×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Would Crypto Back Doors Work?

Hemos posted more than 11 years ago | from the what-goes-into-it dept.

Encryption 477

frantzdb writes "We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

477 comments

My back door (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326326)

is always open and ready for business!

ANOTHER ROBERT FROST POST! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326356)

Two roads diverged in a goatse.cx ....

Simple (2, Insightful)

nate1138 (325593) | more than 11 years ago | (#2326328)

Simple Answer:

Crypto backdoors won't work ;) (At least not for their intended purpose)

Re:Simple (0)

Anonymous Coward | more than 11 years ago | (#2326471)

The reason they are placing these backdoors is to stop terrorism and other crimes from occuring... now I don't know about you, but if I was to fly a plane into a large building I would be sure as hell to use my own crypto not some algorithm with a backdoor from the government. I mean please, people like bin laden have billions of dollars you don't think they could get a kid to code something for them? All this is going to do is make the government get on the backs of innocent people using "illegal" crypto.

There has been laws about sending anything international in certain crypto for years.. but people do that all the time.

w00t! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326331)

frist prost niggaz!!!!

Exterminate Trolls. Destroy All Sporks (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326334)

Our slashdot users scream out for vengeance:

1. Kill all Trolls.
2. Kill all Sporks.
3. Kill all Monkeys.
4. Kill all Trollmans.
5. Kill all Buttfuckers.
6. Kill all AC fuckheads.
7. Kill all Jeff Ks.
8. Kill all SpanishInquisitions.
9. Nuke Advocacy to hell.
10. Nuke Geekizoid again.
11. Death to Goatsex.

I piss on Hot Grits. I wipe my ass with "Stephen King Is Dead..." I spit on "a Beowulf Cluster of These."

Re:Exterminate Trolls. Destroy All Sporks (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326418)

I am building a ASS&nbsp KICKING&nbsp MACHINE, and just put your name at the top of the list for beta testers!!!

Destroy all monsters! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326443)

Is your design a traditional handcranked or is it water powered [fred.net]?
Is it internet enabled?

Re:Exterminate Trolls. Destroy All Sporks (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326463)

goat ?

GOATapallooza! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326500)

Here ya go son, all the naked young goats [google.com] you can shake your stick at!

Escrow (3, Interesting)

FatRatBastard (7583) | more than 11 years ago | (#2326344)

I?d assume that one of the ideas would be to revive the idea of key escrow. All generated keys would have to be ?registered with the state.?

I can?t wait until I can purchase a ?You?ll get my 1024 bit private key when you pry it out of my cold, dead Palm? bumper sticker.

Re:Escrow (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326377)

goat?

Re:Escrow (0)

Anonymous Coward | more than 11 years ago | (#2326467)

I can't wait till you learn to stop using the question mark.

Re:Escrow (0)

Anonymous Coward | more than 11 years ago | (#2326546)

That comes from using MS IE....

Maybe not escrow... (1)

87C751 (205250) | more than 11 years ago | (#2326512)

An alternative to direct key escrow is the system used by Lotus Notes for their export versions a while back. Known as a "Work Factor Reduction Field", it's some fractional part of the key (Lotus used 24 of the 64 bits in their keys), encrypted with a system-wide key (usually half of an asymmetric key pair) and included in the transmission. Taken to an extreme, this could be the full session key, encrypted (ala Clipper). The main drawback is that you lose the requirement for several agencies to cooperate before an escrowed key can be recovered. Any agency with access to the systemwide private key could recover any crypted transmission. A policy to split-escrow the systemwide private key obviously fails after the first legitimate recovery order, since there's no way to prevent the recovery agency from retaining a copy of the master key. (this assumes the master key wasn't clandestinely retained before being split for escrow in the first place)

Encryption back doors, or why I love govt (1)

WillSeattle (239206) | more than 11 years ago | (#2326349)

All I know is that my hacker friends are hoping the government succeeds at getting backdoors in all the protocols, especially database ones, so they can run rampant through still more systems.

How to detect encryption (1)

Kryptonomic (161792) | more than 11 years ago | (#2326351)

See chapter 10.7. in Bruce Schneier's "Applied Cryptography":

You can obviously detect ASCII files (and TeX, C, Microsoft Excel etc.) simply by looking at the file.

Executables and compressed files usually have a standard header.Try uncompressing the file with as many algorithms as possible.

Try compressing the file. If it is ciphertext it should not compress appreciably (more than 1 or 2 percent). If it something else like a binary image or binary data file, it probably can be compressed.

Re:How to detect encryption (0)

Anonymous Coward | more than 11 years ago | (#2326389)

I believe the question was about random bits meaning "from a (pseudo)random number generator" which means that they would be indistiguishable from ciphertext. (unless, of course, you either know the cipher and key used to generate the ciphertext, or the ciphertext is a part of some larger file format (think "encrypted" word doc.))

Re:How to detect encryption (1)

skroz (7870) | more than 11 years ago | (#2326421)

Congratulations on answering the question by not answering the question. Schneier is saying that encrypted data cannot be distinguished from random data because of the reasons you referenced. Enciphered data, at least that which is enciphered well, is indistinguishable from random data. Files like MS excel documents and ascii text files are not random... they're actually very, very regular.

Re:How to detect encryption (0)

Anonymous Coward | more than 11 years ago | (#2326442)

The question remains: why would you transmit random noise? Make that illegal, too. Call it obstruction of justice or something.

Re:How to detect encryption (0)

Anonymous Coward | more than 11 years ago | (#2326444)

That still does not distinguish between random data and encrypted data.

Random data cannot be determined by looking at it nor does it have a standard header, and if the data is truly random then on average it should not be compressible.

Re:How to detect encryption (1)

SL2C (82809) | more than 11 years ago | (#2326454)

Hmm, shouldn't it be the other way around?
Text - low entropy - high compressibility
Truly random data - large entropy - no compression

Encryption should not change entropy, as it is reversible.

A question: how would you tell an encrypted gzipped text file from random data?

Schneier probably answers this, but I don't have the book :-(

Re:How to detect encryption (0)

Anonymous Coward | more than 11 years ago | (#2326496)

Compression is reversible, and that changes entropy. Back to Information Theory 101 for you, sir!

One key? (2)

Sir_Real (179104) | more than 11 years ago | (#2326352)

I certainly hope not... My guess is that upon generating a key, a seperate key is also generated. This key (the other half of which the NSA has) could be used to encrypt the original sender's private key. This would allow the NSA (I don't know which tla will hold the keys, just substitute your favorite one in here...) to be able to retrieve the private key and decrypt the transmission... This is pure speculation...

Private Key Registrations (2)

GrEp (89884) | more than 11 years ago | (#2326354)

The government would either have to issue everyone a private key, or pass a law making it a crime not to hand over the keys. Although this only relates to detectable encryptions.

If you were a terrorist you would probably hide messages via a digital watermark in an image file/video file to get around this. Therefore making the laws useless.

Re:Private Key Registrations (2)

Salsaman (141471) | more than 11 years ago | (#2326419)

"pass a law making it a crime not to hand over the keys"

Unfortunatley we already have this law in the UK - it's called the RIP Act. The penalty for not handing over a key, even if you have forgotten it, is a two year jail sentence.

Already exists (2)

11thangel (103409) | more than 11 years ago | (#2326506)

That law is called obstruction of justice. If you have a key, it can be subpoena'd at any time, if they can prove to a judge that your encrypted data may include things necessary to procede with a trial. If you don't hand it over, or conveniently "lose" your copy, you get hit with obstruction of justice and you look like an incompetant fool who can't even keep track of his own crypto keys.

Re:Already exists (1)

ethereal (13958) | more than 11 years ago | (#2326539)

Of course, the penalty for obstruction of justice may still be more palatable than the penalty for whatever the government is accusing you of. Not to mention the 5th Amendment problems with forced key turnover.

which backdoor? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326360)

this backdoor [goatse.cx]

And shame on you Hemos, for posting this. You and Taco already know plenty about backdoors.

Good question: (1)

Andrew Miklos (264220) | more than 11 years ago | (#2326365)

I don't have an answer for that, but I'm assuming that it would be something along the lines of a 3-key system: One private, one public, and one government. The government code would be constant all the way across, and would be able to decode all messages encoded with the public key. My only question would be: What happens if the government key somehow slips through security measures?

Re:Good question: (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326514)

Not if. When.

Merely Political Rhetoric (1)

Mad-Mage1 (235582) | more than 11 years ago | (#2326367)

The fact is that no matter how hard they try, they won't get all products to put in backdoors even if legislation is passed requiring it, hence the ones who want/need this level of security will merely migrate to those that are not "goverment compliant". The ones that do become compliant will be exploited by "non-authorized" parties and then the cry will go up about why we let this happen. In then end, it is merely more political spew, done to garner attention and to subvert the few freedoms that people CAN utilize. This argument is so old for those that follow it that I doubt any new light can be shed, much less actually achieved

Re:Merely Political Rhetoric (0)

Anonymous Coward | more than 11 years ago | (#2326480)

The fact is that no matter how hard they try, they won't get all products to put in backdoors...

You are wrong here. They will legislate it and it will be done. Anyone who violates the law will be locked up. It's kinda simple.

How backdoors work (2, Interesting)

Chakat (320875) | more than 11 years ago | (#2326375)

A lot of the technology behind the last time congress/the prez tried to cram crypto backdoors down our throat [eff.org] is unfortunately classified, but the basic way it would work is that each key would have its own identifier it shouts out in the process of sending packets back and forth. Upon court order (or not, if there are crooked lawmen), the mandatory escrow part, which is how most what modern crypto backdoor setups work, is used to get the private key and decrypt the message.

Steven Levy's excellent book "Crypto", which was reviewed here a few months back has the basic gist of the technology. As the technology is mired in classified work and patents, it's a minefield that will have to be carefully traversed

Green Eggs and Guvament Cheese? (1)

Nikoli (306812) | more than 11 years ago | (#2326378)

The only way for the Guvament to have Backdoors is if we all comply with a guvament order to add crypo chips to handle crypto. Then the hardware would handle encoding/decoding. Any software solutions would be Cracked.

difference between encrypted and random data (0)

Anonymous Coward | more than 11 years ago | (#2326381)

duh. i guess sending random data will also become a crime.

And furthermore ... (1)

pointym5 (128908) | more than 11 years ago | (#2326383)

Assuming a bevy of approved escrow cryptosystems were somehow made available overnight, and made flexible enough to support the myriad distributed applications that rely on cryptographic software for their security, what's next? I mean, if I'm to be protected from the evil-doers who use cryptography to further their ends, what's the government going to do to stop them from constructing their own non-approved cryptosystems? I demand protection!


So you say that the government can just sniff for encrypted traffic that's not encrypted via the approved cryptosystems. But how will it know that? There are plenty of perfectly innocent compressed binary attachments flying around the net at any given instant. Any one of those could contain an encrypted message. Will somebody be cracking each one of those open, looking for an unapproved cryptosystem? The effort involved at tracking all those leads seems like an enormous misdirection of energy. And if they find the sender, what exactly are the charges? How would you prove that a block of apparently random binary data (which is what the output of a good cryptosystem looks like) is in fact an encrypted message? Do you just lock a person up until the spill the key or (if it's really just a random block of bits) rot?


Keep in mind that the bastards who attacked us last week were willing to (A) die and (B) train for years to be pilots. What is it about picking up a copy of Applied Cryptography and typing in one of the algorithms that's more challenging than either of those things?

Re:And furthermore ... (0)

Anonymous Coward | more than 11 years ago | (#2326412)

I presume that they won't be able to look at encrypted traffic without a court order, so if you don't give them any reason to be suspicious, they'll leave you alone. This will probably work like a wiretap or Carnivore and they'll need to show there's a good reason to sniff the encrypted traffic and decrypt it.

Re:And furthermore ... (1)

abdulwahid (214915) | more than 11 years ago | (#2326495)

What is it about picking up a copy of Applied Cryptography and typing in one of the algorithms that's more challenging than either of those things?

Moreover, I think you will find that many of the terrorists have trainned in Western universities and that many of the terrorist groups will have access to much of the latest encryption techniques and protocols available. It wouldn't even suprise me if they had people inside the FBI, NSA etc. Quite frankly, any kind of system the governments want to introduce would be trivial for the terrorist to get round. I can't see anyone being inconvenienced by this type of law except your everyday innocent person.

Like Gun Control (1)

DestroyahX (465725) | more than 11 years ago | (#2326384)

THe laws cripple the innocent and law-abiding, while nothing changes for the criminals except maybe (MAYBE) an extra nanosecond of paranoia.

The laws are a joke. WOrk on other ways of stoping terrorist communiques, such as email or Morse code.

When will the goverment get this? I am sick and tired of bumbling laws that injure the citizen's rights and abilities.

Re:Like Gun Control (1)

dcavanaugh (248349) | more than 11 years ago | (#2326492)

I was wondering how we would force the terrorists to use crypto software that included gov't back doors. If we could force them to used crippled crypto software, why not just cripple their OS -- send them Windows XP and make them deal with product activation.

Key Escrow (3, Insightful)

SirStanley (95545) | more than 11 years ago | (#2326390)

The Government tried to implement Key Escrow A while ago.
Basically. When you generate your keys you must submit the key to the governement so they have a copy. Its kind of like your landlord.

You have a key for your apartment. So does he. If you get locked out he can come on in and let you back in. If you're growing a Pot Farm he can give it to the feds when they have the search warrant and let them in with out bustin no doors down.

Implementing a mechanical backdoor other than key escrow would suck. Short of the US Governement getting hacked your keys should be safe with them (unless of course you believe the US Governement's sole purpose in life is to get you) If you implement a mechanical back door just wait until it gets reverese engineered. All hell will break loose.

If Backdoors are implemented. Im a fan of Key Escrow.

However whats to stop a terrorist for writing their own version of a public cryptosystem such as RSA and not give anyone keys? Guess there will also have to be a law that says if your key isn't registerd and your communicating with it then the governement can arrest you.

Who gets to use the back door? (1)

actappan (144541) | more than 11 years ago | (#2326391)

So, where the backdoors to be built in, who's to judge who is qualified to have access to those backdoors? Is any government allowed to use them?

Also, where there to be a back door, the entity with acess would still have to chose to use it in order to identify those communications which contained the pertinate information. wouldn't that simply mean that they would read everything? That doesn't sound particularly appealing.

Anyway, if there is a back door in any particular scheme - wouldn't you just utilize a scheme that didn't include such a back door?

How this would work (1)

markt4 (84886) | more than 11 years ago | (#2326392)

The way this has been proposed in the past, the government would hold in "escrow" the key parts for unlocking the "backdoor". The key itself would actually be in two or more parts and each part would be kept by a separate agency (one at the Justice Department, one at the Bureau of Land Management, one at the National Oceanographic and Atmospheric Agency, one at the Centers for Disease Control, etc.). To operate the backdoor would require each of the seperate agencies to provide their key part.

As to differentiating crypto from random binary data, this is very hard with good crypto, but not necessarily impossible. The frequencies of bit patterns will, at least with weak crypto, differ significantly from statistical expectations of random data. Sometimes these deviations can even be used to determine the method of crypto employed. With some crypto, I've heard of it being detectable sometimes because it is too random.

It will of course be trivial to identify crypto in those messages that have sections like: "My PGP public key is...". Or "begin encrypted data".

They won't help (3, Interesting)

levendis (67993) | more than 11 years ago | (#2326395)

Crypto backdoors sound good, but in reality they won't help at all. The biggest part of the problem, as you pointed out, is just figuring out what is encrypted and what isn't. According to this article [yahoo.com], the hijackers were sending each other unecrypted emails. If they couldn't even intercept unencrypted messages, how do they think backdoors will help?

One basic assumption of crypto backdoors is that people will actually use crypto that has the backdoor capability. Its like trying to limit encryption to 128 bits or 4096 bits or whatever it is these days. You can just write your own encryption program (or download & hack the source to some existing program) and create 65536 bit encryption if you want. Sure, its illegal, but if you don't want the feds to find out about your nefarious plans, so what?

Believe me, we can expect a lot more stupid, reactionary legislation in the coming weeks & months (am I the only one who doesn't feel any safer knowing that the guy on the plane next to me doesn't have his Bic disposable razors????). Thank god we haven't locked up all the Arab-Americans because they could be terrorists...

Re:They won't help (1)

rob_from_ca (118788) | more than 11 years ago | (#2326458)

Along the same lines, I wonder how feasible it would be to modify a cryptosystem so that when the government used their backdoor, the message decrypted into some aribtrary text chosen by the individual, but when decrypted through the proper channels, the message is the intended one... so when Agency X uses their backdoor key on your message, they see a love letter to your girlfriend, but when the proper recipent uses the right key, the actual message is revealed...

Dream on... (0)

mnordstr (472213) | more than 11 years ago | (#2326403)

I think that this will just be a very much discussed about topic, but nothing is going to happen. Sooner or later (if they don't already do) the government is going to realize that it just wont't work. They know that that would be a huge security risk, and they should know that the people (hackers) are always before the government when it comes to technology and knowledge.

And doesn't it sound a bit absurd, they remove our security to be able to provide security...

Who would use crypto with a backdoor? (1)

gilder (267022) | more than 11 years ago | (#2326404)

People or groups that really want there data encrypted would just write their own crypto. Why would anyone plan world domination using crypto that has a know backdoor. Crypto backdoors will only create more tech jobs within secret organizations. Could stimulate the crypto tech sector.

gilder

Back doors (1)

statusbar (314703) | more than 11 years ago | (#2326406)

#1 Only government approved crypto (with content copy protection built in as well as a back door) would be allowed over communication lines.

#2 With government being friendly to the law-breaking Microsoft, only Windows XP2 and Solaris will support this crypto.

#3 The crypto will be closed source. Therefore any GNU GPL'd O/S will be illegal.

#4 The system will be quickly and silently hacked and Bin Laden and his terrorist friends can wreak havoc on our economy and people AGAIN with a simple telephone call.

Just because a law is stupid and ineffectual does not mean it won't happen.

--jeff

Re:Back doors (2)

csbruce (39509) | more than 11 years ago | (#2326490)

Standard operating procedure for corportations that don't want all of their trade secrets handed over to their competitors will be: PGP/GPG --> bitwise obfuscation --> ascii-ization/steganographization --> government-approved encryption.

Re:Back doors (0)

Anonymous Coward | more than 11 years ago | (#2326508)

Just because a law is stupid and ineffectual does not mean it won't happen..

Ahh. But it will be effectual, just not a help to it's original motivation.

They'll not focus on every bitstream (1)

Theodore Logan (139352) | more than 11 years ago | (#2326407)

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Probably, the focus will be on encrypted emails and the like. But, I hear some of you object, this won't prevent Ohama from hiding encrypted messages in porno pics, or whatever he's doing. You're right it wouldn't. But then again, is there even one slashdotter who actually believe this would in any way prevent terrorism? I think not. And I don't think those passing this act think so either. They are just passing as many Orwellian bills as possible in the wake of this tragedy, partly because they want to obtrude on the American people some false sense of security, and partly because they just want to snoop on you, for no real reason at all.

Well.. (2)

cmowire (254489) | more than 11 years ago | (#2326410)

For one, the government would most likely be going after the manufacturers of encryption software instead of the users of encryption software.

Which means the law will be useless because encryption is already out.

The backdoor will probably be in the form of a key or a series of keys that one or more entities has. To make it seem better, multiple authorities will have portions of the key, so that you can't just grab one repository.

You can do statistical analysises and generally figure out if something has a likelyhood of being encrypted. It's a cold-war technology that probably got much usage back then. But it's not the kind of thing you could deploy across the entire network.

Now, I'm not a privacy whacko. I don't encrypt my hard drive. I'm not anti-government. I'm generally pretty pragmatic. But even I don't think that we should have backdoors on encryption software. Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?

Escrow? (1)

syrupMatt (248267) | more than 11 years ago | (#2326415)

The workable solution that I would envision would be the oft proposed "key escrow" system, where the government would hold a copy of each person's secret key/password. A court order would be required in order to access the key, much like a search warrant process.

There are a few holes in this, though. Most obviously, are we actually expecting "mis-users" of encryption to hand over that information?

Given that, there really aren't all that many systems that seen workable to me.

A "skeleton key" for encryption? God forbid that ever get into the wrong hands.

Programmed back-doors? See above.

The whole problem with an encryption back door is it is basically like leaving a house key with someone. There has to be absolute trust that they will not allow it to be stolen/misused.

They wouldn't... (1)

rkischuk (463111) | more than 11 years ago | (#2326420)

The fact here is that the lawmakers who are bringing this up don't understand what they're talking about. If they did, they'd realize that by providing a backdoor, you make cracking the backdoor the goal, not cracking the encryption head on. If they think they can keep our data secure by keeping the backdoor algorithm to themselves, they're mistaken (De-CSS).

The truth is, the people this legislation is targeted at will resort to other methods or ignore the law outright. Steganography looks just like standard data except to the sender and receiver. Meanwhile, the rest of us get our mail read. I'm going to get really pissed the first time someone gets prosecuted for sending an email to a friend saying "I downloaded off of Gnutella the other day." THAT is a search without probable cause, but they're already searching, so they might as well use what they find, right?

crypro backdoors? (1)

hex1848 (182881) | more than 11 years ago | (#2326431)

That completely dose away with the protective purpose of encrypting. If the government knows of a backdoor, joe-q-scriptkiddie wont be far behind. I know that this has been quoted a lot in the recent days but damnit its the truth:

"Those who give up essential liberties for temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin

Burden of proof (1)

sting3r (519844) | more than 11 years ago | (#2326432)

The US governemnt can easily do for a "suspected cryptographic datastream" the same thing that the UK government has done [byte.com] for encryption keys: make it the suspect's burden of proof that they aren't using encryption.

Does this fly in the face of the "innocent until proven guilty" policy? Definitely. But these new laws aren't there for the citizens' benefit - they're there for the snoops, and the snoops don't care if you're sent to jail for 20 years because you couldn't prove you weren't using PGP.

-sting3r

government sponsored encryption (1)

CormacJ (64984) | more than 11 years ago | (#2326437)

Anyone remember that the NSA years ago weakened the DES algorithm. People suggested that this was done to allow the NSA a good chance at cracking DES encryption.

Quite likely it will get to the stage where anyone sending emails with strong encryption will be deemed suspect and put on a watchlist.

As with most laws to prevent crime... (2)

ConceptJunkie (24823) | more than 11 years ago | (#2326439)

This will only stop the unsophisticated users. While the government is backdooring into some 1337 h4x0r script kiddies' communications, terrorists cells will be communicating through steganographic messages with non-government-approved encryption on the local pr0n site.

yes, (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326440)

another goat post ...

Have you ever wondered why goat? The answer is goat. However, goat. That isn't to goat that goat, but goat goat goat. Goat.

Re:yes, (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#2326457)

I do not grok the way you are grokking.

To educate yourself (2)

friday2k (205692) | more than 11 years ago | (#2326451)

There is no easy answer to this question. It certainly depends on the alogorithms used. It depends on who implemented it, tamperfree devices, and much more. Here are a couple of links that might give the interested reader some points to start:

Peter Gutmann's excellent crypto tutorial [auckland.ac.nz]
Some information on Blind Signatures [upenn.edu]
A very nice link page for privacy and encryption [afn.org]
Ron Rivest's (the R in RSA) homepage with an excellent link section [mit.edu]
And a link to buy Applied Cryptography [fatbrain.com], even if the stories lack accuracy it is a good read

Happy reading!

back doors (1)

gumby42 (243681) | more than 11 years ago | (#2326453)

well, the system which was proposed a while ago would work like this: there is the ordinary key system which everyone uses, and then two other keys are generated, each of which would be distributed to a spereate governmental agency. both keys would be needed to open up the encryption. in this way, the only way (in theory anyways) any one in the government would be able to read it is if they get the proper documents and go to both different agenecies and get both halves of the keys. There have been other systems developed where any number of keys are required. how secure they are is still in research, as is any encryption technique. Howerver, even assuming the encryption all worked the way it was supposed to, and this was secure, I still wouldn't really trust the government enough to not be corrupt and just pass out keys under the table or something.

Answer: they could never work (5, Insightful)

Gregoyle (122532) | more than 11 years ago | (#2326461)

They could never work.

The simple reason is that as long as there is an algorithm that cannot be penetrated, either by force or by escrow, that algorithm can hide data. On this, at least, the cat is out of the bag.

One of the more likely scenarios which could possibly keep criminals away from data while allowing governments to have access would be an agreement worldwide on a data-encryption standard that included key-escrow. Likely this would be implemented with a large database of registered keys rather than a "skeleton key" approach simply because the "skeleton key" would be a ridiculously easy target. Of course, this whole scenario cannot work for catching dissidents and criminals, and therefore cannot serve the purpose of fighting terrorists.

The reason is that under any reasonable key-escrow scheme a government would be required to show evidence before using the person's key to find the data. This works fine for average citizens who only use the mandated encryption standard, but, Surprise! When the government uses the key of terrorist Tim to decode his messages, they find that not only did he use the mandated scheme, but he also encrypted his data with his own scheme, which, of course, is unbreakable with current technology. Terrorist Tim wins in two ways here, not only did his data remain secure, but he also managed to waste a large amount of the government's time and resources.

The fact that this is even being proposed shows the ignorance of technology rampant in Congress. I live in NH, maybe I'll write a letter to Senator Gregg.

Re:Answer: they could never work (1)

syrupMatt (248267) | more than 11 years ago | (#2326487)

Here's an even bigger question.....who's to collect the keys?

Let's just assume for a second that Johnny Terrorist uses a program generating keys based upon the "approved" encryption standard. Does a gaggle of armed guards come to his door with a floppy instantly to collect the key?

A key escrow system is probably the most workable of all the insane schemes surrounding this. However considering the logistical/administrative nightmares of making such an escrow and keeping its contents current, I think it is as much vapor as the furor over this eventual/legislation.

Real information by informed sources (1)

Anonymous Coward | more than 11 years ago | (#2326465)

This is a great report [cdt.org] that was compiled after the whole Clipper chip fiasco by a number of people whole know WAY more about it than I do - including Bruce Schneier.

The bottomline is this - if all the public keys for all traffic in the US is locked in a single location it would become the new Fort Knox. Seriously - you hack that computer and you can open intercepted electronic bank transfers and government classified files.
Stupid, stupid, stupid idea....

=tkk

Encryption, Patriotism, and Nimda virus (1)

proclus (33875) | more than 11 years ago | (#2326474)

NewsForge [newsforge.com] is running a story [newsforge.com] about an encryption paper [sourceforge.net] from the GNU-Darwin crew [sourceforge.net]. They interviewed Dr. Love, who says that PGP "could have prevented Nimda worm attacks" that are devastating email servers right now.

"Michael L. Love says the "open-signing" form of encryption that's available with encryption programs such as PGP [pgp.com] and GnuPG [gnupg.org] would keep would-be terrorists from hijacking other people's email to send their messages. Under open signing, the text of the email is open for all to read, but the identify of the sender is authenticated."

There is also some discussion of .NET, and Love says that PGP keyservers could provide an authentication infrastructure to compete with Microsoft in the net services arena. Be sure to see the related Slashdot thread about Microsoft's new authentication proposals [slashdot.org].

How the government might know (2)

ciurana (2603) | more than 11 years ago | (#2326478)

"We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

There is no such thing as "random bits of data" streaming through the network. All data has redundancies and self-imposed structure in order to convey information. Read Shannon for details on information theory.

Most currently available cyphers create a data stream that appears extremely randomized. This, in itself, could be a way for the government snoops to detect encryption: A sample of data that is more random than other data.

You can try the "compression test" for encryption. Try compressing some data. Check the file size. Now, encrypt the same data and run your compression program. You'll notice that the "compressed" file is the same size or larger than the original. This is because the encrypted data is "extremely randomized", and the compression program cannot find patterns in it to compress it. The snoops can use a similar test to detect encrypted data streams, i.e. over time, the probability of any character appearing is 1/n where n is the length of the alphabet (0-255 for bytes).

Steganography and hiding cyphertext in cyphertext (see Applied Cryptography) would be a good way around encryption back doors.

Cheers!

E

Re:How the government might know (1)

Fruny (194844) | more than 11 years ago | (#2326519)

Maybe, but just think of how many compressed files fly over the network?

How many times have you asked (nicely or not) for people to send you compressed files because you have a slow connection or a small mail quota ? And all those mp3s, mpgs, jpgs ARE compressed data.

So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.

Re:How the government might know (2)

dvdeug (5033) | more than 11 years ago | (#2326538)

> You can try the "compression test" for
> encryption. Try compressing some data. Check the
> file size. Now, encrypt the same data and run
> your compression program. You'll notice that the
> "compressed" file is the same size or larger
> than the original. This is because the encrypted
> data is "extremely randomized", and the
> compression program cannot find patterns in it to
> compress it.

This is true of good random numbers, too. It's even more true of compressed data - this test will trigger on every gziped or zipped file to pass through the network. It's also trivial to use some sort of base64 (or more complex encoding that uses letters with English frequency) over your encryption to break this.

It also doesn't distinguish encryption permitted by the government, and cypto using illegal keys and methods.

Instead of requiring crypto backdoors . . . (1)

Occam's Nailfile (522986) | more than 11 years ago | (#2326479)

Let's require all terrorist organizations to register with the US government, and submit to having an electronic tracking device strapped to each member's leg. We will know terrorists are in violation of the law (and therefore up to something devious) when we see them moving around without their tracking devices, and we can accept that as a violation of the law and take them into custody before they blow something up.

Why use crypto at all then? (5, Informative)

DanEsparza (208103) | more than 11 years ago | (#2326484)

I think it's a stupid idea to even toss around the idea of a 'crypto back door'. I can understand why politicians are desperately attempting to dig up the 'silver bullet' that would have stopped the WTC tragedy (and will stop the next horrific event from happening) -- but they're barking up the wrong tree for several reasons.

Making crypto 'safe' with a back door effectively makes it useless. Why would anyone in their right mind use a cryptographic algorithm knowing that a perfect stranger has a 'backdoor pass' to their information? The whole point of crypto is to only allow the intended recipient to view the secret information.

This idea would weaken any cipher that this idea is applied to. Why? Simple. Key recovery in a datastream you haven't ever seen before depends basically on one of 2 things: Brute force, and a little ingenuity. If you know that the cipher has a 'universal backdoor' then each stream encrypted with the cipher will be that much easier to crack -- because the streams will have to be somewhat similar.

What happens when the wrong people get the 'back door' key? You don't think that someone dangerous is going to somehow either recover the key manually, or steal it? Think again. A 'back door' key (or set of keys) of this scope would be too good to pass up. Why bother attempting to recover a key that unlocks one stream, when you can unlock a whole set of streams?

The cat's already out of the bag Why would somebody who really wants to keep information secret use a cipher that didn't keep it secret -- especially when there are so many good ciphers (RC4, Twofish, etc.) that don't have a backdoor? In short -- this is a braindead thought process that will lead the U.S. straight into another disaster.

turing software (0)

Anonymous Coward | more than 11 years ago | (#2326488)

try using the open source turing software... it works using an algo like they used to break enigma... in other words you need to have stold or fortunately stumbled upon an equivelent of your enemies german u-boat.

If you can't decrypt it, it must be terrorism... (4, Insightful)

MrKevvy (85565) | more than 11 years ago | (#2326489)

Simply, that the only way to prove that something was encrypted "legally" would be to automatically break it, all of it, as it passes through various communications channels.

But this is too large of a job for just one person, or a (fiscally feasible) number of people, as much traffic may not pass through a central point. Machines will have to do it automatically, and there will ave to be many o them. Who will make the machines? How will they guarantee that the backdoor isn't released? What if the machines themselves take a walk?

Steganography would be the only way around this, by hiding an encrypted snippet well enough that it doesn't look encrypted. What if someone posts a badly-encoded GIF of their cat on their personal page, and the so-called "Stego detectors" pick it up. Of course, the "message" isn't there. Therefore it can't be decrypted, and they will be flagged as a criminal... scary prospect.

As the technology progresses, only poorly done stego and innocent media would be caught. It's already possible to encode messages to be indecipherable from quantization noise by any theoretically possible system.

Encryption equivalent to income tax evasion (0)

Anonymous Coward | more than 11 years ago | (#2326494)

I don't think that the backdoor thing is going to fly - pretty soon people are going to realize that terrorists could commit far greater acts of terror by *having* and *exploiting* any back door the government puts into crypto products and ripping people off for millions upon millions of dollars.

However, I think govt can take the income tax evasion angle - Al Capone couldn't be convicted of murder (he was too good at hiding his tracks) - so they simply got him on how much money he had in the bank vs how much money he stated on his taxes.

Likewise, the government could say something like - after they get a search warrant - 'hand over the encryption keys that you used for a certain file'. Simple and enforceable - if the suspect of any crime refuses, you get them on encryption abuse. If they do give you the keys, then, well the law works.

All of this doesn't fly though in the face of embedding communications in images, etc. However,
it *does* work for things like monetary transactions, where the software is pretty standard and people need to use conventional software.

Ed

How can access to backdoor be restricted? (2)

sterno (16320) | more than 11 years ago | (#2326498)

The biggest problem with this is what happens to thsoe backdoor keys the government has. I mean first of all, how can we be assured that they can only use the keys with a court order? Furthermore, even if there's a way to assure that, is there any ruling that indicates that's even a requirement. I mean it seems that the fourth amendment might prevent unauthorized access but until a court rules it's hard to say. They could pass a law giving back doors and then alter say that they can access them without court supervision (and the court may or may not support that)

The other problem is that if the government does start accessing things without a court order, how would you know? You could probably develop a crypto system that would leave obvious evidence if it has been accessed through a backdoor, but the government wouldn't want that because it might interfere with an investigation.

How it worked with one commercial product (0)

Anonymous Coward | more than 11 years ago | (#2326499)

Lotus has a 64-bit encryption. The "approved for export" product had only 40-bit encryption, however. The same 64-bit encryption still applied, however 24 bits of the encryption were held by the Feds. Thus the Feds could then easily crack a 40-bit encrypted message, but would have more difficulty with 64-bit.

Since this was all done several years ago, we can all safely assume that 64-bit encryption is easily crackable by the Feds, and that's why they agreed to allow 64-bit encryption to be exported.

Dig out your old Clipper chip documents (3, Interesting)

BeBoxer (14448) | more than 11 years ago | (#2326501)

The government has already done a lot of research into the area, and pretty much implemented a whole key-escrow system. Nobody used it and as a result it was a flop. To be honest, I don't know how much of the supporting infrastructure was actually deployed.

The basics of Clipper worked like this. The system was based on hardware encryption chips which implemented the protocol. No software versions existed AFAIK for obvious reasons. Each and every chip had a unique ID and "unit key". Each encrypted transmission had a Law Enforcement Access Field (or LEAF) prepended to it. The LEAF consisted primarily of the current session key encrypted with the unit key of the sending chip and it's ID number. I believe the whole LEAF was then encrypted with a single key shared by all chips.

On the law enforcement end, the DoJ was supposed to maintain a database of all the chip ID / unit keys. There was lots of fancy promises made about the security of the database, and how it would be split it two so that two separate agencies would have to cooperate in order to gain access to the database, etc. All very feel good but in the end un-auditable and basically BS since the regulations guaranteed that there would be no penalty for improper access to the keys.

Anyway, the LEAF field in combination with the database allows access to the session key and hence the plaintext of any message.

The whole scheme has so many problems it's not even funny. Not the least of which are: the whole protocol has to be keep top secret. If you know how to generate a legitimate LEAF field, you know how to generate a bogus LEAF field too. An AT&T researcher published a paper about how to get two Clipper chips to talk to each other with bogus LEAF fields. It took a fair amount of trying to get random LEAF's which had valid checksums, but it was quite doable. Presumably, they won't repeat that mistake. Software implementations are pretty much verboten, since they are far too easy to reverse engineer or tamper with. If you are trying to mandate back-doored encryption, you would pretty much just mandate that all encryption be performed using NSA designed and approved chips manufactured by a secure contractor.

As to what stops you from sending random data, one need only imagine the governments response when they detect that you are sending random data. Such random data would be presumed to be illegally encrypted data, and you would be arrested as such. It's quite possible that you would be freed once you had shown that the data was random. In the mean time, your face would be plastered on the front page of the paper as a "suspected terrorist". You might expect to be held without bail due to the extreme danger a suspected terrorist poses to society. The draconian penalties involved will serve to keep people in check, not any technical ability. Look at the penalties handed down for DMCA violations. Then compare the severity of pirating a movie versus flying an airliner into a building. Finally, scale the DMCA penalties accordingly. You can imagine the outcome.

enforcement (0)

Anonymous Coward | more than 11 years ago | (#2326504)

How do we force our enemies to use encryption with our backdoors? How about those outside US jurisdiction (like Bin Laden)?

A backdoor will only allow the US to spy on itself. Even internal enemies won't use such.

Easy Ways to Avoid Backdoors (3, Interesting)

Bonker (243350) | more than 11 years ago | (#2326507)

If a normal guy like me can come up with these, you know that scary, insidious, Terrorist types are lightyears ahead:

1. Use existing crypto programs or write your own. Anyone with access to a high-level math textbook or a book on encryption and a little bit of coding experience can currently write crypto that is brute-forceable only by supercomputers. The same is true of the existing versions of PGP and other crypto programs available world-wide.

2. Steganography. Apps exist world-wide that will hide plain or crypted data in all sorts of things. Images, MP3's, Spam Mail, etc...

3. Use non government-controlled chanels to transmit data. Sneaker-net, by definition, is uncrackable without a spy in the house. No technology currently allows LEO's to read a CD without first placing it in a drive. This may not be far off, but it's still effective, so far as I know. Also, most phone companies can be persuaded to install 'burglar alarm' circuits that are just non-powered plain copper that between any two given locations.

4. XOR Crypted data in a manner so that if decrypted without first XORing it back, it will decrypt into useless, but not random information. I'm not a coder, but I can imagine that some talented hacker somewhere could come up with a scheme of encoding a crypted message so that it decrypted as Mom's cookie recipe if you didn't decode it properly.

5. For communications in which anonymity is more important than secrecy, use existing file-sharing networks to propogate messages. Freenet is the best example of this.

6. Transmit textual data in non-standard image formats. Ascii text is easy to detect. A compressed PNG of text data would be much more difficult to detect, especially by automated methods. A compressed or reencrypted raw bitmap would be even more difficult to detect. Existing image scanning programs work by scanning for a predertimined signature. Making images of text so that there is no signature possible is fairly easy in photoshop.

Simple (5, Insightful)

TrumpetPower! (190615) | more than 11 years ago | (#2326511)

We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic?

If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.

The other solution is to weaken the encryption algorithm in some way. There are very subtle approaches, but the simplest is to limit the length of the key. A 40-bit key takes half as long to crack with brute force as a 41-bit key, and a 42-bit key takes twice as long again (all else being equal). If you have an application that uses 128-bit keys, it could be ``dumbed down'' to a 40-bit key by forcing all keys to start with 88 zeroes (or some other known pattern).

How to get people to use such software when there's a wealth of reliable strong cryptographic software readily available is left as an exercise to the reader.

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Most encrypted streams have header information to make identifaction easy for the recipient. If you've ever gotten PGP-signed or -encrypted email, you've seen ``BEGIN PGP MESSAGE'' or some such at the top.

You could, of course, remove all such identification. If the encryption method is strong, what remains is provably indistinguishable from pure noise. If the recipient adds the identifaction back--if she puts ``BEGIN PGP MESSAGE'' before the bits--the result can be fed to the decryption proces without trouble.

But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.

The most commonly accepted solution is steganography, the art of hiding secrets in plain sight. ``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word. Common modern methods of steganography include encoding the message in the low-order bits of a JPEG, but the field is still young and many techniques a bit crude. If ``they'' are already looking at you, ``they'' will have a good chance of finding the message.

As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.

b&

Dangerous to give up freedoms (1)

totallygeek (263191) | more than 11 years ago | (#2326515)

We do not need more crypto laws or ID checks. All these terrorists had proper identification. Airline security has been harped on for years, but the consumers don't want more time spent at airports, and don't want searches. Every time someone purposes we use facial recognition software, the media goes on and on about how that invades privacy and is too "Big Brotherish".


America did not get what it deserved. However, we have turned a blind eye to terrorism throughout the world because it doesn't affect our lives here. Now, we have it here, and there are people blaming cryptography, movies, music, homosexuals, etc. The blame should be that we have not done anything to curtail the rise of terrorism.


As far as a backdoor to our encryption -- no way! A law will only serve against honest people. You think terrorists and drug smugglers will use encryption that has a backdoor?


Mark these words:

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."

-- Benjamin Franklin, 1759

legal rather than technical (2)

eyeball (17206) | more than 11 years ago | (#2326521)

first, i'm not a lawyer.

too much time is being spent thinking about the technical aspects of enforcement and use of 'backdoors'. what everyone's failing to realize is that the technical aspects of crypto laws are irrelevent. it's how they will be used htat's important. if any cyrpto laws are passed, they'll be used in prosecution and trial rather than proactively enforced.

picture this scenario: you are a criminal who has been sending encrypted mesages to someone else. you're busted, and on trial you are asked to decrypt the messages. you refuse. you are then thrown in jail for not complying with the crypto laws.

again, i'm not a lawyer, but it seems that if crypto laws will work in this manner, we are throwing away our 5th ammendment right to refuse to incriminate ourself.

Crypto Debate Links (1)

corky6921 (240602) | more than 11 years ago | (#2326522)

This debate has been around for a long time. In particular, things to note are:

  • Britain has considered introducing a system whereby a key to decrypting the encrypted data has to be sent to the government. Here is more information [gilc.org] from a dissenting group of privacy advocates in Britain.
  • Microsoft has been accused of doing this (and I remember hearing about one time where they actually lost a server containing their only key.) There was a lot of debate over that; you can read some more abuot Microsoft's key structure here. [wired.com]
  • Here is a long but rather interesting viewpoint [brook.edu] of the debate about crypto.
  • Don't forget (and please, tell your less technically-inclined friends) that crypto is NOT just used to send secret terrorist information. It is used by major retailers on the Internet to encrypt sensitive personal information such as credit card numbers.

A hypothetical example of my biggest personal fear regarding crypto follows:

An overzealous government tries to stomp out terrorism by requiring crypto backdoors. For the sake of argument, let's say it is the United States. Now, there are millions of hackers out there. A lot of them are smart enough to realize that if the government required keys to be kept in a central location, a hack of this location would be the biggest hack EVER. It would contain ALL keys to credit card numbers used by major Internet retailers. It would contain sensitive healthcare information. It would contain numerous trade secrets sent by company representatives.

Before we go any further, let's say that it was hacked. Now Joe Consumer knows his personal information was sent to Amazon.com. Amazon was required to give the key to decrypting it to the government. Now some terrorist has it. The government blames rogue hackers. "Well, whatever," Joe thinks to himself. "All I know is that they got my information from the Internet. I'm certainly not going to buy anything from there again."

You see, in this (albeit alarmist) scenario, the government has facilitated what could possibly be the biggest terrorist attack EVER, and ruined e-commerce in the process.

As an offhand note, do you think the government would use a system like Passport to do this? If so, we're in for a really tough ride. Just something to think about.

P.S. While I abhor the thought of keeping data in one place, I do support the idea of basic security regulations so that I know that when I purchase things online, my data IS actually being encrypted instead of being sent via plaintext email to the site owner.

Why is Decryption Needed by the Feds? (2)

scotpurl (28825) | more than 11 years ago | (#2326527)

It's my primitive understanding of the court system that during a trial, the records of phone calls may be entered into evidence. This is not the actual content of the call, and who made the calls is not part of the evidence. Just the fact that one telephone called another telephone.

Why then must the Feds know what is in a message? If the fact of tranmission of a message is adequate, at least in the courts, then why does the content need to be known?

Also, why does the Government beleive that it should have the right to be a party to all conversations? If the Feds had a time machine, and could travel back in time and listen in on any conversation, I beleive that would be ruled an invasion of privacy. How then is decrypting a message any different?

Random bits or encrypted data? (1)

rice_burners_suck (243660) | more than 11 years ago | (#2326532)

The government could not possibly know whether a data stream is encrypted data or random bits. Think about it... If a standard encryption scheme is used, there might be header data that they can look at, but if you're a terrorist or a crook, you'll probably use a nonstandard encryption scheme, or even a standard one but with some data rearranged. For example, you could encrypt the data and then reverse it strrev()-style before transmitting it.

The idea of crypto backdoors is really stupid for several reasons. The biggest one is that once the backdoor(s) are found, all data is compromised, and if this legislation is passed, I firmly believe that a year or so down the road, there will be billions of dollars in damages caused by the compromise of data, from credit card numbers to trade secrets. The terrorists will either avoid using the Internet altogether or will simply work around the backdoors.

If the government decides to force crypto backdoors, that would be the most ridiculous thing on the planet! Terrorists could simply write their plans on a piece of paper, seal them in an envelope and mail them! How is the government going to respond to that? By opening and reading all our mail as well? What if the mail is written in a code language? Is written encryption going to be outlawed? Why not arrest children who make up their own codenames and codewords?

The trouble is that the government is so busy blaming things like encryption that they're leaving huge gaping holes elsewhere. A guy on 60 Minutes, for example, said that airport security is trained to look for very specific things in luggage, like a bomb in an otherwise empty bag. Interestingly, he said that a bomb is defined as a bundle of dynamite sticks with a big analog clock stuck on the side. I don't know about you, but I have a feeling that bombs don't look like the ones we see in cartoons.

That's just one example of typical government regulations. Just like OSHA making up rules that every industrial employee must break daily because it's impossible to get any work done while following them. I'm starting to believe that the real problem with security is the fact that they're trying to replace common sense with very specific written rules. I think the first place to begin with this war on terrorism is in our education system. Children are taught to follow directions. Don't even get me started on this because I'll write pages and pages on the subject. Children should be taught to think on their own--this isn't currently happening, despite activities teachers call "problem solving."

Encryption is the digital counterpart of an envelope, no more, no less. Trying to force backdoors on encryption is going to be a futile effort, and will only provide the government with one more impossible task to waste their time on. Tell your friends and neighbors.

Here's what I said to my political representatives (4, Insightful)

Zwack (27039) | more than 11 years ago | (#2326535)

This is a long post (for me)... It basically contains the majority of a letter that I sent to my representative and senators... It basically states a number of reasons that I think this proposal is inoperable. I encourage all of you to contact your elected representatives as well.

Adam/Zwack

As I feared when I first saw the attack on the World Trade Center, it has been reported (http://www.wired.com/news/politics/0,1283,46816,0 0.html) that "Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without back doors for government surveillance."

Media reports have made it appear that Osama Bin Laden may have used encryption, but it is more likely that he relied on a lack of technology. According to the media, Bin Laden held face-to-face meetings in a private room rather than trusting that the communications channel was not intercepted. One journalist who has met him had some newspapers with him and Bin Laden is reported to have pounced on them and read them as he was so out of touch with the outside world.

Even if there is a ban on encryption products, older encryption products already exist without those back doors. Writing encryption software is not too complicated (Applied Cryptography is about $40) and terrorists and criminals are not going to worry about breaking yet another law. So who would this effect? Criminals? No. Terrorists? No. Penry, The Mild Mannered Janitor? Could Be.

Anyone can do a little research and find out that there are other techniques that cannot be legislated against that are just as effective for secret communications.

Ronald Rivest, one of America's foremost cryptographers published a paper in 1998 called "Chaffing and Winnowing: Confidentiality without Encryption." (http://theory.lcs.mit.edu/~rivest/chaffing.txt) In it he describes a method for plain text communication which does not rely on encryption to hide the message. He then goes on to add more twists to the method, which mean that if someone demanded the actual message you could give them a completely false, and presumably inoffensive, message.

If that wasn't enough to make legislation on encryption pointless, then steganography, the practice of hiding one message inside another, could be used either independently or with "Chaffing and Winnowing". It is possible for messages to be hidden within pictures, movies, sound files and even Stream of Consciousness-like poems easily. The sophistication of some of the programs is astounding. One program (http://www.outguess.org/) actually performs a statistical analysis on the image first to ensure that in hiding the message it does not modify the image too much.

There are numerous other non-technological techniques that could make this law pointless. For example, the terrorists could choose a book, say Hamlet, and spell out their message with the words or letters in that book. A message like "42 23 17 65" is not going to mean much to anyone until they know that in a specific edition of a specific book they should read the twenty third word on page 42, the 65th word on page seventeen... and so on.

They could use a simple code where phrases mean certain things. So "I went to see the new production of Oscar Wilde's Importance of Being Earnest" might mean "The birthday cake arrives tomorrow". As long as only the parties involved know the code phrases, and their meanings this kind of communication is impossible to break.

If encryption software without back doors is outlawed, what will terrorists do? If they're paranoid they'll use illegal encryption to encrypt a code phrase, hide it in an image, and then mix it with several completely innocent, and some totally random streams using chaffing techniques.

That way, by the time the NSA have worked out which streams contain real messages, figured out that one or more of the images contains a steganographically hidden message and broken the encryption on it, they will have wasted weeks in order to get a perfectly normal sentence that isn't going to mean anything to them anyway.

In that same period of time, several companies who are obeying the law and not using encryption will have had their company secrets stolen by other companies, as they couldn't encrypt confidential messages between two of their office. The French Secret Service was known to pass trade secrets to French companies when the French government was strictly controlling encryption. Add to that the many completely innocent uses of encryption for security and confidentiality: communicating with banks, logging on to remote servers, protecting medical records, implementing Virtual Private Networks and so on. Banning encryption that the government can't decode is more likely to cause harm to the law abiding citizen than it is to stop or reduce terrorist or criminal activities.

In short, any attempt to regulate the free flow of ideas, whether encrypted or unencrypted is only going to hinder law abiding citizens, and effectively punish them, without providing any additional safety. Remember that these highjackings were very low tech, no computers were hacked, no high technology weapons were used, just people armed with knives and the willingness to die.

Remember the movie "Sneakers" ? (1)

cOdEgUru (181536) | more than 11 years ago | (#2326536)


Maybe NSA has an encryption breaking scheme hardwired in to a chip, and all that takes is a blind guy with a young hacker to flip switches to decode all encrypted streams of data.

But seriously, thats probably what NSA/CIA/FBI has told the Congress and Senate before they got their approval.

What they probably might succeed at is that they would listen to traffic inbound from suspected terrorists / rogue states(god knows how they plan to figure that out) and try to descramble every piece of information. More of a scenario like, with ten thousand monkeys clammering on their keyboards, atleast one has the probability of writing a Shakespeare sonnet. So what do we have, some vague FBI spook listens in on data suspected to be a list of political leaders to be assasinated, and instead accidentally snoops on a recipe for Apple pie.

God Bless America.

Non-Compliant Crypto Programs (1)

stuffman64 (208233) | more than 11 years ago | (#2326540)

What is to stop people from writing thier own crypto programs, avoiding alltogether the need for a backdoor? If I wrote such a program, all I would need to do is snail-mail it to someone. We could communicate without worry of being monitored. Are their legal implications to doing this? If the FBI somehow figured out how to break my encryption scheme, would they be violating the DMCA?

Several options (4, Informative)

jd (1658) | more than 11 years ago | (#2326542)

  • Key Escrow, where some percentage of the private key is registered with the Govt.
  • Synonyms (which requires weak algorithms), where a third "key" is generated, which is different from, but functionally identical to, the private key. One way to do this is to fix certain bits. This was accidently done in some early SSL implementations for Netscape.
  • DH duplicates, where key exchanges are automatically forwarded by the hardware and/or software.
  • "Skeleton Keys", where the hardware logs the keys used, and transmits them on request.
  • A requirement to use Microsoft encryption code. Ooops, sorry, already covered. :)
  • Plain-text logging by hardware, prior to all encryption, available on request.
  • Requirement for HW manufacturers to build TEMPEST into all machines, with images forwarded.
  • Keyboard loggers mandatory on all machines, with data stored and/or forwarded.
  • A return to mainframe-style machine operation, where everything is handed over to approved operators. (So THAT's why certification programs are so popular....! :)
  • A ban on all privately-owned computers, with all machines becoming dumb terminals to a central machine. One box to rule them all, and in the darkness BIND them...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...