Reaction time and Crypto

Eric Hughes hughes at soda.berkeley.edu
Thu Apr 22 16:42:50 PDT 1993


>It seems to me that the following technologies are going to be of increasing
>import despite the outcome of the Clinton proposal.

>1.  Raw headerless output from packages like PGP.  It seems obvious that
>if crypto is regulated, it must be easier to disguise the type of crypto
>one is using, or indeed if one is using crypto.

Removing the headers from PGP will accomplish only the most cursory
security.  The PGP packet structure is recognizable out of a random
byte stream even without the headers.

More generally, just because _you_ don't know how to recognize
something doesn't mean your opponent is similarly lacking.  In order
to really know it can't be done, you need a proof, that is, an
argument that covers all possible ways of looking for something.

This principle applies to all forms of steganography.


>2.  Methodology for the disguising of cyphertext in more innocous data.

See my comment above for my opinion on this.


>3.  The proliferation and consistant use of Crypto for even everyday
>communications.

I think work done to get PGP, for example, in mail readers is
something that should be done with a bit more zeal.  I, personally,
don't use it much because of my computing environment (receiving mail
on a widely-known-to-be-insecure Unix box, dialed in from MSDOS).  The
integration problems are pressing.

>1>  The harder it is to find, the less potential there is for regulation.
>2>  The harder it is to look for, the less potential there is for regulation.
>3>  The harder it is to abolish, the less potential there is for regulation.

True up to a point.  Remember, internet users are still a small
percentage of the whole.

Eric






More information about the cypherpunks-legacy mailing list