home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!bu.edu!transfer.stratus.com!ellisun.sw.stratus.com!cme
- From: cme@ellisun.sw.stratus.com (Carl Ellison)
- Newsgroups: sci.crypt
- Subject: Weak cryptography >> Key registration
- Message-ID: <1ejd00INN894@transfer.stratus.com>
- Date: 20 Nov 92 19:06:40 GMT
- Organization: Stratus Computer, Software Engineering
- Lines: 28
- NNTP-Posting-Host: ellisun.sw.stratus.com
-
-
- Current policy is to allow export of cryptosystems of a certain weakness
- provided they can't be strengthened. I believe that this is a superior
- policy to that of key registration.
-
- The real concern isn't lawful interceptions and decryptions. It's unlawful
- ones -- by organized crime, criminals within the gov't, criminals with
- "friends" in the gov't, ....
-
- If the system is weak but the key is private, then the NSA can break the
- system if there's a demand for it but it's unlikely that Joe Mobster can
- break it. I trust the NSA not to be in the pay of the mobs. Meanwhile,
- I'd be surprised if the NSA would bother breaking weak systems (eg.,
- straight single CBC DES) just for fun (eg., as a favor to someone (like the
- local police) legally authorized to do the interception).
-
- If the system is strong but keys are registered, then Joe Mobster doesn't
- have to build a decrypting machine or try to get a friend inside the NSA.
- All he has to do is pay off someone at the registration center or otherwise
- gain access. He might, for example, get hired by the FBI (as a cover --
- and for some side income -- and as a spy), use a judge who was bought by
- the mob and walk up to the key registration center with a valid warrant.
-
- --
- -- <<Disclaimer: All opinions expressed are my own, of course.>>
- -- Carl Ellison cme@sw.stratus.com
- -- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- -- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
-
