Short of destroying all material, world wide that details the underlying mathematical concepts of cryptography and cryptanalysis or its implementation (books, whitepapers, source code, application binaries or hardware devices that implement 'strong' crypto) and implementing educational restrictions prohibiting the teaching of mathematics, language or any form of 'abstract thought' beyond the tenth grade as well as locking up or otherwise 'eliminating' from the civillian population, those that possess such knowledge (all university professors) no government on this planet can stop the exchange of information or advancement of cryptography. It's a futile yet extremely cruel cause.
That being said, however, both governments AND civillians do have a need and a right to protect information THEY deem to be private and confidential. Export laws should be limited to only those algorithms that have been designed for the sole purpose of protecting government and military communication. I'm not as adverse to preventing defense contractors from the sale or exchange of information regarding their technology to a civillian population. However, if a civillian independantly discovers the underlying concepts that a restricted algorithm uses, and develops a custom implementation, they should be allowed to do so. Personally, I don't see how designing a new, untested algorithm would be a more secure alternative to implementing one that has undergone several years of peer review. Afterall, the security of obscurity is merely a factor of time. Unless of course a government can pump out new, moderately secure (whatever that measure might be) algorithm designs on an ongoing basis, estimate the capability of any given foreign government to complete an analysis of the algorithm and based upon this estimation, set stringent time of use restrictions and prohibit recycling, obscurity is not of much practical value or use. Imagine the strengh of a government that spent more time improving their own capability than attempting to limit that of others. _________________________________________ John Daniele Technical Security & Intelligence Toronto, ON Voice: (416) 605-2041 E-mail: [EMAIL PROTECTED] Web: http://www.tsintel.com On Wed, 1 May 2002, Williams, Larry wrote: > -----Original Message----- > From: ken > >+++ Davis, Don (CPOCEUR) [29/04/02 08:22 +0200]: > >> If not having 1024-bit encryption available to send my private information > >> over the web is the part of the cost, I can live with that. > >Can you live without the locks on your house / car / safe? > > I doubt it, but you missed the point. He's not talking about removing the locks >altogether but that he can live without a cipher lock. Certainly we all want to protect our personal information as much as our personal property. And because there are bad guys out there who will use whatever tools are at their disposal to obtain anything of value from us, a certain degree of protection is needed both in the physical and online worlds. If government says I can have 256-bit or 512-bit crypto technology, but I can't have the latest 1024-bit blowhard crypto, maybe it's because they use that to ensure national security or protect military secrets. Is it wise that everyone know how to decipher a secure military communication? I wouldn't think so, and to protect that code, they must prevent everyone from having it until they find something better. > >
