Some legal trouble with TOR in France

Adam Shostack adam at homeport.org
Sun May 14 21:55:40 UTC 2006


Niels Ferguson says "over my dead body:"
http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx  He's
also said as much to me in person, as has Peter Biddle.

Adam


On Sun, May 14, 2006 at 10:43:22AM -0700, Ringo Kamens wrote:
| I'm not saying the AES is weak. I'm saying that Microsoft might have
| implemented a back-door for governments. They could store the private keys and
| passwords in videocard memory or in the boot sector or something like that.
| 
| On 5/14/06, Tony <Tony at tdrmail.co.uk> wrote:
| 
| 
|     2. The restrictions on encryption were removed some years ago. The best
|     encryption software comes from outside the USA anyway so it was always a
|     pointless exercise in futility.
| 
|      
| 
|     Unless a vulnerability is found in 256 bit AES it would take them longer
|     than the ages of the universe to crack a key by brute force no matter how
|     many terraflops of power they have to task on your key (not to mention the
|     many others they might want to crack)
| 
|      
| 
|     3. Filtering content is not quite the same as signing code and pretending
|     it comes from Microsoft. Such a piece of code would have a changed checksum
|     would likely be spotted and then analysed. I can't see Microsoft doing that
|     unless required by law.
| 
|      
| 
|     4. TPM is part of the trusted computing concept. It just makes it much
|     harder. Not impossible.
| 
|      
| 
|     ---------------------------------------------------------------------------
|    
|     From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net] On
|     Behalf Of Ringo Kamens
|     Sent: 14 May 2006 18:31
| 
| 
|     To: or-talk at freehaven.net
|     Subject: Re: Some legal trouble with TOR in France
| 
|      
| 
|     There are a few key points that you are overlooking.
| 
|      
| 
|     1. In support of the photocopying money scandal, most printers have yellow
|     dots imprinted on them that track date printed, serial number, etc.
| 
|      
| 
|     2. By US export law, US companies are not allowed to export encryption
|     larger than 56 bit (although it might have jumped to 128 a few years ago),
|     unless it has been certified by the government.  That means unless it has a
|     backdoor. Plus, governments have thousands of teraflops of idle computer
|     cycles waiting to crack your keys.
| 
|      
| 
|     3. How can you honestly think Microsoft wouldn't bend over for the US
|     government. They bent over for China. Look at PGP. They moved to closed
|     source after version 6.0 with no valid reason. The reason is probably the
|     government.
| 
|      
| 
|     4. In terms of using checksums to ensure your system hasn't been tampered
|     with, the computer hardware could have a defense system against that such
|     as trusted computing.
| 
|      
| 
|     Ringo Kamens
| 
|      
| 
|     On 5/14/06, Mike Zanker < mike at zanker.org> wrote:
| 
|     On 14/5/06 15:10, Tony wrote:
| 
|     > Nb- failure to disclose keys is up to two years in prison. Not 10.
|     >
|     > (5) A person guilty of an offence under this section shall be liable-
|     >
|     >   (a) on conviction on indictment, to imprisonment for a term not
|     > exceeding two years or to a fine, or to both;
|     >   (b) on summary conviction, to imprisonment for a term not exceeding
|     > six months or to a fine not exceeding the statutory maximum, or to both.
| 
|     Furthermore, that's part III of RIPA which hasn't been enacted yet.
| 
|     Mike.
| 
| 
| 
|     This message has been scanned for viruses by MailController -
|     www.MailController.altohiway.com
| 
|      
| 
| 



More information about the tor-talk mailing list