LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: To Attacks' Toll Add a Programmer's Grief
From:	Mary Blanton <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sat, 22 Sep 2001 12:25:12 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (151 lines)
I would like to say a couple of things.  I am somewhat of an expert in
encryption.  I have utilized that knowledge mostly in the Retail Debit /
Credit market, implementing solutions that allow our Debit and Credit
transactions to be a little safer as they travel from those neat little
devices on the checkout stand at the grocery store through the cash register
to the bank.  (I have done embedded work on 2 of the three major brands of
Debit / Credit peripherals on the market and implemented POS solutions using
ALL of the major vendors.)

The ONLY encryption standard that is NOT reverse-engineerable is the DoD's
DES standard.  This little gem was dreamt up by a couple of mathmatical
geniuses at Bell Labs in the 1970's.  PGP, RSA, and the rest ARE
reverse-engineerable.  They all have patterns that can be exploited to crack
the key.  (And anyone that tells you otherwise is NOT telling the whole
truth.)

DoD's DES is NOT used by alot of people because the US Government has
restricted it's use by non-domentic markets.  As of a couple of years ago,
only 56 bit keys were allowed in software developed in this country that was
going to be exported outside the US and Canada.  (That included the
Internet.)  So, things like PGP HAD to be developed.

But, for the US Government, DES is still the standard.  It is used for
storing most goverment codes.  It is used for the storage of passwords on
computers, etc.  (The fact that the Unix Operating System and DEC's VMS
Operating System uses DES to store its Usernames and Passwords was why DoD
took over "ownership" of it.)  DES can be implemented above 64 bit keys that
make it a virtual impossability of the key being broken.  (I implemented 128
bit keys for the Canadian Debit / Credit network several years ago while
contracting with NCR.)  The "brute force" method is the ONLY way to crack
DES.

So, don't blame the people that developed PGP and its like.  DES used to be
much more available for use, until DoD took it over.  The standard is
publicly available.  However, if you use it in software in a way DoD and NSA
do NOT like, you ARE committing an act of treason.  (God help you now, in
light of what just happened.)  We need some sort of encryption to try and
keep our Internet transactions somewhat safe and secure and PGP was
developed toward that end.

Mary Blanton

Kelly Pierce wrote:

> The Washington Post
>
> To Attacks' Toll Add a Programmer's Grief
>
> By Ariana Eunjung Cha
> Washington Post Staff Writer
> Friday, September 21, 2001; Page E01
>
> The tears have come in the kitchen, the car and the shower, too.
>
> Like many Americans, Phil Zimmermann, a stocky, 47-year-old
> computer programmer, has been crying every day since last week's
> terrorist attacks. He has been overwhelmed with feelings of guilt.
>
> Zimmermann is the inventor of a computer program called Pretty Good
> Privacy, or PGP. He posted the tool for free on the Internet 10
> years ago; it was the first to allow ordinary people to encrypt
> messages so only those with a "key" could read them. No government
> or law enforcement agency has been able to get in.
>
> People warned Zimmermann back then that he could be putting
> powerful technology into the wrong hands. He knew that was
> theoretically possible, but he also knew that the program could do
> good: His work created a way for people in oppressed countries to
> communicate without fear of retribution.
>
> Now the government is investigating whether Zimmermann's technology
> or another scrambler was used by the hijackers to coordinate last
> week's attacks, and U.S. lawmakers are calling for new restrictions
> on the use and distribution of the technology.
>
> Zimmermann and other fathers of encryption say it may be too late,
> given that the technology has spread all over the world.
>
> In a telephone interview from his home in Burlingame, Calif.,
> Zimmermann said he doesn't regret posting the encryption program on
> the Internet. Yet he has trouble dealing with the reality that his
> software was likely used for evil.
>
> "The intellectual side of me is satisfied with the decision, but
> the pain that we all feel because of all the deaths mixes with
> this," he said. "It has been a horrific few days."
>
> Contributing to that is the hate e-mail he got Sunday night.
>
> It began, "Phil -- I hope you can sleep at night with the blood of
> 5,000 people on your hands." PGP has become a "weapon of war," the
> e-mail continued, leveling the playing field between powerful
> countries like the United States and "zealots."
>
> Zimmermann read the words over and over again the next day, trying
> to think of a way to respond. But in the end, the man who is known
> in the technology world for his rousing speeches and meticulous
> debates didn't know what to say.
>
> "He raises some points that many people are raising right now,
> namely that terrorists can use the technology," Zimmermann said
> quietly. "But it overlooks the strong need for good crypto."
>
> The open policy the United States has today toward encryption arose
> out of years of debate in the 1990s. Zimmermann was among the most
> prominent figures in the discussions, fighting against a government
> that threatened to jail him for posting his technologies online. He
> also launched a campaign to convince Congress to ease restrictions
> on exporting the technology to other countries. He won on both
> accounts.
>
> Zimmermann and other technologists now struggle with the Catch-22
> that encryption presents. If governments are given a backdoor or a
> master key to the encryption, as lawmakers like Sen. Judd Gregg
> (R-N.H.) have suggested, it would defeat the purpose of the
> technology.
>
> It would cause problems, for instance, for a rebel fighter in
> Kosovo, whose brother e-mailed Zimmermann to tell him the
> technology was being used to relay messages from command center to
> command center, eliminating the need for human couriers.
>
> Another encryption pioneer, Matt Blaze, said there are also
> practical reasons why the technology shouldn't be restricted. "I am
> extremely doubtful that this could be done without weakening
> computer systems, and the costs would be absolutely staggering,"
> said Blaze, a researcher at AT&T Labs.
>
> Then there are the civil liberties questions.
>
> "We should be careful not to make any rash decisions in the heat of
> the moment" that could have a negative impact on privacy, human
> rights and First Amendment freedoms for years to come, Zimmermann
> said.
>
> VICUG-L is the Visually Impaired Computer User Group List.
> To join or leave the list, send a message to
> [log in to unmask]  In the body of the message, simply type
> "subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
>  VICUG-L is archived on the World Wide Web at
> http://maelstrom.stjohns.edu/archives/vicug-l.html


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
ATOM RSS1 RSS2
LISTSERV.ICORS.ORG