Encryption Market Opening Up 72
MeriaDuck writes "Found this article on Cryptome,
the Clinton administration plans to announce next week that it
will permit U.S. software companies to sell their most sophisticated encryption systems to countries in the European Union without any licensing or review." Well its a start anyway.
A deadly blow to free software. (Score:1)
This new action actually makes it much harder for Free/OSS software to contain the same strong encryption that it blindly allows for commercial software.
This completely reverts the prior exception made for source code. It's really not good, and it's not supprising that Microsoft was the primary supporter of this new policy.
Re:This was predicted some time ago (Score:1)
It will clear away a lot of the bullshit about privacy, eliminate much of the romantic anarchist drivel, and allow us all to get on with establishing our real authenticated identities online.
Until then, of course, it's fun to diddle around with Anonymous Coward on this site.
Re:Fawking Moderators (Score:1)
It was a good moderation.
one Netscape version? (Score:1)
Alex Bischoff
---
Re:This was predicted some time ago (Score:2)
Encrypted poorly, however. GSM encryption was broken in 1998, quite easily. It seems the spooks got to the protocol designers. Check here [ee.duth.gr] for details. Further, the encryption is over-the-air only. Once on the land lines, the conversation can be tapped the usual way.
Don't let the word "encryption" lull you into a false sense of security.
...phil
This was predicted some time ago (Score:5)
that the government would slowly relinquish
control over crypto as more and more of a commercial market developed.
PGP was never much more than a curiosity -- no
one used it for large-scale commerce systems,
and most of the users could be pointed to by
the government as privacy nuts or criminals.
SSL, despite inherent weaknesses, has made
crypto essential in e-commerce. The e-commerce
lobby (sites, vendors, end-users) exposed the
masses to crypto, and now depends upon crypto.
When users started demanding 40 or 128bit crypto
to keep their credit card numbers secure, that's
when crypto became widely deployed.
The next step is building crypto into the very
fabric of the Internet, in IPsec, and then making
that a "checklist item" for purchasing decisions.
Once people are only willing to buy products with
security designed in, the government will have
little choice but to allow its widespread use and
export.
(I'm waiting for encrypted cellphones, like
those being designed by Starium [starium.com], to
be available...)
Re:Linux and encryption.. What I want. (Score:2)
This a good thing(tm) (Score:1)
Actually you miss the point (Score:2)
Some forms of encryption are good for discouraging casual novices. Some take a little time and are fine for short-lived secrets. Some will cause the NSA to blink. Some will last for a good while.
But the standard public-key encryption mechanism in use today will not survive the potential of quantum computers. So, for instance, digitally signed documents have a lifetime of a few decades before the signatures can be forged.
This is fine for credit card purchases. It may not be fine for some kinds of legal contracts.
Cheers,
Ben
crypto stuff (Score:3)
Re:Actually you miss the point (Score:2)
Quite correct, but as I understand it symmetric-key cyphers aren't really at risk, provided you go to 256 bit key lengths (quantum computing can theoretically search a 256 bit in the same time a conventional computer can do a 128 bit key).
Has anyone heard of any public-key cyphers that aren't easily crackable if a quantum computer is built?
Re:Actually you miss the point (Score:2)
Cracking good symmetric cyphers does not rely on factorization - the techniques for breaking them are quite different. A friend of mine who works on this stuff mentioned that quantum computers, if developed, would provide an algorithmic improvement for keyspace searches equivalent to halving the key length.
Therefore, if you use a 256-bit key for a good symmetric cypher, you're still pretty likely to be safe, even from a quantum computer.
"Software experts" don't think recursivelly (Score:2)
"Software experts said that although many new encryption systems cannot be broken, their U.S. makers are cooperating with federal law enforcement and intelligence agencies. Somewhere in the future, they said, are so-called quantum computers a billion times more powerful than existing home computers. These would be able to break the most sophisticated encryption systems available today."
Haven't the anonymous software experts thought that their quantum computers will also allow for the existence of encryption systems far more sophisticated than those in existence today? Or do they think we have already reached "the end of cryptograhpy" (in the same sense we had reached "the end of phisics" in 1890)?
This is not what they were talking about (Score:2)
Re:"Software experts" don't think recursivelly (Score:3)
But my point was altogether different. The so-called "software experts" were teorizing about the decryption possibilities of a future computer architecture without taking into account the encryption possibilities of the same architecture.
One branch of govt fighting the other (Score:1)
http://www.wired.com/news/p olitics/0,1283,37573,00.html [wired.com]
Each time one branch of the US govt wants to loosen up on the crypto regs, another branch starts complaining. Last time it was Janet Reno, and then Louis Freeh. Now the IRS.
Re:One branch of govt fighting the other (Score:1)
Whoops. I should have remembered that. Sigh.
Well anyway I hope my point still gets across- when any one of power in the Federal govt. makes a crypto announcement about wanting to loosen regs, and then they get a bunch of phone calls from other angry feds and the new proposed policies end up in the circular file.
Our silly crypto policies only hamstring US businesses from selling crypto products. It's not like the US is the only source of high end crypto products. When a foreign country wants to purchase crypto products they just go to some other foreign business. US businesses lose out.
Re:Yeah right. (Score:2)
Don't make the assumption that these people are stupid, they aren't. They are smarter than 95% of the public.
They are perfectly aware that the North Koreans, and whoever else is the bad guy of the month, can download and use strong cryptography from the Internet. They aren't worried about geeks running some obscure operating system like Linux or OpenBSD.
What they have successfully accomplished is preventing strong cryptography from becoming a transparent, easy-to-use component of commodity software like Outlook Express and Windows 98. They have also been extremely successful at keeping strong cryptography out of the standards for wireless telephones.
Ask yourself, what percentage of my email and telephone calls use strong cryptography?
Sets new precedence in world affairs? (Score:1)
Re:The devil is (still) in the details (Score:2)
No, I'm not kidding. However the purpose is because I expect the US government to continue to have some kind of bureaucracy involved in the exporting process. That's the nature of the beast. Ideally there should be none at all. Realistically I expect there to be some, and my suggestion is what form that should be. Sorry, I should have made that clearer.
Of course you're right, it can easily be circumvented. The point I was making was that if the government is going to require we do something to prevent export to those countries, they should allow us to do it in a way that does not impose on those who are not in those countries. For example I just recently downloaded SecureCRT [vandyke.com] and had to fill in a form attesting that I was located in the United States. I want to get rid of that process altogether. The government may not want to get rid of all processes, hence my suggested alternative.
In the long run, I expect that pro-business George W. Bush will become the next president, and these export restrictions will eventually evaporate. Even still, there will probably be some kind of restriction to those "hated" nations. I have no idea what they might be.
The devil is (still) in the details (Score:3)
Louis Freeh was never able to show that if the Unite States blocked all its encryption products from export, that this would result in terrorists being unable to get that encryption. His agenda was pure fantasy.
And these things are entirely possible to no less a degree even with a total ban on all export restrictions. But take a look and his reference to "fairly unsophisticated operators". That description sure sounds to me like it also fits script kiddies. With his logic, we should suspend free speech to stop such crime. Better yet, suspend the whole US Constitution. That is what many in the upper levels of law enforcement actually want.
Or, make new encryption systems which would have no hope of ever being broken.
If he acquired this technology by means of encryption exported from the USA, then it might give the FBI some level of credibility here. If he did, but could have just as easily acquired it from somewhere else, that credibility is just shot back down. In fact, he was actually in the United States, and could have easily acquired the technology domestically. The only argument the FBI could logically derive from these events is that all encryption must be suppressed by all governments, and a massive world wide search conducted to expunge every bit of it from every corporation and individual on the planet. And we know how easily they could accomplish that. They probably know, too, so I wonder what their real agenda was, other than to just stir up emotions.
It remains to be seen just what level of bureaucracy will be imposed on this export. The article says "sell". Does that mean we don't get to give it away (in reference to what is already legally free)? Just how much will we be required to put people through to let them download strong encryption software? Will we be able to contribute source code to crypto projects located outside the US?
I suggest that the State Department provide a list of IP addresses which they want download refused for, and no more than that. It should be possible to get the addresses connecting "Cuba, Iran, Iraq, North Korea and others considered America's foes". This is sufficiently practical to manage and can be smoothly automated. Any more than that and I will certainly see it as excessive government interference in the private sector.
Re:Linux and encryption.. What I want. (Score:2)
hah!! (Score:1)
really... (Score:3)
Who needs to sell encryption technology when we have OpenBSD [openbsd.org]?
Re:I Would Never Use U.S. Encryption Because... (Score:1)
Yepp, Swiss [crypto.ch] indeed.
Re:I Would Never Use U.S. Encryption Because... (Score:1)
What's the point of keeping some restrictions? (Score:1)
Even if we pretend for a moment that Cubans, say are drooling at the thought of getting their hands on that wonderful American crypto software, they can obviously buy it via Europe.
Even having realised they've lost they still want to play the same stupid game. These regulations are totally ineffective, it's going to be a complete waste of resources to even pretend to police them.
Re:Actually you miss the point (Score:1)
Thanks for taking the time to clarify this for me. Can you ask your friend for a reference on this? I am interested in reading more on the subject. Thanks.
Re:Actually you miss the point (Score:2)
I am unsure what you mean by this, since no actual quantum computer exists to make the comparison. Quantum factorization algorithms are known which have a different computational complexity than classical algorithms. In principle, if/when quantum computers become technically realizable then keys of any length could be factored with enough time.
Has anyone heard of any public-key cyphers that aren't easily crackable if a quantum computer is built?
A class of encryption methods that may be safe from attack by quantum techniques is elliptic curve cryptography. Much less is known about these algorithms, and (to my knowledge) no quantum attack on elliptic curve crypto has been discovered. This is not the same as saying that they are safe from quantum attack, but they have the possibility of being safer than methods that rely on the difficulty of factoring large numbers.
Re:I Would Never Use U.S. Encryption Because... (Score:1)
Oh yeah? What about the invention of public key/private key encryption at Bletchley Park which the UK government decided to sweep under the carpet for a few decades?
Linux and encryption.. What I want. (Score:3)
We've all heard of the nastiness with people snooping around our hard drives.. Since automated bootup's are important, I don't think it's practical to require a password JUST to decrypt stuff to start up the machine. Even if users can use encrypted loopback filesystems to encrypt stuff, there are other places where stuff can hide.
Here's what I'd like for linux:
Encrypted swap file. It doesn't get cleaned out regularily, there's no easy way TO clean it out, and it's something you can easily miss. As an alternative, clean it on boot and slowly overwrite unused pages. (Say, nuke one free page every X seconds.) Or encrypt and overwrite, to make things harder to backtrace.
Secure delete. Have the ability to secure-delete files, on a per-file or per-partitian basis. (I'd nominate '/var' for this.) Or, have a way to slowly run through free harddrive space and nuke anything sitting there. Best yet, have both.
Secure storage of old logfiles. Logfiles can be a goldmine, squid, httpd, mail, process accounting, lastlog, etc. You want to save them around, but you don't want anyone nosey to be able to look at them. How about secure deleting them and then running them through a user-chosen PGP key for storage, or making several different archival backups on different PGP key's. That way, I can keep the last week's logs on my pgp key, and secure-delete them after a week, while keeping the archival logs on a PGP key that isn't even physically located near the computer. (In a bank, or a friends house.)
Encrypted
None of these require a non-automatic bootup.
For semi-important stuff that you don't want people to look at easily (shell history, other history, email), you can store it in an automatically-generated encrypted file. Each file is encrypted with a seperate key. The inode stores the file-key XOR'ed with a user-key, a group-key, a root-key and an 'any-key'. Having a root-key on every file means that the contents can be compromised if root's password is compromised. This isn't much of a problem because any really important files can be in an encrypted partitian. Leaving it out doesn't buy you much either.
The group-key is stored in
This type of encryption is a good choice for something like ~/.bash_history, or ~/.ssh, or ~/.pgp. The 'any-key' is a the plaintext key, it exists if the file is readable to the public, It also must exist for any encrypted file that's required for bootup. (such file may be phsyically encrypted, but must be logically plaintext). All files are subject to normal access permission, and the above keys are altered appropriately and automatically on a chmod.
As we still want to retain automatic boot, some files must remain physically unencrypted, or logically unencrypted. (encrypted with a key, but a key that's stored unencrypted on the drive.) log files in
Unless I'm mistaken, the above, or a variant of the above won't prevent automatic booting. Also, it doesn't require anything extra from user-level code and it'll keep even very nosey people away.
Finally, you have encrypted filesystems. Real encrypted filesystems that are mounted manually by the user. These could be immune from everything but a hardware sniffer, or a root sniffer.
Personally, I can't wait to see some or all of these.. First priorty for me is encrypted swap file, secure deletion, and secure storeage of old logfiles. There is already a (hackish) implementation of encrypted filesystems. With that, you can hack an encrypted
Re:I Would Never Use U.S. Encryption Because... (Score:1)
Perhaps because you want some of the extra features only found in the commercial binaries? I like PGPDisk, and find it useful for large numbers of files. And really, it's the only option for my chosen platform (Macs) because I lack the programming skills to make the free code work on my platform, so I'm stuck with their version.
______________________
"A person is smart. People are dumb, panicky, dangerous animals and you know it!"
Re:Try going to pgpi.org (Score:1)
Unfortunately, 6.02 does not work with MacOS 9. You have to upgrade to 6.5.2 for a compatible version, and the freeware does not come with PGPDisk.
______________________
"A person is smart. People are dumb, panicky, dangerous animals and you know it!"
Re:Moot, Ha! (Score:1)
Kevin Mitnic(sp?)
The Govt. probably decrypted it, found it contained nothing or could not find anything useful, and now to make everyone think they cannot decrypt stuff is keeping the machine on some flimsy idea of protecting the public...
This assumes the govt has some intelegence, er ummm, never mind. What he said.
a bit off topic but.... (Score:1)
Every five seconds they are coming out with "easier" ways to find criminals and put them in jail. What happened to the old days with Columbo, where they actually did some investigating to solve a crime?
The way I see it now is that the FBI just sits back and lets some snoopy program they wrote bring the criminals to them, which in my view is a tad bit unfair to us the tax payers. They write some program that not only does all the work for them, but even violates our privacy.
Here is what I propose... as the FBI comes out with more and more restrictions and snooping programs, we take away more and more funding from them, since they won't need it to operate, since they have computers doing all the work. That way anytime somebody says "I don't like [insert name here]" they can just get a warrant, which will be approved in 30 seconds with some new eWarrant.gov web page since that would be "easier", and then just send a few agents to the house and arrest them.
On a seperate note, doesn't anyone realize it's all about measures and counter-measures? We will always find a way to bypass their bull shit spying. But on the other hand they will always find a way to get past whatever we put up.
Re:This was predicted some time ago (Score:3)
The real place that cryptography has been left out has been the Voice-over-IP telephony world. The de facto standard H.323 doesn't do it, though some of the newer protocols like SIP and MGCP provide hooks or full mechanisms for it, and most of the proprietary Internet telephony programs don't appear to support it either. This means that we're building an easily wiretapped infrastructure for international calls, and starting to build one for US domestic calls as well (and at least in the UK, wiretapping ISPs is easier legally than wiretapping telephones.) On the other hand, H.323 is somewhat of a lowest-common-denominator protocol, and the newer protocols will probably be adopted because of increased functionality; until then we'll need to get IP telephony services to adopt IPSEC.
IPSEC is still only marginally ready for prime time, but capabilities and compatibility of free [freeswan.org] and commercial implementations are improving, and there's substantial business demand pulling them. The automotive industry ANX network [anxo.com] jumpstarted it, but the cost advantages of dial internet compared to running your own modem pools are one of the big drivers, and for some industries, the ability to use the internet instead of private frame or ATM networks for corporate traffic is also a big economic win, though that's more dependent on communication patterns.
I suspect end-to-end encryption for cellphones will be a small niche market for a long time, as opposed to encrypting the airlink from the phone to the cell site. What may change it is the obvious interconnection between voice over IP and cellphones merging into internet telephony to the cellphone. Cellphones already digitize and compress voice, which is one of the hard parts, but cellphones take a telephony-centered view of mobile connectivity which will take some work to merge with the still-evolving mobile IP technology. The obvious first level of integration is gateways between the cellphone carriers and the internet voice carriers, which makes it easy to still charge by the minute for cellphones. In countries that use handiphone service (mostly Asia - it's the "you can use the phone anywhere but we don't switch cells, so you can't move very far" dumb cheap technology), it wouldn't be too hard to integrate a handiphone base station with DSL so anybody could run their own microcell and get their cut of the cellphone charges, which has viral marketing possibilities that are harder to implement in a usable-while-moving true cellular system.
Re:Linux and encryption.. What I want. (Score:2)
it overwrites the data on the HD in addition to unlinking the inode. However, I beleive if one were extremely dedicated, it would sometimes be possible to recover such data.
Re:Moot, Ha! (Score:1)
Fawking Moderators (Score:1)
Re:Fawking Moderators (Score:3)
Scene: Linux Expo, Andover Booth, Rob and the gang are playing Diablo 2 on their win2k boxes.
Rob"Guys, go to tux screensaver here comes some SlashBots!!!"
All hit their hotkeys. Up comes Joe Slashbot, With a CD full of Slashcode, looking for an autograph.
Joe"Hey guys, uhh remember me? I uhh, like posted that +5 insigtful comment about why Microsoft will never be as cool as Linux?"
Rob"Yeah sure right uh huh."
Joe"Yeah my karma is up over thirty now, and I have the +1 bonus!! Now everyone can see what I right!!
Rob and company nod and smile, and begin to crack jokes as the Slashbot wanders off. Once he is safely out of range Rob goes back to checking his E*Trade account, and the rest go right back to Diablo 2.
End Scene
Re:One branch of govt fighting the other (Score:2)
Each time one branch of the US govt wants to loosen up on the crypto regs, another branch starts complaining. Last time it was Janet Reno, and then Louis Freeh. Now the IRS.
Minor detail, but there are only three branches of the federal government, the Executive, Congress and the Judiciary. The IRS, DoJ (Reno) and the FBI (Freeh) all are part of the Executive, they can't countermand what the top Exec. says. (They can try to influence his decisions, but that's it.)
Re:Moot (Score:1)
Remember how the British let the germans bomb London in order to keep this kind of knowlege from the enemy?
No...I cannot expect the NSA/FBI/CIA to give such knowledge away just so Janet Reno can put another notch on her belt.
Try going to pgpi.org (Score:2)
I Would Never Use U.S. Encryption Because... (Score:3)
Granted, there are a few noteworthy cases of the U.S. tainting foreign crypto vendors, like the Crypto AG fiasco in which the Swiss(?) firm inserted a back door which allowed the U.S. access to messages encrypted with their very, very expensive hardware crypto devices. But I'd still trust a European vendor over an American one, though these days the important thing is having access to the source code.
For example, why use a PGP binary provided by Network Associates when you could either download the full-strength PGPi version from overseas, or better yet if you actually know your code you could dload the source and compile it yourself. Getting a binary from an American company just adds one more layer of uncertainty to the mix.
My favorite product for disk encryption is a perfect example. There are many American companies which offer encryption utilities, but why use one of those when I can download Scramdisk from www.scramdisk.clara.net along with the source code? It isn't GPL, but the source is still available for inspection and for personal use. Scramdisk comes from Britain, whose own crypto regulations are getting insane, but still Britain doesn't have the same long tradition of sabotaging their own domestically produced crypto products, as well as international ones, that the U.S. does.
Buying U.S. crypto, unless you have access to the source code and the skills to verify it, is just asking for trouble.
Re:This was predicted some time ago (Score:1)
those being designed by Starium, to
be available...)
I already have an encrypted cellphone. It uses a protocol called GSM, of which the voice AND authorization data streams are BOTH encrypted.
Thank you.
--
Re:This was predicted some time ago (Score:1)
GSM security has yet to be broken over-the-air.
--
5th amendment (probably) doesn't apply (Score:2)
Oh yeah, tricky stuff like "My passphrase is 'I killed Jane Doe' so I can't be forced to divulge it" won't fly in court. Judges don't think that kind of thing is cute at all. If you refuse to obey a Judge's order, you can be held in Contempt of Court indefinitely. However, after a few years the Judge might release you if he believes there isn't a reasonable chance of you coughing up the keys. If the alternative is a mandatory-minimum 25 year or more sentence resulting from the newly discovered evidence, it might be a worthwhile strategy.
It's important to use perfect forward secrecy whenever possible. In perfect forward secrecy, the private/public key pair is not used to encrypt the session key, but only to authenticate it. The session key is then emphemeral and never stored. That means later recovery of the private key will not allow the attacker to decrypt previously recorded communication (only conduct future man-in-the-middle attacks and other authentication based attacks). Of course, this is not terribly useful for stored data. That's why you should store your sensitive data in your brain, or Sealand [havenco.com], where it is out of reach of the court.
Burris
Re:This was predicted some time ago (Score:1)
Try GSM. It's heavily encrypted and in use all over the world. It's been cracked, but the encryption is very hard to crack so your phonecalls are mostly safe.
Yeah right. (Score:1)
They already did (Score:1)
Re:Linux and encryption.. What I want. (Score:1)
Did you hear... (Score:1)
About the three guys (I think it was three..) Who got tattoos of some relatively confidential encryption codes. They weren't allowed to leave the country.
I dont know their names, but I think it was about 2 years ago. Anyway, just thought that was amusing/interesting, and is a pretty good example of why I hate America. Not that I needed any more.
the right timing (Score:1)
So tapping and screening email with very advanced and sophisticated software taking certain priorities for certain adresses is a thing that is very easy and done, of course, by the NSA in American interest (again both security and economical).
Now most of the standard email software (think MS, think Outlook, think Eudora, Netware...) comes from the US. Without an export ban encryption would have been a standard feature included in any mail programm by now. This would pose a very big problem for that kind of extensive searching. Since the whole American Industry benefits from encryption not being a standard tool, the feds just made a simple equation: Hurt the software industry a little and let the domestic encryption industry fall behind, but let the rest of the industry benefit from extensive industrial espionage (which is very important in High Tech, but also in all other sectors). As long as there are at least some people out there not encrypting what they think is not really valuable the equation goes against lifting any ban. I guess by now there are enough foreign agencies doing the same thing and therefore balancing the (Israel for example) equation and even though encrytion hasent gone mouseclick yet enough people use it for anything that might be considered to be of any value that making encrytion software standard is the right choice. I dont think this sounds paranoid, but feel free to make up your own mind about it. Since most of you are working for the High Tech industry that all might not be relevant any more since competitors from outside the US probabely use very strong encryption or dont send anything over the Internet any more.
Re:Moot (Score:1)
Re:Moot (Score:1)
You mean they already know what's on it, that's it's incriminating, but don't want to reveal that they have the ability to crack the code? Maybe, but it seems far-fetched. If that were true, they'd know the guy could never turn the key over to them, and that their using the computer as leverage would be ineffective. In which case, their only options are either to forget about using the computer contents or reveal that they've broken the code. The fact that they're not letting the matter drop makes me believe that they haven't cracked the code and desperately want what's on that computer.
Re:Moot, Ha! (Score:1)
Re:Moot (Score:2)
Not true. There's an ongoing case (sorry, forget who) where the U.S. government won't return a computer they seized because the guy encrypted his hard disk and won't give them the key. They want to make sure it doesn't contain 'harmful' material. As I recall, one of the arguments his attorney was going to make was that forcing him to divulge this info in order to recover his property would violate his constitutional protection against self-incrimination. Don't know if this will fly, but my point is, if they can decrypt everything, why haven't they in his case? They clearly think he's hiding something prosecutable, so they have a great incentive to bring all their powers to bear.
Re:The devil is (still) in the details (Score:1)
I couldn't agree more.
I suggest that the State Department provide a list of IP addresses which they want download refused for, and no more than that. It should be possible to get the addresses connecting "Cuba, Iran, Iraq, North Korea and others considered America's foes". This is sufficiently practical to manage and can be smoothly automated. Any more than that and I will certainly see it as excessive government interference in the private sector.
You're kidding, right? I hope so. Your first paragraph stated that any terrorist can easily gain access to encryption software through alternative channels, or even from within the US itself (it isn't hard to visit the US with the sole intention of blowing up the World Trade Center).
Then you casually describe a process that is sufficiently practical to manage and can be smoothly automated. Yeah, right. "Government" and "smoothly automated" should never go together. And even if our government is as capable as you feel it is, to then maintain a list of IP addresses that are from "problem" countries is impossible. And even if it was possible and feasable, it could be easily circumvented:
There is no real solution. Imposing zone-type laws on the Internet will not work in the long run. The Internet was not designed with security as the foremost thought. Reliability and more importantly a de-centralized topology were the goals.
That's not to say it will never happen.. I'm saying, don't hold your breath.
We want these other countries to have control? (Score:1)
It's akin to selling nuclear weapons to Hussein ("Buy five, get the sixth free"). Let them build their own encryption schemes if they want. (Or let them figure out how to use PGP with 4000-bit keys).
Besides, any college comp-sci student can put together their own encryption scheme. Hell, my project this semester was to put together a 256-bit scheme of DES (piece of cake...) Are we saying that there aren't hackers out there in other countries that can't do that? They have to buy our schemes?
Hogwash.
White people (Score:1)
In the future, the USA will probably not be the best country on the planet. And at that time people will be saying:
- Americans used to think that only they had a right to encryption. What arrogant bastards.
- Americans arrogantly continued to use the illogical lbs-feet-fahrenheit system while the rest of the world went metric. What arrogant bastards.
- Americans
Politics much? (Score:1)
Tech folk who vote for Republicans or laze out on voting have only themselves to blame. I wish they would just stop whining about it as this topic is starting to become very tiresome.
Re:Moot, Ha! (Score:1)
Re:"Software experts" don't think recursivelly (Score:1)
Quantum computers can facilitate perfectly secure communications (even key exchange) with man-in-the-middle detection via polarized light.
Some basic information on quantum computers is available at this link [bangor.ac.uk].
Basically, quantum computers could be good at cracking rsa encryption because of their exponentially smaller time-space requirements in searching for a factorization. Here is Shor's famous paper on the subject. [arxiv.org].
Quantum computers are not just "faster" computers, they are a different beast altogether. Sometimes, they may act as infinitely parallel devices, and for other operations, they may be totally worthless.
---
Re:"Software experts" don't think recursivelly (Score:1)
In fact, that bit that starts out "Somewhere in the future.." doesn't even make sense in the context of the rest of the article.
And besides, I believe there are classical algorithms that are just as hard to break via quantum algorithms as by classical methods.
I think we would see quantum computing coming from a long ways away and the industry would migrate to a less susceptible protocol fairly quickly. Besides which, at first, I doubt it would be very cheap to own or operate, I don't think too many people are concerned if the NSA happens to see their credit card number from their last Amazon.com order. Unless, of course, the NSA becomes desperately short on funds.
---
Re:What's the point of keeping some restrictions? (Score:1)
I seem to remember that our friends north of the border trade pretty freely with the Cubans.
- just another cosmic ray --
Re:MP3 Players legitimize stolen goods (Score:1)
Re:FESTERING WOUNDS OPENING UP (Score:1)
---
Re:Jeez (Score:1)
---
Re:That's great, but... (Score:1)
---
Re:The Big Conspiracy (Score:1)
---
Everyone knows... (Score:1)
---
Re:"Software experts" don't think recursivelly (Score:1)
---