Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!bonnie!akgua!gatech!ut-sally!seismo!brl-tgr!gwyn From: gwyn@brl-tgr.ARPA (Doug Gwyn ) Newsgroups: net.unix,net.micro.pc,net.crypt Subject: Re: Non-ATT 'crypt(3)' Message-ID: <435@brl-tgr.ARPA> Date: Mon, 9-Dec-85 12:12:00 EST Article-I.D.: brl-tgr.435 Posted: Mon Dec 9 12:12:00 1985 Date-Received: Wed, 11-Dec-85 03:44:38 EST References: <124@suneast.uucp> <717@decuac.UUCP> Organization: Ballistic Research Lab Lines: 56 Xref: watmath net.unix:6576 net.micro.pc:6143 net.crypt:486 > > Does anyone know of a version of 'crypt(3)' which doesn't contain > > AT&T code, and is therefore not bound by U*ix licensing strictures? > > Let us be careful about posting something to a world-wide network that > might break State Department "rules." Although U.S. intellectuals have been fairly successful at selling us all down the river, there is still hope if enough citizens would realize that our government was established to serve its people, not (as in many other countries) the other way around. No agent of the government has any business restricting the flow of information among free men, or spying on its citizens, or searching their property without warrant, or many of the other things that Federal agencies have taken upon themselves. The only way to maintain what liberty still exists and regain that that has been lost, is to become aware of the oppressive acts of the bureaucracy and to NOT LET THEM GET AWAY WITH IT. The spook agencies, in particular, have felt that they are above ethics and normal law, and this is made worse by their virtual unaccountability. James Bamford's "The Puzzle Palace", although slow going in places, is a fairly accurate eye-opener for those who have not realized the extent of the U.S. government's attempt to control the flow of information. Generally the Commerce and State Department rules are based on what the DOD (NSA) tells them, and you can be assured that the NSA is not committed to the long-term benefit of humanity (via improved state of knowledge) but rather to the short-term concrete interests of a single nation. To anyone who is a supporter of the ideas on which this nation was founded, this mindless "patriotism" is counter- revolutionary. The best thing that could happen regarding data encryption would be for a cheap (fast and easy), reliable, secure encryption scheme to be universally adopted. (None of the standard UNIX software remotely qualifies.) This would not put the NSA out of business, since crib- dragging, tickling, eavesdropping on unencrypted traffic, traffic analysis, and other techniques could still be exploited, but it would sure make their budget-to-results ratio soar. There are provably secure schemes that require an impractical amount of secure key, but any information theorist worth his salt should be able to independently arrive at the ideas behind unicity distance, which is a measure of how much ciphertext is required to have a reasonable chance of successful cryptanalysis (a function of system structural complexity and key length). If one changes the key more fequently than the unicity distance, statistical attacks on the cipher stream become unprofitable, although experienced cryptanalysts should nonetheless probe a system for exploitable weaknesses before it is fielded (strong in theory may not mean strong in practice, due to a variety of potential problems such as tendency of bits to stick, susceptibility to operator error leading to isomorphic transmissions, failure to shield electronics that handles the clear text, etc.). In spite of the relative simplicity of setting up practically secure communications, amazingly enough incredibly easy-to-break systems have been and are still used for very sensitive information. Let's get these leaks plugged so we can keep snoops' noses out of our data. Meanwhile, let's question the wisdom of throttling freedom in the name of "protecting" it.