Echelon-like resources...

Tyler Durden camera_lumina at hotmail.com
Fri Oct 11 06:37:52 PDT 2002 

OK, let's assume for the same of argument that it takes about 1 minute for 
Echelon/NSA-like resources to break a weakly encypted lotus notes message. 
And then let's assume that there's a whole LOT of these machines sitting 
somewhere.

And as the grumpy Tim May has suggested, perhaps only a small fraction of 
encrypted messages are (or can be) sent for decryption.

Then the expenditure of such resources is going to be a big statistical 
optimization problem, akin to that faced in the credit card industry (eg, in 
approving or declining a POS transaction).

The gub'mint or whatever doing such monitoring will therefore probably look 
for certain signs that will kick off decryption. For instance, the sporadic 
use of cryptography in cetain demogrpahic areas might cause a % of those to 
be sent over for routine check, particularly if there is no encryption used 
by that populace, and then all of a sudden there are bursts.

Also, changing the strength of encryption might be a kickoff, but again I 
reveal I am a newbie with this question: Is it possible to determine (at 
least approximately) the strength of encryption of an intercepted message?

Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly 
from weak to strong encryption in his messaging, that would kick off a flag 
somewhere sending that message for cracking.

So if a bin Laden were smart, he should routinely use encryption for all of 
his messages, even the most trivial, because the change in pattern would be 
a tipoff to send his encrypted messages for hacking.

And the there are probably less obvious, large-scale statistical patterns 
indicating something's up, and causing a % of such messages to be hacked and 
then sent for routine check for key words.





>From: Adam Back <adam at cypherspace.org>
>To: Tyler Durden <camera_lumina at hotmail.com>
>CC: DaveHowe at gmx.co.uk, cypherpunks at lne.com
>Subject: Re: Echelon-like...
>Date: Thu, 10 Oct 2002 20:41:21 +0100
>
>Sounds about right.  64 bit crypto in the "strong" version (which is
>not that strong -- the distributed.net challenge recently broke a 64
>bit key), and in the export version 24 of those 64 bits were encrypted
>with an NSA backdoor key, leaving only 40 bits of key space for the
>NSA to bruteforce to recover messages.
>
>The NSA's backdoor public key is at the URL below.
>
>	http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
>
>(The public key had an Organization name of "MiniTruth", and a Common
>Name of "Big Brother" -- both Orwell "1984" references, presumably by
>a lotus programmer).
>
>Adam
>
>On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
> > "I assume everyone knows the little arrangement that lotus
> > reached with the NSA over its encrypted secure email?"
> >
> > I'm new here, so do tell if I am wrong. Are you referring to the two 
>levels
> > of Encryption available in Bogus Notes? (ie, the North American and the
> > International, the International being "legal for export".)
> > At one of my previous employers, we were told the (apocryphal?) story of
> > some dude who got arrested on an airplane for having the more secure 
>version
> > of Notes on his laptop.
> >
> >
> >
> > >From: "David Howe" <DaveHowe at gmx.co.uk>
> > >To: "Email List: Cypherpunks" <cypherpunks at lne.com>
> > >Subject: Re: Echelon-like...
> > >Date: Thu, 10 Oct 2002 18:38:36 +0100
> > >
> > >On Wednesday, October 9, 2002, at 07:28  PM, anonimo arancio wrote:
> > > > The basic argument is that, if good encryption is available overseas
> > > > or easily downloadable, it doesn't make sense to make export of it
> > > > illegal.
> > >Nope. The biggest name in software right now is Microsoft, who wasn't
> > >willing to face down the government on this. no export version of a
> > >Microsoft product had decent crypto while the export regulations were 
>in
> > >force - and the situation is pretty poor even now. If microsoft were
> > >free to compete in this area (and lotus, of notes fame) then decent
> > >security *built into* the operating system, the desktop document suite
> > >or the email package - and life would get a lot, lot worse for the
> > >spooks.  I assume everyone knows the little arrangement that lotus
> > >reached with the NSA over its encrypted secure email?




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

More information about the cypherpunks-legacy mailing list