At 10:07 AM 10/6/96 -0800, Timothy C. May wrote:

Some convincing evidence was presented that the moving force behind GAK is *not* the NSA, but is rather the *FBI*. Specifically, even 40-bit keys are probably too long for massive "drift net fishing," in that the cost per break is probably still too high. The cost for a "focussed attack" (I can't think of a fishing parallel...maybe "spear fishing"?)

How about "DuPont-lure fishing"? is of course low. The speaker at SAFE pointed out that the FBI

is pushing for the 40-bit keys (and now is accepting the 56-bit keys?) because for focussed attacks, e.g., on the communications of a person under observation, they can call on other agencies to break the ciphers for them (even if they don't yet have their own such machines).

In a nutshell, almost any level of encryption above, say, 30something bits, is too much when millions of messages per day are to be "drift-netted" is too much. (The exact number that is "too much" depends on a lot of factors, including the cost of the cipher-breaking machines, the number of messages to be read per day, etc. This number will change with time.)

You should also factor in the government's ability to store what they can't immediately decrypt, which drastically changes the playing field with regard to encryption. It was at least five years ago when I first read about a system to record data on so-called "digital paper," which was actually a plastic with a photo-writable layer similar to write-once CD's. It could be formed in any configuration, but perhaps one of the more intriguing (due to the large writable area) is on large reels similar to 1/2" magtape. As I recall, they claimed that such a reel could hold 1 terabyte of data. Sure, such a capacity is small compared with the total Internet traffic, but I assume that most traffic could be excluded from recording if its source was known, etc. They'd exclude anything from "probably-okay" web pages, they'd trim space-hogging graphics, etc. "Just the facts, ma'am." Call the whole thing "retroactive-selective-drift-net-fishing," if you will. Once this data is stored away the government would determine (perhaps years after the fact?) which data they want to decrypt, possibly based on crimes committed long after the data was recorded. This information might reveal contacts, etc. Obviously they have no prayer of doing real-time analysis. Even so, it makes it far more practical to do the equivalent of drift-net fishing if they can exclude 99.9999%+ of the traffic from their decryption attempts. 56-bit encryption doesn't look so ominous to them in this case. Jim Bell jimbell@pacifier.com