NationStates Jolt Archive

http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm

I just hope that this does not hurt their E-Commerce industry too hard …

Ouch.

I guess this means that they don't really have any ability to crack encryption keys.

Ouch.

I guess this means that they don't really have any ability to crack encryption keys.
No a few other articles I have seen were making wild claims that there were tones of computers sitting around that could not be cracked and people walking away free
(they were not very reputable though so dont know how far I would trust them ...)

It won't last. :p

It won't last. :p
Hopefully they made no real provision for third party holders nor biometrics to START with

No a few other articles I have seen were making wild claims that there were tones of computers sitting around that could not be cracked and people walking away free
(they were not very reputable though so dont know how far I would trust them ...)
I guess the longer keys are not crackable in a practical sense.

http://www.eweek.com/article2/0,3959,560039,00.asp

This is the continuation of legislation that is not needed.

What this is meant to do is make it easier for government agancies to eavesdrop on us.

It has nothing to do with not being able to break codes...GCHQ (and its precursors back to Bletchly Park) has been doing that longer than anyone.

It is all to do with cost cutting and easier government intrusion.

I guess the longer keys are not crackable in a practical sense.

http://www.eweek.com/article2/0,3959,560039,00.asp
Slight modification they are not easy to crack by brute force

There are better ways then the way they went about it specialy when they have suspected content

How can they force someone to handover their encryption keys?

How can they force someone to handover their encryption keys?
By threat of 2 years of jail time if they don’t comply

If that was pulled in the US, something I wouldn't put past the people who think "tubes" are getting stopped up, I would just laugh in their face all the way to court.

By threat of 2 years of jail time if they don’t comply
Because terrorists are really scared of going to prison instead of blowing themselves up. Especially with the 5 years they get as a bonus.

Ye gods, our government is such a bunch of morons...

Because terrorists are really scared of going to prison instead of blowing themselves up. Especially with the 5 years they get as a bonus.

Ye gods, our government is such a bunch of morons...
Agreed that was one of the points in the article (well maybe it was one of the other ones that I read) the fact that a 2 year jail sentence for a pedo or terrorist is nothing compared to giving up the key

"The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force."
Data is being encrypted at an alarmnig rate and since we are lazy fucks who can't be assed to find our Intelligence Agency enough to use encryption cracking software bought from script kiddies on the internet, we are going to make everyone tell us their encryption keys in hopes we don't lose it or forget it.

Data is being encrypted at an alarmnig rate and since we are lazy fucks who can't be assed to find our Intelligence Agency enough to use encryption cracking software bought from script kiddies on the internet, we are going to make everyone tell us their encryption keys in hopes we don't lose it or forget it.

Kind of hard to crack RSA nowadays if it's encrypted at 128 bits. Even if you have cracking software. The problem is one of scale - you need more computing power than currently exists on the planet, and time to run the crack.

64-bit RSA, yes - in four years using thousands of computers. Not 128.

Maybe in a few years.

Here in the US, you only have to provide your keys on demand with a warrant. Say you're arrested - they can force you to hand over the keys - rather like a regular lock and key situation. Asking for everyone's keys in advance is a major logistical problem.

Kind of hard to crack RSA nowadays if it's encrypted at 128 bits. Even if you have cracking software. The problem is one of scale - you need more computing power than currently exists on the planet, and time to run the crack.

64-bit RSA, yes - in four years using thousands of computers. Not 128.

Maybe in a few years.

Here in the US, you only have to provide your keys on demand with a warrant. Say you're arrested - they can force you to hand over the keys - rather like a regular lock and key situation. Asking for everyone's keys in advance is a major logistical problem.
Brute force cracking is the absolutly last method for cracking ... there are better ways(for RSA or some other public key systems) such as factoring the public key or common modulus or faulty encryption

I have seen a few of them done before (not a large brute force though)

Brute force cracking is the absolutly last method for cracking ... there are better ways(for RSA or some other public key systems) such as factoring the public key or common modulus or faulty encryption

I have seen a few of them done before (not a large brute force though)

Sometimes it's easier to crack the encryption that the RSA is concealing, such as the US government's DES.

That's way too easy to crack.

Sometimes it's easier to crack the encryption that the RSA is concealing, such as the US government's DES.

That's way too easy to crack.
DES has not really been used in its native form for important work in years … they usually layer it

It gets pretty secure by the time it gets to Tripple DES

http://www.tropsoft.com/strongenc/des3.htm

DES has not really been used in its native form for important work in years … they usually layer it

It gets pretty secure by the time it gets to Tripple DES

http://www.tropsoft.com/strongenc/des3.htm

That's why I'm wondering - what's easier - crack the RSA to get the session key - or try to find the session key instead.

Probably depends on the method used to encrypt the session.

I wish I could understand this.

I wish I could understand this.
http://world.std.com/~franl/crypto/rsa-guts.html

That's why I'm wondering - what's easier - crack the RSA to get the session key - or try to find the session key instead.

Probably depends on the method used to encrypt the session.
You are correct sir ... for an example if you are doing a one time pad or eliptical then cracking the RSA is easier

But DES or Double DES or hell just plain old block cyphers then cracking the key is easier

http://world.std.com/~franl/crypto/rsa-guts.html
Ohhh fairly good starters discription I am going to have to remember this for my class (simple explinations are good for the students)

Ohhh fairly good starters discription I am going to have to remember this for my class (simple explinations are good for the students)
It's better to show a little math, and the core idea, and then go from there.

It's better to show a little math, and the core idea, and then go from there.
God knows that this is my first year of teaching a security course and they stick me with encryption algorithms. Oh well it will be a bit till we get to RSA anyways

Got to start with shift and transposition and block ciphers first

God knows that this is my first year of teaching a security course and they stick me with encryption algorithms. Oh well it will be a bit till we get to RSA anyways

Got to start with shift and transposition and block ciphers first
There's a master's program at a local university here on security. One of the programming courses is on encryption algorithms (they have to write the actual algorithms rather than use already-written libraries). Most of the people have a really hard time with it, and I've had to help some of them.

Funny, since I don't have a degree in CS or any formal training in the field. But I can write the stuff...

There's a master's program at a local university here on security. One of the programming courses is on encryption algorithms (they have to write the actual algorithms rather than use already-written libraries). Most of the people have a really hard time with it, and I've had to help some of them.

Funny, since I don't have a degree in CS or any formal training in the field. But I can write the stuff...
If you know the math you can do it. I have no formal CS degree (I do program though) it is all about the algorithm for the most part not the language. I still have a few of my VB and C++ programs laying around

The class I am teaching is undergrad top level (400 level) the only step up is post-grad (500 and 600 level) those we have for our masters

Um.

<.<

>.>

Taffy is delicious.

Um.

<.<

>.>

Taffy is delicious.

Dude, math got me laid more than anything else. A lot.

If you can do someone's math and comp sci homework - and you're not a math or comp sci major, you can get laid.

Dude, math got me laid more than anything else. A lot.

If you can do someone's math and comp sci homework - and you're not a math or comp sci major, you can get laid.

Math isn't a problem, but comp sci sorta passed me by. *nod*

http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm

I just hope that this does not hurt their E-Commerce industry too hard …
:rolleyes:

People are so silly about 'freedoms' when it comes to computers and the internet; the moment something is banned in the 'virtual' world it causes an outcry, even if it is something that is illegal in the 'real' world.

Access to bomb making equipment in a book? Terrorism.
Access to bomb making equipment on the internet? Freedom.
Police knocking down the door of a paedophile ring leader? Justice.
Police gaining encryption keys for illegal content? Gross invasion of privacy.

Seriously people, get a grip. It may be called a 'virtual' world, but it's still as much a part of the 'real' one as anything else.

:rolleyes:

People are so silly about 'freedoms' when it comes to computers and the internet; the moment something is banned in the 'virtual' world it causes an outcry, even if it is something that is illegal in the 'real' world.

Access to bomb making equipment in a book? Terrorism.
Access to bomb making equipment on the internet? Freedom.
Police knocking down the door of a paedophile ring leader? Justice.
Police gaining encryption keys for illegal content? Gross invasion of privacy.

Seriously people, get a grip. It may be called a 'virtual' world, but it's still as much a part of the 'real' one as anything else.
But unlike the real world this encrypted data gets passed around changed re keyed encapsulated and transferred over just about any electronic medium.

There are a LOT of other problems then exist in the physical world and a lot more considerations. Hell with some types of encryptions knowing the “Key” is not all that is necessary to start with.