| gabriel rosenkoetter on Fri, 14 Feb 2003 19:10:33 -0500 |
|
On Fri, Feb 14, 2003 at 02:14:30PM -0500, eric@lucii.org wrote:
> I'd have to question how a private key could truly be "private" if you
> can be forced to divulge it.
Then what *would* be a private key? Biometrics? I can be forced to
produce them on demand too. (I suppose lopping off and burning a body
part on which the biometrics relied would sort of work... but even
then, if they can get some cells of the appropriate type, they can
probably grow it back on a lab rat at this point.)
This is the reason for key expiry. I've never seen anyone expire
their keys at the necessary frequency to be operable against the US
federal government (it's have to be weekly at a bare minimum). My
PGP doesn't expire at all, because all the available keyserver
software (espcially pks, the most popular) is broken in a way that
makes it impossible to use keys with multiple subkeys (adding a
later expiry date to an existing key works by adding another subkey
to it).
This is also the reason that the default most people use when
sending PGP-enciphered mail of also enciphering to their own key is
a bad idea if you're doing something you want to remain truly
secret, even if someone gets to you (you can't stop it if someone
gets to your recipient, of course). PKI means that even YOU can't
read the file you encipher to someone else's private key.
I ran through some ways to work around this limitation of keys int
he email I just sent (distributed storage, off-shore, so that not
even YOU know where a given piece of data is; make it impossible
to physically *move* those data stores, which doesn't stop someone
from accessing them on site, but individual sites are no good
without the others; keep your sites in a wide array of political
jurisdictions).
> IANAL but the 4th amendment of the constitution appears to prohibit
> fishing expeditions like that.
It's futile, imo, to rely on a piece of paper, especially one so
widely interpretted, to save us from this. Voicing an opinion
against laws prohibiting what qualifies as an inalienable right
("What, officer? Are you saying I'm not allowed to calculate the
product of two 1024-bit primes? But why not? It's just math!")
might help, staying atop cryptanalytic technique helps more.
Paul's right; if they can't break your crypto, they can't know
prove you're doing anything wrong. So, if you care, study existing
and historical cryptography, and consider working on either
cryptanalysis (to find problems with existing algorithms so that
they can be made better) or cryptology (to design new algorithms).
And if you do that and do it well, try to do the rest of us a favor
and not to accept the large sum money the NSA will offer you after
your first published paper. No one will ever see your work again if
you do that.
> In the future, encryption will be thwarted in less direct ways: Keyboard
> monitors that record your passphrase when you enter it, cameras watching
> your keyboard that show what you're typing.
Van Eck Phreaking from the other side of the street.
Reminds me, I still want to do a Van Eck proof of concept for a PLUG
meeting...
> If necessary, they can
> simply declare you as a terrorist, ship you to a country that allows
> torture, and wait a week or two for your "voluntary confession" =8-0
Yes. The Federal government's brute force probably trumps anyone on
this list. Certain states in the union *might* be able to hold out,
against the feds, but individuals (or small groups) simply cannot
(cf, the Branch Davidians, Kevin Mitnick, so forth).
> I believe he's in agreement with you on that - it looks like he just
> stated it in the negative to show that the logical conclusion is
> unworkable.
I said what I did to be reassuring. That law couldn't be passed, as
math & CS departments, IBM, Microsoft, Sun, and plenty of other
large institutions would scream bloody murder.
We've even seen the government *try* to force key escrow on us, and
seen that attempt fail utterly. ("No, thanks, I'll take the phone
WITHOUT the clipper chip...")
> That's a great idea Gabe... bit order! What a hoot!
> I found http://www.rubberhose.org to be particularly interesting
> although their development appears to be preceeding slowly.
Heh. Rubber hose pops up in discussion on cypherpunks periodically,
and on Perry Metzger's crypto list. It's really more of a proof of
concept, the idea being that it end up as part of a crypto FS.
You've also seen http://www.m-o-o-t.org/, I trust? (Relates to my
suggestions to get around the key subpoena.)
> NOT to start a flame war here but I find it AMAZING that the Supreme
> Court can find the right to privacy for abortion but not for
> recreational drug use, encryption, or a host of other "private"
> activities. Wow.
I don't disagree, but I also don't think that PLUG's the place for
political discussion. (Granted, there's a fine line, but I wouldn't
want to get off into either the abortion or drug discussion; the
privacy may actually relate to computers. The other two aren't
relevent here.)
> I've been told that the reason there is so little
> mention of privacy in the constitutions (state or federal) is because
> the founders had no idea what a surveillance state is like. In 1776, if
> you wanted to have a private conversation, you walked out of the house
> and into the fields... 5 minutes or less and you'd be out earshot!
That's an interesting theory. I'm actually surprised there isn't
more explicit mention of privacy on the premise the Constitution was
drafted (which it wasn't, btw, in 1776; that's the Declaration of
Independence ;^>) not too long after a time when, if you were caught
speaking in private against Great Britain, you were in trouble.
What seems to have been more important to those writing the
ammendments to the Constitution to protect rights seems to have been
the ability to *share*, not the ability to hide. (Free speech,
freedom of religion, so forth.)
> Agreed! That, and Vote - the one "contact" they cannot ignore.
Or move to Canada: http://bantha.cjb.net/stuffins/john/ ;^>
--
gabriel rosenkoetter
gr@eclipsed.net
Attachment:
pgp972WmRfACQ.pgp
|
|