Inkwell: Authors and Artists

    

Betsy, the upcoming CFP (just a couple more weeks now) is also in
Cambridge/Boston.
  

    
Hi, I'm back, and will continue to discuss if there's interest.

I think that the general impression is that there was no "hole" or backdoor
in DES.  The hole, if you want to call it that, was the up-front limitation
of a 56-bit key.  I have the strong impression -- one confirmed by "high
government officials" -- that the NSA underestimated how widespread DES
would be, and later regretted that the 56 bits was the only limitation. Thus
for years -- until late 1999, in fact -- you couldn't use DES in
shrinkwrapped software for export. By then, of course, the 56 bit hurdle
was something that could easily be broken, as the EFF proved with their DES-
cracker, which cost a bit more than $200 K to crack one key, and very little
thereafter to crack more keys.

As for what the NSA does with old computers, you can see a few, including a
costly but no longer state of the art Thinking Machine supercomputer, at the
National Cryptologic Museum, a trip I highly recommend.
  

    
http://www.nsa.gov/museum/map.html
 for directions. It's in Maryland, just outside of DC, I believe.
  

    
I was all over Meade a couple weeks ago and missed the museum.  Looks like
I need to go back.
  

    
Seems to me the biggest hole still remaining in public crypto is that the
encrypted message, though unbreakable, is still recognizably and obviously
an encrypted message, allowing the Man to come back to you and say, "Decrypt
this thing or I'll throw your ass in jail." I'd love to see a crypto system
where the encrypted message looks like plain English or whatever; for
instance, you supply it with a plain-English innocuous model and the system
embeds into it the true message in the form of "typos" or something. At that
point the FBI can take their Carnivore and melt it into scrap.
  

    

  See the recent book "Disappearing Cryptography" for lots more on
that theme.  I'm about halfway through my copy.....
  

    
There are methods for embedding cryptographic messages in, for instance,
graphics files, such that they're not obviously there.  (Probably the NSA
can detect their presence, but you wouldn't know to suspect anything just
looking at the rendered image.
  

    
<woodman> -- it's called Steganography.  Check out:

  http://steganography.tripod.com/stego.html
  

    

  Yes, that's what the book I referred to above is about.  See also my
friend Romana Machado's page at   http://www.stego.com/   for more --
she introduced me to the subject in 1986, actually.
  

    
This is the basic thing that I'm not getting about crypto: How *do*
you tell when you've unencrypted the message, when you're running
through millions of possible solutions?

If detection has anything to do with letter frequency, then wouldn't
removing spaces, and adding letters so that the distribution appears
random, make it difficult to identify when you've found the plaintext?
  

    

  You look for an expected pattern of some sort -- simple letter frequency
is the most obvious, but there are lots of others.  For example, if you're
expecting to find an email message in more-or-less-standard format, then
you'll expect to see a group of lines of text that include things like the
various From: and To: and Date: fields, followed by a blank line, followed
by more text.  If you're expecting to find a compressed file created with
something like ZIP, then there are specific patterns to look for there as
well (including a sort of header).