From: "Mark M." <markm@voicenet.com>
Date: Thu, 30 May 1996 11:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: Internet traffic is monitored.
In-Reply-To: <199605290937.LAA16955@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960529161530.222A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 29 May 1996, Anonymous wrote:

> # begin story
> 
> A person working on the MBONE project did an unannounced experiment
> across the internet using Triple-DES for MBONE, and the very next day, 
> 'ATF' agents knocked on his door and warned him against exporting 
> munitions.  The experimentor was shaken by the fact that agents 
> approached him so quickly after the experiment.
> 
> # end story

Do you have any information to back this up?  It sounds like an urban myth.
Also, AFAIK the ATF isn't the agency that controls arms exports.

> 
> Extrapolations of fact:
>    1.   Internet traffic is monitored.

Maybe.  But I doubt that the above story is true.

>    2.   The ability to snoop for encrypted traffic is present

And how exactly is this done?  Unless data is tagged with a header, encrypted
traffic is indistinguishable from random data.

>    3.   The ability to identify encryption levels is present
>         (How else can they differentiate DES-1 from DES-3?)

Same as above.

>    4.   The ability to crack DES-1 in near real-time mode is present.
>         (See above).

Several years ago, the cost of building a DES cracking machine was $100 million
dollars.  this value is now much smaller.

>    5.   If above=true, then Feds dropping the Zimmerman PGP case probably
>         also points to it also being crackable in a similar manner.

The Feds dropped the Zimmerman case because there wasn't any evidence to
support the accusation that PRZ had exported PGP or broken any laws.  Also,
if someone was ever tried for ITAR violations, it would most likely be found
unconstitutional.

>    6.   Using encryption only flags traffic for capture and decryption, 
>         using strong encryption makes you all that more interesting.

This is why there is steganography.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMayySbZc+sv5siulAQHw5QP7B6FhdMxpQQ/neNJcQnNG0hwu0bsDmmes
Is6wC14qkIaKUSF2yak4cQDqwOMBj9O/0l357YDHFSXTsZm9Bq3pBYCDg8Ws55/0
1BUz6WEi+Clf2WQz4i9FVhYESPQ3zIIYTJMjn9H0v3KQqojQTP9Z4zhgFeRjHfjn
rBfdvRDwCPw=
=Zye2
-----END PGP SIGNATURE-----