Posted on 02/04/2008 4:10:52 PM PST by balls
A recently released tool that allegedly was designed to help al-Qaeda supporters encrypt their Internet-based communications is a well-written and easily portable piece of code, according to a security researcher who has analyzed the software.
Not a problem if AQ programmed it themselves, which has been the point of my posts: the algorithms are not that hard. I teach them to undergrad math, engineering, and CS majors about once every three years. You don’t think AQ has been able to radicalize a few Muslim CS majors? (None from my classes—I’ve not had any Muslim students in them,.)
I wonder if anyone in the NSA is still around to remember this trick. They could disassemble it , place the Trojan in, then reassemble and post it again on the Internet. Nothing is safe electronically. I wonder what FIASA (?) would say about this ? If the program is used for illegal purposes (keys must be registered) , then it should be no problem.
ok, I trust you. I’m more a patent expert than security expert.
IIRC, Al Qaeda means "the base" and that comes from a computer database Bin Laden used to keep track of the organization.
Funny you should say that. I developed a short encryption program a couple of years ago which doesn't use any of the standard algorithms. I contacted NSA about it. I gave them a brief description, but for security reasons no detailed description. I told them if they needed a detailed description to contact me. I got a letter back from them telling me to go through the procedure of soliciting business ( like a contractor does ). I wrote them back saying that I was not selling it, I was offering it to them. They sent back a letter saying they were not interested. Now from the description I wrote to them, anyone familiar with cryptography would have requested a second look. Instead they brush me aside, not knowing my background. It seems the NSA has the attitude - " If it not created here, it is no good " By the way, I am a Mathematician with a background in Number Theory
You said — “Not sure it makes any difference. There are plenty of terrorists already in the country who would have access to PGP and other encryption techniques.”
No, it doesn’t make any difference, because PGP was “international” years ago and the U.S. Government could not stop it from going international. Just read up on Phil Zimmerman and what he went through in order to *make sure* that PGP went “international”.
There was nothing at all that the U.S. government could do to stop it. And even it the U.S. had made draconian laws preventing any exports and jailing thousands of people — does that mean that the U.S. Government thinks that the only programmers that exist (for making encryption program) are in the U.S. (and don’t exist in any other country in the world)?
It’s ludicrous to think that the U.S. could stop something like that, which other countries and other programmers are fully capable of making...
Regards,
Star Traveler
Who has told you that you can’t have unbreakable encryption? Whoever told you that — told you a lie...
Regards,
Star Traveler
I haven’t heard any evidence (of any kind, at all) that the U.S. Government is able to crack PGP in a nanosecond, much less in a million years....
Regards,
Star Traveler
Or maybe that year's budget for evaluating unproven encryption methods had already been spent.
Sure, a shared one-time random binary pad (or for old school types, random letter stream Vigenere key) provides perfect security, provided the key is never reused and not intercepted.
The trick is to exchange keys over a monitored channel without interception. Quantum encryption is one suggestion, and I’ve heard another that depends on ‘Alice’ and ‘Bob’ having a direct wire link.
it wouldn’t have made a difference. Americans are not the only ones who can write code.
>>Our encryption technology and web servers are helping Al-qaeda. I wonder how different things would be if we had not eliminated the encryption export rules a few years ago.<<
A lot of the effect of those rules was a brain drain that sent encryption research overseas. It only hurt lawful researchers.
A tool is just a tool. When PGP first became popular around the world various democracy movements praised it since it allowed them some protection from the death squads.
He was one of encryption's biggest enemies and wanted the government to have a back door into your private encrypted communications (honestly, we won't abuse this ability).
Not really, as the current standard wasn't developed by the NSA. They just went through a round of selection a few years ago and are probably not too interested. The best way to get your method accepted is to publish it in cryptographic circles. Flaws are found in the vast majority of implementations. Even a couple of Bruce Schneier's attempts failed to withstand peer review (his MacGuffin cipher died really fast).
Now if you think you have the perfect hash algorithm, I believe they're looking for one.
Yeah, cuz furriners are all too stoopid to do that complicated computer stuff unless they can crib notes from a real Amerikun.
Sheesh.
Actually, IIRC the basic RSA patents have expired, so that one at least is freely available (though some of the later refinements might still be under patent).
And don’t forget making our companies less competitive since they could only ship products with 40-bit encryption while foreigners’ products could ship with anything.
I understand the reason for export controls, but there was a point where the encryption controls did more harm than good, and that point was crossed years before the controls were dropped.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.