Slashdot Mirror
Europe Sets Encryption free, USA Protests
Jor writes "This (english) article on Telepolis (german site) says that the European ministers of Foreign Affairs are expected to decide next monday (27th) to drop all export regulations regarding encryption software to countries outside the European Union. The article also points out that the USA are pretty pissed off by this decision.
"
Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.
A quick glance at the constitution reveals no such restriction.... </I>
It really says people may bear *any* kind of arms? Or merely be armed? The latter doesn't stand in the way of regulation as long as some kind of weapon is legal. Knifes only, anyone?
heh, oops, let's try that again, formatted correctly this time:
> As we know Echelon has been a joint venture between European countries an the US,
> one wonders how that partnership will be affected.
Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy.
> Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will
> blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
One government sueing another over differences in their mutual legislation?!? In which court, exactly?
-this message brought to you by Nerds Against Drunk Posting
catalyst.
=-=
Then the shaped charge was invented. Anti-armor tech caught up with armor tech.
Until we come up with better technology to crack encryption (IANACF - I am not a crypto freak), people are SOL trying poke through modern crypto schemes.
But the answer isn't to try and keep people from designing the armor. The answer is to develop a better method of defeating the armor. To try and stop the progression of crypto technology is stupid and, at best, a delaying action. The only benefit the efforts of the US Government will have are on the economics of non-US crypto companies.
There is NO SUCH THING as an unbreakable code in reality.
One-time pads are unbreakable. The messages an army (or drug ring, or whatever) need to operate are short - usually only a few lines per message.
A single cdrom can hold pads for over a million messages, and of course all your units have a different one.
Another question is, how far ahead this research NSA's and other intelligence gathering organizations' R&D is. (Paranoid-mode on ;-)
Now, if everything is encrypted in an industrial-strength code, projects like Echelon will either take immense computing power or become wholly ineffective, with the latter being more likely. I know that the US has contributed excessive dollars and power to covert projects before, but Echelon casts such a wide net that decoding all of those tadpoles and minnows to catch the very rare shark just costs too much. Even for the NSA.
I keep hearing Americans claim over and over that the US is technologically ahead, but I see absolutely no evidence for this. Intel CPUs suck; Microsoft software sucks; Cisco import much of their router software from the UK; the ARM is the best-selling CPU worldwide, and it's British; even mobile phone handsets come out a year earlier over there.
--
It's a
-- Danny Vermin
what can be explained by stupidity.
In any case, its always been easy to get strong encryption in the US, so your argument makes no sense whatever.
On the flip side, it's always been easy to get encryption out of the US too. The so called export restrictions have always been an ridiculously porous barrier -- not only because the easy but illegal transfer of encryption programs, but because the restricted algorithms themselves have been protected under the first amendment -- if exported in printed form.
I think you miss two important alternative explanations.
(1) Politics.
Politicians are by in large not stupid. They just do stupid things for smart reasons. Export restrictions are symbolic not practical.
Politics is about appearances. If there is an item on the news that grabs everyone's attention, you can expect to congressional hearing pretty soon. That's why we get things like "crime bills". On the theory it's better to be ineffectual than indifferent, do something and if you're lucky and people aren't watching too closely, they may not even notice you are being ineffectual.
On the flip side, it's bad to have the appearance of coddling criminals, welfare mothers or terrorists, so it makes perfect sense (from a political sense) not to be the one caught pulling the plug. Do you think the Republicans would praise Clinton for dropping export restrictions? As a Democrat, I'm very sure that my party wouldn't have kind words for a Republican president who did so.
(2)Inertia
The very ineffectualness of the restrictions is what keeps them going. Nobody in the defense or intelligence estabishment who really understands these issues is going to care much, except for the people whose job it is to enforce the restrictions. Given the political exposure of "weakening" a defense, even if it is obsolete or as in this case merely symbolic, it's much easier to go along and not make waves.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I thought the Furbys were outed by the CIA as an international spy ring, and banned from CIA installations.
___
__
Do ya feel happy-go-lucky, punk?
There isn't ANY encryption I can't break in about 3 days.
Well do I have to be the one to say it? Fine... LIAR! If you could break ANY encryption in three days then you have something going that the rest of the world has missed. Just to demonstrate I would like you to take a crack at this next block. Mail me the answer (e-mail listed, it works). I'll even give you four days to do it in.
GHTRY AUYIT HGYYT LINQW
If you can't do it then admit you were being a idiot. Thank you.
I think that these reasons many of you cannot see behind this decision are clear. The group of ministers of foreign affairs of EU is debating a long time already about e-commerce and whole EU is talking about it. Also whole EU has problems with overproduction and need for export. They see as a help in solution of this situation use of e-commerce, but they cannot export into 3rd world countries and make business with them effectively and spread e-commerce solutions there without having good encryption allowed in these countries.
I think that Europe is going everything to catch up with US considering e-commerce and to even get one step further.
If programs would be read like poetry, most programmers would be Vogons.
Moderators, how did that post get +2?
siri
Another thought is the fact that with linux clusters becoming more common it doesn't take as long to break the encryption. With a very powerfull cluster the encryption becomes a minor anoyance, to the average hacker its a bit harder.
It takes (and will continue to take) years to break long keys by brute force. They will simply be unbreakable to just about everyone.
Why are some foreign countries so anit-US? I don't understand it. Why does the US make you so bitter? How do we make your life miserable? Please be detailed in your explaination.
Why do I keep typing pythong?
I'm sure the NSA, FBI, ATF, DEA, BIA, INS, CIA, DOD, DOJ, and the Freemasons are sinking lots of dough into quantum conmputing technology (so they can have it before it's publically available).
The value of encryption is finite. Come up with something better, people.
May I suggest secret decoder rings? (BE SURE TO DRINK YOUR OVALTINE)
[pink beam of light]
On the other hand, the rate of progress in breaching privacy is exploding like everything else.
150 years ago, if you wanted to be absolutely certain a conversation was secure, all you haed to do was go out to the middle of a big field, check there was nobody within earshot, and whisper.
Is there any similarly effective means of achieving privacy currently available at negligible cost?
TomV
It depends on whether you interpret the constitution in a loose or strict manner. I interpret it in a strict manner meaning that anything it doesn't SAY the government can do, the people have to approve. So, if everyone voted to outlaw all firearms that would be a violation of our rights, but one that we apparently didn't mind.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I don't see how this is going to be accomplished. In some european contries, like France, encryption is illegal (unless you are the government of course) and in others restrictions are placed on it's use. For example in the UK it is actually illegal to do encryption in hardware. This dates back to the days where the implementation in software were too slow to be useful.
Thus if we have restrictions on internal use of encryption I don't see how we are going to develop and export strong encryption.
France has more oustanding european court cases against it that any other nation
-dp
From the article:
...there is mistrust towards American encryption products which are believed to be weakened by the American intelligence agencies, or have secret backdoors... and ...affirmed the United States pressured the European Union to withhold the decision. 'But the European Union does not make their policies dependent on the opinion of the United States.'
The article does not say that the United States is "pretty pissed off" by this decision. That is pure speculation.
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Well, Denmark doesn't. In paragraph 1.2.3 of the Danish patent law, programs for computers ("datamaskiner") is explicitly excempted. However, as an earlier poster pointed out, algorithms can still be patented as part of a larger system.
I wonder this, as well. I can see perfectly--being that I am an American--why its own citizens would hate the U.S. Government. We have to suffer the effects of this bloated federal government every day.
This is not a situation that we have to sit quietly and accept, however. I may despise the myriad of unconstitutional agencies I'm forced to pay for with my taxes, but I love the spirit in which my country was created, and I believe in the ideals that our ancestors paid for in blood.
Americans don't have to take this. We can fight back with the weapon government fears most--VOTE. Vote for a candidate that believes in your ability to govern yourself. If you want to learn about these candidates, visit the Libertarian Party home page.
Topher
Got Freedom?
"US is pissed" = "We are drunk"
easy mistake after a couple of cans
~ppppppppö
Say I want a good Cuban Cigar (I do!). Now, why can't I get one? Because the U.S. has a total economic ban on Cuba. IIRC the United States is the only nation to have this embargo on Cuba.
>There's no point in being the only nation on this planet banning encryption export.
Being alone has never stopped them before, why would it now?
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
BTW, I've been downloading my encryption products from Norway forever now. Much easier than screwing with an American site. Mandrake uses servers in other countries to seamlessly install encryption products once your networking is set up. The net's been bypassing our stupid regulations for ages now. Pity decss and that cyber patrol crack didn't fare so well.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It almost seems as if the Europeans' move to eliminate export restrictions could be a response to the US' attempt to become the world's cyberpolice. The US, according to the articles I read, seem to have been trying to impose its will on the rest of the world, which obviously didn't sit well with the Europeans, especially when combined with the use of Echelon. Opening export of crypto would be a logical response to a country playing Big Brother.
--Storm
Assuming that something happened to severly piss off the population, there could be a sucessful revolt. Well over 50% of the population has firearms and depending on what triggered the revolt, I'd imagine most of the armed forces would fight on the people's side.
What makes us powerless peasants now is that we just blindly accept whatever the government tell us.
Finkployd
Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.
Some already have. RSADSI hired Eric A. Young (the guy who wrote SSLeay) to work on their SSL project in AU. The idea is that all of the coding, support, and sale is done outside the US, so it won't be 'tainted' by the export laws. That way they can sell it to anybody in the world, conviniently getting around US export laws.
This seems to be a rather severe departure from reality. Anti-terrorist paranoia (i.e., heavy police presence, "anti-terrorist" squads, airport security) is, according to most sources, more common in Europe than in the U.S.
In fact, the anti-self-protection laws you cite, are themselves an example of paranoia that has not, as of yet, infected the U.S., apart from in some Northeast cesspools.
The U.S., by the way, is not a particularly violent country, when compared to the world as a whole, instead of comparing only against largely homogeneous (by comparison, mind you) Northern European countries.
--
Give me a break...
The article says that the US was pressurising the EU not to go ahead with the move. Why did CmdrTaco say that the "US is pissed"? What further indications are there in the article that the US is indeed pissed?
And you think they'd be pressuring the EU not to go ahead with it if they liked it? No. The article stated rather nicely that the US government is... pissed.
-- iCEBaLM
Great, another conspiracy theorist.
.02 milliseconds.
US, publicly available encryption (And it's available worldwide if you REALLY want it) is currently available in several different forms...
1. rot13esque, usually sold by underhanded "security solutions" fly by night software companies
2. Decent in it's day, RSA style encryption that can be broken, or cracked, but still takes a bit of effort.
3. Rock solid, won't be broken until quantum computing gets integrated into sony walkman style encryption.
For the security minded folks, the proper solution to what they want is available in the US.
Unless, of course, your talking about the NSA's 26th level, which, of course, contains the living brains of 3000 alien abduction victims, networked together using live marijuana leaves and capable of breaking sapphire in
The truth is, encryption "infrastructure" already exists. There's that little group out there that are doing work on that not so well known Advanced Encryption Standard pretty much as we speak.
Creating a world wide standard has very little to do with the EU opening up their doors to THEIR encryption... The US, and EU do not a world make.
The EU may, or may not be the encryption/privacy standards bearer... (By the way, that privacy thing was fairly hilarious.) The US, as well as Canada, Russia, China, Japan, and Korea have ALL come up with viable solutions to encryption. The US is probably pissed about the EU opening up their encryption exports because
The US and the EU (or, together, basically, the UN) may have to face the same people that are obtaining this encryption in the future. In battle, every edge counts.
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
Note that the EU doesn't recognize software patents, so er *can* export reimplementations of the patented algorithms. If this goes through, US citizens will be the only one unable to benefit from US developed encyption technology.
Amen, brother. The US gov't caters to the whims of the rich elites, not to the middle-class or the poor. They could care less what we think, in fact; as long as they keep us just happy enough to elect them into power, they're going to listen more to Big Busine$$ and their own needs (stay in power, keep getting into the pants of Congressional Pages, etc) than to us. Where are the founding fathers when we need them... why, look; they're right here in this document written on hemp paper called the "Constitution" and this other one called the "Bill of Rights." We don't need the founders anymore; we should be able to retake our freedom and free will all by ourselves, just using the power inherent in all those words they pretend to revere but secretly hate because it's the only thing that does give us power. What's stopping us? No willpower. Too comfortable to rock the boat. Afraid of change. Liking the status quo. Don't wanna rile the government and make them come after us. People seem to think their votes matter... Ha! If any American reading this truly feels represented in Congress, I'd love to hear about it. When's the last time they listened to you? To me? To anything but their egos, wallets, astrologers, and need for power?
I'm too tired to go off on yet another rant. If you all haven't figured it out by now, nothing I say will matter anyway... go back to your microwaved TV dinners and enjoy watching Ally McBeal until they take that away too.
"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
'But the European Union does not make their policies dependent on the opinion of the United States.'
First up, the opinion of the United States and the opinion of the United States Federal Government tend to differ, I would imagine. With regard to privacy issues, the government has a long history of going against public opinion.
While I like this from a crypto standpoint, I can't help but wonder why the sudden change in policy. It most likely was not due to any kind of public support of crypto, since by and large, the public does not care about this issue.
I'm guessing that corporations have been pushing for this and exerting power to make this happen. While I'm glad they did, it is another example of money buying policy (and for once, not in the US). What happens when these companies exert their influence for the purpose of making the DMCA an international law?
Granted, this is all conjuncture on my part. This story doesn't do into enough detail for me to support these guesses. But given recent events, I still find this pretty scary.
Finkployd
...but lets watch that space,backdoor diplomacy could yet win out.
I think you'll find that cryptography was born in europe!!!
Cure cancer.. and stuff! www.team45.info
Does any law enforcement agency really think that Bad Guys anywhere in the world have any trouble at all getting strong encryption technology? The whole argument seems pretty pointless to me. They're just preventing people from making money with it. (conspiracy theory?)
Actually, this is different in the case of encryption, or software in general.
What the US government doesn't want is widespread use of encryption. The way to avoid this is to keep it out of mainstream products.
In your cell phone example, using a US standard does not keep you from calling someone outside the US. If you couldn't use a US cell phone to call someone in Europe, people would get upset about the lack of standards.
Encryption is only effective if it goes from one end to the other. Therefore, two people from different countries need to use the same standard.
What the encryption regulations have done is keep strong encryption out of the hands of the mainstream. These regulations have kept strong encryption from being built into Internet Explorer (for lack of a better mainstream example). If all of the mainstream applications had built-in encryption, and it was friendly enough that even my Aunt in Minnesota could use it, then eavesdropping on the internet would be practically impossible.
Cell phones don't follow a standard, but the worldwide phone system allows multiple standards to talk to each other. With encryption, there is no way to transliterate in the middle, because to do that, you'd have to decode the message.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
He didn't.  If you had looked a bit more carefully, you would have noticed that Rob did not offer any commentary.  It was the person who submitted the article that said, "the US is pissed."
FYI...
sucks to be US
why?
Steven,
I just had a little look at your posting history, and you're a pretty amazing guy. I am surprised that you feel it necessary to tell me that you were a sponsor of that contest since I would have expected you to be well-informed enough to be aware that Our People have been watching you for some time. We are forming a new World Organisation called Braggard, Inc. which we feel you would be more than qualified to preside over.
thanks,
Z
p.s. Anticipating a positive response we have already disabled http://www.jjjulius.com.
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
Err, that statement was supposed to be taken as sarcastically quoting of stereotype. I thought it was easy enough to infer from context, but obviously I was wrong.
That said, I am looking forward to spending time in Europe some day (preferably a year or three). Hopefully it will be sooner rather than later.
-- Superlame http://catpro.dragonfire.net/joshua/
POP3 over SSH with port forwarding has some timing problems - you must to wait until the SSH connection is up before running fetchmail. Consider this alternative:
.fetchmailrc use this script with the plugin option:
Create the script sshtunnel:
#!/bin/sh
ssh $1 "nc 127.0.0.1 $2"
And in your
poll host plugin sshtunnel user name password pass
Instead of opening a TCP connection fetchmail will run the script passing it the hostname and port number as arguments and use its standard input and output to talk to the POP server. No timing issues - fetchmail will wait patiently while you type your password or passphrase to ssh.
It requires netcat to be installed on the target machine.
Why encrypt only incoming mail? My outgoing mail is also delivered over ssh (courtesy of PostFix)
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
I feel I must point out that your post is pretty much wrong. The US is usually perfectly happy to adopt standards that are unique to the USA even if they are out-of-line with Europe's, as is the case with cell phones and measuring units. Noone (noone sane, that is) would claim that the US is trying to keep cell phones out of our hands, for example simply because we don't commonly use european standards.
Also, there are no restrictions on forms of encryption developed within the USA itself-- the issue of export is the problem. There are all sorts of strong encryption available here in the USA, until recently better than anything in Europe, and we were all free to use them within the USA but export restrictions prevented them from being marketed abroad.
-Dean
EU Good, US Bad
Shall I Say anymore?
-- Note: These Comments are Generated by ME! Not You! ME!
That's because the US helps keep the economies running in these other countries. Even as we type, Washington is considering measures to prop up the declining value of the Euro.
More because of issues of trade balance, than as a favor or quid pro quo to Europe. A cheap Euro means higher imports from Europe, less export to Europe, and US companies being defeated in world markets by cheap European goods.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Or will high tech companies move elsewhere en mass
This is a step in the right direction. Maybe if the U.S. sees other nations dropping export restrictions, they will follow suit. There's no point in being the only nation on this planet banning encryption export. Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.
--cyphergirl
--Insert catchy
Well, I'm glad that SOMEBODY doesn't.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
'But the European Union does not make their policies dependent on the opinion of the United States.'
Sounds like a "Fuck you, US, and stop telling us what to do" to me.
Two points.
* If the Gov't can demonstrate a compelling interest in restricting an amendment, it usually can. For instance, content-based 1st Amendment restrictions appear to be valid if such a need is demonstrated and the restriction is the least restrictive that suffices. It is arguable that, for an untrained individual without an ICBM delivery device, a 20 megaton nuclear warhead is extremely suboptimal and that a compelling interest exists...
* Historically, the "right to bear arms" has, under English rule predating the US Constitution, meant only arms that could be borne by people -- not, say, cannon.
Only the dead have seen the end of war.
I'm just pulling your leg a bit about your literary criticism.
The conspiracy theory about encryption doesn't make any sense, because it can't target the people who need to be targeted -- the ornery free-thinkers with IQs higher than room temperature. The political theory does make sense because it fits with the pattern of behavior you can see every day if you look at any successful politician of any particular ideological stripe.
Conspiracies do happen; after all Nixon did try to cover up Watergate and he did use the IRS to force George Wallace to give up his third party. The KISS applies to conspiracies as well as anything else. The Wallace thing was simple, old fashioned blackmail, and worked perfectly. The Watergate thing started simple, but got too complicated to be managed, as it drew in too many of the executive branch. Of course, once he started down that road, he was stuck. The story had more legs than he had expected, and he was stuck with a balooning conspiracy that toppled his presidency.
Complicated conspiracies are simply prone to failure. To posit conspiracies that are complicated and doomed to faiure from the outset is to assume stupidity on the part of the conspirators. I have news for you -- these guys are rich and powerful and get a lot more action than the average geek.
So, you wanted a sound bite? Here it is: The difference between a politician and a geek is that a politician is willing to act stupidly to achieve his ends, whereas a geek is not.
Of course you can never disprove the existence of a conspiracy, especially to someone willing to introduce new propositions to support the conspiracy theory because he likes conspiracy theories. However, Occam's razor favors the straightforward political explanation.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I don't think the FBI,NSA, or any arm of the government can stop US citizens from using encryption precisely because the US government has labeled it a munition. Thus it is an arm and because of the 2nd amendment we have a constitutional right to use encryption. Also by this argument the government can not ask us to give them the keys either as that would be the same as taking our guns from us which is against the 2nd amendment.
I have finally figured out why Microsoft has made it so huge. They are just like the US. They desire to control everything!!! Sucks to live here sometimes.
Of course, that's just my opinion, I could be wrong.
...which explains why submachine guns are not uncommon among their police, why H&K specifically designed an anti-terrorist-sniper weapon for the Germans, why the Israeli atheletes were assassinated at Munich, why people were shot at Athens Airport, why the French deal with Algerian bombers, why the ETA assassinates political figures...
Only the dead have seen the end of war.
Who knows if "Echelon" exists with any real functionality, but could the easing of encryption export regulations indicate that the security agencies of the acquiescing countries are now able to decrypt most consumer-(read terrorist)-available encryption? Or could it indicate that attempts such as the supposed Echelon are failing to the point of not even worrying about encryption since they are not able to tap into the worldwide email flow with any great degree of success, even on non-encrypted email (due to tapping difficulties and massive volume)?
I suppose a conspiracy theorist would suggest that the new rules are intended to free up encryption so the people who are trying to veil their communiqués for nefarious purposes will have easy access to it and, by using it, attract attention to themselves by its usage, allowing Echelon-like systems to operate in a narrower band of possibility by setting the existence of encryption as its primary search criteria. Of course, this presupposes that the answer to the first question posed above is yes, security agencies can decrypt most publicly available encryption.
I'm sorry, but the muder rate in Washington D.C. is higher than that in Belfast. I know D.C.is anolamous but in Europe, that murder rate would be regarded as a low - level civil war.
Viva Europa! Europa Uber Alles..etc, etc..(reprise and fade)
/usr/games/fortune > ~/.signature
Never underestimate the dark side of the Source
>A detail you omit is that capturing the key schedules - the wheel order and the plug board settings for each day - was vital to the re-breaking of the Naval Enigma.
y pt.info/ultra.txt
h tm
I'm not sure "captured" is the right word. The settings were (eventually) broken. Obtaining the wheel settings was the very essence of breaking the crypto.
>One branch of the German military (I forget which at the moment- Abwehr?) never had their traffic read, largely because they used the machine correctly.
I'm not sure what you are referring to here. The Abwehr communications were being broken routinely once they got the bombes going. "Fish" (the other German system) was also eventually read routinely - although it took longer than Enigma (around 5 or 6 days whereas Enigma was eventually being broken so quickly and routinely that the British were often reading the plaintext before the intended recipient). "Fish" was the system used by the highest levels of German command.
See
http://www.und.edu/org/crypto/crypto/general.cr
However it is true that early on in the war the "breaking" was done by hand and the methods used largely relied on the German Operators making mistakes. However once they got the Bombe working they could crack enigma even in the absence of such errors.
Naval Enigma was eventually cracked - largely because because of poor use of the machine. The procedures used were flawed and the execution of them was also flawed. There were also limitations in the way that the 4th wheel was added to the Navy machine. This drastically reduced the extra security.
There's a lot of detail about all this at :
http://www.uboat.net/technical/enigma_breaking.
AJB
Here in the states it is still illegale to use encryption above a so many bits (I think it is 128 but I am not sure) why do you think we do not see 500 bit encryption, it is not because it to slow (heck my P133 can generat the numbers and key in 17 secs and do the work (both encrypt and decrypt) in as reported by the time function 0 secs, heck for fun I once tryed a 5000bit encytion program I wrote, 15hours (on a P133) to generat the numbers and keys, still (as reported by the time funciton) 0 secs to both encryt and decryt.
Europe has *more* problems with gun toting terrorists than the US. Remember the Red Army faction, the Basque separatists, the IRA, Baeder-Meinhof(sp?).
Not forgetting the CIA backed right wing terrorists that pretended to be left wing to scare the populace from voting socialist in the 50's 60's and 70's.
Or the fact that the IRA needed money to buy guns in the 70's and got some of the cash from NORAID.
Gee thanks, a proxy war against the UK, we were worried that you guys were going to leave us out of your governments "Global proxy war" (TM) game.
Even as an American it's nice to see some other countries/political entities showing some backbone and independant thought [terrorist nations notwithstanding]. While I don't usually follow these things too closely, it seems to me that quite often the US govt. pushes, and other countries just go along with it. :)
Then again, maybe I just really have no clue
Ender
Nothing to see here
Citizens aren't armed, so police aren't armed.
Oh yes they are.
The introduction of the ARV (Armed Response Vehicle) was in direct response to the number of firearms involved in serious crime.
ARV= Three police officers with firearms training, Beretta 92f's and H&K MP5's.
Of course they do have a tendency to kill people every once in a while (shot a depressed farmer here in Cambridge a while back) but they're probably criminals right?
Hey,
/., you need a lot of normal processors or some dedicated processors. Dedicated processors are designed to encrypt only and can do it very fast.
o r_7180.htm
/. got one of these and put it online as, say, http://secure.slashdot.org, it would be interesting. Not vital, but interesting.
Just to clear up any confusion, I would like to say:
Encryption is processor-intensive. VERY processor-intensive. Client borwsing can easily be done with a normal processor but a server needs more capacity. If you have an emmensely high bandwidth site like
The Intel NetStructure 7180 e-Commerce Director looks nice:
http://www.intel.com/netstructure/products/direct
If
I would support an optional encrypted slashdot, but then again, I regularly send random encrypted data to my mates just for the sake of it.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
About time that a political body stands up against the USA. I applaud the fact that finally since the collapse of the USSR, a (world) power stands up and spits in the face of the Americans. Keep up the good work, EU.
When the pack animals stampede, it's time to soak the ground with blood to save the world. We fight, we die, we break our cursed bonds.
Chris 'coldacid' Charabaruk Meldstar Entertainment
So, you're talking about sporadic message transmission from a client computer, and saying that encryption is not required for this. OK, I agree. But consider:
1) This option is not available on a server, where performance and throughput is essential. I work in a large router company, and we have features in our operating system which allow users to filter packets in order to improve security. Most users turn them off. Why? Performance and cluelessness. The cluelessness issue we can solve, but what about performance? The solution is, do it in hardware (this is the way the industry is moving). I would venture to say the same about servers.
2) As a client, are you willing to slow your downloads of files over a corporate LAN from 50Mb/s down to some kb/s value? Because that's what you are going to get if you want to software-encrypt/decrypt all your LAN traffic.
2) Using encryption for "everything"? Ok, what about real-time video? Streaming MP3s? I suppose you could use the CPU power to do this as well, but IMHO this is a waste of CPU resources (although at the rate CPUs are growing in clock rate and processing power, it's probably a moot point).
3) Expanding motherboard capabilities is really not that expensive, IF it is a commoditized product. I pointed to the example of 3-D cards, but in truth all sorts of stuff is being built onto motherboards these days (ACPI, AMR etc.)
4) There's also a significant marketing issue. Consider the case of the WWW. There's no amazing new technology in the concept of a browser - it was just an idea whose time had come, *and* which caught the public imagination. (For an example of a technology which has all the above attributes except public acceptance, see IPv6). I'd venture to say the same is true about encryption. Shipping on-board ubiquitious encyption *may* spark the people into actually using it.
All these go to show that encrypting "everything" is not realistic without hardware. The original poster appeared to encrypt a *lot* in software and at no cost, but that's only if you count tasks rather than bandwidth. Let's take a look at what he encrypted -
- SSH sessions (i.e. telnet)
- Email (i.e. ASCII text)
- Local stuff
What did he not encrypt?
- HTTP pages (he did recommend it; see 1)
- FTP traffic.
- Other downloads (MS SMB, etc)
I'd venture to say that the latter class of traffic dwarfs the former in terms of bandwidth.
Although my original statement was probably inaccurate - I'll rephrase it as follows: "Ubiquitous encryption is expensive, and probably requires hardware. A significant amount of encryption on the client side is possible at little or no cost.".
Oh, and about the PCI/USB thing - you're right. Although I would venture to say that it would perhaps be a lot cheaper to just build something into a chipset as opposed to build a card. Making cards has a significant overhead (going up and up these days) as chip integration becomes better and cheaper. There's also the issue of motherboard real estate, I suppose. But I won't belabor this point.
-- Before you moderate: Do you really believe somebody called 31337 d00d has anything useful to say?
The nice thing about current mathematical cryptography is that many algorithms have strength that's exponentially proportional to key length - so a small increase in the amount of encryption and decryption work radically increases the work that's required to crack it without the keys. Linux clusters and distributed.net and DES cracker boxes are great for brute-forcing DES and RC4-40 and RC5-56, but the planet only has 2*170 atoms on it, 3DES, which has 168-bit keys, takes only about 3 times as much work as DES to encrypt/decrypt. (Ok, the real strength is only about 112 bits, because there's an attack using 2**64 bits of storage and 2**112 cycles, but there's always 5-DES and 7-DES, and algorithms like RC4 and RC5 don't even take extra work to use longer keys - you won't crack RC4-128 or 3DES by brute force in your lifetime unless the Great Nanotech Singularity changes your lifetime a lot - and probably not in the planet's lifetime.
It's MUCH easier to steal keys than crack good algorithms. Decompiled your keyboard ROMs lately? This is Slashdot, so many of you *have* checked out the device drivers for your keyboards
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Here is the press release
I wouldn't blow off Blowfish. I'm not sure about its exportability in machine-readable form (IANAL), but I think the code is solid, and I know it's undergoing and undergone extensive peer reviews / attacks.
In the US maybe, the only reason you can do this is because you have backward analogue cell networks, Europe (and the rest of the world for that matter) have been using digital GSM standards for the last 8-9 years, the GSM standard incorporates 107bit elliptical curve cryptography for frequency hopping (which was developed in Israel, incidentally). So basically tuning into the network with a scanner wont benefit you one bit, at most you might hear a whole load of noise.
On a larger scale, i.e. Echelon, this isn't a concern, you can just tap into the calls when they hit the standard network, even mobile-to-mobile calls hit fibre along the line.
Combatting drugs, Communism and terrorism are good reasons to provide employment to people in all sectors of government that deal with them. The US government, no matter what it does, needs the "approval of the people."
In order to justify its actions overseas and at home, it needs to create "enemies" and "just causes."
There may be some people in the US State Department and other places that sincerely believe that all cryptography should be classified as munitions - after all, a lack of cryptography on the part of the Germans and Japanese in WWII did severely compromise their respective war efforts.
But like all issues regarding the Internet, things are changing. No longer is cryptography and its transmission sole domain of government, banks and other large institutions. Today, anyone with a personal computer can easily create and distribute a coded message anywhere in the world. And why stop there? Why not get a bunch of people together and start a CRYPTO.ORG-type website with the purpose of creating a suite of super-secure client/server tools (telnet, ftp, e-mail, web, etc) that when plugged into UNIX/Linux, NT/2000, etc. would create a highly secure communications platform?
Terrorists and anybody else interested in covering their tracks can probably do it. Governments like the US, France, Britain, Israel, China and Russia probably have their own protocols and tools to communicate over open data channels.
We can have freedom or security; we can't have both. Security is an easy, clean thing to manage and takes care of problems before they occur. Freedom is hard, dirty and difficult to manage and comes with all sorts of problems. Security keeps people on one straight and narrow path while freedom beckons people to explore the untraveled paths....
bzzt.
A munition is much heavier than the arms that the 2nd ammendment allows. Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.
A quick glance at the constitution reveals no such restriction....
I'd say you need to re-read it. At the moment the government regulation of nuclear missiles and rocket launchers is a violation of our second amendment rights, BUT it's one that the citizens of the US have chosen to endure the interest of not having weapons of mass destruction available quite that easily. But make no mistake, it IS a violation of the rights set down in the constitution.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Don't say it like that - say that our ability to read their crypto gave the Allies advantages and may have swung the tide of the war.
The Japanese and German codes were stong, powerful things for the day - Enigma and its brethren were mean and nasty. If we hadn't managed to capture the Enigma devices, we would have had a harder time decrypting messages as they changed keys.
One of the big differences these days is the public availability of the source of the crypto systems. The algorithms and source code implementations for DES and PGP and ECC are out there for public review and hole-poking, while the WWII systems largely relied on hiding the algorithm to maintain security. A very different situation from today's.
I love vegetarians - some of my favorite foods are vegetarians.
Is the soul of wit.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
One problem is that people such as ISPs and governments may block ports used for ssh. What I'd like to see is a way to transparently tunnel all IP traffic across https.
In other words, when host A wants to send a packet to host B, it makes an https connection to B (if one isn't already open) and sends the packet along that. At the other end, B interprets the packet as coming from some special 'crypto' network interface, and handles it just as if it had come from the network card or modem.
The advantages of doing this would be that ISPs wouldn't want to block https, since it is used for ecommerce. Likewise governments. And because https is encrypted, there's no easy way to tell that you're engaging in subversive activities (eg encrypted telnet) rather than approved activities which involve buying lots of stuff on the net. (please bear in mind that this whole post has been run through a conspiracy-paranoia filter.)
Also, it could be totally transparent to the user; if such a feature got put as standard into the Linux kernel (for *example*), traffic between Linux boxes would form a sort of 'cryptobone' (!) while communications to other OSes would proceed as normal.
-- Ed Avis ed@membled.com
Ya I know, exponital time to crack RSA.
Cracking RSA is subexponential. With the best publicly known general purpose algorithm (GNFS), the time to crack an n-bit RSA key scales as exp(c*(log n)^(1/3)*(log log n)^(2/3)).
This is significantly less than exponential time.
Tarsnap: Online backups for the truly paranoid
Well I've already commented once to you but I'll do it again because frankly... your annoying. First off if you know so much about a hush-hush policy then why are you opening your mouth about it on Slashdot?
As for going into detail of course you can't. You don't have any. If you were so involved with security like you claim then you would be much more tight lipped and be able to keep your mouth shut. By the very act of saying you know so much but can only say these little tidbits you show yourself as a person who has never worked in, around, and/or with people or things that deal with security. If you did then you would know never to mention secrets (or hush-hush as you say), even little teasers. Please at least try to be a little more subtle in your trolling.
Plus, your technique meaning you actually need to be somewhere to hear the conversations. It DOES take government resources to be everywhere at once.
Tomorrow will be cancelled due to lack of interest
I don't think the war on drugs has anything to do with fears or insecurity of the people, it has everything to do with an ideology that some very influencial people hold. Nor do I see any major crackdown on guns, its about as easy to get a gun as its ever been.
The problem has everything to do with keeping powerful uncontolable tools out of the hands of the populace.
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms
All of the 'standards' (OpenPGP, SSL/TLS, S/MIME) have been published in RFCs. And documents describing almost every algorithm known are available online, either in RFCs, or the conference proceedings where they were first presented. Only code is restricted from export - textual descriptions are fine. And of course reference code for algorithms invented in Europe, Canada and other non-restrictive areas is available too.
you also might like to check out the story on Slashdot :+)
--
-=DaveHowe=-
This reminds me of an occasion 15 years ago when a rep of my company went to Spain to show off our latest airline reservation terminal. He dialed-up to the U.S. with a 1200 bps modem to demonstrate the thing. Unfortunately, he was supposed to get permission from the government and didn't. Just before the end of the demo, the line went dead and the Spanish cops came and hauled him off. Apparently they couldn't decode a Bell 212 modem signal to read what was going on, so they grabbed him as a suspected 'terrorist'. After a couple of hours they released him. I'm extrapolating that experience to today and speculating that the EU doesn't have to wherewithal (perhaps due to lack of desire) to break the simplest codes anyway, so what does it matter if people use powerful ones. The fact that it's also a thumb in the eye of the U.S. is just lagniappe.
in the business sector. .) and general bitching and moaning on the part of industry lobbyists to Congress. Eventually, Congress will have to make amends or risk continuing flack and re-election problems from companies who feel that their interests are being hurt by the current crypto laws. The recent reforms in the crypto laws in the US were a nice, if ambiguous start, but this development may be the flahspoint for a nice, unambigous movement of encryption technology out of the sphere of 'restricted munitions', and back into the hands of people who would like to prevent everyone in the world from reading everything they own.
This is exactly the sort of development that is needed in order to push the US into dropping restrictions on the use of strong crypto. The US govt. has limited concern for the demands of lone privacy advocates and crypto-lovers, but it has a hard time ignoring the concerns of big business, particularly now with the spotlight being on the one's and zero's industry. From the look of the article, a lot of the motivation behind the EU changing these restrictions was economic; companies that have to wait 6-8 months every time they want to sell products containing encryption to someone in another telephone exchange are less competative than those that don't. So this change makes European cryptography exporters (which could include a very wide range of products now a days, not just PGP style personal crypto managers, but also products with embedded protection) more competative. US businesses don't like being less competative than there overseas counterparts. It leads to the creation of "buy American" commercials (in this case, "Encrypt Americans". .
For the short term, I'm not very hopeful. In the longer term, it is inevitable now. Our current policy made no sense even before this. Now, it will be much more difficult for the politicians and bureaucrats to pretend it still makes sense. But, rest assured, they will stupidly resist for as long as they can.
Geeky modern art T-shirts
Heard of ETA? IRA? The Barmy Army?
Cure cancer.. and stuff! www.team45.info
Search for user name "Steven Woston" on slashdot. Other variations are Steven W0ston and Steven Wost0n.
--
Don't lead me into temptation... I can find it myself.
It's nice to see the American government slapped down a few notches and maybe this will be an "time to end the ignorance" wake up call for Captial Hill and the FCC.
Don't just whine about poor internet privacy and freedom policies,
A single cdrom can hold pads for over a million messages, and of course all your units have a different one.
All your units have the same one, otherwise they wouldn't be able to decrypt each other's messages.
~ I haven't lost my mind. It's backed up on tape somewhere.
Oh come on!! Grow up. This in no way says they are pissed, it's not even implied. Just because they are 'pressurising the EU not to go ahead with the move' doesn't mean they are pissed about the decision, it simply states that they don't like it(i can dislike something without being pissed about it, can you?) and pressurising is the only means of control they have over it.
;)
Get past the childish:
Kid 1: I'm gonna do this.
Kid 2: No, you mustn't! I hate you and am gonna stomp my feet and get all angry at you.
However, although this wording does not imply they are pissed this is the government we are talking about,... so.... okay, I concede, they could well be pissed
If I buy a program which uses encryption in europe, and then take it into the US, is it illegal for me to take it back into europe? If I download a GPLed program from a european site, can I make changes and distribute them? What if I only distribute the diffs? Does that violate US law? Would it violate the GPL?
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Now as for other countries, name, for instance, one European country that you can't leave if you don't like it? In fact, I never hear about emigration problems... it's about immigration problems.
Tomorrow will be cancelled due to lack of interest
I think the USA is pissed more because the playing field is about to shift, and they didn't have any part in it. :-)
Humorless sig goes here.
"When you trade freedom for security you get neither" - Thomas Jefferson
Actually, I believe the correct quotation is "Those who would trade liberty for a small security will have neither." - Thomas Jefferson
I've also seen it as "Those who would trade freedom for security, deserve neither"
-Thomas Jefferson
This has to be one of the most misquoted quotes...
http://drteknikal.blogspot.com/
Hell, I'm a U.S. citizen and I say that all the time (loudest around April 15). Our government is getting to the point that it reminds me of some overly restrictive mother. "No, no. That's bad and mommy wouldn't like it."
"Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US. "
You dont have to `say` you`re from anywhere...
www.pgpi.com
has version 6.5.1i (i = international)
a wholy legal, inside and out of the states, version of pgp.
a.
the socialistic european countries :)
You don't mean that, do you? (I hope it's just a joke. On the other hand... that would again strengthen all prejudices...
With all of the talk of the US government wanting backdoors built in to all encryption so that they can protect the good ol' states can you really blame them? The power to access what should be confidential information should never fall into the hands of the government..t.here is no garauntee that it would not be used for purposes other than what it was intended...not to mention that if one of our agencies can get in then no doubt some youngster will find a way... if they open it they don't have to buy it from us as the article said...I agree
My Home: Apartment6
Doh moderator get a grip parent article is 3, informative? - at http://www.pgpi.org PGP is free for all for non-commercial use. (The rest of the PGP stuff is US only, and commercial only.. of course if you'd want it you'd get it)
Kjella
Live today, because you never know what tomorrow brings
Crypto is good, crypto is fine, but crypto won't save you from that bug on the wall or window.
More to the point, though, as a munition, it falls outside (supposedly) of the Second Ammendment; something about maintaining peace in general. 50 caliber machine guns are munitions, AFAIA, and are not legal for US citizens (general) to own or operate. You'll recall a certain faix do do in Waco, Texas almost a decade ago, which was justified by the Davidians ownership of heavy automatic weapons.
Ushers will eat latecomers.
IP is just rude.
Is there any torture so subl
I'll stand with everyone else, and congratulate the EU for taking this step (I mean come on; everyone uses this encryption anyway, so why bother restricting it?), but remember that we've only just been discussing another EU-based free speech story, with France and Yahoo.
The same issue come out in both these stories: any one country doesn't really have any hope of controlling the internet; the conflicts of interest between even two friendly countries are always going to be huge.
The internet is going to break the world's localised govermental control system real soon now. Whether that's a good thing or not remains to be seen.
(Spudley Strikes Again!)
If you try to stop someone from doing something, and they do it anyway, you generally get pissed.
While there was no press statement from the Whitehouse with the phrase "we are pissed" in it, it think it is a resonable assertion to make.
Finkployd
I work for a company that is restricted in exporting encryption to certain countries, but I have read on Microsoft's site that they are now allowed to export 128 bit encryption anywhere in the world. Does anyone know where the line in drawn in terms of what is allowed and what isn't?
Right near the top of that article is the key - did anyone read it? The EU has been getting a lot of heat from European software companies that want to expand by selling their products overseas but were prevented from doing so by arcane and byzantine laws prohibiting such. This whole deal has nothing to do with encryption per se. It has to do with a powerful lobbying group forcing the Gov't to open up some restrictive laws in order to help a particular industry. This is EXACTLY the same argument used in the US by US software vendors when they pressure their Gov't to do the same.
nothing here
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
The US view was that ever transaction had to be recorded, in detail.
Its about time. Its not like clicking "YES" to the question "Are you a terrorist" when your downloading Encryption software is a good way of stopping people. I really don't think Terroists use the Honor system that way =)
Secondly what the point to the USA being pissed off?
Its not like there are any major threats anywhere anymore. *cough* Iraq*cough* (giggle) and the UN has already made them their Redheaded Step Son. And anyways, Everyone knows that Russia has the Best Coders in the world and If they want strong encryption they'll get it through Russia. (and it will probably be better than *cough* blowfish or DES or what ever we can't export anymore)
On a Sad note. Guess I won't be applying to the NSA anymore....
--------========+++Dont Feed The Lab Techs+++========--------
I disagree. Encryption, even non-hardware assisted, is easy to have setup.
:-)
Look at theTEA project (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 towards the end of the document.
So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project can get away with giving away free [libre, beer] software
I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
All governments are socialistic by nature. They seek to survive, thrive, and enlarge. The success of the US is based on the fact that the government has, for most of its history, been far more hobbled than other governments, so while the governments of Europe were driving their best and brightest out, the US govt. seemed much less hostile.
DB
> But the whole point is the government does not have the right to know what I am doing. Get it?
You obviously didn't live near New Orleans..
Why do I keep typing pythong?
Hooray for the EU. If Canada wasn't trying so hard to stay inthe goodbooks with Uncle Sam, maybe we could have lifted the crypto export law. The only reason the US didn't want to export 128-bit security is because they want to be able to read every piece of information on the internet. This is a great move for the entire internet and not just to EU citizens and companies. I wish the companies well in producing a product that could become the world standard, without the backdoor access the US government pressures to have in place.
Why You Should Use Encryption
Note that while, yes, encryption is processor expensive, I suspect the work to decode all the JPEG images on a "content rich" website is probably a lot greater than the work required to encrypt and decrypt all those images for transmission.
The beauty of today's modern processors is that there is really no problem with just running encrypting everything. If the BIOS would support decrypting the OS as it boots, most of us would have no objection to encrypting pretty much everything on our disks, maybe even including the virtual memory. Really.
My 450 MHz pentium III laptop has no problem playing MPEG movies off a PGPDisk encrypted volume that is stored either on NTFS or FAT (where the encrypted volume is either NTFS or FAT itself - and you know FAT's not a fast filesystem).
Where the performance issues really count is for the servers and for those you'd certainly want hardware encryption. I'd be happy to donate a couple hundred bucks to Slashdot if it went toward implementing an SSL encrypted slashdot server, wouldn't you?
Clients have no problem with encryption in software. PGPDisk you have to pay for but I believe there is filesystem encryption for Windows PCs that is free. Let's see... ScramDisk, lots of good links at Yahoo 's encryption software page
I remember seeing an australian partition encryption utility there, I recall it implemented an australian government encryption standard as well as the more common ones, but I don't see it anymore.
And of course there's the linux encrypting kernel.
No, there's no reason not to encrypt. I think the main obstacle isn't export controls - it's user interface. Encryption is hard to learn. Compare using an encryption tool to, say, downloading an image from your new digital camera via USB on Windows or Mac. It should be really easy or no one will use it.
Mike
-- Could you use my software consulting serv
Where can we write to to support their decision?
Echelon, IIRC, was between the US, UK, and Australia, and the only proof of abuse was against the French (Airbus?). In any case, I think that the UK has more to gain by dumping the partnership with the US and jumping in with their European partners, rather than staying obtuse.
The UK shares much more economically with other European countries, now that the EU is in force, including their stance on GM foods, which the US predictably doesn't share.
PS - I'm a US citizen. to quote the bumper sticker, "I love my country, but I fear my government."
I just remembered this old Metallica song. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
perhaps the BEST thing about this is that the worldwide standard, whatever it ends up being, won't be dictated by Microsoft.
Maybe it's serendipity, maybe it's by design. But damn, it's a good feeling!
I just remembered this old Metallica song. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Much simpler, you just run your sshd on the standard telnet port... or on port 80. Nothing trichy necessary, just
sshd -p 80
Opus: the Swiss army knife of audio codec
Do you also recommend that all cars be built like tanks, able to withstand a 60 mph crash?
The point is that while it's a worthy goal to encrypt everything for the heck of it, it is not cost effective. Just like it is not cost effective to install two-inch armor plating and internal gel padding on cars, even though it would cut automotive fatality rates by 90%.
As a security expert, you know that encryption is EXPENSIVE. The only way to bring down the cost of custom encryption devices is commoditization. Just like awesome 3-D graphics has fallen within the reach of the masses due to commoditization (anybody remember the $15K+ Elsa & E&H cards that rendered 50K triangles/sec? It wasn't that long back). You basically want a DES (or, more likely, AES) encryption chip on each motherboard.
For this to happen, we need the following:
1) A publicly accepted AES standard. All AES standards require hardware implementations, and I believe all the final proposed candidates have efficient hardware implementations.
2) A cheap chip (or, even better, build it into the mobo chipset).
3) A well-defined API to this device. I assume 2 and 3 will go hand-in-hand.
4) Intel or VIA (through Asus, Abit & others) to buy into this and start building it on their chipset. Alternatively, Once one manufacturer does it, all the others will, too. It's just too big a competitive advantage.
-- Before you moderate: Do you really believe somebody called 31337 d00d has anything useful to say?
Come on... if you haven't got any true and useful information to contribute instead of all this bragging about your made-up heroism, then why dont you go back to the AOL chat where you came from.
Or, in short: This info is most probably not true.
Tomorrow will be cancelled due to lack of interest
You know what's funny?
A lot of people in Europe use "capitalism" the same way you use "socialism". The opinion of the majority is that capitalism is the great evil, and socialism is the way for true freedom and democracy. You got the opposite in the US. Go figure.
Me - i've lived on both sides of the pond - and things are pretty much the same everywhere. Capitalism isn't more evil than socialism. Or the other way around..
-henrik
I've traveled in Greece, Italy, Switzerland, France, Holland, Denmark, Germany, Poland, Czech, Hungary and Austria and I would say that they are more socialist than the US. Although I would agree that the US is not more free. At least not at the individual level. However, in groups I think we are. We don't ban religious groups (see France and the Scientologists).
sig this
I'd like to see Slashdot, for example, have the option of being served up on 128-bit SSL. I mean all the pages on the site. It would probably be best for the slashdot folks if this were done with hardware encryption support.
For one thing, encrypting all one's casual traffic helps to provide cover for people who really do have something to hide.
I recommend using a web hosting service which provides secure shell login access. One such web hosting service is Seagull Networks. Here is how I retrieve my POP mail through SSH port forwarding. The tip entry gives BeOS specific instructions but the basic idea should work on any platform for which SSH is available.
And yes I know my email is sent to seagull in the clear, but what this does is generate encrypted traffic (generally a good thing) and also prevents my ISP from snooping on me unless they hack into my hosting service.
If you work in a company and are concerned that your employer may be snooping on your personal email (you're not mailing out your resume are you? Know how an ethernet sniffer works?) then you should definitely use SSH for your mail.
Also on my laptop I use PGPDisk to encrypt my Quicken Checkbook and source code on NT, and the Linux Encrypting Kernel to encrypt source code on Linux. If someone steals my laptop, my clients won't have all their trade secrets stolen too.
Mike
-- Could you use my software consulting serv
Speed matters. When you have a server doing thousands of SSL transactions per second, the extra time it takes to generate a 512bit key vs a 128bit key becomes very very real and very expensive. It may not matter if it takes 17 seconds on your P133, but the server can't dedicate itself to doing your encryption for more then a split second.
Besides, in terms of non Public Key Cryptography, 128bit is reasonably secure for current applications. Just look at Distributed.net trying to crack 64bit encryption. 128bit is 2^64 stronger then that. Thats reasonably secure from brute force attacks.
If its a cryptoanalyitic attack your worried about (such as someone knowing how to quickly decrypt the messages), what you need is better algorithms, not longer keys. Longer keys don't stop a cryptoanalyitic attack.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
The reason that the FBI wants to keep crypto out of the hands of the citizens is indirectly our own fault.  We clamor that we want security and safety and we bitch and moan when our law enforcement (part of our government) doesn't provide it for us.  The war on drugs, the crackdown on guns are simply responses to people's fear and insecurity.  Crypto does make law enforcement's job tougher and that is a fact that everybody should just accept. 
Personally, I'll take the freedom to use crypto in any way that I see fit and I'll argue that even those that wish to use crypto in a way that is counter to my beliefs should be allowed to do so.  The benefits far outweigh the problems that it brings.
"When you trade freedom for security you get neither" - Thomas Jefferson
"Country X in Europe comes with a new encryption. US and no one else can break it. They then decide to start taking over other countries. They have a unbreakable encryption method that no one can tell what they are doing. Morse code and other codes were used in previous wars to send messages, with an unbreakable encryption method it could be a new way to send secrete messages."
Been there, done that, cracked it. That little scenario took place during WWII. The Allies won out over the "unbreakable" code. There is NO SUCH THING as an unbreakable code in reality. There is always someone who will spill the beans. There is always someway to capture an encoding device. I'm more worried about Country X launching nuclear missiles than wether or not Country X can talk in private or not.
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
They just use that as an execuse and a reason to tell the masses. Remember, if the media tells the public its true, then for all intents and purposes its true, even if its not.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
From: WhiteHouse
To: Joe Public
The Whitehouse, on behalf of the United States Goverment would like to clear up a few rumors that have been causing an uproar with the citizens of this Great Country.
There was been some acusations and rumors going around that the White House and the United States Goverment are not fully happy with the state of the union. To clear this up, and to fully put out or offical statement on this, on behalf of the United States Goverment we would like to state for the record "We are really fucking pissed".
I know this may come to a surpise to most of the citizens of this Great Country, but ever since the CIA and rosewell conscripies, the Goverment and the White House of this Great Nation of ours, have not really been getting any, and this makes us really pissed off. We (the United States Goverment) watch our citizens going day in and day out getting laid by great looking women, and on behalf of the United States goverment I would like to say "Where is my booty, why don't I get any hoes?" and also like to add "And the United States Goverment is pissed about this"
Thank you for taking the time to read this press release and hope this clears up any details the American public might not be aware about.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Many rulings in Europe do come about because of big company pressure, but this almost smacks of something else.
Prediction:It means that the European crypto stuff will become the world standard.
Thus all that US investment and current export regime which hurts the consumer in Europe as well as companies can be ignored as a free to export crypto will be more attractive to both US and European countries.
IMO this is an excellent move for Europeans, both in business and the consumers.
So maybe the EU did it _knowing_ it would piss the US off, and with the _express_ intention of reducing the US' control of crypto.
An Eye for an Eye will make the whole world blind - Gandhi
There are a couple of reasons for the EU wanting to drop encryption restrictions and the US being pissed off:
STOA report which details the Echelon project and the fact the NSA sells commercial secrets to enable US companies to steal massive global contracts from under the noses of their EU counterparts. The French were so affected by the revelations they switched from the most draconian encryption policy (they banned all encryption, even by their own citizens) to the most liberal (instant raising to 128-bit with a view to dropping limits asap).
So is the future looking rosier? Not for us in the UK, which is one of the most oppresive governments in the world. Take a look at the watered down RIP bill (you can only imagine what the original bill was like, hint: key escrow). For the rest of Europe, will they convince businesses to spend effort and manpower in creating secure systems as opposed to buying cheap, painless, out-of-the-box NSA friendly software? A nice but distant dream.
Phillip.
Property for sale in Nice, France
Restricting the flow of computer algorithms is like trying to stem the flow of thought.
...................
...................
...................
Well shit, there's always TEMPEST. . .
I just remembered this old Metallica song. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
As we know Echelon has been a joint venture between European countries an the US, one wonders how that partnership will be affected.
Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
It is about time. The overarching question is whether this change in policy and a corresponding change in US policy would really have any effect in the use of encryption. The highest level of encryption used in e-commerce is 128-bit, which even the US government now allows to be exported. Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US.
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms (except RSA, whose patent will run out and whose algorithm could be integrated without permission into a European company's product).
For once, it's EU that is leading the way. Technologically, we're (US) ahead--but, we seem to be farthest behind when it comes to developing appropriate policy in regards to new technologies.
ByteMyCode.com: A Web 2.0 code sharing community.
Mmmhh i have read somewhere that the iroquois can't set up a church(or their counterpart) in the US... i'm not sure of that, though.
Chill out. :-)
This is just one step further towards forcing the US gov't to relent and allow free export of encryption. This is something that most of the computer industry has been demanding for a long time. This is something that is necessary for the growth of worldwide electronic commerce.
This is an obvious sign that the Wassenaar (sp?) treaty is breaking down, thich is a good thing.
The big celebration will happen when the RSA patent expires later this year... Get ready Uncle Sam, your days of being able to casually eavesdrop on every communication are slowly fading into history.
So, why is it that the socialistic european countries seem to generally be acting smarted than the free capitalistic US recently? I'm all for capitalism, but, some things make you wonder...
-- Superlame http://catpro.dragonfire.net/joshua/
Before that they started opening mail - that's why people would put those elaborate wax seals on their mail .... and before there was an organised mail delivery system intercepting mail was hard ....
My point is that there's been an ongoing technological battle between those who want their privacy and those who want to breach their privacy .... it's been going on for centurys .... maybe the spooks will give up when we're all using quantum entanglement to comunicate .... or maybe they'll juts get a lot more spooky :-)
Complete bullshit. Europe has *more* problems with gun toting terrorists than the US. Remember the Red Army faction, the Basque separatists, the IRA, Baeder-Meinhof(sp?). Europe is a good example of what happens when you disarm the people and the trigger-happy fanatics run wild. Except for Switzerland. God Bless their machine-pistol toting hearts...
--
Nothing to see here. Mooooove along...
I think you'll find the computers were born in the UK, the web designed in the French/Switzerland border (by an UK citizen), the microcomputer was born in France. The germans used crypto machines during WWII and a British submarine captured the first few ones (and that's in early 1941, way before the US entered the war), and reverse engineered it. Same for Linux, Nokia (scandinavian), PHP (German)
/., Unix and (aaargh) Microsoft are US creations.
But then, Apple, C, Java,
(come to think of it, the French discovered radioactivity, the French and German created the atomic theory, the German scientists who fled to the US built the first atomic bomb, and the american actually DROPPED it !)
Obviously this renders the crypto export restrictions in the US
redundant: you can export anywhere from the US in two hops. I see
three main options for US policy makers (from least likely to most
likely): drop their own export restrictions, reimpose crypto
restrictions or pretend it is not happening.
It would not be surprising that the US is pissed about this development. But please don't try to stir the sauce - it's hot enough as it is.
That means the US has to be The Perfect Place [tm] to live in.
Kindly teach your brain cell to duplicate before making any further statements.
Tomorrow will be cancelled due to lack of interest
"Ha ha"
-- clvrmnky
Hehe
I never thought of it that way. Two things can come of this:
1 - People who do not historically support the second amendment may find a reason to do so.
2 - The government's war on the second amendment will be stepped up, since they could kill two birds with one stone. It would sure be a big step in making us into powerless peasants.
Finkployd
Sorry US but what is the point of creating a law station " You cant download this code if you are outside the us" when you cant enforce them! Come on how many people out there have downloaded 128bit encrypted programs from the US before they were allowed? I bet there are a fair few ( me _NOT_ being one of them)
...contact has been lost with over 500 nurseries and creches throughout the EU. Barney's Army is thought to be backed financially by el Furbys' underworld crack ring.
Cure cancer.. and stuff! www.team45.info
Well, now I won't feel so bad about leaving the States for 4 years if George W. Bush gets elected.
Seriously though, kudos to the EU for relizing what it will take to attract the serious security developers.
Hahaha! Abdul ibn Abdurachman ibn Hatab! Haha! Mula! Mula! Now I can finally rely on SSL2 to pass my credit card information to those pesky adult XXX sites!
You can't handle the truth.
The US (in particular the FBI and probably the CIA/NSA) wants to keep encryption out of the hands of USians. (The reason doesn't matter for the purposes of this post). The best way to do this is to keep there from being any "encryption infrastructure" and the best way to THAT goal is to keep from having any standards.
And if you disallow exports, you can't create a world-wide standard. But whoops, the EU allows exports now, so we can standardize on that.
So the US is pissed for two reasons:
1) The EU will be the encryption (and thus privacy, etc) standards-bearer for the 21st century. This causes loss of money and face for the US.
2) The US can't keep EU encryption out of the hands of USians unless it also bans encryption imports. And since that action isn't compatible with the nominal "munitions" argument, it would tip their hand too much.
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
I'm not a expert on quantum computing, but I thought it was still largely theortically. That is to say, they don't really know if electons *really* act that way, or if its just a good mathmatical model for describing how they act. If it turns out to be the latter, I'm afraid quantum computing will look much like alchemy.
no comment
I'm not surprised the US is irritated by this. It'll allow proper, decent strength encryption to be used pretty much worldwide (apart from the US), using Europe as a development base.. which is probably a Good Thing. (tm) Especially given I live outside the US.
On the subject of the relaxation of US encryption export laws, do you really think the US govt. would allow people to export 128 bit encryption if they hadn't figured out how to break it trivially? :)
~P
Technology will always be one step ahead of whatever is trying to squash it. The government wants to control encryption to save them the trouble of cracking new techniques, but it's never going to be that easy for them. They'd be better off accepting the technological advances and working around them, instead of focusing so much on the past and hoping that nothing changes.
Got Rhinos?
There was an article in today's Wired explaining Britain's lack of interest in tech and IPO's, and this same attitude helps explain why strong encryption isn't regarded as such a threat there.
The socialist mindset of the typical European is such that "civility" is considered one the the highest attributes a person should posses. This dictates a deep social drift towards peace, and as such things like terrorists aren't generally feared because guns and such are so rare. To quote from the article:
"The full-blown libertarian futurism that's propagated by (Wired magazine) is not well received in this country," he said. "People here loathe that stuff."
Indeed, in states with strong socialist tendencies fear of terrorism and making money just aren't concerns for most people. Contrast that with the US, where "Libertarian futurism" is considered the only valid social choice, and it becomes clear why the US backs export restrictions on encryption. As a violent country (compared with the rest of the world), US citizens understand the inherent evil that many posses, and therefore seek to limit the ways these people can damage their country. The paradox of simultaneously owning weapons of their own is lost on these people, but it can not be denied that their familiarity with violence makes them more naturally disposed to understanding the many ways it can manifest itself.
One thing that I learned in my US govt class was that the US govt often adopts the same (or similar) laws as other governments in Europe, however the way that our system is set up it creates a larger bureacracy (sp) thus it takes us longer. Most of the European governments only have one party that has to agree in order for a proposition to become a law. Hopefully the US bureacuracy (again sp) wont drag its feet on this too much.
This could become even more important since the US govt (FTC) has given up on net self regulation
--------------------------------------------
Please give your mod points to others, Im at the cap. They will appreciate it more
Pretty much shows that our gov't is *not* representative of the people or our interests, eh?
--
Ok, so first, the EU enacts privacy laws that do a good job of protecting the privacy of citizens. Then, it sets crypto free, which also helps with the first goal, making sure that information that is transferred is secure.
Meanwhile, the US goes on with its laissez faire "privacy" laws (feel free to collect anything you want, and to cross-correlated to your heart's content). Furthermore, we have these lame crypto export restrictions, making secure interoperability on the Internet difficult.
Can anyone call the United States the "Land of the Free" without a touch of sarcasm?
I see both issues about Universal Access to the net and the relaxing of data encription export controls as being important and related. Companies in the US eg: MPAA, RIAA and eTOYS seem to think that they can set the international agenda. Well, first France tells eBAY it cnnnot auction Nazi stuff and then the EU tells the US that all export control on data encription is being lifted. What goes around, comes around. Important issues about who controls the universally accessed net have not been decided. Which contries law's control the net? Who defines TLDs? Should we all work together to get the UN in control of the net, not that the UN is anything like a world goverment or anything but it may be the closest thing we have. We'll never get into the Federation of Planets without a world goverment.
zenray
Quantum methods of computing will be used primarily for efficiency. They will be designed from the ground up. A lot has been done in the computation theory sector, and if we start with something new and radical we will surely see one thing: reversability. It is this ability that makes quantum computing so attractive. If you need results, but not now, give the system a little energy to slowly prod it forward. Need results now? Waste a little more energy on heat.
Quantum algorithms may be used to compute very complex systems, because they are excellent at chance. This will be of some use in cracking standard keys. However, encryption through quantum methods will never be possible.
In the end, quantum computing may make it trivial to break 'quantum encription', but it will not pose much of a threat to traditional irreversible methods of key generation. I think our data is safe for now.
Reversible computing. Is that anything like an old navy reversible tech-vest?
teslakid
I prefer the original "Steve Woston". He is quite entertaining.
What original Steve Wosten? Can I have some more info please?
Remember Bletchley and the Enigma encryption device mentioned a short while ago on /. Recall that 'twas here they invented the programmable computer in the forties..... Just to break encryption
- You don't need a chip to do encryption
- Chips wouldn't be (and arne't) that expensive, anyhow
- You can put such chips on an ISA/PCI/USB interface, as they don't need to be on the motherboard (e.g. hardware that enhances SSL processing)
Did you even read the post you were replying to? How much do you think that individual spent to be able to apply encryption to so many aspects of his computing and communications methods? Virtually nothing.Your argument is not unreasonable; in fact, I think it's a common misconception. It's not some huge monumental ordeal to deploy encryption for yourself, casually. It should be obvious after reading the parent post that it encryption can be employed almost everywhere, cheaply and effectively, in the status quo.
send flames > /dev/null
Only 'flamers' flame!
Seriously, a lot of US citizens want strong encryption, personal privacy, and a lot more.
It's just the monied interests running the government that are against it.
The rest of us are thrilled.
Will in Seattle