky. The goal is to, and the reason we're talking about this is that Google just released to the open source community on GitHub their code for zero knowledgeproof age verification, the idea being you want to verify someone's age is 18 while revealing absolutely nothing about them other than proving the assertion that they're 18. So it turns out there's a whole field of math which is very tricky, which surrounds the idea of proving an assertion while revealing nothing. I know it's counterintuitive, but I've got some examples using Peggy and Victor and a cast of additional characters. We've got a couple of competitors who've been buying something from a, a common supplier.

0:05:26 - Leo Laporte
We're not going in a chinese room or anything, are we? This sounds a little bit like uh, all right, will there be math?

0:05:35 - Steve Gibson
there will be math, there will be magic caves, there will be boxes locked in rooms and, uh, the question of what happened to wally, wow so I think we're going to have a little fun. This is going to be a is it would you say, a propeller head episode no, this is one actually where I think many of our listeners will get their kids in for the discussion of zero knowledge proof. Oh, how fun all right, stay.

0:06:04 - Leo Laporte
And of course a picture of the week, which I have yet to glance at, so I will be amazed and surprised.

0:06:09 - Steve Gibson
The mailing went out and I already have the answer to the question what the heck is going on here. Oh yeah, we all do this. This is what happens in our neck of the woods. It's like okay.

0:06:22 - Leo Laporte
All I see is the caption what's that about the weakest link? But we will take a look at the picture together in just a moment. But first a word from our sponsor for this segment of Security. Now the great folks at Bitwarden. Oh, I love Bitwarden, the trusted leader in password, pass key and secrets management. Bitwarden is consistently ranked number one in user satisfaction by G2 and software reviews, with more than 10 million users across 180 countries and over 50,000 businesses yeah, businesses.

Now, if you're planning travel, as I am, bitwarden Password Manager can make your travels safer and easier. In fact, I've already done this. Add your passport number to your vault for easy access for tax-free shopping. Actually, I even keep an image of my passport in my Bitwarden vault, partly because I know it's completely safe in there. I do it with my social security number, all my secrets. It's completely safe in there. But it's great to have because if I lose my passport as I'm overseas, I have an image of the passport readily available on my phone or my computer. That's the other nice thing about it, because my passport is on every machine that Bitwarden's on and Bitwarden's everywhere.

You can use Bitwarden if your partner uses Bitwarden to secretly share your hotel or locker code with your travel partner. Secretly share your hotel or locker code with your travel partner. That's a good idea when using an airport or hotel Wi-Fi take. This is actually just a generic tip. Not just Bitwarden users, but everybody should take proactive steps to help secure your data and protect it against cyber threats. Of course, if you are using Bitwarden, all your stuff is in that encrypted vault no one can get into. Another little tip only connect to the official airport hotel Wi-Fi network. Yes, that seems a good tip. Do, if you're using Bitwarden, enable autofill for credentials. Why? Because Bitwarden will not fill your credentials into a site that is an imposter site. Bitwarden knows better, so it actually protects you from being fooled by sites that are pretending to be other sites. You also want to make sure you protect your device from automatically reconnecting the public Wi-Fi If you leave that airport or hotel. Forget the network in your device's settings after use. Bad guys often impersonate these open Wi-Fi access points, pretending that they're the airport or the hotel and they're not. Also, of course you know this avoid downloading files, clicking unfamiliar links or accessing sensitive personal or work accounts while connected to a public Wi-Fi.

Students nowadays are spending the majority of their time online, not just for learning, but for socializing, gaming, doing other activities. With all this comes many accounts, passwords, and even if your student knows the security risks, let's face it, convenience almost always takes precedence. That's why you want to get them a password manager. Your whole family should have Bitwarden. It generates unique, strong passwords, unique, used once on any site. Students can use and access them from any device their phone, their laptop, their desktop, anywhere they go. And they can get started for free, because bitwarden is open source free forever for individuals. Oh and, by the way, just a little incentive, maybe you pass this along to your student. Cyber security skills are in high demand these days. Potential employers will appreciate employees, even an entry-level job, if that employee has a solid understanding of password management. So make sure your student tells the interviewer yeah, I use Bitwarden. I feel pretty secure about that. They'll be impressed, I guarantee you. Bitwarden setup only takes a few minutes.

If you're using it in business, you'll be thrilled to know it imports from most password management solutions so it's easy to move and and this is super important to me I know it's important to Steve it should be important to everyone when you're using crypto, you want open source. Bitwarden's open source GPL licensed. It can be inspected by anyone and they, of course, regularly have audits from third-party experts and publish the results of those audits so you can use Bitwarden with confidence. Bitwarden meets SOC 2, type 2, gdpr, hipaa, ccpa standards. It's ISO 27001-2002 certified, so it's absolutely secure. I trust them with well, my life, everything's in there. And, by the way, one more thing I just recently did this Bitboarden has a form on their website, kind of an in-case of emergency form you could fill out and put somewhere safe.

Put it in your safe, give it to your spouse for safekeeping with your passwords, your two-factor, all the information they would need to know if something should happen to you. Don't tell anybody. I have it under my desk blotter on my desk. Lisa, it's under my desk blotter on my desk because I don't want to leave her high and dry. That's the beauty of having a good password manager. In fact, this is another thing Bitwarden does. She is my trusted successor, so you can actually establish somebody that would get the passwords if you pass on. Very important. Get started today with Bitwarden's free trial of a Teams or Enterprise plan, or get started for free across all devices as an individual user at bitwardencom slash twit. That's bitwardencom slash twit. Wow, that was a tip laden commercial.

0:11:45 - Steve Gibson
I apologize and leo do not pass on, because we're not. We're not ready to be done, I'm not planning to.

0:11:53 - Leo Laporte
But okay, that's the problem, you know you step off the wrong curve and suddenly, boom, you are history now you know it's not history, our picture of the. What's that about the weakest link?

0:12:05 - Steve Gibson
Yeah, so the caption I gave this was, you know, posing the question what's that about the weakest link? Because we've, of course, heard that phrase a lot, so that's what this picture put me in mind of. It's like okay, so what we have here is one of our favorite fence pictures, or gate on a fence.

0:12:30 - Leo Laporte
I understand why there's two locks.

0:12:32 - Steve Gibson
Oh, it's covered with locks. We've got three padlocks.

0:12:34 - Leo Laporte
Oh, there's three.

0:12:35 - Steve Gibson
Yeah, yeah, and the back ones do absolutely nothing. I mean they're like okay, and then one in the middle of the chain is hooked to a carabiner. Oh, that's not very secure. Everybody knows it's designed to be something you can open. You just push the little side in and then slip the padlock out and the gate opens.

0:13:00 - Leo Laporte
So this is not a locked gate, despite the three padlocks.

0:13:04 - Steve Gibson
Correct, it is a closed gate and I guess all of this contraption prevents the wind from blowing it open. But that's about the limit of the security that's available here Now. So I pose this to our listeners. I sent out, the mailing went out to we're just shy at this point of 18,000 weekly subscribers to the Security Now email list, and so many of them responded saying oh yep, this is common in these parts around these parts. The idea is that you may want the UPS driver to be able to roll up your driveway, but you don't want goats to get out.

0:13:46 - Leo Laporte
Yeah, cows don't know how to use carabiners.

0:13:48 - Steve Gibson
They're not. Well, there's no opposable thumb there. Leo, you really need the opposable thumbs, that's right. And if you were exiting your property so that UPS and Amazon and so, and you know, grubhub and so forth would no longer be invited, then you, then you deploy these additional padlocks.

0:14:14 - Leo Laporte
They're there for your later use, exactly there.

0:14:17 - Steve Gibson
And you can put them in series, you can put them in parallel, you can.

0:14:20 - Leo Laporte
Just, you know, you know, because the neighbors might have keys to one of them.

0:14:24 - Steve Gibson
Or this may be a shared property and so you don't want to share keys, but you want to then put your locks in series so that anybody who opens. Anyway, it's an interesting contraption that's been built here. It turns out not at all foreign to many of our listeners.

0:14:42 - Leo Laporte
We have many cattlemen we pull from a large variety yes, of security enthusiasts, okay.

0:14:50 - Steve Gibson
So, oh my god, um, uh, one of our listeners sent a link to a paper that was co-authored by peter gutman and I'm not sure that our listener knew, based on the comment that accompanied the email, what to make of this paper, since I could understand that Its title is it's literal title and this is a formally published, highly referenced, meaning lots of references, three pages of references at the end. Paper serious titled Replication of Quantum Factorization Records with an 8-Bit Home Computer, an Abacus and a Dog. That's the title of the paper. So you know, I'm sure that that title alone would have hooked me with a huh if Peter's name wasn't immediately familiar to me. Wikipedia opens its lengthy description of Peter's history by writing Peter Klaus Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland in Auckland, new Zealand.

He has a PhD in computer science from the University of Auckland. His PhD thesis and a book based on the thesis were about a cryptographic security architecture. He's interested in computer security issues. Yeah, no kidding, including security architecture, security usability, and it says parens, or more usually, the lack thereof as in lack of usability, and it says parens, or more usually, the lack thereof as in lack of usability and hardware security. He has discovered several flaws in publicly released crypto systems and protocols. He's the developer of the CryptLib open source software security library and contributed to PGP version two. So you know, he he's like a you know serious cryptographer. He knows his way around computer security and cryptography, and I felt compelled to venture into anything that he might write on the subject of replicating various quantum computer factorization records, as it you know, having broken a record for quantum computer based factoring. So in this case he's breaking the records with an 8-bit home computer which turned out to be a 6502 based Commodore VIC 20, you know, not even a pet, uh, an abacus and his dog named scribble. So before I go any further, I want to uh make sure that I do not forget to leave a link to his work in the show notes. So it's there now, uh, for anyone who wants more details. I'm going to skip a big chunk in the middle, because all of the fun is at the front and a little bit at the end, but it's all there for anybody who wants more. Now.

I hardly consider myself to be any kind of expert in the field of quantum computing. I certainly am not, and I have felt somewhat self-conscious through the years as, leo, you and I have continually poked fun at what appear to be the extremely meager quantum computing number factoring accomplishments that seem to nonetheless be celebrated by the popular press as if it's like oh, watch out, we just factored the number 21. Oh, so cryptography as we know it is over. It's like, okay. Well, it's not clear to me that what we see is scalability or much in the way of evidence that we're in trouble. Cryogenic temperatures is able to factor the six-bit number 35 into its two products, five and seven to me has never clearly suggested that more bits will be forthcoming, nor when. Okay. So I felt somewhat heartened to learn at least that my intuition here and my understanding of physics where it matters may be intact.

Peter and his co-author of this paper in this recently released March 2025 piece are quite clearly similarly unimpressed, but it even goes further than them being unimpressed. Their paper's abstract is very short and to the point. It simply reads this paper presents implementations that match and, where possible, exceed current quantum factorization records using a VIC-20 8-bit home computer from 1981, an abacus and a dog. We hope that this work will inspire future efforts to match any further quantum factorization records, should they arise. Now Peter's having some fun with this, although his sincere intent appears to be to roundly debunk these accomplishments I have in quotes that have been achieved so far, which appears throughout the paper, and that's with an R-I-S-E, as opposed to. You know, in the US we would say factorize R-I-Z-E, and even that I've never liked that phrase. Factorize, that seem, I mean, I get it, you're making a verb, but isn't factor. You can factor something, you factor an integer into its components. Anyway, factorize is how he wants to say it F-A-C-T-O-R-I-S-E here in place of the US variance, factorized with a Z or factor in order to avoid the 40% tariff on the US term. So anyway, it occurred to me that he might qualify for a quantity discount in his use of the term, since it's used in nearly every sentence of this paper. So I need to share this with everyone because it's actually important what he has to say here, even though he's I mean, basically he is just so disgusted with what he sees as what's going on that he decided to take this tact of his paper.

We all know that quantum computing presents what has been described as a clear and present danger to the world's current quantum naive cryptography and specifically to the threat that this prime factorization problem, upon which much of today's security technology still critically depends, might be put at risk, might be at risk of being solved by sufficiently powerful quantum computers. Peter and his co-author are here to disabuse us of any such concern, so they write. In 1994, mathematician Peter Shor S-H-O-R proposed his quantum factorization algorithm, now known as Shor's algorithm. In 2001, a group at IBM used it to factorize the number 15. Eleven years later, this was extended to factorize the number 21. And another seven years later, a factorization of 35 was attempted, but failed. Okay, yeah, we're pushing it, leo. That's six bits. We can't get to six bits. Wow, five, we were able to do 21,. The number 21 fits in five bits, but 35 requires six bits. We couldn't get five and seven out of 35.

He says since, no new records have been set, although a number of announcements of such feats have cropped up from time to time, alongside the more publicly visible announcements of quantum supremacy every few months. He says these announcements are accompanied by ongoing debates over whether a factorization actually took place and, if so, what it was that was factorized, with the issue covered in more detail in this paper's section three. Now I should note that I've removed from this text all of the reference, in square brackets, a number which refers to the ongoing debates over whether a factorization actually took place there. He will have a reference to another piece of research which is seriously questioning the announcement. So this paper is heavily referenced to back up everything that Peter is saying. Thing that Peter is saying, he says of particular note was the claim in 2024, so just last year by researchers to have factorized an RSA 2048 number. And he says that's the D-Wave paper. And remember that we talked about that last year when it happened. D-wave was supposed to have made some big, great, huge breakthrough. It was like oh no. He says in this paper, the one he's writing today, we focus on the factorizations of 15, 21, and 35, as well as the claimed RSA 2048 factorization. He explains.

And 1950s, often little more than glorified electric adding machines were nevertheless described as electronic brains. More recently, large language models have been touted as artificial intelligence and complex physics experiments have been touted as quantum computers have been touted as quantum computers In order to avoid any confusion with actual computers like the VIC-20, with which they have nothing in common. We refer to them here, meaning quantum computers as physics experiments. Similarly, we refer to an abacus as an abacus rather than as a digital computer, despite the fact that it relies on digital manipulation to affect its computations. And finally, we refer to a dog as a dog, because even the most strenuous mental gymnastics can't really make it sound like it's a computer.

0:27:08 - Leo Laporte
Okay, now they're just being sarcastic, he is.

0:27:12 - Steve Gibson
But he believe me, wait till you see where this goes, leo. I mean, he just drives a stake through the heart of quantum computing by the time we're done. He says. When stage magicians perform sleight of hand tricks traditionally card tricks they use specially constructed decks, called force decks, with which they shown to the participant or the audience appears to contain a standard mix of cards, but which only contains a single repeated and therefore entirely predictable card is performed using slight-of-hand numbers that have been selected to make them very easy to factorize. Using a physics experiment and, by extension, a VIC-20, an abacus or a dog, a standard technique is to ensure that the factors differ by only a few bits, meaning least significant bits that can then be found using a simple search-based approach that has nothing to do with factorization. For example, the length, the RSA 2048 number and in his paper he enumerates it full out he, like every single digit is there. It takes about one and a half lines of decimal, with every three digits separated by a comma is the product, he says, of two factors, which he then also lists out, that differ by only one or two least significant bits. And indeed that's what we see. We see two large numbers, each half the length of the 2048-bit number and they are only a few decimal digits different from each other. He says this makes it possible. And think about this, leo, you'll get this instantly.

To perform this factorization he has in air quotes through a simple integer square root calculation, because of course that's going to bring you to a spot in between the two. Then you just search in both directions until you find the two right, he says note that such a value would never be encountered in the real world, since the RSA key generation process typically requires that. And then he has a little bit of math here. The absolute value of P minus Q is greater than 100 or more bits in difference, meaning you would never have the case where the two prime factors differ by a small integer, with their square root dead in between the two of them. Yet that's what was done, and everyone jumped around and celebrated, he says, as one analysis puts it. Quote instead of waiting for the hardware to improve by yet further orders of magnitude, researchers began inventing better and better tricks for factoring numbers by exploiting their hidden structure.

0:31:03 - Leo Laporte
Hidden structure. You mean they're right next to each other.

0:31:15 - Steve Gibson
Yeah, my God, they're almost identical. He says a second technique used in quantum factorization is to use pre-processing on a computer to transform the value being factorized into an entirely different form or even a different problem to solve, which is then amenable to being solved via a physics experiment. For example, the 2019 quantum factorization of 1,099,551,473, 989. So that would be a million billion. So it's 1 trillion 99 billion 551 million 473,989. He says, relied the 2019, like much ballyhooed, amazing breakthrough relied on processing with a computer to transform the problem into one that was solvable with a three qubit circuit, which otherwise I mean this would have required a huge number of qubits which don't work. We don't have that today, so we're going to transform this into something and do some sleight of hand, so we only need three qubits and say that we actually accomplish something. He said other quantum factorizations also rely on computers to reduce the problem to a form in which it can be solved in quotes, through a physics experiment. Even the factorizations of 15 and 21 use the so-called compiled form of Shor's algorithm, which uses prior knowledge of the answer to merely verify the known in advance factors, rather than performing any actual factorization. This is basically fraud. It is fraud, yes, and this is why he's so fed up with this and just decided okay, I gotta just call a dog a dog. He in the case of 15 and 21,. And thus, in the case of 15 and 21,. This reduced the number of qubits required from 8 and 10 to 2 in the compiled form, the paper that discusses this result comments that, quote it is not legitimate for a compiler to know the answer to the problem being solved. To even call such a procedure compilation is an abuse of language. Unquote. So you know, other observers have been saying this, but it hasn't all been pulled together and given the attention until Peters finally said okay, let's just really put this to rest, they write.

The paper then presents the factorization of a 768-bit, 20,000-bit number, both of which can also be factorized using two qubits. In the compiled form, our technique can factor all products of P and Q, such that P and Q are unequal primes greater than 2, runs in constant time and requires only two coherent qubits, meaning they've just demonstrated the cheat. Still, other quantum factorizations go even further. They write. For example, one claimed factorization involved working backwards from the known answer to design a physics experiment that produced the known and advanced solution. There's no equivalent computation for such sleight-of-hand operation, so we have no means to show an equivalent using a VIC-20 or an abacus. The trick in all of these cases is to figure out how to construct a value such that it can then be transformed into a vastly simpler form in which it can be factorized via a physics experiment.

0:35:52 - Leo Laporte
I love it that he keeps calling these physics experiments. Basically, he's saying they're just designing this in such a way that simple physics can solve it. It's not a quantum computer, it's just a physics experiment.

0:36:04 - Steve Gibson
It's not doing any actual computation. Amazing, he said. These types of factorizations have also been referred to as stunt factorizations, of 143 into 11 and 13 consisted of finding a value with the special properties required that allowed it to be factorized by a physics experiment. This feat was then extended in 2014 to the value 56,153, which is also special, as we'll see in 2018, to 4,088,459, another special value, and later that year to the impressive looking. And then I've got the number here. You know it's long, it's a long, long, long, long number.

0:37:04 - Leo Laporte
I'll show people if they're there, it is there.

0:37:06 - Steve Gibson
They're in the middle Three, eight, three, one, two, three, eight, eight, five, two, one, six, four, two, seven, two, one, four, five, eight, nine, blah, blah, blah, blah, blah far too many to catalog here with the practice typically being to manufacture a small value that's easily factorized via a physics experiment, and then later figuring out how to stretch the value to add more and more digits, while still allowing it to be factorized by the same physics experiment.

0:37:46 - Leo Laporte
I know Leo it's all fraud, it's backwards, the whole thing's backwards. We know the answer. Now let's see if we can design a problem that will give you the same answer.

0:37:56 - Steve Gibson
Exactly. He says, for example, the compiled Shor's algorithm can factorize any composite number P times Q, on a very small physics experiment, a factorization mechanism that has been given the tongue-in-cheek name Schmolin-Smith-Vargo algorithm After the authors of the paper that pointed out the technique. In other words, you're not actually doing anything, so that's the Smolin-Smith-Vargo algorithm, he says. It should be noted here that all of these sleight of hand and stunt values are trivially factorized by Fermat's method on a raspberry pi or similar. In other words, you don't need no stinking quantum computer or even sub-zero temperatures and cool liquid nitrogen or anything, just a raspberry pie, he says.

Similar to stage magic, the exercise when responding to a new quantum factorization announcement is not only to marvel at the trick, but to try and figure out where the sleight of hand occurred. One simple technique to catch the use of sleight of hand numbers is to view them in binary form. If they consist almost entirely of zero bits, as did the 2019 factorization of and this is the number I mentioned before 1,099,551,473,989, which begins with one zero, zero, zero, zero, zero, zero, zero, zero, zero, zero, zero a gazillion zeros. When expressed in binary, then it's a sleight of hand number.

0:39:51 - Leo Laporte
It looks sophisticated in decimal, In binary it's trivial.

0:39:55 - Steve Gibson
It's ridiculous Exactly. He says similarly numbers with repeating bit patterns 1, 0, 1, 0, 1, 0, 1, 0, or are similar sleight-of-hand numbers. Section 7 presents a technique for selecting non-sleight-of-hand numbers for future quantum factorization work and that's a section I told you I wasn't going to dig into because everyone will get the idea here very shortly I'm almost finished with this where he actually says OK, if you're going to impress anybody in the future, here's how you got to choose your numbers. Or whether it has been first transformed on a computer into an entirely different form. That's solvable with a physics experiment. A standard trick here is to transform the factorization into a combinatorial minimization problem which is readily solved using Grover's algorithm completely impractical for factorization but perfectly suitable for publication credit, meaning we need to publish something because we're spending a lot of money on all this liquid nitrogen which is not getting us anywhere.

He said many other sleight of hand tricks exist for creating apparent quantum factorizations. One example is what we're calling the callous normal form for slight of hand quantum factorization, or just callous normal form for short, after a cryptographer, john Callas, who first described it. In the callous normal form the factors are integers P equals 2 times n minus 1 and Q equals 2 times m plus 1, where n is less than N is P times Q. Then that then starts with N one bits, followed by M minus N zero bits, and ends in another N bits. Anyway, so a point is it's, it's contrived. He says, needless to say, this is easily detected, right, because you've got all of these. You've got all of these one bits than a big block of zero bits, than an exactly identical size block of of of one bits.

Again, he says, needless to say, this is easily detected, even on a 6502, and easily factorized. And he says, and he says, he says, friends, no real world NSA toolkit would ever generate such primes. He says, for example, a recent preprint, meaning getting ready to come out in the literature, uses this form to claim in its title, success in factorizing 4096-bit integers with Shor's algorithm. Quote under certain conditions, where the conditions for the 12 examples used turn out to be equivalent to all of them, to the callous normal form. So the entire paper was a cheat, with 12 examples of supposedly 4096 bit factorization which, if true, would destroy current uh, you know, rsa style public key crypto. Notice that it hasn't been destroyed. In other words, everyone is cheating and cheating badly, and and it's no wonder that Peter finally got fed up with this and decided to author this takedown. No quantum computer that's known or has been published about has ever done anything actually useful, not even to factor the six-bit number 35.

0:44:24 - Leo Laporte
This is amazing. How did we get fooled by this? It's just unbelievable people, not really, you know taking everyone down yeah, it's math, it's complicated, it's gonna take somebody like peter to figure this all out.

0:44:38 - Steve Gibson
I mean, and the press looks at the title and goes, oh my god, they did it, I did that 40 six bit numbers have been factored.

0:44:46 - Leo Laporte
Yeah, I've been reporting it as if they're real. I mean, they pulled the wool over our eyes.

0:44:51 - Steve Gibson
Right. He finishes writing so far as we've been able to determine this is, you know, the PhD in crypto and security, the author of the Crypt Lib, the open source library. He says so far as we've been able to determine, no quantum factorization has ever factorized a value that wasn't either a carefully constructed, sleight of hand number, or for which most of the work wasn't done beforehand with a computer in order to transform the problem into a different one that could then be readily solved by a physics experiment.

I'm pissed, I've been fooled. Yes, we should all be. We attempt to address this deficiency by providing criteria for evaluating quantum factorization attempts in Section 7. The pervasive use of sleight-of-hand numbers and techniques and stunt factorizations throughout the field of quantum factorization makes it difficult to select targets for our factorization replication attempts, since it's possible, with a bit of thought, to construct arbitrary, impressive-looking values for factorization, an example being the 20,000-bit artificial value that was factorized with a two-qubit physics experiment. We have to select targets that are at least within shouting distance of an actual application of something like Shor's algorithm for quantum factorization. The three instances of this that we have been able to identify in the literature, even though they also use sleight of hand by using the compiled form of Shor's algorithm mentioned earlier, are the 2001 factorization of 15, the 2012 factorization of 21, and the attempted 2019 factorization of 35. They couldn't even do that, meaning yes, that's where we are today in reality. What a relief.

0:47:11 - Leo Laporte
Yes, by the way, you know, we've interviewed this guy. Yes, back in episodes like 79 or something. 74. Way in the beginning yes, he did a paper on Windows Vista, vista content protection, which he said was the is the longest suicide known history. Uh, so this guy's been writing this kind of uh debunking blog posts for a long time and he's cool, he's really cool. I can't believe we've interviewed him.

0:47:42 - Steve Gibson
Oh and leo bring up a picture of him. Go go, just google his name. Yeah, he's, he's like he's. He looks like you know linus's best friend.

0:47:53 - Leo Laporte
He's a kiwi yeah, yep, he says chicken game. Don't look at this chicken on his t-shirt. I don't know, I don't know what that's all about. Oh, and then it says on the picture of the chicken on his t-shirt I don't know, I don't know what that's all about. Oh, and then it says on the picture of the chicken on his T-shirt game over. That is the nerdiest T-shirt I have ever seen. How funny.

0:48:20 - Steve Gibson
Oh my, the paper how a Commodore VIC-20 from 1981 can match any feat that any quantum computer has performed so far. They use an abacus to do the same thing and when they get to their chosen dog Scribble, they write as has been previously pointed out, the 2001 and 2012 quantum factorization records may be easily matched. Now, okay, 2021 was the factorization of 15, right, so we factor 15 into three and five. 2020, uh, uh, 2021 was the I'm sorry, 2012 was the factory factorization of 21, which we factor into, which we factor into three and seven. So both of those, you'll note, have a common prime factor of three. Okay, so he says, as has been previously pointed out, the 2001 and 2012 quantum factorization records may be easily matched by a dog trained to bark three times.

And here ladies and gentlemen, I give you the dog scribble.

We verified this by taking a recently calibrated reference dog, scribble, depicted here, and having him bark three times, thus simultaneously factorizing both 15 and 21. 15 and 21. This process, he writes, was not as simple as it first appeared, because Scribble is very well behaved and almost never barks. Having him perform the quantum factorization required, having his own his owner required, having his owner play with him with a ball in order to encourage him to bark, it was a special performance just for this publication, because he understands the importance of evidence-based science. Oh my goodness. Bark five times, factorizing the number 35, and thereby exceeding the capabilities of the quantum factorization physics experiments mentioned earlier. Snarky.

He says, unfortunately, that this process fails for the RSH 2048 values, since the size of the factors exceeds even the most enthusiastic dog's barking ability. However, there is another process that allows us to factorize even these huge numbers with a dog. Recall from section 4 that the prime factors Q and P were either 2 or 6 apart. This led to an analysis where it was discovered that P equals X minus D and Q equals X plus D, where X is the integer in the middle between P and Q, and D is either one or three. It can thus be argued that D is the real secret. Is it one, is it three? So teaching a dog to bark three times already gives us all the actual factorizations with Shor's algorithm plus 50% of the moduli in the D-Wave paper. In the same way that factorizing 143 also factorizes 56,153, 4,088,459, and that other really hideously long number, the number referred to earlier, which is very, very big.

0:52:22 - Leo Laporte
Yep, it's the same. What a trick very big, yep, it's the same, what a trick.

0:52:25 - Steve Gibson
So, having set up the situation quite well, the paper then gets down to its serious purpose of establishing some guidelines and standards for choosing the numbers that would be factored by wannabe quantum computing experiments. And this was really the entire point of the paper, though without the lead-up preamble, the serious need for the guidelines might not be fully appreciated, and they finished by writing. In this paper we showed how to replicate current quantum factorization records using first a VIC-20 8-bit home computer from 1981, then an abacus and finally a dog. In terms of comparative demonstrated factorization power, we rank a VIC-20 above an abacus, an abacus above a dog and a dog above a quantum factorization physics experiment. Finally, we provide standard evaluation criteria for future claimed quantum factorizations. A deep, slow breath and not worry that the factorizing problem is going to be solved anytime soon. It's all just been a scam, and by the way.

0:53:57 - Leo Laporte
Okay, I understand Chinese researchers, probably it's a scam. But IBM, google, I mean, is it because they're trying to get funding?

0:54:10 - Steve Gibson
I think they're probably trying to say oh, we're getting closer, we're making progress. You know, it could happen any day it's not close to mirrors yes, that's why you and I've been laughing about it like for the last 10 years, when we say, oh, they factored 15. Well, turns out they didn't actually even do that they didn't even do that.

0:54:33 - Leo Laporte
They rank lower than a dog. Wow, um, I'm just kind of blown away. And this guy's credible credible I mean, I think he is.

0:54:44 - Steve Gibson
I think he's very credible. He's the real deal. Yes, he's a cryptographer. Yeah, and I mean I spent enough time on this. We've got other stuff to talk about today, but that's section seven. The link is in the show notes. He goes through a detailed explanation of if you actually want to publish a paper, factor a number that meets the following criteria and he lays it out, a spangali number exactly.

It's not all. It's not one, followed by all zeros or some ridiculous pattern which you know, they're only three apart, and so exactly the square root. And you know, and that gets you there that gets you close, and then you just go in each direction ah, this is depressing.

0:55:27 - Leo Laporte
That that I just confirmation that we live in a very bad timeline where people are just corrupt. They're just corrupt. All right, you want to take a break before we go on? That was, that was a lot. I still am absorbing all that. Wow, wow, I'm miffed. Yep, well, I've been. I've written, you know, kind of uncritically, repeating those headlines um, not anymore why wouldn't everybody?

you know. Well, yeah, I mean, I don't know any better. Wow, all right, this episode of Security Now brought to you by Delete Me, they're doing, I think, good work in kind of decrapifying the internet in specifically one specific way. If you've ever wondered how much of your personal data is out there on the internet, well, don't, don't search for it, but just understand. It is more than you think. Your name, your contact info steve and I found our social security numbers, home addresses, everything, even information about your family members, and this is the sad fact of it. It's it's completely legal. It's being compiled by businesses. They're called data brokers, businesses who compile this data and then sell it online to the highest bidder.

Anyone on the web can buy your private details and it can lead to horrendous impacts identity theft, phishing attempts, dox harassment but now you can protect your privacy with delete me. Look, I live in public, I share my opinions online, I know what the risks are and we have been harassed mercilessly. It's important to think about safety and security, even more important with the management in your company, because you don't want your company to get phished using easily retrievable information about your management. That's what happened to us. Our employees are smart enough. They didn't get fooled, but they could have been. And when I saw these phishing attempts that had all the information, I thought how did they do this? And then I realized data brokers. It's easier than it has ever been to find anything you want to know about somebody online. That's why we use, as a company, delete me and I recommend it to delete me.

It's a subscription service that removes all your personal info from hundreds of data brokers. You sign up, you give delete me the info you. You know it's not blanket. You tell them delete this, but not that. Tell them what you want deleted. That's good. You have complete control. Then their experts take it from there. We just got a Delete Me report the other day. They send you regular personalized privacy reports showing what info they found, where they found it and what they removed. And it's important this is not a one-time service, because Delete Me is always working for you, because these data brokers, they're like cockroaches they spring up, change their names and start all over again, and there's new ones literally every single day. That's why you need Deleteme, constantly monitoring and removing the personal information you don't want on the Internet. To put it simply, deleteme does all the hard work of wiping you and your family and your business's personal information from data broker websites. Take control of your data. Keep your private life private.

By signing up for Deleteme, we've got a special discount for our listeners today. Get 20% off your Deleteme plan when you go to joindeletemecom. Slash twit and use the promo code twit at checkout. The only way to get 20% off go to joindeletemecom and use the code TWIT at checkout. That's joindeletemecom. Thank you, delete Me for doing the most important work, so important. All right back we go. I think a little listener feedback is in the in order here we got benjamin lin lin, lin, lin lin lin yeah, he knows his name, you don't have to say yeah ben you know, thank you ben linder.

0:59:40 - Steve Gibson
Yeah, so he wrote hi, steve, longtime listener and club twit member. Yay, thank you, benjamin. Thank you, yours is the only podcast I listen to with my full attention and I will pause if I can't pay attention at the moment. The only podcast I make sure to hear and understand everything. I'll often re-listen several times to things I didn't fully understand.

In short, high praise. He said I came across something this week that I thought didn't seem right, but I'm not sure. I'm, however, sure that the above is true of many people. Thank you. He said Notepad++ updated again to 8.8.3. And he said friends, we know how you love those frequent updates. Yeah, friends, we know how you love those frequent updates.

Yeah, he said in the information about the update, the developer says that this version ships self-signed with a CA certificate and give instructions for installing it as a root CA in users' machines. He explains that he's been having difficulties getting a code signing cert so the unsigned binaries triggered AV false positives. Oh boy, don't I know about that. He said this seems to me much too dangerous. Oh, and there is a link to that posting at the notepad++org site. He said this seems to me much too dangerous. I myself am not having the problem described, but I was just struck by the danger of such a thing. Even if Notepad++ is okay, the developer has no intention. With a very powerful cert Seems to me like a terrible suggestion. It's just too powerful and thus dangerous. There's also the bad habit forming of installing certs willy-nilly to solve problems. I can see a developer being frustrated in coming to this solution, but it's irresponsible to put this out to the general public. Am I understanding this correctly? Also a Spinrite owner V7? When? Owner V7, when? Okay. So I was apprised of this issue with Notepad++ first some time ago by another of our listeners who wrote to ask whether I had any ideas for solving this problem for our Notepad++ author.

Before I go any further, let's see what Notepad++'s author wrote. He announced this Notepad++ version 8.8.3 release under the title Notepad++ version 8.8.3 release self-signed certificate. He wrote there were and still are this is Don Ho writing. There were and still are many false positives reported in the previous version 8.8.2 by the antivirus software due to the absence of Windows code signing certificate. Due to the absence of Windows Code Signing Certificate. To prevent this issue from recurring in future releases from this version on, notepad++ release is signed with a certificate issued by a self-signed certificate authority. The root certificate is published on the Notepad++ website, github repository and Notepad++ user manual allowing antivirus vendors, it teams and users to verify the authenticity of each release.

Then he says how to install the root certificate. Double-click the certificate. It may tell you it's invalid. Ignore that and click install certificate. The certificate import wizard select local machine. Then click next. If prompted by uac, depending upon admin privileges, click yes. Choose place all certificates in the following store. Then browse and select trusted root certification authorities. Click next. On the final page of the wizard, click finish to complete the installation. He says for detailed instructions, see notepad plus plus user manual. I know, and he finishes, we're still trying to obtain a certificate issued by conventional certificate authorities for a better user experience. But let's be honest, he writes it's probably not happening. Notepad++ isn't a business. It's certainly not an enterprise and apparently that makes a popular open source project invisible to their gatekeeping standards.

1:04:46 - Leo Laporte
Well, that's reasonable if they won't give him a certificate.

1:04:49 - Steve Gibson
It is. I mean, this is a problem, he says, if the gatekeepers won't issue a certificate under the name we deserve. So be it. At least it spares us from wasting time and energy on a frustrating process that demands we beg for a new certificate every three years. The Notepad++ root certificate may not carry their approval, but it leads us to freedom. What we have here is another effectively like. What we have here on a broader scale is another effectively intractable problem caused by the ever-escalating war between malware and goodware. Just like this Notepad++ guy, I, as we all know, write goodware and if I fail to sign any of that goodware by GRC, the AV industry, microsoft and Windows Defender all collectively freak out. They sometimes freak out even if I sign my software.

1:06:11 - Leo Laporte
Yeah, I remember that happened, right yeah.

1:06:13 - Steve Gibson
Yeah, with a certificate that has been continually signing only good software for years and has never once been found to sign any malware. That's just where the bar has been set. That bar has been pushed as high as it can go because it's safer for the end user if their protectors say no to goodware than yes to malware. And this has been an ongoing drama. You know that as a software developer, I've been sharing with our audience here. You know, as it's been unfolding For a while, microsoft was giving extra brownie points to any code that was signed with an extra expensive EV code signing certificate, extended validation.

So that's what I was using. I would pay the price, get an extended validation certificate, because it was the best you could get, and EV certs could only be received, stored in and used inside of an HSM, a hardware security module. This effectively raised the bar even higher and much more robustly prevented their theft and abuse, because you could never get the certificate out of an HSV. It only goes in. There's no way to extract it, because you know that's the real danger, right? That bad guys will get their hands on a trusted and trustworthy code signing certificate and use it to sign some of their nasty malware that will then stand a much greater chance of sliding right past AV detections, specifically because it's been signed by a signer whose trust has been earned.

Now, for reasons that remain a mystery, microsoft then later decided to deprecate that special treatment of EV certificates. Maybe it just created too much of a schism in the industry. I don't know what happened. I talked to the guy at DigiCert my contact there, jeremy who's on the CAB forum and participates, and he said nobody knows why Microsoft decided they just announced okay, ev code signing is no longer going to be special. So of course, naturally, that wasn't until after.

1:08:51 - Leo Laporte
I jumped.

1:08:51 - Steve Gibson
I know I had jumped through all those numerous hoops to allow GRC server to individually sign every copy of Spinrite 6.1 on the fly, with a hardware security module, you know, as it's being downloaded by its user. Now that's in place, it's been working surprisingly well. After I finally got it working, I expect that I'll just leave it there, even though I'm not sure, since the maintenance of certificates in HSMs is annoying too, but it's safer to have it in an HSM, so I imagine I will. But in any event, we're now told that the EV-ness of code signing certs is irrelevant, and I'm fine with that, since proving my identity for an EV qualification was bizarre.

Remember what I was required to do I had a one-way video call with me on the camera, holding up my government-issued ID next to my face and then having to move, being instructed to move my left hand around among my face and my driver's license, while the guy from DigiCert was looking at me from wherever he was. I mean, talk about raising the bar, so wow. But whether my code signing certificate is EV or not, what matters most is that the private key that was used to sign the certificate was itself signed by DigiCert's private key and that that private key's matching public key is already present in everyone's Windows PC certificate store. As it is it's. Everybody has DigiCert's key and Microsoft's and a bunch of other people's. Digicert's public signing key is also present in all of the AV testing systems. Right, all of the things that are out there checking certificates have that same set of certificate authority master public keys. Which brings us to the problem that he's being asked to get costs between $250 and $400 per year. This is not a cheap game, and Notepad++ is Windows freeware. Who's going to pay that cost? Grc can afford that, since I've been fortunate enough to develop an amazing following of terrific customers. So all of GRC's freeware gets the benefit of being signed by the same certificate that it's paid for commercial software, which is, as we know, still at this time. Only Spinrite is used for signing. But Don is offering Notepad++ to the world for free and he's understandably irked by the idea of needing to pay for the privilege of not being flagged by the world's over hyperactive AV scanning and being flagged as malicious, which course freaks out. Every Windows user is like what it never used to be malicious. Now it's suddenly malicious what Notepad++ is not and has never been malicious.

But code is code and today's AV takes a better safe than sorry approach. Code that is not signed is automatically looked down upon with extreme suspicion. I mean, it's basically just flagged. Because why not? Why would any reputable code not have a code signing certificate? Sometimes I'll forget to sign a test of mine. I'll forget to sign a test of mine. Drop it on a virus total and it just. It just goes crazy, I and I think. First I think what happened and then I realized, ooh, I forgot to sign it. I sign it. Drop the same code on virus total. I get zero out of 72 detections. Everything is fine, same code. Just the presence of that signature is what makes the difference. But it's because the signature is from DigiCert and that's the key.

What Don is attempting to do is to be his own certificate authority, and it won't work. He created a pair of certificates. He created a pair of certificates, one private and the other public, and the public key certificate is self-signed, it's an anchor, just like DigiCert's public certificate is self-signed. All of the certificates in the root store sign themselves. That's because they're anchors, so we're not relying on them being signed by somebody else who we trust. They are who we trust. So those certificates sign themselves, saying, well, I trust myself and you're going to trust us too, and so then we trust everything they sign. But what Don is doing is he's creating his own trust anchor.

The difference is that none of our PCs, none of the AV tools, contain Don Ho's CA root certificate until and unless we deliberately install it into our machines. So our listener asked. In his note he said even if Notepad++ is okay and the developer has no ill intention with a very powerful cert, it seems to me like a terrible suggestion. It's just too powerful and thus dangerous. There's also the bad habit forming of installing certs willy-nilly to solve problems.

Okay now, at first we might think that the biggest danger is that Don might not be good at keeping his own secrets and that someone might break into his development environment to steal the private certificate he uses to sign his freeware. I don't think that's a big concern because the only place anything signed by that stolen if it were stolen by that certificate would be trusted would be within the microcosm of Don's own Notepad++ users into whose PCs he had somehow convinced to install his proprietary certificate. That's not going to be of much use to someone who wishes to sneak their malware past the world's AV, and I'm not at all convinced that Don's solution will help at all with the world's AV tools. They don't know that they can trust code signed by Don's own certificate. And why would they? We know that Don's a good guy, that he would never deliberately produce malware, but nothing prevents any malware author from doing the same thing Don did creating their own certificate pair and signing their code with an untrusted certificate that has no pedigree.

The fact that some of Don's users may elect to place his certificate into their own machine's CA root store certainly won't sway the opinion of these hyperactive, overactive AV tools, and it's unclear to me that it would sway the opinion of Windows Defender. I don't think Microsoft is going to care. So it does not seem to me that Don creating his own certificate first of all, is a big problem from the standpoint of it representing any great risk of abuse. But it's also not clear to me that it will achieve what Don hopes, since AV tools are not going to be checking against the user's root store. They're going to be looking at their own trusted stores and trusting that. You know Don's site says this will quote allow antivirus vendors, it teams and users to verify the authenticity of each release. Who's going to do that? No AV vendor is going to get Don's certificate just so copies of Notepad++ could be checked. You know sorry, but it's not that big a deal. But I suppose hope springs eternal.

What I do very much worry about is what our listener Benjamin referred to as the bad habit forming of installing certificates to solve problems. With that I really agree wholeheartedly. Just about the last thing I want is for my own machines CA root stores to be filling up with random certificates from the authors of freeware that I wish to use On know. On the one hand, over time that would create a truly unmanageable mess and, as I noted, it's unclear that, on the other hand, that it would accomplish anything anyway, since any malware author is just able to create their own and do what Don did. So there's no way any antivirus system or Microsoft's own defender endpoint protection is going to care. So I'm 100% sympathetic with Don's plight and, as I noted, this is a real mess without any clear solution.

We have a problem in our industry because the only way we have found to give any pedigree to software is to prove authorship, and proving authorship is. I don't see how you do that for free. This is a different problem than let's Encrypt, solved with free domain validation certs. Right. Let's Encrypt is not saying anything about the reputation of the site that you're visiting. They're only saying you're visiting this domain name, so they're just giving you privacy protection and authenticating that you're connecting to the domain name. You think you are, but they're not saying anything about its reputation name. You think you are, but they're not saying anything about its reputation. Code signing certificates are trying to make an assertion about the reputation of the entity that signed the code.

1:19:56 - Leo Laporte
That's where we are, I see.

1:19:59 - Steve Gibson
And so the open source community and the freeware community is in trouble and the freeware community is in trouble.

1:20:08 - Leo Laporte
Yeah, this is really an anti-freeware move on the part of these guys. You know now I understand why it's an issue. This isn't an issue, of course, on Linux, because you don't have a big company like Microsoft scanning this stuff and saying oh, this is suspicious. You do have some AV, but not anything near the same AV industry. On Linux, though, people don't use certificates, they just use hashes, and all that does it doesn't prove the reputation, all it does is say well, this came from modified yeah, it was a modified came from the original source and this person it's like a pgp key.

This person certifies this is him and he made it, but it's up to you to do the reputation part. That works fine, though, by the way. On on linux, on open source operating systems, because you don't have these, this big company saying, well, you don't want to run that, do you?

1:20:56 - Steve Gibson
no, and I mean it's a problem you download something and I mean, and but when my certificate was new, windows Defender was deleting Right, deleting it from people's computer, quarantining it and deleting it. They couldn't get it. It would just it would vaporize the moment it arrived. That's horrible. And so and I'm talking about working with you know sophisticated users who are testing pre-release code.

1:21:25 - Leo Laporte
Yeah.

1:21:26 - Steve Gibson
And the only way I, as a developer, leo, I have to completely turn off Windows Defender from my Assem tree, or the moment I assemble code and create an XE, it's gone. That's hysterical. It's never been seen. Windows Defender just erases it, and so I think that's a little draconian, don't you? It's what all developers have to shut off Defender for their development tree because it just eliminates their Xs. The moment they appear out of the linker they vaporize, it shoots them with a space laser. That's crazy.

1:22:15 - Leo Laporte
It's today's world. Well, it's today's commercial world, I guess I do.

1:22:17 - Steve Gibson
You think we're less safe on linux? Because I mean no, because linux is not a big target. Windows is the target, the target. Windows is what the malware guys want to get into.

1:22:25 - Leo Laporte
Yeah, there's got to be a better way.

1:22:30 - Steve Gibson
This is, this is ridiculous and then and that's why I wanted to point out the difference between certs and and let's encrypt is let's encrypt can give you free certs, because no?

1:22:41 - Leo Laporte
reputation right, it's just saying you are at this so you'll still get flagged by defender and all the other av. Yeah, I wonder if, because defender flags that, the other av guy said, oh, we better flag it too I think they all work independently.

1:22:57 - Steve Gibson
I, you know they're all trying to be better than microsoft and you know, early on there were some arguments that well, when defender wasn't that good but it was free, you know malware bytes, andwarebytes and McAfee, and I mean there's a lot of legacy Apple does not have this problem.

1:23:11 - Leo Laporte
I mean Apple does, for stuff sold in the store, have a notarization process and an authentication process. So if you buy it in the store, it's assumed it's all fine because Apple's protecting you.

1:23:26 - Steve Gibson
But you can download arbitrary stuff and apple say whoa and you can say no and and this is like kind of like the whole side loading problem, right, right, I mean the. The presumption is we're moving toward this store model because microsoft will be doing the vetting and if it comes to the microsoft, it's from a developer who's established a reputation, and so it is a pushback against the world we have had before, where apps you just get them wherever you want to.

1:23:58 - Leo Laporte
I don't like it, but I guess it's a necessary evil for security. Yeah, that's why I use Linux, though.

1:24:10 - Steve Gibson
I don't have any. I don't have any windows machines. Okay, break time, and then we're gonna, we're gonna, uh, go do a little more feedback, but I did have a question I wanted to ask you.

1:24:17 - Leo Laporte
Let's encrypt has announced that they are going to offer certificates for ip addresses. Yeah, the hell does that mean? Uh?

1:24:27 - Steve Gibson
you. You can put an ip address into your browser, you can go, you know, uh, https colon slash, slash, 1.1.1.1 will take you to cloudflare. Yeah, but the certificate name has to have the certificate has to have 1.1.1.1 in the cert, Otherwise you can't get a TLS connection. So the name and the URL has to appear in the certificate.

1:24:57 - Leo Laporte
And there aren't very many URLs that you would use the dotted quad as the.

1:25:01 - Steve Gibson
URL. If you go to CloudFlarecom, look at the cert, you'll see their IP addresses are in the certificate name in the SAN.

1:25:11 - Leo Laporte
Probably true for Quad9 as well. That's interesting, yep. Oh good, thank you. It's not something you or I would do unless we had some magic IP address, right.

1:25:23 - Steve Gibson
Unless it's a really cool address 1.2.3.4. That'd be good, that'd know 1.2.3.4.

1:25:30 - Leo Laporte
It's. That'd be good. That'd be good. Yeah, I'd get a cert for that heartbeat. All right, we got some very good news coming up, but we're gonna save that for one more break here from our sponsor in this segment of security.

Now big id, the next generation ai powered data security and compliance solution. Bigid is the first and actually, I think, the only leading data security and compliance solution to uncover dark data through AI classification, to identify and manage risk, to remediate the way you want to map and monitor access controls and to scale your data security strategy, along with unmatched coverage for cloud and on-prem data sources. Bigid also seamlessly integrates with your existing tech stack and allows you to coordinate security and remediation workflows. You could take action on data risks, to protect against breaches, annotate, delete, quarantine and more based on the data, all while maintaining an audit trail. And it works with everything you use. Partners include ServiceNow, palo Alto Networks, microsoft, google, aws and more. With BigID's advanced AI models, you can reduce risk, accelerate time to insight and gain visibility and control over all your data. No wonder Intuit named it the number one platform for data classification in accuracy, speed and scalability.

Now, if you want to think about an entity that has a lot of dark data, a lot of need to keep an eye on compliance, a huge need to make sure it's only using the right data for generative AI. Maybe you might think of the US Army. The US Army used BigID to illuminate dark data, to accelerate cloud migration, to minimize redundancy and to automate data retention. Bigid is the best for all of that. And listen to the quote we got from US Army Training and Doctrine Command. This is what they said. This is US Army Training and Doctrine Command said quote the first wow moment with BigID came with being able to have that single interface that inventories a variety of data holdings, including structured and unstructured data, across emails, zip files, sharepoint databases and more. To see that mass and to be able to correlate across those is completely novel. I've never seen a capability that brings this together like BigID does. What a quote, what a testimonial. But there's more.

Cnbc recognized Big ID as one of the top 25 startups for the enterprise. They were named to the Inc 5000 and Deloitte 500, not just once, but four years in a row. The publisher of Cyber Defense Magazine says quote Big ID embodies three major features we judges look for to become winners Understanding tomorrow's threats today, providing a cost-effective solution. Big ID embodies three major features we judges look for to become winners Understanding tomorrow's threats today, providing a cost-effective solution. And three, innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach. Start protecting your sensitive data wherever your data lives.

At bigidcom security now get a free demo to see how big id can help your organization reduce data risk and accelerate the adoption of generative ai. Again, that's bigidcom security now. Oh, also, there's a free white paper that provides valuable insights for our new framework, ai Trism, t-r-i-s-m. That's AI Trust, risk and Security Management. This paper will help you harness the full potential of AI responsibly, and you can find it now free at bigidcom slash security now. Bigidcom slash security now. We thank them so much for their support of the important work Steve's doing on security now. And now the good news.

1:29:32 - Steve Gibson
So Kevin Zollinger, a listener of ours, shared an image and wrote I suspect I am number 3231 to pass this along, but it looks like book six is on its way. He said I grabbed the image off reddit. Sometime next year we'll be back hearing about the many adventures of the bobs, and I don't recognize the app this screenshot was taken from. Is that instagram, leo?

1:29:59 - Leo Laporte
uh, yeah, I think so. I'm looking at the likes, the retweets. Yeah, it looks like it's done. Anyway, what?

1:30:08 - Steve Gibson
we see appears to be posted by Dennis E Taylor. It was 49 minutes ago from when the screenshot was taken. It's a photo of a manuscript titled Revelations, and then underneath it it says Paranza Bobaverse, Book 6 by Dennis E Taylor Wow, and it's sitting on presumably his lap. We see a pair of legs in shorts underneath the draft manuscript as well, and down in that fine print it says version 2025-7-12.1, which would place it as last week. 12.1, which would place it as as last week.

1:30:54 - Leo Laporte
So uh looks like uh, you know a printed out on paper manuscript, so that's the real deal. And spiral bound, no less. Wow, that's cool christopher lawson says.

1:31:01 - Steve Gibson
Mr gibson, while listening to podcast 1033, you were asking about the difference in WhatsApp and other messaging apps. With regard to WhatsApp not using encryption for message storage, messaging applications like Signal encrypts the SQLite database on the mobile device, in addition to the built-in device storage encryption, and stores the encryption key on the keychain. This prevents backups to iTunes and iCloud from containing the unencrypted messages, along with any spyware, slash mercenaryware from exfiltrating unencrypted messages from the shared application's container locations. Whatsapp has chosen to keep the messages decrypted so that they can be recovered from backup or transferred to a new phone or even phone brand. Single has chosen privacy over portability and usability in many areas, while WhatsApp is focused on usability and portability over the additional layers of security controls. Keep up the great work with teaching slash, engaging critical thinking skills with your podcasts signed, chris. So, chris, thank you Anyway. So that sort of explains a little more clearly what it was that we saw in the news last week that had WhatsApp in trouble. The reason whatsapp was presumably uh, the, the congress, the congressional, uh staffers were being told that whatsapp was no longer safe to use. Stop using it, use some other things is that its data at rest is not stored in encrypted form. Interesting and again, you know who knows with congress, with Congress, but still, that at least clarifies that. So thank you, chris.

Matt Oliver said Hi, steve, it's Thursday evening, as the New Zealand government just yesterday announced that they're introducing a bill to outright ban them in New Zealand as part of an anti-money laundering bill update. They're also heavily limiting cash transfers out of New Zealand, but that's another story he wrote. It will stop these criminals from being able to extort cash from unsuspecting victims. But if someone in New Zealand wants to invest more than $5,000 overseas, it seems they'll be limited to breaking it up into multiple transactions. I'm not too sure where the line should be. It seems like only a few weeks since you shared episode 1000. How can you be at 1033 already? That's amazing. Yeah, tell us about it. It does seem like quite a while ago. So, anyway, it does appear that the crypto ATM business may be in for some rocky times. We know that the creation of cryptocurrency itself really opened the floodgates for extortion and ransomware. Cryptocurrency is so handy but also so inherently prone to abuse, so I suppose it should come as no surprise that crypto ATMs would be no less abuse prone. Jeff, a listener said hello, steve.

On Security Now Podcast 1033, you discussed the Apple and WhatsApp responses to the Israeli spyware vendor attacks and in particular, you mentioned that WhatsApp was able to remediate the PDF free type font rendering vulnerability issue on the server side without changes to the client. That's right. I quoted a WhatsApp rep saying that about WhatsApp, and he says Jeff asks since WhatsApp is supposedly end-to-end encrypted, how could this have been implemented? Meta should have no visibility into chat contents, although perhaps non-text content is sent in the clear, which would be an interesting admission on its own, especially since CSAM and other illegal non-text-based content is also used as a justification to add backdoors to encrypted communications. Unless I'm missing something obvious, this seems like a very big deal, but would want to confirm the reporting before jumping to any conclusions. Signed Jeff and for what it's worth, jeff's note was similar to that from many of our astute listeners who have been paying attention and pointed out the same issue, asking the same question, which amounted to Meta said that they were able to deal with the Apple Zero Day on the server side without requiring their clients the WhatsApp apps to be updated.

But if all of WhatsApp communications are actually end-to-end encrypted, with the bad guys sending maliciously formatted PDFs to targeted victims. How would that have been possible? We got great listeners and they were 100% right. That's what's known in the industry, actually, as a damn good question. Last week I glibly and incorrectly assumed that they could just scan any PDFs for the deliberately malformed exploit. See that and refuse to deliberate. But they obviously can't do that. Meta should have absolutely zero visibility into any of the content being transacted. So to Jeff's and many of our listeners' points, there's really nothing at all that Meta should have been able to do on the server side.

The only thing I can imagine that perhaps explains WhatsApp that could be going on is that perhaps WhatsApp doesn't attempt to contain complete rendering code internally in the app. That is, the app could be modular. It might be that PDF rendering code from the server is done on the fly in some circumstances, or there might be a module in the WhatsApp app which Meta could have updated to fix the rendering problem themselves. But it sounds like maybe PDFs are actually being rendered at Meta and that they fixed the bug there. And so you know that is a little bit of a glitch in the in the end-to-end encryption, if pdfs actually go to meta after being decrypted in order to have the pdf rendered, then that's something that would be worth pointing out too so let me, let me, uh, there is one thing that, uh, you can do if you are using WhatsApp not about PDFs, but about encryption.

1:38:30 - Leo Laporte
I'm looking at my WhatsApp and in the chat backup there is an option off by default, to end-to-end encrypt your backup, so you could turn that on. So, thanks to Darren Oki who pointed this out, it's actually in the software.

1:38:47 - Steve Gibson
Actually, maybe the problem is that it's off by default it's off by default, so maybe people should turn it on, yeah um yeah anyway, definitely a tip of the hat to our listeners who have been paying attention that's really interesting that there's, you know.

1:39:02 - Leo Laporte
Yeah, so yeah so well.

1:39:05 - Steve Gibson
Either they're rendering it on their servers, which kind of is what it sounds like, or they're able to update a rendering module of WhatsApp without updating the entire app, right, so I'm like explaining to them, I'm explaining around their claim that they're able to do this. I would be nice to know actually how they're able to do it. I don't know able to do this. I would be nice to know actually how they're able to do it. I don't know. Casey said steve just wanted to share today a neat tool from the eff called cover your tracks. Oh yeah, and it's at cover your tracksefforg. He says this is a useful tool for anyone who wants to test and better understand browser fingerprinting. He said a co-er had shared news of a breach that didn't seem completely straightforward from CyberNews and he gives the CyberNewscom that I was analyzing when I had found this link to the EFF tool. Many articles from the CyberNews site seem to promote their own tools and to engage users, mostly for advertising purposes, but one stood out since it correlated with the browser fingerprinting episode you recently shared. I would be interested to know your take on this site and tools like their password leak checker. I'm skeptical meaning of CyberNews' implementation that 16 billion credentials were leaked earlier this year. That does seem like a high number, and skeptical of their recommendations, which seem biased.

This dive gave me more reasons why I'm happy to be able to hear from you each and every week. I've been following your work since before the days you published the experiences with the once-named Wicked Script, kitty, and the adventures you had infiltrating the IRC site that was being used to DDoS your site. I won't tell you how old I was at the time, but, boy, those are classic. I can't count the number of times I've used and recommended Spinrite Security Now Vitamin D, the Healthy Sleep Formula, the Picture of the Week and the many more things you share. Let's just say that even while on vacation, I couldn't help but think about you and Security Now while visiting Irvine and the beautiful surrounding area.

Thanks for everything, kcc. Well, casey, thanks very much for your note. I'm so tickled that so many of my wanderings have been useful to you and your colleagues. I'm aware of the EFF's Cover your Tracks page and in the past years we've talked several times about their earlier effort, panoptic Click, which they released at version 3 level back in 2017. But the coveryourtracksefforg site and that work is their latest and it serves as a perfect follow-on to our recent discussion of browser fingerprinting. I just went there with my Firefox browser, which is running uBlock Origin and Privacy Badger, so both those two things uBlock Origin and Privacy Badger. The EFF's Cover your Tracks site performs proactive fingerprinting of the same sort that's performed by tracking sites and shows what they are able to see After auditing my browser. I'm going to share what that site showed me about my browser, leo, after we take another break.

1:42:41 - Leo Laporte
Okay, that's good and I will show it to everyone. But first a word from our fine sponsor. I know we're doing zero knowledge. How about zero trust? Huh, how about that? That is the best way everybody knows to protect your business, and ThreatLocker is the best way to do zero trust.

Ransomware is killing businesses worldwide. Worldwide. You've seen it through phishing emails, infected downloads, malicious websites, rdp exploits. You don't want to be the next victim. You don't want your business to be the next victim.

Threat lockers zero trust platform takes a and this is the key proactive, deny by default approach deny default. It blocks every unauthorized action, protecting you from both known and unknown threats. Zero days no one's ever seen before. Trusted by global enterprises like JetBlue and the Port of Vancouver, threatlocker shields you from zero-day exploits and supply chain attacks and provides you with a complete audit trail for compliance. You know exactly who did what, when, where. You've got absolute compliance. Threatlocker's innovative ring fencing technology isolates those critical applications from weaponization. It stops ransomware cold. It also and this is super important limits lateral movement within your network.

Threatlocker works across all industries. It supports Mac environments. They have 24-7 support based right here in the US, and ThreatLocker gives you comprehensive visibility and control. Just ask Mark Tolson. He's the IT director for the city of Champaign, illinois. We've talked about this City. Governments are often targets of ransomware attacks. Mark doesn't worry. He says, quote threat locker provides that extra key to block anomalies that nothing else can do. If bad actors got in and tried to execute something, I take comfort in knowing threat locker will stop it. Stop worrying about cyber threats. Get unprecedented protection quickly, easily and cost effectively with threat locker. I cost-effectively. I was kind of stunned when I checked it out. It's very affordable. Visit ThreatLockercom slash twit. Get a free 30-day trial. Learn more about how ThreatLocker can help mitigate unknown threats and ensure compliance. That's ThreatLockercom slash twit. We thank these guys so much for their support. They're really big fans of yours, steve, and security. Now we're big fans of theirs. So it goes both ways.

1:45:14 - Steve Gibson
All right, let's see. I go to coveryourtracksefforg with my Firefox browser loaded with uBlock Origin and Privacy Badger. My Firefox browser loaded with uBlock Origin and Privacy Badger. The result page says here are your Cover your Tracks results. They include an overview of how visible you are to trackers, with an index and glossary of all the metrics we measured below.

Our tests indicate that you have strong protection against web tracking. Yay, okay. So they quickly divide this into three categories Is your browser blocking tracking ads? Yes, it is. Is it blocking invisible trackers? Yes, it is. Is it protecting me from fingerprinting? Oh, they answer your browser has a unique fingerprint. And they say note, because tracking techniques are complex, subtle and constantly evolving. Cover your Tracks does not measure all forms of tracking and protection. They're here to make a point, but boy do they. They said your browser fingerprint appears to be unique among the 244,246 browsers tested in the past 45 days. Okay, ouch. So that's a bit shy of one quarter million visitors who have used cover your tracks over the past month and a half, and not one of those visitors browsers had the same fingerprint as mine.

1:47:08 - Leo Laporte
Or mine, as it turns out. Whoops, but that's the thing we were talking about the other day, exactly. It's almost impossible to prevent.

1:47:20 - Steve Gibson
So, for example, they check the headers. Check the headers that my user agent header says mozilla slash 5.0. Windows nt 10.0. Win 64 x64 rv, colon 144.0. Okay, that's 140. That's got to be the version number of firefox. Then I've got Gecko 2010-01-01 and Firefox slash 140.0. So that's my user agent header.

1:47:54 - Leo Laporte
For some reason, almost everything identifies as Mozilla. It's bizarre.

1:47:58 - Steve Gibson
And it still is. You're right. Everything starts with Mozilla. Slash something and it's purely history. It's because it's. It's because the the very first browser was netscape right and and you had to have that in the user agent to tell the early web servers that you were a user-based web browser, not some other robot or something.

So, it's just there, you know, everything has it. So they note that that user agent header, as it is, conveys 4.41 bits of identifying information. In other words, it is and the reason bits can be fractional is log power, of two reasons. The point is that one in 21.21 browsers share this value.

1:49:00 - Leo Laporte
So it's already narrowed it down that much. Yes.

1:49:04 - Steve Gibson
Just from the user agent, that one user agent. Of that 244 plus thousand browsers they've seen, in the last 45 days my browser has been reduced from that population to one in 21.21 of that entire set and that's 4.41 bits in binary terms. Then we have another header, the HTTP underscore accept header, which contains another bunch of stuff. It says that the browser wants to receive HTML text. It doesn't care about the name and path name, it's able to unzip the data using QZip or Deflate or BR or ZSTD. It wants English as its standard language and basically it says you know, this is who this guy is from, the.

Again, from the standpoint of the server, and they note okay, there's, you know, that's a lot of information to give. That further presented nearly two bits, nearly so it was 1.91 bits of data, two bits right, would have been one and four. This is one in 3.76. Browsers should have the same value my Firefox browser had. Then there's a list of plugin information, the, the, the plugins that the browser contains. I've got five of them plugin zero through, plugin four Turns out not very unique. All of that list of plugins was only worth 0.64 bits of identification, four bits of identification.

1:51:14 - Leo Laporte
So I'm one in five, I'm one, I'm one in 1.56 browsers with that value mine too. I've switched to arc over here and this is it's funny user agent is still mozilla yeah, it says it's an intel mac, which it's not, but okay yeah, so and, but just like you have four plugins which give it the same bits of identifying information, yeah, I've got time zone offset.

1:51:31 - Steve Gibson
That is something that my browser is announcing. That is what is my time zone and that's worth 4.11 bits of information. So one in 17.31 browsers also have my time zone offset of 4.20, which is an interesting time zone.

1:51:48 - Leo Laporte
Isn't that an interesting offset? I don't know what that is. That's an Elon Musk offset, that's right.

1:51:55 - Steve Gibson
Also, the actual explicit time zone is set to America slash Los Angeles. Well, that's good for 4.4 bits of additional discrimination among all the browsers in the world. So one in 21.05 browsers share that value. The screen size that I happen to be using, boy, does that make me unique? I happen to be on a screen. It's one of those curved widescreens, so it's 3840 by 1600 by 24 resolution. Interestingly enough, that's 11.65 worth of. That's a. That's almost 12 bits subset of one in 3213, 3,213, almost 214 browsers.

1:52:54 - Leo Laporte
That's bad, right, that's bad. You want to be less unique, not more unique.

1:52:58 - Steve Gibson
It was highly identifying for me to use that bizarre screen. So maybe use a Palm Pilot, I don't know. Oh, just give up as many system, the, the particular system fonts you have, that they're all listed there so that the, the server. I mean this is nonsense. Why are our browsers blabbing that? I got you know calibri and cambria and cambria, math and comic sans ms and consulus and lucida crazy, you that's crazy. You know, it's like nuts.

1:53:27 - Leo Laporte
But it's a great well. You know that's because the website might do a query saying hey, do you have Lucida grants? Can we show the? You know Exactly, yeah.

1:53:36 - Steve Gibson
Exactly. Oh, he's got Palantino lino type.

1:53:39 - Leo Laporte
Oh, we love that one. Yeah, let's use that.

1:53:43 - Steve Gibson
Anyway, that's good for 3.2 bits worth of discrimination.

1:53:46 - Leo Laporte
I still have Wingdings on my computer.

1:53:48 - Steve Gibson
Oh, I do too via JavaScript, you and I both, and I'm a big Verdana fan, yeah, I like Verdana and Dahoma's there, anyway. So, oh, and are cookies enabled? Yes, although it turns out that doesn't help very much Get this Cookies being enabled, which?

1:54:06 - Leo Laporte
of course you have to have.

1:54:08 - Steve Gibson
That's 0.07% worth of discrimination. So only good for one in 1.05 browsers basically everybody. Because if you don't have cookies, I don't know what you can do. And then what about the super cookies? No-transcript can perform a specific test on the html html5 canvas element. That's actually where you're able to draw on the user screen using JavaScript. They said this metric is the unique identification the tracker assigns to your browser after it performs this test. Canvas fingerprinting is invisible to the user. A tracker can create a canvas in your browser, off screen not visible off screen.

Yep and generate a complicated collage of shapes, colors and text using JavaScript. Then, with the resulting collage, the tracker extracts the actual bitmap data about exactly how each pixel on the canvas is rendered. They said many variables will affect the final result. These include your operating system, your graphics card, your firmware version things you can't change readily graphics driver version and installed fonts. They said this is a complex and very reliable fingerprinting metric for trackers. Slightly different images will be rendered due to small differences in video card, hardware drivers, operating system and installed fonts. So, despite all that, not a lot of identifying information 1.57 bits worth in my own browser mine's 9.22, mine's interesting.

1:56:38 - Leo Laporte
Yeah, you got.

1:56:39 - Steve Gibson
You got probably have fancy stuff going on I do yeah I was. I'm a generic intel video on an Intel NUC, so I share all of those characteristics with one out of every three browsers out of that 244,000.

1:56:56 - Leo Laporte
Mine is one out of 595 browsers.

1:56:59 - Steve Gibson
Wow, that's interesting. That's because you're fancy.

1:57:02 - Leo Laporte
Again, the higher that number, the worse, because you're more unique, you're more able to discriminate.

1:57:08 - Steve Gibson
They're able to discriminate you from other browsers but wait till you see my web.

1:57:12 - Leo Laporte
Gl fingerprint.

1:57:14 - Steve Gibson
Oh boy, oh boy again, mine's not very fancy because I'm just using an intel, you know built-in graphics thing. I'm 1.72 bits and so I'm left. I'm about one in three and a third browsers.

1:57:26 - Leo Laporte
I'm one in 10,656 browsers.

1:57:30 - Steve Gibson
They're tracking you so bad. They know who.

1:57:32 - Leo Laporte
I am now. That's right, wow, and that's value for just this fingerprint. So remember we got to combine them all right to get a really pretty good.

1:57:43 - Steve Gibson
Just this component of your fingerprint, right? Yes, so that's a lot of bits. They got on you, oh, not good. Just this component of your fingerprint, right? Yes, so that's a lot of bits. They got on you, oh, not good. Also, webgl Vendor and Renderer there, because there are so many possibilities, that's a lot more identifiable. I'm at 6.32 bits, so I'm about one in 80 browsers share my particular combination for WebGL vendor and renderer and you're what? A little higher than that.

1:58:16 - Leo Laporte
One in 1,400. Yeah, 10 and a half bits.

1:58:19 - Steve Gibson
Yeah, and then we both have the DNT header enabled. It's set to true Fools that we are Ironically turning that on.

1:58:28 - Leo Laporte
Gives them more bits of information. Yep, most people don't do it. Only half half of the people do it where you can.

1:58:35 - Steve Gibson
You just want to kind of blend in with the herd, if possible, in order to be less identifiable. Language being english, that wasn't. That was less than a bit worth. So 0.87 for me and 86 for you. It thinks I'm at my hardware specs. It thinks I'm on a. It says you know platform Win32, 1.29 bits. Touch support is less than a bit. Interestingly, the audio context fingerprint for me was way up I mean well up in terms of number. It turns out that whatever the audio context fingerprint is, the value they got was 35.749972093850374. Whatever that is, it's only worth a little over two bits, 2.27 bits of of of specificity there you probably have a very common audio card then uh, codec again.

It's the one built into the intel, so I bet that is yep yep and yours is somewhat real tech mine's. Yeah, because it's a mac, so it's just by virtue of being a Mac, it's less common. When you concatenate all the effective, unique bits that each of those parameters offer, you end up in my case. They've never seen that site, has never seen in the last 45 days, and more than 244,000 browsers. Nobody else has come along with exactly the same combination.

They don't need a cookie they don't need anything else to know who I am.

2:00:34 - Leo Laporte
You're one and a quarter million, that's not good. And so that.

2:00:38 - Steve Gibson
So our takeaway here is that you know, and I've got you block origin and privacy badger. It said you're're blocking ads, you're blocking trackers. Yeah, doesn't matter. Yeah, our, our fingerprinting tracking. Today's tracking technology has become serious. It's become that serious that you know.

Unfortunately it's javascript. I remember I talked about this last week. I tried turning off javascript for a third party where the site I would go to. They could run their own JavaScript on my page, but not any third party, not any advertisers. I was immediately unable to make a restaurant reservation, just couldn't, because unfortunately, today's webpages are pulling technology from everywhere else. Nobody rolls their own reservation system. They use OpenTable why reinvent the wheel? And they use Salesforce for this and they use OAuth for that, and they just use technology from everywhere. Everybody wants to run their script on your browser and trying to turn off third-party scripting breaks immediately. And it's third-party scripting that the advertisers are leveraging to generate these super unique fingerprints.

Fingerprint to regenerate a cookie. Cookie is still the gold standard. They want to get a cookie because nothing's better than that. But if you delete them or change browsers while you're on the same IP or on the same machine, they can still lock on to your altered but identifiably changed fingerprint and re-cookie your new browser or refresh a cookie that you just deleted. You know, I kind of understand, leo, why you've given up.

2:02:32 - Leo Laporte
Yeah, because like you know, ironically, if you use no script, that probably narrows it down even more right, yeah, nobody does that, so you'd be one in a bazillion.

2:02:43 - Steve Gibson
Yeah, because you can't turn off scripting any longer in a bazillion.

2:02:49 - Leo Laporte
Yeah, because you can't turn. You can't turn off scripting any longer, so it's kind of counterintuitive. But the more protections you have, probably the more identifiable you are, yeah the the, the more generic you could be.

2:02:58 - Steve Gibson
Yeah, the you know. You would like to have a browser where they said, well, we don't know who you are, but but you know, half the browsers that came by looked to say it was you.

2:03:08 - Leo Laporte
That would be good. Use Edge, no plugins. Run your screen at 1920 by 1080. You know, I mean it's things like that. You know it's things you don't want to do, frankly, okay.

2:03:22 - Steve Gibson
And our last bit of feedback, Paul said. Steve, listening to yesterday's podcast and the type memory overflow Paragon used for WhatsApp PDF attacks made me wonder something If all interpreters were rewritten in memory-safe languages, would they be problem-free or just have a way smaller attack surface? So that's a terrific question. I think the fairest way to evaluate this would be to observe that the problems with interpreters have historically been the same as the problems with any other class of code. So same mix of problems, but that interpreters tend to be problem magnets due to the particularly large attack surface they present.

It is an interpreter's inherent nature to be heavily directed by the content of the data they're interpreting, of the data they're interpreting. That's the unique characteristic that makes interpreters and inherently more prone to abuse. There's much greater opportunity for their abuse by way of abusing the formatting of that data. By comparison, for example, code whose functioning is inherently independent of the data it is processing is going to be inherently far less vulnerable. So, yes, the benefit derived from writing interpreters in memory-safe languages would likely be significant, not because interpreters are necessarily more prone to the problems that are often resolved through the use of memory-safe languages, but because interpreters are just generally so much more prone to all problems of coding, and memory-safe languages have been shown over and over to be terrific for preventing one large class of memory-related coding mistakes.

Another way of expressing what Paul suggests is that if one wanted to begin the work of rewriting a large body of code in a memory-safe language, a great place to begin that work to quickly realize the largest increase in security and operational integrity would be anywhere. The functioning of the code is percentage of coding mistakes through time. So if you've got a big project you're saying, hey, let's recode this in Rust or Java or something. First recode the interpretation part of that large object, If there are some, that's going to be where you'll get a large amount of leverage from that recoding effort.

Okay, now Leo, yes, and our listeners after this next final sponsor.

2:07:15 - Leo Laporte
this is where I think our listeners would have fun if they involve their kids, because we're going to have some fun this is our zero knowledge segment coming up.

2:07:21 - Steve Gibson
I can tell Introduction to zero knowledge proofs there are some fun thought problems here.

2:07:25 - Leo Laporte
This will be good for me too. I have a childlike brain, so this should work very well for me. We'll see. Stay tuned.

This episode of security now brought to you by us cloud, the number one microsoft unified support replacement. Now we've been telling you about us cloud now for some months. I hope you. I hope it's registering, because I think the name doesn't immediately tell you. They are the global leader in third-party microsoft support for enterprises now support 50 of the fortune 500, and there's a good reason for this.

Switching to us cloud can save your business 30 to 50 percent over microsoft's overpriced, underperforming unified and premier support. I say overpriced, okay, maybe you'll understand that. But yes, did you know? Us cloud is actually twice as fast as Microsoft in average time to resolution? That's what I mean by underperforming. Us cloud is twice as fast. And now they're going to live up to their name because they're going to do something I doubt Microsoft would ever do. They're going to tell you how you can save money on Azure. Yeah, microsoft does not want you to save money on Azure.

Us Cloud is excited to tell you about a new offering. This is their Azure Cost Optimization Services. I mean, look, if you're like mean look, if you're like me, if you're like any business, you probably don't pay that much attention to your azure usage. It's really handy, right? It's really useful. If it's been a while, though, you probably have some azure sprawl a little. I don't know spend creep going on. I bet you do. The good news is saving on Azure is easier than you think with US Cloud.

Us Cloud offers an eight-week Azure engagement powered by VBox that identifies key opportunities to reduce costs across your entire Azure environment. With expert guidance. You will get access to US Cloud's senior engineers. This is another way. They're better, by the way, they hire the best people with an average of over 16 years with Microsoft products. This is the creme de la creme. At the end of those eight weeks, your interactive dashboard will identify, rebuild and downscale opportunities and unused resources, which means you can reallocate those precious IT dollars towards well, there's always something needed Needed resources, whatever it is you need.

Although, if you want the savings to continue, you might take a look at investing your Azure savings in US Cloud's Microsoft support. That's what a few US Cloud's other customers have done Completely eliminate your unified spend and remember you're going to save 30% to 50% by doing that. So the savings just pile up. This is what Sam did. He's the technical operations manager at Bede Gaming B-E-D-E. He gave US Cloud five stars, said and this is the quote we had found some things that had been running for three years which no one was checking.

These VMs were, I don't know, 10 grand a month Not a massive chunk in the grand scheme of how much we spend on Azure, but once you get to 40 or $50,000 a month, it really starts to add up. This is the great solution Stop overpaying for Azure, identify and eliminate Azure creep and boost your performance all in eight weeks with US Cloud. I mean, why wouldn't you Visit uscloudcom and book a call today to find out how much your team can save? That's uscloudcom, to book a call today. Get faster microsoft support for less. It's better to faster microsoft support for less uscloudcom. We thank him so much for supporting steve and his good works here at security. Now, all right, you say it's not a propeller hat, but I'm gonna.

2:11:13 - Steve Gibson
I'm gonna gird myself we're gonna have fun, okay, okay. So first off, a little bit of background here. The recent issues surround the reason we're talking about zero knowledge proofs is these. Recent issues surrounding the growing pressure to create some means of providing online age verification, with its accompanying worrisome implications for privacy, has brought a somewhat obscure but quite interesting bit of academic technology into the foreground. This area of study and recent developments for computers is known generically as zero-knowledge proofs, sometimes abbreviated ZK proofs or just ZKPs.

Now, as we know, when discussing cryptographic protocols, as we've often done here and as is typically done in the literature, the various participants are given representative names. Alice is typically the initiator of a communication, bob is typically A and B. Bob is the recipient of that communication. Eve is the name given to someone attempting to eavesdrop on that communication between Alice and Bob. Mallory is a malicious attacker, or maybe Mallory in the middle, and if additional participants are needed for multi-party communications, we typically bring out Carol and Dave to be the C and D of the A, b, c and D group.

Now for today's discussion, we're going to introduce two new characters who we've never used before. Peggy is someone who wishes to prove something and Victor is the verifier of what Peggy wishes to prove. Or maybe Victor is the person that Peggy needs to convince of something. She makes an assertion, she's trying to convince Victor. So we have Peggy and Victor. Now a formal description of any zero-knowledge proof is pretty short. It reads something like this it would say pretty short. It reads something like this it would say a zero-knowledge proof is a protocol by which one party the prover can convince another party the verifier that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement's truth. So it's an interesting problem. Yeah, in other words, the verifier learns nothing beyond the truth of the assertion that the prover wishes to make.

Am over 13, for instance okay, um, by comparison, you know, you know instances of what we might term a knowledge based proof as opposed to a zero knowledge proof. You know, you know, they're all around us, right? Uh, someone can prove their assertion of some information simply by revealing it. I know this. I'm I'm over 13.

2:14:34 - Leo Laporte
Look at me, right or look at my right yeah, my identity card, or whatever yes, so.

2:14:41 - Steve Gibson
So so there you're giving the person information beyond your assertion that you're over 13. And we don't want to do that Right. The tricky zero knowledge proof part is to prove the possession or prove the assertion is true, while not revealing any information or any aspect of it. So the formal requirements for true zero knowledge proofs are actually even higher than this. Because we want true zero knowledge, there should be no knowledge received that could get this. Leo that can be passed on to a third party. That is, peggy may prove something to Victor, but Victor doesn't gain anything that allows him to prove it to someone else. So there's actually an even higher bar. The verifier in this setting, even after they've been convinced of the truth of the prover's statement, should nevertheless be unable to prove that statement to any other third party. So some zero-knowledge proofs can be interactive, meaning that the prover and the verifier exchange messages following some protocol. I'll show that we're going to look at three examples. The first and the third use Peggy and Victor. The second is an interactive. Well, actually, the second and third are both interactive.

So I titled today's podcast Introduction to Zero Knowledge Proofs because I wanted to start everyone thinking about what is really a fascinating realm without yet getting bogged down and mired in cryptographic esoterics. And it turns out it's not necessary, since there are some very cool physical examples that we're going to look at which should serve to get everyone thinking about this topic broadly. Also, although computer scientists are excitedly talking about zero-knowledge proofs being useful for the online age verification problem, at best ZKPs will only be one useful part, or one needed, one required part, of the solution. The solution, so you know, yes, people are talking about this in the zero knowledge proofs regarding age verification, but to me, the problem mostly the problem of age verification mostly involves somehow linking a person's verifiable date of birth to an unspoofable biometric. You know, once you have, that a zero-knowledge proof could be used to prove an assertion of age without revealing anything more. Or maybe the way it's used is you need to convince your iPhone that you're older than 18, but you don't want Apple to know anything more about you. Then the biometric is used for Apple's iPhone to disclose its belief of that to a third party, and so you've managed to share nothing with Apple. Yet you have convinced Apple that you're over 18. So then it's able to convince other people who ask.

So we got a ways to go. It's not like this zero knowledge proof business is just going to solve all of our problems. Okay, so I want to make absolutely certain that everyone appreciates this is not some sort of magic again, age verification technology. It'll just be part of a much larger system, but it is arguably a requirement. If, for example, you would like Apple to be able to assert your age without telling Apple anything more, that's where the zero knowledge would come in. So our goal today is to develop some sense for what it means to have a zero knowledge proof system.

Okay, so we're going to look at, as I said, three examples, so let's give. So what do we mean by zero knowledge proof? Let's give it some context. A perfect place to start is a classic ZKP demo known as Where's Wally. Now, imagine that there's a large sheet of paper, let's say two feet by two feet, and printed on this sheet is a solid mass of tiny line-drawn cartoon characters of various colors doing various things, and somewhere hidden in plain sight is WALL-E, but nothing obviously distinguishes WALL-ally from any of the other characters. And there is so much going on. I mean, this sheet is covered with these little guys doing stuff. So much visual noise printed on this. Now it's since it's two feet by two feet, that's four square feet of of of paper that even knowing what wally looks like, even being able to recognize him if you saw him, there's just no way to find him hiding in plain sight, as it were, among everything else that's going on okay, he's not wearing wearing a funny hat and striped knickers.

He's completely normal, or everybody else is too. I mean, it's just a complete confusion, just exactly Blends in, hidden in the noise. But Peggy the prover in our zero knowledge proof example, she knows where Wally is and she wants to prove to Victor the verifier that she knows. Now, before this, Victor has been visually scouring this four square foot sheet of paper over and over. He's looked everywhere multiple times until he's become convinced that Peggy is full of it and that there's no Wally printed anywhere on the sheet. Peggy claims otherwise. She says oh yeah, I know where he is.

She's rather proud of her discovery and she's become somewhat annoyed with Victor claiming that she's not telling him the truth. So she's become somewhat annoyed with victor claiming that she's not telling him the truth. So she's decided she's not going to show him where wally is. Well, she wants to keep wally's location a secret from victor, even after proving not only that Wally does exist on the sheet but also that she knows where Wally is. If she can pull this off, it's going to further drive Victor nuts, because he'll know for sure that there's a Wally there somewhere, but still have no idea where I like this game, but still have no idea where I like this game.

So how does Peggy create a zero knowledge proof of Wally's existence on the sheet of paper while keeping his location secret? She gets another, much larger sheet of paper, double the length in each dimension, so it's four feet by four feet, and in the center of that larger sheet she cuts a small hole the size of Wally on the printed sheet. She positions the top cover sheet while Victor is out of the room, of course. She positions the top cover sheet, while Victor is out of the room, of course, over the printed sheet with Wally's image visible through the hole. There's Wally looking at what Peggy has done. She invites him in and says OK, I'll prove to you that there's a Wally here. So Victor comes in the room. Victor cannot deny now that there's Wally. She's proven that. Yes, and the fact that Peggy was able to place the large cover sheet over the printed sheet so that Wally's image appears through the little hole in the center of the cover sheet further proves that Peggy knows where Wally is on the printed sheet. But thanks to the fact that the cover sheet is twice as long in each dimension as the sheet it's covering, the printed sheet would be covered up no matter where on that lower sheet Wally was printed. Peggy has accomplished her task. She has definitely proven to Victor that Wally exists on the original printed sheet, while giving him absolutely no information about where Wally might be. Peggy, the prover, constructed a zero-knowledge proof of Wally's existence and that she knows his location, knows his location. There's something else worth noting here, which is part of the definition of zero knowledge proofs and which can be important in some applications. As I mentioned before, although Victor is now utterly certain that Wally does exist and that Peggy does know where Wally is, victor's still unable to now prove that to anyone else because he still can't find Wally. Peggy made him leave. She took the top sheet off, he came back. He's still pissed off now because he knows Wally's there somewhere and he absolutely knows it, but he can't prove it to anybody else either. Okay, so next example. This next example demonstrates some other properties of this interesting realm.

We've got two competitors. They have so far each been allowed to purchase some number of a rare and precious item from a common supplier. They want as much as they can get. They've each been allowed to purchase a certain amount. The supplier claims that both parties have been allowed to purchase the same number of these items. But as part of the purchase agreement, the supplier made them sign an NDA, a non-disclosure agreement, which has bound them to keep the number of items they were each sold a secret, especially from one another. They're not allowed to divulge to anyone, especially each other, how many they have been allowed to purchase. The supplier says I've sold you both the same amount. If they violate that NDA, they will lose any opportunity to purchase any more of these precious items in the future.

The problem is their competitors. They need these things and they don't trust completely. The suppliers claim their assertion to have sold them so far the same number, so far the same number. So they want to verify, or in this case, to prove that they have both purchased the same number of items without breaching their NDA and revealing the number of items each has purchased. The items, as it turns out, are only sold in lots of 100. The items, as it turns out, are only sold in lots of 100. So they may have each purchased 100, 200, 300, or 400 of the items. They know how many they have purchased, but they don't know how many their competitor has purchased and neither of them is allowed to reveal their purchase quantity to the other. What they want to know is whether the seller has told them the truth, just that, the truth about having sold them each the same number of units, yes or no. What they need is a zero-knowledge proof, and over drinks one night, they devise a way to accomplish this.

They get four identical small lockable boxes, each having a differently keyed lock. So four lockable boxes and four keys, one for each box. Into the top of each box they cut a small slit through which a piece of paper can be dropped, like a little ballot box. The four boxes are labeled 100, 200, 300, and 400, corresponding to the number of items each has been able to purchase from their common supplier, and each box is locked with its respective key, which is left in the lock, and all four boxes are placed alone on a table in a room with a door. They also prepare four slips of paper, one piece. One slip of the paper has a big green check mark on it and the other three have a big red X.

The two competitors gather outside the room containing these four boxes and they flip a coin to decide who's going to go first. The winner of the coin, toss, enters the room and closes the door behind him. He goes to the box which represents the quantity of items he has purchased 100, 200, 300, or 400. He removes its key and places it in his pocket. He also removes the other three keys from the other three boxes. So now all the boxes look the same. Right, there are four locked boxes. There are no keys. There are no keys. He leaves the room, closes the door behind him, then together the two of them destroy the three keys for the other boxes which will never be opened.

Okay, and that first guy has kept the key. For the one box that corresponds to how many items he's purchased. For the one box, the corresponds to how many items he's purchased. Next, the other competitor takes the four slips of paper into the room and closes the door behind him. He drops the slip of paper having the big green checkmark into the top slot of the box which corresponds to the quantity of items he has been allowed to purchase from their common supplier Again, 100, 200, 300, 400, whichever box, and he drops the three big red X slips into the other three boxes and then he exits the room and closes the door.

Finally, the first person who removed and retained that one key from the one box, which only opens the box corresponding to the quantity of items he has purchased, enters the room and closes the door. He goes to that box, he returns to the box for which he has the key and use it and that's, that's the. That key will only open that box, uses the key to open the box and withdraws the slip of paper that box contains. He relocks the box so now they're all locked again and exits the room with a slip of paper and shows it to the competitor. Only if the box he had the key for was the same box as his competitor dropped the green checkmark paper into, will he have been able to successfully withdraw a piece of paper containing a green checkmark. And in that case they will have confirmed to each other that they have each been able to purchase the same quantity of items from their shared supplier. In other words, if the first competitor withdrew a slip of paper with a red X, they will both know that they had been lied to by their seller. But that is all they know. They only get a yes or no. They don't learn anything else. Neither of them will have learned how many of the items the other has been able to purchase. So they will not have discovered, they will not have disclosed that to the other and thus will not have breached their purchase agreement. They did not breach their agreement. They did not breach their NDA If they don't know how much, if they learn, if a red X gets pulled out after that third round, they only know they have not both purchased the same amount, but not how much. Where nothing is learned, no information is gained other than the verification of an assertion.

Okay, and for the third example, we're going to look at one that involves statistical proof. This is another famous thought experiment, often referred to as Ali Baba's cave, and for this we return to Peggy and Victor. A cave is discovered which has an odd shape. It has a cave tunnel shaped in a ring, with an entrance in the side of the mountain, on one side of the ring-shaped tunnel, and a locked door which completely blocks the tunnel at the opposite, deep inside the mountain, the opposite side of the ring. So the locked door, which is far away from the tunnel's opening, from the outside cannot be seen since it's deepest in the back of the ring tunnel.

Peggy, who returns as our prover, claims to have discovered the magic word that can unlock the door from either side. But once again, victor, oh Victor, he's skeptical. Before this Victor and it's understandably why he's skeptical he had tried every word he could think of. No matter what he says to the door, it remains stubbornly locked. He doubts Peggy's claim to have discovered the magic word. He thinks you know he knows all the words that she knows and especially all that business with Wally. He's a bit more annoyed than ever with her. For her part, peggy is willing to work to convince Victor that she knows the magic word, but she insists upon doing it in a way that cannot also be used to prove it to anyone else.

Remember that's part of our goal here. Remember that's part of our goal here is not being able to prove what is proven to Victor the verifier to anyone else, and this is a problem, for whatever reason. That's crucial because Peggy wants to keep this secret. She's willing to prove it to Victor. She doesn't want Victor to be able to go off and prove it elsewhere. Remember, the formal requirements for zero-knowledge proofs are that even if the verifier has been convinced of the truth of the prover's statement, the verifier should nevertheless be unable to prove the statement to any other third party.

Okay, so if Victor and Peggy were to simply stand at the cave's opening, with the two tunnels heading off in opposite directions, clockwise and counterclockwise, around the ring, and if Peggy were to go down one path, say the magic words to the door and then a few minutes later, emerge from the other path, victor would obviously be immediately convinced that Peggy had to have been able to open the door with the magic word, because the only way she could have completely circumnavigated the ring tunnel would if would be if she was able to open and pass through the magic word door. But if victor were to record piggy's accomplishment with his phone's video camera, or if someone other than Victor happened to also be standing there too, watching Peggy do this, either of those would constitute incontrovertible proof of Peggy's grasp of magical cave door operation, and that would be unacceptable to her. She refuses to do that. She's willing to convince Victor, but you know, and you know, she's stubborn. We've already seen her use a large sheet of paper to frustrate Victor. Piggy's pretty clever, so she's come up with a way to prove to Victor, and Victor alone, that she can pass through that door at the far backside of the ring tunnel cave while at the same time preventing a video recording from creating solid evidence, or even evidence for someone standing by and silently observing the same thing that Victor observes Once again, peggy and Victor stand at the mouth of the cave with the two tunnels diverging in opposite directions inside the mountain.

Peggy has Victor turn around so that she is unobserved and has him start counting down from 10. She keeps her eye on him while she disappears from sight down the tunnel of her choosing. He turns around and shouts into the tunnel that he wants her to, and shouts into both tunnels, the specific tunnel he wants her to emerge from. If Peggy happened to go down that side of the ring, she simply retraces her path and comes out the side that Victor asked her to. But if she went down the other side, she must use her magic word to open the door and emerge from the path Victor has requested.

So what do we know and what does Victor know at this point? What we know is that there's a 50-50 chance that Peggy may have initially gone down the same path that Victor asked her to return from, so she would not have needed to use her magic word. Victor knows that she got it correct once, because he's only asked her once so far, but of course that might have just been beginner's luck. So they do it again as before. Victor turns his back, counts down from 10, which is what Peggy insists upon. Peggy herself chooses a direction, gets to the door and waits for Victor to shout out which path he wants her to return from. Since Peggy does know the magic word, she is always able to succeed. But if she did not know the magic word and if they kept playing this game, the chances get greater and greater that Victor will ask her to return on the path opposite the one she went down and Victor will have his well, his victory of proving that she never did know the magic word after all.

Now we know how the statistics of this go right. One test is a 50-50. The statistics of this go right. One test is a 50-50. Two tests, where both must be correct, assuming an equal probability of outcome is one in four. There's a one in four chance, if Victor and Peggy do this twice, that Peggy could just get lucky. Not know the word, but choose the right path both times. There's a one in four chance of that. The word, but choose the right path both times. There's a one in four chance of that Three tests reduces the probability to one in eight. Four tests one in 16. Then we get to one in 32, 64, 128, 256, 512, 1024, 2048, 4096, and so on. To get to 4096, one chance in 4096 that only requires 12 runs. So if peggy did not know the secret door opening word, there would only be one chance in 4096 of her being able to get the path correct all 12 times Before long. Annoying as he may be, victor will give up and admit that Peggy must indeed be able to cross that door's threshold. Either that or she is incredibly lucky and just should go to Las Vegas. So how has this statistical variation solved Peggy's concern about keeping her magical locksmith abilities unproven to anyone else?

Assuming that a camera or an observer were to turn around and be unable to see the path she took, which is the obvious requirement, just as she has required of Victor, there would be no way for a video recording or an on-the-spot observer to know that she and Victor were not conspiring by having prearranged the sequence of tunnels. Victor would call out and Peggy would choose to go down and then return from. They could have some system like take a famous phrase ask not what you can do for your country what you Can Do For your Country, where a vowel in the letters of the words of that phrase means take the left tunnel and a consonant in the words of that phrase means go down the right. This would allow Victor and Peggy to stage the entire event for an audience and gives Peggy the plausible deniability that she requires. And if confronted by someone who stood there or watched the video, she could say how gullible are you? Victor and I simply prearranged the sequence of tunnels. Why else do you imagine I didn't just let people directly observe which path I took? It was so I could stage the whole thing. So she has plausible deniability and you'll note that, assuming that she and Victor did not stage the entire thing, victor would be unable to convince the observer that he and she did not stage it. He has no way of. He knows he was choosing paths at random, but he has no way of proving the knowledge he now has that Peggy has the magic word to anybody else because only he knows that it was actually random. Everybody else is saying yeah, sure, you know, we know you guys cheated somehow. There are many other physical world constructions involving colored balls and decks of cards, but anyway. Everyone should now know by now, have a good idea for what we're talking about.

There are clearly ways to prove some statement or assertion involving other conditions without disclosing any other information about those conditions. The proof can be made while leaking zero knowledge pursuit. A great deal of time and attention has been devoted to the formalization of zero-knowledge proofs. A zero-knowledge proof of some statement must satisfy three properties. The property of completeness means if the statement is true, then an honest verifier who's following the protocol properly will be convinced of this fact by an honest prover. Then there's the statement of soundness If the statement is false, then no cheating prover, no matter what they do, can convince an honest verifier that it is true, except with some acceptably very small probability, like we saw with the cave. And thirdly, zero knowledge. If the statement is true, then no verifier learns anything other than the fact that the statement is true.

Peggy said Wally's there somewhere. Victor said no, he's not. I've looked everywhere. You're making that up. She showed him Wally through a little hole in the paper. Victor's like wow, okay, you're right, he's there. But after she removes the paper, victor still doesn't know where Wally is. He's no wiser afterwards. But now he's really upset because he knows he's there somewhere and he can't find him. So if the statement is true, no verifier learns anything other than the fact that it's true. Now, in the case of our competitors, they only learned whether or not they had both purchased the same quantity of goods, yes or no and if not, they didn't learn anything about who was able to purchase more than the other ever able to convince himself that, despite himself trying all the words he could think of, peggy must indeed know the magic cave door opening word, and she was willing to prove it as many times as he needed to her, needed her to prove it to him until he was convinced.

So those first two properties completeness and soundness are generally true of many interactive proof systems. They're not really anything special. If the assertion is true, the prover will be able to convince an honest verifier of this. If the assertion is false, it's not possible for a prover to fool the verifier into believing it's true. But it's the third property zero knowledge that the verifier is unable to learn anything other than the truth of the assertion. That's where the magic happens and turns the proof into a ZKP.

So zero knowledge proof technology is around and it is currently in use for many privacy centric purposes. It's used anywhere. It's necessary to prove an assertion you know, like the knowledge of a username and password, but without revealing anything about the username or password. It may be eventually, you know, it may eventually lie at the heart of some future age verification system suitable for use by the Internet and elsewhere. But, as I started off saying at the top, I'm not holding my breath because a great deal of supporting infrastructure will be needed beyond just the zero knowledge proof mechanics before we have anything that we can apply this technology to. But anyway, no, the next time that you're at a cocktail party if those are a thing any longer and you're being annoyed by someone who's asking what you do, you can have some fun talking about WALL-E and Magic Caves and probably be left alone pretty quickly at the party well, that was, that was fun, I.

2:48:53 - Leo Laporte
I feel like there should be some sort of mechanical way of generating zero knowledge proofs, but I think you just have to think really hard. Yeah, right, um, yeah, I like the. I like the box one. Yeah, I'm not crazy about the uh cave one, only because it depends on probability, correct, yeah, correct, yep. So that to me is well. I mean, it's pretty good. The one about the sheet she could have a second sheet that she put over the first sheet that had wally and then put the third sheet on top of the second sheet. He wouldn't know. So the box is the best one. But still, I feel like there's something we should. I mean, it's good, I like these.

How would you apply that to age verification, you think? Is there a way? I have no idea. Let's think about that. Write in to Steve and if you want to get it onto Steve's mailing list or send him email, you got to go to GRCcom slash email. There's two parts to that page. First part is you submit an email address that you'd like to use with Steve. It has to be the one you'll originate email to Steve from. That way he will whitelist you so you can automatically send him email. So do that and then tell us how would you apply ZKP to age verification, because that would be good, that would be useful. The second part of it is below that part.

There are two unchecked check boxes. Those are for Steve's newsletters. One is the weekly show notes newsletter for this show, which everybody should get, because if you listen to the show it's great to have those ahead of time. You see the picture, so forth, so on. The second checkbox is a much less frequent kind of occasional emailing. That would be an announcement, for instance, that there was a new product from GRCcom, like the long-awaited DNS benchmark, which is imminent. Right, yep, okay, working on it. Uh, steve does not work to anybody. He has no masters. He works at his own pace and we'll it'll be ready when it's done.

2:50:59 - Steve Gibson
In the words of michelangelo, all I can, all I can promise is it'll be good, and it will be good and bug free when it's done's done and bug-free in Assembler.

2:51:08 - Leo Laporte
Let's see what else. Oh, while you're at GRCcom, you might also want to take a look. First of all, he has the podcast, but he has unique. Everything Steve offers is something we don't offer. So on our website, twittv, slash SN, we have an 128 kilobit audio version and we have a video version.

Steve marches to the beat of a different drummer. He has a 16 kilobit audio version nice and small, a little scratchy, but small. He also has a 64 kilobit, which really should be the default version, but for technical reasons we don't offer that anymore because apple squinches it, etc. Etc. But Steve does. So that's really all you really need. That's a good quality 64 kilobit audio. He also has those aforementioned show notes, which are very handy to read along while you listen. He also has human written transcriptions. This is not an AI. This is Elaine Ferris, court reporter, and she does this all. It takes her a couple of days, but those are really useful, either for reading along while you're listening or to. I often look at the show notes while you're talking steve, to kind of kind of get it into my head.

2:52:15 - Steve Gibson
It's actually useful to read along as he's talking well you and you want to see a picture of the dog and I, and I'm always looking for the things I might want to show on screen exactly right he, uh, he also has, uh, the show notes transcriptions.

2:52:28 - Leo Laporte
He's got it all there, uh, and really, most importantly, he has his bread and butter, the thing he may. He lives on the, the, uh, the sandwich for his, for his, the raison d'etre, the, the ham that he puts in his sandwich. It is, of course, uh, spin right, the world's finest mass storage recovery. In fact, it's the only one really, uh, performance enhancer and uh and um, uh, what else does it?

do, it does, recovery, it does recovery, performance sensing and uh and uh checking. Look, if you've got a disc, if you've got an ssd, you gotta have spin right, go get yourself a copy. 6.1 is the current version. I don't know why I've forgotten that phrase that I say every single time it'll come back anyway.

Uh, uh, let's see what else. Oh yes, you, you know about our website. If you go there you'll see a link twittertv slash SN to our YouTube channel. That you want to keep that in the back of your mind, because if you hear something like you want to tease your brother on zero knowledge proofs, you can just clip that part in the YouTube and send it to him. Everybody can see YouTube. It's a great way to share the wealth, share the information you glean from security. Now you should also probably subscribe in your favorite podcast client, whether it's Pocket Cast or Overcast or Apple Podcast or whatever it is, so that you get it automatically. Then you don't have to think about it. Audio and video versions available.

We record this show right after MacBreak Weekly, which is usually Tuesdays, 1.30 Pacific, sometimes a little later, depending if MacBreak Weekly goes long, as it did today 1.30 Pacific, 4.30 Eastern, 20.30 UTC. You can watch us live in the club. Of course, club Twit members get that behind the velvet rope access. They get content before and after the shows and stuff like that. If you're not a member of Club Twit 10 bucks a month, ad free versions of all the shows. It's a really good thing. Lots of special.

We got a busy week. We got micah's uh crafting corner. Tomorrow, thursday, uh, paris, jeff and I are going to do a special interview pre-recorded interview, uh of the woman in charge of gemini, the google, uh, ai, that'll be really interesting. And then Friday, richard Campbell's building his new PC and I said, richard, let's do this on the air. So he's going to do it for the club members. I will be kibitzing. So we've got a busy week. This week, club members get access to all of that on the TwitPlus feed or even live if they want to watch. So please join the club tv slash, club twit. That's by way of a plug, uh, but you don't have to watch live. Obviously you can download a copy of the show. I think that's all I need to say, except thank you for joining us and we hope we'll see you next week on security.

2:55:20 - Steve Gibson
Now right, oh for episode 1035.