Echelon-like resources...

Tyler Durden camera_lumina at hotmail.com
Fri Oct 11 07:29:53 PDT 2002 

Harmon Seaver wrote...

>    Why the hell would anyone use lotus notes encryption for anything 
>whatsoever?

Lotus Notes or whatever, of course. The point here is that larger 
organizations with decryption capabilities probably do not think on the 
message-by-message level very often, just like credit card companies and 
insurance agencies deal with their customers in statistical buckets.

It's also conceivable that a large variety of individuals, of varying levels 
of sophistication and education, catch wind of information the government 
may be interested in. Some of them may not feel or know that their message 
is of enough importance to go outside ofLotus Notes or whatever if they have 
it.




>
>
>On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote:
> > OK, let's assume for the same of argument that it takes about 1 minute 
>for
> > Echelon/NSA-like resources to break a weakly encypted lotus notes 
>message.
> > And then let's assume that there's a whole LOT of these machines sitting
> > somewhere.
> >
> > And as the grumpy Tim May has suggested, perhaps only a small fraction 
>of
> > encrypted messages are (or can be) sent for decryption.
> >
> > Then the expenditure of such resources is going to be a big statistical
> > optimization problem, akin to that faced in the credit card industry 
>(eg,
> > in approving or declining a POS transaction).
> >
> > The gub'mint or whatever doing such monitoring will therefore probably 
>look
> > for certain signs that will kick off decryption. For instance, the 
>sporadic
> > use of cryptography in cetain demogrpahic areas might cause a % of those 
>to
> > be sent over for routine check, particularly if there is no encryption 
>used
> > by that populace, and then all of a sudden there are bursts.
> >
> > Also, changing the strength of encryption might be a kickoff, but again 
>I
> > reveal I am a newbie with this question: Is it possible to determine (at
> > least approximately) the strength of encryption of an intercepted 
>message?
> >
> > Then, if someone from, say, the b'Arbes neighborhood of Paris moves
> > suddenly from weak to strong encryption in his messaging, that would 
>kick
> > off a flag somewhere sending that message for cracking.
> >
> > So if a bin Laden were smart, he should routinely use encryption for all 
>of
> > his messages, even the most trivial, because the change in pattern would 
>be
> > a tipoff to send his encrypted messages for hacking.
> >
> > And the there are probably less obvious, large-scale statistical 
>patterns
> > indicating something's up, and causing a % of such messages to be hacked
> > and then sent for routine check for key words.
> >
> >
> >
> >
> >
> > >From: Adam Back <adam at cypherspace.org>
> > >To: Tyler Durden <camera_lumina at hotmail.com>
> > >CC: DaveHowe at gmx.co.uk, cypherpunks at lne.com
> > >Subject: Re: Echelon-like...
> > >Date: Thu, 10 Oct 2002 20:41:21 +0100
> > >
> > >Sounds about right.  64 bit crypto in the "strong" version (which is
> > >not that strong -- the distributed.net challenge recently broke a 64
> > >bit key), and in the export version 24 of those 64 bits were encrypted
> > >with an NSA backdoor key, leaving only 40 bits of key space for the
> > >NSA to bruteforce to recover messages.
> > >
> > >The NSA's backdoor public key is at the URL below.
> > >
> > >	http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
> > >
> > >(The public key had an Organization name of "MiniTruth", and a Common
> > >Name of "Big Brother" -- both Orwell "1984" references, presumably by
> > >a lotus programmer).
> > >
> > >Adam
> > >
> > >On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
> > >> "I assume everyone knows the little arrangement that lotus
> > >> reached with the NSA over its encrypted secure email?"
> > >>
> > >> I'm new here, so do tell if I am wrong. Are you referring to the two
> > >levels
> > >> of Encryption available in Bogus Notes? (ie, the North American and 
>the
> > >> International, the International being "legal for export".)
> > >> At one of my previous employers, we were told the (apocryphal?) story 
>of
> > >> some dude who got arrested on an airplane for having the more secure
> > >version
> > >> of Notes on his laptop.
> > >>
> > >>
> > >>
> > >> >From: "David Howe" <DaveHowe at gmx.co.uk>
> > >> >To: "Email List: Cypherpunks" <cypherpunks at lne.com>
> > >> >Subject: Re: Echelon-like...
> > >> >Date: Thu, 10 Oct 2002 18:38:36 +0100
> > >> >
> > >> >On Wednesday, October 9, 2002, at 07:28  PM, anonimo arancio wrote:
> > >> > > The basic argument is that, if good encryption is available 
>overseas
> > >> > > or easily downloadable, it doesn't make sense to make export of 
>it
> > >> > > illegal.
> > >> >Nope. The biggest name in software right now is Microsoft, who 
>wasn't
> > >> >willing to face down the government on this. no export version of a
> > >> >Microsoft product had decent crypto while the export regulations 
>were
> > >in
> > >> >force - and the situation is pretty poor even now. If microsoft were
> > >> >free to compete in this area (and lotus, of notes fame) then decent
> > >> >security *built into* the operating system, the desktop document 
>suite
> > >> >or the email package - and life would get a lot, lot worse for the
> > >> >spooks.  I assume everyone knows the little arrangement that lotus
> > >> >reached with the NSA over its encrypted secure email?
> >
> >
> >
> >
> > _________________________________________________________________
> > MSN Photos is the easiest way to share and print your photos:
> > http://photos.msn.com/support/worldwide.aspx
>
>--
>Harmon Seaver
>CyberShamanix
>http://www.cybershamanix.com
>
>"War is just a racket ... something that is not what it seems to the
>majority of people. Only a small group knows what its about. It is
>conducted for the benefit of the very few at the expense of the
>masses."  --- Major General Smedley Butler, 1933
>
>"Our overriding purpose, from the beginning through to the present
>day, has been world domination - that is, to build and maintain the
>capacity to coerce everybody else on the planet: nonviolently, if
>possible, and violently, if necessary. But the purpose of US foreign
>policy of domination is not just to make the rest of the world jump
>through hoops; the purpose is to faciliate our exploitation of
>resources."
>- Ramsey Clark, former US Attorney General




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

More information about the cypherpunks-legacy mailing list