from: john.nieder@f33.n125.z1.fidonet.com

(commenting on the strategy of "taking the 5th" on the matter of decrypting one's files)

...

. Recently this question came up in another forum on encryption & an "authority" on communications law claimed the probable scenario would be that the arresting agency would have the encrypted material decrypted by a competent government or academic agency & the costs of said decryption would eventually be recovered from the defendant through civil suits, presuming the defendant had sufficient assets. It is my memory of the thread that he claimed this had been done in previous cases.

With strong crypto, e.g., with 300 decimal digit moduli, the "costs" of decryption by brute force could easily exceed the GNP/GDP of the U.S.

# Since none of us have ever been inside the NSA, we cannot underestimate # their power and resources. For all we know... This is somewhat beside the point. In actual fact, much of the seized encrypted evidence in criminal cases employs built-in encryption programs in major software packages (WordPerfect is a good example) rather than obscurer stuff like PGP/IDEA/RSA. Even highly-touted commercial programs like Norton Utilities DiskReet w/DES use simple passwords of a maximum ten-character size. . Much of this decryption may be trivially accomplished, though many "experts" charged law enforcement agencies stout fees for the service. It is now known that those specializing in WordPerfect files were using a simple program available on most BBS file bases which will crack the "secret" WordPerfect password in seconds on an old XT. . Apparently, the consulting fees for breaking bad crypto in most cases is not prohibitive. . Tim's objections about high-end decryption are indeed valid, at least theoretically, but we can not tell if a given encryption program has been backdoored or if a fatal flaw has been uncovered that reduces the security of the cyphertext. If any cryptanalysts might find such flaws, they would probably be those in no position to reveal their findings. . Jean-Loup Gailly [an original PGP team member in France] informs me that the same general criticisms of PGP soundness voiced in the Moscow State University report have been independently suggested in sci.crypto, though he is aware of no instance of these alleged weaknesses being exploited to break a PGP message. The jury is still out on PGP's ultimate security, I suppose. . Personally, I am not counting on PGP's brute-force decryption being a task of the magnitude Tim suggests, though I _hope_ he's right. I sure wish some well-equipped crypto labs like Marty Hellman's would turn their attentions to an evaluation of PGP... JN --- Blue Wave/Opus v2.12 [NR] -- John Nieder - via FidoNet node 1:125/555 UUCP - ...!uunet!hoptoad!kumr!fidogate!33!John.Nieder INTERNET - John.Nieder@f33.n125.z1.FIDONET.ORG