Here's a chat I had with a friend regarding the last question to homework 1. It's certainly a matter of opinion, and I didn't give poor grades simply because you chose to support the proposition. But here are some brain droppings to give you some idea of what I think about it.

Here's something about that statement on atoms doing crypto.

Assumptions:

1. The universe is 15 Gigayears old, or roughly 10¹⁷ seconds.

2. There are 10⁷⁹ atoms in the universe.

3. Each atom in the universe can check one key per second.

A 128-bit keyspace (2¹²⁸ keys) would be exhausted instantly.
A 256-bit keyspace would be exhausted in 10 milliseconds.
A 320-bit keyspace would be exhausted in the current age of the universe.
A 512-bit keyspace would be exhausted in 10⁵⁸ universe-ages.

---

Some Guy (10:05:32 PM): no no, i mean.. what is the meaning to what you said?
KirbysDL (10:05:50 PM): i'm against both escrow and banning strong crypto
Some Guy (10:06:07 PM): oooooh, right
Some Guy (10:06:13 PM): i don't see why not
Some Guy (10:06:32 PM): of course i write the answer out of personal reasons, not out of fact
KirbysDL (10:06:33 PM): can you be specific? what don't you see?
KirbysDL (10:06:40 PM): hmm
KirbysDL (10:06:49 PM): your personal reasons aren't based on fact?
Some Guy (10:07:19 PM): they're based on facts that i know of, but there are facts that i don't know of also
Some Guy (10:07:26 PM): my resources are then, limited
KirbysDL (10:07:55 PM): you mean you based your response on what you knew at the time of writing, which may be limited
Some Guy (10:08:17 PM): yup... and out of pure logical reasoning
Some Guy (10:08:42 PM): honestly, what is there that the gov doesn't not know about you..
Some Guy (10:08:48 PM): you can't hide from them
Some Guy (10:08:55 PM): does not
Some Guy (10:09:02 PM): not 'doesn't not'
Some Guy (10:09:45 PM): and from a personal standpoint of someone working for the DoD, it's dangerous when you don't know what's coming out of your country
KirbysDL (10:10:18 PM): it MAY be true that the government can find out a lot about me. that doesn't lessen the requirement and the right of we, as US citizens, to have privacy and private communications free from snooping
Some Guy (10:10:53 PM): i don't see how gov has any play in this
KirbysDL (10:11:09 PM): ok so it's dangerous when you don't know what's coming out of your country. my point is that it's a losing battle that a ban on strong crypto will not help win
KirbysDL (10:11:14 PM): exactly
KirbysDL (10:11:23 PM): strong crypto is there, like it or not
KirbysDL (10:11:27 PM): it's not for the govt to decide anymore
Some Guy (10:11:44 PM): i think that's wrong
KirbysDL (10:11:57 PM): why?
Some Guy (10:12:06 PM): anything the gov can't decipher can be labeled as dangerous
KirbysDL (10:12:13 PM): fine. label it. then what?
Some Guy (10:12:26 PM): trace it, where is it going?
Some Guy (10:12:36 PM): why must there such an encryption?
Some Guy (10:12:44 PM): will it danger our country?
Some Guy (10:12:49 PM): these are questions that should be asked
KirbysDL (10:13:20 PM): what you said about tracing seems to be following an example of the use of strong encryption, but then you ask broader questions
Some Guy (10:13:23 PM): if the gov has the capability to find everything about me.. why must i hide from them..
Some Guy (10:13:31 PM): unless i'm doing something bad..
KirbysDL (10:13:48 PM): that is falsely assuming that the government is completely benign
KirbysDL (10:14:15 PM): you know, you probably ARE doing something that the government would call bad
Some Guy (10:14:30 PM): what, mp3s?
Some Guy (10:14:33 PM): gov doesn't care about that
Some Guy (10:14:38 PM): that's not the job of the dod
KirbysDL (10:14:45 PM): most likely, thouhg I wouldn't assume this for everyone, your mp3s and cracked games go against copyright law and the DMCA. you are BREAKING us laws
KirbysDL (10:14:57 PM): well hold on. the govt is the govt
Some Guy (10:15:27 PM): no no... there's a difference between breaking the law, and endangering the nation
Some Guy (10:15:48 PM): and national safety is probably higher in priority
Some Guy (10:16:44 PM): do you care if the gov knows the credit card number you're transferring from your computer to amazon.com? i don't.. what are they gonna do with it?
Some Guy (10:17:31 PM): i rather them know that secret messages are coming from arizona to iraq, AND know that the gov is on top of that
KirbysDL (10:17:43 PM): so you argue that, for example, terrorists are using strong crypto to plan to bomb the US. you would also argue that if a law were passed to ban such strong crypto, then all of the sudden the terrorists would abide by those laws? that their communications become more transparent?
Some Guy (10:18:02 PM): yup
KirbysDL (10:18:16 PM): well i'm not convinced
Some Guy (10:18:33 PM): personally, i don't think terrorists would abide by those laws
KirbysDL (10:18:34 PM): if i'm going to bomb your country, why would i abide by your laws?
Some Guy (10:18:43 PM): and that's what makes the encryption suspiciouis
Some Guy (10:19:16 PM): everyone in the country is abiding by the laws, why is this particular group not? ... this raises a threat
KirbysDL (10:19:26 PM): then you're assuming that the government has the resources to monitor all the bandwidth going across the country, and they can distinguish strong crypto binary streams from others
KirbysDL (10:19:55 PM): consider stegonography and other hidden communication channels
KirbysDL (10:20:02 PM): strong crypto use does not have to be open
Some Guy (10:21:10 PM): i do consider that, and there's no telling what kind of communication that happens... but seriously, wouldn't you sleep happier if you knew the gov had the ability to decipher everything that was relaying from inside to outside the country?
KirbysDL (10:21:23 PM): absolutely not
Some Guy (10:21:39 PM): even if there's so much traffic that the gov can't catch all at once, but they had the ability not to
Some Guy (10:21:39 PM): ability to
KirbysDL (10:21:59 PM): if there's too much traffic, then they DON"T have the ability to
KirbysDL (10:22:11 PM): who cares if the govt finds out 6 months after the attack?
Some Guy (10:22:24 PM): it's evidence!
Some Guy (10:22:55 PM): i think as of now, the US still doesn't know who's responsible for the terrorist attack
Some Guy (10:23:01 PM): they're only making a good guess
Some Guy (10:23:49 PM): name one reason why the gov knowing is bad
KirbysDL (10:24:07 PM): the point of such a law, as your original argument stated, was to protect national security. pointing a finger after the fact does NOT increase national security. only the prevention of an attack really helps
Some Guy (10:24:56 PM): national security is not just prevention, it encompasses a whole lot, and one of those is having evidence to prosecute
KirbysDL (10:26:20 PM): if all strong ciphers were banned, (1) it would break the fourth amendment (2) it would stifle cryptographic research in the US and push research outside the US (3) it would not prevent criminals from using it anyways (4) it would also enable OTHER entities with cryptanalysis power comparable to the US govt to break our ciphers
KirbysDL (10:28:24 PM): aren't you aware that already, the DMCA is stifling cryptographic research? SCIENCE is impeded because of this badly written, overpowered law
KirbysDL (10:28:55 PM): people in the US are afraid of publishing research. people outside of the US are afraid of setting foot on US soil due to their research. this is not a good thing
Some Guy (10:29:42 PM): (1) first of all, admendments are subjects to change, through corollaries and other such (2) you might have a point, but i hardly think it would stop the gov from doing cryptographic research, and besides, the point of banning it was so information doesn't flow outwards, (3) yes, criminals wouldn't stop using it, BUT now it gives the gov a way of detecting what's foreign
Some Guy (10:30:23 PM): the reason why people don't wanna do research in the US is soley for monetary reasons, but for the sake of our country, think beyond that.. we're talking about national security
KirbysDL (10:30:28 PM): so you'd give away the bill of rights for this supposed security that cannot be proven?
KirbysDL (10:30:59 PM): we ARE indeed talking about national security but I'm not convinced by your arguments that a ban on strong crypto would help us here
KirbysDL (10:32:02 PM): you still haven't told me how you'll (where you=US govt) be able to distinguish strongly enciphered data from other data
Some Guy (10:32:22 PM): try to decipher them
KirbysDL (10:32:23 PM): and even when you do, i'll start hiding it on images and send them out of IRC, ebay, geocities, etc.etc.
KirbysDL (10:32:27 PM): ok
Some Guy (10:32:28 PM): doesn't have to be all of them
KirbysDL (10:32:40 PM): so you'll try to decipher every stream of binary data that goes out over the US
KirbysDL (10:32:47 PM): and why not?
Some Guy (10:33:02 PM): doesn't have to be all of them because it's not possible
KirbysDL (10:33:15 PM): exactly... as i said, it's an impossible task
Some Guy (10:33:20 PM): BUT
KirbysDL (10:33:48 PM): and if you can intelligently prune off people who's data you do not need to monitor, then you have a priori knowledge, and with that you can surviel them through other means
Some Guy (10:34:16 PM): i think you're missing the point to my argument
KirbysDL (10:34:21 PM): clearly =P
Some Guy (10:35:22 PM): okay, first off, you must keep an open mind here
Some Guy (10:36:07 PM): tell me, how does gov knowledge of crypto algorithms invade privacy laws?
KirbysDL (10:36:27 PM): well i'm not trying to twist your words around to make them mean something you didn't intend. beyond that, i admit i have an opinion that you have so far not changed through your arguments
Some Guy (10:36:47 PM): well same goes the other way
KirbysDL (10:36:53 PM): ok
KirbysDL (10:37:13 PM): The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
KirbysDL (10:37:19 PM): that is the text of the fourth amendment
KirbysDL (10:37:45 PM): it states, in plain english, that the government has no right snooping around any of my possessions, e.g. my data, without a warrant
Some Guy (10:38:18 PM): and if you were a terrorist, you would also be granted those rights correct?
KirbysDL (10:38:20 PM): you must realize that there ARE legal ways for the govt to access strongly encrypted data
Some Guy (10:39:04 PM): i'm sure there are, but those are not the ways terrorists are using to relay messages
KirbysDL (10:40:07 PM): a terrorist is someone who commits a crime. an alleged terrorist may be anyone... there is simply some suspicion that he is conspiring to commit a crime. he is, until proven guilty, just like any other US citizen (let's confine our discussion to citizens) and like other citizens, he is protected by the bill of rights
KirbysDL (10:41:05 PM): a terrorist, after he is proven guilty, most likely will not be given the fourth amendment right to privacy
Some Guy (10:42:33 PM): i'm sending a letter to france about my cs170 project, now i know that i have the right to my privacy.. but what do i care if the gov knows???
Some Guy (10:43:00 PM): do you know what the people are saying in the airports?
Some Guy (10:43:12 PM): it's a lot of hassle, but it's def. worth the security
Some Guy (10:43:24 PM): that's searching through their bags and luggages
KirbysDL (10:43:43 PM): the right to privacy must be absolute. without that, there is no privacy. if a single person breaks your privacy, he could tell others, be bribed, tortured, etc. there is a risk. privacy must be as absolute as possible or else it is meaningless
Some Guy (10:44:22 PM): and you don't think the tradeoff is worth it?
Some Guy (10:45:07 PM): you know what i'm imagining?
KirbysDL (10:45:26 PM): nope. the government ALWAYS wants to take away liberties. it ALWAYS does so in the purported interest of such things as the security of the nation and its citizens. it is almost NEVER able to prove the security. but once lost, freedoms are nearly impossible to regain
KirbysDL (10:45:31 PM): go ahead
Some Guy (10:46:27 PM): a huge gigantic parallel machine deciphering data all day and night, flagging key words, such and such... a letter about me cheating on a test, stealing a car, grand larceny, though they're huge offenses, i don't think the DoD will give a rat's ass
Some Guy (10:47:01 PM): you know what they will be suspicious about? the word bomb
Some Guy (10:47:05 PM): kill
Some Guy (10:47:10 PM): US
KirbysDL (10:47:59 PM): are you aware of the statement that to break the strongest of today's ciphers, you would need to have every atom in the universe be a computer capable of testing one key per second, and you would still need more than the age of the universe to break the cipher?
KirbysDL (10:48:27 PM): now given that criminals aren't going to stop using strong ciphers anyway, i would claim that this computer won't help you
Some Guy (10:48:41 PM): yes i am aware of that, and if the gov knew the algorithm, it would make their job a lot easier
KirbysDL (10:48:49 PM): oooh intersting point
KirbysDL (10:49:03 PM): are you aware that EVERY strong cipher currently in wide public use has a published algorithm?
Some Guy (10:49:22 PM): AND registered keys?
KirbysDL (10:49:22 PM): that BY DEFINITION a cipher without a publshed algorithm is thought of as insecure?
KirbysDL (10:49:33 PM): we weren't talking about registered keys...
KirbysDL (10:49:55 PM): you said the govt knew the algorithm, not the key
Some Guy (10:50:11 PM): it's part of the question isn't it?
KirbysDL (10:50:42 PM): that's a part i didn't want to get into because i have several more tirades on the subject. i take it neither of us has convinced the other on part a of the question? =P
Some Guy (10:50:55 PM): heh
KirbysDL (10:51:05 PM): well hold on
Some Guy (10:51:13 PM): i think we have different perspectives
Some Guy (10:51:17 PM): strong perspectives
KirbysDL (10:51:26 PM): i think you agree that to have strong ciphers outlawed does, in some way, reduce your right to privacy, regardless of any other issues of national security
KirbysDL (10:51:34 PM): right?
Some Guy (10:51:46 PM): i agree
Some Guy (10:52:07 PM): it's a defnite tradeoff for sure
KirbysDL (10:52:34 PM): would you also agree that there will always be a way for me to hide encrypted data such that unless you know you have to watch me already, you will not be able to distinguish my data from others' data?
KirbysDL (10:53:33 PM): cause yeah you can argue the tradeoff either way... that's a matter of personal opinion. some people value their privacy less ... this is clear from http://curby.dyndns.org/cryptodocs/news/theregister.co.uk%20--%20americans%20 want%20uncryption%20(key%20escrow%20backdoor%20terrorism)%20--%202001- 0920.htm
KirbysDL (10:54:21 PM): i link to that for statistics, not necessarily for their pro-crypto arguments
Some Guy (10:54:25 PM): i also agree with your second statement, but only to a point
KirbysDL (10:55:18 PM): i think i'm satisfied then =P
Some Guy (10:56:09 PM): you have to understand a point i'm making... i want to ban strong encryption not to argue that i'll be safe, i want to ban it arguing that i'll be safer
Some Guy (10:57:20 PM): saying that my computer is safe while connecting to the internet is a bunch of bullshit.. but if i knew of some knowledge of the attack.. i know i'm safer
KirbysDL (10:57:24 PM): certainly. absolute security cannot be proven. the best you can hope for is a marginal increase in security. our fundamental disagreement then, is how much safer a ban on strong crypto will make us
Some Guy (10:57:59 PM): and how much safer is something i can't give a statistics to
Some Guy (10:58:11 PM): but ideally, i can picture it
KirbysDL (10:58:21 PM): yes, there is clearly an ideal case
KirbysDL (10:59:53 PM): hmm i should be finishing grading papers =P