Lizard, you're missing the point. First, the NETcenter was sold to the Commerce cmte yesterday as a way to perform successful cryptanalysis on enciphered documents. The rhetoric was all about keeping codebreakers up to date with codemakers. To anyone with a glimmering of a clue about modern cryptography, this is complete bullshit. Industry lobbyists on Monday also tried to push this line at a press conference; I called them on it and they said, no, I was wrong, this center would let the FBI keep up with the times. Yeah right. Second, the NSA already performs these duties. Whether they should be allowed to or not is a different argument. Third, there's no funding appropriated for the NETcenter. It's useless without it. Again, it's bullshit. Fourth, even industry lobbyists admitted to me privately yesterday that NETcenter was a scam designed entirely to head off Oxley. -Declan On Thu, 25 Sep 1997, Lizard wrote:
At 10:33 AM 9/25/97 -0700, Tim May wrote:
Once the NETCenter failed to decypt the first several dozen instances of PGP or 3DES thrust before it, I rather expect enthusiasm will wane.
But it doesn't have to decrypt it. It has to tell the cops: "OK, you need to send a guy in there when he's not home and look for a file called 'mykey.gkr' on his computer...it will probably be in c:\pgp. Then you need to plant a video camera to watch him type his passphrase. Then we can read his mail, no sweat."
I don't know why I keep making this point, but the weak point in crypto is NOT the length of the key, it's the human factor. Go after the HUMAN USING THE CRYPTO via traditional spy/police methods, and smeg the key length.
But to do that, you see, you'll need warrents, reasons for suspiscion, and, becuase of the effort involved, you'll only do it for serious crimes with a strong liklihood of conviction. *That* is the 'stauts quo' law enforcement *claims* to want.