[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GAK Hacks



At 3:43 PM 9/7/95, Matthew Ghio wrote:

>The same applies to GAK.  There is no reason to hack it when you can just
>use PGP instead.  The only reason to hack it would be if it became a
>standard.  If we have to start hacking GAK applications, we've already
>lost to a degree.  Thus our focus should be on making alternatives
>available instead of just attacking GAK.  (Although I suppose you could
>show how to hack it, for the sake of making a political statement.)

GAK Hacks!

We did it for SSL, let's do it for GAK.

Demonstrate that superencryption (encrypting within a GAK wrapper) defeats
GAK. And other kinds of hacks, including releasing "damaged" (inoperative)
versions of the proposed code (when it becomes available).

Or releasing "work-alikes." Etc.

Granted, the demonstrations will be less clear than breaking the 40-bit key
was, partly because there is no clear-cut standard out there, and many
aspects of GAK are still in flux.

But it could still be a powerful example, an example "by direct
demonstration," that government-mandated key escrow is problematic.

(Of course, a sufficiently powerful or clear demonstration, picked up by
the popular press the way the SSL challenge was, could also cause the
government to tighten up the rules on GAK, such
as--speculatively!!!!--adding "compliance audits" to the GAK laws.)

But GAK Hacking could be an interesting project.

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."