Slashdot Mirror
What's Now State of the Art in Encryption Technology?
One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.
JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?
To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.
Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.
So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"
With 10 MB keys
Vernor Vinge's novel from 1984 illustrates the importance of encryption for the everyman.
try iraq, sudan, etc.
you guys need to get beyond your own self-importance.
A=1, B=2, C=3 ... Seems to work great in protecting me and my terrorist organizations vital secrets.
They could make OBL look like a hero who trumpets freedoms.
I haven't been able to reliably read my own handwriting for years. Given a small government grant, I could develop this even further into a true, secure, incommunication system of one-way cryptos. If I could be bothered to learn Navajo, I'd be set for life.
Money for nothing, pix for free
We can not argue that computers are tools of terrorism, so lets ban them. That way no one will be able to communicate secretly.
While this is a good start, I also recommend banning:
Box cutters
Razor blades
Guns
Knowledge of encryption
In fact, to be really safe from terrorists, we should all live in caves and grow out beards.
[insert your mf'ing jefferson / franklin quote here, biotch.]
Troll Like a Champion Today
Of course encryption is a "tool of terrorism." It falls squarely into the same category as other tools:
Concentrate on the terrorists and not on their tools. Starting down the road of outlawing inanimate objects that can be used for multiple purposes is the beginning of an ultimately unfulfilling and unsatisfying journey.
Laws affecting technology will always be bad until enough techies become lawyers.
So the government wants to put back doors in encryption. First of all, if there is a back door, someone out side of the government will find it. Therefore, what is the use of encryption anyway. Secondly, there are export restrictions on encryption, but not import restrictions (as far as I know). So if you download something like gnupg from a non-us machine (ie the server in Germany), can the US control it in any way?
Sorry, that's a typical techie response. What are you going to do when they take away your "tool of terror". Stand up and fight, NOW! Get on over to http://eff.org and start lobying your reps HARD!
Hate to get all Gammar Nazi on your ass, but bin Laden is bin Laden, not Bin Laden (unless starting a sentence).
Bush's Orwellian Address
Happy New Year: It's 1984
by Jacob Levich
Seventeen years later than expected, 1984 has arrived. In his address to Congress Thursday, George Bush effectively declared permanent war -- war without temporal or geographic limits; war without clear goals; war against a vaguely defined and constantly shifting enemy. Today it's Al-Qaida; tomorrow it may be Afghanistan; next year, it could be Iraq or Cuba or Chechnya. No one who was forced to read 1984 in high school could fail to hear a faint bell tinkling. In George Orwell's dreary classic, the totalitarian state of Oceania is perpetually at war with either Eurasia or Eastasia. Although the enemy changes periodically, the war is permanent; its true purpose is to control dissent and sustain dictatorship by nurturing popular fear and hatred.
The permanent war undergirds every aspect of Big Brother's authoritarian program, excusing censorship, propaganda, secret police, and privation. In other words, it's terribly convenient.
And conveniently terrible. Bush's alarming speech pointed to a shadowy enemy that lurks in more 60 countries, including the US. He announced a policy of using maximum force against any individuals or nations he designates as our enemies, without color of international law, due process, or democratic debate.
He explicitly warned that much of the war will be conducted in secret. He rejected negotiation as a tool of diplomacy. He announced starkly that any country that doesn't knuckle under to US demands will be regarded as an enemy. He heralded the creation of a powerful new cabinet-level police agency called the "Office of Homeland Security." Orwell couldn't have named it better.
By turns folksy ("Ya know what?") and chillingly bellicose ("Either you are with us, or you are with the terrorists"), Bush stepped comfortably into the role of Big Brother, who needs to be loved as well as feared. Meanwhile, his administration acted swiftly to realize the governing principles of Oceania:
WAR IS PEACE. A reckless war that will likely bring about a deadly cycle of retaliation is being sold to us as the means to guarantee our safety. Meanwhile, we've been instructed to accept the permanent war as a fact of daily life. As the inevitable slaughter of innocents unfolds overseas, we are to "live our lives and hug our children."
FREEDOM IS SLAVERY. "Freedom itself is under attack," Bush said, and he's right. Americans are about to lose many of their most cherished liberties in a frenzy of paranoid legislation. The government proposes to tap our phones, read our email and seize our credit card records without court order. It seeks authority to detain and deport immigrants without cause or trial. It proposes to use foreign agents to spy on American citizens. To save freedom, the warmongers intend to destroy it.
IGNORANCE IS STRENGTH. America's "new war" against terrorism will be fought with unprecedented secrecy, including heavy press restrictions not seen for years, the Pentagon has advised. Meanwhile, the sorry history of American imperialism -- collaboration with terrorists, bloody proxy wars against civilians, forcible replacement of democratic governments with corrupt dictatorships -- is strictly off-limits to mainstream media. Lest it weaken our resolve, we are not to be allowed to understand the reasons underlying the horrifying crimes of September 11.
The defining speech of Bush's presidency points toward an Orwellian future of endless war, expedient lies, and ubiquitous social control. But unlike 1984's doomed protagonist, we've still got plenty of space to maneuver and plenty of ways to resist.
It's time to speak and to act. It falls on us now to take to the streets, bearing a clear message for the warmongers: We don't love Big Brother.
Jacob Levich (jlevich@earthlink.net) is an writer, editor, and activist living in Queens, New York.
Folks, in this discussion, please keep "algorithm" and "protocol" seperated. An algorith is a mathematical method, such as the public key algorithms, or, as described rather roughly above, bits being indistinguishable from the statistical properties of the pixels.
Protocol, on the other hand, is roughly speaking the way you use the algorithms - everything required to get the message from Alice to Bob, including key exchange, agreements on which pictures to use and how to identify them, etc,e tc. I strongly urge you all to read Bruce Schneier excellent works on this subject, both his Applied Cryptography books and his less theoretical and for most of us far more interesting book Secrets and Lies.
Also, whenever I hear "state of the art cryptography" I feel I hear somebody who doesn't understand that creating cryptography takes years and years. Peer review, taking apart actual implementations, etc, etc, and if after x years there's still no good attack known, then perhaps the cryptography is acceptable.. "state of the art" usually implies "the newest and the latest", and that's not what you're looking for when you select cryptography.
Interestingly I was just reading this blurb:
t es onPrivacy.html
http://www.scripting.com/davenet/stories/BillGa
over on scripting news...
Prohibition almost never works. And certainly not when you are prohibiting something that anyone with even a tiny bit of smarts can do on their own.
Cryptography does not even require computers, the ultimate encryption, one time pads, does not require a computer and is utterly secure as long as you maintain pad seccurity.
There are caveats to everything, oh well. Enforcing cryptographic limits on your citizens is of no value at all. If a criminal wishes to transact their business using encryption technology then there is nothing law enforcement can do about it. Period.
Only deep ignorance prevents these people from seeing the truth.
Besides embedding your message in an image, there are dozens upon dozens of ways of passing messages in plain text. Some famous examples from the past use poetry.
Enough for now, I might go off on real rant, then we'd all be unhappy.
Later . . . . . . WebBug
If you're that worried about being tracked and monitored on your computer, don't use one. Don't use a PC, use credit cards as little as possible, and stay away from any "networked technology". Join the manual labor work force, and dig a ditch. That's probably the only way you'll be able to avoid the upcoming onslaught of "anti-"privacy issues and legislation from Ashcroft and Congress. Oh yeah, don't get your picture taken, and especially don't commit any crimes, cuz then you're mugshot will be plastered across face recognition software everywhere.
Th
One of the most successful uses of encryption in human history has been the constantly evolving slang terminology used by teenagers. It is almost completely incomprehensible, yet manages to convey information without appearing significant. Just think, the next time you see some teenagers speaking to each other, they could be sending messages between terrorists...
So now what's to keep the gummit from deciding your MP3s LOOK like they've got stegno in them and putting you in jail because you won't hand over the key?
/dev/random around just for kicks...
I keep several PGP-encrypted files of
> > Hey dude, I just computed Pi with some
> > home-brewed code, can you check if I got it right?
> >
> > Pi = 3.149018493227539874383983749210025
>
> Hey pal, I think that you need some code tweaking, I get:
>
> Pi = 3.14151747701120741294729382749277
>
I did some tweaking. Now I get:
Pi = 3.141649287392847283785938472901018401
Am I making progress?
In an interesting display of synchronicity, Slashdot authors still don't read Slashdot until after they have made their posts.
I can't spell or type, but that doesn't mean I'm unusually stupid.
I could tell you... But then I would have to kill you.
Not everyone deserves a 320i
Such as www.rubberhose.org
the Afghan people have tried that already, and it
hasn't kept them very safe from bin Laden...
*rim shot*
I'll be here all week folks! =)
A year spent in artificial intelligence is enough to make one believe in God.
Same for all the rest of us.
http://www.iht.com/articles/33700.htm
ROT 13. Plus DMCA. Plus Attack Lawyers.
Nobody will hack this right?
134340: I am not a number. I am a free planet!
Well, the best stand you can make for your rights to privacy and assembly is probably two fold:
:)
1. Exercise them, by encrypting everything you send until they either make it illegal or engage in the debate effectively and attending assemblies of like minded citizens lawfully petitioning their government for redress.
2. Write a check to the ACLU or your favorite civil-rights group (EFF, whatever). Face it folks, Dollars Vote . Nothing expresses your opinion like purchasing power. So I would recommend, in effect, "purchasing" more advocacy and voice in the system. This is not to say this system is right, it is to say this system is reality. We can complain that it shouldn't be this way all we want, but unless we show a force (read: $$) that those with power respect, we're pissing in the wind.
Personally, I use PGP and have been for a while now. (My Public Key) I probably don't use it as much as I should, but it's definitely used for some conversations at work I wouldn't otherwise want seen. So far, none of my employers have had an issue. I don't - yet - encrypt everything on my home computer, but I'll probably buy something to do that in the near future. (Recommendations welcome!)
My company actually mandated everyone get encryption (in our case, Entrust) on our laptops before we went on a project in Asia last year. Turns out, the clients we were doing the work for would attempt to hack into our computers while we we're using their network. They dove into some folks' laptops and read/copied email, files, etc. and then used the information when negotiating with us! We started encrypting everything related to the project before going on site and the client became a bit easier to deal with. (No comments on why they remained our client, please, I still don't know the answer to that one! Decision not in my hands.)
I mention this because I think there's a possibility to make privacy at an personal level a common cause between corporations and individuals. We just need to make the case loudly and effectively. (which brings me back to my support your local civil rights organization point
What about attacks like trawling your swap file for your PGP passphrase?
Didn't the FBI recover keys from a mobster's Windows swapfile recently? (I can't find the URL but it was a different guy than the one they used a keyboard sniffer on)
Or, you could hide steg messages in what looks like Sircam virii - just change the words a bit, move a space or two or even mess with the attached files.
There's so much data on the Net today that it's not even funny anymore and lots of it is metadata (Napster login names, tcp packet TTLs, file lengths and the naming of cats on personal homepages spring to mind) so you wouldn't even have to bother using a book cipher or pre-set code phrases like "Buy two quarts of milk on the way home, dear" which of course means "ram two commercial jets into tall buildings before breakfast".
I don't really understand why anyone bothers, unless it's to catch the really stupid terrorists, the ones that failed Terrorism 101 by not being able to scare the kindergarten kids next door out of their lunch money. Or, to watch over the general populace...
The point is that you can find hidden messages, faces on Mars and backwards satanic messages everywhere if you look hard enough, but it's impossible to find real messages that's been hidden good enough. Just deal with it.
Money for nothing, pix for free
Then so are
airplanes
cars
pens
kitchen knives
bank accounts
credit cards
water (Hey they use it to drink you know)
kitchen sinks
I supose these people also want to pass laws saying what time we should get up in the morning and when to go to the toilet.
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
The govt and the terrorists are at war, and they're using innocent civilians as their medium. It's their war not ours, leave us out of it.
Question everything.
However, I'm not one to suggest it would be undefeatable!
Anyone who wishes to advocate legislation requiring backdoors in encryption products must first write a paper showing how this would prevent terrorists from secretly communicating with each other. Explain the term "steganography" and show how your legislation would prevent terrorists from using it. Explain why terrorists would be unable to fall back on codebooks full of innocuous phrases, hidden in apparent music CDs. Explain how your legislation would be enforced outside the U.S. Prove that your legislation would not have any serious impact on banking, credit card transactions, or internet commerce. Be prepared to defend your thesis to a panel selected by Philip Zimmermann and the Electronic Frontier Foundation.
Mr. Neanderthal apparantly created, used and distributed a deadly weapon known as fire. Some say it has been the cause of millions of deaths.
Ashcroft stated that the terrorist is suspected to be hiding somewhere in Africa, possibly near the Olduvai Gorge.
=-=-=-=-=-=-=-=-=
Oh bother.
Chatting has been insecure for ages and still people just don't understand to use chat protocols that are secure. People should try for example Secure Internet Live Conferencing (silcnet.org). There's constant development in the cryptology but suggestion 10MB keys are just stupid. People should use existing tools, free tools to be more exact and be done with the problem.
There is a form of encryption that will always be secure with one exception. Conversations that are based on prior conversation will always be secure, unless the prior conversation was recorded.
Because computers have such a difficult time with semantics this means that a human will have had to have heard the original conversation in order for detection of the "encryption" and its meaning. This is why tracking criminals is such a difficult task. Until we can get computers to understand and infer semantics, and then record ALL conversations, there will be no way to decode all transmissions. As I am sure that many on this forum will agree, this is most likely not going to happen in the near future. This is why undercover work is so important.
To give an example, if I were to say the word "Fjornborgi" to a complete stranger (as most of you are) he would have no idea what I was talking about. On the other hand, if I say that to my brother-in-law, he knows exactly what I am saying and why. This is because we have a history of conversations where the word "Fjornborgi" has been discussed and defined.
As for computed encryption, with RSA no longer under patent and many very good mathemeticians coming up with interesting functions everyday, I see it being more and more difficult for government to monitor and control information. I don't see this as a bad thing, since it gives the citizens of the world more freedom to express their ideas to their audiences in a secure way. There is little fear of being overheard when not desired. Of course, many will abuse the priviledge, but that has been the case for centuries and not a new problem that has shown up just because of encryption.
Ok, I'll admit I'm biased, but I think the next phase in the developing landscape of encryption is universal access to cryptography. I'm not talking about putting PGP on FTP servers, I'm talking about making hard crypto available to my mother.
To this end, I've started the PPS, which is a project devoted to transparent, universal email encryption. The goals are complex, since they are aimed at so many audiences, but you can browse the site and get an idea. If you find it to your liking, please drop me a line and sign up to help.
You don't have to have technical skills. I need proof-readers, coders, researchers, and more. The reference code is not nearly as important as getting the specification done and doing all of the research needed to get the various MUA vendors to sign on.
Best application for StegCrypto I know of is Scramdisk - it only supports 16 bit WAV files (for now) but for ease of use it is unbeatable. the lower four bits of each sample are "formatted" to form a virtual disk drive (a bit like a floppy disk).
To open this virtual disk, you drag and drop the wav file on top of the scramdisk app (there are other ways, but that is the simplest) and type in your password. unless you know the password, the volume won't open, and if you examine the file you can't even prove the scramdisk is there (yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits) Scramdisk is free (with source) from www.scramdisk.clara.net
-=DaveHowe=-
I don't know much about the JCE, but when downloading the beta version of JDK 1.4, I saw a page to download "unlimited strength jurisdiction policy files". Does this mean I can use keys of any bit length?
i used to play the role playing game called paranioa
trust no one
keep you lazer handy
the computer is your friend
no no no!
its a return to the abacus
we need to get rid of computers so we can
get everyone working again
hahahahaahaaaa
back in the day we didnt have no old school
Too many people seem to be automatically against anything that Ashcroft might call for, without actually knowing what the specific proposals are. For example, one of the new powers that Ashcroft has called for is that when a surveillance warrant is granted, it be tied to the individual rather than a specific phone, which seems totally reasonable to me.
In future discussions, how about if we discuss specific proposals and make specific criticisms rather than general statements about how the government is just looking for the chance to turn the country is a police state?
Just a thought.
Sometimes it's best to just let stupid people be stupid.
There's always new stuff going on in cryptography, but the state-of-the-art is hard to define...
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms.
Best implementation? OpenSSL has done a great job of implementing most of these algorithms (maybe a few have been left out due to patent considerations) into a simple-to-use library with both high-level and low-level interfaces to the encryption and decryption routines (i.e., you can simply encrypt blocks of memory, or you can have the library format and encrypt the data according to various standards, like SSL).
Best personal encryption tool? GPG/PGP. I like GPG more, mainly because the source is going to remain available-- NAI is closing up the PGP source. Either one, though, should offer adequate security for e-mail or personal file encryption.
Best hard-disk encryption system? I'm familiar with encrypted loop-back-- under Linux and OpenBSD. I think that it has some advantages-- it's simple and easy to understand, and it works with ANY filesystem supported by the operating system. However, lots of known header information in file allocation tables and such can give an attacker a lot of information to work with.
I haven't tried TCFS yet. The OpenBSD support for it is still very young, and is a developers-only sort of thing. I'm thinking that TCFS will be a VERY good choice, once the support for it is stable in most operating systems (I don't know what the status of tcfs is in Linux-- anybody care to let me know?)
What else? Oh, there's steganography. Still not a lot of stuff out there, but one choice DOES stick out above the rest: OutGuess. OutGuess isn't based simply on a half-baked implementation of a simplistic steganographic algorithm-- it's based on actual research by a respected scientist in the field. OutGuess has a lot of thought put into it, and if you really need steganography (which, I'll admit, is rare), that's the program to use.
My coworkers and I tend to use a form of steganography, on IRC. Its not typical pixel-in-picture stuff, though... rather, the script encodes messages (the current irssi perlscript implementation is 7-bit clean) in the entropy available in l3eT-babbling carrier text. For instance, "l" could be "l", "L", "|" or "1", meaning you could use an "l" character to store 2 bits of data. The output looks, as I'm sure you can guess, horrible.
For more important things, we tend to use ssh, but steganography isn't entirely forgotten here =)
Paranoid
Bwaahahahahaa.
If you run x86 Linux, ppdd
provides excellent, total, and secure hard drive encryption. Can't be beat.
What's Now State of the Art in Encryption Technology?
NOT'ing the data, AND (at the same time!) shift it one bit to the right.
That'll teach them.
There is no such thing as 'world peace'.
- Are you saying these things should have no regulation?
- or are you saying that encryption should be regulated the way these things are?
- or are you saying that everything is just fine the way it is with a mix of regulated and unregulated.
I ask because you didn't actually say anything at all as it applies to reality. "Starting down the road of outlawing inanimate objects that can be used for multiple purposes"... is exactly where we've been for hundreds of years, and I kind of like living here so I'm finding it a very satisfying experience. Sure, I don't agree with all regulations, but I can't figure out what you are proposing...How about SSH? It's already one of the most widely used encryption packages out there, second only to the SSL-equipped web browser. It's so easy to install and so utterly transparent to use that there's no excuse for it not to be in universal use on BSD/UNIX/Linux systems.
Phil
...is to fly an airplane into it in the great name of Allah! Nobody will be able to read it amongst the rubble and charred and splattered bodies! Heil bin Laden!
The US military still uses them for secure communication, and ID verification, over insecure channels. And it's easy to build them. Get a word list (from "spell" perhaps) and assign each word in the list a value from AAAAAA to 999999, Roughly 2 billion strings to assign. Assign strings to words, letters, numbers, and punctuation via a good randomizer (a cheap a/d card with a noisy thermocouple makes a great random number generator). The strings can be reused, as long as they are not assigned to the same words.
Best Slashdot Co
There's an alternative: withdraw your forces from the Saudi Arabia and stop supporting the Israeli terror government.
How about going to the root causes instead of trying to fix the symptoms with your military might?
Cryptography is a funny field. It's sorta like an intellectual game of chicken. The "best" crypto is almost always the more established algorithms. (These days things like 3DES and RSA) The rational behind this is that the basic principles are sound, leaving only brute force attacks. The nightmare scenario is a "clever" attack. If I dis cover that the WizzBang-2000 scheme is easy to crack if I just divided my cats age, and multiply by 6, then life starts to suck for the WizzBang-2000 users. And quickly.
... whatever) were mostly based on the same old "known hard" problems.
So here, we worry about the speed of brute force. With factoring based crypto, it's fairly easy to move the keysize out a tiny amount and reap huge returns. Symmetric based systems are harder, and often need a redesign/re-evaluation. Such as the DES -> AES migration underway now. 56 to 128 bits isn't quite enough for the truely paranoid.
The chicken part is deciding if someone else has come up with something clever and just not disclosed it. (The big boogy man here is governmental bodies...) Think Engima during WWII.
Personally, I tend to think that there are enough people working "outside the fence" on crypto that if a major established algorithm was broken, we'd all know shortly thereafter. (And imagine the chaos...)
More to the point, if an established algorithm is flawed and the parties holding the flaw are governmental, they'd either have to tell almost no one, (because of the danger of a leak) or tell everyone in the government to use some new algorithm. (Which would set off alarm bells for sure.)
Even the "new" algorithms proposed as canidates for the new AES (now decided as Rija
Along similiar lines, elliptic curves kinda scare me because the math isn't as studied, and I personally think there is more of a chance of an "off the wall" solution to the "hard" problem. With factoring, pretty much everyone since the dawn of math has been hammering on it. (Elliptic has been hammered for a few hundred years I think, but not nearly as intensely.)
"The Man" wants a backdoor because it's cheaper than a huge beowulf cluster.
First, share a one-time pad. This is very easy using steganography: you just choose an image on the internet and a time and agree to seed a pseudo-random number generator with that to get your pad. Encrypt your message by XORing it with the one-time pad. Your encrypted message is now indistinguishable from random noise, assuming your PRNG is good.
Then, you need a data file where noise is expected. Using low-order bits is no good unless you have pictures where the low order bits are actually random, rather than containing no information. One possibility is to take a photograph and make it a GIF or PNG; the lowest order bits that your camera actually produces are probably noise, and will be present in the image.
Replace the input noise with your special noise. The resulting image is now perfectly plausible (your camera could have taken it if some photons happened to land differently, with the same probability as having taken the photo it did take), and the message cannot be read or distinguished from noise unless the codebreaker knows what image you agreed on.
In order to do this, you and the recipient have to agree on an image you control and another image. Having done this, you can, of course, agree on more images later, for communications in both directions. Make sure you both look at a lot of images, including a lot that everyone looks at (e.g., CNN).
And then your recipient looks at the message on his CRT, and the spies read it in the EM radiation. Good thing you weren't saying anything they care about, but why did you bother with all the encryption, then?
You don't want to ask ``what's the state of the art?'', you want to ask ``what's a decade old or more?''
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
PGP is still very good encryption, and I use it regularly. I mostly use it on my Win2k box, but GPG will do the same job under Linux.
As for how easy it is to use, on Windows it is on the file context menu, allowing you to encrypt and erase files in just a couple of clicks. In Outlook you can tell it to encrypt / sign your emails automatically for you.
This ease of use is not limited to Windows though, GPG plugs into Mutt as well (and if memory serves me correctly KMail), and I am sure many other email programs. I am not sure about file managers under Linux though.
-- Dooferlad
I dont care if they force backdoors because if they do they are just shoooting themselves in the foot and they get to see what an ass they were now. And this can never last, backdoors are just a plain and simple stupid idea. Fine, Mr Ashcroft, go and stand on your pedistool. I'll laugh when you fall down.
If voting could really change things, it would be illegal.
Consider this message:
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
)9TSS
It's was pointed out by Larry Ellison that the only privacy remaining is the illusion of privacy. Face it, if you have a SSN, a bank account, a credit card, a job, and access the net/email, chances are your privacy is already screwed. Is this good or bad? Who knows, but it's the world we live in.
In reality, if our "privacy is compromised", the worst thing that usually happens is our inbox is flooded with SPAM. Credit cards are rarely hacked (never happened to me), and when it does happen, CC company usually fixes is. Oh sure, some folks get their SSN taken and their lives screwed with, but really, how many people has this happened to??
For those folks using Encryption in their day to day email......why? What are you keeping secret? What do you do that is so bloody important? Just curious....
What is the point of fighting it any more? This is due to a fundamental flaw in our system of government. Representatives are allowed to bundle too much un-related stuff into one bill. Who in the hell are we going to be able to convince not to vote for this? Obviously, if it were a bill that only existed to criminalize secure communications everyone would be outraged. It's not that. It's an "anti-terrorism" bill with a zillion individial provisions inside. My congressman isn't taking anyone seriously who calls and askes him to vote against an anti-terrorism bill and I guarantee yours isn't either.
Step out into the street and hand over your guns to the police and don't even think about complaining about it because you could be tried for treason.
What's wrong with the Government reading your email? If you have a problem with that, then obviously you have something to hide. I really don't care if Big Brother reads the email to my friend about the news article on Slashdot, or about getting to gether to watch Monday Night Football. But I would be concerned if I was planning some illegal activities. Heck, I don't even care that this message is being moderated! Bottom line is this.. What good are your civil liberties, when you're dead?
What criminal activity is going on which requires everything to be encrypted? If you have nothing to hide, you have nothing to worry about. Terrorism is the greatest threat to our way of life. Everyone should bear part of the burden in defeating it.
i dont have time to refute every stupid point here, but just one thing, the war is peace bullshit.
First of all, we haven't fired a single shot, but this guy has already labeled it a reckless war. This cycle of retaliation is bullshit too. The only way we complete this cycle is if we start deliberately mass murdering innocent civilians. Trying to equivocate the attacks on 9-11 to any military action is stupidity. In fact, we are trying to break their cycle of violence by stopping any more bombings and mass killings. This is complete self defense from stopping any more innocent lives from being taken on U.S. soil.
It'll keep a twelve-year old from figuring out what you're talking about. It won't keep a sophisticated attacker from figuring out what you're talking about. English is a terribly redundant language; whenever you use a sentence with Fjornborgi in it, you're encoding that word in the rest of your sentence, too. A cryptanalyst would study the environment in which you use the word; the time of day; after what activity; with who else around.
In time, the cryptanalyst would be able to figure out what "Fjornborgi" means--even if you didn't tell him directly, he'd know to a surprising degree of accuracy.
These are people who recreate the internal mechanisms of cipher algorithms just by watching a string of nearly completely random numbers flow out of it. Compared to that, human conversation is trivial.
encryption needs to be used more widely. don't just yammer about how important it is use it. for mutt users, see justin miller's work on a mutt and gpg tutorial. even if you'rean expert, check it out, he's looking for feedback.
this is true for every mua + gpg/pgp. see if people working on a doc to make it easier to use for your favourite mua.
US Citizen living abroad? Register to vote!
What good is it banning encryption here if Osama Bin Laden is in Afganistan.
Just a guy with an opinion
I'm getting off on a tangent here, but watching a rebroadcast of Ashcroft addressing Congress last night on C-SPAN change how I felt about the man as well as his proposal.
I'm not a supporter of him, but his ideas may have some merit, however his writing skills seemed to lack and I noticed him apologizing on the wording of the laws quite a bit, and instead of reading the text, stating what his intentions were. I think he may be getting some much needed criticism and maybe these new laws will not be the end of the tech world after everybody else gets there paws into the exact wording of it.
This brings up another point: for this man to be in the position of power that he is, shouldn't there have been more though put into his proposal? Obvisouly the confusion I watched last night was just the beginning as several members didn't get a chance to query Ashcroft as he had another appointment. The members that did, all had concerns over the wording of the proposal.
I guess I'm just glad to see that this wasn't rushed through and passed as law and that some officials are actually reading it and listening to their constituents.
I wouldn't even really worry about encryption at the moment. It seems that all congressmen aren't idiots.
Of course, this is just the way I feel at the moment, this is subject to change.
I dont have anything to hide, but nothing gives them the right to read my email. It's a breach of my being as a American. I pay taxes to live to here, I pay for the military, I pay the salaries. Part of that is to the end of keeping us safe. That doesn't mean tag me like a wild animal, and read everything about my life. I dont want them to know who and when I converse. Because its information that is mine. They don't have a right to it.
*Dubyonics* == "I personalibly recommendify it as the biggest high level of encryptionite that's conceivably imaginable."
<---[singularity sig]
The legal situation in both countries are different, but it's interesting that Germany's interior secretary just told the parliament that better electronic surveillance does not require significant changes to existing laws, but rather better trained personnel and better use of already existing data. (I am paraphrasing. See here for the German original.)
After thinking about this for a while, I've come to the conclusion that I totally agree with the members of the US Government who think we should put back doors in all of our encryption software. And well they're at it, I think they should also make it illegal for guns to use real bullets (they should only be allowed to use blanks) and for airplane's to only be legal if they have no engine.
I don't see how that's going to be problem to the military. They have their own R&D units which usually are decades ahead of the public research groups.
Has it struck any one that encryption is to information theft as a bullet proof vest (armor) is to bullet fire?
My point is, encryprion is not a weapon of attack, encryption is PROTECTION. It protects anyone,
good and bad, just as a bullet proof vest would protect an ordinary citizen as well as a terrorist.
Do we restrict bullet proof vests? Demand that they get weaker so that law enforcment could more easily
shoot through them? No. We should not treat encryption as a weapon either, because it isn't.
Spread the word.
Now, IANAL but, it seems this is the "catch-all" against prosecution: Next time you go to see your doctor, have him/her email you your records. Now you have a confidential set of documents on your hard drive. The Doctor Patient relationship is one of the most protected in the books. The feds searching your hard drive or sniffing your email could be considered an illegal breach of that confidentiality.
Just my $.02
Crowded elevator smell different to midget. -Chinese Proverb
This post brings out some interesting parallels between Bush's speech and 1984. And I have to admit I'm concerned about our constitutional rights. What good is a fight for freedom if we loose all of our liberty in the process?
On the other hand, societies living under the constant threat of seemingly random acts of serious violence and terrorism are not free societies. It's clear something needs to be done, and it's nearly equally clear that something will need to be violent. Radical Islam doesn't seem to be interested in anything we can acceptably give them.
So, can we find a path that accomplishes our goals without seriously trouncing on the Constitution? Probably, but I'm not convinced our Executive Branch will even try.
Two points do give me hope. I recently read an article about the Executive Branch overextending it's power during times of war. Lincoln and Roosevelt were heavy offenders, but the limitations didn't last beyond the war.
Second, during Bush's speech, when he referred to the current legislation proposed by the Ashcroft, the Supreme Court justices did not join the crowd and stand or applaud.
Restrictions on use of cryptography by law-abiding citizens is equivalent to unilateral disarmament in the field of computer security. Why is it that both bin Laden and the FBI consider the freedom of Americans to be a problem?
-russ
Don't piss off The Angry Economist
Yes yes yes, we all understand the implications and comparisons of and to Big Brother, Orwell, "1984," "We," "Anthem," "Brave New World" and any other dystopian novel or piece of rhetoric out of the mouths of the alarmists and into the minds of the gullible and naive. But does anyone honestly think it is possible for all of that to happen? Big Brother serves as a symbol rather than a specific person. This legend was propogated by ignorance and apathy and held in place by tyranny. I don't believe anyone who has read 1984 is any of these things and none of are about to let these things happen. I think that Bush's speech is more indicative of the fact of the fact that he is a nimrod (a national tragedy doesn't change that, sorry), doesn't know what to do and is finding out that gee gosh, it's hard being prezudent.
Luckily there are smart people in Washington who have raised an eyebrow or two about what is being proposed in his new policies. For one, Colin Powell, who seems the wisest of Bush's cabinet members isn't one for rushing out and conducting long drawn out conflicts without first weighing the consequences. This Big Brother argument, while compelling, only fuels more fears and suspicions, it is hardly the truth, in fact most of Big Brother arguments are based upon a work of fiction and while 1984 gives us all reason to pause, in any case, it is still just that.
Ashcroft is the one who scares me.
"With Ashcroft's declaration of computers as tools of terrorism, and law-enforcement pushing for enhanced surveillance, it appears that one of the first victims of America's new war may be the privacy of her citizens." I think the victims are underneath the WTC. People need to gain a little perspective.
It looks like most people here have decided to
wait until after they let off a suitcase nuke
in a major metropolitan area like Silicon Valley,
DC, or New York before they decide that gee, maybe
the U.S. Government ISN'T our enemy.
This article on Slashdot is shameful. Basically
the whole premise of this slashdot article is to
figure out ways to make the U.S.'s job harder.
Back in the '80s, a young police officer (with whom I used to play D&D when we were teens, and no, he wasn't a lawful good ranger) once told me he was facing a ring of drug traffickers. He was bitter about not able to keep up with them. These mobsters knew that they were under constant phonetap surveillance. This didn't stop them from using the (tapped) phone lines for setting up appointments and deliveries. And the law enforcement agencies never knew about these dug deals until way too late.
Their trick? The mobsters had imported a few natives from a remote North-African village, speaking a dialect that nobody else on Earth spoke. One of these guys on each end of a phone, and even tapped phones become secure! Of course, they used code words for street name and subway stations.
The Navajo code speakers used by the US transmissions during WWII also used the same principle. Not high-tech at all, but very efficient.
So I strongly suggest that all these laws against cryptography include an article mandating the use of a State-approved language on a phone line. Just like in the former Eastern European countries. Why, anything less stringent would put freedom itself at risk, right?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
This is a clasic reaction... To things they do not understand and can't control... fear
strike out at the things and people you fear...
morturii
Restricting encryption will have a double effect:
Assuming that the legal standards for prosecuting someone for sending encrypted email require the government to prove you have sent an encrypted message, there may be a trivial way to elude prosecution.
Argue that there is art in random data.
If we can successfully argue that we are sending random bits in our email as a form of artistic or religious expression, then there may be a (silly) way to bypass the (silly) laws.
Perfectly encrypted data, like perfectly compressed or perfectly random data has maximal entropy. Encrypted data looks random.
If someone claims you have sent an encrypted attachment to an email, claim that it's merely a file of random bits that you found to be particularly aesthetically or spiritually appealing.
They should be required to prove that it is not random data... which would require that they manage to decrypt it.
I use Linux on a modestly beefy machine (T-Bird 1.4GHz w/ 512MB RAM). I was thinking of encrypting an entire disk and running another full copy of Linux in a VMWare virutal machine for use in working on sensitive documents. No swap file on the host machine, so no information leakage that way.
My feel is that GPG is the best email encryption, though I'm concerned about traffic analysis (hey, don't laugh -- practicing paranoid procedures now can potentially save your butt later on). It seems Type II Mixmaster remailers are hard to find in a reliable state.
I can use stego on usenet, but how do I post in a reliably anonymous way?
Also, are there any good one time pad implimentations out there? Make a few thousand 1-4kb files from /dev/random, send copies to whoever, then use program xyz to XOR them correctly.
Also, is it time to revive the old "spook fodder" practice of the early 90's to pester Carnivore-type systems? How about email lists and moderated newsgroups that encrypt all messages to their users? This would make encrypted traffic the norm, so you don't look suspicous when you really do use it.
What real-world methods do all of you paranoid geeks use on a day-to-day basis?
Method of processing duck feet
Seriously though, if you are highly technically savvy (which I will assume since we are speaking about the state of the art) then you can not only create near unbreakable encryption, but near undetectable (or untraceable) encryption. Steganography is a child's toy compared to some of the things that are possible. The internet is a vast 86,400 / 365 information sea, slipping a few megabytes of low profile data into it is going to be hard to notice. By utilizing multiple techniques at the same time (hard encryption, low signal to noise ratio channels, low detectability communications, difficult traceability, etc.) you can be confident that even if someone found your data they would not be able to understand it or extract useful information from it.
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.
Take a refresher course on the fourth and fifth amendments to the Constitution.
How do you get from...
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Amendment V
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
...to rationalizing that it's OK to broaden the powers of an already Constitutionally dubious law? You like backdoors in encryption? Bugs surreptitiously planted on all of your friends and families' phones because you might use them? Taps on your keyboards? Centralized sniffers so they can find out what you're looking at and who you're talking to, then centralized sniffers on their networks just in case you don't e-mail from your usual account?
Nothing that they're asking for sounds reasonable to me.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms
Ack! Not RC6, not RC6. 15 of 20 rounds were broken during the AES selection process.
In fact, I'd suggest avoiding all of the AES candidates altogether. Even AES itself (nee Rijndael), for that matter--they're simply too new and not enough cryptanalysis has been performed of them.
The only two on your list which I'd recommend would be Blowfish and 3DES. Both of them have been around for years and have been extensively cryptanalyzed, with no significant results being discovered.
That is by _far_ the most paranoid thing I've ever heard.
"When the going gets Weird, the Weird turn Pro." - HST
I love the smell of Karma in the morning
Hey Joe, look at this cool sequence my random number generator just produced. It contains abosolutely no secret messages.
Isn't it nifty.
This debate is going no where, and you'll never get the majority of the population on your side. Here's why:
1) Popularity - How many of you, even those who consider yourselves activists, *always* use encryption? How many of you who support encryption usually send plaintext emails? You know who you are. How can you then expect "Joe user" to do the same?
2) Content - Most communications don't require privacy, plain and simple. How many government types or hackers really care how many tequila shots you did last night?
3) Abuse - Abuse or interception of "private" emails simply isn't rampant. It would be much easier to sell this position to the public if people were actually getting screwed because of intercepted email or governmental abuse.
4) Rights - This is a fight for a vague, ephemeral concept of "rights". On the other side of the coin, there's a smoking hole in the ground where 6,000 people once stood. Most people (including myself) value the safety of thier wives and children more than your right to hide "how stoned" you got last weekend from the eyes of the feds.
strong cryptography is: strongly encrypted data
is statistically indistinguishable from the output
of
distinguish between random bits and encrypted bits,
you are well on your way to cracking the cipher.
Therefore, if you want to make a nightmare for
people trying to detect steganography (which, when
properly implemented, strongly pre-encrypts data
before hiding it), simply make a regular habit of
steganographically hiding random noise in your
data (e.g., grab a few bytes from
and hide them in your JPEG collection with, e.g.,
JSTEG), and you will make it impossible to detect
even modest steganographic efforts.
has anyone tried to use steganography in mp3 files? it could be distribuited in peer-to-peer softwares and even less noticiable.
o _soft.html
some resources:
http://www.cl.cam.ac.uk/~fapp2/steganography/steg
- herman fuchs (fux@theend.com.br)
I read the story in the British Independent, and I'm struck by three passages:
> In this campaign, hi-tech weapons and long-term delivery systems will not be as important as human skills and human judgements
Here the writer makes a comment, which I think is true, on the usefulness of high-tech intelligence vs. human intelligence - i.e. that human-int is better (actually, what he means by "high-tech weapons" is anyone's guess, but I suppose he means things like high-tech intelligence)
> The US has identity cards and it didn't protect them. The terrorist who can forge a pilot's licence isn't going to have difficulty with identity cards.
Here he makes another very true point about the fact that ID cards aren't really going to protect anyone. If underage teens can get fake IDs to get beer, so can the terrorists. And making them more secure, using embedded microchips or holograms is probably just a waste of time, resources, and money which could be put to better use elsewhere.
> Should we end personal use of unbreakable codes in the net? Very likely. We must beware of giving carte blanche to those who would eat away at our freedoms
Here he goes off the deep end. First he says we should ban strong encryption. But he must know that terrorists aren't going to respect that. Then he has the audacity to say that we shouldn't allow this to eat away at our freedoms. What??!!
Jim
The Government are immoral to use this as excuse to spy on their citizens.
You should be aware, communication interception will not work on terrorists.
NSA experts even admit it.
Excerpt from USATODAY article, 'Bin Laden's cybertrail proves elusive'
WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.
Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.
Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.
All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.
********
You could ask those that deny above this:
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.:
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
This argument is made to pressure people into acquiesce - else appear guilty.
It does not address the real reason, why they want this information - they want a surveillance society.
They wish to invade your basic human right to privacy.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you.
IT IS A LIE - TERRORISTS WILL GET AROUND IT
+5, foony!
(anti-lameness filter crap)
What's ironic is that the government could embrace encryption and more effectively eliminate terrorism.
Imagine if everyone was required to have an ID card. This ID card has your name, photo and thumbprint, encrypted with a centrally held government private key. You would need the card to take a flight, get into government buildings, etc. It would be simple to make a small, self-contained device that would have the public key and could compare thumbprints or show a photograph. You would be guaranteed to be who you said you were, no name spelling alterations or alter egos possible.
Before a plane takes off, a computer program looks for people who are associated with the same criminal organization, and if too many flags go off we station extra sky marshals on that plane.
It's kind of scary to give up a basic right to anonymity (although I don't think it's guaranteed anywhere). However, I think I've actually convinced myself that in a time when a handful of people can cause so much damage, we need to know who is in a high risk location.
I know this has been brought up before, but I'd like to comment on it again... If you have an interest in privacy, you should try reading "The Truth Machine" by James Halperin for an alternative view. In my opinion, he makes a very good case that we would be better off to require cameras that are accessible by anyone in every public place than to have privacy. The 'accessible by anyone' is critical, of course.
It's a one time pad. The pad for the day is only used once, for one message. And, yeah, it wouldn't work if you wanted to encode War and Peace. Be great for e-mail though.
Best Slashdot Co
In my opinion a very naieve statement, as privacy is flushed in the lavatory, you will not have the right to hide anything anymore. So for privacy, goes the same song "there's no sunshine when she's gone...", people probably need to discover for themselves what they have to hide.
Also in my country, there's now the discussion going on about general identification regulations... Note that if introduce that, we're nothing better than the old Sovjet Union. I choose to be prosecuted for this.
Bizar technology?
disclaimer: im not a crypto freak, nor really a privacy either, so i might not know what im talking
As you describe it, its ofcourse clear that the way you describe it can be used to link people to other people but still the conversations between them can and will remain private.
Anonymous remailing took a bellypunch when anon.penet.fi got "invated" by scienlogists so its not as well used as it might have been before.
But...
HavenCo has recently started to host anonymous remailing. While there's a clear warning on the sites main page:
Considering this to the fact whats the business "catch" of the Havenco i hardly doupt that there will be any way for any parties to retrive sender/receiver information without physically executing "man-before-and-after" type of attack. (Which might be really hard to execute)
Anyway, The best thing with cryptographic tools is that you are on controls. 128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that. I would like to see that goverment computer farm which can cruch a bruteforce attack against that kind of cryptokeys.
yush
How can you prove that some data is encrypted?
If you take the 'BEGIN PGP MESSAGE' from a PGP encrypted message your just left with some rubbish that could be anything VbSOIf08ASzMb/EdpF2+SzOr8cfpt56U1S3NQn/wF6Iu could be an encrypted message, or it could be a random string, or something in anyone of 1000's of different formats. I wonder how Bush/Blair will twist the facts to tell the people that random numbers are now illigal (lol, quantum physics). The same goes for demanding keys, what if i've lost/forgotten the key? what are you going to do about it.
BTW, i'm going to the park on friday at about 9am... on the bus.
(where 'park' read whitehouse, where 'bus' read plane. where 'going' read crashing.)
This comment does not represent the views or opinions of the user.
Notice that plutonium, enriched uranium, and anthrax aren't on your list. The feds are trying to prevent terrorist attacks from happening again. We don't allow any Joe to get plutonium because it is unacceptably dangerous for it getting into the wrong hands. I could not create PGP and I doubt any of the terrorist could. Of course they could buy something similar but we've given it to them. The goal is make it harder to get this stuff. Making it more risky, leading to more opportunities for authorities to pick up on what someone may be planning. Policing intent is incredibly difficult. The alternative to your "ultimately unfulfilling and unsatisfying journey" is our cleaning up more ground zeros.
My guess is that if you used it enough, people would be able to pick out words and phrases that meant things like "bomb" or "airplane" if these were send prior to attacks. But then, suppose you combine new language with encryption?
I realize this is not the most practical method of security (I'm still trying to learn Spanish, much less an invented language), but still, is it secure?
...in a world where terrorists regularly use encryption to fly other people's computers into the sides of tall buildings.
--G
State of the Art no longer involves encryption itself - the question now is how to get it widely implemented.
The "State of the Art" right now is probably the FreeSWAN idea of optimistic IPSEC. Using secure DNS (DNSSEC), it provides the ability for any two hosts running FreeSWAN to set up a secure encrypted tunnel between themselves with no prior communication or other arrangement. The basic idea is that ALL communications between such hosts will be encrypted. Check it out.
Cliff, the first victim of the war on terrorism is not you lost of using PGP, its the thousands that died in the world trade center. I have no problem having you give up pgp so that other horrible things like that can be prevented. Think a little bit before writing offending things like that.
In war time, there is always lost of rights, and the write to use encription is borderline ridicoulus imho.
Ever heard the old saw that youre only 7 aquaintances removed from anyone on earth?
Its very close to true. Its called the network effect.
Now extrapolate: wiretapping all communication of a few hundred individuals becomes a wiretap of everyone in the entire country.
Would you still aquiesce to it, knowing what it implies?
If you are going to be picky about spelling, at least spell Arse correctly.
I own a small company in the IT Sector. I use PPDD and Loopback Encryption. Since PPDD is not actively developed anymore I had to switch to LoopAES recently. Both work like a charm. Since I have lots of customer passwords this is absolutely necessary. Furthermore I don't like the tax police to snoop around my assets ;-).
On the PalmPilot I use Strip and for Backups I pipe my TAR-Archives and dumps through GPG (no need to enter the password for backup which is cron'ed, just for restoration of files).
So I guess I am one example of extensive use of encryption.
Usually don't you paint a bulls-eye on your target, and leave the crosshairs on your scope where they belong?
Slashdot's token middle-aged housewife
Hm, 15/20 for RC6, as opposed to 8 / 11 or 9 / 13 for Rijndael? Um, OK.
Become a FSF associate member before the low #s are used
Once a day, encrypt a block of random data (or a random article from USENET) and email it to a random address.
Let the spooks figure that out.
An encryption algorithm has recently appeared where the author makes some extraordinary claims about its strength. The German Government had even threatened the author with prison for trying to create commerical applications with it.
Comments Please:
What hits me as immensely ironic is the fact that if the congress starts restricting civil liberties arbitrarily, the terrorist attacks will finally achieve their apparent objective: to destroy the Land of The Free.
-JR
-- Estoy feliz, feliz de que no sea cierto.
George's address did not really deal with the question 'why'? "Follow the Money" is a standard investigative approach. Indeed, It's often touted as the investigative approach. So, who stands to benefit financially from the events of September 11 and it's likely aftermath?
5
d t.html This has undoubtedly added to the pressure on the trade in illicit drugs.
a heron.html, "General Maurice Belleux, the former chief of French intelligence for Indochina" explained in detail "how his agency had controlled Indochina's illicit drug trade and used it to finance clandestine operations against Communist guerrillas. The general added that 'your CIA' had inherited his network of covert action allies when the French quit Vietnam in 1964."
The answer seems to be the illicit drug trade.
"Trafficking in heroin alone each year is estimated to be a $ 300 billion business," according to Dr. Ikramul Haqin in 'Money laundering and drug business' at http://www.dawn.com/2001/07/23/ebr7.htm
"International narcotics experts have commended Afghanistan's Taliban rulers for virtually wiping out opium production from a country that until two years ago provided three-quarters of the world's supply." (The Independent (UK), 17 February 2001) http://www.independent.co.uk/story.jsp?story=5650
Three quarters of $300 billion is $225 billion. The numbers must be no better than approximate, so lets call it $200 billion per year. If Slashdot has 1,000,000 readers, it works out to $200,000 for each of them! If 5,000 people died in the attacks, it works out to $40,000,000 each! That's lots of money, by anybody's standard.
In addition, "Pakistan has ended poppy production" (The Times of India, 23 January 2001) http://www.ipcs.org/archives/03mar2001/01jan-mar-
Could September 11 have been the response of the illicit drug trade? And why, with all the 24 x 7 media coverage, is no one "following the money?" Why is it cryptography and 1984 instead?
According to Alfred W. McCoy in 'THE POLITICS OF HEROIN, CIA Complicity In The Global Drug Trade' at http://users.lycaeum.org/~painter/DARKALLIANCE/ci
Perhaps the CIA got out of the illicit drug trade years ago, if they ever even got into it. One man's claim is not proof.
It is public knowledge that George Bush senior was head of the CIA before being elected president of the US. And it is also public knowledge that the current Vice President, Dick Cheney, and many other senior members of the current US government, was a senior member of the government of the former President, George Bush.
Are these people involved, directly or indirectly?
Who else stands to benefit?
Now that the volunteers have been replaced by professional cleanup crews, those people are benefiting, but it's extremely unlikely that anyone engineered the attacks for $20 or $40 an hour.
What about the aircraft and airline industries. Video conferencing, the bursting of the dot com bubble and the aggressive pricing of air travel have lead to a drastic decline in passenger air travel. These industries are now asking for tens of billions of dollars in "emergency support". But, while they have the intestinal fortitude to cut tens of thousands of jobs, they don't seem to have what it takes to kill thousands of people. Or do they?
It was suggested the other day that bin Laden might have made money by selling insurance stock short the day before the attack. But financial analysts quickly dismissed that as unlikely, based upon the actual data. Osama bin Laden might have engineered the attack for non-monetary reasons. But we haven't seen any proof. And if so, he certainly seems to have handed a huge financial windfall to the illicit drug trade that his hosts have worked so hard to shut down. That would not be appropriate behavior for a 'guest'.
So, who else? I don't have the answer, but why is no one asking. Why do we hear 1984 instead?
Could some of the Open Source / Free Software folks have engineered the attacks because they were out of work after the dot coms crashed? One thing that struck me as particularly strange about the discussion threads on Slashdot was the total absence of comments about the impact on the computer infrastructure caused by the World Trade Center explosions. Where were the nerds who know?
It seems like it would be, until someone brings in a team of 1000s of expert linguists.
Most likely, steg data is detectable in images with areas of similar color or continuous gradients. But will it be detectable in, say, a .wav containing white noise, or an image filled with random data? Of course, mailing useless images or mp3s with noise around would be a little suspicious.
in several countries. For example in New Zealand they break down gang houses if they put up too much reinforcement...
In England for centuries you needed a licence to crenellate from the King.
Ignoring some of the humour value, I hope someone in the media makes a bit of noise about the fact that making strong encryption have backdoors has no effect at all on the use of other methods like pre-exchanged one time pads and the use of little-known languages.
That aside as well, who's going to force the terrorists to use the state-approved software in the first place? That's what I thought....
- Michael T. Babcock (Yes, I blog)
he is with us you dumb fuck..he has already said he hopes for peace but would understand if the U.S. takes military action. so your post is bullshit.
"Using 4-bits of each sample sounds like a lot. I would imagine that even untrained ears could discern the quality difference between a stegged file and an original."
The original poster stated:
"yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits"
If people will accept the lower fidelity rips from a sound card (which they do), randomizing the least-significant four bits won't make a big difference.
I think you meant "a team of 1,000 cunning linguists"...
1. Mutt does not recognize (by default, anyway) a PGP message that is not PGP/MIME. A plain old text-encrypted message has to be saved to a file and decrypted. IMO, that's broken.
2. Outlook does not recognize PGP/MIME and handles it as an attachment. This means, if I encrypt a message using Mutt and send it to someone who is using Outlook, that person again has to save it to a file to decrypt. That's broken.
3. Out of a half-dozen or so options which I examined, there is a single functional plugin for Outlook that enables you to easily encrypt/decrypt mail. That's from a site in Germany. It seems like a good product, but since Outlook's handling of PGP/MIME is broken, it's not useful for incoming mail.
4. This plugin produces the old-fashioned text-encrypted message that Mutt won't handle correctly.
I would love to be able to get together with my friends and help them set up encrypted mail. But the plain fact is, there is no "easy" way to do it. Going from one type of mail client to another is a pain in the ass. And what about Eudora, fatal OE, Pine, Pegasus and all the other clients?
Like it or not, mail encryption is the geek equivalent of "classic" books -- those books "everybody talks about and nobody reads."
mp
"The secret to strong security: less reliance on secrets." -- Whitfield Diffie
The old saw involves who you know, not who you remain in constant communication with, through a wiretappable link.
There's a huge difference between the pool of tappable people and the pool of (7 degrees of separation-) known people.
America.. South, central or north america, what these buttheads mean?
US is really a democracy: once everyone starts saying that Mr. Laden is the WTC terrorist acts sponsor, he immediately becomes guilt. The press, the president, the people, everyone talks about justice, while the FBI still doesn't have any proofs. What a good people these ones who think they are "the number ones" and that can't see how their press coverage is partial and blind.
Now this "super" country will get really doomed by destroying his own people privacity, even after being in deep discussions about the impact of setting backdoors in crypto products for a decade. "Americans" are really dumb by thinking that terrorists will only use "Made In USA" crypto products.
I think the so called "Americans" won't be able to think rationally anymore - they have been trapped by their own tricks, and in the need to revenge for that nasty terrorist attack, something nicer than most "international actions" the USA have taken in the past, they will alienate and predate themselves. USA is definitely a doomed country.
Why do people still believe that encryption guarantees privacy? Ridiculous!
A few months ago I read here on Slashdot (and that was also a quote, I forgot from where) a good description of the important difference between secrecy and privacy: "What you do in the bathroom is not a secret, but it is private."
To ensure privacy in electronic communication you can use encryption. For secrecy you might consider steganography.
What you are asking for in your post is secrecy, not privacy. The civil right to privacy is much easier to agree on than the right to secrecy.
Secrecy itself should never be a crime. If there is a crime, it is the action/message that is cloaked in secrecy. There are cases where secrecy is:
- perfectly allowable (e.g. contract negotiations between companies; organizing a surprise party for your colleague),
- not illegal but immoral (e.g. adultery)
- both illegal and immoral (no example necessary).
The government is targeting that last case. I think everybody agrees that that is perfectly OK, that is what they are for. But the government should make clear in there plans that they will recognize these distinctions; and we at Slashdot should also keep the discussion clear and not mix these things up.
I see an analogy between guns and secrecy. Both have their legal and illegal uses. Laws about gun control and laws about secrecy control are both problematic (especially in the US).
I currently use Cypherus (http://www.cypherus.com/ ) as my encryption method of choice. Here are a few Pros v Cons:
.. ) and within a week I had a response asking for clarification. Two weeks later, I was told my change would be included in the 2.0 version. . . and it is!
.but this is mainly targeted at the millions of mainstream PC users, and not your /. reader type of user on their *nix box)
PROS
Strong Key: Customizable,128bit up to 448bit. Uses Blowfish algorithm for encryption. Diffie-Hellman protocol to manage its public keys
Grandma Friendly: Drag and drop for files, erasing / wiping, single click email encrypt / decrypt for Outlook, Outlook Express, Netscape, Eudora (my client of choice)
Recursive: Can recursively encrypt from a single file up to directories or entire drives. Also compacts archived files (a ~450MB misc data file drive of mine compacted to 300MB)
Fast: I encrypted a 700MB divx dvd rip in about 5 minutes on an AMD K6-2 400MHz machine.
Non-Owner Friendly: Anyone can decrypt a message sent by Cypherus even if they don't own Cypherus, using Cypherus' web site. Enter the key previously sent to you, then paste the text of the message and your done! Also, encrypted archives can be turned into self extracting archives if the recipient has the key.
Trial: 30 day free trial download.
Skin-able: Design your own skin for Cypherus like Winamp, etc.
One Time Cost: Once you own Cypherus, you get all updates free. No re-licensing. No annual fee for your key.
Dev Team: I contacted the team with a usability issue (why the heck did they put that menu option under that heading instead of .
CONS
Price: Not Free as in Beer. The Software is $50 per license. But that is still a pretty cheap one time expense.
Non GPL: Proprietary. They can't all be I guess.
Platform: Windoz only (I know I know . .
New: The product has moved from beta only 1.5 years ago.
DL a copy and give it a try. Feel free to email with "you're an idiot", to "j00 r 1337", and anything inbetween.
robi
currently in use by the NSA. They hire more mathematicians than any other company/organization in the world. The rest of the world might catch up in 10 years or so.
The funny thing is that most of the people urging caution and restraint are far from peaceniks: They're just intelligent, reasonable, and rational. To ask "What is the point of doing this? What will it achieve? What will best achieve our goals?" apparently is "left wing" to the whackos in these times of crisis.
Let me put it this way: If the US goes and bombs the hell out of whereever-land, and that pushes 100 more fanatics to join the anti-US crusade, and they come over and poison the water and blow up some aircraft, I hope every looney that pushed for instant reaction no matter what the results should be tried for murder. The simple reality is that it is a vicious cycle of cause and effects, and it's a sad day that so many people don't try whatsoever to understand the situation or how to solve it. I don't know myself, but I do know that declaring war on the world isn't the solution.
I heard a funny caller on a call-in show last night (here in Ontario) that proclaimed "Nuke em all and shoot em when they glow", and while that is funny and humorous and all, when their children come back and kill YOU are partly responsible for it. As the old saying goes: "If it was an eye for an eye then everyone would be blind" and that's 100% true. When some wanker US politicians proclaims that this is "retaliation" he should realize that his words could just as likely be coming out of terrorist's mouths for the many atrocities doled out to their people.
BTW: I am not a peacenik, and if it solved things then warm up the nukes and send in the M1A1s: IF IT SOLVES ANYTHING. If it's just to stroke yourself and show you might while continuing the hate then lay off.
...the FBI doesn't need to prove probable cause. Just say "it should advance our investigation" and you're golden.
And when it comes to the impact on personal privacy, EPIC says it better than I can. Increased powers of wiretapping - judicial oversight != a good thing in my book.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
Regulate acid, phosphor, and any other such chemicals (to cover your rather vauge 4th item). Also, prohibit items of glass or metal from being carried on the plane. Prohibiting all carry on items would also work.
Are you working up to your point, or was that it?
I don't mean to make certain institutions out to be ignorant or anything, but the whole -point- of steganography is that you're not supposed to know it's in wide use. You just see files and information that look completely harmless, but hiding underlying, invisible information beneath it. If they don't see it that probably means that it's working just fine :>
since when does morality has something to do with encryption? Using encryption or not is not immoral, what you encrypt with it might seem immoral to other people... but, who cares anyways? looks like the terrorist were using hotmail accounts... (or some other free email service)
slashbots are just getting really pathetic here.
Live Free of Die
fialar
Unbreakable. Ancient. Easy to code. Not technically "encryption" depending on how you define the term, but does the same thing. Add in some arbitrary obfuscation (one if by land, two if by sea) and some steganeganogginagraphitti if so inclined and I'd say you're as secure as with a few passes of DES, a pass of Blowfish, and a UUENCODE-style alpha only conversion followed by 26 passes of ROT-13.
How do y0u k.now thi.s post is..n't a s.3cr.et messa.ge? Ar.e y.o.u pa..ra.n0id? The eagle flies at dawn, leave no stone unturned, and now a message for Mr. and Mrs. America and all the ships at sea: the walrus is cold at night.
14 23 27 19 10 12 88
AC's cheerfully ignored
To begin with, it is arguably good that this happened. The West is wide open to suicidal terrorist attacks, and if there were ever such an attack with a nuclear bomb, things would be a lot worse. Many people have been warning about this for some time. Now at least some preventative measures will be taken, and the risks will be reduced. Nuclear bombs are actually trivial to make if you have weapons-grade uranium (still a large "if"); so the risk is significant. Bin Laden has been trying to arm himself with nukes for years.
If we want to understand what happened, we should ask what the terrorists' motivations were for attacking. The terrorists say that they hate America for its actions against Muslims in Palestine and Iraq, and Islam teaches that Muslims should aid other Muslims. So, what have been America's actions?
The Palestinians have been brutalized by the Israelis. Consider that the UN High Commissioner for Human Rights stated that rarely had a people been in so obvious need of international protection--last November, after seeing children whose eyes had been blown out by Israeli bullets and watching 40000 Palestinians kept under curfew so that 235 Israelis could go about their business (in Hebron). The Palestinians have repeatedly asked for international observers, but always had this blocked by Israel and America. Palestinians have long been tortured in Israel (this is government- sanctioned). The recent UN report headed by American ex-senator Mitchell made various recommendations, which were entirely accepted by the Palestinian Authority and rejected by Israel. Basically all other independent reports conclude that the Palestinians are treated abominably, including severe economic deprivations. (This is not to say that Israel does not have valid security concerns or grievances against Palestinians.)
Israel can only act this way because of American support. Indeed, America supplies advanced arms, gives Israel's six million citizens billions each year, and is often virtually the sole supporter of Israel in UN discussions-- such as discussions about Israel's violations of UN resolutions. So America is an accomplice. Even the British Foreign Secretary has now acknowledged that "One of the factors which helps breed terrorism is the anger which many people in [the Middle East] feel at events over the years in Palestine."
Some people have claimed that Bill Clinton tried to achieve peace, and so America should not be held to blame. But Israel only exists because of American support. And America, under Clinton, did not use this power. Under Bush Sr., things were different: Bush Sr. threatened to withhold $10 billion in loans (strictly, loan guarantees), if Israel remained brutal. This worked: the Oslo peace process. The process could have remained on track if America had decided to force Israel to keep it signed word.
In Iraq, American-dictated sanctions ban anything that could conceivably be used for the military. For example, pencils contain carbon and carbon is often used in nuclear reactors; so pencils were banned. The sanctions are horrid. The sanctions regime is always supervised by a non-American (for political/PR reasons), and the supervisors have always quit in disgust after about a year, which says a lot. Iraq's infrastructure and economy are being crushed, at enormous cost. For example, according to UN estimates, the sanctions have resulted in the death of half a million children under five. (None of his is to suggest that Saddam is undeserving of a very tight leash, nor that this could be applied without the people suffering significantly.)
What does bin Laden say? Even if he was not directly involved in the attacks (which seems unlikely), he is a leading member of the terrorist network; so his words very probably count for something. And in the past he seems to have spoken more or less honestly about his intentions. In a 1999 interview, he said he wanted to instigate "... jihad against the Jews and the Americans" and, citing the sanctions against Iraq, he added, "Our enemy is the crusader alliance led by America, Britain, and Israel." And in 1998, he and four others signed the World Islamic Front Statement, which advocates killing Americans for three reasons: America's support of Israel, America's killing of over a million Iraqis (a figure consistent with UN estimates), and America's stationing its armed forces in the Arabian peninsula. Regarding the third reason, the main complaint seems to be that America is using the peninsula as a base for aggression against Iraq--i.e. the second and third reasons are closely related--though it is also true that Muslims consider the peninsula holy and many do not want non-Muslims permanently residing there.
The leader of the Taliban has also said why America was attacked: because America's cruel foreign policies perpetrated atrocities in Muslim countries.
So, this is not an attack on democracy and freedom per se, as George Bush claims. Nor is it a culture-based "clash of civilizations", as some commentators have tried to claim (alluding to a 1993 essay by Samuel Huntington). Nor is it an attack based on spiteful envy of American might, as some others have claimed. This is an attack by Muslim fanatics on non-Muslims who have been brutalizing Muslims. Many Muslims around the world have stated that they share the hatred felt by the terrorists, for the reasons given above, even if they strongly condemn the terrorist attacks.
(Some people point out that Muslims sometimes also brutalize other Muslims. This is true. Any group of people will have internal conflicts, occasionally very severe--as here--but still often pull together when attacked from outside. This is generally true of families, for example. It is also true of Americans--as this month has shown. It is something to be proud of.)
The terrorist attacks appear to have opened an enormous well-spring of Muslim anti-American feelings. Muslim demonstrations against America have been widely reported--even though demonstrators, when interviewed, have said they are against the terrorist attacks. In Indonesia (85% Muslim), gangs of extremists have been going into hotels searching for Americans.
Many Americans seem greatly confused by widespread Muslim hatred. To them, the claim that America desires to control the world is ludicrous. Especially since the end of the Cold War, America has tended to interfere in the affairs of other countries only under extreme circumstances. The Balkans is the prime example--where Europe fretted fecklessly while tens of thousands were killed or raped. Almost all Americans simply want the world to develop in peace and prosperity--and, incredibly, they ask for nothing in return despite being the world's greatest guarantor of this. But, for Muslims, it does not look that way. America helps a state with which it is friendly--Israel--and tries to squash a state that is very threatening and sinister--Iraq--and it ends up looking imperialistic.
Regarding the terrorists' motivations, it is interesting to compare the reports given by American and British mass media. I've spent many hours watching CNN and BBC World, and looked at several major newspapers in both America and Britain. Broadly, the American media has portrayed the terrorists as crazies who are against economic modernization and Western culture. Broadly, the British media tends to say that the terrorists are at least rational and that America inspired the hatred that they feel by its support of Israel. (Of course British media still condemn the attacks.)
Britain has not really supported America's actions in Israel/Palestine. In fact, the previous Foreign Secretary (Robin Cook) was fired in part because he was too blatant in his support for Palestinians. But Britain has--almost alone (to my knowledge)--both aided and supported America's actions against Iraq. The British media thus cites the main Muslim grievance in which Britain is blameless and largely ignores the other. The American media ignores both. Even considering some criticism is unacceptable, it seems.
The media made a lot of sacrifices when the terrorists struck. Hundreds of millions of dollars in advertising were lost as commercials were pulled from TV to make way for more news. And it was clear that many commentators very much had their hearts in their work. I still believe, however, that the media has done a disservice to people by failing to present the terrorists' true motivations--even if they disagreed with them.
The big question now is what can/will be done to make things safer. Despite all the hype, suicide bombers are rare. But, there are about a billion Muslims in the world; so even if only one in a 100000 becomes a bomber, that's 10000 overall. More people will now want to become bombers, though, for three reasons: the success of the attacks on America, the hero status often accorded suicide bombers (in Palestine as well), and the continuing despair that many Muslims feel about the plight of Palestinians and Iraqis.
One obvious way to increase Western safety is to inspire less hatred and give Muslims some hope for a better future. It was the crushing of hope by Israel that led to the recent spate of suicide bombers there. America is plainly well aware of this. Thus, although in the first week Israeli PM Sharon was stating that he still wanted to conquer the Palestinians, on September 18th he did an about-face--obviously under great American pressure. Real peace needs to be brought to Palestine. Arafat wants it, but with land; Sharon only wants victory, but might give in; and there are extremists in both Palestine and Israel who will try hard to derail peace. So lasting peace will hard to get, but maybe ... maybe. As for Iraq actions,
this is under American control; so sanctions should ease rapidly ... maybe.
In addition to these diplomatic efforts, there is going to be a military effort. The one purely-American purely-military option that I've seen that might potentially do something is to nuke Afghanistan. This would be politically very difficult. It would also inspire so much hatred in the Muslim world that for each terrorist killed, several more would be spawned. So I don't believe that America will do this. (On the other hand, Russia wants to help generally. And Russia has an enormous grudge against Afghanistan for beating it the 1980s and even more now for Afghan support of the Chechnya rebels. Russian TV has recently been reporting that Russia plans to nuke Afghanistan. I've no idea what to make of this, but suspect, or hope, that nothing will actually happen.)
Some people have suggested heavy (non-nuclear) bombing of Afghanistan, to force the Taliban into expelling the terrorists. There are no substantial military or political targets, however, and the Afghan economy is now virtually nonexistent, thanks to international sanctions and an extended drought. The UN estimates that by November (after snow starts falling), five million Afghans will be dependent on food aid--out of a population of 20 million. So if the objective is to crush the economy, simply stopping food aid would do more than any bombs. In fact, this is now happening, as relief agencies flee the country out of fear of military action. Actual bombing seems pointless, then, except perhaps as PR. Will a famine (induced by bombing or threat thereof) compel the Taliban into expelling the terrorists? This is dubious: the Taliban apparently shelter the terrorists because of an Islamic custom--if someone seeks refuge in your tribe, you have to protect him, regardless of the cost (the Taliban actually have little interest in the world outside Afghanistan.) Inducing a famine is also risky: if a million die, it will fuel more Muslim hatred. Would it be moral? You decide.
There has been much discussion about sending special forces into Afghanistan. This requires intelligence on where the terrorists are hiding. Indeed, by now many of the terrorists will be dispersed among the population: good intelligence from the ground is essential for successful special-forces action against them. America apparently does not have this intelligence itself. It might try to bludgeon the ruling Taliban into supplying such intelligence, but it is uncertain, at best, that the Taliban should be relied upon to act in good faith, if they acted.
The Taliban, however, are very close with Pakistan (see below). So if America were to work with Pakistan for intelligence, it might get somewhere. The president of Pakistan has pledged full support, but this might mean little. The support has to come from the people on the ground, and there have been many demonstrations in Pakistan against helping America. I know of three reasons for these demonstrations. First, Pakistani's are Muslims (95%) and they blame America for what is happening to Muslims in Palestine and Iraq. Second, they don't like being bullied by Westerners generally. The third reason is more involved; briefly, it's as follows.
The current border between Pakistan and Afghanistan is actually just a line of control (the Durand line), from a treaty that expired about five years ago. It was never clear what was to happen when the treaty expired: likely Pashtoonistan--an area overlapping both Pakistan and Afghanistan--was to be made into a state. The Pashtoon people make up nearly half of all Afghans, and they control Afghanistan; so likely Pashtoonistan and Afghanistan would become one. The effect would thus be to have Pakistan cede territory to Afghanistan. (A rough analogy might be how Britain ceded Hong Kong to China after the expiration of a 100-year treaty/lease. The Durand treaty was drawn up in the 1890s, when Pakistan was still a part of India.)
Pakistanis, especially in the military, are very reluctant to cede a large part of their country to Afghanistan. That's why Pakistan created the Taliban. The Taliban were given both military and religious training in Pakistan. They also got lots of arms and money from Pakistan, which is why they were able to conquer (most of) Afghanistan. They were largely controlled by Pakistan, though. And under Pakistani control, they did not force the issue of Pashtoonistan. (Lately, Pakistani control has weakened.)
America has addressed this by telling Pakistan that unless it helps, America might rid Pakistan of its nuclear installations and support India militarily: in effect, saying that Pakistan would be liable to lose a majority of its territory (to India) rather than a minority (to Afghanistan). The president of Pakistan has made a televised speech warning people "bad results could put in danger our territorial integrity." This should help to focus the minds of those in the military, especially since Pakistan has a military government. Yet, it has had little effect on the populace, who are more motivated by sympathy for fellow Muslims. Will the low-ranking Pakistani soldiers on the ground go along and will they get enough intelligence from Afghanistan with little help from the populace?
My guess is that Pakistan will pretend to go along, and perhaps even help find a way to get bin Laden--which is good for PR, but not for really eradicating the terrorist network. Maybe America will eventually help to formalize Pakistan's borders, which would facilitate greater Pakistani support. I have not, however, seen this discussed publicly.
There also seems to be a common view that the Taliban should be forcibly removed from government. The likely approach here will be to strongly support the anti-Taliban forces that currently control under 10% of (northern) Afghanistan. (This support might include bombing, but only on a small scale.) Starved of external military support, the Taliban should crumble quickly. One complicating factor is that any large military campaign in the Afghan winter is very difficult, and winter arrives in about October. What is also important is to avoid making it seem as if this is American imperialism, which would unite the populace and draw wide Muslim anger.
The military action, whatever form it takes, will make it difficult for the terrorists to train or actively maintain their network in Afghanistan. Capturing many terrorists, though, seems unrealistic. The threatened mass bombing has made this even more difficult, since many Afghans have fled population centers for safety: there seems no good way to find a terrorist, who looks and acts ordinary, in their midst. If the Taliban are removed from government, though, perhaps more Afghans would then supply intelligence.
There is also a lot of detective work underway. Within America, and some other countries, this seems to be on track for some success, for identifying terrorists and also for choking their financing. There appear to be a large number of suicidal Islamic terrorists in the network that attacked America, though. Estimates are rough, but there could be a thousand who have deeply infiltrated the West. As an example, one of the highjackers had apparently spent several years in Germany getting a technical degree. The network has supposedly spread to roughly 40 countries, which will hinder tracing it. Also, there is no real command structure: there is only a network (like the Internet is a network) with some people more influential than others; so even if someone like bin Laden is caught, the network would hardly be eradicated (a bit like taking out a few major nodes of the Internet would do little). Tracing the network is thus going to take a long effort, but should succeed.
Diplomatic, military, and detective efforts could also be supplemented with religious efforts, though I have not seen this discussed much. Bin Laden has claimed that he is instigating a jihad. Jihads were fought many centuries ago, against the crusaders. The jihad concept was then largely forgotten. When the Soviets invaded Afghanistan in 1979, the CIA looked for ways to help motivate the Afghans to fight (this was during the cold war; so the CIA was arguably justified). One of they ways the CIA came up with was the revival of the long-abandoned notion of jihad. It worked (although the defining event in the Afghan-Soviet war was probably America's decision to supply the Afghans with shoulder-launched Stinger anti-aircraft missiles).
The Koran, though, teaches that a jihad should not harm women and children. And bin Laden himself said (in 1999) that "God ... has prohibited the killing
of women and children unless the women are active fighters." Fighting the
Soviet army fits with this. Crashing planes into the World Trade Center does
not. Of course, religious fanatics can twist anything ("America is a
democracy; so the people are directly responsible for what their government
does; so the women killed in the World Trade Center were active fighters."--
maybe?). But I believe that it should be possible to use the Koran, and
perhaps even Muslim clerics, to motivate Afghans against the terrorists.
What are the overall conclusions? In the short term, there is small, but real, risk of another terrorist assault, against America or perhaps Britain (or Israel). In the medium term, the terrorist network will be attacked and largely eradicated, and America's resolve will make all countries very hesitant about sponsoring other terrorist networks. Additionally, there will be widespread, permanent, increases in security measures. Individual terrorist incidents, however, do not require a sophisticated network or large resources (remember Oklahoma City). It is not realistic to expect to be able to prevent them all. In the long term, then, we also need to lessen the causes of Muslim grievances, even if it means facing up to our past mistakes.
Some sources:a nscript_binladen1_990110.html w a.htm n dex.html t /newsid_1552000/1552900.stm
The 1999 interview with Osama bin Laden-- http://abcnews.go.com/sections/world/DailyNews/tr
The 1998 World Islamic Front Statement-- http://www.fas.org/irp/world/para/docs/980223-fat
Some insights into Afghanistan-- http://www.iranian.com/Opinion/2001/June/Afghan/i
The home page of the Palestinian Authority, with many more related links-- http://www.pna.gov.ps/
Links to insightful news stories on Afghanistan, Israel, Pakistan, etc.-- http://www.economist.com/countries/
A UNICEF news release on child mortality in Iraq-- http://www.unicef.org/newsline/99pr29.htm
A BBC report entitled "Explaining Arab Anger" [September 19th]-- http://news.bbc.co.uk/hi/english/world/middle_eas
(I am the original poster, rjh--I'm connected from a public terminal, so I'm not logging in.)
I'm unaware of the 8/11 or 9/13 Rijndael attacks. Could you please back this claim up by showing me a peer-reviewed reference which strates this?
We should not ban encryption because it does not stop all terrorists.
We should not restrict driving laws because it does not stop all accidents.
We should not lock our doors because it does not stop all intruders.
Okay...what am I missing? These are logically equivalent, aren't they?
He's talking about when our (The U.S. governement) supplied him with arms and trained both him and his army, and in fact put the Taliban in power, so that we'd have an ally near Russia during the cold war.
Yeah, great idea. Perhaps you could apply the same logic to the criminal justice system as well.
Convicted of stealing? Cut their families' hands off!
Convicted of murder? Shoot their families and friends!
Rape? Castrate all their male acquantainces.
Terrorism? Bomb their women and children!
Maybe it would cut down crime... or maybe it would lead to the overthrow of the government by people sickened at the sight of burning babies.
1. That it existed (surprise, surprise)
2. That there is some evidence that the network is used for industrial espionage in some instances.
It goes on to recommend that the only way to protect against the use of this system for industrial espionage is if everybody in Europe, or at least all commercial entities, routinely encrypt all electronic communications.
The point is that in a capitalist society, commercial entities at least often have things to hide for perfectly reasonable and legitimate reasons to do with competition.
Never trust a man in a blue trench coat, Never drive a car when you're dead
This report is freely downloadable, but I can't remember where I downloaded it from. Search for OM-Europarl.pdf. Or email me and I'll send it back to you if you like, nut@clear.net.nz
Never trust a man in a blue trench coat, Never drive a car when you're dead
Immorality refers to them using these poor peoples deaths - as an excuse to violate everybodies privacy.
They know terrorists will get around it.
They know people are afraid that they may be next.
Government are scum to use peoples emotions like this.
United States Department of Commerce ignores your First Amendment Rights - WIPO.org.uk
When you talk real strong crypto the cipher within PGP are outdated and I have indications that can be broken with any key length.
I have seem some Portuguese non-public ciphers much ahead of their time.
No wonder you get bombed, even Afgans have better ciphers. You are living with Cold Ward Nostalgia, Like if the US was ever a "great power". Welcome to New World Order!!!
The government of the USA is the largest organization in the world, and you want to give it access to all information about you, on the basis that *some* of the employees of the government are responsible enough not to abuse their priveliges?
TYPE II ERROR! Corrupt officials now have access to all of your information!
A significant fraction of the government is most assuredly not trustworthy. Just because they're government doesn't mean they're good, or even that they have good intentions. Ask most of Central/South America what the US has done for their social stability... say for example, Chile under Allende.
Government should *never* be trusted simply because it has power. In fact, a wise man would argue that no power should be trusted.
After all, that's the way "national security" works. Why not use their logic against them?
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
for example, the use of RC4 in 802.11b wireless equipment
I've noticed that the "The Base" group of bin Laden communicates through Slashdot by hiding encrypted messages in ASCII pictures of men bending over and stretching a certain body part.
But then, who will believe me..
You can always rely on the Official Discordian Super Sercret Cryptographic Cypher Code, from the Principia Discordia:
DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE,
Of possible interest to all Discordians, this information is herewith released from the vaults of A.I.S.B., under the auspices of Episkopos Dr. Mordecai Malignatius, KNS.
SAMPLE MESSAGE: ("HAIL ERIS")
CONVERSION:
[Simple letter-to number conversion: A=1, B=2, etc.]
STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the end (HLRSAIEI)
STEP 2. Reverse order (IEIASRLH)
STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
STEP 5. Convert back to letters (AEHIILRS)
This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.
BEWARE! THE PARANOIDS ARE WATCHING YOU!
- - - -
The real Tetsujin 28 is a giant robot.
Encryption is but one small detail in a sea of problems. Before a solution can be found, we must understand the problem--something the folks in government aren't very good at, especially when the problem is technical and scientific. This country has several very major problems, with deep roots. An easy-to-grasp example manifests itself in airline security (a common subject of conversation nowadays). The problem is twofold: first, public education in this country quite frankly sucks, and secondly, most people in this country expect the government to solve their problems for them.
The public education system in this country teaches students how to read, write and do arithmetic, but these are really just side-effects of the underlying agenda: teaching students, starting in kindergarden, to follow directions. I clearly remember getting points off my math homework for figuring out the answer a different, shorter way--points were taken off even when I had the correct answer! On one occasion, the teacher specifically told me that I hadn't followed directions, which is supposedly more important than the answer. On another occasion, a teacher admitted to me that when she studied to become a teacher, she was taught that teachers assign homework to their students not to exercise their new knowledge, but to see which ones do the homework and turn it in on time--another way of following directions. While I agree that homework (or any work) should be delivered on time, I believe that the results should be considered more important. Take a look at The Matrix: Mr. Anderson is expected to be at his desk on time every day--they don't care if he delivers results as long as he follows directions. There is an important pattern here...
The government spends way too much time and money writing long, cumbersome, complicated rules and regulations, to regulate things down to the smallest imaginable details. For example, someone once said that the entire Constitution is roughly 1/12 the length of a bill regulating the sale of cabbage. OSHA makes up workplace rules that make industrial work all but impossible. (This is more true in large corporate factories, where more time is spent filling out paperwork than actually accomplishing any work.) And finally (this one is the saddest--or the most amusing, depending on your point of view), a guy on 60 Minutes said that the FAA defines exactly what threats the security rent-a-cops are supposed to look for. One is a bomb, which is defined as an otherwise empty bag containing a bundle of dynamite with a big analog clock stuck on the side. (And I suppose they can only get you for this if you're wearing a black mask and a zorro-style hat.)
Coming back to the subject, the purpose of the past two paragraphs was to show you that first, the educational system (the government) teaches you to follow directions, and then, they compose mountains of directions covering every possible subject. The problem with this approach is that you can't code every possible combination beforehand--you have to figure out a pattern and come up with guidelines. The human mind has the capability (and beyond) to think on its own, in real time.
I mentioned above that "most people in this country expect the government to solve their problems for them," and haven't talked about that yet. This is one of the biggest reasons we have such a bloated and expensive government. There are government programs in place for everything, even for deciding what can be considered fine art and what can't. I heard a fine example of this on the radio last night--a guy called one of those talk-radio shows and suggested that the government should install solar panelling on all the buildings in our country so we won't be so dependant on the middle east for oil. Why does he expect the government to do this for him? If he wants solar panels on his house, then he should buy them and put them there! The government has no business placing solar cells on anybody's roof. This is the second part of a huge problem that starts in our education system--a colossal number of people in this country think the government should share in their personal problems.
I believe the government should spend less time and taxpayer money sticking their noses in our business. Instead, they should spend more of that fiat dough on improving the education system. This doesn't mean putting more Dells or iMacs in schools--if it were up to me, students would be required to handwrite their reports in cursive. It's an important but forgotten part of education called penmanship. An improved education system is one where students are taught, from day one, to think on their feet, in real-time. Don't follow the directions--make up the directions, and then follow them. Learn about priviledges and responsibility--and learn to accept responsibility for your actions and inactions. (Most folks currently expect the government to take responsibility for their actions or lack thereof.) Learn to do math the teacher's way, and then figure out faster and better ways to do problems (and present these to your peers in class). Learn to read between the lines and not believe everything you read, see and hear. Do these suggestions seem obvious? Why, then, aren't they being carried out? Why do so many of us have sloppy, incoherent handwriting? Why do students, when asked a difficult question, expect the teacher to know the answer? Why doesn't anybody in this country take responsibility for their actions? Why do we have defective policies in place for decades (and follow these policies), instead of proactively analysing the situation and finding a better way? Why do so many people believe every word the media tells them? (Including the claim that tools which can be used for evil will pervert the minds of those who possess them, much like the One Ring.) Don't pretend these problems don't exist--they are very real and very dangerous.
Education isn't limited to public schools, by the way. Our airline security, stewardesses, pilots and janitors should receive an education in psychology, body language and self defense, instead of regulations nobody reads that describe a Wile E. Coyote-style bomb. This rule applies across the board, yet training is only the beginning--the real training is in learning how to learn and think out of the box, all the time.
The following books (off the top of my head) contain some real insight, and should be mandatory reading for all employees of the government: The Seven Habits of Highly Effective People by Steven Covey--for its discussion of principle versus character, among other things; Out of the Crisis , by W. Edwards Deming; Nuts! by Kevin and Jackie Freiberg; and finally, The Pursuit of Wow! , by Tom Peters.
The problems with encryption, the DMCA, the SSSCA, and all other defective policies will work themselves out once people stop following directions and start using their brains.
OK:
http://www.counterpane.com/rijndael.html
Become a FSF associate member before the low #s are used
to Mr. Ashcroft and the fascists waiting to destroy our Constitutional republic:
747's
gas
rented automobiles
box cutters
money
a human brain
religious fanaticism
anger
bad foreign policy
violating other people
Wait. What if just said EVERYTHING is a tool of terrorism.
He has the logic of a retarded monkey with no hands and blind in one eye.
Internet security is based on a trust/no-trust system, and the one common trusted thing among all security protocols is the security of the crypto. If this trust system is undermined, as will be the case with restricted and/or "backdoored" crypto, then the entire trust system collapses. We have to "hope" our systems will remain secure, and we can no longer trust that they are.
Despite my bad English, what I'm trying to say is that key escrow, backdoors, and other similar man-made vulnerabilities in crypto will disrupt the functioning of the internet and e-commerce more than most people think. So, anyway, this isn't just a battle to be fought by "liberal-minded fools crying for rights that don't really exist", this is a battle for internet security which needs to be fought by everyone.
it appears that one of the first victims of America's new war may be the privacy of her citizens.
I feel obliged to remind you, sir, that the first victim of America's new war is not, and cannot be, the privacy of our citizens. We don't know exactly who the first victim was, but we know that there were roughly 6000, and their deaths are the incident that sparked this very issue. I would thank you to remember that from now on.
Lack of eloquence does not denote lack of intelligence, though they often coincide.
Nuclear devices are in _no way_ easy to build from scratch. Most countries haven't managed it, let alone any smaller entity. Yes, weapons grade fissile material is hard to get. But that's not even the hardest part. In order for a squeeze device to work, the explosive wavefront must be EXACTLY correct. The device has to be arrainged internally to function on the microsecond scale, and timed precisely. For example, you can't have just one detonator for a spherical core, because point A would detonate one shake of a lamb's tail too soon compared to the other side, so you end up with several very finely crafted explosive segments, each with it's own detonator. Of course, the electric signals to the detonators have to arrive at the same time, so you have to cut the wires to them all the same length and use really, REALLY accurate switches and fuses. Again, for example, the Krypton switches that are weapons-precision are made by one company in the US. One company, with one product line, being sold to one and only one customer. (So when Iraqi agents tried to buy some in the late 80s it raised some red flags.) So getting good bang material is just the start of the obstacles.
The threat of nuclear proliferation does not in my mind exist so much from the construction of new devices, but rather from the misappropriation of preextant ones. America has extremely tight controls on it's nuclear arsenal. The same can not be said of every member of the nuclear club (e.g. the soviet disunion, or china). If a terrorist got a nuke, my bet is that they would buy it on the black market, and deliver it via containerized freight.
The same argument holds to a lesser extent for chemical or biological weapons. Why bother trying to synthesize Sarin when you can just buy a shedload of artillery shells from a poor private guarding a disposal site in BFE Central Asia?
News for Geeks in Austin, TX
Not a product from the USA, they can't install a backdoor into it. Check out for instance the contact addresses from www.jetico.com if you don't believe. It's in Finland, Tampere, EUROPE. The continent that hasn't lost its sense.
Can Someone please explain how encryption alone can be used to hurt someone?
We regulate things like guns, explosives, automobiles and airplanes because these things, if used maliciously or even just incorrectly, can hurt people. When something can be used to hurt someone, most people don't mind giving up some freedom with respect to that thing.
But Encryption is NOT in the class of things like guns, explosives, automobiles and airplanes that can hurt people. I'm not saying that encryption can't be used by people who want to aquire the kinds of things that can hurt people, but only that encryption is not one of those things.
So if law enforcement wants to stop people from hurting people, they don't NEED to regulate encryption the way they regulate hand guns. They can stop people from hurting people when they do something BESIDES talk.
That is why I am willing to give up my right to a hand gun, but NOT to give up my right to a private conversation.
My handle breaks slashcode, what does your handle do?
I shit on Mecca. I menstruate on the Koran. I piss on Mohammed.
Potassium sticks, normally sealed in a form of oil, will explode quite liberally when dashed about with hydrogen, oxygen.
http://crypto.stanford.edu/ibe/
Based on ellipses.
An Identity Base Encryption (IBE) scheme is a public-key cryptosystem where any string is a valid public key. In particular, email addresses are public keys. Only a trusted party knows the private key corresponding to a particular public key.
In standard public-key cryptosystems such as RSA, if Alice wants to send Bob an encrypted message, Bob must first generate a public key, and then Alice must retrieve it before she can encrypt. Alternatively, there might exist a directory service; a third party generates a public key on Bob's behalf (and gives the private key to Bob later), but Alice must still retrieve this key from this directory service.
With IBE, if Alice wants to send Bob an encrypted message, she simply encrypts using Bob's email address. Thus Bob's email address is his public key; there is no need for Bob to use cryptography software to generate a public key, nor does Alice have to retrieve a public key from Bob, or from a directory service.
Once Bob receives an encrypted message, he retrieves his private key from the trusted server (he only has to do this the first time) and then decrypts.
The main aim of this project to encourage use of encrypted email. Conventional public-key systems have trouble spreading beecause the average user has little motivation to generate keys. However, because the trusted server (or servers) knows every user's private key (i.e. the system has built-in key escrow), it is hoped that users will migrate to traditional public-key cryptosystems, and we are ressearching how to automate the transition and make it as seamless as possible. (For example, since the server is trusted, it naturally takes on the role of a certificate authority when switching to standard cryptosystems.)
Get your own private key here or download the GPLed source or windows binaries here.
After reading around 11 of the 400+ replies so far, I rediscovered nimrod! The other thing I don't understand is what do They DO with Their backdoor? How do They know WHICH ONE to decrypt with Their Master Key? If the spy services are filtering through TENS AND HUNDREDS OF MILLIONS of electronic items a day, how to expect to zero in on a couple of important encrypted emails. It's not like some code book in a war movie. THERE'S A GAZILLION EMAILS. PLUS, to filter they have to see what's going on, so that means EVERYTHING gets automatically decrypted just to be scanned? It's mad. Sounds bad, too. But also, like, useless.
This reminded me of something I read ages ago.
A British politician/civil servant and his wife were staying in a hotel in Russia. They suspected they might be bugged, so they just spoke the whole time in their native language, Welsh. Not totally secure, but I suspect there were not too many Welsh speakers in the USSR.
Steve
Encryption does not cause terrorism, terrorists cause terrorism.
You're wrong here: dead wrong!:
You will regret ever having considered that after we send in our bicycle troops...
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Current day PGP will be enough for a long time for a variety of people (ie terrorists, normal people), so regulating it will not stop the very public source code for it now. Like banning DeCSS. It's too late. So whats the point?
A Romanian refugee living in the US wrote an article about his plight, back in the good old Cold War days. He said that he often called his father who was still in Romania, and since his family had been tagged as politically bad by the son's escape, the father's phone line was tapped by the secret police.
So since both his father and him were erudites and spoke Latin, they sometimes used that language over the phone to discuss family matters. Then a polite voice came in the conversation and firmly reminded them that only approved languages could be used in an international phone call, and please revert to Romanian or the call would be cut.
Don't know if it's true, but it's very much in character of the secret police mentality: "Of COURSE we tap your phone, you little sneaky counter-revolutionary! And be glad we don't send you to reeducation camp!". So this story seems likely, alas.
Let's hope the US will not abase itself to the encryption-with-mandatory-trapdoor equivalent of that in-you-face eavesdropping.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Geez, you guys have all the time to sit around and fantasize about these what-if scenarios, like "What if a terrorist visits my house...?"
Well, duhhhhh!! Have you ever heard of guilt by association??!!
True story: I once was paid a visit by a phone phreak friend of mine a long, long time ago in a place far, far away. He brought along this strange young lady with him who proceeded to stick the suction-cup mirror that I ripped off from the Tephone Cumpny all over the wall, leaving behind nice little circles on the painted surface.
Needless to say, neither she nor he was welcomed in my house again. I didn't need no goddamned warrant, special order, or other law to realize that if he associated with inconsiderate people like this, he probably wasn't far removed himself.
The extrapolation of this anecdote to the topic under discussion is left as an exercise to the reader.
Frank
slashdot: A failed experiment.
Oooh! The 5 Minute Hate is coming on the telescreen in a few minutes. Excuse me, but I have to go hate Osma Bin Goldstein. He's currently holded up in a lair in Oceaniastan.
RTFS(ubject)
Do you think the Europeans, Russians, Indians & Chinese are incapable? What makes Congress think Key-escrow is a good solution?
Besides, with PGP, the genie is out of the bag.
No, i meant 1000s, or 'thousands'
Applies to Ishmael rather than Isaac, unless you're calling most of the older Middle Eastern churches wrong. Look it up.