Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Crypto Controls are Spreading Internationally
David Banisar, 2002-07-15

Hand over that encryption key, mate, monsieur, sir, bloke.

Comments Mode:
Crypto Controls are Spreading Internationally 2002-07-15
Grant Bayley, Wiretapped (www.wiretapped.net) (3 replies)
The thing is, the high profile apps like PGP and DigiCash have been replaced by the sometimes hidden but equally powerful SSL for transactions, SSH for secure administrative and increasingly file transfer traffic, and the ubiquitous "corporate VPN" utilising IPSec.

Let it not be said that because...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-15
Anonymous (2 replies)
That is good for the large corps, but what about everybody else/...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Otis Wildfllower
Solid crypto is still free. For linux, I use self-signed (dummy) certs with SSL'd services (smtp, imap, http), OpenSSH, and FreeS/WAN for Linux (IPSec).

Not as hard as you'd think, but not as easy as clicky-feely...
...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Grant Bayley (www.wiretapped.net)
None of these things are exclusive to corporations. Your operating system probably already has IPSec functionality built-in, waiting to be used. Ditto for your cable modem firewall - if it doesn't use IPSec, it's probably got a client you can download and install. And there's SSH clients availabl...

[ more ]  [ reply ]
BestCrypt software allows using 2 keys with one unlocking fake info! 2002-07-18
Anonymous
They claim it's undetectable if you have any other info stored in the same encrypted conatainer and it's also undetectable if you are actually using this option or not.

This way you can always hand over a key and just give them access to anything you descided you would like them to have access to...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-24
Anonymous
Seconded. A decent X509 key is little if any different in practical terms from a PGP key - both use DH or RSA, both support ~128 bit crypto (well, pgp gained 256 bit AES at one point, but I am sure SSL will adopt it soon) and because all major web browsers support HTTPS (which obviously is effective...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-15
Anonymous
"About the only country where it seems safe to use crypto is the U.S. "

As a Canadian, I will quietly hope that everyone in the states believes this and doesn't come knocking us for our highly liberal crypto laws.

http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.h
tml

Not even on...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-15
Anonymous
PGP was only orphaned by the idiots at Network Associates. GPG is alive and well.
http://www.gnupg.org...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-15
A sysadmin (2 replies)
Quoting the article:

"Meanwhile, virtually none of the cryptographic killer apps we fought for are being used.

"DigiCash is gone, PGP has been orphaned, and ZKS dropped Freedom and is selling consulting services to stay alive. Not exactly a golden era. "

No mention of SSL, which is used all...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-15
Anonymous (3 replies)
SSL is not a file encryption or email encryption solution on par with what we had in PGP. (I know theres GPG but its ages away from polished enough for the public) SSL can secure VPNs and transactions. Thats about it. It doesn't offer any file encryption. So please get YOUR facts straight before...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-16
Anonymous
Not everything he's talking about is only file encryption. Many like ZKS's Freedom are/were network encryption....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous
Countering your argument are things like EFS on Windows, Encrypted Disk Images in Mac OS X, and for the really diligent, vnconfig on OpenBSD.

Both work without the baggage of manual key management that PGP/GPG suffered (suffers?) from....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Rickard
I don't know about your ssl, but my openssl does file encryption.

openssl enc -bf -in -out

Even though that's not what it's used for most of the time....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous
Your slam puzzles me. Wasnt DigiCash meant to enable anonymous payments? And wasnt Freedom meant to enable truly anonymous surfing? How do SSL, SSH, digital certificates, etc., make up for their loss??

To quote yourself, "Please get your facts straight before running off your mouth."
...

[ more ]  [ reply ]
Camel couriers. 2002-07-16
Anonymous
It is intresting how terrorist groups use couriers on camels to spread the word and not the internet, because they know of internet surveilance, Even an encrypted message would trigger an alert that something is happening.

Somebody give that primate for a president a f**king clue.
...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
DEScypher (3 replies)
Hmmm...

Now if someone wanted to ensure integrity and confidentiality with electronical transactions in a "hostile country" i.e. Burma or U.K. perhaps the use of steganography and cryptography combined would reduce the risk of being discovered.

And perhaps a "spoofed" senders mail address woul...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Grant Bayley (www.wiretapped.net)
For "deniable" on-disk encryption, have a look at www.rubberhose.org....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous (1 replies)
The "forgetting the keys" issue came up when the British bill was under consideration. It basically came down to that if a defendant hemmed, hawed, and hit himself on the forehead, he wouldn't have to cough up the key....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
/. er
the burden would be on the prosecution to prove that you actually know the key. utterly unenforcable....

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-18
Anonymous
BestCrypt software allows to have a second fake key that unlocks fake information you put in the container as well..:) They say it's undetectable if you use a second key and if there's other info in the container...

Basically, you can always hand over a key this way and thereby doing what is aske...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous
GnuPG is here and alive.

Free Software released under GNU General Public License.

http://www.gnupg.org/ (compatible with PGP) ...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous
Anti crypto laws are pointless. Organized crime and terrorists don't use crypto. They hide messages where no one is looking for them, and send plain text using code words that mean nothing to an outsider. ...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous (1 replies)
I wonder what would happen if someone used anonymous remailers to send PGP-encrypted messages to random people in the UK? "Give us your key!" "What key? I don't even use this software." "Come along..."

I wonder how long that could go on before the public rose up and demanded the repeal of RIP?...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous

RIPA doesn't require the key to every single message.

It's much like a search warrant. If requested by the police, you are required to suddender either the key or a plaintext version of the message in question. This cannot just be requested, but must be at the order of (IIRC) the Home Secretary...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally 2002-07-17
Anonymous
Have we fogotten about Canada? While we have some crypto laws for companies creating crypto programs, there are nice exclusions for Open Source programs, we have now laws against export or import of crypto, and are host to the development of the great OpenBSD (OpenSSH, OpenSSL, etc) programs.

If...

[ more ]  [ reply ]
Crypto Controls are Spreading Internationally - Restrictions? 2002-07-17
Rich
You do not elaborate on what restrictions are being placed on requests for the encryption keys. If a court order is required, with requirments similar to those required to physically search a building (including forcing the owner to open a locked safe for examination of the contents!), doesn't this...

[ more ]  [ reply ]
About the only country where it seems safe to use crypto is the U.S 2002-07-17
Anonymous
Ah, so American judges can't issue search warrants? When
did that change?...

[ more ]  [ reply ]
France 2002-07-17
Anonymous
You say: Three years later, the Parliament approved the "Loi sur la Sécurité Quotidienne" (LSQ) that requires users to give up their keys, or face three years in prison. Mon Dieu!

But the law says:
« Le fait de ne pas déférer, dans ces conditions, aux demandes des autorités habilitées est puni ...

[ more ]  [ reply ]
Crypto Controls run south of the border!!! 2002-07-17
Anonymous
When the US begin theyre key escrow program again you can always run south of the border......

[ more ]  [ reply ]
cipersaber.gurus.com ! 2002-07-18
Was Annoyed, Now Amused
Well, there's always an alternative--check out http://ciphersaber.gurus.com/ for information on CipherSaber, a home-grown alternative to commercial crypto applications....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus