sblair@upurbmw.dell.com (Steve Blair) (01/07/91)
After much thought of the current discussion on encrypting/ "masking" your data, and the relative legalaties/lack thereof, I am interested to see how others feel a vendor's(s/w or h/w) responsibilities could well be in the case of a confiscated system would be. Consider this: -------------- You're doing something at your home/business/cave that is "illegal" (in the current law enforcement modes) and the feds/local police come and raid your place. Being a somewhat cautious person, you've acquired/purchased the RSA(or other algorithims) encryption schemes. As they bust down the door(not said for dramatics, but from the unfortunate realities of several folks) you punch a key on your keyboard, and the entire system(s) are now severely encrypted. You're hauled off to jail, processed, fingerprinted, arraignment bail hearing/posting of bond occurs. During this time, the law enforcement types now have all your equipment, as you discover upon returning home(and finding your place trashed(!!)). The authorities spend several days trying to get into your system to either substantiate what you've "allegedly" done. BUT, they're having *no* luck getting into your system. They then call the vendors(s) of all manuals/machines/cards/software found in your system(s), and ask for their help. What would be a vendor's responsibilities in this situation? 1) They say "we can't(and don't) know how to get into your system, and hang up. 2) They say that "unless you issue a court order for us to do this, we won't touch their system". 3) They say "sure, we'll help, but you'd better have a letter of immunity for us when we arrive, or we're not going to break into this system". 4) They say "tough luck fellow, figure it out on your own". It's rather unclear to myself, and others what would one do presented with the choices. Is it possible that the suspect could/would have possible grounds to sue the vendor(s) that cooperated in opened this system(s). Just a new thread to add to the fire... steve
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (01/11/91)
In article <1991Jan10.041906.27901@ddsw1.MCS.COM> karl@ddsw1.MCS.COM (Karl Denninger) writes: > A key is used to encipher each byte. After each byte is ciphered, the key > is permuted, and depending on the results of that permutation a random number > of bytes of "garbage" (random data) from 0-n is added to the output file. I assume you do this after compression so that the original data doesn't have any immediately noticeable redundancy. Then this system is secure if and only if the ``random number'' is cryptographically secure and the ``garbage'' is both random and independent of the key. I find the first assumption exceedingly unlikely. ---Dan
spm2d@newton.acc.Virginia.EDU (Steven P. Miale) (01/15/91)
In article <1991Jan10.041906.27901@ddsw1.MCS.COM> karl@ddsw1.MCS.COM (Karl Denninger) writes: >In article <13899@uudell.dell.com> sblair@upurbmw.dell.com (Steve Blair) writes: >I'd chuckle, giggle and snicker - and then give them the source to the >program. First and foremost, I doubt if even the best computer they have >right now would help, given that the user of the cryptosystem in question >used a reasonable key on the file(s) in question. Actually, I have another method a bit similar to the one you used: To each character in the file, a character from the password is added. Then, the number of times the encryption program has gone through the password is subtracted. Add to this the character number in the password, and XOR it with the CRC of the password. Makes for lots of fun. I'm not sure of the *actual* secureness of this algorithm, and I would be pleased if some of the code experts out there would tell me if it is actually secure or if it could be easily broken. My program accepts passwords of any length, and most of mine are over 20 characters... Steven Miale spm2d@virginia.edu
jmc@DEC-Lite.Stanford.EDU (John McCarthy) (01/15/91)
I'd use DES even if I believed NSA could break it. They wouldn't reveal an ability to break DES in order to help the Secret Service convict a two bit Sysop. On the other hand, if you're a spy, ask the Soviets for a suitable cipher.