Update 06-The-Need-For-Strong-Crypto.md
This commit is contained in:
parent
07cefb06e8
commit
f8026176a1
|
@ -1,28 +1,29 @@
|
||||||
6. The Need For Strong Crypto
|
## 6.1 copyright
|
||||||
|
|
||||||
6.1. copyright
|
|
||||||
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
|
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
|
||||||
1994-09-10, Copyright Timothy C. May. All rights reserved.
|
1994-09-10, Copyright Timothy C. May. All rights reserved.
|
||||||
See the detailed disclaimer. Use short sections under "fair
|
See the detailed disclaimer. Use short sections under "fair
|
||||||
use" provisions, with appropriate credit, but don't put your
|
use" provisions, with appropriate credit, but don't put your
|
||||||
name on my words.
|
name on my words.
|
||||||
|
|
||||||
6.2. SUMMARY: The Need For Strong Crypto
|
## 6.2 - SUMMARY: The Need For Strong Crypto
|
||||||
6.2.1. Main Points
|
### 6.2.1. Main Points
|
||||||
- Strong crypto reclaims the power to decide for one's self,
|
- Strong crypto reclaims the power to decide for one's self,
|
||||||
to deny the "Censor" the power to choose what one reads,
|
to deny the "Censor" the power to choose what one reads,
|
||||||
watches, or listens to.
|
watches, or listens to.
|
||||||
6.2.2. Connections to Other Sections
|
|
||||||
6.2.3. Where to Find Additional Information
|
### 6.2.2. Connections to Other Sections
|
||||||
6.2.4. Miscellaneous Comments
|
|
||||||
|
### 6.2.3. Where to Find Additional Information
|
||||||
|
|
||||||
|
### 6.2.4. Miscellaneous Comments
|
||||||
- this section is short, but is less focussed than other
|
- this section is short, but is less focussed than other
|
||||||
sections; it is essentially a "transition" chapter.
|
sections; it is essentially a "transition" chapter.
|
||||||
|
|
||||||
6.3. General Uses of and Reasons for Crypto
|
## 6.3 - General Uses of and Reasons for Crypto
|
||||||
6.3.1. (see also the extensive listing of "Reasons for Anonymity,"
|
### 6.3.1. (see also the extensive listing of "Reasons for Anonymity,"
|
||||||
which makes many points about the need and uses for strong
|
which makes many points about the need and uses for strong
|
||||||
crypto)
|
crypto)
|
||||||
6.3.2. "Where is public key crypto really needed?"
|
### 6.3.2. "Where is public key crypto really needed?"
|
||||||
- "It is the case that there is relatively little need for
|
- "It is the case that there is relatively little need for
|
||||||
asymmetric key cryptography in small closed populations.
|
asymmetric key cryptography in small closed populations.
|
||||||
For example, the banks get along quite well without. The
|
For example, the banks get along quite well without. The
|
||||||
|
@ -43,7 +44,8 @@
|
||||||
- And of course public key crypto makes possible all the
|
- And of course public key crypto makes possible all the
|
||||||
other useful stuff like digital money, DC-Nets, zero
|
other useful stuff like digital money, DC-Nets, zero
|
||||||
knowledge proofs, secret sharing, etc.
|
knowledge proofs, secret sharing, etc.
|
||||||
6.3.3. "What are the main reasons to use cryptography?"
|
|
||||||
|
### 6.3.3. "What are the main reasons to use cryptography?"
|
||||||
- people encrypt for the same reason they close and lock
|
- people encrypt for the same reason they close and lock
|
||||||
their doors
|
their doors
|
||||||
+ Privacy in its most basic forms
|
+ Privacy in its most basic forms
|
||||||
|
@ -268,7 +270,8 @@
|
||||||
likely that in future years one will be able to purchase
|
likely that in future years one will be able to purchase
|
||||||
disks with "Usenet, 1985-1995" and so forth (or access,
|
disks with "Usenet, 1985-1995" and so forth (or access,
|
||||||
search, etc. online sites)
|
search, etc. online sites)
|
||||||
6.3.6. "Are there illegal uses of crypto?"
|
|
||||||
|
### 6.3.6. "Are there illegal uses of crypto?"
|
||||||
- Currently, there are no blanket laws in the U.S. about
|
- Currently, there are no blanket laws in the U.S. about
|
||||||
encryption.
|
encryption.
|
||||||
+ There are specific situations in which encryption cannot be
|
+ There are specific situations in which encryption cannot be
|
||||||
|
@ -281,7 +284,7 @@
|
||||||
- and even public key crypto was developed in a university
|
- and even public key crypto was developed in a university
|
||||||
(Stanford, then MIT)
|
(Stanford, then MIT)
|
||||||
|
|
||||||
6.4. Protection of Corporate and Financial Privacy
|
## 6.4 - Protection of Corporate and Financial Privacy
|
||||||
6.4.1. corporations are becoming increasingly concerned about
|
6.4.1. corporations are becoming increasingly concerned about
|
||||||
interception of important information-or even seemingly minor
|
interception of important information-or even seemingly minor
|
||||||
information-and about hackers and other intruders
|
information-and about hackers and other intruders
|
||||||
|
@ -295,7 +298,8 @@
|
||||||
- something like Lotus Notes may be a main substrate for the
|
- something like Lotus Notes may be a main substrate for the
|
||||||
effective introduction of crypto methods (ditto for
|
effective introduction of crypto methods (ditto for
|
||||||
hypertext)
|
hypertext)
|
||||||
6.4.2. Corporate Espionage (or "Business Research")
|
|
||||||
|
### 6.4.2. Corporate Espionage (or "Business Research")
|
||||||
+ Xeroxing of documents
|
+ Xeroxing of documents
|
||||||
- recall the way Murrray Woods inspected files of Fred
|
- recall the way Murrray Woods inspected files of Fred
|
||||||
Buch, suspecting he had removed the staples and Xeroxed
|
Buch, suspecting he had removed the staples and Xeroxed
|
||||||
|
@ -346,7 +350,8 @@
|
||||||
corporate spies, to protect themselves against lawsuits,
|
corporate spies, to protect themselves against lawsuits,
|
||||||
criminal charges, etc.
|
criminal charges, etc.
|
||||||
- third party research agencies will be used
|
- third party research agencies will be used
|
||||||
6.4.3. Encryption to Protect Information
|
|
||||||
|
### 6.4.3. Encryption to Protect Information
|
||||||
- the standard reason
|
- the standard reason
|
||||||
+ encryption of e-mail is increasing
|
+ encryption of e-mail is increasing
|
||||||
- the various court cases about employers reading
|
- the various court cases about employers reading
|
||||||
|
@ -379,13 +384,16 @@
|
||||||
of creating walls, doors, permanent structures
|
of creating walls, doors, permanent structures
|
||||||
- there may even be legal requirements for better security
|
- there may even be legal requirements for better security
|
||||||
over documents, patient files, employee records, etc.
|
over documents, patient files, employee records, etc.
|
||||||
6.4.4. U.S. willing to seize assets as they pass through U.S.
|
|
||||||
|
### 6.4.4. U.S. willing to seize assets as they pass through U.S.
|
||||||
(Haiti, Iraq)
|
(Haiti, Iraq)
|
||||||
6.4.5. Privacy of research
|
|
||||||
|
### 6.4.5. Privacy of research
|
||||||
- attacks on tobacco companies, demanding their private
|
- attacks on tobacco companies, demanding their private
|
||||||
research documents be turned over to the FDA (because
|
research documents be turned over to the FDA (because
|
||||||
tobacco is 'fair game" for all such attacks, ...)
|
tobacco is 'fair game" for all such attacks, ...)
|
||||||
6.4.6. Using crypto-mediated business to bypass "deep pockets"
|
|
||||||
|
### 6.4.6. Using crypto-mediated business to bypass "deep pockets"
|
||||||
liability suits, abuse of regulations, of the court system,
|
liability suits, abuse of regulations, of the court system,
|
||||||
etc.
|
etc.
|
||||||
+ Abuses of Lawsuits: the trend of massive
|
+ Abuses of Lawsuits: the trend of massive
|
||||||
|
@ -406,7 +414,8 @@
|
||||||
reach of courts
|
reach of courts
|
||||||
- replacing the courts with PPL-style private-produced
|
- replacing the courts with PPL-style private-produced
|
||||||
justice
|
justice
|
||||||
6.4.7. on anonymous communication and corporations
|
|
||||||
|
### 6.4.7. on anonymous communication and corporations
|
||||||
- Most corporations will avoid anonymous communications,
|
- Most corporations will avoid anonymous communications,
|
||||||
fearing the repercussions, the illegality (vis-a-vis
|
fearing the repercussions, the illegality (vis-a-vis
|
||||||
antitrust law), and the "unwholesomeness" of it
|
antitrust law), and the "unwholesomeness" of it
|
||||||
|
@ -422,29 +431,34 @@
|
||||||
generally pursue the "darker side of the force," to coin a
|
generally pursue the "darker side of the force," to coin a
|
||||||
phrase.
|
phrase.
|
||||||
|
|
||||||
6.5. Digital Signatures
|
## 6.5 - Digital Signatures
|
||||||
6.5.1. for electronic forms of contracts
|
### 6.5.1. for electronic forms of contracts
|
||||||
- not yet tested in the courts, though this should come soon
|
- not yet tested in the courts, though this should come soon
|
||||||
(perhaps by 1996)
|
(perhaps by 1996)
|
||||||
6.5.2. negotiations
|
|
||||||
6.5.3. AMIX, Xanadu, etc.
|
### 6.5.2. negotiations
|
||||||
6.5.4. is the real protection against viruses (since all other
|
|
||||||
|
### 6.5.3. AMIX, Xanadu, etc.
|
||||||
|
|
||||||
|
### 6.5.4. is the real protection against viruses (since all other
|
||||||
scanning methods will increasingly fail)
|
scanning methods will increasingly fail)
|
||||||
- software authors and distributors "sign" their work...no
|
- software authors and distributors "sign" their work...no
|
||||||
virus writer can possibly forge the digital signature
|
virus writer can possibly forge the digital signature
|
||||||
|
|
||||||
6.6. Political Uses of Crypto
|
## 6.6 - Political Uses of Crypto
|
||||||
6.6.1. Dissidents, Amnesty International
|
### 6.6.1. Dissidents, Amnesty International
|
||||||
- Most governments want to know what their subjects are
|
- Most governments want to know what their subjects are
|
||||||
saying...
|
saying...
|
||||||
- Strong crypto (including steganography to hide the
|
- Strong crypto (including steganography to hide the
|
||||||
existence of the communications) is needed
|
existence of the communications) is needed
|
||||||
- Myanmar (Burma) dissidents are known to be using PGP
|
- Myanmar (Burma) dissidents are known to be using PGP
|
||||||
6.6.2. reports that rebels in Chiapas (Mexico, Zapatistas) are on
|
|
||||||
|
### 6.6.2. reports that rebels in Chiapas (Mexico, Zapatistas) are on
|
||||||
the Net, presumably using PGP
|
the Net, presumably using PGP
|
||||||
- (if NSA can really crack PGP, this is probably a prime
|
- (if NSA can really crack PGP, this is probably a prime
|
||||||
target for sharing with the Mexican government)
|
target for sharing with the Mexican government)
|
||||||
6.6.3. Free speech has declined in America--crypto provides an
|
|
||||||
|
### 6.6.3. Free speech has declined in America--crypto provides an
|
||||||
antidote
|
antidote
|
||||||
- people are sued for expressing opinions, books are banned
|
- people are sued for expressing opinions, books are banned
|
||||||
("Loompanics Press" facing investigations, because some
|
("Loompanics Press" facing investigations, because some
|
||||||
|
@ -458,8 +472,8 @@
|
||||||
- crypto untraceability is good immunity to this trend, and
|
- crypto untraceability is good immunity to this trend, and
|
||||||
is thus *real* free speech
|
is thus *real* free speech
|
||||||
|
|
||||||
6.7. Beyond Good and Evil, or, Why Crypto is Needed
|
## 6.7 - Beyond Good and Evil, or, Why Crypto is Needed
|
||||||
6.7.1. "Why is cryptography good? Why is anonymity good?"
|
### 6.7.1. "Why is cryptography good? Why is anonymity good?"
|
||||||
- These moral questions pop up on the List once in a while,
|
- These moral questions pop up on the List once in a while,
|
||||||
often asked by someone preparing to write a paper for a
|
often asked by someone preparing to write a paper for a
|
||||||
class on ethics or whatnot. Most of us on the list probably
|
class on ethics or whatnot. Most of us on the list probably
|
||||||
|
@ -479,7 +493,8 @@
|
||||||
degree of anonymity makes possible.
|
degree of anonymity makes possible.
|
||||||
- "People should not be anonymous" is a normative statement
|
- "People should not be anonymous" is a normative statement
|
||||||
that is impractical to enforce.
|
that is impractical to enforce.
|
||||||
6.7.2. Speaking of the isolation from physical threats and pressures
|
|
||||||
|
### 6.7.2. Speaking of the isolation from physical threats and pressures
|
||||||
that cyberspace provides, Eric Hughes writes: "One of the
|
that cyberspace provides, Eric Hughes writes: "One of the
|
||||||
whole points of anonymity and pseudonymity is to create
|
whole points of anonymity and pseudonymity is to create
|
||||||
immunity from these threats, which are all based upon the
|
immunity from these threats, which are all based upon the
|
||||||
|
@ -491,7 +506,7 @@
|
||||||
systems which do not require violence for their existence and
|
systems which do not require violence for their existence and
|
||||||
stability. I desire anonymity as an ally to break the hold
|
stability. I desire anonymity as an ally to break the hold
|
||||||
of morality over culture." [Eric Hughes, 1994-08-31]
|
of morality over culture." [Eric Hughes, 1994-08-31]
|
||||||
6.7.3. Crypto anarchy means prosperity for those who can grab it,
|
### 6.7.3. Crypto anarchy means prosperity for those who can grab it,
|
||||||
those competent enough to have something of value to offer
|
those competent enough to have something of value to offer
|
||||||
for sale; the clueless 95% will suffer, but that is only
|
for sale; the clueless 95% will suffer, but that is only
|
||||||
just. With crypto anarchy we can painlessly, without
|
just. With crypto anarchy we can painlessly, without
|
||||||
|
@ -501,7 +516,7 @@
|
||||||
prospect of a nation of mostly unskilled and essentially
|
prospect of a nation of mostly unskilled and essentially
|
||||||
illiterate and innumerate workers being unable to get
|
illiterate and innumerate workers being unable to get
|
||||||
meaninful, well-paying jobs.)
|
meaninful, well-paying jobs.)
|
||||||
6.7.4. Crypto gets more important as communication increases and as
|
### 6.7.4. Crypto gets more important as communication increases and as
|
||||||
computing gets distributed
|
computing gets distributed
|
||||||
+ with bits and pieces of one's environment scattered around
|
+ with bits and pieces of one's environment scattered around
|
||||||
- have to worry about security
|
- have to worry about security
|
||||||
|
@ -510,14 +525,15 @@
|
||||||
- private spaces needed in disparate
|
- private spaces needed in disparate
|
||||||
locations...multinationals, teleconferencing, video
|
locations...multinationals, teleconferencing, video
|
||||||
|
|
||||||
6.8. Crypo Needed for Operating Systems and Networks
|
## 6.8 - Crypto Needed for Operating Systems and Networks
|
||||||
6.8.1. Restrictions on cryptography--difficult as they may be to
|
### 6.8.1. Restrictions on cryptography--difficult as they may be to
|
||||||
enforce--may also impose severe hardships on secure operating
|
enforce--may also impose severe hardships on secure operating
|
||||||
system design, Norm Hardy has made this point several times.
|
system design, Norm Hardy has made this point several times.
|
||||||
- Agents and objects inside computer systems will likely need
|
- Agents and objects inside computer systems will likely need
|
||||||
security, credentials, robustness, and even digital money
|
security, credentials, robustness, and even digital money
|
||||||
for transactions.
|
for transactions.
|
||||||
6.8.2. Proofs of identity, passwords, and operating system use
|
|
||||||
|
### 6.8.2. Proofs of identity, passwords, and operating system use
|
||||||
- ZKIPS especially in networks, where the chances of seeing a
|
- ZKIPS especially in networks, where the chances of seeing a
|
||||||
password being transmitted are much greater (an obvious
|
password being transmitted are much greater (an obvious
|
||||||
point that is not much discussed)
|
point that is not much discussed)
|
||||||
|
@ -525,7 +541,8 @@
|
||||||
procedures for access, for agents and the like to pay for
|
procedures for access, for agents and the like to pay for
|
||||||
services, etc.
|
services, etc.
|
||||||
- unforgeable tokens
|
- unforgeable tokens
|
||||||
6.8.3. An often unmentioned reason why encyption is needed is for
|
|
||||||
|
### 6.8.3. An often unmentioned reason why encyption is needed is for
|
||||||
the creation of private, or virtual, networks
|
the creation of private, or virtual, networks
|
||||||
- so that channels are independent of the "common carrier"
|
- so that channels are independent of the "common carrier"
|
||||||
+ to make this clear: prospects are dangerously high for a
|
+ to make this clear: prospects are dangerously high for a
|
||||||
|
@ -552,16 +569,18 @@
|
||||||
- robust cyberspaces built with DC-Net ("dining
|
- robust cyberspaces built with DC-Net ("dining
|
||||||
cryptographers") methods?
|
cryptographers") methods?
|
||||||
|
|
||||||
6.9. Ominous Trends
|
## 6.9 - Ominous Trends
|
||||||
6.9.1. Ever-increasing numbers of laws, complexities of tax codes,
|
### 6.9.1. Ever-increasing numbers of laws, complexities of tax codes,
|
||||||
etc.
|
etc.
|
||||||
- individuals no longer can navigate
|
- individuals no longer can navigate
|
||||||
6.9.2. National ID cards
|
|
||||||
|
### 6.9.2. National ID cards
|
||||||
- work permits, immigration concerns, welfare fraud, stopping
|
- work permits, immigration concerns, welfare fraud, stopping
|
||||||
terrorists, collecting taxes
|
terrorists, collecting taxes
|
||||||
- USPS and other proposals
|
- USPS and other proposals
|
||||||
6.9.3. Key Escrow
|
|
||||||
6.9.4. Extension of U.S. law around the world
|
### 6.9.3. Key Escrow
|
||||||
|
### 6.9.4. Extension of U.S. law around the world
|
||||||
- Now that the U.S. has vanquished the U.S.S.R., a free field
|
- Now that the U.S. has vanquished the U.S.S.R., a free field
|
||||||
ahead of it for spreading the New World Order, led of
|
ahead of it for spreading the New World Order, led of
|
||||||
course by the U.S.A. and its politicians.
|
course by the U.S.A. and its politicians.
|
||||||
|
@ -570,8 +589,8 @@
|
||||||
- U.N. mandates, forces, "blue helmets"
|
- U.N. mandates, forces, "blue helmets"
|
||||||
6.9.5. AA BBS case means cyberspace is not what we though it was
|
6.9.5. AA BBS case means cyberspace is not what we though it was
|
||||||
|
|
||||||
6.10. Loose Ends
|
## 6.10 - Loose Ends
|
||||||
6.10.1. "Why don't most people pay more attention to security
|
### 6.10.1. "Why don't most people pay more attention to security
|
||||||
issues?"
|
issues?"
|
||||||
- Fact is, most people never think about real security.
|
- Fact is, most people never think about real security.
|
||||||
- Safe manufacturers have said that improvements in safes
|
- Safe manufacturers have said that improvements in safes
|
||||||
|
@ -593,26 +612,30 @@
|
||||||
- Crypto is economics. People will begin to really care when
|
- Crypto is economics. People will begin to really care when
|
||||||
it costs them.
|
it costs them.
|
||||||
|
|
||||||
6.10.2. What motivates an attackers is not the intrinsic value of the
|
### 6.10.2. What motivates an attackers is not the intrinsic value of the
|
||||||
data but his perception of the value of the data.
|
data but his perception of the value of the data.
|
||||||
6.10.3. Crypto allows more refinement of permissions...access to
|
### 6.10.3. Crypto allows more refinement of permissions...access to
|
||||||
groups, lists
|
groups, lists
|
||||||
- beyond such crude methods as banning domain names or "edu"
|
- beyond such crude methods as banning domain names or "edu"
|
||||||
sorts of accounts
|
sorts of accounts
|
||||||
6.10.4. these general reasons will make encryption more common, more
|
|
||||||
|
### 6.10.4. these general reasons will make encryption more common, more
|
||||||
socially and legally acceptable, and will hence make eventual
|
socially and legally acceptable, and will hence make eventual
|
||||||
attempts to limit the use of crypto anarchy methods moot
|
attempts to limit the use of crypto anarchy methods moot
|
||||||
6.10.5. protecting reading habits..
|
|
||||||
|
### 6.10.5. protecting reading habits..
|
||||||
- (Imagine using your MicroSoftCashCard for library
|
- (Imagine using your MicroSoftCashCard for library
|
||||||
checkouts...)
|
checkouts...)
|
||||||
6.10.6. Downsides
|
|
||||||
|
### 6.10.6. Downsides
|
||||||
- loss of trust
|
- loss of trust
|
||||||
- markets in unsavory things
|
- markets in unsavory things
|
||||||
- espionage
|
- espionage
|
||||||
+ expect to see new kinds of con jobs
|
+ expect to see new kinds of con jobs
|
||||||
- confidence games
|
- confidence games
|
||||||
- "Make Digital Money Fast"
|
- "Make Digital Money Fast"
|
||||||
6.10.7. Encryption of Video Signals and Encryption to Control Piracy
|
|
||||||
|
### 6.10.7. Encryption of Video Signals and Encryption to Control Piracy
|
||||||
- this is of course a whole technology and industry
|
- this is of course a whole technology and industry
|
||||||
- Videocypher II has been cracked by many video hackers
|
- Videocypher II has been cracked by many video hackers
|
||||||
- a whole cottage industry in cracking such cyphers
|
- a whole cottage industry in cracking such cyphers
|
||||||
|
|
Loading…
Reference in New Issue