- Welcome to AntiPolygraph.org Message Board.
A forum for free and open discussion of polygraph-related topics
Posted by Fair Chance
- Jun 04, 2003, 12:25 PMDear Fed-up Fed,
I hope you are wrong. If privacy does not exist, censorship of ideas from fear of retaliation will become widespread. Freedom of expression will become stifled and the diversity of this country which has always created new ideas, hopes, and dreams will evaporate.
I am an optimist that believes privacy and security should be able to co-exist. America must be very careful to weigh security benefits against personal privacy and freedoms.
Regards.
I hope you are wrong. If privacy does not exist, censorship of ideas from fear of retaliation will become widespread. Freedom of expression will become stifled and the diversity of this country which has always created new ideas, hopes, and dreams will evaporate.
I am an optimist that believes privacy and security should be able to co-exist. America must be very careful to weigh security benefits against personal privacy and freedoms.
Regards.
Posted by Fed-up Fed
- Jun 03, 2003, 07:47 PMDon't kid yourself guys, there is no such thing as privacy.
Posted by Marty
- Jun 03, 2003, 06:09 AMSkeptic,
I recall surfing the NSA site some years back. They had quite a touching memorial page for the USS Liberty. I had only vaguely remembered it (back in Johnson's days I think). A lot of casualties. They were just in the wrong place at the wrong time.
As for Schneier's book, it is a pretty good intro book, especially for engineers. He also has a nice security company called Counterpane and publishes a worthwhile newsletter. There is a free classic text on the web. I think it's called "The Handbook of Cryptology" with downloadable pdf files for each chapter. Highly recommended. I found it helpful for a project I was involved in a while back.
Dorothy Denning has done some great work on system vulnerabilities and puts a lot of the social-technical issues into context.
-Marty
I recall surfing the NSA site some years back. They had quite a touching memorial page for the USS Liberty. I had only vaguely remembered it (back in Johnson's days I think). A lot of casualties. They were just in the wrong place at the wrong time.
As for Schneier's book, it is a pretty good intro book, especially for engineers. He also has a nice security company called Counterpane and publishes a worthwhile newsletter. There is a free classic text on the web. I think it's called "The Handbook of Cryptology" with downloadable pdf files for each chapter. Highly recommended. I found it helpful for a project I was involved in a while back.
Dorothy Denning has done some great work on system vulnerabilities and puts a lot of the social-technical issues into context.
-Marty
Posted by Skeptic
- Jun 03, 2003, 04:20 AMQuote from: Marty on Jun 03, 2003, 03:46 AMSkeptic,
It's funny that the topic has wandered off into crypto. Just a few days ago I posted a program to codeproject demonstrating how simple it is to force a specific CRC in a file. One often sees it stated that CRC's shouldn't be used for message digest apps but a lot of people seem to think they are candidates and a lot of crypto tyros fall in love with them. It's also applicable to error correcting codes, an area I've been intrigued by for decades.
-Marty
When I interviewed at NSA for an analyst position (man, I really would have liked working there), I had a very interesting conversation regarding encryption. Suffice it to say that I'm convinced there are serious limits to what that organization can do, as well as impressive capabilities. They have a tough mission.
My exposure to encryption has been limited to a good book by Schneier (Applied Cryptography). But even I know that you want to use a bona-fide one-way hash for digest purposes
Skeptic
Posted by Marty
- Jun 03, 2003, 03:46 AMSkeptic,
It's funny that the topic has wandered off into crypto. Just a few days ago I posted a program to codeproject demonstrating how simple it is to force a specific CRC in a file. One often sees it stated that CRC's shouldn't be used for message digest apps but a lot of people seem to think they are candidates and a lot of crypto tyros fall in love with them. It's also applicable to error correcting codes, an area I've been intrigued by for decades.
-Marty
It's funny that the topic has wandered off into crypto. Just a few days ago I posted a program to codeproject demonstrating how simple it is to force a specific CRC in a file. One often sees it stated that CRC's shouldn't be used for message digest apps but a lot of people seem to think they are candidates and a lot of crypto tyros fall in love with them. It's also applicable to error correcting codes, an area I've been intrigued by for decades.
-Marty
Posted by George W. Maschke
- Jun 03, 2003, 03:43 AMOn the subject of PGP encryption, note that AntiPolygraph.org uses it. Our PGP public key is included on our contact page.
Posted by Skeptic
- Jun 03, 2003, 02:54 AMQuote from: Anonymous on Jun 03, 2003, 12:59 AMFair enough. Yes, cracking 128 bit encryption requires far more computing power than 64 bit, and if I were going to use a public-private key encryption system, I would certainly choose the highest number of bits possible, but the main point is that if someone develops an efficient factorization algorithm (say O(lg n) where n is the number being factored) then the number of bits used is irrelevant.
I have to agree with Marty, Anonymous -- RSA hasn't been "cracked", just brute-forced. What you're describing above (the discovery of an efficient factoring algorithm) would be a true "crack". It would also represent quite an advance in mathematics, considering that the factoring problem has been around for a couple of millenia or more.
Of course, El Gamal encryption (which PGP can also use) relies upon discrete logarithms, rather than factoring, so that's another problem entirely.
Nice overview, BTW.
Skeptic
Posted by Anonymous
- Jun 03, 2003, 12:59 AMFair enough. Yes, cracking 128 bit encryption requires far more computing power than 64 bit, and if I were going to use a public-private key encryption system, I would certainly choose the highest number of bits possible, but the main point is that if someone develops an efficient factorization algorithm (say O(lg n) where n is the number being factored) then the number of bits used is irrelevant. Actually, the beauty of RSA (and similar public-private key schemes) is not that they are hard to crack conceptually, but rather that doing so requires a prohibitive amount of computing power per instance. Why does it take so much computing power? Only because no one has yet publicly proven that P = NP, and it's a very widely held BELIEF that P != NP. The person that can prove it either way gets at least 1 miliion dollars (offered by the Clay Mathematics Institute -- see http://www.claymath.org/Millennium_Prize_Problems and look for P vs NP) though the solution would potentially be worth billions to the private sector since it impacts all of the physical sciences -- reading encrypted e-mail is the least interesting application in my opinion.
If memory serves (and it generally doesn't anymore) a grad student in California cracked an instance of 40-bit encryption in ~4 days back in the late 90's. I'll take your word that a 64-bit instance was cracked in ~4 years with a bunch of computers (probably a distributed environment running a variation of the quadratic sieve factorizer -- see http://mathworld.wolfram.com/QuadraticSieve.html for a detailed explanation) but as you also point out, the NSA may very well have a factorizer in hand that works in P time (O(n^x), x some constant, n = the number of digits or bits in the number) that is capable of breaking any public-private key encryption system, and simply has kept the public ignorant of the fact. The main point is that we don't know simply because the possible existence of such a thing can not be proven or disproven. There are actually a lot of similarities between polygraphs and many number-theoretical assertions, algorithms, and open problems.
At any rate, some technological innovations can be considered nothing more than tools that have some inherent value to the people that use them (like polygraphs for polygraphers and number theoretical conjectures for encryption algorithm designers), even if the actual value is not necessarily as great as what most people believe it to be. That's really the extent of the point I was trying to make. Well, that, and one of my pet peaves happens to be gross generalizations like "In today's world no technology is safe for more than a few months.". The encryption algorithms that rely on a NP-Complete problem have been safe since their inception because of their very nature.
If memory serves (and it generally doesn't anymore) a grad student in California cracked an instance of 40-bit encryption in ~4 days back in the late 90's. I'll take your word that a 64-bit instance was cracked in ~4 years with a bunch of computers (probably a distributed environment running a variation of the quadratic sieve factorizer -- see http://mathworld.wolfram.com/QuadraticSieve.html for a detailed explanation) but as you also point out, the NSA may very well have a factorizer in hand that works in P time (O(n^x), x some constant, n = the number of digits or bits in the number) that is capable of breaking any public-private key encryption system, and simply has kept the public ignorant of the fact. The main point is that we don't know simply because the possible existence of such a thing can not be proven or disproven. There are actually a lot of similarities between polygraphs and many number-theoretical assertions, algorithms, and open problems.
At any rate, some technological innovations can be considered nothing more than tools that have some inherent value to the people that use them (like polygraphs for polygraphers and number theoretical conjectures for encryption algorithm designers), even if the actual value is not necessarily as great as what most people believe it to be. That's really the extent of the point I was trying to make. Well, that, and one of my pet peaves happens to be gross generalizations like "In today's world no technology is safe for more than a few months.". The encryption algorithms that rely on a NP-Complete problem have been safe since their inception because of their very nature.
Posted by Twoblock
- Jun 03, 2003, 12:37 AMHey guys
RSA, PKC or any encryption can be easily broken with the combination of prigatorshinpep and Phytilaramic-packalumer technologies run simultaneously with fraith and framish. I did this and shouted, "BLAST THAT PFLATERRAP - I think I've got it!"
IT WORKED
RSA, PKC or any encryption can be easily broken with the combination of prigatorshinpep and Phytilaramic-packalumer technologies run simultaneously with fraith and framish. I did this and shouted, "BLAST THAT PFLATERRAP - I think I've got it!"
IT WORKED
Posted by Marty
- Jun 03, 2003, 12:07 AMQuote from: orolan on Jun 02, 2003, 08:44 PMAnonymous,
I beg to differ with you. The RSA 64-bit RC5 encryption algorithm was cracked on July 14th, 2002.
While it took nearly fours years and the combined computing power of the equivalent of 46,000 2GHZ AMD Athlons, the fact is, it was done.
And who knows how many algorithms have been cracked by the super-computers in the basement of the NSA building? Do you think they would actually tells us?
Your cautions on the usage of PGP should be heeded by all. I for one would not use 64-bit encryption, or RSA for that matter. I prefer 128-bit Blowfish encryption.
No, RSA PKC has not been "cracked" though increasingly larger but still small key sizes have been broken by bruteforce keyspace searches. What is remarkable is the advance in pure hardware power and configurable hardware. Us techie types tend to fixate on key length and such but that isn't where the threat is. The threat, my friend, is from mundane things, typically money oriented. For example, I had some unknown person clone one of my credit cards (a cottage industry it seems) and a fake card (and probably ID) was generated. All these folks had to do was swipe the magnetic stripe and email the bitstream to their buds in Australia. The next day they hit up all the Jewelry stores in the QVC Mall. BTW, they didn't even need a PIN to do that. This country badly needs ways to authenticate identity and I really don't understand why that is such an anathema.
As for the NSA, I don't much care whether they have cracked RSA or not. My guess is they they don't worry too much about it. There are far simpler ways for them to do their job.
-Marty
Posted by orolan
- Jun 02, 2003, 08:44 PMAnonymous,
I beg to differ with you. The RSA 64-bit RC5 encryption algorithm was cracked on July 14th, 2002.
While it took nearly fours years and the combined computing power of the equivalent of 46,000 2GHZ AMD Athlons, the fact is, it was done.
And who knows how many algorithms have been cracked by the super-computers in the basement of the NSA building? Do you think they would actually tells us?
Your cautions on the usage of PGP should be heeded by all. I for one would not use 64-bit encryption, or RSA for that matter. I prefer 128-bit Blowfish encryption.
I beg to differ with you. The RSA 64-bit RC5 encryption algorithm was cracked on July 14th, 2002.
While it took nearly fours years and the combined computing power of the equivalent of 46,000 2GHZ AMD Athlons, the fact is, it was done.
And who knows how many algorithms have been cracked by the super-computers in the basement of the NSA building? Do you think they would actually tells us?
Your cautions on the usage of PGP should be heeded by all. I for one would not use 64-bit encryption, or RSA for that matter. I prefer 128-bit Blowfish encryption.
Posted by Anonymous
- Jun 02, 2003, 06:00 PMQuote from: Teddi k on Apr 01, 2003, 10:58 AMLet's think about this....if man has created it,then man can defeat it...
...learning is always a step ahead of technology because it is required to invent new technology in the first place...
Quote from: orolan on Apr 01, 2003, 03:58 PM"Legitimate proven technologies are safe only for a few months, while "snake oil", quackery and old wives' tales may last for an eternity."
That better?
No orolan. Not better. I know it's off the subject completely, but the RSA encryption algorithm is a bit of long lasting technology that has not been cracked. It is, however, based on the belief that P != NP (i.e., the set of problems solvable in deterministic Polynomial time is not equal to the set of problems solvable in Nondeterministic Polynomial time). The statement P != NP is based on belief, and not on fact. It has not been proven that there is no efficient algorithm for factoring large positive integers. It has also not been proven that there does exist such an algorithm. Thus, the belief that RSA encryption (as used by PGP and others) is absolutely safe is a dangerous one at best. A good general reference on the matter is "Computers and Intractibility" by Garey and Johnson.
This is just to demonstrate that some technologies exist that people put an unfounded amount of faith in other than just the polygraph. These technologies can still be valuable and useful to the people who use them. The art of making gross generalizations on subjects where the artist has a lack of expertise should be left to the politicians, in my humble opinion.
By the way, I have found this site and this subject in general very interesting and informative. I personally find lie detector tests an affront to my right to privacy. Thanks George.
Posted by orolan
- Apr 01, 2003, 03:58 PMGeorge,
So true. I rephrase to this: "Legitimate proven technologies are safe only for a few months, while "snake oil", quackery and old wives' tales may last for an eternity."
That better?
So true. I rephrase to this: "Legitimate proven technologies are safe only for a few months, while "snake oil", quackery and old wives' tales may last for an eternity."
That better?
Posted by George W. Maschke
- Apr 01, 2003, 02:30 PMOrolan,
You write in part:
But quackery such as polygraph "testing" can survive for very long periods of time.
You write in part:
QuoteIn today's world no technology is safe for more than a few months.
But quackery such as polygraph "testing" can survive for very long periods of time.
Posted by orolan
- Apr 01, 2003, 12:07 PMTeddy k,
So true. I recall some years ago when Sony or somebody like them announced a "new" technology to scramble VHS video signals to prevent copying. Within a week, and before the technology made it into the first VCR, a group of students announced that they had created a small circuit board from off the shelf parts at Radio Shack to defeat it. The whole thing was scrapped.
In today's world no technology is safe for more than a few months.
So true. I recall some years ago when Sony or somebody like them announced a "new" technology to scramble VHS video signals to prevent copying. Within a week, and before the technology made it into the first VCR, a group of students announced that they had created a small circuit board from off the shelf parts at Radio Shack to defeat it. The whole thing was scrapped.
In today's world no technology is safe for more than a few months.