Good point! I was thinking input bounderies and you went for format string :).
3 Likes
Thank Douglas Adams. After all, 6 x 9 = 42 (in base 13).
4 Likes
1,3 + 15,7 + 13 = 30
They didnât say you could only use the numbers. Of course, it still looks odd in countries that donât use the comma for the decimal delimiterâŚ
7 Likes
If youâre going to steal the commas, then Iâll steal the parentheses:
15 + 15 + () =30.
3 Likes
I swear I learned everything I know about computer security from the story, âThe Monkeys Pawâ
4 Likes
And there will always be a sufficient number of those smart people among the terrists and drug dealers, inasmuch as their motivation is much higher than that of the gen pop.
1 Like
So . . . whatâs so terrible about POTUS, someone who doesnât claim any technical prowess, soliciting the cooperation of the industry (which has plenty) to try to keep some sort of situation roughly analogous to current physical search & seizure standards (imperfect as they may be) on the cards?
Because what weâll be headed for soon enough is that using strong crypto the government cannot be given access to will be a crime in itself. And their method of gaining access will be to detain subjectsâanyone they see using it and theyâre interested inâuntil such time as they produce the key.
That wonât be so very cool either. Not wanting to go there is a good thing.
What the technical possibilities really are? I suspect they arenât nearly as simple as Cory would like to paint them, in spite of his continual attendance at SXSW. But THATâs what heâs asking help with. He isnât saying âhand over the unicorn,â heâs asking, âDo you think we might be able to fashion something like a unicorn? Because the alternatives arenât all that great. Give me a hand here.â
Now folks like Cory seem to be very, very interested in keeping up the idea that collaborating with the government on such a thing would be a horrible betrayal and essentially peer pressuring folks into not even thinking about this. I suggest, even in spite of all the SXSWs Cory can claim to have attended, that you might want to do the moral calculus yourself.
Cryptonomicon is a really enjoyable novel. One of my favorites . . . but the world Stephenson imagines is kinda milquetoast compared to the one weâve got. I think weâve all gotta actually think on this oneâincluding likely moves and counter moves by all the parties here. Obamaâs hope for a third way may be more than a bit sanguine, but Iâm glad heâs trying. And I think there are probably technical possibilities SXSW hasnât brought to Coryâs attention.
Let me know when that request to change the speed of light works out.
2 Likes
Yeah, just keep repeating the new catchphrase in various permutations. Kinda weird that decrypting a message should be equivalent to changing the speed of light. Oh, you say UNLESS you have the decrypt key. Oh. So, unlike the speed of light there are exceptions in this case! Wow. Whoâd have thought to see someone reusing a lame, inappropriate analogy on this particular topic?
So, what other exceptions can we create? Can we have relatively strong encryption with a different keying protocal that would create more, manageable exceptions? I think the answer is a technical one, not an axiomatic one. And I think the answer is likely yes, or we wouldnât see the urgency put behind towing the line on this one.
I put it the way I did to highlight the fact that it is a a ridiculous request.
The ability to have a key that âonly the good guys can useâ is not a new idea. This is a problem that people in the field of cryptography have thought about, for decades, and determined is not possible. The âwhy donât you guys try a little harderâ approach doesnât work, when all of the experts are in agreement that creating multiple keys causes more problems than it solves.
Incidentally, welcome to the BBS.
4 Likes
Nothing at all.
However, when the nearly-unanimous response from the people he has solicited for help is âThatâs mathematically impossible to do - the choices are between encryption that is secure against everyone, and encryption that is insecure against anyone determined to crack it,â the POTUS should say, âCool, thatâs what I wanted to know,â not, âDonât be absolutists. Of course itâs possible. You just have to think harder.â
That sounds like a ridiculously pessimistic view of the future, considering that the encryption that your browser uses to connect to Google is âstrong crypto the government cannot be given access to.â
Donât trust Coryâs opinion? Letâs see what 14 people who the NYT calls â14 of the worldâs pre-eminent cryptographers and computer scientists,â have to say.
âSuch access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. [âŚ]The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countriesâ soft power and to our moral authority would also be considerable.â
Direct link to the report:
http://dspace.mit.edu/handle/1721.1/97690
Can you come up with any cryptographers arguing the opposite?
No, he has already been told, by pretty much everyone who knows the math, âHorses we can give you. Cloven hooves? Maybe. White hair? Quite possible. Given time and effort, maybe even the forehead horn we can do. But the only-likes-virgins thing? Thatâs magic, not science.â
Oh, you. I wasnât suggesting he read Cryptonomicon because of the story. I was suggesting that he read it because itâs packed with details about what cryptography can and cannot do - and President Obama needs a refresher on that.
7 Likes
I am not dogpiling.
Creating a skeleton key for a physical device is one thing. A person has to get physical access to open it. A skeleton key for digital, internet connected devices is a different problem set. Remotely accessible, automatable attacks arenât just common, they are the norm.
What is being asked is beyond the pale for any key custodian or cryptographer.
7 Likes
Canât they already do this? I know ours can. I thought the US did the same kind of soft rubber hose cryptography deal?
See, I donât like that trick answer, because when was the last time you saw a real number delimited like that?
First off: Nice Avatar.
Second: YES. Of Course itâs yes. No one is questioning that this is possible. The problem is that ârelatively strongâ is by cryptography standards, âweak.â The problems are numerous but range from custodianship of key information down to the very simple and very true fact that the US government has squandered any good will and trust they would have otherwise deserved by ignoring and bypassing courts, and engaging in extrajudicial data collection.
2 Likes
Probably about a week ago⌠but, I do end up seeing communication from a rather diverse list of countries on a daily basis. 
I understand not liking the answer, though. To be honest, I mainly know that answer because I fairly recently saw the same question, but instead of a set of numbers in parentheses, it had them listed out in a sentence, with a period at the end.
But when I proposed a scheme in my comments above (see here and here and here), the objections here were not really mathematical, but rather focused on the human factor, namely the possibility that the secret key would get leaked even if it was kept offline and only a few officials could have access to it (see this reply), along with one point about a technical limitation in possible key lengths built into some existing devices and software (which could be dealt with by making some legislation about allowing for longer key lengths in future releases). This suggests that claiming the idea is âmathematically impossibleâ is not really true at all, and that the main objections are in the fuzzier realm of predicting human behavior.
That would be because you donât have any details in there about the math - itâs all about physical security. Also, I doubt many of us here are among the wide range of encryption experts who have repeatedly said that what is being asked for is not technically feasible. If you want to argue against them, this isnât the best forum.
2 Likes
Well, I had said the following (based just on my memory of learning in a college math class about the details of one of the simplest crypto schemes, the RSA system):
And renke responded:
Do you think renke is incorrect about the mathematics? If so, can you link specifically to a claim by a cryptographer that itâs not mathematically possible to produce a sufficiently large key that would take a prohibitive amount of time (say, at least several decades) to crack with present-day supercomputers? (assuming only existing computational methods are available and there have been no leaks or radical breakthroughs in number theory)
Itâs still legal to use strong cryptography here, though not to export, apparently. So having something the government canât get access to or selling technology to accomplish that is not, ipso facto, a crime in the US. But I fear thatâs where weâll get to eventually.
