Re: [303] If you're sick of crypto talk don't read this (fwd)

[John Young]

What is peculiar about the rejoinders to Lucky's sensible proposal
is the dismissal of it with elaborate affirmations of mathematical
surety, as if there has not been voluminous warnings to never
rely on mathematical surety when weaknesses are far more
likely to be found in the faulty implementation of cryptosystems.

It's as if comfort is to be found in a return to early faith in
chanting unbreakable crypto mathematics to avoid the truth 
that math at any strength is not the solution to comsec, 
rather it is what you promote (and blow sunshine) when 
you don't have a solution to implementation weaknesses 
except to advance the virtues sophisticated security 
monitoring systems.

This waving the flag of mathematical security, coupled
with the need for long-term security monitoring, sure smells
like national security religion, and lucrative it is so long as
nobody can prove its shinola.

Strong crypto systems of super-duper key length are likely
crumbling regularly behind this scrim of mathematical
pin-headedness.

in club we trust (fwd)

[Jim Choate]

[SSZ: This is funny...don't have a clue where the quote came from.] 

Subject: in club we trust

If the IRS cuts down on its audits and enforcement, more people are
going to say, 'The IRS isn't out there with a club, so we can do anything
we want,' warns Congressman Amo Houghton (R-New York), and that will
erode the whole concept of our tax system, which is based on trust.


 --


 The law is applied philosophy and a philosphical system is
 only as valid as its first principles.
 
James Patrick Kelly - Wildlife
   
 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Schneier on Bernstein factoring machine (fwd)

[Jim Choate]

-- Forwarded message --
Date: Tue, 16 Apr 2002 20:44:06 +0200 (CEST)
From: Anonymous [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Schneier on Bernstein factoring machine

Bruce Schneier writes in the April 15, 2002, CRYPTO-GRAM,
http://www.counterpane.com/crypto-gram-0204.html:

 But there's no reason to panic, or to dump existing systems.  I don't think 
 Bernstein's announcement has changed anything.  Businesses today could 
 reasonably be content with their 1024-bit keys, and military institutions 
 and those paranoid enough to fear from them should have upgraded years ago.

 To me, the big news in Lucky Green's announcement is not that he believes 
 that Bernstein's research is sufficiently worrisome as to warrant revoking 
 his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to revoke.

Does anyone else notice the contradiction in these two paragraphs?
First Bruce says that businesses can reasonably be content with 1024 bit
keys, then he appears shocked that Lucky Green still has a 1024 bit key?
Why is it so awful for Lucky to still have a key of this size, if 1024
bit keys are good enough to be reasonably content about?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Supremes Legalize Virtual Kiddieporn

[keyser-soze]

[Considering what a hot button this topic has become its a bit surprising that the 
robbed ones kept this aspect of the 1st intact.  It should be interesting to if 
Congress can craft a new reg which can pass muster.  Meanwhile, look for pedo 
computer games to appear.]

April 16, 2002
Supreme Court Strikes Down Ban on Virtual Child Pornography
By DAVID STOUT

WASHINGTON, April 16  In a case that addresses some of the most fundamental issues of 
technology and morality, the United States Supreme Court ruled today that Congress 
went too far in 1996, when it passed a law that treats virtual or computer-generated 
child pornography as the real thing.

The court held, 6 to 3, that the Child Pornography Prevention Act is overly broad and 
unconstitutional, despite its supporters' arguments that computer-generated smut 
depicting children could stimulate pedophiles to molest youngsters.

The sexual abuse of a child is a most serious crime and an act repugnant to the moral 
instincts of a decent people, Justice Anthony M. Kennedy wrote in the majority 
decision. Nevertheless, he said, if the 1996 law were allowed to stand, the 
Constitution's First Amendment right to free speech would be turned upside down.

Congress may pass valid laws to protect children from abuse, and it has, Justice 
Kennedy wrote. The prospect of crime, however, by itself does not justify laws 
suppressing protected speech.

http://www.nytimes.com/2002/04/16/national/16CND-PORN.html

Hush provide the worlds most secure, easy to use online applications - which solution 
is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? 
http://www.hush.com/partners/offers.cgi?id=domainpeople

Re: [303] If you're sick of crypto talk don't read this (fwd)

[Morlock Elloi]

 What is peculiar about the rejoinders to Lucky's sensible proposal
 is the dismissal of it with elaborate affirmations of mathematical
 surety, as if there has not been voluminous warnings to never
 rely on mathematical surety when weaknesses are far more
 likely to be found in the faulty implementation of cryptosystems.

Still, insistance on the *current public knowledge* about algo security as a
proof for anything is silly.

I do not have a rational explanation for this. Crypto history demonstrates
consistent short-sightedness of public and not so public experts. Granted,
within the contemporary knowledge realm they were right.

But when unpredictable advances predictably continue to happen, even the more
dim ones should realise that the current knowledge is not a good metric; it's
like trying to predict a book from an unborn writer.

It took Germans 20 years to find out that allies were decrypting Enigma
traffic. Why would anyone think that the gap between public and private crypto
expertise is anything less today is beyond me.

So do not easily dismiss possibility that someone may not care about
implementation vulnerabilities at all, as long as cyphertext is available.



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/