Cryptography-Digest Digest #530, Volume #10 Tue, 9 Nov 99 03:13:06 EST
Contents:
Re: How protect HDisk against Customs when entering Great Britain (Bill Unruh)
Re: Your Opinions on Quantum Cryptography ("Trevor Jackson, III")
Re: Lenstra on key sizes (DJohn37050)
Re: What's gpg? (Jerry Coffin)
Bracking RSA Encryption. Is it possible. ([EMAIL PROTECTED])
Re: PGP Cracked ? (Dennis Ritchie)
Re: Lenstra on key sizes (Bruce Schneier)
Re: Lenstra on key sizes (Tom St Denis)
Re: Q: Removal of bias ([EMAIL PROTECTED])
The story of a small boy --- sealed envelops --- encryption technologies (Markku J.
Saarelainen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: 9 Nov 1999 01:45:29 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (DigitAl56K)
writes:
>Even if you were detained without absolute proof of illegal data on
>your PC, which would be impossible to obtain you would not have to
>decrypt the data and therefore customs would be forced to hold you
>indefinately (not very likely I think!) or let you go.
Actually customs has a lot more power than that. They could simply
refuse you entry and force you to fly back to your country of origin.
You could of course try raising a stink once back in your country of
origin, but it would not be terribly effective.
Customs has much more power to make you uncomfortable than you have to
make them uncomfortable.
>can't force you to decrypt it.
You also cannot force them to let you into the UK.
>You might want to use PGPi though as US export restrictions stop you
>taking the normal PGP (which most of the world has anyway) out of the
>country.
No. US law prevents you from taking any encryption, no matter where you
got it, out of the US without a license.
------------------------------
Date: Mon, 08 Nov 1999 21:13:54 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Your Opinions on Quantum Cryptography
John Myre wrote:
> Bill Unruh wrote:
> >
> > In <[EMAIL PROTECTED]> Jeremy Nysen <[EMAIL PROTECTED]> writes:
> >
> > >Also, quantum cryptography by itself doesn't prevent a middleman attack
> > >(though it does make it very difficult). Which means it should be
> >
> > Don;t confuse quantum crypto with quantum computing.
> > Also quantum crypto is immune to the "middleman" attack.
> > That is one of its strengths.
> >
> > >possible to set up a 'relay' box in between two communicating parties
> > >that pretends to be the other. You would still need a 'relay' box for
> >
> > No, that is exactly what quantum crypto prevents. Any such middle man
> > can be detected.
>
> It is my understanding that quantum crypto makes it impossible
> (well - arbitrarily unlikely) to eavesdrop passively, but that an
> active man-in-the-middle is still possible: Alice and Bob have no
> physical way to know who they are talking to. That is, Eve is
> out of luck, but Mallory is still in business.
>
> With normal communication methods, Mallory can replicate each
> side exactly, thus behaving as Eve. With quantum crypto, I
> think Mallory can no longer do this, as the information exchanged
> is only probablistic. Mallory can pretend to be Bob while
> talking to Alice, and pretend to be Alice while talking to Bob,
> but he cannot ensure that the two connections end up with the
> same session key.
Why does he care? If he starts by empulating the correspondents to each other,
what forces him to stop? I.e., why can he not continue maintaining the charade,
keeping both sessions independent?
>
>
> So in addition to quantum crypto, you still mathematical crypto
> to authenticate who you are talking to. (Even if we use the
> secure quantum crypto channel to ask about maiden names, proper
> authentication will require careful protocol design).
>
> John M.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Lenstra on key sizes
Date: 09 Nov 1999 02:14:32 GMT
The only reason I can see right now for using longer AES key sizes than 128 is
if quantum computers (or something similar) become real.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: What's gpg?
Date: Mon, 8 Nov 1999 19:32:44 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
> I just picked up the fact that there's a GNU version of PGP out, called
> GPG or GNUPG.
>
> I found the web page www.gnupg.org, and it makes claims that no
> patented algorithms are used.
Okay.
> From this claim I would assume that GPG is not as secure as PGP.
Why would you conclude that? The basics are simple: for the public-
key part, there are basically three major algorithms: Diffie-Hellman,
RSA and Elliptical-Curves. Of these, DH was patented, but the patent
has expired, and ECC hasn't ever been entirely patented at all, though
some methods of implementing it are patented by Certicom. The only
one that has full patent protection at the present time is RSA, which
actually provides the LEAST protection against known attacks for a
particular key size. DH doesn't provide a LOT better protection at a
given key size, but I've never seen any implication that it wasn't at
least as good.
In the symmetric part of the overall scheme, nearly the only algorithm
that's covered by a patent is IDEA. TTBOMK, there's no practical
attack on either 3DES or Blowfish, neither of which is patented.
Blowfish is almost certainly at least as secure as IDEA, and probably
more secure, though given that there's nothing approaching a practical
attack on any of these, relative security doesn't necessarily mean
much.
> So I'm confused as to the security quality of GPG compared to PGP.
>
> Can anyone explain?
Hopefully what's above explains things sufficiently. At one time,
IDEA was probably the best algorithm implemented in PGP, and it is
patented. At the present time, there are many unencumbered algorithms
available, all providing both security and performance that are
generally at least equal to that of IDEA.
For completeness I'll point out that in theory somebody could find a
really easy attack against any of these at almost any time -- it's
impossible to prove that any provides a high degree of security. It
just happens that DES (for example) has been studied by a lot of
really smart people for an awful long time, and nobody's found an easy
attack on it, so it's generally assumed that none is likely to exist.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED]
Subject: Bracking RSA Encryption. Is it possible.
Date: Tue, 09 Nov 1999 02:27:11 GMT
I have a big problem. I have a lap top sniffer on a small unix LAN and
have managed to read packages. The packages are in RSA Encryption. I
have timed the time it takes to encrypted the e mials. To try to get an
idea as what the private key is . Brute force attacks on the code off
line are impossible to brake. Have come to the conclusion that RSA
encryption is unbrakable and it is a waiste of time using sniffer as I
cannot brake encryption. Putting the crimminality of it asside the
question is can RSA code be broken. I do not think it can and is good
security against sniffer attacks.
KM jr what you think.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Tue, 09 Nov 1999 02:59:51 +0000
Reply-To: [EMAIL PROTECTED]
Patrick Juola asked
> So, sir, did you do it, did Ken, was it a joint project, or
> someone altogether different?
If you can't piece together the basic story between
Ken's Turing address and the netnews material dug up
by Gillogly and Harry Neumann, you aren't a very good
reconstructor.
I do wish Ken had spelled "horse" right, but otherwise
his account is accordance with memory.
Dennis
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Lenstra on key sizes
Date: Tue, 09 Nov 1999 03:08:14 GMT
On Sun, 07 Nov 1999 11:24:35 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>The mentality of the builders of the Titanic remains with us.
>From that follows the fervent quest of one single sacared encryption
>algorithm that is capable of ensuring the communication security of
>the whole mankind till eternity (or at least the pretty far eternity).
>
>A probably very stupid question concerning symmetric ciphers: Does
>it cost terribly more if one uses 512 bits of key instead of 256 bits?
For a symmetric cipher, it's not much different in speed. The
difference will be in the storage required for the key. There are
many applications that just don't have 512 bits of RAM available to
store a key.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Lenstra on key sizes
Date: Tue, 09 Nov 1999 03:27:47 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> All depends on what's the additional cost, including management etc.
> of the additional bits. (That's what I was querying about.)
> In normal life, it is quite normal that one takes extra security
> measures in case the normal security is thought to be almost at the
> margin of the risks that are present. (Trivial example: some doors
> have two locks.) Certainly, much subjectivity is involved. Since
> there is no rigorous scientific unit of crypto strength or
> threat, one person's estimate of risk may differ greatly from
> another in the same situation. Anyway, I was not asking about
> whether using double key length is good or reasonable, I was
> simply asking whether using double key length would be intolerably
> costly (if one likes, for whatever reason, to do that). I thought
> my original post was fairly unamgiguous about that, but apparently
> I erred in that aspect.
Well who says 448 bit blowfish is actually more secure then 80 bit
blowfish? Who says two locks on a door are more secure then one?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q: Removal of bias
Date: Tue, 09 Nov 1999 04:14:25 GMT
John Savard wrote:
> [EMAIL PROTECTED] wrote, in part:
>
> >For example,
> >take enough of the input stream that we expect
> >128 bits of entropy, hash it with SHA-1 and key
> >RC-4 with the digest. Output the RC-4 stream.
> >In practice the method works well and efficiently
> >for producing an unbiased stream from a biased
> >one. Practice can be so misleading.
>
> That does satisfy the purpose, if one ignores the implicit definition.
>
> Bias removal means: take enough of the input stream that we expect 128
> bits of entropy...produce 128 unbiased bits...then move on and take
> more of the input stream.
I think "condensing entropy" would be a better description
for this operation, and I'm not sure if that's what Shen
had in mind. Doesn't it seem wrong that under this
definition we can remove bias from an unbiased generator?
> It does *not* mean use the RC4 output forever. That's "obvious".
Then the given criteria is obviously wrong.
> While
> I agree that accurate definitions are useful, how is it useful to
> respond to an enquiry about bias removal that it failed to contain a
> comprehensive and rigorous definition of bias removal?
That depends on the question. If it were "what do people
mean by X?", I'd have answered differently. But this was
more "what's a good technique for X?", which requires -
even presupposes - a thorough understanding of what X
means. If that understanding is missing, I think the most
useful response is to show that it's missing.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.math,soc.culture.russian
Subject: The story of a small boy --- sealed envelops --- encryption technologies
Date: Tue, 09 Nov 1999 05:34:34 GMT
==========
The story of a small boy .... - sealed envelops ....
About twenty years ago, there was a small boy (9-11 years old or so),
who had his penpals around the world - the Soviet Union, the United
Kingdom, Australia, Germany and many other European nations. He wrote
his letters on a paper and then mailed these letters in sealed envelops
and he received letters from his international friends in sealed
envelops. He did not use postcards. In today's world, there are many
executives in governments, businesses and other organizations, who email
their secrets in postcards. How has the world changed? Or was this young
child just smarter than many today's executives?
And by the way ... I was this small boy !
==========
"Encryption and many cryptography technologies are very important for
any future electronic commerce applications and implementations. It is
the recommendation to decline the acceptance of any Wassenaar Agreement
(http://www.wassenaar.org) terms on encryption controls and to support
the strongest cryptography in all commercial internet communications
globally. The role of one internet is already critical in most
international enterprises and corporations. However, due to the open
infrastructure and individuals' principal lack of the security knowledge
and consciousness, quite often critical business messages are sent
without any encryption protection, which makes corporations extremely
vulnerable. It is a common public knowledge that some specific
intelligence agencies are using the Internet and other intelligence
collection methods to acquire and collect specific technology and
business intelligence for specific commercial and business enterprises.
Some of most popular encryption applications have backdoors and their
development projects have been supported and influenced by certain
specific intelligence-interest groups. In the future's electronic
commerce environment these encryption methods and technologies shall
become even more important for any corporation anywhere around the world
and it is highly recommended to avoid using any of the most popular and
free encryption applications for any business and commercial purposes."
============ SURVEY RESULTS ============ SURVEY RESULTS ============
SURVEY RESULTS
SURVEY SUMMARY : ENCRYPTION FOLLOW-UP SURVEY
MAY, 1997
Note: This survey summary contains raw survey results that have NOT been
analyzed, evaluated or prioritized. The results are based on comments
and opinions (all of which may not be facts) that were received from
many individuals who responded to the original (October 1996) survey.
*****************************
QUESTION 1: In your opinion, what are main developments in the adoption
of encryption technologies in commercial enterprises since October,
1996?
*****************************
"The continued government attempts to get 'key recovery', and a certain
amount of reluctant willingness from business."
"Purely for e-commerce reasons have there been any advancements. The
rest of the encryption world (privacy/freedom etc.) have been
appallingly backward and most governments will tend to hold them back."
"Network Computers (NCs)."
"Slight easing of export restrictions. Development of several payment
protocols. Increasing adoption of retail commerce over the net as
evidenced by recent IPO of one company."
"There is some movement towards more advanced mathematics. The market
is searching for patent free/royalty free encryption. Governments are
attempting to halt it, but are failing miserably."
"Electronic payment via The Internet."
"C2's bypass of the export regulations. The broader adoption of SSL.
Email application plugins for a strong and reliable encryption."
"-SSL has been widely used for the securing of data for a number of
on-line Internet banks. -Encrypted tunneling products which extend the
corporate Intranet/LAN are now becoming widely available. -Smart cards
are finally appearing in North America. In Canada alone Visa Cash,
Exact (Proton?), and Mondex are going through trials. -SSL is now widely
used to protect credit card transactions on a number of internet retail
sites -The US government continues to support key escrow for exported
encryption. -Major players (i.e. banks, IBM, MS, HP, VeriFone) are
taking steps to integrate SET into their range of products. -Future
browsers are going to allow smart cards to Interface with the Internet."
*****************************
QUESTION 2: In your opinion, what are 5-10 main barriers currently that
may prevent the successful implementation and utilization of encryption
technologies in commercial enterprises?
*****************************
"-Legislation and government intervention for strong encryption.
-Unfamiliarity with the technology will produce mistrust of its
reliability. -Safe key-management processes are difficult to achieve.
This will reduce the security of cryptography and thus its usefulness
for many applications. -Cryptography is not user-friendly right now.
Until it becomes so than it is unlikely to achieve widespread usage.
-Licensing fees for cryptographic algorithms are not cheap. Until
patents expire for things like the RSA public key algorithm the costs
of developing reliable cryptographic products will remain high. - There
are a large number of cryptographic products with no clear standards in
sight."
"Export regulations."
"Lack of perceived need."
"Lack of expertise among engineers and technicians."
"a) Lack of interest in security b) Concentration on cost c) Lack of
ready-to-use cheap tools d) Legislation and potential legislation e)
Patents and licensing issues"
"Government inadequacies in legislation, Vendors propensity to hand
private keys to government (extrapolate that to insecurity when a person
working for a vendor is bribed to give out a private key), Costs, Public
reluctance in encryption (FUD factor)"
"Threats to roles of traditional players (e.g., SET's effect on card
issuers)., Seamless integration into products., Education of users.,
Regulatory obstacles. Widespread availability."
"1) ease of use, 2) cost of real security, 3) an understanding of
security details, 4) a lack of understanding the difference between
cryptography and security 5) uncertainty as to what the government rules
are"
"- exportability (permissions are needed if a product implements
cryptography, and 2 or more versions of the software has to be build), -
patents (can't exploit algorithms without negotiating royalties)"
"The governments export restrictions on strong cryptographic
algorithms."
" It is not a question of availability of software, but of
interoperability between systems made/sold in different regions of the
world."
"Government FUD. Ease of use. Cost of training etc. Worry about leakage
of secrets."
*****************************
QUESTION 3: What are activities and projects that can be initiated and
taken to lower and reduce above barriers (see the question 2.)?
*****************************
"a) Wider accurate publication of security lapses.
b),c) Cheap tools fitted for a job. I just read a Sun catalogue
where much of the software (including security software)
has laughable prices. Get a straightforward Virtual
Private Network from 100 pounds for a start.
d) Do strong lobbying and occupy lawmaker's time with other stuff
when they seem to be going in the wrong direction.
e) Wait for some important expiry dates.
Have more reasonable contact with license-holders.
Bypass licenses by producing new methods that get less
restriction."
"Continued integration into key products such as web browsers. Perhaps
even into OSes."
"Lowering the barriers to deploying certification authority
infrastructures for use w/in intranets. (in terms of cost, ease of
administration, etc.), Further efforts at deregulation."
"Lobby governments, Do not place restrictions for vendor based key
management, Push for totally private key systems"
"A not for profit, global, public education group should be created
whose purpose is to help educate businesses. Secondarily it should
educate the public on the issues of privacy, but the primary goal should
be to get all businesses (mainly the small ones) to understand that
simple pains can give a great deal of security, and that the cost is
worth the money and time saved from fraud and theft."
"An e-mail program that a "stoned hippy" could use and still not leak
information is needed. It would not allow too much flexibility, but it
would give "the masses" a hands on feel for what security is and how
crypto plays a role in their everyday life. Six year old kids and their
grandmothers could be using even this simple security level for e-mail.
It would go a long way because people will ask many questions, and they
will get many answers. It would more rapidly diffuse the information
and education over the populace (world wide)."
"Develop simple and user-friendly ways to use cryptography and manage
keys effectively."
"Reduce the ability for corporations to patent cryptographic processes,
key-management techniques, and anything other than completely unique
cryptographic algorithms. We don't need research into new cryptography
we need open access to refinements of what exists. If people can patent
those refinements then it reduces the access people have to these new
technologies at the expense of society at large."
"Eliminate export barriers on strong encryption."
"Education (public): crypto is used for authentication as well as
privacy. It is *not* military or espionage technology. It is
(required) enabling technology for tomorrow's information superhighway."
"Education (professional): principles of information security taught in
all relevant courses. (e.g. computing, telecom, electronics, etc)."
============== Results of the original survey in October, 1996
SURVEY SUMMARY: Encryption in Commercial Enterprises
October, 1996
by
M. J. Saarelainen
SURVEY METHODS BRIEFLY: Three specific questions were sent to several
mailing lists and news groups. The great number of responses was
received. These responses were compiled as received to the list (without
any priorities) below. No detailed analysis or evaluations were
completed at this time. Please, review these questions and responses and
let me know, if you like to add, remove or change something. Thanks.
=======
QUESTION 1. In your opinion, what are the 5-10 most significant
applications of encryption technologies currently in commercial
enterprises?
RESPONSES (# of responses = 29) TO QUESTION 1:
1. Secure E-Mail / Secure E-mail SMTP/POP3 mail client
2. Secure Internet-Shopping
3. Encrypt the entire internet ( encrypting routers etc. )
4. Encrypted file systems - partition for laptops
5. Encrypted voice (cellular, cordless, wireline, voice-over-internet)
6. Secure FAX
7. Point-to-point encrypted links, for corporations using the Internet
as a WAN.
8. EDI (both encryption & authentication), Electronic Data Interchange
(EDI)
9. Secure FTP client/server software
10. Secure FTP client only software
11. Secure UNIX FTP server software
12. Secure File based encryption for HD and Floppy
13. Accounting departments need to ensure their data can't be changed
14. Engineering needs to ensure competition doesn't easily steal ideas
15. Secure login (and insecure, in the case of Unix)
16. Network traffic encryption
17. Local file/data protection (incl. backup protection)
18. Protection of proprietary information while allowing company use of
it.
19. Crypto applications as an element in the information security system
20. Regional and national electric power exchanges between companies
21. Large investment banks who want to coordinate across their own
organizations and others in significant numbers
22. Healthcare cries out for encryption
23. The military for sensitive non-classified information.
24. Law enforcement is a natural for the internet, if they could agree
on a common security solution.
25. Online banking, online sales and commerce, data protection on
commercial database servers, secure transfer of govt. information, ie.
tax information on citizens.
26. The most widely spread encryption technologies and proprietary
hardware solutions by different providers etc. SSL is now upcoming.
27. Protection and storage of Archives
28. Person to person communication within an organization.
29. Secure remote communications (over the Internet)
========
QUESTION 2. In your opinion, what are 5-10 main barriers currently that
may prevent the successful implementation and utilization of encryption
technologies in commercial enterprises?
RESPONSES (# of responses = 22) TO QUESTION 2:
1. Cryptic user interfaces
2. ITAR regulations, Government regulation or restrictions of use of
strong encryption, Government export restrictions for strong encryption.
3. Ignorance ( pegasus provides REAL encryption )
4. Lack of knowledge of resources available to Business.
5. Misunderstanding that encryption is complicated.
6. Misunderstanding that encryption is costly.
7. General lack of knowledge as to how to write *strong* encryption
8. Lack of integration of strong encryption so that the user must
learn/know too much in order to use it properly
9. General lack of understanding of the necessity of *strong* encryption
10. Difficult to use
11. Slow speed
12. Complexity makes choices difficult since no one can be a full expert
13. Workers have to wait for a supervisor
14. A lack of understanding of the technology
15. The lack of good cost-benefit analysis data
16. On the product development side, few companies have both the
engineering and the marketing/industry expertise to successfully make
good secure products which meet real market needs and demands
17. Key Management. The ability for a user to gain authentification for
use of cryptographic programs, to access information for which that
person is authorized. Passwords can be forgotten, or copied, verifying a
user easily is very difficult.
18. Lack of standards, and most of all lack of good certification
services.
19. The second barrier derives from a missing standard interface in
E-Mail, ftp ... solutions.so transparently embed widely spread
encryption
20. Lack of knowledge of encryption is a big hurdle to it's
implementation. Non-technical people are required to evaluate the use
of a technological product they may not understand completely. It's
difficult to put your trust in an algorithm when you don't understand
how it works.
21. Many enterprises may not be aware of how easy it is to begin using
encryption within their organization.
22. Many organizations may not recognize the need to protect information
within their organization. Some may not be aware of how easy it is to
tap into electronic communications.
========
QUESTION 3. What are activities and projects that can be initiated and
taken to lower and reduce above barriers (see the question 2.)?
RESPONSES (# of responses = 27) TO QUESTION 3:
1. Integrated mail reader with strong crypto capabilities, easy to use
2. Spreading awareness of how useful strong crypto really is.
3. Spreading awareness of exactly *why* governments seeks to prevent the
spread of crypto.
4. Writing strong encryption software and placing it in the public
domain.
5. Proving by actual demonstration that existing encryption is
inadequate.
6. Encouraging wealthy crypto advocates to speak freely.
7. Education of users and vendors of the issues
8. Lobbying of governments by aforementioned enlightened users/vendors
9. Different products need to be created which can interoperate
transparently to the user, but not deliver data unless operator is valid
10. Smart cards which attach to every terminal, the cards go with the
person and they can validate themselves at any terminal
11. Overcoming the complexity barrier requires patient teaching of each
client
12. A set of brochures and pamphlets needs to be created which describes
most systems in use for a particular level of security
13. A major project would be to simply educate the managers of most
companies about crypto, to remove the magic and bring the whole thing
down to earth
14. Manufacturers need to go to more trouble talking with customers
before designing products and be more creative in finding ways to meet
market needs
15. Security companies also need to audit themselves and demonstrate
that they are trustworthy
16. Better turnkey low-cost enterprise-wide solutions to common problems
(network encryption, for example) are needed.
17. Make applications easier to use, Build easy to use encryption into
applications so that it is smooth or even transparent to users
18. Universal standards for dual key encryption
19. Reduce strength of encryption to increase speed
20. Large groups of customers must get together and dictate standards to
the security industry.
21. The first thing is to implement a transparent interface to
encryption function to all data transfer services.
22. The second would be to get all suppliers of encryption technologies
to confirm to this standard.
23. I think the best thing is to initiate a workgroup at The Open Group
responsible for encryption interfaces.
24. Public Software should be widely available. The more people are
experienced with this software the more likely they are to use and trust
it.
25. Making encryption software widely available means more than just
making sure copies of it are accessible. It also means making it
user-friendly enough.
26. Education is also required. I find that very few people really know
about these issues.
27. People need to promote awareness of the current situation.
========
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
