Posted on 02/04/2008 4:10:52 PM PST by balls
A recently released tool that allegedly was designed to help al-Qaeda supporters encrypt their Internet-based communications is a well-written and easily portable piece of code, according to a security researcher who has analyzed the software.
Whoopsie!
Back to the drawing board Achmed!
Not sure it makes any difference. There are plenty of terrorists already in the country who would have access to PGP and other encryption techniques.
“I wonder how different things would be if we had not eliminated the encryption export rules a few years ago.”
Do you seriously believe that only US can produce encryption technology? Most of the recent improvements in encryption algorithms and technology have come from outside of US (Western Europe, now increasingly Eastern Europe and Russia and even China). Even in the US, the people who actually implement and invent the new stuff are increasingly immigrants. The company I work for is a major player in this field and most of the people who work with security algoritms are non-US citizens. More than half are also located outside of US.
How come Al Qaeda gets to be encrypted and we don’t.
This researcher doesn’t need to say that! That info should still remain secret! Now the enemy knows we analyzed it and made prouncements about it. Shoulda said we can’t figure it out! Leave them guessing!
Jeez! Some security!
Not a whit. Any competent programmer who can master a little number theory and doesn't care about US patents can implement RSA encryption, El Gamal encryption or the Diffie-Hellman key exchange protocol, and any competent programmer even without a knowledge of number theory can implement any of the various strong private-key systems (or variants thereof).
If Computer World has it and they are testing it, it can’t be that good.
What this really shows is that we cannot lose this war. The decentralization of technology will continue apace and we cannot afford to lose and allow it to used against us terrorists sponsored by Ayatollahs and Saudi princes.
I thought aLgore invented encryption.
Get PGP and encrypt your e-mail (or learn to program and write non-standard encryption protocols to give the NSA fits if you feel left out.)
Absolutely none. Those rules were a product of Congress not understanding that writing laws against dissemination of publicly available information couldn't stop it from happening.
Ping...
“Any competent programmer who can master a little number theory and doesn’t care about US patents can implement RSA encryption, El Gamal “
Actually, this is not true. Implementing a security algorithm is extremely difficult and patents are more or less irrelevant here. They give introduction to topic (better intro can be found in textbooks) and some specific claims for some limited parts of algorithm. US government can crack any code using these patents in a nanosecond.
Encrypt away...Someone is always watching....
From the Old Time Radio Show:
“Only The Shadow Knows”
Not so. The 16-round Blowfish cipher (private key) is subject to no patents, and is even available as shareware for Macs (iCrypt), and unless the NSA has some results the public doesn’t have access to is not susceptible to cipher-text only attack, and the best published known-plaintext attack requires 2^129 blocks of encrypted text to break the cipher for generic keys.
Twofish, also not patented, with freely available source code, is supposedly stronger (according to Sshneier, who helped in the development of both.
The main problem for AQ is a public key key-exchange protocol, which as I noted, is easy to do if one doesn’t care about US patents (and AQ plainly cares nothing about violating US laws regarding theft, murder, destruction of goverment property, . . . so the threat of a patent enfringement suit from the holders of the RSA patent isn’t exactly going to trouble them.)
0100001001100101011000110110000101110101011100110110010100100001
The problem for Al Queada is the extra code the CIA slipped into their version.
Whence comes your confidence that the government has either a publicly unknown factoring algorithm on classical computers, or a quantum computer with enough q-bits (and well enough shielded from thermal background that the state doesn’t decohere) to implement Schor’s algorithm?
Short of that RSA, used as a key exchange method for a strong private key method, provides quite adequate security against NSA attack. (I like sending RSA encrypted keys better than Diffie-Hellman, but that’s just me.)
I teach RSA, El Gamal and Diffie-Hellman about once every three years in a short-course on cryptology. I beg to differ, but the algorithms are all trivial
to implement. The only impediment to their use might be finding a enough
100 to 200 digit primes, but again, a competent programmer with a good knowledge of number theory should have no problem.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.