NO reasno whatsoever for the MILITARY to use an intentionally WEAK encryption system. (fwd)
Forwarded message:
From fc Sat Jul 29 07:18:30 1995 Subject: NO reasno whatsoever for the MILITARY to use an intentionally WEAK encryption system. To: pgf@tyrell.net (Phil Fraering) Date: Sat, 29 Jul 1995 07:18:30 -0400 (EDT) In-Reply-To: <199507282019.AA27619@tyrell.net> from "Phil Fraering" at Jul 28, 95 03:19:45 pm X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 3694
...
You misunderstand. With public key encryption, the proliferation of processor power and bandwidth, and their funding, there is NO reason whatsoever for the MILITARY to use an intentionally WEAK encryption system.
The military doesn't have that much funding for this sort of thing. There are more than 2.5 million computers (est.) in the DoD, and to put in and manage a cryptosystem for this large a network is a very difficult and expensive proposition. At $100 per computer (including only purchase price and installation) that's $250 million, but that only covers relatively low bandwidth communications. The vast majority of systems use Ethernets and similar things where encryption is far more expensive - but we'll ignore that for now. You also have the key management problem. You need to create a secure distributed key management database capable of handling 2.5 million public keys. No current system I am aware of can do this, so there is a substantial R+D problem out there. Then we have to put hooks into every different OS used in the DoD to allow this to work properly. Then we have issues like synchorinization and man-in-the-middle attacks to worry about. Any of these could take out the crypto-systems, which are (in today's world) less reliable than standard communications. This means we are sacrificing availability for confidentiality, which in the military domain means we will lose the war, but nobody will be able to tell us why, because they will never be able to decrypt all the details. The DoD does use cryptography extensively, but only to protect information worthy of the real costs and complexities associated with the technology - just as any organization should strive to do. ...
I think you misunderstood: if we want a military in the first place (yes, I realize that's an open question to many people on this list) it needs to have as much of its communications encrypted as possible. Without back doors or intentionally weakened algorithms. Otherwise we're just stuck with a standard conventional force that isn't _that_ great compared to the combined assets of a reasonable assembly of enemy forces.
Secrecy isn't the only military advantage in information warfare. The pace of the action is far more important, the availability of select information at the right place at the right time is far more important, the ability to deny information to the enemy is far more important, the accuracy and timeliness of the information is far more important, and on and on. If you really want to know more about this, you should read: "Protection and Security on the Information Superhighway" John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95 Furthermore, backdoors are very useful, for example, when we sell the equipment to other nations who resell them to those who try to use the techynology against us. The best cryptosystem for the NSA is one that only they can break.
I would go even farther: since so many of the troops sent over to the Gulf in the war there went with K-Mart-purchased GPS receivers that the military had to turn off selective availability, I am willing to bet that in future conflicts the U.S. soldier's ability to have secure communications (with no backdoors or weakened algorithms) is dependent on civilians having access to the same technology. Because the only way they might have it is if Ma and Pa go down to the local K-Mart and buy one for their son/daughter about to go overseas.
How much would you like to make that bet for? -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
The DoD does use cryptography extensively, but only to protect information worthy of the real costs and complexities
Another interlocutor whose knowledge of military traffic comes from watching Hollywood movies/TV shows. Or, maybe he even has access to high-level briefings - and believes everything that is said. Doc, you might find it instructive to spend a tour in the real world of the military.
The DoD does use cryptography extensively, but only to protect information worthy of the real costs and complexities
Another interlocutor whose knowledge of military traffic comes from watching Hollywood movies/TV shows. Or, maybe he even has access to high-level briefings - and believes everything that is said.
Doc, you might find it instructive to spend a tour in the real world of the military.
Perhaps if you reviewed the material on which my comments are based, you would have a different opinion, and perhaps not, but to make your comment based on an apparent lack of knowledge of the basis for my opinions indicates both a lack of willingness to spend the necessary effort checking before you make such statements and a lack of desire to engage in more than rank speculation. To get an idea of the basis for my comments, you might start by reading some of my writings and look through the citations I use as a basis for my opinions. If you would like a reading list, look under Management Analytics in my W3 site: -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
On Sat, 29 Jul 1995, Dr. Frederick B. Cohen wrote:
some of my writings and look through the citations I use as a basis for my opinions. If you would like a reading list, look under Management Analytics in my W3 site:
Doc, how much actual workaday classified traffic have you laid eyes upon? Never seen a E-2's orders to alcohol-rehabilitation school classified Top Secret? Never seen extracts from Janes _Ships of the World_ classified as Secret? Management Analytics. That's what the world needs.
Doc, how much actual workaday classified traffic have you laid eyes upon?
I could tell you, but then I'd have to shoot you.
Never seen a E-2's orders to alcohol-rehabilitation school classified Top Secret? Never seen extracts from Janes _Ships of the World_ classified as Secret?
Just because you don't know why they are classified that way doesn't make the classifications invalid, and furthermore, I don't recall saying that the DoD is perfect. What I said was that they can't cost effectively encrypt all information and that they also have requirements that may make cryptography inapporpriate in certain circumstances, so they have policies and perform risk analysis on what to spend money protecting with cryptography.
Management Analytics. That's what the world needs.
Even a monkey eventually types truly wise statements given enough time. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
participants (2)
-
Alan Horowitz -
fc@all.net