On Sun, 20 Oct 1996, Bill Frantz wrote:
At 1:03 PM 10/20/96 +0000, James Morris wrote:
On Sat, 19 Oct 1996, Black Unicorn wrote:
4. Might be a good idea to review implementations of crypto.
Both James Woolsey and Stewart Baker made sly remarks about the reliability of crypto in the public domain. [...]
There was also an interesting comment made in session three of the Joint Australian/OECD Conference on Security, Privacy and Intellectual Property Protection in theGlobal Information Infrastructure, (Canberra, 7 - 8 February 1996), reportedly by a representative of the DSD:
"... PGP may not survive as a viable option for private security."
For the full quote, see: http://www.nla.gov.au/gii/sess3.html
(1) If I were faced with an opponent who had a crypto system I couldn't break, I would attempt to make him think I could break it so he would stop using it. AKA FUD.
Don't think I didn't consider it. The conference was not attended by the type on whom FUD would make much difference. i.e., it was mostly law enforcement and intelligence. These were either quite sincere snickerings among professionals, or EXCEEDINGLY well laid misinformation put into the wrong circles to be of any effect. Again, nothing specific, but implementation seemed to be the key. I would also note that I don't typically pay such ramblings much mind. When Stewart Baker tells someone IDEA and 3DES are indeed strong but implementation weaknesses can cripple them, and this in the context of a law enforcement ban, I tend to listen carefully. I'm not saying panic, I'm saying perhaps another careful review is in order.
(2) If I could break his system, I would want him to continue using it. I would have to be very careful about how I used the material so he didn't catch on to the break. There are some wonderful examples of this logic in "The Code Breakers".
Then the absolute wrong thing to do would be to suggest something that might spur on review. (Such as to draw attention to potential implementation problems) When both Stewart Baker and R. James Woolsey make similar comments, one can't help but think that they were not pre-arranged. Again, don't panic, just review.
(3) The devil is in the details. I still am not convinced that MacPGP has enough sources of entropy for its IDEA key generation. (But I am not convinced that it doesn't either.) I put integrating Jon Callas's entropy manager into MacPGP as a high priority.
Couldn't hurt, not one bit. -- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li