Slashdot Mirror

← Back to Stories (view on slashdot.org)

News.com: Crypto Doesn't Kill - People Do

Posted by timothy on from the aa*jTYnd8-H//Im dept.

McSpew writes: "Bravo to News.com for telling the truth about cryptography. They even cited /.'s coverage of Phil Zimmerman's real views on PGP and its possible role in any terrorist acts." On a per-word basis, this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security.

2 of 259 comments (clear)

  1. Letters to congress people. by Crixus · · Score: 5, Interesting

    One week ago today, I wrote essentially the same thing to my congress people. Here is my letter in case anyone else would like to send it to their congress critters:

    ------

    Honorable Senator xxxxxx,

    I am writing to bring to your attention the pointlessness of Senator Judd Gregg's new legislation mandating backdoors in all cryptographic products. I could make many arguments that discuss our civil liberties and the right to be secure within our papers and possessions, but that argument while true and immensely important, is not even required in this case.

    Simply put, with respect to strong cryptographic software, the "cat is out of the bag." The world is already full of good, secure cryptographic products with no backdoors. That is the case now, and was PRIOR to Congress' reduction of ITAR restrictions that kept us from exporting strong cryptographic products.

    The world is full of smart people many of whom do not work for the NSA, and do not live within the United States. These people in the civilian cryptographic world are constantly researching and developing new cryptographic techniques, which Senator Gregg's legislation WILL NOT AFFECT. No matter how many laws you pass, NOTHING will keep the BAD GUYS from being able to download this cryptographic software from European and other web sites.

    If Europe latches on to Senator Gregg's idea of mandating backdoors in all cryptographic products, then the people who want to use cryptographic products with no backdoors will simply write their own, or copy VERBATIM the computer source code for strong cryptographic software that already exists in many hundreds of published books.

    Allow me to quote Bruce Schneier, perhaps the United States' leading civilian cryptographic expert:

    "To illustrate the ease with which a cryptosystem can be implemented, I present the full code necessary for establishing a secure cryptographic channel over the internet, called the Diffie-Hellman Key Exchange. Both people communicating do the following:

    "1. Get public key (Y, P) of the other person. This is just a pair of large numbers.

    "2. Raise Y to the power of X, where X is the private key, modulo P. The result is the secret key.

    "Modular arithmetic is taught to fourth-graders under the name 'clock math,' and secret-key cryptosystems are just as easy to memorize and implement as public-key systems. I could teach any twelve-year-old how to reproduce from memory in under fifteen minutes a strong cryptosystem on any Windows machine. Any terrorist is quite capable of doing the same."

    This speaks volumes about the current state of cryptographic software in the world today, and the ease with which it can be implemented.

    If Senator Gregg's legislation is passed, it will have ZERO affect on the people who DO have things to hide from you, and will only harm the innocent citizens of the United States who wish nothing more than to insure that their banking records and private email conversations remain truly private.

    Regards,

    -----

    Rich...

    --
    Ignore Alien Orders
  2. Crypto not common?? by alienmole · · Score: 4, Interesting
    Where they find encrypted data they can't characterise it any further; so they hit a brick wall. But its not common right now, so they can make a file. However, if everyone on the internet routinely uses uncrackable encryption they can't build a file on everyone.

    If I understand you correctly and you're saying that crypto isn't common right now, that's not true. Salespeople around the US have been selling Virtual Private Networks (VPNs) to companies for a few years now, and these encrypt all traffic between a company's sites. While there almost certainly is still much more unencrypted traffic on the net than encrypted traffic, encrypted traffic is far too common for the government to be building a file on every instance they encounter.

    Many lawyers use encrypted email because of legal precedent which makes email less legally "privileged" than say a phone conversation.

    Then there are all the /. nerds using SSH to talk to their servers. Do you think the FBI or NSA has a file on Shoeboy?

    Everyday use of encryption is a lot more common than you might imagine.