On Sun, 13 Oct 2002, Tyler Durden wrote: > "And of course you can package 'strong' encryption into a 'weak' encryption > envelope, so you will only know that 'strong' encryption has been used after > you've broken the 'weak' envelope." > > Oh yeah. Interesting. Of course, this would be done only if the sender knew > or supected how mass-scanning might be done. And so the existence of another
Come on, do the math. There's a lot of traffic travelling all over the world right now. The volume still grows, albeit not at the projected hyperexponential rate. Assuming you don't tap decentrally (because that amount of hardware is a bit hard to hide, and thus hampered by such silly things like warrants (even rubberstamped), and feds installing boxes in ISPs racks and issuing gagging orders to abovementioned), you use the fact that the network topology is mostly a tree (so make it a mesh, then), and tap high speed lines (fiber). While I assume that there you can screen and filter if it's cleartext with lots of dedicated hardware, you're absolutely screwed if it's even 'weak' encryption. At these data rates you'll have trouble even computing the entropy of the data stream as it streams through your FIFO. Storing all of it is impractical, so you have to restrict yourself to extremely targeted (by source/origin, or the tag, assuming there is one). > level of heavier encryption (see next paragraph) might be a tip off that > this is not simply a financial transaction. 1) while I haven't done the numbers I would say there's maybe 10-20% of all traffic that is 'weak' encryption vs. 90-80% 'strong' encryption. Even if it's as bad as 50%/50% it is still completely irrelevant. 2) to tell whether there's something inside you have to break it. That's why I consistenly say 'weak' instead of weak. > But, it occurs to me that in some cases what might be done to determine the > presence of hard encryption is for hardward to attempt to decrypt it for a > certain fixed time, and if there's no success with X > minutes/hours/milliseconds or whatever, then one assigns a certain Or days, months, years, centuries, or whatever. On several megabucks worth of hardware. > probability that said message has been encrypted using something stronger > than the International version of Bogus Notes (for instance). But of course, Why should we concern ourselves with users of broken crypto? It's their problem, not ours. Since they're but a fraction, the use of strong crypto all by itself (assuming, you can tell, which is a high threhold) is not incriminating. > I'm willing to concede that at his point I'm talking completely out of my > arse. (That will change when I get time to do some real homework in this > area, however.)