PRACTICAL DECRYPTION

John Nieder John.Nieder at f33.n125.z1.FIDONET.ORG
Wed Jan 27 02:58:45 PST 1993 


from: john.nieder at f33.n125.z1.fidonet.com

> (commenting on the strategy of "taking the 5th" on the matter of
> decrypting one's files)
>
> > .   Recently this question came up in another forum on encryption & an
> > "authority" on communications law claimed the probable scenario would be
> > that the arresting agency would have the encrypted material decrypted by
> > a competent government or academic agency & the costs of said decryption
> > would eventually be recovered from the defendant through civil suits,
> > presuming the defendant had sufficient assets.  It is my memory of the
> > thread that he claimed this had been done in previous cases.
>
> With strong crypto, e.g., with 300 decimal digit moduli, the "costs"
> of decryption by brute force could easily exceed the GNP/GDP of the
> U.S.

# Since none of us have ever been inside the NSA, we cannot underestimate
# their power and resources.  For all we know...

This is somewhat beside the point.  In actual fact, much of the seized
encrypted evidence in criminal cases employs built-in encryption
programs in major software packages (WordPerfect is a good example)
rather than obscurer stuff like PGP/IDEA/RSA.  Even highly-touted
commercial programs like Norton Utilities DiskReet w/DES use simple
passwords of a maximum ten-character size.
.   Much of this decryption may be trivially accomplished, though many
"experts" charged law enforcement agencies stout fees for the service.
It is now known that those specializing in WordPerfect files were using
a simple program available on most BBS file bases which will crack the
"secret" WordPerfect password in seconds on an old XT.
.   Apparently, the consulting fees for breaking bad crypto in most
cases is not prohibitive.
.   Tim's objections about high-end decryption are indeed valid, at least
theoretically, but we can not tell if a given encryption program has been
backdoored or if a fatal flaw has been uncovered that reduces the
security of the cyphertext.  If any cryptanalysts might find such flaws,
they would probably be those in no position to reveal their findings.
.   Jean-Loup Gailly [an original PGP team member in France] informs me
that the same general criticisms of PGP soundness voiced in the Moscow
State University report have been independently suggested in sci.crypto,
though he is aware of no instance of these alleged weaknesses being
exploited to break a PGP message.  The jury is still out on PGP's
ultimate security, I suppose.
.   Personally, I am not counting on PGP's brute-force decryption being
a task of the magnitude Tim suggests, though I _hope_ he's right.  I
sure wish some well-equipped crypto labs like Marty Hellman's would turn
their attentions to an evaluation of PGP...

        JN

--- Blue Wave/Opus v2.12 [NR]
--  
John Nieder - via FidoNet node 1:125/555
    UUCP - ...!uunet!hoptoad!kumr!fidogate!33!John.Nieder
INTERNET - John.Nieder at f33.n125.z1.FIDONET.ORG

More information about the cypherpunks-legacy mailing list