Slashdot Mirror
What's Now State of the Art in Encryption Technology?
One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.
JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?
To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.
Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.
So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"
I haven't been able to reliably read my own handwriting for years. Given a small government grant, I could develop this even further into a true, secure, incommunication system of one-way cryptos. If I could be bothered to learn Navajo, I'd be set for life.
Money for nothing, pix for free
Of course encryption is a "tool of terrorism." It falls squarely into the same category as other tools:
Concentrate on the terrorists and not on their tools. Starting down the road of outlawing inanimate objects that can be used for multiple purposes is the beginning of an ultimately unfulfilling and unsatisfying journey.
Laws affecting technology will always be bad until enough techies become lawyers.
Bush's Orwellian Address
Happy New Year: It's 1984
by Jacob Levich
Seventeen years later than expected, 1984 has arrived. In his address to Congress Thursday, George Bush effectively declared permanent war -- war without temporal or geographic limits; war without clear goals; war against a vaguely defined and constantly shifting enemy. Today it's Al-Qaida; tomorrow it may be Afghanistan; next year, it could be Iraq or Cuba or Chechnya. No one who was forced to read 1984 in high school could fail to hear a faint bell tinkling. In George Orwell's dreary classic, the totalitarian state of Oceania is perpetually at war with either Eurasia or Eastasia. Although the enemy changes periodically, the war is permanent; its true purpose is to control dissent and sustain dictatorship by nurturing popular fear and hatred.
The permanent war undergirds every aspect of Big Brother's authoritarian program, excusing censorship, propaganda, secret police, and privation. In other words, it's terribly convenient.
And conveniently terrible. Bush's alarming speech pointed to a shadowy enemy that lurks in more 60 countries, including the US. He announced a policy of using maximum force against any individuals or nations he designates as our enemies, without color of international law, due process, or democratic debate.
He explicitly warned that much of the war will be conducted in secret. He rejected negotiation as a tool of diplomacy. He announced starkly that any country that doesn't knuckle under to US demands will be regarded as an enemy. He heralded the creation of a powerful new cabinet-level police agency called the "Office of Homeland Security." Orwell couldn't have named it better.
By turns folksy ("Ya know what?") and chillingly bellicose ("Either you are with us, or you are with the terrorists"), Bush stepped comfortably into the role of Big Brother, who needs to be loved as well as feared. Meanwhile, his administration acted swiftly to realize the governing principles of Oceania:
WAR IS PEACE. A reckless war that will likely bring about a deadly cycle of retaliation is being sold to us as the means to guarantee our safety. Meanwhile, we've been instructed to accept the permanent war as a fact of daily life. As the inevitable slaughter of innocents unfolds overseas, we are to "live our lives and hug our children."
FREEDOM IS SLAVERY. "Freedom itself is under attack," Bush said, and he's right. Americans are about to lose many of their most cherished liberties in a frenzy of paranoid legislation. The government proposes to tap our phones, read our email and seize our credit card records without court order. It seeks authority to detain and deport immigrants without cause or trial. It proposes to use foreign agents to spy on American citizens. To save freedom, the warmongers intend to destroy it.
IGNORANCE IS STRENGTH. America's "new war" against terrorism will be fought with unprecedented secrecy, including heavy press restrictions not seen for years, the Pentagon has advised. Meanwhile, the sorry history of American imperialism -- collaboration with terrorists, bloody proxy wars against civilians, forcible replacement of democratic governments with corrupt dictatorships -- is strictly off-limits to mainstream media. Lest it weaken our resolve, we are not to be allowed to understand the reasons underlying the horrifying crimes of September 11.
The defining speech of Bush's presidency points toward an Orwellian future of endless war, expedient lies, and ubiquitous social control. But unlike 1984's doomed protagonist, we've still got plenty of space to maneuver and plenty of ways to resist.
It's time to speak and to act. It falls on us now to take to the streets, bearing a clear message for the warmongers: We don't love Big Brother.
Jacob Levich (jlevich@earthlink.net) is an writer, editor, and activist living in Queens, New York.
Folks, in this discussion, please keep "algorithm" and "protocol" seperated. An algorith is a mathematical method, such as the public key algorithms, or, as described rather roughly above, bits being indistinguishable from the statistical properties of the pixels.
Protocol, on the other hand, is roughly speaking the way you use the algorithms - everything required to get the message from Alice to Bob, including key exchange, agreements on which pictures to use and how to identify them, etc,e tc. I strongly urge you all to read Bruce Schneier excellent works on this subject, both his Applied Cryptography books and his less theoretical and for most of us far more interesting book Secrets and Lies.
Also, whenever I hear "state of the art cryptography" I feel I hear somebody who doesn't understand that creating cryptography takes years and years. Peer review, taking apart actual implementations, etc, etc, and if after x years there's still no good attack known, then perhaps the cryptography is acceptable.. "state of the art" usually implies "the newest and the latest", and that's not what you're looking for when you select cryptography.
Prohibition almost never works. And certainly not when you are prohibiting something that anyone with even a tiny bit of smarts can do on their own.
Cryptography does not even require computers, the ultimate encryption, one time pads, does not require a computer and is utterly secure as long as you maintain pad seccurity.
There are caveats to everything, oh well. Enforcing cryptographic limits on your citizens is of no value at all. If a criminal wishes to transact their business using encryption technology then there is nothing law enforcement can do about it. Period.
Only deep ignorance prevents these people from seeing the truth.
Besides embedding your message in an image, there are dozens upon dozens of ways of passing messages in plain text. Some famous examples from the past use poetry.
Enough for now, I might go off on real rant, then we'd all be unhappy.
Later . . . . . . WebBug
If you're that worried about being tracked and monitored on your computer, don't use one. Don't use a PC, use credit cards as little as possible, and stay away from any "networked technology". Join the manual labor work force, and dig a ditch. That's probably the only way you'll be able to avoid the upcoming onslaught of "anti-"privacy issues and legislation from Ashcroft and Congress. Oh yeah, don't get your picture taken, and especially don't commit any crimes, cuz then you're mugshot will be plastered across face recognition software everywhere.
Th
> > Hey dude, I just computed Pi with some
> > home-brewed code, can you check if I got it right?
> >
> > Pi = 3.149018493227539874383983749210025
>
> Hey pal, I think that you need some code tweaking, I get:
>
> Pi = 3.14151747701120741294729382749277
>
I did some tweaking. Now I get:
Pi = 3.141649287392847283785938472901018401
Am I making progress?
the Afghan people have tried that already, and it
hasn't kept them very safe from bin Laden...
*rim shot*
I'll be here all week folks! =)
A year spent in artificial intelligence is enough to make one believe in God.
Same for all the rest of us.
ROT 13. Plus DMCA. Plus Attack Lawyers.
Nobody will hack this right?
134340: I am not a number. I am a free planet!
Well, the best stand you can make for your rights to privacy and assembly is probably two fold:
:)
1. Exercise them, by encrypting everything you send until they either make it illegal or engage in the debate effectively and attending assemblies of like minded citizens lawfully petitioning their government for redress.
2. Write a check to the ACLU or your favorite civil-rights group (EFF, whatever). Face it folks, Dollars Vote . Nothing expresses your opinion like purchasing power. So I would recommend, in effect, "purchasing" more advocacy and voice in the system. This is not to say this system is right, it is to say this system is reality. We can complain that it shouldn't be this way all we want, but unless we show a force (read: $$) that those with power respect, we're pissing in the wind.
Personally, I use PGP and have been for a while now. (My Public Key) I probably don't use it as much as I should, but it's definitely used for some conversations at work I wouldn't otherwise want seen. So far, none of my employers have had an issue. I don't - yet - encrypt everything on my home computer, but I'll probably buy something to do that in the near future. (Recommendations welcome!)
My company actually mandated everyone get encryption (in our case, Entrust) on our laptops before we went on a project in Asia last year. Turns out, the clients we were doing the work for would attempt to hack into our computers while we we're using their network. They dove into some folks' laptops and read/copied email, files, etc. and then used the information when negotiating with us! We started encrypting everything related to the project before going on site and the client became a bit easier to deal with. (No comments on why they remained our client, please, I still don't know the answer to that one! Decision not in my hands.)
I mention this because I think there's a possibility to make privacy at an personal level a common cause between corporations and individuals. We just need to make the case loudly and effectively. (which brings me back to my support your local civil rights organization point
Or, you could hide steg messages in what looks like Sircam virii - just change the words a bit, move a space or two or even mess with the attached files.
There's so much data on the Net today that it's not even funny anymore and lots of it is metadata (Napster login names, tcp packet TTLs, file lengths and the naming of cats on personal homepages spring to mind) so you wouldn't even have to bother using a book cipher or pre-set code phrases like "Buy two quarts of milk on the way home, dear" which of course means "ram two commercial jets into tall buildings before breakfast".
I don't really understand why anyone bothers, unless it's to catch the really stupid terrorists, the ones that failed Terrorism 101 by not being able to scare the kindergarten kids next door out of their lunch money. Or, to watch over the general populace...
The point is that you can find hidden messages, faces on Mars and backwards satanic messages everywhere if you look hard enough, but it's impossible to find real messages that's been hidden good enough. Just deal with it.
Money for nothing, pix for free
However, I'm not one to suggest it would be undefeatable!
Anyone who wishes to advocate legislation requiring backdoors in encryption products must first write a paper showing how this would prevent terrorists from secretly communicating with each other. Explain the term "steganography" and show how your legislation would prevent terrorists from using it. Explain why terrorists would be unable to fall back on codebooks full of innocuous phrases, hidden in apparent music CDs. Explain how your legislation would be enforced outside the U.S. Prove that your legislation would not have any serious impact on banking, credit card transactions, or internet commerce. Be prepared to defend your thesis to a panel selected by Philip Zimmermann and the Electronic Frontier Foundation.
There is a form of encryption that will always be secure with one exception. Conversations that are based on prior conversation will always be secure, unless the prior conversation was recorded.
Because computers have such a difficult time with semantics this means that a human will have had to have heard the original conversation in order for detection of the "encryption" and its meaning. This is why tracking criminals is such a difficult task. Until we can get computers to understand and infer semantics, and then record ALL conversations, there will be no way to decode all transmissions. As I am sure that many on this forum will agree, this is most likely not going to happen in the near future. This is why undercover work is so important.
To give an example, if I were to say the word "Fjornborgi" to a complete stranger (as most of you are) he would have no idea what I was talking about. On the other hand, if I say that to my brother-in-law, he knows exactly what I am saying and why. This is because we have a history of conversations where the word "Fjornborgi" has been discussed and defined.
As for computed encryption, with RSA no longer under patent and many very good mathemeticians coming up with interesting functions everyday, I see it being more and more difficult for government to monitor and control information. I don't see this as a bad thing, since it gives the citizens of the world more freedom to express their ideas to their audiences in a secure way. There is little fear of being overheard when not desired. Of course, many will abuse the priviledge, but that has been the case for centuries and not a new problem that has shown up just because of encryption.
Ok, I'll admit I'm biased, but I think the next phase in the developing landscape of encryption is universal access to cryptography. I'm not talking about putting PGP on FTP servers, I'm talking about making hard crypto available to my mother.
To this end, I've started the PPS, which is a project devoted to transparent, universal email encryption. The goals are complex, since they are aimed at so many audiences, but you can browse the site and get an idea. If you find it to your liking, please drop me a line and sign up to help.
You don't have to have technical skills. I need proof-readers, coders, researchers, and more. The reference code is not nearly as important as getting the specification done and doing all of the research needed to get the various MUA vendors to sign on.
Best application for StegCrypto I know of is Scramdisk - it only supports 16 bit WAV files (for now) but for ease of use it is unbeatable. the lower four bits of each sample are "formatted" to form a virtual disk drive (a bit like a floppy disk).
To open this virtual disk, you drag and drop the wav file on top of the scramdisk app (there are other ways, but that is the simplest) and type in your password. unless you know the password, the volume won't open, and if you examine the file you can't even prove the scramdisk is there (yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits) Scramdisk is free (with source) from www.scramdisk.clara.net
-=DaveHowe=-
Too many people seem to be automatically against anything that Ashcroft might call for, without actually knowing what the specific proposals are. For example, one of the new powers that Ashcroft has called for is that when a surveillance warrant is granted, it be tied to the individual rather than a specific phone, which seems totally reasonable to me.
In future discussions, how about if we discuss specific proposals and make specific criticisms rather than general statements about how the government is just looking for the chance to turn the country is a police state?
Just a thought.
Sometimes it's best to just let stupid people be stupid.
Not that rare - I have seen it take better than six hours before a submission is even looked at....
-=DaveHowe=-
There's always new stuff going on in cryptography, but the state-of-the-art is hard to define...
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms.
Best implementation? OpenSSL has done a great job of implementing most of these algorithms (maybe a few have been left out due to patent considerations) into a simple-to-use library with both high-level and low-level interfaces to the encryption and decryption routines (i.e., you can simply encrypt blocks of memory, or you can have the library format and encrypt the data according to various standards, like SSL).
Best personal encryption tool? GPG/PGP. I like GPG more, mainly because the source is going to remain available-- NAI is closing up the PGP source. Either one, though, should offer adequate security for e-mail or personal file encryption.
Best hard-disk encryption system? I'm familiar with encrypted loop-back-- under Linux and OpenBSD. I think that it has some advantages-- it's simple and easy to understand, and it works with ANY filesystem supported by the operating system. However, lots of known header information in file allocation tables and such can give an attacker a lot of information to work with.
I haven't tried TCFS yet. The OpenBSD support for it is still very young, and is a developers-only sort of thing. I'm thinking that TCFS will be a VERY good choice, once the support for it is stable in most operating systems (I don't know what the status of tcfs is in Linux-- anybody care to let me know?)
What else? Oh, there's steganography. Still not a lot of stuff out there, but one choice DOES stick out above the rest: OutGuess. OutGuess isn't based simply on a half-baked implementation of a simplistic steganographic algorithm-- it's based on actual research by a respected scientist in the field. OutGuess has a lot of thought put into it, and if you really need steganography (which, I'll admit, is rare), that's the program to use.
My coworkers and I tend to use a form of steganography, on IRC. Its not typical pixel-in-picture stuff, though... rather, the script encodes messages (the current irssi perlscript implementation is 7-bit clean) in the entropy available in l3eT-babbling carrier text. For instance, "l" could be "l", "L", "|" or "1", meaning you could use an "l" character to store 2 bits of data. The output looks, as I'm sure you can guess, horrible.
For more important things, we tend to use ssh, but steganography isn't entirely forgotten here =)
Paranoid
Bwaahahahahaa.
- Are you saying these things should have no regulation?
- or are you saying that encryption should be regulated the way these things are?
- or are you saying that everything is just fine the way it is with a mix of regulated and unregulated.
I ask because you didn't actually say anything at all as it applies to reality. "Starting down the road of outlawing inanimate objects that can be used for multiple purposes"... is exactly where we've been for hundreds of years, and I kind of like living here so I'm finding it a very satisfying experience. Sure, I don't agree with all regulations, but I can't figure out what you are proposing...However, all of your examples have other uses. What are the legitimate uses of encrypted email for those without something to hide?
How about SSH? It's already one of the most widely used encryption packages out there, second only to the SSL-equipped web browser. It's so easy to install and so utterly transparent to use that there's no excuse for it not to be in universal use on BSD/UNIX/Linux systems.
Phil
The US military still uses them for secure communication, and ID verification, over insecure channels. And it's easy to build them. Get a word list (from "spell" perhaps) and assign each word in the list a value from AAAAAA to 999999, Roughly 2 billion strings to assign. Assign strings to words, letters, numbers, and punctuation via a good randomizer (a cheap a/d card with a noisy thermocouple makes a great random number generator). The strings can be reused, as long as they are not assigned to the same words.
Best Slashdot Co
Cryptography is a funny field. It's sorta like an intellectual game of chicken. The "best" crypto is almost always the more established algorithms. (These days things like 3DES and RSA) The rational behind this is that the basic principles are sound, leaving only brute force attacks. The nightmare scenario is a "clever" attack. If I dis cover that the WizzBang-2000 scheme is easy to crack if I just divided my cats age, and multiply by 6, then life starts to suck for the WizzBang-2000 users. And quickly.
... whatever) were mostly based on the same old "known hard" problems.
So here, we worry about the speed of brute force. With factoring based crypto, it's fairly easy to move the keysize out a tiny amount and reap huge returns. Symmetric based systems are harder, and often need a redesign/re-evaluation. Such as the DES -> AES migration underway now. 56 to 128 bits isn't quite enough for the truely paranoid.
The chicken part is deciding if someone else has come up with something clever and just not disclosed it. (The big boogy man here is governmental bodies...) Think Engima during WWII.
Personally, I tend to think that there are enough people working "outside the fence" on crypto that if a major established algorithm was broken, we'd all know shortly thereafter. (And imagine the chaos...)
More to the point, if an established algorithm is flawed and the parties holding the flaw are governmental, they'd either have to tell almost no one, (because of the danger of a leak) or tell everyone in the government to use some new algorithm. (Which would set off alarm bells for sure.)
Even the "new" algorithms proposed as canidates for the new AES (now decided as Rija
Along similiar lines, elliptic curves kinda scare me because the math isn't as studied, and I personally think there is more of a chance of an "off the wall" solution to the "hard" problem. With factoring, pretty much everyone since the dawn of math has been hammering on it. (Elliptic has been hammered for a few hundred years I think, but not nearly as intensely.)
"The Man" wants a backdoor because it's cheaper than a huge beowulf cluster.
First, share a one-time pad. This is very easy using steganography: you just choose an image on the internet and a time and agree to seed a pseudo-random number generator with that to get your pad. Encrypt your message by XORing it with the one-time pad. Your encrypted message is now indistinguishable from random noise, assuming your PRNG is good.
Then, you need a data file where noise is expected. Using low-order bits is no good unless you have pictures where the low order bits are actually random, rather than containing no information. One possibility is to take a photograph and make it a GIF or PNG; the lowest order bits that your camera actually produces are probably noise, and will be present in the image.
Replace the input noise with your special noise. The resulting image is now perfectly plausible (your camera could have taken it if some photons happened to land differently, with the same probability as having taken the photo it did take), and the message cannot be read or distinguished from noise unless the codebreaker knows what image you agreed on.
In order to do this, you and the recipient have to agree on an image you control and another image. Having done this, you can, of course, agree on more images later, for communications in both directions. Make sure you both look at a lot of images, including a lot that everyone looks at (e.g., CNN).
And then your recipient looks at the message on his CRT, and the spies read it in the EM radiation. Good thing you weren't saying anything they care about, but why did you bother with all the encryption, then?
You don't want to ask ``what's the state of the art?'', you want to ask ``what's a decade old or more?''
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
PGP is still very good encryption, and I use it regularly. I mostly use it on my Win2k box, but GPG will do the same job under Linux.
As for how easy it is to use, on Windows it is on the file context menu, allowing you to encrypt and erase files in just a couple of clicks. In Outlook you can tell it to encrypt / sign your emails automatically for you.
This ease of use is not limited to Windows though, GPG plugs into Mutt as well (and if memory serves me correctly KMail), and I am sure many other email programs. I am not sure about file managers under Linux though.
-- Dooferlad
Consider this message:
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
)9TSS
...and what are the legitimate uses of box cutters for those without something they want to cut?
It's a daft question. There's nothing implictly wrong in having something to hide, most of us, those who are human and live normal lives, have many things we don't want in the wrong hands, such as our credit card numbers, for instance.
If I had to email my bank, and transfer confidential information that could be misused, or had to communicate with some group I wanted to trade with, again by email, and needed to pass on confidential information, I'd use PGP or not use email at all. I don't regard that as illegitimate.
KMSMA (WWBD?)
What is the point of fighting it any more? This is due to a fundamental flaw in our system of government. Representatives are allowed to bundle too much un-related stuff into one bill. Who in the hell are we going to be able to convince not to vote for this? Obviously, if it were a bill that only existed to criminalize secure communications everyone would be outraged. It's not that. It's an "anti-terrorism" bill with a zillion individial provisions inside. My congressman isn't taking anyone seriously who calls and askes him to vote against an anti-terrorism bill and I guarantee yours isn't either.
Step out into the street and hand over your guns to the police and don't even think about complaining about it because you could be tried for treason.
It'll keep a twelve-year old from figuring out what you're talking about. It won't keep a sophisticated attacker from figuring out what you're talking about. English is a terribly redundant language; whenever you use a sentence with Fjornborgi in it, you're encoding that word in the rest of your sentence, too. A cryptanalyst would study the environment in which you use the word; the time of day; after what activity; with who else around.
In time, the cryptanalyst would be able to figure out what "Fjornborgi" means--even if you didn't tell him directly, he'd know to a surprising degree of accuracy.
These are people who recreate the internal mechanisms of cipher algorithms just by watching a string of nearly completely random numbers flow out of it. Compared to that, human conversation is trivial.
I'm getting off on a tangent here, but watching a rebroadcast of Ashcroft addressing Congress last night on C-SPAN change how I felt about the man as well as his proposal.
I'm not a supporter of him, but his ideas may have some merit, however his writing skills seemed to lack and I noticed him apologizing on the wording of the laws quite a bit, and instead of reading the text, stating what his intentions were. I think he may be getting some much needed criticism and maybe these new laws will not be the end of the tech world after everybody else gets there paws into the exact wording of it.
This brings up another point: for this man to be in the position of power that he is, shouldn't there have been more though put into his proposal? Obvisouly the confusion I watched last night was just the beginning as several members didn't get a chance to query Ashcroft as he had another appointment. The members that did, all had concerns over the wording of the proposal.
I guess I'm just glad to see that this wasn't rushed through and passed as law and that some officials are actually reading it and listening to their constituents.
I wouldn't even really worry about encryption at the moment. It seems that all congressmen aren't idiots.
Of course, this is just the way I feel at the moment, this is subject to change.
Of course, you are exactly right! How could I ever have thought I had things to hide! Encryption of, aka hiding, information must be used only by those with a nefarious purpose. So I guess I will staple my checks to postcards the next time I pay a bill. And I will post all of my login names and passwords on a public website, since I have nothing to hide about who I am, and I am sure that no one would want to fake my identity online. And I will set up a loudspeaker outside, attached to my phone, so everyone can listen to my every phone call, since I have nothing to hide. And then there's the webcam, and ....
*sarcasm off*
There are a million things wedon't want to make public about ourselves, especially about economic activity. The encryption issue is one of the biggest, if not THE biggest thing that prevents the internet from being the primary way we do business. You want encryption so you can be sure who I am on the other end of a transaction. I want encryption so that the script kiddie next door can't steal my credit card with just a packet sniffer.
-John Van Voorhis
I believe the point that was being made was that while you may have something to hide, your privacy would not be significantly decreased by allowing the justice department to have an escrow key.
It is a valid question, and there is no slashdot friendly answer. The fact is that if you trust the government with that escrowed key, you have nothing to fear. If you have an essential mistrust of the government and administration, then its probably in your interest to archive PGP right now, distribute it to your friends, and get it into use before they ban such warez.
My question is this: If they ban encryption that does not use an escrowed key, but allow it if you use the escrowed type encryption, will anyone be able to tell that you used illegal technology to encrypt a message? I mean its encrypted, and how different can it be from another algorithms output?
Troll Like a Champion Today
What are the legitimate uses of encrypted email for those without something to hide?
To overthrow the new government if the Taliban captures Washington and gains access to all U.S. communications. If Afghanistan had country-wide, free, unrestricted information, it would have been much harder for the Taliban to take over in the first place.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Restrictions on use of cryptography by law-abiding citizens is equivalent to unilateral disarmament in the field of computer security. Why is it that both bin Laden and the FBI consider the freedom of Americans to be a problem?
-russ
Don't piss off The Angry Economist
That's akin to asking, "What are the legitimate uses of a car for those who don't know how to drive?" By the very definition, people who want or need to hide things need a way to hide them - hence, encryption.
However, the implicit statement in your post is that "need to hide" = "crime". Do me a favor. Since you seem so adverse to hiding things, write your name, social security number, all of your credit card numbers, your address, phone number, the names of your children and significant other, your license plate number, and the names/dates of up to the first ten people you have had sex with on ten thousand postcards. Then attach photocopies of a dozen documents from your workplace marked "Confidential," and then send them to the first ten thousand people in your nearest phone book or yellow pages.
Don't want to? Gee, why not? Maybe you have something you want to hide. Maybe you don't want other people invading your personal privacy? Maybe you don't want other people reading documents that could give your competition a leg up on your business? Oh, wait, maybe there's a good reason for encryption. Not because I'm trying to hide any criminal wrong-doing, but because I don't want people to know more about me than they have to. Because not every Joe Blow needs to have easy access to my personal information, or the things I would like to keep as personal knowledge and not general knowledge.
When the ability to keep a secret - ANY SECRET - becomes a crime, you'll know that America has become just as bad as Afghanistan or similar countries.
Hmmm... What's so bloody important, eh? I'm sitting in the NOC of a mid-sized credit union and from my desk, I can see various activity lights blinking non-stop on our Internet banking platform. I'm somewhat comforted by the fact that our ISP and their upstream provider, as well as our account-holders ISP's and upstream providers can't intercept that information and alter it in transit. Aside from that, I'm just not comfortable with anyone listening in on my communications with my girlfriend... family or doctor. It's not that any great harm would come to me if they did; just that I don't think that it is worth allowing it for some bullshit, perceived greater good.
The flag I fly has thirteen stars.
What are the legitimate uses of encrypted email for those without something to hide?
What are the legitimate uses of banning encrypted email for a country which has the support of its citizens?
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
I recently read an article about the Executive Branch overextending it's power during times of war. Lincoln and Roosevelt were heavy offenders, but the limitations didn't last beyond the war.
And what's scary about that are Bush's comments that essentially say that this is an ongoing war, until terrorism is eradicated. Which would mean that the war would never end, so the overextension of power would also continue indefinitely.
Yes yes yes, we all understand the implications and comparisons of and to Big Brother, Orwell, "1984," "We," "Anthem," "Brave New World" and any other dystopian novel or piece of rhetoric out of the mouths of the alarmists and into the minds of the gullible and naive. But does anyone honestly think it is possible for all of that to happen? Big Brother serves as a symbol rather than a specific person. This legend was propogated by ignorance and apathy and held in place by tyranny. I don't believe anyone who has read 1984 is any of these things and none of are about to let these things happen. I think that Bush's speech is more indicative of the fact of the fact that he is a nimrod (a national tragedy doesn't change that, sorry), doesn't know what to do and is finding out that gee gosh, it's hard being prezudent.
Luckily there are smart people in Washington who have raised an eyebrow or two about what is being proposed in his new policies. For one, Colin Powell, who seems the wisest of Bush's cabinet members isn't one for rushing out and conducting long drawn out conflicts without first weighing the consequences. This Big Brother argument, while compelling, only fuels more fears and suspicions, it is hardly the truth, in fact most of Big Brother arguments are based upon a work of fiction and while 1984 gives us all reason to pause, in any case, it is still just that.
Ashcroft is the one who scares me.
Back in the '80s, a young police officer (with whom I used to play D&D when we were teens, and no, he wasn't a lawful good ranger) once told me he was facing a ring of drug traffickers. He was bitter about not able to keep up with them. These mobsters knew that they were under constant phonetap surveillance. This didn't stop them from using the (tapped) phone lines for setting up appointments and deliveries. And the law enforcement agencies never knew about these dug deals until way too late.
Their trick? The mobsters had imported a few natives from a remote North-African village, speaking a dialect that nobody else on Earth spoke. One of these guys on each end of a phone, and even tapped phones become secure! Of course, they used code words for street name and subway stations.
The Navajo code speakers used by the US transmissions during WWII also used the same principle. Not high-tech at all, but very efficient.
So I strongly suggest that all these laws against cryptography include an article mandating the use of a State-approved language on a phone line. Just like in the former Eastern European countries. Why, anything less stringent would put freedom itself at risk, right?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Ok I give up - how is this offtopic?
-=DaveHowe=-
Seriously though, if you are highly technically savvy (which I will assume since we are speaking about the state of the art) then you can not only create near unbreakable encryption, but near undetectable (or untraceable) encryption. Steganography is a child's toy compared to some of the things that are possible. The internet is a vast 86,400 / 365 information sea, slipping a few megabytes of low profile data into it is going to be hard to notice. By utilizing multiple techniques at the same time (hard encryption, low signal to noise ratio channels, low detectability communications, difficult traceability, etc.) you can be confident that even if someone found your data they would not be able to understand it or extract useful information from it.
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms
Ack! Not RC6, not RC6. 15 of 20 rounds were broken during the AES selection process.
In fact, I'd suggest avoiding all of the AES candidates altogether. Even AES itself (nee Rijndael), for that matter--they're simply too new and not enough cryptanalysis has been performed of them.
The only two on your list which I'd recommend would be Blowfish and 3DES. Both of them have been around for years and have been extensively cryptanalyzed, with no significant results being discovered.
I love the smell of Karma in the morning
The Government are immoral to use this as excuse to spy on their citizens.
You should be aware, communication interception will not work on terrorists.
NSA experts even admit it.
Excerpt from USATODAY article, 'Bin Laden's cybertrail proves elusive'
WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.
Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.
Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.
All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.
********
You could ask those that deny above this:
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.:
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
This argument is made to pressure people into acquiesce - else appear guilty.
It does not address the real reason, why they want this information - they want a surveillance society.
They wish to invade your basic human right to privacy.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you.
IT IS A LIE - TERRORISTS WILL GET AROUND IT
The key phrases in the law that you cite are "warrants shall issue", "probable cause". No one -- ever -- has talked about giving the government unlimited authority to wiretap everyone.
Bugs surreptitiously planted on all of your friends and families' phones because you might use them?
If I have criminals (or terrorists) using my phones, and the FBI can convince a judge of the need in order to get a warrant, then more power to them. Go FBI!
Come back when you have actual, factual, abuse and we will deal with the abuse. Just because a tool can be abused doesn't mean a tool should be banned.
Sometimes it's best to just let stupid people be stupid.
What's ironic is that the government could embrace encryption and more effectively eliminate terrorism.
Imagine if everyone was required to have an ID card. This ID card has your name, photo and thumbprint, encrypted with a centrally held government private key. You would need the card to take a flight, get into government buildings, etc. It would be simple to make a small, self-contained device that would have the public key and could compare thumbprints or show a photograph. You would be guaranteed to be who you said you were, no name spelling alterations or alter egos possible.
Before a plane takes off, a computer program looks for people who are associated with the same criminal organization, and if too many flags go off we station extra sky marshals on that plane.
It's kind of scary to give up a basic right to anonymity (although I don't think it's guaranteed anywhere). However, I think I've actually convinced myself that in a time when a handful of people can cause so much damage, we need to know who is in a high risk location.
I know this has been brought up before, but I'd like to comment on it again... If you have an interest in privacy, you should try reading "The Truth Machine" by James Halperin for an alternative view. In my opinion, he makes a very good case that we would be better off to require cameras that are accessible by anyone in every public place than to have privacy. The 'accessible by anyone' is critical, of course.
It's a one time pad. The pad for the day is only used once, for one message. And, yeah, it wouldn't work if you wanted to encode War and Peace. Be great for e-mail though.
Best Slashdot Co
disclaimer: im not a crypto freak, nor really a privacy either, so i might not know what im talking
As you describe it, its ofcourse clear that the way you describe it can be used to link people to other people but still the conversations between them can and will remain private.
Anonymous remailing took a bellypunch when anon.penet.fi got "invated" by scienlogists so its not as well used as it might have been before.
But...
HavenCo has recently started to host anonymous remailing. While there's a clear warning on the sites main page:
Considering this to the fact whats the business "catch" of the Havenco i hardly doupt that there will be any way for any parties to retrive sender/receiver information without physically executing "man-before-and-after" type of attack. (Which might be really hard to execute)
Anyway, The best thing with cryptographic tools is that you are on controls. 128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that. I would like to see that goverment computer farm which can cruch a bruteforce attack against that kind of cryptokeys.
yush
...in a world where terrorists regularly use encryption to fly other people's computers into the sides of tall buildings.
--G
Not so-
The military takes a fair amount of its research from large corporations like IBM, whose employees are vetted for security. IF we can't develop crypto in academia, hire the academics to R&D at large corporations, the military loses another source of their R&D.
Ever heard the old saw that youre only 7 aquaintances removed from anyone on earth?
Its very close to true. Its called the network effect.
Now extrapolate: wiretapping all communication of a few hundred individuals becomes a wiretap of everyone in the entire country.
Would you still aquiesce to it, knowing what it implies?
Usually don't you paint a bulls-eye on your target, and leave the crosshairs on your scope where they belong?
Slashdot's token middle-aged housewife
An encryption algorithm has recently appeared where the author makes some extraordinary claims about its strength. The German Government had even threatened the author with prison for trying to create commerical applications with it.
Comments Please:
Ignoring some of the humour value, I hope someone in the media makes a bit of noise about the fact that making strong encryption have backdoors has no effect at all on the use of other methods like pre-exchanged one time pads and the use of little-known languages.
That aside as well, who's going to force the terrorists to use the state-approved software in the first place? That's what I thought....
- Michael T. Babcock (Yes, I blog)
1. Mutt does not recognize (by default, anyway) a PGP message that is not PGP/MIME. A plain old text-encrypted message has to be saved to a file and decrypted. IMO, that's broken.
2. Outlook does not recognize PGP/MIME and handles it as an attachment. This means, if I encrypt a message using Mutt and send it to someone who is using Outlook, that person again has to save it to a file to decrypt. That's broken.
3. Out of a half-dozen or so options which I examined, there is a single functional plugin for Outlook that enables you to easily encrypt/decrypt mail. That's from a site in Germany. It seems like a good product, but since Outlook's handling of PGP/MIME is broken, it's not useful for incoming mail.
4. This plugin produces the old-fashioned text-encrypted message that Mutt won't handle correctly.
I would love to be able to get together with my friends and help them set up encrypted mail. But the plain fact is, there is no "easy" way to do it. Going from one type of mail client to another is a pain in the ass. And what about Eudora, fatal OE, Pine, Pegasus and all the other clients?
Like it or not, mail encryption is the geek equivalent of "classic" books -- those books "everybody talks about and nobody reads."
mp
"The secret to strong security: less reliance on secrets." -- Whitfield Diffie
The funny thing is that most of the people urging caution and restraint are far from peaceniks: They're just intelligent, reasonable, and rational. To ask "What is the point of doing this? What will it achieve? What will best achieve our goals?" apparently is "left wing" to the whackos in these times of crisis.
Let me put it this way: If the US goes and bombs the hell out of whereever-land, and that pushes 100 more fanatics to join the anti-US crusade, and they come over and poison the water and blow up some aircraft, I hope every looney that pushed for instant reaction no matter what the results should be tried for murder. The simple reality is that it is a vicious cycle of cause and effects, and it's a sad day that so many people don't try whatsoever to understand the situation or how to solve it. I don't know myself, but I do know that declaring war on the world isn't the solution.
I heard a funny caller on a call-in show last night (here in Ontario) that proclaimed "Nuke em all and shoot em when they glow", and while that is funny and humorous and all, when their children come back and kill YOU are partly responsible for it. As the old saying goes: "If it was an eye for an eye then everyone would be blind" and that's 100% true. When some wanker US politicians proclaims that this is "retaliation" he should realize that his words could just as likely be coming out of terrorist's mouths for the many atrocities doled out to their people.
BTW: I am not a peacenik, and if it solved things then warm up the nukes and send in the M1A1s: IF IT SOLVES ANYTHING. If it's just to stroke yourself and show you might while continuing the hate then lay off.
There would be a lot more support for your position were it actually the case that banning crypto, or inserting backdoors would prevent a single terrorism act.
It wont.
Apart from the numerous ways anyone who wanted to could continue to use crypto anyway, apart from the problem that one time pads are extremely secure and wouldnt be caught in any encryption law, apart from the problem that there are thousands of ways to encrypt that nobody would even notice, apart from all that, nobody can even say wether they're using crypto over the internet or friggin homing pidgeons.
You are asked to give up your right to privacy for nothing at all.
Just because some opportunistic politicians want to use this tragedy to further their own political agenda.
Unbreakable. Ancient. Easy to code. Not technically "encryption" depending on how you define the term, but does the same thing. Add in some arbitrary obfuscation (one if by land, two if by sea) and some steganeganogginagraphitti if so inclined and I'd say you're as secure as with a few passes of DES, a pass of Blowfish, and a UUENCODE-style alpha only conversion followed by 26 passes of ROT-13.
How do y0u k.now thi.s post is..n't a s.3cr.et messa.ge? Ar.e y.o.u pa..ra.n0id? The eagle flies at dawn, leave no stone unturned, and now a message for Mr. and Mrs. America and all the ships at sea: the walrus is cold at night.
14 23 27 19 10 12 88
AC's cheerfully ignored
Oh what a bunch of bullshit. It's funny how no one cared about the women of Afghanistan until it was pertinent for propaganda reasons (and if you don't realize how obviously you're being played...). Just like the Kuwaiti babies. The reality is that there are a lot of nasty places on the Earth where a lot of nasty things happen and the US and other Western nations are blind to it...until it serves their purposes propaganda wise at which point suddenly everyone cares. How very 1984.
We should not ban encryption because it does not stop all terrorists.
We should not restrict driving laws because it does not stop all accidents.
We should not lock our doors because it does not stop all intruders.
Okay...what am I missing? These are logically equivalent, aren't they?
Immorality refers to them using these poor peoples deaths - as an excuse to violate everybodies privacy.
They know terrorists will get around it.
They know people are afraid that they may be next.
Government are scum to use peoples emotions like this.
United States Department of Commerce ignores your First Amendment Rights - WIPO.org.uk
I've noticed that the "The Base" group of bin Laden communicates through Slashdot by hiding encrypted messages in ASCII pictures of men bending over and stretching a certain body part.
But then, who will believe me..
You can always rely on the Official Discordian Super Sercret Cryptographic Cypher Code, from the Principia Discordia:
DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE,
Of possible interest to all Discordians, this information is herewith released from the vaults of A.I.S.B., under the auspices of Episkopos Dr. Mordecai Malignatius, KNS.
SAMPLE MESSAGE: ("HAIL ERIS")
CONVERSION:
[Simple letter-to number conversion: A=1, B=2, etc.]
STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the end (HLRSAIEI)
STEP 2. Reverse order (IEIASRLH)
STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
STEP 5. Convert back to letters (AEHIILRS)
This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.
BEWARE! THE PARANOIDS ARE WATCHING YOU!
- - - -
The real Tetsujin 28 is a giant robot.
Encryption is but one small detail in a sea of problems. Before a solution can be found, we must understand the problem--something the folks in government aren't very good at, especially when the problem is technical and scientific. This country has several very major problems, with deep roots. An easy-to-grasp example manifests itself in airline security (a common subject of conversation nowadays). The problem is twofold: first, public education in this country quite frankly sucks, and secondly, most people in this country expect the government to solve their problems for them.
The public education system in this country teaches students how to read, write and do arithmetic, but these are really just side-effects of the underlying agenda: teaching students, starting in kindergarden, to follow directions. I clearly remember getting points off my math homework for figuring out the answer a different, shorter way--points were taken off even when I had the correct answer! On one occasion, the teacher specifically told me that I hadn't followed directions, which is supposedly more important than the answer. On another occasion, a teacher admitted to me that when she studied to become a teacher, she was taught that teachers assign homework to their students not to exercise their new knowledge, but to see which ones do the homework and turn it in on time--another way of following directions. While I agree that homework (or any work) should be delivered on time, I believe that the results should be considered more important. Take a look at The Matrix: Mr. Anderson is expected to be at his desk on time every day--they don't care if he delivers results as long as he follows directions. There is an important pattern here...
The government spends way too much time and money writing long, cumbersome, complicated rules and regulations, to regulate things down to the smallest imaginable details. For example, someone once said that the entire Constitution is roughly 1/12 the length of a bill regulating the sale of cabbage. OSHA makes up workplace rules that make industrial work all but impossible. (This is more true in large corporate factories, where more time is spent filling out paperwork than actually accomplishing any work.) And finally (this one is the saddest--or the most amusing, depending on your point of view), a guy on 60 Minutes said that the FAA defines exactly what threats the security rent-a-cops are supposed to look for. One is a bomb, which is defined as an otherwise empty bag containing a bundle of dynamite with a big analog clock stuck on the side. (And I suppose they can only get you for this if you're wearing a black mask and a zorro-style hat.)
Coming back to the subject, the purpose of the past two paragraphs was to show you that first, the educational system (the government) teaches you to follow directions, and then, they compose mountains of directions covering every possible subject. The problem with this approach is that you can't code every possible combination beforehand--you have to figure out a pattern and come up with guidelines. The human mind has the capability (and beyond) to think on its own, in real time.
I mentioned above that "most people in this country expect the government to solve their problems for them," and haven't talked about that yet. This is one of the biggest reasons we have such a bloated and expensive government. There are government programs in place for everything, even for deciding what can be considered fine art and what can't. I heard a fine example of this on the radio last night--a guy called one of those talk-radio shows and suggested that the government should install solar panelling on all the buildings in our country so we won't be so dependant on the middle east for oil. Why does he expect the government to do this for him? If he wants solar panels on his house, then he should buy them and put them there! The government has no business placing solar cells on anybody's roof. This is the second part of a huge problem that starts in our education system--a colossal number of people in this country think the government should share in their personal problems.
I believe the government should spend less time and taxpayer money sticking their noses in our business. Instead, they should spend more of that fiat dough on improving the education system. This doesn't mean putting more Dells or iMacs in schools--if it were up to me, students would be required to handwrite their reports in cursive. It's an important but forgotten part of education called penmanship. An improved education system is one where students are taught, from day one, to think on their feet, in real-time. Don't follow the directions--make up the directions, and then follow them. Learn about priviledges and responsibility--and learn to accept responsibility for your actions and inactions. (Most folks currently expect the government to take responsibility for their actions or lack thereof.) Learn to do math the teacher's way, and then figure out faster and better ways to do problems (and present these to your peers in class). Learn to read between the lines and not believe everything you read, see and hear. Do these suggestions seem obvious? Why, then, aren't they being carried out? Why do so many of us have sloppy, incoherent handwriting? Why do students, when asked a difficult question, expect the teacher to know the answer? Why doesn't anybody in this country take responsibility for their actions? Why do we have defective policies in place for decades (and follow these policies), instead of proactively analysing the situation and finding a better way? Why do so many people believe every word the media tells them? (Including the claim that tools which can be used for evil will pervert the minds of those who possess them, much like the One Ring.) Don't pretend these problems don't exist--they are very real and very dangerous.
Education isn't limited to public schools, by the way. Our airline security, stewardesses, pilots and janitors should receive an education in psychology, body language and self defense, instead of regulations nobody reads that describe a Wile E. Coyote-style bomb. This rule applies across the board, yet training is only the beginning--the real training is in learning how to learn and think out of the box, all the time.
The following books (off the top of my head) contain some real insight, and should be mandatory reading for all employees of the government: The Seven Habits of Highly Effective People by Steven Covey--for its discussion of principle versus character, among other things; Out of the Crisis , by W. Edwards Deming; Nuts! by Kevin and Jackie Freiberg; and finally, The Pursuit of Wow! , by Tom Peters.
The problems with encryption, the DMCA, the SSSCA, and all other defective policies will work themselves out once people stop following directions and start using their brains.
Internet security is based on a trust/no-trust system, and the one common trusted thing among all security protocols is the security of the crypto. If this trust system is undermined, as will be the case with restricted and/or "backdoored" crypto, then the entire trust system collapses. We have to "hope" our systems will remain secure, and we can no longer trust that they are.
Despite my bad English, what I'm trying to say is that key escrow, backdoors, and other similar man-made vulnerabilities in crypto will disrupt the functioning of the internet and e-commerce more than most people think. So, anyway, this isn't just a battle to be fought by "liberal-minded fools crying for rights that don't really exist", this is a battle for internet security which needs to be fought by everyone.
This is a serious question - has anyone gotten the server to compile under the current Cygwin?
I would *love* to try silc, but the client is a console-only cygwin app after compile, and is only compatable with the silc server (which I can't compile under Cygwin, and am unwilling to trust on one of my solaris boxen)
-=DaveHowe=-
You're wrong here: dead wrong!:
You will regret ever having considered that after we send in our bicycle troops...
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
A Romanian refugee living in the US wrote an article about his plight, back in the good old Cold War days. He said that he often called his father who was still in Romania, and since his family had been tagged as politically bad by the son's escape, the father's phone line was tapped by the secret police.
So since both his father and him were erudites and spoke Latin, they sometimes used that language over the phone to discuss family matters. Then a polite voice came in the conversation and firmly reminded them that only approved languages could be used in an international phone call, and please revert to Romanian or the call would be cut.
Don't know if it's true, but it's very much in character of the secret police mentality: "Of COURSE we tap your phone, you little sneaky counter-revolutionary! And be glad we don't send you to reeducation camp!". So this story seems likely, alas.
Let's hope the US will not abase itself to the encryption-with-mandatory-trapdoor equivalent of that in-you-face eavesdropping.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/