-----BEGIN PGP SIGNED MESSAGE----- ** How a conservative learned to like NPR - Listening to Public Radio this morning I caught a story about the NSA's recent release, or pending release of some 2000 - 2200 documents bearing decoded Soviet communications. These were the result of a long running communications and signals intelligence program conducted by the U.S., and thus, by the NSA and it's predecessors. Some of the documents to be released include communications quite damaging to the Rosenbergs, who were executed for espionage and selling U.S. atomic "secrets" to the Soviets. This is, in fact, the key attraction in the documents. More interesting than all this was the discussion with the deputy director of the NSA in which he described the communications collections program which continued from the 1950's all the way into the 1980's. What interested me most, aside the fact that the NSA was speaking so candidly, and in my opinion foolishly so, about the program (even given their new public relations awareness) was a brief discussion of what methods were used in cracking the Soviet code. While it was not defined specifically, it was suggested that the majority of the messages were communications between the embassies and Moscow. As a result, the procedural and cryptologic algorithm was likely very entrenched as a method, and lacked variation because of the massive coordination required to switch methods in embassy to home country secure communications. While I do not know how much was puffing, I suspect that it is safe to say that the basic method the Soviets were using looked something like this. Plaintext -> Codebook number substitution pass -> One time pad pass. The most difficult, and in the words of the deputy director, "remarkable" task was, of course, attacking the last layer in the encryption, and the first layer in the decryption process, the random series on the one time pad, which, in the words of the public spook, "was not so random after all." The fixed codebook substitution perhaps had a high overhead in the initial computation, but once analyzed the first time the entire cipher is a wash until a new codebook or random number generation method is used. ** "Captain, the energy is structured in a pattern I have never before encountered." - So what does this little disclosure tell us about NSA capabilities? Most obviously that they have extremely sophisticated "random" number analysis abilities. 1950-1980 is a long time to practice, and develop specialized hardware for this purpose. The discussion of the value of specialized hardware gains having been applied on this list to RC4 analysis, its value is still somewhat of a mystery to me with reference to random number analysis. In any event, it is safe to assume that the NSA has a very large section dedicated to this entire pursuit, and moreover, that the Soviets probably were not "petty" random number generators. Perhaps laziness got the best of them, but I am inclined to think they conducted this program, at least at first, like any other massive communist "for the glory of the state" program-- i.e., with crippling dedication. To me this prompts the questions: How random is random, and how random is "cryptographically random?" I don't know much about the mechanics of cryptographically strong random number generation, but considering the enormous effort the NSA has put into the analysis of same, I suspect it is in everyone's best interest to know more. Consider: Now that the NSA has gone public with the program one must believe this prima facie evidence that the program is no longer of use against the Soviets. I suspect that a lot of dedicated hardware, already paid for, is probably sitting about looking for a use. "Hey Louie Freeh, any idea what we can do with all this idle equipment?" So for the cypherpunks, my first suggestion is a long look at exactly how strong the "cryptographically strong" random numbers might be. Certainly we are not random number ignorant, but how random number savvy are we? Perhaps someone with the equipment and the computer time might conduct a bit of an experiment. Maybe lifting the random number generators from common cryptographic applications like CryptDisk Curve Encrypt, PGP, Secure Device, and taking a massive sample to identify trends in the "random" data might be a good idea. Even those processes that employ some physical component might have some trends that could fall into patterns. Even with hard hashes of random seeds, could seed patterns create patterns in the actual random data? I must suspect so. Perhaps a piece of code which could be distributed far and wide to 'punks and others which might generate random data on different machines with different hardware and different users and generate an export file to be submitted to a Web Page or something. We've seen the tremendous value Web Pages have in bringing users together to contribute processor time for the RC4 project, what about random number generation time? One of the first attacks on short-wave radio "number stations" (for the uninitiated, most are based in South America and read off long sets of code numbers, usually in Spanish) was with the assumption that a one time pad had been used. The result? An analyst determined that the "random" numbers for several stations were one time padded with "random" poundings on an old typewriter. Even if not broken, this immediately identified several stations as related by the use of the same one time pad generation method (which is sensitive enough that unrelated stations are quite unlikely to have been privy to the method) and thus provided tremendous traffic analysis information. What does our random data tell the world about us? Could not the bits in PGP keystroke timing subroutines fall into a subtle pattern? Enough of one to make someone's job a lot easier? When you whirl that mouse around the screen to generate random numbers for CryptDisk, do you start with a counter clockwise circle? If you're right handed you're likely to. In the scheme of things, these might be pretty good clues to someone who does nothing but random analysis all day long in a cubical with a frighteningly quick piece of specialized hardware in the next room. ** "He's in a tough position. If he announces he's running, everything becomes a political move, if he announces he isn't, his administration becomes a lame duck effort. Perhaps he should say nothing" - My estimation of the NSA's new public image, which amazed me at first, prompted me to suggest that the bulk of the hyper-sensitive work done there has already been moved to another outfit. To go from "No Such Agency" to a politicized and highly public organization with a public relations department and press releases in just under 30 years is a dramatic change for a secret agency. In many ways it is not a poor move. The agency has grown quite large, and it has become impossible to hide. In addition, the public is much more likely to be receptive to an agency which appears-- in public-- to have some worth. Cryptography is a complex concept, enigmatic at best for the general public. The public relates much better to the capture of spies and the foiling of the Soviet Union than to an agency which is too secret to acknowledge. Public opinion tilting to the NSA might be a bad thing for Cypherpunks. When the NSA says key forfeiture is required, the public is much more likely to swallow the pill from an agency that uncovers traitors, protects our national interest, and has a cool museum that you can visit to boot. Mr. Young rightly pointed out on this list that part of the coin the intelligence community sells, the demand for which moves novels by the millions, is the feeling of inclusion in a select group, a shared secret. How elegant the way the National Cryptological museum was opened. No fanfare, no publicity, no invitations, just there to be discovered at first, like a little secret. Stuck in an old motel, barely visible from Route 32, dwarfed by the massive NSA complex. Talk about public relations coup. Classic intelligence, release what is worthless or nearly worthless, create the impression it is rare, make cursory efforts to obscure it- efforts you know will eventually fail, and you have created something coveted. Wait a while, and then when it has been discovered, uncovered, publicized, put out a brown and white sign: "National Cryptologic Museum." What does DeBeers do any differently? So the NSA has become a political tool. A mouthpiece, and in a subtle way, a propaganda machine. (Just keep the lead counsel out of the public eye guys. He keeps screwing things up. Do a Stephenopolis or Hillary Clinton on him. Time for him to go behind the scenes). We've long been predicting the clash between crypto and government, I doubt government sees it much differently, though perhaps through the foggy lenses of a entity used to getting its way through coercion. I suspect they are likely to do themselves major damage with simple hubris. Still, the signs are out there. They are more and more public every day. I think cryptography scares the administration. It certainly scares the FBI. So I ask some of the same questions I asked here a few months ago. Where are the stealth PGP hacks? Where are the more subtle stego programs? Why aren't there totally transparent strong crypto programs which don't advertise the recipient right in the header? Why isn't crypto prepared to weather the storm of a outright ban? Sure, fight on the side of keeping crypto legal, but prepare for the worst. The fact that everyone and their mother drank didn't keep prohibition from being initially passed. How is it people think it will be the sure fire crypto ban deterrent? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMAOxEi1onm9OaF05AQEi6Qf/ZW3qZln5SwPonJnf00OZM7DiPrjg/0+R qzsgolAAnZIr/xFnNP99kzfLf393B5i/8CYO3V0m43VWI4T51b+sBs90Jkiin5hi dals2aa/hCnMKvGfX1RjBo6OmiPmBhiwtvIOkn+tTda37YSWjYuBJ5DOZhXiuW6S CUBxoDoE7yQmNy2BVZU9AKibpF3+Mv2k0yR9PlO0Yc0g8Z+juKR5xxUuMgqpy4HJ qERDYZ6Cd+ADBt/YZGpoESBdishkKfZJeA+J9XApKbR8GiFgeT487ax1/P+Ph+eo 3kMcDEW4O87QbuXa3zewnNrxO306TO04jOeQp6GdJ00IQkRKeru0uw== =6iZQ -----END PGP SIGNATURE----- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update.