News.com: Crypto Doesn't Kill - People Do

McSpew writes: "Bravo to News.com for telling the truth about cryptography. They even cited /.'s coverage of Phil Zimmerman's real views on PGP and its possible role in any terrorist acts." On a per-word basis, this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security.

Its too easy to circumvent restrictions

[91degrees]

It's quite a valid observation that terorists can write their own software. I managed to write an implementation of RSA in about a day from descriptions only, and that included writing my own big integers library.

Re:Its too easy to circumvent restrictions

[WolfWithoutAClause]

Me too. Based only on a short newspaper article I read in the 'The Daily Telegraph' when I was 16 and implemented it in a week in assembly. And now there are detailed papers available on how to do it on the internet.

I don't see the point at all. Terrorists won't use the escrowed codes; and there are probably plenty of ways to hide messages where the law enforcement agencies won't notice them.

Re:Its too easy to circumvent restrictions

[Pseudonym]

Well, RSA isn't exactly a full cryptosystem by itself, but this does show how easy it is.

To review the OpenPGP RFC prior to publication, I re-implemented PGP's decryption and signature checking operations working just from the spec. Admittedly I didn't write my own big integer library, but I did implement 3DES and SHA-1 myself.

It took a week.

And remember, most of that was getting the details of the protocol correct. (I spent a day just getting PKCS encoding right, for example. That's unfortunately not in the OpenPGP spec.) A terrorist who was not trying for inter-operability with PGP probably need not bother with that.

Imminent crackdown

Watch the administration crack down on these seditious websites soon.

All for improving the homeland security, of course.

Tangables

[satanami69]

The problem I see, is that most people view somethings that's encrypted as something more tangable. They want to be able to get their hands on it. They assume simply because people want to hide what a message says, it must be bad/evil. I'd like to be able to keep all my info private.

CIA officials just need to find better ways of snooping on people.

Re:Tangables

[Derkec]

Very well put. Perhaps this means that instead of "defending" encryption, the geeks of the world should be:

1) Using it more.

2) Convincing non-Geeks that it is a good idea to use.

Put simple encryption in everybody's home and they will realize that it isn't exclusively the tool of evil, it's just a tool that people use for privacy on the internet.

one-time pads

[corebreech]

A good article that could be made better by emphasizing the one-time pad cipher.

The one-time pad is a very easy cipher to explain to lay people. They need no understanding of math, not even arithmetic.

Anybody, anywhere can create a one-time pad by simply flipping a coin or rolling the dice, and use the resulting information to encrypt a message that is impervious to all manners of cryptoanalysis, even techniques made possible by the much-feared though yet-to-be-stocked quantum computer.

In other words, you can create a encrypted message without encryption software or even a computer, and yet be assured that the message is unreadable by any computer devisable today or anytime in the future.

There should be no debate here. Military-grade cryptography is available to anyone with a penny in their pocket and a sheet of paper and pencil.

We need to stop wasting time talking about this.

Re:one-time pads

[Bostik]

Yes, and then you'd need to securely transmit that one-time pad to the person receiving your message. You still haven't solved the Catch 22 here.

Albeit, quantum crypto can solve this. Despite the fancy name, it's nothing more than a secure way to transmit regular encryption keys. It's just not practical at the moment. And large messages with one-time pads? The key would be as big as the original message. Thank you, but for regular use I'd choose good block ciphers any day.

Re:one-time pads

[nyjx]

Er, this totally ignores the massive problem with one time pads which is distribution. One time pads are uncrackable (unless you keep reusing them) but:

1. You have to get a copy to the person you're communicating with.
2. If your pad becomes compromised - somebody else gets a copy all your messages are compromised and it's much easier to size a book of codes than a private key.

Add to that lack of non-repudiation and the like and its not so hot for everyday use...

Re:one-time pads

[corebreech]

Yes but I think you're missing the point.

It may not be an ideal manner of encrypting your data, but it is one that will always be with us, regardless of what we do.

The point is to find a way of explaining to lay people that any controls they want to place on cryptography are pointless.

For terrorists, the one-time pad is more than suitable.

Re:one-time pads

[nyjx]

I don't agree. I think lay people understand that there will always be ways to encrypt things which cannot be broken. The fundamental question is why are the technologies which make this as easy as sending an email?

I don't agree that one-time pads are sustainable for terrorists. Getting the same valid code book to a number of members in several countries? many of who might not know or trust each other?, regularly changing the code? using it for every messages.

At best u'd prob use one time pads to encode your daily keys for some other (faster and automatic) encryption mechanism.

Besides ,in the end you will still be sending a message which makes no sense of any kind (the encrypted string). The FBI will come kocking on your door and say (prob not very politely) that they want the key. This is exactly the same result you would get if you used PGP and hadn't surrendered the key.

This is why stenography is so hot - you encode stuff in traffic which looks "innocent" so no one even knows you are sending an encrypted message.

Re:one-time pads

[AndrewHowe]

"each message contains in it the one time pad for the next message"
This is not such a good idea. A one time pad is to be used once, and that means you certainly can't repeat it within a single message. Therefore, each message would have to contain a one time pad that was large enough to encrypt the whole of the next message, including the one time pad in that, and so on. Obviously this means your messages will get shorter and shorter!

Re:one-time pads

[Sly+Mongoose]

If you have a secure channel to transfer the one-time pad why bother with encryption in the first place?

Because you can exchange fat one-time pads when all the conspirators are crouched around a camel-dung fire one night. Then use the pad for secure communications over the weeks and months that follow.

That pad must to somehow be secured like a codebook or it is useless.

It is much more difficult to frisk every person on the street looking for a one-time pad than it is to CARNIVORE every e-mail on the backbone and peek through the backdoor.

One-time pads is a wonderful theoretical idea but one that is useless in most real world applications.

If secure communications are required and backdoors are a threat, the inconvenience will have to be tolerated.

Re:one-time pads

[ichimunki]

Well, the trick is to establish enough code words ahead of time to be useful. But no, people/names and locations are very easy to make codes for, not hard. It's changes in the plan that are hard to communicate, since those require a dynamic code. Otherwise, an innocent phrase like "Charlie and Joey are going to pick up the pizza from Papa John's at 3pm and take it to Willie's house" could easily communicate actors, places, timing, and victims very easily... and sound incredibly normal on the phone. Hell, you don't even really need to disguise the names that much, since if you are being watched, using names that are completely out of context is a red flag.

Re:one-time pads

[mosch]

Almost all freely-available stegenographic methods make for easily detectable data.

Let's take the common case, where one bit is in the LSB of each channel of a digitized photograph. The person who is hiding the data must first acquire digitized photographs, they do this by either scanning photos, or using a digital camera.

The problem with these photographs is that they won't be completely random. The CCD or CMOS in the camera or scanner does not have the property that the LSB is completely random, so it would take a cryptanalyst only a short period of time to find that there was information stored there.

Stegonagraphy really has none of the properties that one-time pads do. It's an interesting mechanism for obscuring data, but that's all it does, obscure. one-time-pads provide perfect security of data, even if you post the results on a Times Square billboard.

With one-time pads, the phrase 'd&@%nMn(>%#f+Nq' is equally likely to mean either 'slashdot rocks!' or 'slashdot sucks!'. There is absolutely no way to get the original plaintext of a one-time-pad encoded ciphertext unless there was a flaw with their random number generator, or they use the same pad twice.

Go read Bruce Schneier's Applied Cryptography.

Re:one-time pads

[crucini]

I don't agree that one-time pads are sustainable for terrorists.

They were sustainable for soviet spies in the US.

Besides ,in the end you will still be sending a message which makes no sense of any kind (the encrypted string). The FBI will come kocking on your door and say (prob not very politely) that they want the key.

You mean like numbers stations? Whose door does the FBI knock on? These stations have been around for a long time.

Anyhow, spies and terrorists don't need machine cryptography. Until the advent of the PC, any encryption machine would be very suspicious item to have in a residence. Machine cryptography is a boon to military forces because they need to exchange a lot of data to coordinate activities in real time. Spies and terrorists don't seem to work that way. Do you think the terrorist pilots were reporting how each day of flight training went?

Re:one-time pads

[MadAhab]

Thanks for finally summing this up correctly by keeping the context of the discussion relevant. We're talking about crypto for communications between terrorists, not for HTTPS. And considering that the encryption is ABSOLUTELY uncrackable, it's awfully cheap.

Here's a real scenario for it's use:

We are planning this around the campfire. Your mission is to go into a foreign country and wait for the message. When you get it, decrypt it with a perl script, a password, and a one-time pad. The one-time pad will be a piece of digital data, something you can get anywhere and carry without suspicion, like a software installation program or ascii copy of, say, a religious text, or even the logo from the FBI's website. The perl script asks you for the password, uses it as a seed for some kind of pseudo-random garbage, Xors that with the digital data pad, and decrypts the message. I will now tell you the URL where you can download the perl script when the time comes, the source of the one-time pad, and the password. Goodbye.

How the fuck is Carnivore or laws for crypto backdoors supposed to stop that? Law enforcement wouldn't even know what to look for. The second you propose techniques for analysing this (we know our pad is going to be a little less than truly random, for instance), I'll propose a slightly different way of doing the whole thing (like varying the way the pseudo-random data from the pass-seed and the pad key work), and your technique won't work. That's the whole point of the one-time pad; you can't crack it next time, because there is no next time (especially in a suicide attack!), and right now you are too late. How exactly can you expect any sort of law enforcement to crack this, or even know what to look for without actually sitting around the campfire with us?

Re:one-time pads

[david+duncan+scott]

Excuse me? My mother was a code clerk for DoS. One-time pads were used daily, and quite effectively, thank you very much.

Sure, there are distribution issues, but those are issues, not show-stoppers.

Remember that terrorism and espionage are dangerous activities. Risk is to be balanced, not eliminated, and perfect solutions aren't particularly sought, just effective ones. If a terrorist's belongings are searched in detail, he's already blown, so write him off and move on.

I'm reminded of a comment from the IRA after a foiled attempt to kill a member of the royal family. Roughly (from memory), they said, "You were lucky. You'll have to be lucky every time. We only have to be lucky once."

Re:one-time pads

[Dyolf+Knip]

If all I do is send 100 byte messages, why would I use the whole 4K at one shot? Just divide the pad into 40 chunks and send the number of the chunk to use with each encrypted message.

Re:one-time pads

[Dyolf+Knip]

Besides ,in the end you will still be sending a message which makes no sense of any kind (the encrypted string). The FBI will come kocking on your door and say (prob not very politely) that they want the key. This is exactly the same result you would get if you used PGP and hadn't surrendered the key.

A perfectly encrypted message is indistinguishable from noise. And if they start arresting people for poor line quality, well...

Oddly enough, there's that British law that says you have to surrender passwords and keys upon request. Punishable by several years as a guest of the state. Was that just proposed or was it actually passed?

Re:one-time pads

[david+duncan+scott]

Quite some time ago, to be sure, in the late 40's. Point is that it was a practical technique in a real-world situation then, and remains so today. Just because a gun is a better way to kill people doesn't mean that knives don't work anymore.

As for being blown, you tell me: Abdul's apartment has just been searched, but they didn't find anything. Are YOU willing to meet with him to discuss your plans for Armageddon? I'm not -- I'm going to assume that he's being followed, that his phone is tapped, and that everybody with whom he's been seen is being treated similarly, and I'm going home quietly. I can always come back next year, or I can send my little brother, or I can work in Canada. At least from what I've read, physical searches are the last stage of the investigation for just that reason.

There's a higher risk for the agent in OTP, but less risk for the data, so it just comes down to relative value. Is the secret worth the risk to the agent? Atomic bomb in the Empire State Building? OTP, and maybe I lose a few guys at the border. Stink bomb in the cafeteria? TI-81 and my people are safe.

Re:one-time pads

[Dwonis]

Yes, but this changes the status of the algorithm from unbreakable to not feasible to break.

Re:one-time pads

[Dwonis]

The fundamental question is why are the technologies which make this as easy as sending an email?

Because my colleague at work need to send me a new Kerberos key when my laptop gets compromised.

Like my sig says, internet security depends on strong cryptography. Full stop.

Re:one-time pads

[david+duncan+scott]

What's so impractical about it?

Yes, it involves a physical transfer of an object, be it a paper pad or a CD-ROM. There is risk inherent in such a transfer, more risk, perhaps, than in an email or bulletin board post.

Note, however, that Robet Hanson transferred data through physical drops many times, as did Rudolf Abel (just the first two I could think of.) Espionage has been quite practical for thousands of years without any electronics at all.

For most of us, "practical" would correspond roughly with "safe". Things with high risk would be impractical. We wouldn't commute to work using a method that frequently resulted in injury, for instance, so we wouldn't go to work by jumping from an aircraft at 500 feet in moonless darkness, whereas the Rangers find this approach quite practical. They know that groundfire is more dangerous to them than tree branches, and spies and terrorists know that the most dangerous weapon against them is a dime (well, it's fifty cents in many places now, but "dropping two quarters" doesn't flow as well as "dropping a dime" on somebody), not a computer. Nine times out of ten, spies get caught because somebody rats them out or they do something really dumb, like get drunk and boast about it.

If you're caught, you're caught, and the only remaining risk (cryptographically speaking) is to the messages you've already sent. The OTP pages that you've already used you have, of course, flushed / burned / eaten / whatever, so they are no longer available, and yes of course there are authentication codes within the message (nothing especially elaborate is needed, since your opposition has none of the previous messages, so mentioning Charlie Brown and Snoopy in alternate messages is probably about as much as you need). By contrast, unless you sleep with that calculator in your hand, I wouldn't be so sure that the memory would be erased when the FBI comes through your doors and windows at 3 AM.

I need to take off my shoes to deal with numbers higher than 10, so I don't know about the precise relative security of various algorithms. I do know that it shifts over time, that methods thought secure five years ago are considered dodgy now, and that plans may take five years or more to mature. If I had that bomb hidden in Battery Park, and the FBI had my messages from 1996 describing its location, would they still be completely secure? What was the standard in '96, and just how many calculations could have been performed in those 5 years? (Let's see, 5 years is some 31,557,600,000,000,000 ticks of a 200 MHz Pentium chugging away at the problem ever since, assuming that they just grabbed a box off the shelf at CompuUSA and never upgraded, never mind a Cray or something.) You sure they couldn't have cracked a message sent back then?

Re:one-time pads

[Dwonis]

Yes, this is "more secure", but not "unbreakable". There's a big difference. One is theoretically possible to break/guess, the other is not.

Central Asia tech support

[4thAce]

No doubt there are any number of capable computer scientists in the Middle East and Central Asia whom these groups can turn to in a pinch for technical assistance.

They could post their encryption concerns to a site http://slashdot.af/index.pl?section=askslashdot for instance. But I don't think the Taliban would let them call the intellectual currency "karma."

Crypto Kills

Re read that article, but swap every occurrence of "crypto" with "guns".

Now you know what all the gun nuts were talking about.

It's already been done wth handguns - I figured all guns were next, but looks like crypto is next.

Re:Crypto Kills

[fredbsd]

Ahh...wrong again.

Guns are used in a variety of SPORTS (target shooting being a classic example). The purpose of a gun is determined by the shooter. Just like the purpose of crypto.

Before people start whining about their rights and freedom of , they should contimplate what freedom actually means and how it affects everyone. It's pretty amusing to read the posts here on /. People all cry when THEIR interests are threatened, but the same people could care less about freedoms being taken away from other groups. Taxation is a classic example. How many times have you seen /.'ers gripe when someone actually wants to cut spending on the NASA budget? Since when is space exploration a 'right'? If you don't pay your taxes, you go to jail. Not exactly 'freedom' is it?

Guns may be instruments of death to some people, but they are a hobby to others. It depends on the person holding the gun. Crypto should be viewed in the same way.

Re:Crypto Kills

[fatpenguin]

Guns are used in a variety of SPORTS (target shooting being a classic example). The purpose of a gun is determined by the shooter. Just like the purpose of crypto.

Yes, but weapons can be used to attack someone. Crypto may only be used in a defensive way. To actually kill someone, people still need a weapon (e.g. a gun, a plane, a car or whatever).

On the other hand, nobody even thinks of restricting the free use of, for example, cars.
That is because people are accustomed to cars, they use them daily and they understand why they are useful. They don't see them as possible deadly weapons but as part of their daily life.

That's why it is essential to propagate encryption as the natural way for everyone to send emails. It would also help to use some less technical word instead of crypto. I would rather refer to it as a kind of "envelope". That's an image that even Joe Average can easily understand.

Re:Crypto Kills

[fredbsd]

Yes, guns can and are used to attack someone. But crypto can and is used to plan an attack like the one we just witnessed on 11 September. I would say that was not defensive in nature. Mr. bin Laden is KNOWN to use crypto to plan his attacks, making it an offensive weapon in todays information age. Sad, but true.

I don't want crypto banned/regulated. My point was pretty simple: we should be defending all freedoms, not just those that affect our personal interests. The gun issue just highlights the hypocrisy flying around this country.

I am just as paranoid about a police state as the next geek. But I also have the ability to look objectively at any given situation.

Re:Crypto Kills

[Sly+Mongoose]

On the other hand, nobody even thinks of restricting the free use of, for example, cars.

A law will be passed making it illegal for non-Americans to rent or buy aircraft, so they can't be used as weapons in future. And I am awaiting the new regulations requiring a Federal License to own a Carpet Knife.

Look, we'd better wise up. All this heavy spate of legislatory excess WRT Cyber-crime and encryption, etc is NOT because of 11-SEP at all. The tradgedy has simply given then a gigantic bandwagon with which to roll over those opposed to their plans. They have always wanted to clamp an iron fist on the throat of eFreedom, and this is just the excuse they need.

There is no point in showing them that these efforts won't help against terrorism. They are not introducing them for use against terrorists. They are introducing them for use against US. "To protect the children", of course.

Re:Crypto Kills

[knobmaker]

"The problem with guns that when they are freely available that any one can go nuts and go on a shooting spree at a school or what not."

Gee, I get tired of hearing that myth-- that guns are more "freely available" now than ever before and that's why we have violence in schools that would have been unimaginable 40 years ago.

The truth is that guns are far less available than they were then. When I was a kid in the late 50s and early 60s (yeah, I'm older'n'dirt) you could buy a surplus military rifle from an ad in the back of a comic book, for the huge sum of $15. The postman would deliver it to your house, no questions asked.

And now you can't even buy a gun mail-order unless you have a federal license. There are background checks, and a thicket of laws attempting to reduce gun ownership and restrict access to guns. And yet somehow the violence is worse than it was when guns were really "freely available." How does that scan?

I expect the same sort of reverse results curve when good crypto is outlawed. Law-abiding citizens won't be able to use it for their own protection, but criminals and whackos will use it to prey on the rest of us.

Re:Crypto Kills

[markmoss]

Mr. bin Laden is KNOWN to use crypto

Can you cite any real evidence of that whatsoever?

Re:Crypto Kills

[crucini]

That's a bit simplistic. Guns and crypto are both ways to assert power. While the direct goal of a gun is to kill, the indirect goal is to control the situation. That could be a robber taking control of a store, or an army taking control of a nation. Or it could be a storekeeper maintaing control of a store against a robber, or an army defending a nation (denying control to outsiders).

The direct goal of crypto is to turn communicatons into impenetrable noise. The indirect goal (frequently) is to coordinate the actions of numerous individuals or groups without disclosing those actions to opponents. In other words, to gain or maintain control of a situation.

The real issue is not killing; it is control. Humans have a deep-seated need to control others, whether it's expressed through slavery, communism, corporatism, imperialism or imprisonment. And likewise, we have a deep-seated need to evade the control of others - to assert self-control.

Guns and crypto are both tools for asserting control, of others or of oneself.

Re:Crypto Kills

[crucini]

The examples you give seem to me like asserting control over your self, your money, your computer, and your private information - or preventing others from asserting control over these things. No, I'm not comparing that to slavery.

Here are some other example applications:

1. To build computers which will only run approved operating systems.
   
2. To build appliances which insist on phoning home in order to function, and which cannot be fooled by their owners.
   
3. To give weapons to third world countries which will be effective in their wars but ineffective if turned against the US.
   
4. To sell creative works which can only be viewed under the conditions specified by the seller.
   

Each of these is an attempt by one party to control another through encryption. They are at least somewhat comparable to slavery.

Re:Crypto Kills

[Elwood+P+Dowd]

Say "speech". You figured guns were next, but it looks like speech is next. Crypto is for geeks. Everyone wants free speech. And that's what we're talking about.

Re:Crypto Kills

[Danse]

Which are all about inflecting damage.

No they aren't. They don't measure how big a hole you make in the target. They measure how accurately you placed the hole.

Then there's hunting. Like it or not, we have to kill animals to eat. Guns are very good tools for that.

Re:Crypto Kills

[Danse]

A very popular icon on /. (name not to be mentioned) who claims to be a freedom fighter insists guns should be regulated. I just don't get the hypocrisy.

I don't know of any /. icons that are all that popular. They all get heavily criticized, and just because one of them is hypocritical doesn't invalidate any of the arguments regarding guns.

Re:Crypto Kills

[markmoss]

404 error... 404 error... Both those links are down. At any rate, I've seen plenty of newspaper articles quoting some government official _claiming_ that Bin Laden used crypto, but not a single encrypted message or other evidence. And in my long experience, the word of a gov't official looking for an excuse to snoop on citizens isn't worth diddly-squat.

crypto backdoors (likely) == hurt the us economy

[pantherace]

The addition of crypto backdoors to the programs will create a security hole, and it would be HUGE. The hole would be there, and a single cracker who figured it out would have a security hole in everything. The fear of that vulnerability, EVEN IF NOT KNOWINGLY EXPLOITED WOULD CAUSE A LOSS IN CONFIDENCE ABOUT COMPUTER SECURITY. The secnarios are endless, from all 'secure' online purchases, security of propriatary code, finacial records, etc. If say amazon, paypal, and ebay got hacked, there would be a major problem in the USA. Especially now with the knee-jerk reactions, people have, and the sudden concerns about 'security'. The thing that kept the US economy up for so long was consumer confidence, and spending, and I believe that this will contribute to an unmeasureable but significant decline in each.

(This coming from a geek trying to put it in a language that many marketers, politicians, economists, etc could understand, who actually dislikes most businesses today.)

Who will it hurt?

[serps]

The simple fact of the matter is that the latest calls for key escrow/backdoors to encryption, just like the ban on exporting 'strong encryption' during the 90's, will in the end only hurt the US.

what better priorities?

AC: The worst terrorist attack in recorded history occurred just over two weeks ago, and you people are discussing this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security? My *god*, people, GET SOME PRIORITIES!!!

What about the priority of preserving through logic and appeals to legitimate and justified self-interest the freedoms terrorists would like to destroy with their intimidation attacks? That one suits me.

Stop this mess !

[pricorde]

The FBI has found hand-written order letters in the baggages of terrorists.
Is this PGP ?
NO !
So why does the crypto=terrorist meme still continues ?
Paradoxically, paper letters are a more secure way to transmit information than the internet...

Re:Stop this mess !

[peppy]

It seems the terrorists didn't even bother to encrypt their emails either according to this article in the UK Guardian newspaper.

"FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack....According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read."

Re:Stop this mess !

[Sly+Mongoose]

bin Laden is known for using crypto to circulate logistics. That is what the Feds are targeting.

I've never understood how the FBI plan to persuade bin Laden to use their backdoor-enabled encryption application!

Will the ask him nicely? Or just threaten to arrest him if he doesn't?

Interesting

[smnolde]

Long ago when PGP was first announced I had a key generated. I have long since forgot about using PGP until PZ's /. post.

I have since installed, and configured PGP and GNU/GPG software on my home and work machines and am making active use of signing my documents. Not only that I've helped several others do the same thing.

Also, in my crypto-arsenal is OpenSSH which is a godsend to me since I no longer use telnet or ftp services on any of my computers accessible to the internet.

It's not that I worry about who is listening, or why; I have nothing to hide. I know that if someone is listening, they won't get squat out of my communications.

He's missed the point

[WolfWithoutAClause]

The security agencies are already checking through most or a statistical useful percentage of the bytes that flow over the US internet, and are characterising it all. Their actions only make sense if they are doing that.

Anyone using encryption stands out; so they write a file on them.

Where they find encrypted data they can't characterise it any further; so they hit a brick wall. But its not common right now, so they can make a file. However, if everyone on the internet routinely uses uncrackable encryption they can't build a file on everyone.

On the other hand, if they have key escrow they can blow away the encryption on all the legitimate data and they are left with 'illegal' encryption; except presumably terrorists and other malcontents; a much smaller group that they can write files on.

Of course this 'monitor all the traffic on the internet idea' falls down in several other ways. As an example, suppose somebody creates a Quake III server that has some sort of low bandwidth messaging in it perhaps the player steps left at careful timed moments or something, the characterisation by the NSA would be, oh its just another Quake player, when really its sending an encrypted message as well. [I just made that Quake idea up- its called 'steganography' in general, hiding encrypted messages in something else.]

Anyway, that's really what's going on. The security agencies are using the WTC disaster as a chance to get their legislation through whilst the going is good. Of course anyone with any sense can evade it, but not every terrorist has sense.

Re:He's missed the point

[corvi42]

Or even more handy for them. If they manage to make strong crypto illegal ( or non-escrowed crypto ), than they don't even need to bother with key escrow, just scan for instances of non-escrowed crypto and start laying charges. Who cares if you can even read whats being said if the act of using cryptographic software itself is an act of terrorism.

Re:He's missed the point

[rknop]

On the other hand, if they have key escrow they can blow away the encryption on all the legitimate data and they are left with 'illegal' encryption; except presumably terrorists and other malcontents; a much smaller group that they can write files on.

You already note one good way of getting past this: stenography, hiding the message in something that looks legitimate. (Your low-bandwidth Quake motion idea was a good one.) There is another: nested encryption. Presumably, unless somebody is already suspected, the monitoring agencies aren't going to be allowed to read the contents of all of this mail and so forth without a warrant. (Yeah, yeah, I know, I'm being foolish, but bear with me.) As such, all they will be able to do is verify that the message is encrypted with a legal, escrow-available key.

So somebody wanting to use illegal encryption encrypts their message with their own crypto, and then encryptes that ciphertext with legal crypto. It will pass the sniffer, but will still be unreadable if somebody gets a warrant and uses the escrowed key on the outer crypto. It won't do the statistical guys any good since their statistics pass will say that these people are using the legal crypto just like everybody else.

As has been noted elsewhere, trying to put controls and limits on this sort of thing is completely quixotic. The only thing which is going to make people copy is a desire to be compliant with the laws. As such, the only people that the laws hinder and restrict are the law-abiding citiziens that (theoretically) the laws aren't directed at. There are two possible motivations for these laws: one, a real misunderstanding of how quixotic trying to regulate crypto would really be. Or, two, a much more sinister desire to get the mechanism in place to monitor every citizen. Choose which motivation you think is behind all of this based on your own level of paranoia and how cynical you are about how naive our leaders are vs. how sinister they are.

-Rob

Re:He's missed the point

[WolfWithoutAClause]

> It will pass the sniffer, but will still be unreadable if somebody
> gets a warrant and uses the escrowed key on the outer crypto.

Nah. After they blow away the escrowed encryption on the data they run a simple 'is this any known language test' on it [these are used extensively in cryptanalysis] (e.g. check letter frequencies or something more complex). If it comes back negative they look at it some more, and if it appears encrypted they send around the boys in blue.

Incidentally, the warrant concept is probably a real laugh a minute. Probably they have a law that allows them access to just about anything for national security reasons, or they have a pet judge, or they don't care [see arms for hostages]. You can bet there's some angle going there.

Re:He's missed the point

[WNight]

I actually posted a bit about this a day or two ago... Someone mentioned getting together on a quake server and communicating through jumps and basic gestures. That had a few flaws, so I tried to come up with a way you could just play the game and still communicate to an observer, yet not be conspicuous.

The thread is at http://slashdot.org/comments.pl?sid=21984&cid=2353 112

But the jist of it is that you modulate your ping (at your end) and the observer factors out common ping fluctuations, to find your changes, which are based on a secret message.

Re:He's missed the point

[crucini]

...or they have a pet judge...

Your intuition is correct. They have the Foreign Intelligence Surveillance Court. The relationship between signals intelligence and law is an odd one, as shown here.

Re:He's missed the point

[crucini]

Why not use a script that posts possible encryption schemes to slashdot? Each post would represent one 8-bit character. Each bit would be communicated by the presence or absence of a word or phrase:

• Bit 0: Quake.
• Bit 1: ping times.
  
• Bit 2: Usenet.
• Bit 3: Porn.
  
• Bit 4: Hotmail.
• Bit 5: Portscans.
  
• Bit 6: MAC address in IPv6.
• Bit 7: Ben Franklin quote.
  

Re:He's missed the point

[Greyfox]

I read a paper on secure channels a while back. There are many things you can do. My favorite was putting data into various unused bits of the TCP header. This would work particularly well with address forgery; to a watcher on the remote side the machien being watched would be getting random packets from random places. The machine could just pull out the TCP header information and assemble the message.

Of course, to mess the watchers up some more, just blast out an E-Mail from /dev/random a few times a day. Or post a few K of random numbers on your web page that change every hour. If everyone did this, it'd be back to square one. What are you going to do? Ban the posting of random nunbers? They're just numbers.

Letters to congress people.

[Crixus]

One week ago today, I wrote essentially the same thing to my congress people. Here is my letter in case anyone else would like to send it to their congress critters:

------

Honorable Senator xxxxxx,

I am writing to bring to your attention the pointlessness of Senator Judd Gregg's new legislation mandating backdoors in all cryptographic products. I could make many arguments that discuss our civil liberties and the right to be secure within our papers and possessions, but that argument while true and immensely important, is not even required in this case.

Simply put, with respect to strong cryptographic software, the "cat is out of the bag." The world is already full of good, secure cryptographic products with no backdoors. That is the case now, and was PRIOR to Congress' reduction of ITAR restrictions that kept us from exporting strong cryptographic products.

The world is full of smart people many of whom do not work for the NSA, and do not live within the United States. These people in the civilian cryptographic world are constantly researching and developing new cryptographic techniques, which Senator Gregg's legislation WILL NOT AFFECT. No matter how many laws you pass, NOTHING will keep the BAD GUYS from being able to download this cryptographic software from European and other web sites.

If Europe latches on to Senator Gregg's idea of mandating backdoors in all cryptographic products, then the people who want to use cryptographic products with no backdoors will simply write their own, or copy VERBATIM the computer source code for strong cryptographic software that already exists in many hundreds of published books.

Allow me to quote Bruce Schneier, perhaps the United States' leading civilian cryptographic expert:

"To illustrate the ease with which a cryptosystem can be implemented, I present the full code necessary for establishing a secure cryptographic channel over the internet, called the Diffie-Hellman Key Exchange. Both people communicating do the following:

"1. Get public key (Y, P) of the other person. This is just a pair of large numbers.

"2. Raise Y to the power of X, where X is the private key, modulo P. The result is the secret key.

"Modular arithmetic is taught to fourth-graders under the name 'clock math,' and secret-key cryptosystems are just as easy to memorize and implement as public-key systems. I could teach any twelve-year-old how to reproduce from memory in under fifteen minutes a strong cryptosystem on any Windows machine. Any terrorist is quite capable of doing the same."

This speaks volumes about the current state of cryptographic software in the world today, and the ease with which it can be implemented.

If Senator Gregg's legislation is passed, it will have ZERO affect on the people who DO have things to hide from you, and will only harm the innocent citizens of the United States who wish nothing more than to insure that their banking records and private email conversations remain truly private.

Regards,

-----

Rich...

Re:Letters to congress people.

[dilger]

Darn good letter. I have three suggestions which I implemented as I was customizing it for my Congresspeople:

1. in the third paragraph, change "laws you pass" to "laws are passed" -- that way it's not pointing a finger at an individual Congressperson, or even at Congress
2. in the last paragraph, change "from you" to "from law enforcement organizations" -- again, don't want to point a finger at Congress (at least not yet)
3. Add a sentence to the end (the proverbial "call to action"): "Please do not support any legislation which restricts the use of cryptography." (Or something like that.)

Thanks for posting this letter.

cbd
your friendly local English teacher

Re:Letters to congress people.

[Crixus]

cbd your friendly local English teacher

HEY! How would an English teacher get their letters out of order? ^

The correct order is 'bcd' not 'cdb'. :-)

I always enjoy having a good editor at my side. Good suggestions, thanks! :-)

I must confess however, I was in a VERY angry mood when I wrote that and I did choose the "you" words to personalize it. As in "you fascists." :-) (YOU as in congress, not the fine slashdot readers) :-)

Your final sentence is also a good idea.

My friend Matt who is a very good editor usually looks my stuff over before I publish, but I didn't feel like bothering him with this one.

Rich....

Re:Letters to congress people.

[Crixus]

Wow. :-)

I can't handle all of these nice things being said about me and my writing. The people closest to me aren't compliment givers. :-)

Just doing my part. When I get angry I need a release.

Emotion, the basis of most art.

Rich...

Re:Sorry

[ZigMonty]

You can, but the numbers are very big. Even 40-bit keys can represent numbers up to 1099511627776. A 1024-bit key can represent an number like:

• 179769313486231590772930519078902473361797697894 23 06572734300811577326758055009631327084773224075360 21120113879871393357658789768814416622492847430639 47412437776789342486548527630221960124609411945308 29520850057688381506823424628814739131105408272371 63350510684586298239947245938479716304835356329624
• 
  224137216

It's 309 digits long! As you can see the numbers are big and get exponentially bigger as the key size increases. The idea with public key encryption is that, while it is quite quick to multiply two numbers this size together, it is very hard to factor the result into the two parts again. It is possible but, for keys > about 56-bit, it is beyond what modern computers are capable of.

Distributed.net is a SETI@home-like project to crack ever larger keys, among other things. Check them out.

It's not in the ATA. Geez, I wonder why.

[L.+J.+Beauregard]

The Department of (In)Justice has not asked for crypto backdoors in that wish list that Congress calls the ATA. Geez, could it be because the Feds don't think they need them?

After all, the Feds can install keystroke loggers on your 'puter, or they can call out a van full of TEMPEST equipment. The keystroke loggers require agents to physically enter the premises, which obviously requires a warrant. As for the TEMPEST equipment, no precedent exists AFAIK, but the ruling regarding thermal imaging may be helpful.

Are you a troll?

[mangu]

Perhaps you are trying to get some karma as "funny", but I once actually did something like that, after reading a couple of Byte magazine articles, specifically, in the March and April 1979 issues.

It would be more sensible to assume most terrorists aren't so sophisticated. But, in that case, they wouldn't depend on computers for encryption. They would use code phrases, one-way pads, and many other methods that do not depend on computers.

In the end, the people most affected by encryption limiting laws would be common middle-class citizens in the developed nations, people who do on-line shopping and banking, or who use credit cards for any purchases. Remember, you don't need to do any on-line shopping to be vulnerable if your local shopkeepers keep your credit card numbers in vulnerable computers.

Re:Are you a troll?

[Sly+Mongoose]

It would be more sensible to assume most terrorists aren't so sophisticated.

Actually, it would be more sensible not to underestimate terrorists.

(Sheesh! You'd think 11-SEP would have taught people this!)

Re:Are you a troll?

[mangu]

If he can recruit programmers, then it's useless to make laws restricting encryption software, they will circumvent backdoors easily. But how many honest citizens are able or willing to fix those law-mandated bugs? Those proposed laws are playing in the hands not only of terrorists but of traditional organized crime as well.

Re:Are you a troll?

[petard]

In the end, the people most affected by encryption limiting laws would be common middle-class citizens in the developed nations, people who do on-line shopping and banking, or who use credit cards for any purchases. Remember, you don't need to do any on-line shopping to be vulnerable if your local shopkeepers keep your credit card numbers in vulnerable computers.

My local shopkeeper had fucking well better not be keeping my credit card number anywhere at all, least of all on a "vulnerable computer"!

Re:Are you a troll?

[WolfWithoutAClause]

I don't think he is a troll, although a lot of people will think so. To implement RSA you only need to multiply, add, and find the remainder on a large number.

There's a T-shirt with an implementation in Perl; theoretically it's illegal to export from the US; but it probably comes under 'free speech'.

Re:Uneven distribution of knowledge

[Alien54]

While crypto makes sense to majority of the /. readers, how are you going to explain crypto to your normal joes on the street (and those folks in power)

They need to have the quantity and quality of understanding and education that you have.

For some, this will be difficult.

Also, some people DO prefer safety to freedom.

Finally Someone who understands

[jdevons]

Now there is finally someone who understands the gun issue... On wait, this article is about encryption!

Re:Sorry

[sjmurdoch]

It is true that any mathematical expression can be modified to find lost values, but there is nothing to stop one way from being much harder from the reverse. For example it is easy to smash a plate, but while it is possible to reassemble the pieces into the original form, it is much harder.

Problems like this exist in maths as well as the physical world. One such problem is used in RSA encryption, which can be used in PGP. This problem centers around the belief that it is easy to multiply two very large prime numbers, but given the product it is very difficult to go back to the original primes. I say belief deliberatly since it is possible (albeit extremely unlikely) that there is an easy way to factor large numbers. Most PGP implementations actually use Elgamal rather than RSA, but the principle is similar.

If you are interested in this subject I would strongly recommend you buy/borrow a copy of Applied Cryptography by Bruce Schneier (amazon link). This is the best crypto book available (IMHO) and explains the fundementals of the suject, including the maths behind RSA and ElGamal without requiring any previous knowledge.

Hope this helps.

Even ClearText email can be used for a bad purpose

[jerwiebe]

One thing I find interesting is that these terrorists could have just as easily used cleartext email to distribute their logistic plans. Couldn't they have just have a predetermined language and the actual emails would have looked as innocuous as someone writing their friend to meet somewhere.

Let's meet at 7:45 in front of the Arthur Anderson school on the 11th
Translation: You will overtake American Airlines flight 745 on the 11th

That would look totally benign, yet be the actual trigger to the event. No crypto needed!

Do you EVER have a right to privacy? If you do...

[Futurepower(tm)]

What is scary about this U.S. government talk of not allowing secure encryption is that it is working so well. Even the intelligent, educated people who comment on Slashdot (Don't joke about this, it's the truth.) are being led completely away from the real issue.

The real issue is that they are trying to get you to accept that you have no right to privacy.

The really important matter is that the U.S. government is trying to get you to accept the principle that it can spy on you. They know they will lose the encryption battle.

Do you ever have the right to privacy? If there is a single case in which you have the right to privacy, then you have the right to encryption, because you need it for that case.

From the article, What should be the Response to Violence? :

"The U.S. government has three separate, very large agencies that function as global secret police: The FBI, the CIA, and the NSA. The first two are authorized to kill other people. These agencies are secret in two senses: Their activities are hidden from the people of the U.S., even though the U.S. is a democracy. They also have secret budgets. These agencies function everywhere in the world, including inside the U.S."

It has somehow been established that U.S. citizens will accept that they cannot be told about either the activities or the budget of the secret "national security" agencies. Clearly, if they did know, and if they had a chance to vote, most citizens of the U.S. would vote against many of the activities. However, U.S. citizens are not allowed to have enough information to make an informed decision about the secret agencies.

Not Stenography

[AndrewHowe]

Steganography.
Steganography.
Steganography.
Fire anti-lameness filter torpedoes...

Cryptography isn't going away

[LazyDawg]

We've had cryptography and steganography since back when messages were tattoed on the tops of soldiers head and run between camps. The public has been sending secret messages long before it was rendered legal for them to do it, and they will continue long after it is rendered illegal again.

Language has always had two purposes: 1. To aid in communication with those you like, and 2. To hinder communication with those you don't. Otherwise, we would probobly all be speaking in the same tongue or dialect. Even if these laws are passed, sending secret messages will always happen, and crypto/stego are too great a tool to be just thrown away by the people.

Use of GIF images to send secret messages is one obvious way to make your message invisible or even undetectable. Encrypting that message against any commercially available CD image would be even more useful. Any attempts to circumvent that encryption would result in extracting a CD image, and that's a DMCA violation. :)

Encryption Saves Lives

[hacker]

When I hear the argument that "...encryption can be used to hide terrorist communications..." and that we can't protect our citizens properly if we let these bad guys continue using unbreakable encryption, I have one thing to say...

...the United States military uses encryption every single day to save thousands of lives. How do you think these soldiers in the field talk to each other, relay coordinates, maintain anonymity in foreign lands to stay alive? That's right class, strong encryption!

It's ok to implement backdoors in the publically available encryption, but oh, this little stuff we use over here in our military is classified, you can't see it, and we can't even tell you we use it.. But here's a 200 page document, all conveniently highlighted in black marker, that explains everything you need to know about it.

All of these politicians and gubbermint officials supporting this type of intrusive "anal exploration" of our freedoms needs a brain exam.

Re:crypto backdoors (likely) == hurt the us econom

[Sly+Mongoose]

In the case of PGP you could use an additional public key, wich belongs to the secret police.

And how would it be decoded? Won't the use of a "Gestapo Key" in the encryption, affect the decryption?

Software that allows Messages to be encrypted with only the recipients key is outlawed then.

So in effect

dd if=/dev/urandom ibs=256 count=1 | uuencode binladen.msg

is a criminal act? 'uuencode' may not be strong crypto, but it's still crypto...

(Damn! I like that "Gestapo Key" notion!)

Re:Uneven distribution of knowledge

[j7953]

Here's how I would explain it:

"Cryptography is a mathematical method used for the secure transmission of mails, financial transactions, credit card information, and confidential business documents. Securing the transmission makes sure that only the intended recipient will be able to read the information."

Note that the word cryptography is used only once, and the but-it's-a-terrorist-tool reaction is prevented by immediately explaining it's nothing but mathematics. Make sure not to scare people of off with technical terms. Explain to them why they need encryption, not how it works.

Re:Even ClearText email can be used for a bad purp

[Sly+Mongoose]

Let's meet at 7:45 in front of the Arthur Anderson school on the 11th

Actually, this is exactly the sort of obvious code-phrase that CARNIVORE is on the lookout for when it scans everyone's e-mail. And ECHELON is on the lookout for such phrases spoken aloud on the telephone.

So if you keep making suspicious remarks like that it won't be long before the black vans arrive in the dead of night to drag you away, and your neighbors pretend to hear nothing when you scream!

:)

Close, but not quite....

[Deskpoet]

Though I agree with everything you said, the fundamental problem goes a bit deeper than privacy.

The full underlying cause of this is nationalism and the belief that the State is an almost divine entity that will protect you from all ills provided you play by its rules.

History shows that this is a fool's bargain. Any state--and yes, flag-wavers, that includes the US--is *designed* to limit your freedoms for the "greater good". While this works for a great many people indoctrinated to accept the definitions the State provides for "freedom" and "democracy", it is not, nor has it ever been, a complete solution for people in the world, and *much* has been done in the name of the State--like much was done in the name of God before it--that is simply hateful and evil.

Allegiance to the State, a belief that the State is all, that you should be proud to be part of the State, happened in Germany in the 1930s, and it appears to be happening here. Based on some of the troll posts here, you just have to substitute Arab for Jew, and you have the basic plank of the Nazi party flying in full colors.

How does this relate to crypto? It doesn't really at all--that's the point. But, if we're really trying to make a connection, then there's the tenuous observation that crypto is math, and knows no allegiance to State, which has no allegiance to you, meaning that Crypto is like the State in that it is an abstract concept without any feeling or allegiance to anyone or anything. The major difference between Crypto and the State is that the State is established, has full access to social control mechanisms, and panders to people's senses of belonging while Crypto is simply math that individuals can use to keep pieces of themselves from the State and unto themselves.

It is natural that the State--which *fully* seeks the totality of National Socialism, and now has the capacity to make _1984_ look like a Disneyland ride--would seek to abolish the one tool that can put an individual on equal footing with it. It's up to *us* to drop our allegiance to one abstract concept and rally our efforts around the other.

I'll leave it up to you to decide which way the wind appears to be blowing.

Re:Ban both cars and alcohol...

[mttlg]

If their ONLY purpose was to KILL people.

But haven't you seen that Simpsons episode where Homer joins the NRA? Guns can be used as TV remote controls, light switches (off only), beer can openers, etc. There's a world of possibilities out there.

On a serious note, the purpose of a gun is to propel a projectile at a high velocity. The gun does not (well, in most cases at least, target recognition and artificial intelligence aside) aim itself. It takes a person to decide whether to point the gun at a paper target, television, car, animal, person, etc. The issue isn't what the gun is capable of, but whether the person holding it is capable of handling the task of pointing it (this isn't always properly addressed by firearms regulations unfortunately).

Cryptography is quite a different issue, as it only affects the flow of information. Law enforcement agencies are complaining because they want all information to flow through them. The idea is that they must know what everyone is doing so that they will know when someone is doing something wrong. Since that is going a bit far, they will settle for just the option of knowing what someone is doing if they think that person is doing something wrong. Cryptography presents a challenge here, so back doors have been proposed to potentially remove the potential that someone could possibly be planning to maybe do something that could be bad without law enforcement knowing about it. If that sounds absurd, it's because it is, and that's the point.

Well thought-out article.

[rice_burners_suck]

From the article: "Once surveillance tools receive legitimization, who can guarantee that they'll always be used in enlightened ways by an administration in, oh, how about the year 2084?"

This is a good point. I'm glad someone finally pays attention to what's going on. Each standalone piece of legislation eventually gets combined into something larger when newer legislation is added. Rarely if ever is any legislation removed. The end result is that the government can only increase its power, decreasing that of its people. We can talk all we want about passing laws, like encryption backdoors, national ID cards, etc. The problem is that most people understand how these laws affect their lives now, but they don't extrapolate and try to picture the future. Furthermore...

From the article: "The competitive angle: If U.S. companies are forced to play by the these rules, rest assured there are foreign companies aplenty that will get around the Americans' export ban."

... You can't say that the encryption won't be cracked. Where there's a will, there's a way, and the backdoors will eventually be cracked. It's only a matter of time. Crackers (and foreign companies) will continue to use unencumbered encryption, while accessing our communications through the backdoors. The whole scheme sounds great from our law enforcement's point of view, but will actually make us much less secure. Imagine financial, legal and medical information getting into the wrong hands. (Besides, you don't honestly believe the government will use the same weak encryption as we will, do you?)

To make a long story short, as with any technology and knowledge, encryption can be used for good or evil. Chances are, most everything is used mostly for good. We shouldn't punish our entire country because some jerk-off from Wastelandistan may have used encryption.

Re:Even ClearText email can be used for a bad purp

[darkonc]

Doesn't work. As far as I remember the news reports, the tickets were mostly bought a while before the attack, and they were bought over a period of a few days. If there was such a trigger event, it was something else.

Crypto not common??

[alienmole]

Where they find encrypted data they can't characterise it any further; so they hit a brick wall. But its not common right now, so they can make a file. However, if everyone on the internet routinely uses uncrackable encryption they can't build a file on everyone.

If I understand you correctly and you're saying that crypto isn't common right now, that's not true. Salespeople around the US have been selling Virtual Private Networks (VPNs) to companies for a few years now, and these encrypt all traffic between a company's sites. While there almost certainly is still much more unencrypted traffic on the net than encrypted traffic, encrypted traffic is far too common for the government to be building a file on every instance they encounter.

Many lawyers use encrypted email because of legal precedent which makes email less legally "privileged" than say a phone conversation.

Then there are all the /. nerds using SSH to talk to their servers. Do you think the FBI or NSA has a file on Shoeboy?

Everyday use of encryption is a lot more common than you might imagine.

Speaking of missing the point...

[alienmole]

If they manage to make strong crypto illegal ( or non-escrowed crypto ), than they don't even need to bother with key escrow, just scan for instances of non-escrowed crypto and start laying charges.

Except that all you need to do is doubly-encrypt your messages - first with strong crypto, then with government-approved crypto. This can't be detected without going through the legal process of obtaining a key, so widespread scanning for non-approved crypto will only turn up the conscientious objectors and a few really dumb folk. Then again, some people say stupidity should be a crime...

Backdoors are silly...

[rebelcool]

I have little doubt that virtually every commercial cryptographic scheme has been broken by the NSA & co. They are the world's largest employer of extremely brilliant mathematicians and computer scientists with access to perhaps the largest cache of supercomputers in the world.

All this backdoor nonsense is simply a ploy to shorten the processing time on the supercomputers to crack it. Save a few billion dollars here and there in computation time.

Re:Backdoors are silly...

[samantha]

You would be incorrect. Do the math. Enough computing power to break some algorithms and keys of certain sizes does not exist on the entire planet. Also, one-time pads are not breakable with any amount of computing power. Lastly, as many fine crypto minds now exist in academia and the comercial secrot as in NSA & co.

Re:Backdoors are silly...

[marm]

You would be incorrect. Do the math. Enough computing power to break some algorithms and keys of certain sizes does not exist on the entire planet.

Only if you are brute-forcing the encryption, trying every possible key.

Cryptanalysts just don't do that, at least not with encryption that has more than a trivial key length. As you rightly point out, it's just not viable.

Instead, cryptanalysts look for more subtle flaws in the encryption algorithm and attempt to exploit them to reduce the key search space.

For instance, there is some evidence that the NSA knew about a type of cryptographic attack called differential cryptanalysis, many years before it became widely known. Back in the late 1970's when DES was being proposed, the NSA stepped in and made some modifications to the algorithm, but did not tell anyone why they were making these changes. The general assumption back then was that the NSA was trying to make the algorithm weaker in some way, although nobody could put their finger on exactly why.

Fast forward nearly 10 years to the late 80's and cryptographers working in the open discovered differential cryptanalysis. Imagine their shock when they discovered that the original proposed DES algorithm was wide-open to attack by differential cryptanalysis, but that the modifications that the NSA introduced made DES much more resistant to this type of attack!

So, for getting on for 10 years, and possibly considerably longer, the NSA had knowledge of how to blow holes in all kinds of different cryptographic systems (differential cryptanalysis has made several encryption algorithms that were previously widely-used obsolete) that were assumed to be secure, even by public researchers in the field.

One-time pad encyption may indeed by entirely secure, but the requirement to distribute completely random keys that are each at least as long as the message you are sending, and which you cannot use twice, is just not practical for most people.

Thus we use public-key and block cipher systems that MAY be flawed in some way. Researchers have gone over all these algorithms with a very fine toothcomb and have so far found nothing wrong with most of them, but that does not mean that people working for the NSA/GCHQ/whoever have not found these flaws. All we know is that no-one has made any useful attacks public.

With all due respect to the excellent cryptography researchers working in academia and the commercial world, I believe that the government communications agencies are still some way ahead of them, and that this may amount to several years ahead. This is simply because they are generally better-funded than other cryptographers, and that they have many more years of research to draw on - cryptography has only been studied extensively outside of government and the military since the late 1960's or early 70's.

Whether that means NSA et al. have working attacks on well-known cryptographic systems in use today is anyone's guess. We simply don't know. Logically, it is thus not safe to assume that they don't.

Factor 2048-bit number, win $200,000!

[alienmole]

To really drive the point home about how hard it is to factor these big numbers, check out the prize list for The RSA Factoring Challenge. If anyone doesn't believe that it's difficult, well, there's a total of about $635,000 waiting for the person who can prove that it's not!

Hatred of unfamiliar tools

[crucini]

People who have never fired a gun are more likely to demonize guns. People who have not beneficially used cryptography are more likely to support restrictions on crypto.

When I was a child, I was trained to fire a .22 rifle. Therefore, I am permanently in the pro-gun camp. I could come up with lots of "reasons" but the real reason is experience. Likewise, most religious people follow the religion in which they were raised.

As for sanity checks, what's the point? Accidental and criminal shooting far outnumber shootings by insane people. It's just that the media gives more play to "loony kills 20" than to "drug dealer shoots another drug dealer, again."

missed a big argument there

[darkonc]

Beyond the fact that a threatened life sentence isn't gonna stop a terrorist who's willing to blow him/herself into tiny pieces to get to you, consider this:

So you have a backdoor to all encryption: in 2005, Osama Bin Laden II has managed to crack the back door -- but he doesn't tell anybody, because that would undercut public confidence in the cryptosystem. Instead what he does, is eavesdrop on 'secure' conversations, and mess up financial transactions for the next year or 3.... until people realize what's going on, and trash the back doors

At that point, we're back were we started from -- except for the fact that we've had a few years of badly compromised commerce and communications.

Re:missed a big argument there

[Randym]

So you have a backdoor to all encryption: in 2005, Osama Bin Laden II has managed to crack the back door -- but he doesn't tell anybody, because that would undercut public confidence in the cryptosystem.

Sa-a-ay: you know C0de R3d III? Everybody says it was the Ch1nes3, but coulda it been *slam1c t*rr0rists? or the NS&?

Just wonderin'...

Guns and crypto....

[Picass0]

Many of the guns=crypto arguments I am reading here have one fatal flaw:

Most people understand they do not have the right to point a gun at a cop or a federal officer. So why would those same people think they have they right to use crypto when the feds have a need to know?

Don't get the wrong idea. I don't like the idea of having my personal data searched without a search warent. But you need better logic than bastardizing the gun ownership argument.

Re:Guns and crypto....

[Picass0]

I think you've misunderstood me. It's not my intention to say we should give up our civil rights. I was pointing out that I see debate arguements being formed that I see as flawed.

I agree crypto is not a weapon. And, as it turns out, there is no public evidence that crypto was used in the execution of the attack.

As for my use of the phrase "need to know", I should have been more specific. When you are presented with a search warrent, the police have the right to search your home, computer, phone records, and anything covered by the warrent. Now, if you don't like that, that's a seperate can of worms from the crypto issue. That's a civil rights issue. I was not attempting to examine the morality of search warrents.

Re:Guns don't Kill people, people kill people.

[sinster]

Oh boy.

government phone taps do not bother me because I know the only reason the .gov would want to tap my phones is if I were doing something bad

That's a completely specious argument.

Government people don't tap people's phones because they're doing something bad. Government people tap people's phones because they're under suspicion of doing something bad. You own a gun. You post on slashdot. You have a computer. You have political opinions. In some jurisdictions, that's more than enough to put you under suspicion of doing something bad. Like here in California.

If the government knows someone is doing something bad, then they don't have any need of a phone tap: they already have enough evidence for a conviction. The rule in law enforcement is "go far enough to get sufficient evidence for a conviction, and then stop!" The perpetual fear in the DA's office is that law enforcement will uncover exculpatory evidence (that's evidence that proves the suspect's innocence). Since the prosecution is obligated under discovery rules to turn over all evidence to the defense, the presence of exculpatory evidence is a bad thing in the eyes of the DA's office. DAs don't make the connection with the fact that the presence of exculpatory evidence means they're prosecuting the wrong guy: they just want a conviction so they can close the book.

What all this means is that if the LEAs have enough evidence to convict you, they won't even attempt to tap your phone, because their investigation might backfire. And since you don't need proof of wrongdoing to convict (you only need enough evidence to show wrongdoing "beyond a reasonable doubt"), the certain knowledge of wrongdoing is also a guarantee that the LEAs have enough evidence to satisfy a jury. Note that I said certain knowledge, not strong suspicion: LEAs are excitable folks who tend to leap to conclusions.

And that tendency to leap to conclusions is part of the problem. By and large, LEAs are ignorant boobs. I've had a lot of contact with the Secret Service's technology investigations group and the FBI's computer crime squad in San Fransisco, and even these guys (law enforcement's technological elites) aren't sufficiently up to speed to avoid leaping to conclusions.

Just look at the public records of the LAPD's illegal use of wiretaps throughout the 90's. At the instruction of the LA DA's office, no less. This was an ongoing, persistant misuse of wiretaps lasting many years, none of which were authorized by courts. With such widespread misuse in one jurisdiction, one must conclude that such misuse occurs in other jurisdictions as well. Cops, just like other professionals, have a tendancy to jump from one job to another, though perhaps not as often as in technical fields. So even if other jurisdictions didn't come up with the idea on their own, crosscontamination would've occurred. And the record is clear that illegal wiretaps have been commonplace throughout the US for decades at least. Since not all misuse is detectable, the truth must be that wiretaps are even more horribly misused than is known.

What all this means is that you should assume that any ability that the .gov has will be misused to a greater or lesser degree. Innocent people will be hit by these misuses. Innocent people will go to jail as a direct result of these misuses. And innocent people will have no recourses.

Whether you're talking about wiretaps, gun registration databases, sex offender registries, or crypto backdoors, the issue isn't whether or not you've done something bad. It's merely whether or not you appear to have done something bad, or in the worst case, whether or not it can be made to appear that you've done something bad.

The simple matter is that with the sheer quantity and scope of the laws that already exist on the books, every one of you has done something bad. It's not possible to live a day in society without breaking a law. Do you have a bag of blue ice (the freezable cold packs) in your freezer? How about a piece of wood and some sandpaper? Or maybe a can of gasoline? If any of those are true, then you are in possession of bomb making materials. That's a federal felony. Do you own a car? Do you drive it? Then you're guilty of transporting hazardous materials without a license. Federal misdemeanor. Have you ever said the words "someone should kill the president" or anything to that effect, regardless of context or intent? Federal felony. Called a enemy in an online multiplayer game a "fucking nigger" for cheating? Or how about "bitch"? That's hate speech. Municipal misdemeanor in many jurisdictions. Do you possess pictures of your children as babies, naked? Child porn (go read the statute: it's very much over broad). Federal felony. Have you ever had sex with your boyfriend/girlfriend while they were a minor and you weren't (such as when you were 18 and they were 17)? Statutory rape. Federal felony with strong enforcement ("strong enforcement" is a term of art that means that the victim or victim's parents don't have to agree that a crime has been committed in order for prosecution to proceed).

LEAs will try to tell you that they won't proceed with prosecution unless there was "intent to commit a crime." But in practice, that's nonsense. "Intent" is defined and shown by the DA's office (or AG's office), not by the LEAs or defendant, and in the case of strong enforcement statutes, is irrelevant anyway.

Ok, I'm starting to ramble. So I'll sum up: we must always resist giving any power to law enforcement that is capable of being abused, because any abusable power will be abused, and the innocents are the only people who will suffer.

Bush resumed it really simply.

[tcc]

"We are facing an enemy like we've never faced before, we can't see him, we can't bomb him. and[...]"

He's right, and to make every computer-illeterate american feel safe, his administration pointed a "tangible" enemy on which they can "look like they can do something about it".

Too bad they are forgetting that people can now use the net if they want to find out about stuff they don't understand fully. And besides, even if you're flipping burgers, you can understand that there's a shitload of material already available to build a safe encryption mechanism with what's on the net.

Talk about shooting in any directions. I'd feel much safer knowing they've catched the leaders of all the known terrorists groups, and that people increase the immigration security/background check.

SSH is a better battleground than PGP

[JPMH]

I think you're both right.

As far as I can see, *email* encryption really is what the general media and the politicians do think the argument is all about. Because so far only a small fringe minority use encrypted email, the pols think it will hardly be missed; and besides, the obsessive secrecy probably indicates that the users are up to no good anyway.

The idea of *channel* encryption probably doesn't even cross their radar. But 'alienmole' is absolutely right: the most widespread and important use of encryption at the moment is *not* email; it is the use of ssh and friends to secure public channels. And the reason these are so important is obvious -- and probably much easier to explain to the public -- in these days of crackers and virus writers: you really don't want anyone to be able to break into your channel, and interfere with your remotely-controlled telescope or heart operation or hack into your corporate network or whatever.

The case for SSH is much easier to make than the case for PGP, because of its demonstrable real-world importance. If we can move the debate towards channel security, away from email security, it will be much easier to win.

But of course as soon as two people can ssh into the same box and talk to each other, the banning of any other uses of encryption starts to look pretty irrelevant.

Re:SSH is a better battleground than PGP

[alienmole]

Good point. It had never really occurred to me that there was a difference - after all, email is just another channel - albeit a fairly inefficient one - as demonstrated by various protocols which piggyback on SMTP. But certainly, this distinction may be stronger in the minds of the public and lawmakers.

But of course as soon as two people can ssh into the same box and talk to each other, the banning of any other uses of encryption starts to look pretty irrelevant.

And of course, this is happening already. Without any effort on our part, beyond the initial setup of a VPN-style system, all email I exchange with colleagues is encrypted during transmission, because we all connect over a secure link to the same mail server.

Encrypted email wasn't our intent; all we cared about is that our network wouldn't be compromised by script kiddies with a sniffer at an ISP. But the net effect is that Carnivore won't help the government if they want to read our email: they would have to get a subpoena for our private mail server, or secretly install keyloggers, etc.

As far as I'm concerned, the war "against" encryption was lost a long time ago, and it's now just a matter of waiting for reality to catch up with the politicians. That's often a slow business, though.

Yes, article circled the issue - like guns

[leonbrooks]

It's quite a valid observation that ter[r]orists can write their own software.

Not just write their own, there is a heap of good working encryption stuff, including steganography, available outside the USA for essentially no effort. The effect of outlawing encryption (or legislating key-escrow) will be to leave ``real'' encryption only in the hands of the terrorists and other outlaws.

The gun people have a saying ``If guns are outlawed, only outlaws will have guns.'' They're right, in a general sense, but this catch-cry is a two-edged sword. If guns (or truly secure encryption) is outlawed, ordinary people who must use them for their reasonable daily business will be, by definition, outlaws.

The idea of laws scaring terrorists is unbelievably stupid, thick, dumb, brainless, naive, irresponsible and many other bad things. It reminds me of the locality which has a $500 fine for detonating a nuclear explosive within city limits. If the cost of your terror mission against ``the great satan'' is your own life and the lives of many others what difference is the threat of a fine or jail term - or for that matter even a death sentence - ever going to make to you?

Re:Uneven distribution of knowledge

[j7953]

I don't know, maybe you could ask them if they would send their credit card number on a postcard? They also don't "see" anyone reading that. But those people are probably the ones that don't want to understand.

Maybe you could also try and explain to them the structure of the internet, the fact that they cannot control which systems will transmit their information, that those systems might be the systems of their competitors. But then, those people probably also don't want to know about network architectures.