Slashdot Mirror
U.S. Government Encryption Irony
Bruce Lane writes "Given the US Government's hype and paranoia about not allowing strong encryption out of the country, I find it particularly ironic that they should choose, as finalists competing for the next federally-blessed encryption standard, a couple of schemes developed outside the country altogether. The full story is here. Enjoy!"
What the government is _really_ trying to do is promote better quality international encryption. "We _know_ your encryption is better than ours, so we won't inflict any of our suck encryption on you."
It might really be a step in the right direction. If they adopt algorithms developed in foreign nations, they might realize how silly it is to try to stop exportation of strong crypto. It is also a good decision in that they realize that the encryptions they've been using are going to rapidly start becoming less trustworthy as faster and larger computers as well as distributed computing become more and more common.
Speaking of distributed computing, does anyone know if distributed.net has plans to add a new contest for these encryption schemes?
It seems pretty apparent to me that people in other countries, who have no particular disadvantage compared to americans in writing software and certainly not in doing math, would be able to come up with their own encryption algorithms. The US always is always attempting to take away the liberties of their own citizens under the pretext of 'protecting from terrorists', which they claim is one reason for the encryption restrictions. Since they give that reason for many other laws and restrictions where it is clear that they have other motives, i wonder exactly what they are thinking. Perhaps they will wise up about encryption restriction now, and release it, or at least tell us their real reason for restriction?
Juln
One would hope that these facts might convince some of the Congress-critters and the FBI's Louis Freeh of the absurdity of their position against encryption, but I wouldn't bet on it.
The revolution will NOT be televised.
-=DaveHowe=-
In particular, check out Rijndael. A real sweet algorithm: fast, secure, portable. A very very nice design.
And completely developed outside the US.
[
There's an added irony that this story hasn't pointed out - the disparity in import and export laws on cryptography.
In the US there are restrictions on EXPORTing cryptography, but no restrictions on IMPORTing cryptography. Getting good quality cryptography here isn't easy, but for some things it's mandatory.
Right now I'm designing and coding an e-commerce solution. The target customers are mostly here in the US, but one is in Canada, and who knows when someone will come on board to make it international?
So the solution to where to get cryptography packages? Off-shore! Obtain it outside the US, import it into the US, and that's it. No applying for export licenses, no restrictions or background checks on customers, no having them fill out nasty looking legal disclaimers. The worst we'd have to do is make each on-US customer "import" the package on his/her own to make it legal (So we wouldn't be 'exporting' anything - even something we imported already. I'm not sure on that point - anyone?)
There are Open Source cryptography packages available for Import. The only problem with them: I can't help! (being in the US, this might 'taint' their legal stance)
Want strong encryption not hampered by our silly laws? Go get some! (Yes, Virginia, there really are mathemeticians outside the US.)
340 to the 35th keys by itself does not provide something "far more robust" than 256 bit keys. In fact, 340 to the 35th is equivalent to 294 bits. "according to sources" anyway...
This will be excellent fodder for the vote on the SAFE bill (see http://www.computerprivacy.org) which is coming up for a vote, most likely in September.
Being able to point to foreign crypto that's good enough to be considered for new standards will help our jobs immensely in convincing Congress to pass SAFE and quit limiting the export of encryption.
-S
that one part of the government is trying to support strong crypto and provide it to the people, while another part is trying to limit the spread of ANY crypto whatsoever, and wants to limit not only the export of cryptography but its distribution and use withing the United States.
Figures.
Oh, I wasn't aware that Canada was just another state.
You make some good points in this post, but please try not to alienate (read: piss off) 30 million people in one fell swoop.
This is what gives Americans a bad name internationally.
me: jlcooke@jlcooke.net
"The new codes are virtually unbreakable with as many as 340^35 possible keys, according to sources"
First of all DES was NOT 256bit. Secondly, it's not 340^35. it's 2^128 = (2^64)^2 = 18446744073709551616^2 = 340.... (40 digits).
And ths BIG stink in my eyes is tha fact the NIST eliminated stronger contestants. HPC and CAST-256 have no known weeknesses. MARS, RC6 and TWOFISH all have weekneses!!!!!!!
That's right. Read this again. Attckes have been shown to work for them. Not break them wide open mind you, just it's not 2^128 or 2^256 possibilities anymore.
Read it all here
It is perfectly clear from Reno's letters to Warssanaw (I probably didn't spell that right) countries that she would just as soon have crypto be inaccessable to ANYONE. You should write your local congressperson demanding that they put pressure on Clinton to replace Reno with someone with the computer savvy not to further damage our already fragile standing in the developing information economy. Maybe Al Gore. After all, he invented the Internet, so he should know the score. In the mean time, any number of international companies can simply export the e-commerce and crypto jobs overseas. It's incredibly trivial to do so, and it might make sense in any event. In former eastern block countries $400 a month represents an outstanding opportunity. Assuming you could find a programmer to work for minumum wage in the states, you'd be paying twice that. I typically find it easier to go to overseas sites and download cryptographic software such as GPG into the states, rather than trying to find a mirror here in the states. It doesn't make sense to develop crypto here either, since you won't be able to export it. Aren't the Linux ipsec portions of the kernel being developed entirely overseas?
Yeah, Rijndael appears to have a good chance at becoming the AES.
Check out NIST's Round 1 Report (PDF) for the raw details if you haven't already.
Of the five that made it to round 2, Mars and RC6 can probably be counted out right away. Mars is too complicated and RC6 doesn't have a large security margin. And both are highly platform-dependant for their speed.
Serpent (one of the non-US ones) will probably be counted out because of it's slow speed, although the high security margin might still save it. One could argue that as CPUs get faster speed becomes a non-issue compared to security. Just look at the popularity of Triple-DES even today.
Rijndael (the other non-US one) and Twofish appear to be the favorites. The report listed no real complaints about Rijndael. Twofish is kinda complicated, but has some space/time tradeoff options that might be worth it for low-memory systems.
Rijndael has a structure that can be parallelized. This could be a very good thing if processing goes that way. Considering that AES is expected to serve for decades, performance on future processors could be very important, though entirely speculative.
Just don't hold your breath. It'll probably be years before we see a winner.
Ask yourself, if you had to *effectively* "ban" crypto in the US how might you do it, and remain PC?
Lets see... What if you made it next to impossible for software manufactures to include real crypto in the products they sell? Yep, done.
The US government doesn't give a flying f* about international crypto, catching terrorists, or watching clandestine communications. It wants to be able to justify massing its internal police force by catching the penny-anny criminals.
Your average US joe isn't interested in, or can't, put together a crypto scheme piece meal. Only the smart ones will, but we don't really care about them. Catching a few "big fish" doesn't keep you on the 6 O'clock news even if it does mean you're catching the major criminals.
So, we keep crypto and e-mail software from comming together in one place easily. Now, you've "banned" crypto for the penny-anny and we can intercept the messages because "its not really wire tapping." The cops sit around listening to cel-phone calls all the time, while moaning that they need crypto radio (Its called "Project 25") to avoid being found out. They know what crypto means, or they wouldn't be asking for it.
Asserting power over others is all that matters to the US. Freedom be damned, industry be damned.
I think every finalist should have moved to Cuba. Just so not only would the US have had to import the encryption, but from Cuba to boot!
(Clinton: "Oh, and hey, could you guys bring up some cigars with you as well? Thanks.")
"Old man yells at systemd"
Government beurocrats and lawmakers always have had a strong tendency for cluelessness, especially where technology is involved.
It has always been the case that it is possible for an American to download some freeware source code from a foreign site that contains encryption, modify an aspect of the application that has nothing to do with the encryption (translate the output text to English, perhaps), then if he re-uploads the program, he has committed a federal felony!
Don't expect our lawmakers to actually be swift enough to see the irony in this, they're far to stupid for that.
Sometimes I wonder if anything would really change if we just trained chimpanzees to be our senators and congressmen...
Correction: Serpent was chosen over CAST-256 (not HPC).
subject line says it all
...for the better
Please, learn a little more about the subject before spreading FUD. All of these ciphers are fine.
The result against MARS is an equivalent-key attack, for keys *over 1024 bits long*. AES-standard keys (128,192,256-bit) are fine, it's just a wee problem with some extended functionality that the AES doesn't require. And the "tweak" against MARS for a more smartcard-friendly key schedule fixes even this.
The result for Twofish is even weaker: not all subkeys are possible. However, the subkey entropy is quite sufficient to ensure the security of the cipher, and it doesn't lead to a break. See the paper on the subject on the Twofish home page.
And there's nothing listed for RC6 at all!
HPC is big and slow and complex and impossible to analyse; it would be a terrible mistake to bring it into Round 2. CAST-256 was rejected because everything it does, Serpent does better.
I'm happy with the choices NIST made and the reasoning they give. And like everyone else, I think that the final battle will be between Rijndael and Twofish. It's interesting to note that neither of these excellent ciphers are patent-encumbered.
Oh, and it's not 2^128, it's 2^128 + 2^192 + 2^256, a 78-digit number
--
Xenu loves you!
A similiar letter from Janet Reno was sent to Germany's federal minister of justice Hertha Däubler-Gmelin too.
Read that letter here and the background story here.
The only explanation that makes sense to me is that the U.S. government indeed is able to gather a lot of useful information under present communication habits.
And what nature is this information - fighting drug dealers, organized crime or terrorists?
Nope. It seems to be mostly economical espionage. Some cases that became public:
- European Union / U.S. economic treaty negotiations - the EU delegation was eavesdropped by the U.S. who had easy play knowing the others strategy and goals
- A solar energy company from north germany suddenly found their invention patented by a U.S. company
- During the bidding for a train system, the german led ICE consortium lost to the french TGV because the French were able to eavesdrop the ICE faxes
Another interesting item is that even the german armed forces use Lotus Notes, despite it's weak encryption..The result against RC6 isn't listed in the body, only the header. And AFAICT it's pretty bad for RC6: its security margin just got much lower. It's a twenty round cipher; this attack breaks a 15 round version, and may well be amenable to extension.
I don't think RC6 can survive this. This makes it even more sure that only Twofish and Rijndael can win.
--
Xenu loves you!
American freedom is limited to owning a bazooka and using it on schoolchildren.
When it comes to freedoms geeks care about (encryption, privacy), the U.S. comes up WAY short.
Corporations are opposed to privacy. They want your data to help them form consumer "profiles". Hence their lapdogs in congress are working very hard to make that a reality. Soon U.S. citizenry will only be useful as a demographic for selling frozen dinners.
I was told there was a show run on Dateline several months ago, that said that the real crime rate had been increasing, whereas the *reported* crime rate was decreasing.
It's the easiest way to "impact" crime.
Anyone have confirmation/denial of such a statement?
-- Ender, Duke of URL
If there are no rules on importing cryptography, all cryptographers should move to like Ontario, Canada where they welecome it. Then there won't be any stupid laws about importing and exporting cryptography imposed on the stuff developed there. You can still import it to the US market just fine. Now doesn't everything all peachy work out? The US Government just seems so fucked up. Even with the Microsoft DOJ thing, as much as we hate Microsoft.
~~~NO CARRIER~~~
I hear all this talk about Janet Reno... anyways I think she needs to be thrown out of office just for looking that nasty. God damn, she's fuckin' ugly. I think just being that nasty looking should be criminal if not at least I think all this anti-freedom, protect us from terrorists/protect the children bullshit that she supports should most certainly be... with the penalty of death... slow painful, publically inflicted death.
The US always is always attempting to take away the liberties of their own citizens under the pretext of 'protecting from terrorists', which they claim is one reason for the encryption restrictions.
I wonder - can they show as much as a single terrorist that used real encryption? (Not simple codes like "the show starts friday...") Many of them use guns though, which isn't prevented. So why bother with encryption?
because americans have the inalienable right to keep and arm bears ... or something along those lines.
no taxation without representation!
What if some developers are fysicaly located in europe, asia, africa and US and the server is outside US?
Is it there the company are tax written that are the company were the export laws inherate?
What if the company are founded in some tax paradise island outside US and all employes work at an US office? can they export software from US then they not are an US founded company?
I doubt there will ever be a contest for any of these ciphers, and if there is, it will run indefinately. The 128-bit key-space is simply too huge to brute-force search it.
Quoting Schneier, if you channel all the energy of the Sun into counting through the key-space, you will be able to count about 2^182 keys per year. This is without doing anything at all to the keys you cycle through, no energy wasted in your system and acess to all the energy of the Sun,collected in a huge sphere built around it.
Logi - I can do anything, but not everything.