Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

News.com: Crypto Doesn't Kill - People Do

timothy posted about 13 years ago | from the aa*jTYnd8-H//Im dept.

Encryption 259

McSpew writes: "Bravo to News.com for telling the truth about cryptography. They even cited /.'s coverage of Phil Zimmerman's real views on PGP and its possible role in any terrorist acts." On a per-word basis, this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security.

cancel ×

259 comments

Sorry! There are no comments related to the filter you selected.

crypto fp (-1, Troll)

Anonymous Coward | about 13 years ago | (#2367578)

beginpgp slfjs fsajfsafsajflksfjlsf

uhhhhh (-1, Troll)

timmah (447753) | about 13 years ago | (#2367581)

Ribblah ribblah ribblah timmah!

FUCK PUCK! (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2367616)

Introducing the FUCK PUCK!

Fuck puck is that cinema device where the bad guy gets a hockey puck in the groin. He's fucked by the puck -- and the puck is the Fuck Puck!

...........__----=====----__
..-.-.-.-.|..----_____---...|
....---.-.|F.u.........c.k!.|
-..-.--...|__..c.k..P.u...__|
.............----_____----


CRYPTO IS GOOD FUCK PUCK!

I like goats! (-1, Troll)

Anonymous Coward | about 13 years ago | (#2367586)

I am lamer than you all!

preaching to the choir (-1, Flamebait)

Anonymous Coward | about 13 years ago | (#2367590)

from the no-shit-dept

everybody here know crypto isn't the culprit. so please stop all the bellyaching and whining about it please. go find another issue to harp on ad nauseum.

Its too easy to circumvent restrictions (3, Insightful)

91degrees (207121) | about 13 years ago | (#2367591)

It's quite a valid observation that terorists can write their own software. I managed to write an implementation of RSA in about a day from descriptions only, and that included writing my own big integers library.

Re:Its too easy to circumvent restrictions (2)

WolfWithoutAClause (162946) | about 13 years ago | (#2367631)

Me too. Based only on a short newspaper article I read in the 'The Daily Telegraph' when I was 16 and implemented it in a week in assembly. And now there are detailed papers available on how to do it on the internet.

I don't see the point at all. Terrorists won't use the escrowed codes; and there are probably plenty of ways to hide messages where the law enforcement agencies won't notice them.

Re:Its too easy to circumvent restrictions (-1, Redundant)

Anonymous Coward | about 13 years ago | (#2367709)

Me too. Based only on hearsay I gatehred when I was 8 and implemented it in an hour in machine code.

Re:Its too easy to circumvent restrictions (0)

Anonymous Coward | about 13 years ago | (#2367900)

God, you think your pretty big eh? I was 5 and from only a simple idea of what 'crypto' was, I implemented the entire system, according to FIPS in 24 minutes (in pure binary).

Re:Its too easy to circumvent restrictions (1)

xmedar (55856) | about 13 years ago | (#2367980)

Well I did the same thing, in 8008 assembly while I was still in the womb in about 1.3ns from the sounds I heard my father uttering under his breath, unfortunately my only means of communication was via baby kick morse code, by the time they had decoded my work and burnt it on a ROM I was just coming out of the birth canal. Unfortunately life has been down hill ever since, maybe I peaked too early..

Re:Its too easy to circumvent restrictions (0)

Anonymous Coward | about 13 years ago | (#2367988)

Whippersnappers! I invented the alphabet when I was 2 hours old.
God, I feel old.

Re:Its too easy to circumvent restrictions (0)

Anonymous Coward | about 13 years ago | (#2367992)

oh yeah? well i did it in 15 minutes using binary after independantly inventing it myself.

Re:Its too easy to circumvent restrictions (4, Informative)

Pseudonym (62607) | about 13 years ago | (#2367656)

Well, RSA isn't exactly a full cryptosystem by itself, but this does show how easy it is.

To review the OpenPGP RFC prior to publication, I re-implemented PGP's decryption and signature checking operations working just from the spec. Admittedly I didn't write my own big integer library, but I did implement 3DES and SHA-1 myself.

It took a week.

And remember, most of that was getting the details of the protocol correct. (I spent a day just getting PKCS encoding right, for example. That's unfortunately not in the OpenPGP spec.) A terrorist who was not trying for inter-operability with PGP probably need not bother with that.


Re:Its too easy to circumvent restrictions (0)

Anonymous Coward | about 13 years ago | (#2367664)

Even in a free cryptosystem, one can change little values in the source, and have a specialized algorithm.
Check out for a symmetric cryptosystem [upatras.gr] which is the hard thing.

Are you a troll? (2)

mangu (126918) | about 13 years ago | (#2367836)

Perhaps you are trying to get some karma as "funny", but I once actually did something like that, after reading a couple of Byte magazine articles, specifically, in the March and April 1979 issues.


It would be more sensible to assume most terrorists aren't so sophisticated. But, in that case, they wouldn't depend on computers for encryption. They would use code phrases, one-way pads, and many other methods that do not depend on computers.


In the end, the people most affected by encryption limiting laws would be common middle-class citizens in the developed nations, people who do on-line shopping and banking, or who use credit cards for any purchases. Remember, you don't need to do any on-line shopping to be vulnerable if your local shopkeepers keep your credit card numbers in vulnerable computers.

Re:Are you a troll? (1, Insightful)

Anonymous Coward | about 13 years ago | (#2367902)

Considering Usama can get trained pilots to kill themselves willingly on planes, you have to assume he can recruit someone over there with good programming knowledge.

Nuclear warheads don't kill - people do. (0)

Anonymous Coward | about 13 years ago | (#2367596)

Nuff said.

Re:Nuclear warheads don't kill - people do. (0)

Anonymous Coward | about 13 years ago | (#2367741)

It's quite legal to build an atomic warhead [fas.org] if you just can obtain all the components legally.

Re:Nuclear warheads don't kill - people do. (0)

Anonymous Coward | about 13 years ago | (#2367878)

So just how do you get weapons-grade fissionable material legally?

Imminent crackdown (2, Funny)

Anonymous Coward | about 13 years ago | (#2367599)

Watch the administration crack down on these seditious websites soon.

All for improving the homeland security, of course.

They should (-1)

okmar (266773) | about 13 years ago | (#2367601)

re-aim thier directive at the kind folks who write Virii.

Islam Kills People. Islam is a swine religion. (-1, Flamebait)

Anonymous Coward | about 13 years ago | (#2367604)

Our beloved dead cry out for justice:
  1. Kill all Muslims.
  2. Kill all Mohammedans.
  3. Kill all Arabs.
  4. Kill all Towel Heads.
  5. Kill all Camel Jockeys.
  6. Kill all Sand Niggers.
  7. Kill all Dune Coons.
  8. Kill all Islam.
  9. Nuke their countries to hell.
  10. Nuke them again.
  11. Death to Islam.

I piss on Mecca. I menstruate on the Koran. I shit on Mohammed.

Tangables (2)

satanami69 (209636) | about 13 years ago | (#2367607)

The problem I see, is that most people view somethings that's encrypted as something more tangable. They want to be able to get their hands on it. They assume simply because people want to hide what a message says, it must be bad/evil. I'd like to be able to keep all my info private.

CIA officials just need to find better ways of snooping on people.

one-time pads (5, Insightful)

corebreech (469871) | about 13 years ago | (#2367610)

A good article that could be made better by emphasizing the one-time pad cipher.

The one-time pad is a very easy cipher to explain to lay people. They need no understanding of math, not even arithmetic.

Anybody, anywhere can create a one-time pad by simply flipping a coin or rolling the dice, and use the resulting information to encrypt a message that is impervious to all manners of cryptoanalysis, even techniques made possible by the much-feared though yet-to-be-stocked quantum computer.

In other words, you can create a encrypted message without encryption software or even a computer, and yet be assured that the message is unreadable by any computer devisable today or anytime in the future.

There should be no debate here. Military-grade cryptography is available to anyone with a penny in their pocket and a sheet of paper and pencil.

We need to stop wasting time talking about this.

Re:one-time pads (2, Insightful)

Bostik (92589) | about 13 years ago | (#2367645)

Yes, and then you'd need to securely transmit that one-time pad to the person receiving your message. You still haven't solved the Catch 22 here.

Albeit, quantum crypto can solve this. Despite the fancy name, it's nothing more than a secure way to transmit regular encryption keys. It's just not practical at the moment. And large messages with one-time pads? The key would be as big as the original message. Thank you, but for regular use I'd choose good block ciphers any day.

Re:one-time pads (1)

corebreech (469871) | about 13 years ago | (#2367669)

What's wrong with exchanging the pad face-to-face? Sitting on some mountain somewhere two terrorists decide they're going to strike America, and before setting out to do that, they create a one-time pad and each keep a copy.

They use it for small messages, e.g., locations, times, accomplices, etc. I doubt terrorists would require anything larger than a 4K pad for most operations.

Re:one-time pads (1)

olla podriga (523728) | about 13 years ago | (#2367760)

In this case they would surely be better of with simple code phrases over the phone. No need for encryption then.

Re:one-time pads (1)

corebreech (469871) | about 13 years ago | (#2367782)

Aren't code phrases good at multiple-choice kinds of communications, but not so good for anything involving proper names, like locations or accomplices?

Re:one-time pads (1)

Lumpy (12016) | about 13 years ago | (#2367825)

Ok simple: Seceret spy 1 and 2 want to communicate.

they hand each other at a time they actually meet the one time pad.

email messages (or any way you want to communicate) and each message contains in it the one time pad for the next message.

Cince the messages are un-breakable this is a very safe way to communicate this.

you can make a simple XOR encryption that works great this way.

Passphrase is "my left shoe" and "your face hurts"
xor the message with the first and then after that finishes with the second. to decrypt reverse the process. Now the fun part, scared if your data is too easily revealed? pad the message with jibberish before encryption at beginning and end, and then after encryption pad the encryption with jibberish (let's say # of characters in first passphrase X the second or a known number)

It's a non NSA encryption method, easily understood by children, and un-crackable as it is never the same twice.

Re:one-time pads (0)

Anonymous Coward | about 13 years ago | (#2367910)

Of course in the long run you'd get screwed because you'd run out of space for pad or message.

Remember, the length of new one pad is the length of old minus the message (you can't repeat it more times, because you'd effectively create only a key that long).

The way you'd actually use it to have the whole CD burned with the pad and would just continue from where you left the previous time.

Re:one-time pads (5, Insightful)

AndrewHowe (60826) | about 13 years ago | (#2367937)

"each message contains in it the one time pad for the next message"
This is not such a good idea. A one time pad is to be used once, and that means you certainly can't repeat it within a single message. Therefore, each message would have to contain a one time pad that was large enough to encrypt the whole of the next message, including the one time pad in that, and so on. Obviously this means your messages will get shorter and shorter!

Re:one-time pads (2, Informative)

nyjx (523123) | about 13 years ago | (#2367649)

Er, this totally ignores the massive problem with one time pads which is distribution. One time pads are uncrackable (unless you keep reusing them) but:
  1. You have to get a copy to the person you're communicating with.
  2. If your pad becomes compromised - somebody else gets a copy all your messages are compromised and it's much easier to size a book of codes than a private key.
Add to that lack of non-repudiation and the like and its not so hot for everyday use...

Re:one-time pads (0)

Anonymous Coward | about 13 years ago | (#2367671)

this totally ignores the massive problem with one time pads which is distribution.

What massive problem?

Stuff the keys in the camel's ass and take them in and out of Afghanistan at your will.

Re:one-time pads (2, Insightful)

corebreech (469871) | about 13 years ago | (#2367675)

Yes but I think you're missing the point.

It may not be an ideal manner of encrypting your data, but it is one that will always be with us, regardless of what we do.

The point is to find a way of explaining to lay people that any controls they want to place on cryptography are pointless.

For terrorists, the one-time pad is more than suitable.

Re:one-time pads (2, Interesting)

nyjx (523123) | about 13 years ago | (#2367716)

I don't agree. I think lay people understand that there will always be ways to encrypt things which cannot be broken. The fundamental question is why are the technologies which make this as easy as sending an email?

I don't agree that one-time pads are sustainable for terrorists. Getting the same valid code book to a number of members in several countries? many of who might not know or trust each other?, regularly changing the code? using it for every messages.

At best u'd prob use one time pads to encode your daily keys for some other (faster and automatic) encryption mechanism.

Besides ,in the end you will still be sending a message which makes no sense of any kind (the encrypted string). The FBI will come kocking on your door and say (prob not very politely) that they want the key. This is exactly the same result you would get if you used PGP and hadn't surrendered the key.

This is why stenography is so hot - you encode stuff in traffic which looks "innocent" so no one even knows you are sending an encrypted message.

Re:one-time pads (1)

corebreech (469871) | about 13 years ago | (#2367752)

Clearly, lay people do not understand this, otherwise it wouldn't be such an issue.

If a terrorist is willing to sacrifice his life then I think he'd be willing to put up with some inconvenience in sending/receiving encrypted messages.

The kinds of messages terrorists are likely to exchange will be very short, and as such will be possible to exchange through unusual channels like irc, muds, newsgroup messages, etc., that will not afford the FBI any physical address.

However I agree that stenography has most if not all of the same properties that one-time pads do, at least with respect to my original point that it is easy to understand and impossible to control.

Next time I call the thread "one-time pads and stenography."

Not Stenography (2)

AndrewHowe (60826) | about 13 years ago | (#2367947)

Steganography.
Steganography.
Steganography.
Fire anti-lameness filter torpedoes...

Re:one-time pads (1)

Kaa42 (137049) | about 13 years ago | (#2367655)

I realise you might be a troll, but incase that is not so:

A one-time pad is only applicable in an extremely narrow range of situations. If you have a secure channel to transfer the one-time pad why bother with encryption in the first place? If you transfer the the pad in advance, before you need to send a message, you practically end up with a codebook situation. That pad must to somehow be secured like a codebook or it is useless.

One-time pads is a wonderful theoretical idea but one that is useless in most real world applications.

Re:one-time pads (0)

Anonymous Coward | about 13 years ago | (#2367744)

If the terrorists had a lot of their meetings in person, that would be an ideal time to exchange one time pad information.

From that point on, the terrorists could communicate using the one time pads.

Yes, there is and always will be a codebook issue. But, don't forget there's the same problem with generating keys for encryption. You need to protect your private key just like you would need to protect the codebook.

Re:one-time pads (5, Insightful)

Sly Mongoose (15286) | about 13 years ago | (#2367961)

If you have a secure channel to transfer the one-time pad why bother with encryption in the first place?
Because you can exchange fat one-time pads when all the conspirators are crouched around a camel-dung fire one night. Then use the pad for secure communications over the weeks and months that follow.
That pad must to somehow be secured like a codebook or it is useless.
It is much more difficult to frisk every person on the street looking for a one-time pad than it is to CARNIVORE every e-mail on the backbone and peek through the backdoor.
One-time pads is a wonderful theoretical idea but one that is useless in most real world applications.
If secure communications are required and backdoors are a threat, the inconvenience will have to be tolerated.

Re:one-time pads (0)

Anonymous Coward | about 13 years ago | (#2367692)

Horseracing. Sport betting. Lotteries. You have an endless stream of numbers being generated by the gaming industry. Instead of having a physical pad, buy a newspaper, or look up the results for a particular race in a particular country on a particular day. Of course, your recipient must know which race or series of numbers to look for ... but how many people send betting information unencoded over the telephone each day? Practically untraceable. Maybe just tell your partner to use the figures from the race before or after the one you mention on the phone. Ahh, espionage ... what fun. At least chasing one-time pads and staking out race meets would get the intelligence community off their carnivorous, echolonic, wiretap-dependent backsides.

Central Asia tech support (5, Funny)

4thAce (456825) | about 13 years ago | (#2367614)

No doubt there are any number of capable computer scientists in the Middle East and Central Asia whom these groups can turn to in a pinch for technical assistance.

They could post their encryption concerns to a site http://slashdot.af/index.pl?section=askslashdot for instance. But I don't think the Taliban would let them call the intellectual currency "karma."

Crypto Kills (5, Insightful)

Anonymous Coward | about 13 years ago | (#2367617)

Re read that article, but swap every occurrence of "crypto" with "guns".

Now you know what all the gun nuts were talking about.

It's already been done wth handguns - I figured all guns were next, but looks like crypto is next.

Re:Crypto Kills (1)

mikael_j (106439) | about 13 years ago | (#2367638)

The main purpose of crypto is not to directly inflict harm upon another human being.
The main purpose of a gun is to inflict harm upon another human being.
'nuf said.

/Mikael Jacobson

Re:Crypto Kills (2, Insightful)

fredbsd (311595) | about 13 years ago | (#2367677)

Ahh...wrong again.

Guns are used in a variety of SPORTS (target shooting being a classic example). The purpose of a gun is determined by the shooter. Just like the purpose of crypto.

Before people start whining about their rights and freedom of , they should contimplate what freedom actually means and how it affects everyone. It's pretty amusing to read the posts here on /. People all cry when THEIR interests are threatened, but the same people could care less about freedoms being taken away from other groups. Taxation is a classic example. How many times have you seen /.'ers gripe when someone actually wants to cut spending on the NASA budget? Since when is space exploration a 'right'? If you don't pay your taxes, you go to jail. Not exactly 'freedom' is it?

Guns may be instruments of death to some people, but they are a hobby to others. It depends on the person holding the gun. Crypto should be viewed in the same way.

Re:Crypto Kills (1)

insomaniac (469016) | about 13 years ago | (#2367772)

And that is why you should at least get a sanity check and some training before you should be allowed to have a gun imho.

The problem with guns that when they are freely available that any one can go nuts and go on a shooting spree at a school or what not.

Crypto is a whole different subject, most people don't even know what crypto is. And it's not as easy by far to use as say a gun.

This new law your congress is talking about will only affect your freedom of speech, it might not look like a big sacrifice for security but the impact it will have on security will be next to none and it could be the first step to turning into a police state.

Re:Crypto Kills (0)

Anonymous Coward | about 13 years ago | (#2367858)

> And it's not as easy by far to use as say a gun.

I dunno... I find encrypting a message with GPG far, far, far easier than using a gun - I can't aim, and barely know about things like safeties and such like. I could show a 10-year-old how to use GPG in about 20 minutes - remember, he doesn't need to know how it works, just that it does. On the other hand, to get him to be capable of usefully using a gun, I'd have to spend at least a week with him practising shooting things.

Re:Crypto Kills (1)

fredbsd (311595) | about 13 years ago | (#2367889)

Let's clear the air. I definitely don't want crypto regulated. The purpose of the post is to highlight hypocrisy in viewing 'freedoms'.

The problem is that crypto is freely available than any one can go nuts and plan a shooting spree at a school or what not. Get it?

It's the intent of the user that is the problem, whether its crypto or guns or cars or planes or what not. The fact of the matter is there are sick people on this planet. There always have been and always will be. The problem is there are just more of them now with better, more effective tools in their arsenal.

You think people should have a sanity check to buy a gun (good idea)? Should we then be required to have a license for crypto? Maybe.

Re:Crypto Kills (1)

insomaniac (469016) | about 13 years ago | (#2367962)

Well, being licensed for crypto might be a good idea but it wouldn't really be viable because it is so freely available and it allways has been. On this front it truely is warfare on the technological level because no law can stop this anyway.

Re:Crypto Kills (2, Interesting)

fatpenguin (91224) | about 13 years ago | (#2367790)

Guns are used in a variety of SPORTS (target shooting being a classic example). The purpose of a gun is determined by the shooter. Just like the purpose of crypto.


Yes, but weapons can be used to attack someone. Crypto may only be used in a defensive way. To actually kill someone, people still need a weapon (e.g. a gun, a plane, a car or whatever).


On the other hand, nobody even thinks of restricting the free use of, for example, cars.
That is because people are accustomed to cars, they use them daily and they understand why they are useful. They don't see them as possible deadly weapons but as part of their daily life.


That's why it is essential to propagate encryption as the natural way for everyone to send emails. It would also help to use some less technical word instead of crypto. I would rather refer to it as a kind of "envelope". That's an image that even Joe Average can easily understand.

Re:Crypto Kills (2, Insightful)

fredbsd (311595) | about 13 years ago | (#2367877)

Yes, guns can and are used to attack someone. But crypto can and is used to plan an attack like the one we just witnessed on 11 September. I would say that was not defensive in nature. Mr. bin Laden is KNOWN to use crypto to plan his attacks, making it an offensive weapon in todays information age. Sad, but true.

I don't want crypto banned/regulated. My point was pretty simple: we should be defending all freedoms, not just those that affect our personal interests. The gun issue just highlights the hypocrisy flying around this country.

I am just as paranoid about a police state as the next geek. But I also have the ability to look objectively at any given situation.

Agree guns kill, but here's why Crypto does DOESNT (1)

waytoomuchcoffee (263275) | about 13 years ago | (#2367939)

Crypto is an IDEA. You can ban a real, material item that kills people, you can't ban an IDEA. You may as well ban people's thoughts of killing other people. When you can make a gun out of thin air by sitting in front of a computer coding for a few minutes, then I will agree that you should ban Crypto as well.

Killing things is sometimes a good idea (1)

SecurityGuy (217807) | about 13 years ago | (#2367986)

You write as if a "real, material item that kills people" is necessarily bad. If so, ban cars. Ban alcohol. Especially alcohol since, IMO, it has no redeeming qualities. Crypto and guns are both just tools which can be misused. Naive people who don't want to be shot think giving up guns they don't have will make them safe. Thinking people who don't want to get shot understand that the way to make that not happen is to protect yourself. That false sense of security feels so good people are willing to wrap themselves in it and ignore reality.

Crypto Doesn't Kill - Islamic Muslim Terrorists do (-1, Troll)

Anonymous Coward | about 13 years ago | (#2367620)

Islam is the problem. It is a creed of hate and intollerance. Islam is a religion for swine. Destroy Islam and all Muslims. Wake up; realize this is a cage match. It's us or them; only one comes out alive.

Let's kill suicidal terrorists! (-1, Offtopic)

Nicolas MONNET (4727) | about 13 years ago | (#2367634)

Wait, they do it themselves.

Re:Crypto Doesn't Kill - Islamic Muslim Terrorists (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2367666)

It's YOU and Osama bin Laden who are being intolerant (and you also illiterate) and this is causing wars.

"So, let us not be blind to our differences--but let us also direct attention to our common interests and to the means by which those differences can be resolved. And if we cannot end now our differences, at least we can help make the world safe for diversity. For, in the final analysis, our most basic common link is that we all inhabit this small planet. We all breathe the same air. We all cherish our children's future. And we are all mortal."

Commencement Address at American University, 1963
President John F. Kennedy

Slayer got it right (-1)

Anonymous Coward | about 13 years ago | (#2367698)

GOD HATES US ALL!!!

No matter if he is the god of the Bible, Koran or the non-existent god of an atheist. Nevertheless, he hates us all with the attitude of Cliff Yablonski.

Get some PRIORITIES (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2367625)

The worst terrorist attack in recorded history occurred just over two weeks ago, and you people are discussing this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security? My *god*, people, GET SOME PRIORITIES!!!

what better priorities? (2, Insightful)

Anonymous Coward | about 13 years ago | (#2367643)

AC: The worst terrorist attack in recorded history occurred just over two weeks ago, and you people are discussing this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security? My *god*, people, GET SOME PRIORITIES!!!



What about the priority of preserving through logic and appeals to legitimate and justified self-interest the freedoms terrorists would like to destroy with their intimidation attacks? That one suits me.

Re:what better priorities? (-1, Troll)

Anonymous Coward | about 13 years ago | (#2367668)

You have been trolled.

crypto backdoors (likely) == hurt the us economy (3, Insightful)

pantherace (165052) | about 13 years ago | (#2367628)

The addition of crypto backdoors to the programs will create a security hole, and it would be HUGE. The hole would be there, and a single cracker who figured it out would have a security hole in everything. The fear of that vulnerability, EVEN IF NOT KNOWINGLY EXPLOITED WOULD CAUSE A LOSS IN CONFIDENCE ABOUT COMPUTER SECURITY. The secnarios are endless, from all 'secure' online purchases, security of propriatary code, finacial records, etc. If say amazon, paypal, and ebay got hacked, there would be a major problem in the USA. Especially now with the knee-jerk reactions, people have, and the sudden concerns about 'security'. The thing that kept the US economy up for so long was consumer confidence, and spending, and I believe that this will contribute to an unmeasureable but significant decline in each.

(This coming from a geek trying to put it in a language that many marketers, politicians, economists, etc could understand, who actually dislikes most businesses today.)

Re:crypto backdoors (likely) == hurt the us econom (1)

kimmo (52756) | about 13 years ago | (#2367676)

On the nerdy side of this, how do you implement the key escrow/backdoors onto crypto sw? The above mentioned (I assume) backdoor in government given executables and hidden algorithm (with weaknesses) just wouldn't be possible.

This leaves few chances like weakening strong algorithms by resetting most of the bits in a key or something similar. Is there any other way to achieve a backdoor?

I feel it would be very near (mathematically) impossible to develop an strong algorithm with some serious weakness (the backdoor), which nobody wouldn't find.

Re:crypto backdoors (likely) == hurt the us econom (1)

pantherace (165052) | about 13 years ago | (#2367733)

I basically meant the posibility of 'blessed' binarys and such. (I don't think it will happen, there are just too many people against it, though)

In terms of keys, I believe 512-bit keys are no longer secure, as someone found all the primes needed to break any 512-bit pub/pri RSA key, and several others. I however can't remember the reference, so don't shoot me if I got something wrong.

Re:crypto backdoors (likely) == hurt the us econom (1)

olla podriga (523728) | about 13 years ago | (#2367771)

In the case of PGP you could use an additional public key, wich belongs to the secret police.

Any message thats being encrypted will be encrypted with the recipients AND the escrowed key.

Software that allows Messages to be encrypted with only the recipients key is outlawed then. (and only outlaws have privacy, oh yeah)

kode blew (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2367629)

we'll NEVER try to decipher your secret kodes at ScaredCity(?tm?) [scaredcity.com]

Plus, you could acquire this relevant URL [opensourceworks.com] from us (including a year's free hosting), as a result of your interest in the brave gnu world of open/honest, dependable/secure, communications/commerce, &, your ability to follow simple directions.

don't even try to tell US that you haven't seen these guys [opensourcenews.com] , now featuring pictures of the REAL .commIEs

Who will it hurt? (3, Insightful)

serps (517783) | about 13 years ago | (#2367639)

The simple fact of the matter is that the latest calls for key escrow/backdoors to encryption, just like the ban on exporting 'strong encryption' during the 90's, will in the end only hurt the US.

moaning, wailing and gnashing teeth (1)

motherhead (344331) | about 13 years ago | (#2367647)

Great little piece. The bad news is that most of us all here have already been nodding at this argument furiously for so long, migraines are setting in.. What this needs is to be disseminated amounst the sheeple in the same carcinogenic manor as half assed "Nostradamus Predicted this" emails that have filled my box faster then sircam did.


Crypto Doesn't Kill - People Do


The second amendment of the statue of liberty clearly states: "cool guys shall have the unalienable liberty to wield strong crypto in order to insure against the prospect of a tyrannical state." Or at least I think it does, I am not sure as I have been playing Wolfstenstien for the last six day in a row and can't be bothered to check.

When crypto is outlawed, only outlaws will have crypto. You can have my copy of PGP when you pull if from my cold dead fingers!

PGP Passphrases + RSA in three lines (1)

SomethingOrOther (521702) | about 13 years ago | (#2367847)

"You can have my copy of PGP when you pull if from my cold dead fingers!"

And you can have my PGP passphrase when you pry it from my cold, dead brain.

Don't forget folks, The export-a-crypto-system .sig! (RSA algoritam in 3 lines of perl)

#!/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((. .) *)$/)

For more info, see http://www.cypherspace.org/~adam/rsa/

Stop this mess ! (4, Funny)

pricorde (124290) | about 13 years ago | (#2367662)

The FBI has found hand-written order letters in the baggages of terrorists.
Is this PGP ?
NO !
So why does the crypto=terrorist meme still continues ?
Paradoxically, paper letters are a more secure way to transmit information than the internet...

Re:Stop this mess ! (1)

fredbsd (311595) | about 13 years ago | (#2367697)

These documents were religious instructions for the last days of the bombers life, not the actual logistical plans for the attack.

bin Laden is known for using crypto to circulate logistics. That is what the Feds are targeting.

Just an FYI.

Re:Stop this mess ! (2)

Sly Mongoose (15286) | about 13 years ago | (#2367984)

bin Laden is known for using crypto to circulate logistics. That is what the Feds are targeting.
I've never understood how the FBI plan to persuade bin Laden to use their backdoor-enabled encryption application!

Will the ask him nicely? Or just threaten to arrest him if he doesn't?

Re:Stop this mess ! (1)

newbiescum (190145) | about 13 years ago | (#2367875)

Paradoxically, paper letters are a more secure way to transmit information than the internet...

Huh? How many e-mails have the FBI intercepted or been able to find from the terriorsts? I haven't heard of any yet, encrypted or not. Knowing something is encrypted doesn't mean anything if you aren't able to find the message in the first place. However, like you said, they were able to find paper documents...

Re:Stop this mess ! (5, Informative)

peppy (312411) | about 13 years ago | (#2367934)

It seems the terrorists didn't even bother to encrypt their emails either according to this article [guardian.co.uk] in the UK Guardian newspaper.

"FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack....According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read."

Interesting (2)

smnolde (209197) | about 13 years ago | (#2367667)

Long ago when PGP was first announced I had a key generated. I have long since forgot about using PGP until PZ's /. post.

I have since installed, and configured PGP and GNU/GPG software on my home and work machines and am making active use of signing my documents. Not only that I've helped several others do the same thing.

Also, in my crypto-arsenal is OpenSSH which is a godsend to me since I no longer use telnet or ftp services on any of my computers accessible to the internet.

It's not that I worry about who is listening, or why; I have nothing to hide. I know that if someone is listening, they won't get squat out of my communications.

Guns don't kill, people do (0)

Anonymous Coward | about 13 years ago | (#2367674)

But it's ok to restrict guns.

Why no restriction on crypto ?

Re:Guns don't kill, people do (0)

Anonymous Coward | about 13 years ago | (#2367883)

Well some crypto that isn't properly locked away can't be picked up by an aggrieved teenager and used to blast away their classmates, nor can it be used accidentally by a legitimate owner to kill someone. The direct purpose of crypto isn't to kill/injure/maim.

Uneven distribution of knowledge (1)

akypoon (258201) | about 13 years ago | (#2367678)

Isn't that the root of the problem?

While crypto makes sense to majority of the /. readers, how are you going to explain crypto to your normal joes on the street (and those folks in power)?

Same idea applies to software. Why do the users of our software need a college degree to use it with ease?

My 2 cents.

Re:Uneven distribution of knowledge (2)

Alien54 (180860) | about 13 years ago | (#2367839)

While crypto makes sense to majority of the /. readers, how are you going to explain crypto to your normal joes on the street (and those folks in power)

They need to have the quantity and quality of understanding and education that you have.

For some, this will be difficult.

Also, some people DO prefer safety to freedom.

He's missed the point (5, Insightful)

WolfWithoutAClause (162946) | about 13 years ago | (#2367679)

The security agencies are already checking through most or a statistical useful percentage of the bytes that flow over the US internet, and are characterising it all. Their actions only make sense if they are doing that.

Anyone using encryption stands out; so they write a file on them.

Where they find encrypted data they can't characterise it any further; so they hit a brick wall. But its not common right now, so they can make a file. However, if everyone on the internet routinely uses uncrackable encryption they can't build a file on everyone.

On the other hand, if they have key escrow they can blow away the encryption on all the legitimate data and they are left with 'illegal' encryption; except presumably terrorists and other malcontents; a much smaller group that they can write files on.

Of course this 'monitor all the traffic on the internet idea' falls down in several other ways. As an example, suppose somebody creates a Quake III server that has some sort of low bandwidth messaging in it perhaps the player steps left at careful timed moments or something, the characterisation by the NSA would be, oh its just another Quake player, when really its sending an encrypted message as well. [I just made that Quake idea up- its called 'steganography' in general, hiding encrypted messages in something else.]

Anyway, that's really what's going on. The security agencies are using the WTC disaster as a chance to get their legislation through whilst the going is good. Of course anyone with any sense can evade it, but not every terrorist has sense.

Re:He's missed the point (1)

fredbsd (311595) | about 13 years ago | (#2367704)

Excellent analysis, IMHO.

Re: Quake Steppin' Crypto (0)

Anonymous Coward | about 13 years ago | (#2367722)

My girlfriend is studying AUSLAN, the Australian variant of Sign Language. (for the deaf ...) I wonder if it would be possible to use sign language within a game like CounterStrike or Op Force ... use the squad leader giving no/no go signals to spell out a morse code message :)
Play Simon Says in FPS games for world peace goddammit!

What about guns? (0)

Anonymous Coward | about 13 years ago | (#2367706)

Yet, 90% of you people here think that it's ok to ban or prohibit people from using guns.

Guns don't kill people.. people kill people. You disgusting group of hippocrites.

I wonder what the actual numbers are on that ... (1)

timothy (36799) | about 13 years ago | (#2367758)

an Anon. Cow. said
"90% of you people here think that it's ok to ban or prohibit people from using guns. Guns don't kill people.. people kill people. You disgusting group of hippocrites."
I wonder about the actual percentage of Slashdot readers who think that guns should be banned, or (say) are happy with the current level of gun-banning, which includes a de facto prohibition on the private ownership of handguns in many states, and certainly abridges the right "to keep and bear arms."

I suspect that it's a majority, but I doubt it's anything like 90 percent. Besides computers, a lot of people who read slashdot have other interests, and I've seen enough related comments to know that this occasionally includes guns.

timothy

Letters to congress people. (5, Interesting)

Crixus (97721) | about 13 years ago | (#2367724)

One week ago today, I wrote essentially the same thing to my congress people. Here is my letter in case anyone else would like to send it to their congress critters:

------

Honorable Senator xxxxxx,

I am writing to bring to your attention the pointlessness of Senator Judd Gregg's new legislation mandating backdoors in all cryptographic products. I could make many arguments that discuss our civil liberties and the right to be secure within our papers and possessions, but that argument while true and immensely important, is not even required in this case.

Simply put, with respect to strong cryptographic software, the "cat is out of the bag." The world is already full of good, secure cryptographic products with no backdoors. That is the case now, and was PRIOR to Congress' reduction of ITAR restrictions that kept us from exporting strong cryptographic products.

The world is full of smart people many of whom do not work for the NSA, and do not live within the United States. These people in the civilian cryptographic world are constantly researching and developing new cryptographic techniques, which Senator Gregg's legislation WILL NOT AFFECT. No matter how many laws you pass, NOTHING will keep the BAD GUYS from being able to download this cryptographic software from European and other web sites.

If Europe latches on to Senator Gregg's idea of mandating backdoors in all cryptographic products, then the people who want to use cryptographic products with no backdoors will simply write their own, or copy VERBATIM the computer source code for strong cryptographic software that already exists in many hundreds of published books.

Allow me to quote Bruce Schneier, perhaps the United States' leading civilian cryptographic expert:

"To illustrate the ease with which a cryptosystem can be implemented, I present the full code necessary for establishing a secure cryptographic channel over the internet, called the Diffie-Hellman Key Exchange. Both people communicating do the following:

"1. Get public key (Y, P) of the other person. This is just a pair of large numbers.

"2. Raise Y to the power of X, where X is the private key, modulo P. The result is the secret key.

"Modular arithmetic is taught to fourth-graders under the name 'clock math,' and secret-key cryptosystems are just as easy to memorize and implement as public-key systems. I could teach any twelve-year-old how to reproduce from memory in under fifteen minutes a strong cryptosystem on any Windows machine. Any terrorist is quite capable of doing the same."

This speaks volumes about the current state of cryptographic software in the world today, and the ease with which it can be implemented.

If Senator Gregg's legislation is passed, it will have ZERO affect on the people who DO have things to hide from you, and will only harm the innocent citizens of the United States who wish nothing more than to insure that their banking records and private email conversations remain truly private.

Regards,

-----

Rich...

Re:Letters to congress people. (3, Informative)

dilger (1646) | about 13 years ago | (#2367779)

Darn good letter. I have three suggestions which I implemented as I was customizing it for my Congresspeople:

  1. in the third paragraph, change "laws you pass" to "laws are passed" -- that way it's not pointing a finger at an individual Congressperson, or even at Congress
  2. in the last paragraph, change "from you" to "from law enforcement organizations" -- again, don't want to point a finger at Congress (at least not yet)
  3. Add a sentence to the end (the proverbial "call to action"): "Please do not support any legislation which restricts the use of cryptography." (Or something like that.)

Thanks for posting this letter.

cbd
your friendly local English teacher

Go News.com (1)

ZigMonty (524212) | about 13 years ago | (#2367773)

Thank God we have a mainstream news service that is telling the truth about this and not what the public want to hear. Your average, non-techie Joe wants something to blame. "Oh those terrorists used some encrypto thingee but that's illegal now so we're safe. Who was the idiot that made it legal in the first place?"

What I want to know is do any of these Congressmen realize that maybe, just maybe encryption is used for some legitimate purpose. I don't know, like... e-commerce? Online banking, shopping, etc all rely on good encryption to keep those Congressmen's credit card details safe from crackers. Even a small back door would be cracked wide open is a very short amount of time.

Plus the current encryption technology is scalable. The terrorists could just modify the old software if needed and use it. Outlaw something and only the outlaws will use it! The only thing that will be achieved is the crippling of legitimate stuff, like e-commerce.

But I'm preaching to the choir here. I just hope other News sites follow News.com's lead and not the Washington Post's.

Sorry (1)

Richard_at_work (517087) | about 13 years ago | (#2367777)

I know this is slightly offf topic but can someone explain to me why u cant decrypt from the public key and the encrypted data? I was taught in maths that any mathematical expression can be modified to find lost values, so if the public key is good enuff to be used with the expression to encrypt the data, and if you know the expression and the public key, then why cant u turn the process around? Im confused :) Im one of those that takes this stuff jsut to work :)

Re:Sorry (4, Informative)

ZigMonty (524212) | about 13 years ago | (#2367822)

You can, but the numbers are very big. Even 40-bit keys can represent numbers up to 1099511627776. A 1024-bit key can represent an number like:
  • 179769313486231590772930519078902473361797697894 23 06572734300811577326758055009631327084773224075360 21120113879871393357658789768814416622492847430639 47412437776789342486548527630221960124609411945308 29520850057688381506823424628814739131105408272371 63350510684586298239947245938479716304835356329624

  • 224137216

It's 309 digits long! As you can see the numbers are big and get exponentially bigger as the key size increases. The idea with public key encryption is that, while it is quite quick to multiply two numbers this size together, it is very hard to factor the result into the two parts again. It is possible but, for keys > about 56-bit, it is beyond what modern computers are capable of.

Distributed.net [distributed.net] is a SETI@home-like project to crack ever larger keys, among other things. Check them out.

Re:Sorry (1)

Richard_at_work (517087) | about 13 years ago | (#2367850)

Ahh cheers, that explained it quite well :)

Re:Sorry (3, Informative)

sjmurdoch (193425) | about 13 years ago | (#2367851)

It is true that any mathematical expression can be modified to find lost values, but there is nothing to stop one way from being much harder from the reverse. For example it is easy to smash a plate, but while it is possible to reassemble the pieces into the original form, it is much harder.


Problems like this exist in maths as well as the physical world. One such problem is used in RSA encryption, which can be used in PGP. This problem centers around the belief that it is easy to multiply two very large prime numbers, but given the product it is very difficult to go back to the original primes. I say belief deliberatly since it is possible (albeit extremely unlikely) that there is an easy way to factor large numbers. Most PGP implementations actually use Elgamal rather than RSA, but the principle is similar.


If you are interested in this subject I would strongly recommend you buy/borrow a copy of Applied Cryptography by Bruce Schneier (amazon link [amazon.com] ). This is the best crypto book available (IMHO) and explains the fundementals of the suject, including the maths behind RSA and ElGamal without requiring any previous knowledge.


Hope this helps.

Bumper Stickers (1)

msheppard (150231) | about 13 years ago | (#2367811)

Support your right to Encrypt Bears!

Keep honking, I'm encrypting.

It's not in the ATA. Geez, I wonder why. (2, Interesting)

L. J. Beauregard (111334) | about 13 years ago | (#2367830)

The Department of (In)Justice has not asked for crypto backdoors in that wish list that Congress calls the ATA. Geez, could it be because the Feds don't think they need them?

After all, the Feds can install keystroke loggers [slashdot.org] on your 'puter, or they can call out a van full of TEMPEST equipment. The keystroke loggers require agents to physically enter the premises, which obviously requires a warrant. As for the TEMPEST equipment, no precedent exists AFAIK, but the ruling regarding thermal imaging [slashdot.org] may be helpful.

Well (0)

Anonymous Coward | about 13 years ago | (#2368000)

I thought it was strange seeing a van from Flowers By Irene, and then another one, parked in the same spot, from Frederico's Best Italian.

(:( I just slaughtered a Simpson's quote. I feel shamed.)

Finally Someone who understands (2)

jdevons (233314) | about 13 years ago | (#2367842)

Now there is finally someone who understands the gun issue... On wait, this article is about encryption!

Even ClearText email can be used for a bad purpose (2, Insightful)

jerwiebe (91712) | about 13 years ago | (#2367857)

One thing I find interesting is that these terrorists could have just as easily used cleartext email to distribute their logistic plans. Couldn't they have just have a predetermined language and the actual emails would have looked as innocuous as someone writing their friend to meet somewhere.

Let's meet at 7:45 in front of the Arthur Anderson school on the 11th
Translation: You will overtake American Airlines flight 745 on the 11th

That would look totally benign, yet be the actual trigger to the event. No crypto needed!

Do you EVER have a right to privacy? If you do... (3, Interesting)

Futurepower(tm) (228467) | about 13 years ago | (#2367906)


What is scary about this U.S. government talk of not allowing secure encryption is that it is working so well. Even the intelligent, educated people who comment on Slashdot (Don't joke about this, it's the truth.) are being led completely away from the real issue.

The real issue is that they are trying to get you to accept that you have no right to privacy.

The really important matter is that the U.S. government is trying to get you to accept the principle that it can spy on you. They know they will lose the encryption battle.

Do you ever have the right to privacy? If there is a single case in which you have the right to privacy, then you have the right to encryption, because you need it for that case.

From the article, What should be the Response to Violence? [hevanet.com] :

"The U.S. government has three separate, very large agencies that function as global secret police: The FBI, the CIA, and the NSA. The first two are authorized to kill other people. These agencies are secret in two senses: Their activities are hidden from the people of the U.S., even though the U.S. is a democracy. They also have secret budgets. These agencies function everywhere in the world, including inside the U.S."

It has somehow been established that U.S. citizens will accept that they cannot be told about either the activities or the budget of the secret "national security" agencies. Clearly, if they did know, and if they had a chance to vote, most citizens of the U.S. would vote against many of the activities. However, U.S. citizens are not allowed to have enough information to make an informed decision about the secret agencies.

And if they had a chance to vote.. (0)

Anonymous Coward | about 13 years ago | (#2368009)

They wouldn't, anyway, because we're a bunch of overweight slobs who can't be inconvenienced to waddle down to the polls.

Sad but true, we don't give a damn. Even when big things (IE, DMCA, Encryption, whatever else) are set down on the line, we just sit on Slashdot and bitch about it.

Voting only works when people vote. :P

lets have a death match!!! (1)

JDizzy (85499) | about 13 years ago | (#2367907)

Why don't we petition MTV to have clay death match Between Bruce Schneier (the guy that wrote Applied Cryptography), and John Ashcroft (The evil goverment guy that wants to take away your rights). I think it would be hilarous, and it would send a msg to Mr john Ashcroft that he has got to be joking about his stupid law proposal.

Heck, didn't they once do David Quresh (the wacko in Waco), and Janet Reno?

Not to be too off topic, I use ssh, and my old 2.6 pgp everyday... so I would be the first to go to jail on key escrow, or the first to send email to my friends in Germany using keys stronger than 2^8 (more like 2^128 at least)..

terrorists using the internet? (1)

sydneyfong (410107) | about 13 years ago | (#2367915)

i haven't been following these topics lately, and maybe i sound redundant, but can anyone tell me how earth did people get the impression that terrorists used the internet for communication? and even if so, why on earth would they be using our standard protocols instead of their own protocols with 2^1000 0000 bit encryption???

Cryptography isn't going away (3, Interesting)

LazyDawg (519783) | about 13 years ago | (#2367958)

We've had cryptography and steganography since back when messages were tattoed on the tops of soldiers head and run between camps. The public has been sending secret messages long before it was rendered legal for them to do it, and they will continue long after it is rendered illegal again.

Language has always had two purposes: 1. To aid in communication with those you like, and 2. To hinder communication with those you don't. Otherwise, we would probobly all be speaking in the same tongue or dialect. Even if these laws are passed, sending secret messages will always happen, and crypto/stego are too great a tool to be just thrown away by the people.

Use of GIF images to send secret messages is one obvious way to make your message invisible or even undetectable. Encrypting that message against any commercially available CD image would be even more useful. Any attempts to circumvent that encryption would result in extracting a CD image, and that's a DMCA violation. :)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?