From: aba@dcs.exeter.ac.uk
Date: Thu, 7 Sep 95 12:42:21 PDT
To: tcmay@got.net
Subject: Re: GAK Hacks
Message-ID: <8921.9509071941@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> writes on cpunks:
> We did it for SSL, let's do it for GAK.
> 
> Demonstrate that superencryption (encrypting within a GAK wrapper) defeats
> GAK. And other kinds of hacks, including releasing "damaged" (inoperative)
> versions of the proposed code (when it becomes available).

I was just drooling over the fun to be had if and when this crap goes
through.  Surely a very fun thing to do.  A new legit hobby for all
those games crackers out there.  (Hmm maybe not so legit, micro$oft
has non- reverse engineering clauses on their stuff, but that doesn't
stop anyone, and there's always remailers).

One of their requirements was resistance to static patches, as someone
else pointed out that is just not possible in software, if some gets
really bored they can at worst disassemble the entire thing, and
re-write it from scratch without any silly GAK stuff, or with a row of
00s where the escrowed key goes.

> Or releasing "work-alikes." Etc.
> 
> Granted, the demonstrations will be less clear than breaking the 40-bit key
> was, partly because there is no clear-cut standard out there, and many
> aspects of GAK are still in flux.
> 
> But it could still be a powerful example, an example "by direct
> demonstration," that government-mandated key escrow is problematic.
> 
> (Of course, a sufficiently powerful or clear demonstration, picked up by
> the popular press the way the SSL challenge was, could also cause the
> government to tighten up the rules on GAK, such
> as--speculatively!!!!--adding "compliance audits" to the GAK laws.)

So the question is what do you prefer: 40 bits only or 64 bits which
can be broken?  Is it worth sabotaging what is essentially an
impossible task open to having the GAK element hacked out?  It would
be much more fun if they'd agree to no limits on key sizes, and GAK.

What happens if the result of the talks which Pat Farrell kindly
described is that it is impossible?  What is their next move?  We've
had "voluntary" hard-ware key-escrow, and it got chucked out by
widespread derision of the idea, now the same in software.  Which
direction does the next phased attack come from?

> But GAK Hacking could be an interesting project.

indeed.

Adam