Alex Alten wrote:


These are trite responses.  Of course not.  My point is
that if the criminals are lazy enough to use a standard
security protocol then they can't expect us not to put
something in place to decrypt that traffic at will if necessary.


Look, the criminals have to design their security system with
severe disadvantages; they don't own the machines they
attack/take over so they can't control its software/hardware
contents easily, they can't screw around too much with the IP
protocol headers or they lose communications with them, and
they don't have physical access to the slave/owned machines.

And, last I heard, they must obey Kerckhoff's law, despite
using prayers to Allah for key exchanges.

Given all this, I'm not saying its easy to do, but it should be
quite possible to crack open some or all of their encrypted
comms and/or trace back to the original source attack

However, we do know that "criminals" are not always lazy. The trite comment often said is that if they used the same level of effort in a legal enterprise they would have done quite well.

The other proof that they are not lazy is looking at the evolution of the sophistication of malware like Storm and Nugache. It takes some serious effort to overcome the real handicaps that you point out as well as the ratio of the power and numbers that are hunting to put them out of business to their own numbers.

In many ways it is similar to a guerrilla war where many of the advantages are actually held by the tiny band of insurgents, who, greatly outnumbered and out-gunned, can in fact change history. The Swiss know this and train their military based on this.

Do not be surprised if the dissidents of all stripes use improvisation based on malware and other tools like onion routing to further their causes and evade suppression.

BTW, while I do not think all dissidents are righteous or fighting for righteous causes this does negate the general idea. A hammer is a hammer. Good or evil is independent of the tools, it depends on what one is pounding, nails or heads.



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to