From: Eugen Leitl (eugen@leitl.org)
Date: Mon Apr 29 2002 - 12:56:19 MDT
On Mon, 29 Apr 2002, Harvey Newstrom wrote:
> No. Weak encryption is easily decrypted by large government
Ubiquitous weak encryption makes nontargeted (requiring very cheap
realtime cryptoattack) screening prohibitively expensive. Since strong
encryption has only marginally (doesn't apply if you're running a loaded
webserver without SSL accelerators) higher computing costs than weak
encryption you could as well use the real McCoy. When I call overseas
using SpeakFreely (DES, IDEA, PGP support) and verify the key fingerprint
I'm reasonably safe from eavesdropping, arguably even when resources of a
major government are being used against me in a dedicated fashion.
> computers. Strong encryption is illegal to export, and so further
> investigation is warranted because of a possible export crime.
Cryptography is not limited to a specific country. Inventing a reasonably
secure block cypher isn't deep magic if you don't care about performance,
and hence can be done by any reasonably competent human anywhere on the
globe. Legislations vary, export is nontraceable, and once it's exported,
it's legal. The cat has been out the bag so long its kittens got kittens.
> Strong encryption coming into the US that was not originally funded
> from US sources merits further investigation for possible terrorist
> connections or activity by foreign governments. I can't think of any
And vice versa.
> type of traffic that is excluded from these systems.
Marginally competently (professionals use one time pads anyway) done
cryptography is not the weakest link. Of course, there's value in psyops
if it makes people communicate in clear instead of using even weak
cryptosystems.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:13:42 MST