Re: 40-bit RC5 crack meaningless??
The alway-informed Prof. Froomkin <froomkin@law.miami.edu> asked:
This would be the same Strassmann who stated in public at Harvard early in 1995 that most remailers were run by intelligence agencies such as the KGB, then denied saying it when asked for substantiation? And cut it from his paper?
Don't know that one, but it seems feasible. Strassmann had the status to speak at Harvard; probably the K school. (He's also an interesting author, really worth a read; despite this recent balderdash.) I kept a clip from an interview with him for years: after the bomb attack on the World Trade Tower he proclaimed that a "Electronic Pearl Harbor" attack on the US was inevitable. The only question, he said, was when. Not if. (It was a usefully overheated hook for some article on compsec, but I don't think I ever used it. Reminded me too much of warnings that someone was bound to someday taint the city water reservoir with LSD;-) As I recall, that piece also quoted him as saying that he knew of an incident where some group had held a major banking institution ransom with a threat to destroy their data files somehow. He refused to identify the institution or otherwise give any further details about the incident. Came to mind a few months back, when Winn Schwartau was firing off (also overheated) missives from Europe reporting, with scant detail, that several UK or European banking institutions had paid off millions when subjected to similar blackmail.
{...} there is some debate about the extent to which in *intelligence gathering* as opposed to, say, trying to crack a banking protocol, one can reasonably count on a known plaintext. And much debate about the processing costs of not having one, especially when one doesn't know what kind of document is being encrypted (e.g. is it ASCII plaintext? a spreadsheet? a jpeg? etc.). I think that's his (misdirected) point.
The latter is a interesting debate -- but, as you note, not really relevant in this case, where Strassmann proclaims:
In summary: The claim of exportable cryptography being totally insecure, because it can be cracked in 3.5 hours is not realistic. The three clues announced in the contest would not apply under infowar conditions.
Now, an international institution which buys and bets the bank upon US-exportable (40-bit) cryptography probably deserves what it has bought: espionage-enabled software designed for fast and cheap decryption by spooks and sundry college kids with access to a handful of machines. The original annoucement of the RSA Secret Key Challenge declared forthrightly that even 56-bit keys -- whatever the algorithm! -- offer only "minimal" security. (What Goldberg did in hours, many could do in a days or weeks with much less equipment. A 40-bit key length offers a universe of about, what? a trillion possible keys.) And while there might be debate as to how hard it is to attack cyphertext when the attacker doesn't know _anything_ about the message (not its data format; not the language being used; nothing!) there is really none about the fact that -- with virtually any piece of that puzzle -- the attack becomes relatively straightforward. A big job for a little machine, but conceivable: grab a key, decrypt, and then match for the right stats. Rare indeed is the commercial message, or even the typical government transmission, where its original digital format is not easily guessed -- if not known for certain. That is the contemporary, real-world, infowar/infocrime environment. To a machine -- which is, after all, looking for a statistical pattern in the results, not "meaning" -- knowing that the message is in English (and/or coded in ASCII) is functionally equivalent to an old-fashioned human codebreaker being given a matched plaintext/cyphertext sample. Given that much, the computer doesn't need the plaintext! It's counterintuitive to the layman, but one would expect a savvy systems guy like Strassmann to know this cold. Even my son, at 4, understands that a computer manipulates the fodder fed it only in terms of ones and zeros. Statistics, not the "plaintext" clue, reveal who dun it... to the machine. Clue #3 -- "the giveaway." Lord help us! Paul Strassmann has probably taught a generation of the DC InfoWar accolytes how to think about this stuff!!! Hopefully their kids can re-educate them. Suerte, _Vin Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
At 09:37 AM 2/7/97 -0500, Vin McLellan wrote:
Now, an international institution which buys and bets the bank upon US-exportable (40-bit) cryptography probably deserves what it has bought: [...] even 56-bit keys -- whatever the algorithm! -- offer only "minimal" security. (What Goldberg did in hours, many could do in a days or weeks with much less equipment.
You don't bet the bank on 40-bit crypto, unless you're, ummm, accepting credit cards over wimp-configured sessions of SSL. (You, as merchant, may not lose if there's a forgery, and your customer's loss may be limited to $50, but the bank's loss isn't limited except by how fast they can block thieves.) While banks get Extra Slack on crypto exports, and can use 56-bit DES, they've got more serious adversaries - building a $1M machine to win a $1000 contest is a bit expensive for the average grad student, but it's a perfectly reasonable investment if you're planning to rob banks of millions of dollars with it, especially if you think you can either siphon the money off slowly while hitting a lot of banks or else make a really big haul all at once. Banks aren't the only kind of company with big money floating around; stockbrokers, commodities traders, purchasing departments of big companies that might not notice that they're buying a few percent more parts, and all sorts of other large companies are targets for crypto-cracking thieves. Because well-funded thieves can do this kind of financial damage, we have a legitimate-sounding spin on "Federal law enforcement's job includes preventing large-scale theft, and they're letting their political agenda get in the way of doing their job. Sure, 56-bit keys are harder to crack than 40, but well-funded crackers could use the same techniques Ian did." Either method of theft requires being non-stupid enough not to get caught afterwards (like the $(24?)M computerized bank job last year), and having your "partners" not rip you off; a big heist also risks detection by tracking chip purchases, and provoking the Feds into banning "ASIC Laundering" and criminalizing illegal possesion of field-programmable gate arrays and such paranoid silliness. ..>> the same Strassmann Yeah, him :-)
(It was a usefully overheated hook for some article on compsec, but I don't think I ever used it. Reminded me too much of warnings that someone was bound to someday taint the city water reservoir with LSD;-) But we _were_ planning to enhance the water that way, back in the 60s! :-)
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
participants (2)
-
Bill Stewart -
Vin McLellan