[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Validating a program



>>>  My question is as
>> >follows:  If PGP and DES are as secure as thought to be, then why is it
>> >not ruled illegal software, just as they do with silencers, narcotics,
>> >certain type weapons, etc.....
>
>[snippo]
>
>> Why does it follow that these must be crackable, or the government would
>> have outlawed them? Despite recent moves to limit encryption, there are
>> currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
>> you from using a true One Time Pad, which is mathematically proven to be
>> unbreakable, now and forever, even against infinite resources.  If this
>> is not prohibited (and it isn't), doesn't that refute your argument?
>
>Dale Thorn replies:
>This is a misleading challenge.  There's a helluva difference between the OTP
>and a
>Public Key system.  If, for example, it can be proven that I can crank up PGP
>to its
>most cryptic level, and send the OTP overseas with "absolute security", so
>that I
>can now send messages with the OTP which was crunched with PGP's highest
>security,
>then that would mean something.
>
>My point here is that Ed was asserting that PGP, DES, etc., must be
>crackable, otherwise the U.S. government would have ruled them illegal
>(domestically).  I pointed out that one can legally own and use a true OTP
>with impunity in the U.S., despite its unquestioned unbreakability.
>Therefore, his argument falls.  If it made sense, the USG would have AT LEAST
>outlawed OTP's (which they most assuredly cannot break).
>
>Just so there's no misunderstanding:
>
>1. The OTP is absolutely unbreakable. (if done correctly)
>2. The OTP encryption cannot be decoded on the other end unless you can
>deliver the
>   OTP to the person on the other end by a secure means.
>3. PGP, which is not usually used at its highest level of security (for all
>bits in
>   a message), *will* be used at its highest level of security to send the
>OTP to the
>   person on the other end.
>4. The OTP arrives on the other end, completely safe from snooping.
>
>Now you see the problem.  #4 above can't be assured, and that is why Ed says
>that PGP
>is not shut off "right now", because it's probably not "really secure".
>
>I'm not sure what you're claiming here, or what point it is intended to
>demonstrate.  No matter the strength of PGP, delivering a OTP in this fashion
>would render it no longer a OTP.  Besides, this scenario makes no sense.  In
>any case, there is no restriction I know of in sending encrypted data (or
>even One Time Pads) to whomever you choose, by whatever means.  (Granted, if
>you send encrypted traffic to [email protected], or dispatch couriers with
>briefcases handcuffed to their wrists, you might invite suspicion...)
>
>Could you clarify the point you're making above?
>
>I'm amused to think that, in a nation armed with 20,000 or so nukes, the
>paranoid of
>paranoid nation-states as it were, some of the erstwhile intelligent citizens
>think
>that the U.S. military are just sitting around wringing their hands over the
>"fact"
>that the citizens have "unbreakable" crypto.
>
>Bear in mind the Scientific American articles on Public Key crypto back in
>the 1970's.
>The military knew the score back then, and if you think they just sat back
>and allowed
>all this to happen, well, sorry, I don't believe in Santa Claus or the Easter
>Bunny.
>
>Well, while the feds are no doubt powerful, they ARE subject to the same laws
>of mathematics as the rest of us.  While it is _possible_ they know much more
>about factoring than the rest of the world, I find it unlikely that they are
>advanced enough to factor 2000-bit numbers.  (I can't prove it, just as I
>can't prove they don't know how to make their agents invisible.)
>
>And they didn't just sit back and allow this information out -- witness
>Bernstein, et. al., and all the continuing ITAR/GAK fallout.  Of course, I
>expect that some will claim this is just for appearance's sake, so as not to
>make it obvious that they can actually read all our thoughts directly, using
>technology they got from the Greys from Zeta Reticulon...
>
>Tunny
>======================================================================
> James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
> Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
> [email protected]    |                    36 07 D9 33 3D 32 53 9C
>======================================================================
>
>