[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SynData/Schneier Attack Network Associates





[you are posting to [email protected]... see:
http://www.dcs.ex.ac.uk/~aba/cp.html for where you should be posting
-- hint: the address you are posting to is out of date]

Wesley Griffin <[email protected]> writes:
> > By "companies like Network Associates", do you mean "companies who are
> > members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are
> > the "companies like Network Associates", in that regard:  [Note RSA is a
> > Charter Member]
> 
> This statement is seriously confusing Key Recovery and Key Escrow.
> They are NOT the same thing.  Everybody knows what Key *Escrow* is
> and that it sucks.

You need to understand Newspeak to understand any crypto documents
written by the government, or government toadies.

To them the key recovery, key escrow are just different PR terms to
try to con people into going along with goverment backdoors in crypto
software.

The key recovery alliance program (KRAP) is a government program to
bribe companies into building government backdoors into their crypto
programs.

The KRAP program requires it's participants to agree to fast track
installation of GAK (Government Access to Keys -- master government
backdoor stuff) into their software.  In exchange for doing this the
companies get permission to export ridiculously weak 56 bit crypto
instead of even more ridiculously weak 40 bit crypto.

They have a 2 year time frame in which to install government master
backdoors into their crypto software.  And there are reviews of
progress made every 6 months -- failure to meet deadlines results in
loss of 56 bit export permission.

> Key Recovery is *very* different in that are no databases kept of
> private keys.  The website you mentioned (http://www.kra.org)
> contains some very good info on how Key Recovery works.  I would
> like to see the source of Schneier's quote also, because I can't
> believe he could get the two confused.

I fully expect Schneier spoke out against KRAP -- the companies
involved are government sell outs.  This is why people are upset that
PGP Inc was just bought out by a KRAP company McAfee (which recently
renamed itself to Network Associates).

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`