From: RYAN Alan Porter <ryan@rtfm.mlb.fl.us>
Date: Mon, 31 May 93 20:51:16 PDT
To: Skye Merlin Poier <poier@sfu.ca>
Subject: Re: Crypto anarchy in a VW? (not the bug)
In-Reply-To: <9305312244.AA20903@malibu.sfu.ca>
Message-ID: <Pine.3.03.9306010040.A26846-d100000@rtfm>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 31 May 1993, Skye Merlin Poier wrote:

> Has there been any discussion of anonimity / crypto anarchy in a virtual world
> such as the ones described in _Snow Crash_ or _Neuromancer_? When the nets to
> support these technologies come into place (and I have no doubt that they will),
> perhaps a form of anonimity could be written into the architechture, instead of
> having to add it on later as is the case now.... I would certainly be very 
> interesting, especially with the work being done on creating alternate personas
> (or avatars, whatever).

I am glad to see some consideration of possible hypothetical future scenarios
here; it is important to have an eye for the future of things.

I think that building privacy into the architecture would be inherently 
dangerous, however, it is a perfect way for the people building the system
to oppress the users, all the while convincing them that the system is 
secure.

Clipper is a perfect example of this, anonymity is supposedly being built into
the system with the Clipper chip.  The trouble, of course, being the inherent
INsecurity--but consider how much more dangerous it would be if the
insecurities were not even known, yet we were expected to rely on the fact
that 'privacy and anonymity are built into the architecture'?

No, this is the perfect beginning for a system where the populace is
monitored with the argument that "if you had nothing to hide, you would
not be going out of your way to hide it, besides, the system has INHERENT,
BUILT-IN SECURITY...."

The only way to ensure your privacy is to seize it yourself.

> Also, a while back someone mentioned in passing buried cables.. this stirred up
> an old idea I had about server anonimity, that is that the actual physical 
> location of a server would be very difficult to pin down... the only way to do
> this with any real degree of security would be to bounce signals off a satellite
> but this would be rather costly...

There are a lot of ways to get a signal around the world without using a 
satellite, ask any amateur radio enthusiast.  Besides, the more diverse the
signal transmission methods are, the more difficult the signals will be
to both trace and interfere with.

I have always been kind of fascinated with the idea of a truly decentralized
system, much like the internet is today, where each node had
responsibilities to connect to the nodes around it, but the actual
interconnection was entirely up to the nodes involved, so that there could
be no standard, homogenous method of tracing connections.  A pair of nodes
could be connected by direct connection, hidden wires, satellite
connection, voice grade wires, ionosphere bounce, lunar bounce, repeated
packets, lasers, microwaves, IR, whatever...  This would provide a tight
net that would be almost impossible to control with heavyhanded
regulations and oppression.

If each node on the net had a seperate public key and all traffic
between nodes was decrypted coming in and encrypted going out to the next
node, aspiring Big Brothers would have even more of a headache.

Why is there not more work being done on encrypting all internode traffic
streams?  It doesn't seem too hard.


An aside:  has anyone dealt with the concept of on-the-fly encryption for
mass storage, kind of like the way the PCs can be 'stacked' or 'doubled'
or whatever with on-the-fly compression?  I was thinking about trying to
write some drivers for this for a 486 but I have never tried to write a
device driver before and was wondering if anyone might have any suggestions.

I was thinking of something along the lines of:  your entire drive is
encrypted with your public key.  That way people can send you files and
deposit files and all of that jazz no problem.  When you boot up the
system each time it asks you to insert a floppy with your private key on
it.  You would keep this floppy on you as if it were an actual, physical
key. (perhaps in the future PCMIA cards or something more durable and
portable can be used)  It asks for your password to verify your key and
loads that key somewhere into memory.  It then uses they key for the rest
of the session to decrypt everything coming from the specified mass
storage devices and encrypt everything going to them transparantly.

This seems like a great idea to me, my two problems that I was hoping
someone might be able to help me with are:

    1) these public key algorithms that we are working on are slow as
balls, any idea if this would be feasable, given how PC users like to
equate hard drive speed with penis size?

    2) it seems that having your private key hanging around somewhere in
memory the whole session would be horribly insecure, and would make it
very easy for someone to walk up to a running PC and run some program that
would snatch it from memory (assuming something like this catches on and
there are some standard programs out there that poeple become familiar
with) so how could I protect the key from getting filched from a running
system aside from the standard 'password protect your screen saver' and
other insecure hacks like that?

> 
> Skye
> --
> -----====> Skye Merlin Poier <====----- 
> Undergrad in CMPT/MATH (Virtual Reality)       ||||      ||||
>           email: poier@sfu.ca                  p-OO <--> OO-q   THINK
>    PGP Public Key available on finger           \==      ==/
> 



Hugs and kisses,
    -Ryan
the Barcode Guy