Date: Mon, 17 Sep 2001 20:05:34 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Scott Corey <Scott@bsdprophet.org> Cc: Michael Richards <michael@fastmail.ca>, freebsd-security@FreeBSD.ORG Subject: Re: US Congress already discussing bans on strong crypto Message-ID: <20010917200534.A39867@xor.obsecurity.org> In-Reply-To: <3BA635EA.36E75D01@bsdprophet.org>; from Scott@bsdprophet.org on Mon, Sep 17, 2001 at 12:42:02PM -0500 References: <3BA20FDB.000229.61269@frodo.searchcanada.ca> <3BA635EA.36E75D01@bsdprophet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 17, 2001 at 12:42:02PM -0500, Scott Corey wrote: > Michael Richards wrote: > >=20 > > I think it would be just as effective if they were to pass a law > > requiring all terrorist organisations to provide backdoor keys to > > their encrypted communications. > >=20 > > Since things like DES and RSA are so widely published there really > > isn't a way to make these "go away". If you're planning on hijacking > > aircraft and flying them into buildings, I don't think you will care > > that much about a little law against sending PGP'd email. > <snip> >=20 > What makes you think there are no backdoors now? There's nowhere to put a "backdoor" in the RSA algorithm. There's room to put a backdoor in the DES algorithm, and in fact when the DES algorithm was under consideration back in the early 70's the NSA did request a change to the "S-Boxes" of the candidate algorithm submitted by IBM which was eventually accepted. This change may have seemed suspicious, until a number of years later when civilian cryptographers discovered the technique of differential cryptanalysis and realised that the NSA's changes were to improve the resilience of DES against that attack, which they evidently already knew about. As for backdoors in other algorithms: well, that's why peer review of cryptosystems by trained cryptographers is so important. People spend their lives trying to break cryptosystems. If you listen to their recommendations, you'll do pretty well. Kris --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7prn9Wry0BWjoQKURAkBZAJ4j7jyaZq0SHkOBjadb+ZyBfwtgbQCgyirI Z6haTr+Osw7c6TtW8u6hubs= =g+J9 -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010917200534.A39867>