A possible weak point in the safenet? The addressing scheme

Somebody told me that according his reading through the network primer, the weak point of the safenet is the use of the existing internet.
e.g. the addressing scheme provides addresses 2 to the 256th power - 1 smacks of an address generating system based on a linear recursive (shift register) technology. Once you discover the tap points it is possible to generate the true sequence of addresses and then look at the relationship across this network much like the TOR network where NSA is using hundreds of Trace Route programs to follow billions of packets going across the network - see NSA’s Treasuremap program which locates all devices on the network worldwide and follows them (where they are) every minute of the day.

What would be your feedback on this?


Its no secret that true anonymity will come as the network gets too large for this tapping of every machine.

Also the network is global so it becomes more difficult for any one government to attempt this. Then a lot of the points are not accessible by any authority without hacking your machine or another close.

A lot of the packets are similar size so the technique of comparing exit/entry times of same packet sizes doesn’t work as well. That is where they observe a smtp packet from one address of size approx 1200 bytes and then see a packet enter another machine within a second of size 1200 bytes that is a smtp. They don’t need to know the path it took, but they can infer that it has a high probability of communications between the 2 parties if it happens enough times. SAFE won’t give them this since packets are similar size, but travel different paths to different places so the correlation doesn’t exist.

Thank you for your answer!

Well, okay, but the current internet is also quite big, and apparently that isn’t too big for them, right?

Okay that is good! And you think there is no other way to create good relationships between nodes to identify nodes in the network, from nsa point of view?

Right, but not because they can monitor most of the computers, but because they can tap the backbone of the major ISPs and a number of international fiber cables and capture around 10% of all unencrypted data through those sources (not 10% of all global traffic though). They do capture some encrypted data from points of interest for later decoding in a couple of decades.

Since the details/media of their listening in on people comes from a few years ago now (mostly), it was for unencrypted packets.

Also the NSA etc have access to major servers of companies in the UK & USA and thus can also add that data into their global data collection.

So its no wonder that in the very recent timeframe we now hear that these agencies crying that they need new snooping laws to get at encrypted messaging and traffic. So they want the companies to have a (already) decrypted copy of these packets and messages ready for them to harvest. In other words a lot of previously available packets are now going dark for them and they want a way to get back their snooping abilities they had.

Yes there are tools to help identify packets only from their entry/exit points but that is very limited and usually when they have other evidence to allow them to monitor and infer certain things. And packets flow in an orderly manner from source to destination through routers in a predictable route.

Now enters SAFE.

Every thing is encrypted before it leaves any computer. So immediately these agencies cannot read the data even if they could tap the ISP for every customer of every ISP

Then these packets do NOT follow an orderly path from source to final destination. They hop between computers and often interlaced with other packets of similar and dissimilar sizes.

IP addresses are scrubbed at each hop and the larger the network the larger the number of hops. So there is no trail of IP addresses to help separate out the packets.

The amount of traffic (packets) is also increased some 5 to 20 fold because now the packets have to hop between nodes on their way to the destination. Also the amount of messaging between nodes for the operation of the network adds to the noise.

Targeting becomes imprecise due to encryption and similar packet sizes and the amount of traffic that a PC generates that has nothing to do with that PC. It also becomes imprecise because they no longer know the source of a packet or the destination unless they perchance or other intel tells them the source. And also for the destination. But even if they know then they have the problem of distinguishing between packets sourced at the PC and packets that are hopped through the PC. For instance if the PC is hopping 2 chunks (hundreds of packets) and generates one chunk (from its vault) the agencies will find it difficult to identify which chunk was hopped and which was sourced.

Again everything is encrypted and this is the major roadblock for the agencies at the moment and into the foreseeable future and we can make quantum resistant encryption now so it should be good even if a quantum computer can be made to decrypt a tiny portion of all that traffic.

Currently the view is that the only way is for the NSA to have their own nodes in the network. Even then they only get to see who connects to them and who they connect to. The data is still encrypted (they cannot decrypt it) and they still don’t know the actual source or destination.

Thank you for your answer neo. I showed it to my contact, his answer is:

I was referring to the generation of the linear sequence of
addresses. Size of network does not matter. In fact the larger the better as it would give greater insight
into the way/method of address assignment and make the prediction of use easier. I think Neo is
thinking about something else. He needs to read a little closer the “Treasuremap” program info.
clearly the fact that the network is global poses no problem. For correlation of packets (no matter the
size) one does deep packet inspection into the transport layer (e.g., TCP IP format) for the number
designations of the packet series.

Without trying to get into a little war of who understands what. The linear sequence concept assumes that the addressing is constant, but in any case is not what SAFE is doing. But it is not. The node addresses change as they turn off/on, move into out of sections, etc. The mapping of XOR to IP address would be possible if some authority could snapshot the total IP/XOR assignment and keep track as the XOR addressing changes. Of course that assumes they can get the XOR address of a computer before it changes.

Simply put the NSA and UK spooks cannot snap shot the whole of their countries IP addresses along with the XOR addresses moment by moment (moment being a significant amount of time based on the reassignments that occur within the network as nodes change sections and cycle operation. Then the clients are also more volatile in their XOR addresses and perhaps change 10x faster than the nodes. Also there will be a lot more clients. The spooks do not have a ready made way to distinguish client addres from a node address without analysing the traffic.

Yea, you might be able to do that for one chunk on a single hop

But to do that for a chunk from source to destination then you need every country to coordinate a total deep packet inspection on every pack to find the sequence of packets as the chunk hops from say the UK to Africa to Singapore to Finland to 10 other countries to say Australia. Each hop sees the packets redirected and repackaged between hops.

So even for one chunk from source to destination its an impossible task, they do not coordinate and impossible on such a scale. Then to attempt to do this for enough chunks to be of any use in determining XOR address to IP address mapping is utterly impossible. Then the XOR addresses change.

@merijn, (don’t share this bit as its for you) I find that once people make up their mind that something can be traced then they often ignore the realities of global politics, inter agency politics and the shear economic impossibility of total packet capture of every computer in a large global network. Hell even the NSA cannot capture any more than 10% of unencrypted data flowing in/out of the USA. How are they going to do a total capture of data that is hopped across the globe.

Honestly the response is giving the “treasuremap” program omnipotence status if he feels it can work better when SAFE is larger.

If he thinks this then that is one reason for his belief.

treasuremap is not quite what this person thinks it is methinks. treasuremap is not total package tracing. It is mapping IP address to machine. (Assuming the machines are not behind NATs) So really mapping routers to IP address and following phones as they move through WiFi hotspots operated by ISPs Being a network engineer helps to sort out some of the hype that the media adds to the revelations.

I am not allowed to say the source of this contact, but do believe me that this person really knows what he is saying. His answer to your response is:

“I assumed that this addressing system was changing. I’ve solved very similar things first in an arbitrary form where you simply track equivalencies (the packet series identifying nrs would help do that) and then workout the true values. Trace Route output feeding the treasuremap program will also help. He really does underestimate the capabilities of the five-eyes and other partners. I do sense that he has very high confidence in his system. I just think he needs to think a little deeper and challenge some of his beliefs.”

I agree, the responses have indicated a superficial understanding of SAFE’s system and not looking deeper. For instance ignoring the hoping then he is attempting a equate mapping (treasure map) with knowledge of real time XOR addressing mapping with 100% packet capture which indicates to me that he is dismissive of the SAFE protocol and isn’t wanting to spend his time with it. My brother is similar when discussing things and he is smarter than myself, but when bouncing something off him that is new to him he can be quite dismissive with similar sort of responses. If I get to explain things further (not safe) he goes “ummm maybe that would work”. We both have been in the industry developing for over 40 years and seen a lot of things in our time.

Yes, I also think this is the case, but seen the background of this person, it is worthy to carefully consider the points he makes. It can help to discover the blind spots which are possibly there. The goal is to make it 100% safe :slight_smile:, which is my personal motivation to talk about SAFEnet with people and help finding the weak spots.


One more thing my contact mentioned:

“I also would suggest that the problem he is creating is quite similar to a multi dimensional scaling problem with changing values taken from different directions but all values generated by an algorithm. My point from there would be to recover the value selection method from the generating algorithm”

Would this be possible, to recover the value selection method from the generating algorithm?

As is the case with any addressing. Even if its picking a number from a hat. For a program to produce a new XOR address it has to follow a algorithm.

In the case of SAFE there is a random factor that is made with the least predictable values as possible even using external events to help seed the generator. There is effort being put into ensuring that the randomness is high and not predictable as many algorithm generators are.

So knowing the algorithm does not help much in predicting new addresses.

Another point to note is that most authorities already know all about your internet connect since they can get the info from the ISP or hotspot operator. So to assume otherwise is folly. But like treasuremap they have trouble knowing about machines beyond the router and need to watch the traffic to see whats there. If 100% of traffic is encrypted then they can only know there must be a machine beyond the router and its generating traffic. They do not know how many machines of what they are without cracking the router.

Basically the point is that I always assumed something like treasuremap existed and was being used and this is the environment I viewed SAFEnet working in. If its not the NSA then its your local spooks and if not them then the crackers. And without 100% global packet reading by a coordinated group then there cannot be a global mapping of IP <–> XOR addressing. Hopping the packets prevents tracking a chunk that originates in USA and ends back in USA since the USA cannot follow the hops around the globe and the IP addresses are dropped at each hop and the XOR addresses are in the encrypted payload.

I send your replies, here is another answer:

"I would just make some basic points taken from the perspective of one who has been involved in breaking systems. These seem to have been lost in the exchange.

  1. No algorithm is random more like pseudorandom. from the definition of the word pseudorandom: “A pseudorandom process is a process that appears to be random but is not.” It’s an algorithm on top of an algorithm that’s the way I think of it.
  2. the trace rout programs in the switches and servers of the network are the input to analyze this packet data not the overall Treasuremap program.
  3. the packet series identifier number is how I would start. eg, look at all the inputs and outputs of each network switch. In TCP IP packet format, its the first (16 bit nr) given in the transport layer. This I would do for the entire worldwide network - all by software.
  4. Magnitude of any data/system is not a problem.

I don’t think we have a common understanding on these items and consequently talk passed each other."

As I said

Yes of course, and already understood a long time ago

I wasn’t even worried about that I just assumed it was. And yes it shows he has a basic understanding of the tcp/ip protocol (or googled it)

Obviously from this he misunderstood what I was saying in that the issue is not in tracing packets but the global aspect and the hopping effect has on tracing.

Should get a job at the NSA if he can “all by software” implement what is need to be done by the hardware. ie follow packets as they are repackaged and sent on to areas of the world not under the 5 eyes or non-ISP networks

Now I question expertise learned from experience. In theory its not a problem but when you start talking of networks not traceable by ISPs in countries working with the 5 eyes nations and NSA controlled routers then it is a problem. Also coordination is another problem of scale. And again I expect the brushing aside of the effects of hopping. In a 5 eyes localised network it might be possible if the chunks are hopped one at a time in the 5 eyes local ISP network. But then have many chunks running through most computers all being repackaged at the computer, you lose the ability to identify the source–>destination mapping of the packets.

The issue of the NSA identifying PCs across the “known” world is not disputed (“known” being 5 eyes and supporting countries + NSA controlled systems). What is disputed is the ability to have a definitive map of XOR addresses to IP addresses that is worth anything more then just the IP addresses.

Just having the XOR address to IP address mapping is nothing much gained. Its like saying NSA knows I live at my street address. Well so do hundreds of other organisations nothing special there.

What would be special is to know everything I have stored in my house. Similar they may find some of the XOR<–>IP address mappings, but it is of not much use because they cannot work out from that what I’ve stored or retrieved. Nor what messages I’ve retrieved.

No amount of global deep packet sniffing short of 100% packet sniffing and decoding will give them that due to the multiple hopping which involves repackaging (packet header changed) in an environment what doesn’t allow identifying which chunk in (packet #1, #2, etc) is which chunk out

If the network was say 50,000 large then there maybe a chance of working out some of it. But as the network grows, especially in non 5 eyes countries and private networks the change is a fast reducing one.

The NSA is hard press to get info on 10% of packets crossing the USA boarder routers so how can they expect to follow chunks that are repackaged 20 times at various points int he world? They still cannot decrypted the chunks/packets so they can only work on the non-encrypted headers. And each hop gives the packets of the chunks new headers with no reference to the old headers.


From my understanding “treasuremap” is not about 100% packet sniffing (deep or otherwise) and more about mapping IP addresses to physical machines. This helps them to associate people to packets that they do obtain (sniffing or otherwise) SAFE’s security is more about data & identity security and anonymity, not your PC location security (including XOR addresses)

I think I (now) understood where your friend was coming from, and I am trying to answer both his addressing concerns and to lift his thinking beyond the XOR address as being the source of SAFE’s security and anonymity.

1 Like

Once again thank you for your answer neo.

My contact unfortunately can’t go any more in detail about this, he says: “Neo has some rather limited understanding of NSA (+) capabilities and access to networks worldwide most specifically in the computer network exploitation ( CNE ) area and computing power. He makes a number of assumptions that I can not devote time to correcting.”

You’ll have to know that my contact has deep inside knowledge in the things he is saying about governance spying. Don’t underestimate the powers of the governments. The fact that SAFEnet is open source also means that they will try to find the weak spots to infiltrate it.

I’ll end this post with saying: “Carefully consider the points he makes. It can help to discover the blind spots which are possibly there. The goal is to make it 100% safe :slight_smile:, which is my personal motivation to talk about SAFEnet with people and help finding the weak spots”

Good advise, but rather take what others also say because some here know safe a lot better than myself.

Yes and no. 40+ years of watching shows a lot and a lot of “claimed abilities”. I was obviously giving overviews.

Yes they don’t tell all and capabilities are impressive indeed. As to exploiting, he might have taken note I said network/routers/switches not exploited by NSA (eg cisco and others)

Without knowing for certain, I always love people who use this to say they know and you don’t. Has he ever have secrets clearance? If not then don’t assume I don’t know things.


I still feel that he is looking at the XOR addressing as being SAFE’s claim of security. Yet XOR is for good reasons but it is not where SAFE gets it security and anonymity,

I noticed be bailed once I made this point,

Absolutely, thats why I am still connected to the SAFEnet, learning every week more about it, and also look forward to the DEVcon 2018 to meet and talk to people!

Well, almost every organisation has this…

Yeah that could be, I don’t know

1 Like