|
Secure Communications Folly
Two articles in today's NYTimes make it clear that governments everywhere, under the rubric of "Security" are insisting that they be able to read the clear text of any encrypted message. Last month, we saw the hooha between India and Blackberry over access to encrypted corporate messages and today there's a story about a government initiative in the USA to insist on these three conditions for all communication services:
Quote:
What bothers me about all this is the technological ignorance it's founded on. Think about it -- as soon as one avenue for secure communication is compromised, others will rise up out of the ashes. It's a war that annoys non-criminals and does almost nothing to stop terrorism. Here's Techdirt.com's take on it. |
sorry, get a warrant first, then follow my conversations and subpoena my equipment to build a case against me. Read my signature line.
|
i bet nno-oe can udrtensand waht I'm synaig hree. Ta'hts ecntpoyrin!
(I bet no-one can understand what I'm saying here. That's encryption!) |
Here's my favorite example:
Quote:
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Solution: Client side encrypted data that never touches the server as plaintext. Oh, and a public that actually cares about their privacy. Perhaps I'm being unreasonable... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iEYEARECAAYFAkyhQNEACgkQp8x6u/gcTgBaZACfRRhqqIWKJ9EN6N6lP9cY7c2o MFEAnisAmp6ys/phEMxdInLWJ4KyMt+M =9CBT -----END PGP SIGNATURE----- |
On the flipside, all this fuss means the encryption we have now must actually work.
|
Think of it. I can't wait to see people use old-style books to accomplish encryption.
|
Well, pencil & paper encryption has been in use for rather longer than the electronic kind, and some types are unbreakable.....
|
Today, Blackberry announced that it would be up to corporations to make their keys available to authorities with a court order -- Blackberry itself couldn't and wouldn't if it could.
|
Quote:
All other forms of encryption are short cuts to get around the difficulties involved in OTPs. There are currently very good short cuts available, but they haven't been proven to be unbreakable. And then there's the fact that even if the method were provable secure, the implementation could still be flawed. That said, what's available is very good and very usable. |
The NSA has had a 4 billion (yes with a b) dollar bounty on anyone who can crack AES encryption because they want to listen in on skype calls. They also claim that terrorist networks use skype for all communications.
|
I've only seen the NSA bounty reported as an unofficial statement from an unnamed source. Basically it's a rumor.
Even if it's true (I wouldn't be surprised), it was reported as a bounty on Skype, not AES. The subtle difference being that breaking AES would be a devastating blow to the encryption scheme that is currently authorized for protecting top secret documents, breaking Skype's implementation of AES would be a blow to Skype's communication channels, until the vulnerability is corrected. I'm sure that the last thing the NSA wants is for AES to be broken, though if it is, they want to be the ones that do it. Or at least the first to know about it. As soon as the Government encryption procedures change, change yours as well. |
America, the land of free speech*
*as long as all communications are open to monitoring and/or recording by government employees AND does cannot attempt to monitor and/or record any government employees, local or federal, whether or not the person performing the recording is in a public place and is obeying all laws pertaining to recording equipment and it's proper usage. |
Quote:
You know when the FBI illegally obtained all those cell phone records and then was like, "Oh this is illegal, well our bad. We're sorry." The judges were like, "It's OK, just don't do it again." Where the heck is the accountability in this country? The FBI broke the law, they should have to face the same penalties as a citizen would. It's like the cop that got fired on this 19th year (1 year from pension) because he chewed some kids out, in a very demeaning and authoritative way. It ended up on youtube. I don't feel sorry for him because that badge of his does not give him the right to belittle people, scream at them, get in their face, toss them on the ground, and threaten them. Eric Holder wants to censor the Internet, and he also wants to track people, for their safety. Eric Schmidt says Google has to, because of the patriot Act. These are people in power that are starting to scare me. Oddly enough Bing (product of Microsoft) cares more about your personal privacy than any other search engine (or at least that is what some article told me a while back). If you are required to always supply a passkey for every piece of data your encrypt, does that not open up for security holes? I understand a sys admin having a mater passkey to unlock a user's data when they forget their passkey to their encrypted hard disk. That is understandable. However, to require it, that is just ridiculous. I find the duality of this whole debate interesting, and ironic. So many lobbyists in DC for less regulation of the private sector, but when it comes to control and the government can now twist this post 9/11 fear mongering state of national security to justify it's every move I just think how science fiction writers were actually prophets. Are we really going to move into some dystopian government controlled society? |
honestly, I find this whole thing amusing - a wonderful demonstration of karmic principles in action. What it is, is the conflict between the state and the individual which has been accelerating since the time of Stalin. Technology simultaneously increases the ability of the individual to evade surveillance and the ability of the government to surveil (with the only real losers being the non-technological segments of the population, who are pretty much at the mercy of the other two groups). Ultimately there cannot be a resolution. powerful non-governmental groups have the resources and incentive to always find ways to skirt governmental investigations, and governments will always be playing a catch-up game as new techniques are developed. the only real solution is for the entire statist paradigm to crack so that the government is no longer pursuing an adversarial relationship with individuals. heaven knows what that will look like, though.
|
'Twas ever thus, tw.
|
Quote:
You have the right to free speech As long as you're not Dumb enough to actually try it." The Clash, "Know Your Rights" from the album Combat Rock. Copyright 1982. |
Quote:
Quote:
|
Quote:
|
Quote:
Quote:
In positive news, a wiretapping charge has been thrown out against a Maryland motorist who recorded his being stopped by an officer out of uniform with gun drawn. http://weblogs.baltimoresun.com/news...ping_case.html http://www.aclu-md.org/aPress/Press2...10_Graber.html |
Quote:
|
In theory, yes. But in practice you would run a book or Vigenère cipher* over your source and NOT need to transmit the key (just knowledge of the key). The attacker still needs to work out your key source and if you run the cipher (or a different one) over the plaintext twice you prevent them from finding out when they are correct. The one downside to the digital systems is that everyone involved knows which algorithm they need to beat on.
* considered unbreakable if length($key) = length($plaintext) - at this point it gets called a one-time pad. |
Quote:
Fortunately, sanity prevailed in that case thanks to a good judgment. Trevor |
Quote:
What do you mean by transmitting knowledge of the key instead of the key itself? Stating which book was used? That is the key. Having a pre-arranged book and transmitting the algorithm used to generate the key is also just pre-distributing the keys and involves the same distribution problems. This is solved by exchange methods like Diffie–Hellman. I also don't think running the cipher twice necessarily protects the message any better. I'm pretty sure that just effectively creates a different key. Regardless, it's still vulnerable to cryptanalysis. And part of the reason that systems like AES are acceptable is because the security isn't placed in the algorithm. It's in the key. The algorithm is effectively just a method for generating random data to expand the key and confuse and disperse the message. Putting your security in the algorithm means the algorithm has to be kept secret. That's harder as well as being vulnerable to analysis which reveals the algorithm. Maybe this should fork off into a separate crypto discussion. |
| All times are GMT -5. The time now is 02:20 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.