The Battle to Control Encryption - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: The Battle to Control Encryption

  1. #11
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    I still think the best way to fight is along these lines : http://www.antionline.com/showthread...631#post647212

    Make the agencies read everything on the net, all the time.

    They will not have enough resource to do so.

    <aside> Bloody hell it's snowing here! </aside>

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  2. #12
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    SNOW!

    Appart from that, Say they would stick all the keys in a vault....how many keys would there be? How many tries would they have to do? In the end it would simply end up having to bruteforce it due to the sheer number of keys. And then what? Doulbe encryption? Multi cipher? Shifting? Twisting? Seriously, it's not possible, never mind being agains moral rights of privacy. I for one would spend all day spitting out keys just to make their life hell!

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #13
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by Noia
    SNOW!
    I for one would spend all day spitting out keys just to make their life hell!

    - Noia
    Snow's turned to raid & mist now.

    What a good idea - flood them with keys.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #14
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    make a dedicated 486 generate key after key after key for as long as you suply power to it..

    lol, yeah..

    But I read that it would be a "master key" kind-of-way..
    wich would mean that people will have to be forced to use their "new" way of encryption instead of ssl/pgp..

    the master key principle could work..

    instead of the public - private key system we all use, it would have to be a public - private - master but that would make crypto challenges like the RSA's factoring challenge a very dangerous thing..

    In a public - private key system, it is possible to get a key, it just takes too damn long for that key to be usefull !!
    In a public - private - master key system, it will not take longer to get the master key, but a hell of a lot more dangerous !!

    well that's all for my input before coffee !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #15
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Well I am inclined to jump on the bandwagon like everyone else and cry Hitler and George Orwell and on and on. I love my privacy and I am definitely inclined to support SAFE over anything the FBI introduces. But it's kind of ludicrous. I mean encryption has gotten to the point that there are hundreds of methods and product with virtually unbreakable keys, even given Moore’s law into consideration the governement couldn't break some software of the street. So it wouldn't be very en-forcible. But then again, I think: wow, eventually the government is not going to have a way to monitor anything. Organized crime and criminals will run free and control the country again. I know how all of AO hates child pornographers based on another thread. What if those *******s could exchange their wares and never get caught? Except perhaps, by accident when actually physically caught with camera in hand. Makes me think, but for now I actually read parts of the bill and formed my own opinion. This is a democracy and if you don't like it vote the f@ckers out - call their offices and talk to them.

    IN THE SENATE OF THE UNITED STATES
    Mssrs, McCain, Kerrey and Hollings introduced the following bill; which was read twice and referred to the Committee on…

    There they are the culprits….

    SEC. 101. LAWFUL USE OF ENCRYPTION.
    Except as otherwise provided by this Act or otherwise provided by law, it shall be lawful for any person within any State to use any encryption, regardless of encryption algorithm selected, encryption key length chosen, or implementation technique or medium used.
    Ok that's cool; I can USE encryption and anything that is on the market.

    SEC. 102. PROHIBITION ON MANDATORY THIRD PARTY ESCROW OF KEYS USED FOR ENCRYPTION OF CERTAIN COMMUNICATIONS.

    Neither the Federal Government nor a State may require the escrow of an encryption key with a third party in the case of an encryption key used solely to encrypt communications between private persons within the United States.
    That stated the government can't force someone to participate in the Key Management system. That's OK as well.

    SEC. 103. VOLUNTARY PRIVATE SECTOR PARTICIPATION IN KEY MANAGEMENT STRUCTURE.

    The participation of the private persons in the key management infrastructure enabled by this Act is voluntary.
    Again that states from a citizen perspective that participation is voluntary.


    SEC. 104. UNLAWFUL USE OF ENCRYPTION

    Whoever knowingly encrypts data or communications in furtherance of the commission of a criminal offense for which the person may be prosecuted in a court of competent jurisdiction and may be sentenced to a term of imprisonment of more than one year shall, in addition to any penalties for the underlying criminal offense, be fined under title 18, United States Code, or imprisoned not more than five years, or both, for a first conviction or fined under title 18, United States Code, or imprisoned not more than ten years, or both, for a second or subsequent conviction. The mere use of encryption shall not constitute probable cause to believe that a crime is being or has been committed.
    That says if you knowingly encrypt communications that leads to unlawful acts, like planning a bank robbery over email, you could go to jail. OK, that’s fine too...

    SEC. 105. PRIVACY PROTECTION.

    (a) In General. It shall be unlawful for any person to intentionally --

    (1) obtain or use recovery information without lawful authority for the purpose of decrypting data or communications;
    (2) exceed lawful authority in decrypting data or communications;
    (3) break the encryption code of another person without lawful authority for the purpose of violating the privacy, security or property rights of that person;
    (4) intercept on a public communications network without lawful authority the intellectual property of another person for the purpose of violating the intellectual property rights of that person;
    (5) impersonate another person for the purpose of obtaining recovery information of that person without lawful authority;
    (6) issue a key to another person in furtherance of a crime;
    (7) disclose recovery information in violation of a provision of this Act; or
    (8) publicly disclose without lawful authority the plaintext of information that was decrypted using recovery information obtained with or without lawful authority.
    (b) Criminal Penalty. Any person who violates this section shall be fined under title 18, United States Code, or imprisoned not more than five years, or both.
    Guys/Gals this actually puts in safeguards that DO NOT EXIST!! Our internet communications do not have the same protection our phone lines do. This would give some of that protection.

    More...

    The rest of section 1 goes into detail on how the government can recover a key, assuming you take part in their secure network. I see something out of line here with what media is reporting. There is a lot more to the bill but I am out of time for now. Let's look at it and comment on the actual bills and what their strengths and weakness is. Not what Dan Rather, Ted or CNN say. I like article 1 so far.... more later. Peace.
    Make your own assumptions… DA BILL
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #16
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Exclamation

    It seems that the scope of the SAFE bill goes beyond just encryption. It also aims at a target near and dear to many of us on AO- the erosion of civil liberties as a result of the PATRIOT Act.

    SAFE not only attempts to handle the issue of encryption, it also contains many proposed limitations on the scope of what the FBI and the Justice Dept. can or can't do as related to the powers granted them in the PATRIOT Act.

    Read this SecurityFocus article for more information: Senators propose Patriot Act limitations

    You can also read the actual text of the proposed bill here: SAFE Act

  7. #17
    Or, they could repeal the Patriot Act. Seriously, it has done nothign in the war on terror and just infringed on our rights, mostly the right to privacy. The prisoners at Guantanamo Bay are treated better than the prisoners in the United States, and they are war criminals. Personally, I think it is complete bullshit; just a way for Bush/current party to establish dictitorial control of our country via legal means, like Hitler. The thing is, it is not because Bush is very amiable, and charismatic, it is because the Republicans control two thirds of goverment and can rubber stamp anything they want. Conclusion, we very well could turn into a dictitorial state, everybody stock up on guns and ammo in case there needs to be a revolution.
    -Jessus is coming!!!!! Everybody look busy!-

  8. #18
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    This may be simplifiing things. But the prisoners of Guantanomo are held on powers of the patriot act. If it's repealed, don't all those guys/gals get to go free? I am not sure that being active in a terrorist cell is justification of jail time under normal law? Like I said, maybe that's over simplification.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #19
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    I am not sure its the PATRIOT Act that allows us to hold them. I think its military law that does. Basically, as I understand it, as long as we call them POW's or whatever they fall under military law and Geneva Convention rules rather than civil law.

    Under civil law they would have limits on how long they can hold someone and how due process works, etc. But POW's are not afforded the same rights.

  10. #20
    My point is that the Patriot Act only infringes on US citizens rights since them at Guantanamo Bay have none. And since we have to obey the Geniva Convention, which is bullshit, we have to treat them nicely... Or we could put them with the axe murderers, the child rapists and such, they [the murderers/rapists] would have a field day, and the terrorists would have a quite different experience.... it would also cut costs.

    -It is I, me-

    PS: Terrorists arent smarter because they commit acts of terrorism. It is that they have the will, and if they have the will they will obtain the means. It is sort of Machiavelian in nature. They will do whatever necessary to get what they want.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides