[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CRYPT: Dingaling Denning & random # generators]



Doug Humphrey writes:
>
> >As I posted once to sci.crypt: encrypted communication is virtually
> >interchangeable with and indistinguishable from communication itself.
> >How does someone `know' that you are encrypting a message? 
> 
> This is not strictly true.  While someone might not be able to tell
> that you are engaged in the act of encrypting a message, the
> transmission of encrypted communications is often detectable.
> Spread spectrum transmissions often look like an increase in the
> noise floor of certain communications channels, prompting systems
> to think that there are malfunctions, and to dispatch someone to 
> take a look at the facility.  If they throw a spectrum analyser 
> on it, it doesn't look like valid data in most cases, just noise.
> 
> With voice communications it is easy to recognize the patterns
> that speech generates, and they look very different from the 
> randomness that simple crypto produces.  Unless one uses a 
> post-crypto wave shaper to simulate the amplitude changes that 
> speech produces, it is simple to build a circut that can make a 
> pretty accurate evaluation of voice/data/crypto going by it.
> Nothing more difficult in 1993 than was the first 2600 hz
> detector circut when it was put into widespread production use
> in the phone network.  In fact, given that modern switches are 
> already digitizing the signals, a little DSP hardware should 
> make quick work of the first cut, narrowing down which lines 
> should receive harder evaluation to see if people are trying to 
> protect their privacy.

Why not send your PGP encoded files using V.27 or whatever the 9600
baud fax transmittion modulation is?  By the year 2000, there will
be around 40 million fax machines in the U.S.  Assuming the FBI/NSA/ASPCA
can tell apart voice from fax by scanning all the phone trunks in the U.S.
with high speed parallel computers, it wouldn't help them if there are
around 100 million fax transmissions taking place each day.  No way in
hell are they going to pick up your signal from the other 99,999,999 fax
transmissions taking place that day, and then spend the rest of their
lives trying to crack your PGP message.

The same can be said about modems.  If Prodigy, America Online, and
Compuserve keep up their newbie recruitment pace, about 50% of the homes
in the U.S. will have modems by the year 2000.  And don't tell me they can
build computers that can distinguish between a PGP file transmission and some
hormone crazed 15 year old dork downloading the latest GIF of Cindy Crawford
or a ZIPed ware.  I've looked at hexdumps of GIFs and ZIPs and for all
practical purposes they look about as random as PGP data.  If the NSA
can build a parellel computer that scans all the trunks in the U.S.
simultaneously AND can tell the difference between PGP streams and ZIP/GIF
file data streams, then I just might as well go and shoot myself right
now.


Thug