[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wrap Up: Conference on Law Enforcement and Intelligence



At  1:03 PM 10/20/96 +0000, James Morris wrote:
>On Sat, 19 Oct 1996, Black Unicorn wrote:
>
>> 4.  Might be a good idea to review implementations of crypto.
>> 
>> Both James Woolsey and Stewart Baker made sly remarks about the
>> reliability of crypto in the public domain. [...]
>
>There was also an interesting comment made in session three of the 
>Joint Australian/OECD Conference on Security, Privacy and Intellectual 
>Property Protection in theGlobal Information Infrastructure,
>(Canberra, 7 - 8 February 1996), reportedly by a representative of 
>the DSD:
>
>"... PGP may not survive as a viable option for private security."
>
>For the full quote, see:
> http://www.nla.gov.au/gii/sess3.html

(1) If I were faced with an opponent who had a crypto system I couldn't
break, I would attempt to make him think I could break it so he would stop
using it.  AKA FUD.

(2) If I could break his system, I would want him to continue using it.  I
would have to be very careful about how I used the material so he didn't
catch on to the break.  There are some wonderful examples of this logic in
"The Code Breakers".

(3) The devil is in the details.  I still am not convinced that MacPGP has
enough sources of entropy for its IDEA key generation.  (But I am not
convinced that it doesn't either.)  I put integrating Jon Callas's entropy
manager into MacPGP as a high priority.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
[email protected] | Voting for Harry Browne    | Los Gatos, CA 95032, USA