[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Some legal trouble with TOR in France
Nope. I think they'd be making different statements than they're
making, and I think that they'd have avoided the subject in private.
Adam
On Sun, May 14, 2006 at 03:10:07PM -0700, Ringo Kamens wrote:
| If somebody was forced to implement backdoors for the government, do you think
| they would be allowed to tell you?
|
| On 5/14/06, Adam Shostack <adam@xxxxxxxxxxxx> wrote:
|
| Niels Ferguson says "over my dead body:"
| http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx He's
| also said as much to me in person, as has Peter Biddle.
|
| Adam
|
|
| On Sun, May 14, 2006 at 10:43:22AM -0700, Ringo Kamens wrote:
| | I'm not saying the AES is weak. I'm saying that Microsoft might have
| | implemented a back-door for governments. They could store the private
| keys and
| | passwords in videocard memory or in the boot sector or something like
| that.
| |
| | On 5/14/06, Tony < Tony@xxxxxxxxxxxxx> wrote:
| |
| |
| | 2. The restrictions on encryption were removed some years ago. The
| best
| | encryption software comes from outside the USA anyway so it was
| always a
| | pointless exercise in futility.
| |
| |
| |
| | Unless a vulnerability is found in 256 bit AES it would take them
| longer
| | than the ages of the universe to crack a key by brute force no matter
| how
| | many terraflops of power they have to task on your key (not to
| mention the
| | many others they might want to crack)
| |
| |
| |
| | 3. Filtering content is not quite the same as signing code and
| pretending
| | it comes from Microsoft. Such a piece of code would have a changed
| checksum
| | would likely be spotted and then analysed. I can't see Microsoft
| doing that
| | unless required by law.
| |
| |
| |
| | 4. TPM is part of the trusted computing concept. It just makes it
| much
| | harder. Not impossible.
| |
| |
| |
| |
| ---------------------------------------------------------------------------
| |
| | From: owner-or-talk@xxxxxxxxxxxxx [mailto:
| owner-or-talk@xxxxxxxxxxxxx] On
| | Behalf Of Ringo Kamens
| | Sent: 14 May 2006 18:31
| |
| |
| | To: or-talk@xxxxxxxxxxxxx
| | Subject: Re: Some legal trouble with TOR in France
| |
| |
| |
| | There are a few key points that you are overlooking.
| |
| |
| |
| | 1. In support of the photocopying money scandal, most printers have
| yellow
| | dots imprinted on them that track date printed, serial number, etc.
| |
| |
| |
| | 2. By US export law, US companies are not allowed to export
| encryption
| | larger than 56 bit (although it might have jumped to 128 a few years
| ago),
| | unless it has been certified by the government. That means unless it
| has a
| | backdoor. Plus, governments have thousands of teraflops of idle
| computer
| | cycles waiting to crack your keys.
| |
| |
| |
| | 3. How can you honestly think Microsoft wouldn't bend over for the US
| | government. They bent over for China. Look at PGP. They moved to
| closed
| | source after version 6.0 with no valid reason. The reason is probably
| the
| | government.
| |
| |
| |
| | 4. In terms of using checksums to ensure your system hasn't been
| tampered
| | with, the computer hardware could have a defense system against that
| such
| | as trusted computing.
| |
| |
| |
| | Ringo Kamens
| |
| |
| |
| | On 5/14/06, Mike Zanker < mike@xxxxxxxxxx> wrote:
| |
| | On 14/5/06 15:10, Tony wrote:
| |
| | > Nb- failure to disclose keys is up to two years in prison. Not 10.
| | >
| | > (5) A person guilty of an offence under this section shall be
| liable-
| | >
| | > (a) on conviction on indictment, to imprisonment for a term not
| | > exceeding two years or to a fine, or to both;
| | > (b) on summary conviction, to imprisonment for a term not
| exceeding
| | > six months or to a fine not exceeding the statutory maximum, or to
| both.
| |
| | Furthermore, that's part III of RIPA which hasn't been enacted yet.
| |
| | Mike.
| |
| |
| |
| | This message has been scanned for viruses by MailController -
| | www.MailController.altohiway.com
| |
| |
| |
| |
|
|