From: “James A. Tunnicliffe” <Tunny@inference.com>
To: “‘cypherpunks@toad.com>
Message Hash: 6d1f49b14deccf48853c8fd98b485505bc9080bf2aaf56acd472db3bb7f5dcc7
Message ID: <c=US%a=%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>
Reply To: _N/A
UTC Datetime: 1996-11-11 18:36:00 UTC
Raw Date: Mon, 11 Nov 1996 10:36:00 -0800 (PST)
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 11 Nov 1996 10:36:00 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: FW: Validating a program
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain
>>> My question is as
>> >follows: If PGP and DES are as secure as thought to be, then why is it
>> >not ruled illegal software, just as they do with silencers, narcotics,
>> >certain type weapons, etc.....
>
>[snippo]
>
>> Why does it follow that these must be crackable, or the government would
>> have outlawed them? Despite recent moves to limit encryption, there are
>> currently NO domestic (U.S.) restrictions on crypto. Nothing prohibits
>> you from using a true One Time Pad, which is mathematically proven to be
>> unbreakable, now and forever, even against infinite resources. If this
>> is not prohibited (and it isn't), doesn't that refute your argument?
>
>Dale Thorn replies:
>This is a misleading challenge. There's a helluva difference between the OTP
>and a
>Public Key system. If, for example, it can be proven that I can crank up PGP
>to its
>most cryptic level, and send the OTP overseas with "absolute security", so
>that I
>can now send messages with the OTP which was crunched with PGP's highest
>security,
>then that would mean something.
>
>My point here is that Ed was asserting that PGP, DES, etc., must be
>crackable, otherwise the U.S. government would have ruled them illegal
>(domestically). I pointed out that one can legally own and use a true OTP
>with impunity in the U.S., despite its unquestioned unbreakability.
>Therefore, his argument falls. If it made sense, the USG would have AT LEAST
>outlawed OTP's (which they most assuredly cannot break).
>
>Just so there's no misunderstanding:
>
>1. The OTP is absolutely unbreakable. (if done correctly)
>2. The OTP encryption cannot be decoded on the other end unless you can
>deliver the
> OTP to the person on the other end by a secure means.
>3. PGP, which is not usually used at its highest level of security (for all
>bits in
> a message), *will* be used at its highest level of security to send the
>OTP to the
> person on the other end.
>4. The OTP arrives on the other end, completely safe from snooping.
>
>Now you see the problem. #4 above can't be assured, and that is why Ed says
>that PGP
>is not shut off "right now", because it's probably not "really secure".
>
>I'm not sure what you're claiming here, or what point it is intended to
>demonstrate. No matter the strength of PGP, delivering a OTP in this fashion
>would render it no longer a OTP. Besides, this scenario makes no sense. In
>any case, there is no restriction I know of in sending encrypted data (or
>even One Time Pads) to whomever you choose, by whatever means. (Granted, if
>you send encrypted traffic to khadafi@libya.gov, or dispatch couriers with
>briefcases handcuffed to their wrists, you might invite suspicion...)
>
>Could you clarify the point you're making above?
>
>I'm amused to think that, in a nation armed with 20,000 or so nukes, the
>paranoid of
>paranoid nation-states as it were, some of the erstwhile intelligent citizens
>think
>that the U.S. military are just sitting around wringing their hands over the
>"fact"
>that the citizens have "unbreakable" crypto.
>
>Bear in mind the Scientific American articles on Public Key crypto back in
>the 1970's.
>The military knew the score back then, and if you think they just sat back
>and allowed
>all this to happen, well, sorry, I don't believe in Santa Claus or the Easter
>Bunny.
>
>Well, while the feds are no doubt powerful, they ARE subject to the same laws
>of mathematics as the rest of us. While it is _possible_ they know much more
>about factoring than the rest of the world, I find it unlikely that they are
>advanced enough to factor 2000-bit numbers. (I can't prove it, just as I
>can't prove they don't know how to make their agents invisible.)
>
>And they didn't just sit back and allow this information out -- witness
>Bernstein, et. al., and all the continuing ITAR/GAK fallout. Of course, I
>expect that some will claim this is just for appearance's sake, so as not to
>make it obvious that they can actually read all our thoughts directly, using
>technology they got from the Greys from Zeta Reticulon...
>
>Tunny
>======================================================================
> James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny
> Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77
> tunny@Inference.com | 36 07 D9 33 3D 32 53 9C
>======================================================================
>
>
Return to November 1996
Return to “Open Net Postmaster <postmaster@opennet.net.au>”