Message-ID: <3A2D0198.42FD91A4@gypsyfarm.com>
Date: Tue, 05 Dec 2000 09:54:16 -0500
From: zentara
It's interesting (from a civil liberties perspective) that there is a backdoor into PGP. Can you tell me more? How did this come about? Was it publicized? Does encryption technology without backdoors exist? If so, how can we be sure?
Also, of potential interest is the FBI's "Carnivore" system. Carnivore basically automates the surveillance process on the Internet. If one combines backdoors with surveillance, one has quite a capability. For a recent study on Carnivore see: http://www.usdoj.gov/jmd/publications/carniv_entry.htm .
For SuSE this may be off-topic. If we hear any objection, I propose that we move it off the list.
Well the security of linux c compilers and assemblers should be of interest to the list, and every linux user. That said, the general wisdom is that if it goes out on the net, it can eventually be part of the public record, whether you encrypt it or not. Encryption is only part of the security picture. If you do a web search for "Tempest", you will find what standards the government requires of it's "secret computers". You will learn that each computer is basically a miniature transmitter, sending out a weak signal, of everything occuring inside of it. The Tempest standards require "Faraday Cages" around sensitive computers, which block electromagnetic radiatition from penetrating it. This basically is a very fine wire mesh, or solid metal cage, which is grounded. I have heard, but cannot state as fact, that it is illegal in the US to have a computer in a Faraday Cage. That tells you that the "big brother element" in the Government are using these techniques to spy on those they choose to monitor. So even if you encrypt, your secret passphrase can be detected by equipment in a nearby location, like a parked van. This is highly sophisticated, and it is more likely that government's (and private detectives) use simple "computer bugs" which transmit your keystrokes to a recorder. These computer bugs are in the early stages, like audio bugs were in the 50's. But you can be sure they exist, and it probably won't be long before hobbbyist magazines start advertising them. The will get around privacy laws by advertising them as a way to monitor your "children's computer usage". They probably will end up in those little sealed plastic power cubes that power modems and audio speakers. But they may end up in video cards, broadcasting an exact replica of your monitor. That said, the question is how much should we worry about encryption security? Knowledgable people can get your secret key and password, with a little effort. To be really secure, you can't use any technology. But if you just want to hide data from a competitor, (or wife), then encryption is still useful. It will be a useful tool in online voting, e-commerce, etc. But it is not secure for secret messaging unless you apply some various serious measures. The paper by Ken Thompson just gives a glimpse into how a dedicated team of programmers can infiltrate your security, hiding it from you even if you look at every line of source code in your machine. It is no surprise that the Chineese government refused Bill Gate's attempt to push Windows into China. They are not dumb.