Integer factorization, etc.
in [Math]
|
From: Risto Lankinen on 18 Apr 2008 20:51 Marc Briceno, a : cryptography guru at Community ConneXion. : : Then there's Kerrey's statement saying "there : will be" restrictions on what encryption products : you're permitted to buy from overseas firms. This : contradicts Justice Department official Michael : Vatis, who told me at a conference this year that : the Clinton administration did not want import : controls. Though Cabe Franklin, spokesperson : for Trusted Information Systems, says Kerrey was : misunderstood. "In the briefing afterwards, I found : out he didn't mean that at all. He meant import : controls, but more regulation than restriction. The : same way they wouldn't let a car with faulty : steering controls in the country. He meant more : quality control," Franklin says. (I don't know : about you, but I'm not convinced.) [ What a bunch of hooey. ] : : Kerrey's sudden interest in cryptologic arcana : likely stems from a recent addition to his staff: : policy aide Chris McLean. : : McLean is hardly a friend of the Net. While in : former Sen. Jim Exon's (D-Neb.) office, McLean : drafted the notorious Communications Decency : Act and went on to prompt Exon to derail : "Pro-CODE" pro-encryption legislation last fall. : Then, not long after McLean moved to his current : job, his new boss stood up on the Senate floor : and bashed Pro-CODE in favor of the White : House party line: "The President has put forward : a plan which
From: Tim Smith on 18 Apr 2008 20:15 above does not evidence any */ > /* actual or intended publication of such source code. */ > > ...followed by another email with a subset of the same source, > slightly modified, and the proprietary header stripped out. > > I hope it didn't flow past AT&T's ISP connections... [snip] ********** end excerpt from 'Corruption at Salomon Brothers' ********** This transfer of proprietary source code that USED to be owned by AT&T did not even qualify for action. Salomon legal stated Salomon has a lower obligation for third-party copyrights than they did for software they contracted for themselves, like Sybase. Salomon didn't have a UNIX source license, so obviously the employee had gotten it elsewhere. In the following statistic, it was the only non-Salomon source code. We went from zero monitoring of Internet email traffic to... > On 3/21/96 we had our first security incident report. > > By 3/26/96 we had an astonishing 38,000 lines of proprietary source code > outbound. > > We were mentally unprepared. Figuratively we were pulling our hair out > wondering when the madness would stop. > > It never did. As I said, the results of keyword monitoring were stunning. If you look up computer security literature and read up on security incidents, you'll notice none are more articulate about inside-employee incidents other than to describe the people as "disgruntled employees". Wrong. I'll go over some of the major categories of incidents I encountered. Keyword monitoring is abstract to most people; these results show how powerful the technique is. Here are two from the category: o People innocently trying to get work done. This usually happens between the programmer and a third-party vendor. SISS stands for 'Salomon Information Security Services'. The configurations and passwords
From: Risto Lankinen on 18 Apr 2008 20:38 information quickly accessible to law enforcement agencies without notice to the key owners. These basic requirements make the problem of general key recovery difficult and expensive - and potentially too insecure and too costly for many applications and many users. Attempts to force the widespread adoption of key-recovery encryption through export controls, import or domestic use regulations, or international standards should be considered in light of these factors. The public must carefully consider the costs and benefits of embracing government-access key recovery before imposing the new security risks and spending the huge investment required (potentially many billions of dollars, in direct and indirect costs) to deploy a global key recovery infrastructure. ****************************************************************************** Government Steamroller ---------- ----------- Force anyone receiving government money to use crackable crypto?
From: fortune.bruce on 18 Apr 2008 20:04 a National ID Card without its use eventually becoming required. That is simply how it goes with new tools for the government. See how the uses of the Social Security number have grown, wildly beyond what the government ever said it would be used for? # Privacy Journal, By Robert Ellis Smith, October 1986 issue # # Tax reform bill HR 3838 requires effective January 1988 that any taxpayer # claiming a dependent five years or older have a Social Security number. # # This is to prevent divorced parents from simultaneously claiming the # same child. # # The requirement means that, for the first time, large numbers of children # who have not reached employment age will need Social Security numbers. # # Its use has been expanding the past fifteen years by regulations under # the Bank Secrecy Act, requiring all bank account holders to be enumerated, # and by the Deficit Reduction Act of 1984 and subsequent legislation # requiring children who receive public assistance to be enumerated. # # Privacy Journal, By Robert Ellis Smith, April 1990 issue # # State legislatures are forced to enact legislation by November requiring # all parents to provide their Social Security numbers before a birth # certificate will be issued for a newborn. # # The Family Support Act of 1988 forces a state to forfeit a portion of # federal funds if it does not impose the requirement, which is intended # to lead parents to believe the government will be able to chase them # down later if they do not support their children. # # Ontario, Canada: Each newborn infant will now receive an ID number at # birth and a plastic ID card to go with it. # # Privacy Journal, By Robert Ellis Smith, September 1991 issue # # A California taxpayer has successfully filed a tax return without # providing Social Security numbers for her three children, as required # by a 1986 federal law, but the IRS is quite happy if nobody knows about # the case. # #
From: quasi on 18 Apr 2008 18:43
PREVENT TERRORISM. UNCRACKABLE ENCRYPTION WILL ALLOW DRUG LORDS, TERRORISTS, AND EVEN VIOLENT GANGS [Secret Service to Ed Cummings: "We are the biggest gang in town"] TO COMMUNICATE WITH IMPUNITY. OTHER THAN SOME KIND OF KEY RECOVERY SYSTEM, THERE IS NO TECHNICAL SOLUTION. As if real terrorists or drug lords would use Key Recovery crypto! Furthermore, Freeh is arguing BOTH SIDES of the issue when he complains "DRUG LORDS ARE NOW SUPPORTED BY THE BEST TECHNOLOGY MONEY CAN BUY", AND THEN SAYS we need Key Recovery so we can read their traffic! Even the NSA is talking Doublethink at us: * NYT: Stuart A. Baker, General Counsel for the NSA, explained why crooks * and terrorists who are smart enough to use data encryption would be stupid * enough to choose the U.S. Government's compromised data encryption * standard: * * "You shouldn't overestimate the I.Q. of crooks." ...which is also apparently their view of the American public. WE ARE NOW AT AN HISTORICAL CROSSROAD ON THE ENCRYPTION ISSUE. IF PUBLIC POLICY MAKERS ACT WISELY, THE SAFETY OF ALL AMERICANS WILL BE ENHANCED FOR DECADES TO COME. [1984 Newspeak:] BUT IF NARROW INTERESTS PREVAIL, LAW ENFORCEMENT WILL BE UNABLE TO PROVIDE THE LEVEL OF PROTECTION THAT PEOPLE IN A DEMOCRACY PROPERLY EXPECT AND DESERVE. ANY SOLUTION THAT IGNORES THE PUBLIC SAFETY AND NATIONAL SECURITY CONCERNS RISK GRAVE HARM TO BOTH. And what was a critical public safety and national security item the FBI insisted on in the first version of CALEA? They wanted all cellular phones to continually monitor the l |