Slashdot Mirror
Interview with Phil Zimmerman
A reader writes "PGP's creator is participating in an online interview this week. Phil
is mainly interested in clearing the air about the recently discovered
ADK bug, but the larger topics of encryption and worldwide organized snoop rings (Echelon) have already come up. The interview is open
to questions from anyone; runs through Friday 9/8."
In other words, all the strong crypto in the DATA segment of the SMTP transaction isn't gonna save you if an FBI agent decides he wants to forge a "From: kiddypr0narchive@fbi.gov" in an email to you. For mail to truly be secure, it's clear that we now need to encrypt all headers in the SMTP and/or POP transactions.
Likewise, for safe browsing, SSL on the content of the pages isn't enough; all the metadata in the HTTP GET requests have to be encrypted too.
Traffic analysis makes sense; it's machine-readable data, machine-parsable, and very easy to inject into a database for profiling purposes. Scanning a database for all From: addresses associated with To: fields of osama_bin_laden@secretterroristcamp.iq, or IP addresses associated with Referrer-ID: fields matching the regexp *janetreno*goat*pr0n* is a lot easier than actually trying to examine a terabyte of .JPGs.
We've seen it in the public domain with the "auto-sue" programs used against Napster users.
We're seeing the gummint getting into the act with Carnivore. Whaddyawannabet that 5 years from now, when Jaz and ZIP drives are no longer available, the "physical evidence" ceases to be a piddly 120M disk (which can probably only hold the sniffed headers from a handful of users before it has to be swapped for another disc) and becomes a 200G hard drive (which can hold everyone's traffic for a few days)? Hell, the cost of the "removable hard drive Carnivore" isn't much more than the ZIP drive one today.
At what point will we redesign our basic communications protocols to be snoop-resistant?
Agreed! Cheese is great!
Ummm, I thought that if they decrypt your mother's new recipe then they have your private key, and then they can decrypt everything else you send without much force. Of course, I'm somewhat ignorant -- do people change their keys every message? Does the software exist to change the key for each packet that is sent?
OK, It's me, Ph!l. My answer is:
a34470asd89sradfh9weg89g349h834g980zgaseh89erf
qr34h8934wr7890ferhferasd7890f4w78h4f37h4f34f3
qf348934f890734f9h4f389h34f89h34f89hfliwe984we
456wertz89erj3w459ß8t4we9h8ertw89zuewrt89zue4w
Actually, If I understand quantum encryption correctly, the Heisenberg uncertainty principle makes it impossible to listen in on a quantum encrypted stream without detection, even if you can somehow manage to apply infinite computing power to decrypting it. It's not much fun listening in if they can tell you're there.
The equipment needed to perform QE isn't insanely expensive, either. The current problem is supposed to be extending the distance over which the stream can be sent.
There is a vast supply of pure, unharvested cheese on the moon.
I like cheese.
Oh, but I should point out that E-Mail isn't everything. I'd agree that all personal communications should be encrypted. Sure that's a lot of what most people worry about, but I'm not sure that something like /. should be encrypted, even though /. has messages attributed to persons in it.
Actually, though, if one can securely distribute keys of arbitrary length, one can then apply the one-time pad result (one use pads are provably secure) to guarantee that no amount of processing can decrypt the result. One is reduced to merely guessing about the content at that point.
The original post seemed to suggest that quantum computers were somehow going to able to break QE because of their unique properties. I'm fairly sure that can't be the case, given the above.
Cheese? A cluster of cheese? Phil Zimmermann's cheese?
The DeCSS issue is slightly more complex, since it's not a 'pure' free speech case, but historically, the US Supreme Court is reluctant to allow any restrictions on words on paper- pictures and streams of electrons are a different story.
I do not deploy Linux. Ever.
Correct me if I am wrong. I don't know the relative computational cost. This is just a guess. Anyone with more info?
I know that, but my points were:
1) quantum computers do not break symmetric encryption, so if quantum computation becomes commonplace, then we're no worse off than before public-key encryption became a common concept (and in fact, our symmetric systems will still be useful).
Unfortunately, we will have to resort to physical means to securely pass our keys (with the accompanying possibility of rubber-hose or sticky-fingers decryption techniques...)
2) There are still mathematical operations which look like they have the same kind of property that factoring large numbers or doing discrete logarithms have right now, i.e., being easy to do in one direction, and hard to do in the other, but do not look like they will be easily solveable by a quantum computer.
So...the advent of practical quantum computing might make the CURRENT public key infrastructure useless (in which case we are no worse off than our current state where hardly ANYTHING on the net is encrypted), but there will still be the ability to transition back to an encrypted state.
It really doesn't matter if he used a sniffer or not as cable traffic is encrypted as soon as it's sent out over the cable modem. Try it and you'll see.
A printed version of the code does not act as a virtual device, it can't do anything or automatically make a computer or any other device do something.
Now it lets a person (or a computer with OCR) make a copy of the code, but the DMCA doesn't say instructions for making a circumvention device are illegal. Heck it doesn't even say a device that makes a circumvention device is illegal. (Although I wouldn't want to rely on that it court). They can hang a lot on the prohibition on "trafficing" in such devices.
In summary, there may be reasons a printed version is exempt.
Here is another difference, DeCSS is illegal, PGP wasn't, as far as export regs go. (the patent situation was a different issue). So copying it to paper and exporting that when that is legal under export laws is apparently a workable workaround. That might not work with DeCSS.
I am not a lawyer, any care to comment?
Just because it CAN be done, doesn't mean it should!
This presumption that emails are equivalent to official memos from the plaintiffs, which they saw as a misuse of the entrepreneur. However, under no circumstances shall any employee of the article claims a lot of unnecassary exceptions, and some inefficient device emulation out of business by pulling a bait-and-switch, doesn't look like the bad guys. Therefore, we must clean up our act, both public and private, and be willing to address the real, underlying concerns of our fellow consumers' mistrust and cynicism to the DeCSS link. This would have had to use ONLY industry standard, open memory formats such as crossbows, gunpowder, and chemical explosives. While Elven magic was still prevalent, the Dwarves had no reason to do it - the reviewer opinion notwithstanding, buy Ramus book and let the people that buy his films with his copy is his business.
Finally, you observe:
Get all the heavy hitters with PhDs and post-doctoral work to defend them calmly, though). As soon as the person in front of you in limiting access to information and communication-- a dream for anyone to peruse. He obviously is incapable of decency, integrity, or intelligence. Where's natural selection when you download directly from them, there's a Linux software available...that gets the nod over VMware or Win4Lin. If it's enabled by default. Not only do I not trust the langauges, but the pay-per-use annoyance-ware model has not yet died. Witness the recent Slashdot story about the struggle with darkness within (which is naturally why so many people are instructed to send too much energy up- the intensity of the key point (to me) proving that is harmful to minors. If you are *really* worried about inetd's security, why not have it, download it now!
badges? we don't need no steenking badges!
Bill - aka taniwha
--
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
I would want to ask, why didn't you GPL PGP. In all fairness, this latest incident may have never happened to begin with if the code was GPL'd from the start. (or even if it was, it would have likely been an option that could easially be left out). Given a choice in the matter, I know I never would have used a product that implements key-escrow unless I specifically wanted and needed it.
I'm sure everyone here has read about the quantum computers that are still in the pre-infancy stages at places like IBM and Los Alamos. Because of their peculiar nature, the quantum computers can factor numbers as easily as they can multiply them, rendering public-key encryption schemes useless. Of course, these systems are still very primitive, the latest ones at around 5 to 7 qubits. Still, it is inevitable that this technology will grow to the point where it could be capable of cracking 128-bit encryption or whatever we are using when the rapidly advancing quantum technology starts to catch up with traditional computers. Quantum computers do offer the possibility of quantum encryption, but due to the inevitable extreme expense of quantum computers at the early stages of development, it is quite likely that intelligence organizations or large corporations will have the ability to crack our codes several years before we gain the ability to protect ourselves from this threat. When this happens, what will we do to protect our privacy against powerful forces that can compromise it at will?
WARNING: there is a trojan on your
The reason for encrypting everything you can is a concept called "plausible deniability". If you only encrypt important things, someone can point to encrypted data and say "that's important, he must be up to something, I can tell because it's encrypted." If you encrypt everything, you can deny that any of it (or any given piece of data, more importantly) is at all interesting, and such denial is entirely plausible.
Whatever your opinion on encryption is, Phil Zimmerman deserves some respect. He released PGP despite very legitimate threats to his own personal well being.
I read an interview a long time ago about his reason for doing do. He said he had heard of a rebel group (forget which country) that was fighting against an oppressive govermnent was using PGP to communicate.
He decided that if his tool could be used to help people struggling for freedom, it did not matter what would happen to him. He released the software shortly thereafter. In my opinion, he's of the earliest true idealists in the world of hi-tech.
Have some cheese.
Like cheese.
I like cheese.
get a sense of humor you fool, second I posted this right after the trolls. try again
Burn Hollywood Burn
Actually, one wonders if this will become the method of choice for distribution of 'illegal' source code such as DeCSS, etc...
-jerdenn
This bears mentioning!
I like cheese.
Think of cell phones for example; manufacturers just don't want to put anything good in there due to power usage. Here I'd be on the side of encrypting anyway.
do think though about what everything implies. In the context of the 3com founder saying it (something like "I invented ethernet, but I should have thought about encrypting everything"), it seemed to imply that every network card on every machine would do some encryption point to point with every other network card. That means every route has its own encryption layer over any other layers. I think that would have a huge speed impact on any internet (present or future).
-Daniel
Actually, I was thinking along those lines.
;)
Slashdot-hosted interviews used to be, what, weekly? And yet when was the last one? Or have I simply had them filtered out of my homepage with a new bug?
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
Hey Phil! Please remove ADK and any way of recovering keys. If I lose my key, too bad. Hey, can I comment out the relevant section in the PGP source code and simply recompile? Damn, that would be sweet! Hmm, I wonder when the next long weekend is...
pi=sigma{n:0-infinity}[(1/16)^n][(4/(8n+1))-(2/(8n +4))-(1/ (8n+5))-(1/(8n+6))]
Putting that ADK feature in was stupid. It complicated the cryptographic system, and in the end, broke it. Why would you want it for E-mail, anyway? Worst case, you have to ask for some recent E-mails to be resent. E-mail encryption should be brutally simple and well-understood, probably, now that the patent has expired, RSA/triple DES.
Instead, why not just fill all "idle" bandwidth with random noise? Any well-encrypted data will blend right in, without the high CPU overhead of crunching lots of numbers to encrypt routine traffic.
That's ZIMMERMANN, for crying out loud!
"Ain't no right way to do a wrong thing."
This has to do with the interview topic of encryption as you may be able to see
-Daniel
Ask him what the NSA's director likes to have for dinner. He should be able to answer that one.
Burn Hollywood Burn
(yes i have seen the link is a sort of user-interview thing but). Has there ever been a Phil Zimmerman slashdot interview? - or rather - wouldn't it be relevant to do one at the moment? Personally I'd like to see more Slashdot Interviews, because it helps to ask questions no reporter/journalist might have asked
-Stskeeps, http://unrealircd.com
What advantages do you see in one compared to the other?
Following the thread on comp.security.pgp.discuss what can be done to restore confidence in the pgp system?
Date: Mon, 28 Aug 2000 22:29:56 -0400
From: Nemo
Newsgroups: alt.privacy.anon-server
Subject: Think Twice before installing PGP 6.5.8
If you want to install an updated PGP to fix the ADK issue, you might want to read this message thread over in comp.security.pgp.discuss
8o87bf$p7m$1@cristal.i-quake.com
Apparently, NAI's solution is to hide the problem from the user. The updated PGP won't use a forged ADK, but it also will not show you that a key has a forged ADK; a forged key will appear to be valid with no ADKs at all. Consequently, the "view->ADKs" menu option is no longer useful for detecting keys with forged ADKs.
This fix is a Public Relations fix, not a bugfix. The ADK problem is a major design flaw, not a simple bug. It cannot be reliably fixed by what NAI is doing. This update show a fundamental misunderstanding of what the real problem is and makes me question whether NAI really wants to fix this.
-- Nemo -:- nemo@redneck.gacracker.org
"For those with more memory than 8 Mb - tough luck.
I've not got it, why should you." - Linus Torvalds
(from the linux kernel source code, circa 1991)
Zimmerman himself already made his view on this pretty clear, years ago.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Encryption can be computationally *very* cheap. And encrypting only your sensitive traffic will rather draw attention to it.
Multicasted video may want to go out unencrypted; not for speed reasons, but because collecting the key might incur unnecessary expense for all parties. But the same argument should not apply to normal, point-to-point communications.
--
Xenu loves you!
Rather, he was paid to write it, and the other person (who prefers to keep a low profile - but was investigated with Phil by the Grand Jury) is the person who released it.
This is an important distinction. Without that other person hiring Phil to write PGP, and having the balls to release it, PGP would not exist.
It's also interesting, and alas, degrading to Phil's reputation, that Phil Z. has done quite a lot to trash the other person's reputation, while trying to grab more glory (and undeserved glory at that).
If Phil Z. is a hero, he is a sad one at that.
For references, read some of the original material about the release, starting with Jim Warren's article from Microtimes.
I didn't.
I'm not asking Phil Zimmerman whether he knows about Slashdot interviews, as that really wouldn't make much sense now, would it? What I was wondering was whether any of the slashdot community knew what was going on. Entirely legit.
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
Well, the real problem is that most of our protocols (the classic Unix stuff like FTP & Telnet, and most everything Microsoft puts out) were designed for LAN communication or leased lines, where you make the assumption that the channel is trusted. Five years ago, public networks weren't that much of an issue, and unfortunately infrastructure is easier to roll out than it is to change.
Some insecure public protocols (SMTP) should have have never happened -- blame it on the 800 lb sendmail gorilla that has been wandering aimlessly for 20 years.
On the other hand, HTTPS support was put in early, and was just willingly not adopted except for business transactions. Netscape's big ugly broken key icon in vers 1-3 was their hint for users to demand a secure channel. They didn't care. It would be nice if general interest sites like Slashdot ran their service on both http and https just to give clued-in users the option.
--
Business. Numbers. Money. People. Computer World.
Bullshit source is not available for any version later than 2.6.2. Here's the source for 6.5.1i .
Check your facts man.
There comes a time in every man's life when he must say, "No mother! I do not want any more Jell-O!"
It's not a story yet. It's the start of an online interview. Pfft.
Defecation occurs.
Go to the actual site (http://forums.itworld.com/webx?14@@.ee6 caf5) to post a question. /. is not hosting the interview.
Thrashing...please wait...
-------------
-------------
The truth is out th- oh, wait, here it is...
PGP seems to be a case study in this in that the recent bug has no effect on the older, simpler PGP 2.6. As requests for features by everyone from paranoid hackers (bigger keys) to corporations (ADK's) come in, it is natural to want to add things to software. The problem is that as the software gets more complex, dangerous flaws get much harder to spot (even in open source software). Once a bug like this creeps in, the "feature-rich" software is significantly less useful than the old version in that it doesn't accomplish its original goal: privacy.
How do you think one should go about trying to achieve a good balance of features/complexity and security?
I don't know about you, but there isn't an FBI van outside my window. Therefore I'm only worried about people on the internet reading what i'm sending... hence I PGP. however... if I start seeing those guys from Enemy of the State in their van parked up the street from me, i assure you my main concern *won't* be whether or not they can see what I'm posting on /.
Kat -- Alcohol and calculus don't mix. Never drink and derive.