From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 20 Jul 1998 10:51:22 -0700 (PDT)
To: John Lowry <dcsb@ai.mit.edu
Subject: Re: John Gilmore and the Great Internet Snake Drive
In-Reply-To: <v04011738b1d55fa3b8fe@[139.167.130.247]>
Message-ID: <v0401171eb1d91ca7ac67@[139.167.130.247]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:48 AM -0400 on 7/20/98, John Lowry wrote:


> Oh please ...

Okay, I'll say it again: Yes, Virginia, DES is now officially Snake Oil.

As much snake oil as if someone tried to sell a Ceasar cipher -- a
perfectly good prechristian military messaging technology, mind you :-) --
for use in modern internet financial cryptography.

So, Virginia, DES is DED. Game over. Kaput.

Get used to it.

> As you point out, physics is not optional.  This is predictable and was
> predicted.  Yawn.

Actually my point. It may have been predicted, but it has now happend. DES
is now Snake Oil.

BTW, try getting your gingivitis fixed before you go yawning in someone's
face. ;-).

> I predict that 3DES will fall too - actual time it takes is left to the
> student.

I see. In *your* lifetime? Splendid. I'd love to see *that* happen. And, of
course, *you're* going to do it, Mr. Lowry? Yawn, yourself.

> More interesting, how about a supposition that DNA computers will be able
> to factor
> interesting numbers within 5 years ?

Probably not in your lifetime, bunky, no matter how many 5-gallon buckets
of slime you can grow. Burden of proof's on you, here. My claim that DES is
snakeoil is based on proven fact. Your claim that DNA can economically
factor numbers fast has yet to be demonstrated, and I challenge you to
prove otherwise with a straight face.

> Does that make certain other
> algorithms into snake-oil ?

Anything that is broken, like DES now is, and is still claimed by others to
be safe, and sold by them as such, is, in my book, snake-oil.


> At the heart of this is the idea that "strong" cryptography is a fixed and
> finite
> set over time and that a change in that set will result in a change in the
> policy restricting export.  It doesn't necessarily follow.

No, it doesn't follow, because that's not what I said. I said that because
it is now demonstrably trivial to break DES messages, especially DES
financial messages (the kind with *money* in them, for those in Loma
Linda), DES is now Snake Oil. Just like the Ceasar cipher.

>   Lobbying is
> necessary.

Lobbying is only necessary for those who want to use force to maintain
market share -- geographic, or otherwise. :-). Lobbying itself is the
profession of con men who use the threat of government force to extort
money from people who work, and give it to those who don't, in particular
said con men.

The only way to avoid government's propensity to dynasticize :-) is to
innovate faster than they can regulate. In Loma Linda, they call it
"progress", bunky. And, crypto has just progressed to such a point that
formerly presumed peekware like DES has just been proven to be such, and is
now, quite fairly, snake oil. Moore's law is not optional, At least in
DES's case.

Lobbying is not necessary if you change the world faster than they can
control it. Gilmore, et. al., just proved that.

Lobbying to change the "legal" keysize is a waste of time. Physics causes
economics, which causes law, which causes "policy". It's never the other
way around, regardless of the beltway's daydreams to the contrary.

> Perhaps all that happens is that DES now joins the crowd of exportable
> algorithms :-)

I would claim that, your disengenous ":-)" aside (yeah, I know, pot,
kettle, black), that any "exportable" algorithm is in fact snake oil. And
Gilmore just proved it.

> One lesson I plan to observe - don't encrypt known plaintext unless you
> have to !

Wha? Security through obscurity? How exactly can you encrypt a message you
don't know the contents of?

Oh. I get it. Statist humor. (Yeah, I know about blinding, I just hate
sophistry...)

Feh.

Cheers,
Bob Hettinga

-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The Philodox Symposium on Digital Bearer Transaction Settlement
  July 23-24, 1998: <http://www.philodox.com/symposiuminfo.html>