There is an old saying in the Security Field: "Poor Security is worse than no security at all". I doubt that you would find few if any that would agree with you that it is a good thing having the masses using weak crypto. At least the US members of the Open-PGP group are willing to sacrifice overseas sales in the effort to provide STRONG crypto to EVERYONE. It is the right thing to do. I am sorry to see that you do not uderstand this. Sorry, I'm going to continue to take a viewpoint that I suspect is rather unpopular in this list, and argue for the advantages of weak crypto in certain circumstances, when it is KNOWN to be weak. The phrase "Poor security is worse than no security" refers to the dangers in assuming that your communications are secure, even when they're not. If you know that your cryptography is weak, it can still sometimes be sufficient for your purposes. What weak cryptography does is protect from passive attacks, such as simple wire-tapping. While an RC2/40 message can be trivially broken in a matter of hours, it can't be broken in real-time. If EVERYONE used even RC2/40, then passive attacks would be foiled, because the <insert evil NSA/CSIS/etc here> just isn't going to bother breaking every single transmitted message. Now, of course, if you're doing something where you don't want your communications to be intercepted under any circumstances, then you want to be using something stronger than RC2/40. However, S/MIME doesn't prevent that at all. DES is a published standard, and I'm waiting for somebody outside of the USA to implement triple-DES with S/MIME. This will inter-operate with Outlook and Netscape clients inside the USA (theoretically). Including a minimum baseline of weak cryptography is NOT denying strong cryptography to everyone. Once the patent on RC2 expires (which is very soon) or if RSA gets dropped on their head and finally does the intelligent move of releasing it to the public domain, then S/MIME provides an expandable infrastructure for secure mail, with a huge user base already out there, and in a form much more spoonable to the unwashed masses. Ian
Ian Clysdale wrote:
Sorry, I'm going to continue to take a viewpoint that I suspect is rather unpopular in this list, and argue for the advantages of weak crypto in certain circumstances, when it is KNOWN to be weak. The phrase "Poor security is worse than no security" refers to the dangers in assuming that your communications are secure, even when they're not. If you know that your cryptography is weak, it can still sometimes be sufficient for your purposes. What weak cryptography does
There's a good reason this viewpoint is unpopular: it includes the tacit assumption that strong crypto is harder to do than weak crypto. In fact that's not the case. It's as fast and easy to do RC4/128 as to do RC4/40 -- the only extra resource is keying material, which is cheap. The <only> reason to use weak cryptography is political. I'll also challenge your "If you know that your cryptography is weak" meme: most people have no idea what cryptography is, and at best can look at the little key to see if they're on a secure page. Explaining to them that they're not really secure is normally possible in a one-to-one tutorial, but most people just want to get their work done, and if the program says they're now in secure mode, they'll feel free to send their SSN/SIN/NID and their HIV status. They <don't> know their cryptography is weak, even if you tell them. Bad idea! Bad! -- Jim Gillogly 14 Blotmath S.R. 1997, 18:27 12.19.4.11.12, 1 Eb 10 Zac, Seventh Lord of Night
-----BEGIN PGP SIGNED MESSAGE-----
There is an old saying in the Security Field: "Poor Security is worse than no security at all".
I doubt that you would find few if any that would agree with you that it is a good thing having the masses using weak crypto. At least the US members of the Open-PGP group are willing to sacrifice overseas sales in the effort to provide STRONG crypto to EVERYONE. It is the right thing to do. I am sorry to see that you do not uderstand this.
In <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104162419Z-34904@mail.entrust.com>, on 11/04/97 at 11:24 AM, Ian Clysdale <iancly@entrust.com> said:
Sorry, I'm going to continue to take a viewpoint that I suspect is rather unpopular in this list, and argue for the advantages of weak crypto in certain circumstances, when it is KNOWN to be weak. The phrase "Poor security is worse than no security" refers to the dangers in assuming that your communications are secure, even when they're not. If you know that your cryptography is weak, it can still sometimes be sufficient for your purposes. What weak cryptography does is protect from passive attacks, such as simple wire-tapping. While an RC2/40 message can be trivially broken in a matter of hours, it can't be broken in real-time. If EVERYONE used even RC2/40, then passive attacks would be foiled, because the <insert evil NSA/CSIS/etc here> just isn't going to bother breaking every single transmitted message. Now, of course, if you're doing something where you don't want your communications to be intercepted under any circumstances, then you want to be using something stronger than RC2/40. However, S/MIME doesn't prevent that at all. DES is a published standard, and I'm waiting for somebody outside of the USA to implement triple-DES with S/MIME. This will inter-operate with Outlook and Netscape clients inside the USA (theoretically). Including a minimum baseline of weak cryptography is NOT denying strong cryptography to everyone. Once the patent on RC2 expires (which is very soon) or if RSA gets dropped on their head and finally does the intelligent move of releasing it to the public domain, then S/MIME provides an expandable infrastructure for secure mail, with a huge user base already out there, and in a form much more spoonable to the unwashed masses.
This is nothing but selfserving bullshit in a vain effort to justify YOUR sellout for a paycheck. Your product will use WEAK RC2/40 DOMESTICALLY as long as it is communicating with someone useing these weak keys. How does your program warn the user that the crypto being used is unacceptable?? Does it warn them at all?? Does it refuse to use the WEAK crypto?? I know I get no warning from NS if weak keys are being used, just the happy key to tell me everything is ok. Do you see this as a GoodThing(TM)?? WEAK crypto is WEAK crypto and should not be tolerated in any way shape or form. Having a minimum baseline of weak crypto is not a GoodThing(TM) it is a BadThing(TM). If the people at Entrust can't figure that out then I have serious question as to the security and quality of your product regardless of the algorthims being used!! PS: Please learn how to set up your mailer so that it quotes properly. <sigh> one would think that someone in this business could grasp such basic concepts. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNF9+wI9Co1n+aLhhAQFFmQQAwCkTiFRFkwzAKiN6fticBSDWLFBktCA/ Wmkr627F3MkTYEmESrtXdlFAB44rvuDsK65VT1SHvvpFzzhDxL3l/ZB3Jl8toWQs HAhL908zFT+h6/TnKDcvW70kHIILrpYa/cdJNsruN6s2+gf5OqkMkd1rUsO8FfE3 s6DileG6eSk= =2Rif -----END PGP SIGNATURE-----
participants (3)
-
Ian Clysdale -
Jim Gillogly -
William H. Geiger III