What's Now State of the Art in Encryption Technology? 483
One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.
JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?
To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.
Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.
So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"
My handwriting qualifies as crypto (Score:4, Funny)
Re:My handwriting qualifies as crypto (Score:2)
Tools of Terrorism (Score:4, Insightful)
Of course encryption is a "tool of terrorism." It falls squarely into the same category as other tools:
Concentrate on the terrorists and not on their tools. Starting down the road of outlawing inanimate objects that can be used for multiple purposes is the beginning of an ultimately unfulfilling and unsatisfying journey.
Great! But Ashcroft DOESN'T READ SLASHDOT (Score:5, Insightful)
Same for all the rest of us.
Re:Great! But Ashcroft DOESN'T READ SLASHDOT (Score:2)
That will get their attention, or will it?
Huh? please say something. (Score:5, Informative)
- Are you saying these things should have no regulation?
- or are you saying that encryption should be regulated the way these things are?
- or are you saying that everything is just fine the way it is with a mix of regulated and unregulated.
I ask because you didn't actually say anything at all as it applies to reality. "Starting down the road of outlawing inanimate objects that can be used for multiple purposes"... is exactly where we've been for hundreds of years, and I kind of like living here so I'm finding it a very satisfying experience. Sure, I don't agree with all regulations, but I can't figure out what you are proposing...Re:Huh? please say something. (Score:3, Interesting)
By focusing on the PEOPLE USING THE TOOLS, you get to the root of the problem. Eliminate the problem at its source by bringing these people to meaningful justice, and it will not matter what their tools of choice are - you will have eliminated the problem, not the symptom.
Remember - if terrorists followed laws, we wouldn't have to worry about them.
Re:Huh? please say something. (Score:3, Funny)
We need to regulate the following items from getting on a plane, as they clearly can be used to hijack a plane:
Regulating above does nothing to solve the root of the problem [ucpress.edu].
Re:Huh? please say something. (Score:2)
MacGyver and any combination of six airline pillows, two movie headsets, a flight-size bloody mary and a stick of gum is enough to blow a 747 out of the sky.
KEEP MacGYVER OFF OUR PLANES!
Re:Huh? please say something. (Score:2)
Guns are a VERY important tool that every American should not be afraid to own. However, those idiots that woefully misuse it to attack other people (animals don't count in that category you PETA lovers) who have not endangered the immediate life of the gun owner, deserve to be dealt swift justice. But that's very different from taking away the responsibilities and freedoms that every generally law-abiding citizen should be allowed.
The previous poster is simply saying that completely disallowing anyone but the proper 'authorities' to own and use those tools which technology has given us is folly. Simply removing a tool from the general public because of the *risk* of one person misusing it is not worth the absolute destruction of the freedom and responsibility that you give up for a *little* added security (if any at all).
Re:Huh? please say something. (Score:2)
Regulation or not, they still are used for purposes other that what they were designed.
I think what he means, is that regulation of inanimate objects doesn't nearly go all the way toward stopping the people that actually carry out these acts of terrorism. The government too often focuses on the wrong part of the issue. It's so easy to ban and regulate objects instead of banning or regulating behavior, or changing behavior, if you like.
The root problem of the issue is always people. All of the inamimate objects are useless without the people to make use of them. Guns don't shoot themselves. Dynamite doesn't blow itself up. Planes don't fly themselves. People do!
Re:Tools of Terrorism (Score:5, Interesting)
Airplanes;
Dynamite;
Plastic Explosives;
Fertilizer chemicals;
Telephones and other communication equipment;
Knives; and
Boxcutters
Are all heavily regulated already. Some directly like explosives and airplanes, and others indirectly like phones and knives.
Why should strong encryption be different? Just about any tool you can think of has good uses and bad uses. That doesn't mean we should ban the tools, but we should try to minimize their use for purposes contrary to the common good.
Does it violate some inalienable right that you cannot walk into walmart and by C-4 off the shelf? Certainly you have some harmless use for it. Should convicted felons be allowed to carry firearms on the street?
Wake up to the real world people. The fact that we live in a society means that we voluntarily give up certain freedoms for the common good. That is the decision that groups of people make when they get together and form governing bodies.
You cannot simple say banning==bad freedom==good unless your definition of good is anarchy. Do we all agree that the ban on murder is good? Even though it takes away my right to express myself with creative killing?
Re:Tools of Terrorism (Score:2)
It is a little like taking cough syrup to clear up your cough from emphysema. The cough may go away for a little while, but it will be back - and worse.
Re:Tools of Terrorism (Score:4, Funny)
For the techinically impaired and anally retentive moderators, please find clues enclosed within this sentence.
Re:Tools of Terrorism (Score:5, Insightful)
Playing Devils' advocate here (because I agree with your sentiment and your logic, but feel you've missed something):
The government licenses airplanes and their licensed pilots. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
The government licenses dynamite manufacturers and explosives-licensed contractors. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
The government licenses military-grade weapon manufacturers, military contractors, and the military itself. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
Synthetic fertilizers and fuels are unlicensed commodities. That does not stop the FBI from wanting to require the introduction of taggants to provide more latent evidence at crime scenes, much as the FBI requires the paints of every year and model of automotive to be unique and registered.
Covert wiretapping via Echelon? Overt wiretapping statutes via courts? Mandated specific reporting information on all local telco connections even if the carrier does not need this for billing or cost analysis?
Many functional handheld edge weapons are legislated as forbidden in many cities, counties, states: nunchaku, shuriken, swords, stiletto knives, switchblade knives, butterfly-handled knives. Weapon checks and security measures at high-risk facilities such as courtrooms and airports and now even schools and themeparks are controlled by legislation, law enforcement and private policies.
I think Ashcroft's answer would be, the government always has focused on the tools, because focusing on otherwise innocent individuals impinges on their constitutional rights. He would even quote the fourth amendment back at you, suggesting that while you argue for "security in your papers", it also guarantees the right to be "secure in your persons", not just from some theoretical government torture, but from the deranged psychopathy that makes up the dangerous terrorist element.
That said, I feel it's not the people nor the tools, but the actions that are to be focused upon. But there's another catch-22 there: you can't legislate effectively against actions; they're already committed by someone who doesn't care about the consequences for those illegal actions. The government is thus stuck focusing on the tools.
Airplanes, explosives, chemicals, private communications, and defensive weapons are all useful things for the peaceful, and all useful things for the wrathful. Our liberties are hard-won, and hard-kept, both from enemies abroad and within. The Constitution is a work of art and a work of power, and I respect it. Will you? Will our leaders?
Re:Tools of Terrorism (Score:3, Informative)
As for the right to be secure in your person - that means from having your person searched and seized (arrested) by the Gov't. It is not a right to be free from crime.
I cannot take the space to go into detail, but one of the central goals of criminal law is to deter - thus effectively legislating away bad acts before they are prevented. Also, it is to incapacitate - to take those people out of society who do bad acts so they can do no future harm.
As for respecting the Constitution . . . I took an oath to uphold the Constitution on several occasions, most recently as an attorney. Respect it? I fight to keep it a living document every day.
Re:Tools of Terrorism (Score:3, Insightful)
Now, if you wanted to prevent terrorists communicating, you'd outlaw language.
Nobody could learn to read/write/otherwise gain meaning from any language.
Once this was done, then, we'd all be safe, no?
In this, I'm including mathematics too, as it's easy to get meaning from mathematical formulae, and so glean meaning.
If you think that's silly, just think:
Encryption is just a form of mathematical formulae. Banning that is in essence banning a form of mathematics.
There's a good piece on The Register [theregister.co.uk] about this, that's worth a look at too.
And I wholeheartedly agree with your view. Making a tool illegal which can in some extremely rare situations, be used for illegal purposes will do nothing. The illegal activity will continue, and as they're already doing illegal things, adding one more won't make them lose any sleep. However, all the usual law abiding people now can't use that tool for anything beneficial.
In fact, it's making certain that the tool will now largely be used against society rather than for it, which, in my view, is about 10 steps backwards.
Malk
Re:Tools of Terrorism (Score:2)
A truly determined terrorist, wanting to bring down a plane, can do so far too easily. Consider these ideas:
Now, how are you going to regulate that?
Re:Tools of Terrorism (Score:2)
Airplanes, telephones and comm. equip., knives and boxcutters ALL played parts in terrorism -- or have you been blissfully unaware of events in NYC and DC these past 2.5 weeks? I don't believe the terrorists there BOUGHT the airplanes they crashed.
Dynamite - can be easily stolen from many construction sites. Plastic explosives, although more difficult to obtain, can still be gotten. As for fertilizer chemicals, I have never heard of a law restricting their sale. Remember Oklahoma City and the now-defunct Timothy McVeigh?
You have COMPLETELY missed the whole point of the post - the focus must be on the people, not on the objects. ANYTHING can be a weapon.
You show me a world where terrorists follow the "laws" you state control access to these "weapons," and I'll show you a world without terrorism.
Bush's Orwellian Address (Score:5, Insightful)
Bush's Orwellian Address
Happy New Year: It's 1984
by Jacob Levich
Seventeen years later than expected, 1984 has arrived. In his address to Congress Thursday, George Bush effectively declared permanent war -- war without temporal or geographic limits; war without clear goals; war against a vaguely defined and constantly shifting enemy. Today it's Al-Qaida; tomorrow it may be Afghanistan; next year, it could be Iraq or Cuba or Chechnya. No one who was forced to read 1984 in high school could fail to hear a faint bell tinkling. In George Orwell's dreary classic, the totalitarian state of Oceania is perpetually at war with either Eurasia or Eastasia. Although the enemy changes periodically, the war is permanent; its true purpose is to control dissent and sustain dictatorship by nurturing popular fear and hatred.
The permanent war undergirds every aspect of Big Brother's authoritarian program, excusing censorship, propaganda, secret police, and privation. In other words, it's terribly convenient.
And conveniently terrible. Bush's alarming speech pointed to a shadowy enemy that lurks in more 60 countries, including the US. He announced a policy of using maximum force against any individuals or nations he designates as our enemies, without color of international law, due process, or democratic debate.
He explicitly warned that much of the war will be conducted in secret. He rejected negotiation as a tool of diplomacy. He announced starkly that any country that doesn't knuckle under to US demands will be regarded as an enemy. He heralded the creation of a powerful new cabinet-level police agency called the "Office of Homeland Security." Orwell couldn't have named it better.
By turns folksy ("Ya know what?") and chillingly bellicose ("Either you are with us, or you are with the terrorists"), Bush stepped comfortably into the role of Big Brother, who needs to be loved as well as feared. Meanwhile, his administration acted swiftly to realize the governing principles of Oceania:
WAR IS PEACE. A reckless war that will likely bring about a deadly cycle of retaliation is being sold to us as the means to guarantee our safety. Meanwhile, we've been instructed to accept the permanent war as a fact of daily life. As the inevitable slaughter of innocents unfolds overseas, we are to "live our lives and hug our children."
FREEDOM IS SLAVERY. "Freedom itself is under attack," Bush said, and he's right. Americans are about to lose many of their most cherished liberties in a frenzy of paranoid legislation. The government proposes to tap our phones, read our email and seize our credit card records without court order. It seeks authority to detain and deport immigrants without cause or trial. It proposes to use foreign agents to spy on American citizens. To save freedom, the warmongers intend to destroy it.
IGNORANCE IS STRENGTH. America's "new war" against terrorism will be fought with unprecedented secrecy, including heavy press restrictions not seen for years, the Pentagon has advised. Meanwhile, the sorry history of American imperialism -- collaboration with terrorists, bloody proxy wars against civilians, forcible replacement of democratic governments with corrupt dictatorships -- is strictly off-limits to mainstream media. Lest it weaken our resolve, we are not to be allowed to understand the reasons underlying the horrifying crimes of September 11.
The defining speech of Bush's presidency points toward an Orwellian future of endless war, expedient lies, and ubiquitous social control. But unlike 1984's doomed protagonist, we've still got plenty of space to maneuver and plenty of ways to resist.
It's time to speak and to act. It falls on us now to take to the streets, bearing a clear message for the warmongers: We don't love Big Brother.
Jacob Levich (jlevich@earthlink.net) is an writer, editor, and activist living in Queens, New York.
sigh (Score:2, Insightful)
Luckily there are smart people in Washington who have raised an eyebrow or two about what is being proposed in his new policies. For one, Colin Powell, who seems the wisest of Bush's cabinet members isn't one for rushing out and conducting long drawn out conflicts without first weighing the consequences. This Big Brother argument, while compelling, only fuels more fears and suspicions, it is hardly the truth, in fact most of Big Brother arguments are based upon a work of fiction and while 1984 gives us all reason to pause, in any case, it is still just that.
Ashcroft is the one who scares me.
Re:Bush's Orwellian Address (Score:4, Informative)
Re:Bush's Orwellian Address (Score:4, Interesting)
Seriously, this is a scenario which (although maybe a -little- OTT) is unfortunately all too believable. Certainly, we're seeing increased restrictions and laws designed to control through fear, rather than through a mutual wish to live in a complex society.
As for information...
(Hands up all who know where the first NATO battle was fought, in the current conflict, in Afghanistan? You didn't even know there -had- been one? Wow, talk about being kept up-to-date!)
The US COnstitution is severely weakened, through current spin-doctoring. I would fully expect that polls would show more than 50% of US Citizens would be willing to have the Constitution suspended, at a time of extreme national crisis.
After that, it wouldn't be too difficult to simply modify how "extreme national crisis" is defined, to make it indefinite. Once that happens, you'd think the current state of things was paradise.
The British aren't innocent of this, either. Carefully-worded polls, with sufficient spin on the results, has all but convinced the British Parliament to establish national ID cards. Something rejected almost unanimously by both politicians and public since the 1950's. There has been no threat imaginable or imagined that could overshadow the deep understanding the British had of how dictatorships, such as the Nazis, rose to power.
(Absolute control of the media is a big one. Cable "broadcasts" were prohibited by Parliament, from the mid 1940's, because of the danger it would pose if a dictator were ever able to sieze control of it. The listening to alternative views would be impossible. Resistance of any kind would be impossible.)
But what's happening in the US? We have two types of news coverage - the semi-neutral, with some US bias, and the screaming fanatics. Opposition view points, including those of the Pope, barely get a mention, even in the most neutral of coverage. Remember, this is the Pope we're talking about, not Art Bell. He's the leader of one of the largest Christian organizations in the world, and he's probably more important to Catholics everywhere than any political leader.
Yet President Bush has effectively made the Pope an enemy of the state. After all, he's obviously not "with us", so he -must- be against us. Doesn't it follow? Bush said so, so it must! President Bush has also effectively declared war on the Vatican, since it certainly harbours people who have commited acts of terror, and it's not going to stop doing so, simply because some wannabe superstar says they should.
Switzerland is also a prime target. It defends its neutrality fiercely, and it has almost certainly made for a good refuge for those who have, ummm, outstayed their welcome in other countries.
Argentina is a third. There's no question that many Nazi war criminals fled there, after the war, and those who haven't died of old age are probably still there.
Invading the Vatican might cause jitters only to those with a Christian mind-set, though given that this allegedly includes George Bush, some might question who's the boss, in his mind.
Invading Argentina probably won't bother anyone much. The British would probably help.
Invading Switzerland might have caused an outcry, under normal times. But if the US successfully overthrows at least two other countries first, I suspect that nobody will really notice or care. The endless war will be "part of life" and "the way things are".
I honestly don't know which is scarier - to contemplate how the future could be on the home front, or how it could end up internationally. Both futures are gloomy.
What I want to know is this -- We've found Carpathia, and he seems to be doing as well in real life as he did in the books, both in manipulation and in starting wars. No disappearances, though, which is a bit worrying, if you think about it, and no opposition. How long before the rest of the series starts to hit? MINUS any "good guys"?
Re:Is there a middle road? (Score:2, Insightful)
I recently read an article about the Executive Branch overextending it's power during times of war. Lincoln and Roosevelt were heavy offenders, but the limitations didn't last beyond the war.
And what's scary about that are Bush's comments that essentially say that this is an ongoing war, until terrorism is eradicated. Which would mean that the war would never end, so the overextension of power would also continue indefinitely.
More right-wing war monger garbage (Score:3, Insightful)
The funny thing is that most of the people urging caution and restraint are far from peaceniks: They're just intelligent, reasonable, and rational. To ask "What is the point of doing this? What will it achieve? What will best achieve our goals?" apparently is "left wing" to the whackos in these times of crisis.
Let me put it this way: If the US goes and bombs the hell out of whereever-land, and that pushes 100 more fanatics to join the anti-US crusade, and they come over and poison the water and blow up some aircraft, I hope every looney that pushed for instant reaction no matter what the results should be tried for murder. The simple reality is that it is a vicious cycle of cause and effects, and it's a sad day that so many people don't try whatsoever to understand the situation or how to solve it. I don't know myself, but I do know that declaring war on the world isn't the solution.
I heard a funny caller on a call-in show last night (here in Ontario) that proclaimed "Nuke em all and shoot em when they glow", and while that is funny and humorous and all, when their children come back and kill YOU are partly responsible for it. As the old saying goes: "If it was an eye for an eye then everyone would be blind" and that's 100% true. When some wanker US politicians proclaims that this is "retaliation" he should realize that his words could just as likely be coming out of terrorist's mouths for the many atrocities doled out to their people.
BTW: I am not a peacenik, and if it solved things then warm up the nukes and send in the M1A1s: IF IT SOLVES ANYTHING. If it's just to stroke yourself and show you might while continuing the hate then lay off.
Re:more left-wing peacenik garbage (Score:3, Insightful)
Oh what a bunch of bullshit. It's funny how no one cared about the women of Afghanistan until it was pertinent for propaganda reasons (and if you don't realize how obviously you're being played...). Just like the Kuwaiti babies. The reality is that there are a lot of nasty places on the Earth where a lot of nasty things happen and the US and other Western nations are blind to it...until it serves their purposes propaganda wise at which point suddenly everyone cares. How very 1984.
Algorithm vs protocol (Score:5, Insightful)
Protocol, on the other hand, is roughly speaking the way you use the algorithms - everything required to get the message from Alice to Bob, including key exchange, agreements on which pictures to use and how to identify them, etc,e tc. I strongly urge you all to read Bruce Schneier excellent works on this subject, both his Applied Cryptography books and his less theoretical and for most of us far more interesting book Secrets and Lies.
Also, whenever I hear "state of the art cryptography" I feel I hear somebody who doesn't understand that creating cryptography takes years and years. Peer review, taking apart actual implementations, etc, etc, and if after x years there's still no good attack known, then perhaps the cryptography is acceptable.. "state of the art" usually implies "the newest and the latest", and that's not what you're looking for when you select cryptography.
Re:Algorithm vs protocol (Score:3, Interesting)
Re:Algorithm vs protocol (Score:2, Insightful)
Think about this: cryptography can't even solve the basic problem of maintaining confidentiality of cryptographic keys...
It is not a panacaea and is often not the place that attackers will break the system. It's usually in the protocols or the design/implementation of the scheme.
-core
Re:Algorithm vs protocol (Score:2, Informative)
This relates to a distinction made by another poster between the algorithm and the protocol. It's easy to use a good algorithm in a bad protocol, to wit, just cause you screwed up key exchange doesn't mean DES is broken.
Prohibition (Score:5, Insightful)
Cryptography does not even require computers, the ultimate encryption, one time pads, does not require a computer and is utterly secure as long as you maintain pad seccurity.
There are caveats to everything, oh well. Enforcing cryptographic limits on your citizens is of no value at all. If a criminal wishes to transact their business using encryption technology then there is nothing law enforcement can do about it. Period.
Only deep ignorance prevents these people from seeing the truth.
Besides embedding your message in an image, there are dozens upon dozens of ways of passing messages in plain text. Some famous examples from the past use poetry.
Enough for now, I might go off on real rant, then we'd all be unhappy.
One time pads (Score:2)
Re:One time pads (Score:2)
The difficult part of OTP is not the crypto (you can do that on a *watch* these days) but getting the random pad data safely to the recipient before sending the message, and keeping it secure until it needs to be used (after which it should be destroyed of course)
What you are describing is a codebook - and codebooks CAN be broken given enough data.
That's why (Score:2)
Re:Prohibition (Score:2)
This is also pertinent here. How exactly does the government intend to enforce this law? Are they planning on trying to intercept and decrypt absolutely everything that goes by? It's just too easy to be able to violate this law w/out getting caught. So maybe I'm naive but I don't think that any such law can be effectively enforced.
If you're that worried... (Score:2, Insightful)
Easy steganography (Score:2, Interesting)
> > home-brewed code, can you check if I got it right?
> >
> > Pi = 3.149018493227539874383983749210025
>
> Hey pal, I think that you need some code tweaking, I get:
>
> Pi = 3.14151747701120741294729382749277
>
I did some tweaking. Now I get:
Pi = 3.141649287392847283785938472901018401
Am I making progress?
The state of the art (Score:4, Funny)
ROT 13. Plus DMCA. Plus Attack Lawyers.
Nobody will hack this right?
Re:The state of the art (Score:2, Funny)
>ROT 13. Plus DMCA. Plus Attack Lawyers.
>Nobody will hack this right?
Not true, it will just be like sex in the old days - everyone does it but everybody's afraid to talk about it.
PGP, Privacy and Activism (Score:5, Informative)
1. Exercise them, by encrypting everything you send until they either make it illegal or engage in the debate effectively and attending assemblies of like minded citizens lawfully petitioning their government for redress.
2. Write a check to the ACLU or your favorite civil-rights group (EFF, whatever). Face it folks, Dollars Vote . Nothing expresses your opinion like purchasing power. So I would recommend, in effect, "purchasing" more advocacy and voice in the system. This is not to say this system is right, it is to say this system is reality. We can complain that it shouldn't be this way all we want, but unless we show a force (read: $$) that those with power respect, we're pissing in the wind.
Personally, I use PGP and have been for a while now. (My Public Key [mindspring.com]) I probably don't use it as much as I should, but it's definitely used for some conversations at work I wouldn't otherwise want seen. So far, none of my employers have had an issue. I don't - yet - encrypt everything on my home computer, but I'll probably buy something to do that in the near future. (Recommendations welcome!)
My company actually mandated everyone get encryption (in our case, Entrust) on our laptops before we went on a project in Asia last year. Turns out, the clients we were doing the work for would attempt to hack into our computers while we we're using their network. They dove into some folks' laptops and read/copied email, files, etc. and then used the information when negotiating with us! We started encrypting everything related to the project before going on site and the client became a bit easier to deal with. (No comments on why they remained our client, please, I still don't know the answer to that one! Decision not in my hands.)
I mention this because I think there's a possibility to make privacy at an personal level a common cause between corporations and individuals. We just need to make the case loudly and effectively. (which brings me back to my support your local civil rights organization point
Re:PGP, Privacy and Activism (Score:3, Interesting)
Interesting. In a world where backdoors are required, I suppose that the h4x0rs (like your clients, or the PRC govt, say) would find them pretty easily.
Re:PGP, Privacy and Activism (Score:4, Informative)
- PGP - obvious, the de-facto standard for email encryption, but unless you can handle GPG is expensive closed source payware.
- Scramdisk - powerful, OTF encryption with steganographic capabilities, but requires that the host file be created and formatted before use - pretty useless for email, but very good indeed for local storage
- S/Mime - built into Netscape, Outlook and Outlook Express for free; lusers can get a free key from www.thawte.com for the effort of going there, and the system is transparent. I generate my own keys using OpenSSL, but the big name packages mentioned above don't like that - it isn't in their hierachical trust structure...
What do other people here use?Spot the message (Score:4, Interesting)
Or, you could hide steg messages in what looks like Sircam virii - just change the words a bit, move a space or two or even mess with the attached files.
There's so much data on the Net today that it's not even funny anymore and lots of it is metadata (Napster login names, tcp packet TTLs, file lengths and the naming of cats on personal homepages spring to mind) so you wouldn't even have to bother using a book cipher or pre-set code phrases like "Buy two quarts of milk on the way home, dear" which of course means "ram two commercial jets into tall buildings before breakfast".
I don't really understand why anyone bothers, unless it's to catch the really stupid terrorists, the ones that failed Terrorism 101 by not being able to scare the kindergarten kids next door out of their lunch money. Or, to watch over the general populace...
The point is that you can find hidden messages, faces on Mars and backwards satanic messages everywhere if you look hard enough, but it's impossible to find real messages that's been hidden good enough. Just deal with it.
Quantum Cryptography (Score:4, Informative)
However, I'm not one to suggest it would be undefeatable!
Proposed law (Score:5, Insightful)
Anyone who wishes to advocate legislation requiring backdoors in encryption products must first write a paper showing how this would prevent terrorists from secretly communicating with each other. Explain the term "steganography" and show how your legislation would prevent terrorists from using it. Explain why terrorists would be unable to fall back on codebooks full of innocuous phrases, hidden in apparent music CDs. Explain how your legislation would be enforced outside the U.S. Prove that your legislation would not have any serious impact on banking, credit card transactions, or internet commerce. Be prepared to defend your thesis to a panel selected by Philip Zimmermann and the Electronic Frontier Foundation.
Re:Proposed law (Score:3, Insightful)
Come to think of it - if you can do that, just force THEM to use it and leave us alone :)
Completely secure encryption. (Score:2, Interesting)
Because computers have such a difficult time with semantics this means that a human will have had to have heard the original conversation in order for detection of the "encryption" and its meaning. This is why tracking criminals is such a difficult task. Until we can get computers to understand and infer semantics, and then record ALL conversations, there will be no way to decode all transmissions. As I am sure that many on this forum will agree, this is most likely not going to happen in the near future. This is why undercover work is so important.
To give an example, if I were to say the word "Fjornborgi" to a complete stranger (as most of you are) he would have no idea what I was talking about. On the other hand, if I say that to my brother-in-law, he knows exactly what I am saying and why. This is because we have a history of conversations where the word "Fjornborgi" has been discussed and defined.
As for computed encryption, with RSA no longer under patent and many very good mathemeticians coming up with interesting functions everyday, I see it being more and more difficult for government to monitor and control information. I don't see this as a bad thing, since it gives the citizens of the world more freedom to express their ideas to their audiences in a secure way. There is little fear of being overheard when not desired. Of course, many will abuse the priviledge, but that has been the case for centuries and not a new problem that has shown up just because of encryption.
[sighs] No. (Score:2)
In time, the cryptanalyst would be able to figure out what "Fjornborgi" means--even if you didn't tell him directly, he'd know to a surprising degree of accuracy.
These are people who recreate the internal mechanisms of cipher algorithms just by watching a string of nearly completely random numbers flow out of it. Compared to that, human conversation is trivial.
Re:Completely secure encryption. (Score:2)
To give an example, if I were to say the word "Fjornborgi" to a complete stranger (as most of you are) he would have no idea what I was talking about.
No, not tonight dear, I have a headache!
What's state of the art? PPS. (Score:5, Interesting)
To this end, I've started the PPS [sourceforge.net], which is a project devoted to transparent, universal email encryption. The goals are complex, since they are aimed at so many audiences, but you can browse the site and get an idea. If you find it to your liking, please drop me a line and sign up to help.
You don't have to have technical skills. I need proof-readers, coders, researchers, and more. The reference code is not nearly as important as getting the specification done and doing all of the research needed to get the various MUA vendors to sign on.
Steganography and Crypto (Score:5, Informative)
To open this virtual disk, you drag and drop the wav file on top of the scramdisk app (there are other ways, but that is the simplest) and type in your password. unless you know the password, the volume won't open, and if you examine the file you can't even prove the scramdisk is there (yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits) Scramdisk is free (with source) from www.scramdisk.clara.net [clara.net]
Re:Steganography and Crypto (Score:2)
Thanks for the comments Dave. A free, open source (GPL'd) version of Scramdisk is in final Alpha testing and a Beta version will be released soon. This version will support just Blowfish and 3DES to begin with, but will certainly support WAV steganography out of the box.
Keep an eye on www.scramdisk.eu.org [eu.org] for details.
Suddenly my .sig seems in fashion again!
Can I make a humble suggestion? (Score:5, Insightful)
Too many people seem to be automatically against anything that Ashcroft might call for, without actually knowing what the specific proposals are. For example, one of the new powers that Ashcroft has called for is that when a surveillance warrant is granted, it be tied to the individual rather than a specific phone, which seems totally reasonable to me.
In future discussions, how about if we discuss specific proposals and make specific criticisms rather than general statements about how the government is just looking for the chance to turn the country is a police state?
Just a thought.
Re:Can I make a humble suggestion? (Score:4, Insightful)
It *sounds* reasonable, until you try to impliment it - and realise there is no way to wiretap a person, you have to wiretap any device he might *possibly* use.
Taken to extremes, it would justify tapping every phone line at a hotel because he stopped off for a meal there....
Re:Can I make a humble suggestion? (Score:2)
It *sounds* reasonable, until you try to impliment it - and realise there is no way to wiretap a person, you have to wiretap any device he might *possibly* use.
Which was actually similar to Ashcroft's point that the law has fallen behind technology. We have so much communication technology now that people can switch phones at will, making wiretaps much less effective.
At some level, we have to assume that government powers won't be abused. The FBI can already tap any phone they want, if they're determined to bypass getting a warrant. I think the key to all this is to make sure we have protections against abuses.
Not assuming tools can be used for illegal purposes cuts both ways, not just on private citizens.
Re:Can I make a humble suggestion? (Score:2)
Ive thought about that one (Score:2)
Ever heard the old saw that youre only 7 aquaintances removed from anyone on earth?
Its very close to true. Its called the network effect.
Now extrapolate: wiretapping all communication of a few hundred individuals becomes a wiretap of everyone in the entire country.
Would you still aquiesce to it, knowing what it implies?
Re:And you don't see the problem with this? (Score:2)
The key phrases in the law that you cite are "warrants shall issue", "probable cause". No one -- ever -- has talked about giving the government unlimited authority to wiretap everyone.
Bugs surreptitiously planted on all of your friends and families' phones because you might use them?
If I have criminals (or terrorists) using my phones, and the FBI can convince a judge of the need in order to get a warrant, then more power to them. Go FBI!
Come back when you have actual, factual, abuse and we will deal with the abuse. Just because a tool can be abused doesn't mean a tool should be banned.
"State-of-the-art"? (Score:5, Informative)
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms.
Best implementation? OpenSSL has done a great job of implementing most of these algorithms (maybe a few have been left out due to patent considerations) into a simple-to-use library with both high-level and low-level interfaces to the encryption and decryption routines (i.e., you can simply encrypt blocks of memory, or you can have the library format and encrypt the data according to various standards, like SSL).
Best personal encryption tool? GPG/PGP. I like GPG more, mainly because the source is going to remain available-- NAI is closing up the PGP source. Either one, though, should offer adequate security for e-mail or personal file encryption.
Best hard-disk encryption system? I'm familiar with encrypted loop-back-- under Linux and OpenBSD. I think that it has some advantages-- it's simple and easy to understand, and it works with ANY filesystem supported by the operating system. However, lots of known header information in file allocation tables and such can give an attacker a lot of information to work with.
I haven't tried TCFS yet. The OpenBSD support for it is still very young, and is a developers-only sort of thing. I'm thinking that TCFS will be a VERY good choice, once the support for it is stable in most operating systems (I don't know what the status of tcfs is in Linux-- anybody care to let me know?)
What else? Oh, there's steganography. Still not a lot of stuff out there, but one choice DOES stick out above the rest: OutGuess. OutGuess isn't based simply on a half-baked implementation of a simplistic steganographic algorithm-- it's based on actual research by a respected scientist in the field. OutGuess has a lot of thought put into it, and if you really need steganography (which, I'll admit, is rare), that's the program to use.
Ack! Not RC6! (Score:2)
Ack! Not RC6, not RC6. 15 of 20 rounds were broken during the AES selection process.
In fact, I'd suggest avoiding all of the AES candidates altogether. Even AES itself (nee Rijndael), for that matter--they're simply too new and not enough cryptanalysis has been performed of them.
The only two on your list which I'd recommend would be Blowfish and 3DES. Both of them have been around for years and have been extensively cryptanalyzed, with no significant results being discovered.
Re:"State-of-the-art"? (Score:2)
Needing steganography is rare in the US today, because if somebody asks for your encryption keys you can tell them to fuck off.
However, that is not the case everywhere. You can be jailed for more than contempt of court in the UK for not handing over your keys, and in some countries merely having what it suspected to be encrypted files is grounds for suspicion. It could get you killed in, say, China, if you piss off the right people.
Of course, terrorists may use steganography to hide their intentions as well; but then, they've also been using envelopes instead of postcards, and nobody of consequence has proposed doing away with those either.
As for me, I shall give up my unencumbered crypto when they pry it from my cold, dead fingers, wife and son or no wife and son. They need their liberty more than they need me.
Usage of steganography here! (Score:4, Funny)
For more important things, we tend to use ssh, but steganography isn't entirely forgotten here =)
SSH (Score:2, Informative)
Phil
In crypto, state of the art == proven tech (Score:2, Informative)
So here, we worry about the speed of brute force. With factoring based crypto, it's fairly easy to move the keysize out a tiny amount and reap huge returns. Symmetric based systems are harder, and often need a redesign/re-evaluation. Such as the DES -> AES migration underway now. 56 to 128 bits isn't quite enough for the truely paranoid.
The chicken part is deciding if someone else has come up with something clever and just not disclosed it. (The big boogy man here is governmental bodies...) Think Engima during WWII.
Personally, I tend to think that there are enough people working "outside the fence" on crypto that if a major established algorithm was broken, we'd all know shortly thereafter. (And imagine the chaos...)
More to the point, if an established algorithm is flawed and the parties holding the flaw are governmental, they'd either have to tell almost no one, (because of the danger of a leak) or tell everyone in the government to use some new algorithm. (Which would set off alarm bells for sure.)
Even the "new" algorithms proposed as canidates for the new AES (now decided as Rija
Along similiar lines, elliptic curves kinda scare me because the math isn't as studied, and I personally think there is more of a chance of an "off the wall" solution to the "hard" problem. With factoring, pretty much everyone since the dawn of math has been hammering on it. (Elliptic has been hammered for a few hundred years I think, but not nearly as intensely.)
"The Man" wants a backdoor because it's cheaper than a huge beowulf cluster.
Getting steg to work (Score:5, Interesting)
Then, you need a data file where noise is expected. Using low-order bits is no good unless you have pictures where the low order bits are actually random, rather than containing no information. One possibility is to take a photograph and make it a GIF or PNG; the lowest order bits that your camera actually produces are probably noise, and will be present in the image.
Replace the input noise with your special noise. The resulting image is now perfectly plausible (your camera could have taken it if some photons happened to land differently, with the same probability as having taken the photo it did take), and the message cannot be read or distinguished from noise unless the codebreaker knows what image you agreed on.
In order to do this, you and the recipient have to agree on an image you control and another image. Having done this, you can, of course, agree on more images later, for communications in both directions. Make sure you both look at a lot of images, including a lot that everyone looks at (e.g., CNN).
And then your recipient looks at the message on his CRT, and the spies read it in the EM radiation. Good thing you weren't saying anything they care about, but why did you bother with all the encryption, then?
State of the Art is the Wrong Question (Score:5, Insightful)
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
Re:State of the Art is the Wrong Question (Score:2, Insightful)
Re:State of the Art is the Wrong Question (Score:2)
That is exactly what I'm saying. Trust me, I'm just as outraged over it as anyone else.
Re:State of the Art is the Wrong Question (Score:2)
What do you think the RSA patent (which just expired) was about if it wasn't math?
Easy Encryption (Score:2, Informative)
As for how easy it is to use, on Windows it is on the file context menu, allowing you to encrypt and erase files in just a couple of clicks. In Outlook you can tell it to encrypt / sign your emails automatically for you.
This ease of use is not limited to Windows though, GPG plugs into Mutt as well (and if memory serves me correctly KMail), and I am sure many other email programs. I am not sure about file managers under Linux though.
-- Dooferlad
Encryption does not guarantee privacy! (Score:5, Insightful)
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
Anonymous remailing. (Score:2)
disclaimer: im not a crypto freak, nor really a privacy either, so i might not know what im talking
As you describe it, its ofcourse clear that the way you describe it can be used to link people to other people but still the conversations between them can and will remain private.
Anonymous remailing took a bellypunch when anon.penet.fi got "invated" by scienlogists [thecia.net] so its not as well used as it might have been before.
But...
HavenCo [havenco.com] has recently started to host anonymous remailing [havenco.com]. While there's a clear warning on the sites main page:
Considering this to the fact whats the business "catch" [slashdot.org] of the Havenco i hardly doupt that there will be any way for any parties to retrive sender/receiver information without physically executing "man-before-and-after" type of attack. (Which might be really hard to execute)
Anyway, The best thing with cryptographic tools is that you are on controls. 128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that. I would like to see that goverment computer farm which can cruch a bruteforce attack against that kind of cryptokeys.
Re:Anonymous remailing. (Score:2)
You have to admit that:
You are trying to protect your privacy not only by encryption, but also by using a remailer
Some data mining in the network databases defeats that!
128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that.
128-bit is not a laugh. It is very difficult to decrypt that. The problem with 128 bits (not to mention 4096!!!) is key management. How do you remember a key with that much entropy without writing it down somewhere?
Re:Anonymous remailing. (Score:2)
Any good HOWTO on remailing will point out that you should use cypherpunk remailers and chaining ...
At each waypoint, the remailers should hold the message for a random amount of time before resending it to the next remailer. Each remailer decrypts who the next point in the chain is off the message and passes the rest of the message to the next remailer until the last remailer sends the encrypted message to Bin Laden.
If the remailers in question have a fairly high level of E-mail traffic (or generate fake traffic between each other from time to time), tracking messages becomes nearly impossible.
PS, its more fun if your message says:
The traffic analysis that would have to then be avoided is also the correlation between people who receive lots of E-mail from cypherpunks remailers and which websites they visit frequently ...
PS, almost nobody actually uses public keys to encrypt messages, they use random 128 bit or 256 bit AES/IDEA/Twofish keys to encrypt messages whose keys are then encrypted with a public key algorithm.
I give up... Take my liberties now! (Score:3, Insightful)
Step out into the street and hand over your guns to the police and don't even think about complaining about it because you could be tried for treason.
Ashcroft (Score:2)
I'm not a supporter of him, but his ideas may have some merit, however his writing skills seemed to lack and I noticed him apologizing on the wording of the laws quite a bit, and instead of reading the text, stating what his intentions were. I think he may be getting some much needed criticism and maybe these new laws will not be the end of the tech world after everybody else gets there paws into the exact wording of it.
This brings up another point: for this man to be in the position of power that he is, shouldn't there have been more though put into his proposal? Obvisouly the confusion I watched last night was just the beginning as several members didn't get a chance to query Ashcroft as he had another appointment. The members that did, all had concerns over the wording of the proposal.
I guess I'm just glad to see that this wasn't rushed through and passed as law and that some officials are actually reading it and listening to their constituents.
I wouldn't even really worry about encryption at the moment. It seems that all congressmen aren't idiots.
Of course, this is just the way I feel at the moment, this is subject to change.
Re:Ashcroft (Score:2)
As far as whether or not that was intentional, I'm just not sure. He did try to get it passed quickly so it's a possibility. It's also possible he's just an idiot and can't get his pen to write what his brain is thinking. Which isn't that important on Slashdot, but when something is going to become law, it should be.
Unilateral disarmament (Score:2)
-russ
Very low tech "encryption" now in use by mobsters (Score:5, Informative)
Back in the '80s, a young police officer (with whom I used to play D&D when we were teens, and no, he wasn't a lawful good ranger) once told me he was facing a ring of drug traffickers. He was bitter about not able to keep up with them. These mobsters knew that they were under constant phonetap surveillance. This didn't stop them from using the (tapped) phone lines for setting up appointments and deliveries. And the law enforcement agencies never knew about these dug deals until way too late.
Their trick? The mobsters had imported a few natives from a remote North-African village, speaking a dialect that nobody else on Earth spoke. One of these guys on each end of a phone, and even tapped phones become secure! Of course, they used code words for street name and subway stations.
The Navajo code speakers used by the US transmissions during WWII also used the same principle. Not high-tech at all, but very efficient.
So I strongly suggest that all these laws against cryptography include an article mandating the use of a State-approved language on a phone line. Just like in the former Eastern European countries. Why, anything less stringent would put freedom itself at risk, right?
Re:Very low tech "encryption" now in use by mobste (Score:3, Interesting)
That aside as well, who's going to force the terrorists to use the state-approved software in the first place? That's what I thought....
You have no chance to decrypt, make your time. (Score:5, Interesting)
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.
State of the art Encryption Technology? (Score:2)
Communication interception will not work OFFICIAL (Score:2, Insightful)
You should be aware, communication interception will not work on terrorists.
NSA experts even admit it.
Excerpt from USATODAY article, 'Bin Laden's cybertrail proves elusive'
WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.
Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.
Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.
All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.
********
You could ask those that deny above this:
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.:
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
This argument is made to pressure people into acquiesce - else appear guilty.
It does not address the real reason, why they want this information - they want a surveillance society.
They wish to invade your basic human right to privacy.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you.
IT IS A LIE - TERRORISTS WILL GET AROUND IT
This sort of thing is very important... (Score:2)
--G
Mixing metaphors (Score:2)
???Polymorphic Encryption Algorithm??? (Score:2)
Comments Please:
living in caves and growing beards?? (Score:3, Funny)
hasn't kept them very safe from bin Laden...
*rim shot*
I'll be here all week folks! =)
Re:Lets not stop there... (Score:2)
Re:Lets not stop there... (Score:5, Insightful)
It's a daft question. There's nothing implictly wrong in having something to hide, most of us, those who are human and live normal lives, have many things we don't want in the wrong hands, such as our credit card numbers, for instance.
If I had to email my bank, and transfer confidential information that could be misused, or had to communicate with some group I wanted to trade with, again by email, and needed to pass on confidential information, I'd use PGP or not use email at all. I don't regard that as illegitimate.
Re:Lets not stop there... (Score:4, Insightful)
It is a valid question, and there is no slashdot friendly answer. The fact is that if you trust the government with that escrowed key, you have nothing to fear. If you have an essential mistrust of the government and administration, then its probably in your interest to archive PGP right now, distribute it to your friends, and get it into use before they ban such warez.
My question is this: If they ban encryption that does not use an escrowed key, but allow it if you use the escrowed type encryption, will anyone be able to tell that you used illegal technology to encrypt a message? I mean its encrypted, and how different can it be from another algorithms output?
Re:Lets not stop there... (Score:2, Insightful)
*sarcasm off*
There are a million things wedon't want to make public about ourselves, especially about economic activity. The encryption issue is one of the biggest, if not THE biggest thing that prevents the internet from being the primary way we do business. You want encryption so you can be sure who I am on the other end of a transaction. I want encryption so that the script kiddie next door can't steal my credit card with just a packet sniffer.
Re:Lets not stop there... (Score:2)
What are the legitimate uses of encrypted email for those without something to hide?
To overthrow the new government if the Taliban captures Washington and gains access to all U.S. communications. If Afghanistan had country-wide, free, unrestricted information, it would have been much harder for the Taliban to take over in the first place.
Re:Lets not stop there... (Score:4, Interesting)
However, the implicit statement in your post is that "need to hide" = "crime". Do me a favor. Since you seem so adverse to hiding things, write your name, social security number, all of your credit card numbers, your address, phone number, the names of your children and significant other, your license plate number, and the names/dates of up to the first ten people you have had sex with on ten thousand postcards. Then attach photocopies of a dozen documents from your workplace marked "Confidential," and then send them to the first ten thousand people in your nearest phone book or yellow pages.
Don't want to? Gee, why not? Maybe you have something you want to hide. Maybe you don't want other people invading your personal privacy? Maybe you don't want other people reading documents that could give your competition a leg up on your business? Oh, wait, maybe there's a good reason for encryption. Not because I'm trying to hide any criminal wrong-doing, but because I don't want people to know more about me than they have to. Because not every Joe Blow needs to have easy access to my personal information, or the things I would like to keep as personal knowledge and not general knowledge.
When the ability to keep a secret - ANY SECRET - becomes a crime, you'll know that America has become just as bad as Afghanistan or similar countries.
Re:Lets not stop there... (Score:2)
What are the legitimate uses of encrypted email for those without something to hide?
What are the legitimate uses of banning encrypted email for a country which has the support of its citizens?
Re:The military doesn't need academia for research (Score:2)
The military takes a fair amount of its research from large corporations like IBM, whose employees are vetted for security. IF we can't develop crypto in academia, hire the academics to R&D at large corporations, the military loses another source of their R&D.
Government should embrace encryption (Score:2)
Imagine if everyone was required to have an ID card. This ID card has your name, photo and thumbprint, encrypted with a centrally held government private key. You would need the card to take a flight, get into government buildings, etc. It would be simple to make a small, self-contained device that would have the public key and could compare thumbprints or show a photograph. You would be guaranteed to be who you said you were, no name spelling alterations or alter egos possible.
Before a plane takes off, a computer program looks for people who are associated with the same criminal organization, and if too many flags go off we station extra sky marshals on that plane.
It's kind of scary to give up a basic right to anonymity (although I don't think it's guaranteed anywhere). However, I think I've actually convinced myself that in a time when a handful of people can cause so much damage, we need to know who is in a high risk location.
I know this has been brought up before, but I'd like to comment on it again... If you have an interest in privacy, you should try reading "The Truth Machine" by James Halperin for an alternative view. In my opinion, he makes a very good case that we would be better off to require cameras that are accessible by anyone in every public place than to have privacy. The 'accessible by anyone' is critical, of course.
Re:Also weird. (Score:2)
Re:Your privacy is a myth (Score:2, Insightful)
The flag I fly has thirteen stars.
Re:Secure Internet Live Conferencing (Score:2)
Re:you are so wrong and clueless (Score:3, Insightful)
It wont.
Apart from the numerous ways anyone who wanted to could continue to use crypto anyway, apart from the problem that one time pads are extremely secure and wouldnt be caught in any encryption law, apart from the problem that there are thousands of ways to encrypt that nobody would even notice, apart from all that, nobody can even say wether they're using crypto over the internet or friggin homing pidgeons.
You are asked to give up your right to privacy for nothing at all.
Just because some opportunistic politicians want to use this tragedy to further their own political agenda.