[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reaction time and Crypto
>It seems to me that the following technologies are going to be of increasing
>import despite the outcome of the Clinton proposal.
>1. Raw headerless output from packages like PGP. It seems obvious that
>if crypto is regulated, it must be easier to disguise the type of crypto
>one is using, or indeed if one is using crypto.
Removing the headers from PGP will accomplish only the most cursory
security. The PGP packet structure is recognizable out of a random
byte stream even without the headers.
More generally, just because _you_ don't know how to recognize
something doesn't mean your opponent is similarly lacking. In order
to really know it can't be done, you need a proof, that is, an
argument that covers all possible ways of looking for something.
This principle applies to all forms of steganography.
>2. Methodology for the disguising of cyphertext in more innocous data.
See my comment above for my opinion on this.
>3. The proliferation and consistant use of Crypto for even everyday
>communications.
I think work done to get PGP, for example, in mail readers is
something that should be done with a bit more zeal. I, personally,
don't use it much because of my computing environment (receiving mail
on a widely-known-to-be-insecure Unix box, dialed in from MSDOS). The
integration problems are pressing.
>1> The harder it is to find, the less potential there is for regulation.
>2> The harder it is to look for, the less potential there is for regulation.
>3> The harder it is to abolish, the less potential there is for regulation.
True up to a point. Remember, internet users are still a small
percentage of the whole.
Eric