Slashdot Mirror
China Frustrated In Encryption Talks
mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"
Isn't it possible the Chinese could be pushing an encryption standard because they know a flaw in it they can exploit?
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
The Chinese want their encryption to be the standard so that they can use their backdoor.
The US wants its encryption to be the standard so they can use their backdoor.
So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
There are already at least two wireless encryption formats I can think of. I don't see why adding a third is a problem. As China's economy is very much export-driven I can see how they'd be frustrated if the US attempted to thwart them getting their standard adopted as an international one.
Video Game cheats, hints a
I'm not trying to be negative, especially towards China... However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.
The best way to predict the future is to invent it. -Alan Kay
. . . then China does not have to accept the standard for its domestic routers, right? What's the big deal?
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.
If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm not any sort of expert, but I believe that OpenSSL is an implementation of an existing standard, whereas the things up for debate here are the next-generation standards to use. Furthermore, these standards are for wireless connections, which isn't something that OpenSSL has anything to do with.
So basically, it's not relevant, I'm afraid.
most of these 'standards' come with a lot of strings attached: implementation of certain pieces of technology, support infrastructure, etc. are patented. patents rule this world. wapi must be well-protected by chinese corporations, while its alternative is probably surrounded by a patent mind field that belongs to u.s. companies. it is all about money, as usual.
China throws a hissy fit because it's standards not used? How is this new? It's standard practice to storm out if something you don't like happens. It disrupts the meeting and makes you get your way much easier. Every 4 year old kid can tell you this..
I don't trust China and I don't trust America, but last time I checked "offical" ment jackshit in the tech world. People will use what they deem is best and anything official will either be picked by geeks and become standard or it'll be dead within a few years and replaced by another standard untill geekdom kicks in.
I like muppets.
i11.208, the white and user-friendly encryption that is so hip only the coolest will use it (or be able to afford it)..
I jest! I jest! *ducks*
So code your own. WEP, WAP WIP WOP WUP fuckee doo, really.
:D
This IS Slashdot, isn't it? Why is this news?
There are no "backdoors" in standards, only in implementations.
Oh, I can't help quoting you because everything that you said rings true
Everybody wants to use /their/ secret, of course. If it can't have code that all parties can audit.... ? I mean for real. OpenWhatever then, or is it just play-encryption.
We're all upset that the Chinese want to introduce their closed-door proprietary standard...
...] are all essentially closed door standards. Even if you're in the SIG you're only one of many. And the many are usually NOT cryptographers so they'll basically vote for whatever turns into the least amount of VB.NET code for their Windows only drivers.
But please, tell me, how many cryptographers were consulted BEFORE the design of WEP? I know of a few who worked on the implementation AFTER the design [e.g. when they couldn't change things]. WEP and WAP [and WiMAX and
Like it's so fucking hard to get a shared-secret lossy communication medium secured... AES + CCM + proper rekeying == router that doesn't cost 69.95$ at Fry's but does == a wifi device you can trust.
Tom
Someday, I'll have a real sig.
You have to partner with a bloody Chinese company to build equipment based on it.
That's fucking ridiculous.
The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.
I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.
For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
I think China and North Korea use the same publicist.
an ill wind that blows no good
If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.
(%i1) factor(777353);
(%o1) 777353
And since they own all our manufacturing capacity, there would be little we could do about it. It would take years to tool up enough manufacturing to replace everything we depend on them to produce.
I guess being dependent on foreign oil wasn't good enough. We had to match that folly by sending our component manufacturing overseas as well.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
when Mandarin or Cantonese is equally or more effective :)
It's actually very simple. Here's what they need to do in two simple steps:
1. They should tell all manufacturers of WLAN equipment that are based in China (90% or so of all wlan manufacturers) to implement WAPI (remember, they are in China so they have to do what their government asks them to or they will be down. Oh wait, it's not very much different in USA anyway.).
2. They should tell all manufacturers of WLAN equipment that are based in China to drop support for 802.11i, or whatever else shouldn't be there.
Now, after about a year or so they will have a de facto wireless encryption standard named WAPI. Like it or not, that's the most efficient way to do this.
It seems you have no idea what makes a good encryption standard today.
The only way to be sure that an encryption schema is good is to publish it so that thousands of scientists can look at it and search for problems. Better try to include the community into the developement process.
Your "security by obscurity" idea almost never worked...
I suspect lots of companies and people would have liked to stick it to the IEEE and Linksys, and if the Chinese had prepared their position well, negotiated carefully, and put in a good proposal for an open, patent-unencumbered, well-tested, and clean encryption standard, they could have won this debate.
I don't know what exactly they actually did, but from the strongly negative reactions, I'm concluding that they must have failed on not just one, but several of these points.
The point of wireless encryption isn't to prevent anyone from sniffing the data. As soon as the data leaves the AP, it reverts to whatever form of traffic it was - POP, HTTP, HTTPS, FTP, whatever. The Chinese have more than enough access to intercept any network traffic in China in a centralized location; they don't have to sit outside your home sniffing wireless traffic.
I've always thought that WEP and it's like are overrated. If you want something to be secure, you need end-to-end encryption. You shouldn't be sending confidential data over _any_ part of the network, wireless or not, without a secure protocol like SSH or HTTPS. If you have end-to-end encryption, WEP becomes much less important.
Extra crackability may not be bad, from the Chinese point of view; control freaks try to get as much power as they can, and I can see some bureaucrat pushing for this just because. Just like in the US, where we have officials who say they absolutely need some new privacy-intrusive measure even though existing measures already cover everything they could legitimately want (like warrantless wiretapping - or CALEA).
2) By the very definition of Christian (do unto others..., Love your neighbor as yourself..., love your enemy, etc.) anyone who would burn a person out of their house is NOT a Christian. Just like anyone who would commit a suicide attack on innocents (or suicide in general) is NOT acting within the bounds of Islam and are NOT Muslim.
One final thought. I'd much rather trust a person of religious faith (any faith for that matter) that says there is more to this world than what we see and that there is an absolute mandate to be spiritually "good" than I would trust a philosophy that says that the material world, run by materialistic rules, is all that there is (this includes both Capitalism and Communisim).
Lastly, I have no idea what Bush wants to do or doesn't want to do, and if you are honest, neither do you. I'll give him the benifit of a doubt and say that 9/11 and the obvious growing Islamic-styled terrorist has led a very provincial man catering to his very provincial base to act in ways that have not taken into consideration international sensibilities.
Funny joke. You might want to use a smiley or something to indicate you're being sarcastic.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
EETimes did a fact-rich article in March. The first paragraph of the second page is most illuminating. It seems the "startup" that owns the secret encryption mechanism lacks any visible means of support, and it is a "spinoff" of a government body.
IMHO there is far too much polite gentility and benefit of the doubt shown in the media, and ISO, and WTO and even /. to the thugs who run China. There's no moral or technical equivalency involved here. The Chinese government presented WAPI late accompanied by protectionist threats and has been whining disingenuously about the world mistreating it in the process ever since. WAPI has received over 2 years of special treatment because the rest of the world relies on Chinese de facto slave labor to build its electronic goods. If the ISO process was being run honestly with a legitimate goal of defining a trustworthy secure standard that can be widely implemented in interoperable and competitive ways, WAPI would have been dismissed when first proposed.
Walking out on negotiations might work when you're holding the nukes or the Tibet being discussed at a diplomatic meeting. But walking out on engineering standards meetings for consumer electronics seems more like giving up. Maybe when you're a mafia government that rules by decree with an iron fist, you can't tell the difference.
--
make install -not war
flamebait??? wow.. what humorless moderators we have here.. man...
Oh yes they are Christians & Muslims. They read the same texts and interpreted them differently. There are some good rules for living in the Bible and the Koran but both also contain some really nasty guidance. It's worth checking the Bible to see some of the nastier areas and also see what the Koran has to say regards unbelievers.
-- Using the preview button since 2005
No one is going to use encryption from a communist country, end of story. They can try using a homegrown solution there but as the world ties closer together over time, they'll have to adopt more open standards or face the prospects of being incompatable.
Did you know that you can be apathetic to apathy? Not that I give a shit...
Yes, the christian taliban is in control of the gov. For starters, listen to W. when he does a speach. He will state that God is on ourside, which is nothing less than sacraligous. He does not know exactly what god or christ wants. Worse, he does that will at the same time ordering the torture, maming, and murder of others. I seriously doubt that Christ would want that.
Last night, 60 minutes had a great expose about the plan B. We are trying to move to over the counter since it has been shown to be safe. The admin shelved it due to concerns about under developing kids. getting it. So the company pushed for through the pharmasist, but no prescription needed (i.e. control of the drug). This time, the admin flat out tabled it and even went so far as to speak about moral objections, but not one word of a scientific argument against it.
They are currently trying hard to table a vaccine that would prevent cervical cancer for women, but it has to be admin as a child. The gov. is now fighting it as they argue that it would make women more promiscious( this is the same argument that Reagan used in 1981 to not fund CDC additionally for fighting against the HIV beginning; that religious choice has literally cost America 100's of billions of dollars and 10's of 1000's of lives and will continue to do so until a vaccine is developed). Fortunately, once this admin is gone, it is most likely that the next admin will reverse that choice, and this one will only cost America a few thousand women lives and 100's of millions of dollar (a high price, but it is stoppable).
I do not like Iran, but at least they are open about. They hold an election, and then the freely elected governs in conjuction with islam priest. OTH, America holds and election and if a far right winger gets in, he is beholden to the christian extermists (bear in mind, that the vast majority of christians are not extremists and do not desire to have the church control us; just a small minority who are hard core; Focus on the Family, Pat robertson (1 ton leg lifts or lets murder chavez), Oral Roberts(god is recalling me), and of course, the moral majority (which are neither) ).
I prefer the "u" in honour as it seems to be missing these days.
The fact aside that AES was developed by non-US researchers, is open to the world, and has been extensively examined by the best cryptographers in the world it wouldn't make sense. The NSA's job is protecting US interests. Those interests include classified government data and US financial data, both of which AES is approved for. So for the NSA to know about a flaw but keep it secret would mean:
1) That the NSA was able to discover a flaw in AES before it was approved, even though no one else has ever come close in all the time it's been out.
2) They believe they are they are the only ones smart enough to ever find the flaw, and thus it's safe to allow out in the wild.
I just can't see that. While it's possible the SVR isn't as good as the NSA, fair bet they are pretty good and I can't see the NSA wanting to chance something like that. To make that kind of arrogant assumption would be pretty colossally stupid.
It's a pretty safe bet that AES is indeed secure. It has been extensively checked by all sorts of crypto heavy hitters, including the NSA, and they all have weighed in as saying it's secure. It's kinda like the open source idea. Sure you can't say for SURE there's no bugs, but if the code is open, and it's been reviewed for years (without changes) by the best of the best, you are as close to sure as you can get.
Are the chinese so naive to think they are on a level field with the rest of the world. Do they really think that throwing tantrums will help them. The world, quite understandably, cringes everytime a deal with china has to be made. We all want to reap the rewards of a market that size but we are also loathe to keep making the same rationalizations over and over so we can sleep at night with the image of that student going under that tank.
As others noted, it's an open standard. Good encryption isn't developed behind closed doors, it is something that you have to have people beat on for years before you are convinced it's worthwhile. Well AES has been a standard as AES for 5 years, and the process for it to become the standard was another 5 years. In those 10 years it's been heavily examined, it's probably the most examined algorithm other than the orignal DES. Because of it's approval by the US government, and it's use in SSH/SSL it's of interest to a whole lot of people that it's secure. Thus far, it is.
Well my friend, that's as good as it gets in the crypto world. You can't prove (in the for-sure mathematical sense) that a crypto algorithm is secure. You can only test it extensively. That's been does with AES, and not just by the NSA.
I suppose there is an miniscule change that the NSA can crack AES when nobody else can, but in that case you are fucked anyway since that's what (new) SSL and SSH use anyhow.
3 months ago, the Chinese president had to come to here and meet with Gates/Balmer and the CEO of Boeing, followed by W. Now, the feds have decided that it is okay to allow all sorts of dual use IP to go to china. It is certain that all this info and goods will make it into other companies.
I prefer the "u" in honour as it seems to be missing these days.
Sure they are open: Mullahs decide who gets to run for office.
Last time I checked, neither Pat Robertson nor Jerry Falwell got to decide whether Ted Kennedy was allowed to run for the Senate.
"I don't know, therefore Aliens" Wafflebox1
So do you? You say you would rather trust a religious person than a non-religious philosophy? To do what, exactly? They're both completely different things.
In theory, theory and practice are the same. In practice, they're not.
Iran was able to field 10's of candidates, some who were apparently liberal. USA has pretty much 2 at a time, due to the republicans and democrats locking out other parties. If things were so free here, then why not have presidential debates of the top 3-5 parties? And yes, it is the republicans who are preventing the other parties from doing debates. Personally, I think that the dems should show up for the womens debate with other parties.
I prefer the "u" in honour as it seems to be missing these days.
Iran was able to field 10's of candidates, some who were apparently liberal.
"Apparently" is the key word. "Hurt the Jews, but don't kill them" may be radically liberal in Iran, but isn't "liberal" by any western definition.
"I don't know, therefore Aliens" Wafflebox1
As another comment mentioned, it was IBM who first invented DC. And DES is vulnerable to linear cryptanalysis, indicating that maybe that's something that got invented in the open community first.
I don't believe that they are way ahead of us these days. They invented SHA-1 - now we've broken it. Skipjack's margin of safety has been whittled down to nothing with Biham's "impossible differentials". Their proposal "double counter mode" was broken within 24 hours. I think the widespread idea that they are still decades ahead of us is pure myth.
Xenu loves you!
There's no room to hide a secret "back door" in AES. Every step of its design is clear and well justified. There are no special hidden tables to sneak a back door into. And the guys who invented it were Belgian.
The NSA gave their blessing to all five final candidates. It's wildly implausble that they can break them all.
Xenu loves you!
1) you are dumb
2) you don't understand the situation
3) you are blindly parroting anti-americanism as a defense of your ignorance
4) you bring up irrelevant anecdotes to prove your position
5) you are dumb
6) calling a secret, properitary technology a "standard" doesn't make it one.
7) i have been trolled. i should learn not to feed the trolls.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Maybe you should look at a more reputable resource as the original poster provided. Amnesty International reports the death toll under saddam as just over 17,000. I think you will find that is LESS than those slaughtered by "friendly" forces during the illegal invasion of Iraq...
It takes nerve to use reputable and Amnesty International in the same thought. The left will do anything to sabotage the great work of Iraqi Freedom, including fabricate statistics. Well, you are only off by a factor of 20. As for legality, I find the operation more palatable from a legal standpoint than the graft and corruption of the Oil for Food crimes that preceeded it.
an ill wind that blows no good
Conversely, people who accept reality are not in the habit of deluding themselves, and are less likely to lie to themselves and excuse their own actions. This is more likely to result in a trustworthy person. "Be true to yourself" is good advice.
Reality is that which, when you stop believing in it, still exists.
We are not reasoning machines that feel, we are .feeling beings that occasionally reason logically. Man is not the pinnacle of perception.
Thanks for putting me straight on that. :-)
Reality is that which, when you stop believing in it, still exists.
Lets look at your last statement point by point 1) "So what you're telling me is that up is down"-- Up can be down depending on who's viewing who. In deep space there is no up or down beside for the one you choose for yourself. 2) "black is white"-- When mixing light, Black is the absense of all colors and white is the presence of all colors, when mixing paint it can be the other way around. So, yeah, black is white given the situation. Additionally, we perceive black and white with our neurology. Who is to say we aren't the ones seeing things in reverse? 3)"and the complete lack of "emirical" evidence for a "god" is all the proof I need that one exists."-- What you call empirical evidence depends on you placing absolute faith in your ability to perceive reality as it actually "is." If however we argue not in the reality of the thing, but in its "usefulness" and center the statements above a little different way, we have something to talk about. 1) I find it useful (for me) to believe that there is an "up" and a "down" at this moment in time sitting in my chair at the computer. 2) I find it useful (for me) to define black and white dependent upon which medium (light or pigmentation) I am using. I find it useful to reverse this definition when I am working with photographic negatives where black is white and white is black. 3) I find it useful (for me) to believe in a unifying absolute and a purpose to life. I find it useful (for me) to believe that salvation can be achived and has been achieved. I find it useful (for me) to believe that fluid concepts of mercy and love enhance my ability to think logically and engage the world. So, yeah, I find it useful (for me) to believe in God. Is there a God? I don't know. I doubt we'll ever really "know" in this life or any other, but hey, what the hell do I know?
Example: everyone knows that if you jump off a tall building, you're going to fall, and probably die.
So. Decision time - do I jump off one day because I'm running late, and I want to float to the bottom, rather than wait for the lift, or do I wait for the lift, because my (imperfect) human perceptions tell me if I jump off I will die?
Sorry, but I'm going with my flawed perception of reality. Equally, if someone tells me that some guy in the clouds created the whole planet, and everything on it, etc., and therefore I should change the way I live my life, I'm going to want some proof. The onus of proof must always be on the person/s who are introducing the concept. If it can't be proven, then it is actually irresponsible to accept it.
Our perceptions may not be perfect, and our knowledge of this world may not be complete, but that is no reason to make stuff up.
Still, It's not really for me to try and argue you out of your beliefs. The only reason religious beliefs get a bit of a response from me is that they unfortunately get used sometimes, by some people, to try and control others, and sometimes I'm in the "others" group, regardless of my feelings on the validity of the beliefs in question. I don't begrudge people having their beliefs if it makes them feel good.
But if that was me, it would drive me crazy thinking that I was maybe ignoring some facts, and simply going on stuff I was told by other people, and maybe missing out somewhere.
The thing is, from reading your comments, I think you're probably much like me - ie: you base your day to day decisions on logical, rational decisions, using the best tool you have at your disposal - your perception on what is real, and what is not. This is what always surprises me about intelligent people who are religious - there seems to be a suspension of disbelief, when it comes to matters of spirituality, and I find it hard to reconcile that with the person's general approach to thinking.
Reality is that which, when you stop believing in it, still exists.
Your gripe with religion(s) seems to be based in what I hesitently call the "mythical" qualities of religion. I don't mean that these aspects of religion are not "true" or "real" or whatever. Let me explain it like this. I have a child of 3 years old, and I am expecting a second child. My wife and I have been telling him that mommy has a baby in her tummy, and that mommy's and daddy's make babies. If I pulled out videos and college textbooks and diagrams and tried to explain to his 3 year old mind how DNA, sperm, ovum, etc works I would not be presenting the information in an age appropriate way. Now to say that mommies and daddies make babies and that babies grow in mommies' tummies is not a "lie" in any sense of the word. The information in this form is "usefull" for my son to operate with day to day. If he grows up and tries to enter medical school, asserting that babies gestate in the stomach as useful knowlege for a doctor, he will not get the reception he would like.
If the ancient Hebrews and other tribes of the Middle East had been told about DNA, mutations, evolution, etc., the information would have been "useless." The story of Genisis gives plenty of operational knowlege to people of that time, and still teaches us something today.
Take for example the story of Adam and Eve. What it tells us, if we read it right is not scientific (as you and I would assert science), but rather it tells something about the human condition that rings true whereever humans are--If you place limits on people and forbid them from doing something, they will probably do it anyways and try to hide the fact that they did it.
The story of Cain and Able tells us both about the possible conflict early people who drove cattle verses thoes who grew crops, but it also tells us that human beings will envy each other and kill each other where envy runs unchecked.
One of the "myths" we have today centers around the idea that the Earth is collectivly intellegent and an organism in its own right--the Gaia theory. Given what we know about biology, geology and climate, it makes for a useful "story" for us to follow. Take that story/theory expoentially farther, and you see that the universe itself is a collective intellegence that perceives itself and reveals itself to itself. I call this God, sometimes I call it the Tao. The Tao Te Ching states that the Tao/Universe/God you can "name" is not the "real" one as the "real" one is outside our neurological ability to conceive of it or name it.
Trust me, I understand your resistance. I spent the better part of my life as an agnostic and believed there was no room for the mystic or mysterious in my life or the lives of others. And yes, I saw that there were people in this world who used faith as a way to gain power over others. But I learned that the poison is the cure and that in the interplay between faith and doubt, relativity and objectivity, is a place that is much more "useful" for me to be.
jd
Obviously I accept that we don't know for sure what the universe is all about, but as stated previously, I just don't see any need to invent anything to explain things we don't know, or understand yet.
Still, at least you are able to calmly debate me, rather than just take offence that I'm not agreeing with you. It's very tempting for me to try and argue your points some more, but I think that would just be wasting both of our time, so I'll leave it. As much as it is probably human to try and bring others around to your own way of thinking, the world would probably be a very boring place if everyone thought exactly alike.
Cheers.
Reality is that which, when you stop believing in it, still exists.
Ditto--- Good conversation! If you have time, read a good translation of the Tao te Ching. It really gets to the heart of the whole subjective vs objective perspective. The Taoists were dealing with the whole science vs mystical debate thousands of years before the West. Have fun! JD
I'll keep an eye out for an English language version. Thanks.
Reality is that which, when you stop believing in it, still exists.