Slashdot Mirror

← Back to Stories (view on slashdot.org)

News.com: Crypto Doesn't Kill - People Do

Posted by timothy on from the aa*jTYnd8-H//Im dept.

McSpew writes: "Bravo to News.com for telling the truth about cryptography. They even cited /.'s coverage of Phil Zimmerman's real views on PGP and its possible role in any terrorist acts." On a per-word basis, this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security.

3 of 259 comments (clear)

  1. Re:Its too easy to circumvent restrictions by Pseudonym · · Score: 4, Informative

    Well, RSA isn't exactly a full cryptosystem by itself, but this does show how easy it is.

    To review the OpenPGP RFC prior to publication, I re-implemented PGP's decryption and signature checking operations working just from the spec. Admittedly I didn't write my own big integer library, but I did implement 3DES and SHA-1 myself.

    It took a week.

    And remember, most of that was getting the details of the protocol correct. (I spent a day just getting PKCS encoding right, for example. That's unfortunately not in the OpenPGP spec.) A terrorist who was not trying for inter-operability with PGP probably need not bother with that.


    --
    sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  2. Re:Sorry by ZigMonty · · Score: 4, Informative
    You can, but the numbers are very big. Even 40-bit keys can represent numbers up to 1099511627776. A 1024-bit key can represent an number like:
    • 179769313486231590772930519078902473361797697894 23 06572734300811577326758055009631327084773224075360 21120113879871393357658789768814416622492847430639 47412437776789342486548527630221960124609411945308 29520850057688381506823424628814739131105408272371 63350510684586298239947245938479716304835356329624

    • 224137216

    It's 309 digits long! As you can see the numbers are big and get exponentially bigger as the key size increases. The idea with public key encryption is that, while it is quite quick to multiply two numbers this size together, it is very hard to factor the result into the two parts again. It is possible but, for keys > about 56-bit, it is beyond what modern computers are capable of.

    Distributed.net is a SETI@home-like project to crack ever larger keys, among other things. Check them out.

  3. Re:Stop this mess ! by peppy · · Score: 5, Informative

    It seems the terrorists didn't even bother to encrypt their emails either according to this article in the UK Guardian newspaper.

    "FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack....According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read."