Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool.mu.edu!uunet!mdisea!jackb From: jackb@MDI.COM (Jack Brindle) Newsgroups: comp.sys.mac.misc Subject: Re: APPLE & FCC PETITION (PRESS RELEASE) Message-ID: <1991Feb5.182303.11214@MDI.COM> Date: 5 Feb 91 18:23:03 GMT References: <1991Feb2.235110.17551@cs.uiuc.edu> <1991Feb4.184339.24202@csn.org> <1991Feb4.233214.486@cs.uiuc.edu> Sender: news@MDI.COM Organization: Motorola Mobile Data; Seattle, WA Lines: 43 In article <1991Feb4.233214.486@cs.uiuc.edu> gillies@cs.uiuc.edu (Don Gillies) writes: >I not was ignorant of encryption. Encryption is not a panacea. No >macs currently have encryption hardware. Decent encryption is very >expensive to compute, especially on the whole text stream. The NBS The question is more of what degree of encryption is needed. DES, or better, may not really be necessary. It is a pretty large task to decrypt the massive amounts of data on a network without some knowledge of the data being sent. Perhaps some "lower-powered" techniques could be used which are less costly in terms of processing power, but would be just as effective given the specific environment. >DES standard (upon which most hardware encryption chips are based) was >compromised because the CIA wanted to be able to break any code >generated by the standard. That is why the keys are so small (56 >bits, I believe). > >It is unlikely that a radio network with encryption will have >acceptable performance. It is unlikely that a radio network without >encryption will have acceptable security. I disagree completely with this point. There are many techniques widely available that are completely effective. Encryption, as we are used to it, is not the only means. It is next to impossible to decode Spread- Spectrum transmissions without knowledge of the spread algorithm AND the synchronization methods used for each transmission. This means that SS transmissions need not be encrypted (and usually are not). In the frequencies the Apple filing discusses, this is a very valid technique. There are other things that can be done, however. If you are really concerned about the security of your data, countermeasures can be taken, such as dummy packets to throw off whoever might be trying to steal the data. The other thing to remember is that even Ethernet is not fully secure. If someone really wants at your data, they could throw enough resources at decoding the electromagnetic field given off by the ethernet cable that they could get anything that you send across your network. And that data is almost never encrypted. > >Don Gillies | University of Illinois at Urbana-Champaign - Jack Brindle.