NationStates Jolt Archive


Well UK activates part III of bad legislation

UpwardThrust
21-08-2006, 16:55
http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm

I just hope that this does not hurt their E-Commerce industry too hard …
Deep Kimchi
21-08-2006, 16:56
Ouch.

I guess this means that they don't really have any ability to crack encryption keys.
UpwardThrust
21-08-2006, 17:00
Ouch.

I guess this means that they don't really have any ability to crack encryption keys.
No a few other articles I have seen were making wild claims that there were tones of computers sitting around that could not be cracked and people walking away free
(they were not very reputable though so dont know how far I would trust them ...)
Lunatic Goofballs
21-08-2006, 17:04
It won't last. :p
UpwardThrust
21-08-2006, 17:06
It won't last. :p
Hopefully they made no real provision for third party holders nor biometrics to START with
Deep Kimchi
21-08-2006, 17:08
No a few other articles I have seen were making wild claims that there were tones of computers sitting around that could not be cracked and people walking away free
(they were not very reputable though so dont know how far I would trust them ...)
I guess the longer keys are not crackable in a practical sense.

http://www.eweek.com/article2/0,3959,560039,00.asp
Rubiconic Crossings
21-08-2006, 17:21
This is the continuation of legislation that is not needed.

What this is meant to do is make it easier for government agancies to eavesdrop on us.

It has nothing to do with not being able to break codes...GCHQ (and its precursors back to Bletchly Park) has been doing that longer than anyone.

It is all to do with cost cutting and easier government intrusion.
UpwardThrust
21-08-2006, 17:21
I guess the longer keys are not crackable in a practical sense.

http://www.eweek.com/article2/0,3959,560039,00.asp
Slight modification they are not easy to crack by brute force

There are better ways then the way they went about it specialy when they have suspected content
LiberationFrequency
21-08-2006, 17:23
How can they force someone to handover their encryption keys?
UpwardThrust
21-08-2006, 17:25
How can they force someone to handover their encryption keys?
By threat of 2 years of jail time if they don’t comply
Teh_pantless_hero
21-08-2006, 17:27
If that was pulled in the US, something I wouldn't put past the people who think "tubes" are getting stopped up, I would just laugh in their face all the way to court.
Compulsive Depression
21-08-2006, 17:44
By threat of 2 years of jail time if they don’t comply
Because terrorists are really scared of going to prison instead of blowing themselves up. Especially with the 5 years they get as a bonus.

Ye gods, our government is such a bunch of morons...
UpwardThrust
21-08-2006, 17:50
Because terrorists are really scared of going to prison instead of blowing themselves up. Especially with the 5 years they get as a bonus.

Ye gods, our government is such a bunch of morons...
Agreed that was one of the points in the article (well maybe it was one of the other ones that I read) the fact that a 2 year jail sentence for a pedo or terrorist is nothing compared to giving up the key
Teh_pantless_hero
21-08-2006, 18:41
"The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force."
Data is being encrypted at an alarmnig rate and since we are lazy fucks who can't be assed to find our Intelligence Agency enough to use encryption cracking software bought from script kiddies on the internet, we are going to make everyone tell us their encryption keys in hopes we don't lose it or forget it.
Deep Kimchi
21-08-2006, 18:51
Data is being encrypted at an alarmnig rate and since we are lazy fucks who can't be assed to find our Intelligence Agency enough to use encryption cracking software bought from script kiddies on the internet, we are going to make everyone tell us their encryption keys in hopes we don't lose it or forget it.

Kind of hard to crack RSA nowadays if it's encrypted at 128 bits. Even if you have cracking software. The problem is one of scale - you need more computing power than currently exists on the planet, and time to run the crack.

64-bit RSA, yes - in four years using thousands of computers. Not 128.

Maybe in a few years.

Here in the US, you only have to provide your keys on demand with a warrant. Say you're arrested - they can force you to hand over the keys - rather like a regular lock and key situation. Asking for everyone's keys in advance is a major logistical problem.
UpwardThrust
21-08-2006, 18:57
Kind of hard to crack RSA nowadays if it's encrypted at 128 bits. Even if you have cracking software. The problem is one of scale - you need more computing power than currently exists on the planet, and time to run the crack.

64-bit RSA, yes - in four years using thousands of computers. Not 128.

Maybe in a few years.

Here in the US, you only have to provide your keys on demand with a warrant. Say you're arrested - they can force you to hand over the keys - rather like a regular lock and key situation. Asking for everyone's keys in advance is a major logistical problem.
Brute force cracking is the absolutly last method for cracking ... there are better ways(for RSA or some other public key systems) such as factoring the public key or common modulus or faulty encryption

I have seen a few of them done before (not a large brute force though)
Deep Kimchi
21-08-2006, 19:01
Brute force cracking is the absolutly last method for cracking ... there are better ways(for RSA or some other public key systems) such as factoring the public key or common modulus or faulty encryption

I have seen a few of them done before (not a large brute force though)

Sometimes it's easier to crack the encryption that the RSA is concealing, such as the US government's DES.

That's way too easy to crack.
UpwardThrust
21-08-2006, 19:14
Sometimes it's easier to crack the encryption that the RSA is concealing, such as the US government's DES.

That's way too easy to crack.
DES has not really been used in its native form for important work in years … they usually layer it

It gets pretty secure by the time it gets to Tripple DES

http://www.tropsoft.com/strongenc/des3.htm
Deep Kimchi
21-08-2006, 19:14
DES has not really been used in its native form for important work in years … they usually layer it

It gets pretty secure by the time it gets to Tripple DES

http://www.tropsoft.com/strongenc/des3.htm

That's why I'm wondering - what's easier - crack the RSA to get the session key - or try to find the session key instead.

Probably depends on the method used to encrypt the session.
Hydesland
21-08-2006, 19:16
I wish I could understand this.
Deep Kimchi
21-08-2006, 19:17
I wish I could understand this.
http://world.std.com/~franl/crypto/rsa-guts.html
UpwardThrust
21-08-2006, 19:17
That's why I'm wondering - what's easier - crack the RSA to get the session key - or try to find the session key instead.

Probably depends on the method used to encrypt the session.
You are correct sir ... for an example if you are doing a one time pad or eliptical then cracking the RSA is easier

But DES or Double DES or hell just plain old block cyphers then cracking the key is easier
UpwardThrust
21-08-2006, 20:31
http://world.std.com/~franl/crypto/rsa-guts.html
Ohhh fairly good starters discription I am going to have to remember this for my class (simple explinations are good for the students)
Deep Kimchi
21-08-2006, 20:32
Ohhh fairly good starters discription I am going to have to remember this for my class (simple explinations are good for the students)
It's better to show a little math, and the core idea, and then go from there.
UpwardThrust
21-08-2006, 20:37
It's better to show a little math, and the core idea, and then go from there.
God knows that this is my first year of teaching a security course and they stick me with encryption algorithms. Oh well it will be a bit till we get to RSA anyways

Got to start with shift and transposition and block ciphers first
Deep Kimchi
21-08-2006, 20:39
God knows that this is my first year of teaching a security course and they stick me with encryption algorithms. Oh well it will be a bit till we get to RSA anyways

Got to start with shift and transposition and block ciphers first
There's a master's program at a local university here on security. One of the programming courses is on encryption algorithms (they have to write the actual algorithms rather than use already-written libraries). Most of the people have a really hard time with it, and I've had to help some of them.

Funny, since I don't have a degree in CS or any formal training in the field. But I can write the stuff...
UpwardThrust
21-08-2006, 20:44
There's a master's program at a local university here on security. One of the programming courses is on encryption algorithms (they have to write the actual algorithms rather than use already-written libraries). Most of the people have a really hard time with it, and I've had to help some of them.

Funny, since I don't have a degree in CS or any formal training in the field. But I can write the stuff...
If you know the math you can do it. I have no formal CS degree (I do program though) it is all about the algorithm for the most part not the language. I still have a few of my VB and C++ programs laying around

The class I am teaching is undergrad top level (400 level) the only step up is post-grad (500 and 600 level) those we have for our masters
Lunatic Goofballs
21-08-2006, 20:45
Um.

<.<

>.>

Taffy is delicious.
Deep Kimchi
21-08-2006, 20:50
Um.

<.<

>.>

Taffy is delicious.

Dude, math got me laid more than anything else. A lot.

If you can do someone's math and comp sci homework - and you're not a math or comp sci major, you can get laid.
Lunatic Goofballs
21-08-2006, 20:54
Dude, math got me laid more than anything else. A lot.

If you can do someone's math and comp sci homework - and you're not a math or comp sci major, you can get laid.

Math isn't a problem, but comp sci sorta passed me by. *nod*
Philosopy
21-08-2006, 21:00
http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm

I just hope that this does not hurt their E-Commerce industry too hard …
:rolleyes:

People are so silly about 'freedoms' when it comes to computers and the internet; the moment something is banned in the 'virtual' world it causes an outcry, even if it is something that is illegal in the 'real' world.

Access to bomb making equipment in a book? Terrorism.
Access to bomb making equipment on the internet? Freedom.
Police knocking down the door of a paedophile ring leader? Justice.
Police gaining encryption keys for illegal content? Gross invasion of privacy.

Seriously people, get a grip. It may be called a 'virtual' world, but it's still as much a part of the 'real' one as anything else.
UpwardThrust
21-08-2006, 21:07
:rolleyes:

People are so silly about 'freedoms' when it comes to computers and the internet; the moment something is banned in the 'virtual' world it causes an outcry, even if it is something that is illegal in the 'real' world.

Access to bomb making equipment in a book? Terrorism.
Access to bomb making equipment on the internet? Freedom.
Police knocking down the door of a paedophile ring leader? Justice.
Police gaining encryption keys for illegal content? Gross invasion of privacy.

Seriously people, get a grip. It may be called a 'virtual' world, but it's still as much a part of the 'real' one as anything else.
But unlike the real world this encrypted data gets passed around changed re keyed encapsulated and transferred over just about any electronic medium.

There are a LOT of other problems then exist in the physical world and a lot more considerations. Hell with some types of encryptions knowing the “Key” is not all that is necessary to start with.