What you're talking about would amount to a legal (which is not to say lawful) denial-of-service attack. Fascinating. Bring the Slashdot Effect to the courthouse steps, so to speak.
The best way to do this would be to prey upon these lawyers' apparent willingness to name Doe parties who they do not know to positively be actual, descrete, US-law-bound human beings. If one were to set up an autonomous agent which would open free website accounts (a la geocities, angelfire, etc.)and set up download sites featuring the LiVid and DeCSS source code . . . Well, you could certainly tie the lawyers up, trying to hunt down and sue a John Doe which just ends up being a lone perl script running from a free shell account.
I'm sorry if my post was unclear. Although I cannot speak for Ben, I know that my opinions have nothing to do with Big Z. being (or not being) a Communist. The salient point that both Ben and I were driving at was the Z. is making very real threats against the geo-political sector (i.e. pretty much the entire Western Hemisphere, esp. the USA) in which we live, in much the same was as Hitler did (witness Mein Kampf, as well as basically any speech he gave between leaving prison and committing suicide.)
Neither Ben nor I ever claimed that we don't live in the most violent and wonderful nation on earth. I never claimed that the electric chair was the best seat in the house. I never beat my slaves.
Also, at the threat of sounding like I'm issuing a flame of some sort, 1) National Socialism, by its very nature, was Socialism, so it wasn't exactly super-capitalism by any streatch. 2) I wasn't even alive for any u-boat attacks on the eastern seaboard, plus these were relatively few, and I've yet to meet a living American who is very bitter about them. 3) this isn't about citizens of the former Societ Union being bad or evil or pinkos-- this is about one lone, crazy guy who's rousing more rabble than the Klan.
Someone moderate me down, I'm writing mad and raving offtopic.
In support of Ben's observation-- as well as his analogy-- we should all bear in mind that Herr Hitler never had more than roughly 33% of the popular vote in Germany. Look at what a glorious mess he made with just 1/3 of the people. That Big Z (Newsweek, in an unchracteristic moment of decent writing, once dubbed him the "Laughing Fascist") currently only has an 8% market share is cold comfort.
"The Cold War. Forged around the occupation of Germany, the cold war faced two sides off with Germany as the crucial pivot piece"
The Cold War was more a piece of Nazi handiwork than is initially apparent. Check out Martin Lee's The Beast Reawakens: Lee makes a strong argument indicating that the Cold War was sown and cultivated by ex-Nazis who were folded into the KGB and CIA post-WWII.
Again, recognizing that this is thoroughly off-topic, it is nonetheless fascinating. Lee's book is a very good read: elucidating and wonderfully well written (Lee was a poet for years before he took up investigative journalism.) Go buy yourself a copy at Amazon.com-- lord knows that the poor devils need the money.
When without loss of blood he reduced Czechoslovakia to a German puppet state, forced a drastic revision of Europe's defensive alliances, and won a free hand for himself in Eastern Europe by getting a "hands-off" promise from powerful Britain (and later France), Adolf Hitler without doubt became 1938's Man of the Year. -Time Magazine, Jan 2, 1939.
Time deemed Hitler Man of the Year in 1939-- after the formation of such resorts as Auschwitz and Dachau.
I'm not saying Time. was unaware of what Hitler was up to-- nor that the folks at Amazon are Nazis-- only that it's a dubious honor to be Time's Man of the Year.
Bear in mind that Time named Adolf Hitler man of the year in the mid-30's-- post Mien Kampf (in which he lays out is "Final Solution" in detail.)
In other words, this nomination is a mixed blessing, at best.
interesting thing you mentioned gait analysis ...
on
Caught Before the Act
·
· Score: 1
In many urban African-American communities children are taught to always walk with their hands out of their pockets and slightly away from their bodies. This posture helps to preclude kids being shot by tense cops who believe they (the school children) might be packing heat. These communites report marked drops in "accidental" shootings. Sad, but true.
"...entire swaths of society will be deemed worthwhile to forcibly teach not to trigger the dumb(by human standards) sensor arrays....
I guess we don't really need to wait for this tech to be applied-- dumb sensor arrays are already being triggered to pull triggers, so to speak.
Sorry for being a little offtopic, here. Back in the day of manual typewriters (no electronic parts whatsoever) each typewriter had-- by virtue of the idiosyncrasies in letter alignment, imprint depth in paper, ribbon wear, etc.-- what amounted to a unique fingerprint. Many famous criminals (The ones that leap to mind are Leopold and Loeb, two precocious 14 year olds who read Nietzsche and then decided to kill an acquaintance so as to prove their status as Ubermenschen. This was back in the 1920s-- probably those violent 1st person video games that drove them to it) were tracked down because of their typewriter. It wasn't the most damning piece of evidence (one of the kids also dropped his glasses at the scene), but was none the less integral to the trial.
Unfortunately, this sort of juke is frequently used against the defendant-- a good (read: vicious) prosecutor will hammer on such memory lapses as the trial progresses, using it to make the defendant seem unreliable:(please pardon the histrionics)
"So, Mrs. Jones, you expect us to believe that you can positively remember not raping and eating babies on the evening of May 3, 1989?" "Yes, I neither raped nor ate a baby ever, including May 3 of 89." "Well, this is strange to me, that you can so positively recall not doing something. May I remind the court that this is the very same Suzy Jones who on Monday could not remember her 98 character passphrase, but on Tuesday suddenly was gifted with total recall, not erring by a single character, despite the fact that this 'passphrase' is, to you and I, nothing more than a nonsensical string of uppercase letters, lowercase letters, numbers and punctuation. Will you, perhaps, tomorrow remember eating these babies, ma'am?"
... and so on. The only reason that Ollie North so successfully applied the "I cannot recall" defense was because the folks prosecuting him weren't really very interested in convicting him of anything serious.
Again, food for thought. Let me reiterate how much I appreciate all of this feedback. Please, everyone, feel free to drop me an e-mail as other angles on this situation occur to you. I'm always anxious to hash this over.
Yes, definitely-- I feel like a dink for not having seen that. But, the defendant can still be forced into the "perjury trap":
the court requests that she divulge her private key. She refuses, claiming to not be able to remember the key (just about her only recourse, short of simply giving them the key.)
the law enforcement agency brings forth their cryptotext and dummied plaintext, which reveals the defendant to have been embroiled in all manner of nefarious business.
the defendant's only defense is to come forward with the session key, which she can only retrieve with her private key-- QED she knew the key all along. Perjury. Unless she's the president, she's going to get hucked into teh slammer.
I don't want this nit-picking to detract from your point: the session key angle is good, and I'm really glad that you brought it forward. Goes to show that you can't keep a good algo down.
If we can find a way out of the "perjury trap," I'll finally get to sleep soundly again. -"S"HM
The former definitely sounds like a good idea-- except for in the case that the law enforcement agency argues that the defendant tacked on a bogus MD5 so as to be able to use a "MD5 sigs don't match, therefore the cops are lying" defense. (There are cases like this where police have successfully argued, for example, that a left-handed defendant was demonstrably guilty of a stabbing committed by a clearly right-handed perp by arguing that the defendant purposefully used his less-skilled hand so as to throw up a red herring. If I'm remembering correctly, this legal argument is a personal favorite of British investigators looking in to crimes attributed to IRA friendlies.)
In the latter case, the defendant would have to expose her private encryption key to the courts (seeing as how persons being prosecuted definitely don't retain the right to keep their encrypt/decrypt methods secret.) Thus, she'd, again be forced into giving herself away to one extent or another.
"I suspect that the court would demand that the ciphertext be decrypted under the presence of court appointed administrators."
One would suspect this-- I'd love for it to be the case-- but it won't be, not if the Clinton Admin's present stance becomes policy. The specific power that law enforcement agencies would be granted would be the right to not have to reveal how they arrive at plaintext (similar to the right law enforcement currently has to not reveal sources of "anonymous" tips.) The right to not-reveal would include the power to not have anyone looking over their shoulder (who has oversight over the NSA?) Remember, this isn't like a lawyer wandering in with his own evidence; this is the cops wandering in with their own evidence-- which is entirely normal.
I recognize that this reads as paranoid clap-trap, but I do believe this threat is very real. Witness the kinds of abuses committed by the Phillie PD or LAPD, each of which are currently being investigated on several thousand counts of fabricating evidence, as well as sundry other abuses.
This Netscape-news fits into the whole "Clinton Administration's new attitude towards crypto export" issue. One aspect of these relaxed regs, highlighted by a Wired News article several weeks ago (sorry, couldn't find the URL)but ignored pretty much everywhere else, is that investigators will no longer need to reveal their methods for arriving at a plaintext from a cryptotext for which they had no key.
Maybe I've seen "Conspiracy Theory" one too many times, there seem to be some scary implications to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, then they could conceivably take an encrypted doc which they could positively attach to the defendant (i.e. an encrypted document the defendant admits to, or can be convincingly illustrated to a court of law to be, the owner of) and then present in court ANY plaintext as being its source. These investigators (and, under the new regs, this would include domestic-charter, as well as foreign-charter, law-enforcement) could make up the foulest, nastiest, most incriminating admission in the world and claim it to be the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investigators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key (the latter, of course, being a far more damning exposure than the former, assuming she uses strong crypto.) I.E., in the end, she would be giving up the one thing that protected her. Even if the case is thrown out of court (which, God-willing, it would be, seeing as how the investigators would have to admit to submitting false, or at least spurious, evidence,) the defendant would still be up a creek, as all her past and present encrypted data would be exposed.
Any even worse scenario: another clause in these regs permits courts to subpoena private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of either 1) going to prison for heinous crimes she never even considered committing or 2) admitting to perjury.
This would seem to be a very-much bad situation that we, as citizens, are being put into. The NSA, again, has designed a brilliant protocol.
Just food for thought. This is the sort of thing that keeps me up late, watching TV and talking to the dog.
I totally agree, and am sorry if it seemed I was implying otherwise. Unfortunately, in my experience, the vast majority of folks don't see it your way. And it's a pity. (that "stupidest idiots on the planet" thing is a direct quote-- and not a horribly exceptional utterance, either.)
Quietly walking away-- with dignity-- that's for the best. Everyone's happier (trust me, those CSRs aren't paid to be called "the stupidiest idiots on the planet" and the like.) The fact of the matter is that the only thing that hurts online booksellers (esp. those of Amazon's caliber) is bad press-- like that which Slashdot is stirring up. Bad press makes investors wary, and if the investors get skittesh folks like Amazon will go belly up. In a very real way-- and this is counter-intuitive; to most old-school businessmen it sounds impossible-- places like Amazon aren't about making money through actual sales. They live off of hype, stock sales and advertizing. Sure, that's gonna change, but it hasn't yet. If you cut off Amazon's hype-supply-- via bad press (witness that "buying circles" fiasco, or their current Mien Kampf debacle) they'll dry up like amoebae on a dry table top.
I hate to be a little bitch, but that's silly. I work online Customer Service for a book retailer significantly smaller than Amazon.com, and we've been taking in roughly $100 per minute since Thanksgiving. Economic threats from individuals are laughable (honest-- when a customer threateningly dangles his big $500 per year in purchases over our head we actualy laugh. Even on a bad day we calear $1000 in under an hour.) Also, even if your letter reaches a real person (and, with Amazon I have my doubts-- we get a lot of customers who tell us their comments, complaints and qustions just languish with those bastards), the person it'll reach is a schmoe like me, sitting on the absolute bottom of the corporate and economic ladder. Don't bluster, don't threaten, don't write IN ALL CAPS-- just preserve your dignity. Walk away.
In this case faster application of existing techniques is tantamount to it being a whole new field. The major limiting factor that makes any modern cryptosystem secure is time. Once we get beyond our current, Micky Mouse qubit limitations, adding one more bit will be trivial. While 41-bit crypto is currently exponentially more difficult to crack than 40-bit, for a QC it will not increase the difficulty at all. Adding bits to the key size, under QC, is analogous to adding another lock to your front door that uses the same combination. I.e., it takes a lot more effort for you to implement the new-lock (sawing, drilling, trips to the hardware store...) then it takes an intruder to enter that same comnination a second time. -"S"HM
Quantum Computing permits acting upon every possible input to an algorithm simultaneously. It'll render all current crypto-systems (save for know-if-they're-eavesdropping systems like Quantum Crypto, which isn't really encryption, exactly) obsolete. A brute-force attack would be down to two steps, each of which would take a trivial amount of time: 1) generate all possible keys and 2) run them through your algorithm and see what comes out. Folks have already developed database searching algos for Quantum Computers, which would make brute-force attacks (even on wicked-big RSA keys) a breeze (noting that you'd have to save every output that every key generated, and then check those for being possibly meaningful text rather than garbage. Again, a trivial job, time wise.) The only real problem, then, is nailing down memory of sufficient size to hold your temporary files and results.
I totally agree. PDAs are a god-send to avid account-holders. If you-all like these apps, you'll love Cipher. It's a freeware implementation of 128-bit IDEA for the Palm OS. Encrypts Memos using the clipboard, so all backups are also encrypted. Very cool. I swear by this prog; Holger is now my second-favorite German (first is Hacker-Pschorr.) -"S"HM
First off, let's stop whipping out that old saw about "anything is possible" and "1,000 monkeys on 1,000 typewriters would eventually write Shakespeare." That's utter crap. 1) no one has infinite time. If you can't get the medical records before the slob dies, then it doesn't matter. 2)1,000 monkeys could very easily *choose* to just hit the space bar until they all croaked. No Shakespeare. So, let's stop with this defeatist "there's no hope of protecting yourself" crapola.
A shiny penny to everyone who said that the major problem here is on the user end. There's no need to implement expensive, commercial propucts like retinal scanners or iButtons. Using SSL and even something as basic as well-implemented.htaccess (i.e., "well-implemented" meaning not storing your.passwords in a publicly readable directory), the weak link is always the user-selected password. So, either 1) force the user to use a "passphrase" (and really FORCE it-- not just say "hey, use a passphrase." Reject anything less than 7 words, or somesuch thing) or 2) issue each user a passphrase. It'd be elementary to set up a script that would, for example, choose a 4 or 5 word sample from, say, the Guttenberg Project(some 1500 works of english lit.) and issue it to the user as his/her passphrase. Sure, there'd be a set "dictionary" of phrases to be used in a brute-force attack, but if the passphrase was an arbirtrary number of words between, for example, 4 and 9, and case-sensitive, with the possibility that the passphrase-issuing-script might alter captilization, then it would still be an intractable cracking problem.
A glance through the article reveals that tampering with the case (it would basically be a piece of laminated, flexible circuit-board with no "true", hard-plastic case) would ice the whole phone. I guess, where there's a will there's a way, but still, it looks like they've got tamper-proofing in mind in their design.
Also, side-note, is it just me, or have most of the folks who posted in response to this not read the article? Whatever happened to looking before leaping?
One aspect of these relaxed regs, highlighted by Wired News but ignored pretty much everywhere else, is that investigators will no longer need to reveal their methods for arriving at a plaintext from a cryptotext for which they had no key. There are some scary implcations to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, they could take an encrypted doc which they could positively attach to the defendant, and then present in court ANY plaintext as being its source. They could make up the foulest, nastiest, most incriminating thing in the world and claim it is the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investegators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key. I.E., in the end, she would be giving up the one thing that protected her. Any even worse scenario: another clause in these regs permits courts to subpeona private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defandant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummed-plaintext trump card, she would be put in the positin of either 1) going to prison for heinous crimes she never even considered commiting or 2) admitting to perjury. This is a very-much bad situation that we, as citizens, are being put into. The NSA, agains, has designed a brilliant protocol.
Slashdot Mirror
The best way to do this would be to prey upon these lawyers' apparent willingness to name Doe parties who they do not know to positively be actual, descrete, US-law-bound human beings. If one were to set up an autonomous agent which would open free website accounts (a la geocities, angelfire, etc.)and set up download sites featuring the LiVid and DeCSS source code . . . Well, you could certainly tie the lawyers up, trying to hunt down and sue a John Doe which just ends up being a lone perl script running from a free shell account.
Again, food for thought, snacks for synapses.
Neither Ben nor I ever claimed that we don't live in the most violent and wonderful nation on earth. I never claimed that the electric chair was the best seat in the house. I never beat my slaves.
Also, at the threat of sounding like I'm issuing a flame of some sort, 1) National Socialism, by its very nature, was Socialism, so it wasn't exactly super-capitalism by any streatch. 2) I wasn't even alive for any u-boat attacks on the eastern seaboard, plus these were relatively few, and I've yet to meet a living American who is very bitter about them. 3) this isn't about citizens of the former Societ Union being bad or evil or pinkos-- this is about one lone, crazy guy who's rousing more rabble than the Klan.
Someone moderate me down, I'm writing mad and raving offtopic.
In support of Ben's observation-- as well as his analogy-- we should all bear in mind that Herr Hitler never had more than roughly 33% of the popular vote in Germany. Look at what a glorious mess he made with just 1/3 of the people. That Big Z (Newsweek, in an unchracteristic moment of decent writing, once dubbed him the "Laughing Fascist") currently only has an 8% market share is cold comfort.
The Cold War was more a piece of Nazi handiwork than is initially apparent. Check out Martin Lee's The Beast Reawakens: Lee makes a strong argument indicating that the Cold War was sown and cultivated by ex-Nazis who were folded into the KGB and CIA post-WWII.
Again, recognizing that this is thoroughly off-topic, it is nonetheless fascinating. Lee's book is a very good read: elucidating and wonderfully well written (Lee was a poet for years before he took up investigative journalism.) Go buy yourself a copy at Amazon.com-- lord knows that the poor devils need the money.
When without loss of blood he reduced Czechoslovakia to a German puppet state, forced a drastic revision of Europe's defensive alliances, and won a free hand for himself in Eastern Europe by getting a "hands-off" promise from powerful Britain (and later France), Adolf Hitler without doubt became 1938's Man of the Year.
-Time Magazine, Jan 2, 1939.
I'm not saying Time. was unaware of what Hitler was up to-- nor that the folks at Amazon are Nazis-- only that it's a dubious honor to be Time's Man of the Year.
Also, I'm clearly way off topic now. Very sorry.
In other words, this nomination is a mixed blessing, at best.
"...entire swaths of society will be deemed worthwhile to forcibly teach not to trigger the dumb(by human standards) sensor arrays. ...
I guess we don't really need to wait for this tech to be applied-- dumb sensor arrays are already being triggered to pull triggers, so to speak.
As usual, food for thought.
-"S"HM
Again, food for thought.
-"S"HM
"So, Mrs. Jones, you expect us to believe that you can positively remember not raping and eating babies on the evening of May 3, 1989?"
"Yes, I neither raped nor ate a baby ever, including May 3 of 89."
"Well, this is strange to me, that you can so positively recall not doing something. May I remind the court that this is the very same Suzy Jones who on Monday could not remember her 98 character passphrase, but on Tuesday suddenly was gifted with total recall, not erring by a single character, despite the fact that this 'passphrase' is, to you and I, nothing more than a nonsensical string of uppercase letters, lowercase letters, numbers and punctuation. Will you, perhaps, tomorrow remember eating these babies, ma'am?"
Again, food for thought. Let me reiterate how much I appreciate all of this feedback. Please, everyone, feel free to drop me an e-mail as other angles on this situation occur to you. I'm always anxious to hash this over.
-"S"HM
the court requests that she divulge her private key. She refuses, claiming to not be able to remember the key (just about her only recourse, short of simply giving them the key.)
the law enforcement agency brings forth their cryptotext and dummied plaintext, which reveals the defendant to have been embroiled in all manner of nefarious business.
the defendant's only defense is to come forward with the session key, which she can only retrieve with her private key-- QED she knew the key all along. Perjury. Unless she's the president, she's going to get hucked into teh slammer.
I don't want this nit-picking to detract from your point: the session key angle is good, and I'm really glad that you brought it forward. Goes to show that you can't keep a good algo down.
If we can find a way out of the "perjury trap," I'll finally get to sleep soundly again. -"S"HM
In the latter case, the defendant would have to expose her private encryption key to the courts (seeing as how persons being prosecuted definitely don't retain the right to keep their encrypt/decrypt methods secret.) Thus, she'd, again be forced into giving herself away to one extent or another.
-"S"HM
One would suspect this-- I'd love for it to be the case-- but it won't be, not if the Clinton Admin's present stance becomes policy. The specific power that law enforcement agencies would be granted would be the right to not have to reveal how they arrive at plaintext (similar to the right law enforcement currently has to not reveal sources of "anonymous" tips.) The right to not-reveal would include the power to not have anyone looking over their shoulder (who has oversight over the NSA?) Remember, this isn't like a lawyer wandering in with his own evidence; this is the cops wandering in with their own evidence-- which is entirely normal.
I recognize that this reads as paranoid clap-trap, but I do believe this threat is very real. Witness the kinds of abuses committed by the Phillie PD or LAPD, each of which are currently being investigated on several thousand counts of fabricating evidence, as well as sundry other abuses.
(pardon the spelling-- I'm in a hurry) -"S"HM
Maybe I've seen "Conspiracy Theory" one too many times, there seem to be some scary implications to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, then they could conceivably take an encrypted doc which they could positively attach to the defendant (i.e. an encrypted document the defendant admits to, or can be convincingly illustrated to a court of law to be, the owner of) and then present in court ANY plaintext as being its source. These investigators (and, under the new regs, this would include domestic-charter, as well as foreign-charter, law-enforcement) could make up the foulest, nastiest, most incriminating admission in the world and claim it to be the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investigators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key (the latter, of course, being a far more damning exposure than the former, assuming she uses strong crypto.) I.E., in the end, she would be giving up the one thing that protected her. Even if the case is thrown out of court (which, God-willing, it would be, seeing as how the investigators would have to admit to submitting false, or at least spurious, evidence,) the defendant would still be up a creek, as all her past and present encrypted data would be exposed.
Any even worse scenario: another clause in these regs permits courts to subpoena private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defendant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummied-plaintext trump card, she would be put in the position of either 1) going to prison for heinous crimes she never even considered committing or 2) admitting to perjury.
This would seem to be a very-much bad situation that we, as citizens, are being put into. The NSA, again, has designed a brilliant protocol.
Just food for thought. This is the sort of thing that keeps me up late, watching TV and talking to the dog.
-"S"HM
(that "stupidest idiots on the planet" thing is a direct quote-- and not a horribly exceptional utterance, either.)
"S"HM
The fact of the matter is that the only thing that hurts online booksellers (esp. those of Amazon's caliber) is bad press-- like that which Slashdot is stirring up. Bad press makes investors wary, and if the investors get skittesh folks like Amazon will go belly up. In a very real way-- and this is counter-intuitive; to most old-school businessmen it sounds impossible-- places like Amazon aren't about making money through actual sales. They live off of hype, stock sales and advertizing. Sure, that's gonna change, but it hasn't yet.
If you cut off Amazon's hype-supply-- via bad press (witness that "buying circles" fiasco, or their current Mien Kampf debacle) they'll dry up like amoebae on a dry table top.
"S"HM
Also, even if your letter reaches a real person (and, with Amazon I have my doubts-- we get a lot of customers who tell us their comments, complaints and qustions just languish with those bastards), the person it'll reach is a schmoe like me, sitting on the absolute bottom of the corporate and economic ladder.
Don't bluster, don't threaten, don't write IN ALL CAPS-- just preserve your dignity. Walk away.
-"S"HM
-"S"HM
Quantum Computing permits acting upon every possible input to an algorithm simultaneously. It'll render all current crypto-systems (save for know-if-they're-eavesdropping systems like Quantum Crypto, which isn't really encryption, exactly) obsolete. A brute-force attack would be down to two steps, each of which would take a trivial amount of time: 1) generate all possible keys and 2) run them through your algorithm and see what comes out. Folks have already developed database searching algos for Quantum Computers, which would make brute-force attacks (even on wicked-big RSA keys) a breeze (noting that you'd have to save every output that every key generated, and then check those for being possibly meaningful text rather than garbage. Again, a trivial job, time wise.) The only real problem, then, is nailing down memory of sufficient size to hold your temporary files and results.
I totally agree. PDAs are a god-send to avid account-holders. If you-all like these apps, you'll love Cipher. It's a freeware implementation of 128-bit IDEA for the Palm OS. Encrypts Memos using the clipboard, so all backups are also encrypted. Very cool. I swear by this prog; Holger is now my second-favorite German (first is Hacker-Pschorr.) -"S"HM
A shiny penny to everyone who said that the major problem here is on the user end. There's no need to implement expensive, commercial propucts like retinal scanners or iButtons. Using SSL and even something as basic as well-implemented .htaccess (i.e., "well-implemented" meaning not storing your .passwords in a publicly readable directory), the weak link is always the user-selected password. So, either 1) force the user to use a "passphrase" (and really FORCE it-- not just say "hey, use a passphrase." Reject anything less than 7 words, or somesuch thing) or 2) issue each user a passphrase. It'd be elementary to set up a script that would, for example, choose a 4 or 5 word sample from, say, the Guttenberg Project(some 1500 works of english lit.) and issue it to the user as his/her passphrase. Sure, there'd be a set "dictionary" of phrases to be used in a brute-force attack, but if the passphrase was an arbirtrary number of words between, for example, 4 and 9, and case-sensitive, with the possibility that the passphrase-issuing-script might alter captilization, then it would still be an intractable cracking problem.
Again, just my 2-cents.
-"S"HM
A glance through the article reveals that tampering with the case (it would basically be a piece of laminated, flexible circuit-board with no "true", hard-plastic case) would ice the whole phone. I guess, where there's a will there's a way, but still, it looks like they've got tamper-proofing in mind in their design.
Also, side-note, is it just me, or have most of the folks who posted in response to this not read the article? Whatever happened to looking before leaping?
One aspect of these relaxed regs, highlighted by Wired News but ignored pretty much everywhere else, is that investigators will no longer need to reveal their methods for arriving at a plaintext from a cryptotext for which they had no key. There are some scary implcations to this. Specifically, if investigators cannot be compelled to reveal how they decoded encrypted info, they could take an encrypted doc which they could positively attach to the defendant, and then present in court ANY plaintext as being its source. They could make up the foulest, nastiest, most incriminating thing in the world and claim it is the plaintext. With a decent algorithm (i.e. ANY strong algo) there is NO WAY to verify that a plaintext and cryptotext match up without the key (that's the point of encryption, for godssakes.) As the investegators cannot be made to reveal HOW they got plain from cipher, the only defense the defendant could make would be to decrypt the doc in question before the court herself, and that would require her to expose to the court her cryptosystem and key. I.E., in the end, she would be giving up the one thing that protected her. Any even worse scenario: another clause in these regs permits courts to subpeona private keys (previously considered unconstitutional, as it forces a person to incriminate herself.) If the defandant refused to do so, claiming to have forgotten the key, and the prosecution later played its dummed-plaintext trump card, she would be put in the positin of either 1) going to prison for heinous crimes she never even considered commiting or 2) admitting to perjury. This is a very-much bad situation that we, as citizens, are being put into. The NSA, agains, has designed a brilliant protocol.