Harmon Seaver wrote...
Why the hell would anyone use lotus notes encryption for anything whatsoever?
Lotus Notes or whatever, of course. The point here is that larger organizations with decryption capabilities probably do not think on the message-by-message level very often, just like credit card companies and insurance agencies deal with their customers in statistical buckets. It's also conceivable that a large variety of individuals, of varying levels of sophistication and education, catch wind of information the government may be interested in. Some of them may not feel or know that their message is of enough importance to go outside ofLotus Notes or whatever if they have it.
OK, let's assume for the same of argument that it takes about 1 minute for Echelon/NSA-like resources to break a weakly encypted lotus notes message. And then let's assume that there's a whole LOT of these machines sitting somewhere.
And as the grumpy Tim May has suggested, perhaps only a small fraction of encrypted messages are (or can be) sent for decryption.
Then the expenditure of such resources is going to be a big statistical optimization problem, akin to that faced in the credit card industry (eg, in approving or declining a POS transaction).
The gub'mint or whatever doing such monitoring will therefore probably look for certain signs that will kick off decryption. For instance, the sporadic use of cryptography in cetain demogrpahic areas might cause a % of those to be sent over for routine check, particularly if there is no encryption used by that populace, and then all of a sudden there are bursts.
Also, changing the strength of encryption might be a kickoff, but again I reveal I am a newbie with this question: Is it possible to determine (at least approximately) the strength of encryption of an intercepted message?
Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly from weak to strong encryption in his messaging, that would kick off a flag somewhere sending that message for cracking.
So if a bin Laden were smart, he should routinely use encryption for all of his messages, even the most trivial, because the change in pattern would be a tipoff to send his encrypted messages for hacking.
And the there are probably less obvious, large-scale statistical
indicating something's up, and causing a % of such messages to be hacked and then sent for routine check for key words.
From: Adam Back <adam@cypherspace.org> To: Tyler Durden <camera_lumina@hotmail.com> CC: DaveHowe@gmx.co.uk, cypherpunks@lne.com Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:41:21 +0100
Sounds about right. 64 bit crypto in the "strong" version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages.
The NSA's backdoor public key is at the URL below.
http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
(The public key had an Organization name of "MiniTruth", and a Common Name of "Big Brother" -- both Orwell "1984" references, presumably by a lotus programmer).
Adam
On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
"I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?"
I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and
On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote: patterns the
International, the International being "legal for export".) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop.
From: "David Howe" <DaveHowe@gmx.co.uk> To: "Email List: Cypherpunks" <cypherpunks@lne.com> Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote:
The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
-- Harmon Seaver CyberShamanix http://www.cybershamanix.com
"War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses." --- Major General Smedley Butler, 1933
"Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce everybody else on the planet: nonviolently, if possible, and violently, if necessary. But the purpose of US foreign policy of domination is not just to make the rest of the world jump through hoops; the purpose is to faciliate our exploitation of resources." - Ramsey Clark, former US Attorney General
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx