1993-04-22 - Reaction time and Crypto

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 3ac7106cf5f9b46ab33eab531c0c6bb15814be7fafae06e6f8b10146ad7d98fe
Message ID: <9304222339.AA05222@soda.berkeley.edu>
Reply To: <9304180436.AA49530@acs.bu.edu>
UTC Datetime: 1993-04-22 23:42:50 UTC
Raw Date: Thu, 22 Apr 93 16:42:50 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Thu, 22 Apr 93 16:42:50 PDT
To: cypherpunks@toad.com
Subject: Reaction time and Crypto
In-Reply-To: <9304180436.AA49530@acs.bu.edu>
Message-ID: <9304222339.AA05222@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


>It seems to me that the following technologies are going to be of increasing
>import despite the outcome of the Clinton proposal.

>1.  Raw headerless output from packages like PGP.  It seems obvious that
>if crypto is regulated, it must be easier to disguise the type of crypto
>one is using, or indeed if one is using crypto.

Removing the headers from PGP will accomplish only the most cursory
security.  The PGP packet structure is recognizable out of a random
byte stream even without the headers.

More generally, just because _you_ don't know how to recognize
something doesn't mean your opponent is similarly lacking.  In order
to really know it can't be done, you need a proof, that is, an
argument that covers all possible ways of looking for something.

This principle applies to all forms of steganography.


>2.  Methodology for the disguising of cyphertext in more innocous data.

See my comment above for my opinion on this.


>3.  The proliferation and consistant use of Crypto for even everyday
>communications.

I think work done to get PGP, for example, in mail readers is
something that should be done with a bit more zeal.  I, personally,
don't use it much because of my computing environment (receiving mail
on a widely-known-to-be-insecure Unix box, dialed in from MSDOS).  The
integration problems are pressing.

>1>  The harder it is to find, the less potential there is for regulation.
>2>  The harder it is to look for, the less potential there is for regulation.
>3>  The harder it is to abolish, the less potential there is for regulation.

True up to a point.  Remember, internet users are still a small
percentage of the whole.

Eric





Thread