From: Lucky Green <shamrock@netcom.com>
Date: Mon, 12 May 1997 07:05:33 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: The War is Underway (fwd)
Message-ID: <3.0.32.19970511125644.006e96a8@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:17 PM 5/10/97 -0400, Black Unicorn wrote:
>Yes.  One of the major stumbling blocks I have run into is a lack of code
>which really is refined and reviewed enough to serve the purposes I need
>it to serve. 

The reason for the lack of "refined and reviewed" code is simple. Writing
such  code is difficult and time consuming. Anybody on this list capable of
writing it probably has a 10+ hours daytime job. It is often hard to donate
the effort required into producing either a freeware system or a system
that has a shaky business model at best. Yes, the original code for type I
remailers was written in a few days. Their security is accordingly low,
interfaces were almost non-existent.

The type of software you seem to be interested in requires more than just a
single individual dedicating a few evenings to it. It requires entire
software development teams. That takes the development out of the realm of
guerilla programming and into commercial efforts. As PGP, Inc. can attest,
making money of strong crypto can be hard. That further limits the number
of players willing to dedicate time to such an effort.

>FC97 did a lot to make some more obscure things obvious, and
>familiarize the players with each other, but the details are often hard to
>come by.  Many of the applications out there are painfully behind in
>interface areas forcing developers to use complicated "toolkits" which
>often lack the basics we need. Finding an analogy to easily explain even
>the basics to a customer is very difficult unless the front end jibes with
>the attempt.

While I would have to agree that FC'97 was a very worthwhile event from the
human networking perspective, I am confused by your claim that the
"toolkits"  lack the basics you need. I assume you are talking about
routines in crypto libraries here. What routines do you need that aren't in
the crypto libs available? I am not claiming that crypto libs have all the
routines one might possibly need, but I would be surprised if they didn't
have the routines you need. Perhaps it would help if you would explain what
you are looking for.

Furthermore, crypto libraries are not meant to address interface design.
The interface design is up to the application developer.

>> Perhaps it's time for some stego interfaces to remailers.

Somehow I doubt they will be developed anytime soon. Only a very small
fraction   of remailer users wants to hide the fact that they are using
remailers and not also hide the fact that they are using crypto at all.

If you only want to hide remailer use,  but not crypto use, a Pipe-net like
system should suit you fine.

>Most of what concerns me is the need to keep keylengths "obscenely large"
>because what is obscene today may not be so obscene after 5 years of
>chilled crypto development.

I agree keylengths are an issue. An even larger issue are the properties of
ciphers. We don't know that breaking RSA is as difficult as factoring. We
just hope it is. And we definitely don't know that factoring can not be
done in polynomial time. Not to mention that we don't even know if P != NP.

>Given the success (or lack thereof) of my call to arms before, I'm not
>sure I'll be anxious to repeat it soon.  (The largest keylength of any
>widely used cipher of which I am aware remains at 128.

Not wanting to split hairs, but 3DES is 168 bits. But it is about twice as
strong as DES, so the effective keylength does not exceed 128 bits. 
Still, there is good reason why so few of the many ciphers out there are
actually being used for the high security applications. No cipher has been
as thoroughly analyzed as DES. And while 3DES is often called slow (which
is irrelevant unless you have to encrypt large amounts of data), it is
generally considered secure. If you need better than 3DES, you want larger
keylength while retaining the security of using a well analyzed cipher. I
am not aware of any such cipher today. Perhaps that's why it is used so
little. :-)

>  There still is no
>effective PipeNet, no real mainstream "stealth crypto."  No significant
>work on detering traffic analysis or denial of service with the exception
>of the below).

I disagree. Just because Cypherpunks have not announced the releases of a
finished product, tremendous progress has been made this year alone. And we
have found new allies, such as the Onion Router team from Navy Research Lab
and the CROWDS team from AT&T.

Sure, their systems are far from perfect and require further development.
Which is why several Cypherpunks, myself included, have been busy getting
the teams up to speed, teaching them about attack methods, explaining to
them why certain attacks they discounted as unlikely are actually easy to
pull off, and generally advising these non-CP subscribers with very CP
projects about modifications that must be made to the software before it
will see widespread deployment. Understand that NRL has three scientists
working on Onion Routers a  significant part of their time. With full
funding. This is the kind of commitment it takes to make the more advanced
systems a reality. A volunteer effort is considerably less likely to be
able to come up with the resources for the many projects that need design
and implementation.

Other Cypherpunks have been busy working on advanced systems, but this
stuff takes time. Writing a crypto library is comparatively easy. If your
DES code gives the right results for a given IV, the code works. Taking
that DES code and some RSA code and turning it into an Onion Router is a
whole different challenge. And any mistakes you make are far less obvious.
[...]
>An online bank is useless if it can be blocked by a few keystrokes.

No offense, but Adam's "Eternity" system doesn't come close to Ross
Anderson's original design. It is a fun weekend hack, but calling it the
Eternity Service is a very unfortunate choice of words. It isn't any more
Ross Anderson's Eternity Service than type I remailers are Chaumian mixes.

>(But that's what secure INMARSAT phones are for too)

And how do you feed the base station? I believe the solution to permanent
servers is more likely to come from the IETF's mobile IP efforts (again a
project that far exceeds what a few Cypherpunks can do) and from anonymous
server designs such as recently proposed by the usual suspects and others
who wish to remain anonymous.

[...]
>C'punks should wish to provide clandestine crypto services for the entire
>population.  Laws which may or may not pass in the United States should
>bore c'punks, because they should realize that legislation is irrelevent
>because the genie is already out of the bottle.  Unfortunately, I don't
>think the genie is all the way out of the bottle.

Clandestine anything, almost by definition, will never reach the entire
population, but only those that are willing to go out and seek it. [If it
was openly available, it wouldn't be clandestine.]

PGP became as popular as it did because it could be used with zero
investment by any two parties, requiring only minimum connectivity. Truly
secure net anonymizers will need, at least at the backbone level, multiple
dedicated machines with fat 24/7 Internet connections in multiple
jurisdictions.  That's a significant investment. Such sites are not going
to become a reality out of the goodness of somebody's heart. Even in the
unlikely event that somebody has the time to write all the code for free.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred

   "I do believe that where there is a choice only between cowardice and
    violence, I would advise violence." Mahatma Gandhi