1996-07-30 - Paranoid Musings

Header Data

From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: b9fe1feefa260a73511176f9d8b0ea27803f9c376b7c3971ec8db497715f5f39
Message ID: <199607301811.LAA28373@netcom7.netcom.com>
Reply To: N/A
UTC Datetime: 1996-07-30 22:54:48 UTC
Raw Date: Wed, 31 Jul 1996 06:54:48 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jul 1996 06:54:48 +0800
To: cypherpunks@toad.com
Subject: Paranoid Musings
Message-ID: <199607301811.LAA28373@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes paranoia strikes.  Since these musings are crypto related, I
thought I would share them.

(1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 
We know that a university CS student can break one message in a week using
the universities farm of workstations.  But, our foremost reputation agency
for crypto strength, the ITAR, allows systems with RC4-40 to be exported. 
What does this mean?

I combine the above with Whit Diffie's observation that, while crypto users
are interested in the security of *each* message, organizations which
monitor communications want to read *every* message.  A TLA interested in
monitoring communications would need to crack RC4-40 much faster than
1/week.

Now expensive specialized cracking equipment can certainly speed up the
process, but there may be a better way.  If cryptanalysis of RC4 yields
techniques which make the process much easier, then it is the ideal cypher
to certify for export.

The paranoid conclusion is that there is a significant weakness in RC4.



(2) What did Microsoft give up to export its crypto API?

Well, if you were a TLA, what would you want.  I think I would want an
agreement to be able to insert my own code in that vendor's products.  Then
I would be able to have widely distributed Trojan horses signed by the
vendor.  I would have the opportunity to significantly weaken standardized
crypto systems installed world wide.


Conspiracy theorists, start your mailers.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA







Thread