Re: Echelon-like resources...
On Fri, 11 Oct 2002, Tyler Durden wrote: And indeed, in a world where most messages are fairly weakly encrypted, bursts of strongly-encrypted messages will stand out all the more and possibly flag the need for other methods of investigation. Doesn't figure: while it's easy to screen for high information entropy (archives have a signature), telling weak encryption from strong is nontrivial, unless it's conveniently labeled, and you're limiting the attack to a tiny fraction of the entire traffic, not realtime. And of course you can package 'strong' encryption into a 'weak' encryption envelope, so you will only know that 'strong' encryption has been used after you've broken the 'weak' envelope.
Re: Echelon-like resources...
And of course you can package 'strong' encryption into a 'weak' encryption envelope, so you will only know that 'strong' encryption has been used after you've broken the 'weak' envelope. Oh yeah. Interesting. Of course, this would be done only if the sender knew or supected how mass-scanning might be done. And so the existence of another level of heavier encryption (see next paragraph) might be a tip off that this is not simply a financial transaction. But, it occurs to me that in some cases what might be done to determine the presence of hard encryption is for hardward to attempt to decrypt it for a certain fixed time, and if there's no success with X minutes/hours/milliseconds or whatever, then one assigns a certain probability that said message has been encrypted using something stronger than the International version of Bogus Notes (for instance). But of course, I'm willing to concede that at his point I'm talking completely out of my arse. (That will change when I get time to do some real homework in this area, however.) From: Eugen Leitl [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Echelon-like resources... Date: Sun, 13 Oct 2002 13:32:45 +0200 (CEST) On Fri, 11 Oct 2002, Tyler Durden wrote: And indeed, in a world where most messages are fairly weakly encrypted, bursts of strongly-encrypted messages will stand out all the more and possibly flag the need for other methods of investigation. Doesn't figure: while it's easy to screen for high information entropy (archives have a signature), telling weak encryption from strong is nontrivial, unless it's conveniently labeled, and you're limiting the attack to a tiny fraction of the entire traffic, not realtime. And of course you can package 'strong' encryption into a 'weak' encryption envelope, so you will only know that 'strong' encryption has been used after you've broken the 'weak' envelope. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Re: Echelon-like resources...
On Sun, 13 Oct 2002, Tyler Durden wrote: And of course you can package 'strong' encryption into a 'weak' encryption envelope, so you will only know that 'strong' encryption has been used after you've broken the 'weak' envelope. Oh yeah. Interesting. Of course, this would be done only if the sender knew or supected how mass-scanning might be done. And so the existence of another Come on, do the math. There's a lot of traffic travelling all over the world right now. The volume still grows, albeit not at the projected hyperexponential rate. Assuming you don't tap decentrally (because that amount of hardware is a bit hard to hide, and thus hampered by such silly things like warrants (even rubberstamped), and feds installing boxes in ISPs racks and issuing gagging orders to abovementioned), you use the fact that the network topology is mostly a tree (so make it a mesh, then), and tap high speed lines (fiber). While I assume that there you can screen and filter if it's cleartext with lots of dedicated hardware, you're absolutely screwed if it's even 'weak' encryption. At these data rates you'll have trouble even computing the entropy of the data stream as it streams through your FIFO. Storing all of it is impractical, so you have to restrict yourself to extremely targeted (by source/origin, or the tag, assuming there is one). level of heavier encryption (see next paragraph) might be a tip off that this is not simply a financial transaction. 1) while I haven't done the numbers I would say there's maybe 10-20% of all traffic that is 'weak' encryption vs. 90-80% 'strong' encryption. Even if it's as bad as 50%/50% it is still completely irrelevant. 2) to tell whether there's something inside you have to break it. That's why I consistenly say 'weak' instead of weak. But, it occurs to me that in some cases what might be done to determine the presence of hard encryption is for hardward to attempt to decrypt it for a certain fixed time, and if there's no success with X minutes/hours/milliseconds or whatever, then one assigns a certain Or days, months, years, centuries, or whatever. On several megabucks worth of hardware. probability that said message has been encrypted using something stronger than the International version of Bogus Notes (for instance). But of course, Why should we concern ourselves with users of broken crypto? It's their problem, not ours. Since they're but a fraction, the use of strong crypto all by itself (assuming, you can tell, which is a high threhold) is not incriminating. I'm willing to concede that at his point I'm talking completely out of my arse. (That will change when I get time to do some real homework in this area, however.)
Re: Echelon-like resources...
packaging strong crypto inside weak crypto At 01:06 PM 10/13/2002 -0400, Tyler Durden wrote: Oh yeah. Interesting. Of course, this would be done only. if the sender knew or supected how mass-scanning might be done. And so the existence of another level of heavier encryption ... might be a tip off that this is not simply a financial transaction. Back when the Feds were trying to tell us that we should be patriotic loyal Americans and use weak crypto because it helps in the fight against Communism and other spies, they were making it clear that they *wanted* mass-scanning, and were busy lobbying Congress to give them money for it and also trying to get laws forcing phone companies to make things easy for them to do much higher volumes of scanning than the relatively limited amount they do now. Also, financial transactions are the ones that most need strong crypto, and have been most successful in getting permission to use it, because everybody understands that bank robbery is Bad, and credit card theft is Bad, and if banks and internet credit card transactions were forced to use weak crypto, Bad Guys could afford to build cracker machines on spec and pay for them with what they steal. This was especially the case after the EFF's DES cracker demonstrated that $250,000 was enough for a couple-day crack. But the Feds have been letting banks use DES for decades, and triple-DES for a while, and Netscape's inclusion of SSL in their browser was really the beginning of the end for the crypto bans, and a brave move on their part, especially since the difference between 40-bit and 128-bit RC4 is just how many of the bits you use in the key setup. (You may not remember, but there was a program from fortify.net that fixed 40-bit implementations of Netscape, and there was even a one-liner Javascript signature-line program that let you set Netscape to use 128 bits...
Re: Echelon-like resources...
At 10:52 AM -0700 on 10/13/02, Bill Stewart wrote: (You may not remember, but there was a program from fortify.net that fixed 40-bit implementations of Netscape, and there was even a one-liner Javascript signature-line program that let you set Netscape to use 128 bits... Not to mention the plaintext settings imbedded in the Netscape *executable*. ...it took you long enough, said a Netscape cypherpunk at the time of its discovery... Cheers, RAH Who saw them making the t-shirts, with pasted text from the file itself at FC97, complete with cypherpunks policy on it... -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Echelon-like resources...
On Fri, Oct 11, 2002 at 10:29:53AM -0400, Tyler Durden wrote: Harmon Seaver wrote... Why the hell would anyone use lotus notes encryption for anything whatsoever? Lotus Notes or whatever, of course. The point here is that larger Or whatever? What makes you think that anyone can crack any of the strong encryption? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses. --- Major General Smedley Butler, 1933 Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce everybody else on the planet: nonviolently, if possible, and violently, if necessary. But the purpose of US foreign policy of domination is not just to make the rest of the world jump through hoops; the purpose is to faciliate our exploitation of resources. - Ramsey Clark, former US Attorney General
Re: Echelon-like resources...
Harmon Seaver wrote... Why the hell would anyone use lotus notes encryption for anything whatsoever? Lotus Notes or whatever, of course. The point here is that larger organizations with decryption capabilities probably do not think on the message-by-message level very often, just like credit card companies and insurance agencies deal with their customers in statistical buckets. It's also conceivable that a large variety of individuals, of varying levels of sophistication and education, catch wind of information the government may be interested in. Some of them may not feel or know that their message is of enough importance to go outside ofLotus Notes or whatever if they have it. On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote: OK, let's assume for the same of argument that it takes about 1 minute for Echelon/NSA-like resources to break a weakly encypted lotus notes message. And then let's assume that there's a whole LOT of these machines sitting somewhere. And as the grumpy Tim May has suggested, perhaps only a small fraction of encrypted messages are (or can be) sent for decryption. Then the expenditure of such resources is going to be a big statistical optimization problem, akin to that faced in the credit card industry (eg, in approving or declining a POS transaction). The gub'mint or whatever doing such monitoring will therefore probably look for certain signs that will kick off decryption. For instance, the sporadic use of cryptography in cetain demogrpahic areas might cause a % of those to be sent over for routine check, particularly if there is no encryption used by that populace, and then all of a sudden there are bursts. Also, changing the strength of encryption might be a kickoff, but again I reveal I am a newbie with this question: Is it possible to determine (at least approximately) the strength of encryption of an intercepted message? Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly from weak to strong encryption in his messaging, that would kick off a flag somewhere sending that message for cracking. So if a bin Laden were smart, he should routinely use encryption for all of his messages, even the most trivial, because the change in pattern would be a tipoff to send his encrypted messages for hacking. And the there are probably less obvious, large-scale statistical patterns indicating something's up, and causing a % of such messages to be hacked and then sent for routine check for key words. From: Adam Back [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:41:21 +0100 Sounds about right. 64 bit crypto in the strong version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages. The NSA's backdoor public key is at the URL below. http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html (The public key had an Organization name of MiniTruth, and a Common Name of Big Brother -- both Orwell 1984 references, presumably by a lotus programmer). Adam On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote: I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being legal for export.) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100 On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus
Re: Echelon-like...
Trei, Peter [EMAIL PROTECTED] wrote: It was Sweden. They didn't really have an excuse - over a year earlier, Lotus announced their International version with details of the Work Factor Reduction Field at the RSA Conference. I immediately invented the term 'espionage enabled' to describe this feature, a term which has entered the crypto lexicon. Indeed so, yes - If my memory isn't failing me though, their excuse was that the lotus salesdroid they had awarded the contract to hadn't disclosed it to them in his bid and in fact, the original tender had specified *secure* encryption, not *secure, except for the american spy industry*. I don't know enough sweedish to even attempt a google on it though :)
RE: Echelon-like...
David Howe[SMTP:[EMAIL PROTECTED]] I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI work reduction factor key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even strong lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips. It was Sweden. They didn't really have an excuse - over a year earlier, Lotus announced their International version with details of the Work Factor Reduction Field at the RSA Conference. I immediately invented the term 'espionage enabled' to describe this feature, a term which has entered the crypto lexicon. Peter Trei
Re: Echelon-like...
So as a follow on question...what kind of hardware does it take to break the weak and strong versions of Bogus Notes? Is it possible that NSA or Echelon have the ability to decode a large number of such messages? And if the amount of hardware needed to break the strong version is significantly greater than that required to break the weak version, then the government's attempts to restrict any proliferation or use of the stronger version could make sense, from their standpoint. But as was said before, this may have been discussed here previously. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:01:12 +0100 I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI work reduction factor key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even strong lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Re: Echelon-like resources...
Or whatever? What makes you think that anyone can crack any of the strong encryption? I don't think they can. But your point seems to miss my own point. There will certainly be a certain number of uncrackable mesages out there (as a trained physicist I am fairly certain that even military quantum computing efforts are nowhere near theability to crack strongly encrypted messages). But there will also be a large number of less-strongly and even weakly encrypted messages being sent out there. Various agencies with large amounts of hardware will be looking at this as a statisitcal/logistic issue...I strongly doubt they only attempt cracking on a message-by-message basis. And indeed, in a world where most messages are fairly weakly encrypted, bursts of strongly-encrypted messages will stand out all the more and possibly flag the need for other methods of investigation. Which returns to my original point: the easy availability of strong crypto products does not mean it is unprofitable for an agency to continue to push populations towards lighter forms of encryption. From: Harmon Seaver [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Echelon-like resources... Date: Fri, 11 Oct 2002 09:39:01 -0500 On Fri, Oct 11, 2002 at 10:29:53AM -0400, Tyler Durden wrote: Harmon Seaver wrote... Why the hell would anyone use lotus notes encryption for anything whatsoever? Lotus Notes or whatever, of course. The point here is that larger Or whatever? What makes you think that anyone can crack any of the strong encryption? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses. --- Major General Smedley Butler, 1933 Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce everybody else on the planet: nonviolently, if possible, and violently, if necessary. But the purpose of US foreign policy of domination is not just to make the rest of the world jump through hoops; the purpose is to faciliate our exploitation of resources. - Ramsey Clark, former US Attorney General _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Re: Echelon-like...
Sounds about right. 64 bit crypto in the strong version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages. The NSA's backdoor public key is at the URL below. http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html (The public key had an Organization name of MiniTruth, and a Common Name of Big Brother -- both Orwell 1984 references, presumably by a lotus programmer). Adam On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote: I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being legal for export.) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100 On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
Re: Echelon-like resources...
Why the hell would anyone use lotus notes encryption for anything whatsoever? On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote: OK, let's assume for the same of argument that it takes about 1 minute for Echelon/NSA-like resources to break a weakly encypted lotus notes message. And then let's assume that there's a whole LOT of these machines sitting somewhere. And as the grumpy Tim May has suggested, perhaps only a small fraction of encrypted messages are (or can be) sent for decryption. Then the expenditure of such resources is going to be a big statistical optimization problem, akin to that faced in the credit card industry (eg, in approving or declining a POS transaction). The gub'mint or whatever doing such monitoring will therefore probably look for certain signs that will kick off decryption. For instance, the sporadic use of cryptography in cetain demogrpahic areas might cause a % of those to be sent over for routine check, particularly if there is no encryption used by that populace, and then all of a sudden there are bursts. Also, changing the strength of encryption might be a kickoff, but again I reveal I am a newbie with this question: Is it possible to determine (at least approximately) the strength of encryption of an intercepted message? Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly from weak to strong encryption in his messaging, that would kick off a flag somewhere sending that message for cracking. So if a bin Laden were smart, he should routinely use encryption for all of his messages, even the most trivial, because the change in pattern would be a tipoff to send his encrypted messages for hacking. And the there are probably less obvious, large-scale statistical patterns indicating something's up, and causing a % of such messages to be hacked and then sent for routine check for key words. From: Adam Back [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:41:21 +0100 Sounds about right. 64 bit crypto in the strong version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages. The NSA's backdoor public key is at the URL below. http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html (The public key had an Organization name of MiniTruth, and a Common Name of Big Brother -- both Orwell 1984 references, presumably by a lotus programmer). Adam On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote: I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being legal for export.) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100 On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- Harmon Seaver CyberShamanix http://www.cybershamanix.com War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses. --- Major General Smedley Butler, 1933 Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce
Re: Echelon-like resources...
OK, let's assume for the same of argument that it takes about 1 minute for Echelon/NSA-like resources to break a weakly encypted lotus notes message. And then let's assume that there's a whole LOT of these machines sitting somewhere. And as the grumpy Tim May has suggested, perhaps only a small fraction of encrypted messages are (or can be) sent for decryption. Then the expenditure of such resources is going to be a big statistical optimization problem, akin to that faced in the credit card industry (eg, in approving or declining a POS transaction). The gub'mint or whatever doing such monitoring will therefore probably look for certain signs that will kick off decryption. For instance, the sporadic use of cryptography in cetain demogrpahic areas might cause a % of those to be sent over for routine check, particularly if there is no encryption used by that populace, and then all of a sudden there are bursts. Also, changing the strength of encryption might be a kickoff, but again I reveal I am a newbie with this question: Is it possible to determine (at least approximately) the strength of encryption of an intercepted message? Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly from weak to strong encryption in his messaging, that would kick off a flag somewhere sending that message for cracking. So if a bin Laden were smart, he should routinely use encryption for all of his messages, even the most trivial, because the change in pattern would be a tipoff to send his encrypted messages for hacking. And the there are probably less obvious, large-scale statistical patterns indicating something's up, and causing a % of such messages to be hacked and then sent for routine check for key words. From: Adam Back [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:41:21 +0100 Sounds about right. 64 bit crypto in the strong version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages. The NSA's backdoor public key is at the URL below. http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html (The public key had an Organization name of MiniTruth, and a Common Name of Big Brother -- both Orwell 1984 references, presumably by a lotus programmer). Adam On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote: I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being legal for export.) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100 On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Re: Echelon-like resources...
At 10:54 AM 10/11/2002 -0400, Tyler Durden wrote: Which returns to my original point: the easy availability of strong crypto products does not mean it is unprofitable for an agency to continue to push populations towards lighter forms of encryption. Assuming that the agency's goal is to maximize surveillance returns and that they're unconcerned with security generally, yes, you're right. So? -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961
Re: Echelon-like...
I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI work reduction factor key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even strong lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips.
Re: Echelon-like...
B --Kaos-Keraunos-Kybernetos--- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ --*--:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net On 10 Oct 2002, anonimo arancio wrote: This relates to an issue I've wanted to discuss with Cypherpunks for several years. Over the years, I've seen several commentators (including Timothy May) appear suprised when discussing the US's encryption export policies. The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)hey! We never thought of that
Re: Echelon-like...
I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being legal for export.) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop. From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100 On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Re: Echelon-like...
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
Re: Echelon-like...
On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote: [..] But I am wondering if Cypherpunks have mentioned the 'obvious'. The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers. Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them. Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to outspend the problem. This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain interesting information. Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)hey! We never thought of that B and C, extensively. The US Government has pretty much given up on restricting crypto exports. There is just enough of a vestigial restriction there to maintain the illusion that the government has a right to control crypto exports. If there was anything more, it would be challenged in court and most likely get thrown out. The government backed off on previous challenges (Bernstein, Zimmerman) to avoid that. Eric
Re: Echelon-like...
Not only is EM correct, but: * many attacks are possible without worrying about keylength. Got Scarfo? * NIST/NSA picked the lamest AES. If I told you what lame meant, I'd have to kill you. * (Lack of) User motivation (related to man-machine issues) is still the spooks' best friend. As well as legacy systems, and inadequately designed total systems. Got Redmond? However, stego and decent opsec and cash and leo buffoonery still let you coordinate the occasional urban skyline reconstruction, poking holes in boats, etc. Got Dead Drops? Mr. Hanssen? Mr Ames? At 08:09 AM 10/10/02 -0700, Eric Murray wrote: On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote: The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers. Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them. Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to outspend the problem. This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain interesting information. Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)hey! We never thought of that B and C, extensively. The US Government has pretty much given up on restricting crypto exports. There is just enough of a vestigial restriction there to maintain the illusion that the government has a right to control crypto exports. If there was anything more, it would be challenged in court and most likely get thrown out. The government backed off on previous challenges (Bernstein, Zimmerman) to avoid that. Eric
Re: Echelon-like...
hi, The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers. Does n't govt intervension always increase the numbers? Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them. Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to outspend the problem. Why don't we have encrypted spams over the internet rather than plain text spam ?Thats one way we can all benefit frm spam. The US Government has pretty much given up on restricting crypto exports. Why did that happen? Regards Sarath. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com