A Conversation for Modern Cryptography - Methods and Uses

Cryptography legalities

Post 1

Caveman, Evil Unix Sysadmin, betting shop operative, and SuDoku addict (Its an odd mix, but someone has to do it)

It's probably true to say that if any given government allows the use of crptography product X, then it's a safe bet that they can decrypt messages sent using product X.

On that basis, it's fair to assume that that whatever cryptographic level you use can be trivially decrypted by you state's security services.

Anything freely available which cannot be decrypted by your state's security organisation is A) probably not permitted by national law (see France's attitude towards cryptography) or B) in use by your local unfriendly terrorist organisation.

So, should strong cryptography be criminalised? Given that a number of countries think so, the answer, from the 'free' west's perspective is a strong 'No'. Certain countires prohibit their populace from thinking for themselves, and cryptography allows them to do so without state interference. Where do you draw the line? It's widely said that one man's freedom fighter is another man's terrorist. What do you think?


Cryptography legalities

Post 2

Matthew G P Coe

"On that basis, it's fair to assume that that whatever cryptographic level you use can be trivially decrypted by [your] state's security services."
Unless you're talking about 128-bit PGP encryption and signing. Assuming you have a computer that can test ten trillion different keys a second, an encrypted message could take over one quadrillion millenia to decrypt... and putting together ten trillion operations in a second is hard enough.

"A) probably not permitted by national law"
PGP has only ever, historically, been restricted by standard US Weapons Tariffs.. no export to US-hostile nations and selected individuals.

"So, should strong cryptography be criminalised?"
Should sending registered, FedEx'd lettermail with a wax seal be criminalised? That's essentially tamperproof... if it is tampered, the delay that tampering would take would indicate tampering.


Cryptography legalities

Post 3

Caveman, Evil Unix Sysadmin, betting shop operative, and SuDoku addict (Its an odd mix, but someone has to do it)

"Unless you're talking about 128-bit PGP encryption and signing. Assuming you have a computer that can test ten trillion different keys a second, an encrypted message could take over one quadrillion millenia to decrypt... and putting together ten trillion operations in a second is hard enough."

Hold it right there.. Various shortcuts have recently appeared which may make brute force attacks like that a waste of time. Besides, I don't muck about with 128 bit keys. My main key is 1024 bit (4096bit subkey) keyid 0x22D0D220, for what its worth..

"PGP has only ever, historically, been restricted by standard US Weapons Tariffs.. no export to US-hostile nations and selected individuals."

GPG has no specific restrictions, but it's use in certain encryption-unfriendly countries, such as that bastion of liberty, France, may land you in deep trouble. The penalities may be several degrees of magnitude worse in countries with what the west might describe as 'oppressive regeimes' (if they weren't to scared of upsetting the chinese government, that is)

As for your comments on sealed letters, this has been covered before. If people had nothing to hide, banks would send out statements on postcards. Because email can be read by the administrator of any system through which it passes. There are things you don't want anyone else to read, and in the digital world, this requires encryption. Comments about delays caused by tampering are not relevant in this context (how long does it take to copy a megabyte of encrypted mail? The answer is about as long as it takes to transmit it)


Cryptography legalities

Post 4

Matthew G P Coe

You're right; PGP and GnuPG use really long keys...but SSL, the most prevalent use of crypto on the web, uses 128-bit session keys, as I recall. Workarounds are only useful on a clearly faulty algorithm.. but if you've figured out a way to short-cut calculating 100-digit primes, the crypto industry as a whole would like to hear about it so that they can create a more secure algorithm.

As far as the French government goes... considering the bizarre things that they've be doing lately, I can't say I'm surprised they're trying to outlaw civilian crypto.

Crypto isn't necessarily about having something to hide. It's about being able to decide who gets to see your communication -- or about proving that you were the one who sent it. You may not mind if your letter carrier knows how much money is in your bank account, but various unscrupulous people might be interested in that information -- and do you want them to have it? Crypto's all about keeping important information out of the wrong hands -- be it an identity theif, regarding your financial history, or your own government, regarding your conspiracy to treason. There are just some things you don't want certain people to know... and by using client-level crypto, like PGP and GnuPG, only the recipient can read it -- not even your ISP's Postmaster.


Key: Complain about this post

Write an Entry

"The Hitchhiker's Guide to the Galaxy is a wholly remarkable book. It has been compiled and recompiled many times and under many different editorships. It contains contributions from countless numbers of travellers and researchers."

Write an entry
Read more