Dear Fed-up Fed,

I hope you are wrong.  If privacy does not exist, censorship of ideas from fear of retaliation will become widespread.  Freedom of expression will become stifled and the diversity of this country which has always created new ideas, hopes, and dreams will evaporate. 

I am an optimist that believes privacy and security should be able to co-exist.  America must be very careful to weigh security benefits against personal privacy and freedoms.

Regards.

Don't kid yourself guys, there is no such thing as privacy.

Skeptic,

I recall surfing the NSA site some years back. They had quite a touching memorial page for the USS Liberty. I had only vaguely remembered it (back in Johnson's days I think). A lot of casualties. They were just in the wrong place at the wrong time.

As for Schneier's book, it is a pretty good intro book, especially for engineers. He also has a nice security company called Counterpane and publishes a worthwhile newsletter. There is a free classic text on the web. I think it's called "The Handbook of Cryptology" with downloadable pdf files for each chapter. Highly recommended. I found it helpful for a project I was involved in a while back.

Dorothy Denning has done some great work on system vulnerabilities and puts a lot of the social-technical  issues into context.

-Marty

Marty wrote on Jun 3^rd, 2003 at 7:46am:


When I interviewed at NSA for an analyst position (man, I really would have liked working there), I had a very interesting conversation regarding encryption.  Suffice it to say that I'm convinced there are serious limits to what that organization can do, as well as impressive capabilities.  They have a tough mission.

My exposure to encryption has been limited to a good book by Schneier (Applied Cryptography).  But even I know that you want to use a bona-fide one-way hash for digest purposes

Skeptic

Skeptic,

It's funny that the topic has wandered off into crypto. Just a few days ago I posted a program to codeproject demonstrating how simple it is to force a specific CRC in a file. One often sees it stated that CRC's shouldn't be used for message digest apps but a lot of people seem to think they are candidates and a lot of crypto tyros fall in love with them. It's also applicable to error correcting codes, an area I've been intrigued by for decades.

-Marty

On the subject of PGP encryption, note that AntiPolygraph.org uses it. Our PGP public key is included on our contact page.

Quote:


I have to agree with Marty, Anonymous -- RSA hasn't been "cracked", just brute-forced.  What you're describing above (the discovery of an efficient factoring algorithm) would be a true "crack".  It would also represent quite an advance in mathematics, considering that the factoring problem has been around for a couple of millenia or more.

Of course, El Gamal encryption (which PGP can also use) relies upon discrete logarithms, rather than factoring, so that's another problem entirely.

Nice overview, BTW.

Skeptic

Fair enough.  Yes, cracking 128 bit encryption requires far more computing power than 64 bit, and if I were going to use a public-private key encryption system, I would certainly choose the highest number of bits possible, but the main point is that if someone develops an efficient factorization algorithm (say O(lg n) where n is the number being factored) then the number of bits used is irrelevant.  Actually, the beauty of RSA (and similar public-private key schemes) is not that they are hard to crack conceptually, but rather that doing so requires a prohibitive amount of computing power per instance.  Why does it take so much computing power?  Only because no one has yet publicly proven that P = NP, and it's a very widely held BELIEF that P != NP.  The person that can prove it either way gets at least 1 miliion dollars (offered by the Clay Mathematics Institute -- see http://www.claymath.org/Millennium_Prize_Problems and look for P vs NP) though the solution would potentially be worth billions to the private sector since it impacts all of the physical sciences -- reading encrypted e-mail is the least interesting application in my opinion.

If memory serves (and it generally doesn't anymore) a grad student in California cracked an instance of 40-bit encryption in ~4 days back in the late 90's.  I'll take your word that a 64-bit instance was cracked in ~4 years with a bunch of computers (probably a distributed environment running a variation of the quadratic sieve factorizer -- see http://mathworld.wolfram.com/QuadraticSieve.html for a detailed explanation) but as you also point out, the NSA may very well have a factorizer in hand that works in P time (O(n^x), x some constant, n = the number of digits or bits in the number) that is capable of breaking any public-private key encryption system, and simply has kept the public ignorant of the fact.  The main point is that we don't know simply because the possible existence of such a thing can not be proven or disproven.  There are actually a lot of similarities between polygraphs and many number-theoretical assertions, algorithms, and open problems.

At any rate, some technological innovations can be considered nothing more than tools that have some inherent value to the people that use them (like polygraphs for polygraphers and number theoretical conjectures for encryption algorithm designers), even if the actual value is not necessarily as great as what most people believe it to be.  That's really the extent of the point I was trying to make.  Well, that, and one of my pet peaves happens to be gross generalizations like "In today's world no technology is safe for more than a few months.".  The encryption algorithms that rely on a NP-Complete problem have been safe since their inception because of their very nature.

Hey guys

RSA, PKC or any encryption can be easily broken with the combination of prigatorshinpep and Phytilaramic-packalumer technologies run simultaneously with fraith and framish. I did this and shouted, "BLAST THAT PFLATERRAP -  I think I've got it!"

IT WORKED

orolan wrote on Jun 3^rd, 2003 at 12:44am:


No, RSA PKC has not been "cracked" though increasingly larger but still small key sizes have been broken by bruteforce keyspace searches. What is remarkable is the advance in pure hardware power and configurable hardware. Us techie types tend to fixate on key length and such but that isn't where the threat is. The threat, my friend, is from mundane things, typically money oriented. For example, I had some unknown person clone one of my credit cards (a cottage industry it seems) and a fake card (and probably ID) was generated. All these folks had to do was swipe the magnetic stripe and email the bitstream to their buds in Australia. The next day they hit up all the Jewelry stores in the QVC Mall.  BTW, they didn't even need a PIN to do that. This country badly needs ways to authenticate identity and I really don't understand why that is such an anathema.

As for the NSA, I don't much care whether they have cracked RSA or not. My guess is they they don't worry too much about it. There are far simpler ways for them to do their job. 

-Marty

Anonymous,
I beg to differ with you. The RSA 64-bit RC5 encryption algorithm was cracked on July 14th, 2002.
While it took nearly fours years and the combined computing power of the equivalent of 46,000 2GHZ AMD Athlons, the fact is, it was done.
And who knows how many algorithms have been cracked by the super-computers in the basement of the NSA building? Do you think they would actually tells us?
Your cautions on the usage of PGP should be heeded by all. I for one would not use 64-bit encryption, or RSA for that matter. I prefer 128-bit Blowfish encryption.

Quote:


orolan wrote on Apr 1^st, 2003 at 8:58pm:


No orolan.  Not better.  I know it's off the subject completely, but the RSA encryption algorithm is a bit of long lasting technology that has not been cracked.  It is, however, based on the belief that P != NP (i.e., the set of problems solvable in deterministic Polynomial time is not equal to the set of problems solvable in Nondeterministic Polynomial time).  The statement P != NP is based on belief, and not on fact.  It has not been proven that there is no efficient algorithm for factoring large positive integers.  It has also not been proven that there does exist such an algorithm.  Thus, the belief that RSA encryption (as used by PGP and others) is absolutely safe is a dangerous one at best.  A good general reference on the matter is "Computers and Intractibility" by Garey and Johnson.

This is just to demonstrate that some technologies exist that people put an unfounded amount of faith in other than just the polygraph.  These technologies can still be valuable and useful to the people who use them.  The art of making gross generalizations on subjects where the artist has a lack of expertise should be left to the politicians, in my humble opinion.

By the way, I have found this site and this subject in general very interesting and informative.  I personally find lie detector tests an affront to my right to privacy.  Thanks George.

George,

So true. I rephrase to this: "Legitimate proven technologies are safe only for a few months, while "snake oil", quackery and old wives' tales may last for an eternity."
That better?

Orolan,

You write in part:

Quote:


But quackery such as polygraph "testing" can survive for very long periods of time.

Teddy k,

So true. I recall some years ago when Sony or somebody like them announced a "new" technology to scramble VHS video signals to prevent copying. Within a week, and before the technology made it into the first VCR, a group of students announced that they had created a small circuit board from off the shelf parts at Radio Shack to defeat it. The whole thing was scrapped.
In today's world no technology is safe for more than a few months.

Let's think about this....if man has created it,then man can defeat it.....and the polygraph is no exception.
The impossible is becoming forever possible day by day...
In a few years from now, successfully beating the polygraph will become public knowledge....
How hard is it to forge a bank cheque from the 1950's...pretty easy........why?...because of 2 things....learning and technology.....learning is always a step ahead of technology because it is required to invent new technology in the first place...So.,even if new technology for the polygraph is invented,then man's ability or enthusiasm to defeat it will come first.
Enough philosohy said!
teddi k

Quote:


Propolyman,

I am assuming that "propoilyman" was a typographical error, and not related to the lisp you evinced in calling me "Wittle george."

Although this may be a novel concept to you, AntiPolygraph.org's message board is uncensored. All points of view are welcome, even yours. Feel free to register on this message board if you like -- this will enable you to edit your posts if you make mistakes, to exchange private messages with other registered users, and to optionally receive e-mail notification when replies are posted to message threads in which you've posted.

Quote:


Damned funny.  I read and post on here, and I can't get anyone to put me in the box!  As a matter of fact, my association with this site has led the federal law enforcement/intelligence agencies to quickly run and hide when it comes to the polygraph issue.  I would readily sit for six or more tests if those boys over at Parham Road in Richmond, VA ( or any of their other pals with the other agencies ) would get out from under their beds ( where they hide in hopes that I will not see them and call them out ) and step up to the plate when I ask them to polygraph me.

How about you, Propolyman?  You willing to put me in your box?   

I haven't had the great fortune of being able to demonstrate that I can beat a polygraph, but I am game.

Then again, I quit playing with Slinky's because they were junk toys that ended up becoming entangled after about 5 times of use, and we all know that the polygraph doesn't stand up to even that amount of play time.


Seeker

To date, I have beaten the polygraph 6 times. 
 
Thats really sounds nice for this site. I am kind of curious. What type of work do you , besides read and post on here, that would require you to take six tests?
I doubt you will answer or if even Wittle george will have the guts to leave this post stand.

Hey all,
being former military, one of the most prominent parts of my training was training to beat the polygraph.

To date, I have beaten the polygraph 6 times.

Its not hard at all.

So this dude and his thumbs up his butt on meet the parents is a complete dork.

JMO

Guest,

Whether Mr. Ponticelli was connected with DoDPI or the United States Army Military Police School (USAMPS) that contained the previous DoD polygraph school probably has little bearing on his knowledge/commentary regarding Mr. Savastano and his activities.  I don't even see it as potentially being an inflated credentials issue (having been an instructor at one is not much different than having been an instructor at the other) as might be the case with the questions raised (and presumably still not answered) regarding the nature of Ed Gelb's doctorate degree.  It, however, would make one question whether Mr. Ponticelli actually prepared the biosketch which was at the end of the document I placed a link too, and, if so, cause one to wonder why the inattention to detail that such an error would indicate.

Just for the record, I did some checking with knowledgeable sources.  Mr. Ponticelli MAY have been a member of the faculty of what was the U.S. Army Polygraph School which was at one time located at Fort Gordon, GA; however, according to my sources was NEVER a faculty member of the Department of Defense Polygraph Institute from the time of it's inception at Fort McClellan, AL in 1986. Perhaps to need to ask Mr. P to clarify this statement. It is probably an important issue.

Mr. Ponticelli,

Being that you are a former DoDPI instructor (see biosketch at end of the following link, http://www.justicedenied.org/thetruthaboutpolygraph.htm) and Mr. Savastano's admitted mentor, this message board audience might well be interested in your impressions of his circus clown performances arranged for television and orchestrated complete with polygraph accompaniment (I suppose my impression is no longer a secret  ).  Would you care to comment and also mind sharing what field your doctorate is in, where it was obtained, and the title of your dissertation (all not included in the aforementioned biosketch)?  Regards...

Quote:


Where does Mr. Savastano stand on the issue of getting other people to defend his public statements? Just wondering,

I was Savastano's instructor in the use of the polygraph, and anything you wish to know concerning polygraph and Savastano's ethices, write me at my Email: CPC187@aol.com

Theodore P. Ponticelli, Ph.D