Inkwell: Authors and Artists
Undo Influence (mnemonic) Mon 26 Feb 01 14:13
Betsy, the upcoming CFP (just a couple more weeks now) is also in Cambridge/Boston.
Steven Levy (steven) Sat 3 Mar 01 15:00
Hi, I'm back, and will continue to discuss if there's interest. I think that the general impression is that there was no "hole" or backdoor in DES. The hole, if you want to call it that, was the up-front limitation of a 56-bit key. I have the strong impression -- one confirmed by "high government officials" -- that the NSA underestimated how widespread DES would be, and later regretted that the 56 bits was the only limitation. Thus for years -- until late 1999, in fact -- you couldn't use DES in shrinkwrapped software for export. By then, of course, the 56 bit hurdle was something that could easily be broken, as the EFF proved with their DES- cracker, which cost a bit more than $200 K to crack one key, and very little thereafter to crack more keys. As for what the NSA does with old computers, you can see a few, including a costly but no longer state of the art Thinking Machine supercomputer, at the National Cryptologic Museum, a trip I highly recommend.
Infradibulated Gratility (ssol) Sun 4 Mar 01 09:20
http://www.nsa.gov/museum/map.html for directions. It's in Maryland, just outside of DC, I believe.
James Howard (howardjp) Sun 4 Mar 01 11:19
I was all over Meade a couple weeks ago and missed the museum. Looks like I need to go back.
Eric Rawlins (woodman) Wed 21 Mar 01 15:18
Seems to me the biggest hole still remaining in public crypto is that the encrypted message, though unbreakable, is still recognizably and obviously an encrypted message, allowing the Man to come back to you and say, "Decrypt this thing or I'll throw your ass in jail." I'd love to see a crypto system where the encrypted message looks like plain English or whatever; for instance, you supply it with a plain-English innocuous model and the system embeds into it the true message in the form of "typos" or something. At that point the FBI can take their Carnivore and melt it into scrap.
Bob 'rab' Bickford (rab) Wed 21 Mar 01 15:27
See the recent book "Disappearing Cryptography" for lots more on that theme. I'm about halfway through my copy.....
windblowne (satyr) Thu 22 Mar 01 07:56
There are methods for embedding cryptographic messages in, for instance, graphics files, such that they're not obviously there. (Probably the NSA can detect their presence, but you wouldn't know to suspect anything just looking at the rendered image.
Paul Bissex (biscuit) Thu 22 Mar 01 10:33
<woodman> -- it's called Steganography. Check out: http://steganography.tripod.com/stego.html
Bob 'rab' Bickford (rab) Thu 22 Mar 01 12:56
Yes, that's what the book I referred to above is about. See also my friend Romana Machado's page at http://www.stego.com/ for more -- she introduced me to the subject in 1986, actually.
Betsy Schwartz (betsys) Fri 23 Mar 01 09:30
This is the basic thing that I'm not getting about crypto: How *do* you tell when you've unencrypted the message, when you're running through millions of possible solutions? If detection has anything to do with letter frequency, then wouldn't removing spaces, and adding letters so that the distribution appears random, make it difficult to identify when you've found the plaintext?
Bob 'rab' Bickford (rab) Fri 23 Mar 01 11:48
You look for an expected pattern of some sort -- simple letter frequency is the most obvious, but there are lots of others. For example, if you're expecting to find an email message in more-or-less-standard format, then you'll expect to see a group of lines of text that include things like the various From: and To: and Date: fields, followed by a blank line, followed by more text. If you're expecting to find a compressed file created with something like ZIP, then there are specific patterns to look for there as well (including a sort of header).
Members: Enter the conference to participate
Non-members: How to participate