[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some legal trouble with TOR in France



Nope.  I think they'd be making different statements than they're
making, and I think that they'd have avoided the subject in private.

Adam

On Sun, May 14, 2006 at 03:10:07PM -0700, Ringo Kamens wrote:
| If somebody was forced to implement backdoors for the government, do you think
| they would be allowed to tell you?
| 
| On 5/14/06, Adam Shostack <adam@xxxxxxxxxxxx> wrote:
| 
|     Niels Ferguson says "over my dead body:"
|     http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx  He's
|     also said as much to me in person, as has Peter Biddle.
| 
|     Adam
| 
| 
|     On Sun, May 14, 2006 at 10:43:22AM -0700, Ringo Kamens wrote:
|     | I'm not saying the AES is weak. I'm saying that Microsoft might have
|     | implemented a back-door for governments. They could store the private
|     keys and
|     | passwords in videocard memory or in the boot sector or something like
|     that.
|     |
|     | On 5/14/06, Tony < Tony@xxxxxxxxxxxxx> wrote:
|     |
|     |
|     |     2. The restrictions on encryption were removed some years ago. The
|     best
|     |     encryption software comes from outside the USA anyway so it was
|     always a
|     |     pointless exercise in futility.
|     |
|     |
|     |
|     |     Unless a vulnerability is found in 256 bit AES it would take them
|     longer
|     |     than the ages of the universe to crack a key by brute force no matter
|     how
|     |     many terraflops of power they have to task on your key (not to
|     mention the
|     |     many others they might want to crack)
|     |
|     |
|     |
|     |     3. Filtering content is not quite the same as signing code and
|     pretending
|     |     it comes from Microsoft. Such a piece of code would have a changed
|     checksum
|     |     would likely be spotted and then analysed. I can't see Microsoft
|     doing that
|     |     unless required by law.
|     |
|     |
|     |
|     |     4. TPM is part of the trusted computing concept. It just makes it
|     much
|     |     harder. Not impossible.
|     |
|     |
|     |
|     |    
|     ---------------------------------------------------------------------------
|     |
|     |     From: owner-or-talk@xxxxxxxxxxxxx [mailto:
|     owner-or-talk@xxxxxxxxxxxxx] On
|     |     Behalf Of Ringo Kamens
|     |     Sent: 14 May 2006 18:31
|     |
|     |
|     |     To: or-talk@xxxxxxxxxxxxx
|     |     Subject: Re: Some legal trouble with TOR in France
|     |
|     |
|     |
|     |     There are a few key points that you are overlooking.
|     |
|     |
|     |
|     |     1. In support of the photocopying money scandal, most printers have
|     yellow
|     |     dots imprinted on them that track date printed, serial number, etc.
|     |
|     |
|     |
|     |     2. By US export law, US companies are not allowed to export
|     encryption
|     |     larger than 56 bit (although it might have jumped to 128 a few years
|     ago),
|     |     unless it has been certified by the government.  That means unless it
|     has a
|     |     backdoor. Plus, governments have thousands of teraflops of idle
|     computer
|     |     cycles waiting to crack your keys.
|     |
|     |
|     |
|     |     3. How can you honestly think Microsoft wouldn't bend over for the US
|     |     government. They bent over for China. Look at PGP. They moved to
|     closed
|     |     source after version 6.0 with no valid reason. The reason is probably
|     the
|     |     government.
|     |
|     |
|     |
|     |     4. In terms of using checksums to ensure your system hasn't been
|     tampered
|     |     with, the computer hardware could have a defense system against that
|     such
|     |     as trusted computing.
|     |
|     |
|     |
|     |     Ringo Kamens
|     |
|     |
|     |
|     |     On 5/14/06, Mike Zanker < mike@xxxxxxxxxx> wrote:
|     |
|     |     On 14/5/06 15:10, Tony wrote:
|     |
|     |     > Nb- failure to disclose keys is up to two years in prison. Not 10.
|     |     >
|     |     > (5) A person guilty of an offence under this section shall be
|     liable-
|     |     >
|     |     >   (a) on conviction on indictment, to imprisonment for a term not
|     |     > exceeding two years or to a fine, or to both;
|     |     >   (b) on summary conviction, to imprisonment for a term not
|     exceeding
|     |     > six months or to a fine not exceeding the statutory maximum, or to
|     both.
|     |
|     |     Furthermore, that's part III of RIPA which hasn't been enacted yet.
|     |
|     |     Mike.
|     |
|     |
|     |
|     |     This message has been scanned for viruses by MailController -
|     |     www.MailController.altohiway.com
|     |
|     |
|     |
|     |
| 
|