Forwarded message:
From fc Sat Jul 29 07:18:30 1995 Subject: NO reasno whatsoever for the MILITARY to use an intentionally WEAK encryption system. To: pgf@tyrell.net (Phil Fraering) Date: Sat, 29 Jul 1995 07:18:30 -0400 (EDT) In-Reply-To: <199507282019.AA27619@tyrell.net> from "Phil Fraering" at Jul 28, 95 03:19:45 pm X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 3694
...
You misunderstand. With public key encryption, the proliferation of processor power and bandwidth, and their funding, there is NO reason whatsoever for the MILITARY to use an intentionally WEAK encryption system.
The military doesn't have that much funding for this sort of thing. There are more than 2.5 million computers (est.) in the DoD, and to put in and manage a cryptosystem for this large a network is a very difficult and expensive proposition. At $100 per computer (including only purchase price and installation) that's $250 million, but that only covers relatively low bandwidth communications. The vast majority of systems use Ethernets and similar things where encryption is far more expensive - but we'll ignore that for now. You also have the key management problem. You need to create a secure distributed key management database capable of handling 2.5 million public keys. No current system I am aware of can do this, so there is a substantial R+D problem out there. Then we have to put hooks into every different OS used in the DoD to allow this to work properly. Then we have issues like synchorinization and man-in-the-middle attacks to worry about. Any of these could take out the crypto-systems, which are (in today's world) less reliable than standard communications. This means we are sacrificing availability for confidentiality, which in the military domain means we will lose the war, but nobody will be able to tell us why, because they will never be able to decrypt all the details. The DoD does use cryptography extensively, but only to protect information worthy of the real costs and complexities associated with the technology - just as any organization should strive to do. ...
I think you misunderstood: if we want a military in the first place (yes, I realize that's an open question to many people on this list) it needs to have as much of its communications encrypted as possible. Without back doors or intentionally weakened algorithms. Otherwise we're just stuck with a standard conventional force that isn't _that_ great compared to the combined assets of a reasonable assembly of enemy forces.
Secrecy isn't the only military advantage in information warfare. The pace of the action is far more important, the availability of select information at the right place at the right time is far more important, the ability to deny information to the enemy is far more important, the accuracy and timeliness of the information is far more important, and on and on. If you really want to know more about this, you should read: "Protection and Security on the Information Superhighway" John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95 Furthermore, backdoors are very useful, for example, when we sell the equipment to other nations who resell them to those who try to use the techynology against us. The best cryptosystem for the NSA is one that only they can break.
I would go even farther: since so many of the troops sent over to the Gulf in the war there went with K-Mart-purchased GPS receivers that the military had to turn off selective availability, I am willing to bet that in future conflicts the U.S. soldier's ability to have secure communications (with no backdoors or weakened algorithms) is dependent on civilians having access to the same technology. Because the only way they might have it is if Ma and Pa go down to the local K-Mart and buy one for their son/daughter about to go overseas.
How much would you like to make that bet for? -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236