Top Democratic senator will seek legislation to 'pierce' through encryption (Feinstein, who else?)

The Daily Dot ^ | Dec 9, 2015 | Patrick Howell O'Neill

[Bobalu]

This just in...

Congress passes new law prohibiting the sea from reaching the beach.

Severe penalties and fines will be handed down for any infraction!

In a contest between mathematics and the fools in government I’ll bet on mathematics...lol

[bigbob]

As if they could.

Serious crypto needs will be met with one-time pads that are unbreakable by anyone.

[Bobalu]

Use a Raspberry Pi to surf the web anonymously.

And keep it in your pocket when you leave :-)

Keep your keys only in your head.

Use encryption with plausible deniability features.

The Raspberry model 2 is the size of a credit card and the Pi Zero is about the size of a stick of gum.

[Strident]

You mean they can’t outlaw math? Who knew?

All this means is that anyone that cares, like terrorists, will go to the trouble to use open-source uncrackable (like in the lifetime of the universe uncrackable) crypto.

Everyone else will use what’s convenient, the commercial, pierceable products. Inevitably, there’ll be a breach (OPM, we’re looking at you!) and regular people will be harmed.

Can someone explain to these Solons that all of web commerce is moving to TLS (https:) and everyone’s banking, healthcare, e-commerce (anyone ever hear of Amazon?) data security is about to be weakened for no good reason other than their being able to say “Hey, We Did Something!”

[Bobalu]

One-time pad is extremely simple and also provable to be mathematically secure against any brute force attack.

A universe full of quantum computers is no match for one-time-pad.

It does however re-introduce the key-exchange problem.

And the key is also at least as long as the message itself...

It requires a true random number source.... but this is easy using something like diode noise.

The old German Enigma was actually a type of one-time-pad ... but it had a horribly flawed mechanical random number generator. (and some doofus thought it a great idea to make it so no letter could ever be encrypted as itself i.e. A = A ... lol)

[zeugma]

I have right here on this very computer the C source code for Blowfish.

This is the RC4 crypto program in 3 lines of perl

#!/usr/bin/perl -p
INIT{sub Q{$s[($_[0]+=$_[1])%=256]}sub S{@s[$y,$x++]=@s[$x,$y]}@k=pop
=~/../g;S$y=map{S Q$y,$_+hex$k[$x%@k]}@s=0..255}s/\C/$&^chr Q S Q$y,Q$x/eg

Back in the bad old days the feral jackboots in the commerce department officially declared the 3 lines of perl above as an ITAR classified munition that could not be exported from the United States without a valid export license.

The government is full of really, really stupid people. To any jackboots reading this, yes, that means you too.

Mathematics is not purely an American property that can be controlled by legislative fiat.

Software already exists that is absolutely safe from government until someone is able to prove that P/=nP

We have a wide assortment of algorithms to choose from. Blowfish, Twofish, Idea, CAST, 3DES, AES, various ECCs. Hell, with a couple of smoke detectors, a geiger counter and a Rasberry Pi, you can make a random number generator that will feed an absolutely unbreakable one time pad.

The genie is out of the bottle and was last seen sailing away on a Clipper ship.

That we actually have people at her level of government that think this is not only a good idea, but is even possible is an indication of how far we've fallen as a republic, and how truly stupid far too many of our elected representatives are.

[ThunderSleeps]

Of course. Utterly shameless using “its for the children” (yet again) to justify the most fascist of moves.

[dayglored]

> One-time pad ... the key-exchange problem... It requires a true random number source... but this is easy using something like diode noise.

There's an easier way, assuming one initialization.

Regularly exchanging secret keys is risky; that's the whole point of public-key encryption. One-time pads should never have to be exchanged, but rather they should be independently derived at each end.

A good one-time pad (like your suggestion of diode noise) can be derived from a commercial live broadcast which is available to both the sending and receiving parties. For example (this is a very weak way to use it, for explanation purposes only):

• Compile a list of the songs played on a certain music radio station between (say) 9PM and 10PM on a certain evening. This merely requires listening to the radio for an hour and noting the song titles.
• For each song, take the first two letters of each word in the first two lines of the lyrics.
• Concatenate all those letters. An hour's worth is about 15 songs; each line is perhaps 8 words, so that's 32 letters times 15 songs = 480 characters, or about 2880 bits of key.
• Need a longer key, take more letters, or more lines, etc.

A better way to do it is to digitize the audio of a live broadcast (suitably low-pass filtered first, of course) and use that digital stream as the key.

The idea is to derive the key from something agreed-upon in one initialization, and which never has to be exchanged again. Subsequent broadcast times, stations, etc. can be encoded into messages, or perhaps posted in an innocuous third-party forum.

[Bobalu]

Good points.

What is nice is that the low price of thumb drives means that a random number sequence of many billions of bytes is easily placed on two thumb drives for near zero cost.

They would provide a lifetime of absolutely protected secure text exchanges.

And so long as the used bytes are securely wiped there is ZERO chance of the messages being decrypted.

[Amendment10]

Not only is the term ”public safety” not a constitutional term, public safety therefore a 10th Amendment-protected state power issue, but this is why Trump wants Mexico to build a tall border wall.

Low-information Senator Feinstein is an excellent example why the ill-conceived 17th Amendment should never have been ratified.

[no-s]

Well of course it's bogus. In the enforcement provisions it will be a felony and an enhancement to use encryption without a backdoor.

she is probably fishing for a shakedown. Or maybe the NSA has her on a stick...

[rarestia]

This simply cannot be done

We shouldn't talk in absolutes, but I take your point. This is someone with zero technical comprehension spouting off at the mouth. However, if the government wanted to inject the NSA with billions of dollars in funding, they could theoretically find a way to break encryption using quantum computing, but as we've seen, the market moves as fast or faster than the government, so it would be just a matter of time before stronger encryption was available that they couldn't break, if they could figure out how to.

[trebb]

"I have concern about a PlayStation that my grandchildren might use," she said, "and a predator getting on the other end, and talking to them, and it's all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that."

What's wrong with this picture - it obviously has to be decrypted to clear teat/communications for a perv to be "talking to children" with it....

[ThunderSleeps]

If you like your encryption, you can keep your encryption...but they want to be able to break it at will. - ANDROID PING!
Android Ping! If you want on or off the Android Ping List, Freepmail me.

---

My take on it: I get it. Encryption, properly done and applied, makes it virtually impossible for anyone - law enforcement included - to get at the data. Yes that makes law enforcement's job harder. However, as law abiding citizens we have a Constitutionally protected (note, not granted) right to privacy. Sure, being able to break encryption would make their job easier. So would being able to stop anyone anywhere and demand identification/papers and their purpose for being there. It would make their job easier if they could walk into anyone's home or place of business at any time and search it. It would be easier for them if they could monitor all our communications without a warrant. (oh yeah, NSA was, and probably still is, doing that)

So yes, I sympathize with law enforcement's plight. I certainly want them to be successful and stop or reduce the effectiveness of terrorism. However, there were some very good reasons the Founding Fathers put these fundamental protections in place. Protections designed to protect us from our government. Lets think long and hard before we allow anyone to take those protections away.

Meanwhile, as Android open-source users I think we had better consider what open source encryption alternatives we have out there. Encryption algorithms and implementations that are provably cryptographically strong. Sorry Apple and Windows phone users, I wouldn't trust any crypto solutions provided by these companies (Google either for Android). Far too easy for the fascist wannabes in government to put quiet pressure on the companies to implement back-doors in their cryptography. I'm already adding cryptography to my Linux based computer at home. I'm lucky, I'm a software guy. I can read the open source algorithm descriptions etc. and build my own from the mathematical basis - no worries of hidden back doors. Not because I have anything to hide (the government already knows just about everything there is to know about me) but because I simply choose not to share. Don't tread on me.

[GOPJ]

“Homeland” is more concerned with targeting conservative Americans... (Hillary’s REAL enemies) than targeting radical Muslims.

It’s time for Americans to fight the machine before it crushes us... they don’t need more ‘tools’ they need to stop standing with evil...