Cryptography-Digest Digest #937, Volume #11 Sun, 4 Jun 00 12:13:00 EDT
Contents:
Observer 4/6/2000: "Your privacy ends here" ("B Labour")
Re: Rivest's Multi-Grade Crypto (Mark Wooding)
Re: Evidence Eliminator, is it patented, copyrighted, trademarked ? (jungle)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (David Hartley)
Improving DES based MAC ("Tor Rustad")
P=NP and a polynomial to find all primes. (Simon Johnson)
Re: Quantum computers (Jerry Coffin)
Newcomer seeks clarification re download encryption ("Andy Carroll")
Re: Newcomer seeks clarification re download encryption (tomstd)
Could RC4 used to generate S-Boxes? (Simon Johnson)
Re: Could RC4 used to generate S-Boxes? (tomstd)
----------------------------------------------------------------------------
From: "B Labour" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,alt.security.scramdisk,uk.telecom
Subject: Observer 4/6/2000: "Your privacy ends here"
Date: Sun, 4 Jun 2000 13:44:06 +0100
http://www.observer.co.uk/focus/story/0,6903,328071,00.html
Your privacy ends here
A Bill which is slipping through the House of Lords will allow MI5 access to
all our online communications, says John Naughton. It could mean we're all
guilty until proven innocent. So why don't we care more?
Free speech on the net: special report
Sunday June 4, 2000
When you wake on Thursday 5 October next, you will find yourself living in a
different country. An ancient bulwark of English law - the principle that
someone is presumed innocent until proven guilty - will have been
overturned. And that is just for starters. From that date also the police
and security services will enjoy sweeping powers to snoop on your email
traffic and web use without let or hindrance from the Commissioner for Data
Protection.
Every UK internet service provider (ISP) will have to install a black box
which monitors all the data-traffic passing through its computers,
hard-wired to a special centre currently being installed in MI5's London
headquarters. This new mass surveillance facility is called the Government
Technical Assistance Centre (GTAC). Who said Jack Straw had no sense of
humour?
The Regulation of Investigatory Powers (RIP) Bill which is now before the
Lords gives the Home Secretary powers of interception and surveillance which
would be the envy of the most draconian regime. In addition to encroaching
on civil liberties, the same Bill will also drive hordes of e-commerce
companies from Britain to countries like Ireland where their encryption
keys - extended pin numbers allowing users to decipher jumbled data - will
be protected from government prying. An administration which complains
continually about making Britain 'the most e-friendly country in the world'
by 2002 is busily making sure that exactly the opposite happens.
How has this extraordinary state of affairs come about? Is it another
manifestation of the cock-up theory of history, or are there more sinister
forces at work? The answer is a bit of both. For some time, it has been
obvious to Ministers and civil servants that British law needed updating to
cope with the internet. In an era when online trading becomes ubiquitous,
for example, some way has to be found of making 'digital signatures' legally
valid. Accordingly, a special Cabinet Office unit headed by Professor Jim
Norton set to work to devise a new legislative framework for the emerging
world of e-commerce and online communications. The main result of his labour
was the Electronic Commerce Bill.
As that Bill went through its Parliamentary hoops, it became clear that some
parts of it - mainly the sections dealing with data encryption, interception
and surveillance - were so deeply flawed that they threatened to sink the
Bill. Given the Government's desire to make headway on the e-commerce front,
the problematic sections were eventually jettisoned and the Electronic
Commerce Bill became law in 1999.
It was a smart decision, but it left unresolved the problem of what to do
about the encryption stuff. The DTI, smarting from its bruising at the hands
of the computer scientists who had comprehensively shredded the original
encryption proposals, wanted nothing more to do with it. Accordingly the
poisoned chalice passed to the Home Office, which knows little of business
and even less about the internet, but is endlessly attentive to the needs of
the police, the security services and the Byzantine imperatives of official
secrecy. The RIP Bill is the fruit of that secretive bureaucratic milieu.
The official rationale for the legislation is that it is required to bring
UK law into conformance with the European Convention on Human Rights. In the
end, this will have to be tested in the courts, but Straw's confidence is
not shared by the Commons Trade & Industry Select Committee which last
October recommended that the Government publish a detailed analysis to
substantiate its confidence that the Bill does not contravene the
Convention. This the Government has so far declined to do.
The Bill has four main parts. The first deals with the interception of
communications. the second covers 'surveillance and covert human
intelligence sources'. The third tackles encryption and the fourth covers
the 'scrutiny of investigatory powers and of the functions of the
intelligence services'. Parts I to III propose massive extensions of the
state's powers to spy on its citizens while the fourth suggests a regulatory
regime which seems laughably inadequate to anyone familiar with internet
technology. All sections of the Bill have been heavily criticised by
external experts and a small number of committed MPs, but the legislation
has passed through its Commons scrutiny with its central provisions intact.
Part I gives the Home Secretary the power to issue a warrant requiring ISPs
to intercept the communications of one or more of their subscribers. The
problem is that the internet is not like the telephone system - where it is
technically feasible to tap into a particular individual's communications
link. In order to monitor a person's internet traffic, you have to tap into
all the traffic running through his or her ISP. As a result, the expectation
is that Part I of the Bill will be implemented using so-called 'passive
monitoring': ISPs will be required to install a 'black box' which will
monitor all their data traffic and pass it to the GTAC centre.
The news that henceforth all UK internet traffic will find its way to MI5
does not seem to have yet reached MPs, most of whom don't understand the
technology and assume that the Home Office must know what it is doing.
Defenders of the Bill point out that MI5 can only legally read the content
of communications for which specific warrants exist, which is true. But they
fail to notice that the Bill affords no such protection to the pattern of
one's internet connections.
In other words, while MI5 may need a warrant actually to read your email,
many other people will have essentially unregulated access to logs of the
websites you access, the pages you download, the addresses of those with
whom you exchange email, the discussion groups to which you belong and the
chat rooms you frequent - in short, a comprehensive record of what you do
online and with whom. It will be interesting to see how this squares with
the European Convention's requirements about privacy.
It is Part III of the Bill, however, which is most likely to contravene the
Convention. Section 46 gives the Home Secretary the power to compel the
surrender of keys used to encrypt communications data. Failure to comply
carries a prison sentence of two years. If someone cannot comply because
they have lost or forgotten the key then they have to prove that to the
satisfaction of a court. In other words, the burden of proof is shifted from
the prosecution to the defence - one is presumed guilty until proved
innocent. And how do you prove that you have forgotten something?
Even more oppressive is the Bill's creation of a secondary offence -
revealing that you have been required to supply, or supplied, a decryption
key - which carries an even stiffer penalty. Under the terms of the Bill,
for example, the police could arrive at 4am and demand that you produce such
a key. If you were unable to comply and were taken in for questioning, it
would be a criminal offence punishable by five years' imprisonment to
explain to your family why you were being dragged off.
Civil liberties campaigners are predictably opposed to the RIP Bill. But it
is also widely opposed by the business community. Even Professor Norton, the
architect of the Government's e-commerce legislation, describes the
proposals as 'a classic own goal' that will undermine the aim of making
Britain a centre for e-commerce. Encryption is central to e-business, and
many companies have contractual agreements with clients for whom they hold
cryptographic keys. Under the RIP Bill they would be banned from revealing
that they had surrendered a key and thereby compromised the client's
security.
'This is a clear case,' says Norton, 'of the futility of government treating
internet policy as a national issue when what is needed is international
agreement. A UK firm which handed over the key of a multinational client
would be vulnerable to a compensation claim in an overseas court for
compromising that client's global security. US businesses are not happy
about that liability and will opt to work in countries like Ireland.'
The most astonishing thing about . Straw's pre-emptive strike on civil
liberties and e-commerce is that, to date, there has been almost no public
discussion of it. The Ministers driving his Bill through Parliament concede
that the powers they seek are sweeping, but argue that they can be trusted
to apply them reasonably and that in any case the powers are commensurate
with the threat from online criminals, terrorists, paedophiles and
pornographers. In the absence of proper safeguards, the first argument is
absurd.
As far as the second is concerned, nobody has yet produced any convincing
empirical evidence that the supposed threats are more than the fantasies of
security services and hysterical projections of some newspapers. The
internet undoubtedly provides a conduit for criminal conversations and porno
graphic transactions. But then so does the telephone system and the Royal
Mail, and yet nobody proposes tapping every phone in the land or scanning
every letter. A terrifying erosion in our liberties is being planned, yet
the threat is largely ignored.
Could it be that this collective passivity is because, for most citizens,
the liberties that are being eroded lie in the future rather than the
present? Most people do not currently encrypt their email, even though an
unencrypted email is as vulnerable to snooping as an ordinary postcard. But
in five years' encryption will have become a necessity.
Human nature being what it is, people will lose or forget their decryption
keys - and some will find themselves attempting to convince a judge that
they are not paedophiles feigning amnesia to qualify for a shorter sentence.
Will they then remember Burke's warning that for evil to triumph it is
necessary only for good men to do nothing? And will they wonder why they had
not been more alarmed on the morning of 5 October 2000?
Rest of the world
Most countries impose no restrictions on the use of encryption by their
citizens. The exceptions tend to be authoritarian regimes such as those in
Russia and China.
IRELAND: New e-commerce Bill makes it illegal for government to access
commercial cryptographic keys.
FRANCE: The government has recently announced a new policy of totally
relaxing controls on domestic use of encryption.
US: No domestic controls on use of cryptography, though Washington looks
enviously at the UK RIP bill.
GERMANY: Has long been the European leader in opposing restrictions on
citizens' use of encryption.
Over the coming weeks The Observer will print a series of articles and
opinion pieces on the proposed RIP Bill. If you wish to voice your opinion
online you can do so at www.observer.co.uk. To find out more about the Bill
see www.fipr.org/rip/
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Rivest's Multi-Grade Crypto
Date: 4 Jun 2000 12:32:57 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> So 2^n = 2^68 in his system, then subsequent messages take 2^20 time?
No: 2^48 time.
> Even still my observation is correct. What if the wrong people could
> perform the initial hard work?
Then you're still stuffed. The objective is to improve matters over a
(say) 56-bit or 40-bit key. I think he's done this.
-- [mdw]
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Evidence Eliminator, is it patented, copyrighted, trademarked ?
Date: Sun, 04 Jun 2000 09:19:40 -0400
the other 2 ?
Lucifer wrote:
>
> On Sat, 03 Jun 2000 06:13:12 -0400 jungle <[EMAIL PROTECTED]> wrote:
>
> >Evidence Eliminator, is it patented, copyrighted, trademarked ?
>
> It's copyrighted when it's written.
>
> No filing is required.
------------------------------
From: David Hartley <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Sun, 4 Jun 2000 14:44:45 +0100
Reply-To: David Hartley <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>, Adrian Kennard
<[EMAIL PROTECTED]> writes
>... the individual may not wish to disclose a key
>which can then be used to decode everything they have ever
>recevied regardless of relevance, and sign things with their name, etc.
Does the bill actually require this? i.e. disclosure of your private PGP
key. I presume that offering the plain texts would not be sufficient
unless they can be verified, but how about offering the session key
(right technical term?) for each message demanded. That's the key which
has been used to encrypt the body of the message, so presumably that's
the key that's covered by the bill. IANAP but I assume it would be
straightforward to write a small program that could do this. The
practical difficulty comes in entering your passphrase if the room is
full of policemen.
--
David Hartley
------------------------------
From: "Tor Rustad" <[EMAIL PROTECTED]>
Subject: Improving DES based MAC
Date: Sun, 4 Jun 2000 17:19:20 +0200
The world is still DES based, and upgarding the HW infrastructure is very
expensive in many cases.
1. ANSI X9.17 described a optional two key DES strengthening on the last
block (CBC-MAC). I can not see why this is less secure than doing i.e.
two-key triple DES on every block. Comments?
2. Two-key triple DES has been stated as less secure than three-key triple
DES, but as far as I can see it, two-key triple DES is secure for all
practical purposes due to the storage requrements on the attack.
3. DESX, DESX_k. k1.k2 (x) = k2 XOR DES_k (k1 XOR x), has some interesting
properties, analysis given in [1] indicate that this improvement is
comparable to triple DES. This sounded strange to me, however if this is
true, why is the standards only focusing on multiple mode DES?
4. In many cases the space is limited in devices, what is the security
implications in DESX of setting
a) k = k1 = k2
b) k = k1
c) k = k2
(in context of brute force attack)
[1] Cryptobytes Volume 2, Number 2, 1996.
--
Tor
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: P=NP and a polynomial to find all primes.
Date: Sun, 04 Jun 2000 15:17:07 GMT
I was wondering wether i am correct i asumming that finding a
polynomial such that f(n)= n'th prime would prove that P=NP.
I reason this must be the case because the only way to deterimine
wether a number is prime, with 100% acuracy, is to factor it. Since
factoring is a NP problem and the polynomial is P. It would prove that
NP equals P. (If this is wrong, please explain why)
Now, hasn't it already been proven that such a polynomial can't exist,
if so where can i find the proof?
--
=======
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Quantum computers
Date: Sun, 4 Jun 2000 09:41:51 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Is it true that NSA has a quantum computer for codebraking?
The largest quantum computer of which there is a public record is 7
qubits. That's enough to prove that a quantum computer can be
built, but is NOT actually capable of doing any useful work. Many
researchers also believe that the methods used to build quantum
computers so far will NOT scale up to ever doing useful work. There
are other approaches they think will work in the long run, but AFAIK,
nobody's actually made them function yet.
If anybody has a quantum computer capable of doing anything useful at
the present time, they're keeping it a deep, dark secret.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Andy Carroll" <[EMAIL PROTECTED]>
Subject: Newcomer seeks clarification re download encryption
Date: Sun, 4 Jun 2000 16:38:33 +0100
Hi
Here is my problem. I want to sell my book over the internet. I want the
customer to be able to download the book and then the customer dials up and
receives a key from my server based on various identifiers e.g. name,
perhaps CPU ID or Hard Drive ID. This would mean that the customers
environment would be the only environment where the book could be read. I am
unsure as to whether I would have to be able to encrypt the file for each
download. Can anyone offer advice or products capable. I am sure this will
become a big topic in months / years to come.
Thanks in advance for your assistance
Andy Carroll
------------------------------
Subject: Re: Newcomer seeks clarification re download encryption
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 04 Jun 2000 08:47:49 -0700
In article <8hdthp$69r$[EMAIL PROTECTED]>, "Andy Carroll"
<[EMAIL PROTECTED]> wrote:
>Hi
>
>Here is my problem. I want to sell my book over the internet. I
want the
>customer to be able to download the book and then the customer
dials up and
>receives a key from my server based on various identifiers e.g.
name,
>perhaps CPU ID or Hard Drive ID. This would mean that the
customers
>environment would be the only environment where the book could
be read. I am
>unsure as to whether I would have to be able to encrypt the
file for each
>download. Can anyone offer advice or products capable. I am
sure this will
>become a big topic in months / years to come.
>
>Thanks in advance for your assistance
>
>Andy Carroll
It is *already* a bit topic, but it is *impossible* to stop
piracy in the fashion you want. The only other solution is for
people to order the book online then ship it to them (hard copy).
You can never stop piracy, but you can make it less then
worthwhile. For example without a good reliable OCR I can't
copy a hardcopy book and pirate it. I would have to buy it.
And not alot of people would go out of their way to make copies
of a book that way.
My advice, sell the book thru Amazon or Chapters.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Could RC4 used to generate S-Boxes?
Date: Sun, 04 Jun 2000 15:37:25 GMT
I've read somewhere that RC4 is secure against both diff & lin
cryptanalyis. I figure this secuirty must be derived from its s-box. My
real question is, is the secrecy of the s-box that makes it secure or
does the algorithm generate diff & lin optimized s-boxes?
=======
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Could RC4 used to generate S-Boxes?
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 04 Jun 2000 08:50:31 -0700
In article <8hdt3k$apl$[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> wrote:
>I've read somewhere that RC4 is secure against both diff & lin
>cryptanalyis. I figure this secuirty must be derived from its s-
box. My
>real question is, is the secrecy of the s-box that makes it
secure or
>does the algorithm generate diff & lin optimized s-boxes?
Chances are you have a bit of reading todo on sbox construction.
The reason RC4 is secure is that it's hard to model the internal
state based on output only. Some 'weak keys' have been
identified which leak more information about the state.
The sboxes RC4 makes are by no means secure on their own (i.e in
a feistel cipher), and don't always have optimial cryptographic
properties (SAC, BIC, non-linear, bijective, low xor-pairs).
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
