Thus spake "Iljitsch van Beijnum" <[EMAIL PROTECTED]> > On 29-apr-04, at 7:02, Stephen Sprunk wrote: > > The feds clearly have the power to get through or around encryption > > suspected criminals are using: the FBI reports that there have been > > _zero_ cases nationwide over the past several years where the use of > > encryption has prevented them or other agencies from obtaining the > > evidence needed, even when "secure" tools like PGP, SSL, or IPsec > > are used. > > I have a hard time believing this...
The DOJ was directed by Congress to collect data and report back each year, and while I don't trust any law-enforcement types in general, I do trust in their fear of Congressional inquiries. Besides, given the FBI's past position on crypto, especially key escrow, I have a hard time believing they'd claim crypto wasn't a problem if it actually was -- that's counter-productive for them. > So what do they do? Send a team in to retrieve the key from your > system? Borrow some CPU time from the NSA? The reasons for the FBI's conclusion were not given. It's "common knowledge" that it's cheaper to attack the key-management systems (or the end systems) than the crypto, so that's one possibility. Another is that the existing implementations are flawed in ways that reveal the keys and/or plaintext. Last, it's possible that the plaintext was never recovered and the pattern of communication was enough evidence in itself. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin