[3023] in cryptography@c2.net mail archive
The issue is near-perjury by high ranking U.S. government officials.
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 21 12:15:21 1998
To: Eric Young <eay@cryptsoft.com>
cc: C Matthew Curtin <cmcurtin@interhack.net>,
Robert Hettinga <rah@shipwright.com>, John Lowry <jlowry@bbn.com>,
Xcott Craver <caj@math.niu.edu>, gnu@toad.com,
cypherpunks@cyberpass.net, dcsb@ai.mit.edu, e$@vmeng.com,
cryptography@c2.net
In-reply-to: Your message of "Tue, 21 Jul 1998 15:29:25 +1000."
<Pine.GSO.3.96.980721144507.7647J-100000@pandora.cryptsoft.com>
Reply-To: perry@piermont.com
Date: Tue, 21 Jul 1998 11:39:06 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Eric Young writes:
> As 'Technical' people, 'we' have known the key length was too short quite
> quite a long time now. The EFF machine is just a very very good way of
> driving the point home for the 'non-technical' people, who were always saying
> it would cost too much etc etc.
I think that you aren't emphasizing the point properly here. The issue
is high ranking U.S. government officials lying under oath.
In congressional hearings, U.S. government officials have publicly
claimed that what EFF just did was impossible. They were, of course,
lying through their teeth -- but unfortunately it became necessary to
prove they were lying. That is why *someone* had to build a machine
like this -- to prove to the U.S. Congress that the statements it could
not be done were lies.
The press does not seem to be paying attention to the fact that high
ranking U.S. government officials were, more or less, caught lying
under oath. They probably weren't caught in such a way as to be
punishable under the perjury statutes -- the actual statements were
carefully phrased to be literally true though utterly misleading --
but they were certainly caught in such a way as to make reasonable
people wonder as to the reliability of the information they give out,
even under oath.
The following is taken from the EFF's DES Cracking FAQ:
http://www.eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html
----------------------------------------------------------------------
What claims have been made about DES?
The U.S. government has increasingly exaggerated both the strength of
DES and the time and cost it would take to crack a single
DES-encrypted message. For instance, at a June 26, 1997, U.S. House of
Representatives' Committee on International Relations hearing on the
encryption issue, both the Director of the FBI, Louis Freeh, and the
Deputy Director of the NSA, William Crowell, testified that the
government does not have the technology or the "brute force"
capability to break into encrypted information. In fact, they cite the
winners of last year's challenge by RSA Laboratories, who cracked a
message encrypted with 56-bit DES in five months using the distributed
computing power of the Internet, as evidence of the impracticality of
accessing information encoded with DES. In addition, they also
asserted that American industry could not decrypt real-time encryption
over a very minimal level of robustness. At one point, Freeh turned to
Crowell and asked, "If you gave me $3 million to buy a Cray computer,
it would take me how many years to do one message bit?" Crowell
replied, "64 bits, 7,000 years." (See
http://jya.com/hir-hear.htm). Earlier this year, the Principal
Associate Deputy Attorney General Robert S. Litt testified before the
U.S. Senate Judiciary Committee's Subcommittee on the Constitution,
Federalism, and Property that brute force decryption takes too long to
be useful to protect the public safety. He went on to say, "decrypting
one single message that had been encrypted with a 56-bit key took
14,000 Pentium-level computers over four months; obviously these kinds
of resources are not available to the FBI." (See
http://www.computerprivacy.org/archive/03171998-4.shtml ).
----------------------------------------------------------------------
