FW: Validating a program
My question is as follows: If PGP and DES are as secure as thought to be, then why is it not ruled illegal software, just as they do with silencers, narcotics, certain type weapons, etc.....
[snippo]
Why does it follow that these must be crackable, or the government would have outlawed them? Despite recent moves to limit encryption, there are currently NO domestic (U.S.) restrictions on crypto. Nothing prohibits you from using a true One Time Pad, which is mathematically proven to be unbreakable, now and forever, even against infinite resources. If this is not prohibited (and it isn't), doesn't that refute your argument?
Dale Thorn replies: This is a misleading challenge. There's a helluva difference between the OTP and a Public Key system. If, for example, it can be proven that I can crank up PGP to its most cryptic level, and send the OTP overseas with "absolute security", so that I can now send messages with the OTP which was crunched with PGP's highest security, then that would mean something.
My point here is that Ed was asserting that PGP, DES, etc., must be crackable, otherwise the U.S. government would have ruled them illegal (domestically). I pointed out that one can legally own and use a true OTP with impunity in the U.S., despite its unquestioned unbreakability. Therefore, his argument falls. If it made sense, the USG would have AT LEAST outlawed OTP's (which they most assuredly cannot break).
Just so there's no misunderstanding:
1. The OTP is absolutely unbreakable. (if done correctly) 2. The OTP encryption cannot be decoded on the other end unless you can deliver the OTP to the person on the other end by a secure means. 3. PGP, which is not usually used at its highest level of security (for all bits in a message), *will* be used at its highest level of security to send the OTP to the person on the other end. 4. The OTP arrives on the other end, completely safe from snooping.
Now you see the problem. #4 above can't be assured, and that is why Ed says that PGP is not shut off "right now", because it's probably not "really secure".
I'm not sure what you're claiming here, or what point it is intended to demonstrate. No matter the strength of PGP, delivering a OTP in this fashion would render it no longer a OTP. Besides, this scenario makes no sense. In any case, there is no restriction I know of in sending encrypted data (or even One Time Pads) to whomever you choose, by whatever means. (Granted, if you send encrypted traffic to khadafi@libya.gov, or dispatch couriers with briefcases handcuffed to their wrists, you might invite suspicion...)
Could you clarify the point you're making above?
I'm amused to think that, in a nation armed with 20,000 or so nukes, the paranoid of paranoid nation-states as it were, some of the erstwhile intelligent citizens think that the U.S. military are just sitting around wringing their hands over the "fact" that the citizens have "unbreakable" crypto.
Bear in mind the Scientific American articles on Public Key crypto back in the 1970's. The military knew the score back then, and if you think they just sat back and allowed all this to happen, well, sorry, I don't believe in Santa Claus or the Easter Bunny.
Well, while the feds are no doubt powerful, they ARE subject to the same laws of mathematics as the rest of us. While it is _possible_ they know much more about factoring than the rest of the world, I find it unlikely that they are advanced enough to factor 2000-bit numbers. (I can't prove it, just as I can't prove they don't know how to make their agents invisible.)
And they didn't just sit back and allow this information out -- witness Bernstein, et. al., and all the continuing ITAR/GAK fallout. Of course, I expect that some will claim this is just for appearance's sake, so as not to make it obvious that they can actually read all our thoughts directly, using technology they got from the Greys from Zeta Reticulon...
Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny@Inference.com | 36 07 D9 33 3D 32 53 9C ======================================================================
The address you mailed to is no longer valid. This is probably because the user in question was an old Open Net subscriber. Open Net is NO LONGER an ISP, and has not been since May 1996. We have no redirection address for that user. Please remove them from any mailing lists you might have. This response was generated automatically.
participants (2)
-
James A. Tunnicliffe -
Open Net Postmaster