System Status: Mail server SSL certificate updated; some older mail clients (e.g., Eudora) are having problems. See welltech.374 for more info.


inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #76 of 86: Undo Influence (mnemonic) Mon 26 Feb 01 14:13
    

Betsy, the upcoming CFP (just a couple more weeks now) is also in
Cambridge/Boston.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #77 of 86: Steven Levy (steven) Sat 3 Mar 01 15:00
    
Hi, I'm back, and will continue to discuss if there's interest.

I think that the general impression is that there was no "hole" or backdoor
in DES.  The hole, if you want to call it that, was the up-front limitation
of a 56-bit key.  I have the strong impression -- one confirmed by "high
government officials" -- that the NSA underestimated how widespread DES
would be, and later regretted that the 56 bits was the only limitation. Thus
for years -- until late 1999, in fact -- you couldn't use DES in
shrinkwrapped software for export. By then, of course, the 56 bit hurdle
was something that could easily be broken, as the EFF proved with their DES-
cracker, which cost a bit more than $200 K to crack one key, and very little
thereafter to crack more keys.

As for what the NSA does with old computers, you can see a few, including a
costly but no longer state of the art Thinking Machine supercomputer, at the
National Cryptologic Museum, a trip I highly recommend.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #78 of 86: Infradibulated Gratility (ssol) Sun 4 Mar 01 09:20
    
http://www.nsa.gov/museum/map.html
 for directions. It's in Maryland, just outside of DC, I believe.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #79 of 86: James Howard (howardjp) Sun 4 Mar 01 11:19
    
I was all over Meade a couple weeks ago and missed the museum.  Looks like
I need to go back.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #80 of 86: Eric Rawlins (woodman) Wed 21 Mar 01 15:18
    
Seems to me the biggest hole still remaining in public crypto is that the
encrypted message, though unbreakable, is still recognizably and obviously
an encrypted message, allowing the Man to come back to you and say, "Decrypt
this thing or I'll throw your ass in jail." I'd love to see a crypto system
where the encrypted message looks like plain English or whatever; for
instance, you supply it with a plain-English innocuous model and the system
embeds into it the true message in the form of "typos" or something. At that
point the FBI can take their Carnivore and melt it into scrap.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #81 of 86: Bob 'rab' Bickford (rab) Wed 21 Mar 01 15:27
    

  See the recent book "Disappearing Cryptography" for lots more on
that theme.  I'm about halfway through my copy.....
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #82 of 86: windblowne (satyr) Thu 22 Mar 01 07:56
    
There are methods for embedding cryptographic messages in, for instance,
graphics files, such that they're not obviously there.  (Probably the NSA
can detect their presence, but you wouldn't know to suspect anything just
looking at the rendered image.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #83 of 86: Paul Bissex (biscuit) Thu 22 Mar 01 10:33
    
<woodman> -- it's called Steganography.  Check out:

  http://steganography.tripod.com/stego.html
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #84 of 86: Bob 'rab' Bickford (rab) Thu 22 Mar 01 12:56
    

  Yes, that's what the book I referred to above is about.  See also my
friend Romana Machado's page at   http://www.stego.com/   for more --
she introduced me to the subject in 1986, actually.
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #85 of 86: Betsy Schwartz (betsys) Fri 23 Mar 01 09:30
    
This is the basic thing that I'm not getting about crypto: How *do*
you tell when you've unencrypted the message, when you're running
through millions of possible solutions?

If detection has anything to do with letter frequency, then wouldn't
removing spaces, and adding letters so that the distribution appears
random, make it difficult to identify when you've found the plaintext?
  
inkwell.vue.103 : Steven Levy - Crypto: How the Code Rebels Beat the Government
permalink #86 of 86: Bob 'rab' Bickford (rab) Fri 23 Mar 01 11:48
    

  You look for an expected pattern of some sort -- simple letter frequency
is the most obvious, but there are lots of others.  For example, if you're
expecting to find an email message in more-or-less-standard format, then
you'll expect to see a group of lines of text that include things like the
various From: and To: and Date: fields, followed by a blank line, followed
by more text.  If you're expecting to find a compressed file created with
something like ZIP, then there are specific patterns to look for there as
well (including a sort of header).
  



Members: Enter the conference to participate

Non-members: How to participate


Non-members: Please enter your comment or question:
All non-member comments are read before posting. All spam is discarded.

Your email address:
We will only use this email address to contact you for clarification.

Your real name:
Your name will be used to identify your comment if it is posted.



Subscribe to an RSS 2.0 feed of new responses in this topic RSS feed of new responses

 
   Join Us
 
Home | Learn About | Conferences | Member Pages | Mail | Store | Services & Help | Password | Join Us

Twitter G+ Facebook