Interview with Phil Zimmerman 72
A reader writes "PGP's creator is participating in an online interview this week. Phil
is mainly interested in clearing the air about the recently discovered
ADK bug, but the larger topics of encryption and worldwide organized snoop rings (Echelon) have already come up. The interview is open
to questions from anyone; runs through Friday 9/8."
We need secure protocols, not content. (Score:5)
In other words, all the strong crypto in the DATA segment of the SMTP transaction isn't gonna save you if an FBI agent decides he wants to forge a "From: kiddypr0narchive@fbi.gov" in an email to you. For mail to truly be secure, it's clear that we now need to encrypt all headers in the SMTP and/or POP transactions.
Likewise, for safe browsing, SSL on the content of the pages isn't enough; all the metadata in the HTTP GET requests have to be encrypted too.
Traffic analysis makes sense; it's machine-readable data, machine-parsable, and very easy to inject into a database for profiling purposes. Scanning a database for all From: addresses associated with To: fields of osama_bin_laden@secretterroristcamp.iq, or IP addresses associated with Referrer-ID: fields matching the regexp *janetreno*goat*pr0n* is a lot easier than actually trying to examine a terabyte of .JPGs.
We've seen it in the public domain with the "auto-sue" programs used against Napster users.
We're seeing the gummint getting into the act with Carnivore. Whaddyawannabet that 5 years from now, when Jaz and ZIP drives are no longer available, the "physical evidence" ceases to be a piddly 120M disk (which can probably only hold the sniffed headers from a handful of users before it has to be swapped for another disc) and becomes a 200G hard drive (which can hold everyone's traffic for a few days)? Hell, the cost of the "removable hard drive Carnivore" isn't much more than the ZIP drive one today.
At what point will we redesign our basic communications protocols to be snoop-resistant?
Re:should everything on the internet be cheesed? (Score:1)
Re:should everything on the internet be encrypted (Score:2)
Ummm, I thought that if they decrypt your mother's new recipe then they have your private key, and then they can decrypt everything else you send without much force. Of course, I'm somewhat ignorant -- do people change their keys every message? Does the software exist to change the key for each packet that is sent?
Re:DON'T POST QUESTIONS HERE (Score:1)
a34470asd89sradfh9weg89g349h834g980zgaseh89erf
qr34h8934wr7890ferhferasd7890f4w78h4f37h4f34f3
qf348934f890734f9h4f389h34f89h34f89hfliwe984we
456wertz89erj3w459ß8t4we9h8ertw89zuewrt89zue4w
Re:What about quantum computers? (Score:1)
The equipment needed to perform QE isn't insanely expensive, either. The current problem is supposed to be extending the distance over which the stream can be sent.
Re:mr smarty man cant read (Score:1)
I like cheese.
Re:Redundant (Score:1)
Re:What about quantum computers? (Score:1)
The original post seemed to suggest that quantum computers were somehow going to able to break QE because of their unique properties. I'm fairly sure that can't be the case, given the above.
Can you imagine... (Score:1)
Printed matter is more 'pure' than digital? (Score:1)
The DeCSS issue is slightly more complex, since it's not a 'pure' free speech case, but historically, the US Supreme Court is reluctant to allow any restrictions on words on paper- pictures and streams of electrons are a different story.
But is it? (Score:1)
Correct me if I am wrong. I don't know the relative computational cost. This is just a guess. Anyone with more info?
Re:What about quantum computers? (Score:2)
1) quantum computers do not break symmetric encryption, so if quantum computation becomes commonplace, then we're no worse off than before public-key encryption became a common concept (and in fact, our symmetric systems will still be useful).
Unfortunately, we will have to resort to physical means to securely pass our keys (with the accompanying possibility of rubber-hose or sticky-fingers decryption techniques...)
2) There are still mathematical operations which look like they have the same kind of property that factoring large numbers or doing discrete logarithms have right now, i.e., being easy to do in one direction, and hard to do in the other, but do not look like they will be easily solveable by a quantum computer.
So...the advent of practical quantum computing might make the CURRENT public key infrastructure useless (in which case we are no worse off than our current state where hardly ANYTHING on the net is encrypted), but there will still be the ability to transition back to an encrypted state.
Re:should everything on the internet be encrypted (Score:1)
Re:We need secure protocols, not content. (Score:1)
If you're connecting to Hotmail through an anonymizing proxy, it (in most cases, see the now defunct lpwa proxy, for example) won't proxy SSL connections. So the unsuspecting "John Doe" sending an email message that irritates someone in any way may never know it was the "X-Sending-IP" or similar header, gained from that short SSL connection, that gave him away.
Re:Publishing Source (Score:2)
A printed version of the code does not act as a virtual device, it can't do anything or automatically make a computer or any other device do something.
Now it lets a person (or a computer with OCR) make a copy of the code, but the DMCA doesn't say instructions for making a circumvention device are illegal. Heck it doesn't even say a device that makes a circumvention device is illegal. (Although I wouldn't want to rely on that it court). They can hang a lot on the prohibition on "trafficing" in such devices.
In summary, there may be reasons a printed version is exempt.
Here is another difference, DeCSS is illegal, PGP wasn't, as far as export regs go. (the patent situation was a different issue). So copying it to paper and exporting that when that is legal under export laws is apparently a workable workaround. That might not work with DeCSS.
I am not a lawyer, any care to comment?
I think a better future together (Score:1)
Finally, you observe:
Get all the heavy hitters with PhDs and post-doctoral work to defend them calmly, though). As soon as the person in front of you in limiting access to information and communication-- a dream for anyone to peruse. He obviously is incapable of decency, integrity, or intelligence. Where's natural selection when you download directly from them, there's a Linux software available...that gets the nod over VMware or Win4Lin. If it's enabled by default. Not only do I not trust the langauges, but the pay-per-use annoyance-ware model has not yet died. Witness the recent Slashdot story about the struggle with darkness within (which is naturally why so many people are instructed to send too much energy up- the intensity of the key point (to me) proving that is harmful to minors. If you are *really* worried about inetd's security, why not have it, download it now!
Re:should everything on the internet be encrypted (Score:2)
Bill - aka taniwha
--
Why not GPL? (Score:2)
What about quantum computers? (Score:4)
Close, but not quite (Score:4)
A very large pair... (Score:4)
I read an interview a long time ago about his reason for doing do. He said he had heard of a rebel group (forget which country) that was fighting against an oppressive govermnent was using PGP to communicate.
He decided that if his tool could be used to help people struggling for freedom, it did not matter what would happen to him. He released the software shortly thereafter. In my opinion, he's of the earliest true idealists in the world of hi-tech.
Re:We need secure protocols, not content. (Score:2)
So, going with the intent of your posting, all that's needed is to use SSL for everything. Now, there is still one problem. `They' can tell what machine you are connecting to (the tcp/ip headers are not encrypted, but then I don't really see how they can be*). One way to avoid this is to have multiple secure relays, but each relay is an openning for them to get in to grab the un-encrypted protocol information.
* Routers need to know where to send the packets, so at least the IP and possibly the TCP headers can not be encrypted.
Bill - aka taniwha
--
Re:HERE IS A MIRROR OF THE CHEESE!!!!!!! (Score:1)
Like cheese.
I like cheese.
Re:Question. (Score:1)
Publishing Source (Score:3)
Actually, one wonders if this will become the method of choice for distribution of 'illegal' source code such as DeCSS, etc...
-jerdenn
Re:We need secure protocols, not content. (Score:2)
Yeah, I just recalled Hotmail as an example where the sign-in process was done securely, but everything else was done in plaintext. Rather a silly implementation.
As for SSL in general, what was I thinking when I posted that? (I shouldn't try sniffing an SSL connection, I should just try drinking more coffee before I post a brainfart like that again.) *doh!*
Re:We need secure protocols, not content. (Score:2)
They may not have legal right to do it, but once your data hits Carnivore (assuming a legal e-tap is in place) its your word versus theirs on how the trojan got in your system (not like its going to have ©FBI in it).
Just to be fancy, how many regular users would notice if someone added a Promise IDE RAID card and a second harddrive (in mirror mode) to their system.
Re:This bears mentioning!! (Score:1)
I like cheese.
Re:Yes, everything should be encrypted. (Score:1)
Think of cell phones for example; manufacturers just don't want to put anything good in there due to power usage. Here I'd be on the side of encrypting anyway.
do think though about what everything implies. In the context of the 3com founder saying it (something like "I invented ethernet, but I should have thought about encrypting everything"), it seemed to imply that every network card on every machine would do some encryption point to point with every other network card. That means every route has its own encryption layer over any other layers. I think that would have a huge speed impact on any internet (present or future).
-Daniel
Re:We need secure protocols, not content. (Score:1)
2. The issue of "bundling" the browser is dead. Microsoft won at the appellate division, and the plaintiff did not appeal; end of story.
3. The Justice Department's behavior toward Microsoft can only be described as a political vendetta, led by a completely political White House operative by the name of Joel Klein, with strong backing from the entire Clinton administration. The interesting question is not whether this happened, but why it happened.
4. Bill Gates made a nearly fatal mistake in ignoring the political process, and in underestimating Washington DC's ability to hurt him. As recently as two years ago, he still did not rate the anti-trust case as among his top ten problems. This was a grievous error on his part, and one he was worked hard to correct in the past year.
5. Both political parties are in the extortion game, a fact John McCain has repeatedly noted. They depend on "soft money" that is extorted from large corporations, labor unions, and trade associations. The media is totally culpable in this corrupt process, since they are the primary beneficiaries of the money itself, which is spent on advertising during campaigns. Any major company within the American economy that refuses to play this game is vulnerable to attack, particularly if it has powerful enemies who are more than willing to use any and every means at their disposal to destroy it.
6. Microsoft's enemies include Oracle and Sun (Larry Ellison and Scott Mcnealy), who put repeated pressure on the politicians to eviscerate Microsoft so that their products, which were increasingly losing out to Microsoft's superior technology, would ultimately prevail. Since the first of the year, when the trial court ruled that Microsoft should be split in two, Oracle and Sun have both done extremely well at the same time that MSFT stock was about cut in half. This is exactly what Ellison and McNealy intended.
7. Penfield Jackson is a technological ignoramus, a completely biased judge, and a virtual stooge for the Justice Department. This will soon become apparent.
8. Microsoft never got a fair trial in Jackson's courtroom. It was a kangaroo trial from the beginning, but one that was aided - to Microsoft's detriment - by their own mismanagement. That said, even under the best of legal strategy, Microsoft had no chance, and the outcome would have been the same. It was a fix from the beginning.
Re:DON'T POST QUESTIONS HERE (Score:1)
Slashdot-hosted interviews used to be, what, weekly? And yet when was the last one? Or have I simply had them filtered out of my homepage with a new bug?
Re:What about quantum computers? (Score:2)
--
Re:What about quantum computers? (Score:1)
So if you can break the public key at the start the whole session is open.
Re:Publishing Source (Score:1)
Remove ADK (Score:1)
Too many features (Score:2)
Re:should everything on the internet be encrypted (Score:2)
Re:We need secure protocols, not content. (Score:1)
With SMTP, you can actually encrypt everything and don't have any headers (or only fakes) in the message.
You only can't encrypt (or fake) the evelope return path, the envelope recipient and Received headers.
TWO "N"'s, DAMMIT! (Score:1)
should everything on the internet be encrypted (Score:4)
This has to do with the interview topic of encryption as you may be able to see
-Daniel
Question. (Score:2)
Just wondering (Score:1)
How do you think PGP and GnuPG compare? (Score:1)
Think Twice before installing PGP 6.5.8 (Score:1)
Following the thread on comp.security.pgp.discuss what can be done to restore confidence in the pgp system?
Date: Mon, 28 Aug 2000 22:29:56 -0400
From: Nemo
Newsgroups: alt.privacy.anon-server
Subject: Think Twice before installing PGP 6.5.8
If you want to install an updated PGP to fix the ADK issue, you might want to read this message thread over in comp.security.pgp.discuss
8o87bf$p7m$1@cristal.i-quake.com
Apparently, NAI's solution is to hide the problem from the user. The updated PGP won't use a forged ADK, but it also will not show you that a key has a forged ADK; a forged key will appear to be valid with no ADKs at all. Consequently, the "view->ADKs" menu option is no longer useful for detecting keys with forged ADKs.
This fix is a Public Relations fix, not a bugfix. The ADK problem is a major design flaw, not a simple bug. It cannot be reliably fixed by what NAI is doing. This update show a fundamental misunderstanding of what the real problem is and makes me question whether NAI really wants to fix this.
-- Nemo -:- nemo@redneck.gacracker.org
"For those with more memory than 8 Mb - tough luck.
I've not got it, why should you." - Linus Torvalds
(from the linux kernel source code, circa 1991)
Re:should everything on the internet be encrypted (Score:1)
The message from mother to me: Uses my public/private keypair to encrypt/decrypt
The message from me to mother: Uses mother's public/private keypair to encrypt/decrypt
Thus, if they mange to brute force the recipe they have only gained my private key. Which will give them any message sent
Of course, if you really want to nitpick, with my private key they could now sign a message as me, encrypt it using mother's public key and send it to her. Perhaps something along the lines of "come visit me in the location specified in the last message." Then they will just need to follow her for a while.
Or.. knowing my mother, they could just walk into the house, go over to the computer, and read the plaintext of the message I just sent to her which she has failed to destroy. (And if they were really that keen on getting it, the recipe as well.)
Redundant (Score:2)
Zimmerman himself already made his view on this [pgpi.org] pretty clear, years ago.
---
Re:Why not GPL? (Score:3)
How? The code is not GPL'd for sure, but it sure as hell is open for us to see [mit.edu]. Just because it uses the MITPGP License [mit.edu] not the GPL does not make it any less secure.
It is an option that is easially left out. Just dissable it. Or, for that matter, don't complile it in, just as you would have the option of doing so with GPL'd code.
I really don't see what the big deal is that this doesn't use GPL. For security purposes, one Open Source License is just as good as the next.
Yes, everything should be encrypted. (Score:2)
Multicasted video may want to go out unencrypted; not for speed reasons, but because collecting the key might incur unnecessary expense for all parties. But the same argument should not apply to normal, point-to-point communications.
--
Re:should everything on the internet be encrypted (Score:2)
There are two sorts of communications which go out over the Net: public and private. Private communications (email, Web pages, etc.) ought to be transmitted securely in order to ensure privacy; public communications ought to be transmitted in the clear to ensure they remain public.
Re:What about quantum computers? (Score:1)
1. If you build a computer based on quantum information, it can factor numbers efficiently and hence compromises crypto schemes like RSA.
2. If you build a communication line which uses quantum information to distribute a key for cryptographic purposes you can guarantee security of the key distribution (i.e. if someone is spying you WILL know this).
I'm sure everyone who has an ounce of intuition can postulate that these two are related, but to my knowledge, no one has every shown a connection between the two.
I recently saw a paper in which the author demonstrated an extension of the quantum computing factoring algorithm to "other hard number theory questions". How odd that nature has provided us with a way to become superb numerical geniuses!
dabacon
Re:What about quantum computers? (Score:1)
What quantum computers can really do efficiently is to factor numbers efficiently. This is DIFFERENT from exploring all of the keys simultaneously. If this was how a quantum computer worked, then quantum computing would have an even greater impact on the world...it would easily imply that quantum computers can solve NP complete problems efficiently. As of today, to my knowledge, no one has shown how to solve an NP complete problem efficiently on a quantum computer.
dabacon.
Re:should everything on the internet be encrypted (Score:1)
Ummm, I thought that if they decrypt your mother's new recipe then they have your private key, and then they can decrypt everything else you send without much force. Of course, I'm somewhat ignorant -- do people change their keys every message? Does the software exist to change the key for each packet that is sent?
Actually, I believe the way that it works in practice is that the actual message is usually encoded using a private key system (same key to encrypt/decrypt). Then, the private key is encoded with the public/private key system. This means that the relative length of the encryption key is longer, and so is stronger. But don't take my word for it, because I'm no cryptanalyst - do your own homework :)
Phil did NOT release PGP. (Score:2)
Rather, he was paid to write it, and the other person (who prefers to keep a low profile - but was investigated with Phil by the Grand Jury) is the person who released it.
This is an important distinction. Without that other person hiring Phil to write PGP, and having the balls to release it, PGP would not exist.
It's also interesting, and alas, degrading to Phil's reputation, that Phil Z. has done quite a lot to trash the other person's reputation, while trying to grab more glory (and undeserved glory at that).
If Phil Z. is a hero, he is a sad one at that.
For references, read some of the original material about the release, starting with Jim Warren's article from Microtimes.
Re:DON'T POST QUESTIONS HERE (Score:1)
I'm not asking Phil Zimmerman whether he knows about Slashdot interviews, as that really wouldn't make much sense now, would it? What I was wondering was whether any of the slashdot community knew what was going on. Entirely legit.
Re:Too many features (Score:2)
Third-party decryption keys are a good thing; however, they should never have been implemented as they were, in a fashion which lead to the ability for anyone to subvert a key and read mail encrypted for it. Fortunately, it appears that this problem has been fixed.
When sending email on company time to company contacts regarding company business, one has no right to expect privacy. Indeed, one has a duty to make one's communications visible--one's superiors have a definite right to audit one's performance and business dealings. It's no different from calling a customer after the salesman has left and conducting a satisfaction survey.
Public versus Private (Score:1)
Some insecure public protocols (SMTP) should have have never happened -- blame it on the 800 lb sendmail gorilla that has been wandering aimlessly for 20 years.
On the other hand, HTTPS support was put in early, and was just willingly not adopted except for business transactions. Netscape's big ugly broken key icon in vers 1-3 was their hint for users to demand a secure channel. They didn't care. It would be nice if general interest sites like Slashdot ran their service on both http and https just to give clued-in users the option.
--
Source IS Available for PGP 6.5 and later (Score:1)
Check your facts man.
Re:should everything on the internet be encrypted (Score:3)
That way I can choose not to get your public key.
Re:should everything on the internet be encrypted (Score:3)
Only hole in this I can see is your neighbour could just crack into the ad server and look at the records for what's been sent to you, but that's another issue, I guess.
Bill - aka taniwha
--
Re:HERE IS A MIRROR OF THE STORY MOFOZZZZ!!!!!!!!! (Score:1)
DON'T POST QUESTIONS HERE (Score:5)
Thrashing...please wait...
-------------
Re:should everything on the internet be encrypted (Score:1)
Who cares if my personal web page is unencrypted? Not me... nothing is on there...
On the other hand, if I want to keep certain things out of the hands of others, then I encrypt it, pray my skills (or my encryption program) is up to snuff, and hope no teenage hackers decide to have fun...
However, encrypting everything in counter-productive unless you are trying to restrict the number of people who can read things. For corporations, it makes sense. For highly sensitive material, it makes sense. For proprietary information, it makes sense. For Jim Bob's Chili Recipe page, it doesn't.
Kierthos
Complexity and Security (Score:3)
PGP seems to be a case study in this in that the recent bug has no effect on the older, simpler PGP 2.6. As requests for features by everyone from paranoid hackers (bigger keys) to corporations (ADK's) come in, it is natural to want to add things to software. The problem is that as the software gets more complex, dangerous flaws get much harder to spot (even in open source software). Once a bug like this creeps in, the "feature-rich" software is significantly less useful than the old version in that it doesn't accomplish its original goal: privacy.
How do you think one should go about trying to achieve a good balance of features/complexity and security?
Re:Redundant (Score:1)
-Daniel
Re:What about quantum computers? (Score:2)
Even when they do that, there are other public key mathematical operations (elliptical curves come to mind) which people haven't come up with easy ways to crack yet, even with quantum computation. Doesn't mean it won't happen, but there will still be alternatives.
Re:Remove ADK (Score:1)
Re:Remove ADK (Score:1)
Re:Too many features (Score:2)
No new cypher is worth looking at unless it comes from someone who has already broken a very hard one. - Friedman.
Re:should everything on the internet be encrypted (Score:5)
If big brother like organizations waste a week trying to decrypt your mother's letter about a new recipe she just tried, that is a week they don't have to decrypt the message you reply with explaining why your family has to go into hiding. We need to inject more noise into the system.
-prak
Re:Complexity and Security (Score:1)
Re:should everything on the internet be encrypted (Score:2)
This is why host-to-host encryption should be standard issue at the hosts' IP stack.
Re:If someone wants to find out badly enough they (Score:1)