FAQ
Home About Source License Forum Download FAQ Tutorials
Frequently Asked Questions
1. What is Blackbird exactly?
2. How secure is Blackbird?
3. Can the applet be probed?
4. Why does Blackbird include ROT13?
5. What is Twofish?
6. What is CodeMeter?
7. What is WibuKey?
8. Does Blackbird work with Securikey?
9. Why only CodeMeter, WibuKey, and Securikey? What about the others?
10.One Time PAD - what is it?
11.What is that MINK program?
12.There is mention that PAD keys can also be encrypted. What's up with that?
13.What encryption algorithm is used for encrypting PAD Keys?
14.Whither Blackbird? What's with this raven or crow stuff?
15.Is that a weapon the Black bird is resting on?
16.Hey, won't this program be used by terrorists and child molestors?
17.If the encryption algorithms are known, how can that be secure?
18.Is Blackbird Open Source?
19.Why is Blackbird open source?
  1. What is Blackbird exactly?
    Blackbird is a program that is used through a web browser to encrypt and decrypt web content as a web pages loads or by commands from the user. It is a Java applet using both internal application of encrypted algorithms and 3rd party encryption products.
  2. How secure is Blackbird?
    The security of Blackbird depends on what kind of encryption is in use, and the overall security of the machine on which it is used. A machine that is infected with a virus that logs keystrokes, or some other eavesdropping measure, cannot be deemed safe. Blackbird deals mainly with information as it resides on the internet (such as a blog posting or an online article) and decrypts it when it reaches the browser. Additional measures of the overall security of the client machine, and password management, are up to the user.
  3. Can the applet be probed?
    Though measures are taken to keep passwords within the applet classes private from outside of the instance, whereas data pertaining to passwords and initialization vectors goes in but are not coming back out, a hacked browser with a corrupted Document Object Model (DOM) (which are mainly software rules) could possibly infiltrate the applet. One measure against this is to make sure there are no other applets or controls within the DOM, and keep the machine virus/trojan free. Hardware-based encryption (such as with CodeMeter or Securikey) is not resident inside of the browser and much more secure.
  4. Why does Blackbird include ROT13?
    ROT 13, a simple form of encryption that merely rotates the character values 13 values in one direction, was included for testing purposes. It is a classic exercise mentioned almost everywhere encryption is discussed. Rot 13 is more of an obfuscator than a form of encryption, and should not be relied upon. It can hide data from a packet sniffer or some other type of parser that is not "expecting" it.
  5. What is Twofish?
    Twofish is a symetric key block cipher. Symetric means that the data is encrypted and decrypted with a matching password. If you encrypt information with one password, those looking to see the decrypted information will need that same password. Additional information can be found here. The Blackbird implementation of Twofish comes with a few changes from the freely available version. For Blackbird, the data beyond 16 bytes (characters) is "Cypher Block Chained" (CBC) to accomodate varying data lengths.
  6. What is CodeMeter?
    CodeMeter is a very powerful hardware device, usually seen in the USB form factor, that does all encryption and decryption tasks on an internal chip. CodeMeter uses various modes of AES and so far has not been cracked. CodeMeter is often used for encryption of software, with additional development underway for web authentication. Blackbird makes a simple use of CodeMeter that, as of this writing, does not fully exploit the capabilities of the device. This is intended to change as Blackbird development continues. For more information about CodeMeter, visit the CodeMeter Website.
  7. What is WibuKey?
    WibuKey is an older encryption device developed by the same organization that designed CodeMeter. CodeMeter is often thought of as "WibuKey on Steroids". This does not mean that WibuKey is obsolete! WibuKeys are still in use today, and the use of this product continues to expand. WibuKeys are often seen in the USB and Parallel Port form factors, and mainly used for software protection. Unlike CodeMeter, WibuKey is not a consumer product. However, Securikey uses the same hardware and the same programming interface. WibuKey, like CodeMeter, performs all encryption and decryption internally, using the more advanced and secure versions of FEAL encryption. For more information about WibuKey, see the WibuKey website.
  8. Does Blackbird work with Securikey?
    Though not originally targeted for use with Blackbird, the WibuKey implementation, being much the same as Securikey, shows that Securikey will work with Blackbird much the same as the WibuKey. The terms "WibuKey" and "Securikey" can, as far as this project is concerned, be interchangeable. So yes Securikey can be used with Blackbird; but the terminology between the two products might differ.
  9. Why only CodeMeter, WibuKey, and Securikey? What about the others?
    Blackbird was designed to be expanded in the future. When the programming interfaces are made available for the other products, in time they will be incorporated into Blackbird. If you are using a hardware-based encryption system that is not currently implemented in Blackbird, please let us know.
  10. One Time PAD - what is it?
    The One Time PAD encryption system was the driving concept for Blackbird. Blackbird exists to make use of this simple, yet hard to manage method of encryption. PAD encryption cannot be cracked, however there is one strict rule to be adhered to, and one rather inconvenient fact: the rule is that a PAD Key can never be used more than once (especially if the plaintext is revealed or falls into the wrong hands) and the PAD Keys must exist on both ends for this to work. If you can recall the old 20th century spy movies where there was a briefcase or attache case handcuffed to the wrist of a spy or courier, this may have come from the requirement of One Time PAD. PAD Encryption is simple in that so long as the key does not fall into the wrong hands, the data encrypted with it cannot be cracked. The problem is that the keys must be on both ends of the transmission. Both the sender and receiver need this key. And a key can not be reused.
  11. What is that MINK program?
    MINK is a Java application developed to assist in the use of One Time PAD encryption. MINK generates PAD Keys and can save them to a file. During this process, the PAD keys can be encrypted as well using another encryption algorithm. MINK also provides a way to manage PAD Keys. Blackbird can, through its menu, dump the status of the PAD Keys into a block of text that is best described as a list showing which keys are already used for encryption and decryption. The PAD Keys can also be decrypted by MINK. The user guides contain additional information of this process.
  12. There is mention that PAD keys can also be encrypted. What's up with that?
    MINK can generate and save PAD keys to a file, but the option exists to encrypt the values of the key itself for an added layer of protection. When the data is loaded into the Blackbird applet, the keys can be decrypted there. This is done as an added layer of security in the event that a file containing PAD Key sequences ends up in the wrong hands. You can encrypt a set of PAD Key sequences, and choose to share the password later on with those you give the file to. They cannot use the PAD Keys until they decrypt them, and you can keep the keys safe in the event that the computer or medium on which the keys are kept is hacked or stolen. When you are sure the PAD Key files have not fallen into the wrong hands, you can openly broadcast the password, OR you can choose the keep the password itself a guarded secret and openly broadcast the PAD keys. You choose. Just make sure the password themselves are not of the type that are easy to crack.
  13. What encryption algorithm is used for encrypting PAD Keys?
    For the initial release of Blackbird, Twofish is the encryption system used for encrypting PAD keys. However, Blackbird is designed to easily incorporate additional encryption algorithms as the project is improved. Check for updates.
  14. Whither Blackbird? What's with this raven or crow stuff?
    These are dark times that call for a dark symbol. While this website is a ".us" website, it could be argued that the Bald Eagle, the symbol of America and freedom in with world, would be more appropriate. (Let's ignore that fact that it was the Roman symbol of the empire.... shall we?). While the Bald Eagle could be the symbol of freedom in modern times, freedom itself is under attack, and on the retreat. Thus the site of the proud Bald Eagle does not fit these times. So during these times, while despots, socialists, corporatists, and globalists feast on the carcass of freedom, the Raven is a more appropriate symbol.
    But do not forget...
    Ravens and crows are very intelligent, and can survive anything.
  15. Is that a weapon the Black bird is resting on?
    Yes, it is. That is an AR-15/M-16 design, also known as a "black rifle". Encryption, like that rifle, is a weapon. It is also the symbol of this project the combination of a Raven perched on a weapon. For it is the folly of those who fancy themselves "proggressives" who would state that only governments should have access to guns, in spite of the record in human history of people being slaughtered wholesale by their own governments, or perhaps those "conservatives", in their worship of state power, would tell you "if you are not doing anything wrong then you have nothing to hide". That sort might assume that a user of encryption is up to no good. Yet the same records of human history can also point out that many people murdered by their own states were never in a position to hide wrongdoing.
  16. Hey, won't this program be used by terrorists and child molestors?
    On the subject of terrorism, it can be said, with great accuracy, that there have been terrorists long before there have been computers and an internet, and people, terrorists or not, have kept secrets. It could also be added that one man's terrorist is another man's hero, as the old saying goes. The fear of terrorism, which is merely a military tactic, falls short of the concerns of many citizens worldwide. But terrorism is effective. Terrorism is a means of using fear, of force or injury against oneself, commerce, or property, to achieve some end, be it financial, social, or political. In the United States, which has more people incarcerated for crimes of which there are no victims, breaking these statutory, victimless and unconstitutional laws can result in any range of treatment from a taser (torture) to being killed. A true terrorist, using the definition assigned by governments of the world, must act as an insurgent or criminal element in a society and can be handled with much license for opposing force in these cases. However, when the "terrorists" are wearing uniforms or badges issued by the same government, they operate without restriction. People tend to fear that more. Though many nations run under tyranny have some elements of fighting factions that might use "terorristic" methods, life in these places is more associated with being "taken away" by agents of ones own government.
    The questions beg to be asked: "Who does the most spying on law-abiding people, terrorists or governments? Who has killed more people in the 20th century OUTSIDE of declared wars? Who builds the most death/prison/forced relocation camps, terrorists or governments?
    As for the perverts, we can run into similar problems. Sadly there have always been sick people using any way they can to get their hands on children. But this is going on for a very long time before the internet. And quite often, the intricate connection between victim and victimizer are outside of the scope of whether or not communications in these cases were encrypted or not.
    But let's get down to facts: attempts to "protect" children from online perverts did not see any measure of success or failure because of encryption or lack thereof. Often, in those cases where a child is lured into a dark alley by a pervert, it was because of various factors ranging from the lack of governments ability or desire to deal with these criminals properly to lack of parental supervision. Furthermore, the protective measures applied in libraries and schools has not done much to reduce incidence of sex crimes against children. What these do accomplish is to make certaint that children are denied access to websites that are pro-freedom in many forms. Indeed if this worked there would be a difference.
    And let's get down to the biggest insult of them all. Who are the biggest perverts? While the previous section on terrorism may have led you to consider the possibility that our own goverments are bigger terorrists than those they point their fingers at, there is much evidence to suggest that governments worldwide are infested with child molestors. Indeed in an atmosphere where anyone can be accused of being a molestor and hauled off, the best place for a real pervert to hide is as one of the people doing the hauling. There are many such cases of people in government, many doing the work of "protecting children" caught with child pornography or caught in the act. And worst of all is the involvement of corporations and governments in human trafficking .
    And so it goes, in both cases, that those who would use fear of terrorists and perverts are the terrorists and perverts. How ironic that, with every measure they take to protect you from both, usually measures that mean less liberty for you, will fail, and then play you like a musical instrument to have you clamoring for yet more controls! Those who would levy the accusations of terrorism or perversion at you for using encryption need to be under scrutiny (if not on trial).
  17. If the encryption algorithms are known, how can that be secure?
    Security in an encryption system should not depend on the algorithm being a secret, and for much of the standard encryption in use today, this is the case. When the algorithm itself is known, but the strength depends on the users of the encryption to manage (and make sure they are complicated enough) their keys properly, the system can be considered to be safe. In the encryption world, it's not a matter of whether or not an encryption standard or algorithm can be cracked, it's a matter of time and money. If, for example, an encrypted software product was worth $40,000 but would cost only $10,000 to crack, then it might be worth it. However if better encryption was used on the software so that it would take 1 Million dollars to crack, then it would be cheaper to write your own software rather than steal someone elses. It should also be noted that attempting to keep an algorithm secret as a means to securing encryption works only up to that point where the algorithm is found out, and then the entire encryption standard becomes useless and compromised.
  18. Is Blackbird Open Source?
    Yes! Feel free to use the source code for your own needs or projects. Blackbird uses a very tricky "anonymous JavaScript callback" method to rewrite data of DOM elements right back into the document source. This alone is worth sharing. Keep in mind however that the "official" Blackbird system is maintained here. So if you make your own improvements or add encryption that you feel the project (and perhaps the world) will benefit from, please let us know about this and submit your changes so they may be included in the next version.
  19. Why is Blackbird open source?
    Blackbird is open source for three reasons:
    1. The encryption systems on which Blackbird is based are freely available.
      None of the encryption used in Blackbird had to be purchased, and nobody should have to purchase Blackbird. In some cases where there is encryption used that have some control over them, these requirements are met, and this is always to be the case (some algorithms or code written by others require a disclaimer, or some form of "public license" statement).
    2. It's hard to hide Java
      Java applets can be easily reverse engineered. It would not be worthwhile trying to protect the source code in this system, especially if others find it important enough to hack it. As before, the algorithms are not secret, and hopefully those who are looking into the world of cryptography can learn from Blackbird. It is also noted that, if Blackbird as to be "locked tight" and those looking to secure their online content had to trust us that the Blackbird applet is not really "Hackbird", this would hinder the use and progress of this project. Therefore those looking to use Blackbird are encouraged to compile their own applet and sign it themselves. Experienced programmers will be able to determine that the applet is not discreetly "beaming" decrypted data to a third party. Offering the project in source code is the best way to alleviate this concern.
    3. The world needs it.
      People need to communicate with each other online to express ideas and concerns freely, taking advantage of the ease of communication that the internet provides. However, the cost to this is that the internet is not very secure and such freely expressed ideas can be used against you. One of the trademarks of tyranny throughout history is the "agent who listens in". When you can be overheard saying the wrong thing about your government for example, and for that you can be taken away by so-called "authorities", listed a threat, and subject to a range of treatments ranging from intimidation to execution, the desire to communicate will be lost, or left only to the boldest of the bold.
      Unfortunately such brave souls do not a majority make, and tin pot dictatorships rely on legitimacy from the "masses". This depends on the masses not having all of the facts. And one way to make sure the people are not informed is by making them afraid to talk to each other.
      Nazi Germany provides an example of how this works. In the book "Seduced by Hitler", Adam LeBor and Roger Boyes describe how the Nazis destroyed what they called "Cafe Society". Typical in Europe: the people like to spend time in cafes and pubs (as is the case today). Therein they would talkt to each other, and ideas would spread.
      Now imagine that people could freely talk about what is going wrong with their country. Imagine if a pub full of people spoke of what they felt was wrong with the SA Brownshirts. One opinion leads to another, and one more after that, and another. When people talk truthfully to each other, there is a "cross-pollinization" of ideas. A group of reasonable people would have concluded, when all was said, that the course of their country was incorrect and that the browshirts and their ideals were not to be trusted. However, one of the first things that the Nazis did was make people afraid to express their views in public, and once this was accomplished, the rest, as they say was history.
      And quite grim it was.
      The same effect is now occuring on the internet, as governments claim to be better able to intercept and track messages, and even in those cases where there are laws against such things, they rewrite the laws if not disobey them outright to achieve the ends of keeping track of everything people are writing and reading. Even in the United States, long regarded for protecting civil liberties, protection against abuse is breaking down. While a case for "fighting crime" or "fighting terrorism" is always a logical one, very often, even if not originally the case, the criminals and terrorists, when given too much power, turn out to be our own governments.



Contact| Webmaster| Hosting
Copyright © 2008