> I'm amazed at their claims of radio interception. 1. "Look for plaintext." This was rule #1 stated by Robert Morris Sr. in his lecture to the annual Crypto conference after retiring as NSA's chief scientist. You'd be amazed how much of it is floating around out there, even in military communications.
2. Wars are great opportunities to learn what other folks are doing for communications security. Whether or not you are a belligerant in the war, you clearly want to be focusing your interception capabilities on that battlefield and its supply and command trails. Besides operational errors made under stress, which can compromise whole systems, you just learn what works and what doesn't work among the fielded systems. And what works or not in your own interception facilities. Wars are much better than sending probe jets a few miles into an opponent's territory, to show you how their electronics work. > One would > expect that all US military communications, even trivial ones, > are strongly encrypted, given the ease of doing this. Given the ease of writing strong encryption applications, I'm amazed that civilian communications are seldom -- very seldom -- encrypted. Deployment and interoperability without introducing major vulnerabilities is much harder than just designing algorithms and writing code. It involves changing peoples' habits, patterns, and practices. Remember, the cypherpunks cracked Clipper and DES, deployed the world's most widely used email encryption, secured any Web traffic that chooses to be secure, built a lot of the most popular network encryption. We beat back NSA's controlling hand, and encouraged a global spread of encryption expertise. We secured most of the Internet's control traffic (using ssh - thanks Tatu) to make it harder to break into the infrastructure. We're the A-team. But our cellphones are still trivial to track and intercept; the vast majority of email, web, and IM traffic is totally unencrypted; ordinary phone calls are totally wiretap prone; our own new technologies like 802.11 have no decent encryption and no likelihood of a real fix that works everywhere by default; we know the government IS TODAY wiretapping tons of innocents in a feeding frenzy of corruption; the US government has mandated Stasi-like wiretap capabilities in every form of new communication (even where the law gives them no power, they arrogate it and largely succeed); the wiretappers have largely built an international consensus of cops to track and wiretap anybody anywhere; practical anonymity has significantly shrunken in the last decade; and even more traffic is moving onto wireless where legal or illegal interception is undetectable. We still fight endless intra-community battles that delay or derail deployment of existing encryption. The most widespread large-scale hard-to-crack systems are being deployed AGAINST the public interest -- by the copyright mafia. If *we*, the victors in the crypto wars, couldn't get decent encryption deployed, even among ourselves, why would you expect that a government bureacracy could do it among itself and its clients? John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]