Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Encryption NOT used by terrorists for email security

By hillct in MLP
Wed Oct 03, 2001 at 07:21:07 PM EST
Tags: News (all tags)
News

This article in McPaper indicated that the terrorists responsible for the Sept 11 attacks were not using encrypted e-mail to communicate. It falls short of saying that no encryption was used to secure other communications but hopefully this will take some of the wind out of the sails of those who want to use the terrorist attacks to re-start the debate regarding availability of un-compromised encryption technologies to the public. Hopefully supporters of restrictions on the availability of strong encryption will focus their energies on bringing the NSA into the 21st century instead.


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o article in McPaper
o bringing the NSA into the 21st century
o Also by hillct


Display: Sort:
Encryption NOT used by terrorists for email security | 30 comments (28 topical, 2 editorial, 0 hidden)
So..? (3.75 / 4) (#2)
by J'raxis on Wed Oct 03, 2001 at 04:32:50 PM EST

“Well, what this means is that if the government was able to snoop everyone's email, it would have caught them, because the emails weren’t encrypted! And of course the only reason this email was found was because it was plain text; all their encrypted stuff probably got through unnoticed!”

That’s what you’ll hear next from the people pushing these news laws. Logic and evidence means nothing to someone trying push an agenda; it can always be molded to their point of view.

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]

This bolsters arguments for Carnivore but... (4.00 / 1) (#3)
by grasshopper2 on Wed Oct 03, 2001 at 04:51:31 PM EST

I agree. This finding does lend credence to the arguments for use of technologies such as Carnivore (DCS1000) and Echelon however it weakens the (reactionary) argument for a ban on strong encryption.

--RT


[ Parent ]
Not unless you want the to open your letters too (none / 0) (#11)
by bke on Wed Oct 03, 2001 at 06:34:26 PM EST

No it doesn't really. Not unless you feel that the goverment should be allowed to read all correspondence that goes through the various postal services, and most rational people agree that such measures are clearly going to far. And I also suspect that the real reason goverments aren't pushing for opening and reading regular mail is that the cost is prohibitive while when it comes to digital communications it's very easy to just log every thing and grep through it later.


--
Read, think, spread!
http://www.toad.com/gnu/whatswrong.html
[ Parent ]

UPS is betting most people don't care (none / 0) (#15)
by Lizard on Wed Oct 03, 2001 at 10:11:30 PM EST

On the news tonight they were saying that until further notice UPS is opening and searching all packages for security reasons until further notice. Apparently, they think that Americans aren't all that opposed to having their packages searched because unlike the Post Office they actually have to compete in the market place. Given all of this, you can bet that I'll be requesting shipment from a competitor of theirs next time I order something online.
________________________
Just Because I Can!
[ Parent ]
Oh crap (none / 0) (#21)
by fluffy grue on Thu Oct 04, 2001 at 12:40:19 AM EST

They are? Really? Fucking hell. Now they'll know I bought a rotary epilator.

Which is, quite frankly, none of their goddamned business. Their right to inspect the package ends at the tape which closes it.

Then again, them opening it up, breaking things, reclosing it, and sending it off to the wrong place couldn't be any worse than them stacking big, heavy things on top of long, skinny things I've ordered in the past. (For example, I will never, ever have a projection screen shipped by UPS ever again.)
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Chess, not dice (5.00 / 2) (#4)
by Pac on Wed Oct 03, 2001 at 04:58:16 PM EST

One of the most important things one has to learn in order to become a chess player (instead of someone who merely knows the rules of chess) is that you must never, ever, assume you opponent is dumber than you.

As a matter of fact, most good chess players will assume the opponent is smarter than them, and act accordingly.

I believe the analogy is obvious. It doesn't really matter if the terrorists of September 11 used encryption. What matters is that any terrorist can use encryption (and trucks and planes and chemicals and poison).

And I am completely against encryption ban, key escrow and such. I really believe that any local law will not prevent the widespread use of the technology. Moreover, a ban will assure that only the criminals will be able to fully benefit from it.

But it is always worth to understand your opponent views.

Evolution doesn't take prisoners


I agree - More or less... (5.00 / 1) (#6)
by hillct on Wed Oct 03, 2001 at 05:23:10 PM EST

To ban strong encryption because it's possible terrorists might use it to conceal their activities is like blaming Boeing for making extremely large aircraft on the basis the existance and availability of such aircraft allows terrorists to crash them into skyscrapers.

The mere availability of strong encryption introduces the risk that criminals might be able to conceal their communications from law enforcement but in the case of encryption technology, restrictions on it's availability would not achieve the desired goal.

While we're at it, we could also restrict the availability of thicks, fertelizer and gasoline on the chance that these items might be used by terrorists but such restrictions would have dramatically damaging effects on our economy.

While it's important to recognize that these technologies may be used for evil purposes, it's equally important to recognize that they serve a far greater good in society than the risks they introduce.

--CTH


--Got Lists? | Top 31 Signs Your Spouse Is A Spy
[ Parent ]
We are in complete agreement here (5.00 / 1) (#8)
by Pac on Wed Oct 03, 2001 at 05:50:31 PM EST

Also, as many cryptanalysts already pointed throughout history, the mere fact that there exists an encrypted channel between A and B is sometimes enough information. The level of activity in this channel also gives you even more information.

So, strong encryption is not a license to kill. Just a very good gun.

But notice that your other points are also being addressed by the "good guys". Look how even travelling by plane will be cumbersome from now on. Becoming a pilot will probably require far more checks than now. Air Marshall and real land security personnel salaries will add to the tickets price. If they can't ban Boeing, they can make it pretty hard to use one for anything whatsoever. But then again, a deeper question is still open: how many companies flying Boeings will survive till the ende of the year?


Evolution doesn't take prisoners


[ Parent ]
Big? Practically a Piper (none / 0) (#9)
by davidduncanscott on Wed Oct 03, 2001 at 06:02:16 PM EST

It's a good thing the terrorists didn't go for really big aircraft.

BTW, what're "thicks" and how can I use them to raise hell? :)

[ Parent ]

Blah (none / 0) (#19)
by fluffy grue on Thu Oct 04, 2001 at 12:17:05 AM EST

That's nothing.
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

damnit (none / 0) (#20)
by fluffy grue on Thu Oct 04, 2001 at 12:18:12 AM EST

I'm just not doing very well tonight. For some reason I thought the 777 was bigger than the 747.
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Watch those damn Europeans. (none / 0) (#22)
by ambrosen on Thu Oct 04, 2001 at 05:44:19 AM EST

You know they're trying to build even bigger aircraft.

--
Procrastination does not make you cool. Being cool makes you procrastinate. DesiredUsername.
[ Parent ]
Good assumption! (none / 0) (#14)
by dennis on Wed Oct 03, 2001 at 06:42:43 PM EST

If you assume your opponent is smarter than you, then you have to assume that even if we make strong encryption illegal and strip it out of all American software, some terrorist mathematician who knows C will write his own, add some steganography, apply every statistical test known to man to make sure it's undetectable, and post a different original photo for each message on a newsgroup.

[ Parent ]
And that was exactly the previous mistake (none / 0) (#16)
by Pac on Wed Oct 03, 2001 at 11:25:11 PM EST

The American laws and rules banning the export of certain kinds of cripto technology failed exactly there.

One has to admire the great 20th century American mathematicians, responsible for many advances in the field of Cryptology.

But there is a world out here. In Europe, in Asia, in Russia (oh, certanly in Russia), even down here in Brazil, there are lots of bright people perfectly capable of re-implementing the necessary components of a secure process. Failing to recognize this fact only leads to a false sense of security and to farcical stunts like the many detentions of Phil Zimmerman.

Evolution doesn't take prisoners


[ Parent ]
Yep (none / 0) (#17)
by fluffy grue on Wed Oct 03, 2001 at 11:51:23 PM EST

Even when steganography is right under your nose, people never think to check everything for it... and any doofus can write steganography code. Who cares if the encryption is easy to break if nobody even thinks to check the datastream for it?
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

D'oh (none / 0) (#18)
by fluffy grue on Wed Oct 03, 2001 at 11:55:58 PM EST

wrong link
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Irrelevant (4.50 / 2) (#5)
by itsbruce on Wed Oct 03, 2001 at 05:12:32 PM EST

I don't care if they were using crypto. They were also using satellite phones and couriers carrying floppy disks, letters and the spoken word. Let's ban all of that and make ourselves really safe.

It doesn't matter what means they use to communicate. It doesn't matter if they train camels to spit in Morse, ffs. What makes them dangerous is their willingness to do what they do, regardless of the consequences.


--I unfortunately do not know how to turn cheese into gold.

Uhmm (3.33 / 3) (#7)
by Neuromancer on Wed Oct 03, 2001 at 05:36:52 PM EST

Dude, there are people in congress who are so set on turning the US into a police state that they are using the WTC attacks to push that. It's relevant. I'm tired of WTC stories myself, but this is relevant and different and ironically important, as it will help plead the cause for NOT restricting encryption.

[ Parent ]
You need to watch some CSPAN... (3.00 / 1) (#10)
by Anonymous 6522 on Wed Oct 03, 2001 at 06:18:33 PM EST

...before you start pointing fingers. Congess isn't taking the idea of lessening civil liberties lightly. Listen to the debate.

[ Parent ]
I understand that (none / 0) (#12)
by Neuromancer on Wed Oct 03, 2001 at 06:35:26 PM EST

I understand that it isn't being taken lightly, but I rather prefer that there be MORE ammo for the people who don't want to take away encryption. Perhaps I should not have used the word police state. After all, with carnivore tapping our email and us not being allowed to encrypt that e-mail... what was the question again?

[ Parent ]
It makes sense (none / 0) (#23)
by mwood on Thu Oct 04, 2001 at 02:04:26 PM EST

In a strange way this is reassuring. It really doesn't make sense for such people to trust their lives and their "mission" to encryption. A one-time pad or just a simple face-to-face prearrangement is much safer and the low traffic volume makes it practical. Only armies, which need to coordinate many thousands of men and bits of materiel, need encryption, because the volume of communication required makes codes impractical.

I wish the bad guys *would* learn to depend on encryption -- then at least the good guys would have a chance of figuring out what they're saying. Unfortunately they are probably too smart.

umm, whatever (none / 0) (#24)
by hardburn on Thu Oct 04, 2001 at 02:16:58 PM EST

then at least the good guys would have a chance of figuring out what they're saying.

Do you mean before or after the heat death of the universe? 'Cause barring a new development in complexity theory, that's how long it's going to take to decrypt a PGP-encoded message.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
You can tell a lot from an encrypted message (none / 0) (#25)
by squigly on Thu Oct 04, 2001 at 02:44:01 PM EST

You don't get the message, but you do get all the traffic information. This includes:
  • The time you sent it.
  • The place you sent it from (useful for tracking you)
  • The email address of a person you are in contact with
  • The fact that you are planning something
So, if they did use encrypted email, and you were bugging all of their email you would know beyond a shadow of doubt that a specific email was sent from a terrorist, you could have worked out that they were planning something soon, who was involved, and roughly where they were planning it.

[ Parent ]
Traffic analysis, and how to beat it (none / 0) (#29)
by phliar on Fri Oct 05, 2001 at 07:13:10 PM EST

  • The time you sent it.
  • The place you sent it from (useful for tracking you)
  • The email address of a person you are in contact with
  • The fact that you are planning something
In a word: anonymous remailers. Every day at 9 am I send a message to an address in Finland, as do many other people. Every day at 12 the remailer sends messages to many people.

Sending messages to the anonymous address in Finland suspicious, you say?

I encrypt the message and hide it in a scan of Miss October, and post it to rec.arts.erotica.pictures. My contact has the unaltered scan of Miss October; checks r.a.r.p, separates the message and decrypts. (I use a cipher that has a nice statistical property, and I hide it in the low bits of a scan that already has noise with the same property added.)

But all this is just technology. You don't need it - do all the important planning back home in Ruritania, and use codes - not ciphers - to handle the final details. "One light if by sea" etc. A classified ad for a red wagon named Rosebud means we go at dawn tomorrow.


Faster, faster, until the thrill of...
[ Parent ]

All very true (none / 0) (#30)
by squigly on Sat Oct 06, 2001 at 09:34:13 AM EST

In fact, if there was any attempt to prevent people from sending encrypted emails, use of all this is more likely. I think most terrorists expect that in all probability their emails are being intercepted. The fact that investigators might try traffic analysis is less intuitive.

Of course, the more intelligent ones will realise how much information they're giving away, and act accordingly, but the fact that we can stop a few criminals makes it worthwhile.

[ Parent ]

Not entirely accurate (to say the least!) (2.00 / 1) (#26)
by jd on Thu Oct 04, 2001 at 04:55:22 PM EST

First, the message is encrypted using a secret key, which is in turn encrypted with a public key. This means that you don't need to break the public key to get at the message, breaking the secret key is actually better, as verifying you have the right key is sooo much easier.

Second, the time it takes to break a key... Because you can do the computations in parallel (no two tests interact with each other), you can wire up massively-parallel decryption circuits to do this. The speed-up is impressive. So much so, that the British wartime "Colossus" machine is faster at breaking Enigma-type codes than a modern Pentium II, by several orders of magnitude.

(Whereas a P2 can test one key at a time, the Colossus could test hundreds. Whereas a P2 uses general-purpose hardware, with a software layer, the Colossus was a purely hardware device.)

Now, let's get a benchmark on this. The "rule of thumb" used to set the maximum exportable bit-length was that no message should take longer than 10 minutes to decrypt. This means that 56-bit encryption could be broken by brute-force in under 10 minutes, maybe a decade or so ago.

Let's now apply Moore's Law - computing power doubles every 2 years. That's 2^5, if we assume 10 years, which would increase the capability to 61 bits in 10 minutes, today. Actually, given that (prior to unrestricted distribution) the proposal was to move the limit to 64 bits. Which, if you look at the figure I got above, now seems somewhat more understandable.

Ok, so let's say they can break 64-bit encryption in 10 minutes, today, in bulk. How large a bulk is difficult to even guess at, but if you could tie those resources together, to make a distributed computer, you could increase the number of bits you could handle in the same time by log2(N), where N is the number of nodes in the distributed network.

The fabled "Echelon" system is purportedly capable of monitoring hundreds of millions of parallel signals, simultaneously, in the largest distributed network ever built. Would this be big enough, though, to crack "strong" encryption?

Not quite, but it's getting there. Assuming something in the order of 100 million devices, capable of cracking 64 bits in 10 minutes, your cluster could be expected to chew through 91 bits in the same timeframe. Ok, let's see what happens if we increase our timeframe. (10 minutes is a bit short for something potentially major.)

In one day, you could increase the number of bits gone through, by sheer brute-force, to 98. Because of diminishing returns, this is about the best you could expect to break in any reasonable time-frame, even using the best computer resources you can find.

Once you get to this point, you have to look for weaknesses in the strategy for producing keys, or in the algorithm itself. In other words, shrink the effective search-space, rather than increase the speed of searching it. Given that the security agencies have the very best mathematicians on the planet (and then some!), it is entirely believable that such exploits have been found, especially in closed-source products such as PGP.

However, is brute-forcing the key the only way to do this? No. If computers are relied-upon, then a sufficiently-skilled operative could easily back-door your encryption system. All that they would need to do, in fact, is install a binary patch, such that the range of keys actually chosen from is within the range that the agency can search for. It's unlikely anybody would detect such tampering, and we know from reports by the Internet Auditing Project that such agencies can modify binaries without detection by intrusion detection systems.

[ Parent ]

Not really (none / 0) (#27)
by hardburn on Fri Oct 05, 2001 at 09:26:02 AM EST

This means that you don't need to break the public key to get at the message, breaking the secret key is actually better . . .

Duh. It's not a "public key" for nothing! Public/private key crypto already assumes that any attacker has access to the public key anyway. It doesn't do you any good what-so-ever to break the public key.

This means that 56-bit encryption could be broken by brute-force in under 10 minutes, maybe a decade or so ago.

Have you ever met an RSA implementation that used a 56-bit key? Try 2048 bits. You need the extra bits in RSA because you're limited to using prime numbers, as opposed to block ciphers which can use any number you want. No implementation created by anyone in their right mind is going to use anything less then a 1024-bit key, at the bare minimum.

On the subject of block ciphers, the DES agorithm was a 56-bit cipher. It was created primarily by IBM, under the supervision of the NSA and NIST. Some stories suggest that IBM wanted to make a 64-bit cipher, but the NSA brought this down to 56 bits. This was fine at the time, but even back then people realized that 56 bits would not be enough in the future. Indeed, around 1993 it was shown that for $1 million (US), you could build a parrell supercomputer that could break any DES key in a few hours time. Obviously, it would take much less money today (well within the reach of even a medium sized buisiness). For this reason, hacks such as 3DES were created to extend the lifespan of DES until AES could replace it.

(Yes, there still is a reason for block ciphers to be around. Public/private key encryption is slow, sometimes 1000 times slower then some block ciphers. For this reason, public/private crypto is often used to exchange a one-time-use block cipher key, with all other communication during the session being done with the block cipher.)


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
Additionaly . . . (none / 0) (#28)
by hardburn on Fri Oct 05, 2001 at 09:43:34 AM EST

Sorry for replying twice, but I forgot to mention:

(Whereas a P2 can test one key at a time, the Colossus could test hundreds. Whereas a P2 uses general-purpose hardware, with a software layer, the Colossus was a purely hardware device.)

Yes, if you wanted to break a key with a short key (like plain DES), the best way to do it is with a pile of 486s on a 10 Mbps ethernet link. You might be able to get away with sneakernet.

. . . especially in closed-source products such as PGP.

PGP is an intresting case. Until recently (IIRC), PGP did release the source code, though not under a license that would be ever be approved under the OSI and certainly not GNU's Free Software guidelines. Even so, the source is available. The first reason is so they could export it; US export laws only cover transfering it in electronic form, so Phil Zimmerman made the PGP source code into book form, sent it to some freinds in Europe, who then OCR'd it and compiled. The second reason is so that others can be sure there are no back doors in the program.

In fact, Zimmerman left his job because the company refused to release the source code to the latest version of PGP. If you're really worried about it, use GnuPG.

. . . we know from reports by the Internet Auditing Project that such agencies can modify binaries without detection by intrusion detection systems.

A good reason to check MD5 sums (e.g. through a tripwire system). Of course, they could modify the tripwire system itself.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
Encryption NOT used by terrorists for email security | 30 comments (28 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!