Please take a look at Articles on self-defense/conflict/violence for introductions to the references found in the bibliography page.

Please take a look at my bibliography if you do not see a proper reference to a post.

Please take a look at my Notable Quotes

Hey, Attention on Deck!

Hey, NOTHING here is PERSONAL, get over it - Teach Me and I will Learn!


When you begin to feel like you are a tough guy, a warrior, a master of the martial arts or that you have lived a tough life, just take a moment and get some perspective with the following:


I've stopped knives that were coming to disembowel me

I've clawed for my gun while bullets ripped past me

I've dodged as someone tried to put an ax in my skull

I've fought screaming steel and left rubber on the road to avoid death

I've clawed broken glass out of my body after their opening attack failed

I've spit blood and body parts and broke strangle holds before gouging eyes

I've charged into fires, fought through blizzards and run from tornados

I've survived being hunted by gangs, killers and contract killers

The streets were my home, I hunted in the night and was hunted in turn


Please don't brag to me that you're a survivor because someone hit you. And don't tell me how 'tough' you are because of your training. As much as I've been through I know people who have survived much, much worse. - Marc MacYoung

WARNING, CAVEAT AND NOTE

The postings on this blog are my interpretation of readings, studies and experiences therefore errors and omissions are mine and mine alone. The content surrounding the extracts of books, see bibliography on this blog site, are also mine and mine alone therefore errors and omissions are also mine and mine alone and therefore why I highly recommended one read, study, research and fact find the material for clarity. My effort here is self-clarity toward a fuller understanding of the subject matter. See the bibliography for information on the books. Please make note that this article/post is my personal analysis of the subject and the information used was chosen or picked by me. It is not an analysis piece because it lacks complete and comprehensive research, it was not adequately and completely investigated and it is not balanced, i.e., it is my personal view without the views of others including subject experts, etc. Look at this as “Infotainment rather then expert research.” This is an opinion/editorial article/post meant to persuade the reader to think, decide and accept or reject my premise. It is an attempt to cause change or reinforce attitudes, beliefs and values as they apply to martial arts and/or self-defense. It is merely a commentary on the subject in the particular article presented.


Note: I will endevor to provide a bibliography and italicize any direct quotes from the materials I use for this blog. If there are mistakes, errors, and/or omissions, I take full responsibility for them as they are mine and mine alone. If you find any mistakes, errors, and/or omissions please comment and let me know along with the correct information and/or sources.



“What you are reading right now is a blog. It’s written and posted by me, because I want to. I get no financial remuneration for writing it. I don’t have to meet anyone’s criteria in order to post it. Not only I don’t have an employer or publisher, but I’m not even constrained by having to please an audience. If people won’t like it, they won’t read it, but I won’t lose anything by it. Provided I don’t break any laws (libel, incitement to violence, etc.), I can post whatever I want. This means that I can write openly and honestly, however controversial my opinions may be. It also means that I could write total bullshit; there is no quality control. I could be biased. I could be insane. I could be trolling. … not all sources are equivalent, and all sources have their pros and cons. These needs to be taken into account when evaluating information, and all information should be evaluated. - God’s Bastard, Sourcing Sources (this applies to this and other blogs by me as well; if you follow the idea's, advice or information you are on your own, don't come crying to me, it is all on you do do the work to make sure it works for you!)



“You should prepare yourself to dedicate at least five or six years to your training and practice to understand the philosophy and physiokinetics of martial arts and karate so that you can understand the true spirit of everything and dedicate your mind, body and spirit to the discipline of the art.” - cejames (note: you are on your own, make sure you get expert hands-on guidance in all things martial and self-defense)



“All I say is by way of discourse, and nothing by way of advice. I should not speak so boldly if it were my due to be believed.” - Montaigne


I am not a leading authority on any one discipline that I write about and teach, it is my hope and wish that with all the subjects I have studied it provides me an advantage point that I offer in as clear and cohesive writings as possible in introducing the matters in my materials. I hope to serve as one who inspires direction in the practitioner so they can go on to discover greater teachers and professionals that will build on this fundamental foundation. Find the authorities and synthesize a wholehearted and holistic concept, perception and belief that will not drive your practices but rather inspire them to evolve, grow and prosper. My efforts are born of those who are more experienced and knowledgable than I. I hope you find that path! See the bibliography I provide for an initial list of experts, professionals and masters of the subjects.

OT: Signal: Uses End-to-end Encryption

End-to-end encryption (E2EE) is a fundamental concept in the field of cybersecurity that ensures data is encrypted on the sender’s device and only decrypted on the recipient’s device. This prevents intermediaries—including internet service providers, application service providers, and even the server operators themselves—from accessing the plaintext data.


How End-to-End Encryption Works


1. Key Principles

Encryption at Source: Data is encrypted on the sender’s device using a cryptographic key.

Transmission: The encrypted data is transmitted over a network.

Decryption at Destination: Only the intended recipient with the appropriate private key can decrypt the data.


2. Cryptographic Methods

Asymmetric Encryption (e.g., RSA, ECC): Uses a public key for encryption and a private key for decryption.

Symmetric Encryption (e.g., AES): The same key is used for both encryption and decryption. Often used within the session once a secure channel is established via asymmetric methods (as in the Signal Protocol).


Application in Security Classifications


End-to-end encryption contributes to the confidentiality of data, one of the core principles of the CIA Triad (Confidentiality, Integrity, Availability). In terms of security classifications (often defined in government and military contexts), data can be classified into levels such as:

Top Secret

Secret

Confidential

Unclassified


For data at these levels:

Top Secret communications may use custom, rigorously vetted E2EE solutions (e.g., NSA-approved Type 1 cryptographic products).

Secret and below communications often rely on commercial-grade or military-approved E2EE solutions (e.g., Secure/Multipurpose Internet Mail Extensions (S/MIME), or secure VoIP protocols like ZRTP).


E2EE is vital in ensuring that even if data is intercepted in transit, it cannot be read unless decrypted by an authorized party, aligning with national and international information assurance standards.


IMG_6521.jpeg


Security Classification References

1. National Institute of Standards and Technology (NIST):

NIST SP 800-175B: Guideline for using cryptography in Federal Government systems.

NIST SP 800-57: Key Management Guidelines.

2. NSA/CNSA Suite:

The Commercial National Security Algorithm Suite specifies algorithms for protecting classified and national security systems.

3. Department of Defense (DoD):

DoDI 8500.01: Cybersecurity policy requirements for encryption in classified systems.


-------

No, Signal does not use the NSA/CNSA Suite (Commercial National Security Algorithm Suite) for its encryption.


Instead, Signal uses its own custom encryption protocol known as the Signal Protocol (formerly the Axolotl Ratchet), which includes the following components:

Double Ratchet Algorithm: For forward secrecy and post-compromise security.

X3DH (Extended Triple Diffie-Hellman): For initial key exchange.

AES-256HMAC-SHA256, and Curve25519: For encryption, message authentication, and key agreement.


The NSA’s CNSA Suite includes algorithms like AES-256, SHA-384, ECDH using P-384, and RSA-3072 or larger, primarily for use by U.S. government entities in classified or sensitive communications. While there is overlap in some algorithms (like AES-256), Signal does not implement the CNSA Suite as a whole, nor is it designed to comply with U.S. government encryption standards.


Two Questions:

As a retired physical security specialist involved with government administrative & physical security it becomes apparent that no one attempted to get the signal app cleared and set to the government encryption standard for the Atlantic editor would not have been able to connect unless someone in authority provided them a private key. The phone of the Atlantic editor would also require his clearance asnd his phone authorizes exposing the other persons hubris in inviting the editor to join in.


In the past all presidents and cabinet members were required to turn in their civilian devices and be issued certified secure devices to use for communications both secure and non-secure.


Yes, signal is adequate for the layperson but to be used at governmental organazations who deal with national security issues regular cell phones with an app not properly certified to comply with U.S. government encryption standards is criminal.


Signal does not use the NSA/CNSA Suite (Commercial National Security Algorithm Suite) for its encryption.


Instead, Signal uses its own custom encryption protocol known as the Signal Protocol (formerly the Axolotl Ratchet), which includes the following components:

Double Ratchet Algorithm: For forward secrecy and post-compromise security.

X3DH (Extended Triple Diffie-Hellman): For initial key exchange.

AES-256HMAC-SHA256, and Curve25519: For encryption, message authentication, and key agreement.


The NSA’s CNSA Suite includes algorithms like AES-256, SHA-384, ECDH using P-384, and RSA-3072 or larger, primarily for use by U.S. government entities in classified or sensitive communications. While there is overlap in some algorithms (like AES-256), Signal does not implement the CNSA Suite as a whole, nor is it designed to comply with U.S. government encryption standards.


Two Questions:

As a retired physical security specialist involved with government administrative & physical security it becomes apparent that no one attempted to get the signal app cleared and set to the government encryption standard for the Atlantic editor would not have been able to connect unless someone in authority provided them a private key. The phone of the Atlantic editor would also require his clearance asnd his phone authorizes exposing the other persons hubris in inviting the editor to join in.


In the past all presidents and cabinet members were required to turn in their civilian devices and be issued certified secure devices to use for communications both secure and non-secure.


Yes, signal is adequate for the layperson but to be used at governmental organazations who deal with national security issues regular cell phones with an app not properly certified to comply with U.S. government encryption standards is criminal.


Signal does not use the NSA/CNSA Suite (Commercial National Security Algorithm Suite) for its encryption.


Instead, Signal uses its own custom encryption protocol known as the Signal Protocol (formerly the Axolotl Ratchet), which includes the following components:

Double Ratchet Algorithm: For forward secrecy and post-compromise security.

X3DH (Extended Triple Diffie-Hellman): For initial key exchange.

AES-256HMAC-SHA256, and Curve25519: For encryption, message authentication, and key agreement.


The NSA’s CNSA Suite includes algorithms like AES-256, SHA-384, ECDH using P-384, and RSA-3072 or larger, primarily for use by U.S. government entities in classified or sensitive communications. While there is overlap in some algorithms (like AES-256), Signal does not implement the CNSA Suite as a whole, nor is it designed to comply with U.S. government encryption standards.


Two Questions:

As a retired physical security specialist involved with government administrative & physical security it becomes apparent that no one attempted to get the signal app cleared and set to the government encryption standard for the Atlantic editor would not have been able to connect unless someone in authority provided them a private key. The phone of the Atlantic editor would also require his clearance asnd his phone authorizes exposing the other persons hubris in inviting the editor to join in.


In the past all presidents and cabinet members were required to turn in their civilian devices and be issued certified secure devices to use for communications both secure and non-secure.


Yes, signal is adequate for the layperson but to be used at governmental organazations who deal with national security issues regular cell phones with an app not properly certified to comply with U.S. government encryption standards is criminal.


Summary

Signal Protocol is optimized for secure, private, and asynchronous messaging, prioritizing usability and strong forward secrecy/post-compromise security.

CNSA Suite is a strict set of government-approved algorithms designed for compliance, long-term classified communication, and often used in conjunction with standards like TLS, IPsec, or S/MIME.


Signal is secure, modern, and widely respected—but it doesn’t aim to meet the formal requirements of the CNSA Suite.



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)