Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!das-news.harvard.edu!noc.near.net!howland.reston.ans.net!wupost!gumby!yale!yale.edu!ira.uka.de!math.fu-berlin.de!ifmsun8.ifm.uni-hamburg.de!rzsun2.informatik.uni-hamburg.de!fbihh!bontchev
From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
Subject: Re: Once tapped, your code is no good any more.
Message-ID: <bontchev.735226636@fbihh>
Sender: news@informatik.uni-hamburg.de (Mr. News)
Reply-To: bontchev@fbihh.informatik.uni-hamburg.de
Organization: Virus Test Center, University of Hamburg
References: <tcmayC5M2xv.JEx@netcom.com> <1qpg8fINN982@dns1.NMSU.Edu> <115863@bu.edu> <strnlghtC5nrHw.1qB@netcom.com>
Distribution: na
Date: Mon, 19 Apr 1993 13:37:16 GMT
Lines: 99

strnlght@netcom.com (David Sternlight) writes:

> What follows is my opinion. It is not asserted to be "the truth" so no
> flames, please. 

It is incompetent, like almost anything you have posted here, so
you'll be flamed, sorry.

> It comes out of a background of 20 years as a senior
> corporate staff executive in two Fortune 50 companies.

%/$( your "20 years of background in two Fortune 50 companies"; I've
lived 30 years under a totalitarian regime, and boy, I *can* recognize
a totalitarian plot when I see one...

> I'd be happy to use a crypto system supplied by the NSA for business, if
> they told me it was more secure than DES, and in particular resistant to

I am sure that -you- would be happy to use anything "they" tell you is
secure; we're talking about the intelligent people here... Or the
criminal ones, if you don't like the previous sentence... :-) Or those
who don't want their privacy to be guaranteed to be invadable by the
government - any current and future government, mind you...

> I'd be happy to do so even with escrowed keys, provided I was happy about
> the bona fides of the escrow agencies (the Federal Reserve would certainly
> satisfy me, as would something set up by one of the big 8 accounting firms).

Even if you ignore the nonsense of the above statement for a moment,
and even if you are happy with such system and the current escrow
agencies NOW, what guarantees that you'll be happy with them TOMORROW,
when the government changes? Or when the current government throws
away the sheep skin? All the sheep who are reasoning like you will get
caught by surprise, but it will be too late, because then cryptography
that is not guaranteed to be breakable by the government will already
have been outlawed... After all, you've already got privacy that is
said to be breakable only by the law enforcement agencies, so if you
are law-abiding, you have no reasons to use a stronger one, right? So,
if you are using a stronger one, you have something to hide from the
law enforcement agencies, right? Something unlawful, right? Therefore,
strong crypto is a clear idndication that you are doing something
unlawful.

> I'd trust the NSA or the President if they stated there were no trap

Considering the level of competence in cryptology that you have
demonstrated in your messages, you would trust just anything... And
no, this is not an ad hominem attack; it's an attack against the
contents of your messages <grin>.

> doors--I'd be even happier if a committee of independent experts examined
> the thing under seal of secrecy and reported back that it was secure.

And how do you know that these experts are not corrupted? And how do
you know that they will not make a mistake? And how do you know that
the version of the algorithm they will be let to examine is the same
as the one that will be really used?

Regarding the mistake - even the few information "they" have let out
has revealed a serious security hole in the protocol - the 80-bit key
is split in two 40-bit ones, thus the whole system is easily
breakable, if you have only one of the keys.

> I'd trust something from the NSA long before I'd trust something from some
> Swiss or anybody Japanese.

The Swiss or the Japanese are motivated by simple greed; NSA is
motivated by their wish to control the people. That's why the drug
dealers have their accounts in Swiss banks, instead of in American
ones. For some reason, they do trust the Swiss banks more... Guess
they'll trust the Swiss encryption more too... I see IDEA becoming
suddenly popular... :-)

> This may seem surprising to some here, but I suggest most corporations would
> feel the same way. Most/many/some (pick one) corporations have an attitude
> that the NSA is part of our government and "we support our government", as
> one very famous CEO put it to me one day.

It's not surprising at all, but not because of the reason you give.
It's because it is obvious that the US government has put a lot of
money behind this program and it will support it. Thus, most
corporations will try to get their piece from the pie by supporting it
too. The same good old greed. Strong encryption is not widely
available now not because of some plot, but because the companies
don't see much money in it. It will be available even less, if the
companies can see any penalties associated with it...

> Just some perspective from another point of view.

Yeah, just as I predicted, you are here again, to support the new
system.

Regards,
Vesselin
-- 
Vesselin Vladimirov Bontchev          Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226      Fachbereich Informatik - AGN
< PGP 2.2 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de    D-2000 Hamburg 54, Germany
