Date: Sun, 13 Dec 92 22:38 EST From: "Michael E. Marotta" Subject: File 2--Encryption issues ENCRYPTION ISSUES FOR THE NET COMMUNITY by Michael E. Marotta, mercury@well.sf.ca.us, mercury@lcc.edu Your use of privacy tools for telecom is defined by three issues. (1) The Government wants to read all messages. (2) Some networks prohibit encrypted messages. (3) The weakest feature of a crytosystem is transporting the key. These issues are broad. For example, the "government" is more than Bill Clinton. Employers, spouses, parents and neighbors often display severe cases of "Govern Mentality." Also, networks include four-station LANs and the Internet itself. Needing to send encoded messages to the person at the next desk is unusual. (1) In 1976, the Department of Commerce issued requests for the Data Encryption Standard and Data Encryption Algorithm and the original entry from IBM was too hard for the NSA to crack. So, the current 64-bit system was adopted. Now the FBI wants telephone companies to make digital signals tappable. When the USA entered World War I, Woodrow Wilson (a liberal, a Democrat and former president of Princeton) ordered the seizure of all radio transmitters and receivers. Back in 1991, then-senator Albert Gore and the Bush White House worked to create the legislation enabling the National Research & Education Network. This multi-gigabyte superhighway will eventually link thousands of universities and hundreds of lesser networks. Starting in 1992, cable TV operators are liable for the content of "wayne's world" public-access programming. Prodigy and FidoNet are well-known for their heavy handed rules. Overall, if you want to send a secure message, you have to think through all of the ramifications of your actions. (2) Fidonet policy forbids encryption and allows the review of mail to ensure that the system is not being used for "illegal" purposes. FidoNet policies identify English as the "official" language and FidoNet moderators often forbid ANY message not in English. FidoNet policy severely defines "private netmail" pointing out (reasonably enough) that you never know who a message is passed to as it is routed. These restrictions are not limited to FidoNet. Universities, corporations, and government agencies have similar rules and there is no single standard. (3) The art of hiding a message is called "steganography." Back in 1978, I suggested using rock cassettes for TRS-80 data and ever since, the FBI seizes music when they arrest hackers. Sooner or later, though, you have to transmit the key. Ideally, you send the key in a different manner than the message. This is not perfect. Public keys eliminate the need for transporting the key. The RSA Crytosystem is the best known public key cipher. It is not known to be compromisable. (By contrast, the DES is known to have weaknesses.) RSA was developed by Drs. Ronald Rivest, Adi Shamir and Lenard Adleman when they were at MIT. Today, RSA Data Security, Inc., is at 100 Marine Parkway, Redwood City, CA 94066. The company has developed several commercial products for Apple Macintosh and other systems. This last development opens the door to widespread data security. As Apple and others deliver encryption with their operating systems, no rules or laws or policies can prevent the use of these tools. In fact, there is a form of data encypherment that is widely accepted -- even on Fidonet: compression. ARC, ZIP, PAK, LZH, SQZ, you name it, there are many ways to shrink a file and all them turn plaintext into gobbledegook. If you want to build your own encypherment -- I mean, compression -- algorithm, a quick literature search on Limpel-Ziv, Huffman, and Nyquist will point you in the right direction. There are books on the subject, also. Be aware that as a CIPHER, a compressor can be analyzed and deciphered. My favorite method for sending secrets is the "Richelieu Grid." You send a plaintext message and within this, by agreement, a running set of letters creates a secret message. Edgar Allen Poe's "Valentine" to St. Joan is a simple example. The question is, "From whom are you keeping your secrets?" The NSA? Forget it, unless you are the KGB. From your Mom? A=Z, B=Y, C=X will work just fine! * I am the author of THE CODE BOOK sold by Loompanics, P. O. Box 1197, Port Townsend, WA 98368. Their catalog costs $5. * Downloaded From P-80 International Information Systems 304-744-2253