"Export" controls

Michael Motyka mmotyka at lsil.com
Thu Dec 3 10:56:01 PST 1998



> Their architecture has real $$ value because it cracks 99% of
> "encrypted" traffic.
>
What type of attack was used in the famous test? Known plaintext? It
gets a bit tougher in the real world doesn't it?

> Offering the real stuff for sale in US requires some investment.
>
Really?

> We are not talking here about free stuff. We are talking about
> products that can be deployed by non-programmers, businesses etc.,
> that will be supported professionally 
>
Every product I ever worked on started off as a big ugly prototype
sprawled across a table top hooked to all sorts of life support systems.
And not all products are taken to market by those who did the initial
design work. License. For something like we're discussing here I think
the *big* cash outlay comes post-prototype with mask, fab, plastics,
production lines and marketing. Upfront it's mostly neurons.

I expect it would be easier to convince a manufacturer to participate
with a working prototype than it would with only an idea.

> Hardware is overkill for the single voice line. PGPfone works fine
> there.      ^^^^^^^^
>
No it is not. 500k gates may be too much but I maintain that you simply
cannot trust the Wintel HW, Windows or anything you cannot analyze in
detail and freeze. Besides, people like little palm-sized gadgets.

> How much would you pay for transparent hardware/software solution that
> encrypts all traffic between peer users
>
We all know the magic price points. But is that particular product all
that interesting? Even if peer traffic is encrypted the system can be
infected and can transmit anything ( disk, RAM eg ) to other adresses.
I'm afraid I don't know enough about the networking stuff to feel that a
system can be secured while it is on-line. 

Now an embedded system for secure e-mail that used a PC as a gateway
might be kind of cool. You drop encrypted attachments onto a driver that
sends them to the unit where you read them. Anything you enter and
encrypt at the unit is presented as a file at the host to be attached
and sent. USB would be plenty quick for that sort of stuff.

You might say that it should be done on the host as SW or on another PC
but we're back to the Wintel HW again. No thanks. I wonder what could be
done with a palm pilot. Are full schematics and BIOS and driver code
available? You *might* throw out everything but and build it there.
You'd want to do some EMI testing.

I still like my SCSI/IDE gizmo for off-line PC's.

> The main problem with hard crypto is that it is so equalizing. Any
> pauper can cheaply encrypt and make it hard for any government to
> break. 
>
Yes, and it needs to be priced accordingly. Although corporations do
tend to spend nicely at times.

The key, as with any business, identify your customers and make a
product for them. Not easy, I admit.

> This is not the case with guns, where more resources almost linearly
> buy more power.
>
Gun talk is amusing. I agree that what is going on with gun law is
disturbing but as far as disagreement with the Reptilians is concerned
power is political. As soon as it becomes violent you've lost. Except in
the event of a full-blown revolution. Then we all lose.

> On the wild side, suppose that all crypto restrictions are terminated.
> Some would say that now "they" can break all available stuff. In any
> case the value of crypto products in the eyes of buyers would fall. If
> it is legal it is no good. Most of the research would lose the best
> people. 
> 
Don't you think that this sort of a poker bluff would be a little too
much even for the boldest thinkers in gov't? The stuff they fear most
would be commoditized and I think, in spite of your point, far more of
it would exist than does now. Marketeers would reduce it to bullet items
on packages but many engineers would deliver reasonable products within
the cost constraints.

> Cypherpunks would cease to exist.
> 
Is that why CP exist? Because cryptography has some legal gray areas? I
don't think so.

Enough

This is a painfully slow conversation.






More information about the cypherpunks-legacy mailing list