OK, let's assume for the same of argument that it takes about 1 minute for Echelon/NSA-like resources to break a weakly encypted lotus notes message. And then let's assume that there's a whole LOT of these machines sitting somewhere. And as the grumpy Tim May has suggested, perhaps only a small fraction of encrypted messages are (or can be) sent for decryption. Then the expenditure of such resources is going to be a big statistical optimization problem, akin to that faced in the credit card industry (eg, in approving or declining a POS transaction). The gub'mint or whatever doing such monitoring will therefore probably look for certain signs that will kick off decryption. For instance, the sporadic use of cryptography in cetain demogrpahic areas might cause a % of those to be sent over for routine check, particularly if there is no encryption used by that populace, and then all of a sudden there are bursts. Also, changing the strength of encryption might be a kickoff, but again I reveal I am a newbie with this question: Is it possible to determine (at least approximately) the strength of encryption of an intercepted message? Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly from weak to strong encryption in his messaging, that would kick off a flag somewhere sending that message for cracking. So if a bin Laden were smart, he should routinely use encryption for all of his messages, even the most trivial, because the change in pattern would be a tipoff to send his encrypted messages for hacking. And the there are probably less obvious, large-scale statistical patterns indicating something's up, and causing a % of such messages to be hacked and then sent for routine check for key words.
From: Adam Back <adam@cypherspace.org> To: Tyler Durden <camera_lumina@hotmail.com> CC: DaveHowe@gmx.co.uk, cypherpunks@lne.com Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 20:41:21 +0100
Sounds about right. 64 bit crypto in the "strong" version (which is not that strong -- the distributed.net challenge recently broke a 64 bit key), and in the export version 24 of those 64 bits were encrypted with an NSA backdoor key, leaving only 40 bits of key space for the NSA to bruteforce to recover messages.
The NSA's backdoor public key is at the URL below.
http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
(The public key had an Organization name of "MiniTruth", and a Common Name of "Big Brother" -- both Orwell "1984" references, presumably by a lotus programmer).
Adam
On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
"I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?"
I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? (ie, the North American and the International, the International being "legal for export".) At one of my previous employers, we were told the (apocryphal?) story of some dude who got arrested on an airplane for having the more secure version of Notes on his laptop.
From: "David Howe" <DaveHowe@gmx.co.uk> To: "Email List: Cypherpunks" <cypherpunks@lne.com> Subject: Re: Echelon-like... Date: Thu, 10 Oct 2002 18:38:36 +0100
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote:
The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx