1995-09-05 - Re: NSA says Joe Sixpack won’t buy crypto

Header Data

From: “Ian S. Nelson” <ian@bvsd.k12.co.us>
To: vznuri@netcom.com (Vladimir Z. Nuri)
Message Hash: 17bc7fa2fb33171db356a939cac3c232c2788ebbf9250b7eac3c2622166dc4bd
Message ID: <199509050415.WAA05593@bvsd.k12.co.us>
Reply To: <199509050153.SAA23364@netcom17.netcom.com>
UTC Datetime: 1995-09-05 04:16:04 UTC
Raw Date: Mon, 4 Sep 95 21:16:04 PDT

Raw message

From: "Ian S. Nelson" <ian@bvsd.k12.co.us>
Date: Mon, 4 Sep 95 21:16:04 PDT
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: NSA says Joe Sixpack won't buy crypto
In-Reply-To: <199509050153.SAA23364@netcom17.netcom.com>
Message-ID: <199509050415.WAA05593@bvsd.k12.co.us>
MIME-Version: 1.0
Content-Type: text/plain


> no, I think the NSA is very adept at infiltrating and twisting existing
> cryptographic market processes to suit their own ends. DES is a good example
> of this. it was created by IBM largely, and then "manipulated" by the
> NSA. this is well known and understood. the NSA does not work with standards

Well known that the NSA manipulated DES?  How so?  I am willing to believe that
they had a lot of say in it and they probably wanted it weakened, but I think
you'll be very hard pressed to find proof of that.  Based on some of the 
analysis of lucifer, it could be said that IBM weakened the key space to 
because that was a side effect of adding strength to the overall cipher.  
Keyspace is just about the only weakness of DES, I don't think that can be said
about lucifer.

> or markets so much as *interfere* with them. how can you deny this basic
> premise embraced by virtually everyone on this list?

Interference is just noise, the NSA has pretty much pushed the market where they
want it to go.  If you think that is just "interference" then we use the word
differently.  

> clearly, the first attempt was to get the public to embrace clipper. lacking
> that, they have thwarted natural market progression. I agree they have
> done this. but it's like making a pool shot accidentally and saying,
> "I meant to do that". the NSA is *not* an agency that has a single clue
> about *real* markets. they do have a brilliant ability to leverage their
> political coercion skills to the absolute maximum to *manipulate* and
> *interfere* and *piss on* newly growing markets. 

If they are as powerful as we both seem to think (easily "interfering" with 
markets and screwing the public for decades) how can you underestimate them like
that?  If they are actually spying on us, then they know what moves we'll make
and they can always head that off, it's not slop pool.  If they aren't then I
don't know what I'm supposed to hold against them, I don't have to use their
standards unless I wish to export stuff.

> 
> the NSA has screwed
> up public crypto in uncountable ways. you cannot deny this!! they secretly

This is true, they make long term industry standards that are short lived.
DES's keyspace was far too small.  Escrow isn't a great idea (excpet for 
signatures) ITAR is bullshit.

> visit people doing state-of-the-art research and intimidate them into
> silence or going other directions. they visited Mosaic designers to tell
> them that the things they were installing in the software were not 
> acceptable legally. of course, any other legal arm of the government
> would simply sue once the software appeared, but not try to manipulate
> the design prior to its release. this is the tactics of an *espionage*
> and *intelligence* agency. surprise!!

This is all hearsay.  I doubt that the mosaic designers have had any contact 
with the NSA unless they invented a significant new cryptographic technology,
all Netscape/Mosaic have done is implement existing technology.  They even
implemented SSL with the 40bit exportable key size using rc4, which is what 
the law says you are supposed to do.  Any netscape employees want to dispute 
this and tell me about your encounters with the NSA?

> huge amounts of cash and credibility have been WASTED on it. the NSA has
> lost enormous credibility because of this fiasco. furthermore, the way
> they tried to hide behind presidential directives is absolutely repugnant
> to anyone who has a belief in the separation of powers within our 
> government.

They have only lost credibility to the cryptographic community, where they
already had very little credibilty.  This is the point that we all tend to 
overlook.  Joe SixPack, doesn't know much about the NSA or cryptography, when
first told about them he tends to think that they are their to protect him and
doesn't think of them as an enemy.  The biggest accomplishment of the clipper
thing is that nobody (very few at least) are using secure public key crypto
and the few new people to the issue have no idea who to trust now.  If their
job is to listen to tranmitions, then their money was well spent because there
aren't many secure transmitions right now.  and since everybody is scared about
it there aren't likely going to be a lot of secure transmitions real soon.


> do you realize the sheer ability of Microsoft to build software that
> succeeds in *markets*? Microsoft doesn't care much about Netscape
> because, as one microsoft engineer remarked, "well, it's strange
> to talk about market share when you are giving away software for free".
> well, the NSA is the absolute *opposite* of Microsoft. they don't
> have a *clue* about true market forces. they do however understand
> ways in which the government interferes with markets, and they seize
> on every one of those mechanisms as their lifeblood for control
> and "shadow/invisible oppression".

I disagree, the NSA and MS have a lot in common, they both have defined shoddy
standards that we are all using for one part of our life or other.  We will
have to put up with both of them for a long time and both of them are 
anticompetitive.  If market forces were so much more powerful than the NSA can
understand, then why the hell are all the banks in the world depending on DES?

> the NSA is quickly losing relevance. the public *does* desire public
> key crypto, and a defacto standard *has* been created, it's called PGP.
> if the NSA proposes something in public key areas, it is likely to 
> be pissed on by the public as much as Clipper, in many ways because
> of the failure of Clipper. clipper in a big sense *was* the NSA's first
> step toward public key encryption, and it was widely trounced on.

The NSA is only losing relevance with us, how many average folks even know what
clipper was?  We could even disregard the average people and just ask the 
computer users, how many of those 80million windows users know about clipper?
If it is enough for the NSA to "lose relevance" I would think this list with
be many times larger than it is. 

> 
> face it dude, the NSA has shown far less competence in the public arena
> than *any* apologist such as yourself can ever demonstrate.
> 

I take offence at that, I am not an apologist, I'm just trying to show the other
side.  We can't fight the NSA if we are all blind to what they do in the general
public's eyes.  For what it's worth, I can't think of a major commercial product
that uses cryptography that hasn't had the NSA's hands in it; that is pretty 
damn competent if you ask me.




Thread