[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Some legal trouble with TOR in France

Again it is very unlikely. There are many options to get the keys - like forcing you to divulge them or wire tapping your keyboard.

 

If such a backdoor was included than it would likely be spotted. Here are some comments on a similar accusation a few years ago: http://www.cnn.com/TECH/computing/9909/13/backdoor.idg/

 

 

From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Ringo Kamens
Sent: 14 May 2006 18:43
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some legal trouble with TOR in France

 

I'm not saying the AES is weak. I'm saying that Microsoft might have implemented a back-door for governments. They could store the private keys and passwords in videocard memory or in the boot sector or something like that.

On 5/14/06, Tony <Tony@xxxxxxxxxxxxx> wrote:

2. The restrictions on encryption were removed some years ago. The best encryption software comes from outside the USA anyway so it was always a pointless exercise in futility.

 

Unless a vulnerability is found in 256 bit AES it would take them longer than the ages of the universe to crack a key by brute force no matter how many terraflops of power they have to task on your key (not to mention the many others they might want to crack)

 

3. Filtering content is not quite the same as signing code and pretending it comes from Microsoft. Such a piece of code would have a changed checksum would likely be spotted and then analysed. I can't see Microsoft doing that unless required by law.

 

4. TPM is part of the trusted computing concept. It just makes it much harder. Not impossible.

 

From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Ringo Kamens
Sent: 14 May 2006 18:31


To: or-talk@xxxxxxxxxxxxx
Subject: Re: Some legal trouble with TOR in France

 

There are a few key points that you are overlooking.

 

1. In support of the photocopying money scandal, most printers have yellow dots imprinted on them that track date printed, serial number, etc.

 

2. By US export law, US companies are not allowed to export encryption larger than 56 bit (although it might have jumped to 128 a few years ago), unless it has been certified by the government.  That means unless it has a backdoor. Plus, governments have thousands of teraflops of idle computer cycles waiting to crack your keys.

 

3. How can you honestly think Microsoft wouldn't bend over for the US government. They bent over for China. Look at PGP. They moved to closed source after version 6.0 with no valid reason. The reason is probably the government.

 

4. In terms of using checksums to ensure your system hasn't been tampered with, the computer hardware could have a defense system against that such as trusted computing.

 

Ringo Kamens

 

On 5/14/06, Mike Zanker < mike@xxxxxxxxxx> wrote:

On 14/5/06 15:10, Tony wrote:

> Nb- failure to disclose keys is up to two years in prison. Not 10.
>
> (5) A person guilty of an offence under this section shall be liable-
>
>   (a) on conviction on indictment, to imprisonment for a term not
> exceeding two years or to a fine, or to both;
>   (b) on summary conviction, to imprisonment for a term not exceeding
> six months or to a fine not exceeding the statutory maximum, or to both.

Furthermore, that's part III of RIPA which hasn't been enacted yet.

Mike.



This message has been scanned for viruses by MailController - www.MailController.altohiway.com