Thanks for the response No_Reflex_Zone.  I didn't mean to give you too hard of a time about your post.  You were playing a little fast and lose with your terminology (primes, keys, and DES?), but I should have realized, you were working on a quick-and-dirty post to a non-technical site.  You mentioned the idea that prime numbers as keys has something to do with the (in)security of DES.  I took what you posted literally, and it was baffling to me.  I thought that if that was correct, I'd learn something.  I guess there was nothing too that idea, but I was excited about the prospect of learning.

"supa seecrit mystery key."

Considering banks use DES as a standard, I'm not too worried about that.  The government would have had to stepped-in to stop that if such a huge hole existed.  That's my theory, anyway.  Of course, maybe the government cares more about breaking the messages of foreign nationals than they do the security of their own citizens and infrastructure.

“Look… a 56bit hash is a 56bit hash.. If you do it 43 times it’s still a 56bit hash.”

Yes, because, as I mentioned early, you still only need 8 bytes of data to perform a plain-text attack.  It's much easier to guess 8 bytes of the (2^64 combinations of plaintext) text than 16 bytes with a 128-bit key.z

No problem asking.  I like to answer this question, because I know there are more people out there that would like the chance to teach, but don't have the paper degree.  I should write a how-to article on this...

When I taught full-time, it was at a black college in the 60's.  They were happy to get anyone that knew the material, regardless of any other detail.  Simply telling the dean that I had successfully tutored at Wofford (a "rich" white school), and demonstrating I knew the material (both physics and calculus) to a professor by scoring a near perfect on each of the class's final exams, was enough for them.  Now, the world is a different place, and thankfully, black colleges have an easier time finding instructors.

How to get a job now?  I've reviewed a lot of books over the years for a publisher.  If you make intelligent comments about the material, and contact the professor later, you will get help.  Usually, the publishers try to keep the authors in the dark about who wrote a review, but you can work around that.  It's not as hard as it sounds, because textbooks are so large, even a neophyte can find things to fix in an unfinished draft if they look hard enough.  So, talk to a publisher about reviewing drafts.  The job pays next to nothing, but it's an easy-in with a professor.  This was how I landed a job teaching, the best class I have ever had or taught(!), a microprocessor interfacing course.  I did the tedious work of hooking-up circuits to test every single one of the circuits in the draft text book, and made a tremendous number of corrections to both the schematics and the text.  It wasn't that I knew that much more than the professor (not at all!), but that I went to the trouble of trying it out.  When I asked if I could teach the class, the professor went to bat for me without even asking about my education.

Another good method to get a job teaching, is to find-out what classes the professors don't want to teach or what classes don't have a professor scheduled to teach.  If it's near (or after, from what I've seen at Clemson!) the beginning of the semester, and the class doesn't have a professor, then you have a chance.  I got to teach a linear algebra class, because there was, literally, no one else that wanted it.  The school was going to cancel the class, and leave seven poor students out in the cold.  I've gotten to teach a few EE classes, because I found-out that it was after the first class meeting, and there wasn't an official instructor yet.  If you find a professor that doesn't want to teach a class, you can get help getting onboard to teach.

Finally, if you're dead-set on teaching, but can't land a job at a college, tech schools are a great fallback.  Most have many more classes that they'd like to offer than they can find teachers.  I've never taught at one, but I still get a call a few times per year from three different tech schools.  None have asked "what degrees do you have?"  Instead, they ask "are you willing to teach this?"z

The FBI Has been smoking some of that Tijuana Gold. Centralize the Internet ?

I guess Oracle would jump on board that.

[list=1]
[*]Install Millions Of New Hi Capacity Fiber Optic Lines[/*]
[*]Unless they run the lines, each would cost in excess of $100,000/month.[/*]
[*]There are 250+ Million Americans. Not To Mention 6+ Billion People Worldwide.[/*]
[*]If Every American Needed 1.5 Mbps Capacity, America would need a Central Point Capable of handling 375 Terabits/Second. OC-768 couldn't even handle that.[/*]
[*]If 4.5 Billion computers worldwide needed 1.5 Mbps, a central point would have to handle 6,750 Terabits/Second[/*]
[/list=1]

Think about it.

To implement a Star Topology (Not Extended Star), the FBI would have to run a line from every computer direct to the FBI.  Billions of lines at many thousands of dollars each would cost American many Trillions of Dollars. Add the cost of operating and mantaining a national if not worldwide network infrastructure and the cost would be astonomical. I mean well in excess of the National Debt of even the GDP of every country on earth combined. This isn't fiscally possible.

Now let's assume the FBI would have to run a line from every home to the FBI.

4.5 Billion Lines @ $5,000 = $22.5 Trillion
9 Billion Routers @ $2,000 = $18 Trillion
Mantaining Lines @ $1,000 = $54 Trillion/yr.
Mantaining Routers @ $500 = $27 Trillion/yr.
Costs To Buy Out The ISPs = I Don't Have A Friggin Clue
Personell To Man The System @ 1 Admin Per 100 Systems = $5 Trillion/yr.

Now add in those extra little costs and the initial rollout would cost $500+ Trillion. Plus, $100+ Trillion per year to mantain a centralized network monitored 24/7 by the FBI.

Um, now what was the Budget for the next 10 years ?

Any encrypted message can be cracked through brute force.  But that possibility is irrelevant unless a message can be cracked in a short enough time that the information in the message is still useful.

Check this out:

[url]http://www.distributed.net[/url]

On the RC5-64 demonstration project tens of thousands of computers have been trying for YEARS to crack a single message with 64-bit encryption.  The message is supposedly a short, simple sentence.  The total computing power involved is orders of magnitude greater than that available to the entire federal government.

PGP, when used properly, is very robust encryption.

That is simply not true.  Banks use DES to encrypt transmissions between automated teller machines and central computers, and I used to be a systems analyst for a bank.  I know about DES.

In a typical commercial implementation of DES there are two keys - an "A" key to encrypt and a "B" key to decrypt.  The B key cannot be deduced from the A key and vice-versa.  There is no "master key" in DES.

Our beloved state senator Feinswine supported mandating use of a "key escrow" scheme - in which there would be a master key under government "control" - to be required for all data transmissions on the Internet.  Many civil libertarians who hadn't already dumped her over gun control issues ran from Diane like an angry mob heading for the castle on the mountain.

DES is actually a single-key crypto system. You're thinking of public-key crypto systems, which are a different animal. Typically you use a public key system to exchange the secret key of a single-key crypto system, which is used for the actual data communication. Single-key algoritms are much faster.

A good example of this process is the SSL protocol, which is used for secure web transactions (https). See the description of SSL at [url]http://developer.netscape.com/tech/security/ssl/howitworks.html[/url].

See [url]http://www.tropsoft.com/strongenc/des.html[/url] for a description of the DES algorithm. You can use DES or triple DES as the symmetric crypto system for which you are exchanging keys in the initial setup portion of SSL. But most people use other algorithms.

you people crack me up.  or i've got to start using the smartass icon more often.  i was referring to another thread in which we were told that the all-encompassing new anti-terrorism bill was not a threat to our rights.  i can so see the FBI, federal government, anyone else trying to use that same bill to monitor all internet activity (regardless of the feasibility of doing so at this point in time) in the name of catching the terrorists.

sarcasm.  pure sarcasm.  that's all it was.  [:)]

I can dig it... but I was just clarifying the implications of trying to funnel the traffic through their own network. I agree that any of it could be used to abuse power... but the again the law is abused every day with probable cause searches by bad cops, etc... We have to have faith in the system and VOTE VOTE VOTE VOTE VOTE VOTE VOTE VOTE VOTE next Tuesday and EVERY 1st Tuesday in November. I sure appreciate the fact that at least I have a non-violent opportunity to voice my concerns at the polls. It's the best system in the world so far and we have to keep it that way by exercising our right to choose our representation.

But remember, VOTING is only one part. Actually getting out and active in politics is another. Maybe if more of us got off our butts and got involved... instead of relying on the other guy to do it... we would be happier with the state of the state.

PGP and the FBI (NSA)

A year ago there was the Scarfo case where the FBI used a device to track keystrokes on a suspected organized crime member and get some passwords from him.  I couldn't find the original article I read, but here's one article on it:

[url]http://inq.philly.com/content/inquirer/2000/12/04/front_page/JMOB04.htm[/url]

The articles I've read on it focus on how the FBI needed a warrant to do what they did, etc.  But I thought that how the FBI treated the PGP ecrypted material was even more telling:

* the FBI had encrypted material from Scarfo
* the FBI tried to crack it, but couldn't

First, the FBI [b]tried[/b] to crack it. Why?  Have they had success at cracking such PGP encryptions before?  It is true, that people can improperly use PGP, and make their own usage of it insecure.

Also, the FBI failed to crack it.  Proving that it is possible for PGP to work.

Couldn't the FBI just walk it over to the NSA and get it cracked?  Or perhaps the FBI didn't have the legal means *cough*, inside political clout or a strong enough reason to use some high-speed NSA computers at the time.

We may not know the latter, but it appears that currently, PGP encryption can be somewhat secure.




"Big dogs barking, can't fly without umbrella."

DK-Prof, your welcome.  I just noticed your e-mail address.  Washington University!  I would have been nervous had I noticed I was replying to someone associated with a school with such an almost unequaled Internet history.  I can remember when if something wasn't on a server at MIT, Waterloo, or Washington U, it probably wasn't important.

I audited (well, really just showed-up with the professor's permission) a class on telecommunications at Clemson that was taught by a professor visiting from Washington University.  He was a level above other instructors I've had before.  I learned more concepts in that class than I think I have in any other class I've had.  We went over the basics of Bisync, DLC, (some) SNA, and in depth into many different shared media access protocols (like ALOHA and CSMA).  It gave me a solid background in networking that I later needed for other projects.  While I might have not made enough off of that type of work to survive, I was able to get the job done.  I can not remember the professor's name.  I think he coined the phrase, "everything that is now sent through the air will in the future be sent through a wire, and vise versa."  If you think about how television and phones have changed in the past twenty years, you'll realize that the guy was right.  Do you have any idea as to his name?  I've been trying to remember that for years, and I feel bad that I can't remember it, because he taught me so much.  Thanks.z

wow, maybe my NSA math scholarship application won't look so hopeless afterall. So they want to spy on everybody, that means they need mathematicians right?

It's not impossible to crack PGP. For example, most implementations have a "key ring" on which private keys are kept. If you get the private keys, you've cracked the system.

The key rings are themselves encrypted. You usually need to supply a pass phrase to decrypt the key ring so you can access the private keys. The algorithm they use to encrypt the keys is (probably) secure, but if you select a poor pass phrase they can still do a dictionary attack on your key ring.

In the Scarfo case, I think he was using his father's federal prison inmate number as the pass phrase. They found this out later after having tapped his computer to capture keystrokes. Other people probably use their girlfriend's name or their own name for a pass phrase.

pfffft...even "if" they could pull it off.  Who are they to dictate standards to us.  I'm betting (hoping) they'll get laughed outta every ISP in the country.  

Change the architecture of the Internet, indeed...

I swear...every beaurocratic government schmuck with an agenda is coming out of the wood work.