[116785] in Cypherpunks
Re: FC: Paging Mr. Liddy! Janet Reno wants you
daemon@ATHENA.MIT.EDU (Sean Roach)
Fri Aug 20 18:17:28 1999
Message-Id: <3.0.6.32.19990820165150.007b43a0@mail.intplsrv.net>
Date: Fri, 20 Aug 1999 16:51:50 -0500
To: cypherpunks@algebra.com
From: Sean Roach <roach_s@mail.intplsrv.net>
In-Reply-To: <19990820164153.19704.qmail@hades.rpini.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Sean Roach <roach_s@mail.intplsrv.net>
At 04:41 PM 8/20/99 -0000, Anonymous wrote:
>
>This just makes all the more necessary
>encryption programs which the user can
>insure have not been tampered with, or
>can reconstruct if necessary. Such as:
>
><http://ciphersaber.gurus.com/>
>
>Adam Powell wrote:
>>
>> In a page-one exclusive, the Washington Post reports The Clinton
>> administration is asking Congress for explicit authority for secret
>> break-ins onto private property to lift and change computer encryption
>> files. Under the proposed legislation, the US would approach a friendly
>> judge, get a search warrant and then seal it, so you will have no notice:
>> You won't know the J-folks were there until you tried to use your crypto
>> software...
>>
>> http://www.washingtonpost.com/wp-srv/business/daily/aug99/encryption20.htm
>>
>> "The Justice Department wants to make it easier for law
>> enforcement
>> authorities to obtain search warrants to secretly enter
>> suspects' homes or
>> offices and disable security on personal computers as a
>> prelude to a
>> wiretap or further search, according to documents and
>> interviews with
>> Clinton administration officials...
>>
>> "Legislation drafted by the department, called the
>> Cyberspace Electronic
>> Security Act, would enable investigators to get a sealed
>> warrant signed by
>> a judge permitting them to enter private property, search
>> through
>> computers for passwords and install devices that override
>> encryption
>> programs, the Justice memo shows..."
>>
Makes someones practice of keeping his keys on a PCMCIA card more and more
reasonable all the time. The trouble is, even if there is a decent storage
medium, (durable, spacious, small), which is fairly standard among all
machines using a particular type of encryption, the machine might still be
rigged to either capture the keyring for later analysis, or just bypass the
crypto by getting the data before and after encryption.
Even a near hardware fix, like putting the actual encryption algorithym on
a smart card, and passing the data through it, won't eliminate the chance
that the computer that the smart card is plugged into isn't bugged. At
least I can't see how.
Makes the idea of keeping your computer, and not just your keys, at hand at
all times seem like a more reasonable approach.
With the explosion of laptops in the general population, one more road
warrior with a nice laptop shouldn't set off warning bells. This makes
securing the laptop from theft, a market nicely filled with everything from
modified bike chains to who knows what, the last real concern.
But these are the musings of a layman, so make sure that the Mortons is handy.
Sean
