Here's a chat I had with a friend regarding the last question to homework 1. It's certainly a matter of opinion, and I didn't give poor grades simply because you chose to support the proposition. But here are some brain droppings to give you some idea of what I think about it.
Here's something about that statement on atoms doing crypto.
A 128-bit keyspace (2128 keys) would be exhausted instantly.
- 1. The universe is 15 Gigayears old, or roughly 1017 seconds.
- 2. There are 1079 atoms in the universe.
- 3. Each atom in the universe can check one key per second.
A 256-bit keyspace would be exhausted in 10 milliseconds.
A 320-bit keyspace would be exhausted in the current age of the universe.
A 512-bit keyspace would be exhausted in 1058 universe-ages.
Some Guy (10:05:32 PM): no no, i mean.. what is the meaning to what you
KirbysDL (10:05:50 PM): i'm against both escrow and banning strong crypto
Some Guy (10:06:07 PM): oooooh, right
Some Guy (10:06:13 PM): i don't see why not
Some Guy (10:06:32 PM): of course i write the answer out of personal
reasons, not out of fact
KirbysDL (10:06:33 PM): can you be specific? what don't you see?
KirbysDL (10:06:40 PM): hmm
KirbysDL (10:06:49 PM): your personal reasons aren't based on fact?
Some Guy (10:07:19 PM): they're based on facts that i know of, but there are
facts that i don't know of also
Some Guy (10:07:26 PM): my resources are then, limited
KirbysDL (10:07:55 PM): you mean you based your response on what you knew at
the time of writing, which may be limited
Some Guy (10:08:17 PM): yup... and out of pure logical reasoning
Some Guy (10:08:42 PM): honestly, what is there that the gov doesn't not
know about you..
Some Guy (10:08:48 PM): you can't hide from them
Some Guy (10:08:55 PM): does not
Some Guy (10:09:02 PM): not 'doesn't not'
Some Guy (10:09:45 PM): and from a personal standpoint of someone
working for the DoD, it's dangerous when you don't know what's
coming out of your country
KirbysDL (10:10:18 PM): it MAY be true that the government can find out a lot
about me. that doesn't lessen the requirement and the right of we, as US citizens,
to have privacy and private communications free from snooping
Some Guy (10:10:53 PM): i don't see how gov has any play in this
KirbysDL (10:11:09 PM): ok so it's dangerous when you don't know what's coming
out of your country. my point is that it's a losing battle that a ban on strong crypto
will not help win
KirbysDL (10:11:14 PM): exactly
KirbysDL (10:11:23 PM): strong crypto is there, like it or not
KirbysDL (10:11:27 PM): it's not for the govt to decide anymore
Some Guy (10:11:44 PM): i think that's wrong
KirbysDL (10:11:57 PM): why?
Some Guy (10:12:06 PM): anything the gov can't decipher can be labeled as
KirbysDL (10:12:13 PM): fine. label it. then what?
Some Guy (10:12:26 PM): trace it, where is it going?
Some Guy (10:12:36 PM): why must there such an encryption?
Some Guy (10:12:44 PM): will it danger our country?
Some Guy (10:12:49 PM): these are questions that should be asked
KirbysDL (10:13:20 PM): what you said about tracing seems to be following an
example of the use of strong encryption, but then you ask broader questions
Some Guy (10:13:23 PM): if the gov has the capability to find everything
about me.. why must i hide from them..
Some Guy (10:13:31 PM): unless i'm doing something bad..
KirbysDL (10:13:48 PM): that is falsely assuming that the government is completely
KirbysDL (10:14:15 PM): you know, you probably ARE doing something that the
government would call bad
Some Guy (10:14:30 PM): what, mp3s?
Some Guy (10:14:33 PM): gov doesn't care about that
Some Guy (10:14:38 PM): that's not the job of the dod
KirbysDL (10:14:45 PM): most likely, thouhg I wouldn't assume this for everyone,
your mp3s and cracked games go against copyright law and the DMCA. you are
BREAKING us laws
KirbysDL (10:14:57 PM): well hold on. the govt is the govt
Some Guy (10:15:27 PM): no no... there's a difference between breaking the
law, and endangering the nation
Some Guy (10:15:48 PM): and national safety is probably higher in priority
Some Guy (10:16:44 PM): do you care if the gov knows the credit card
number you're transferring from your computer to amazon.com? i
don't.. what are they gonna do with it?
Some Guy (10:17:31 PM): i rather them know that secret messages are
coming from arizona to iraq, AND know that the gov is on top of that
KirbysDL (10:17:43 PM): so you argue that, for example, terrorists are using strong
crypto to plan to bomb the US. you would also argue that if a law were passed to
ban such strong crypto, then all of the sudden the terrorists would abide by those
laws? that their communications become more transparent?
Some Guy (10:18:02 PM): yup
KirbysDL (10:18:16 PM): well i'm not convinced
Some Guy (10:18:33 PM): personally, i don't think terrorists would abide by
KirbysDL (10:18:34 PM): if i'm going to bomb your country, why would i abide by
Some Guy (10:18:43 PM): and that's what makes the encryption suspiciouis
Some Guy (10:19:16 PM): everyone in the country is abiding by the laws, why
is this particular group not? ... this raises a threat
KirbysDL (10:19:26 PM): then you're assuming that the government has the
resources to monitor all the bandwidth going across the country, and they can
distinguish strong crypto binary streams from others
KirbysDL (10:19:55 PM): consider stegonography and other hidden communication
KirbysDL (10:20:02 PM): strong crypto use does not have to be open
Some Guy (10:21:10 PM): i do consider that, and there's no telling what kind
of communication that happens... but seriously, wouldn't you sleep
happier if you knew the gov had the ability to decipher everything that
was relaying from inside to outside the country?
KirbysDL (10:21:23 PM): absolutely not
Some Guy (10:21:39 PM): even if there's so much traffic that the gov can't
catch all at once, but they had the ability not to
Some Guy (10:21:39 PM): ability to
KirbysDL (10:21:59 PM): if there's too much traffic, then they DON"T have the ability
KirbysDL (10:22:11 PM): who cares if the govt finds out 6 months after the attack?
Some Guy (10:22:24 PM): it's evidence!
Some Guy (10:22:55 PM): i think as of now, the US still doesn't know who's
responsible for the terrorist attack
Some Guy (10:23:01 PM): they're only making a good guess
Some Guy (10:23:49 PM): name one reason why the gov knowing is bad
KirbysDL (10:24:07 PM): the point of such a law, as your original argument stated,
was to protect national security. pointing a finger after the fact does NOT increase
national security. only the prevention of an attack really helps
Some Guy (10:24:56 PM): national security is not just prevention, it
encompasses a whole lot, and one of those is having evidence to
KirbysDL (10:26:20 PM): if all strong ciphers were banned, (1) it would break the
fourth amendment (2) it would stifle cryptographic research in the US and push
research outside the US (3) it would not prevent criminals from using it anyways (4)
it would also enable OTHER entities with cryptanalysis power comparable to the US
govt to break our ciphers
KirbysDL (10:28:24 PM): aren't you aware that already, the DMCA is stifling
cryptographic research? SCIENCE is impeded because of this badly written,
KirbysDL (10:28:55 PM): people in the US are afraid of publishing research. people
outside of the US are afraid of setting foot on US soil due to their research. this is
not a good thing
Some Guy (10:29:42 PM): (1) first of all, admendments are subjects to
change, through corollaries and other such (2) you might have a point,
but i hardly think it would stop the gov from doing cryptographic
research, and besides, the point of banning it was so information
doesn't flow outwards, (3) yes, criminals wouldn't stop using it, BUT
now it gives the gov a way of detecting what's foreign
Some Guy (10:30:23 PM): the reason why people don't wanna do research in
the US is soley for monetary reasons, but for the sake of our country,
think beyond that.. we're talking about national security
KirbysDL (10:30:28 PM): so you'd give away the bill of rights for this supposed
security that cannot be proven?
KirbysDL (10:30:59 PM): we ARE indeed talking about national security but I'm not
convinced by your arguments that a ban on strong crypto would help us here
KirbysDL (10:32:02 PM): you still haven't told me how you'll (where you=US govt) be
able to distinguish strongly enciphered data from other data
Some Guy (10:32:22 PM): try to decipher them
KirbysDL (10:32:23 PM): and even when you do, i'll start hiding it on images and
send them out of IRC, ebay, geocities, etc.etc.
KirbysDL (10:32:27 PM): ok
Some Guy (10:32:28 PM): doesn't have to be all of them
KirbysDL (10:32:40 PM): so you'll try to decipher every stream of binary data that
goes out over the US
KirbysDL (10:32:47 PM): and why not?
Some Guy (10:33:02 PM): doesn't have to be all of them because it's not
KirbysDL (10:33:15 PM): exactly... as i said, it's an impossible task
Some Guy (10:33:20 PM): BUT
KirbysDL (10:33:48 PM): and if you can intelligently prune off people who's data you
do not need to monitor, then you have a priori knowledge, and with that you can
surviel them through other means
Some Guy (10:34:16 PM): i think you're missing the point to my argument
KirbysDL (10:34:21 PM): clearly =P
Some Guy (10:35:22 PM): okay, first off, you must keep an open mind here
Some Guy (10:36:07 PM): tell me, how does gov knowledge of crypto
algorithms invade privacy laws?
KirbysDL (10:36:27 PM): well i'm not trying to twist your words around to make
them mean something you didn't intend. beyond that, i admit i have an opinion that
you have so far not changed through your arguments
Some Guy (10:36:47 PM): well same goes the other way
KirbysDL (10:36:53 PM): ok
KirbysDL (10:37:13 PM): The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and seizures, shall not
be violated, and no Warrants shall issue, but upon probable cause, supported by
Oath or affirmation, and particularly describing the place to be searched, and the
persons or things to be seized.
KirbysDL (10:37:19 PM): that is the text of the fourth amendment
KirbysDL (10:37:45 PM): it states, in plain english, that the government has no right
snooping around any of my possessions, e.g. my data, without a warrant
Some Guy (10:38:18 PM): and if you were a terrorist, you would also be
granted those rights correct?
KirbysDL (10:38:20 PM): you must realize that there ARE legal ways for the govt to
access strongly encrypted data
Some Guy (10:39:04 PM): i'm sure there are, but those are not the ways
terrorists are using to relay messages
KirbysDL (10:40:07 PM): a terrorist is someone who commits a crime. an alleged
terrorist may be anyone... there is simply some suspicion that he is conspiring to
commit a crime. he is, until proven guilty, just like any other US citizen (let's
confine our discussion to citizens) and like other citizens, he is protected by the bill
KirbysDL (10:41:05 PM): a terrorist, after he is proven guilty, most likely will not be
given the fourth amendment right to privacy
Some Guy (10:42:33 PM): i'm sending a letter to france about my cs170
project, now i know that i have the right to my privacy.. but what do i
care if the gov knows???
Some Guy (10:43:00 PM): do you know what the people are saying in the
Some Guy (10:43:12 PM): it's a lot of hassle, but it's def. worth the security
Some Guy (10:43:24 PM): that's searching through their bags and luggages
KirbysDL (10:43:43 PM): the right to privacy must be absolute. without that, there
is no privacy. if a single person breaks your privacy, he could tell others, be bribed,
tortured, etc. there is a risk. privacy must be as absolute as possible or else it is
Some Guy (10:44:22 PM): and you don't think the tradeoff is worth it?
Some Guy (10:45:07 PM): you know what i'm imagining?
KirbysDL (10:45:26 PM): nope. the government ALWAYS wants to take away
liberties. it ALWAYS does so in the purported interest of such things as the
security of the nation and its citizens. it is almost NEVER able to prove the
security. but once lost, freedoms are nearly impossible to regain
KirbysDL (10:45:31 PM): go ahead
Some Guy (10:46:27 PM): a huge gigantic parallel machine deciphering data
all day and night, flagging key words, such and such... a letter about me
cheating on a test, stealing a car, grand larceny, though they're huge
offenses, i don't think the DoD will give a rat's ass
Some Guy (10:47:01 PM): you know what they will be suspicious about? the
Some Guy (10:47:05 PM): kill
Some Guy (10:47:10 PM): US
KirbysDL (10:47:59 PM): are you aware of the statement that to break the strongest
of today's ciphers, you would need to have every atom in the universe be a computer
capable of testing one key per second, and you would still need more than the age
of the universe to break the cipher?
KirbysDL (10:48:27 PM): now given that criminals aren't going to stop using strong
ciphers anyway, i would claim that this computer won't help you
Some Guy (10:48:41 PM): yes i am aware of that, and if the gov knew the
algorithm, it would make their job a lot easier
KirbysDL (10:48:49 PM): oooh intersting point
KirbysDL (10:49:03 PM): are you aware that EVERY strong cipher currently in wide
public use has a published algorithm?
Some Guy (10:49:22 PM): AND registered keys?
KirbysDL (10:49:22 PM): that BY DEFINITION a cipher without a publshed algorithm
is thought of as insecure?
KirbysDL (10:49:33 PM): we weren't talking about registered keys...
KirbysDL (10:49:55 PM): you said the govt knew the algorithm, not the key
Some Guy (10:50:11 PM): it's part of the question isn't it?
KirbysDL (10:50:42 PM): that's a part i didn't want to get into because i have several
more tirades on the subject. i take it neither of us has convinced the other on part a
of the question? =P
Some Guy (10:50:55 PM): heh
KirbysDL (10:51:05 PM): well hold on
Some Guy (10:51:13 PM): i think we have different perspectives
Some Guy (10:51:17 PM): strong perspectives
KirbysDL (10:51:26 PM): i think you agree that to have strong ciphers outlawed
does, in some way, reduce your right to privacy, regardless of any other issues of
KirbysDL (10:51:34 PM): right?
Some Guy (10:51:46 PM): i agree
Some Guy (10:52:07 PM): it's a defnite tradeoff for sure
KirbysDL (10:52:34 PM): would you also agree that there will always be a way for
me to hide encrypted data such that unless you know you have to watch me
already, you will not be able to distinguish my data from others' data?
KirbysDL (10:53:33 PM): cause yeah you can argue the tradeoff either way... that's
a matter of personal opinion. some people value their privacy less ... this is clear
KirbysDL (10:54:21 PM): i link to that for statistics, not necessarily for their
Some Guy (10:54:25 PM): i also agree with your second statement, but only
to a point
KirbysDL (10:55:18 PM): i think i'm satisfied then =P
Some Guy (10:56:09 PM): you have to understand a point i'm making... i want
to ban strong encryption not to argue that i'll be safe, i want to ban it
arguing that i'll be safer
Some Guy (10:57:20 PM): saying that my computer is safe while connecting
to the internet is a bunch of bullshit.. but if i knew of some knowledge of
the attack.. i know i'm safer
KirbysDL (10:57:24 PM): certainly. absolute security cannot be proven. the best
you can hope for is a marginal increase in security. our fundamental disagreement
then, is how much safer a ban on strong crypto will make us
Some Guy (10:57:59 PM): and how much safer is something i can't give a
Some Guy (10:58:11 PM): but ideally, i can picture it
KirbysDL (10:58:21 PM): yes, there is clearly an ideal case
KirbysDL (10:59:53 PM): hmm i should be finishing grading papers =P