diff --git a/02-MFAQ/02-MFAQ.md b/02-MFAQ/02-MFAQ.md new file mode 100644 index 0000000..9eb50ba --- /dev/null +++ b/02-MFAQ/02-MFAQ.md @@ -0,0 +1,1468 @@ +2. MFAQ--Most Frequently Asked Questions + + 2.1. copyright + THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, + 1994-09-10, Copyright Timothy C. May. All rights reserved. + See the detailed disclaimer. Use short sections under "fair + use" provisions, with appropriate credit, but don't put your + name on my words. + + 2.2. SUMMARY: MFAQ--Most Frequently Asked Questions + 2.2.1. Main Points + - These are the main questions that keep coming up. Not + necessarily the most basic question, just the ones that get + asked a lot. What most FAQs are. + 2.2.2. Connections to Other Sections + 2.2.3. Where to Find Additional Information + - newcomers to crypto should buy Bruce Schneier's "Applied + Cryptography"...it will save many hours worth of + unnecessary questions and clueless remarks about + cryptography. + - the various FAQs publishe in the newsroups (like sci.crypt, + alt.security.pgp) are very helpful. (also at rtfm.mit.edu) + 2.2.4. Miscellaneous Comments + - I wasn't sure what to include here in the MFAQ--perhaps + people can make suggestions of other things to include. + - My advice is that if something interests you, use your + editing/searching tools to find the same topic in the main + section. Usually (but not always) there's more material in + the main chapters than here in the MFAQ. + + 2.3. "What's the 'Big Picture'?" + 2.3.1. Strong crypto is here. It is widely available. + 2.3.2. It implies many changes in the way the world works. Private + channels between parties who have never met and who never + will meet are possible. Totally anonymous, unlinkable, + untraceable communications and exchanges are possible. + 2.3.3. Transactions can only be *voluntary*, since the parties are + untraceable and unknown and can withdraw at any time. This + has profound implications for the conventional approach of + using the threat of force, directed against parties by + governments or by others. In particular, threats of force + will fail. + 2.3.4. What emerges from this is unclear, but I think it will be a + form of anarcho-capitalist market system I call "crypto + anarchy." (Voluntary communications only, with no third + parties butting in.) + + 2.4. Organizational + 2.4.1. "How do I get on--and off--the Cypherpunks list?" + - Send a message to "cypherpunks-request@toad.com" + - Any auto-processed commands? + - don't send requests to the list as a whole....this will + mark you as "clueless" + 2.4.2. "Why does the Cypherpunks list sometimes go down, or lose the + subscription list?" + - The host machine, toad.com, owned by John Gilmore, has had + the usual problems such machines have: overloading, + shortages of disk space, software upgrades, etc. Hugh + Daniel has done an admirable job of keeping it in good + shape, but problems do occur. + - Think of it as warning that lists and communication systems + remain somewhat fragile....a lesson for what is needed to + make digital money more robust and trustable. + - There is no paid staff, no hardware budget for + improvements. The work done is strictly voluntarily. + 2.4.3. "If I've just joined the Cypherpunks list, what should I do?" + - Read for a while. Things will become clearer, themes will + emerge, and certain questions will be answered. This is + good advice for any group or list, and is especially so for + a list with 500 or more people on it. (We hit 700+ at one + point, then a couple of list outages knocked the number + down a bit.) + - Read the references mentioned here, if you can. The + sci.crypt FAQ should be read. And purchase Bruce Schneier's + "Applied Cryptography" the first chance you get. + - Join in on things that interest you, but don't make a fool + of yourself. Reputations matter, and you may come to regret + having come across as a tedious fool in your first weeks on + the list. (If you're a tedious fool after the first few + weeks, that may just be your nature, of course.) + - Avoid ranting and raving on unrelated topics, such as + abortion (pro or con), guns (pro or con), etc. The usual + topics that usually generate a lot of heat and not much + light. (Yes, most of us have strong views on these and + other topics, and, yes, we sometimes let our views creep + into discussions. There's no denying that certain + resonances exist. I'm just urging caution.) + 2.4.4. "I'm swamped by the list volume; what can I do?" + - This is a natural reaction. Nobody can follow it all; I + spend entirely too many hours a day reading the list, and I + certainly can't follow it all. Pick areas of expertise and + then follow them and ignore the rest. After all, not seeing + things on the list can be no worse than not even being + subscribed to the list! + - Hit the "delete" key quickly + - find someone who will digest it for you (Eric Hughes has + repeatedly said anyone can retransmit the list this way; + Hal Finney has offered an encrypted list) + + Better mailers may help. Some people have used mail-to-news + systems and then read the list as a local newsgroup, with + threads. + - I have Eudora, which supports off-line reading and + sorting features, but I generally end up reading with an + online mail program (elm). + - The mailing list may someday be switched over to a + newsgroup, a la "alt.cypherpunks." (This may affect some + people whose sites do not carry alt groups.) + 2.4.5. "It's very easy to get lost in the morass of detail here. Are + there any ways to track what's *really* important?" + - First, a lot of the stuff posted in the Usenet newsgroups, + and on the Cypherpunks list, is peripheral stuff, + epiphenomenal cruft that will blow away in the first strong + breeze. Grungy details about PGP shells, about RSA + encryption speeds, about NSA supercomputers. There's just + no reason for people to worry about "weak IDEA keys" when + so many more pressing matters exist. (Let the experts + worry.) Little of this makes any real difference, just as + little of the stuff in daily newspapers is memorable or + deserves to be memorable. + - Second, "read the sources." Read "1984," "The Shockwave + Rider," "Atlas Shrugged," "True Names." Read the Chaum + article on making Big Brother obsolete (October 1985, + "Communications of the ACM"). + - Third, don't lose sight of the core values: privacy, + technological solutions over legal solutions, avoiding + taxation, bypassing laws, etc. (Not everyone will agree + with all of these points.) + - Fourth, don't drown in the detail. Pick some areas of + interest and follow _them_. You may not need to know the + inner workings of DES or all the switches on PGP to make + contributions in other areas. (In fact, you surely don't.) + 2.4.6. "Who are the Cypherpunks?" + - A mix of about 500-700 + + Can find out who by sending message to majordomo@toad.com + with the message body text "who cypherpunks" (no quotes, of + course). + - Is this a privacy flaw? Maybe. + - Lots of students (they have the time, the Internet + accounts). Lots of computer science/programming folks. Lots + of libertarians. + - quote from Wired article, and from "Whole Earth Review" + 2.4.7. "Who runs the Cypherpunks?" + - Nobody. There's no formal "leadership." No ruler = no head + = an arch = anarchy. (Look up the etymology of anarchy.) + - However, the mailing list currently resides on a physical + machine, and this machine creates some nexus of control, + much like having a party at someon'e house. The list + administrator is currently Eric Hughes (and has been since + the beginning). He is helped by Hugh Daniel, who often does + maintenance of the toad.com, and by John Gilmore, who owns + the toad.com machine and account. + - In an extreme situation of abuse or neverending ranting, + these folks could kick someone off the list and block them + from resubscribing via majordomo. (I presume they could-- + it's never happened.) + - To emphasize: nobody's ever been kicked off the list, so + far as I know. Not even Detweiler...he asked to be removed + (when the list subscribes were done manually). + - As to who sets policy, there is no policy! No charter, no + agenda, no action items. Just what people want to work on + themselves. Which is all that can be expected. (Some people + get frustrated at this lack of consensus, and they + sometimes start flaming and ranting about "Cypherpunks + never do anything," but this lack of consensus is to be + expected. Nobody's being paid, nobody's got hiring and + firing authority, so any work that gets done has to be + voluntary. Some volunteer groups are more organized than we + are, but there are other factors that make this more + possible for them than it is for us. C'est la vie.) + - Those who get heard on the mailing list, or in the physical + meetings, are those who write articles that people find + interesting or who say things of note. Sounds fair to me. + 2.4.8. "Why don't the issues that interest me get discussed?" + - Maybe they already have been--several times. Many newcomers + are often chagrined to find arcane topics being discussed, + with little discussion of "the basics." + - This is hardly surprising....people get over the "basics" + after a few months and want to move on to more exciting (to + them) topics. All lists are like this. + - In any case, after you've read the list for a while--maybe + several weeks--go ahead and ask away. Making your topic + fresher may generate more responses than, say, asking + what's wrong with Clipper. (A truly overworked topic, + naturally.) + 2.4.9. "How did the Cypherpunks group get started?" + 2.4.10. "Where did the name 'Cypherpunks' come from?" + + Jude Milhon, aka St. Jude, then an editor at "Mondo 2000," + was at the earliest meetings...she quipped "You guys are + just a bunch of cypherpunks." The name was adopted + immediately. + - The 'cyberpunk' genre of science fiction often deals with + issues of cyberspace and computer security ("ice"), so + the link is natural. A point of confusion is that + cyberpunks are popularly thought of as, well, as "punks," + while many Cyberpunks are frequently libertarians and + anarchists of various stripes. In my view, the two are + not in conflict. + - Some, however, would prefer a more staid name. The U.K. + branch calls itself the "U.K. Crypto Privacy + Association." However, the advantages of the + name are clear. For one thing, many people are bored by + staid names. For another, it gets us noticed by + journalists and others. + - + - We are actually not very "punkish" at all. About as punkish + as most of our cyberpunk cousins are, which is to say, not + very. + + the name + - Crypto Cabal (this before the sci.crypt FAQ folks + appeared, I think), Crypto Liberation Front, other names + - not everybody likes the name...such is life + 2.4.11. "Why doesn't the Cypherpunks group have announced goals, + ideologies, and plans?" + - The short answer: we're just a mailing list, a loose + association of folks interested in similar things + - no budget, no voting, no leadership (except the "leadership + of the soapbox") + - How could such a consensus emerge? The usual approach is + for an elected group (or a group that seized power) to + write the charter and goals, to push their agenda. Such is + not the case here. + - Is this FAQ a de facto statement of goals? Not if I can + help it, to be honest. Several people before me planned + some sort of FAQ, and had they completed them, I certainly + would not have felt they were speaking for me or for the + group. To be consistent, then, I cannot have others think + this way about _this_ FAQ! + 2.4.12. "What have the Cypherpunks actually done?" + - spread of crypto: Cypherpunks have helped + (PGP)...publicity, an alternative forum to sci.crypt (in + many ways, better...better S/N ratio, more polite) + - Wired, Whole Earth Review, NY Times, articles + - remailers, encrypted remailers + + The Cypherpunk- and Julf/Kleinpaste-style remailers were + both written very quickly, in just days + - Eric Hughes wrote the first Cypherpunks remailer in a + weekend, and he spent the first day of that weekend + learning enough Perl to do the job. + + Karl Kleinpaste wrote the code that eventually turned + into Julf's remailer (added to since, of course) in a + similarly short time: + - "My original anon server, for godiva.nectar.cs.cmu.edu + 2 years ago, was written in a few hours one bored + afternoon. It + wasn't as featureful as it ended up being, but it was + "complete" for + its initial goals, and bug-free." + [Karl_Kleinpaste@cs.cmu.edu, alt.privacy.anon-server, + 1994-09-01] + - That other interesting ideas, such as digital cash, have + not yet really emerged and gained use even after years of + active discussion, is an interesting contrast to this + rapid deployment of remailers. (The text-based nature of + both straight encryption/signing and of remailing is + semantically simpler to understand and then use than are + things like digital cash, DC-nets, and other crypto + protocols.) + - ideas for Perl scripts, mail handlers + - general discussion, with folks of several political + persuasions + - concepts: pools, Information Liberation Front, BlackNet + - + 2.4.13. "How Can I Learn About Crypto and Cypherpunks Info?" + 2.4.14. "Why is there sometimes disdain for the enthusiasm and + proposals of newcomers?" + - None of us is perfect, so we sometimes are impatient with + newcomers. Also, the comments seen tend to be issues of + disagreement--as in all lists and newsgroups (agreement is + so boring). + - But many newcomers also have failed to do the basic reading + that many of us did literally _years_ before joining this + list. Cryptology is a fairly technical subject, and one can + no more jump in and expect to be taken seriously without + any preparation than in any other technical field. + - Finally, many of us have answered the questions of + newcomers too many times to be enthusiastic about it + anymore. Familiarity breeds contempt. + + Newcomers should try to be patient about our impatience. + Sometimes recasting the question generates interest. + Freshness matters. Often, making an incisive comment, + instead of just asking a basic question, can generate + responses. (Just like in real life.) + - "Clipper sux!" won't generate much response. + 2.4.15. "Should I join the Cypherpunks mailing list?" + - If you are reading this, of course, you are most likely on + the Cypherpunks list already and this point is moot--you + may instead be asking if you should_leave_ the List! + - Only if you are prepared to handle 30-60 messages a day, + with volumes fluctuating wildly + 2.4.16. "Why isn't the Cypherpunks list encrypted? Don't you believe + in encryption?" + - what's the point, for a publically-subscribable list? + - except to make people jump through hoops, to put a large + burden on toad (unless everybody was given the same key, so + that just one encryption could be done...which underscores + the foolishness) + + there have been proposals, mainly as a stick to force + people to start using encryption...and to get the encrypted + traffic boosted + - involving delays for those who choose not or can't use + crypto (students on terminals, foreigners in countries + which have banned crypto, corporate subscribers....) + 2.4.17. "What does "Cypherpunks write code' mean?" + - a clarifying statement, not an imperative + - technology and concrete solutions over bickering and + chatter + - if you don't write code, fine. Not everyone does (in fact, + probably less than 10% of the list writes serious code, and + less than 5% writes crypto or security software + 2.4.18. "What does 'Big Brother Inside' Mean?" + - devised by yours truly (tcmay) at Clipper meeting + - Matt Thomlinson, Postscript + - printed by .... + 2.4.19. "I Have a New Idea for a Cipher---Should I Discuss it Here?" + - Please don't. Ciphers require careful analysis, and should + be in paper form (that is, presented in a detailed paper, + with the necessary references to show that due diligence + was done, the equations, tables, etc. The Net is a poor + substitute. + - Also, breaking a randomly presented cipher is by no means + trivial, even if the cipher is eventually shown to be weak. + Most people don't have the inclination to try to break a + cipher unless there's some incentive, such as fame or money + involved. + - And new ciphers are notoriously hard to design. Experts are + the best folks to do this. With all the stuff waiting to be + done (described here), working on a new cipher is probably + the least effective thing an amateur can do. (If you are + not an amateur, and have broken other people's ciphers + before, then you know who you are, and these comments don't + apply. But I'll guess that fewer than a handful of folks on + this list have the necessary background to do cipher + design.) + - There are a vast number of ciphers and systems, nearly all + of no lasting significance. Untested, undocumented, unused- + -and probably unworthy of any real attention. Don't add to + the noise. + 2.4.20. Are all the Cypherpunks libertarians? + 2.4.21. "What can we do?" + - Deploy strong crypto, to ensure the genie cannot be put in + the bottle + - Educate, lobby, discuss + - Spread doubt, scorn..help make government programs look + foolish + - Sabotage, undermine, monkeywrench + - Pursue other activities + 2.4.22. "Why is the list unmoderated? Why is there no filtering of + disrupters like Detweiler?" + - technology over law + - each person makes their own choice + - also, no time for moderation, and moderation is usually + stultifying + + anyone who wishes to have some views silenced, or some + posters blocked, is advised to: + - contract with someone to be their Personal Censor, + passing on to them only approved material + - subscribe to a filtering service, such as Ray and Harry + are providing + 2.4.23. "What Can I Do?" + - politics, spreading the word + - writing code ("Cypherpunks write code") + 2.4.24. "Should I publicize my new crypto program?" + - "I have designed a crypting program, that I think is + unbreakable. I challenge anyone who is interested to get + in touch with me, and decrypt an encrypted massage." + + "With highest regards, + Babak Sehari." [Babak Sehari, sci.crypt, 6-19-94] + + 2.4.25. "Ask Emily Post Crypt" + + my variation on "Ask Emily Postnews" + - for those that don't know, a scathing critique of + clueless postings + + "I just invented a new cipher. Here's a sample. Bet you + can't break it!" + - By all means post your encrypted junk. We who have + nothing better to do with our time than respond will be + more than happy to spend hours running your stuff through + our codebreaking Crays! + - Be sure to include a sample of encrypted text, to make + yourself appear even more clueless. + + "I have a cypher I just invented...where should I post it?" + + "One of the very most basic errors of making ciphers is + simply to add + - layer upon layer of obfuscation and make a cipher which + is nice and + - "complex". Read Knuth on making random number + generators for the + - folly in this kind of approach. " + + "Ciphers carry the presumption of guilt, not innocence. + Ciphers + - designed by amateurs invariably fail under scrutiny by + experts. This + - sociological fact (well borne out) is where the + presumption of + - insecurity arises. This is not ignorance, to assume + that this will + - change. The burden of proof is on the claimer of + security, not upon + - the codebreaker. + + "I've just gotten very upset at something--should I vent my + anger on the mailing list?" + - By all means! If you're fed up doing your taxes, or just + read something in the newspaper that really angered you, + definitely send an angry message out to the 700 or so + readers and help make _them_ angry! + - Find a bogus link to crypto or privacy issues to make it + seem more relevant. + 2.4.26. "What are some main Cypherpunks projects?" + + remailers + + better remailers, more advanced features + - digital postage + - padding, batching/latency + - agent features + - more of them + - offshore (10 sites in 5 countries, as a minimum) + - tools, services + - digital cash in better forms + - + 2.4.27. "What about sublists, to reduce the volume on the main list." + - There are already half a dozen sub-lists, devoted to + planning meetings, to building hardware, and to exploring + DC-Nets. There's one for remailer operators, or there used + to be. There are also lists devoted to similar topics as + Cypherpunks, including Robin Hanson's "AltInst" list + (Alternative Institutions), Nick Szabo's "libtech-l" list, + the "IMP-Interest" (Internet Mercantile Protocols) list, + and so on. Most are very low volume. + + That few folks have heard of any of them, and that traffic + volumes are extremely low, or zero, is not all that + surprising, and matches experiences elsewhere. Several + reasons: + - Sublists are a bother to remember; most people forget + they exist, and don't think to post to them. (This + "forgetting" is one of the most interesting aspects of + cyberspace; successful lists seem to be Schelling points + that accrete even more members, while unsuccessful lists + fade away into nothingness.) + - There's a natural desire to see one's words in the larger + of two forums, so people tend to post to the main list. + - The sublists were sometimes formed in a burst of + exuberance over some topic, which then faded. + - Topics often span several subinterest areas, so posting + to the main list is better than copying all the relevant + sublists. + - In any case, the Cypherpunks main list is "it," for now, + and has driven other lists effectively out of business. A + kind of Gresham's Law. + + 2.5. Crypto + 2.5.1. "Why is crypto so important?" + + The three elements that are central to our modern view of + liberty and privacy (a la Diffie) + - protecting things against theft + - proving who we say we are + - expecting privacy in our conversations and writings + - Although there is no explicit "right of privacy" enumerated + in the U.S. Constitution, the assumption that an individual + is to be secure in his papers, home, etc., absent a valid + warrant, is central. (There has never been a ruling or law + that persons have to speak in a language that is + understandable by eavesdroppers, wiretappers, etc., nor has + there ever been a rule banning private use of encrption. I + mention this to remind readers of the long history of + crypto freedom.) + - "Information, technology and control of both _is_ power. + *Anonymous* telecommunications has the potential to be the + greatest equalizer in history. Bringing this power to as + many as possible will forever change the discourse of power + in this country (and the world)." [Matthew J Miszewski, ACT + NOW!, 1993-03-06] + 2.5.2. "Who uses cryptography?" + - Everybody, in one form or another. We see crypto all around + us...the keys in our pockets, the signatures on our + driver's licenses and other cards, the photo IDs, the + credit cards. Lock combinations, door keys, PIN numbers, + etc. All are part of crypto (although most might call this + "security" and not a very mathematical thing, as + cryptography is usually thought to be). + - Whitticism: "those who regularly + conspire to participate in the political process are + already encrypting." [Whit Diffie] + 2.5.3. "Who needs crypto? What have they got to hide?" + + honest people need crypto because there are dishonest + people + - and there may be other needs for privacy + - There are many reasons why people need privacy, the ability + to keep some things secret. Financial, personal, + psychological, social, and many other reasons. + - Privacy in their papers, in their diaries, in their pesonal + lives. In their financial choices, their investments, etc. + (The IRS and tax authorities in other countries claim to + have a right to see private records, and so far the courts + have backed them up. I disagree.) + - people encrypt for the same reason they close and lock + their doors + - Privacy in its most basic forms + 2.5.4. "I'm new to crypto--where should I start?" + - books...Schneier + - soda + - sci.crypt + - talk.politics.crypto + - FAQs other than this one + 2.5.5. "Do I need to study cryptography and number theory to make a + contribution?" + - Absolutely not! Most cryptographers and mathematicians are + so busy doing their thing that they little time or interest + for political and entrepreneurial activities. + Specialization is for insects and researchers, as someone's + .sig says. + - Many areas are ripe for contribution. Modularization of + functions means people can concentrate in other areas, + just as writers don't have to learn how to set type, or cut + quill pens, or mix inks. + - Nonspecialists should treat most established ciphers as + "black boxes" that work as advertised. (I'm not saying they + do, just that analysis of them is best left to experts...a + little skepticism may not hurt, though). + 2.5.6. "How does public key cryptography work, simply put?" + - Plenty of articles and textbooks describe this, in ever- + increasing detail (they start out with the basics, then get + to the juicy stuff). + + I did find a simple explanation, with "toy numbers," from + Matthew Ghio: + - "You pick two prime numbers; for example 5 and 7. + Multiply them together, equals 35. Now you calculate the + product of one less than each number, plus one. (5-1)(7- + 1)+1=21. There is a mathematical relationship that says + that x = x^21 mod 35 for any x from 0 to 34. Now you + factor 21, yeilds 3 and 7. + + "You pick one of those numbers to be your private key and + the other one is your public key. So you have: + Public key: 3 + Private key: 7 + + "Someone encrypts a message for you by taking plaintext + message m to make ciphertext message c: c=m^3 mod 35 + + "You decrypt c and find m using your private key: m=c^7 + mod 35 + + "If the numbers are several hundred digits long (as in + PGP), it is nearly impossible to guess the secret key." + [Matthew Ghio, alt.anonymous, 1994-09-03] + - (There's a math error here...exercise left for the + student.) + 2.5.7. "I'm a newcomer to this stuff...how should I get started?" + - Start by reading some of the material cited. Don't worry + too much about understanding it all. + - Follow the list. + - Find an area that interests you and concentrate on that. + There is no reason why privacy advocates need to understand + Diffie-Hellman key exchange in detail! + + More Information + + Books + - Schneier + - Brassard + + Journals, etc + - Proceedings + - Journal of Cryptology + - Cryptologia + - Newsgroups + - ftp sites + 2.5.8. "Who are Alice and Bob?" + 2.5.9. "What is security through obscurity"? + - adding layers of confusion, indirection + - rarely is strong in a an infromation-theoretic or + cryptographic sense + - and may have "shortcuts" (like a knot that looks complex + but which falls open if approached the right way) + - encryption algorithms often hidden, sites hidden + - Make no mistake about it, these approaches are often used. + And they can add a little to the overall security (using + file encyption programs like FolderBolt on top of PGP is an + example)... + 2.5.10. "Has DES been broken? And what about RSA?" + - DES: Brute-force search of the keyspace in chosen-plaintext + attacks is feeasible in around 2^47 keys, according to + Biham and Shamir. This is about 2^9 times easier than the + "raw" keyspace. Michael Wiener has estimated that a macine + of special chips could crack DES this way for a few + thousand dollars per key. The NSA may have such machines. + - In any case, DES was not expected to last this long by many + (and, in fact, the NSA and NIST proposed a phaseout some + years back, the "CCEP" (Commercial COMSEC Endorsement + Program), but it never caught on and seems forgotten today. + Clipper and EES seem to have grabbed the spotlight. + - IDEA, from Europe, is supposed to be much better. + - As for RSA, this is unlikely. Factoring is not yet proven + to be NP-co + 2.5.11. "Can the NSA Break Foo?" + - DES, RSA, IDEA, etc. + - Can the government break our ciphers? + 2.5.12. "Can brute-force methods break crypto systems?" + - depends on the system, the keyspace, the ancillary + information avialable, etc. + - processing power generally has been doubling every 12-18 + months (Moore's Law), so.... + - Skipjack is 80 bits, which is probably safe from brute + force attack for 2^24 = 1.68e7 times as long as DES is. + With Wiener's estimate of 3.5 hours to break DES, this + implies 6700 years using today's hardware. Assuming an + optimistic doubling of hardware power per year (for the + same cost), it will take 24 years before the hardware costs + of a brute force attack on Skipjack come down to what it + now costs to attack DES. Assuming no other weaknesses in + Skipjack. + - And note that intelligence agencies are able to spend much + more than what Wiener calculated (recall Norm Hardy's + description of Harvest) + 2.5.13. "Did the NSA know about public key ideas before Diffie and + Hellman?" + + much debate, and some sly and possibly misleading innuendo + - Simmons claimed he learned of PK in Gardner's column, and + he certainly should've been in a position to know + (weapons, Sandia) + - + + Inman has claimed that NSA had a P-K concept in 1966 + - fits with Dominik's point about sealed cryptosystem boxes + with no way to load new keys + - and consistent with NSA having essentially sole access to + nation's top mathematicians (until Diffies and Hellmans + foreswore government funding, as a result of the anti- + Pentagon feelings of the 70s) + 2.5.14. "Did the NSA know about public-key approaches before Diffie + and Hellman?" + - comes up a lot, with some in the NSA trying to slyly + suggest that _of course_ they knew about it... + - Simmons, etc. + - Bellovin comments (are good) + 2.5.15. "Can NSA crack RSA?" + - Probably not. + - Certainly not by "searching the keyspace," an idea that + pops up every few months . It can't be done. 1024-bit keys + implies roughly 512-bit primes, or 153-decimal digit + primes. There are more than 10^150 of them! And only about + 10^73 particles in the entire universe. + - Has the factoring problem been solved? Probably not. And it + probably won't be, in the sense that factoring is probably + in NP (though this has not been proved) and P is probably + not NP (also unproved, but very strongly suspected). While + there will be advances in factoring, it is extremely + unlikely (in the religious sense) that factoring a 300- + digit number will suddenly become "easy." + - Does the RSA leak information so as to make it easier to + crack than it is to factor the modulus? Suspected by some, + but basically unknown. I would bet against it. But more + iffy than the point above. + + "How strong is strong crypto?" + - Basically, stronger than any of the hokey "codes" so + beloved of thriller writers and movie producers. Modern + ciphers are not crackable by "telling the computer to run + through all the combinations" (more precisely, the number + of combinations greatly exceeds the number of atoms in + the universe). + 2.5.16. "Won't more powerful computers make ciphers breakable?" + + The effects of increasing computer power confer even + *greater* advantage to the cipher user than to the cipher + breaker. (Longer key lengths in RSA, for example, require + polynomially more time to use, but exponentially more time + to break, roughly speaking.) Stunningly, it is likely that + we are close to being able to use key lengths which cannot + be broken with all the computer power that will ever exist + in the universe. + + Analogous to impenetrable force fields protecting the + data, with more energy required to "punch through" than + exists in the universe + - Vernor Vinge's "bobbles," in "The Peace War." + - Here I am assuming that no short cuts to factoring + exist...this is unproven, but suspected. (No major + shortcuts, i.e., factoring is not "easy.") + + A modulus of thousands of decimal digits may require more + total "energy" to factor, using foreseeable approaches, + than is available + - reversible computation may help, but I suspect not much + - Shor's quantum-mechanical approach is completely + untested...and may not scale well (e.g., it may be + marginally possible to get the measurement precision to + use this method for, say, 100-digit numbers, but + utterly impossible to get it for 120-digit numbers, let + alone 1000-digit numbers) + 2.5.17. "Will strong crypto help racists?" + - Yes, this is a consequence of having secure virtual + communities. Free speech tends to work that way! + - The Aryan Nation can use crypto to collect and disseminate + information, even into "controlled" nations like Germany + that ban groups like Aryan Nation. + - Of course, "on the Internet no one knows you're a dog," so + overt racism based on superficial external characteristics + is correspondingly harder to pull off. + - But strong crypto will enable and empower groups who have + different beliefs than the local majority, and will allow + them to bypass regional laws. + 2.5.18. Working on new ciphers--why it's not a Cypherpunks priority + (as I see it) + - It's an issue of allocation of resources. ("All crypto is + economics." E. Hughes) Much work has gone into cipher + design, and the world seems to have several stable, robust + ciphers to choose from. Any additional work by crypto + amateurs--which most of us are, relative to professional + mathematicians and cipher designers--is unlikely to move + things forward significantly. Yes, it could happen...but + it's not likely. + + Whereas there are areas where professional cryptologists + have done very little: + - PGP (note that PRZ did *not* take time out to try to + invent his own ciphers, at least not for Version + 2.0)...he concentrated on where his efforts would have + the best payoff + - implementation of remailers + - issues involving shells and other tools for crypto use + - digital cash + - related issues, such as reputations, language design, + game theory, etc. + - These are the areas of "low-hanging fruit," the areas where + the greatest bang for the buck lies, to mix some metaphors + (grapeshot?). + 2.5.19. "Are there any unbreakable ciphers?" + - One time pads are of course information-theoretically + secure, i.e., unbreakable by computer power. + + For conventional ciphers, including public key ciphers, + some ciphers may not be breakable in _our_ universe, in any + amount of time. The logic goes as follows: + - Our universe presumably has some finite number of + particles (currently estimated to be 10^73 particles). + This leads to the "even if every particle were a Cray Y- + MP it would take..." sorts of thought experiments. + + But I am considering _energy_ here. Ignoring reversible + computation for the moment, computations dissipate energy + (some disagree with this point). There is some uppper + limit on how many basic computations could ever be done + with the amount of free energy in the universe. (A rough + calculation could be done by calculating the energy + output of stars, stuff falling into black holes, etc., + and then assuming about kT per logical operation. This + should be accurate to within a few orders of magnitude.) + I haven't done this calculation, and won't here, but the + result would likely be something along the lines of X + joules of energy that could be harnessed for computation, + resulting in Y basic primitive computational steps. + + I can then find a modulus of 3000 digits or 5000 digits, + or whatever, that takes *more* than this number of steps + to factor. Therefore, unbreakable in our universe. + - Caveats: + + 1. Maybe there are really shortcuts to factoring. Certainly + improvements in factoring methods will continue. (But of + course these improvements are not things that convert + factoring into a less than exponential-in-length + problem...that is, factoring appears to remain "hard.") + + 2. Maybe reversible computations (a la Landauer, Bennett, + et. al.) actually work. Maybe this means a "factoring + machine" can be built which takes a fixed, or very slowly + growing, amount of energy. In this case, "forever" means + Lefty is probably right. + + 3. Maybe the quantum-mechanical idea of Peter Shor is + possible. (I doubt it, for various reasons.) + + 2.5.20. "How safe is RSA?" "How safe is PGP?" "I heard that PGP has + bugs?" + - This cloud of questions is surely the most common sort that + appears in sci.crypt. It sometimes gets no answers, + sometimes gets a rude answer, and only occasionally does it + lead to a fruiful discussion. + - The simple anwer: These ciphers appear to be safe, to have + no obvious flaws. + - More details can be found in various question elsewhere in + this FAQ and in the various FAQs and references others have + published. + 2.5.21. "How long does encryption have to be good for?" + - This obviously depends on what you're encrypting. Some + things need only be safe for short periods of time, e.g., a + few years or even less. Other things may come back to haunt + you--or get you thrown in prison--many years later. I can + imagine secrets that have to be kept for many decades, even + centuries (for example, one may fear one's descendents will + pay the price for a secret revealed). + - It is useful to think _now_ about the computer power likely + to be available in the year 2050, when many of you reading + this will still be around. (I'm _not_ arguing that + parallelism, etc., will cause RSA to fall, only that some + key lengths (e.g., 512-bit) may fall by then. Better be + safe and use 1024 bits or even more. Increased computer + power makes longer keys feasible, too.). + + 2.6. PGP + 2.6.1. There's a truly vast amount of information out there on PGP, + from current versions, to sites, to keyserver issues, and so + on. There are also several good FAQs on PGP, on MacPGP, and + probably on nearly every major version of PGP. I don't expect + to compete here with these more specialized FAQs. + - I'm also not a PGP expert, using it only for sending and + receiving mail, and rarely doing much more with it. + - The various tools, for all major platforms, are a specialty + unto themselves. + 2.6.2. "Where do I get PGP?" + 2.6.3. "Where can I find PGP?" + - Wait around for several days and a post will come by which + gives some pointers. + - Here are some sites current at this writing: (watch out for + changes) + 2.6.4. "Is PGP secure? I heard someone had...." + - periodic reports, urban legend, that PGP has been + compromised, that Phil Z. has been "persuaded" to.... + + implausible for several reasons + - Phil Z no longer controls the source code by himself + - the source code is available and can be inspected...would + be very difficult to slip in major back doors that would + not be apparent in the source code + - Phil has denied this, and the rumors appear to come from + idle speculation + + But can PGP be broken? + - has not been tested independently in a thorough, + cryptanalytic way, yet (opinion of tcmay) + - NSA isn't saying + + Areas for attack + + IDEA + - some are saying doubling of the number of rounds + should be donee + - the random number generators...Colin Plumb's admission + 2.6.5. "Should I use PGP and other crypto on my company's + workstations?" + - machines owned by corporations and universities, usually on + networks, are generally not secure (that is, they may be + compromised in various ways) + - ironically, most of the folks who sign all their messages, + who use a lot of encryption, are on just such machines + - PCs and Macs and other nonnetworked machines are more + secure, but are harder to use PGP on (as of 1994) + - these are generalizations--there are insecure PCs and + secure workstations + 2.6.6. "I just got PGP--should I use it for all my mail?" + - No! Many people cannot easily use PGP, so if you wish to + communicate with them, don't encrypt everything. Use + encryption where it matters. + - If you just want more people to use encryption, help with + the projects to better integrate crypto into existing + mailers. + 2.6.7. NSA is apparently worried about PGP, worried about the spread + of PGP to other countries, and worried about the growth of + "internal communities" that communicate via "black pipes" or + "encrypted tunnels" that are impenetrable to them. + + 2.7. Clipper + 2.7.1. "How can the government do this?" + - incredulity that bans, censorship, etc. are legal + + several ways these things happen + - not tested in the courts + - wartime regulations + + conflicting interpretations + - e.g., "general welfare" clause used to justify + restrictions on speech, freedom of association, etc. + + whenever public money or facilities used (as with + churches forced to hire Satanists) + - and in this increasingly interconnnected world, it is + sometimes very hard to avoid overlap with public + funding, facilities, etc. + 2.7.2. "Why don't Cypherpunks develop their won competing encryption + chip?" + + Many reasons not to: + - cost + - focus + - expertise + - hard to sell such a competing standard + - better to let market as a whole make these choices + 2.7.3. "Why is crypto so frightening to governments?" + + It takes away the state's power to snoop, to wiretap, to + eavesdrop, to control + - Priestly confessionals were a major way the Church kept + tabs on the locals...a worldwide, grassroots system of + ecclesiastical narcs + + Crypto has high leverage + + Unlike direct assaults with bombs, HERF and EMP attacks, + sabotage, etc, crypto is self-spreading...a bootstrap + technology + - people use it, give it to others, put it on networks + - others use it for their own purposes + - a cascade effect, growing geometrically + - and undermining confidence in governments, allowing the + spread of multiple points of view (especially + unapproved views) + 2.7.4. "I've just joined the list and am wondering why I don't see + more debate about Clipper?" + - Understand that people rarely write essays in response to + questions like "Why is Clipper bad?" For most of us, + mandatory key escrow is axiomatically bad; no debate is + needed. + - Clipper was thoroughly trashed by nearly everyone within + hours and days of its announcement, April 16, 1993. + Hundreds of articles and editorials have condemned it. + Cyperpunks currently has no active supporters of mandatory + key escrow, from all indications, so there is nothing to + debate. + + 2.8. Other Ciphers and Crypto Products + + 2.9. Remailers and Anonymity + 2.9.1. "What are remailers?" + 2.9.2. "How do remailers work?" (a vast number of postings have + dealt with this) + - The best way to understand them is to "just do it," that + is, send a few remailed message to yourself, to see how the + syntax works. Instructions are widely available--some are + cited here, and up to date instructions will appear in the + usual Usenet groups. + - The simple view: Text messages are placed in envelopes and + sent to a site that has agreed to remail them based on the + instructions it finds. Encryption is not necessary--though + it is of course recommended. These "messages in bottles" + are passed from site to site and ultimately to the intended + final recipient. + - The message is pure text, with instructions contained _in + the text_ itself (this was a fortuitous choice of standard + by Eric Hughes, in 1992, as it allowed chaining, + independence from particular mail systems, etc.). + - A message will be something like this: + + :: + Request-Remailing-To: remailer@bar.baz + + Body of text, etc., etc. (Which could be more remailing + instructions, digital postage, etc.) + + + - These nested messages make no assumptions about the type of + mailer being used, so long as it can handle straight ASCII + text, which all mailers can of course. Each mail message + then acts as a kind of "agent," carrying instructions on + where it should be mailed next, and perhaps other things + (like delays, padding, postage, etc.) + - It's very important to note that any given remailer cannot + see the contents of the envelopes he is remailing, provided + encryption is used. (The orginal sender picks a desired + trajectory through the labyrinth of remailers, encrypts in + the appropriate sequence (last is innermost, then next to + last, etc.), and then the remailers sequentially decrypt + the outer envelopes as they get them. Envelopes within + envelopes.) + 2.9.3. "Can't remailers be used to harass people?" + - Sure, so can free speech, anonymous physical mail ("poison + pen letters"), etc. + - With e-mail, people can screen their mail, use filters, + ignore words they don't like, etc. Lots of options. "Sticks + and stones" and all that stuff we learned in Kindergarten + (well, I'm never sure what the the Gen Xers learned....). + - Extortion is made somewhat easier by anonymous mailers, but + extortion threats can be made in other ways, such as via + physical mail, or from payphones, etc. + - Physical actions, threats, etc. are another matter. Not the + domain of crypto, per se. + + 2.10. Surveillance and Privacy + 2.10.1. "Does the NSA monitor this list?" + - Probably. We've been visible enough, and there are many + avenues for monitoring or even subscribing to the List. + Many aliases, many points of presence. + - some concerns that Cypherpunks list has been infiltrated + and is a "round up list" + - There have even been anonymous messages purporting to name + likely CIA, DIA, and NSA spooks. ("Be aware.") + - Remember, the list of subscribers is _not_ a secret--it can + be gotten by sending a "who cypherpunks" message to + majordomo@toad.com. Anyone in the world can do this. + 2.10.2. "Is this list illegal?" + - Depends on the country. In the U.S., there are very strong + protections against "prior restraint" for published + material, so the list is fairly well -protected....shutting + it down would create a First Amendment case of major + importance. Which is unlikely. Conspiracy and sedition laws + are more complex to analyze; there are no indications that + material here or on the list is illegal. + - Advocacy of illegal acts (subversion of export laws, + espionage, etc.) is generally legal. Even advocating the + overthrow of the government. + - The situation in other countries is different. Some + countries ban unapproved encryption, so this list is + suspect. + - Practically speaking, anyone reading this list is probably + in a place which either makes no attempt to control + encryption or is unable to monitor what crosses its + borders. + 2.10.3. "Can keystrokes really be monitored remotely? How likely is + this?" + - Yes. Van Eck, RF, monitors, easy (it is claimed) to build + this + - How likely? Depends on who you are. Ames, the KGB spy, was + probably monitored near the end, but I doubt many of us + are. The costs are simply too high...the vans outside, the + personnel needed, etc. + - the real hazards involve making it "easy" and "almost + automatic" for such monitoring, such as with Clipper and + EES. Then they essentially just flip a switch and the + monitoring happens...no muss, no fuss. + 2.10.4. "Wouldn't some crimes be stopped if the government could + monitor what it wanted to?" + - Sure. This is an old story. Some criminals would be caught + if their diaries could be examined. Television cameras in + all homes would reduce crimes of .... (Are you listening, + Winston?). + - Orwell, fascism, surveillance states, what have you got to + hide, etc. + + 2.11. Legal + 2.11.1. "Can encryption be banned?" + - ham operators, shortwave + - il gelepal, looi to waptime aolditolq + + how is this any different from requiring speech in some + language? + - Navaho code talkers of WW2,,,,modern parallel + 2.11.2. "Will the government try to ban encryption?" + - This is of course the major concern most of us have about + Clipper and the Escrowed Encryption Standard in general. + Even if we think the banning of crypto will ultimately be a + failure ("worse than Prohibition," someone has said), such + a ban could make things very uncomfortable for many and + would be a serious abridgement of basic liberties. + - We don't know, but we fear something along these lines. It + will be difficult to enforce such a ban, as so many avenues + for communication exist, and encrypted messages may be hard + to detect. + - Their goal, however, may be _control_ and the chilling + effect that using "civil forfeiture" may have on potential + crypto users. Like the drug laws. (Whit Diffie was the + first to emphasize this motivation.) + 2.11.3. "How could encryption be banned?" + - most likely way: restrictions on networks, a la airwaves or + postal service + - could cite various needs, but absent a mechanism as above, + hard to do + - an outright ban, enforced with civil forfeiture penalties + - wartime sorts of policies (crypto treated as sedition, + treason...some high-profile prison sentences) + - scenario posted by Sandfort? + 2.11.4. "What's the situation about export of crypto?" + + There's been much debate about this, with the case of Phil + Zimmermann possibly being an important test case, should + charges be filed. + - as of 1994-09, the Grand Jury in San Jose has not said + anything (it's been about 7-9 months since they started + on this issue) + - Dan Bernstein has argued that ITAR covers nearly all + aspects of exporting crypto material, including codes, + documentation, and even "knowledge." (Controversially, it + may be in violation of ITAR for knowledgeable crypto people + to even leave the country with the intention of developing + crypto tools overseas.) + - The various distributions of PGP that have occurred via + anonymous ftp sources don't imply that ITAR is not being + enforced, or won't be in the future. + 2.11.5. "What's the legal status of digital signatures?" + - Not yet tested in court. Ditto for most crypto protocols, + including digital timestamping, electronic contracts, + issues of lost keys, etc. + 2.11.6. "Can't I just claim I forgot my password?" + 2.11.7. "Is it dangerous to talk openly about these ideas?" + - Depends on your country. In some countries, perhaps no. In + the U.S., there's not much they can do (though folks should + be aware that the Cypherpunks have received a lot of + attention by the media and by policy makers, and so a vocal + presence on this list very likely puts one on a list of + crypto trouble makers). + - Some companies may also feel views expressed here are not + consistent with their corporate policies. Your mileage may + vary. + - Sedition and treason laws are not likely to be applicable. + - some Cypherpunks think so + - Others of us take the First Amendment pretty seriously: + that _all_ talk is permissable + - NSA agents threatened to have Jim Bidzos killed + 2.11.8. "Does possession of a key mean possession of *identity*?" + - If I get your key, am I you? + - Certainly not outside the context of the cryptographic + transaction. But within the context of a transaction, yes. + Additional safeguards/speedbumps can be inserted (such as + biometric credentials, additional passphrases, etc.), but + these are essentially part of the "key," so the basic + answer remains "yes." (There are periodically concerns + raised about this, citing the dangers of having all + identity tied to a single credential, or number, or key. + Well, there are ways to handle this, such as by adopting + protocols that limit one's exposure, that limits the amount + of money that can be withdrawn, etc. Or people can adopt + protocols that require additional security, time delays, + countersigning, etc.) + + This may be tested in court soon enough, but the answer for + many contracts and crypto transactions will be that + possession of key = possession of identity. Even a court + test may mean little, for the types of transactions I + expect to see. + - That is, in anonymous systems, "who ya gonna sue?" + - So, guard your key. + + 2.12. Digital Cash + 2.12.1. "What is digital money?" + 2.12.2. "What are the main uses of strong crypto for business and + economic transactions?" + - Secure communications. Ensuring privacy of transaction + records (avoiding eavesdroppes, competitors) + - Digital signatures on contracts (will someday be standard) + - Digital cash. + - Reputations. + - Data Havens. That bypass local laws about what can be + stored and what can't (e.g., silly rules on how far back + credit records can go). + 2.12.3. "What are smart cards and how are they used?" + + Most smart cards as they now exist are very far from being + the anonymous digital cash of primary interest to us. In + fact, most of them are just glorified credit cards. + - with no gain to consumers, since consumes typically don't + pay for losses by fraud + - (so to entice consumes, will they offer inducements?) + - Can be either small computers, typically credit-card-sized, + or just cards that control access via local computers. + + Tamper-resistant modules, e.g., if tampered with, they + destroy the important data or at the least give evidence of + having been tampered with. + + Security of manufacturing + - some variant of "cut-and-choose" inspection of + premises + + Uses of smart cards + - conventional credit card uses + - bill payment + - postage + - bridge and road tolls + - payments for items received electronically (not + necessarily anonymously) + + 2.13. Crypto Anarchy + 2.13.1. "What is Crypto Anarchy?" + - Some of us believe various forms of strong cryptography + will cause the power of the state to decline, perhaps even + collapse fairly abruptly. We believe the expansion into + cyberspace, with secure communications, digital money, + anonymity and pseudonymity, and other crypto-mediated + interactions, will profoundly change the nature of + economies and social interactions. + + Governments will have a hard time collecting taxes, + regulating the behavior of individuals and corporations + (small ones at least), and generally coercing folks when it + can't even tell what _continent_ folks are on! + + Read Vinge's "True Names" and Card's "Ender's Game" for + some fictional inspirations. "Galt's Gulch" in cyberspace, + what the Net is rapidly becoming already. + + I call this set of ideas "crypto anarchy" (or "crypto- + anarchy," as you wish) and have written about this + extensively. The magazines "Wired" (issue 1.2), "Whole + Earth Review" (Summer, 1993), and "The Village Voice" (Aug. + 6th, 1993) have all carried good articles on this. + 2.13.2. The Crypto Anarchist Manifesto + - a complete copy of my 1988 pastiche of the Communisto + Manifesto is included in the chapter on Crypto Anarchy. + - it needs rewriting, but for historical sake I've left it + unchanged. + - I'm proud that so much of it remains accurate. + 2.13.3. "What is BlackNet?" + - BlackNet -- an experiment in information markets, using + anonymous message pools for exchange of instructions and + items. Tim May's experiment in guerilla ontology. + - BlackNet -- an experimental scheme devised by T. May to + underscore the nature of anonymous information markets. + "Any and all" secrets can be offered for sale via anonymous + mailers and message pools. The experiment was leaked via + remailer to the Cypherpunks list (not by May) and thence to + several dozen Usenet groups by Detweiler. The authorities + are said to be investigating it. + 2.13.4. "What effect will crypto have on governments?" + - A huge topic, one I've been thinking about since late 1987 + when it dawned on me that public key crypto and anonymous + digital cash systems, information markets, etc. meant the + end of governments as we know them. (I called this + development "crypto anarchy." Not everyone is a fan of it. + But it's coming, and fast.) + - "Putting the NSA out of business," as the NYT article put + it + - Espionage is changing. To pick one example, "digital dead + drops." Any message can be sent through an untraceable path + with remailers....and then posted in encrypted form in a + newsgroup readable in most countries, including the Former + Soviet Union. This means the old stand by of the microfilm + in a Coke can left by a certain tree on a rural road--a + method fraught with delays, dangers, and hassles--is now + passe. The same message can be send from the comfort of + one's home securely and untraceably. Even with a a digital + signature to prevent spoofing and disinformation. This spy + can be a Lockheed worker on the Aurora program, a SIGINT + officer at Woomera, or a disgruntled chip designer at + Motorola. (Yes, a countermeasure is to limit access to + personal computers, to run only standard software that has + no such crypto capability. Such embargoes may already apply + to some in sensitive positions, and may someday be a + condition of employment.) + - Money-laundering + - Tax collection. International consultants. Perpetual + tourists. Virtual corporations. + - Terrorism, assassination, crime, Triads, Yakuza, Jamaicans, + Russian Mafia...virtual networks... Aryan Nation gone + digital + 2.13.5. "How quickly could something like crypto anarchy come?" + - Parts of it are happening already, though the changes in + the world are not something I take any credit for. Rather, + there are ongoing changes in the role of nations, of power, + and of the ability to coerce behaviors. When people can + drop out of systems they don't like, can move to different + legal or tax jurisdictions, then things change. + + But a phase change could occur quickly, just as the Berlin + Wall was impregnable one day, and down the next. + - "Public anger grows quietly and explodes suddenly. T.C. + May's "phase change" may be closer than we think. Nobody + in Russia in 1985 really thought the country would fall + apart in 6 years." [Mike Ingle, 1994-01-01] + 2.13.6. "Could strong crypto be used for sick and disgusting and + dangerous purposes?" + - Of course. So can locked doors, but we don't insist on an + "open door policy" (outside of certain quaint sorority and + rooming houses!) So do many forms of privacy allow + plotters, molestors, racists, etc. to meet and plot. + - Crypto is in use by the Aryan Nation, by both pro- and anti- + abortion groups, and probably by other kinds of terrorists. + Expect more uses in the future, as things like PGP continue + to spread. + - Many of us are explicity anti-democratic, and hope to use + encryption to undermine the so-called democratic + governments of the world + 2.13.7. "What is the Dining Cryptographers Problem, and why is it so + important?" + + This is dealt with in the main section, but here's David + Chaum's Abstract, from his 1988 paper" + - Abstract: "Keeping confidential who sends which messages, + in a world where any physical transmission can be traced + to its origin, seems impossible. The solution presented + here is unconditionally or cryptographically secure, + depending on whether it is based on one-time-use keys or + on public keys. respectively. It can be adapted to + address efficiently a wide variety of practical + considerations." ["The Dining Cryptographers Problem: + Unconditional Sender and Recipient Untraceability," David + Chaum, Journal of Cryptology, I, 1, 1988.] + - + - DC-nets have yet to be implemented, so far as I know, but + they represent a "purer" version of the physical remailers + we are all so familiar with now. Someday they'll have have + a major impact. (I'm a bigger fan of this work than many + seem to be, as there is little discussion in sci.crypt and + the like.) + 2.13.8. "Why won't government simply ban such encryption methods?" + + This has always been the Number One Issue! + - raised by Stiegler, Drexler, Salin, and several others + (and in fact raised by some as an objection to my even + discussing these issues, namely, that action may then be + taken to head off the world I describe) + + Types of Bans on Encryption and Secrecy + - Ban on Private Use of Encryption + - Ban on Store-and-Forward Nodes + - Ban on Tokens and ZKIPS Authentication + - Requirement for public disclosure of all transactions + + Recent news (3-6-92, same day as Michaelangelo and + Lawnmower Man) that government is proposing a surcharge + on telcos and long distance services to pay for new + equipment needed to tap phones! + - S.266 and related bills + - this was argued in terms of stopping drug dealers and + other criminals + - but how does the government intend to deal with the + various forms fo end-user encryption or "confusion" + (the confusion that will come from compression, + packetizing, simple file encryption, etc.) + + Types of Arguments Against Such Bans + - The "Constitutional Rights" Arguments + + The "It's Too Late" Arguments + - PCs are already widely scattered, running dozens of + compression and encryption programs...it is far too + late to insist on "in the clear" broadcasts, whatever + those may be (is program code distinguishable from + encrypted messages? No.) + - encrypted faxes, modem scramblers (albeit with some + restrictions) + - wireless LANs, packets, radio, IR, compressed text and + images, etc....all will defeat any efforts short of + police state intervention (which may still happen) + + The "Feud Within the NSA" Arguments + - COMSEC vs. PROD + + Will affect the privacy rights of corporations + - and there is much evidence that corporations are in + fact being spied upon, by foreign governments, by the + NSA, etc. + + They Will Try to Ban Such Encryption Techniques + + Stings (perhaps using viruses and logic bombs) + - or "barium," to trace the code + + Legal liability for companies that allow employees to use + such methods + - perhaps even in their own time, via the assumption that + employees who use illegal software methods in their own + time are perhaps couriers or agents for their + corporations (a tenuous point) + 2.13.9. "Could anonymous markets facilitate repugnant services, such + as killings for hire?" + - Yes, though there are some things which will help lessen + the full impact. + - To make this brutally concrete, here's how escrow makes + murder contracts much safer than they are today to + negotiate. Instead of one party being caught in an FBI + sting, as is so often the case when amateurs try to arrange + hits, they can use an escrow service to insulate themselves + from: + + 1. From being traced, because the exchanges are handled via + pseudonyms + + 2. From the killer taking the money and then not performing + the hit, because the escrow agent holds the money until the + murder is verified (according to some prototocol, such a + newspaper report...again, an area for more work, + thankfully). + + 3. From being arrested when the money is picked up, as this + is all done via digital cash. + + There are some ways to reduce the popularity of this + Murder, Incorporated system. (Things I've been thinking + about for about 6 years, and which we discussed on the + Cypherpunks list and on the Extropians list.) + + 2.14. Miscellaneous + 2.14.1. "Why can't people just agree on an approach?" + - "Why can't everyone just support my proposal?" + - "I've proposed a new cipher, but nobody's interested...you + Cypherpunks just never _do_ anything!" + - This is one of the most consistently divisive issues on the + list. Often a person will become enamored of some approach, + will write posts exhorting others to become similarly + enamored, urging others to "do something!," and will then, + when no interest is evidenced, become irate. To be more + concrete, this happens most often with various and sundry + proposals for "digital money." A close second is for + various types of "Cypherpunks activism," with proposals + that we get together and collect a few million dollars to + run Ross Perot-type advertisements urging people to use + PGP, with calls for a "Cypherpunks radio show," and so on. + (Nothing wrong with people doing these things, I suppose. + The problem lies in the exhortation of _others_ to do these + things.) + - This collective action is always hard to achieve, and + rightly so, in my opinion. Emergent behavior is more + natural, and more efficient. And hence better. + + the nature of markets, agents, different agendas and goals + - real standards and markets evolve + - sometimes because of a compelling exemplar (the Walkman, + PGP), sometimes because of hard work by standards + committees (NTSC, electric sockets, etc.) + - but almost never by simple appeals to correctness or + ideological rightness + 2.14.2. "What are some of the practical limits on the deployment of + crypto, especially things like digital cash and remailers?" + + Lack of reliable services + - Nodes go down, students go home for the summer, downtime + for various reasons + - Lack of robustness + 2.14.3. "Is crypto dominated by mistrust? I get the impression that + everything is predicated on mutual mistrust." + - We lock our doors...does this mean we are lacking in trust? + No, it means we understand there are _some_ out there who + will exploit unlocked doors. Ditto for the crypto world. + - "Trust, but verify," as Ronald Reagan used to say. Mutual + mistrust can actually make for a more trustworthy + environment, paradoxical as that may sound. "Even paranoids + have enemies." + - The danger in a trusting environment that lacks other + mechanisms is that "predators" or "defectors" (in game- + theoretic terms) can exploit this trusting environment. + Confidence games, scams, renegging on deals, and even + outright theft. + - Crypto offers the opportunity for "mutually suspicious + agents" to interact without explicit "trust." + 2.14.4. "Who is Detweiler?" + + S. Boxx, an12070, ldxxyyy, Pablo Escobar, Hitler, Linda + Lollipop, Clew Lance Simpleton, tmp@netcom.com, Jim + Riverman + - often with my sig block, or variants of it, attached + - even my phone number + - he lost his ColoState account for such tactics... + - electrocrisy + - cypherwonks + 2.14.5. "Who is Sternlight?" + - A retired policy analyst who is often contentious in Usenet + groups and supportive of government policies on crypto + policy. Not nearly as bad as Detweiler. + + 2.15. More Information and References + 2.15.1. "Where can I find more information?" + - Well, this is a start. Also, lots of other FAQs and Mosaic + home pages (URLs) exist, encompassing a vast amount of + knowledge. + - As long as this FAQ is, it can only scratch the surface on + many topics. (I'm especially amused when someone says + they've looked for a FAQ on some obscure topic. No FAQ is + likely to answer all questions, especially obcure ones.) + - Many articles and papers are available at the + ftp.csua.berkeley.edu + site, in pub/cypherpunks. Look around there. The 1981 Chaum + paper on untraceabel e-mail is not (too many equations for + easy scanning), but the 1988 paper on Dining Cryptographers + Nets is. (I laboriously scanned it and OCRed it, back when + I used to have the energy to do such thankless tasks.) + + Some basic sources: + + Sci.crypt FAQ, published regularly, Also available by + anonymous ftp at rtfm.mit.edu. And in various URLs, + including: + - URLs for sci.crypt FAQ: xxxxxx + - RSA Data Security Inc. FAQ + - Bruce Schneier's "Applied Cryptography" book, 1993. Every + reader of this list should get this book! + - The "online generation" tends to want all material online, + I know, but most of the good stuff is to be found in paper + form, in journals and books. This is likely to be the case + for many years to come, given the limitation of ASCII, the + lack of widespread standards (yes, I know about LaTex, + etc.), and the academic prestige associated with bound + journals and books. Fortunately, you can _all_ find + universit libraries within driving range. Take my advice: + if you do not spend at least an entire Saturday immersing + yourself in the crypto literature in the math section of a + large library, perusing the "Proceeedings of the Crypto + Conference" volumes, scanning the textbooks, then you have + a poor foundation for doing any crypto work. + 2.15.2. "Things are changing quickly. Not all of the addresses and + URLs given here are valid. And the software versions... How + do I get the latest information?" + - Yes, things are changing quickly. This document can't + possibly keep up with the rapid changes (nor can its + author!). + - Reading the various newsgroups is, as always, the best way + to hear what's happening on a day to day basis. Web pages, + gopher, archie, veronica, etc. should show the latest + versions of popular software packages. + 2.15.3. "FUQs: "Frequently Unanswered Questions"?" + - (more to be added) + - With 700 or more people on the Cypherpunks list (as of 94- + 09), it is inevitable that some FAQs will go unanswered + when newbies (or others) ask them. Sometimes the FUQs are + ignored because they're so stale, other times because to + answer them is to continue and unfruitful thread. + + "P = NP?" + - Steve Smale has called this the most important new + unsolved problem of the past half-century. + - If P were (unexpectedly) proved to be NP + + Is RSA and factoring in NP? + - not yet proved + - factoring might be easier + - and RSA might be easier than factoring in general (e.g., + chosen- and known-plaintext may provide clues) + - "Will encryption be outlawed? What will happen?" + + "Is David Sternlight an NSA agent?" + - Seriously, David S. is probably what he claims: a retired + economist who was once very senior in government and + corporate policy circles. I have no reason to doubt him. + - He has views at odds with most of us, and a baiting style + of expressing his views, but this does not mean he is a + government agent as so many people claim. + - Not in the same class as Detweiler.