How Would Crypto Back Doors Work? 477
frantzdb writes "We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"
Simple (Score:2, Insightful)
Crypto backdoors won't work
Re:Simple (Score:3, Insightful)
may be able to recover the keys, not just the
folks that mandated the back door. Also, there
are long term issues with this. What if a trusted
party today becomes an untrusted party in the
future? What do we do when the current threat is
over? What if the bad guys figure out the backdoor? Would you have worse problems from them
than you have now with the folks blowing things up? What if the US government gets weird and
refused to give up the back door once the crisis
is over?
And finally: What about the huge delpoyed base of strong crypto?
One more finally: Little evidence has been given
that strong crypto is being used today as a shield
for the communications with this group. Why should we give up our rights based only on the
say so of the Government, one that has lied to
us in the past?
Re:Simple (Score:3, Insightful)
"What if"? Why would they?
Why would they give up such a valuable advantage in the fight against <insert current object of villification>? Terrorists, drug smugglers/dealers, criminals, communisits, dissidents - all have had war declared on them at some point, by some country or other, and all could benefit from the unrestricted use of strong crypto.
Even if the war against terrorism is won, this legislation would stay in place, to aid the war against the next great evil.
What if a trusted party today becomes an untrusted party in the future?
That's exactly the problem I have with this, and all privacy-limiting developments. Here in the UK, as I'm sure you're aware, we have more than our fair share of CCTV cameras on the streets. Every argument in favour of them seems to revolve around the same core assumptions:
1) They help cut crime, thus making everyone safer
2) You can trust the Police and the Government
I have to agree, up to a point. They do cut crime, at least in the covered areas, and I can trust the police and government, now. How do I know I'll still be able to trust them in 20 years time?
I don't. I just have to hope that I will be able to, because the way things are going, if I can't, I'm going to be in serious trouble. The same is true in this case - if legislation like this is passed now, it makes a future rogue government's job all the easier.
What about the huge delpoyed base of strong crypto?
That's easy. It would become illegal to use it.
If the agency monitoring communications (NSA, MI5, KGB, whoever wherever you are) acquired a message that they could not read, you'd be arrested, and ordered to decrypt it. (There is already provision for pretty much this to happen in UK law, thanks to the Regulation of Investigatory Powers Bill)
At best, on proving that it's an innocent message, you'd get a slapped wrist and threats of bad things happening if you continued to use strong crypto. At worst, you'd do time just for using crypto they couldn't break.
Cheers,
Tim
And useless, too (Score:2)
Even if they *did* work, what's the purpose? To keep tabs terrorists? Bwahaha. Bin Laden is already one step ahead in the high-tech race. He <gasp!> turned off [theregister.co.uk] his cellphone, ditched the e-mail account and he's now communicating through human messengers!.
Crypto backdoors... Carnivore... Echelon... what a load of absolute crap.
Re:Simple (Score:2)
In addition, if the remote control features of the planes that they are talking about today were also in place and used legal cryptography, then if I were a terrorist, I would not even have to hijack the plane, if I obtained one of the master keys! This backdoor idea is about the least intelligent thing I have ever heard.
Escrow (Score:3, Interesting)
I can?t wait until I can purchase a ?You?ll get my 1024 bit private key when you pry it out of my cold, dead Palm? bumper sticker.
Definitly not escrow. (Score:3, Interesting)
The problem here is that this system-wide key now becomes the sweet one-stop-shopping target for crackers that the whole escrow system seeks to avoid.
-- MarkusQ
Re:Maybe not escrow... (Score:2)
And how many billions of dollars would US businesses lose when their "secure" communications were cracked, not by NSA, but by foreign competitors?
Bin Laden may have made hundreds of millions of dollars by buying put options in airline and reinsurance companies two weeks ago.
Do we really want to give him and his associates access to that kind of money with the touch of a keyboard?
Do we really want to find out what our enemies could do with that kind of money if he could operate underneath the radar, possibly making several such transactions, over the course of ten years?
NSA isn't the only bunch of folks with access to supercomputers.
#include <beowulf_joke.h> /* ha ha, only serious /*
If anything can be cracked, it will be. Our financial system relies on the security and integrity of businesses' ability to communicate.
Just as the enemy can engage in asymmetrical warfare on the physical battlefield (lobbing 767s into our physical infrastructure, where we can't bomb Afghanistan to the Stone Age 'cuz the Russians beat us to it), they can also engage in asymmetrical warfare in the infosphere (destabilization through insertion of false transactions into our financial systems, a task greatly simplified through a reduction in cryptographic strength -- again choosing to fight where they have no comparable financial infrastructure that we can target in return).
If NSA still has any pull with Congress, I hope they'll be able to nip this one in the bud. I'd even go so far as to suggest that the second part of their mandate -- defending American communications from compromise -- obliges them to try.
Re:Maybe not escrow... (Score:2, Insightful)
How many dollars have non-US businesses already lost because of NSA giving information captured by Echelon to US companies? It would be hypocritical for US residents to complain of activities that they do themselves routinely.
Re:Maybe not escrow... (Score:2)
Absolutely correct...
+1 Hackish on the MQR standard (Score:2)
In the spirit of free-as-in-chaos, I have instituted my own private moderation system. Under this system, I hereby give you +1 Hackish. If more people thought like this the world would be a much better place (IMHO).
-- MarkusQ
One key? (Score:2)
Private Key Registrations (Score:2)
If you were a terrorist you would probably hide messages via a digital watermark in an image file/video file to get around this. Therefore making the laws useless.
Re:Private Key Registrations (Score:2)
Unfortunatley we already have this law in the UK - it's called the RIP Act. The penalty for not handing over a key, even if you have forgotten it, is a two year jail sentence.
Re:Private Key Registrations (Score:2)
Already exists (Score:2)
Re:Already exists (Score:2)
Not to mention the 5th Amendment problems with forced key turnover.
I doubt that there is a 5th amendment issue here. Consider that there is no 5th amendment issue with taking fingerprints, court ordered blood tests in criminal cases, and required breathalyzer tests in suspected drunk driving cases, among other things. The 5th amendment protection, "nor shall [he] be compelled in any criminal case to be a witness against himself", has generally been very narrowly construed by courts, if I remember correctly, to be just that - they can't force you onto the stand in a criminal case against you; even then, once you have chosen to take the stand, you CAN in fact be forced to give testimony that is not in your favor. (IANAL and all that, but I do remember some of the things that I learned in civics classes :-)
How backdoors work (Score:2, Interesting)
Steven Levy's excellent book "Crypto", which was reviewed here a few months back has the basic gist of the technology. As the technology is mired in classified work and patents, it's a minefield that will have to be carefully traversed
Re:How backdoors work (Score:2)
Odd that a process designed to keep something secret (classifying it) should be combined with a process designed to make something public knowledge (patenting it).
Key Escrow (Score:3, Insightful)
Basically. When you generate your keys you must submit the key to the governement so they have a copy. Its kind of like your landlord.
You have a key for your apartment. So does he. If you get locked out he can come on in and let you back in. If you're growing a Pot Farm he can give it to the feds when they have the search warrant and let them in with out bustin no doors down.
Implementing a mechanical backdoor other than key escrow would suck. Short of the US Governement getting hacked your keys should be safe with them (unless of course you believe the US Governement's sole purpose in life is to get you) If you implement a mechanical back door just wait until it gets reverese engineered. All hell will break loose.
If Backdoors are implemented. Im a fan of Key Escrow.
However whats to stop a terrorist for writing their own version of a public cryptosystem such as RSA and not give anyone keys? Guess there will also have to be a law that says if your key isn't registerd and your communicating with it then the governement can arrest you.
Re:Key Escrow (Score:2)
This is all beside the point, because terrorists won't register their keys. If the US government can't stop spam, what makes them think they can stop encrypted messages?
They won't help (Score:3, Interesting)
One basic assumption of crypto backdoors is that people will actually use crypto that has the backdoor capability. Its like trying to limit encryption to 128 bits or 4096 bits or whatever it is these days. You can just write your own encryption program (or download & hack the source to some existing program) and create 65536 bit encryption if you want. Sure, its illegal, but if you don't want the feds to find out about your nefarious plans, so what?
Believe me, we can expect a lot more stupid, reactionary legislation in the coming weeks & months (am I the only one who doesn't feel any safer knowing that the guy on the plane next to me doesn't have his Bic disposable razors????). Thank god we haven't locked up all the Arab-Americans because they could be terrorists...
Re:They won't help (Score:2)
It's an essentially unbreakable end-to-end chaffing system: only say things that are just like what anyone would say if they were doing ordinary things, but have some shared understanding that only the people involved know about (like, when we're all on planes at the same time, we'll hijack them).
Re:They won't help (Score:2)
Unfortunately, this involves solving simultaneous number-theory equations, multiple equations of the sort that would be necessary to break the code algorithmically in the first place by calculating private keys from public keys. If it is computationally infeasible to do that, what you suggest is far harder!
Re:They won't help (solution) (Score:2)
One-time pads + encryption du jour.
See Applied Cryptography 2nd ed. pp. 227-229 "Hiding Cyphertext in Cyphertext" and "Destroying Information"
E
E
Well.. (Score:2)
Which means the law will be useless because encryption is already out.
The backdoor will probably be in the form of a key or a series of keys that one or more entities has. To make it seem better, multiple authorities will have portions of the key, so that you can't just grab one repository.
You can do statistical analysises and generally figure out if something has a likelyhood of being encrypted. It's a cold-war technology that probably got much usage back then. But it's not the kind of thing you could deploy across the entire network.
Now, I'm not a privacy whacko. I don't encrypt my hard drive. I'm not anti-government. I'm generally pretty pragmatic. But even I don't think that we should have backdoors on encryption software. Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?
Re:Well.. (Score:2)
They have oxyacetylene torches for your safe, and a battering ram for your door. This is why they are considering the legislation: there is no way of realiably cracking properly-done strong crypto in a reasonable amount of time (less than billions of years.) You can't force your way to a key, or buy it, like you can force a door or buy a better torch to get into safes faster.
The feds had Mitnick's laptop(?) for five years and made no progress in breaking the encryption he used...
Re:Well.. (Score:2)
What's different about encryption is that even if they do get a warrant to look at the data contained in an encrypted file, they can't break the encryption with current technology (at least in a reasonable timeframe).
50% of the time if they broke in the key would be right there unencrypted on the computer. 45% of the time the key would be protected by an easy to crack password. The other 5% of the time the police could plant a key capture device and get the password.
Key escrow is much much worse than the government having a key to your apartment. It is equivalent to having a ban on possessing private thoughts. Consider a simple encryption scheme which could be done in your head. This plan would make it illegal to memorize a number without telling it to the government. It's that scary.
As with most laws to prevent crime... (Score:2)
To educate yourself (Score:2)
Peter Gutmann's excellent crypto tutorial [auckland.ac.nz]
Some information on Blind Signatures [upenn.edu]
A very nice link page for privacy and encryption [afn.org]
Ron Rivest's (the R in RSA) homepage with an excellent link section [mit.edu]
And a link to buy Applied Cryptography [fatbrain.com], even if the stories lack accuracy it is a good read
Happy reading!
Answer: they could never work (Score:5, Insightful)
The simple reason is that as long as there is an algorithm that cannot be penetrated, either by force or by escrow, that algorithm can hide data. On this, at least, the cat is out of the bag.
One of the more likely scenarios which could possibly keep criminals away from data while allowing governments to have access would be an agreement worldwide on a data-encryption standard that included key-escrow. Likely this would be implemented with a large database of registered keys rather than a "skeleton key" approach simply because the "skeleton key" would be a ridiculously easy target. Of course, this whole scenario cannot work for catching dissidents and criminals, and therefore cannot serve the purpose of fighting terrorists.
The reason is that under any reasonable key-escrow scheme a government would be required to show evidence before using the person's key to find the data. This works fine for average citizens who only use the mandated encryption standard, but, Surprise! When the government uses the key of terrorist Tim to decode his messages, they find that not only did he use the mandated scheme, but he also encrypted his data with his own scheme, which, of course, is unbreakable with current technology. Terrorist Tim wins in two ways here, not only did his data remain secure, but he also managed to waste a large amount of the government's time and resources.
The fact that this is even being proposed shows the ignorance of technology rampant in Congress. I live in NH, maybe I'll write a letter to Senator Gregg.
Re:Answer: they could never work (Score:2)
The reason is that under any reasonable key-escrow scheme a government would be required to show evidence before using the person's key to find the data.
But if you remember, the biggest issue in the Clipper Chip deal was that they changed the wording that created the "Fruit of the poison tree" doctrine that currently keeps illegally acquired evidence out of the courtroom. They might try to do away with the evidence requirement.
Re:Answer: they could never work (Score:3, Insightful)
Of course, that depends on what the real purpose is. The purpose might be to create lawbreakers.
Great point (Score:2)
I've been formulating a "conspiracy" theory with speed limits that is similar to this argument. The idea is that you make the speed limit so ridiculously low that everyone goes much much faster than posted, and thereby generate revenue for the city or town in speeding tickets.
Not quite as insidious, but more practical for that.
Re:Answer: they could never work (Score:2, Informative)
Also, said Terrorist could use multiple techniques together:
- write message
- apply method of Chaffing and Winnowing (above) or method of hiding messages in spam [spammimic.com].
- hide that message in favorite media with outguess [outguess.org].
- encrypt that with PGP [pgpi.com] or GnuPG [gnupg.org].
- encrypt that with the mandated, key-esrowed, back-doored technique
Now there are several barriers to break down, but only the easy one is known about until an investigation is already under way.
Or:
- said terrorist could avoid electronic communications, and meet face to face in a public park or on a public bus or in a crowd
Ask a gardener how they deal with weeds. Do you just remove what you can see, or do you go after the roots? Ask a doctor how he/she deals with a disease. Does he/she treat the symptoms and hope for the best over time, or does he/she treat the source of the disease?
Yes, cutting off one of their means of communication would be an incovenience for people who have evil plans. But is there a better we that we can deal with their evil plans in the first place?
I don't know the answers, I just ask the questions.
Very, very cool (Score:2)
Thanks for the link.
Why it might work (Score:2)
Yes, it is generally agreed that modern encryption algorithms can hide data with virtually perfect security. But this alone is not relevant, as long as the government can detect the use of these algorithms.
All the government has to do to nail your "Terrorist Tim" is observe that he is using encryption, and check for the existance of a matching escrowed key. Presumably, any key escrow system would allow for verification that a message was encrypted using an escrowed key, without actually retrieving the key or decrypting the message. Thus, it is entirely conceivable to me that the government could enforce the use of key escrow: Whenever they see encrypted traffic that does not use an escrowed key, they trace the user via the ISP and prosecute him. And maybe they drop the connection, so you can't even get one message through then hide.
So, anyone who wants Internet privacy under this regime must hide the fact that they are hiding data. But, you say, there's a whole field dedicated to this end, called steganography, so the goverment loses again. While steganography is exciting and promising, it's not the knock-down argument that you seem to think.
First, I agree that it is easy to covertly communicate a small amount of information to someone with whom you have prepared ahead of time. Any simple system of code words or similar is probably secure for a brief message or two. But, ...
(In the above, you may substitute "terrorists" for "people".)
The point: not that the government should or will do this; but that if they decide to do it, it is not futile! It really could (in addition to destroying the privacy of lawful citizens) slow down terrorist communications (assuming that terrorists use the Internet, which people seem to think they do). So we need a better argument against it than "this is stupid, it can't work".
Re:Why it might work (Score:2)
Just re-encrypt the illegally encrypted data. No way to find out that the contents are unreadable without actually decrypting it. Thus the only way to spot verbotten encryption is to decrypt everything.
Oops, you're right. So the situation isn't quite as bad as I thought (since routine decryption would be a hard sell for the government).
Security of the master key (Score:2)
Wouldn't that represent a gravely serious threat?
The terrorist would have the ability to monitor, and perhaps disrupt, any encrypted communications, including that for critical infrastructure.
Let's increase the NSA's (*) staff and budget, not take knee jerk actions that help the terrorists.
(*) NSA is mostly code-breakers and the like. Not goons out to get you. Anyone that comes in the middle of the night to crack your head will almost certainly NOT be NSA.
Re:Answer: they could never work (Score:2)
Actually, it could work, assuming that it's only used after a warrant has been acquired. The feds get the warrant, try to decrypt the info, and can't. Or they decrypt it, and find antoher layer of encryption underneath. Then they can charge the terrorists with use of illegal encryption and send them to jail for a few years.
Re:The back door doesn't need to work (Score:2)
The purpose of gathering intelligence is not always to convict a criminal, often it's to get his compatriots or to leave open an intelligence channel that can be exploited at a later time.
Making it illegal to encrypt your data with unbreakable methods is something not very likely to happen. Holding someone in contempt of court for not supplying the key for evidence is much more likely. This doesn't help when you are intelligence gathering, though, as I have previously stated.
Re:Not convinced (Score:2)
You must really think that terrorists are stupid. It would be a trivial matter for the terrorist to encrypt their information with real encryption (say GPG), and then encrypt it with the government sponsored fake encryption. The message would look like any other encrypted message, but the government still wouldn't be able to read it.
This also assumes that the terrorists aren't using stenography of some sort to hide their messages in pictures.
In other words the government's ant-crypto plan would only work against everyday, standard, run-of-the-mill, law-abiding, citizens. There is no way that key-escrow, crypto backdoors or any such measure is likely to work against terrorists. Unless, of course, the terrorists were blatant amateurs or idiots (in which case you could probably catch them without crypto back doors). The question then becomes. Why is the government so interested in spying on normal citizens? They know that the terrorists have crypto that they can't break; they likewise know that these terrorists are not likely to give up the use of this crypto.
My guess, because I am not overly paranoid, is that they are simply passing the law to make people feel better. Normal citizens will believe that these laws help combat terrorism, and they will sleep better (even though they are not really any safer).
It has also been shown that the U.S. does fairly extensive spying on legal (but non U.S.) corporations. Since the U.S. writes the bulk of the software used in the world, U.S. laws against strong crypto guarantee that law abiding corporations in other countries are all of a sudden vulnerable to the U.S.'s prying eyes. Since this type of activity is probably good for the U.S. economy, I would say that it is a bonus.
My European friends, on the other hand, would probably disagree. That is likely the reason that the German government is paying for the development of GPG.
Re:Not convinced (Score:2)
Most commercial crypto research is currently being done outside the U.S. because of the U.S.'s past beliefs about exporting crypto. All such a law would do is guarantee that foreign nations would be first to have the advantage of new crypto research.
There is no way that "the rest of the world" is going to give up crypto research. Especially since there is no good way to make mathematics illegal. If the U.S. gives up on crypto research we will simply make way for some other country to move to the forefront.
What is more likely is that the U.S. simply wants to be able to continue to spy on non-U.S. companies that rely on U.S. software. They've done it before.
Re:This is not what I meant... (Score:2)
Precisely. To be honest your point is a good one, I re-read my original message and it was definitely worded too strongly. Sorry :).
And I understand what it is like conversing in a foreign language. I spent 5 years of my life in South America. Most of the time as the only Yanqui for miles and miles. It is very easy to be misunderstood in a language that isn't your native tongue, even if you are skilled in its use (which you clearly are).
Currently PGP encrypted messages stick out like a sore thumb, and so I can see why it is that you figure that PGP (or GPG) encrypted messages would be detectable from government sponsored messages. You are probably even correct. Heck, most PGP encrypted messages are ascii-armored and have a nifty header proclaiming how they were encrypted. However, terrorists would almost certainly either modify their software so that it output headers that matched the government sponsored crypto, or, even easier, they would simply re-encrypt their encrypted messages with the government sponsored tools.
The only way that the government would know the contents of your message would be to decrypt it (using precious cycles), and when they decrypted it all they would find was a GPG encrypted message!
In other words, if such a system became commonplace they would be worse off than they are now (where most email are simply plain text).
I also agree that using U.S. resources to spy for American companies is wrong. I should have used a smiley so that you would realize I was being sarcastic. Although I am a U.S. citizen until recently I worked for a non U.S. corporation.
Thanks for the discussion.
How the government might know (Score:2)
"We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"
There is no such thing as "random bits of data" streaming through the network. All data has redundancies and self-imposed structure in order to convey information. Read Shannon for details on information theory.
Most currently available cyphers create a data stream that appears extremely randomized. This, in itself, could be a way for the government snoops to detect encryption: A sample of data that is more random than other data.
You can try the "compression test" for encryption. Try compressing some data. Check the file size. Now, encrypt the same data and run your compression program. You'll notice that the "compressed" file is the same size or larger than the original. This is because the encrypted data is "extremely randomized", and the compression program cannot find patterns in it to compress it. The snoops can use a similar test to detect encrypted data streams, i.e. over time, the probability of any character appearing is 1/n where n is the length of the alphabet (0-255 for bytes).
Steganography and hiding cyphertext in cyphertext (see Applied Cryptography) would be a good way around encryption back doors.
Cheers!
ERe:How the government might know (Score:2)
> encryption. Try compressing some data. Check the
> file size. Now, encrypt the same data and run
> your compression program. You'll notice that the
> "compressed" file is the same size or larger
> than the original. This is because the encrypted
> data is "extremely randomized", and the
> compression program cannot find patterns in it to
> compress it.
This is true of good random numbers, too. It's even more true of compressed data - this test will trigger on every gziped or zipped file to pass through the network. It's also trivial to use some sort of base64 (or more complex encoding that uses letters with English frequency) over your encryption to break this.
It also doesn't distinguish encryption permitted by the government, and cypto using illegal keys and methods.
Re:How the government might know (Score:2)
This won't work, because you can have false positives and false negatives.
The false positive case is obvious: if the data is already compressed, it will look like it's encrypted even if it's not. So some kid downloading Britney Spears' MP3s gets flagged as a terrorist.
You can also create false negatives by padding or otherwise injecting artificial redundancy. If "xyz" is entropic (doesn't compress, appears to be encrypted) then just send "xaayaazaa" (where the filler could be anything and you'll fool anyone who's looking for too much entropy. So Osama's packets go right through Big Brother's net and no one even notices that they're encrypted.
Re:How the government might know (Score:2)
So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.
The entroupy in a compressed data stream isn't as high as you think. Remember that you have additional data at the beginning of the stream (and possibly at the end) that indicates which compression program/algorithm is used.
A good way to add entropy would be to compress the data, then encrypt it, then compress it again, then transmit it. Most decent encryption software tries to compress the plaintext first anyway to reduce redundancies.
Cheers!
E
Why use crypto at all then? (Score:5, Informative)
Making crypto 'safe' with a back door effectively makes it useless. Why would anyone in their right mind use a cryptographic algorithm knowing that a perfect stranger has a 'backdoor pass' to their information? The whole point of crypto is to only allow the intended recipient to view the secret information.
This idea would weaken any cipher that this idea is applied to. Why? Simple. Key recovery in a datastream you haven't ever seen before depends basically on one of 2 things: Brute force, and a little ingenuity. If you know that the cipher has a 'universal backdoor' then each stream encrypted with the cipher will be that much easier to crack -- because the streams will have to be somewhat similar.
What happens when the wrong people get the 'back door' key? You don't think that someone dangerous is going to somehow either recover the key manually, or steal it? Think again. A 'back door' key (or set of keys) of this scope would be too good to pass up. Why bother attempting to recover a key that unlocks one stream, when you can unlock a whole set of streams?
The cat's already out of the bag Why would somebody who really wants to keep information secret use a cipher that didn't keep it secret -- especially when there are so many good ciphers (RC4, Twofish, etc.) that don't have a backdoor? In short -- this is a braindead thought process that will lead the U.S. straight into another disaster.
RC4, 1337 d00dz, blonde bombs (Score:2)
Also, crypto with a back-door would be useful against criminals, just not against governments. For example, you mostly use SSH so hackers can't sniff your packets to get logins and passwords. It's nice to know that governments would be equally hard-put, but that isn't the primary purpose.
Plus, governments have many more resources than 1337 d00dz. They can log your keystrokes, or use other channels (Tempest sheilding, keystroke timing, video cameras). Or they can just bribe your girlfriend. What, you don't have a girlfriend? Beware the next time some blonde bomb comes up to you and just can't get over your coding skills.
I hope more money goes into HUMINT of the latter variety than fruitless reactionary measures like key-escrow. Because I really am patriotic, but I want to be able to have some control over who reads my data.
If you can't decrypt it, it must be terrorism... (Score:4, Insightful)
But this is too large of a job for just one person, or a (fiscally feasible) number of people, as much traffic may not pass through a central point. Machines will have to do it automatically, and there will ave to be many o them. Who will make the machines? How will they guarantee that the backdoor isn't released? What if the machines themselves take a walk?
Steganography would be the only way around this, by hiding an encrypted snippet well enough that it doesn't look encrypted. What if someone posts a badly-encoded GIF of their cat on their personal page, and the so-called "Stego detectors" pick it up. Of course, the "message" isn't there. Therefore it can't be decrypted, and they will be flagged as a criminal... scary prospect.
As the technology progresses, only poorly done stego and innocent media would be caught. It's already possible to encode messages to be indecipherable from quantization noise by any theoretically possible system.
How can access to backdoor be restricted? (Score:2)
The other problem is that if the government does start accessing things without a court order, how would you know? You could probably develop a crypto system that would leave obvious evidence if it has been accessed through a backdoor, but the government wouldn't want that because it might interfere with an investigation.
Another use for Linux on Linux (Score:2)
I imagine the need for monitored and logged physical access is obvious too. The agents will look GREAT on camera when they suspect all of this and try to lay hands on the machines themselves.
Dig out your old Clipper chip documents (Score:3, Interesting)
The basics of Clipper worked like this. The system was based on hardware encryption chips which implemented the protocol. No software versions existed AFAIK for obvious reasons. Each and every chip had a unique ID and "unit key". Each encrypted transmission had a Law Enforcement Access Field (or LEAF) prepended to it. The LEAF consisted primarily of the current session key encrypted with the unit key of the sending chip and it's ID number. I believe the whole LEAF was then encrypted with a single key shared by all chips.
On the law enforcement end, the DoJ was supposed to maintain a database of all the chip ID / unit keys. There was lots of fancy promises made about the security of the database, and how it would be split it two so that two separate agencies would have to cooperate in order to gain access to the database, etc. All very feel good but in the end un-auditable and basically BS since the regulations guaranteed that there would be no penalty for improper access to the keys.
Anyway, the LEAF field in combination with the database allows access to the session key and hence the plaintext of any message.
The whole scheme has so many problems it's not even funny. Not the least of which are: the whole protocol has to be keep top secret. If you know how to generate a legitimate LEAF field, you know how to generate a bogus LEAF field too. An AT&T researcher published a paper about how to get two Clipper chips to talk to each other with bogus LEAF fields. It took a fair amount of trying to get random LEAF's which had valid checksums, but it was quite doable. Presumably, they won't repeat that mistake. Software implementations are pretty much verboten, since they are far too easy to reverse engineer or tamper with. If you are trying to mandate back-doored encryption, you would pretty much just mandate that all encryption be performed using NSA designed and approved chips manufactured by a secure contractor.
As to what stops you from sending random data, one need only imagine the governments response when they detect that you are sending random data. Such random data would be presumed to be illegally encrypted data, and you would be arrested as such. It's quite possible that you would be freed once you had shown that the data was random. In the mean time, your face would be plastered on the front page of the paper as a "suspected terrorist". You might expect to be held without bail due to the extreme danger a suspected terrorist poses to society. The draconian penalties involved will serve to keep people in check, not any technical ability. Look at the penalties handed down for DMCA violations. Then compare the severity of pirating a movie versus flying an airliner into a building. Finally, scale the DMCA penalties accordingly. You can imagine the outcome.
Re:Dig out your old Clipper chip documents (Score:2)
Pretty cool technology to be dealing with, but it does show that corporations as well as governments are perfectly capable of taking chips apart.
Re:Dig out your old Clipper chip documents (Score:2)
Meanwhile, real terrorists will be sending the communications they need buried in innocuous-looking messages in the clear. Agree on a few code words at a face to face meeting, and then you can make all messages necessary for scheduling and coordination look like ordinary business communications -- e.g., send the target location, date, and time as the time and place for a meeting, an order for "staplers and staples" can refer to guns and ammo,
Or if they really have to send an incriminating message, there are lots of ways to hide it in an innocuous message. E.g., insert a letter here and a letter there as "misspellings". Flip a few bits in an image or audio file -- if the recipient has an unmodified copy of the file, just do an XOR to recover the hidden message. Or if you want something really sophisticated, hire some underpaid Russian mathematician/programmer.
Or after a decade or two of this sort of sh*t, you'll be able to hire impoverished Americans instead...
Easy Ways to Avoid Backdoors (Score:3, Interesting)
1. Use existing crypto programs or write your own. Anyone with access to a high-level math textbook or a book on encryption and a little bit of coding experience can currently write crypto that is brute-forceable only by supercomputers. The same is true of the existing versions of PGP and other crypto programs available world-wide.
2. Steganography. Apps exist world-wide that will hide plain or crypted data in all sorts of things. Images, MP3's, Spam Mail, etc...
3. Use non government-controlled chanels to transmit data. Sneaker-net, by definition, is uncrackable without a spy in the house. No technology currently allows LEO's to read a CD without first placing it in a drive. This may not be far off, but it's still effective, so far as I know. Also, most phone companies can be persuaded to install 'burglar alarm' circuits that are just non-powered plain copper that between any two given locations.
4. XOR Crypted data in a manner so that if decrypted without first XORing it back, it will decrypt into useless, but not random information. I'm not a coder, but I can imagine that some talented hacker somewhere could come up with a scheme of encoding a crypted message so that it decrypted as Mom's cookie recipe if you didn't decode it properly.
5. For communications in which anonymity is more important than secrecy, use existing file-sharing networks to propogate messages. Freenet is the best example of this.
6. Transmit textual data in non-standard image formats. Ascii text is easy to detect. A compressed PNG of text data would be much more difficult to detect, especially by automated methods. A compressed or reencrypted raw bitmap would be even more difficult to detect. Existing image scanning programs work by scanning for a predertimined signature. Making images of text so that there is no signature possible is fairly easy in photoshop.
Simple (Score:5, Insightful)
If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.
The other solution is to weaken the encryption algorithm in some way. There are very subtle approaches, but the simplest is to limit the length of the key. A 40-bit key takes half as long to crack with brute force as a 41-bit key, and a 42-bit key takes twice as long again (all else being equal). If you have an application that uses 128-bit keys, it could be ``dumbed down'' to a 40-bit key by forcing all keys to start with 88 zeroes (or some other known pattern).
How to get people to use such software when there's a wealth of reliable strong cryptographic software readily available is left as an exercise to the reader.
Most encrypted streams have header information to make identifaction easy for the recipient. If you've ever gotten PGP-signed or -encrypted email, you've seen ``BEGIN PGP MESSAGE'' or some such at the top.
You could, of course, remove all such identification. If the encryption method is strong, what remains is provably indistinguishable from pure noise. If the recipient adds the identifaction back--if she puts ``BEGIN PGP MESSAGE'' before the bits--the result can be fed to the decryption proces without trouble.
But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.
The most commonly accepted solution is steganography, the art of hiding secrets in plain sight. ``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word. Common modern methods of steganography include encoding the message in the low-order bits of a JPEG, but the field is still young and many techniques a bit crude. If ``they'' are already looking at you, ``they'' will have a good chance of finding the message.
As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.
b&
Higher Frequency Bands (Score:2)
"...how would/does the government know wether a bitstream is random bits, or encrypted data?"
Audio data looks random. MP3 data looks random. What's to stop someone from recording an analogue message in the high or low frequency range of a music recording, then bladeenc it to mp3 and transmit it in the clear? Still looks random.
How much mp3 traffic flows across the 'Net? >:)
That's a lot of random-looking bits.
legal rather than technical (Score:2)
too much time is being spent thinking about the technical aspects of enforcement and use of 'backdoors'. what everyone's failing to realize is that the technical aspects of crypto laws are irrelevent. it's how they will be used htat's important. if any cyrpto laws are passed, they'll be used in prosecution and trial rather than proactively enforced.
picture this scenario: you are a criminal who has been sending encrypted mesages to someone else. you're busted, and on trial you are asked to decrypt the messages. you refuse. you are then thrown in jail for not complying with the crypto laws.
again, i'm not a lawyer, but it seems that if crypto laws will work in this manner, we are throwing away our 5th ammendment right to refuse to incriminate ourself.
Why is Decryption Needed by the Feds? (Score:2)
Why then must the Feds know what is in a message? If the fact of tranmission of a message is adequate, at least in the courts, then why does the content need to be known?
Also, why does the Government beleive that it should have the right to be a party to all conversations? If the Feds had a time machine, and could travel back in time and listen in on any conversation, I beleive that would be ruled an invasion of privacy. How then is decrypting a message any different?
Here's what I said to my political representatives (Score:4, Insightful)
Adam/Zwack
As I feared when I first saw the attack on the World Trade Center, it has been reported (http://www.wired.com/news/politics/0,1283,46816,
Media reports have made it appear that Osama Bin Laden may have used encryption, but it is more likely that he relied on a lack of technology. According to the media, Bin Laden held face-to-face meetings in a private room rather than trusting that the communications channel was not intercepted. One journalist who has met him had some newspapers with him and Bin Laden is reported to have pounced on them and read them as he was so out of touch with the outside world.
Even if there is a ban on encryption products, older encryption products already exist without those back doors. Writing encryption software is not too complicated (Applied Cryptography is about $40) and terrorists and criminals are not going to worry about breaking yet another law. So who would this effect? Criminals? No. Terrorists? No. Penry, The Mild Mannered Janitor? Could Be.
Anyone can do a little research and find out that there are other techniques that cannot be legislated against that are just as effective for secret communications.
Ronald Rivest, one of America's foremost cryptographers published a paper in 1998 called "Chaffing and Winnowing: Confidentiality without Encryption." (http://theory.lcs.mit.edu/~rivest/chaffing.txt) In it he describes a method for plain text communication which does not rely on encryption to hide the message. He then goes on to add more twists to the method, which mean that if someone demanded the actual message you could give them a completely false, and presumably inoffensive, message.
If that wasn't enough to make legislation on encryption pointless, then steganography, the practice of hiding one message inside another, could be used either independently or with "Chaffing and Winnowing". It is possible for messages to be hidden within pictures, movies, sound files and even Stream of Consciousness-like poems easily. The sophistication of some of the programs is astounding. One program (http://www.outguess.org/) actually performs a statistical analysis on the image first to ensure that in hiding the message it does not modify the image too much.
There are numerous other non-technological techniques that could make this law pointless. For example, the terrorists could choose a book, say Hamlet, and spell out their message with the words or letters in that book. A message like "42 23 17 65" is not going to mean much to anyone until they know that in a specific edition of a specific book they should read the twenty third word on page 42, the 65th word on page seventeen... and so on.
They could use a simple code where phrases mean certain things. So "I went to see the new production of Oscar Wilde's Importance of Being Earnest" might mean "The birthday cake arrives tomorrow". As long as only the parties involved know the code phrases, and their meanings this kind of communication is impossible to break.
If encryption software without back doors is outlawed, what will terrorists do? If they're paranoid they'll use illegal encryption to encrypt a code phrase, hide it in an image, and then mix it with several completely innocent, and some totally random streams using chaffing techniques.
That way, by the time the NSA have worked out which streams contain real messages, figured out that one or more of the images contains a steganographically hidden message and broken the encryption on it, they will have wasted weeks in order to get a perfectly normal sentence that isn't going to mean anything to them anyway.
In that same period of time, several companies who are obeying the law and not using encryption will have had their company secrets stolen by other companies, as they couldn't encrypt confidential messages between two of their office. The French Secret Service was known to pass trade secrets to French companies when the French government was strictly controlling encryption. Add to that the many completely innocent uses of encryption for security and confidentiality: communicating with banks, logging on to remote servers, protecting medical records, implementing Virtual Private Networks and so on. Banning encryption that the government can't decode is more likely to cause harm to the law abiding citizen than it is to stop or reduce terrorist or criminal activities.
In short, any attempt to regulate the free flow of ideas, whether encrypted or unencrypted is only going to hinder law abiding citizens, and effectively punish them, without providing any additional safety. Remember that these highjackings were very low tech, no computers were hacked, no high technology weapons were used, just people armed with knives and the willingness to die.
Several options (Score:4, Informative)
Interesting turnaround... (Score:2)
Wake up, America, the world is laughing at you.
Answering The Question (Score:2)
key escrow functioning (Score:2)
All that is left is a method of preventing people from using key sets that haven't been escrowed; this can be done by designing cryptographic hardware to only use keys that have been digitally signed by the authority that generated the escrow keys.
Note that when using a general-purpose computer to perform encryption and decryption, there is no easy way to prevent people from using unescrowed keys. Software designed to check for such things can always be patched and disabled.
How it will really work (Score:3, Insightful)
In reality, the keylist will be posted on alt.hackers.malicious within 24 hours of being delivered under seal to the Supremes.
Too many formulas (Score:2)
What about encryption formulas created in other countries? Didn't we just get past the point where we can export basic encryption. Are they going to ban importing (maybe they already did, I don't know).
I don't know the answers, unfortunately, neither does the government, but they're gonna pass some laws anyways.
Relevant Articles (Score:2)
Bruce Schneier has all sorts of stuff to say about crypto in "Applied Cryptology [counterpane.com]."
See also his webpage search thingy [counterpane.com], which links to a bunch of articles specific to escrow.
The DMCA connection (Score:2)
A Simple Workaround (Score:2)
The root of this problem is that it can never, EVER work. Mainly because we have freedom of speech, they government can pass as many laws as it likes on legal encryption but they can't enforce them. Think of the civil-disobedient potenial. You could get thousand of people to send random encrypted gibberish to one another. Just because the government can't understand it doesn't make it illegal, what's the difference between that and encrypted meaningful information. The answer is none. This is all simply a case of communicating in a language that the government doesn't understand... all well within our rights.
or just send all your emails in Navajo (Score:2)
anyone have any open-source Navajo language extensions to Pine or mutt ?
Counterpane (Score:2)
So I guess even playing a game of bridge will get you thrown in jail.
Two copies of session key, separately encrypted (Score:2)
I have no idea if this is how the usual "key escrow" proposals work, but here is a way to do it:
The software generates a random session key, and block-encrypts the plaintext with it. Then it stores two copies of this session key along with the ciphertext. One copy of the key is encrypted with the user's secret key. The other copy is encrypted with the Big Brother's public key.
The decrypt the message, a "normal" user, who knows the user's secret key, uses that to get the session key, and uses the session key to get the plaintext. If Big Brother wants to read the message, he uses his private key to decrypt the other copy of the session key, and reads the plaintext that way.
It's called "Key Recovery" (Score:2)
#1 "Key Escrow" - All your keys are simply registered with big brother. To reduce the logistical nightmare, you would likely just register special backdoor keys used to encrypt the session key, which would then be included with the message.
#2 Big brother publishes one or more public keys, to be used to encrypt each session key, which is then included with each message.
The BXA/NSA guidelines for getting permission to export strong crypto include full disclosure on your data formatting, headers, compression, etc. The review process includes submission and approval of test vectors.
It should be noted that once these are required by law, compliance testing could be automated by building systems holding the private keys and testing recovery on live data.
It should also be noted that since (1) no terrorists would use such software; and (2) terrorists are already using steganography to obscure their encrypted data from trivial recognition as ciphertext: This entire effort will have ZERO impact on real terrorism. Its just an attempt by the NSA/FBI to retain their historical ability to eavesdrop trivially on all ordinary civilians everywhere without warrants or oversight. Last weeks events were just the pretext they've been waiting for. Anyone telling you different is ignorant or has an agenda...
How they work (Score:2)
There is an obvious problems with this from the cryptological angle- the encryption algorithm has to remain secret. Once you figure out the encryption scheme, and notice where the key information is being leaked, you too can take advantage of the back door. It's the classic problem with master keys- once they get out and get duplicated, it quickly becomes worthless to have the locks. So not only do you not dare publish the algorithm, you do not dare let anyone reverse engineer it.
Fun begins with FU (Score:2)
govt measures call for citizen countermeasures (Score:2)
to answer your question, the government backdoor would be the Secret Password : "joshua"
if the government tries to enforce this, just bookmark http://www.pgpi.com [pgpi.com].
All I have to say about this is (Score:2)
Olives! (Score:2)
There is even more reason to suspect that Osama bin Laden has been eating olives while discussing plans for terrorism. Therefore it would be much more effective to mandate all olive stones to carry a hidden microphone that would record and broadcast all discussions taking place in its vicinity, easily catchin the political opponents - I mean terrorists.
Some would say that it would be extremely difficult to make sure that every olive would carry its microphone. All it would take is an international treaty mandating microphones to be installed in all prepackaged olives, and outlawing any home production. Then some powerful international orgization - or the US government - could go out and bomb all olive producers who do not comply with the microphone directive. Soon nobody would dare to produce rogue olives!
Although this may sound like a totally unrealistic plan, it is many ways more likely to succeed than any plan limiting the use of encryption. For the first, olives, small as they are, are physical items that will have to be grown somewhere, pickled and processed, and marketed. All this leaves a physical trail of physical olives moving around. On the other hand, cryptographic tools are ethereal words, easily transmitted by whisper, by graffiti, and other totally intraceable means. Besides, most of them are already published in books all around the world! And once an olive is eaten, the stone is discarded, and a new olive must be acquired, hopefully from a compliant source. Not so with crypto tools, they can be used over and over again, so if the foreign competition - I mean the terrorists - have already managed to gain access to some crypto tools, they can keep using them for ever.
Besides, by betting its reputation on microphoning all olives, the US Government would make itself much less of a laughing stock than if they tried launch a campaign to limit the disucussion and use of encryption!
Fair is fair (Score:2)
Other encrypted channels (Score:2)
1: Move to a different port: Conventionally, email is on port 25. Set up some email servers on some other port, and the content will sail right past Carnivore.
2: Use a different channel, and don't forget that other encrypted channels have their own algorithms.
2a: Use a different channel: Move files around with scp or sftp. Once again, doesn't register as email.
2b: Use a different channel. Use secure websites as intermediaries. When the lock closes in the lower-left corner, it's safe to type your credit card number. It's also safe to communicate other information. Either extra fields can be added, or existing fields can be used. It may even be possible to use innocent eCommerce sites, assuming you've already cracked them.
3: USB keyring hardfiles: Since these alternate channels don't leave encrypted files on the box, put the file on a USB keyring hardfile. Unplug from the system, and keep it on your keyring. If the G-men are after you, you have several options:
a: Take a hammer to it.
b: Scuff your feet, comb your hair, and zap it. They no doubt have ESD protection, but it's probably only good against accidents, not deliberately destructive ESD.
c: Throw it into the traffic.
d: Encrypt it using yet another algorithm - tcfs?
So aside from any other concerns, simply doing something to PGP clearly is not sufficient. You'd need to also weaken https: and SSH, and sniff a LOT more traffic.
But if SSH is given a back door, and we MUST assume that some black-hats or terrorists have recovered it, then how the heck to we do secure administration? We've just opened every remote-admin system to info-terrorism, as well as our eCommerce.
Between weakened/broken encryption and key escrow, I'd choose the latter every time. Both are silly, and would only convey a false sense of security. If it's that serious, I'd think simple traffic analysis would be more informative.
Imagine that A-crowd guy in high school or college you never liked, and always gave you a rough time. Then go through anonymizers, and start sending him encrypted datastreams. Fun, fun, fun.
My letters went to my congressional delegation today.
Take a look at DES... (Score:2, Informative)
Some conspiracy theorists already claim that DES has a backdoor, even though there is no public evidence to support the theory and lots to suggest otherwise.
When DES was invented (by IBM, IIRC) and the government wanted to adopt it as a standard, the NSA took a look at it and changed around the S-boxes (where S, I believe, is for Substitution) for the version that is actually used. They offered no description of how they created their S-boxes or what features they offered that the other ones didn't, etc.
One possible explanation is that the NSA added a backdoor into DES that secretly weakened it some how (e.g., the ciphertext provides information about the key to make an exhaustive key search several orders of magnitude quicker) to the point where they could decrypt a document without necessarily knowing the key ahead of time with a reasonable amount of effort.
There is no public information about successful cryptanalysis of a full (16 round?) version of DES. That is, if such a backdoor exists, and if someone has found it, it's all very hush hush.
The concept of backdoors in cryptosystems is really very messy. It depends way too much on keeping crucial information about the cryptosystem secret. Chances are, if you disclose enough details to implement a cryptosystem and say it has a backdoor, people (good and bad) are going to find it*. If you don't provide information on how it works, it can really only be implemented in "tamper-proof hardware" (a concept almost as flakey as cryptosystems with backdoors), since any software implementation could be disassembled.
To answer your second question, they really can't (as I assume you suspected). So, if the sniffers found some data they couldn't decrypt, they would have to assume it is either, as you said, random data, or data encrypted with an outlawed (read "aparently secure") cryptosystem. In both cases, the sender must be trying to hide something from the government, and is therefore a threat and should be dealt with accordingly. Simple as that.
For anyone who missed it, the current call is for a global ban on strong crypto, not a national one. And in this case "global" means really global, not a "World Series" kind of global.
The next few weeks/months/years will potentially be filled with events and ideas, like this, that change the world we live in. I'm not afraid for our generation. Most of us know what freedom is like, and I really don't think it's something that can be taken away no matter how hard they try. But our unborn children and grandchildren don't. I don't want them living in a world where freedom and privacy are anything other than fundamental rights. I'm currently optimistic; I just hope that's not misplaced.
* And if DES does have a backdoor and no one has found it, then the NSA deserves a pat on the back because they've stumped us all! :)
I explained this about a week ago but look here... (Score:2)
A good crypto program is based on a function f[x] such that f[x1] = k, and you cannot find x1 if you know the function f[x] and the encrypted k. This, folks, is hardcore advanced mathematics!
To add in a regulation that there be some "backdoor" (eg: some function that will always take g[k] = x1 for an encrypted value k). Once that function g[x] is known by anyone (f[x] would have to be made in a way such that g[x] must exist btw.. it doesnt just happen) then the communications of everyone that uses that encryption algorithm is compromised.
Think of the problems -- no secure transactions (haulting "e-business"), no secure transmissions of trade secrets (look at france -- the companies just moved to a different country), and generally no information is secure.
Now.. to find a way to convince/explain this all in everyday words...
ideas?
How would they work? (Score:2)
Don't ask Slashdot, instead... (Score:2)
(Sorry, but it had to be said.)
JMR
Speaking ONLY for myself, as always.
Impossible (Score:3, Insightful)
Imagine that somebody comes up with a way to build a bomb using sugar cookies. A building is blown up. Congress decides to regulate the sale of sugar cookies.
Now any sane person will realize that this is pointless, because any idiot can make their own sugar cookies, and bypass all the regulations. So the regulations can only work if the ingredients are also regulated or banned (flour, sugar, eggs), or perhaps all the sugar cookie recipes are destroyed.
At this point it's pretty obvious that such a scheme would never work. But somehow nobody seems to follow this logic when it comes to encryption. The only ingredients for encryption are general-purpose computers. The recipes are encryption algorithms and computer source code. The recipes can be rediscovered or recreated by smart mathematicians and computer programmers.
So what are we going to do? Regulate computers? Mathematics? Encryption algorithms, dozens of which are published in textbooks around the world?
You could no more regulate computers, mathematics, and algorithms today than you could flour, sugar, eggs, and sugar-cookie recipes. Even if you tried, it would have near-zero effect on the bad guys, and would only increase the risk that grandma's bank account gets emptied, because her password wasn't properly encrypted.
Crypto backdoors can't work (Score:2)
Companies which take security seriously don't use windows for this reason and I doubt that any intelligence service would ever use any piece of software that has been created in an country other than its own. So how can one possibly imagine that "bad guys" would used backdoored softwares. They'll rewrite one of their own, that's all. Implementing a RC4 is a matter of hours...
People have to realize that the Internet sets information free. Any kind of information. From anyone. To anyone. And there is nothing you can do against this.
A deeper look . . . and fundamental problems (Score:3, Interesting)
Thus the primary purpose of the proposed legislation is not to allow law-enforcement personnel to read terrorists' communications -- terrorists will continue to use unreadable, strong cryptography -- but rather to narrow the search space that law-enforcement personnel must examine when hunting for suspected criminals. One would presume that if a person were discovered to have used unapproved cryptography, such evidence alone would be sufficient to obtain warrants for full searches, wire-tapping, keyboard recording, and the like, and those additional measures would likely yield hard evidence of any additional illegal activities. Thus it is not necessary to decrypt the criminals' messages: The illegally encrypted messages alone are sufficient to reveal suspects, and then old-fashioned investigative methods are likely to be effective.
Of course, the effectiveness of this law-enforcement technique depends on having a practical and enforceable definition of "unapproved cryptography". The problem for law-enforcement personnel -- and law-abiding citizens who wish to protect their legitimate secrets -- thus becomes determining what constitutes an illegally encrypted message. It is well known that a message that has been encrypted with a one-time-pad cannot be distinguished from a string of random bits. Should the government also make access to true randomness illegal so that any string of bits that seems sufficiently random can be assumed to be an illegally encrypted message? Further, is it realistic to believe that covert channels and steganography are detectable?
If not, how will law-enforcement personnel detect illegally encrypted messages? And what if they can't? In that case, what real security have we citizens purchased by sacrificing our liberties?
Those are the questions I want my government to answer. Until they are answered -- and hard evidence provided to support the answers -- I must remain sceptical.
Re:Plain Text (Score:2)
Re:Plain Text (Score:2)
Just ask McGlen.com - they informed me yesterday that 'an unidentified individual gained access to certain protected files maintained by Mcglen.com through a security breach in Microsoft Internet Information Server.' and thus may have my credit card # - how comforting. Funny that they don't also take some of the blame for not keeping their servers patched current. Course serves me right for ordering from a site that uses IIS :) Cept, well, it wasn't me - it was my wife :)
Re:Back doors (Score:2)
Re:Back doors (Score:2)
Argh! You mean all those Ascii Goatse.cx posts on Slashdot could have hidden messages - those sneaky bastards! Hiding information in someones bum is not nice!
Re:Back doors (Score:2)
#5 They'll blame #4 on those few remaining Evil Linux Communist Terrorist Hackers, and tighten the vise even more.
#6 goto #4
Re:Detecting encrypted messages vs. Random bits (Score:2)
There are two reasons for this: First, it takes a significant amount of CPU time to break and decode an encrypted message, even if you have retrieved the key from the escrow agents. Decoding the traffic to and from a few selected email accounts is one thing, but having a system decoding and monitoring routine traffic is another matter entirely.
The second reason is that, if you take a message that's been encrypted using a military-grade cryptosystem, and then encrypt those results with a weak system (such as DES-40), it is impossible to tell that message apart from a routine message only encrypted with a weak system without decrypting both. In other words, there is no way to casually monitor lightly encrypted message traffic and pick out the people using unlawful encryption.
As a result, if weak encryption becomes common, people who wish to keep their messages secure can do so without tipping off the law. It is only if you are already suspect that your use of high-grade encryption would be discovered.
Re:crypro backdoors? (Score:2)
Since they already had these proposals flying around, some since the days of Bush Sr., it was easier to dust them off than to do any actual thought.
Re:Green Eggs and Guvament Cheese? (Score:2)
The government has a choice. Have crypto be available to law abiding and the crooks or to have the crypto available to only the crooks. As you can see, the crooks will always have crypto available to them.
The government cannot even stop someone from bringing cocaine into the country, how the hell are they going to stop a crypto program from spreading?
Re:And furthermore ... (Score:2)
This is one of the most important points. You can't fight this sort fanaticism. There is nothing you can do that is bad enough or hard enough to deter such people. They're willing to die, and going out fighting is the best possible way -- it makes them martyrs.
I will point out that they needed a LOT less money than everyone seems to think. It took me about $4500 to get my basic pilot's license. A copy of FlightSim was another $80 or so. The hardest part of flying a 737 is getting it on the ground in one piece. The second-hardest part is getting it in the air. Everything else is basically "point the nose where you want it to go".
I suspect a couple of them went to flight school to learn about things like transponders (which they shut off), basic radio navigation and the special radio codes used to notify the ground you've been hijacked without actually having to say it out loud.
You really didn't need radio navigation to find the WTC. From inland US, you could just go east until you reached the ocean, then turn left. The buildings were visible (if you were a couple miles up) from more than 30 miles away.
So that this isn't completely OT, see this article [theregister.co.uk] in The Register [theregister.co.uk]. It seems bin Laden isn't using any technology now, and the Feds have no idea where he even is. They still want those back doors in crypto, and they have to push now before people start thinking a bit.
woof.
Can you find the stego'd message in this post?
Re:F**K encyrption! (Score:2)
Noone really knows what you mean....
Haven't you ever seen the movies.. the sky is pink.. it is a beautiful day to die.. but the birds are singing.. yet the clouds are gray.. sure it means nothing in an email, but if you have some secret "decoder ring" then these sentances can have new meanings.. meanwhile the FBI, CIA are all wondering why Akmed is talking about the F**k*** sky...
I remember hearing that in WWII they used other languages, like some american indian language to do encryption..
Re:government sponsored encryption (Score:2)
The NSA *strengthened* the DES specification to make it resistant to an attack (differential cryptanalysis) which was unknown on the 'outside', and remained unknown for about 15 years afterwards.