Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel

Arrow Left Previous Page
Page / 2
Posted: 10/28/2001 2:53:55 PM EDT
[url]http://www.foxnews.com/story/0,2933,37203,00.html[/url]
Link Posted: 10/28/2001 3:03:34 PM EDT
[#1]
Can you imagine the FAT ASS pipe you would need to actually “Route ALL internet traffic for monitoring.”

LOL hello OC999999999999999999999999999999999999999999999999999999999999999999999999

With quantum megafluxor switches and a serial parallel neural net of Sun E90000s


Has the FBI has been hitting the bottle hard and not getting enough sleep again or is it just the tinfoil hat crowd?
Link Posted: 10/28/2001 3:11:12 PM EDT
[#2]
This can be easily defeated by the use of PGP etc.
Link Posted: 10/28/2001 3:15:17 PM EDT
[#3]
Quoted:
This can be easily defeated by the use of PGP etc.
View Quote


Yeah, right.  I hope you don't actually believe that?!?
Link Posted: 10/28/2001 3:21:13 PM EDT
[#4]
Lets see if Carnivore is still up and running [:D]

KilldeathmamepresidentnuclearbombrapemurderAnthrax
Bombknifeschoolkillpresidentmustdiehomemadepipebombs
Link Posted: 10/28/2001 3:27:13 PM EDT
[#5]
There is not enough bandwidth gateway or processing power available to pull it off. Take all of the operating equipment asset values combined of all of the ISP and telcos out there... add them up. WorldNet, Level3, UUNET, etc... There is no possible way to bottleneck it.

Additionally, this would ultimately create a national infrastructure security risk... the idea of a decentralized network was to eliminate a single point of failure for commsys. There are some joint chiefs who will not let their systems become this vulnerable (and if you know beltway politics, you understand what I mean by this).

I think that the megalomaniacs should give up the idea of trying to consolidate it all and use a distributed theory. Take the a NIMDA sort of worm approach to deploy a payload to everyone's machines and use their bandwidth and processing to search for things like suspected steganography binaries (encrypted picture files), etc... Have the worm simply ping a designated server if there is an alert. It would self-replicate and move on.

Hey, maybe they could cut a deal with Bill Gates to get access to one of the other known exploits still in the OS.

I don't agree with it and have plenty of security in place to combat it.

Link Posted: 10/28/2001 3:46:08 PM EDT
[#6]
Link Posted: 10/28/2001 3:57:54 PM EDT
[#7]
Quoted:
The combined bandwidth of the Internet is measured in many gigabits per second. They'd have to put companies like UUNet out of business but as long as they lay lots of big pipes have at it.

Don't use PGP it's secure so far but not old enough - still a puppy - look at triple DES instead as it's a well proven and test algorithm that hasn't been broken yet. Any message of a decent length would be unbreakable.

Nuclear solution, LSD, cocaine, death to all, Area 51, Anthrax, Carnivore.
View Quote


Paul, DES stands for Digital Encryption Standard. It was an algorithm invented specifically to have a ‘master key’. What that means is... Your local law enforcement can crack it quicker than you can say ‘fourth amendment’.  

I’ve got a better idea – DON’T BREAK THE LAW!!

I have to figure the FBI could give a fuck less about anything else.
Link Posted: 10/28/2001 4:01:34 PM EDT
[#8]
Sounds like someone is trying to make the sheeple feel better about things.

The original design of ARPANET was meant to survive a nuclear exchange. having to route traffic through one point, would defeat the original design of the internet, as well as be difficult to do. What are they going to do, reinvent protocol layering?

What a pipe dream.

Personally, I think the whole situation, anthrax in the mail and all, will be used as a model to convince people that there needs to be some "thought police". Someone is trying to convince us that the basic individual in society is unable to police himself, and that he must sacrifice his own privacy, so he can know he is safe from his neighbor.

It seems our "self indulgence" as a nation, has lead some down the path to believe that as long as he can indulge in what is "legal" that it is "right". But when those actions that are "legal" are actually morally wrong, something changes.

We live in very confusing times indeed.

_FS
Link Posted: 10/28/2001 4:09:56 PM EDT
[#9]
For those of you concerned about having a private conversation on the Internet. Look into something called a ‘one time pad’. The other option is a book code.

Either way – Just use it once and make sure the key isn’t publicly shared. (or even stored electronically)

For those of you thinking:
WHY DID HE JUST SAY THAT!!! NOW EVERY GD TER IN THE WORLD IS SAFE.
- They already knew about those two little tricks. Hell they were messing with stenography.
Link Posted: 10/28/2001 4:11:00 PM EDT
[#10]
Your local law enforcement can crack [DES] it quicker than you can say ‘fourth amendment’.
View Quote


I don't know when the standard was first publish for DES, but in 1981 I wrote an implementation of it based upon a government spec that was written in late 1980.  It's been around for a long-time, and no one has ever shown that it has a back door.

Back to the topic, the idea that someone could route all of the traffic through a few exchange points so that they could monitor it is ridiculous.  Most traffic stays on local or regional networks that never make it through, for example, MAE east or west.z
Link Posted: 10/28/2001 4:11:33 PM EDT
[#11]
Quoted:
Lets see if Carnivore is still up and running [:D]

KilldeathmamepresidentnuclearbombrapemurderAnthrax
Bombknifeschoolkillpresidentmustdiehomemadepipebombs
View Quote


Looks like it did!  Here's your black helicopter...  [img]http://www.stopstart.fsnet.co.uk/aircraft2/pavehawka.gif[/img]

[IMG]http://www.freakygamers.com/smilies/s/contrib/aahmed/smile.gif[/IMG]
Link Posted: 10/28/2001 4:18:04 PM EDT
[#12]
Zoom, DES is a ‘third solution array, algorithm’. What that means is… No matter what’s used for the ‘key seed’ there is a ‘shortcut solution’ built into the algorithm.  
Link Posted: 10/28/2001 4:25:25 PM EDT
[#13]
Hell, they can go ahead and monitor my traffic all they want. All they're gonna get is AR15.com, and websites featuring pics of cheerleaders with big tits.
Link Posted: 10/28/2001 4:25:41 PM EDT
[#14]
DES has been broken. I'm taking an e-commerce class and we discussed cryptology at the beginning of the semester
Link Posted: 10/28/2001 4:32:49 PM EDT
[#15]
They will use a connection half as big as it needs to be, so it will slow the entire net down for all of us.  Then some wise-ass computer geeks will launch some massive flood attacks and stall the net for every one of us.

Next thing ya know they will be limiting us to how much bandwidth we can use per day.  Boy, that will p*** off all the online gamers and power surfers.  What would be the point of high bandwidth connection then, so you could use up all your bandwidth in 5 minutes?
Link Posted: 10/28/2001 5:42:35 PM EDT
[#16]
Quoted:
Quoted:
This can be easily defeated by the use of PGP etc.
View Quote


Yeah, right.  I hope you don't actually believe that?!?
View Quote


I must laugh when I see these baseless assertions.  I'll bet the proof comes from "my brother's friend's cousin knows some guy whose great grandfather was related to edgar cayce who heard from some guy that they know it's easy to break, but they can't tell you how or what agency the supposed leak came from."

The whole argument against PGP across the board is plain old FUD.  Those who say they don't trust 7.x because the source isn't released, at least have a basis for their position.  Those who only use 2.3a, 2.6.2, 2.6.3i, or 5.0i also have their own tin foil hat conspiracy theories saying why that version is the safest to use.  The idea that one shouldn't use any encryption because the laws of physics do not conclusively prove that it can't be broken only serve to help those who want everything to be transmitted in plaintext.  Maybe the NSA has a massively parallel number sieve that can factor public keys.  Of course they do, the aliens gave them the technology.  However, even in the alien conspiracy theory, there's room for protecting your private communications from other humans who aren't working for the space aliens. [(:|)] [whacko]
Link Posted: 10/28/2001 6:35:27 PM EDT
[#17]
but weren't we just told on this board by one of our own that all the sweeping new changes that will be taking effect courtesy of the new anti-terrorism bill affected only the terrorists and wouldn't come close to violating any Constitutional amendments or natural rights???????????
Link Posted: 10/28/2001 6:44:41 PM EDT
[#18]
Quoted:
but weren't we just told on this board by one of our own that all the sweeping new changes that will be taking effect courtesy of the new anti-terrorism bill affected only the terrorists and wouldn't come close to violating any Constitutional amendments or natural rights???????????
View Quote


They cannot force a bandwidth provider to degrade the quality of their service to a client firm by bottlenecking the pipe. Most bandwidth providers are contractually bound to a service level agreement (SLA) with their client firms. Any willful disruption of service performance on their part would likely force the client to immediately sue in court for breach of contract. If the defendent claims that the feds forced them to do it, then the FBI will likely be sued for tortious interference of the performance of a contract. There is already liability provision in the new AT law to provide for civil suits.

The court system would be immediately flooded with civil actions by hundreds or countless companies... including my own.

The other issue is with identification of a suspected terrorist being named. The AT law requires a named suspect. They cannot invoke the law for the purpose of 'trolling' for possible offenders.

Stop freaking out over it. If you have an attorney friend, maybe you should buy them lunch or a beer to discuss these things. The attorneys that I know are chomping at the bit to get paid for these kinds of forthcoming actions.

There still is a system of checks & balances, and the polls will still be open Nov 6th.

Link Posted: 10/28/2001 6:51:38 PM EDT
[#19]
Link Posted: 10/28/2001 7:03:06 PM EDT
[#20]
DES has been broken. I'm taking an e-commerce class and we discussed cryptology at the beginning of the semester
View Quote


Where do these people come from, and why are they teaching classes?  The best advice when someone tells you a bold-face lie like that is to ask them to show you how.z
Link Posted: 10/28/2001 7:13:19 PM EDT
[#21]
Link Posted: 10/28/2001 7:28:11 PM EDT
[#22]
Single DES has been broken for years, if the attacker is willing to spend enough money. See [url]http://www.oreilly.com/catalog/crackdes/[/url].

"National Security Agency and FBI officials say our civil liberties must be curtailed because the government can't crack the security of DES to wiretap bad guys. But somehow a tiny nonprofit has designed and built a $200,000 machine that cracks DES in a week. Who's lying, and why? "

There's no reason not to use PGP with a sufficiently large key size, say 2048 bits. With that key size any likely sucessful attack is going to be a black bag job that taps your computer as you type in your pass phrase.

I strongly doubt that they're using triple DES on nuclear launch codes. We pay the NSA good money to come up with crypto systems, and I'd be ticked if they just downloaded some code from the net for all our hard-earned taxpayer dollars.
Link Posted: 10/28/2001 7:51:54 PM EDT
[#23]
Link Posted: 10/28/2001 8:12:40 PM EDT
[#24]
I haven't been following cryptography much since my school day, but last I heard 160-bit Blowfish and PGP w/ 2k-4k bits are both solid as hell.

And as far as monitoring the net, any kind of monitoring plan that is not in tune with the architecture of the target is doomed to fail. I don't know how is hell they can monitor a distributed network using a single access point. It's not possible -- they don't have enough MIPS! :)
Link Posted: 10/28/2001 8:18:33 PM EDT
[#25]
... yeah right, they can't even wipe there own asses now.
Link Posted: 10/28/2001 8:38:59 PM EDT
[#26]
I strongly doubt that they're using triple DES on nuclear launch codes.
View Quote


Your right. We use much better crypto systems for the launch codes and targeting data.

Navy, it's not just a job. It's an Indenture!
Link Posted: 10/28/2001 8:49:01 PM EDT
[#27]
I revel in the knowledge that my Government knows more about me than I do.
I don't worry about what "they" might do, 'cuz I'm sure it's already been done!!!
You're all secure in Big Brothers' arms, lowly Citizens!!!
[:D]
Link Posted: 10/28/2001 9:31:46 PM EDT
[#28]
Quoted:

Little known fact - the Teleban's web sight had an opening picture on the front page that though the image didn't change the bits changed every hour on the hour for weeks until the sight was hacked off the Internet. It's assumed that there were hidden crypto files in the picture.
View Quote


Hmmm.... interesting that the hacker in question was a russian crypto expert and the site got hacked on 9/13...

I have worked on this stuff heavily. It is a specialized area of crypto called stegonography. The technology was conceived from the craft of image watermarking originally designed for copyright protections. Stego uses the byte array for the color palette to encode non-color related data into the image. Since there are actually 4 bits per pixel, you can give one up without too much noticible degradation.

Right now AFRL (Air Force Research Lab) is trying to develop an algorithm to detect stego laced images across the web in mass. [url]http://www.wetstonetech.com/sdart.htm[/url] The problem is that they are looking at images only.

I have already successfully packed data into an MP3 file and a Shockwave movie file. Will probably have it packed into a MPEG movie file by the first of the year....

Good thing I use my superpowers for the forces of good huh?

Link Posted: 10/28/2001 9:34:41 PM EDT
[#29]
Quoted:
DES has been broken. I'm taking an e-commerce class and we discussed cryptology at the beginning of the semester
View Quote


Where do these people come from, and why are they teaching classes?  The best advice when someone tells you a bold-face lie like that is to ask them to show you how.z
View Quote


Look kid,
I do this shit for a living.  Straight poop- DES is based on an algo. called Lucifer developed by IBM. IBM incorporated it into the AIX crypt function when they licensed SysV from Bell.

Lucifer was originally a 112 bit factor based loosely(very) on another algo that a guy named Fiesel had been working on. When our people realized that factoring Lucifer (as it was) would take months of computer time (in 1972) they asked IBM for a favor.    

IBM said yes. Basically that favor cut the key length in half and incorporated something called ‘s’ boxes. These factor flags supposedly make the algorithm Swiss cheese to a person with the correct prime.

EFF brute forced 56 bit DES in ’98 with a single computer in less than three days.    

Still think I’m full of shit?
1) Why won’t the government types use 3DES?
2) Why are government contractors who work on SCI stuff forbidden to use it?
3) Why use 2 - 56 bit keys instead of one 112 bit key?(3DES)
4) Why is exporting DES based stuff OKEE DOKEE but IDEA is a no no?

Shit – you either believe me or think I forgot to renew my antipsychotic prescription at this point. [:)]

Link Posted: 10/28/2001 11:54:24 PM EDT
[#30]
No_Reflex_Zone wrote, "I do this s--- for a living ... with the correct prime."  What do prime numbers have to do with DES?  RSA public-key encryption uses prime numbers, not DES.  You called me a kid.  Now, back that statement up, and explain how prime numbers relate to breaking DES. :)

These [S-Boxes] factor flags supposedly make the algorithm Swiss cheese to a person with the correct prime.
View Quote


And, your source is?  I'm just a $6 per hour security guard, so you'll need to talk slowly, but I am smart enough not to accept any statement about encryption at face value.  Although I have spent time using both differential and linear analysis to look at DES, long before those two phrases were coined, I haven't finished high school, and I certainly don't have a college degree.  A war in Korea got in the way of my plans to go back to high school.  I always thought the 8 S-Boxes were added to thwart differential cryptanalysis.  According to one guy at IBM (ok, I don't remember the name), the NSA added just enough rounds, and no more, to prevent that.  Besides, the S-Boxes are only one step in the encryption.  Even if, they were selected to "swiss cheese" the encryption, the other steps in the encryption would partially thwart that.  Besides, no one has ever proven that they were added to weaken the algorithm, and from most things I've read (admittedly many years old) show the [i]exact[/i] opposite.

Trying all possible keys to find a solution does not mean that DES has been broken.  It might mean that it doesn't take long to brute-force a solution, but it does not mean that the algorithm has been mathematically broken.

A few weak keys have been discovered, because the key is split into two halves, and each half is shifted independently.  If all the bits in each half are either 0 or 1, then the key used for all of the cycles is the same.  I personally figured this out while debugging one of my programs in 1981.  I didn't know about the 1976 Hellmen paper describing that at the time, so I thought I had discovered something major.  Also, because the subkeys are XORed each round, the compliment of any text encrypted with the compliment of the key will become the compliment of the ciphertext.  This means for a known plaintext attack, you only have to try half of the keys.  While this is a very clever attack, it only weakens DES to one type of (limited) attack, but it is still not broken.

1) Why won’t the government types use 3DES?
View Quote


Now, we're getting into opinions.  My wife still uses 3DES at work, and according to their IT guy, according to FIPS, DES is no longer accepted for new products, but 3DES still is.  They're storing juvenile records, so they have an even higher standard than for classified materials.  It's acceptable for classified materials to have a risk of being broken after 5(?) years, but juvenile records must be protected indefinitely.  Strange, but true.

As to why the government doesn't accept DES in new products, I think it's the same reason we (the consumers) don't.  It's because stronger alternatives are cheap and easy.z
Link Posted: 10/29/2001 12:44:29 AM EDT
[#31]
Lucifer was originally a 112 bit factor based loosely(very) on another algo that a guy named Fiesel...
View Quote

Oops, forgot to address this paragraph.  It was Horst Feistel, not Fiesel.  My maternal grandmother's maiden name was Feistel, so I'm sure I have that correct.
Fiesel had been working on.
View Quote

Lucifer wasn't based on Fiestel's algorithm, it [i]was[/i] his algorithm.
When our people realized that factoring Lucifer (as it was) would take months of computer time (in 1972)
View Quote

It would be more correct to say that it took millennia of computer time, rather than months.  In practical terms at the time, there was no difference between 112 and 56 bits.
they asked IBM for a favor ... cut the key length in half ... [the NSA added] something called ‘s’ boxes.
View Quote

The NSA did not ask IBM to add S-boxes.  Lucifer already used S-boxes, and the DES candidate from IBM did before NBS asked for the NSA's input.  Yes, IBM did cut the key length in half, but DES is much stronger than Lucifer, despite the key length.  So, there's no reason to put on the proverbial tin hat.

I spent a lot of time about 20 years ago trying to figure-out if the algorithm had been weaken by looking at Lucifer, IBM's candidate standard, and DES (after the NSA's requested changes).  I thought by looking at how it changed, I could learn something.  I haven't found anything, and I haven't seen any proof from anyone else.  As much as I would have like to have shown "big brother" is spying on us, it hasn't worked-out.  I read 1984 about a month before first looking at DES, so I was completely paranoid about the government spying on us.  OK, so you used the word favor to describe what IBM did for the NSA.  How was it a favor?z
Link Posted: 10/29/2001 1:48:00 AM EDT
[#32]
Ah yes, Horst Feistel and his Feistel Network. That brings back memories.

Actually, it wouldn't be fair to describe the EFF machine as a computer. Sure, it [i]used[/i] a computer to control a bank of 1800 special-purpose chips designed to do nothing but test DES keys (90 billion/sec), but it's not something the average Joe could buy at Comp USA.
Link Posted: 10/29/2001 2:15:11 AM EDT
[#33]
While I'm sitting here with nothing better to do, I might as well reply again.  I'm in a jewelry store watching construction workers to make sure that they don't try to break into the vault.  Well, the vault is secure; my chair is leaning up against it.

Look kid,
...
3) Why use 2 - 56 bit keys instead of one 112 bit key?(3DES)
View Quote


OK, well this "kid" has your answer.

You sound paranoid that you use 2 (and optionally 3) keys to do 3DES encryption rather than a single double-length key.  You said you do this for a living, but this misunderstanding demonstrates an almost complete lack of knowledge of the DES algorithm.

I'll try to explain this clearly.  DES operates on 64-bit blocks with, as you know, 56-bit keys that are expanded to 64-bits by adding parity.  In order to work on larger blocks of data, each step of each of the 16 rounds would have to be modified.  Also, the expansion permutation, S-boxes and the P-boxes would have to be made larger.  The key to a good encryption algorithm is that any single bit changes, as many as possible, bits in the output, and this makes choosing these values as much of an art as a science.  The values in the permutations are carefully chosen, and making them larger would require that they be chosen again from scratch.  Also, when you choose larger patterns, it is harder to make them secure, because there is more room for mistakes.  Although, a longer block length would be nice, because as it stands now, it only takes 8 bytes worth of plaintext to do a plaintext attack.  In other words, if DES was made to operate on blocks larger than 64-bits, it would be an almost entirely new algorithm.  If an algorithm was chosen with any changes, then all of the software and hardware that used DES would have to be modified.  So, large practical reasons outweighed (small) technical ones.

So, how do you use two, or more, keys?  You use DES multiple times.  The simplest form is to use three keys:

ciphertext = encrypt(key1, encrypt(key2, encrypt(key3, plaintext)))

It's nice and easy.  To use only two keys (112-bit), you have to use one key twice.  3DES using two keys usually does encrypt, decrypt, then encrypt, aka EDE mode.  The form:

ciphertext = encrypt(key1, decrypt(key2, encrypt(key1, plaintext)))

Of course being paranoid, a few people originally guessed that the below:

encrypt(keyX, plaintext) = encrypt(key1, decrypt(key2, encrypt(key1, plaintext)))

was true, and that the NSA was tricking us into thinking that we were safe when we weren't.  In other words, the formula states that there is a single key that is equivalent to the three others.  I think it's been proven now that DES does not form a group code, so that isn't possible, and the formula is incorrect.  It definitely doesn't happen most of the time.  If it was true, then triple DES would be no better than single DES.

Is it clear now why you use two smaller keys rather than one larger key?  If not, then it's my fault, because I wasn't clear.z
Link Posted: 10/29/2001 2:43:43 AM EDT
[#34]
Feistel Networks.  That was something that had me stumped for a long-time when I was reading about encryption.  It is a beautiful concept, but everything I read about it at the time, while they explained the theory, never explained the reason it was important.  Basically, it is a way to use a function that doesn't have to be guaranteed to be reversible, to both encrypt and decrypt.  So, your encrypting function can be as complicated as you want, and you don't have to worry about undoing what it does when you decrypt.  Without knowing to use this concept when designing a nontrivial encryption algorithm, it's next impossible to create a function to decrypt.

The algorithm states that you divide your data into two halfs, run one half through any arbitrary function and XOR it with the other half, swap the halves, then repeat, you can undo it.z
Link Posted: 10/29/2001 7:50:44 AM EDT
[#35]
Quoted:
Don't use PGP it's secure so far but not old enough - still a puppy - look at triple DES instead as it's a well proven and test algorithm that hasn't been broken yet. Any message of a decent length would be unbreakable.
View Quote


I think this whole DES vs. PGP thing got off on the wrong foot, mostly because there is no real argument.  Why not?  Because PGP (or GPG if that's your thing) USES triple DES.  Or rather, you can choose to have PGP use triple DES or any other of a host of encryption algorithms.  

Therefore, in a sense, PGP = DES.

Viper Out
Link Posted: 10/29/2001 8:51:39 AM EDT
[#36]
The FBI wants to take over the internet in the name of law and order, we are living in different times now, anyone who opposes this idea must be one of those criminal-loving-liberals or dope-smoking-freedom-loving-libertarians. (terrorist sympathizers the both of them for not willing to give up things in the fight against terror)
Link Posted: 10/29/2001 9:00:22 AM EDT
[#37]

Quoted:
No_Reflex_Zone wrote, "I do this s--- for a living ... with the correct prime."  What do prime numbers have to do with DES?  RSA public-key encryption uses prime numbers, not DES.  You called me a kid.  Now, back that statement up, and explain how prime numbers relate to breaking DES. :)
View Quote


Esubk1 (Dsubk2 (Esubk1))
Where K1 and K2 are 56 bit primes.
Remember the clipper chip?

And, your source is?
View Quote

Guess.... naa I won't be that petty.
If you really know jack then you know a guy named Charlie Merritt.

Now, we're getting into opinions.
View Quote


 No it’s contractual MANDATE where I work.  Right down to loading another .dll for machine ident(kerb) and packet auth(ah).


As to why the government doesn't accept DES in new products, I think it's the same reason we (the consumers) don't.  It's because stronger alternatives are cheap and easy.z
View Quote

Ummm yea. I'm not talking about new products here. If you dig DESx cool.
Link Posted: 10/29/2001 9:02:42 AM EDT
[#38]
3DES and "pgp" (by which most people mean the RSA public key algorithm) actually address two different needs. 3DES is single-key, symetric encryption; RSA is two-key, public key encryption. RSA is vastly more useful for establishing connections across the internet, due to its public key nature. Symetric encryption is faster, though, so what usually happens is protocols use public key encryption to exchange symetric encryption keys.

RSA has been subjected to intense attack for a couple decades by some of the brightest minds in the crypto world, and some of the fastest and most numerous machines in the world. It's held up quite well.
Link Posted: 10/29/2001 9:19:46 AM EDT
[#39]
Well, I got to work this morning, and I had a pleasant surprise in an e-mail.  It's from a fellow ar-15.com reader from a nearby city offering me $$ if I can extract data from DES-encrypted memo fields in their FoxBase database (it's dBase-like).  They say they have the key.  I know that file format like the back of my own hand.  If they do have the correct key and the library got DES right, this should be easy money.  This will be enough to pay for a membership for a couple of years.  I had been feeling guilty for not paying my own way around here.z
Link Posted: 10/29/2001 9:30:45 AM EDT
[#40]
Quoted:
And, your source is?  I'm just a $6 per hour security guard, so you'll need to talk slowly, but I am smart enough not to accept any statement about encryption at face value.
View Quote


And after reading your replies, if you're a $6/hr security guard, you should really see about getting into another line of work.[:D]

As to why the government doesn't accept DES in new products, I think it's the same reason we (the consumers) don't.  It's because stronger alternatives are cheap and easy.z
View Quote


Probable because NIST has replaced DES with AES (Advanced Encryption Standard).  The Rijndael algorithm was chosen out of all the AES candidates last year, and is now the standard.  All new products should implement it.

God Bless Texas
Link Posted: 10/29/2001 9:32:17 AM EDT
[#41]
Quoted:
Ah yes, Horst Feistel and his Feistel Network. That brings back memories.

Actually, it wouldn't be fair to describe the EFF machine as a computer. Sure, it [i]used[/i] a computer to control a bank of 1800 special-purpose chips designed to do nothing but test DES keys (90 billion/sec), but it's not something the average Joe could buy at Comp USA.
View Quote


Exactly.  It had a pricetag of over $250,000.00 US.  I'm sure the NSA would have no problem building a few of them.

God Bless Texas
Link Posted: 10/29/2001 9:36:33 AM EDT
[#42]
Quoted:
Don't use PGP it's secure so far but not old enough - still a puppy - look at triple DES instead as it's a well proven and test algorithm that hasn't been broken yet. Any message of a decent length would be unbreakable.
View Quote


Paul, PGP has been around for a decent while now.  It's undergone independant code review (at least the open source versions), and other than problems with specific algorithms (like DES and some of the newer algorithms implemented by NAI in their closed-source version), the product as a whole has been proven relatively secure.

It's hard to compare an algorithm to an application that uses many.

Besides, as someone pointed out a while back in another thread, PGP is only useful if you're sure that your private key has not been compromised.  That's impossible to do, especially with the new powers provided the federal agencies in the war on terror.

God Bless Texas
Link Posted: 10/29/2001 9:48:52 AM EDT
[#43]
.rehpyced nac moc.51RA no elpoep ylnO  ...noitpyrcne tseb eht si sihT
Link Posted: 10/29/2001 9:54:01 AM EDT
[#44]
No_Reflex_Zone wrote:
Esubk1 (Dsubk2 (Esubk1))
Where K1 and K2 are 56 bit primes.
Remember the clipper chip?
View Quote


What does the clipper chip have to do with the S-boxes in DES?  The clipper chip uses a different encryption algorithm, skipjack.  Prime numbers are important for algorithms that use factoring.  DES does not.  What property of two keys, that are primes, used in EDE mode are you talking about?

[as a source for someone with proof that the choice of S-boxes weakened DES] a guy named Charlie Merritt
View Quote


I did a search on Google for "Charlie Merritt des nsa -pgp" (he was mentioned in some of the PGP docs, so I had to exclude them to end-up with a more usable number of matches), and none of the pages were relevant.  Again, what are you talking about when you say "the right prime" in relation to the S-boxes.z
Link Posted: 10/29/2001 10:54:09 AM EDT
[#45]
Quoted:
What does the clipper chip have to do with the S-boxes in DES?  The clipper chip uses a different encryption algorithm, skipjack.  Prime numbers are important for algorithms that use factoring.  DES does not.  What property of two keys, that are primes, used in EDE mode are you talking about?
View Quote


In 1996 I spoke with Mr. Merritt at a DECUS meet in Texas. The guy has worked with commercial cryptography since the Z80.  He and Phill Zimmermann had just lived through a massive lawsuit because PGP refused to use 40bit RC4 or DES.

His thinking on this matter ran along the lines of-
They want us to use DES because it’s broken.

He thought that the NSA had incorporated ‘S’ boxes in Lucifer to break it. Not with differential cryptanalysis or some number theory bugaboo but with a basic flaw in the algorithm that left it vulnerable to some supa seecrit mystery key.  

If you look at the export restrictions of the day, he had a valid point. The NSA obviously wanted weak encryption. Look at the approved algorithms

RC4
Skipjack
DES

When there was a demonstrated demand for stronger encryption … bang 3DES and it’s fine for export but you STILL could not sell anything using IDEA/Rivist. In his mind it was the equivalent of them saying “If you want to make money at this, you have to make it weak to our methods”.

Exact quote – “Look… a 56bit hash is a 56bit hash.. If you do it 43 times it’s still a 56bit hash.”

That’s where the Esubk1 (Dsubk2 (Esubk1)) quote came from. (I took notes [:)] ) That was five years ago and I was a Comp Sci student at Tech. Now I live in Colorado Springs and I’m a contractor for a company that just got a rather large DOD contract. I set up Remote Access/VPN stuff.

My company, in its infinite wisdom, tells me that 3DES is the wrong solution for some of our clients.
(2+2 == 4) You want me to sit here and break 3DES. LOL not bloody likely.

I’m just a systems guy with a little commonsense and an educated hunch. && It’s my day off [:)]
Link Posted: 10/29/2001 11:04:25 AM EDT
[#46]
Monitoring all Internet traffic is a pipe dream. It can't be done--there's just too damn much of it.  All they will ever be able to do is selectively monitor it.  I don't think the author of that article has the first clue about how may terabytes of information criss-cross the world each day.  

I laugh when I hear about the terrorists using strong encryption.  Their MO to date has been very low-tech.  That's not to say that they don't use such technology, but whether they do or they don't, if we are going to stop them we need good detectives and intelligence, not less privacy.
Link Posted: 10/29/2001 11:06:24 AM EDT
[#47]
There's a lot of talk of using infinite key lengths for standard xor encryption. In theory, this would be 100% impossible to break. These are made possible due to the fact that computers use a random number generator, "seed," to generate random numbers. This encryption be easily cracked; however, using multiple keys to generate an infinite length decryption key is an excellent method that may take months or years to crack. It's an excellent encryption method for time sensitive messages.

Ian
Link Posted: 10/29/2001 11:21:34 AM EDT
[#48]
Sorry I'm getting so far off topic, but I haven't ranted lately about work...

And after reading your replies, if you're a $6/hr security guard, you should really see about getting into another line of work.
View Quote

Easier said than done!  I tried to get a better technical job in the Army, but that's hard to do during a war, because everyone wants those jobs during a war.  After that, I taught music at a local girl's school (my wife didn't like that!), and later tutored calculus and physics at another college in town.  That was great work, because if you did your job well, the rich parents often tipped well.  Also, I got to sleep late, because the students never wanted to see me before lunch.  Next, I was a full-time professor at a different in-state college, but when they started to care about things like professors having degrees, I had my pay cut to below a level where I could afford to continue teaching.  Since then, I've taught on and off as a visiting professor.  If you think $6/hour is too little, you should see how insulting that pay is!  The next 20 years, I spent time between nearly unskilled textile jobs, electronics design jobs, and doing textile machine controls.  Then, the bottom fell-out of the technical field market around here about 1978.  There were simply no EE-related technical jobs available, and my old fallback job as a loom fixer was harder to find because of the downturn in textiles.  Since then, I've basically done contract work here and there when I could find it, but it gets old, very quickly, only getting paid 1/3 of the time.  The worst one was not getting paid for six months of work on a stripped-down version of TCP/IP I wrote for a (this was long before the DOS packet drivers became popular and before there was good documentation on TCP/IP) company that made terminals to go on cloth inspecting stations to map defects.  For some of the past 8 years, I've done work for several different small ISP's.  It was nice to be able to re-use some of my old UNIX, TCP/IP, and (to a lesser extent) C experience.  As local ISP's have become as uncommon as facts to a gun-grabber, I got stuck with much of my work unpaid, because they couldn't afford to pay me or they went out of business.  Over the past 35+ years, I've had a relationship with a publisher, and I've technically edited (wild-guess) about 80 books and reviewed several times that many drafts.  The pay for that is terrible per hour, but I have learned a lot, free books are nice, and it's nice to go in a bookstore, pick-up a book, and find something that I've written (even if I didn't get credit).  Now, while I'm stuck making next to nothing, I work for a great boss, I get to make my own hours, I usually get two free meals per day, and I can work as many hours per week as I can stand.  Also, it's given me time to write an accounting system so that we were finally able to get rid of Peachtree.  It's handling this business and four others that my boss owns.  Learning something new, accounting, has been fun, and seeing it work well, and have the approval of a local CPA firm, has been very satisfying.  Aside, I took a practise CPA test after I thought I knew a little about accounting.  In my life, I have never felt so wholly inadequate.  Finally, there's a lot of dead-time when I can check ar-15.com.

(cont)

Link Posted: 10/29/2001 11:22:22 AM EDT
[#49]
(cont)

I have looked for other jobs, but no one is willing to do more than interview someone my age for a technical job.  I interviewed with Intel in Columbia, SC in April, and the interview only lasted two minutes.  They took one look at me with my (what's left) white hair, and dismissed me as a possible job candidate.  That was frustrating, because the job was for something that I knew I could do, hardware verification.  My great-nephew's former roommate ended-up getting the job after he graduated from Clemson, so I'm not too upset I didn't get the job.  It's why I didn't that was insulting.  Also, for the past two months, I've been following-up on a possible offer from Anderson Consulting.  I have a very broad base of experience (everything from programming, to circuit design, to SQL, to UNIX, to TCP/IP networking, to machine controls, to some accounting), but to quote one of the interviewers, that while they're looking for someone older to fill-out a few teams, they really need someone that looks better in a suit.  Now, that's insulting.

The Rijndael algorithm was chosen out of all the AES candidates last year, and is now the standard. All new products should implement it.
View Quote

Thanks.  I haven't kept-up with current events in encryption in a long-time, so I didn't know that.  Most of the software my wife uses at work is a minimum of 10 years-old.  It's going to be a long-time before discussions about DES become out-dated, because of the installed base of hardware and software.z
Link Posted: 10/29/2001 11:35:13 AM EDT
[#50]
Arrow Left Previous Page
Page / 2
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top