Cryptography-Digest Digest #706, Volume #10 Wed, 8 Dec 99 20:13:02 EST
Contents:
Re: Ellison/Schneier article on Risks of PKI ("Lyal Collins")
low exponent in Diffie-hellman? (jerome)
Re: Synchronised random number generation for one-time pads (Doug Stell)
Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir (Paul Koning)
Re: PCI Cryto Card (Paul Koning)
Re: Johnson Device ("Kasper Pedersen")
Re: NSA should do a cryptoanalysis of AES (SCOTT19U.ZIP_GUY)
Crypt FAQ Comments (section 9.5) (Erik Kraft)
Re: NSA future role? (JCA)
Re: Frequency results of twofish and serpent. (Johnny Bravo)
Re: Frequency results of twofish and serpent. (Johnny Bravo)
Re: NSA future role? (albert)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: AES cyphers leak information like sieves (Tim Tyler)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: Solitaire analysis? ("r.e.s.")
Re: NSA should do a cryptoanalysis of AES (Tim Tyler)
Curious Phenomena....Re: High Speed (1GBit/s) 3DES Processor ("Casey")
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (Steve K)
----------------------------------------------------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: Ellison/Schneier article on Risks of PKI
Date: Thu, 9 Dec 1999 08:16:29 +1100
>Note that I'm not shooting down the whole notion of a PKI. For the most
part,
>I believe that a PKI infrastructure is a Good Thing, because it's a lot
easier
>to keep track of one root certificate and to keep secure one PKI server
than
>it is to secure entire networks full of certificates and servers. But PKI
is
>not the panacea that has been claimed, it is just one tool in the toolkit
for
>keeping a network secure.
I thought that was one point of the article. PKI is not
secure/reliable/trustable (choose the term of your preference) unless the
entire network of machines and certificates are equally secure.
This complexity and effort is roughly equivalent to that required in a
symmetric key system.
>Eric Lee Green [EMAIL PROTECTED]
>Software Engineer Visit our Web page:
>Enhanced Software Technologies, Inc. http://www.estinc.com/
>(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: low exponent in Diffie-hellman?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 08 Dec 1999 21:17:41 GMT
i perform a calculation g^x mod p. g=2 and p a prime of 768bits.
The algorithm i used is based on the 'square and multiply'
exponantiation so the smaller x is, the faster is the computation.
as far as i know the only constraint for x is to be 0 > x > p-2.
can i reduce x to 128bits (enougth to prevent a brute force) ?
or there is a special attack for the low exponent ? (some RSA
implementations got issues about that but i don't have the papers
so i can't say if it can be used against Diffie-hellman)
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Synchronised random number generation for one-time pads
Date: Wed, 08 Dec 1999 21:03:43 GMT
On Tue, 7 Dec 1999 22:22:02 -0000, "Charles Meigh"
<[EMAIL PROTECTED]> wrote:
>With regard to one-time pads, which I keep reading as being the most secure
>form of encipherment, it appears that a major problem is the distribution of
>the completely random keys. This is exacerbated by the need for more keys
>for more messages, and larger keyspaces for larger messages (I think).
Correct.
>Would it be practicable to set up a system that creates the random numbers
>for the key from some globally consistent, 'natural' source like, say,
>cosmic radiation readings; the sender and receiver obviously having had
>exchanged brief, secure messages agreeing on exactly when to take these
>key-generating readings? You could then (if i'm thinking right) create as
>many completely secure one-time pads as you like, without the overhead of
>distributing vast amounts of data first, just your synchronising messages.
In the practical world, we frequently run pseudo-random number
generators (PRNG), which are "seeded" by some suitably large secret.
Obviously, this is only as secure as the seed and PRNG
implementation., but this is still very secure.
If seeds are exchanged securely and shared by both parties, then their
respective PRNGs can generate a large amount of identical key stream.
Of course, the two ends need to maintain synchronization and your
protocols have to be designed to facilitate resynchronization without
loss of security.
What you are really asking is whether or not the two parties can
independently create their seeds from some secret procedure and common
data. This simply abstracts the problem of exchanging the secret seed
to one of exchanging a smaller secret procedure. We would have to
assume that an adversary has access to the body of data that the
procedure works on. For example, on the i'th day of the month, we can
hash page (i+n) mod 31 of an online copy of that day's Wall Street
Journal and use that to seed the PRNG that day. Security is reduced
simply knowing the secret procedure, regardless of how much publically
available natural data it uses.
You rapidly come to realize that conventional encryption techniques
and common key management mechanisms give you good enough security
with acceptable levels of difficulty. More difficulty doesn't always
result in more security.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir
Date: Wed, 08 Dec 1999 16:20:40 -0500
Jim Dunnett wrote:
>
> On Mon, 06 Dec 1999 16:32:21 -0500, [EMAIL PROTECTED] wrote:
>
> >Cell Phone Crypto Penetrated by Declan McCullagh
> >
> >10:55 a.m. 6.Dec.1999 PST
> >Israeli researchers have discovered design flaws that allow the descrambling of
> >supposedly private conversations carried by hundreds of millions of wireless
> >phones.
> >
> >Alex Biryukov and Adi Shamir describe in a paper to be published this week how a
> >PC with 128 MB RAM and large hard drives can penetrate the security of a phone
> >call or data transmission in less than one second.
Is this a real-life confirmation of the already well known fact
that the digital cellphone cipher is lousy? At least I remember
reading about the flaws of those ciphers quite some time ago.
It doesn't sound like the "designers" of that stuff have learned
any lessons either, from the stories about recent revisions...
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: PCI Cryto Card
Date: Wed, 08 Dec 1999 16:22:28 -0500
Arthur Dardia wrote:
>
> Great new product out for webmasters that need to improve SSL
> performance for their e-stores, check it out:
>
> http://isg.rainbow.com/products/cs_1.html
Interesting.
I think you can get the same performance at quite a lot lower
cost from Hi/fn, in a single chip...
paul
------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: Johnson Device
Date: Wed, 8 Dec 1999 23:18:26 +0100
Kurt Fleißig <[EMAIL PROTECTED]> wrote in message
news:82eau6$do$[EMAIL PROTECTED]...
> Sorry,
>
> does anybody use an hadrware device to obtain from the thermodynamic
> Johnsons's effect of the Pc's sound blaster a big bit's chaotic stream for
> one-time-pad encryption?
>
> Thanks a lot!
> K
I built one because I needed a large volume of 'good' bits. It's on
http://random.subnet.dk
(yes, the page is ugly, and it's supposed to be. There's a rundown of the
function, complete with math)
This is a >80kHz BW noise source with an output in the +-1V range. I didn't
use a soundblaster, though, I used a comparator and a digital input port. It
produced 'good' bits at 160kHz sample rate.
But if you really want the SB input, that's easy. Just don't add the slicer.
The prototype is still connected to my workstation, and I do still use it
occasionally. Making it near-immune took quite a few tricks, as can be seen
if you look at the first stage on the schematic.
/Kasper Pedersen
'good'=with the desired statistical properties for being key material, apart
from a very slight bias.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Wed, 08 Dec 1999 23:14:58 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> One way would be to rule keys that where obtained through other
>> means. Example if your toture someone into giving a key. The key
>> could be tested.
>
>But, the key can be tested even with one-on-one encryption.
>I don't think there *is* a practical defense against such an
>attack, other than making sure that the key is not known (in
>the sense that they could divulge it) to the legitimate
>communicants.
Since we are being hypathetical. lets assume our Jewish
friends have captured 3 Moslem terroists. And that Isreally
intellagnce knows that 3 three have encrypted the message
Such that the first one encrypted the message. THen gave
the message to the second guy and that guy gave it to the
third guy. So the Isreals start there normal torture methods
to get the keys. Lets say they only have one good german
doctor who is an expert at torture and they only want to have
him torturing one person at a time. Hes an old doctor from
germany. If it is know they used an inferior program that used
non one to one compression. They could keep the expert
trained on torturing the third guy till he gave a key that actually
produce a file that could have been run therough the compression
program and encrypted. But if the Moslems where smart and
used a good compression like mine the State would not know
how to allocate the doctors time since any key the last terroist
gave would look possible. Lets also assume there is a time limit
since the message contains the location of a stoled nuclear
bomb the terroist have planed to blow in a day.
See it can make a difference.
>
>> Two depending on the cipher used whole classes of the key itself
>> may be eliminated from the search space.
>
>That's what I don't see.
Then try playing with encryption and compression methods with the
headers removed. You may be surprised.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Erik Kraft)
Subject: Crypt FAQ Comments (section 9.5)
Date: Wed, 08 Dec 1999 22:51:19 GMT
The sci.crypt FAQ mentions posting corrections to the FAQ directly to the
group because the maintainer address is out of date. So, to whomever is
maintaining the FAQ....
Please make the following change to the sci.crypt FAQ. Section 9.5
Following changes made:
Corrected mail address.
Added URL for web site.
Rewrote description of ACA
************
9.5. What is the American Cryptogram Association, and how do I get in touch?
The ACA, formed in 1929, is a non-profit organization devoted to
disseminating cryptographic knowlege. Anyone with an interest in
cryptography is welcome to join.
Every two months members receive the ACA journal "The Cryptogram". Each
issue contains articles about ccryptanalysis and roughly 100 cryptograms
encrypted in a variety of systems. An annual convention held each August.
Dues (includes a subscription to "The Cryptogram") are $15 per year; more
outside North America; less for students under 18 and seniors. New
members are charged a one-time fee of $5 and receive a book explaining
various encryption systems.
For more information, write to: ACA Treasurer, 1118 Via Palo Alto, Aptos,
CA 95003 or visit their web site at
http://www.und.nodak.edu/org/crypto/crypto/
************
Thank you
--
Erik Kraft
[EMAIL PROTECTED]
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Wed, 08 Dec 1999 14:56:29 -0800
CLSV wrote:
> albert wrote:
>
> > If you walk into the library of the University of Michigan, you can actually find
> > all you need to know as far as how to make a nuclear bomb.
>
> One of those myths started by popular science magazines.
Actually, it is true. However, you are right in that popular science magazines
have been responsible for misleading one into thinking that just about anyone could in
fact build a nuclear bomb.
There is a long distance from the (well-understood) theoretical underpinnings of
nuclear weapons to their realization. No clever clogs kid, or underfunded terrorists
are likely to put together one any time soon.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Frequency results of twofish and serpent.
Date: Wed, 08 Dec 1999 18:32:34 GMT
On 8 Dec 1999 08:10:01 -0000, Paul Crowley <[EMAIL PROTECTED]>
wrote:
>56 trillion bytes of ciphertext were analysed: the duplicate
>probability seems to be (1/256) + (1/2^24).
>
>Further details on http://www.hedonism.demon.co.uk/paul/rc4/
Oops, faulty memory, it had been a while and I had forgotten where I
had seen that. Thanks for the link.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Frequency results of twofish and serpent.
Date: Wed, 08 Dec 1999 18:36:48 GMT
On Wed, 08 Dec 1999 14:37:40 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>I can't beleive that after encrypting data properly their are no
>non-ascii bytes with any high freq. Maybe your implementation is
>flawed? Also 200kb is a small subset. Realistically you want a larger
>test file
Maybe he was using 1/2 bytes. Giving any full byte as two
hexadecimal values and counting each separately. Just as an
experiment I ran the same test on full byte values for a 200 MB
blowfish encrypted file and the distribution matched to two decimal
places for every value [0..255]
Best Wishes,
Johnny Bravo
------------------------------
From: albert <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Wed, 08 Dec 1999 23:56:18 GMT
> There is a long distance from the (well-understood) theoretical underpinnings of
> nuclear weapons to their realization. No clever clogs kid, or underfunded terrorists
> are likely to put together one any time soon.
Agreed. I'm saying, it would be almost silly to think that with a little elbow
grease, I
couldn't get books on theories, measurements etc... all the "raw" data I need to
build a
nuke. But I'd say gettin' the U's and P's needed for the bomb is a totally different
story...
Again, we all know that there is no different between theory and practice in theory;
but
they do differ in practice.
Albert
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 8 Dec 1999 23:44:44 GMT
Dave Knapp <[EMAIL PROTECTED]> wrote:
: On Tue, 7 Dec 1999 15:17:41 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>The idea that false detections will be random is not necessarily
:>correct. Cosmic ray frequencies are influenced by sunspot activity,
:>for example.
: Just for the record: the above is nonsense. Just Plain Wrong.
Jeesus, it seems I can't say anything on sci.crypt these days without
getting jumped on ;-)
Look, to quote from: http://www.ifctr.mi.cnr.it/Ulysses/longterm.htm
``The 11-year solar cycle is shown in the lower panel of the Figure where
the monthly smoothed sunspot number is plotted as a function of time for
the last four cycles. The cosmic ray intensity as measured by the Climax
and Kiel neutron monitors and is shown in the upper panel. The two
curves are 180 degrees out of phase. Close to the sunspot maximum we
have an intensity minimum and vice versa. This anticorrelation is
essentially due to the cosmic ray propagation conditions that change
with the phase of the solar cycle. The " + " and "- "signs in the upper
panel refer to the polarity of the solar polar magnetic fields. A
"plus"sign indicates a time period where the magnetic field at the
North (South) pole of the Sun is directed outwards (inwards).''
*Perhaps* you thought I was talking about the frequency of the *radiation*
rather than the frequency of the rays hitting the Earth - and didn't
consider the other interpretation.
I severely doubt the frequenceis of the radiation are completely
unaffected by sunspot activity, either FWIW - but no discussion
of the issue, please - since the topic is /supposed/ to be
cryptography.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
It's on that one - the sixth unlabeled floppy down.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Reply-To: [EMAIL PROTECTED]
Date: Wed, 8 Dec 1999 23:35:24 GMT
Volker Hetzer <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> I'm not saying you have knowledge of /every/ dictionary entry (i.e. block).
:> You don't need to know the key at all.
:>
:> My figures were (the extremely high) 1/8 of the blocks as a target.
:>
:> If your blocks do not affect one another - and you can compile this type
:> of dictionary from a known portion of the message - then you can use it to
:> decrypt the rest of the message.
:>
:> This is a type of known-partial-plaintext attack, which gets harder very
:> rapidly as the block-size increases.
: Run that by me again.
: Do you collect encrypted blocks from intercepted communications?
Yes.
: If yes, then surely the total number of messages sent becomes the
: limiting factor way sooner than the blocksize?
That depends on how large a typical message is, and how large the blocks
are.
It is not necessarily true that you won't have enough message for the
attack to be used, if the size of the blocks is relatively small.
I doubt this attack is a likely one against common modern systems - but
it /is/ an example of a type of attack where doubling the block size
(without changing much else) results in more than twice the work load for
the attacker - which was, I believe, what I was asked to produce an
example of.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Love is grand. Divorce, forty grand.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 8 Dec 1999 23:55:46 GMT
Dave Knapp <[EMAIL PROTECTED]> wrote:
: On Tue, 7 Dec 1999 15:05:34 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>You don't seem to see the problem. Detecting single photons is not
:>really a big problem.
:>
:>Detecting them in such a way that no bias in introduced into the
:>(supposedly) random quantum behaviour *is*.
: How about an upper limit on bias? That can quite easily be arranged
: by making the energy of the photon sufficiently large.
An upper limit on bias /should/ not be *too* difficult.
Of course your opponent /may/ have surreptitiously completely replaced
your photon-detector with the pesudo-random number generator of his
choice, that outputs a digit for every photon received. You still have to
be /very/ careful if you want to make any sort of oncrete statement
about security.
: Of course, in not explaining that further I am (vainly,
: perhaps) hoping that your ignorance of statistics isn't as gross as
: your ignorance of physics.
Get stuffed, Dave. I don't have to put up with your baseless insults
here, thanks.
: Maybe you should learn a little bit of physics before pronouncing on
: it as if you were an expert.
What do you know about my background? If you could point to some
incorrect statement I have made, you might support your assertion
rather than leaving it hanging as a sort of groundless insult.
My statements in this thread have required very little of my physics
educucation. They are pretty basic common sense - that in practice
you can only very rarely get a perfect *anything*.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Love conquers all except poverty and toothaches.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Solitaire analysis?
Date: Wed, 8 Dec 1999 16:04:58 -0800
"Paul Crowley" <[EMAIL PROTECTED]> wrote ...
: "r.e.s." <[EMAIL PROTECTED]> writes:
:
: > Anyone know if there have been published analyses of
: > Bruce Schneier's "Solitaire" algorithm?
: >
: > The few postings I've seen claim a detectable bias in
: > letter frequencies, but I don't know how reliable those
: > are. (Especially since they say the algorithm isn't
: > reversible -- whereas it sure looks reversible to me.)
: > So I wonder if I'm misunderstanding something, or if
: > the algorithm now on Counterpanes's website might be a
: > significantly different revision.
:
: Gosh, two chances to blow my own trumpet in one day. See
: http://www.hedonism.demon.co.uk/paul/solitaire/ for details on this
: bias.
:
: I thought it was reversible when I read it too, but it definitely
: isn't: a state in which the A joker is second from the top has two
: predecessor states, one where A is on the top, the other where it's on
: the bottom. In correspondence with Bruce it seems that this is a bug,
: and the "official" version of Solitaire will simply move A to the top
: if it's on the bottom.
:
: hope this helps,
Yes it does, thanks, and the irreversibility is clear now.
(Looks like the B joker has the same problem when it's third
from the top.) The fix you mention would make sense, too.
If the gap between bottom & top cards is itself thought of
as a "55th card", then the rules for advancing the jokers
are simply that the A joker always jumps over one card, and
the B joker always jumps over two cards, in circular sequence.
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Reply-To: [EMAIL PROTECTED]
Date: Thu, 9 Dec 1999 00:11:57 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: "SCOTT19U.ZIP_GUY" wrote:
:> One way would be to rule keys that where obtained through other
:> means. Example if your toture someone into giving a key. The key
:> could be tested.
: But, the key can be tested even with one-on-one encryption.
I *think* you mean compression. The *ideal* compression method (ideal in
terms of compression ratio) for the target traffic would produce
plausible-looking outputs for every key.
In practice, this is a) probably unattainable and b) perhaps unwise -
this would result in knowledge of the decompressor giving the
opponent a flavour of the type of traffic expected to be transmitted.
*Perhaps* ideally, possible decrypted, decompressed messages should
reflect the attacker's expectations - alas, not always possible if there
is more than one attacker ;-)
Anyway, the point is that with good compression, it may not be possible to
reject a false key; because it will decompress to something that looks
like a realistic message.
Such good compression for text is a little far-fetched - but with other
data types, it may be more realisitic.
To summarise, one-on-one compressionm does not allow keys to be rejected,
if all the possible decrypted messages look as though they might be
plausible.
Certainly the decompressed decrypted-with-wrong-key messages may have
English-text-like statistics, and it may be difficult to reject them by
an automated system.
OTOH, if the first two blocks indicate the message is not a possible
compressed file (as is common with sliding window compression, or
dictionary-based LZ schemes - where a non-existent "dictionary
entry"/previous plaintext section is referenced) then that key can be
discarded immediately, without even bothering to decrypt or
decompress the rest of the file.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Man who jumps through net curtain likely to strain himself.
------------------------------
From: "Casey" <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.vpn,comp.security.firewalls
Subject: Curious Phenomena....Re: High Speed (1GBit/s) 3DES Processor
Date: Thu, 09 Dec 1999 00:53:51 GMT
Hi Paul. I was wondering... Starting with the post you made on or about
11/17 on this thread, everytime I read messages from you, I get a window
panel that says I should download a Japanese symbol interpreter. It is only
messages that you originate. Subsequent messages on the thread from other
people don't require it, but subsequent messages from you on the thread do.
Any ideas why?
Casey
Paul Koning <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Helger Lipmaa wrote:
> >
> > ...> I would say 1Gbit/s does not surprise me at all - in particular
since
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 09 Dec 1999 01:01:19 GMT
On Wed, 08 Dec 1999 14:16:41 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Resisting a criminal will not get you prison time.
Unless he is carrying a badge. Or a gavel. Then, attempting real
resistance will get you summarily shot, and properly so. Something
about national sovreignty, if I remember my political science
defnintions.
>Obstructing justice, by
>activatiing a disk wiper or a thermite charge will definitely get you in
>trouble with the justice system. Look into the procedures for seizing
>computers.
>Booby traps such as thermite charges are also liabilities because (i) they are
>dengerous in themselves, (ii) may be criminal under the US BATF "destructive
>devices" regulations wich require a $5 license for each, (iii) endanger the
>information being protected.
It was a silly example. Let's replace it with this:
You have a little box with a little lock. Glued flush inside the
bottom of the little box, is a wire mesh. In the cells of this mesh,
live a few hundred beads, in all colors of the rainbow. They
represent a pass phrase made of the letters r, o, y, g, b, i, and v.
Anyone who picks up the box to examine it, has just effectively
destroyed the data that the pass phrase protects. Bet a nickel they
will even shake it. Key space math, and making the box irresistably
interesting to an intruder, are left as exercises.
That leaves the problem of data lost forever, and a hopping mad
prosecutor whose toy got broke. So for a more practical solution,
accessble to honest citizens who don't want to risk accidentally
destroying their data just to uphold a principle, we can fall back on
steganography.
Make a big low quality .wav file, and use Scramdisk to put your data
inside it. Surrender the keys to your container files on demand, but
don't mention the steganography function.
Illegal? I suppose so, but it is also inevitable. I seem to recall
Lao Tzu saying something about how a corrupt Imperial court passes too
many laws, and makes its subjects as dishonest as itself. And then
there's all that claptrap in the Declaration of Independence, about
God-given inalienable rights...
<--snip some more-->
>> Unfortunately, we
>> will most likely have to wait for the present generation of
>> politicians to die off and be replaced by people who grew up around
>> computers, before we see any improvement.
>
>Why do you expect to see improvement? I suspect a generation of
>computer-literate politicians will see more opportunities to regulate the
>citizens rather than liberate them.
I guess I am an eternal optimist. I have seen the computer's natural
role in society evolve from Big Brother's ultimate tracking tool, to a
vast network that provides a potential soap box for just about anyone
with something to say. Plus, a high powered cipher machine on John &
Jane Q. Public's desk, at no additional cost. The combination of
personal computers and the Internet creates new opportunities for
citizens to regulate politicians.
Maybe things will get better. I am certain that things will change,
because technology changes people, and computer technology is a
*radical* change in tools. We are presently under the dominating
influence of a generation raised on television, the greatest
propaganda medium ever devised. If the Internet fulfills its
potential for decentralizing mass media, we might see some big changes
as "these kids today" grow up in a world where grass roots political
factions and international "have-nots" are rapidly acquiring the
means for making high quality propaganda of their own, and
broadcasting it to a large audience.
Cryptography adds an element of security, enabling grass-roots and
have-not factions to avoid the likely hazard of being closely
monitored while internally discussing strategy, producing coordinated
action plans, et cetera. Hence the myth of "cyber terrorism," and the
big anti-crypto push, disguised as a clueless and ineffective crime
fighting measure. Fortunately, it's already way too late to take the
crypto tools away.
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
