M e l m o t h 's S e c r e t B i t s
Or to put it another way "Hello, Brian Stone!"


Welcome to my parlour...

And then there's the wonderful world of PGP...

Breaking PGP - Some Thoughts.

In terms of secure encryption for the casual user - PGP is the be all and end all of public key crypto systems.
The beauty of PGP is in the way it manages to combine several encryption concepts / techniques, and so in looking at attacking PGP, I'll look at attacking each part in turn...and some other sneaky ways too.
  1. Attacking IDEA.
  2. Breaking RSA - the public-key system.
  3. MD5 - The one-way hasher, for digital signatures.
  4. Sneaks - Some practical attacks on PGP!

What the Governments say...here and abroad.


Ireland

There is some information on Govt. policy available from the Irish Government Website, from which I've distilled down some of the press releases....

The United States of America

France



Some Crypto Links...

The following is a partial list of some of the more interesting websites I've visited on my travels....

Introduction

I've only had the briefest of introductions to the field of cryptology. I am only educated enough to know that I know nothing. This area of study is a virtual minefield for the beginners, and certainly the non-expert should tread with caution if at all.

There is an ancient Chinese saying....

"Welcome stranger - the road is treacherous today, and on the heights the paths are paved with daggers."

...well, ok. It's 'an ancient Chinese saying' which I've just made up, but had the ancient Chinese known much about computer cryptology, I'm pretty sure that they would have made that saying up as well.

I'd emphasise the word computer for the simple reason that back in the days of the ancient chinese, it was sufficient to write any message down to prevent an enemy reading it. Or better yet, construct two sticks of equal bore, and wrap the messag e sheet around the 'send' stick, write your message, unwrap, and then only the person with the correct 'reciever' stick could decipher the code! Of course, the field took a huge leap forward with the introduction of computers into the equation, and nowadays no human being(1) can hope to understand evey aspect of the vast mathematical ediface underpinning the field of cryptography.


The Diffie-Hellman Problem - quick proof

I'm in the ca3 Computer Networks class, and low and behold the very first difficult concept we're taught - I have problems with it.

It was explained to us, and I more-or-less understood what was happening. I understood the aim, the concept, and the examples.

But the D-H method of key exchange relies on the keys _always_ being the same, but I couldn't prove this at a glance! (...partly because of my stupidity, and partly because of my ignorance of 'mod' manipulations...)

So, anyway, I spent the lunch hour at it, and lo! understanding blossomed. The key to comprehension of this problem, is realizing the following fact.

	If x Mod y = z then 
		 x = z + M, where M is an integer no. times 'y'.

	So...
	[z^2] Mod y = (x Mod y)^2 Mod y

	Therefore...
	            = (z^2 + M^2 + 2zM) Mod y
		    = z^2 Mod y 	
	Since y divides evenly into all combinations of M. :)	

	This means that we can show, for any x, and y that
		[x^n] Mod y = (x Mod y)^n
	for any power of n :)

<applause> Thank you very much! ---

And once this has been shown proving that k1 == k2 in the D-H method, is just trivial! And lo! now I fully understand this wonderful method secure key transmission!


Social Engineering

Or, "System Cracking for the Mathematically Braindead", lesson #1.

Don't get me wrong, I'm no enemy of maths, indeed, under certain circumstances I will actually admit to liking some maths.

However, whatever my interest in certain mathematical fields, I know that there will always be s.o. out there with a far better way of doing things. S.o. who will know far too much about cryptanalysis for me to feel safe.

So, the humble CA student needs a 'nifty' method of finding keys and passwords etc, w/o using horriblly complicated maths.

The first of these nifty methods, is what's known as ... "Social Engineering"

Look at a situation whereby I wish to break into a companies UNIX system. Sure, on the one hand, I could use 'Crack' to simply examine the /etc/passwd file against a pre-encrypted dictionary...but what if they've got an on-the-ball Systems Administrator who's issued everyone with randomized passwords? There goes your crack!

However, using some 'Social Engineering' the situation becomes simple Imagine the situation, I ring up one of the companys' unsuspecting employees..

Me: Hello Simon, this is Patrick down in the Computer Services Department...you won't be logged in after 7 this evening will you? 'cause we're going to have to shut the system down at that time, and move some home directories around.

MyVictim: No. No. I knock off at 5. But you're moving directories around.. None of my files will be lost will they?

Me: Well, no. Probably not, but if you like I can check your a/c for you after we're through?

MyVictim: Sure that'd be great!

Me: Don't mention it. you login as simon don't you, and your password is?

MyVictim: Well yeah, simonk, and my passwords 134kd!I.

Me: Ok. No problem, I'll look after those files for you.

MyVictim: Thank you very much.

Me: Don't metion it, the pleasure's all mine. :)

Et viola! I've just conned him into giving me his username and password. What more could I possibly want? Then once I log in under his account, I'm on the system, and only one step away from actually gaining root access!

Nice, yes?

That's the beauty of Social Engineering. I didn't need any mathematical or Unix knowledge to get into the system. I just talked him into it.

Of course, the better prepared you are the better chance of success... Things I'd prepare might be...


Physical Security.

Or, "Algortihm Cracking for the Mathematically Braindead", lesson #2.

The recent discussions in our Computer Networks class sparked some debate between my friends and I.

Having researched cryptography on the 'net, they came to the conclusion, that PGP was 'unbreakable' ie. that no mere mortal would break it, given the current state of mathematical knowledge, and also given the potential computing power available to most people.

Of course, never one to miss and easy windfall, I bet a friend of mine that I could produce the plaintext for any PGP-ciphertext he cared to send me.

He saw a chance to take me down a peg, and I was only to happy to try the same with him. In short, the bet was on.

So, roughly 15 minutes later, he mailed me a stream of horrible incomprehensible pgp-produced ciphertext - which I promptly deleted.

You see, I'd already knew his WindowsNT password. (Dont ask!). So, I just waited 'till he was gone home, then I logged in to his a/c, did a search of his h: drive. Found the plaintext file I was looking for, ftp'd it across to my redbrick directory, then mailed it to him!

There you go, PGP circumvented in one easy step!

Introducing 'Physical Security'.

IMHO, Issues of physical security are almost always overlooked in favour of finding the most technically adept and mathemetically sound method of securing your information.

Which doesn't make sense, considering that the average individual knows more about violating physical security, and indeed, more about achieving physical security.

Again, what I love about Physical issues, is the simple fact that I don't have to be a mathematician, nor do I even have to know very much about computers!

Another Illusitrative Example

When researching this issue on the web, I came across a stroy, about a company who spent a tidy sum securing their systems from attack over their electornic communication lines. Yes, they were more than confident that no one could get past their firewalls, or decode their communications.

However, their security budget was shown to be an absolute waste of funds.

The cracker who had targeted the company, just dressed up in a nice suit and tie, and walked in at the lunchbreak when most people weren't even around.

He just walked in - the computer room wasn't even locked. Think of it. A simple lock could have saved that company sooo much money, not to mention the expense and hassle of trying to figure out how their data was going missing!

Some Conclusions


Picking the Crypto Locks

This is a rather interesting article which I found on the web, and have reproduced here, along with some of my own thoughts in green.

October 1995 / Features / Picking the Crypto Locks

A new technique called differential cryptanalysis can break even DES quickly

Peter Wayner

How secure is your encrypted data?

Actually, I use PGP with a 2048 bit key, so I'm fairly confident that from a cryptographic POV my data is safe. However, that doesn't deflect from the problems surrounding physical security of computers and storage devices, which I fear may be far less secure. IMHO, the area of physical security is often overlooked by institutions.
Advances in mathematics and increased computing power mean you need longer keys and stronger algorithms if you still want to keep your secrets. Both private-key encryption (which uses a single key for coding and decoding) and public-key systems (which use separate keys for encryption and decryption) are increasingly vulnerable to determined attack. But do these weaknesses represent a real threat to encrypted data, or are they still just intriguing research results?

Unfortunately, when we try to assess the effectiveness of today's popular cryptographic systems, we run into a problem of mathematical ignorance. Most people who are familiar with mathematics can work in two direc tions, forward and backward, like the simple algebraic equation a = b + 1. We can determine the value of the first variable from that of the second and vice versa. Crypto systems, however, generally rely on mathematics that works only in one direction.

Indeed, I've tried this myself with the Diffie-Helleman problem. I came up with a proof for the forward direction fairly quickly, but for the life of me, I can't even make headway on the reverse direction problem. Yes! Cryptographers everywhere you may breathe a sigh of relief.
People assume these systems are secure because no one has yet shown how to work the mathematics backward and break open the message. In general, we determine the strength of most cryptographic systems by seeing how well they avoid the attacks we know have been used on other systems. If none of the past attacks seems to work, then we deem a system secure. For now.

That 'for now' qualifier really freaks me out. I mean it is very scary to think that the worlds cryptographic systems are built around a handful of 'unbreakable' trapdoors in maths. What happens to us all if s.o. finds a way to find the prime factors of large numbers for example? Clearly there's only one solution, KILL THE MATHS STUDENTS!! It's the only way to protect all our futures.

Let's look at how today's codebreakers work, the resources and time they need, and what we require in the way of new systems and longer keys. Recent assessments of the strength of private-key crypto systems involve looking for theoretical holes and measuring the time needed for a brute-force attack. Finding the holes can be devilishly hard, calling for deep mathematical insights. Brute-force atta cks are easier to mount if enough computational hardware is available, but they're also easy to defend against.

The most important development in the realm of data encryption in recent years is Eli Biham and Adi Shamir's differential cryptanalysis . They showed how to mount a limited attack on today's most widely used cryptosystem, DES (the federal Data Encryption Standard), which is also the basis for Unix's password system.

Imagine that you had access to your victim's DES cipher "box" (the common term for an enciphering system) with preloaded keys. Your goal is to determine the 56-bit key, so that you can decrypt the other messages your victim had encrypted with the box. Biham and Shamir showed that you could infer the hidden key if you could pass 2(47) messages through the box and observe what came out. This chosen plaintext attack builds up a statistical model of the cipher, and it needs this many plaintexts to produce an answer with confidence.

Most intriguing, this wor k exposed flaws in many DES substitutes. Because the U.S. government classified the details behind DES's design, many assumed that there might be a trapdoor through which the government could eavesdrop.

Interestingly enough, if I were a govt. official, I'd learn from my mistakes and 'plant' the next trapdoored algorithm by getting a government agent to go deep, deep undercover, and pose as an academic, who then produces the algorithm. Actually, come to think of it, isn't that how the current round of so-called 'academic developed' algorithms are being developed? hmmm. I wonder are there actually any real academic cryptographers actually out there, or are they all government spies?????
To circumvent these potential trapdoors, some folks designed their own variations of DES. Most of these new ciphers, however, fall even faster to Biham and Shamir's mathematical machinery. FEAL-4, a faster replacement, for example, takes only four well-chosen plaintexts.

Recently, the IBM scientists who originally designed DES revealed that they anticipated Biham and Shamir's attack and optimized DES to resist it. Because other nongovernment cryptographers didn't know about this attack, they couldn't design their software to resist it. Now the information is public, and there are new ciphers that hold up well against these attacks. Ralph Merkle's Khufu and Bruce Schneier's Blowfish are two private-key ciphers that are similar to DES but resist differential cryptography. They do this by creating new S-box es for each encryption, using the key to randomize them. (S-boxes are the essential scrambling elements of DES-like ciphers. Think of them as lookup tables or nonlinear functions; their outputs should be as random as possible.) Differential cryptanalysis works only if the attacker knows what's in the S-boxes.

This work also revealed some stunning counterintuitive results. Key length is usually taken as a rough measure of a system's security. DES uses 56-bit keys; a brute-force attacker might need to try all 2(56) keys to find the right one. A longer key would mean a longer brute-force attack. However, Biham and Shamir showed that even if DES used longer keys, it would hardly be any stronger against differential cryptanalysis. The statistical model would still be solvable if DES used the maximum of 768 bits.

Wow! I would never have guessed that result, unless of course, I was completely paranoid. Which I'm not!!. Of course, I assume that the academic community would know if my 2048-bit PGP key was useless...hmmm...there we are relying on the academic community again....this is not a satisfactory situation! Afterall who funds all the universities, who basically pays for the 'academic community'....The Government.
I would just like to emphasise for the record though, that I am not paranoid. It's just reading all these websites is....disconcerting.

Applying this knowledge to other types of ciphers is tricky. RSA Data Security markets a proprietary algorithm called RC-4 that accepts a variable-length key; this algorithm is used in many pro ducts. The flexible key length can be an advantage in some situations. For example, the government allows general export of software using RC-4 with a 40-bit key, but similar software using a longer key must stay within the U.S. While we don't know if differential cryptanalysis can be applied to RC-4 directly, because of the algorithm's proprietary nature, the results with DES suggest that more key is not necessarily stronger.

Men and Machines

Mathematical tools like differential cryptanalysis can be the most powerful attack against a cipher system. Brute-force attacks are normally a last resort, rare in practice because cipher designers routinely use long key lengths specifically to preclude them. But times are changing. We're reaching a point at which a large machine can quickly search the entire keyspace of DES. DES is still in wide use; it's been the commercial and governmental standard for nearly two decades. Replacing such standards can be a painfully slow process. DES use rs should be thinking about what can be done with off-the-shelf hardware.

Brute-force attacks simply use large machines that try all possible passwords in parallel. It's even possible to produce native chips that run DES. Michael Wiener of Bell Northern Research described how to build a $1 million machine using a pipelined DES processor that could cruise through all possible keys in about 7 hours.

Massively parallel machines can also attack the problem. Some of the most promising emerging machines distribute small, 1-bit processors directly onto the memory chips. Some have 1024 processors on a chip with 42 bits of memory per processor. (Before it entered Chapter 11, Cray Computer was building for the National Security Agency a special Cray 3 with such processor-embedded memory.) In 1992 I designed a machine using 1 million associative processor memory chips (standard DRAM densities) from Coherent Research (Syracuse, NY) that could attack all of DES in one day. This machine could be reprogrammed to attack other DES-like ciphers. Linden Technology (Austin, TX) is currently exploring manufacturing new 4-Mb DRAMs with the 1024 associative processors built onto the chip.

I've also been reading an article which related the idea of trying to apply the princuiples of quantum physics to the field of cryptography. Basically, because a particle under quantum physics, can exist in all states at once - this means that if this could be applied to cryptography, then the computers could try all possible solutions at once!!!!.
Of course this is highly theoretical, but what if there's a breakthrough...
The effect of brute-force attacks on DES is also important for Unix security, which stores each password after passing it through DES 25 times. At log-in, you type your password; it's encrypted 25 times and the result compared against the password file. If it matches, the system grants you access. Because the password file doesn't contain the passwords themselves, unauthorized users can't use the file to recover them directly. They must use a brute-force machine. However, the brute-force attack can be relatively successful against Unix, because the keyspace is smaller. Most users limit their passwords to alphabetic characters, occasionally adding numbers. This makes searching for passwords much faster; it could be done quite quickly with an associative-memory parallel processor. One estimate suggests that a computer using 512 of Lind en's chips could test all six-character alphanumeric passwords in 15 minutes. Clearly, the Unix password structure needs to be rethought in light of today's machines and code-breaking techniques.

Because of this new vulnerability, you may want to explore other, newer ciphers, such as Merkle's Khufu or Schneier's Blowfish. The classified Skipjack algorithm buried inside the U.S. government's Clipper and Capstone encryption chips also uses S-boxes, but little is known about their design. There's little reliable public information about RSA Data Security's RC-4. Anyone who uses these algorithms must be prepared to trust the wits of the designers, because the algorithms have not undergone the intensely thorough and long-time public scrutiny given to DES.

Many organizations have opted to continue with DES, but the current state of the art is triple-DES -- three passes of the algorithm with either 112- or 168-bit keys. This effectively guards against both brute-force and differential analysis attacks.

Well, maybe ... but machines are getting faster all the time...maybe they're safe now, but for how long?
These users can rest assured that, paradoxically, all the attacks focused on DES continues to keep it strong.


Strengths and Weaknesses of Crypto Algorithms

Well, it's time to draw the bits of knowledge together and come up with something definite...

	

ALGORITHM       COMMENT          STRENGTHS            WEAKNESSES
==========================================================================
DES             Standard,        Long-tested          Has yielded to DC
                                 widely accepted

FEAL-4          DES substitute                        Easily broken by DC

GDES, NewDES    DES-like                              Easily broken by DC

Khufu           DES-like         Secure against DC    New, unknown

Blowfish        DES-like         Secure against DC    New, unknown

RC-4            Proprietary      Variable-length key  Unknown

RSA Public Key  Widely used	Long-tested           Vulnerable to
    					   	      advances in                       
						      factoring

Skipjack        Classified       Considered strong    Algorithm must 
						      remain secret
                                                      to preserve
                                                      law-enforcement
                                                      trapdoor

               DC = differential cryptanalysis
Let's face it I wasn't spelling DC every time - no way!

So...Conclusions....well,

  1. For a start - I will learn differential cryptanalysis!!! Then the world will be mine.
  2. Also, if you use a proprietary algorithm, then you may as well just shoot yourself now! Sure it may be safe. But I believe that unless it's been subjected to substantial peer review, then any algorithm should be viewed as non-safe. Of course, this doesn't mean that peer-reviewed methods are secure, it just means I'm more confident in their security.
  3. Also, I don't think any sane man should use the newer algorithms for a while. Sure, they resist DC, but what's the point if there's some inherent flaw which just hasn't been spotted yet. Better to wait until the (peer) reviews are in, IMHO.
  4. Skipjack:Why would anyone anywhere want to trust a government trapped pseudo-encryption algorithm.
So putting this all together we get one very clear message...Use PGP!!!


My 2048-bit PGP Public Key

Should you for any reason wish to communicate with me in private, then please do so by using my PGP public key, displayed below.


Key ID = E6AE6DB5

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENAzIEiu0AAAEIAMS0SPmMyQBlNe7e6GlZKWHvY6s6s5Rci27ksmruNcIW+3eR
OpW+Gv19gk9aca84E7bV0Lo226+CTy7XW651Sz8dS+WFJYzh7l5xpdUFzv/9WTc1
vsFTpE2UVAc3TisA0T43rPOtp1fMJTz66J0QAd2KG7zxteb9TrNJ0BO74HhTpI0u
o9Tw6dzbjFFOlHDCi4q8UMExIWEfKNyqgQiJOqpcoLFed2J+l1FcHZgqZMWgWVcW
20ChtA1eB6byy1Pb62YF3WSPtmwYdgmmruzsCYBZudLWQKKfFK/0DM/62D/UD0fY
0/9t5FFI3cF+kZ+2SNZugiElJY5P2RDN4be0u5kABRG0IkFuZGVycyBBcm5ob2xt
IDxhbmRlcnNAYXJuaG9sbS5udT6JARUDBRA15Uya2RDN4be0u5kBAQKaCACKudA5
+W+l2s537mNxJeI1nfyzxtuiDvKrcLmxPN13jDarI+4cZxtIJGf3BGZy15DZLt0h
LaibW/0rLReHfgab9jPl+42JgljziB5hrHdPs7Z/eC4hDK/v8AmXVork2nS/Y1iU
Yf4kQaJqQOg1eKxZr6fNnf2tisqmfJ3OLK2OA0d94AUDxugeVlEz6OgYfRgbcoZL
SyfLNhZ21DyNH3cqY31poQ/2YaYF8CBhhl/x+2lBZg9JjdiH4MzoddCTLt19EviX
AIS20n3v/igdvRh2IdCpw2/f5x+SVMU656f5ME08RpTXUMNpo7JoAbY7fNYL5V1z
q4eSIGJ2/UKEy42otB9BbmRlcnMgQXJuaG9sbSA8YmFscEB0cy51bXUuc2U+iQBV
AwUQMgSR9BbjB3ZVMWFpAQFRKwH9Fp1LHx+YfxxGF+rGENrzpgMg3F13fla+Lpce
mVBohnxWtwOtQ1//rliHGE+5W7SpdYRYHy7GcdvQGOk/xlk5D4kAlQMFEDIKAjY+
OnPMCXpD7QEBLgwEAJ6F3kO/Cb3/8sB+AfDuGN+0+pq3zMgsB0LknqRzqUOGsWII
wYZ4eNH3LU0zDZ5eSK30Ipz+BfEWMWrDFMGUtDv2vqd92cx6oYcm7DVbyWm8XiVM
1bNTIQkpcaAOJ9lTaI4CIrg5L3GakVl9ZZOsNtvpnpDvEH7mFPYwnml+abUSiQCV
AwUQMgSNnmX1BxB5eNIVAQGyHAP/ay+6LlW5jOeBx2/RbrHPKfVJfnXRGE6dzniQ
bq/4ah0O11toxILo11LBVRd1IumYOhz7cdCuT3JJKEBoX3esOUvZtENmB02J2ajZ
sY4q4bVDPtgwswxDMbNatwYtJmvbB6Z+PY1zJGxVW4YZGGIY0JqXTPpY1W4jDPYX
8yNFUGSJARUDBRAyBIrz2RDN4be0u5kBARt3CACfXMAPOAR7H6g4VWQV2t/ug5ji
Pv0qV+kTsFqj6ODccGJSqEyQchO6MkqAKUAqwyqOkmA8wUdm1QZ9449QXWl0k1mk
CnCaf3iQJKjkmxbO8j/QsBuQaXUmgT6LnYoe1uXj0KsZRVprloJnLFopkVadk7MK
Z61YMiHIf6mHo4fG1MoclaC9+41eK15W+4QEwQIDDaYAlCfMlKpJVYcQ4d7QW6gT
aBeotkH/DQgekf/GXg2vlj3LFJ7fSkX267AdIlJl+7RSfka/tMS+3VoBSLbCUDoe
JWCC6qouKfCqka6SzE1j8Atdf82NDGmGsGMwxeVGOqVYQYx+8UibuKLeZtNJtCBB
bmRlcnMgQXJuaG9sbSA8YmFscEBhY2MudW11LnNlPokBFQMFEDRy2bLZEM3ht7S7
mQEBD5MH/RmTVfS0Xq9d4ZzOOabI2Bcn5JSTXAhPe0YxJxZdKCAVHvGHy9QHP4ee
+VJKjibgoZy46e+nMq9vURuGkDkxHDWGmx+wjTTqudNH37vekwjNZql/0LooUp1g
h+FBYTEGSKzaL/Ea5uMzc9GwKx1h9171yKXC3QFh1HkQbGPos0wOawgzOmaa72s+
+HS4sks9fUHJqZ7m8qoKSMj/Rv1YQRKl+rhKNE7epDHsXhqn7hQnkV7hYKVhfdoF
GgVJOqbUh+BsyvwYS9H1694FPl6MhgBgbuZn3grRbIiNh6RZIMKfFElMXODUYgt1
s2cawBOt+7Yver9kACsSrWYuIzWNKGy0IUFuZGVycyBBcm5ob2xtIDxiYWxwQGxp
bmcudW11LnNlPokBFQMFEDMQ+t3ZEM3ht7S7mQEB5coH/jvk8WAWFAosBabUsQMk
Ovg06XhIurt+V4OFJ2JqJgLstb0RkI4qATierJgTOxbJf2zkQxKXcKvIadzGLeOx
QJ7uKN92UBLGKhvMKsXGYf1H+dEbG2hmexMGQoWjvkmLjvwSCjxR3MlHqznMmKW4
QjWJKUx3byt5jn6SXy8onfk2wzRz7xptB76o+JyamdxbFh7YdbBs2mooyRbAkTRD
P6ezD6fSuKvFu/q/TA1YAXQNDTtuJ6zGZf7HALnzRFgNVahQ8ppeon8IypLUFVlV
tWYamNyXapm1GdXXmiRA87AxTaPUD2ioRZKxBlLHjpfazHz/g7nX2GHAcfiIuR2E
RM+0IUFuZGVycyBBcm5ob2xtIDxkdmxhYW1AY3MudW11LnNlPokBFQMFEDIEki/Z
EM3ht7S7mQEBf1sH+wd4Fs2ijWK7B6rllvC+nKFWX58nWlIC9wcTK57D1RJcyeR6
uT++EzoT/JK1tV5+sWNYZvtRAaq3s1/o3Hhl04MOYIOLKbYyZ5xuTNopcg32TmwX
Udyh9XUUd9QEYPXn3DlgL0YnkJANmlkcN+caGFl9rX2D9VrKb70E4mksj/BFl87e
8dp6zXinO1YaaxMza/iLBEV+D7FPHKBhfj4ZX8M+qbdVyffxJ7qQ4cLy1gV8cN8Q
AQ/pI6FNzbOWtPrjIieZt6KUi3WlM5k9NUPIKgR80sMLCllzmGV1KoZt9hm+BQBk
oP4n7q5toJENMiYKbCp/TU0F3io4kw7tYNP1KMO0IkFuZGVycyBBcm5ob2xtIDxh
bmRlcnNhQGNzLnVtdS5zZT60JkFuZGVycyBBcm5ob2xtIDxiYWxwQHRzLnVtdS5z
ZT4gKDIwNDgptCdBbmRlcnMgQXJuaG9sbSA8YmFscEBhY2MudW11LnNlPiAoMjA0
OCmJARUDBRA15Uxd2RDN4be0u5kBASRYB/47vbNp8Fsr35oxopYeTOVCUX8Mm1rY
5UCBaki/5RjeEOMkBcOkF8qkl8sKoj3blprz6h4vUqUAqjr3J5TGY+lrdMF4Zmi7
Kx3b+czBsk9EnX2fzbgk9q41oXg/zGDkJuGgn7+lJUDMZKhnPjykhEb18Rvv1rKD
ZqxOkRKFm7B7vUY4jVISV7fAwggsJ3is2KOcUMxZal8b8YZ/Znhs++egQLX8HIR1
xLlSQwnc5SbGHgheJ3KkQ/sPw0MZAWK1AKy2BPFHLDqcjF0eMMu7tWM9aEI/NOQD
O3z8+OW6i8nYZ2prg/ytYn/l4/wnVHE1kT20Q/92Aw+q2xq2+irI/HmotClBbmRl
cnMgQXJuaG9sbSA8QW5kZXJzLkFybmhvbG1AY3MudW11LnNlPrQpQW5kZXJzIEFy
bmhvbG0gPGFuZGVyc0Bhcm5ob2xtLm51PiAoMjA0OCmJARUDBRA15Uzk2RDN4be0
u5kBAdbAB/4sRacNUJJ7MqwEPo9NYZHbK3bPJOlmbjt5GmXNtKvSECkmkxuwqqnL
8KRPVYshUXOoCSqv5GjTU51BTz9IccdBMDus/qQyx7zT94FBfT/iRDWmzAryIyno
H0ePffyxoGCEN7/fSYoLvw23RI9bKHuJGonp4wPEbMfm2ueAi/jqal4Q9uAuJHH0
ptdJLxRlRQQ/BoCn1zeafDb7F1Z2+4m0AJYHqmMZmgtPkoNBI0IP1qXzGsS6RAMc
9LOMxIzfF3dgp9sucvqa9maXVyw/8CSfR7j1XU94YC6Hk7smuJyTWF6EIRoO6elk
/iQh2VKIQ+xoCZIZZHOdEresRl9RUTfg
=l0vb
-----END PGP PUBLIC KEY BLOCK-----

If you don't know what that was all about, then you seriously need to check out some of the websites dedicated to Phil's "Pretty Good Protection" - BTW the author is entirely modest. AFAIK - it's a damm sight more than Pretty Good. After all, that's why the US govt. won't allow full versions out of the country.

However, I have found sites with the full version available to download. But, obviously these sights contain material which was illegally exported, and until I find out exactly what the rules are, I'm sure as hell not providing a link! So there, go do your own web searches!


What The Governments Say...


France



The French lawmakers estimated that cryptography could be a weapon in the hand of organized crime and terrorists, since it can circumvent wiretaps. France therefore submitted encryption to a governmental authorization. Those laws have recently been eased on signature products. There are talks of establishing key escrow systems, but nothing real has been done in that direction.(6)Nevertheless, no citizen not connected to other illegal activities has ever been convicted on those laws -- such an event may even generate a scandal. Many people use pgp, totally illegally, without any problem.

It's thought that these laws somehow miss their goal, which is to prevent criminals from using encryption devices that law-enforcement agencies couldn't decipher. A criminal will prefer hiding his illegal activites through encryption (upon which the sentences are quite small) rather than not using encryption and being convicted for his illegal activities, which would get much higher sentences.

French lawyers discuss those problems on the server of the Internet Juridique. See also the French association of Internet users, which lobbies for the ease of rules upon encryption.




The United States of America



The United States government wanted to impose a standard for encryption using escrowed keys. Two government agencies would be in charge of key escrow, which would be requested by the judicial power if necessary. Such proposals, including the famed CLIPPER chip, have been repealed. No coercitive laws, forcing private people to use escrowed encryption, were enacted, thus people would just went on using non-escrowed products.

The Clinton administration has partially relaxed export controls on secure encryption technology. The White House announced three areas where restrictions are to be relaxed. Firstly, encryption software using up to 56-bit keys may be exported from the US to all but a handful of what it considers "rogue" nations, without so-called key-recovery schemes whereby police would have access to the digital keys which unscramble encrypted messages. Previously 40-bit key software had no restrictions, while software using up to 56-bit keys required such key recovery. Secondly, the existing relief whereby unlimited strength encryption software could be exported to non-US financial institutions is extended to insurance companies, handlers of medical records, and companies using transaction software for e-commerce. The final area of relaxation allows US companies to export strong encryption software to their own subsidiaries, provided they do not share it with non-US companies.



Key Eschrow and 'Fair' Cryptosystems.


For fear that criminals may use encryption to discuss securely about unlawful activities, governments have banned encryption or proposed imposing escrowed encryption standards. Key escrow basically consists in giving the encryption key to agencies which will hand them to the Justice if necessary. Of course, to make such a scheme effective, unescrowed encryption should be banned. Thus, people would be able to encrypt their communications and the law-enforcement agencies would still be able to crack them when needed.

Some people would rather have free encryption, because they distrust their government's fairness when it comes to spying on its own citizens. This is in fact a matter of discussion: whether government agencies should be able to eavesdrop on citizens or not.

Cryptographic systems called "fair cryptosystems" are currently developed. They should be an acceptable alternative to total ban, total freedom or key escrow, providing legal authorities with means to intercept communications that would be less risky than key escrow.




Footnote: MD5 over MD4....

MD5, a message-digest algorithm, was announced by RSA Data Security. Like MD4, this algorithm is being placed in the public domain for free general use. The MD5 algorithm is a strengthened version of MD4. It has four rounds instead of three, and incorporates other revisions based on a year's worth of collected comments on the MD4 algorithm. For example, the input access patterns in rounds two and three have been improved, and the rotation amounts have been optimized for maximum ``avalanche effect.'' The additive constants have been made unique in each step, and an additional dependence of each step on the previous one has been added.

Also of interest in this regard is the message-digest standard known as SHA which is the official message-digest standard in the United States of America. It is an improvement over MD5.



Go to Top of Page, Go to Melmoth's Home Page


Page last updated 19/10/'98