[1070] in cryptography@c2.net mail archive
Re: Thoughts on the next target.
daemon@ATHENA.MIT.EDU (Shabbir J. Safdar)
Tue Jun 24 00:13:54 1997
In-Reply-To: <199706231946.MAA01630@blacklodge.c2.net>
Date: Mon, 23 Jun 1997 23:56:34 -0400
To: trei@process.com, coderpunks@toad.com, cryptography@c2.net
From: "Shabbir J. Safdar" <shabbir@vtw.org>
Cc: trei@process.com
Speaking from a purely political point of view, we get mileage in the
crypto debate every time cypherpunks make a mockery of "export-friendly"
cryptography.
When Blaze cracked the PC card prototype, that set back the
Administration's plans.
When Damien Doligez (sp?) and several others subsequently did the same with
40 bit crypto, it allowed us to make the claim that "bored graduate
students can break exportable crypto". Although the Administration used to
object to this, it's pretty much a conceded point that exportable crypto is
inadequate.
If one is going to continue to target these systems, and discrediting those
in the Administration who are attacking our right to use crypto are
considered to be dangerous, I would suggest that products that the
Administration are trumpeting as great key recovery products be targeted
for brute force attacks. All by itself it won't be enough to turn the
tide in our favor, it will help.
It's probably the case as well that these attacks will be a mixture of
weakness in a protocol combined with a brute force attack, a la the weak
checksums of the LEAF in Blaze's original attack.
Of course, it should be acknowledged that there are completely scientific
interests in advancing the techiques of brute force attacks, and those
might be more compelling than simple political gains.
Let me give my congratulations to the DES challenge team. Every time
someone attacks weak crypto, it makes our work to protect strong crypto
easier. That's always appreciated.
-S
