[116783] in Cypherpunks
Project: Hardening Crypto Against Big Brother's "Black Bag"
daemon@ATHENA.MIT.EDU (Tim May)
Fri Aug 20 17:34:26 1999
Message-Id: <v0313030db3e375be94a6@[207.111.242.79]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 20 Aug 1999 14:15:50 -0700
To: cypherpunks@cyberpass.net
From: Tim May <tcmay@got.net>
Reply-To: Tim May <tcmay@got.net>
(I sent this off several hours ago, but it hasn't appeared at my site. So
here it is again. Apologies if any duplications occur.)
At 9:41 AM -0700 1999-08-20, Anonymous wrote:
>This just makes all the more necessary
>encryption programs which the user can
>insure have not been tampered with, or
>can reconstruct if necessary. Such as:
>
><http://ciphersaber.gurus.com/>
>
>Adam Powell wrote:
>>
>> In a page-one exclusive, the Washington Post reports The Clinton
>> administration is asking Congress for explicit authority for secret
>> break-ins onto private property to lift and change computer encryption
>> files. Under the proposed legislation, the US would approach a friendly
>> judge, get a search warrant and then seal it, so you will have no notice:
>> You won't know the J-folks were there until you tried to use your crypto
>> software...
"You won't know...until you tried to use"?
Oh, I think it's obvious you're not suppose to know they were there even
when you try to use your crypto! Else, why bother?
The whole idea is to disable or trapdoor the crypto so that the freedom
fighter has no idea that Big Brother has inserted a keyboard sniffer, a
"covert escrow" file, or whatever.
I assume it's some kind of keyboard sniffer, to catch passphrases and/or
typed text. They can't plausibly monkey with PGP itself without affecting
already-issued public keys, it seems to me. Maybe someone can think of a
way they could weaken PGP without affecting already-issued keys. Of course,
if they do the black bag job early enough they could compromise the keys
themselves, by interfering with the random number generators and suchlike.
This doesn't strike me as being very useful, given the persistence of keys
for years...
We should start thinking about just what kinds of black bag operations
could be useful. Sort of a "Tiger Team" attack: pretend we're part of
Janet's Jackboots trying to get the goods on the Evil Second Amendment
Supporters. "Think like they do."
(Leaving out their favored methods of simply using flash-bangs and full
breeches on residences and shooting anything that moves.)
A challenge.
This will allow crypto developers to think about possible fixes. Such as:
-- passphrases not entered via a keyboard, but by picking characters off a
screen (I recall someone doing this, using a mouse to "travel to" various
scenes in an image...turns out a lot of bits can be easily remembered this
way, due to the way spatial memory works. This approach could also help
with Van Eyck emanations, depending on details of LCD screens vs.
keyboards, etc.)
-- wider use of Palm Pilots to carry critical private key and passphrase
information
-- or even smaller "crypto rings" (a la Dallas Semiconductor's chip)
-- and, of course, checksums and cryptographic signings of executables
Other suggestions?
I recommend that as a kind of ad hoc Cypherpunks project we brainstorm
about just what form such "black bag operations" could take and then try to
get crypto makers to "harden" their apps against this growing threat.
Just brainstorming and speaking out is enough...I'm not suggesting any
difficult or expensive lobbying.
--Tim May
Don't tread on me.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
