home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud505b.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
5KB
|
92 lines
Date: Sun, 13 Dec 92 22:38 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 2--Encryption issues
ENCRYPTION ISSUES FOR THE NET COMMUNITY
by Michael E. Marotta, mercury@well.sf.ca.us, mercury@lcc.edu
Your use of privacy tools for telecom is defined by three issues.
(1) The Government wants to read all messages.
(2) Some networks prohibit encrypted messages.
(3) The weakest feature of a crytosystem is transporting the key.
These issues are broad. For example, the "government" is more than
Bill Clinton. Employers, spouses, parents and neighbors often display
severe cases of "Govern Mentality." Also, networks include
four-station LANs and the Internet itself. Needing to send encoded
messages to the person at the next desk is unusual.
(1) In 1976, the Department of Commerce issued requests for the Data
Encryption Standard and Data Encryption Algorithm and the original
entry from IBM was too hard for the NSA to crack. So, the current
64-bit system was adopted. Now the FBI wants telephone companies to
make digital signals tappable.
When the USA entered World War I, Woodrow Wilson (a liberal, a
Democrat and former president of Princeton) ordered the seizure of all
radio transmitters and receivers. Back in 1991, then-senator Albert
Gore and the Bush White House worked to create the legislation
enabling the National Research & Education Network. This
multi-gigabyte superhighway will eventually link thousands of
universities and hundreds of lesser networks. Starting in 1992, cable
TV operators are liable for the content of "wayne's world"
public-access programming. Prodigy and FidoNet are well-known for
their heavy handed rules.
Overall, if you want to send a secure message, you have to think
through all of the ramifications of your actions.
(2) Fidonet policy forbids encryption and allows the review of mail to
ensure that the system is not being used for "illegal" purposes.
FidoNet policies identify English as the "official" language and
FidoNet moderators often forbid ANY message not in English.
FidoNet policy severely defines "private netmail" pointing out
(reasonably enough) that you never know who a message is passed to as
it is routed.
These restrictions are not limited to FidoNet. Universities,
corporations, and government agencies have similar rules and there is
no single standard.
(3) The art of hiding a message is called "steganography." Back in
1978, I suggested using rock cassettes for TRS-80 data and ever since,
the FBI seizes music when they arrest hackers. Sooner or later,
though, you have to transmit the key. Ideally, you send the key in a
different manner than the message. This is not perfect.
Public keys eliminate the need for transporting the key. The RSA
Crytosystem is the best known public key cipher. It is not known to
be compromisable. (By contrast, the DES is known to have weaknesses.)
RSA was developed by Drs. Ronald Rivest, Adi Shamir and Lenard Adleman
when they were at MIT. Today, RSA Data Security, Inc., is at 100
Marine Parkway, Redwood City, CA 94066. The company has developed
several commercial products for Apple Macintosh and other systems.
This last development opens the door to widespread data security. As
Apple and others deliver encryption with their operating systems, no
rules or laws or policies can prevent the use of these tools.
In fact, there is a form of data encypherment that is widely
accepted -- even on Fidonet: compression. ARC, ZIP, PAK, LZH, SQZ,
you name it, there are many ways to shrink a file and all them turn
plaintext into gobbledegook. If you want to build your own
encypherment -- I mean, compression -- algorithm, a quick literature
search on Limpel-Ziv, Huffman, and Nyquist will point you in the right
direction. There are books on the subject, also. Be aware that as a
CIPHER, a compressor can be analyzed and deciphered.
My favorite method for sending secrets is the "Richelieu Grid."
You send a plaintext message and within this, by agreement, a running
set of letters creates a secret message. Edgar Allen Poe's
"Valentine" to St. Joan is a simple example.
The question is, "From whom are you keeping your secrets?" The
NSA? Forget it, unless you are the KGB. From your Mom? A=Z, B=Y,
C=X will work just fine!
* I am the author of THE CODE BOOK sold by Loompanics, P. O. Box 1197,
Port Townsend, WA 98368. Their catalog costs $5. *
Downloaded From P-80 International Information Systems 304-744-2253