John Gilmore and the Great Internet Snake Drive
-----BEGIN PGP SIGNED MESSAGE----- Congrats to Mr. Gilmore, EFF, et. al. for a very impressive DES crack. It seems that Gilmore and Moore's Law have just turned the once-respected DES into cryptographic snake-oil. He keeps hurting snakes like that, he's gonna get himself canonized. ;-). Seriously. Many thanks to Mr. Gilmore for proving, once again, that lobbying is pointless, and that physics is not optional. Outstanding. Marvellous. Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.5 iQEVAwUBNa+x3cUCGwxmWcHhAQFZAQgArKCN418IA1MXwfpXeJ4IF93j9f3G3skH OotWP5dcoHOaUvbgTcOWP9YBAj77jzaazrtfK3wJD634ehLbf5N+gzmBHQVnXtXR Vf/JMe24EyI3xCqvRptSTtrik8d+oi3Wy7ZZEwBzLPd0A+XE4LdsClgE2C4ns3ZK Lq12mUmRQaZvc4++oakIAOT+Llx9TnnUHYqVMSjDT8QJoJ7vEFBEqcOea1Qzk1u9 leZlyrLs1ivbhcthXNBOyhN6RTwJgRyF3nFxpl/uY0tEvNvgFl+/aZZTJkwvvhmm 0MTSfzFfy9I+7BT5FD1iFC+i8JAVd4CDeI+9I6c6/LCAppfrKy5FBg== =Zeyp -----END PGP SIGNATURE----- ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The Philodox Symposium on Digital Bearer Transaction Settlement July 23-24, 1998: <http://www.philodox.com/symposiuminfo.html>
Oh please ... As you point out, physics is not optional. This is predictable and was predicted. Yawn. I predict that 3DES will fall too - actual time it takes is left to the student. More interesting, how about a supposition that DNA computers will be able to factor interesting numbers within 5 years ? Does that make certain other algorithms into snake-oil ? At the heart of this is the idea that "strong" cryptography is a fixed and finite set over time and that a change in that set will result in a change in the policy restricting export. It doesn't necessarily follow. Lobbying is necessary. Perhaps all that happens is that DES now joins the crowd of exportable algorithms :-) One lesson I plan to observe - don't encrypt known plaintext unless you have to ! John Lowry At 04:20 PM 7/17/98 -0400, Robert Hettinga wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Congrats to Mr. Gilmore, EFF, et. al. for a very impressive DES crack.
It seems that Gilmore and Moore's Law have just turned the once-respected DES into cryptographic snake-oil. He keeps hurting snakes like that, he's gonna get himself canonized. ;-).
Seriously. Many thanks to Mr. Gilmore for proving, once again, that lobbying is pointless, and that physics is not optional.
Outstanding. Marvellous.
Cheers, Bob Hettinga
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.5
iQEVAwUBNa+x3cUCGwxmWcHhAQFZAQgArKCN418IA1MXwfpXeJ4IF93j9f3G3skH OotWP5dcoHOaUvbgTcOWP9YBAj77jzaazrtfK3wJD634ehLbf5N+gzmBHQVnXtXR Vf/JMe24EyI3xCqvRptSTtrik8d+oi3Wy7ZZEwBzLPd0A+XE4LdsClgE2C4ns3ZK Lq12mUmRQaZvc4++oakIAOT+Llx9TnnUHYqVMSjDT8QJoJ7vEFBEqcOea1Qzk1u9 leZlyrLs1ivbhcthXNBOyhN6RTwJgRyF3nFxpl/uY0tEvNvgFl+/aZZTJkwvvhmm 0MTSfzFfy9I+7BT5FD1iFC+i8JAVd4CDeI+9I6c6/LCAppfrKy5FBg== =Zeyp -----END PGP SIGNATURE----- ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The Philodox Symposium on Digital Bearer Transaction Settlement July 23-24, 1998: <http://www.philodox.com/symposiuminfo.html>
For help on using this list (especially unsubscribing), send a message to "dcsb-request@ai.mit.edu" with one line of text: "help".
One lesson I plan to observe - don't encrypt known plaintext unless you have to !
The EFF DES Cracker cracks more than just known plaintext (though it's the easy case). It also cracks plaintexts whose likely byte values are known (e.g. all alphanumeric), winnowing the keyspace down to a size that software or humans can search. Such a search runs in very close to the time required for an ordinary known-plaintext search. See the book for details (www.oreilly.com). We successfully cracked a DES-encrypted Eudora saved-mail file provided by Bruce Schneier during our debugging period. He gave us the top byte of the key so we could focus on debugging rather than on waiting to get to the right block of keyspace. The machine located the key within that 49-bit keyspace after we fixed a few software bugs. John
John, Do you plan on renting out the use of the cracker on a per-key basis and if so, how much do you anticipate charging for cracking a message? Thanks, --Lucky
-----Original Message----- From: e$@vmeng.com [mailto:e$@vmeng.com]On Behalf Of John Gilmore Sent: Wednesday, July 22, 1998 6:19 AM To: John Lowry Cc: Robert Hettinga; gnu@toad.com; cryptography@c2.net; coderpunks@toad.com; cypherpunks@toad.com; e$@vmeng.com; dcsb@ai.mit.edu; gnu@cygnus.com Subject: Re: John Gilmore and the Great Internet Snake Drive
One lesson I plan to observe - don't encrypt known plaintext unless you have to !
The EFF DES Cracker cracks more than just known plaintext (though it's the easy case). It also cracks plaintexts whose likely byte values are known (e.g. all alphanumeric), winnowing the keyspace down to a size that software or humans can search. Such a search runs in very close to the time required for an ordinary known-plaintext search. See the book for details (www.oreilly.com).
We successfully cracked a DES-encrypted Eudora saved-mail file provided by Bruce Schneier during our debugging period. He gave us the top byte of the key so we could focus on debugging rather than on waiting to get to the right block of keyspace. The machine located the key within that 49-bit keyspace after we fixed a few software bugs.
John
---------------------------------------------------------------------- Where people, networks and money come together: Consult Hyperion http://www.hyperion.co.uk/ info@hyperion.co.uk ---------------------------------------------------------------------- Full-Strength Cryptographic Solutions for Worldwide Electronic Commerce http://www.c2.net/ stronghold@c2.net ---------------------------------------------------------------------- Like e$? Help pay for it! For e$/e$pam sponsorship or donations, <mailto:rah@shipwright.com> ----------------------------------------------------------------------
On Wed, Jul 22, 1998 at 06:18:30AM -0700, John Gilmore wrote:
One lesson I plan to observe - don't encrypt known plaintext unless you have to !
The EFF DES Cracker cracks more than just known plaintext (though it's the easy case).
It occurs to me that an interesting use for the eff des cracker would be the following: since the government asserts that DES is safe, then a DES encrypted archive of crypto code should be exportable. So the next time someone feels the need to export something that is currently not exportable, simply encrypt it, along with some plaintext, with DES, trash the key, export it, and send the plaintext and the encrypted plaintext to the EFF... This is not a practical use, but it would make an interesting test case in court. -- Kent Crispin, PAB Chair "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
On Mon, 27 Jul 1998, Kent Crispin wrote:
It occurs to me that an interesting use for the eff des cracker would be the following: since the government asserts that DES is safe, then a DES encrypted archive of crypto code should be exportable.
No. Encrypting with DES, or any symmetric cipher does not destroy the information, which is what is controlled. Even losing the key does not destroy the information, as we all know: keys can be recovered it is just a matter of the work involved. Encrypting with an OTP is interesting at first .. but considering that distributing a crypto archive or the completed works of Shakespeare amount to the same thing after an OTP has been used, I am not convinced it has much meaning. The _spirit_ of the law is that no crypto device can be exported. Programs are considered to be devices.. as is evidenced by the recent decision in the Bernstein case. We don't need encrypted archives floating around.. we need to show that, like cars, crypto devices (programs or otherwise!) are useful even if they can be used by bad people for bad purposes. Abstract things like exporting a hunk of random crap and arguing about it don't achieve this, and will never do so in the minds of laymen with no real interest in crypto. As for me, I prefer the position of my countryman, Henry David Thoreau .. civil disobedience: Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc Be a munitions trafficker: http://www.dcs.ex.ac.uk/~aba/rsa/rsa-keygen.html #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.LNX.3.96.980727211127.13539A-100000@albert>, on 07/27/98 at 09:20 PM, mgraffam@mhv.net said:
The _spirit_ of the law is that no crypto device can be exported. Programs are considered to be devices.. as is evidenced by the recent decision in the Bernstein case.
That was the Junger case. In the Bernstein case the principles of Free Speach and the 1st Amendment were upheld by the 9th District court (Patel). - -- - --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html - --------------------------------------------------------------- Tag-O-Matic: OS/2: Windows done RIGHT! -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNb07gY9Co1n+aLhhAQHstwQApoCNdr8viSr0BSNMz3UE3t2dMKeUTkL8 xGL3u5RQIk/5GQo68Rc+Tvftl/VNsPLoMZISpW6Lx5uPHQLS4zj6VlUaEvfNpc9J eGba5PEEbQr7XS3/cqjyi2SfpVzihmgd5/808g8uonZK5B/9TAljt7XvIjmiD4Ku HOoQW/2AAhY= =D2K7 -----END PGP SIGNATURE-----
On Mon, 27 Jul 1998, William H. Geiger III wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In <Pine.LNX.3.96.980727211127.13539A-100000@albert>, on 07/27/98 at 09:20 PM, mgraffam@mhv.net said:
The _spirit_ of the law is that no crypto device can be exported. Programs are considered to be devices.. as is evidenced by the recent decision in the Bernstein case.
That was the Junger case. In the Bernstein case the principles of Free Speach and the 1st Amendment were upheld by the 9th District court (Patel).
You're absolutably right. My bad.. I don't know what I was thinking. I guess this shows my pessimissim and lack of trust in our establishment, doesn't it :) Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc Be a munitions trafficker: http://www.dcs.ex.ac.uk/~aba/rsa/rsa-keygen.html #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
On Mon, Jul 27, 1998 at 09:20:10PM -0400, mgraffam@mhv.net wrote:
On Mon, 27 Jul 1998, Kent Crispin wrote:
It occurs to me that an interesting use for the eff des cracker would be the following: since the government asserts that DES is safe, then a DES encrypted archive of crypto code should be exportable.
No. Encrypting with DES, or any symmetric cipher does not destroy the information, which is what is controlled. Even losing the key does not destroy the information, as we all know: keys can be recovered it is just a matter of the work involved.
Apparently we are talking at cross purposes. Currently, there are rather large ftp crypto archives that are "protected" by a scheme using randomly generated directory names. This is considered acceptable by the export authorities. The export authorities would have a hard time, therefore, arguing that an archive protected by encrypting the files with DES would not be sufficiently protected. It would be a stunt, of course. Merely another stunt to illustrate the inconsistencies in the export laws. [...]
We don't need encrypted archives floating around.. we need to show that, like cars, crypto devices (programs or otherwise!) are useful even if they can be used by bad people for bad purposes.
Abstract things like exporting a hunk of random crap and arguing about it don't achieve this, and will never do so in the minds of laymen with no real interest in crypto.
I quite disagree. Frequently a clever stunt does engage the layman -- at least the intelligent laymen. -- Kent Crispin, PAB Chair "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
At 11:48 AM -0400 on 7/20/98, John Lowry wrote:
Oh please ...
Okay, I'll say it again: Yes, Virginia, DES is now officially Snake Oil. As much snake oil as if someone tried to sell a Ceasar cipher -- a perfectly good prechristian military messaging technology, mind you :-) -- for use in modern internet financial cryptography. So, Virginia, DES is DED. Game over. Kaput. Get used to it.
As you point out, physics is not optional. This is predictable and was predicted. Yawn.
Actually my point. It may have been predicted, but it has now happend. DES is now Snake Oil. BTW, try getting your gingivitis fixed before you go yawning in someone's face. ;-).
I predict that 3DES will fall too - actual time it takes is left to the student.
I see. In *your* lifetime? Splendid. I'd love to see *that* happen. And, of course, *you're* going to do it, Mr. Lowry? Yawn, yourself.
More interesting, how about a supposition that DNA computers will be able to factor interesting numbers within 5 years ?
Probably not in your lifetime, bunky, no matter how many 5-gallon buckets of slime you can grow. Burden of proof's on you, here. My claim that DES is snakeoil is based on proven fact. Your claim that DNA can economically factor numbers fast has yet to be demonstrated, and I challenge you to prove otherwise with a straight face.
Does that make certain other algorithms into snake-oil ?
Anything that is broken, like DES now is, and is still claimed by others to be safe, and sold by them as such, is, in my book, snake-oil.
At the heart of this is the idea that "strong" cryptography is a fixed and finite set over time and that a change in that set will result in a change in the policy restricting export. It doesn't necessarily follow.
No, it doesn't follow, because that's not what I said. I said that because it is now demonstrably trivial to break DES messages, especially DES financial messages (the kind with *money* in them, for those in Loma Linda), DES is now Snake Oil. Just like the Ceasar cipher.
Lobbying is necessary.
Lobbying is only necessary for those who want to use force to maintain market share -- geographic, or otherwise. :-). Lobbying itself is the profession of con men who use the threat of government force to extort money from people who work, and give it to those who don't, in particular said con men. The only way to avoid government's propensity to dynasticize :-) is to innovate faster than they can regulate. In Loma Linda, they call it "progress", bunky. And, crypto has just progressed to such a point that formerly presumed peekware like DES has just been proven to be such, and is now, quite fairly, snake oil. Moore's law is not optional, At least in DES's case. Lobbying is not necessary if you change the world faster than they can control it. Gilmore, et. al., just proved that. Lobbying to change the "legal" keysize is a waste of time. Physics causes economics, which causes law, which causes "policy". It's never the other way around, regardless of the beltway's daydreams to the contrary.
Perhaps all that happens is that DES now joins the crowd of exportable algorithms :-)
I would claim that, your disengenous ":-)" aside (yeah, I know, pot, kettle, black), that any "exportable" algorithm is in fact snake oil. And Gilmore just proved it.
One lesson I plan to observe - don't encrypt known plaintext unless you have to !
Wha? Security through obscurity? How exactly can you encrypt a message you don't know the contents of? Oh. I get it. Statist humor. (Yeah, I know about blinding, I just hate sophistry...) Feh. Cheers, Bob Hettinga ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The Philodox Symposium on Digital Bearer Transaction Settlement July 23-24, 1998: <http://www.philodox.com/symposiuminfo.html>
participants (7)
-
John Gilmore -
John Lowry -
Kent Crispin -
Lucky Green -
mgraffam@mhv.net -
Robert Hettinga -
William H. Geiger III