DOJ quietly drafts USA Patriot II w/crypto-in-a-crime penalty
Here's the old SAFE Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d105:h.r.00695: From: Declan McCullagh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 07 Feb 2003 21:53:58 -0500 Thanks to Joe for being the first one to submit this... Here's a duplicate URL if the original is too slow: http://www.privacy.org/patriot2draft.pdf Note the draft legislation creates a new federal felony of willfully using encryption in the commission of a felony. No more than five years in prison plus a hefty fine. This seems at first glance to be remarkably similar to what was in the SAFE bill years ago. Here's a Politech message from 1998, before the politechbot.com archives: http://www.inet-one.com/cypherpunks/dir.98.05.11-98.05.17/msg00046.html Question: When encryption is omnipresent in everything from wireless networks to hard drives to SSH clients, might the basic effect of such a law be to boost potential maximum prison terms by five years? Second question: Peer-to-peer piracy is arguably a federal felony under the NET Act. If a future peer-to-peer network uses encryption (as it should), does that mean that copyright-infringing users would be guilty of a double felony? That's just one section of a 120-page bill. The rest is worth reading. -Declan --- Date: Fri, 7 Feb 2003 14:10:51 -0800 (PST) From: Joseph Lorenzo Hall [EMAIL PROTECTED] To: Declan McCullagh [EMAIL PROTECTED] Subject: Justice Department Drafts Sweeping Expansion of Anti-Terrorism Act (fwd) did you see this? Joe -- Forwarded message -- New on The Public i: Justice Department Drafts Sweeping Expansion of Anti-Terrorism Act Center Publishes Secret Draft of 'Patriot II' Legislation The Bush Administration is preparing a bold, comprehensive sequel to the USA Patriot Act that will give the government broad, sweeping new powers to increase domestic intelligence-gathering, surveillance and law enforcement prerogatives, and simultaneously decrease judicial review and public access to information. The Center for Public Integrity has obtained a draft, dated January 9, 2003, of this previously undisclosed legislation and is making it available in full text. The bill, drafted by the staff of Attorney General John Ashcroft and entitled the Domestic Security Enhancement Act of 2003, has not been officially released by the Department of Justice, although rumors of its development have circulated around the Capitol. To read the full report and documents, visit http://www.public-i.org M. Asif Ismail Production Editor Center for Public Integrity http://www.publicintegrity.org (202) 466-1300, ext: 124 - POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ - Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan - -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Columbia crypto box
As reported by AP: | Among the most important [debris] they were seeking was | a device that allows for the encryption of communication | between the shuttle and NASA controllers. A NASA spokesman | in Houston, John Ira Petty, said Friday that NASA feared | the technology could be used to send bogus signals to the | shuttle. Apparently some folks skipped class the day Kerchhoffs' Principle was covered. One wonders what other shuttle systems were designed with comparable disregard of basic principles. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
John, Your snipe at NASA is probably uncalled for. A sentence fragment quoted from a spokesperson at press conference almost certainly does not reflect the professional judgment of the people who designed the system. As someone who is occasionally quoted (and just as often misquoted) in the press, I can imagine it was at least as likely that the question was why was encryption used? as why do you want the box back. To say nothing of the popular (and even technical) confusion between encryption and encoding. I can certainly imagine very good reasons that they'd want to keep the encoding and frequencies used to control the shuttle secret; if nothing else, to prevent denial of service. Do you really, honestly belive that none of the people designing a secure communication system for the shuttle were even remotely acquainted with the basic principles of the subject? Or did you just want to make a snide remark at the expense of people who are obviously now the subject of enormous scrutiny? One would think technologists would be wise enough not to assume too much about some sound byte without knowing its context, but personal experience suggests that a substantial number of us just jump at the chance to interpret everything we read in a 500 word article in the popular press as if it reflects the entire body of thought on some subject. For example, I got about a dozen email messages from people complaining about how I obviously advocate security through obscurity after something I wrote was slightly misquoted (in an otherwise carefully written article) as suggesting that people use keys that are hard to get blanks for. Almost everyone complaining had also read the source for that quote (which added a qualification that this is probably doesn't offer much protection), but that didn't matter. People want to believe what they read in the newspaper, even when they know the facts first hand. -matt As reported by AP: | Among the most important [debris] they were seeking was | a device that allows for the encryption of communication | between the shuttle and NASA controllers. A NASA spokesman | in Houston, John Ira Petty, said Friday that NASA feared | the technology could be used to send bogus signals to the | shuttle. Apparently some folks skipped class the day Kerchhoffs' Principle was covered. One wonders what other shuttle systems were designed with comparable disregard of basic principles. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
At 12:41 AM 2/8/2003 -0500, John S. Denker wrote: As reported by AP: | Among the most important [debris] they were seeking was | a device that allows for the encryption of communication | between the shuttle and NASA controllers. A NASA spokesman | in Houston, John Ira Petty, said Friday that NASA feared | the technology could be used to send bogus signals to the | shuttle. Apparently some folks skipped class the day Kerchhoffs' Principle was covered. Here are three valid reasons for NSA (who provides communication security to NASA) to keep crypto algorithms secret: 1. If one has a sufficiently good level of analysis in-house that additional cryptographic analysis has reached the level of diminishing returns, then there's little additional value to be gained from the community input resulting from disclosure. In such a situation, even if a cipher is secure enough to meet its goals based solely on secrecy of the key, the marginal security of keeping the algorithm secret is of value. 2. Keeping an algorithm secret prevents your opponents from using it. If you have better algorithms than your opponents, this is of value. 3. Keeping an algorithm secret may provide protection to design concepts and constraints, which will help you keep secret methods of cryptanalysis with which you are familiar, but that your opponents have not yet discovered (e.g. differential cryptanalysis). There may be more valid reasons for treating the device as secret; some categories that come to mind include protecting non-cryptographic information, such as the capabilities of the communication channel. Also, many systems on the shuttle are obsolete by modern standards, and it's possible that the communications security is similarly aged. - Tim Dierks - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote: There may be more valid reasons for treating the device as secret; some categories that come to mind include protecting non-cryptographic information, such as the capabilities of the communication channel. Also, many systems on the shuttle are obsolete by modern standards, and it's possible that the communications security is similarly aged. Isn't it also possible that the device contains a physical key of some kind? -- - Adam - Adam Fields, Managing Partner, [EMAIL PROTECTED] Surgam, Inc. is a technology consulting firm with strong background in delivering scalable and robust enterprise web and IT applications. http://www.adamfields.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote: On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote: There may be more valid reasons for treating the device as secret; some categories that come to mind include protecting non-cryptographic information, such as the capabilities of the communication channel. Also, many systems on the shuttle are obsolete by modern standards, and it's possible that the communications security is similarly aged. Isn't it also possible that the device contains a physical key of some kind? Right, which should be different for each vehicle/flight and if it is used for control of that particular vehicle/flight, is pretty moot now... Having said that, if there was sensitive content in those transmissions that was in addition to real-time control of the vehicle, there would be a significant interest in preventing others from acquiring it. This seems like a weakness of the system. - Adam slainte mhath, RGB -- Richard Guy Briggs --~\ Auto-Free Ottawa! Canada www.TriColour.net--\@ @ www.flora.org/afo/ No Internet Wiretapping!-- _\\/\%___\\/\%Vote! -- Green.ca www.FreeSWAN.org___GTVS6#790__(*)___(*)(*)___www.Marillion.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Zimmermann creates a non-free command-line OpenPGP product
--- begin forwarded text From: pplf [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130) To: [EMAIL PROTECTED] Subject: Zimmermann creates a non-free command-line OpenPGP product Sender: [EMAIL PROTECTED] Date: Sat, 08 Feb 2003 09:44:09 +0100 Status: R x-flowed For info, here are the Slashdot article and the Philip Zimmermann letter: - Command-Line Crypto From Phil Zimmermann, Again EncryptionPosted by timothy on Friday February 07, @04:45PM from the will-smite-thee-is-a-command-line dept. A few months ago, PGP creator Phil Zimmermann became a reseller for the current graphical version of the software he originally spawned, produced by PGP Corporation. Now, Zimmermann has just started selling through his own website a modern command-line encryption product called FileCrypt, which has its roots in an older version of PGP. Confusingly enough, this software is produced by a company called (Veridis), and doesn't say PGP on the box, because legally it can't. Network Associates, which acquired PGP Inc. in 1997, still holds the rights to that name; when NAI spun off PGP to PGP Corporation in 2002, they held onto the command-line version. PGP Corporation, for whom Zimmermann serves as a technical advisor (as well as a reseller), is contractually unable to sell a command-line version. (He is on the board of Veridis as well.) But why introduce a text-only version of utility software, anyway, when the GUI-fied desktop version has been maturing for years and costs less? Update: 02/07 23:07 GMT by T: Here are three instant clarifications: PGP Corporation was misrendered as Open PGP in this paragraph; Veridis' command line product was inspired by PGP but independently created; its codebase is separate from NAI's version of PGP; and the rights holder to the PGP name is PGP Corporation, not NAI. They aren't paying for a pretty logo. The real reason is that the GUI version of PGP (along with other graphical encryption software, like the GNU Privacy Guard) aren't even in the same market. Casual computer users have never laid out much money for encryption. The widespread use of PGP in its original incarnation (during the era of Zimmermann's prosecution for allowing it to be exported) can be attributed as much to its zero-dollars price as to a generalized interest in privacy. Home and hobby users are not cut out from buying Veridis's software -- for about a hundred dollars, you can buy a personal use version of the command-line version. The real money isn't in individuals keeping their tax records private, though -- Zimmermann and Veridis, like NAI (whose PGP-based product is called E-Business Server) are really aiming at commercial and governmental datacenters, and for customers willing to accept a much higher pricetag. Insurance companies, banks, credit card processing centers, state records -- anywhere financial or otherwise confidential records are exchanged or stored en masse -- these all need encryption which works at the command-line. More precisely, they need crypto software which can work without direct human intervention at all. Instead, massive data centers need tools which can be called by scripts and other programs, so servers, or server farms, can spend their time crunching numbers rather than drawing pictures. The name is familiar ... The commercial competition FileCrypt faces is familial -- it's the same product from NAI (sold from their McAffee division) that prevents Zimmermann and Veridis from calling their software PGP, even though NAI now labels their product E-Business Server. And though many companies have homegrown cryptographic solutions, Zimmermann says he knows of no other packaged software offering the high-volume encryption that the products from NAI or Veridis do. And, he emphasizes, what they do is very similar. He says of the Veridis command-line product compared to NAI's, It's drop-in compatible, identical in operation ... you could run the same perl scripts, the same command-line arguments. If you want to buy Veridis' encryption software licensed for electronic commerce (not one-person use), hold onto your wallet: the price jumps about 50 times, to a shade under $5000, which Zimmermann describes as a bargain -- at least compared to the competition. (Prices on the McAfee website show a one-year subscription-based license for E-Business Server starting at $6,875; $14,375 buys a perpetual license, with no included support.) Both sides of that fence. And of competing in this case with a product that originated from his own crypto software (and his own company, PGP Inc.), Zimmermann says I just don't really think of that as my product any more. It's in the hands of NAI, all the engineers have been fired. I just don't feel psychologically connected to that product. To look and not to sell. Especially when it comes to cryptographic software, code openness is considered not just a virtue but a near necessity. Peer-review
Re: Columbia crypto box
Apparently some folks skipped class the day Kerchhoffs' Principle was covered. While this is obvious to the oldtimers, I had to look Kerkhoffs principle ( and found that it is the old injunction against security by obscurity ). So for the benefit of those who are as clueless as me: http://www.counterpane.com/crypto-gram-0205.html A basic rule of cryptography is to use published, public, algorithms and protocols. This principle was first stated in 1883 by Auguste Kerckhoffs: in a well-designed cryptographic system, only the key needs to be secret; there should be no secrecy in the algorithm. Modern cryptographers have embraced this principle, calling anything else security by obscurity. Any system that tries to keep its algorithms secret for security reasons is quickly dismissed by the community, and referred to as snake oil or even worse. This is true for cryptography, but the general relationship between secrecy and security is more complicated than Kerckhoffs' Principle indicates. The reasoning behind Kerckhoffs' Principle is compelling. If the cryptographic algorithm must remain secret in order for the system to be secure, then the system is less secure. The system is less secure, because security is affected if the algorithm falls into enemy hands. It's harder to set up different communications nets, because it would be necessary to change algorithms as well as keys. The resultant system is more fragile, simply because there are more secrets that need to be kept. In a well-designed system, only the key needs to be secret; in fact, everything else should be assumed to be public. Or, to put it another way, if the algorithm or protocol or implementation needs to be kept secret, then it is really part of the key and should be treated as such. Kerckhoffs' Principle doesn't speak to actual publication of the algorithms and protocols, just the requirement to make security independent of their secrecy. In Kerckhoffs' day, there wasn't a large cryptographic community that could analyze and critique cryptographic systems, so there wasn't much benefit in publication. Today, there is considerable benefit in publication, and there is even more benefit from using already published, already analyzed, designs of others. Keeping these designs secret is needless obscurity. Kerckhoffs' Principle says that there should be no security determent from publication; the modern cryptographic community demonstrates again and again that there is enormous benefit to publication. also see: http://www.cs.biu.ac.il/~herzbea/BIU656/index.html Kerckhoffs' principle: Do not assume secret designs and algorithms; only keys can be assumed secret. Kerckhoffs' original concern was that cryptosystems designed under the `security by obscurity' assumption, namely assuming that the adversary would not know their designs, might be easily exposed once the design is revealed. -- natsu-gusa ya / tsuwamono-domo-ga / yume no ato summer grasses / strong ones / dreams site Summer grasses, All that remains Of soldier's dreams (Basho trans. Stryk) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The Handbook of Applied Cryptography online
The Handbook of Applied Cryptography ( menezes et al ) is available online at http://www.cacr.math.uwaterloo.ca/hac/ My apologies if the other list members were aware of this. There is also an interesting Lecture Notes on Cryptography by Goldwasser and M. Bellare at : http://www.cs.ucsd.edu/users/mihir/papers/gb.html Regards -- natsu-gusa ya / tsuwamono-domo-ga / yume no ato summer grasses / strong ones / dreams site Summer grasses, All that remains Of soldier's dreams (Basho trans. Stryk) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote: On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote: There may be more valid reasons for treating the device as secret; some categories that come to mind include protecting non-cryptographic information, such as the capabilities of the communication channel. Also, many systems on the shuttle are obsolete by modern standards, and it's possible that the communications security is similarly aged. Isn't it also possible that the device contains a physical key of some kind? Mom, can I borrow the keys to the Space Shuttle? From a cryptographic perspective, a physical key is just a ROM containing some bits, or else a smart-card containing some bits it doesn't tell you directly, but either way the only thing magic about the physical container is whether the operator needs to know the bits or not. These days nobody *has* a better cryptosystem than you do. They might have a cheaper one or a faster one, but for ten years the public's been able to get free planet-sized-computer-proof crypto, and if you don't like it, you can switch from 3DES and 1024-bit RSA to 5DES and/or 4096-bit RSA. That doesn't mean that the space shuttle has that quality crypto for its critical operational communications - its computers were antique compared to commercial-off-the-shelf-non-radiation-hardened-non-shock-proofed PCs, so it could be running on really lame 60s NSA hardware crypto. The tradeoff with that kind of equipment was using good key hygiene (doesn't matter too much if the key gets stolen as long as you know, and as long as you can wait for the guy with the briefcase handcuffed to his wrist), but also using Obscurity to make cryptanalysis difficult. So it's possible that they're running some crypto that's lame enough that if somebody recovers it, they'll be able to crack the algorithms, which might let them crack the keys for some other shuttle, or it's possible that it will let them learn enough about old NSA crypto and maybe the KGB can decode some old messages from somebody, which might still have some value to somebody (learning 60s/70s military tactics?) It'd be lame, but it's possible. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
On Sat, Feb 08, 2003 at 03:26:53PM -0800, Bill Stewart wrote: It'd be lame, but it's possible. It's probably just every-day insitutionalised paranoia. It doesn't matter why they care, the sticker on the outside says they have to. -- Dan. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
NASA/NSA searching for Shuttle encryption system
AP reported on Feb 7 that NASA is looking for a secret device that encrypts communication between the shuttle and ground controllers. If someone else finds it they could study the technology, says the AP. Sounds like fun for cypherpunks. Anybody seen it on eBay? :-) Alternatively, c'punks could plant fake mil-spec DES or CPRM encryption boxes around Louisiana and Texas in the hope that foreign spies will find them and 'crack' them. John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
In message [EMAIL PROTECTED], Faust writes: Apparently some folks skipped class the day Kerchhoffs' Principle was covered. While this is obvious to the oldtimers, I had to look Kerkhoffs principle ( and found that it is the old injunction against security by obscurity ). You can find Kerchhoffs' original work at http://www.cl.cam.ac.uk/~fapp2/kerckhoffs , in French and English. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Columbia crypto box
Matt wrote quoting John: Do you really, honestly believe that none of the people designing a secure communication system for the shuttle were even remotely acquainted with the basic principles of the subject? [...] Apparently some folks skipped class the day Kerchhoffs' Principle was covered. One wonders what other shuttle systems were designed with comparable disregard of basic principles. Matt, Based on my experience, I would not be unreasonable to believe that such a disregard to basic security principles indeed took place. Case in point: In July of 1997, only days after the Mars Pathfinder mission and its Sojourner Rover successfully landed on Mars, I innocently inquired on the Cypherpunks mailing list if any subscribers happened to know if and how NASA authenticates the command uplink to what at the time was arguably the coolest RC toy in the solar system. A few days after my initial post, which yielded no substantial replies on the mailing list, I receive a call by a well-known security expert who at that time functioned as an advisor to the office of the President of the United States. Apparently, my original inquiry had been copied and forwarded several times. By the time my inquiry had reached the office of the President, just as in a children's' game of telephone, my question of are they using any decent crypto had turned in to hackers ready to take over Mars Rover. With Sojourner being the U.S. Government's PR darling of the day, the office of the President decided to dispatch the FBI to interdict me from engaging in such a nefarious deed. It was only through chance that the aforementioned advisor got wind of this releasing of the hounds and convinced the decision makers that I was just a harmless researcher who asked an innocent question rather than a threat to national PR objectives. Word has it that the folks in DC were buzzing with fear of what would happen to NASA's image if hackers were to take the Mars Rover for a spin. Needless to say and regardless of anyone's intent, such concern would be entirely unfounded if the uplink were securely authenticated. Which I believes represents an answer to my initial question as to whether the uplink is securely authenticated. Presumably NASA did a better job with the shuttle, but I would not be surprised in the least if all shuttles shared the same key. [Remind me to some time recount the tale of my discussing key management with the chief-cryptographer for a battlefield communication system considerably younger than the shuttle fleet. Appalling does not being to describe it]. --Lucky Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
[Apologies if this item was passed through the list. It was news to me.] Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG K. Jallad, J. Katz, and B. Schneier Information Security Conference 2002 Proceedings, Springer-Verlag, 2002, to appear. ABSTRACT: We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting decryption oracle. We argued further that such attacks are quite feasible and therefore represent a serious concern. Here, we investigate these claims in more detail by attempting to implement the suggested attacks. On one hand, we are able to successfully implement the described attacks against PGP and GnuPG (two widely-used software packages) in a number of different settings. On the other hand, we show that the attacks largely fail when data is compressed before encryption. Interestingly,the attacks are unsuccessful for largely fortuitous reasons; resistance to these attacks does not seem due to any conscious effort made to prevent them. Based on our work, we discuss those instances in which chosen-ciphertext attacks do indeed represent an important threat and hence must be taken into account in order to maintain confidentiality. We also recommend changes in the OpenPGP standard to reduce the effectiveness of our attacks in these settings. http://www.counterpane.com/pgp-attack.html Reality must take precedence over public relations, for nature cannot be fooled. -- Richard P. Feynman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
