Slashdot Mirror
What's Now State of the Art in Encryption Technology?
One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.
JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?
To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.
Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.
So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"
Well, the best stand you can make for your rights to privacy and assembly is probably two fold:
:)
1. Exercise them, by encrypting everything you send until they either make it illegal or engage in the debate effectively and attending assemblies of like minded citizens lawfully petitioning their government for redress.
2. Write a check to the ACLU or your favorite civil-rights group (EFF, whatever). Face it folks, Dollars Vote . Nothing expresses your opinion like purchasing power. So I would recommend, in effect, "purchasing" more advocacy and voice in the system. This is not to say this system is right, it is to say this system is reality. We can complain that it shouldn't be this way all we want, but unless we show a force (read: $$) that those with power respect, we're pissing in the wind.
Personally, I use PGP and have been for a while now. (My Public Key) I probably don't use it as much as I should, but it's definitely used for some conversations at work I wouldn't otherwise want seen. So far, none of my employers have had an issue. I don't - yet - encrypt everything on my home computer, but I'll probably buy something to do that in the near future. (Recommendations welcome!)
My company actually mandated everyone get encryption (in our case, Entrust) on our laptops before we went on a project in Asia last year. Turns out, the clients we were doing the work for would attempt to hack into our computers while we we're using their network. They dove into some folks' laptops and read/copied email, files, etc. and then used the information when negotiating with us! We started encrypting everything related to the project before going on site and the client became a bit easier to deal with. (No comments on why they remained our client, please, I still don't know the answer to that one! Decision not in my hands.)
I mention this because I think there's a possibility to make privacy at an personal level a common cause between corporations and individuals. We just need to make the case loudly and effectively. (which brings me back to my support your local civil rights organization point
However, I'm not one to suggest it would be undefeatable!
Best application for StegCrypto I know of is Scramdisk - it only supports 16 bit WAV files (for now) but for ease of use it is unbeatable. the lower four bits of each sample are "formatted" to form a virtual disk drive (a bit like a floppy disk).
To open this virtual disk, you drag and drop the wav file on top of the scramdisk app (there are other ways, but that is the simplest) and type in your password. unless you know the password, the volume won't open, and if you examine the file you can't even prove the scramdisk is there (yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits) Scramdisk is free (with source) from www.scramdisk.clara.net
-=DaveHowe=-
There's always new stuff going on in cryptography, but the state-of-the-art is hard to define...
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms.
Best implementation? OpenSSL has done a great job of implementing most of these algorithms (maybe a few have been left out due to patent considerations) into a simple-to-use library with both high-level and low-level interfaces to the encryption and decryption routines (i.e., you can simply encrypt blocks of memory, or you can have the library format and encrypt the data according to various standards, like SSL).
Best personal encryption tool? GPG/PGP. I like GPG more, mainly because the source is going to remain available-- NAI is closing up the PGP source. Either one, though, should offer adequate security for e-mail or personal file encryption.
Best hard-disk encryption system? I'm familiar with encrypted loop-back-- under Linux and OpenBSD. I think that it has some advantages-- it's simple and easy to understand, and it works with ANY filesystem supported by the operating system. However, lots of known header information in file allocation tables and such can give an attacker a lot of information to work with.
I haven't tried TCFS yet. The OpenBSD support for it is still very young, and is a developers-only sort of thing. I'm thinking that TCFS will be a VERY good choice, once the support for it is stable in most operating systems (I don't know what the status of tcfs is in Linux-- anybody care to let me know?)
What else? Oh, there's steganography. Still not a lot of stuff out there, but one choice DOES stick out above the rest: OutGuess. OutGuess isn't based simply on a half-baked implementation of a simplistic steganographic algorithm-- it's based on actual research by a respected scientist in the field. OutGuess has a lot of thought put into it, and if you really need steganography (which, I'll admit, is rare), that's the program to use.
- Are you saying these things should have no regulation?
- or are you saying that encryption should be regulated the way these things are?
- or are you saying that everything is just fine the way it is with a mix of regulated and unregulated.
I ask because you didn't actually say anything at all as it applies to reality. "Starting down the road of outlawing inanimate objects that can be used for multiple purposes"... is exactly where we've been for hundreds of years, and I kind of like living here so I'm finding it a very satisfying experience. Sure, I don't agree with all regulations, but I can't figure out what you are proposing...How about SSH? It's already one of the most widely used encryption packages out there, second only to the SSL-equipped web browser. It's so easy to install and so utterly transparent to use that there's no excuse for it not to be in universal use on BSD/UNIX/Linux systems.
Phil
Cryptography is a funny field. It's sorta like an intellectual game of chicken. The "best" crypto is almost always the more established algorithms. (These days things like 3DES and RSA) The rational behind this is that the basic principles are sound, leaving only brute force attacks. The nightmare scenario is a "clever" attack. If I dis cover that the WizzBang-2000 scheme is easy to crack if I just divided my cats age, and multiply by 6, then life starts to suck for the WizzBang-2000 users. And quickly.
... whatever) were mostly based on the same old "known hard" problems.
So here, we worry about the speed of brute force. With factoring based crypto, it's fairly easy to move the keysize out a tiny amount and reap huge returns. Symmetric based systems are harder, and often need a redesign/re-evaluation. Such as the DES -> AES migration underway now. 56 to 128 bits isn't quite enough for the truely paranoid.
The chicken part is deciding if someone else has come up with something clever and just not disclosed it. (The big boogy man here is governmental bodies...) Think Engima during WWII.
Personally, I tend to think that there are enough people working "outside the fence" on crypto that if a major established algorithm was broken, we'd all know shortly thereafter. (And imagine the chaos...)
More to the point, if an established algorithm is flawed and the parties holding the flaw are governmental, they'd either have to tell almost no one, (because of the danger of a leak) or tell everyone in the government to use some new algorithm. (Which would set off alarm bells for sure.)
Even the "new" algorithms proposed as canidates for the new AES (now decided as Rija
Along similiar lines, elliptic curves kinda scare me because the math isn't as studied, and I personally think there is more of a chance of an "off the wall" solution to the "hard" problem. With factoring, pretty much everyone since the dawn of math has been hammering on it. (Elliptic has been hammered for a few hundred years I think, but not nearly as intensely.)
"The Man" wants a backdoor because it's cheaper than a huge beowulf cluster.
PGP is still very good encryption, and I use it regularly. I mostly use it on my Win2k box, but GPG will do the same job under Linux.
As for how easy it is to use, on Windows it is on the file context menu, allowing you to encrypt and erase files in just a couple of clicks. In Outlook you can tell it to encrypt / sign your emails automatically for you.
This ease of use is not limited to Windows though, GPG plugs into Mutt as well (and if memory serves me correctly KMail), and I am sure many other email programs. I am not sure about file managers under Linux though.
-- Dooferlad
This relates to a distinction made by another poster between the algorithm and the protocol. It's easy to use a good algorithm in a bad protocol, to wit, just cause you screwed up key exchange doesn't mean DES is broken.
Back in the '80s, a young police officer (with whom I used to play D&D when we were teens, and no, he wasn't a lawful good ranger) once told me he was facing a ring of drug traffickers. He was bitter about not able to keep up with them. These mobsters knew that they were under constant phonetap surveillance. This didn't stop them from using the (tapped) phone lines for setting up appointments and deliveries. And the law enforcement agencies never knew about these dug deals until way too late.
Their trick? The mobsters had imported a few natives from a remote North-African village, speaking a dialect that nobody else on Earth spoke. One of these guys on each end of a phone, and even tapped phones become secure! Of course, they used code words for street name and subway stations.
The Navajo code speakers used by the US transmissions during WWII also used the same principle. Not high-tech at all, but very efficient.
So I strongly suggest that all these laws against cryptography include an article mandating the use of a State-approved language on a phone line. Just like in the former Eastern European countries. Why, anything less stringent would put freedom itself at risk, right?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
As for the right to be secure in your person - that means from having your person searched and seized (arrested) by the Gov't. It is not a right to be free from crime.
I cannot take the space to go into detail, but one of the central goals of criminal law is to deter - thus effectively legislating away bad acts before they are prevented. Also, it is to incapacitate - to take those people out of society who do bad acts so they can do no future harm.
As for respecting the Constitution . . . I took an oath to uphold the Constitution on several occasions, most recently as an attorney. Respect it? I fight to keep it a living document every day.
Laws affecting technology will always be bad until enough techies become lawyers.
If you had read the book you would know its 1984 whenever they say its 1984. THATS THE POINT OF THE BOOK!
The Kruger Dunning explains most post on
Cliff, the first victim of the war on terrorism is not you lost of using PGP, its the thousands that died in the world trade center. I have no problem having you give up pgp so that other horrible things like that can be prevented. Think a little bit before writing offending things like that.
In war time, there is always lost of rights, and the write to use encription is borderline ridicoulus imho.
The German Government had even threatened the author with prison for trying to create commerical applications with it.
Quite unlikely, thats certain. Unless it's a BND-internal (Bundesnachrichtendienst - Federal News Agency, sort of the german CIA) algorythm. And then no one would ever hear that they have something against their algorythm being published. He'd just get punished for telling their secrets. But I haven't heard of it, it's probalby just a rumor.
We suffer more in our imagination than in reality. - Seneca