RE: crypto backdoors = terrorisms free reign
Hadmut replied to Jim: Incorrect. You will weaken the absolute security of many, but the few who choose to use strong (non-GAK) crypto will be easily distinguished from those who comply with the rules. No. It cannot be easily distinguished. That's the mistake almost all politicians do. Correct, but let me explain _why_. Suppose by law, everybody can use GAK encryption alg, say `GEEK`. Attacker wishes to use non-GAK algorithm, say `TRICK`. GEEK has a distinguisher module available to NSA which outputs GEEK or SUSPECT for encrypted data (using GEEK or any other algorithm, respectively). Attacker encrypts his data with TRICK and then with GEEK. So this is validly GEEK encrypted data. Until the NSA tries to decipher it, it looks fine. (As far as I know, sending this message is still legal. I definitely hope so.) Best, Amir Herzberg - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Please make stable NON-US homes for strong crypto projects
Udhay Shankar N wrote: From: John Gilmore [EMAIL PROTECTED] It's clear that the US administration is putting out feelers to again ban publication of strong encryption. Just taking a minute to plug http://munitions.vipul.net/ -- it is a collection of Open Source crypto software for Linux, mirrored at 10 different (non-US) sites. A quick check of the site shows one mirror in Canada, the rest in Europe. An Asian, Australian or Latin American mirror might be a good idea. Volunteers? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How to ban crypto?
Banning cryptography to deter terrorism, or controlling it to give GAK, is much in the news these days. I wonder if it could be done? Bin-Laden was at one time said to use stego in posted images for comms. I doubt this was true, but it would be very hard to stop. Good stego can be undetectable (and deniable) for short messages of the type needed by terrorists. Without depth it can be very hard to detect even ordinary stego, and stego is advancing fast. To prevent traffic analysis, public fora such as newspaper private ads or chalk marks on walls have been used by spies and terrorists for a long time, and modern ones like newsnet groups aren't very different. Requiring posters to prove identity would be difficult if not impossible, and wouldn't work against undetectable stego anyway. Even a popular privately run site could be used to provide cover traffic. That's not counting the CIA's SafeWeb anonymiser, remailers, and the like. Subliminal channels in Government-approved crypto could also be used. Word or phrase selections can carry messages. Pre-arranged codes can be as secure as OTP, and impossible to detect or prove. The list is long if not endless. Perhaps Governments can ban (non-approved?) encryption software, and punish those who have it on their computers? I'm no expert, but it seems likely that a macro worm could be written to do hard crypto without great difficulty, and people can reasonably say they didn't know it was there. It might even be possible to embed this functionality in a virus. Certainly it could be included in freeware available on the 'net. I've also been looking at the possibility of steganographically hiding functionality, and while I can't do it yet, I'm convinced it could be done. Any other suggestions for how to ban crypto? I can't think of anything that would actually work against terrorists. -- Peter Fairbrother - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
On 16 Sep 2001, at 17:26, Peter Fairbrother wrote: Any other suggestions for how to ban crypto? I can't think of anything that would actually work against terrorists. Hmmm... we should be careful not to restrict the discussion of potential (non-)effects of coming restrictive legislative measures with regard to cryptography to pure technical aspects thereof. For example, I am working in Germany as a Patent Attorney. During the past years I managed to convince a handful of clients and colleagues to make use of PGP in order to protect confidential information when sending e-mail messages. Of course, if PGP would be banned in Germany by some legislation I would not be able to recommend any client or colleague to continue with PGP usage. I for myself would have to cease PGP usage immediately. Besides criminal charges, it would be an offence in violation of the applicable professional code of conduct, and I surely would get a lot of trouble if I would exercise non-compliance in conjunction with my professional activities. Maybe that I would lose my professional admission (in Germany, Patentanwalt is a strictly regulated profession). Other professional users would also effectively be forced to cease PGP usage by similar mechanisms. So a ban on strong crypto might indeed very effective among professional users where economical aspects are at stake. Nevertheless, a ban of non-GAK strong crypto would not be a suitable measure to fight terrorism. It would only stabilize the present SIGINT hybris. Axel H Horns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto backdoors = terrorisms free reign
On Sun, Sep 16, 2001 at 10:00:21AM +0300, Amir Herzberg wrote: Suppose by law, everybody can use GAK encryption alg, say `GEEK`. Attacker wishes to use non-GAK algorithm, say `TRICK`. GEEK has a distinguisher module available to NSA which outputs GEEK or SUSPECT for encrypted data (using GEEK or any other algorithm, respectively). Attacker encrypts his data with TRICK and then with GEEK. So this is validly GEEK encrypted data. Until the NSA tries to decipher it, it looks fine. Obviously. You can make it even more simple: I send you one bit, e.g. a 1. Was this plaintext or a ciphertext encrypted with a forbidden cypher? Well, this leads to the conclusion that you have to forbid sending 1s. Restrict communication to sending 0s. Hopefully nobody discovers, that a 0 could be an encrypted 1... Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 05:26 PM 9/16/2001 +0100, Peter Fairbrother wrote: Bin-Laden was at one time said to use stego in posted images for comms. I heard that restated today on NPR by an ex-FBI commentator. I think it is ironic that Congress passed a law a while ago that discourages crypto researchers from studying and publishing how to detect and defeat stego systems. Of course, terrorists won't use watermarking stego systems, but the discouragement of researchers in one area of stego is likely to discourage them in another (or in cryptography in general). -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBO6UVx3PxfjyW5ytxEQItqgCfZcOv3rI6i6kGpQ/RfHvhqbcILfoAoJ1Q AYjmfg8XVYynTsx+CMXXP6gJ =ochU -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
In message 3.0.5.32.20010916141240.01b7eee0@localhost, Carl Ellison writes: At 05:26 PM 9/16/2001 +0100, Peter Fairbrother wrote: Bin-Laden was at one time said to use stego in posted images for comms. I heard that restated today on NPR by an ex-FBI commentator. I think it is ironic that Congress passed a law a while ago that discourages crypto researchers from studying and publishing how to detect and defeat stego systems. Of course, terrorists won't use watermarking stego systems, but the discouragement of researchers in one area of stego is likely to discourage them in another (or in cryptography in general). Niels Provos (U. of Michigan) has a very interesting paper on detecting steganography on the network (he talked about it during the USENIX Sec. WIP session). Basically, he didn't find any steganography in about 2 million images he tested on Ebay. He's working on doing the same for other mediums/sites. As the paper has not been published yet, I don't want to give more details. I've cc'ed Niels on this message, so perhaps we'll get a summary of his latest results. -Angelos - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
On Sun, 16 Sep 2001, Angelos D. Keromytis wrote: Niels Provos (U. of Michigan) has a very interesting paper on detecting steganography on the network (he talked about it during the USENIX Sec. WIP session). Basically, he didn't find any steganography in about 2 million images he tested on Ebay. He's working on doing the same for other mediums/sites. That (excellent) paper was in the refereed track, not the WiPs: http://www.usenix.org/publications/library/proceedings/sec01/provos.html http://www.citi.umich.edu/u/provos/stego/ http://www.outguess.org/ -- Sam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
At 06:58 PM 9/16/01 +0200, Axel H Horns wrote: During the past years I managed to convince a handful of clients and colleagues to make use of PGP in order to protect confidential information when sending e-mail messages. Of course, if PGP would be banned in Germany by some legislation I would not be able to recommend any client or colleague to continue with PGP usage. That's narrowly true as stated, but it's misleading because it's not the whole story. Let's not speak as if the only two options were PGP or nothing. In fact there is a wide continuum, of which three particularly interesting points are A) Anything you want, including PGP. B) Mandatory GAK. C) Mandatory plaintext. Nobody is going to ban crypto. Nobody is going to impose plan (C). Given the choice between (B) and (C), we and our customers could adopt plan (B) and get along pretty much as we do now. ... a ban of non-GAK strong crypto would not be a suitable measure to fight terrorism. It would only stabilize the present SIGINT hybris. This says GAK is unsuitable, doesn't clearly say why. I don't know whether it is a philosophical point, a political point, a technical point, or whatever. The two most common anti-GAK arguments are: 1a) It can't be done well. 1b) If it can't be done well, it shouldn't be done at all. 1c) Specifically, the risk of wholesale key-compromise is too great. 2a) It won't really detect/deter typical crime, because typical criminals will find ways around it. 2b) It won't really detect/deter terrorism, because dedicated terrorists will find ways around it. I'm dubious about argument (1) in all its forms. I suspect that if we wanted to make it work, we could make it work. I'm certain that argument (2a) is mostly false as stated. The typical prosecution involves putting together a lot of facts, most of which are not by themselves obviously illegal. For instance, imagine a world where GAK is mandatory. Then when somebody encrypts a private note such as Dear Monica - Meet me at 11:00, you know where. Love, Bill he doesn't think he is doing anything illegal. Just because it's private doesn't mean it's illegal. Much later somebody, perhaps as part of a civil suit, shows probable cause sufficient to overcome the right to privacy, and poof! GAK is exploited to decrypt the message. At this point two possibilities must be considered: a) either Bill superencrypted the message, to defeat GAK, or b) he didn't. In case (b) all they get is the message. They may or may not be able to put that together with a zillion other micro-facts to prove wrongdoing. He might get acquitted. In case (a) they've got him dead to rights for violating the mandatory-GAK laws. Klink! Given this choice, most people will opt for no superencryption. I'm not asking you to _like_ this scenario. But the rules are that one should consider all the plausible scenarios, to see where they lead. There's nothing implausible about this scenario. The situation changes if you are a dedicated evildoer. Suppose you are planning something so heinous that the penalty for being caught is more severe than the penalty for violating the mandatory-GAK laws. Then superencryption might be a good idea. Even then it won't help much, because if they can get subpoena for GAK one day, they can get a subpoena to bug your premises the next day. You increase their costs a little, but the cost to you is going to be much higher. == So we continue the search for a robust anti-GAK argument. One part of the argument is this: Terrorists don't need fancy superencryption to defeat GAK. Indeed they hardly need encryption at all. They can formulate the basic plan in a cave somewhere, and thereafter communicate in the clear: Dear Uncle: Please send another $10,000 so I can continue my training. Dear Cousin: I will be taking flight AA73 tomorrow. I understand you will be taking UA175, right? Some people are speaking as if the recent attack required vast resources and sophisticated communications. It didn't. Just because the US Army has adopted a communications-intensive battle doctrine doesn't mean everybody else will follow suit. == Conclusions: 1) The Subject: line of this thread is misleading. The issue is not mandatory plaintext. The issue is whether or not we want mandatory GAK. 2) There are AFAICT no convincing technical arguments against GAK. 3) The ultra-serious crimes such as occurred last week are irrelevant to the GAK debate, and vice versa. 4) Therefore it comes down to a routine policy decision: We get to choose a tradeoff somewhere in the gray area between -- extreme privacy, and -- extremely easy solution of some minor crimes. The real world operates in shades of gray, not at either extreme. It always has, and always will. The US Constitution, for example, provides some
Re: How to ban crypto?
In message [EMAIL PROTECTED], Sam Weiler writes: That (excellent) paper was in the refereed track, not the WiPs: http://www.usenix.org/publications/library/proceedings/sec01/provos.html http://www.citi.umich.edu/u/provos/stego/ http://www.outguess.org/ The above URLs point to the first paper, on statistical analysis of steganographic content in images and on a method to bypass them (as implemented in Outguess 0.2); there is a followup paper that talks about applying this method for large-scale stego detection. This second paper is as yet unpublished, and that's what I was referring to. -Angelos - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NYC events and cell phones
At 01:53 AM 9/17/2001 +0100, Peter Fairbrother wrote: It is possible that damage to basestations or volume of traffic may have caused this failure. Possibly, the telco switched it off to maintain service. Equally, the FBI/NSA etc may have switched it off, but I don't know why they would bother - the encryption is only between the mobile and the basestation, and they could pick up plaintalk there much more easily. There is one very simple reason why they might have wanted the encryption switched off. Wiretapping at the base station requires a wiretap order, whereas sniffing the airwaves in a matter of national security is something the NSA is allowed to do (but they can't get a wiretap order in a hurry). I don't know any facts in this matter at all, but I wouldn't be surprised if someone, somewhere, requested air interface encryption to be turned off. Greg. Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Announce] HavenCo Sealand Remailer Online
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Subject: [Announce] HavenCo Sealand Remailer Online (remailer.havenco.com) Date:Sun Sep 16 07:02:13 UTC 2001 After over a year of having HavenCo's facilities on Sealand open for customers, I have decided to set up a remailer on a spare machine. In light of recent events in NYC and DC, and the near certainty of both future legal actions against individual liberty in the name of security, and possible extra-legal/terrorist action against critical parts of the Internet infrastructure by various parties, it seems prudent to establish secure offshore services as soon as possible. Hopefully this remailer can be a small part of that. I'd also be happy to host a private operational list (i.e. remops minus several specific people) for remailer operators, as Len suggested a while ago. I plan to offer several interesting services from Sealand in the future: - a mail-to-news gateway (at least for interesting groups) - SSL web-to-remailer - nym services - possibly secure web-based email - possibly secure IMAP/POP3 over ssh/ssl - possibly agents which act on email messages, within certain sandbox environments (user-defined autoresponders, etc.) - secure mailing lists, archives of some security-based mailing lists (cypherpunks to the beginning, coderpunks, cryptography, remops, etc.) with full-text search These services are in addition to HavenCo's high security managed colocation, consulting, and software development. More information is available at http://www.havenco.com/ My primary concern is limiting the usability of these services for HavenCo AUP violations; specifically spam and spam-mailbox. A per-message charge or decrement would likely accomplish this, along with either payment or proof-of-work. My goal is to make all services for pay as soon as a suitable payment infrastructure is deployed. Donations to support the remailer may be made through http://www.e-gold.com/ account 191914 with remailer in the memo line. Config for remailer.havenco.com is: Celeron 533 256MB ECC RAM 2 x 30GB disk FreeBSD 4.4-STABLE Postfix snapshot-20010808 $remailer{havenco} = [EMAIL PROTECTED] cpunk mix pgp remix latent +hash cut test ek ekx esub inflt50 rhop20 reord post; PGP Key: Type Bits/KeyIDDate User ID pub 1024R/A222FA27 2001/09/16 HavenCo Sealand Anonymous Remailer [EMAIL PROTECTED] - -BEGIN PGP PUBLIC KEY BLOCK- Version: N/A mQCNAzukFdcAAAEEAJ+gzhkBCvhyfKla6CvA06MS02M+9fjxoRWw69KkVm1i5+Nv Y8M1tgHI717byLM01tLEIhWzUtyCQM7UCwo4rkHkqSC1zdRlnK3HxdqR05lXSvjJ +u3i665qhvPXz+8waG0w5qi+Z/PfsUFLr8B3xW9uSkgiAOzN9a9GOROiIvonAAID tD1IYXZlbkNvIFNlYWxhbmQgQW5vbnltb3VzIFJlbWFpbGVyIDxtaXhAcmVtYWls ZXIuaGF2ZW5jby5jb20+iQCVAwUQO6QV169GOROiIvonAQG3wAP/Va+FOzZ5wTSj 2iWaSEc9fwv9myrJueUHYjnWCWKcOtK3Uj4sNCRt5cshvaT6qaeCW5JnMY7XRv/F tlNFQJpnGgfKMAFYXV0aRextvr9m2iqKgAZYBs2Xye1xLoz7zw2t1keCGvruLURB G1ncyMbSeF7wHODomspHDOkV93IoFRc= =LiQg - -END PGP PUBLIC KEY BLOCK- Type Bits/KeyIDDate User ID pub 1024D/64A1975F 2001/09/16 HavenCo Sealand Anonymous Remailer [EMAIL PROTECTED] sub 1024g/6B1E76FE 2001/09/16 - -BEGIN PGP PUBLIC KEY BLOCK- Version: N/A mQGiBDukFr0RBAC/RMBEWyUmr8APcX5CkSyvkV9Lw/IUetxTFiMbvI0FfzMrxXLl AEB/vlvayQT69jnfxDs5QqaZ+AzdUTd+GvGDTIIXPH/YpiErpHj74NDUEYXIQMvP MyoKtIepjHJO72TP/3qr+hdbOy2GrlGCgIEHLZbUF6wgHRCX/5uqsnHHyQCg0hvJ 55qNioCrB358EahzW20745sD/jueQ1DKceA/sjJ3l9wrD/A6rKJRcT91nDEwotPY mIoMMD+AxdFptmsciMZ1lG8v7wzWUGWp4am9E1R1seIsRE4eJCMhT63XWRxMdU+w UU+aE/VXe3yMJ0xLNOubN/n4cua8TMfgkgDpqzXPXf0EHk5F8bgjWhprl60+jrcf pHoWA/wO02AN1YI9W9bhROrJcJLawFG3sUuox25gEvBuwj2sTaGYjCEwPWiqfnDi LO21ggl7XYpEOzwTGSovGwm0AnjX29Y2fVoYWa82dAdycW6kJBC2mn+D/YJ9Vezq 1Fp0hgfeophNwcyNpGn2jLIMB7pA2c1Asl/60trkDmgTYYPC+rQ9SGF2ZW5DbyBT ZWFsYW5kIEFub255bW91cyBSZW1haWxlciA8bWl4QHJlbWFpbGVyLmhhdmVuY28u Y29tPokASQQQEQIACQUCO6QWvQILAgAKCRBfYBtvZKGXX9gdAKCAfX/OGgSmVH/2 uUc4oEikyReQMwCguGD2PXMKqe2CJ5++suPCRdcIKAG5AQ0EO6QWvRAEAOY8AM+R r1tJOKujQX2vqB9577mzUiO3aNuaT5gf5P0QRPqouuEiDvH9vg5RcG+mKyc4j/C9 x3czV5Bvu3LjALeOI6Wh8HCnLnNAj9e+0Oq8X85Z+adwWixF101UVlpAsDAc3eKv QV8bb0ruZM8kn4xmxWYUPYUzHgVT3DuoQeDXAAMFBACgtK9bM+sNMuWXeEl8m1kd AvMFeDp2zibRVkP1C59b8G1tO6fYd+TE5iGPoxpNgjqVSfx0DKGgtVHjZaGtGlyQ KOPbj5dpB+dl4nUYN0fGufbAs2Q4qX1yxjnxqVDtDJ4OMltUKoon0F4uCkxnz364 QolM6n2iWrv2S6mND8H9UokAPwMFGDukFr1fYBtvZKGXXxECh9kAoIiRmWLD1sSu FHlgkW6YvS89RhgJAJ9Z1HCzERjwR1RO7A7JlG9zexvugw== =VU++ - -END PGP PUBLIC KEY BLOCK- Mixmaster key: havenco [EMAIL PROTECTED] dcd835a6ecfc412ba8535949ff30be44 2.9beta23 CNm - -Begin Mix Key- dcd835a6ecfc412ba8535949ff30be44 258 AATCb0yiTHhLWzxAKbZPb2N7kI+PhjgVsY/vUFC5 xWQu3XkDnHjyLwKvZTZsdEwWmnZmgbp9NoBVGdXl m+0+M5V1hS4EP2YOd/YtMBUMriPbEZpZRZ8V7og+ qVArqXXyX5C3XbbR++yeMoCEjq+vmBpy6aOELoUq cvSxIBCoJU8+XwAA